1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (c) 2003-2018, Intel Corporation. All rights reserved.
4 * Intel Management Engine Interface (Intel MEI) Linux driver
7 #include <linux/module.h>
8 #include <linux/moduleparam.h>
9 #include <linux/kernel.h>
10 #include <linux/device.h>
11 #include <linux/slab.h>
13 #include <linux/errno.h>
14 #include <linux/types.h>
15 #include <linux/fcntl.h>
16 #include <linux/poll.h>
17 #include <linux/init.h>
18 #include <linux/ioctl.h>
19 #include <linux/cdev.h>
20 #include <linux/sched/signal.h>
21 #include <linux/uuid.h>
22 #include <linux/compat.h>
23 #include <linux/jiffies.h>
24 #include <linux/interrupt.h>
26 #include <linux/mei.h>
31 static struct class *mei_class;
32 static dev_t mei_devt;
33 #define MEI_MAX_DEVS MINORMASK
34 static DEFINE_MUTEX(mei_minor_lock);
35 static DEFINE_IDR(mei_idr);
38 * mei_open - the open function
40 * @inode: pointer to inode structure
41 * @file: pointer to file structure
43 * Return: 0 on success, <0 on error
45 static int mei_open(struct inode *inode, struct file *file)
47 struct mei_device *dev;
52 dev = container_of(inode->i_cdev, struct mei_device, cdev);
56 mutex_lock(&dev->device_lock);
58 if (dev->dev_state != MEI_DEV_ENABLED) {
59 dev_dbg(dev->dev, "dev_state != MEI_ENABLED dev_state = %s\n",
60 mei_dev_state_str(dev->dev_state));
65 cl = mei_cl_alloc_linked(dev);
72 file->private_data = cl;
74 mutex_unlock(&dev->device_lock);
76 return nonseekable_open(inode, file);
79 mutex_unlock(&dev->device_lock);
84 * mei_release - the release function
86 * @inode: pointer to inode structure
87 * @file: pointer to file structure
89 * Return: 0 on success, <0 on error
91 static int mei_release(struct inode *inode, struct file *file)
93 struct mei_cl *cl = file->private_data;
94 struct mei_device *dev;
97 if (WARN_ON(!cl || !cl->dev))
102 mutex_lock(&dev->device_lock);
104 rets = mei_cl_disconnect(cl);
106 mei_cl_flush_queues(cl, file);
107 cl_dbg(dev, cl, "removing\n");
111 file->private_data = NULL;
115 mutex_unlock(&dev->device_lock);
121 * mei_read - the read function.
123 * @file: pointer to file structure
124 * @ubuf: pointer to user buffer
125 * @length: buffer length
126 * @offset: data offset in buffer
128 * Return: >=0 data length on success , <0 on error
130 static ssize_t mei_read(struct file *file, char __user *ubuf,
131 size_t length, loff_t *offset)
133 struct mei_cl *cl = file->private_data;
134 struct mei_device *dev;
135 struct mei_cl_cb *cb = NULL;
136 bool nonblock = !!(file->f_flags & O_NONBLOCK);
139 if (WARN_ON(!cl || !cl->dev))
145 mutex_lock(&dev->device_lock);
146 if (dev->dev_state != MEI_DEV_ENABLED) {
161 cb = mei_cl_read_cb(cl, file);
168 rets = mei_cl_read_start(cl, length, file);
169 if (rets && rets != -EBUSY) {
170 cl_dbg(dev, cl, "mei start read failure status = %zd\n", rets);
179 mutex_unlock(&dev->device_lock);
180 if (wait_event_interruptible(cl->rx_wait,
181 !list_empty(&cl->rd_completed) ||
182 !mei_cl_is_connected(cl))) {
183 if (signal_pending(current))
187 mutex_lock(&dev->device_lock);
189 if (!mei_cl_is_connected(cl)) {
194 cb = mei_cl_read_cb(cl, file);
201 /* now copy the data to user space */
204 cl_dbg(dev, cl, "read operation failed %zd\n", rets);
208 cl_dbg(dev, cl, "buf.size = %zu buf.idx = %zu offset = %lld\n",
209 cb->buf.size, cb->buf_idx, *offset);
210 if (*offset >= cb->buf_idx) {
215 /* length is being truncated to PAGE_SIZE,
216 * however buf_idx may point beyond that */
217 length = min_t(size_t, length, cb->buf_idx - *offset);
219 if (copy_to_user(ubuf, cb->buf.data + *offset, length)) {
220 dev_dbg(dev->dev, "failed to copy data to userland\n");
227 /* not all data was read, keep the cb */
228 if (*offset < cb->buf_idx)
236 cl_dbg(dev, cl, "end mei read rets = %zd\n", rets);
237 mutex_unlock(&dev->device_lock);
241 * mei_write - the write function.
