1 /* 2 * 3 * Intel Management Engine Interface (Intel MEI) Linux driver 4 * Copyright (c) 2003-2012, Intel Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 */ 16 #include <linux/module.h> 17 #include <linux/moduleparam.h> 18 #include <linux/kernel.h> 19 #include <linux/device.h> 20 #include <linux/fs.h> 21 #include <linux/errno.h> 22 #include <linux/types.h> 23 #include <linux/fcntl.h> 24 #include <linux/aio.h> 25 #include <linux/pci.h> 26 #include <linux/poll.h> 27 #include <linux/init.h> 28 #include <linux/ioctl.h> 29 #include <linux/cdev.h> 30 #include <linux/sched.h> 31 #include <linux/uuid.h> 32 #include <linux/compat.h> 33 #include <linux/jiffies.h> 34 #include <linux/interrupt.h> 35 #include <linux/miscdevice.h> 36 37 #include <linux/mei.h> 38 39 #include "mei_dev.h" 40 #include "client.h" 41 42 /** 43 * mei_open - the open function 44 * 45 * @inode: pointer to inode structure 46 * @file: pointer to file structure 47 * 48 * returns 0 on success, <0 on error 49 */ 50 static int mei_open(struct inode *inode, struct file *file) 51 { 52 struct miscdevice *misc = file->private_data; 53 struct pci_dev *pdev; 54 struct mei_cl *cl; 55 struct mei_device *dev; 56 57 int err; 58 59 if (!misc->parent) 60 return -ENODEV; 61 62 pdev = container_of(misc->parent, struct pci_dev, dev); 63 64 dev = pci_get_drvdata(pdev); 65 if (!dev) 66 return -ENODEV; 67 68 mutex_lock(&dev->device_lock); 69 70 cl = NULL; 71 72 err = -ENODEV; 73 if (dev->dev_state != MEI_DEV_ENABLED) { 74 dev_dbg(&dev->pdev->dev, "dev_state != MEI_ENABLED dev_state = %s\n", 75 mei_dev_state_str(dev->dev_state)); 76 goto err_unlock; 77 } 78 79 err = -ENOMEM; 80 cl = mei_cl_allocate(dev); 81 if (!cl) 82 goto err_unlock; 83 84 /* open_handle_count check is handled in the mei_cl_link */ 85 err = mei_cl_link(cl, MEI_HOST_CLIENT_ID_ANY); 86 if (err) 87 goto err_unlock; 88 89 file->private_data = cl; 90 91 mutex_unlock(&dev->device_lock); 92 93 return nonseekable_open(inode, file); 94 95 err_unlock: 96 mutex_unlock(&dev->device_lock); 97 kfree(cl); 98 return err; 99 } 100 101 /** 102 * mei_release - the release function 103 * 104 * @inode: pointer to inode structure 105 * @file: pointer to file structure 106 * 107 * returns 0 on success, <0 on error 108 */ 109 static int mei_release(struct inode *inode, struct file *file) 110 { 111 struct mei_cl *cl = file->private_data; 112 struct mei_cl_cb *cb; 113 struct mei_device *dev; 114 int rets = 0; 115 116 if (WARN_ON(!cl || !cl->dev)) 117 return -ENODEV; 118 119 dev = cl->dev; 120 121 mutex_lock(&dev->device_lock); 122 if (cl == &dev->iamthif_cl) { 123 rets = mei_amthif_release(dev, file); 124 goto out; 125 } 126 if (cl->state == MEI_FILE_CONNECTED) { 127 cl->state = MEI_FILE_DISCONNECTING; 128 cl_dbg(dev, cl, "disconnecting\n"); 129 rets = mei_cl_disconnect(cl); 130 } 131 mei_cl_flush_queues(cl); 132 cl_dbg(dev, cl, "removing\n"); 133 134 mei_cl_unlink(cl); 135 136 137 /* free read cb */ 138 cb = NULL; 139 if (cl->read_cb) { 140 cb = mei_cl_find_read_cb(cl); 141 /* Remove entry from read list */ 142 if (cb) 143 list_del(&cb->list); 144 145 cb = cl->read_cb; 146 cl->read_cb = NULL; 147 } 148 149 file->private_data = NULL; 150 151 mei_io_cb_free(cb); 152 153 kfree(cl); 154 out: 155 mutex_unlock(&dev->device_lock); 156 return rets; 157 } 158 159 160 /** 161 * mei_read - the read function. 