3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2012, Intel Corporation.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 #include <linux/module.h>
17 #include <linux/moduleparam.h>
18 #include <linux/kernel.h>
19 #include <linux/device.h>
20 #include <linux/slab.h>
22 #include <linux/errno.h>
23 #include <linux/types.h>
24 #include <linux/fcntl.h>
25 #include <linux/aio.h>
26 #include <linux/poll.h>
27 #include <linux/init.h>
28 #include <linux/ioctl.h>
29 #include <linux/cdev.h>
30 #include <linux/sched.h>
31 #include <linux/uuid.h>
32 #include <linux/compat.h>
33 #include <linux/jiffies.h>
34 #include <linux/interrupt.h>
36 #include <linux/mei.h>
42 * mei_open - the open function
44 * @inode: pointer to inode structure
45 * @file: pointer to file structure
47 * Return: 0 on success, <0 on error
49 static int mei_open(struct inode
*inode
, struct file
*file
)
51 struct mei_device
*dev
;
56 dev
= container_of(inode
->i_cdev
, struct mei_device
, cdev
);
60 mutex_lock(&dev
->device_lock
);
65 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
66 dev_dbg(dev
->dev
, "dev_state != MEI_ENABLED dev_state = %s\n",
67 mei_dev_state_str(dev
->dev_state
));
72 cl
= mei_cl_allocate(dev
);
76 /* open_handle_count check is handled in the mei_cl_link */
77 err
= mei_cl_link(cl
, MEI_HOST_CLIENT_ID_ANY
);
81 file
->private_data
= cl
;
83 mutex_unlock(&dev
->device_lock
);
85 return nonseekable_open(inode
, file
);
88 mutex_unlock(&dev
->device_lock
);
94 * mei_release - the release function
96 * @inode: pointer to inode structure
97 * @file: pointer to file structure
99 * Return: 0 on success, <0 on error
101 static int mei_release(struct inode
*inode
, struct file
*file
)
103 struct mei_cl
*cl
= file
->private_data
;
104 struct mei_cl_cb
*cb
;
105 struct mei_device
*dev
;
108 if (WARN_ON(!cl
|| !cl
->dev
))
113 mutex_lock(&dev
->device_lock
);
114 if (cl
== &dev
->iamthif_cl
) {
115 rets
= mei_amthif_release(dev
, file
);
118 if (cl
->state
== MEI_FILE_CONNECTED
) {
119 cl
->state
= MEI_FILE_DISCONNECTING
;
120 cl_dbg(dev
, cl
, "disconnecting\n");
121 rets
= mei_cl_disconnect(cl
);
123 mei_cl_flush_queues(cl
);
124 cl_dbg(dev
, cl
, "removing\n");
132 cb
= mei_cl_find_read_cb(cl
);
133 /* Remove entry from read list */
141 file
->private_data
= NULL
;
147 mutex_unlock(&dev
->device_lock
);
153 * mei_read - the read function.
155 * @file: pointer to file structure
156 * @ubuf: pointer to user buffer
157 * @length: buffer length
158 * @offset: data offset in buffer
160 * Return: >=0 data length on success , <0 on error
162 static ssize_t
mei_read(struct file
*file
, char __user
*ubuf
,
163 size_t length
, loff_t
*offset
)
165 struct mei_cl
*cl
= file
->private_data
;
166 struct mei_cl_cb
*cb_pos
= NULL
;
167 struct mei_cl_cb
*cb
= NULL
;
168 struct mei_device
*dev
;
173 if (WARN_ON(!cl
|| !cl
->dev
))
179 mutex_lock(&dev
->device_lock
);
180 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
190 if (cl
== &dev
->iamthif_cl
) {
191 rets
= mei_amthif_read(dev
, file
, ubuf
, length
, offset
);
198 if (cb
->buf_idx
> *offset
)
200 /* offset is beyond buf_idx we have no more data return 0 */
201 if (cb
->buf_idx
> 0 && cb
->buf_idx
<= *offset
) {
205 /* Offset needs to be cleaned for contiguous reads*/
206 if (cb
->buf_idx
== 0 && *offset
> 0)
208 } else if (*offset
> 0) {
212 err
= mei_cl_read_start(cl
, length
);
213 if (err
&& err
!= -EBUSY
) {
215 "mei start read failure with status = %d\n", err
);
220 if (MEI_READ_COMPLETE
!= cl
->reading_state
&&
221 !waitqueue_active(&cl
->rx_wait
)) {
222 if (file
->f_flags
& O_NONBLOCK
) {
227 mutex_unlock(&dev
->device_lock
);
229 if (wait_event_interruptible(cl
->rx_wait
,
230 MEI_READ_COMPLETE
== cl
->reading_state
||
231 mei_cl_is_transitioning(cl
))) {
233 if (signal_pending(current
))
238 mutex_lock(&dev
->device_lock
);
239 if (mei_cl_is_transitioning(cl
)) {
251 if (cl
->reading_state
!= MEI_READ_COMPLETE
) {
255 /* now copy the data to user space */
257 dev_dbg(dev
->dev
, "buf.size = %d buf.idx= %ld\n",
258 cb
->response_buffer
.size
, cb
->buf_idx
);
259 if (length
== 0 || ubuf
== NULL
|| *offset
> cb
->buf_idx
) {
264 /* length is being truncated to PAGE_SIZE,
265 * however buf_idx may point beyond that */
266 length
= min_t(size_t, length
, cb
->buf_idx
- *offset
);
268 if (copy_to_user(ubuf
, cb
->response_buffer
.data
+ *offset
, length
)) {
269 dev_dbg(dev
->dev
, "failed to copy data to userland\n");
276 if ((unsigned long)*offset
< cb
->buf_idx
)
280 cb_pos
= mei_cl_find_read_cb(cl
);
281 /* Remove entry from read list */
283 list_del(&cb_pos
->list
);
285 cl
->reading_state
= MEI_IDLE
;
288 dev_dbg(dev
->dev
, "end mei read rets= %d\n", rets
);
289 mutex_unlock(&dev
->device_lock
);
293 * mei_write - the write function.
