1 /* 2 * 3 * Intel Management Engine Interface (Intel MEI) Linux driver 4 * Copyright (c) 2003-2012, Intel Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 */ 16 #include <linux/module.h> 17 #include <linux/moduleparam.h> 18 #include <linux/kernel.h> 19 #include <linux/device.h> 20 #include <linux/fs.h> 21 #include <linux/errno.h> 22 #include <linux/types.h> 23 #include <linux/fcntl.h> 24 #include <linux/aio.h> 25 #include <linux/pci.h> 26 #include <linux/poll.h> 27 #include <linux/init.h> 28 #include <linux/ioctl.h> 29 #include <linux/cdev.h> 30 #include <linux/sched.h> 31 #include <linux/uuid.h> 32 #include <linux/compat.h> 33 #include <linux/jiffies.h> 34 #include <linux/interrupt.h> 35 #include <linux/miscdevice.h> 36 37 #include <linux/mei.h> 38 39 #include "mei_dev.h" 40 #include "client.h" 41 42 /** 43 * mei_open - the open function 44 * 45 * @inode: pointer to inode structure 46 * @file: pointer to file structure 47 * 48 * returns 0 on success, <0 on error 49 */ 50 static int mei_open(struct inode *inode, struct file *file) 51 { 52 struct miscdevice *misc = file->private_data; 53 struct pci_dev *pdev; 54 struct mei_cl *cl; 55 struct mei_device *dev; 56 57 int err; 58 59 if (!misc->parent) 60 return -ENODEV; 61 62 pdev = container_of(misc->parent, struct pci_dev, dev); 63 64 dev = pci_get_drvdata(pdev); 65 if (!dev) 66 return -ENODEV; 67 68 mutex_lock(&dev->device_lock); 69 70 cl = NULL; 71 72 err = -ENODEV; 73 if (dev->dev_state != MEI_DEV_ENABLED) { 74 dev_dbg(&dev->pdev->dev, "dev_state != MEI_ENABLED dev_state = %s\n", 75 mei_dev_state_str(dev->dev_state)); 76 goto err_unlock; 77 } 78 79 err = -ENOMEM; 80 cl = mei_cl_allocate(dev); 81 if (!cl) 82 goto err_unlock; 83 84 /* open_handle_count check is handled in the mei_cl_link */ 85 err = mei_cl_link(cl, MEI_HOST_CLIENT_ID_ANY); 86 if (err) 87 goto err_unlock; 88 89 file->private_data = cl; 90 91 mutex_unlock(&dev->device_lock); 92 93 return nonseekable_open(inode, file); 94 95 err_unlock: 96 mutex_unlock(&dev->device_lock); 97 kfree(cl); 98 return err; 99 } 100 101 /** 102 * mei_release - the release function 103 * 104 * @inode: pointer to inode structure 105 * @file: pointer to file structure 106 * 107 * returns 0 on success, <0 on error 108 */ 109 static int mei_release(struct inode *inode, struct file *file) 110 { 111 struct mei_cl *cl = file->private_data; 112 struct mei_cl_cb *cb; 113 struct mei_device *dev; 114 int rets = 0; 115 116 if (WARN_ON(!cl || !cl->dev)) 117 return -ENODEV; 118 119 dev = cl->dev; 120 121 mutex_lock(&dev->device_lock); 122 if (cl == &dev->iamthif_cl) { 123 rets = mei_amthif_release(dev, file); 124 goto out; 125 } 126 if (cl->state == MEI_FILE_CONNECTED) { 127 cl->state = MEI_FILE_DISCONNECTING; 128 cl_dbg(dev, cl, "disconnecting\n"); 129 rets = mei_cl_disconnect(cl); 130 } 131 mei_cl_flush_queues(cl); 132 cl_dbg(dev, cl, "removing\n"); 133 134 mei_cl_unlink(cl); 135 136 137 /* free read cb */ 138 cb = NULL; 139 if (cl->read_cb) { 140 cb = mei_cl_find_read_cb(cl); 141 /* Remove entry from read list */ 142 if (cb) 143 list_del(&cb->list); 144 145 cb = cl->read_cb; 146 cl->read_cb = NULL; 147 } 148 149 file->private_data = NULL; 150 151 mei_io_cb_free(cb); 152 153 kfree(cl); 154 out: 155 mutex_unlock(&dev->device_lock); 156 return rets; 157 } 158 159 160 /** 161 * mei_read - the read function. 