243 * @file: pointer to file structure
244 * @ubuf: pointer to user buffer
245 * @length: buffer length
246 * @offset: data offset in buffer
248 * Return: >=0 data length on success , <0 on error
250 static ssize_t mei_write(struct file *file, const char __user *ubuf,
251 size_t length, loff_t *offset)
253 struct mei_cl *cl = file->private_data;
254 struct mei_cl_cb *cb;
255 struct mei_device *dev;
258 if (WARN_ON(!cl || !cl->dev))
263 mutex_lock(&dev->device_lock);
265 if (dev->dev_state != MEI_DEV_ENABLED) {
270 if (!mei_cl_is_connected(cl)) {
271 cl_err(dev, cl, "is not connected");
276 if (!mei_me_cl_is_active(cl->me_cl)) {
281 if (length > mei_cl_mtu(cl)) {
291 while (cl->tx_cb_queued >= dev->tx_queue_limit) {
292 if (file->f_flags & O_NONBLOCK) {
296 mutex_unlock(&dev->device_lock);
297 rets = wait_event_interruptible(cl->tx_wait,
298 cl->writing_state == MEI_WRITE_COMPLETE ||
299 (!mei_cl_is_connected(cl)));
300 mutex_lock(&dev->device_lock);
302 if (signal_pending(current))
306 if (!mei_cl_is_connected(cl)) {
312 cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file);
318 rets = copy_from_user(cb->buf.data, ubuf, length);
320 dev_dbg(dev->dev, "failed to copy data from userland\n");
326 rets = mei_cl_write(cl, cb);
328 mutex_unlock(&dev->device_lock);
333 * mei_ioctl_connect_client - the connect to fw client IOCTL function
335 * @file: private data of the file object
336 * @data: IOCTL connect data, input and output parameters
338 * Locking: called under "dev->device_lock" lock
340 * Return: 0 on success, <0 on failure.
342 static int mei_ioctl_connect_client(struct file *file,
343 struct mei_connect_client_data *data)
345 struct mei_device *dev;
346 struct mei_client *client;
347 struct mei_me_client *me_cl;
351 cl = file->private_data;
354 if (dev->dev_state != MEI_DEV_ENABLED)
357 if (cl->state != MEI_FILE_INITIALIZING &&
358 cl->state != MEI_FILE_DISCONNECTED)
361 /* find ME client we're trying to connect to */
362 me_cl = mei_me_cl_by_uuid(dev, &data->in_client_uuid);
364 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n",
365 &data->in_client_uuid);
370 if (me_cl->props.fixed_address) {
371 bool forbidden = dev->override_fixed_address ?
