3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2012, Intel Corporation.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
19 #include <linux/module.h>
20 #include <linux/moduleparam.h>
21 #include <linux/kernel.h>
22 #include <linux/device.h>
24 #include <linux/errno.h>
25 #include <linux/types.h>
26 #include <linux/fcntl.h>
27 #include <linux/aio.h>
28 #include <linux/pci.h>
29 #include <linux/poll.h>
30 #include <linux/init.h>
31 #include <linux/ioctl.h>
32 #include <linux/cdev.h>
33 #include <linux/sched.h>
34 #include <linux/uuid.h>
35 #include <linux/compat.h>
36 #include <linux/jiffies.h>
37 #include <linux/interrupt.h>
38 #include <linux/miscdevice.h>
40 #include <linux/mei.h>
47 * mei_open - the open function
49 * @inode: pointer to inode structure
50 * @file: pointer to file structure
52 * returns 0 on success, <0 on error
54 static int mei_open(struct inode *inode, struct file *file)
56 struct miscdevice *misc = file->private_data;
59 struct mei_device *dev;
67 pdev = container_of(misc->parent, struct pci_dev, dev);
69 dev = pci_get_drvdata(pdev);
73 mutex_lock(&dev->device_lock);
75 cl = mei_cl_allocate(dev);
80 if (dev->dev_state != MEI_DEV_ENABLED) {
81 dev_dbg(&dev->pdev->dev, "dev_state != MEI_ENABLED dev_state = %s\n",
82 mei_dev_state_str(dev->dev_state));
86 if (dev->open_handle_count >= MEI_MAX_OPEN_HANDLE_COUNT) {
87 dev_err(&dev->pdev->dev, "open_handle_count exceded %d",
88 MEI_MAX_OPEN_HANDLE_COUNT);
92 err = mei_cl_link(cl, MEI_HOST_CLIENT_ID_ANY);
96 file->private_data = cl;
97 mutex_unlock(&dev->device_lock);
99 return nonseekable_open(inode, file);
102 mutex_unlock(&dev->device_lock);
109 * mei_release - the release function
111 * @inode: pointer to inode structure
112 * @file: pointer to file structure
114 * returns 0 on success, <0 on error
116 static int mei_release(struct inode *inode, struct file *file)
118 struct mei_cl *cl = file->private_data;
119 struct mei_cl_cb *cb;
120 struct mei_device *dev;
123 if (WARN_ON(!cl || !cl->dev))
128 mutex_lock(&dev->device_lock);
129 if (cl == &dev->iamthif_cl) {
130 rets = mei_amthif_release(dev, file);
133 if (cl->state == MEI_FILE_CONNECTED) {
134 cl->state = MEI_FILE_DISCONNECTING;
135 dev_dbg(&dev->pdev->dev,
136 "disconnecting client host client = %d, "
140 rets = mei_cl_disconnect(cl);
142 mei_cl_flush_queues(cl);
143 dev_dbg(&dev->pdev->dev, "remove client host client = %d, ME client = %d\n",
147 if (dev->open_handle_count > 0) {
148 clear_bit(cl->host_client_id, dev->host_clients_map);
149 dev->open_handle_count--;
157 cb = mei_cl_find_read_cb(cl);
158 /* Remove entry from read list */
166 file->private_data = NULL;
175 mutex_unlock(&dev->device_lock);
181 * mei_read - the read function.