162 * 163 * @file: pointer to file structure 164 * @ubuf: pointer to user buffer 165 * @length: buffer length 166 * @offset: data offset in buffer 167 * 168 * returns >=0 data length on success , <0 on error 169 */ 170 static ssize_t mei_read(struct file *file, char __user *ubuf, 171 size_t length, loff_t *offset) 172 { 173 struct mei_cl *cl = file->private_data; 174 struct mei_cl_cb *cb_pos = NULL; 175 struct mei_cl_cb *cb = NULL; 176 struct mei_device *dev; 177 int rets; 178 int err; 179 180 181 if (WARN_ON(!cl || !cl->dev)) 182 return -ENODEV; 183 184 dev = cl->dev; 185 186 187 mutex_lock(&dev->device_lock); 188 if (dev->dev_state != MEI_DEV_ENABLED) { 189 rets = -ENODEV; 190 goto out; 191 } 192 193 if (length == 0) { 194 rets = 0; 195 goto out; 196 } 197 198 if (cl == &dev->iamthif_cl) { 199 rets = mei_amthif_read(dev, file, ubuf, length, offset); 200 goto out; 201 } 202 203 if (cl->read_cb) { 204 cb = cl->read_cb; 205 /* read what left */ 206 if (cb->buf_idx > *offset) 207 goto copy_buffer; 208 /* offset is beyond buf_idx we have no more data return 0 */ 209 if (cb->buf_idx > 0 && cb->buf_idx <= *offset) { 210 rets = 0; 211 goto free; 212 } 213 /* Offset needs to be cleaned for contiguous reads*/ 214 if (cb->buf_idx == 0 && *offset > 0) 215 *offset = 0; 216 } else if (*offset > 0) { 217 *offset = 0; 218 } 219 220 err = mei_cl_read_start(cl, length); 221 if (err && err != -EBUSY) { 222 dev_dbg(&dev->pdev->dev, 223 "mei start read failure with status = %d\n", err); 224 rets = err; 225 goto out; 226 } 227 228 if (MEI_READ_COMPLETE != cl->reading_state && 229 !waitqueue_active(&cl->rx_wait)) { 230 if (file->f_flags & O_NONBLOCK) { 231 rets = -EAGAIN; 232 goto out; 233 } 234 235 mutex_unlock(&dev->device_lock); 236 237 if (wait_event_interruptible(cl->rx_wait, 238 MEI_READ_COMPLETE == cl->reading_state || 239 mei_cl_is_transitioning(cl))) { 240 241 if (signal_pending(current)) 242 return -EINTR; 243 return -ERESTARTSYS; 244 } 245 246 mutex_lock(&dev->device_lock); 247 if (mei_cl_is_transitioning(cl)) { 248 rets = -EBUSY; 249 goto out; 250 } 251 } 252 253 cb = cl->read_cb; 254 255 if (!cb) { 256 rets = -ENODEV; 257 goto out; 258 } 259 if (cl->reading_state != MEI_READ_COMPLETE) { 260 rets = 0; 261 goto out; 262 } 263 /* now copy the data to user space */ 264 copy_buffer: 265 dev_dbg(&dev->pdev->dev, "buf.size = %d buf.idx= %ld\n", 266 cb->response_buffer.size, cb->buf_idx); 267 if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) { 268 rets = -EMSGSIZE; 269 goto free; 270 } 271 272 /* length is being truncated to PAGE_SIZE, 273 * however buf_idx may point beyond that */ 274 length = min_t(size_t, length, cb->buf_idx - *offset); 275 276 if (copy_to_user(ubuf, cb->response_buffer.data + *offset, length)) { 277 dev_dbg(&dev->pdev->dev, "failed to copy data to userland\n"); 278 rets = -EFAULT; 279 goto free; 280 } 281 282 rets = length; 283 *offset += length; 284 if ((unsigned long)*offset < cb->buf_idx) 285 goto out; 286 287 free: 288 cb_pos = mei_cl_find_read_cb(cl); 289 /* Remove entry from read list */ 290 if (cb_pos) 291 list_del(&cb_pos->list); 292 mei_io_cb_free(cb); 293 cl->reading_state = MEI_IDLE; 294 cl->read_cb = NULL; 295 out: 296 dev_dbg(&dev->pdev->dev, "end mei read rets= %d\n", rets); 297 mutex_unlock(&dev->device_lock); 298 return rets; 299 } 300 /** 301 * mei_write - the write function. 