372 !dev->allow_fixed_address : !dev->hbm_f_fa_supported;
374 dev_dbg(dev->dev, "Connection forbidden to FW Client UUID = %pUl\n",
375 &data->in_client_uuid);
381 dev_dbg(dev->dev, "Connect to FW Client ID = %d\n",
383 dev_dbg(dev->dev, "FW Client - Protocol Version = %d\n",
384 me_cl->props.protocol_version);
385 dev_dbg(dev->dev, "FW Client - Max Msg Len = %d\n",
386 me_cl->props.max_msg_length);
388 /* prepare the output buffer */
389 client = &data->out_client_properties;
390 client->max_msg_length = me_cl->props.max_msg_length;
391 client->protocol_version = me_cl->props.protocol_version;
392 dev_dbg(dev->dev, "Can connect?\n");
394 rets = mei_cl_connect(cl, me_cl, file);
397 mei_me_cl_put(me_cl);
402 * mei_ioctl_client_notify_request -
403 * propagate event notification request to client
405 * @file: pointer to file structure
406 * @request: 0 - disable, 1 - enable
408 * Return: 0 on success , <0 on error
410 static int mei_ioctl_client_notify_request(const struct file *file, u32 request)
412 struct mei_cl *cl = file->private_data;
414 if (request != MEI_HBM_NOTIFICATION_START &&
415 request != MEI_HBM_NOTIFICATION_STOP)
418 return mei_cl_notify_request(cl, file, (u8)request);
422 * mei_ioctl_client_notify_get - wait for notification request
424 * @file: pointer to file structure
425 * @notify_get: 0 - disable, 1 - enable
427 * Return: 0 on success , <0 on error
429 static int mei_ioctl_client_notify_get(const struct file *file, u32 *notify_get)
431 struct mei_cl *cl = file->private_data;
433 bool block = (file->f_flags & O_NONBLOCK) == 0;
436 rets = mei_cl_notify_get(cl, block, ¬ify_ev);
440 *notify_get = notify_ev ? 1 : 0;
445 * mei_ioctl - the IOCTL function
447 * @file: pointer to file structure
448 * @cmd: ioctl command
449 * @data: pointer to mei message structure
451 * Return: 0 on success , <0 on error
453 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
455 struct mei_device *dev;
456 struct mei_cl *cl = file->private_data;
457 struct mei_connect_client_data connect_data;
458 u32 notify_get, notify_req;
462 if (WARN_ON(!cl || !cl->dev))
467 dev_dbg(dev->dev, "IOCTL cmd = 0x%x", cmd);
469 mutex_lock(&dev->device_lock);
470 if (dev->dev_state != MEI_DEV_ENABLED) {
476 case IOCTL_MEI_CONNECT_CLIENT:
477 dev_dbg(dev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n");
478 if (copy_from_user(&connect_data, (char __user *)data,
479 sizeof(struct mei_connect_client_data))) {
480 dev_dbg(dev->dev, "failed to copy data from userland\n");
485 rets = mei_ioctl_connect_client(file, &connect_data);
489 /* if all is ok, copying the data back to user. */
490 if (copy_to_user((char __user *)data, &connect_data,
491 sizeof(struct mei_connect_client_data))) {
492 dev_dbg(dev->dev, "failed to copy data to userland\n");
499 case IOCTL_MEI_NOTIFY_SET:
500 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_SET.\n");
501 if (copy_from_user(¬ify_req,
502 (char __user *)data, sizeof(notify_req))) {
503 dev_dbg(dev->dev, "failed to copy data from userland\n");
507 rets = mei_ioctl_client_notify_request(file, notify_req);
510 case IOCTL_MEI_NOTIFY_GET:
511 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_GET.\n");
512 rets = mei_ioctl_client_notify_get(file, ¬ify_get);
516 dev_dbg(dev->dev, "copy connect data to user\n");
517 if (copy_to_user((char __user *)data,
518 ¬ify_get, sizeof(notify_get))) {
519 dev_dbg(dev->dev, "failed to copy data to userland\n");
531 mutex_unlock(&dev->device_lock);