183 * @file: pointer to file structure
184 * @ubuf: pointer to user buffer
185 * @length: buffer length
186 * @offset: data offset in buffer
188 * returns >=0 data length on success , <0 on error
190 static ssize_t mei_read(struct file *file, char __user *ubuf,
191 size_t length, loff_t *offset)
193 struct mei_cl *cl = file->private_data;
194 struct mei_cl_cb *cb_pos = NULL;
195 struct mei_cl_cb *cb = NULL;
196 struct mei_device *dev;
202 if (WARN_ON(!cl || !cl->dev))
207 mutex_lock(&dev->device_lock);
208 if (dev->dev_state != MEI_DEV_ENABLED) {
213 if ((cl->sm_state & MEI_WD_STATE_INDEPENDENCE_MSG_SENT) == 0) {
214 /* Do not allow to read watchdog client */
215 i = mei_me_cl_by_uuid(dev, &mei_wd_guid);
217 struct mei_me_client *me_client = &dev->me_clients[i];
218 if (cl->me_client_id == me_client->client_id) {
224 cl->sm_state &= ~MEI_WD_STATE_INDEPENDENCE_MSG_SENT;
227 if (cl == &dev->iamthif_cl) {
228 rets = mei_amthif_read(dev, file, ubuf, length, offset);
232 if (cl->read_cb && cl->read_cb->buf_idx > *offset) {
235 } else if (cl->read_cb && cl->read_cb->buf_idx > 0 &&
236 cl->read_cb->buf_idx <= *offset) {
240 } else if ((!cl->read_cb || !cl->read_cb->buf_idx) && *offset > 0) {
241 /*Offset needs to be cleaned for contiguous reads*/
247 err = mei_cl_read_start(cl);
248 if (err && err != -EBUSY) {
249 dev_dbg(&dev->pdev->dev,
250 "mei start read failure with status = %d\n", err);
255 if (MEI_READ_COMPLETE != cl->reading_state &&
256 !waitqueue_active(&cl->rx_wait)) {
257 if (file->f_flags & O_NONBLOCK) {
262 mutex_unlock(&dev->device_lock);
264 if (wait_event_interruptible(cl->rx_wait,
265 (MEI_READ_COMPLETE == cl->reading_state ||
266 MEI_FILE_INITIALIZING == cl->state ||
267 MEI_FILE_DISCONNECTED == cl->state ||
268 MEI_FILE_DISCONNECTING == cl->state))) {
269 if (signal_pending(current))
274 mutex_lock(&dev->device_lock);
275 if (MEI_FILE_INITIALIZING == cl->state ||
276 MEI_FILE_DISCONNECTED == cl->state ||
277 MEI_FILE_DISCONNECTING == cl->state) {
289 if (cl->reading_state != MEI_READ_COMPLETE) {
293 /* now copy the data to user space */
295 dev_dbg(&dev->pdev->dev, "cb->response_buffer size - %d\n",
296 cb->response_buffer.size);
297 dev_dbg(&dev->pdev->dev, "cb->buf_idx - %lu\n", cb->buf_idx);
298 if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) {
303 /* length is being truncated to PAGE_SIZE,
304 * however buf_idx may point beyond that */
305 length = min_t(size_t, length, cb->buf_idx - *offset);
307 if (copy_to_user(ubuf, cb->response_buffer.data + *offset, length)) {
314 if ((unsigned long)*offset < cb->buf_idx)
318 cb_pos = mei_cl_find_read_cb(cl);
319 /* Remove entry from read list */
321 list_del(&cb_pos->list);
323 cl->reading_state = MEI_IDLE;
326 dev_dbg(&dev->pdev->dev, "end mei read rets= %d\n", rets);
327 mutex_unlock(&dev->device_lock);
331 * mei_write - the write function.
333 * @file: pointer to file structure
334 * @ubuf: pointer to user buffer
335 * @length: buffer length
336 * @offset: data offset in buffer
338 * returns >=0 data length on success , <0 on error
340 static ssize_t mei_write(struct file *file, const char __user *ubuf,
341 size_t length, loff_t *offset)
343 struct mei_cl *cl = file->private_data;
344 struct mei_cl_cb *write_cb = NULL;
345 struct mei_msg_hdr mei_hdr;
346 struct mei_device *dev;
347 unsigned long timeout = 0;
351 if (WARN_ON(!cl || !cl->dev))
356 mutex_lock(&dev->device_lock);
358 if (dev->dev_state != MEI_DEV_ENABLED) {
363 i = mei_me_cl_by_id(dev, cl->me_client_id);
368 if (length > dev->me_clients[i].props.max_msg_length || length <= 0) {
373 if (cl->state != MEI_FILE_CONNECTED) {
375 dev_err(&dev->pdev->dev, "host client = %d, is not connected to ME client = %d",
376 cl->host_client_id, cl->me_client_id);
379 if (cl == &dev->iamthif_cl) {
380 write_cb = mei_amthif_find_read_list_entry(dev, file);
383 timeout = write_cb->read_time +