295 * @file: pointer to file structure
296 * @ubuf: pointer to user buffer
297 * @length: buffer length
298 * @offset: data offset in buffer
300 * Return: >=0 data length on success , <0 on error
302 static ssize_t
mei_write(struct file
*file
, const char __user
*ubuf
,
303 size_t length
, loff_t
*offset
)
305 struct mei_cl
*cl
= file
->private_data
;
306 struct mei_me_client
*me_cl
= NULL
;
307 struct mei_cl_cb
*write_cb
= NULL
;
308 struct mei_device
*dev
;
309 unsigned long timeout
= 0;
312 if (WARN_ON(!cl
|| !cl
->dev
))
317 mutex_lock(&dev
->device_lock
);
319 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
324 me_cl
= mei_me_cl_by_uuid_id(dev
, &cl
->cl_uuid
, cl
->me_client_id
);
335 if (length
> me_cl
->props
.max_msg_length
) {
340 if (cl
->state
!= MEI_FILE_CONNECTED
) {
341 dev_err(dev
->dev
, "host client = %d, is not connected to ME client = %d",
342 cl
->host_client_id
, cl
->me_client_id
);
346 if (cl
== &dev
->iamthif_cl
) {
347 write_cb
= mei_amthif_find_read_list_entry(dev
, file
);
350 timeout
= write_cb
->read_time
+
351 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER
);
353 if (time_after(jiffies
, timeout
) ||
354 cl
->reading_state
== MEI_READ_COMPLETE
) {
356 list_del(&write_cb
->list
);
357 mei_io_cb_free(write_cb
);
363 /* free entry used in read */
364 if (cl
->reading_state
== MEI_READ_COMPLETE
) {
366 write_cb
= mei_cl_find_read_cb(cl
);
368 list_del(&write_cb
->list
);
369 mei_io_cb_free(write_cb
);
371 cl
->reading_state
= MEI_IDLE
;
374 } else if (cl
->reading_state
== MEI_IDLE
)
378 write_cb
= mei_io_cb_init(cl
, file
);
383 rets
= mei_io_cb_alloc_req_buf(write_cb
, length
);
387 rets
= copy_from_user(write_cb
->request_buffer
.data
, ubuf
, length
);
389 dev_dbg(dev
->dev
, "failed to copy data from userland\n");
394 if (cl
== &dev
->iamthif_cl
) {
395 rets
= mei_amthif_write(dev
, write_cb
);
399 "amthif write failed with status = %d\n", rets
);
402 mei_me_cl_put(me_cl
);
403 mutex_unlock(&dev
->device_lock
);
407 rets
= mei_cl_write(cl
, write_cb
, false);
409 mei_me_cl_put(me_cl
);
410 mutex_unlock(&dev
->device_lock
);
412 mei_io_cb_free(write_cb
);
417 * mei_ioctl_connect_client - the connect to fw client IOCTL function
419 * @file: private data of the file object
420 * @data: IOCTL connect data, input and output parameters
422 * Locking: called under "dev->device_lock" lock
424 * Return: 0 on success, <0 on failure.