536 * mei_compat_ioctl - the compat IOCTL function
538 * @file: pointer to file structure
539 * @cmd: ioctl command
540 * @data: pointer to mei message structure
542 * Return: 0 on success , <0 on error
545 static long mei_compat_ioctl(struct file *file,
546 unsigned int cmd, unsigned long data)
548 return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data));
554 * mei_poll - the poll function
556 * @file: pointer to file structure
557 * @wait: pointer to poll_table structure
561 static __poll_t mei_poll(struct file *file, poll_table *wait)
563 __poll_t req_events = poll_requested_events(wait);
564 struct mei_cl *cl = file->private_data;
565 struct mei_device *dev;
569 if (WARN_ON(!cl || !cl->dev))
574 mutex_lock(&dev->device_lock);
576 notify_en = cl->notify_en && (req_events & EPOLLPRI);
578 if (dev->dev_state != MEI_DEV_ENABLED ||
579 !mei_cl_is_connected(cl)) {
585 poll_wait(file, &cl->ev_wait, wait);
590 if (req_events & (EPOLLIN | EPOLLRDNORM)) {
591 poll_wait(file, &cl->rx_wait, wait);
593 if (!list_empty(&cl->rd_completed))
594 mask |= EPOLLIN | EPOLLRDNORM;
596 mei_cl_read_start(cl, mei_cl_mtu(cl), file);
599 if (req_events & (EPOLLOUT | EPOLLWRNORM)) {
600 poll_wait(file, &cl->tx_wait, wait);
601 if (cl->tx_cb_queued < dev->tx_queue_limit)
602 mask |= EPOLLOUT | EPOLLWRNORM;
606 mutex_unlock(&dev->device_lock);
611 * mei_cl_is_write_queued - check if the client has pending writes.
613 * @cl: writing host client
615 * Return: true if client is writing, false otherwise.
617 static bool mei_cl_is_write_queued(struct mei_cl *cl)
619 struct mei_device *dev = cl->dev;
620 struct mei_cl_cb *cb;
622 list_for_each_entry(cb, &dev->write_list, list)
625 list_for_each_entry(cb, &dev->write_waiting_list, list)
632 * mei_fsync - the fsync handler
634 * @fp: pointer to file structure
639 * Return: 0 on success, -ENODEV if client is not connected
641 static int mei_fsync(struct file *fp, loff_t start, loff_t end, int datasync)
643 struct mei_cl *cl = fp->private_data;
644 struct mei_device *dev;
647 if (WARN_ON(!cl || !cl->dev))
652 mutex_lock(&dev->device_lock);
654 if (dev->dev_state != MEI_DEV_ENABLED || !mei_cl_is_connected(cl)) {
659 while (mei_cl_is_write_queued(cl)) {
660 mutex_unlock(&dev->device_lock);
661 rets = wait_event_interruptible(cl->tx_wait,
662 cl->writing_state == MEI_WRITE_COMPLETE ||
663 !mei_cl_is_connected(cl));
664 mutex_lock(&dev->device_lock);
666 if (signal_pending(current))
670 if (!mei_cl_is_connected(cl)) {
677 mutex_unlock(&dev->device_lock);
682 * mei_fasync - asynchronous io support
684 * @fd: file descriptor
685 * @file: pointer to file structure
688 * Return: negative on error,
689 * 0 if it did no changes,
690 * and positive a process was added or deleted
692 static int mei_fasync(int fd, struct file *file, int band)
695 struct mei_cl *cl = file->private_data;
697 if (!mei_cl_is_connected(cl))
700 return fasync_helper(fd, file, band, &cl->ev_async);
704 * fw_status_show - mei device fw_status attribute show method
706 * @device: device pointer
707 * @attr: attribute pointer
708 * @buf: char out buffer
710 * Return: number of the bytes printed into buf or error
712 static ssize_t fw_status_show(struct device *device,
713 struct device_attribute *attr, char *buf)
715 struct mei_device *dev = dev_get_drvdata(device);
716 struct mei_fw_status fw_status;
720 mutex_lock(&dev->device_lock);
721 err = mei_fw_status(dev, &fw_status);
