projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix firmware loader uevent buffer NULL pointer dereference
[linux-2.6-block.git] / drivers / base / firmware_class.c
CommitLineData
1da177e4
LT		 1/*
2 * firmware_class.c - Multi purpose firmware loading support
3 *
87d37a4f 4 * Copyright (c) 2003 Manuel Estrada Sainz
1da177e4
LT		 5 *
6 * Please see Documentation/firmware_class/ for more information.
7 *
8 */
9
c59ede7b 10#include <linux/capability.h>
1da177e4
LT		 11#include <linux/device.h>
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/timer.h>
15#include <linux/vmalloc.h>
16#include <linux/interrupt.h>
17#include <linux/bitops.h>
cad1e55d 18#include <linux/mutex.h>
a36cf844 19#include <linux/workqueue.h>
6e03a201 20#include <linux/highmem.h>
1da177e4 21#include <linux/firmware.h>
5a0e3ad6 22#include <linux/slab.h>
a36cf844 23#include <linux/sched.h>
abb139e7 24#include <linux/file.h>
1f2b7959 25#include <linux/list.h>
37276a51
ML		 26#include <linux/async.h>
27#include <linux/pm.h>
07646d9c 28#include <linux/suspend.h>
ac39b3ea 29#include <linux/syscore_ops.h>
fe304143 30#include <linux/reboot.h>
6593d924 31#include <linux/security.h>
37276a51 32
abb139e7
LT		 33#include <generated/utsrelease.h>
34
37276a51 35#include "base.h"
1da177e4 36
87d37a4f 37MODULE_AUTHOR("Manuel Estrada Sainz");
1da177e4
LT		 38MODULE_DESCRIPTION("Multi purpose firmware loading support");
39MODULE_LICENSE("GPL");
40
bcb9bd18
DT		 41/* Builtin firmware support */
42
43#ifdef CONFIG_FW_LOADER
44
45extern struct builtin_fw __start_builtin_fw[];
46extern struct builtin_fw __end_builtin_fw[];
47
48static bool fw_get_builtin_firmware(struct firmware *fw, const char *name)
49{
50 struct builtin_fw *b_fw;
51
52 for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++) {
53 if (strcmp(name, b_fw->name) == 0) {
54 fw->size = b_fw->size;
55 fw->data = b_fw->data;
56 return true;
57 }
58 }
59
60 return false;
61}
62
63static bool fw_is_builtin_firmware(const struct firmware *fw)
64{
65 struct builtin_fw *b_fw;
66
67 for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++)
68 if (fw->data == b_fw->data)
69 return true;
70
71 return false;
72}
73
74#else /* Module case - no builtin firmware support */
75
76static inline bool fw_get_builtin_firmware(struct firmware *fw, const char *name)
77{
78 return false;
79}
80
81static inline bool fw_is_builtin_firmware(const struct firmware *fw)
82{
83 return false;
84}
85#endif
86
1da177e4
LT		 87enum {
88 FW_STATUS_LOADING,
89 FW_STATUS_DONE,
90 FW_STATUS_ABORT,
1da177e4
LT		 91};
92
2f65168d 93static int loading_timeout = 60; /* In seconds */
1da177e4 94
9b78c1da
RW		 95static inline long firmware_loading_timeout(void)
96{
68ff2a00 97 return loading_timeout > 0 ? loading_timeout * HZ : MAX_JIFFY_OFFSET;
9b78c1da
RW		 98}
99
14c4bae7
TI		 100/* firmware behavior options */
101#define FW_OPT_UEVENT (1U << 0)
102#define FW_OPT_NOWAIT (1U << 1)
68aeeaaa 103#ifdef CONFIG_FW_LOADER_USER_HELPER
5a1379e8 104#define FW_OPT_USERHELPER (1U << 2)
68aeeaaa 105#else
5a1379e8
TI		 106#define FW_OPT_USERHELPER 0
107#endif
108#ifdef CONFIG_FW_LOADER_USER_HELPER_FALLBACK
109#define FW_OPT_FALLBACK FW_OPT_USERHELPER
110#else
111#define FW_OPT_FALLBACK 0
68aeeaaa 112#endif
c868edf4 113#define FW_OPT_NO_WARN (1U << 3)
14c4bae7 114
1f2b7959
ML		 115struct firmware_cache {
116 /* firmware_buf instance will be added into the below list */
117 spinlock_t lock;
118 struct list_head head;
cfe016b1 119 int state;
37276a51 120
cfe016b1 121#ifdef CONFIG_PM_SLEEP
37276a51
ML		 122 /*
123 * Names of firmware images which have been cached successfully
124 * will be added into the below list so that device uncache
125 * helper can trace which firmware images have been cached
126 * before.
127 */
128 spinlock_t name_lock;
129 struct list_head fw_names;
130
37276a51 131 struct delayed_work work;
07646d9c
ML		 132
133 struct notifier_block pm_notify;
cfe016b1 134#endif
1f2b7959 135};
1da177e4 136
1244691c 137struct firmware_buf {
1f2b7959
ML		 138 struct kref ref;
139 struct list_head list;
1da177e4 140 struct completion completion;
1f2b7959 141 struct firmware_cache *fwc;
1da177e4 142 unsigned long status;
65710cb6
ML		 143 void *data;
144 size_t size;
7b1269f7 145#ifdef CONFIG_FW_LOADER_USER_HELPER
cd7239fa 146 bool is_paged_buf;
af5bc11e 147 bool need_uevent;
6e03a201
DW		 148 struct page **pages;
149 int nr_pages;
150 int page_array_size;
fe304143 151 struct list_head pending_list;
7b1269f7 152#endif
e0fd9b1d 153 const char *fw_id;
1244691c
ML		 154};
155
37276a51
ML		 156struct fw_cache_entry {
157 struct list_head list;
e0fd9b1d 158 const char *name;
37276a51
ML		 159};
160
f531f05a
ML		 161struct fw_name_devm {
162 unsigned long magic;
e0fd9b1d 163 const char *name;
f531f05a
ML		 164};
165
1f2b7959
ML		 166#define to_fwbuf(d) container_of(d, struct firmware_buf, ref)
167
ac39b3ea
ML		 168#define FW_LOADER_NO_CACHE 0
169#define FW_LOADER_START_CACHE 1
170
171static int fw_cache_piggyback_on_request(const char *name);
172
1f2b7959
ML		 173/* fw_lock could be moved to 'struct firmware_priv' but since it is just
174 * guarding for corner cases a global lock should be OK */
175static DEFINE_MUTEX(fw_lock);
176
177static struct firmware_cache fw_cache;
178
179static struct firmware_buf *__allocate_fw_buf(const char *fw_name,
180 struct firmware_cache *fwc)
181{
182 struct firmware_buf *buf;
183
e0fd9b1d 184 buf = kzalloc(sizeof(*buf), GFP_ATOMIC);
1f2b7959 185 if (!buf)
e0fd9b1d
LR		 186 return NULL;
187
188 buf->fw_id = kstrdup_const(fw_name, GFP_ATOMIC);
189 if (!buf->fw_id) {
190 kfree(buf);
191 return NULL;
192 }
1f2b7959
ML		 193
194 kref_init(&buf->ref);
1f2b7959
ML		 195 buf->fwc = fwc;
196 init_completion(&buf->completion);
fe304143
TI		 197#ifdef CONFIG_FW_LOADER_USER_HELPER
198 INIT_LIST_HEAD(&buf->pending_list);
199#endif
1f2b7959
ML		 200
201 pr_debug("%s: fw-%s buf=%p\n", __func__, fw_name, buf);
202
203 return buf;
204}
205
2887b395
ML		 206static struct firmware_buf *__fw_lookup_buf(const char *fw_name)
207{
208 struct firmware_buf *tmp;
209 struct firmware_cache *fwc = &fw_cache;
210
211 list_for_each_entry(tmp, &fwc->head, list)
212 if (!strcmp(tmp->fw_id, fw_name))
213 return tmp;
214 return NULL;
215}
216
1f2b7959
ML		 217static int fw_lookup_and_allocate_buf(const char *fw_name,
218 struct firmware_cache *fwc,
219 struct firmware_buf **buf)
220{
221 struct firmware_buf *tmp;
222
223 spin_lock(&fwc->lock);
2887b395
ML		 224 tmp = __fw_lookup_buf(fw_name);
225 if (tmp) {
226 kref_get(&tmp->ref);
227 spin_unlock(&fwc->lock);
228 *buf = tmp;
229 return 1;
230 }
1f2b7959
ML		 231 tmp = __allocate_fw_buf(fw_name, fwc);
232 if (tmp)
233 list_add(&tmp->list, &fwc->head);
234 spin_unlock(&fwc->lock);
235
236 *buf = tmp;
237
238 return tmp ? 0 : -ENOMEM;
239}
240
241static void __fw_free_buf(struct kref *ref)
98233b21 242 __releases(&fwc->lock)
1f2b7959
ML		 243{
244 struct firmware_buf *buf = to_fwbuf(ref);
245 struct firmware_cache *fwc = buf->fwc;
1f2b7959
ML		 246
247 pr_debug("%s: fw-%s buf=%p data=%p size=%u\n",
248 __func__, buf->fw_id, buf, buf->data,
249 (unsigned int)buf->size);
250
1f2b7959
ML		 251 list_del(&buf->list);
252 spin_unlock(&fwc->lock);
253
7b1269f7 254#ifdef CONFIG_FW_LOADER_USER_HELPER
cd7239fa 255 if (buf->is_paged_buf) {
7b1269f7 256 int i;
746058f4
ML		 257 vunmap(buf->data);
258 for (i = 0; i < buf->nr_pages; i++)
259 __free_page(buf->pages[i]);
260 kfree(buf->pages);
261 } else
7b1269f7 262#endif
746058f4 263 vfree(buf->data);
e0fd9b1d 264 kfree_const(buf->fw_id);
1f2b7959
ML		 265 kfree(buf);
266}
267
268static void fw_free_buf(struct firmware_buf *buf)
269{
bd9eb7fb
CL		 270 struct firmware_cache *fwc = buf->fwc;
271 spin_lock(&fwc->lock);
272 if (!kref_put(&buf->ref, __fw_free_buf))
273 spin_unlock(&fwc->lock);
1f2b7959
ML		 274}
275
746058f4 276/* direct firmware loading support */
27602842
ML		 277static char fw_path_para[256];
278static const char * const fw_path[] = {
279 fw_path_para,
746058f4
ML		 280 "/lib/firmware/updates/" UTS_RELEASE,
281 "/lib/firmware/updates",
282 "/lib/firmware/" UTS_RELEASE,
283 "/lib/firmware"
284};
285
27602842
ML		 286/*
287 * Typical usage is that passing 'firmware_class.path=$CUSTOMIZED_PATH'
288 * from kernel command line because firmware_class is generally built in
289 * kernel instead of module.