302 * 303 * @file: pointer to file structure 304 * @ubuf: pointer to user buffer 305 * @length: buffer length 306 * @offset: data offset in buffer 307 * 308 * returns >=0 data length on success , <0 on error 309 */ 310 static ssize_t mei_write(struct file *file, const char __user *ubuf, 311 size_t length, loff_t *offset) 312 { 313 struct mei_cl *cl = file->private_data; 314 struct mei_cl_cb *write_cb = NULL; 315 struct mei_device *dev; 316 unsigned long timeout = 0; 317 int rets; 318 int id; 319 320 if (WARN_ON(!cl || !cl->dev)) 321 return -ENODEV; 322 323 dev = cl->dev; 324 325 mutex_lock(&dev->device_lock); 326 327 if (dev->dev_state != MEI_DEV_ENABLED) { 328 rets = -ENODEV; 329 goto out; 330 } 331 332 id = mei_me_cl_by_id(dev, cl->me_client_id); 333 if (id < 0) { 334 rets = -ENOTTY; 335 goto out; 336 } 337 338 if (length == 0) { 339 rets = 0; 340 goto out; 341 } 342 343 if (length > dev->me_clients[id].props.max_msg_length) { 344 rets = -EFBIG; 345 goto out; 346 } 347 348 if (cl->state != MEI_FILE_CONNECTED) { 349 dev_err(&dev->pdev->dev, "host client = %d, is not connected to ME client = %d", 350 cl->host_client_id, cl->me_client_id); 351 rets = -ENODEV; 352 goto out; 353 } 354 if (cl == &dev->iamthif_cl) { 355 write_cb = mei_amthif_find_read_list_entry(dev, file); 356 357 if (write_cb) { 358 timeout = write_cb->read_time + 359 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER); 360 361 if (time_after(jiffies, timeout) || 362 cl->reading_state == MEI_READ_COMPLETE) { 363 *offset = 0; 364 list_del(&write_cb->list); 365 mei_io_cb_free(write_cb); 366 write_cb = NULL; 367 } 368 } 369 } 370 371 /* free entry used in read */ 372 if (cl->reading_state == MEI_READ_COMPLETE) { 373 *offset = 0; 374 write_cb = mei_cl_find_read_cb(cl); 375 if (write_cb) { 376 list_del(&write_cb->list); 377 mei_io_cb_free(write_cb); 378 write_cb = NULL; 379 cl->reading_state = MEI_IDLE; 380 cl->read_cb = NULL; 381 } 382 } else if (cl->reading_state == MEI_IDLE) 383 *offset = 0; 384 385 386 write_cb = mei_io_cb_init(cl, file); 387 if (!write_cb) { 388 dev_err(&dev->pdev->dev, "write cb allocation failed\n"); 389 rets = -ENOMEM; 390 goto out; 391 } 392 rets = mei_io_cb_alloc_req_buf(write_cb, length); 393 if (rets) 394 goto out; 395 396 rets = copy_from_user(write_cb->request_buffer.data, ubuf, length); 397 if (rets) { 398 dev_dbg(&dev->pdev->dev, "failed to copy data from userland\n"); 399 rets = -EFAULT; 400 goto out; 401 } 402 403 if (cl == &dev->iamthif_cl) { 404 rets = mei_amthif_write(dev, write_cb); 405 406 if (rets) { 407 dev_err(&dev->pdev->dev, 408 "amthif write failed with status = %d\n", rets); 409 goto out; 410 } 411 mutex_unlock(&dev->device_lock); 412 return length; 413 } 414 415 rets = mei_cl_write(cl, write_cb, false); 416 out: 417 mutex_unlock(&dev->device_lock); 418 if (rets < 0) 419 mei_io_cb_free(write_cb); 420 return rets; 421 } 422 423 /** 424 * mei_ioctl_connect_client - the connect to fw client IOCTL function 425 * 426 * @dev: the device structure 427 * @data: IOCTL connect data, input and output parameters 428 * @file: private data of the file object 429 * 430 * Locking: called under "dev->device_lock" lock 431 * 432 * returns 0 on success, <0 on failure. 