3
* Intel Management Engine Interface (Intel MEI) Linux driver
4
* Copyright (c) 2003-2011, Intel Corporation.
6
* This program is free software; you can redistribute it and/or modify it
7
* under the terms and conditions of the GNU General Public License,
8
* version 2, as published by the Free Software Foundation.
10
* This program is distributed in the hope it will be useful, but WITHOUT
11
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
18
#include <linux/kernel.h>
20
#include <linux/errno.h>
21
#include <linux/types.h>
22
#include <linux/fcntl.h>
23
#include <linux/aio.h>
24
#include <linux/pci.h>
25
#include <linux/init.h>
26
#include <linux/ioctl.h>
27
#include <linux/cdev.h>
28
#include <linux/list.h>
29
#include <linux/delay.h>
30
#include <linux/sched.h>
31
#include <linux/uuid.h>
32
#include <linux/jiffies.h>
33
#include <linux/uaccess.h>
39
#include "interface.h"
40
#include "mei_version.h"
45
* mei_ioctl_connect_client - the connect to fw client IOCTL function
47
* @dev: the device structure
48
* @data: IOCTL connect data, input and output parameters
49
* @file: private data of the file object
51
* Locking: called under "dev->device_lock" lock
53
* returns 0 on success, <0 on failure.
55
int mei_ioctl_connect_client(struct file *file,
56
struct mei_connect_client_data *data)
58
struct mei_device *dev;
60
struct mei_client *client;
62
struct mei_cl *cl_pos = NULL;
63
struct mei_cl *cl_next = NULL;
64
long timeout = CONNECT_TIMEOUT;
69
cl = file->private_data;
70
if (WARN_ON(!cl || !cl->dev))
75
dev_dbg(&dev->pdev->dev, "mei_ioctl_connect_client() Entry\n");
78
/* buffered ioctl cb */
79
cb = kzalloc(sizeof(struct mei_cl_cb), GFP_KERNEL);
84
INIT_LIST_HEAD(&cb->cb_list);
86
cb->major_file_operations = MEI_IOCTL;
88
if (dev->mei_state != MEI_ENABLED) {
92
if (cl->state != MEI_FILE_INITIALIZING &&
93
cl->state != MEI_FILE_DISCONNECTED) {
98
/* find ME client we're trying to connect to */
99
i = mei_find_me_client_index(dev, data->in_client_uuid);
100
if (i >= 0 && !dev->me_clients[i].props.fixed_address) {
101
cl->me_client_id = dev->me_clients[i].client_id;
102
cl->state = MEI_FILE_CONNECTING;
105
dev_dbg(&dev->pdev->dev, "Connect to FW Client ID = %d\n",
107
dev_dbg(&dev->pdev->dev, "FW Client - Protocol Version = %d\n",
108
dev->me_clients[i].props.protocol_version);
109
dev_dbg(&dev->pdev->dev, "FW Client - Max Msg Len = %d\n",
110
dev->me_clients[i].props.max_msg_length);
112
/* if we're connecting to amthi client so we will use the exist
115
if (uuid_le_cmp(data->in_client_uuid, mei_amthi_guid) == 0) {
116
dev_dbg(&dev->pdev->dev, "FW Client is amthi\n");
117
if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) {
121
clear_bit(cl->host_client_id, dev->host_clients_map);
122
list_for_each_entry_safe(cl_pos, cl_next,
123
&dev->file_list, link) {
124
if (mei_cl_cmp_id(cl, cl_pos)) {
125
dev_dbg(&dev->pdev->dev,
126
"remove file private data node host"
127
" client = %d, ME client = %d.\n",
128
cl_pos->host_client_id,
129
cl_pos->me_client_id);
130
list_del(&cl_pos->link);
134
dev_dbg(&dev->pdev->dev, "free file private data memory.\n");
138
file->private_data = &dev->iamthif_cl;
140
client = &data->out_client_properties;
141
client->max_msg_length =
142
dev->me_clients[i].props.max_msg_length;
143
client->protocol_version =
144
dev->me_clients[i].props.protocol_version;
145
rets = dev->iamthif_cl.status;
150
if (cl->state != MEI_FILE_CONNECTING) {
156
/* prepare the output buffer */
157
client = &data->out_client_properties;
158
client->max_msg_length = dev->me_clients[i].props.max_msg_length;
159
client->protocol_version = dev->me_clients[i].props.protocol_version;
160
dev_dbg(&dev->pdev->dev, "Can connect?\n");
161
if (dev->mei_host_buffer_is_empty
162
&& !mei_other_client_is_connecting(dev, cl)) {
163
dev_dbg(&dev->pdev->dev, "Sending Connect Message\n");
164
dev->mei_host_buffer_is_empty = false;
165
if (!mei_connect(dev, cl)) {
166
dev_dbg(&dev->pdev->dev, "Sending connect message - failed\n");
170
dev_dbg(&dev->pdev->dev, "Sending connect message - succeeded\n");
171
cl->timer_count = MEI_CONNECT_TIMEOUT;
172
cb->file_private = cl;
173
list_add_tail(&cb->cb_list,
174
&dev->ctrl_rd_list.mei_cb.
