3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2012, Intel Corporation.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 #include <linux/module.h>
17 #include <linux/moduleparam.h>
18 #include <linux/kernel.h>
19 #include <linux/device.h>
20 #include <linux/slab.h>
22 #include <linux/errno.h>
23 #include <linux/types.h>
24 #include <linux/fcntl.h>
25 #include <linux/aio.h>
26 #include <linux/poll.h>
27 #include <linux/init.h>
28 #include <linux/ioctl.h>
29 #include <linux/cdev.h>
30 #include <linux/sched.h>
31 #include <linux/uuid.h>
32 #include <linux/compat.h>
33 #include <linux/jiffies.h>
34 #include <linux/interrupt.h>
36 #include <linux/mei.h>
42 * mei_open - the open function
44 * @inode: pointer to inode structure
45 * @file: pointer to file structure
47 * Return: 0 on success, <0 on error
49 static int mei_open(struct inode *inode, struct file *file)
51 struct mei_device *dev;
56 dev = container_of(inode->i_cdev, struct mei_device, cdev);
60 mutex_lock(&dev->device_lock);
65 if (dev->dev_state != MEI_DEV_ENABLED) {
66 dev_dbg(dev->dev, "dev_state != MEI_ENABLED dev_state = %s\n",
67 mei_dev_state_str(dev->dev_state));
72 cl = mei_cl_allocate(dev);
76 /* open_handle_count check is handled in the mei_cl_link */
77 err = mei_cl_link(cl, MEI_HOST_CLIENT_ID_ANY);
81 file->private_data = cl;
83 mutex_unlock(&dev->device_lock);
85 return nonseekable_open(inode, file);
88 mutex_unlock(&dev->device_lock);
94 * mei_release - the release function
96 * @inode: pointer to inode structure
97 * @file: pointer to file structure
99 * Return: 0 on success, <0 on error
101 static int mei_release(struct inode *inode, struct file *file)
103 struct mei_cl *cl = file->private_data;
104 struct mei_cl_cb *cb;
105 struct mei_device *dev;
108 if (WARN_ON(!cl || !cl->dev))
113 mutex_lock(&dev->device_lock);
114 if (cl == &dev->iamthif_cl) {
115 rets = mei_amthif_release(dev, file);
118 if (cl->state == MEI_FILE_CONNECTED) {
119 cl->state = MEI_FILE_DISCONNECTING;
120 cl_dbg(dev, cl, "disconnecting\n");
121 rets = mei_cl_disconnect(cl);
123 mei_cl_flush_queues(cl);
124 cl_dbg(dev, cl, "removing\n");
132 cb = mei_cl_find_read_cb(cl);
133 /* Remove entry from read list */
141 file->private_data = NULL;
147 mutex_unlock(&dev->device_lock);
153 * mei_read - the read function.
155 * @file: pointer to file structure
156 * @ubuf: pointer to user buffer
157 * @length: buffer length
158 * @offset: data offset in buffer
160 * Return: >=0 data length on success , <0 on error
162 static ssize_t mei_read(struct file *file, char __user *ubuf,
163 size_t length, loff_t *offset)
165 struct mei_cl *cl = file->private_data;
166 struct mei_cl_cb *cb_pos = NULL;
167 struct mei_cl_cb *cb = NULL;
168 struct mei_device *dev;
173 if (WARN_ON(!cl || !cl->dev))
179 mutex_lock(&dev->device_lock);
180 if (dev->dev_state != MEI_DEV_ENABLED) {
190 if (cl == &dev->iamthif_cl) {
191 rets = mei_amthif_read(dev, file, ubuf, length, offset);
198 if (cb->buf_idx > *offset)
200 /* offset is beyond buf_idx we have no more data return 0 */
201 if (cb->buf_idx > 0 && cb->buf_idx <= *offset) {
205 /* Offset needs to be cleaned for contiguous reads*/
206 if (cb->buf_idx == 0 && *offset > 0)
208 } else if (*offset > 0) {
212 err = mei_cl_read_start(cl, length);
213 if (err && err != -EBUSY) {
215 "mei start read failure with status = %d\n", err);
220 if (MEI_READ_COMPLETE != cl->reading_state &&
221 !waitqueue_active(&cl->rx_wait)) {
222 if (file->f_flags & O_NONBLOCK) {
227 mutex_unlock(&dev->device_lock);
229 if (wait_event_interruptible(cl->rx_wait,
230 MEI_READ_COMPLETE == cl->reading_state ||
231 mei_cl_is_transitioning(cl))) {
233 if (signal_pending(current))
238 mutex_lock(&dev->device_lock);
239 if (mei_cl_is_transitioning(cl)) {
251 if (cl->reading_state != MEI_READ_COMPLETE) {
255 /* now copy the data to user space */
257 dev_dbg(dev->dev, "buf.size = %d buf.idx= %ld\n",
258 cb->response_buffer.size, cb->buf_idx);
259 if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) {
264 /* length is being truncated to PAGE_SIZE,
265 * however buf_idx may point beyond that */
266 length = min_t(size_t, length, cb->buf_idx - *offset);
268 if (copy_to_user(ubuf, cb->response_buffer.data + *offset, length)) {
269 dev_dbg(dev->dev, "failed to copy data to userland\n");
276 if ((unsigned long)*offset < cb->buf_idx)
280 cb_pos = mei_cl_find_read_cb(cl);
281 /* Remove entry from read list */
283 list_del(&cb_pos->list);
285 cl->reading_state = MEI_IDLE;
288 dev_dbg(dev->dev, "end mei read rets= %d\n", rets);
289 mutex_unlock(&dev->device_lock);
293 * mei_write - the write function.