290 */
291module_param_string(path, fw_path_para, sizeof(fw_path_para), 0644);
292MODULE_PARM_DESC(path, "customized firmware image search path with a higher priority than default path");
293
3e358ac2 294static int fw_read_file_contents(struct file *file, struct firmware_buf *fw_buf)
746058f4 295{
08da2012 296 int size;
746058f4 297 char *buf;
3e358ac2 298 int rc;
746058f4 299
6af6b163
DK		 300 if (!S_ISREG(file_inode(file)->i_mode))
301 return -EINVAL;
302 size = i_size_read(file_inode(file));
4adf07fb 303 if (size <= 0)
3e358ac2 304 return -EINVAL;
746058f4
ML		 305 buf = vmalloc(size);
306 if (!buf)
3e358ac2
NH		 307 return -ENOMEM;
308 rc = kernel_read(file, 0, buf, size);
309 if (rc != size) {
310 if (rc > 0)
311 rc = -EIO;
6593d924 312 goto fail;
746058f4 313 }
6593d924
KC		 314 rc = security_kernel_fw_from_file(file, buf, size);
315 if (rc)
316 goto fail;
746058f4
ML		 317 fw_buf->data = buf;
318 fw_buf->size = size;
3e358ac2 319 return 0;
6593d924
KC		 320fail:
321 vfree(buf);
322 return rc;
746058f4
ML		 323}
324
3e358ac2 325static int fw_get_filesystem_firmware(struct device *device,
4e0c92d0 326 struct firmware_buf *buf)
746058f4 327{
1ba4de17 328 int i, len;
3e358ac2 329 int rc = -ENOENT;
f5727b05
LR		 330 char *path;
331
332 path = __getname();
333 if (!path)
334 return -ENOMEM;
746058f4
ML		 335
336 for (i = 0; i < ARRAY_SIZE(fw_path); i++) {
337 struct file *file;
27602842
ML		 338
339 /* skip the unset customized path */
340 if (!fw_path[i][0])
341 continue;
342
1ba4de17
LR		 343 len = snprintf(path, PATH_MAX, "%s/%s",
344 fw_path[i], buf->fw_id);
345 if (len >= PATH_MAX) {
346 rc = -ENAMETOOLONG;
347 break;
348 }
746058f4
ML		 349
350 file = filp_open(path, O_RDONLY, 0);
351 if (IS_ERR(file))
352 continue;
3e358ac2 353 rc = fw_read_file_contents(file, buf);
746058f4 354 fput(file);
3e358ac2
NH		 355 if (rc)
356 dev_warn(device, "firmware, attempted to load %s, but failed with error %d\n",
357 path, rc);
358 else
746058f4
ML		 359 break;
360 }
361 __putname(path);
4e0c92d0 362
3e358ac2 363 if (!rc) {
4e0c92d0
TI		 364 dev_dbg(device, "firmware: direct-loading firmware %s\n",
365 buf->fw_id);
366 mutex_lock(&fw_lock);
367 set_bit(FW_STATUS_DONE, &buf->status);
368 complete_all(&buf->completion);
369 mutex_unlock(&fw_lock);
370 }
371
3e358ac2 372 return rc;
746058f4
ML		 373}
374
7b1269f7
TI		 375/* firmware holds the ownership of pages */
376static void firmware_free_data(const struct firmware *fw)
377{
378 /* Loaded directly? */
379 if (!fw->priv) {
380 vfree(fw->data);
381 return;
382 }
383 fw_free_buf(fw->priv);
384}
385
cd7239fa
TI		 386/* store the pages buffer info firmware from buf */
387static void fw_set_page_data(struct firmware_buf *buf, struct firmware *fw)
388{
389 fw->priv = buf;
390#ifdef CONFIG_FW_LOADER_USER_HELPER
391 fw->pages = buf->pages;
392#endif
393 fw->size = buf->size;
394 fw->data = buf->data;
395
396 pr_debug("%s: fw-%s buf=%p data=%p size=%u\n",
397 __func__, buf->fw_id, buf, buf->data,
398 (unsigned int)buf->size);
399}
400
401#ifdef CONFIG_PM_SLEEP
402static void fw_name_devm_release(struct device *dev, void *res)
403{
404 struct fw_name_devm *fwn = res;
405
406 if (fwn->magic == (unsigned long)&fw_cache)
407 pr_debug("%s: fw_name-%s devm-%p released\n",
408 __func__, fwn->name, res);
e0fd9b1d 409 kfree_const(fwn->name);
cd7239fa
TI		 410}
411
412static int fw_devm_match(struct device *dev, void *res,
413 void *match_data)
414{
415 struct fw_name_devm *fwn = res;
416
417 return (fwn->magic == (unsigned long)&fw_cache) &&
418 !strcmp(fwn->name, match_data);
419}
420
421static struct fw_name_devm *fw_find_devm_name(struct device *dev,
422 const char *name)
423{
424 struct fw_name_devm *fwn;
425
426 fwn = devres_find(dev, fw_name_devm_release,
427 fw_devm_match, (void *)name);
428 return fwn;
429}
430
431/* add firmware name into devres list */
432static int fw_add_devm_name(struct device *dev, const char *name)
433{
434 struct fw_name_devm *fwn;
435
436 fwn = fw_find_devm_name(dev, name);
437 if (fwn)
438 return 1;
439
e0fd9b1d
LR		 440 fwn = devres_alloc(fw_name_devm_release, sizeof(struct fw_name_devm),
441 GFP_KERNEL);
cd7239fa
TI		 442 if (!fwn)
443 return -ENOMEM;
e0fd9b1d
LR		 444 fwn->name = kstrdup_const(name, GFP_KERNEL);
445 if (!fwn->name) {
446 kfree(fwn);
447 return -ENOMEM;
448 }
cd7239fa
TI		 449
450 fwn->magic = (unsigned long)&fw_cache;
cd7239fa
TI		 451 devres_add(dev, fwn);
452
453 return 0;
454}
455#else
456static int fw_add_devm_name(struct device *dev, const char *name)
457{
458 return 0;
459}
460#endif
461
462
463/*
464 * user-mode helper code
465 */
7b1269f7 466#ifdef CONFIG_FW_LOADER_USER_HELPER
cd7239fa 467struct firmware_priv {
cd7239fa
TI		 468 bool nowait;
469 struct device dev;
470 struct firmware_buf *buf;
471 struct firmware *fw;
472};
7b1269f7 473
f8a4bd34
DT		 474static struct firmware_priv *to_firmware_priv(struct device *dev)
475{
476 return container_of(dev, struct firmware_priv, dev);
477}
478
7068cb07 479static void __fw_load_abort(struct firmware_buf *buf)
1da177e4 480{
87597936
ML		 481 /*
482 * There is a small window in which user can write to 'loading'
483 * between loading done and disappearance of 'loading'
484 */
485 if (test_bit(FW_STATUS_DONE, &buf->status))
486 return;
487
fe304143 488 list_del_init(&buf->pending_list);
1244691c 489 set_bit(FW_STATUS_ABORT, &buf->status);
1f2b7959 490 complete_all(&buf->completion);
1da177e4
LT		 491}
492
7068cb07
GKH		 493static void fw_load_abort(struct firmware_priv *fw_priv)
494{
495 struct firmware_buf *buf = fw_priv->buf;
496
497 __fw_load_abort(buf);
87597936
ML		 498
499 /* avoid user action after loading abort */
500 fw_priv->buf = NULL;
1da177e4
LT		 501}
502
807be03c
TI		 503#define is_fw_load_aborted(buf) \
504 test_bit(FW_STATUS_ABORT, &(buf)->status)
505
fe304143
TI		 506static LIST_HEAD(pending_fw_head);
507