433 */ 434 static int mei_ioctl_connect_client(struct file *file, 435 struct mei_connect_client_data *data) 436 { 437 struct mei_device *dev; 438 struct mei_client *client; 439 struct mei_cl *cl; 440 int i; 441 int rets; 442 443 cl = file->private_data; 444 if (WARN_ON(!cl || !cl->dev)) 445 return -ENODEV; 446 447 dev = cl->dev; 448 449 if (dev->dev_state != MEI_DEV_ENABLED) { 450 rets = -ENODEV; 451 goto end; 452 } 453 454 if (cl->state != MEI_FILE_INITIALIZING && 455 cl->state != MEI_FILE_DISCONNECTED) { 456 rets = -EBUSY; 457 goto end; 458 } 459 460 /* find ME client we're trying to connect to */ 461 i = mei_me_cl_by_uuid(dev, &data->in_client_uuid); 462 if (i < 0 || dev->me_clients[i].props.fixed_address) { 463 dev_dbg(&dev->pdev->dev, "Cannot connect to FW Client UUID = %pUl\n", 464 &data->in_client_uuid); 465 rets = -ENOTTY; 466 goto end; 467 } 468 469 cl->me_client_id = dev->me_clients[i].client_id; 470 471 dev_dbg(&dev->pdev->dev, "Connect to FW Client ID = %d\n", 472 cl->me_client_id); 473 dev_dbg(&dev->pdev->dev, "FW Client - Protocol Version = %d\n", 474 dev->me_clients[i].props.protocol_version); 475 dev_dbg(&dev->pdev->dev, "FW Client - Max Msg Len = %d\n", 476 dev->me_clients[i].props.max_msg_length); 477 478 /* if we're connecting to amthif client then we will use the 479 * existing connection 480 */ 481 if (uuid_le_cmp(data->in_client_uuid, mei_amthif_guid) == 0) { 482 dev_dbg(&dev->pdev->dev, "FW Client is amthi\n"); 483 if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) { 484 rets = -ENODEV; 485 goto end; 486 } 487 mei_cl_unlink(cl); 488 489 kfree(cl); 490 cl = NULL; 491 dev->iamthif_open_count++; 492 file->private_data = &dev->iamthif_cl; 493 494 client = &data->out_client_properties; 495 client->max_msg_length = 496 dev->me_clients[i].props.max_msg_length; 497 client->protocol_version = 498 dev->me_clients[i].props.protocol_version; 499 rets = dev->iamthif_cl.status; 500 501 goto end; 502 } 503 504 505 /* prepare the output buffer */ 506 client = &data->out_client_properties; 507 client->max_msg_length = dev->me_clients[i].props.max_msg_length; 508 client->protocol_version = dev->me_clients[i].props.protocol_version; 509 dev_dbg(&dev->pdev->dev, "Can connect?\n"); 510 511 512 rets = mei_cl_connect(cl, file); 513 514 end: 515 return rets; 516 } 517 518 519 /** 520 * mei_ioctl - the IOCTL function 521 * 522 * @file: pointer to file structure 523 * @cmd: ioctl command 524 * @data: pointer to mei message structure 525 * 526 * returns 0 on success , <0 on error 527 */ 528 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data) 529 { 530 struct mei_device *dev; 531 struct mei_cl *cl = file->private_data; 532 struct mei_connect_client_data *connect_data = NULL; 533 int rets; 534 535 if (cmd != IOCTL_MEI_CONNECT_CLIENT) 536 return -EINVAL; 537 538 if (WARN_ON(!cl || !cl->dev)) 539 return -ENODEV; 540 541 dev = cl->dev; 542 543 dev_dbg(&dev->pdev->dev, "IOCTL cmd = 0x%x", cmd); 544 545 mutex_lock(&dev->device_lock); 546 if (dev->dev_state != MEI_DEV_ENABLED) { 547 rets = -ENODEV; 548 goto out; 549 } 550 551 dev_dbg(&dev->pdev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n"); 552 553 connect_data = kzalloc(sizeof(struct mei_connect_client_data), 554 GFP_KERNEL); 555 if (!connect_data) { 556 rets = -ENOMEM; 557 goto out; 558 } 559 dev_dbg(&dev->pdev->dev, "copy connect data from user\n"); 560 if (copy_from_user(connect_data, (char __user *)data, 561 sizeof(struct mei_connect_client_data))) { 562 dev_dbg(&dev->pdev->dev, "failed to copy data from userland\n"); 563 rets = -EFAULT; 564 goto out; 565 } 566 567 rets = mei_ioctl_connect_client(file, connect_data); 