180
dev_dbg(&dev->pdev->dev, "Queuing the connect request due to device busy\n");
181
cb->file_private = cl;
182
dev_dbg(&dev->pdev->dev, "add connect cb to control write list.\n");
183
list_add_tail(&cb->cb_list,
184
&dev->ctrl_wr_list.mei_cb.cb_list);
186
mutex_unlock(&dev->device_lock);
187
err = wait_event_timeout(dev->wait_recvd_msg,
188
(MEI_FILE_CONNECTED == cl->state ||
189
MEI_FILE_DISCONNECTED == cl->state),
192
mutex_lock(&dev->device_lock);
193
if (MEI_FILE_CONNECTED == cl->state) {
194
dev_dbg(&dev->pdev->dev, "successfully connected to FW client.\n");
198
dev_dbg(&dev->pdev->dev, "failed to connect to FW client.cl->state = %d.\n",
201
dev_dbg(&dev->pdev->dev,
202
"wait_event_interruptible_timeout failed on client"
203
" connect message fw response message.\n");
207
mei_io_list_flush(&dev->ctrl_rd_list, cl);
208
mei_io_list_flush(&dev->ctrl_wr_list, cl);
213
dev_dbg(&dev->pdev->dev, "free connect cb memory.");
219
* find_amthi_read_list_entry - finds a amthilist entry for current file
221
* @dev: the device structure
222
* @file: pointer to file object
224
* returns returned a list entry on success, NULL on failure.
226
struct mei_cl_cb *find_amthi_read_list_entry(
227
struct mei_device *dev,
230
struct mei_cl *cl_temp;
231
struct mei_cl_cb *cb_pos = NULL;
232
struct mei_cl_cb *cb_next = NULL;
234
if (!dev->amthi_read_complete_list.status &&
235
!list_empty(&dev->amthi_read_complete_list.mei_cb.cb_list)) {
236
list_for_each_entry_safe(cb_pos, cb_next,
237
&dev->amthi_read_complete_list.mei_cb.cb_list, cb_list) {
238
cl_temp = (struct mei_cl *)cb_pos->file_private;
239
if (cl_temp && cl_temp == &dev->iamthif_cl &&
240
cb_pos->file_object == file)
248
* amthi_read - read data from AMTHI client
250
* @dev: the device structure
251
* @if_num: minor number
252
* @file: pointer to file object
253
* @*ubuf: pointer to user data in user space
254
* @length: data length to read
255
* @offset: data read offset
257
* Locking: called under "dev->device_lock" lock
260
* returned data length on success,
261
* zero if no data to read,
262
* negative on failure.