508/* reboot notifier for avoid deadlock with usermode_lock */
509static int fw_shutdown_notify(struct notifier_block *unused1,
510 unsigned long unused2, void *unused3)
511{
512 mutex_lock(&fw_lock);
513 while (!list_empty(&pending_fw_head))
7068cb07 514 __fw_load_abort(list_first_entry(&pending_fw_head,
fe304143
TI		 515 struct firmware_buf,
516 pending_list));
517 mutex_unlock(&fw_lock);
518 return NOTIFY_DONE;
519}
520
521static struct notifier_block fw_shutdown_nb = {
522 .notifier_call = fw_shutdown_notify,
523};
524
14adbe53
GKH		 525static ssize_t timeout_show(struct class *class, struct class_attribute *attr,
526 char *buf)
1da177e4
LT		 527{
528 return sprintf(buf, "%d\n", loading_timeout);
529}
530
531/**
eb8e3179
RD		 532 * firmware_timeout_store - set number of seconds to wait for firmware
533 * @class: device class pointer
e59817bf 534 * @attr: device attribute pointer
eb8e3179
RD		 535 * @buf: buffer to scan for timeout value
536 * @count: number of bytes in @buf
537 *
1da177e4 538 * Sets the number of seconds to wait for the firmware. Once
eb8e3179 539 * this expires an error will be returned to the driver and no
1da177e4
LT		 540 * firmware will be provided.
541 *
eb8e3179 542 * Note: zero means 'wait forever'.
1da177e4 543 **/
14adbe53
GKH		 544static ssize_t timeout_store(struct class *class, struct class_attribute *attr,
545 const char *buf, size_t count)
1da177e4
LT		 546{
547 loading_timeout = simple_strtol(buf, NULL, 10);
b92eac01
SG		 548 if (loading_timeout < 0)
549 loading_timeout = 0;
f8a4bd34 550
1da177e4
LT		 551 return count;
552}
553
673fae90 554static struct class_attribute firmware_class_attrs[] = {
14adbe53 555 __ATTR_RW(timeout),
673fae90
DT		 556 __ATTR_NULL
557};
1da177e4 558
1244691c
ML		 559static void fw_dev_release(struct device *dev)
560{
561 struct firmware_priv *fw_priv = to_firmware_priv(dev);
65710cb6 562
673fae90 563 kfree(fw_priv);
673fae90 564}
1da177e4 565
6f957724 566static int do_firmware_uevent(struct firmware_priv *fw_priv, struct kobj_uevent_env *env)
1da177e4 567{
1244691c 568 if (add_uevent_var(env, "FIRMWARE=%s", fw_priv->buf->fw_id))
1da177e4 569 return -ENOMEM;
7eff2e7a 570 if (add_uevent_var(env, "TIMEOUT=%i", loading_timeout))
6897089c 571 return -ENOMEM;
e9045f91
JB		 572 if (add_uevent_var(env, "ASYNC=%d", fw_priv->nowait))
573 return -ENOMEM;
1da177e4
LT		 574
575 return 0;
576}
577
6f957724
LT		 578static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
579{
580 struct firmware_priv *fw_priv = to_firmware_priv(dev);
581 int err = 0;
582
583 mutex_lock(&fw_lock);
584 if (fw_priv->buf)
585 err = do_firmware_uevent(fw_priv, env);
586 mutex_unlock(&fw_lock);
587 return err;
588}
589
1b81d663
AB		 590static struct class firmware_class = {
591 .name = "firmware",
673fae90 592 .class_attrs = firmware_class_attrs,
e55c8790
GKH		 593 .dev_uevent = firmware_uevent,
594 .dev_release = fw_dev_release,
1b81d663
AB		 595};
596
e55c8790
GKH		 597static ssize_t firmware_loading_show(struct device *dev,
598 struct device_attribute *attr, char *buf)
1da177e4 599{
f8a4bd34 600 struct firmware_priv *fw_priv = to_firmware_priv(dev);
87597936
ML		 601 int loading = 0;
602
603 mutex_lock(&fw_lock);
604 if (fw_priv->buf)
605 loading = test_bit(FW_STATUS_LOADING, &fw_priv->buf->status);
606 mutex_unlock(&fw_lock);
f8a4bd34 607
1da177e4
LT		 608 return sprintf(buf, "%d\n", loading);
609}
610
6e03a201
DW		 611/* Some architectures don't have PAGE_KERNEL_RO */
612#ifndef PAGE_KERNEL_RO
613#define PAGE_KERNEL_RO PAGE_KERNEL
614#endif
253c9240
ML		 615
616/* one pages buffer should be mapped/unmapped only once */
617static int fw_map_pages_buf(struct firmware_buf *buf)
618{
cd7239fa 619 if (!buf->is_paged_buf)
746058f4
ML		 620 return 0;
621
daa3d67f 622 vunmap(buf->data);
253c9240
ML		 623 buf->data = vmap(buf->pages, buf->nr_pages, 0, PAGE_KERNEL_RO);
624 if (!buf->data)
625 return -ENOMEM;
626 return 0;
627}
628
1da177e4 629/**
eb8e3179 630 * firmware_loading_store - set value in the 'loading' control file
e55c8790 631 * @dev: device pointer
af9997e4 632 * @attr: device attribute pointer
eb8e3179
RD		 633 * @buf: buffer to scan for loading control value
634 * @count: number of bytes in @buf
635 *
1da177e4
LT		 636 * The relevant values are:
637 *
638 * 1: Start a load, discarding any previous partial load.
eb8e3179 639 * 0: Conclude the load and hand the data to the driver code.
1da177e4
LT		 640 * -1: Conclude the load with an error and discard any written data.
641 **/
e55c8790
GKH		 642static ssize_t firmware_loading_store(struct device *dev,
643 struct device_attribute *attr,
644 const char *buf, size_t count)
1da177e4 645{
f8a4bd34 646 struct firmware_priv *fw_priv = to_firmware_priv(dev);
87597936 647 struct firmware_buf *fw_buf;
6593d924 648 ssize_t written = count;
1da177e4 649 int loading = simple_strtol(buf, NULL, 10);
6e03a201 650 int i;
1da177e4 651
eea915bb 652 mutex_lock(&fw_lock);
87597936 653 fw_buf = fw_priv->buf;
1244691c 654 if (!fw_buf)
eea915bb
NH		 655 goto out;
656
1da177e4
LT		 657 switch (loading) {
658 case 1:
65710cb6 659 /* discarding any previous partial load */
1244691c
ML		 660 if (!test_bit(FW_STATUS_DONE, &fw_buf->status)) {
661 for (i = 0; i < fw_buf->nr_pages; i++)
662 __free_page(fw_buf->pages[i]);
663 kfree(fw_buf->pages);
664 fw_buf->pages = NULL;
665 fw_buf->page_array_size = 0;
666 fw_buf->nr_pages = 0;
667 set_bit(FW_STATUS_LOADING, &fw_buf->status);
28eefa75 668 }
1da177e4
LT		 669 break;
670 case 0:
1244691c 671 if (test_bit(FW_STATUS_LOADING, &fw_buf->status)) {
6593d924
KC		 672 int rc;
673
1244691c
ML		 674 set_bit(FW_STATUS_DONE, &fw_buf->status);
675 clear_bit(FW_STATUS_LOADING, &fw_buf->status);
253c9240
ML		 676
677 /*
678 * Several loading requests may be pending on
679 * one same firmware buf, so let all requests
680 * see the mapped 'buf->data' once the loading
681 * is completed.
