1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2003-2022, Intel Corporation. All rights reserved. 4 * Intel Management Engine Interface (Intel MEI) Linux driver 5 */ 6 7 #include <linux/module.h> 8 #include <linux/moduleparam.h> 9 #include <linux/kernel.h> 10 #include <linux/device.h> 11 #include <linux/slab.h> 12 #include <linux/fs.h> 13 #include <linux/errno.h> 14 #include <linux/types.h> 15 #include <linux/fcntl.h> 16 #include <linux/poll.h> 17 #include <linux/init.h> 18 #include <linux/ioctl.h> 19 #include <linux/cdev.h> 20 #include <linux/sched/signal.h> 21 #include <linux/compat.h> 22 #include <linux/jiffies.h> 23 #include <linux/interrupt.h> 24 25 #include <linux/mei.h> 26 27 #include "mei_dev.h" 28 #include "client.h" 29 30 static struct class *mei_class; 31 static dev_t mei_devt; 32 #define MEI_MAX_DEVS MINORMASK 33 static DEFINE_MUTEX(mei_minor_lock); 34 static DEFINE_IDR(mei_idr); 35 36 /** 37 * mei_open - the open function 38 * 39 * @inode: pointer to inode structure 40 * @file: pointer to file structure 41 * 42 * Return: 0 on success, <0 on error 43 */ 44 static int mei_open(struct inode *inode, struct file *file) 45 { 46 struct mei_device *dev; 47 struct mei_cl *cl; 48 49 int err; 50 51 dev = container_of(inode->i_cdev, struct mei_device, cdev); 52 53 mutex_lock(&dev->device_lock); 54 55 if (dev->dev_state != MEI_DEV_ENABLED) { 56 dev_dbg(dev->dev, "dev_state != MEI_ENABLED dev_state = %s\n", 57 mei_dev_state_str(dev->dev_state)); 58 err = -ENODEV; 59 goto err_unlock; 60 } 61 62 cl = mei_cl_alloc_linked(dev); 63 if (IS_ERR(cl)) { 64 err = PTR_ERR(cl); 65 goto err_unlock; 66 } 67 68 cl->fp = file; 69 file->private_data = cl; 70 71 mutex_unlock(&dev->device_lock); 72 73 return nonseekable_open(inode, file); 74 75 err_unlock: 76 mutex_unlock(&dev->device_lock); 77 return err; 78 } 79 80 /** 81 * mei_cl_vtag_remove_by_fp - remove vtag that corresponds to fp from list 82 * 83 * @cl: host client 84 * @fp: pointer to file structure 85 * 86 */ 87 static void mei_cl_vtag_remove_by_fp(const struct mei_cl *cl, 88 const struct file *fp) 89 { 90 struct mei_cl_vtag *vtag_l, *next; 91 92 list_for_each_entry_safe(vtag_l, next, &cl->vtag_map, list) { 93 if (vtag_l->fp == fp) { 94 list_del(&vtag_l->list); 95 kfree(vtag_l); 96 return; 97 } 98 } 99 } 100 101 /** 102 * mei_release - the release function 103 * 104 * @inode: pointer to inode structure 105 * @file: pointer to file structure 106 * 107 * Return: 0 on success, <0 on error 108 */ 109 static int mei_release(struct inode *inode, struct file *file) 110 { 111 struct mei_cl *cl = file->private_data; 112 struct mei_device *dev; 113 int rets; 114 115 if (WARN_ON(!cl || !cl->dev)) 116 return -ENODEV; 117 118 dev = cl->dev; 119 120 mutex_lock(&dev->device_lock); 121 122 mei_cl_vtag_remove_by_fp(cl, file); 123 124 if (!list_empty(&cl->vtag_map)) { 125 cl_dbg(dev, cl, "not the last vtag\n"); 126 mei_cl_flush_queues(cl, file); 127 rets = 0; 128 goto out; 129 } 130 131 rets = mei_cl_disconnect(cl); 132 /* 133 * Check again: This is necessary since disconnect releases the lock 134 * and another client can connect in the meantime. 135 */ 136 if (!list_empty(&cl->vtag_map)) { 137 cl_dbg(dev, cl, "not the last vtag after disconnect\n"); 138 mei_cl_flush_queues(cl, file); 139 goto out; 140 } 141 142 mei_cl_flush_queues(cl, NULL); 143 cl_dbg(dev, cl, "removing\n"); 144 145 mei_cl_unlink(cl); 146 kfree(cl); 147 148 out: 149 file->private_data = NULL; 150 151 mutex_unlock(&dev->device_lock); 152 return rets; 153 } 154 155 156 /** 157 * mei_read - the read function. 158 * 159 * @file: pointer to file structure 160 * @ubuf: pointer to user buffer 161 * @length: buffer length 162 * @offset: data offset in buffer 163 * 164 * Return: >=0 data length on success , <0 on error 165 */ 166 static ssize_t mei_read(struct file *file, char __user *ubuf, 167 size_t length, loff_t *offset) 168 { 169 struct mei_cl *cl = file->private_data; 170 struct mei_device *dev; 171 struct mei_cl_cb *cb = NULL; 172 bool nonblock = !!