264
int amthi_read(struct mei_device *dev, struct file *file,
265
char __user *ubuf, size_t length, loff_t *offset)
269
struct mei_cl_cb *cb = NULL;
270
struct mei_cl *cl = file->private_data;
271
unsigned long timeout;
274
/* Only Posible if we are in timeout */
275
if (!cl || cl != &dev->iamthif_cl) {
276
dev_dbg(&dev->pdev->dev, "bad file ext.\n");
280
for (i = 0; i < dev->me_clients_num; i++) {
281
if (dev->me_clients[i].client_id ==
282
dev->iamthif_cl.me_client_id)
286
if (i == dev->me_clients_num) {
287
dev_dbg(&dev->pdev->dev, "amthi client not found.\n");
290
if (WARN_ON(dev->me_clients[i].client_id != cl->me_client_id))
293
dev_dbg(&dev->pdev->dev, "checking amthi data\n");
294
cb = find_amthi_read_list_entry(dev, file);
296
/* Check for if we can block or not*/
297
if (cb == NULL && file->f_flags & O_NONBLOCK)
301
dev_dbg(&dev->pdev->dev, "waiting for amthi data\n");
303
/* unlock the Mutex */
304
mutex_unlock(&dev->device_lock);
306
wait_ret = wait_event_interruptible(dev->iamthif_cl.wait,
307
(cb = find_amthi_read_list_entry(dev, file)));
312
dev_dbg(&dev->pdev->dev, "woke up from sleep\n");
314
/* Locking again the Mutex */
315
mutex_lock(&dev->device_lock);
319
dev_dbg(&dev->pdev->dev, "Got amthi data\n");
320
dev->iamthif_timer = 0;
323
timeout = cb->read_time +
324
msecs_to_jiffies(IAMTHIF_READ_TIMER);
325
dev_dbg(&dev->pdev->dev, "amthi timeout = %lud\n",
328
if (time_after(jiffies, timeout)) {
329
dev_dbg(&dev->pdev->dev, "amthi Time out\n");
330
/* 15 sec for the message has expired */
331
list_del(&cb->cb_list);
336
/* if the whole message will fit remove it from the list */
337
if (cb->information >= *offset &&
338
length >= (cb->information - *offset))
339
list_del(&cb->cb_list);
340
else if (cb->information > 0 && cb->information <= *offset) {
341
/* end of the message has been reached */
342
list_del(&cb->cb_list);
346
/* else means that not full buffer will be read and do not
347
* remove message from deletion list
350
dev_dbg(&dev->pdev->dev, "amthi cb->response_buffer size - %d\n",
351
cb->response_buffer.size);
352
dev_dbg(&dev->pdev->dev, "amthi cb->information - %lu\n",
355
/* length is being turncated to PAGE_SIZE, however,
356
* the information may be longer */
357
length = min_t(size_t, length, (cb->information - *offset));
359
if (copy_to_user(ubuf,
360
cb->response_buffer.data + *offset,
365
if ((*offset + length) < cb->information) {
371
dev_dbg(&dev->pdev->dev, "free amthi cb memory.\n");
373
mei_free_cb_private(cb);
379
* mei_start_read - the start read client message function.
381
* @dev: the device structure
382
* @if_num: minor number
383
* @cl: private data of the file object
385
* returns 0 on success, <0 on failure.
387
int mei_start_read(struct mei_device *dev, struct mei_cl *cl)
389
struct mei_cl_cb *cb;
393
if (cl->state != MEI_FILE_CONNECTED)
396
if (dev->mei_state != MEI_ENABLED)
399
dev_dbg(&dev->pdev->dev, "check if read is pending.\n");
400
if (cl->read_pending || cl->read_cb) {
401
dev_dbg(&dev->pdev->dev, "read is pending.\n");
405
cb = kzalloc(sizeof(struct mei_cl_cb), GFP_KERNEL);
409
dev_dbg(&dev->pdev->dev, "allocation call back successful. host client = %d, ME client = %d\n",
410
cl->host_client_id, cl->me_client_id);
412
for (i = 0; i < dev->me_clients_num; i++) {
413
if (dev->me_clients[i].client_id == cl->me_client_id)
418
if (WARN_ON(dev->me_clients[i].client_id != cl->me_client_id)) {
423
if (i == dev->me_clients_num) {
428
cb->response_buffer.size = dev->me_clients[i].props.max_msg_length;
429
cb->response_buffer.data =
430
kmalloc(cb->response_buffer.size, GFP_KERNEL);
431
if (!cb->response_buffer.data) {
435
dev_dbg(&dev->pdev->dev, "allocation call back data success.\n");
436
cb->major_file_operations = MEI_READ;
437
/* make sure information is zero before we start */
439
cb->file_private = (void *) cl;
441
if (dev->mei_host_buffer_is_empty) {
442
dev->mei_host_buffer_is_empty = false;
443
if (!mei_send_flow_control(dev, cl)) {
447
list_add_tail(&cb->cb_list,
448
&dev->read_list.mei_cb.cb_list);
451
list_add_tail(&cb->cb_list,
452
&dev->ctrl_wr_list.mei_cb.cb_list);
456
mei_free_cb_private(cb);
461
* amthi_write - write iamthif data to amthi client
463
* @dev: the device structure
464
* @cb: mei call back struct
466
* returns 0 on success, <0 on failure.