682 * */
6593d924
KC		 683 rc = fw_map_pages_buf(fw_buf);
684 if (rc)
2b1278cb 685 dev_err(dev, "%s: map pages failed\n",
686 __func__);
6593d924
KC		 687 else
688 rc = security_kernel_fw_from_file(NULL,
689 fw_buf->data, fw_buf->size);
690
691 /*
692 * Same logic as fw_load_abort, only the DONE bit
693 * is ignored and we set ABORT only on failure.
694 */
fe304143 695 list_del_init(&fw_buf->pending_list);
6593d924
KC		 696 if (rc) {
697 set_bit(FW_STATUS_ABORT, &fw_buf->status);
698 written = rc;
699 }
1f2b7959 700 complete_all(&fw_buf->completion);
1da177e4
LT		 701 break;
702 }
703 /* fallthrough */
704 default:
266a813c 705 dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
1da177e4
LT		 706 /* fallthrough */
707 case -1:
708 fw_load_abort(fw_priv);
709 break;
710 }
eea915bb
NH		 711out:
712 mutex_unlock(&fw_lock);
6593d924 713 return written;
1da177e4
LT		 714}
715
e55c8790 716static DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
1da177e4 717
f8a4bd34
DT		 718static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
719 struct bin_attribute *bin_attr,
720 char *buffer, loff_t offset, size_t count)
1da177e4 721{
b0d1f807 722 struct device *dev = kobj_to_dev(kobj);
f8a4bd34 723 struct firmware_priv *fw_priv = to_firmware_priv(dev);
1244691c 724 struct firmware_buf *buf;
f37e6617 725 ssize_t ret_count;
1da177e4 726
cad1e55d 727 mutex_lock(&fw_lock);
1244691c
ML		 728 buf = fw_priv->buf;
729 if (!buf || test_bit(FW_STATUS_DONE, &buf->status)) {
1da177e4
LT		 730 ret_count = -ENODEV;
731 goto out;
732 }
1244691c 733 if (offset > buf->size) {
308975fa
JS		 734 ret_count = 0;
735 goto out;
736 }
1244691c
ML		 737 if (count > buf->size - offset)
738 count = buf->size - offset;
6e03a201
DW		 739
740 ret_count = count;
741
742 while (count) {
743 void *page_data;
744 int page_nr = offset >> PAGE_SHIFT;
745 int page_ofs = offset & (PAGE_SIZE-1);
746 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
747
1244691c 748 page_data = kmap(buf->pages[page_nr]);
6e03a201
DW		 749
750 memcpy(buffer, page_data + page_ofs, page_cnt);
751
1244691c 752 kunmap(buf->pages[page_nr]);
6e03a201
DW		 753 buffer += page_cnt;
754 offset += page_cnt;
755 count -= page_cnt;
756 }
1da177e4 757out:
cad1e55d 758 mutex_unlock(&fw_lock);
1da177e4
LT		 759 return ret_count;
760}
eb8e3179 761
f8a4bd34 762static int fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size)
1da177e4 763{
1244691c 764 struct firmware_buf *buf = fw_priv->buf;
a76040d8 765 int pages_needed = PAGE_ALIGN(min_size) >> PAGE_SHIFT;
6e03a201
DW		 766
767 /* If the array of pages is too small, grow it... */
1244691c 768 if (buf->page_array_size < pages_needed) {
6e03a201 769 int new_array_size = max(pages_needed,
1244691c 770 buf->page_array_size * 2);
6e03a201
DW		 771 struct page **new_pages;
772
773 new_pages = kmalloc(new_array_size * sizeof(void *),
774 GFP_KERNEL);
775 if (!new_pages) {
776 fw_load_abort(fw_priv);
777 return -ENOMEM;
778 }
1244691c
ML		 779 memcpy(new_pages, buf->pages,
780 buf->page_array_size * sizeof(void *));
781 memset(&new_pages[buf->page_array_size], 0, sizeof(void *) *
782 (new_array_size - buf->page_array_size));
783 kfree(buf->pages);
784 buf->pages = new_pages;
785 buf->page_array_size = new_array_size;
6e03a201 786 }
1da177e4 787
1244691c
ML		 788 while (buf->nr_pages < pages_needed) {
789 buf->pages[buf->nr_pages] =
6e03a201 790 alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
1da177e4 791
1244691c 792 if (!buf->pages[buf->nr_pages]) {
6e03a201
DW		 793 fw_load_abort(fw_priv);
794 return -ENOMEM;
795 }
1244691c 796 buf->nr_pages++;
1da177e4 797 }
1da177e4
LT		 798 return 0;
799}
800
801/**
eb8e3179 802 * firmware_data_write - write method for firmware
2c3c8bea 803 * @filp: open sysfs file
e55c8790 804 * @kobj: kobject for the device
42e61f4a 805 * @bin_attr: bin_attr structure
eb8e3179
RD		 806 * @buffer: buffer being written
807 * @offset: buffer offset for write in total data store area
808 * @count: buffer size
1da177e4 809 *
eb8e3179 810 * Data written to the 'data' attribute will be later handed to
1da177e4
LT		 811 * the driver as a firmware image.
812 **/
f8a4bd34
DT		 813static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
814 struct bin_attribute *bin_attr,
815 char *buffer, loff_t offset, size_t count)
1da177e4 816{
b0d1f807 817 struct device *dev = kobj_to_dev(kobj);
f8a4bd34 818 struct firmware_priv *fw_priv = to_firmware_priv(dev);
1244691c 819 struct firmware_buf *buf;
1da177e4
LT		 820 ssize_t retval;
821
822 if (!capable(CAP_SYS_RAWIO))
823 return -EPERM;
b92eac01 824
cad1e55d 825 mutex_lock(&fw_lock);
1244691c
ML		 826 buf = fw_priv->buf;
827 if (!buf || test_bit(FW_STATUS_DONE, &buf->status)) {
1da177e4
LT		 828 retval = -ENODEV;
829 goto out;
830 }
65710cb6 831
1da177e4
LT		 832 retval = fw_realloc_buffer(fw_priv, offset + count);
833 if (retval)
834 goto out;
835
1da177e4 836 retval = count;
6e03a201
DW		 837
838 while (count) {
839 void *page_data;
840 int page_nr = offset >> PAGE_SHIFT;
841 int page_ofs = offset & (PAGE_SIZE - 1);
842 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
843
1244691c 844 page_data = kmap(buf->pages[page_nr]);
6e03a201
DW		 845
846 memcpy(page_data + page_ofs, buffer, page_cnt);
847
1244691c 848 kunmap(buf->pages[page_nr]);
6e03a201
DW		 849 buffer += page_cnt;
850 offset += page_cnt;
851 count -= page_cnt;
852 }
853
1244691c 854 buf->size = max_t(size_t, offset, buf->size);
1da177e4 855out:
cad1e55d 856 mutex_unlock(&fw_lock);
1da177e4
LT		 857 return retval;
858}
eb8e3179 859
0983ca2d
DT		 860static struct bin_attribute firmware_attr_data = {
861 .attr = { .name = "data", .mode = 0644 },
1da177e4
LT		 862 .size = 0,
863 .read = firmware_data_read,
864 .write = firmware_data_write,
865};
866
46239902
TI		 867static struct attribute *fw_dev_attrs[] = {
868 &dev_attr_loading.attr,
869 NULL
870};
871
872static struct bin_attribute *fw_dev_bin_attrs[] = {
873 &firmware_attr_data,
874 NULL
875};
876
877static const struct attribute_group fw_dev_attr_group = {
878 .attrs = fw_dev_attrs,
879 .bin_attrs = fw_dev_bin_attrs,
880};
881
882static const struct attribute_group *fw_dev_attr_groups[] = {
883 &fw_dev_attr_group,
884 NULL
885};
886
f8a4bd34 887static struct firmware_priv *
dddb5549 888fw_create_instance(struct firmware *firmware, const char *fw_name,
14c4bae7 889 struct device *device, unsigned int opt_flags)
1da177e4 890{
f8a4bd34
DT		 891 struct firmware_priv *fw_priv;