295 * @file: pointer to file structure
296 * @ubuf: pointer to user buffer
297 * @length: buffer length
298 * @offset: data offset in buffer
300 * Return: >=0 data length on success , <0 on error
302 static ssize_t mei_write(struct file *file, const char __user *ubuf,
303 size_t length, loff_t *offset)
305 struct mei_cl *cl = file->private_data;
306 struct mei_me_client *me_cl = NULL;
307 struct mei_cl_cb *write_cb = NULL;
308 struct mei_device *dev;
309 unsigned long timeout = 0;
312 if (WARN_ON(!cl || !cl->dev))
317 mutex_lock(&dev->device_lock);
319 if (dev->dev_state != MEI_DEV_ENABLED) {
324 me_cl = mei_me_cl_by_uuid_id(dev, &cl->cl_uuid, cl->me_client_id);
335 if (length > me_cl->props.max_msg_length) {
340 if (cl->state != MEI_FILE_CONNECTED) {
341 dev_err(dev->dev, "host client = %d, is not connected to ME client = %d",
342 cl->host_client_id, cl->me_client_id);
346 if (cl == &dev->iamthif_cl) {
347 write_cb = mei_amthif_find_read_list_entry(dev, file);
350 timeout = write_cb->read_time +
351 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER);
353 if (time_after(jiffies, timeout) ||
354 cl->reading_state == MEI_READ_COMPLETE) {
356 list_del(&write_cb->list);
357 mei_io_cb_free(write_cb);
363 /* free entry used in read */
364 if (cl->reading_state == MEI_READ_COMPLETE) {
366 write_cb = mei_cl_find_read_cb(cl);
368 list_del(&write_cb->list);
369 mei_io_cb_free(write_cb);
371 cl->reading_state = MEI_IDLE;
374 } else if (cl->reading_state == MEI_IDLE)
378 write_cb = mei_io_cb_init(cl, file);
383 rets = mei_io_cb_alloc_req_buf(write_cb, length);
387 rets = copy_from_user(write_cb->request_buffer.data, ubuf, length);
389 dev_dbg(dev->dev, "failed to copy data from userland\n");
394 if (cl == &dev->iamthif_cl) {
395 rets = mei_amthif_write(dev, write_cb);
399 "amthif write failed with status = %d\n", rets);
402 mei_me_cl_put(me_cl);
403 mutex_unlock(&dev->device_lock);
407 rets = mei_cl_write(cl, write_cb, false);
409 mei_me_cl_put(me_cl);
410 mutex_unlock(&dev->device_lock);
412 mei_io_cb_free(write_cb);
417 * mei_ioctl_connect_client - the connect to fw client IOCTL function
419 * @file: private data of the file object
420 * @data: IOCTL connect data, input and output parameters
422 * Locking: called under "dev->device_lock" lock
424 * Return: 0 on success, <0 on failure.