722 mutex_unlock(&dev->device_lock);
724 dev_err(device, "read fw_status error = %d\n", err);
728 for (i = 0; i < fw_status.count; i++)
729 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%08X\n",
730 fw_status.status[i]);
733 static DEVICE_ATTR_RO(fw_status);
736 * hbm_ver_show - display HBM protocol version negotiated with FW
738 * @device: device pointer
739 * @attr: attribute pointer
740 * @buf: char out buffer
742 * Return: number of the bytes printed into buf or error
744 static ssize_t hbm_ver_show(struct device *device,
745 struct device_attribute *attr, char *buf)
747 struct mei_device *dev = dev_get_drvdata(device);
748 struct hbm_version ver;
750 mutex_lock(&dev->device_lock);
752 mutex_unlock(&dev->device_lock);
754 return sprintf(buf, "%u.%u\n", ver.major_version, ver.minor_version);
756 static DEVICE_ATTR_RO(hbm_ver);
759 * hbm_ver_drv_show - display HBM protocol version advertised by driver
761 * @device: device pointer
762 * @attr: attribute pointer
763 * @buf: char out buffer
765 * Return: number of the bytes printed into buf or error
767 static ssize_t hbm_ver_drv_show(struct device *device,
768 struct device_attribute *attr, char *buf)
770 return sprintf(buf, "%u.%u\n", HBM_MAJOR_VERSION, HBM_MINOR_VERSION);
772 static DEVICE_ATTR_RO(hbm_ver_drv);
774 static ssize_t tx_queue_limit_show(struct device *device,
775 struct device_attribute *attr, char *buf)
777 struct mei_device *dev = dev_get_drvdata(device);
780 mutex_lock(&dev->device_lock);
781 size = dev->tx_queue_limit;
782 mutex_unlock(&dev->device_lock);
784 return snprintf(buf, PAGE_SIZE, "%u\n", size);
787 static ssize_t tx_queue_limit_store(struct device *device,
788 struct device_attribute *attr,
789 const char *buf, size_t count)
791 struct mei_device *dev = dev_get_drvdata(device);
796 err = kstrtouint(buf, 10, &inp);
799 if (inp > MEI_TX_QUEUE_LIMIT_MAX || inp < MEI_TX_QUEUE_LIMIT_MIN)
803 mutex_lock(&dev->device_lock);
804 dev->tx_queue_limit = limit;
805 mutex_unlock(&dev->device_lock);
809 static DEVICE_ATTR_RW(tx_queue_limit);
812 * fw_ver_show - display ME FW version
814 * @device: device pointer
815 * @attr: attribute pointer
816 * @buf: char out buffer
818 * Return: number of the bytes printed into buf or error
820 static ssize_t fw_ver_show(struct device *device,
821 struct device_attribute *attr, char *buf)
823 struct mei_device *dev = dev_get_drvdata(device);
824 struct mei_fw_version *ver;
830 for (i = 0; i < MEI_MAX_FW_VER_BLOCKS; i++)
831 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%u:%u.%u.%u.%u\n",
832 ver[i].platform, ver[i].major, ver[i].minor,
833 ver[i].hotfix, ver[i].buildno);
836 static DEVICE_ATTR_RO(fw_ver);
839 * dev_state_show - display device state
841 * @device: device pointer
842 * @attr: attribute pointer
843 * @buf: char out buffer
845 * Return: number of the bytes printed into buf or error
847 static ssize_t dev_state_show(struct device *device,
848 struct device_attribute *attr, char *buf)
850 struct mei_device *dev = dev_get_drvdata(device);
851 enum mei_dev_state dev_state;
853 mutex_lock(&dev->device_lock);
854 dev_state = dev->dev_state;
855 mutex_unlock(&dev->device_lock);
857 return sprintf(buf, "%s", mei_dev_state_str(dev_state));
859 static DEVICE_ATTR_RO(dev_state);
861 static int match_devt(struct device *dev, const void *data)
863 const dev_t *devt = data;
865 return dev->devt == *devt;
869 * dev_set_devstate: set to new device state and notify sysfs file.