(file->f_flags & O_NONBLOCK); 173 ssize_t rets; 174 175 if (WARN_ON(!cl || !cl->dev)) 176 return -ENODEV; 177 178 dev = cl->dev; 179 180 181 mutex_lock(&dev->device_lock); 182 if (dev->dev_state != MEI_DEV_ENABLED) { 183 rets = -ENODEV; 184 goto out; 185 } 186 187 if (length == 0) { 188 rets = 0; 189 goto out; 190 } 191 192 if (ubuf == NULL) { 193 rets = -EMSGSIZE; 194 goto out; 195 } 196 197 cb = mei_cl_read_cb(cl, file); 198 if (cb) 199 goto copy_buffer; 200 201 if (*offset > 0) 202 *offset = 0; 203 204 rets = mei_cl_read_start(cl, length, file); 205 if (rets && rets != -EBUSY) { 206 cl_dbg(dev, cl, "mei start read failure status = %zd\n", rets); 207 goto out; 208 } 209 210 if (nonblock) { 211 rets = -EAGAIN; 212 goto out; 213 } 214 215 mutex_unlock(&dev->device_lock); 216 if (wait_event_interruptible(cl->rx_wait, 217 mei_cl_read_cb(cl, file) || 218 !mei_cl_is_connected(cl))) { 219 if (signal_pending(current)) 220 return -EINTR; 221 return -ERESTARTSYS; 222 } 223 mutex_lock(&dev->device_lock); 224 225 if (!mei_cl_is_connected(cl)) { 226 rets = -ENODEV; 227 goto out; 228 } 229 230 cb = mei_cl_read_cb(cl, file); 231 if (!cb) { 232 rets = 0; 233 goto out; 234 } 235 236 copy_buffer: 237 /* now copy the data to user space */ 238 if (cb->status) { 239 rets = cb->status; 240 cl_dbg(dev, cl, "read operation failed %zd\n", rets); 241 goto free; 242 } 243 244 cl_dbg(dev, cl, "buf.size = %zu buf.idx = %zu offset = %lld\n", 245 cb->buf.size, cb->buf_idx, *offset); 246 if (*offset >= cb->buf_idx) { 247 rets = 0; 248 goto free; 249 } 250 251 /* length is being truncated to PAGE_SIZE, 252 * however buf_idx may point beyond that */ 253 length = min_t(size_t, length, cb->buf_idx - *offset); 254 255 if (copy_to_user(ubuf, cb->buf.data + *offset, length)) { 256 dev_dbg(dev->dev, "failed to copy data to userland\n"); 257 rets = -EFAULT; 258 goto free; 259 } 260 261 rets = length; 262 *offset += length; 263 /* not all data was read, keep the cb */ 264 if (*offset < cb->buf_idx) 265 goto out; 266 267 free: 268 mei_cl_del_rd_completed(cl, cb); 269 *offset = 0; 270 271 out: 272 cl_dbg(dev, cl, "end mei read rets = %zd\n", rets); 273 mutex_unlock(&dev->device_lock); 274 return rets; 275 } 276 277 /** 278 * mei_cl_vtag_by_fp - obtain the vtag by file pointer 279 * 280 * @cl: host client 281 * @fp: pointer to file structure 282 * 283 * Return: vtag value on success, otherwise 0 284 */ 285 static u8 mei_cl_vtag_by_fp(const struct mei_cl *cl, const struct file *fp) 286 { 287 struct mei_cl_vtag *cl_vtag; 288 289 if (!fp) 290 return 0; 291 292 list_for_each_entry(cl_vtag, &cl->vtag_map, list) 293 if (cl_vtag->fp == fp) 294 return cl_vtag->vtag; 295 return 0; 296 } 297 298 /** 299 * mei_write - the write function. 300 * 301 * @file: pointer to file structure 302 * @ubuf: pointer to user buffer 303 * @length: buffer length 304 * @offset: data offset in buffer 305 * 306 * Return: >=0 data length on success , <0 on error 307 */ 308 static ssize_t mei_write(struct file *file, const char __user *ubuf, 309 size_t length, loff_t *offset) 310 { 311 struct mei_cl *cl = file->private_data; 312 struct mei_cl_cb *cb; 313 struct mei_device *dev; 314 ssize_t rets; 315 316 if (WARN_ON(!cl || !cl->dev)) 317 return -ENODEV; 318 319 dev = cl->dev; 320 321 mutex_lock(&dev->device_lock); 322 323 if (dev->dev_state != MEI_DEV_ENABLED) { 324 rets = -ENODEV; 325 goto out; 326 } 327 328 if (!mei_cl_is_connected(cl)) { 329 cl_err(dev, cl, "is not connected"); 330 rets = -ENODEV; 331 goto out; 332 } 333 334 if (!mei_me_cl_is_active(cl->me_cl)) { 335 rets = -ENOTTY; 336 goto out; 337 } 338 339 if (length > mei_cl_mtu(cl)) { 340 rets = -EFBIG; 341 goto out; 342 } 343 344 if (length == 0) { 345 rets = 0; 346 goto out; 347 } 348 349 while (cl->tx_cb_queued >= dev->tx_queue_limit) { 350 if (file->f_flags & O_NONBLOCK) { 351 rets = -EAGAIN; 352 goto out; 353 } 354 mutex_unlock(&dev->device_lock); 355 rets = wait_event_interruptible(cl->tx_wait, 356 cl->writing_state == MEI_WRITE_COMPLETE || 357 (!mei_cl_is_connected(cl))); 358 mutex_lock(&dev->device_lock); 359 if (rets) { 360 if (signal_pending(current)) 361 rets = -EINTR; 362 goto out; 363 } 364 if (!mei_cl_is_connected(cl)) { 365 rets = -ENODEV; 366 goto out; 367 } 368 } 369 370 cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file); 371 if (!cb) { 372 rets = -ENOMEM; 373 goto out; 374 } 375 cb->vtag = mei_cl_vtag_by_fp(cl, file); 376 377 rets = copy_from_user(cb->buf.data, ubuf, length); 378 if (rets) { 379 dev_dbg(dev->dev, "failed to copy data from userland\n"); 380 rets = -EFAULT; 381 mei_io_cb_free(cb); 382 goto out; 383 } 384 385 rets = mei_cl_write(cl, cb, MAX_SCHEDULE_TIMEOUT); 386 out: 387 mutex_unlock(&dev->device_lock); 388 return rets; 389 } 390 391 /** 392 * mei_ioctl_connect_client - the connect to fw client IOCTL function 393 * 394 * @file: private data of the file object 395 * @in_client_uuid: requested UUID for connection 396 * @client: IOCTL connect data, output parameters 397 * 398 * Locking: called under "dev->device_lock" lock 399 * 400 * Return: 0 on success, <0 on failure. 401 */ 402 static int mei_ioctl_connect_client(struct file *file, 403 const uuid_le *in_client_uuid, 404 struct mei_client *client) 405 { 406 struct mei_device *dev; 407 struct mei_me_client *me_cl; 408 struct mei_cl *cl; 409 int rets; 410 411 cl = file->private_data; 412 dev = cl->dev; 413 414 if (cl->state != MEI_FILE_INITIALIZING && 415 cl->state != MEI_FILE_DISCONNECTED) 416 return -EBUSY; 417 418 /* find ME client we're trying to connect to */ 419 me_cl = mei_me_cl_by_uuid(dev, in_client_uuid); 420 if (!me_cl) { 421 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n", 422 in_client_uuid); 423 rets = -ENOTTY; 424 goto end; 425 } 426 427 if (me_cl->props.fixed_address) { 428 bool forbidden = dev->override_fixed_address ? 429 !dev->allow_fixed_address : !dev->hbm_f_fa_supported; 430 if (forbidden) { 431 dev_dbg(dev->dev, "Connection forbidden to FW Client UUID = %pUl\n", 432 in_client_uuid); 433 rets = -ENOTTY; 434 goto end; 435 } 436 } 437 438 dev_dbg(dev->dev, "Connect to FW Client ID = %d\n", 439 me_cl->client_id); 440 dev_dbg(dev->dev, "FW Client - Protocol Version = %d\n", 441 me_cl->props.protocol_version); 442 dev_dbg(dev->dev, "FW Client - Max Msg Len = %d\n", 443 me_cl->props.max_msg_length); 444 445 /* prepare the output buffer */ 446 client->max_msg_length = me_cl->props.max_msg_length; 447 client->protocol_version = me_cl->props.protocol_version; 448 dev_dbg(dev->dev, "Can connect?\n"); 449 450 rets = mei_cl_connect(cl, me_cl, file); 451 452 end: 453 mei_me_cl_put(me_cl); 454 return rets; 455 } 456 457 /** 458 * mei_vt_support_check - check if client support vtags 459 * 460 * Locking: called under "dev->device_lock" lock 461 * 462 * @dev: mei_device 463 * @uuid: client UUID 464 * 465 * Return: 466 * 0 - supported 467 * -ENOTTY - no such client 468 * -EOPNOTSUPP - vtags are not supported by client 469 */ 470 static int mei_vt_support_check(struct mei_device *dev, const uuid_le *uuid) 471 { 472 struct mei_me_client *me_cl; 473 int ret; 474 475 if (!dev->hbm_f_vt_supported) 476 return -EOPNOTSUPP; 477 478 me_cl = mei_me_cl_by_uuid(dev, uuid); 479 if (!me_cl) { 480 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n", 481 uuid); 482 return -ENOTTY; 483 } 484 ret = me_cl->props.vt_supported ? 0 : -EOPNOTSUPP; 485 mei_me_cl_put(me_cl); 486 487 return ret; 488 } 489 490 /** 491 * mei_ioctl_connect_vtag - connect to fw client with vtag IOCTL function 492 * 493 * @file: private data of the file object 494 * @in_client_uuid: requested UUID for connection 495 * @client: IOCTL connect data, output parameters 496 * @vtag: vm tag 497 * 498 * Locking: called under "dev->device_lock" lock 499 * 500 * Return: 0 on success, <0 on failure. 