426 static int mei_ioctl_connect_client(struct file *file,
427 struct mei_connect_client_data *data)
429 struct mei_device *dev;
430 struct mei_client *client;
431 struct mei_me_client *me_cl;
435 cl = file->private_data;
438 if (dev->dev_state != MEI_DEV_ENABLED)
441 if (cl->state != MEI_FILE_INITIALIZING &&
442 cl->state != MEI_FILE_DISCONNECTED)
445 /* find ME client we're trying to connect to */
446 me_cl = mei_me_cl_by_uuid(dev, &data->in_client_uuid);
447 if (!me_cl || me_cl->props.fixed_address) {
448 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n",
449 &data->in_client_uuid);
453 cl->me_client_id = me_cl->client_id;
454 cl->cl_uuid = me_cl->props.protocol_name;
456 dev_dbg(dev->dev, "Connect to FW Client ID = %d\n",
458 dev_dbg(dev->dev, "FW Client - Protocol Version = %d\n",
459 me_cl->props.protocol_version);
460 dev_dbg(dev->dev, "FW Client - Max Msg Len = %d\n",
461 me_cl->props.max_msg_length);
463 /* if we're connecting to amthif client then we will use the
464 * existing connection
466 if (uuid_le_cmp(data->in_client_uuid, mei_amthif_guid) == 0) {
467 dev_dbg(dev->dev, "FW Client is amthi\n");
468 if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) {
476 dev->iamthif_open_count++;
477 file->private_data = &dev->iamthif_cl;
479 client = &data->out_client_properties;
480 client->max_msg_length = me_cl->props.max_msg_length;
481 client->protocol_version = me_cl->props.protocol_version;
482 rets = dev->iamthif_cl.status;
487 /* prepare the output buffer */
488 client = &data->out_client_properties;
489 client->max_msg_length = me_cl->props.max_msg_length;
490 client->protocol_version = me_cl->props.protocol_version;
491 dev_dbg(dev->dev, "Can connect?\n");
493 rets = mei_cl_connect(cl, file);
496 mei_me_cl_put(me_cl);
501 * mei_ioctl - the IOCTL function
503 * @file: pointer to file structure
504 * @cmd: ioctl command
505 * @data: pointer to mei message structure
507 * Return: 0 on success , <0 on error
509 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
511 struct mei_device *dev;
512 struct mei_cl *cl = file->private_data;
513 struct mei_connect_client_data connect_data;
517 if (WARN_ON(!cl || !cl->dev))
522 dev_dbg(dev->dev, "IOCTL cmd = 0x%x", cmd);
524 mutex_lock(&dev->device_lock);
525 if (dev->dev_state != MEI_DEV_ENABLED) {
531 case IOCTL_MEI_CONNECT_CLIENT:
532 dev_dbg(dev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n");
533 if (copy_from_user(&connect_data, (char __user *)data,
534 sizeof(struct mei_connect_client_data))) {
535 dev_dbg(dev->dev, "failed to copy data from userland\n");
540 rets = mei_ioctl_connect_client(file, &connect_data);
544 /* if all is ok, copying the data back to user. */
545 if (copy_to_user((char __user *)data, &connect_data,
546 sizeof(struct mei_connect_client_data))) {
547 dev_dbg(dev->dev, "failed to copy data to userland\n");
555 dev_err(dev->dev, ": unsupported ioctl %d.\n", cmd);
560 mutex_unlock(&dev->device_lock);
565 * mei_compat_ioctl - the compat IOCTL function
567 * @file: pointer to file structure
568 * @cmd: ioctl command
569 * @data: pointer to mei message structure
571 * Return: 0 on success , <0 on error
574 static long mei_compat_ioctl(struct file *file,
575 unsigned int cmd, unsigned long data)
577 return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data));
583 * mei_poll - the poll function
585 * @file: pointer to file structure
586 * @wait: pointer to poll_table structure
590 static unsigned int mei_poll(struct file *file, poll_table *wait)
592 struct mei_cl *cl = file->private_data;
593 struct mei_device *dev;
594 unsigned int mask = 0;
596 if (WARN_ON(!cl || !cl->dev))
601 mutex_lock(&dev->device_lock);
603 if (!mei_cl_is_connected(cl)) {
608 mutex_unlock(&dev->device_lock);
611 if (cl == &dev->iamthif_cl)
612 return mei_amthif_poll(dev, file, wait);
614 poll_wait(file, &cl->tx_wait, wait);
616 mutex_lock(&dev->device_lock);
618 if (!mei_cl_is_connected(cl)) {
623 mask |= (POLLIN | POLLRDNORM);
626 mutex_unlock(&dev->device_lock);
631 * fw_status_show - mei device attribute show method
633 * @device: device pointer
634 * @attr: attribute pointer
635 * @buf: char out buffer
637 * Return: number of the bytes printed into buf or error
639 static ssize_t fw_status_show(struct device *device,
640 struct device_attribute *attr, char *buf)
642 struct mei_device *dev = dev_get_drvdata(device);
643 struct mei_fw_status fw_status;
647 mutex_lock(&dev->device_lock);
648 err = mei_fw_status(dev, &fw_status);
649 mutex_unlock(&dev->device_lock);
651 dev_err(device, "read fw_status error = %d\n", err);
655 for (i = 0; i < fw_status.count; i++)
656 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%08X\n",
657 fw_status.status[i]);
660 static DEVICE_ATTR_RO(fw_status);
662 static struct attribute *mei_attrs[] = {
663 &dev_attr_fw_status.attr,
666 ATTRIBUTE_GROUPS(mei);
669 * file operations structure will be used for mei char device.