872 * @state: new device state
874 void mei_set_devstate(struct mei_device *dev, enum mei_dev_state state)
876 struct device *clsdev;
878 if (dev->dev_state == state)
881 dev->dev_state = state;
883 clsdev = class_find_device(mei_class, NULL, &dev->cdev.dev, match_devt);
885 sysfs_notify(&clsdev->kobj, NULL, "dev_state");
890 static struct attribute *mei_attrs[] = {
891 &dev_attr_fw_status.attr,
892 &dev_attr_hbm_ver.attr,
893 &dev_attr_hbm_ver_drv.attr,
894 &dev_attr_tx_queue_limit.attr,
895 &dev_attr_fw_ver.attr,
896 &dev_attr_dev_state.attr,
899 ATTRIBUTE_GROUPS(mei);
902 * file operations structure will be used for mei char device.
904 static const struct file_operations mei_fops = {
905 .owner = THIS_MODULE,
907 .unlocked_ioctl = mei_ioctl,
909 .compat_ioctl = mei_compat_ioctl,
912 .release = mei_release,
916 .fasync = mei_fasync,
921 * mei_minor_get - obtain next free device minor number
923 * @dev: device pointer
925 * Return: allocated minor, or -ENOSPC if no free minor left
927 static int mei_minor_get(struct mei_device *dev)
931 mutex_lock(&mei_minor_lock);
932 ret = idr_alloc(&mei_idr, dev, 0, MEI_MAX_DEVS, GFP_KERNEL);
935 else if (ret == -ENOSPC)
936 dev_err(dev->dev, "too many mei devices\n");
938 mutex_unlock(&mei_minor_lock);
943 * mei_minor_free - mark device minor number as free
945 * @dev: device pointer
947 static void mei_minor_free(struct mei_device *dev)
949 mutex_lock(&mei_minor_lock);
950 idr_remove(&mei_idr, dev->minor);
951 mutex_unlock(&mei_minor_lock);
954 int mei_register(struct mei_device *dev, struct device *parent)
956 struct device *clsdev; /* class device */
959 ret = mei_minor_get(dev);
963 /* Fill in the data structures */
964 devno = MKDEV(MAJOR(mei_devt), dev->minor);
965 cdev_init(&dev->cdev, &mei_fops);
966 dev->cdev.owner = parent->driver->owner;
969 ret = cdev_add(&dev->cdev, devno, 1);
971 dev_err(parent, "unable to add device %d:%d\n",
972 MAJOR(mei_devt), dev->minor);
976 clsdev = device_create_with_groups(mei_class, parent, devno,
978 "mei%d", dev->minor);
980 if (IS_ERR(clsdev)) {
981 dev_err(parent, "unable to create device %d:%d\n",
982 MAJOR(mei_devt), dev->minor);
983 ret = PTR_ERR(clsdev);
987 ret = mei_dbgfs_register(dev, dev_name(clsdev));
989 dev_err(clsdev, "cannot register debugfs ret = %d\n", ret);
996 device_destroy(mei_class, devno);
998 cdev_del(&dev->cdev);
1000 mei_minor_free(dev);
1003 EXPORT_SYMBOL_GPL(mei_register);
1005 void mei_deregister(struct mei_device *dev)
1009 devno = dev->cdev.dev;
1010 cdev_del(&dev->cdev);
1012 mei_dbgfs_deregister(dev);
1014 device_destroy(mei_class, devno);
1016 mei_minor_free(dev);
1018 EXPORT_SYMBOL_GPL(mei_deregister);
1020 static int __init mei_init(void)
1024 mei_class = class_create(THIS_MODULE, "mei");
1025 if (IS_ERR(mei_class)) {
1026 pr_err("couldn't create class\n");
1027 ret = PTR_ERR(mei_class);
1031 ret = alloc_chrdev_region(&mei_devt, 0, MEI_MAX_DEVS, "mei");
1033 pr_err("unable to allocate char dev region\n");
1037 ret = mei_cl_bus_init();
1039 pr_err("unable to initialize bus\n");
1046 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
1048 class_destroy(mei_class);
1053 static void __exit mei_exit(void)
1055 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
1056 class_destroy(mei_class);
1060 module_init(mei_init);
1061 module_exit(mei_exit);
1063 MODULE_AUTHOR("Intel Corporation");
1064 MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
1065 MODULE_LICENSE("GPL v2");
projects / linux.git / blob