384 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER);
386 if (time_after(jiffies, timeout) ||
387 cl->reading_state == MEI_READ_COMPLETE) {
389 list_del(&write_cb->list);
390 mei_io_cb_free(write_cb);
396 /* free entry used in read */
397 if (cl->reading_state == MEI_READ_COMPLETE) {
399 write_cb = mei_cl_find_read_cb(cl);
401 list_del(&write_cb->list);
402 mei_io_cb_free(write_cb);
404 cl->reading_state = MEI_IDLE;
407 } else if (cl->reading_state == MEI_IDLE)
411 write_cb = mei_io_cb_init(cl, file);
413 dev_err(&dev->pdev->dev, "write cb allocation failed\n");
417 rets = mei_io_cb_alloc_req_buf(write_cb, length);
421 dev_dbg(&dev->pdev->dev, "cb request size = %zd\n", length);
423 rets = copy_from_user(write_cb->request_buffer.data, ubuf, length);
429 ((memcmp(mei_wd_state_independence_msg[0],
430 write_cb->request_buffer.data, 4) == 0) ||
431 (memcmp(mei_wd_state_independence_msg[1],
432 write_cb->request_buffer.data, 4) == 0) ||
433 (memcmp(mei_wd_state_independence_msg[2],
434 write_cb->request_buffer.data, 4) == 0)))
435 cl->sm_state |= MEI_WD_STATE_INDEPENDENCE_MSG_SENT;
437 if (cl == &dev->iamthif_cl) {
438 rets = mei_amthif_write(dev, write_cb);
441 dev_err(&dev->pdev->dev,
442 "amthif write failed with status = %d\n", rets);
445 mutex_unlock(&dev->device_lock);
449 write_cb->fop_type = MEI_FOP_WRITE;
451 dev_dbg(&dev->pdev->dev, "host client = %d, ME client = %d\n",
452 cl->host_client_id, cl->me_client_id);
453 rets = mei_cl_flow_ctrl_creds(cl);
457 if (rets == 0 || !dev->hbuf_is_ready) {
458 write_cb->buf_idx = 0;
459 mei_hdr.msg_complete = 0;
460 cl->writing_state = MEI_WRITING;
464 dev->hbuf_is_ready = false;
465 if (length > mei_hbuf_max_len(dev)) {
466 mei_hdr.length = mei_hbuf_max_len(dev);
467 mei_hdr.msg_complete = 0;
469 mei_hdr.length = length;
470 mei_hdr.msg_complete = 1;
472 mei_hdr.host_addr = cl->host_client_id;
473 mei_hdr.me_addr = cl->me_client_id;
474 mei_hdr.reserved = 0;
476 dev_dbg(&dev->pdev->dev, "write " MEI_HDR_FMT "\n",
477 MEI_HDR_PRM(&mei_hdr));
478 if (mei_write_message(dev, &mei_hdr, write_cb->request_buffer.data)) {
482 cl->writing_state = MEI_WRITING;
483 write_cb->buf_idx = mei_hdr.length;
486 if (mei_hdr.msg_complete) {
487 if (mei_cl_flow_ctrl_reduce(cl)) {
491 list_add_tail(&write_cb->list, &dev->write_waiting_list.list);
493 list_add_tail(&write_cb->list, &dev->write_list.list);
496 mutex_unlock(&dev->device_lock);
500 mutex_unlock(&dev->device_lock);
501 mei_io_cb_free(write_cb);
506 * mei_ioctl_connect_client - the connect to fw client IOCTL function
508 * @dev: the device structure
509 * @data: IOCTL connect data, input and output parameters
510 * @file: private data of the file object
512 * Locking: called under "dev->device_lock" lock
514 * returns 0 on success, <0 on failure.
516 static int mei_ioctl_connect_client(struct file *file,
517 struct mei_connect_client_data *data)
519 struct mei_device *dev;
520 struct mei_client *client;
525 cl = file->private_data;
526 if (WARN_ON(!cl || !cl->dev))
531 if (dev->dev_state != MEI_DEV_ENABLED) {
536 if (cl->state != MEI_FILE_INITIALIZING &&
537 cl->state != MEI_FILE_DISCONNECTED) {
542 /* find ME client we're trying to connect to */
543 i = mei_me_cl_by_uuid(dev, &data->in_client_uuid);
544 if (i >= 0 && !dev->me_clients[i].props.fixed_address) {
545 cl->me_client_id = dev->me_clients[i].client_id;
546 cl->state = MEI_FILE_CONNECTING;
549 dev_dbg(&dev->pdev->dev, "Connect to FW Client ID = %d\n",
551 dev_dbg(&dev->pdev->dev, "FW Client - Protocol Version = %d\n",
552 dev->me_clients[i].props.protocol_version);
553 dev_dbg(&dev->pdev->dev, "FW Client - Max Msg Len = %d\n",
554 dev->me_clients[i].props.max_msg_length);
556 /* if we're connecting to amthif client then we will use the
557 * existing connection
559 if (uuid_le_cmp(data->in_client_uuid, mei_amthif_guid) == 0) {