162 * 163 * @file: pointer to file structure 164 * @ubuf: pointer to user buffer 165 * @length: buffer length 166 * @offset: data offset in buffer 167 * 168 * returns >=0 data length on success , <0 on error 169 */ 170 static ssize_t mei_read(struct file *file, char __user *ubuf, 171 size_t length, loff_t *offset) 172 { 173 struct mei_cl *cl = file->private_data; 174 struct mei_cl_cb *cb_pos = NULL; 175 struct mei_cl_cb *cb = NULL; 176 struct mei_device *dev; 177 int rets; 178 int err; 179 180 181 if (WARN_ON(!cl || !cl->dev)) 182 return -ENODEV; 183 184 dev = cl->dev; 185 186 187 mutex_lock(&dev->device_lock); 188 if (dev->dev_state != MEI_DEV_ENABLED) { 189 rets = -ENODEV; 190 goto out; 191 } 192 193 if (length == 0) { 194 rets = 0; 195 goto out; 196 } 197 198 if (cl == &dev->iamthif_cl) { 199 rets = mei_amthif_read(dev, file, ubuf, length, offset); 200 goto out; 201 } 202 203 if (cl->read_cb) { 204 cb = cl->read_cb; 205 /* read what left */ 206 if (cb->buf_idx > *offset) 207 goto copy_buffer; 208 /* offset is beyond buf_idx we have no more data return 0 */ 209 if (cb->buf_idx > 0 && cb->buf_idx <= *offset) { 210 rets = 0; 211 goto free; 212 } 213 /* Offset needs to be cleaned for contiguous reads*/ 214 if (cb->buf_idx == 0 && *offset > 0) 215 *offset = 0; 216 } else if (*offset > 0) { 217 *offset = 0; 218 } 219 220 err = mei_cl_read_start(cl, length); 221 if (err && err != -EBUSY) { 222 dev_dbg(&dev->pdev->dev, 223 "mei start read failure with status = %d\n", err); 224 rets = err; 225 goto out; 226 } 227 228 if (MEI_READ_COMPLETE != cl->reading_state && 229 !waitqueue_active(&cl->rx_wait)) { 230 if (file->f_flags & O_NONBLOCK) { 231 rets = -EAGAIN; 232 goto out; 233 } 234 235 mutex_unlock(&dev->device_lock); 236 237 if (wait_event_interruptible(cl->rx_wait, 238 MEI_READ_COMPLETE == cl->reading_state || 239 mei_cl_is_transitioning(cl))) { 240 241 if (signal_pending(current)) 242 return -EINTR; 243 return -ERESTARTSYS; 244 } 245 246 mutex_lock(&dev->device_lock); 247 if (mei_cl_is_transitioning(cl)) { 248 rets = -EBUSY; 249 goto out; 250 } 251 } 252 253 cb = cl->read_cb; 254 255 if (!cb) { 256 rets = -ENODEV; 257 goto out; 258 } 259 if (cl->reading_state != MEI_READ_COMPLETE) { 260 rets = 0; 261 goto out; 262 } 263 /* now copy the data to user space */ 264 copy_buffer: 265 dev_dbg(&dev->pdev->dev, "buf.size = %d buf.idx= %ld\n", 266 cb->response_buffer.size, cb->buf_idx); 267 if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) { 268 rets = -EMSGSIZE; 269 goto free; 270 } 271 272 /* length is being truncated to PAGE_SIZE, 273 * however buf_idx may point beyond that */ 274 length = min_t(size_t, length, cb->buf_idx - *offset); 275 276 if (copy_to_user(ubuf, cb->response_buffer.data + *offset, length)) { 277 dev_dbg(&dev->pdev->dev, "failed to copy data to userland\n"); 278 rets = -EFAULT; 279 goto free; 280 } 281 282 rets = length; 283 *offset += length; 284 if ((unsigned long)*offset < cb->buf_idx) 285 goto out; 286 287 free: 288 cb_pos = mei_cl_find_read_cb(cl); 289 /* Remove entry from read list */ 290 if (cb_pos) 291 list_del(&cb_pos->list); 292 mei_io_cb_free(cb); 293 cl->reading_state = MEI_IDLE; 294 cl->read_cb = NULL; 295 out: 296 dev_dbg(&dev->pdev->dev, "end mei read rets= %d\n", rets); 297 mutex_unlock(&dev->device_lock); 298 return rets; 299 } 300 /** 301 * mei_write - the write function. 