501 */ 502 static int mei_ioctl_connect_vtag(struct file *file, 503 const uuid_le *in_client_uuid, 504 struct mei_client *client, 505 u8 vtag) 506 { 507 struct mei_device *dev; 508 struct mei_cl *cl; 509 struct mei_cl *pos; 510 struct mei_cl_vtag *cl_vtag; 511 512 cl = file->private_data; 513 dev = cl->dev; 514 515 dev_dbg(dev->dev, "FW Client %pUl vtag %d\n", in_client_uuid, vtag); 516 517 switch (cl->state) { 518 case MEI_FILE_DISCONNECTED: 519 if (mei_cl_vtag_by_fp(cl, file) != vtag) { 520 dev_err(dev->dev, "reconnect with different vtag\n"); 521 return -EINVAL; 522 } 523 break; 524 case MEI_FILE_INITIALIZING: 525 /* malicious connect from another thread may push vtag */ 526 if (!IS_ERR(mei_cl_fp_by_vtag(cl, vtag))) { 527 dev_err(dev->dev, "vtag already filled\n"); 528 return -EINVAL; 529 } 530 531 list_for_each_entry(pos, &dev->file_list, link) { 532 if (pos == cl) 533 continue; 534 if (!pos->me_cl) 535 continue; 536 537 /* only search for same UUID */ 538 if (uuid_le_cmp(*mei_cl_uuid(pos), *in_client_uuid)) 539 continue; 540 541 /* if tag already exist try another fp */ 542 if (!IS_ERR(mei_cl_fp_by_vtag(pos, vtag))) 543 continue; 544 545 /* replace cl with acquired one */ 546 dev_dbg(dev->dev, "replacing with existing cl\n"); 547 mei_cl_unlink(cl); 548 kfree(cl); 549 file->private_data = pos; 550 cl = pos; 551 break; 552 } 553 554 cl_vtag = mei_cl_vtag_alloc(file, vtag); 555 if (IS_ERR(cl_vtag)) 556 return -ENOMEM; 557 558 list_add_tail(&cl_vtag->list, &cl->vtag_map); 559 break; 560 default: 561 return -EBUSY; 562 } 563 564 while (cl->state != MEI_FILE_INITIALIZING && 565 cl->state != MEI_FILE_DISCONNECTED && 566 cl->state != MEI_FILE_CONNECTED) { 567 mutex_unlock(&dev->device_lock); 568 wait_event_timeout(cl->wait, 569 (cl->state == MEI_FILE_CONNECTED || 570 cl->state == MEI_FILE_DISCONNECTED || 571 cl->state == MEI_FILE_DISCONNECT_REQUIRED || 572 cl->state == MEI_FILE_DISCONNECT_REPLY), 573 dev->timeouts.cl_connect); 574 mutex_lock(&dev->device_lock); 575 } 576 577 if (!mei_cl_is_connected(cl)) 578 return mei_ioctl_connect_client(file, in_client_uuid, client); 579 580 client->max_msg_length = cl->me_cl->props.max_msg_length; 581 client->protocol_version = cl->me_cl->props.protocol_version; 582 583 return 0; 584 } 585 586 /** 587 * mei_ioctl_client_notify_request - 588 * propagate event notification request to client 589 * 590 * @file: pointer to file structure 591 * @request: 0 - disable, 1 - enable 592 * 593 * Return: 0 on success , <0 on error 594 */ 595 static int mei_ioctl_client_notify_request(const struct file *file, u32 request) 596 { 597 struct mei_cl *cl = file->private_data; 598 599 if (request != MEI_HBM_NOTIFICATION_START && 600 request != MEI_HBM_NOTIFICATION_STOP) 601 return -EINVAL; 602 603 return mei_cl_notify_request(cl, file, (u8)request); 604 } 605 606 /** 607 * mei_ioctl_client_notify_get - wait for notification request 608 * 609 * @file: pointer to file structure 610 * @notify_get: 0 - disable, 1 - enable 611 * 612 * Return: 0 on success , <0 on error 613 */ 614 static int mei_ioctl_client_notify_get(const struct file *file, u32 *notify_get) 615 { 616 struct mei_cl *cl = file->private_data; 617 bool notify_ev; 618 bool block = (file->f_flags & O_NONBLOCK) == 0; 619 int rets; 620 621 rets = mei_cl_notify_get(cl, block, ¬ify_ev); 622 if (rets) 623 return rets; 624 625 *notify_get = notify_ev ? 1 : 0; 626 return 0; 627 } 628 629 /** 630 * mei_ioctl - the IOCTL function 631 * 632 * @file: pointer to file structure 633 * @cmd: ioctl command 634 * @data: pointer to mei message structure 635 * 636 * Return: 0 on success , <0 on error 637 */ 638 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data) 639 { 640 struct mei_device *dev; 641 struct mei_cl *cl = file->private_data; 642 struct mei_connect_client_data conn; 643 struct mei_connect_client_data_vtag conn_vtag; 644 const uuid_le *cl_uuid; 645 struct mei_client *props; 646 u8 vtag; 647 u32 notify_get, notify_req; 648 int rets; 649 650 651 if (WARN_ON(!cl || !cl->dev)) 652 return -ENODEV; 653 654 dev = cl->dev; 655 656 dev_dbg(dev->dev, "IOCTL cmd = 0x%x", cmd); 657 658 mutex_lock(&dev->device_lock); 659 if (dev->dev_state != MEI_DEV_ENABLED) { 660 rets = -ENODEV; 661 goto out; 662 } 663 664 switch (cmd) { 665 case IOCTL_MEI_CONNECT_CLIENT: 666 dev_dbg(dev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n"); 667 if (copy_from_user(&conn, (char __user *)data, sizeof(conn))) { 668 dev_dbg(dev->dev, "failed to copy data from userland\n"); 669 rets = -EFAULT; 670 goto out; 671 } 672 cl_uuid = &conn.in_client_uuid; 673 props = &conn.out_client_properties; 674 vtag = 0; 675 676 rets = mei_vt_support_check(dev, cl_uuid); 677 if (rets == -ENOTTY) 678 goto out; 679 if (!rets) 680 rets = mei_ioctl_connect_vtag(file, cl_uuid, props, 681 vtag); 682 else 683 rets = mei_ioctl_connect_client(file, cl_uuid, props); 684 if (rets) 685 goto out; 686 687 /* if all is ok, copying the data back to user. */ 688 if (copy_to_user((char __user *)data, &conn, sizeof(conn))) { 689 dev_dbg(dev->dev, "failed to copy data to userland\n"); 690 rets = -EFAULT; 691 goto out; 692 } 693 694 break; 695 696 case IOCTL_MEI_CONNECT_CLIENT_VTAG: 697 dev_dbg(dev->dev, "IOCTL_MEI_CONNECT_CLIENT_VTAG\n"); 698 if (copy_from_user(&conn_vtag, (char __user *)data, 699 sizeof(conn_vtag))) { 700 dev_dbg(dev->dev, "failed to copy data from userland\n"); 701 rets = -EFAULT; 702 goto out; 703 } 704 705 cl_uuid = &conn_vtag.connect.in_client_uuid; 706 props = &conn_vtag.out_client_properties; 707 vtag = conn_vtag.connect.vtag; 708 709 rets = mei_vt_support_check(dev, cl_uuid); 710 if (rets == -EOPNOTSUPP) 711 dev_dbg(dev->dev, "FW Client %pUl does not support vtags\n", 712 cl_uuid); 713 if (rets) 714 goto out; 715 716 if (!vtag) { 717 dev_dbg(dev->dev, "vtag can't be zero\n"); 718 rets = -EINVAL; 719 goto out; 720 } 721 722 rets = mei_ioctl_connect_vtag(file, cl_uuid, props, vtag); 723 if (rets) 724 goto out; 725 726 /* if all is ok, copying the data back to user. */ 727 if (copy_to_user((char __user *)data, &conn_vtag, 728 sizeof(conn_vtag))) { 729 dev_dbg(dev->dev, "failed to copy data to userland\n"); 730 rets = -EFAULT; 731 goto out; 732 } 733 734 break; 735 736 case IOCTL_MEI_NOTIFY_SET: 737 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_SET.\n"); 738 if (copy_from_user(¬ify_req, 739 (char __user *)data, sizeof(notify_req))) { 740 dev_dbg(dev->dev, "failed to copy data from userland\n"); 741 rets = -EFAULT; 742 goto out; 743 } 744 rets = mei_ioctl_client_notify_request(file, notify_req); 745 break; 746 747 case IOCTL_MEI_NOTIFY_GET: 748 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_GET.\n"); 749 rets = mei_ioctl_client_notify_get(file, ¬ify_get); 750 if (rets) 751 goto out; 752 753 dev_dbg(dev->dev, "copy connect data to user\n"); 754 if (copy_to_user((char __user *)data, 755 ¬ify_get, sizeof(notify_get))) { 756 dev_dbg(dev->dev, "failed to copy data to userland\n"); 757 rets = -EFAULT; 758 goto out; 759 760 } 761 break; 762 763 default: 764 rets = -ENOIOCTLCMD; 765 } 766 767 out: 768 mutex_unlock(&dev->device_lock); 769 return rets; 770 } 771 772 /** 773 * mei_poll - the poll function 774 * 775 * @file: pointer to file structure 776 * @wait: pointer to poll_table structure 777 * 778 * Return: poll mask 779 */ 780 static __poll_t mei_poll(struct file *file, poll_table *wait) 781 { 782 __poll_t req_events = poll_requested_events(wait); 783 struct mei_cl *cl = file->private_data; 784 struct mei_device *dev; 785 __poll_t mask = 0; 786 bool notify_en; 787 788 if (WARN_ON(!cl || !cl->dev)) 789 return EPOLLERR; 790 791 dev = cl->dev; 792 793 mutex_lock(&dev->device_lock); 794 795 notify_en = cl->notify_en && (req_events & EPOLLPRI); 796 797 if (dev->dev_state != MEI_DEV_ENABLED || 798 !mei_cl_is_connected(cl)) { 799 mask = EPOLLERR; 800 goto out; 801 } 802 803 if (notify_en) { 804 poll_wait(file, &cl->ev_wait, wait); 805 if (cl->notify_ev) 806 mask |= EPOLLPRI; 807 } 808 809 if (req_events & (EPOLLIN | EPOLLRDNORM)) { 810 poll_wait(file, &cl->rx_wait, wait); 811 812 if (mei_cl_read_cb(cl, file)) 813 mask |= EPOLLIN | EPOLLRDNORM; 814 else 815 mei_cl_read_start(cl, mei_cl_mtu(cl), file); 816 } 817 818 if (req_events & (EPOLLOUT | EPOLLWRNORM)) { 819 poll_wait(file, &cl->tx_wait, wait); 820 if (cl->tx_cb_queued < dev->tx_queue_limit) 821 mask |= EPOLLOUT | EPOLLWRNORM; 822 } 823 824 out: 825 mutex_unlock(&dev->device_lock); 826 return mask; 827 } 828 829 /** 830 * mei_cl_is_write_queued - check if the client has pending writes. 831 * 832 * @cl: writing host client 833 * 834 * Return: true if client is writing, false otherwise. 