892 struct device *f_dev;
1da177e4 893
1244691c 894 fw_priv = kzalloc(sizeof(*fw_priv), GFP_KERNEL);
f8a4bd34 895 if (!fw_priv) {
1244691c
ML		 896 fw_priv = ERR_PTR(-ENOMEM);
897 goto exit;
898 }
899
14c4bae7 900 fw_priv->nowait = !!(opt_flags & FW_OPT_NOWAIT);
1f2b7959 901 fw_priv->fw = firmware;
f8a4bd34
DT		 902 f_dev = &fw_priv->dev;
903
904 device_initialize(f_dev);
99c2aa72 905 dev_set_name(f_dev, "%s", fw_name);
e55c8790
GKH		 906 f_dev->parent = device;
907 f_dev->class = &firmware_class;
46239902 908 f_dev->groups = fw_dev_attr_groups;
1244691c 909exit:
f8a4bd34 910 return fw_priv;
1da177e4
LT		 911}
912
cd7239fa 913/* load a firmware via user helper */
14c4bae7
TI		 914static int _request_firmware_load(struct firmware_priv *fw_priv,
915 unsigned int opt_flags, long timeout)
1f2b7959 916{
cd7239fa
TI		 917 int retval = 0;
918 struct device *f_dev = &fw_priv->dev;
919 struct firmware_buf *buf = fw_priv->buf;
1f2b7959 920
cd7239fa
TI		 921 /* fall back on userspace loading */
922 buf->is_paged_buf = true;
1f2b7959 923
cd7239fa 924 dev_set_uevent_suppress(f_dev, true);
f531f05a 925
cd7239fa
TI		 926 retval = device_add(f_dev);
927 if (retval) {
928 dev_err(f_dev, "%s: device_register failed\n", __func__);
929 goto err_put_dev;
930 }
f531f05a 931
1eeeef15
MB		 932 mutex_lock(&fw_lock);
933 list_add(&buf->pending_list, &pending_fw_head);
934 mutex_unlock(&fw_lock);
935
14c4bae7 936 if (opt_flags & FW_OPT_UEVENT) {
af5bc11e 937 buf->need_uevent = true;
cd7239fa
TI		 938 dev_set_uevent_suppress(f_dev, false);
939 dev_dbg(f_dev, "firmware: requesting %s\n", buf->fw_id);
cd7239fa 940 kobject_uevent(&fw_priv->dev.kobj, KOBJ_ADD);
68ff2a00
ML		 941 } else {
942 timeout = MAX_JIFFY_OFFSET;
cd7239fa 943 }
f531f05a 944
68ff2a00
ML		 945 retval = wait_for_completion_interruptible_timeout(&buf->completion,
946 timeout);
947 if (retval == -ERESTARTSYS || !retval) {
0cb64249
ML		 948 mutex_lock(&fw_lock);
949 fw_load_abort(fw_priv);
950 mutex_unlock(&fw_lock);
ef518cc8
ZD		 951 } else if (retval > 0) {
952 retval = 0;
0cb64249 953 }
f531f05a 954
0542ad88
SK		 955 if (is_fw_load_aborted(buf))
956 retval = -EAGAIN;
957 else if (!buf->data)
2b1278cb 958 retval = -ENOMEM;
f531f05a 959
cd7239fa
TI		 960 device_del(f_dev);
961err_put_dev:
962 put_device(f_dev);
963 return retval;
f531f05a 964}
cd7239fa
TI		 965
966static int fw_load_from_user_helper(struct firmware *firmware,
967 const char *name, struct device *device,
14c4bae7 968 unsigned int opt_flags, long timeout)
cfe016b1 969{
cd7239fa
TI		 970 struct firmware_priv *fw_priv;
971
14c4bae7 972 fw_priv = fw_create_instance(firmware, name, device, opt_flags);
cd7239fa
TI		 973 if (IS_ERR(fw_priv))
974 return PTR_ERR(fw_priv);
975
976 fw_priv->buf = firmware->priv;
14c4bae7 977 return _request_firmware_load(fw_priv, opt_flags, timeout);
cfe016b1 978}
ddf1f064 979
5b7cb7a1 980#ifdef CONFIG_PM_SLEEP
ddf1f064
ML		 981/* kill pending requests without uevent to avoid blocking suspend */
982static void kill_requests_without_uevent(void)
983{
984 struct firmware_buf *buf;
985 struct firmware_buf *next;
986
987 mutex_lock(&fw_lock);
988 list_for_each_entry_safe(buf, next, &pending_fw_head, pending_list) {
989 if (!buf->need_uevent)
7068cb07 990 __fw_load_abort(buf);
ddf1f064
ML		 991 }
992 mutex_unlock(&fw_lock);
993}
5b7cb7a1 994#endif
ddf1f064 995
cd7239fa
TI		 996#else /* CONFIG_FW_LOADER_USER_HELPER */
997static inline int
998fw_load_from_user_helper(struct firmware *firmware, const char *name,
14c4bae7 999 struct device *device, unsigned int opt_flags,
cd7239fa
TI		 1000 long timeout)
1001{
1002 return -ENOENT;
1003}
807be03c
TI		 1004
1005/* No abort during direct loading */
1006#define is_fw_load_aborted(buf) false
1007
5b7cb7a1 1008#ifdef CONFIG_PM_SLEEP
ddf1f064 1009static inline void kill_requests_without_uevent(void) { }
5b7cb7a1 1010#endif
ddf1f064 1011
cd7239fa
TI		 1012#endif /* CONFIG_FW_LOADER_USER_HELPER */
1013
f531f05a 1014
4e0c92d0
TI		 1015/* wait until the shared firmware_buf becomes ready (or error) */
1016static int sync_cached_firmware_buf(struct firmware_buf *buf)
1f2b7959 1017{
4e0c92d0
TI		 1018 int ret = 0;
1019
1020 mutex_lock(&fw_lock);
1021 while (!test_bit(FW_STATUS_DONE, &buf->status)) {
807be03c 1022 if (is_fw_load_aborted(buf)) {
4e0c92d0
TI		 1023 ret = -ENOENT;
1024 break;
1025 }
1026 mutex_unlock(&fw_lock);
000deba7 1027 ret = wait_for_completion_interruptible(&buf->completion);
4e0c92d0
TI		 1028 mutex_lock(&fw_lock);
1029 }
1030 mutex_unlock(&fw_lock);
1031 return ret;
1f2b7959
ML		 1032}
1033
4e0c92d0
TI		 1034/* prepare firmware and firmware_buf structs;
1035 * return 0 if a firmware is already assigned, 1 if need to load one,
1036 * or a negative error code
1037 */
1038static int
1039_request_firmware_prepare(struct firmware **firmware_p, const char *name,
1040 struct device *device)
1da177e4 1041{
1da177e4 1042 struct firmware *firmware;
1f2b7959
ML		 1043 struct firmware_buf *buf;
1044 int ret;
1da177e4 1045
4aed0644 1046 *firmware_p = firmware = kzalloc(sizeof(*firmware), GFP_KERNEL);
1da177e4 1047 if (!firmware) {
266a813c
BH		 1048 dev_err(device, "%s: kmalloc(struct firmware) failed\n",
1049 __func__);
4e0c92d0 1050 return -ENOMEM;
1da177e4 1051 }
1da177e4 1052
bcb9bd18 1053 if (fw_get_builtin_firmware(firmware, name)) {
6f18ff91 1054 dev_dbg(device, "firmware: using built-in firmware %s\n", name);
4e0c92d0 1055 return 0; /* assigned */
5658c769
DW		 1056 }
1057
1f2b7959 1058 ret = fw_lookup_and_allocate_buf(name, &fw_cache, &buf);
4e0c92d0
TI		 1059
1060 /*
1061 * bind with 'buf' now to avoid warning in failure path
1062 * of requesting firmware.
1063 */
1064 firmware->priv = buf;
1065
1066 if (ret > 0) {
1067 ret = sync_cached_firmware_buf(buf);
1068 if (!ret) {
1069 fw_set_page_data(buf, firmware);
1070 return 0; /* assigned */
1071 }
dddb5549 1072 }
811fa400 1073
4e0c92d0
TI		 1074 if (ret < 0)
1075 return ret;
1076 return 1; /* need to load */
1077}
1078
e771d1aa 1079static int assign_firmware_buf(struct firmware *fw, struct device *device,
14c4bae7 1080 unsigned int opt_flags)
4e0c92d0
TI		 1081{
1082 struct firmware_buf *buf = fw->priv;
1083
1f2b7959 1084 mutex_lock(&fw_lock);
807be03c 1085 if (!buf->size || is_fw_load_aborted(buf)) {
4e0c92d0
TI		 1086 mutex_unlock(&fw_lock);
1087 return -ENOENT;
1f2b7959 1088 }
65710cb6 1089
4e0c92d0
TI		 1090 /*
1091 * add firmware name into devres list so that we can auto cache
1092 * and uncache firmware for device.