302 * 303 * @file: pointer to file structure 304 * @ubuf: pointer to user buffer 305 * @length: buffer length 306 * @offset: data offset in buffer 307 * 308 * returns >=0 data length on success , <0 on error 309 */ 310 static ssize_t mei_write(struct file *file, const char __user *ubuf, 311 size_t length, loff_t *offset) 312 { 313 struct mei_cl *cl = file->private_data; 314 struct mei_cl_cb *write_cb = NULL; 315 struct mei_device *dev; 316 unsigned long timeout = 0; 317 int rets; 318 int id; 319 320 if (WARN_ON(!cl || !cl->dev)) 321 return -ENODEV; 322 323 dev = cl->dev; 324 325 mutex_lock(&dev->device_lock); 326 327 if (dev->dev_state != MEI_DEV_ENABLED) { 328 rets = -ENODEV; 329 goto out; 330 } 331 332 id = mei_me_cl_by_id(dev, cl->me_client_id); 333 if (id < 0) { 334 rets = -ENOTTY; 335 goto out; 336 } 337 338 if (length == 0) { 339 rets = 0; 340 goto out; 341 } 342 343 if (length > dev->me_clients[id].props.max_msg_length) { 344 rets = -EFBIG; 345 goto out; 346 } 347 348 if (cl->state != MEI_FILE_CONNECTED) { 349 dev_err(&dev->pdev->dev, "host client = %d, is not connected to ME client = %d", 350 cl->host_client_id, cl->me_client_id); 351 rets = -ENODEV; 352 goto out; 353 } 354 if (cl == &dev->iamthif_cl) { 355 write_cb = mei_amthif_find_read_list_entry(dev, file); 356 357 if (write_cb) { 358 timeout = write_cb->read_time + 359 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER); 360 361 if (time_after(jiffies, timeout) || 362 cl->reading_state == MEI_READ_COMPLETE) { 363 *offset = 0; 364 list_del(&write_cb->list); 365 mei_io_cb_free(write_cb); 366 write_cb = NULL; 367 } 368 } 369 } 370 371 /* free entry used in read */ 372 if (cl->reading_state == MEI_READ_COMPLETE) { 373 *offset = 0; 374 write_cb = mei_cl_find_read_cb(cl); 375 if (write_cb) { 376 list_del(&write_cb->list); 377 mei_io_cb_free(write_cb); 378 write_cb = NULL; 379 cl->reading_state = MEI_IDLE; 380 cl->read_cb = NULL; 381 } 382 } else if (cl->reading_state == MEI_IDLE) 383 *offset = 0; 384 385 386 write_cb = mei_io_cb_init(cl, file); 387 if (!write_cb) { 388 dev_err(&dev->pdev->dev, "write cb allocation failed\n"); 389 rets = -ENOMEM; 390 goto out; 391 } 392 rets = mei_io_cb_alloc_req_buf(write_cb, length); 393 if (rets) 394 goto out; 395 396 rets = copy_from_user(write_cb->request_buffer.data, ubuf, length); 397 if (rets) { 398 dev_dbg(&dev->pdev->dev, "failed to copy data from userland\n"); 399 rets = -EFAULT; 400 goto out; 401 } 402 403 if (cl == &dev->iamthif_cl) { 404 rets = mei_amthif_write(dev, write_cb); 405 406 if (rets) { 407 dev_err(&dev->pdev->dev, 408 "amthif write failed with status = %d\n", rets); 409 goto out; 410 } 411 mutex_unlock(&dev->device_lock); 412 return length; 413 } 414 415 rets = mei_cl_write(cl, write_cb, false); 416 out: 417 mutex_unlock(&dev->device_lock); 418 if (rets < 0) 419 mei_io_cb_free(write_cb); 420 return rets; 421 } 422 423 /** 424 * mei_ioctl_connect_client - the connect to fw client IOCTL function 425 * 426 * @dev: the device structure 427 * @data: IOCTL connect data, input and output parameters 428 * @file: private data of the file object 429 * 430 * Locking: called under "dev->device_lock" lock 431 * 432 * returns 0 on success, <0 on failure. 