468
int amthi_write(struct mei_device *dev, struct mei_cl_cb *cb)
470
struct mei_msg_hdr mei_hdr;
476
dev_dbg(&dev->pdev->dev, "write data to amthi client.\n");
478
dev->iamthif_state = MEI_IAMTHIF_WRITING;
479
dev->iamthif_current_cb = cb;
480
dev->iamthif_file_object = cb->file_object;
481
dev->iamthif_canceled = false;
482
dev->iamthif_ioctl = true;
483
dev->iamthif_msg_buf_size = cb->request_buffer.size;
484
memcpy(dev->iamthif_msg_buf, cb->request_buffer.data,
485
cb->request_buffer.size);
487
ret = mei_flow_ctrl_creds(dev, &dev->iamthif_cl);
491
if (ret && dev->mei_host_buffer_is_empty) {
493
dev->mei_host_buffer_is_empty = false;
494
if (cb->request_buffer.size >
495
(((dev->host_hw_state & H_CBD) >> 24) * sizeof(u32))
496
-sizeof(struct mei_msg_hdr)) {
498
(((dev->host_hw_state & H_CBD) >> 24) *
499
sizeof(u32)) - sizeof(struct mei_msg_hdr);
500
mei_hdr.msg_complete = 0;
502
mei_hdr.length = cb->request_buffer.size;
503
mei_hdr.msg_complete = 1;
506
mei_hdr.host_addr = dev->iamthif_cl.host_client_id;
507
mei_hdr.me_addr = dev->iamthif_cl.me_client_id;
508
mei_hdr.reserved = 0;
509
dev->iamthif_msg_buf_index += mei_hdr.length;
510
if (!mei_write_message(dev, &mei_hdr,
511
(unsigned char *)(dev->iamthif_msg_buf),
515
if (mei_hdr.msg_complete) {
516
if (mei_flow_ctrl_reduce(dev, &dev->iamthif_cl))
518
dev->iamthif_flow_control_pending = true;
519
dev->iamthif_state = MEI_IAMTHIF_FLOW_CONTROL;
520
dev_dbg(&dev->pdev->dev, "add amthi cb to write waiting list\n");
521
dev->iamthif_current_cb = cb;
522
dev->iamthif_file_object = cb->file_object;
523
list_add_tail(&cb->cb_list,
524
&dev->write_waiting_list.mei_cb.cb_list);
526
dev_dbg(&dev->pdev->dev, "message does not complete, "
527
"so add amthi cb to write list.\n");
528
list_add_tail(&cb->cb_list,
529
&dev->write_list.mei_cb.cb_list);
532
if (!(dev->mei_host_buffer_is_empty))
533
dev_dbg(&dev->pdev->dev, "host buffer is not empty");
535
dev_dbg(&dev->pdev->dev, "No flow control credentials, "
536
"so add iamthif cb to write list.\n");
537
list_add_tail(&cb->cb_list,
538
&dev->write_list.mei_cb.cb_list);
544
* iamthif_ioctl_send_msg - send cmd data to amthi client
546
* @dev: the device structure
548
* returns 0 on success, <0 on failure.
550
void mei_run_next_iamthif_cmd(struct mei_device *dev)
552
struct mei_cl *cl_tmp;
553
struct mei_cl_cb *cb_pos = NULL;
554
struct mei_cl_cb *cb_next = NULL;
560
dev->iamthif_msg_buf_size = 0;
561
dev->iamthif_msg_buf_index = 0;
562
dev->iamthif_canceled = false;
563
dev->iamthif_ioctl = true;
564
dev->iamthif_state = MEI_IAMTHIF_IDLE;
565
dev->iamthif_timer = 0;
566
dev->iamthif_file_object = NULL;
568
if (dev->amthi_cmd_list.status == 0 &&
569
!list_empty(&dev->amthi_cmd_list.mei_cb.cb_list)) {
570
dev_dbg(&dev->pdev->dev, "complete amthi cmd_list cb.\n");
572
list_for_each_entry_safe(cb_pos, cb_next,
573
&dev->amthi_cmd_list.mei_cb.cb_list, cb_list) {
574
list_del(&cb_pos->cb_list);
575
cl_tmp = (struct mei_cl *)cb_pos->file_private;
577
if (cl_tmp && cl_tmp == &dev->iamthif_cl) {
578
status = amthi_write(dev, cb_pos);
580
dev_dbg(&dev->pdev->dev,
581
"amthi write failed status = %d\n",
592
* mei_free_cb_private - free mei_cb_private related memory
594
* @cb: mei callback struct
596
void mei_free_cb_private(struct mei_cl_cb *cb)
601
kfree(cb->request_buffer.data);
602
kfree(cb->response_buffer.data);