671 static const struct file_operations mei_fops = {
672 .owner = THIS_MODULE,
674 .unlocked_ioctl = mei_ioctl,
676 .compat_ioctl = mei_compat_ioctl,
679 .release = mei_release,
685 static struct class *mei_class;
686 static dev_t mei_devt;
687 #define MEI_MAX_DEVS MINORMASK
688 static DEFINE_MUTEX(mei_minor_lock);
689 static DEFINE_IDR(mei_idr);
692 * mei_minor_get - obtain next free device minor number
694 * @dev: device pointer
696 * Return: allocated minor, or -ENOSPC if no free minor left
698 static int mei_minor_get(struct mei_device *dev)
702 mutex_lock(&mei_minor_lock);
703 ret = idr_alloc(&mei_idr, dev, 0, MEI_MAX_DEVS, GFP_KERNEL);
706 else if (ret == -ENOSPC)
707 dev_err(dev->dev, "too many mei devices\n");
709 mutex_unlock(&mei_minor_lock);
714 * mei_minor_free - mark device minor number as free
716 * @dev: device pointer
718 static void mei_minor_free(struct mei_device *dev)
720 mutex_lock(&mei_minor_lock);
721 idr_remove(&mei_idr, dev->minor);
722 mutex_unlock(&mei_minor_lock);
725 int mei_register(struct mei_device *dev, struct device *parent)
727 struct device *clsdev; /* class device */
730 ret = mei_minor_get(dev);
734 /* Fill in the data structures */
735 devno = MKDEV(MAJOR(mei_devt), dev->minor);
736 cdev_init(&dev->cdev, &mei_fops);
737 dev->cdev.owner = mei_fops.owner;
740 ret = cdev_add(&dev->cdev, devno, 1);
742 dev_err(parent, "unable to add device %d:%d\n",
743 MAJOR(mei_devt), dev->minor);
747 clsdev = device_create_with_groups(mei_class, parent, devno,
749 "mei%d", dev->minor);
751 if (IS_ERR(clsdev)) {
752 dev_err(parent, "unable to create device %d:%d\n",
753 MAJOR(mei_devt), dev->minor);
754 ret = PTR_ERR(clsdev);
758 ret = mei_dbgfs_register(dev, dev_name(clsdev));
760 dev_err(clsdev, "cannot register debugfs ret = %d\n", ret);
767 device_destroy(mei_class, devno);
769 cdev_del(&dev->cdev);
774 EXPORT_SYMBOL_GPL(mei_register);
776 void mei_deregister(struct mei_device *dev)
780 devno = dev->cdev.dev;
781 cdev_del(&dev->cdev);
783 mei_dbgfs_deregister(dev);
785 device_destroy(mei_class, devno);
789 EXPORT_SYMBOL_GPL(mei_deregister);
791 static int __init mei_init(void)
795 mei_class = class_create(THIS_MODULE, "mei");
796 if (IS_ERR(mei_class)) {
797 pr_err("couldn't create class\n");
798 ret = PTR_ERR(mei_class);
802 ret = alloc_chrdev_region(&mei_devt, 0, MEI_MAX_DEVS, "mei");
804 pr_err("unable to allocate char dev region\n");
808 ret = mei_cl_bus_init();
810 pr_err("unable to initialize bus\n");
817 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
819 class_destroy(mei_class);
824 static void __exit mei_exit(void)
826 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
827 class_destroy(mei_class);
831 module_init(mei_init);
832 module_exit(mei_exit);
834 MODULE_AUTHOR("Intel Corporation");
835 MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
836 MODULE_LICENSE("GPL v2");