433 */ 434 static int mei_ioctl_connect_client(struct file *file, 435 struct mei_connect_client_data *data) 436 { 437 struct mei_device *dev; 438 struct mei_client *client; 439 struct mei_cl *cl; 440 int i; 441 int rets; 442 443 cl = file->private_data; 444 if (WARN_ON(!cl || !cl->dev)) 445 return -ENODEV; 446 447 dev = cl->dev; 448 449 if (dev->dev_state != MEI_DEV_ENABLED) { 450 rets = -ENODEV; 451 goto end; 452 } 453 454 if (cl->state != MEI_FILE_INITIALIZING && 455 cl->state != MEI_FILE_DISCONNECTED) { 456 rets = -EBUSY; 457 goto end; 458 } 459 460 /* find ME client we're trying to connect to */ 461 i = mei_me_cl_by_uuid(dev, &data->in_client_uuid); 462 if (i < 0 || dev->me_clients[i].props.fixed_address) { 463 dev_dbg(&dev->pdev->dev, "Cannot connect to FW Client UUID = %pUl\n", 464 &data->in_client_uuid); 465 rets = -ENOTTY; 466 goto end; 467 } 468 469 cl->me_client_id = dev->me_clients[i].client_id; 470 cl->state = MEI_FILE_CONNECTING; 471 472 dev_dbg(&dev->pdev->dev, "Connect to FW Client ID = %d\n", 473 cl->me_client_id); 474 dev_dbg(&dev->pdev->dev, "FW Client - Protocol Version = %d\n", 475 dev->me_clients[i].props.protocol_version); 476 dev_dbg(&dev->pdev->dev, "FW Client - Max Msg Len = %d\n", 477 dev->me_clients[i].props.max_msg_length); 478 479 /* if we're connecting to amthif client then we will use the 480 * existing connection 481 */ 482 if (uuid_le_cmp(data->in_client_uuid, mei_amthif_guid) == 0) { 483 dev_dbg(&dev->pdev->dev, "FW Client is amthi\n"); 484 if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) { 485 rets = -ENODEV; 486 goto end; 487 } 488 mei_cl_unlink(cl); 489 490 kfree(cl); 491 cl = NULL; 492 dev->iamthif_open_count++; 493 file->private_data = &dev->iamthif_cl; 494 495 client = &data->out_client_properties; 496 client->max_msg_length = 497 dev->me_clients[i].props.max_msg_length; 498 client->protocol_version = 499 dev->me_clients[i].props.protocol_version; 500 rets = dev->iamthif_cl.status; 501 502 goto end; 503 } 504 505 506 /* prepare the output buffer */ 507 client = &data->out_client_properties; 508 client->max_msg_length = dev->me_clients[i].props.max_msg_length; 509 client->protocol_version = dev->me_clients[i].props.protocol_version; 510 dev_dbg(&dev->pdev->dev, "Can connect?\n"); 511 512 513 rets = mei_cl_connect(cl, file); 514 515 end: 516 return rets; 517 } 518 519 520 /** 521 * mei_ioctl - the IOCTL function 522 * 523 * @file: pointer to file structure 524 * @cmd: ioctl command 525 * @data: pointer to mei message structure 526 * 527 * returns 0 on success , <0 on error 528 */ 529 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data) 530 { 531 struct mei_device *dev; 532 struct mei_cl *cl = file->private_data; 533 struct mei_connect_client_data *connect_data = NULL; 534 int rets; 535 536 if (cmd != IOCTL_MEI_CONNECT_CLIENT) 537 return -EINVAL; 538 539 if (WARN_ON(!cl || !cl->dev)) 540 return -ENODEV; 541 542 dev = cl->dev; 543 544 dev_dbg(&dev->pdev->dev, "IOCTL cmd = 0x%x", cmd); 545 546 mutex_lock(&dev->device_lock); 547 if (dev->dev_state != MEI_DEV_ENABLED) { 548 rets = -ENODEV; 549 goto out; 550 } 551 552 dev_dbg(&dev->pdev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n"); 553 554 connect_data = kzalloc(sizeof(struct mei_connect_client_data), 555 GFP_KERNEL); 556 if (!connect_data) { 557 rets = -ENOMEM; 558 goto out; 559 } 560 dev_dbg(&dev->pdev->dev, "copy connect data from user\n"); 561 if (copy_from_user(connect_data, (char __user *)data, 562 sizeof(struct mei_connect_client_data))) { 563 dev_dbg(&dev->pdev->dev, "failed to copy data from userland\n"); 564 rets = -EFAULT; 565 goto out; 566 } 567 568 rets = mei_ioctl_connect_client(file, connect_data); 569 570 /* if all is ok, copying