1093 *
1094 * device may has been deleted already, but the problem
1095 * should be fixed in devres or driver core.
1096 */
14c4bae7
TI		 1097 /* don't cache firmware handled without uevent */
1098 if (device && (opt_flags & FW_OPT_UEVENT))
4e0c92d0
TI		 1099 fw_add_devm_name(device, buf->fw_id);
1100
1101 /*
1102 * After caching firmware image is started, let it piggyback
1103 * on request firmware.
1104 */
1105 if (buf->fwc->state == FW_LOADER_START_CACHE) {
1106 if (fw_cache_piggyback_on_request(buf->fw_id))
1107 kref_get(&buf->ref);
1108 }
1109
1110 /* pass the pages buffer to driver at the last minute */
1111 fw_set_page_data(buf, fw);
1f2b7959 1112 mutex_unlock(&fw_lock);
4e0c92d0 1113 return 0;
65710cb6
ML		 1114}
1115
4e0c92d0
TI		 1116/* called from request_firmware() and request_firmware_work_func() */
1117static int
1118_request_firmware(const struct firmware **firmware_p, const char *name,
14c4bae7 1119 struct device *device, unsigned int opt_flags)
4e0c92d0
TI		 1120{
1121 struct firmware *fw;
1122 long timeout;
1123 int ret;
1124
1125 if (!firmware_p)
1126 return -EINVAL;
1127
471b095d
KC		 1128 if (!name || name[0] == '\0')
1129 return -EINVAL;
1130
4e0c92d0
TI		 1131 ret = _request_firmware_prepare(&fw, name, device);
1132 if (ret <= 0) /* error or already assigned */
1133 goto out;
1134
1135 ret = 0;
1136 timeout = firmware_loading_timeout();
14c4bae7 1137 if (opt_flags & FW_OPT_NOWAIT) {
4e0c92d0
TI		 1138 timeout = usermodehelper_read_lock_wait(timeout);
1139 if (!timeout) {
1140 dev_dbg(device, "firmware: %s loading timed out\n",
1141 name);
1142 ret = -EBUSY;
1143 goto out;
1144 }
1145 } else {
1146 ret = usermodehelper_read_trylock();
1147 if (WARN_ON(ret)) {
1148 dev_err(device, "firmware: %s will not be loaded\n",
1149 name);
1150 goto out;
1151 }
1152 }
1153
3e358ac2
NH		 1154 ret = fw_get_filesystem_firmware(device, fw->priv);
1155 if (ret) {
c868edf4 1156 if (!(opt_flags & FW_OPT_NO_WARN))
bba3a87e 1157 dev_warn(device,
c868edf4
LR		 1158 "Direct firmware load for %s failed with error %d\n",
1159 name, ret);
1160 if (opt_flags & FW_OPT_USERHELPER) {
bba3a87e
TI		 1161 dev_warn(device, "Falling back to user helper\n");
1162 ret = fw_load_from_user_helper(fw, name, device,
14c4bae7 1163 opt_flags, timeout);
bba3a87e 1164 }
3e358ac2 1165 }
e771d1aa 1166
4e0c92d0 1167 if (!ret)
14c4bae7 1168 ret = assign_firmware_buf(fw, device, opt_flags);
4e0c92d0
TI		 1169
1170 usermodehelper_read_unlock();
1171
1172 out:
1173 if (ret < 0) {
1174 release_firmware(fw);
1175 fw = NULL;
1176 }
1177
1178 *firmware_p = fw;
1179 return ret;
1180}
1181
6e3eaab0 1182/**
312c004d 1183 * request_firmware: - send firmware request and wait for it
eb8e3179
RD		 1184 * @firmware_p: pointer to firmware image
1185 * @name: name of firmware file
1186 * @device: device for which firmware is being loaded
1187 *
1188 * @firmware_p will be used to return a firmware image by the name
6e3eaab0
AS		 1189 * of @name for device @device.
1190 *
1191 * Should be called from user context where sleeping is allowed.
1192 *
312c004d 1193 * @name will be used as $FIRMWARE in the uevent environment and
6e3eaab0
AS		 1194 * should be distinctive enough not to be confused with any other
1195 * firmware image for this or any other device.
0cfc1e1e
ML		 1196 *
1197 * Caller must hold the reference count of @device.
6a927857
ML		 1198 *
1199 * The function can be called safely inside device's suspend and
1200 * resume callback.
6e3eaab0
AS		 1201 **/
1202int
1203request_firmware(const struct firmware **firmware_p, const char *name,
ea31003c 1204 struct device *device)
6e3eaab0 1205{
d6c8aa39
ML		 1206 int ret;
1207
1208 /* Need to pin this module until return */
1209 __module_get(THIS_MODULE);
14c4bae7
TI		 1210 ret = _request_firmware(firmware_p, name, device,
1211 FW_OPT_UEVENT | FW_OPT_FALLBACK);
d6c8aa39
ML		 1212 module_put(THIS_MODULE);
1213 return ret;
6e3eaab0 1214}
f494513f 1215EXPORT_SYMBOL(request_firmware);
6e3eaab0 1216
bba3a87e 1217/**
3c1556b2 1218 * request_firmware_direct: - load firmware directly without usermode helper
bba3a87e
TI		 1219 * @firmware_p: pointer to firmware image
1220 * @name: name of firmware file
1221 * @device: device for which firmware is being loaded
1222 *
1223 * This function works pretty much like request_firmware(), but this doesn't
1224 * fall back to usermode helper even if the firmware couldn't be loaded
1225 * directly from fs. Hence it's useful for loading optional firmwares, which
1226 * aren't always present, without extra long timeouts of udev.
1227 **/
1228int request_firmware_direct(const struct firmware **firmware_p,
1229 const char *name, struct device *device)
1230{
1231 int ret;
ea31003c 1232
bba3a87e 1233 __module_get(THIS_MODULE);
c868edf4
LR		 1234 ret = _request_firmware(firmware_p, name, device,
1235 FW_OPT_UEVENT | FW_OPT_NO_WARN);
bba3a87e
TI		 1236 module_put(THIS_MODULE);
1237 return ret;
1238}
1239EXPORT_SYMBOL_GPL(request_firmware_direct);
bba3a87e 1240
1da177e4
LT		 1241/**
1242 * release_firmware: - release the resource associated with a firmware image
eb8e3179 1243 * @fw: firmware resource to release
1da177e4 1244 **/
bcb9bd18 1245void release_firmware(const struct firmware *fw)
1da177e4
LT		 1246{
1247 if (fw) {
bcb9bd18
DT		 1248 if (!fw_is_builtin_firmware(fw))
1249 firmware_free_data(fw);
1da177e4
LT		 1250 kfree(fw);
1251 }
1252}
f494513f 1253EXPORT_SYMBOL(release_firmware);
1da177e4 1254
1da177e4
LT		 1255/* Async support */
1256struct firmware_work {
1257 struct work_struct work;
1258 struct module *module;
1259 const char *name;
1260 struct device *device;
1261 void *context;
1262 void (*cont)(const struct firmware *fw, void *context);
14c4bae7 1263 unsigned int opt_flags;
1da177e4
LT		 1264};
1265
a36cf844 1266static void request_firmware_work_func(struct work_struct *work)
1da177e4 1267{
a36cf844 1268 struct firmware_work *fw_work;
1da177e4 1269 const struct firmware *fw;
f8a4bd34 1270
a36cf844 1271 fw_work = container_of(work, struct firmware_work, work);
811fa400 1272
4e0c92d0 1273 _request_firmware(&fw, fw_work->name, fw_work->device,
14c4bae7 1274 fw_work->opt_flags);
9ebfbd45 1275 fw_work->cont(fw, fw_work->context);
4e0c92d0 1276 put_device(fw_work->device); /* taken in request_firmware_nowait() */
9ebfbd45 1277
1da177e4 1278 module_put(fw_work->module);
f9692b26 1279 kfree_const(fw_work->name);
1da177e4 1280 kfree(fw_work);
1da177e4
LT		 1281}
1282
1283/**
3c31f07a 1284 * request_firmware_nowait - asynchronous version of request_firmware
eb8e3179 1285 * @module: module requesting the firmware
312c004d 1286 * @uevent: sends uevent to copy the firmware image if this flag
eb8e3179
RD		 1287 * is non-zero else the firmware copy must be done manually.
1288 * @name: name of firmware file
1289 * @device: device for which firmware is being loaded
9ebfbd45 1290 * @gfp: allocation flags
eb8e3179
RD		 1291 * @context: will be passed over to @cont, and
1292 * @fw may be %NULL if firmware request fails.