835 */ 836 static bool mei_cl_is_write_queued(struct mei_cl *cl) 837 { 838 struct mei_device *dev = cl->dev; 839 struct mei_cl_cb *cb; 840 841 list_for_each_entry(cb, &dev->write_list, list) 842 if (cb->cl == cl) 843 return true; 844 list_for_each_entry(cb, &dev->write_waiting_list, list) 845 if (cb->cl == cl) 846 return true; 847 return false; 848 } 849 850 /** 851 * mei_fsync - the fsync handler 852 * 853 * @fp: pointer to file structure 854 * @start: unused 855 * @end: unused 856 * @datasync: unused 857 * 858 * Return: 0 on success, -ENODEV if client is not connected 859 */ 860 static int mei_fsync(struct file *fp, loff_t start, loff_t end, int datasync) 861 { 862 struct mei_cl *cl = fp->private_data; 863 struct mei_device *dev; 864 int rets; 865 866 if (WARN_ON(!cl || !cl->dev)) 867 return -ENODEV; 868 869 dev = cl->dev; 870 871 mutex_lock(&dev->device_lock); 872 873 if (dev->dev_state != MEI_DEV_ENABLED || !mei_cl_is_connected(cl)) { 874 rets = -ENODEV; 875 goto out; 876 } 877 878 while (mei_cl_is_write_queued(cl)) { 879 mutex_unlock(&dev->device_lock); 880 rets = wait_event_interruptible(cl->tx_wait, 881 cl->writing_state == MEI_WRITE_COMPLETE || 882 !mei_cl_is_connected(cl)); 883 mutex_lock(&dev->device_lock); 884 if (rets) { 885 if (signal_pending(current)) 886 rets = -EINTR; 887 goto out; 888 } 889 if (!mei_cl_is_connected(cl)) { 890 rets = -ENODEV; 891 goto out; 892 } 893 } 894 rets = 0; 895 out: 896 mutex_unlock(&dev->device_lock); 897 return rets; 898 } 899 900 /** 901 * mei_fasync - asynchronous io support 902 * 903 * @fd: file descriptor 904 * @file: pointer to file structure 905 * @band: band bitmap 906 * 907 * Return: negative on error, 908 * 0 if it did no changes, 909 * and positive a process was added or deleted 910 */ 911 static int mei_fasync(int fd, struct file *file, int band) 912 { 913 914 struct mei_cl *cl = file->private_data; 915 916 if (!mei_cl_is_connected(cl)) 917 return -ENODEV; 918 919 return fasync_helper(fd, file, band, &cl->ev_async); 920 } 921 922 /** 923 * trc_show - mei device trc attribute show method 924 * 925 * @device: device pointer 926 * @attr: attribute pointer 927 * @buf: char out buffer 928 * 929 * Return: number of the bytes printed into buf or error 930 */ 931 static ssize_t trc_show(struct device *device, 932 struct device_attribute *attr, char *buf) 933 { 934 struct mei_device *dev = dev_get_drvdata(device); 935 u32 trc; 936 int ret; 937 938 ret = mei_trc_status(dev, &trc); 939 if (ret) 940 return ret; 941 return sprintf(buf, "%08X\n", trc); 942 } 943 static DEVICE_ATTR_RO(trc); 944 945 /** 946 * fw_status_show - mei device fw_status attribute show method 947 * 948 * @device: device pointer 949 * @attr: attribute pointer 950 * @buf: char out buffer 951 * 952 * Return: number of the bytes printed into buf or error 953 */ 954 static ssize_t fw_status_show(struct device *device, 955 struct device_attribute *attr, char *buf) 956 { 957 struct mei_device *dev = dev_get_drvdata(device); 958 struct mei_fw_status fw_status; 959 int err, i; 960 ssize_t cnt = 0; 961 962 mutex_lock(&dev->device_lock); 963 err = mei_fw_status(dev, &fw_status); 964 mutex_unlock(&dev->device_lock); 965 if (err) { 966 dev_err(device, "read fw_status error = %d\n", err); 967 return err; 968 } 969 970 for (i = 0; i < fw_status.count; i++) 971 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%08X\n", 972 fw_status.status[i]); 973 return cnt; 974 } 975 static DEVICE_ATTR_RO(fw_status); 976 977 /** 978 * hbm_ver_show - display HBM protocol version negotiated with FW 979 * 980 * @device: device pointer 981 * @attr: attribute pointer 982 * @buf: char out buffer 983 * 984 * Return: number of the bytes printed into buf or error 985 */ 986 static ssize_t hbm_ver_show(struct device *device, 987 struct device_attribute *attr, char *buf) 988 { 989 struct mei_device *dev = dev_get_drvdata(device); 990 struct hbm_version ver; 991 992 mutex_lock(&dev->device_lock); 993 ver = dev->version; 994 mutex_unlock(&dev->device_lock); 995 996 return sprintf(buf, "%u.