the data back to user. */ 571 if (rets) 572 goto out; 573 574 dev_dbg(&dev->pdev->dev, "copy connect data to user\n"); 575 if (copy_to_user((char __user *)data, connect_data, 576 sizeof(struct mei_connect_client_data))) { 577 dev_dbg(&dev->pdev->dev, "failed to copy data to userland\n"); 578 rets = -EFAULT; 579 goto out; 580 } 581 582 out: 583 kfree(connect_data); 584 mutex_unlock(&dev->device_lock); 585 return rets; 586 } 587 588 /** 589 * mei_compat_ioctl - the compat IOCTL function 590 * 591 * @file: pointer to file structure 592 * @cmd: ioctl command 593 * @data: pointer to mei message structure 594 * 595 * returns 0 on success , <0 on error 596 */ 597 #ifdef CONFIG_COMPAT 598 static long mei_compat_ioctl(struct file *file, 599 unsigned int cmd, unsigned long data) 600 { 601 return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data)); 602 } 603 #endif 604 605 606 /** 607 * mei_poll - the poll function 608 * 609 * @file: pointer to file structure 610 * @wait: pointer to poll_table structure 611 * 612 * returns poll mask 613 */ 614 static unsigned int mei_poll(struct file *file, poll_table *wait) 615 { 616 struct mei_cl *cl = file->private_data; 617 struct mei_device *dev; 618 unsigned int mask = 0; 619 620 if (WARN_ON(!cl || !cl->dev)) 621 return POLLERR; 622 623 dev = cl->dev; 624 625 mutex_lock(&dev->device_lock); 626 627 if (!mei_cl_is_connected(cl)) { 628 mask = POLLERR; 629 goto out; 630 } 631 632 mutex_unlock(&dev->device_lock); 633 634 635 if (cl == &dev->iamthif_cl) 636 return mei_amthif_poll(dev, file, wait); 637 638 poll_wait(file, &cl->tx_wait, wait); 639 640 mutex_lock(&dev->device_lock); 641 642 if (!mei_cl_is_connected(cl)) { 643 mask = POLLERR; 644 goto out; 645 } 646 647 if (MEI_WRITE_COMPLETE == cl->writing_state) 648 mask |= (POLLIN | POLLRDNORM); 649 650 out: 651 mutex_unlock(&dev->device_lock); 652 return mask; 653 } 654 655 /* 656 * file operations structure will be used for mei char device. 657 */ 658 static const struct file_operations mei_fops = { 659 .owner = THIS_MODULE, 660 .read = mei_read, 661 .unlocked_ioctl = mei_ioctl, 662 #ifdef CONFIG_COMPAT 663 .compat_ioctl = mei_compat_ioctl, 664 #endif 665 .open = mei_open, 666 .release = mei_release, 667 .write = mei_write, 668 .poll = mei_poll, 669 .llseek = no_llseek 670 }; 671 672 /* 673 * Misc Device Struct 674 */ 675 static struct miscdevice mei_misc_device = { 676 .name = "mei", 677 .fops = &mei_fops, 678 .minor = MISC_DYNAMIC_MINOR, 679 }; 680 681 682 int mei_register(struct mei_device *dev) 683 { 684 int ret; 685 mei_misc_device.parent = &dev->pdev->dev; 686 ret = misc_register(&mei_misc_device); 687 if (ret) 688 return ret; 689 690 if (mei_dbgfs_register(dev, mei_misc_device.name)) 691 dev_err(&dev->pdev->dev, "cannot register debugfs\n"); 692 693 return 0; 694 } 695 EXPORT_SYMBOL_GPL(mei_register); 696 697 void mei_deregister(struct mei_device *dev) 698 { 699 mei_dbgfs_deregister(dev); 700 misc_deregister(&mei_misc_device); 701 mei_misc_device.parent = NULL; 702 } 703 EXPORT_SYMBOL_GPL(mei_deregister); 704 705 static int __init mei_init(void) 706 { 707 return mei_cl_bus_init(); 708 } 709 710 static void __exit mei_exit(void) 711 { 712 mei_cl_bus_exit(); 713 } 714 715 module_init(mei_init); 716 module_exit(mei_exit); 717 718 MODULE_AUTHOR("Intel Corporation"); 719 MODULE_DESCRIPTION("Intel(R) Management Engine Interface"); 720 MODULE_LICENSE("GPL v2"); 721 722