568 569 /* if all is ok, copying the data back to user. */ 570 if (rets) 571 goto out; 572 573 dev_dbg(&dev->pdev->dev, "copy connect data to user\n"); 574 if (copy_to_user((char __user *)data, connect_data, 575 sizeof(struct mei_connect_client_data))) { 576 dev_dbg(&dev->pdev->dev, "failed to copy data to userland\n"); 577 rets = -EFAULT; 578 goto out; 579 } 580 581 out: 582 kfree(connect_data); 583 mutex_unlock(&dev->device_lock); 584 return rets; 585 } 586 587 /** 588 * mei_compat_ioctl - the compat IOCTL function 589 * 590 * @file: pointer to file structure 591 * @cmd: ioctl command 592 * @data: pointer to mei message structure 593 * 594 * returns 0 on success , <0 on error 595 */ 596 #ifdef CONFIG_COMPAT 597 static long mei_compat_ioctl(struct file *file, 598 unsigned int cmd, unsigned long data) 599 { 600 return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data)); 601 } 602 #endif 603 604 605 /** 606 * mei_poll - the poll function 607 * 608 * @file: pointer to file structure 609 * @wait: pointer to poll_table structure 610 * 611 * returns poll mask 612 */ 613 static unsigned int mei_poll(struct file *file, poll_table *wait) 614 { 615 struct mei_cl *cl = file->private_data; 616 struct mei_device *dev; 617 unsigned int mask = 0; 618 619 if (WARN_ON(!cl || !cl->dev)) 620 return POLLERR; 621 622 dev = cl->dev; 623 624 mutex_lock(&dev->device_lock); 625 626 if (!mei_cl_is_connected(cl)) { 627 mask = POLLERR; 628 goto out; 629 } 630 631 mutex_unlock(&dev->device_lock); 632 633 634 if (cl == &dev->iamthif_cl) 635 return mei_amthif_poll(dev, file, wait); 636 637 poll_wait(file, &cl->tx_wait, wait); 638 639 mutex_lock(&dev->device_lock); 640 641 if (!mei_cl_is_connected(cl)) { 642 mask = POLLERR; 643 goto out; 644 } 645 646 mask |= (POLLIN | POLLRDNORM); 647 648 out: 649 mutex_unlock(&dev->device_lock); 650 return mask; 651 } 652 653 /* 654 * file operations structure will be used for mei char device. 655 */ 656 static const struct file_operations mei_fops = { 657 .owner = THIS_MODULE, 658 .read = mei_read, 659 .unlocked_ioctl = mei_ioctl, 660 #ifdef CONFIG_COMPAT 661 .compat_ioctl = mei_compat_ioctl, 662 #endif 663 .open = mei_open, 664 .release = mei_release, 665 .write = mei_write, 666 .poll = mei_poll, 667 .llseek = no_llseek 668 }; 669 670 /* 671 * Misc Device Struct 672 */ 673 static struct miscdevice mei_misc_device = { 674 .name = "mei", 675 .fops = &mei_fops, 676 .minor = MISC_DYNAMIC_MINOR, 677 }; 678 679 680 int mei_register(struct mei_device *dev) 681 { 682 int ret; 683 mei_misc_device.parent = &dev->pdev->dev; 684 ret = misc_register(&mei_misc_device); 685 if (ret) 686 return ret; 687 688 if (mei_dbgfs_register(dev, mei_misc_device.name)) 689 dev_err(&dev->pdev->dev, "cannot register debugfs\n"); 690 691 return 0; 692 } 693 EXPORT_SYMBOL_GPL(mei_register); 694 695 void mei_deregister(struct mei_device *dev) 696 { 697 mei_dbgfs_deregister(dev); 698 misc_deregister(&mei_misc_device); 699 mei_misc_device.parent = NULL; 700 } 701 EXPORT_SYMBOL_GPL(mei_deregister); 702 703 static int __init mei_init(void) 704 { 705 return mei_cl_bus_init(); 706 } 707 708 static void __exit mei_exit(void) 709 { 710 mei_cl_bus_exit(); 711 } 712 713 module_init(mei_init); 714 module_exit(mei_exit); 715 716 MODULE_AUTHOR("Intel Corporation"); 717 MODULE_DESCRIPTION("Intel(R) Management Engine Interface"); 718 MODULE_LICENSE("GPL v2"); 719 720