%u\n", ver.major_version, ver.minor_version); 997 } 998 static DEVICE_ATTR_RO(hbm_ver); 999 1000 /** 1001 * hbm_ver_drv_show - display HBM protocol version advertised by driver 1002 * 1003 * @device: device pointer 1004 * @attr: attribute pointer 1005 * @buf: char out buffer 1006 * 1007 * Return: number of the bytes printed into buf or error 1008 */ 1009 static ssize_t hbm_ver_drv_show(struct device *device, 1010 struct device_attribute *attr, char *buf) 1011 { 1012 return sprintf(buf, "%u.%u\n", HBM_MAJOR_VERSION, HBM_MINOR_VERSION); 1013 } 1014 static DEVICE_ATTR_RO(hbm_ver_drv); 1015 1016 static ssize_t tx_queue_limit_show(struct device *device, 1017 struct device_attribute *attr, char *buf) 1018 { 1019 struct mei_device *dev = dev_get_drvdata(device); 1020 u8 size = 0; 1021 1022 mutex_lock(&dev->device_lock); 1023 size = dev->tx_queue_limit; 1024 mutex_unlock(&dev->device_lock); 1025 1026 return sysfs_emit(buf, "%u\n", size); 1027 } 1028 1029 static ssize_t tx_queue_limit_store(struct device *device, 1030 struct device_attribute *attr, 1031 const char *buf, size_t count) 1032 { 1033 struct mei_device *dev = dev_get_drvdata(device); 1034 u8 limit; 1035 unsigned int inp; 1036 int err; 1037 1038 err = kstrtouint(buf, 10, &inp); 1039 if (err) 1040 return err; 1041 if (inp > MEI_TX_QUEUE_LIMIT_MAX || inp < MEI_TX_QUEUE_LIMIT_MIN) 1042 return -EINVAL; 1043 limit = inp; 1044 1045 mutex_lock(&dev->device_lock); 1046 dev->tx_queue_limit = limit; 1047 mutex_unlock(&dev->device_lock); 1048 1049 return count; 1050 } 1051 static DEVICE_ATTR_RW(tx_queue_limit); 1052 1053 /** 1054 * fw_ver_show - display ME FW version 1055 * 1056 * @device: device pointer 1057 * @attr: attribute pointer 1058 * @buf: char out buffer 1059 * 1060 * Return: number of the bytes printed into buf or error 1061 */ 1062 static ssize_t fw_ver_show(struct device *device, 1063 struct device_attribute *attr, char *buf) 1064 { 1065 struct mei_device *dev = dev_get_drvdata(device); 1066 struct mei_fw_version *ver; 1067 ssize_t cnt = 0; 1068 int i; 1069 1070 ver = dev->fw_ver; 1071 1072 for (i = 0; i < MEI_MAX_FW_VER_BLOCKS; i++) 1073 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%u:%u.%u.%u.%u\n", 1074 ver[i].platform, ver[i].major, ver[i].minor, 1075 ver[i].hotfix, ver[i].buildno); 1076 return cnt; 1077 } 1078 static DEVICE_ATTR_RO(fw_ver); 1079 1080 /** 1081 * dev_state_show - display device state 1082 * 1083 * @device: device pointer 1084 * @attr: attribute pointer 1085 * @buf: char out buffer 1086 * 1087 * Return: number of the bytes printed into buf or error 1088 */ 1089 static ssize_t dev_state_show(struct device *device, 1090 struct device_attribute *attr, char *buf) 1091 { 1092 struct mei_device *dev = dev_get_drvdata(device); 1093 enum mei_dev_state dev_state; 1094 1095 mutex_lock(&dev->device_lock); 1096 dev_state = dev->dev_state; 1097 mutex_unlock(&dev->device_lock); 1098 1099 return sprintf(buf, "%s", mei_dev_state_str(dev_state)); 1100 } 1101 static DEVICE_ATTR_RO(dev_state); 1102 1103 /** 1104 * mei_set_devstate: set to new device state and notify sysfs file. 1105 * 1106 * @dev: mei_device 1107 * @state: new device state 1108 */ 1109 void mei_set_devstate(struct mei_device *dev, enum mei_dev_state state) 1110 { 1111 struct device *clsdev; 1112 1113 if (dev->dev_state == state) 1114 return; 1115 1116 dev->dev_state = state; 1117 1118 clsdev = class_find_device_by_devt(mei_class, dev->cdev.dev); 1119 if (clsdev) { 1120 sysfs_notify(&clsdev->kobj, NULL, "dev_state"); 1121 put_device(clsdev); 1122 } 1123 } 1124 1125 /** 1126 * kind_show - display device kind 1127 * 1128 * @device: device pointer 1129 * @attr: attribute pointer 1130 * @buf: char out buffer 1131 * 1132 * Return: number of the bytes printed into buf or error 1133 */ 1134 static ssize_t kind_show(struct device *device, 1135 struct device_attribute *attr, char *buf) 1136 { 1137 struct mei_device *dev = dev_get_drvdata(device); 1138 ssize_t ret; 1139 1140 if (dev->kind) 1141 ret = sprintf(buf, "%s\n", dev->kind); 1142 else 1143 ret = sprintf(buf, "%s\n", "mei"); 1144 1145 return ret; 1146 } 1147 static DEVICE_ATTR_RO(kind); 1148 1149 static struct attribute *mei_attrs[] = { 1150 &dev_attr_fw_status.attr, 1151 &dev_attr_hbm_ver.attr, 1152 &dev_attr_hbm_ver_drv.attr, 1153 &dev_attr_tx_queue_limit.attr, 1154 &dev_attr_fw_ver.attr, 1155 &dev_attr_dev_state.attr, 1156 &dev_attr_trc.attr, 1157 &dev_attr_kind.attr, 1158 NULL 1159 }; 1160 ATTRIBUTE_GROUPS(mei); 1161 1162 /* 1163 * file operations structure will be used for mei char device. 