1293 * @cont: function will be called asynchronously when the firmware
1294 * request is over.
1da177e4 1295 *
0cfc1e1e
ML		 1296 * Caller must hold the reference count of @device.
1297 *
6f21a62a
ML		 1298 * Asynchronous variant of request_firmware() for user contexts:
1299 * - sleep for as small periods as possible since it may
1300 * increase kernel boot time of built-in device drivers
1301 * requesting firmware in their ->probe() methods, if
1302 * @gfp is GFP_KERNEL.
1303 *
1304 * - can't sleep at all if @gfp is GFP_ATOMIC.
1da177e4
LT		 1305 **/
1306int
1307request_firmware_nowait(
072fc8f0 1308 struct module *module, bool uevent,
9ebfbd45 1309 const char *name, struct device *device, gfp_t gfp, void *context,
1da177e4
LT		 1310 void (*cont)(const struct firmware *fw, void *context))
1311{
f8a4bd34 1312 struct firmware_work *fw_work;
1da177e4 1313
ea31003c 1314 fw_work = kzalloc(sizeof(struct firmware_work), gfp);
1da177e4
LT		 1315 if (!fw_work)
1316 return -ENOMEM;
f8a4bd34
DT		 1317
1318 fw_work->module = module;
f9692b26 1319 fw_work->name = kstrdup_const(name, gfp);
303cda0e
LR		 1320 if (!fw_work->name) {
1321 kfree(fw_work);
f9692b26 1322 return -ENOMEM;
303cda0e 1323 }
f8a4bd34
DT		 1324 fw_work->device = device;
1325 fw_work->context = context;
1326 fw_work->cont = cont;
14c4bae7 1327 fw_work->opt_flags = FW_OPT_NOWAIT | FW_OPT_FALLBACK |
5a1379e8 1328 (uevent ? FW_OPT_UEVENT : FW_OPT_USERHELPER);
f8a4bd34 1329
1da177e4 1330 if (!try_module_get(module)) {
f9692b26 1331 kfree_const(fw_work->name);
1da177e4
LT		 1332 kfree(fw_work);
1333 return -EFAULT;
1334 }
1335
0cfc1e1e 1336 get_device(fw_work->device);
a36cf844
SB		 1337 INIT_WORK(&fw_work->work, request_firmware_work_func);
1338 schedule_work(&fw_work->work);
1da177e4
LT		 1339 return 0;
1340}
f494513f 1341EXPORT_SYMBOL(request_firmware_nowait);
1da177e4 1342
90f89081
ML		 1343#ifdef CONFIG_PM_SLEEP
1344static ASYNC_DOMAIN_EXCLUSIVE(fw_cache_domain);
1345
2887b395
ML		 1346/**
1347 * cache_firmware - cache one firmware image in kernel memory space
1348 * @fw_name: the firmware image name
1349 *
1350 * Cache firmware in kernel memory so that drivers can use it when
1351 * system isn't ready for them to request firmware image from userspace.
1352 * Once it returns successfully, driver can use request_firmware or its
1353 * nowait version to get the cached firmware without any interacting
1354 * with userspace
1355 *
1356 * Return 0 if the firmware image has been cached successfully
1357 * Return !0 otherwise
1358 *
1359 */
93232e46 1360static int cache_firmware(const char *fw_name)
2887b395
ML		 1361{
1362 int ret;
1363 const struct firmware *fw;
1364
1365 pr_debug("%s: %s\n", __func__, fw_name);
1366
1367 ret = request_firmware(&fw, fw_name, NULL);
1368 if (!ret)
1369 kfree(fw);
1370
1371 pr_debug("%s: %s ret=%d\n", __func__, fw_name, ret);
1372
1373 return ret;
1374}
1375
6a2c1234
ML		 1376static struct firmware_buf *fw_lookup_buf(const char *fw_name)
1377{
1378 struct firmware_buf *tmp;
1379 struct firmware_cache *fwc = &fw_cache;
1380
1381 spin_lock(&fwc->lock);
1382 tmp = __fw_lookup_buf(fw_name);
1383 spin_unlock(&fwc->lock);
1384
1385 return tmp;
1386}
1387
2887b395
ML		 1388/**
1389 * uncache_firmware - remove one cached firmware image
1390 * @fw_name: the firmware image name
1391 *
1392 * Uncache one firmware image which has been cached successfully
1393 * before.
1394 *
1395 * Return 0 if the firmware cache has been removed successfully
1396 * Return !0 otherwise
1397 *
1398 */
93232e46 1399static int uncache_firmware(const char *fw_name)
2887b395
ML		 1400{
1401 struct firmware_buf *buf;
1402 struct firmware fw;
1403
1404 pr_debug("%s: %s\n", __func__, fw_name);
1405
1406 if (fw_get_builtin_firmware(&fw, fw_name))
1407 return 0;
1408
1409 buf = fw_lookup_buf(fw_name);
1410 if (buf) {
1411 fw_free_buf(buf);
1412 return 0;
1413 }
1414
1415 return -EINVAL;
1416}
1417
37276a51
ML		 1418static struct fw_cache_entry *alloc_fw_cache_entry(const char *name)
1419{
1420 struct fw_cache_entry *fce;
1421
e0fd9b1d 1422 fce = kzalloc(sizeof(*fce), GFP_ATOMIC);
37276a51
ML		 1423 if (!fce)
1424 goto exit;
1425
e0fd9b1d
LR		 1426 fce->name = kstrdup_const(name, GFP_ATOMIC);
1427 if (!fce->name) {
1428 kfree(fce);
1429 fce = NULL;
1430 goto exit;
1431 }
37276a51
ML		 1432exit:
1433 return fce;
1434}
1435
373304fe 1436static int __fw_entry_found(const char *name)
ac39b3ea
ML		 1437{
1438 struct firmware_cache *fwc = &fw_cache;
1439 struct fw_cache_entry *fce;
ac39b3ea 1440
ac39b3ea
ML		 1441 list_for_each_entry(fce, &fwc->fw_names, list) {
1442 if (!strcmp(fce->name, name))
373304fe 1443 return 1;
ac39b3ea 1444 }
373304fe
ML		 1445 return 0;
1446}
1447
1448static int fw_cache_piggyback_on_request(const char *name)
1449{
1450 struct firmware_cache *fwc = &fw_cache;
1451 struct fw_cache_entry *fce;
1452 int ret = 0;
1453
1454 spin_lock(&fwc->name_lock);
1455 if (__fw_entry_found(name))
1456 goto found;
ac39b3ea
ML		 1457
1458 fce = alloc_fw_cache_entry(name);
1459 if (fce) {
1460 ret = 1;
1461 list_add(&fce->list, &fwc->fw_names);
1462 pr_debug("%s: fw: %s\n", __func__, name);
1463 }
1464found:
1465 spin_unlock(&fwc->name_lock);
1466 return ret;
1467}
1468
37276a51
ML		 1469static void free_fw_cache_entry(struct fw_cache_entry *fce)
1470{
e0fd9b1d 1471 kfree_const(fce->name);
37276a51
ML		 1472 kfree(fce);
1473}
1474
1475static void __async_dev_cache_fw_image(void *fw_entry,
1476 async_cookie_t cookie)
1477{
1478 struct fw_cache_entry *fce = fw_entry;
1479 struct firmware_cache *fwc = &fw_cache;
1480 int ret;
1481
1482 ret = cache_firmware(fce->name);
ac39b3ea
ML		 1483 if (ret) {
1484 spin_lock(&fwc->name_lock);
1485 list_del(&fce->list);
1486 spin_unlock(&fwc->name_lock);
37276a51 1487
ac39b3ea
ML		 1488 free_fw_cache_entry(fce);
1489 }
37276a51
ML		 1490}
1491
1492/* called with dev->devres_lock held */
1493static void dev_create_fw_entry(struct device *dev, void *res,
1494 void *data)
1495{
1496 struct fw_name_devm *fwn = res;
1497 const char *fw_name = fwn->name;
1498 struct list_head *head = data;
1499 struct fw_cache_entry *fce;
1500
1501 fce = alloc_fw_cache_entry(fw_name);
1502 if (fce)
1503 list_add(&fce->list, head);
1504}
1505
1506static int devm_name_match(struct device *dev, void *res,
1507 void *match_data)
1508{
1509 struct fw_name_devm *fwn = res;
1510 return (fwn->magic == (unsigned long)match_data);
1511}
1512
ab6dd8e5 1513static void dev_cache_fw_image(struct device *dev, void *data)
37276a51
ML		 1514{
1515 LIST_HEAD(todo);
1516 struct fw_cache_entry *fce;
1517 struct fw_cache_entry *fce_next;
1518 struct firmware_cache *fwc = &fw_cache;
1519
1520 devres_for_each_res(dev, fw_name_devm_release,
1521 devm_name_match, &fw_cache,
1522 dev_create_fw_entry, &todo);
1523
1524 list_for_each_entry_safe(fce, fce_next, &todo, list) {
1525 list_del(&fce->list);
1526
1527 spin_lock(&fwc->name_lock);
373304fe
ML		 1528 /* only one cache entry for one firmware */
1529 if (!__fw_entry_found(fce->name)) {
373304fe
ML		 1530 list_add(&fce->list, &fwc->fw_names);
1531 } else {
1532 free_fw_cache_entry(fce);
1533 fce = NULL;
1534 }
37276a51
ML		 1535 spin_unlock(&fwc->name_lock);
1536
373304fe 1537 if (fce)
d28d3882
ML		 1538 async_schedule_domain(__async_dev_cache_fw_image,
1539 (void *)fce,
1540 &fw_cache_domain);
37276a51
ML		 1541 }
1542}
1543
1544static void __device_uncache_fw_images(void)
1545{
1546 struct firmware_cache *fwc = &fw_cache;
1547 struct fw_cache_entry *fce;
1548
1549 spin_lock(&fwc->name_lock);
1550 while (!list_empty(&fwc->fw_names)) {
1551 fce = list_entry(fwc->fw_names.next,
1552 struct fw_cache_entry, list);
1553 list_del(&fce->list);
1554 spin_unlock(&fwc->name_lock);
1555
1556 uncache_firmware(fce->name);
1557 free_fw_cache_entry(fce);
1558
1559 spin_lock(&fwc->name_lock);
1560 }
1561 spin_unlock(&fwc->name_lock);
1562}
1563
1564/**
1565 * device_cache_fw_images - cache devices' firmware
1566 *
1567 * If one device called request_firmware or its nowait version
1568 * successfully before, the firmware names are recored into the
1569 * device's devres link list, so device_cache_fw_images can call
1570 * cache_firmware() to cache these firmwares for the device,
1571 * then the device driver can load its firmwares easily at
1572 * time when system is not ready to complete loading firmware.