560 dev_dbg(&dev->pdev->dev, "FW Client is amthi\n");
561 if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) {
565 clear_bit(cl->host_client_id, dev->host_clients_map);
570 file->private_data = &dev->iamthif_cl;
572 client = &data->out_client_properties;
573 client->max_msg_length =
574 dev->me_clients[i].props.max_msg_length;
575 client->protocol_version =
576 dev->me_clients[i].props.protocol_version;
577 rets = dev->iamthif_cl.status;
582 if (cl->state != MEI_FILE_CONNECTING) {
588 /* prepare the output buffer */
589 client = &data->out_client_properties;
590 client->max_msg_length = dev->me_clients[i].props.max_msg_length;
591 client->protocol_version = dev->me_clients[i].props.protocol_version;
592 dev_dbg(&dev->pdev->dev, "Can connect?\n");
595 rets = mei_cl_connect(cl, file);
598 dev_dbg(&dev->pdev->dev, "free connect cb memory.");
604 * mei_ioctl - the IOCTL function
606 * @file: pointer to file structure
607 * @cmd: ioctl command
608 * @data: pointer to mei message structure
610 * returns 0 on success , <0 on error
612 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
614 struct mei_device *dev;
615 struct mei_cl *cl = file->private_data;
616 struct mei_connect_client_data *connect_data = NULL;
619 if (cmd != IOCTL_MEI_CONNECT_CLIENT)
622 if (WARN_ON(!cl || !cl->dev))
627 dev_dbg(&dev->pdev->dev, "IOCTL cmd = 0x%x", cmd);
629 mutex_lock(&dev->device_lock);
630 if (dev->dev_state != MEI_DEV_ENABLED) {
635 dev_dbg(&dev->pdev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n");
637 connect_data = kzalloc(sizeof(struct mei_connect_client_data),
643 dev_dbg(&dev->pdev->dev, "copy connect data from user\n");
644 if (copy_from_user(connect_data, (char __user *)data,
645 sizeof(struct mei_connect_client_data))) {
646 dev_dbg(&dev->pdev->dev, "failed to copy data from userland\n");
651 rets = mei_ioctl_connect_client(file, connect_data);
653 /* if all is ok, copying the data back to user. */
657 dev_dbg(&dev->pdev->dev, "copy connect data to user\n");
658 if (copy_to_user((char __user *)data, connect_data,
659 sizeof(struct mei_connect_client_data))) {
660 dev_dbg(&dev->pdev->dev, "failed to copy data to userland\n");
667 mutex_unlock(&dev->device_lock);
672 * mei_compat_ioctl - the compat IOCTL function
674 * @file: pointer to file structure
675 * @cmd: ioctl command
676 * @data: pointer to mei message structure
678 * returns 0 on success , <0 on error
681 static long mei_compat_ioctl(struct file *file,
682 unsigned int cmd, unsigned long data)
684 return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data));
690 * mei_poll - the poll function
692 * @file: pointer to file structure
693 * @wait: pointer to poll_table structure
697 static unsigned int mei_poll(struct file *file, poll_table *wait)
699 struct mei_cl *cl = file->private_data;
700 struct mei_device *dev;
701 unsigned int mask = 0;
703 if (WARN_ON(!cl || !cl->dev))
708 mutex_lock(&dev->device_lock);
710 if (dev->dev_state != MEI_DEV_ENABLED)
714 if (cl == &dev->iamthif_cl) {
715 mask = mei_amthif_poll(dev, file, wait);
719 mutex_unlock(&dev->device_lock);
720 poll_wait(file, &cl->tx_wait, wait);
721 mutex_lock(&dev->device_lock);
722 if (MEI_WRITE_COMPLETE == cl->writing_state)
723 mask |= (POLLIN | POLLRDNORM);
726 mutex_unlock(&dev->device_lock);
731 * file operations structure will be used for mei char device.
733 static const struct file_operations mei_fops = {
734 .owner = THIS_MODULE,
736 .unlocked_ioctl = mei_ioctl,
738 .compat_ioctl = mei_compat_ioctl,
741 .release = mei_release,
750 static struct miscdevice mei_misc_device = {
753 .minor = MISC_DYNAMIC_MINOR,
756 int mei_register(struct device *dev)
758 mei_misc_device.parent = dev;
759 return misc_register(&mei_misc_device);
762 void mei_deregister(void)
764 misc_deregister(&mei_misc_device);
765 mei_misc_device.parent = NULL;
768 MODULE_LICENSE("GPL v2");