1164 */ 1165 static const struct file_operations mei_fops = { 1166 .owner = THIS_MODULE, 1167 .read = mei_read, 1168 .unlocked_ioctl = mei_ioctl, 1169 .compat_ioctl = compat_ptr_ioctl, 1170 .open = mei_open, 1171 .release = mei_release, 1172 .write = mei_write, 1173 .poll = mei_poll, 1174 .fsync = mei_fsync, 1175 .fasync = mei_fasync, 1176 .llseek = no_llseek 1177 }; 1178 1179 /** 1180 * mei_minor_get - obtain next free device minor number 1181 * 1182 * @dev: device pointer 1183 * 1184 * Return: allocated minor, or -ENOSPC if no free minor left 1185 */ 1186 static int mei_minor_get(struct mei_device *dev) 1187 { 1188 int ret; 1189 1190 mutex_lock(&mei_minor_lock); 1191 ret = idr_alloc(&mei_idr, dev, 0, MEI_MAX_DEVS, GFP_KERNEL); 1192 if (ret >= 0) 1193 dev->minor = ret; 1194 else if (ret == -ENOSPC) 1195 dev_err(dev->dev, "too many mei devices\n"); 1196 1197 mutex_unlock(&mei_minor_lock); 1198 return ret; 1199 } 1200 1201 /** 1202 * mei_minor_free - mark device minor number as free 1203 * 1204 * @dev: device pointer 1205 */ 1206 static void mei_minor_free(struct mei_device *dev) 1207 { 1208 mutex_lock(&mei_minor_lock); 1209 idr_remove(&mei_idr, dev->minor); 1210 mutex_unlock(&mei_minor_lock); 1211 } 1212 1213 int mei_register(struct mei_device *dev, struct device *parent) 1214 { 1215 struct device *clsdev; /* class device */ 1216 int ret, devno; 1217 1218 ret = mei_minor_get(dev); 1219 if (ret < 0) 1220 return ret; 1221 1222 /* Fill in the data structures */ 1223 devno = MKDEV(MAJOR(mei_devt), dev->minor); 1224 cdev_init(&dev->cdev, &mei_fops); 1225 dev->cdev.owner = parent->driver->owner; 1226 1227 /* Add the device */ 1228 ret = cdev_add(&dev->cdev, devno, 1); 1229 if (ret) { 1230 dev_err(parent, "unable to add device %d:%d\n", 1231 MAJOR(mei_devt), dev->minor); 1232 goto err_dev_add; 1233 } 1234 1235 clsdev = device_create_with_groups(mei_class, parent, devno, 1236 dev, mei_groups, 1237 "mei%d", dev->minor); 1238 1239 if (IS_ERR(clsdev)) { 1240 dev_err(parent, "unable to create device %d:%d\n", 1241 MAJOR(mei_devt), dev->minor); 1242 ret = PTR_ERR(clsdev); 1243 goto err_dev_create; 1244 } 1245 1246 mei_dbgfs_register(dev, dev_name(clsdev)); 1247 1248 return 0; 1249 1250 err_dev_create: 1251 cdev_del(&dev->cdev); 1252 err_dev_add: 1253 mei_minor_free(dev); 1254 return ret; 1255 } 1256 EXPORT_SYMBOL_GPL(mei_register); 1257 1258 void mei_deregister(struct mei_device *dev) 1259 { 1260 int devno; 1261 1262 devno = dev->cdev.dev; 1263 cdev_del(&dev->cdev); 1264 1265 mei_dbgfs_deregister(dev); 1266 1267 device_destroy(mei_class, devno); 1268 1269 mei_minor_free(dev); 1270 } 1271 EXPORT_SYMBOL_GPL(mei_deregister); 1272 1273 static int __init mei_init(void) 1274 { 1275 int ret; 1276 1277 mei_class = class_create("mei"); 1278 if (IS_ERR(mei_class)) { 1279 pr_err("couldn't create class\n"); 1280 ret = PTR_ERR(mei_class); 1281 goto err; 1282 } 1283 1284 ret = alloc_chrdev_region(&mei_devt, 0, MEI_MAX_DEVS, "mei"); 1285 if (ret < 0) { 1286 pr_err("unable to allocate char dev region\n"); 1287 goto err_class; 1288 } 1289 1290 ret = mei_cl_bus_init(); 1291 if (ret < 0) { 1292 pr_err("unable to initialize bus\n"); 1293 goto err_chrdev; 1294 } 1295 1296 return 0; 1297 1298 err_chrdev: 1299 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS); 1300 err_class: 1301 class_destroy(mei_class); 1302 err: 1303 return ret; 1304 } 1305 1306 static void __exit mei_exit(void) 1307 { 1308 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS); 1309 class_destroy(mei_class); 1310 mei_cl_bus_exit(); 1311 } 1312 1313 module_init(mei_init); 1314 module_exit(mei_exit); 1315 1316 MODULE_AUTHOR("Intel Corporation"); 1317 MODULE_DESCRIPTION("Intel(R) Management Engine Interface"); 1318 MODULE_LICENSE("GPL v2"); 1319 1320