1573 */
1574static void device_cache_fw_images(void)
1575{
1576 struct firmware_cache *fwc = &fw_cache;
ffe53f6f 1577 int old_timeout;
37276a51
ML		 1578 DEFINE_WAIT(wait);
1579
1580 pr_debug("%s\n", __func__);
1581
373304fe
ML		 1582 /* cancel uncache work */
1583 cancel_delayed_work_sync(&fwc->work);
1584
ffe53f6f
ML		 1585 /*
1586 * use small loading timeout for caching devices' firmware
1587 * because all these firmware images have been loaded
1588 * successfully at lease once, also system is ready for
1589 * completing firmware loading now. The maximum size of
1590 * firmware in current distributions is about 2M bytes,
1591 * so 10 secs should be enough.
1592 */
1593 old_timeout = loading_timeout;
1594 loading_timeout = 10;
1595
ac39b3ea
ML		 1596 mutex_lock(&fw_lock);
1597 fwc->state = FW_LOADER_START_CACHE;
ab6dd8e5 1598 dpm_for_each_dev(NULL, dev_cache_fw_image);
ac39b3ea 1599 mutex_unlock(&fw_lock);
37276a51
ML		 1600
1601 /* wait for completion of caching firmware for all devices */
d28d3882 1602 async_synchronize_full_domain(&fw_cache_domain);
ffe53f6f
ML		 1603
1604 loading_timeout = old_timeout;
37276a51
ML		 1605}
1606
1607/**
1608 * device_uncache_fw_images - uncache devices' firmware
1609 *
1610 * uncache all firmwares which have been cached successfully
1611 * by device_uncache_fw_images earlier
1612 */
1613static void device_uncache_fw_images(void)
1614{
1615 pr_debug("%s\n", __func__);
1616 __device_uncache_fw_images();
1617}
1618
1619static void device_uncache_fw_images_work(struct work_struct *work)
1620{
1621 device_uncache_fw_images();
1622}
1623
1624/**
1625 * device_uncache_fw_images_delay - uncache devices firmwares
1626 * @delay: number of milliseconds to delay uncache device firmwares
1627 *
1628 * uncache all devices's firmwares which has been cached successfully
1629 * by device_cache_fw_images after @delay milliseconds.
1630 */
1631static void device_uncache_fw_images_delay(unsigned long delay)
1632{
bce6618a
SD		 1633 queue_delayed_work(system_power_efficient_wq, &fw_cache.work,
1634 msecs_to_jiffies(delay));
37276a51
ML		 1635}
1636
07646d9c
ML		 1637static int fw_pm_notify(struct notifier_block *notify_block,
1638 unsigned long mode, void *unused)
1639{
1640 switch (mode) {
1641 case PM_HIBERNATION_PREPARE:
1642 case PM_SUSPEND_PREPARE:
f8d5b9e9 1643 case PM_RESTORE_PREPARE:
af5bc11e 1644 kill_requests_without_uevent();
07646d9c
ML		 1645 device_cache_fw_images();
1646 break;
1647
1648 case PM_POST_SUSPEND:
1649 case PM_POST_HIBERNATION:
1650 case PM_POST_RESTORE:
ac39b3ea
ML		 1651 /*
1652 * In case that system sleep failed and syscore_suspend is
1653 * not called.
1654 */
1655 mutex_lock(&fw_lock);
1656 fw_cache.state = FW_LOADER_NO_CACHE;
1657 mutex_unlock(&fw_lock);
1658
07646d9c
ML		 1659 device_uncache_fw_images_delay(10 * MSEC_PER_SEC);
1660 break;
1661 }
1662
1663 return 0;
1664}
07646d9c 1665
ac39b3ea
ML		 1666/* stop caching firmware once syscore_suspend is reached */
1667static int fw_suspend(void)
1668{
1669 fw_cache.state = FW_LOADER_NO_CACHE;
1670 return 0;
1671}
1672
1673static struct syscore_ops fw_syscore_ops = {
1674 .suspend = fw_suspend,
1675};
cfe016b1
ML		 1676#else
1677static int fw_cache_piggyback_on_request(const char *name)
1678{
1679 return 0;
1680}
1681#endif
ac39b3ea 1682
37276a51
ML		 1683static void __init fw_cache_init(void)
1684{
1685 spin_lock_init(&fw_cache.lock);
1686 INIT_LIST_HEAD(&fw_cache.head);
cfe016b1 1687 fw_cache.state = FW_LOADER_NO_CACHE;
37276a51 1688
cfe016b1 1689#ifdef CONFIG_PM_SLEEP
37276a51
ML		 1690 spin_lock_init(&fw_cache.name_lock);
1691 INIT_LIST_HEAD(&fw_cache.fw_names);
37276a51 1692
37276a51
ML		 1693 INIT_DELAYED_WORK(&fw_cache.work,
1694 device_uncache_fw_images_work);
07646d9c
ML		 1695
1696 fw_cache.pm_notify.notifier_call = fw_pm_notify;
1697 register_pm_notifier(&fw_cache.pm_notify);
ac39b3ea
ML		 1698
1699 register_syscore_ops(&fw_syscore_ops);
cfe016b1 1700#endif
37276a51
ML		 1701}
1702
673fae90 1703static int __init firmware_class_init(void)
1da177e4 1704{
1f2b7959 1705 fw_cache_init();
7b1269f7 1706#ifdef CONFIG_FW_LOADER_USER_HELPER
fe304143 1707 register_reboot_notifier(&fw_shutdown_nb);
673fae90 1708 return class_register(&firmware_class);
7b1269f7
TI		 1709#else
1710 return 0;
1711#endif
1da177e4 1712}
673fae90
DT		 1713
1714static void __exit firmware_class_exit(void)
1da177e4 1715{
cfe016b1 1716#ifdef CONFIG_PM_SLEEP
ac39b3ea 1717 unregister_syscore_ops(&fw_syscore_ops);
07646d9c 1718 unregister_pm_notifier(&fw_cache.pm_notify);
cfe016b1 1719#endif
7b1269f7 1720#ifdef CONFIG_FW_LOADER_USER_HELPER
fe304143 1721 unregister_reboot_notifier(&fw_shutdown_nb);
1da177e4 1722 class_unregister(&firmware_class);
7b1269f7 1723#endif
1da177e4
LT		 1724}
1725
a30a6a2c 1726fs_initcall(firmware_class_init);
1da177e4 1727module_exit(firmware_class_exit);
Linux 6.x block layer and io_uring tree(s)