426 static int mei_ioctl_connect_client(struct file
*file
,
427 struct mei_connect_client_data
*data
)
429 struct mei_device
*dev
;
430 struct mei_client
*client
;
431 struct mei_me_client
*me_cl
;
435 cl
= file
->private_data
;
438 if (dev
->dev_state
!= MEI_DEV_ENABLED
)
441 if (cl
->state
!= MEI_FILE_INITIALIZING
&&
442 cl
->state
!= MEI_FILE_DISCONNECTED
)
445 /* find ME client we're trying to connect to */
446 me_cl
= mei_me_cl_by_uuid(dev
, &data
->in_client_uuid
);
447 if (!me_cl
|| me_cl
->props
.fixed_address
) {
448 dev_dbg(dev
->dev
, "Cannot connect to FW Client UUID = %pUl\n",
449 &data
->in_client_uuid
);
453 cl
->me_client_id
= me_cl
->client_id
;
454 cl
->cl_uuid
= me_cl
->props
.protocol_name
;
456 dev_dbg(dev
->dev
, "Connect to FW Client ID = %d\n",
458 dev_dbg(dev
->dev
, "FW Client - Protocol Version = %d\n",
459 me_cl
->props
.protocol_version
);
460 dev_dbg(dev
->dev
, "FW Client - Max Msg Len = %d\n",
461 me_cl
->props
.max_msg_length
);
463 /* if we're connecting to amthif client then we will use the
464 * existing connection
466 if (uuid_le_cmp(data
->in_client_uuid
, mei_amthif_guid
) == 0) {
467 dev_dbg(dev
->dev
, "FW Client is amthi\n");
468 if (dev
->iamthif_cl
.state
!= MEI_FILE_CONNECTED
) {
476 dev
->iamthif_open_count
++;
477 file
->private_data
= &dev
->iamthif_cl
;
479 client
= &data
->out_client_properties
;
480 client
->max_msg_length
= me_cl
->props
.max_msg_length
;
481 client
->protocol_version
= me_cl
->props
.protocol_version
;
482 rets
= dev
->iamthif_cl
.status
;
487 /* prepare the output buffer */
488 client
= &data
->out_client_properties
;
489 client
->max_msg_length
= me_cl
->props
.max_msg_length
;
490 client
->protocol_version
= me_cl
->props
.protocol_version
;
491 dev_dbg(dev
->dev
, "Can connect?\n");
493 rets
= mei_cl_connect(cl
, file
);
496 mei_me_cl_put(me_cl
);
501 * mei_ioctl - the IOCTL function
503 * @file: pointer to file structure
504 * @cmd: ioctl command
505 * @data: pointer to mei message structure
507 * Return: 0 on success , <0 on error
509 static long mei_ioctl(struct file
*file
, unsigned int cmd
, unsigned long data
)
511 struct mei_device
*dev
;
512 struct mei_cl
*cl
= file
->private_data
;
513 struct mei_connect_client_data connect_data
;
517 if (WARN_ON(!cl
|| !cl
->dev
))
522 dev_dbg(dev
->dev
, "IOCTL cmd = 0x%x", cmd
);
524 mutex_lock(&dev
->device_lock
);
525 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
531 case IOCTL_MEI_CONNECT_CLIENT
:
532 dev_dbg(dev
->dev
, ": IOCTL_MEI_CONNECT_CLIENT.\n");
533 if (copy_from_user(&connect_data
, (char __user
*)data
,
534 sizeof(struct mei_connect_client_data
))) {
535 dev_dbg(dev
->dev
, "failed to copy data from userland\n");
540 rets
= mei_ioctl_connect_client(file
, &connect_data
);
544 /* if all is ok, copying the data back to user. */
545 if (copy_to_user((char __user
*)data
, &connect_data
,
546 sizeof(struct mei_connect_client_data
))) {
547 dev_dbg(dev
->dev
, "failed to copy data to userland\n");
555 dev_err(dev
->dev
, ": unsupported ioctl %d.\n", cmd
);
560 mutex_unlock(&dev
->device_lock
);
565 * mei_compat_ioctl - the compat IOCTL function
567 * @file: pointer to file structure
568 * @cmd: ioctl command
569 * @data: pointer to mei message structure
571 * Return: 0 on success , <0 on error
574 static long mei_compat_ioctl(struct file
*file
,
575 unsigned int cmd
, unsigned long data
)
577 return mei_ioctl(file
, cmd
, (unsigned long)compat_ptr(data
));
583 * mei_poll - the poll function
585 * @file: pointer to file structure
586 * @wait: pointer to poll_table structure
590 static unsigned int mei_poll(struct file
*file
, poll_table
*wait
)
592 struct mei_cl
*cl
= file
->private_data
;
593 struct mei_device
*dev
;
594 unsigned int mask
= 0;
596 if (WARN_ON(!cl
|| !cl
->dev
))
601 mutex_lock(&dev
->device_lock
);
603 if (!mei_cl_is_connected(cl
)) {
608 mutex_unlock(&dev
->device_lock
);
611 if (cl
== &dev
->iamthif_cl
)
612 return mei_amthif_poll(dev
, file
, wait
);
614 poll_wait(file
, &cl
->tx_wait
, wait
);
616 mutex_lock(&dev
->device_lock
);
618 if (!mei_cl_is_connected(cl
)) {
623 mask
|= (POLLIN
| POLLRDNORM
);
626 mutex_unlock(&dev
->device_lock
);
631 * fw_status_show - mei device attribute show method
633 * @device: device pointer
634 * @attr: attribute pointer
635 * @buf: char out buffer
637 * Return: number of the bytes printed into buf or error
639 static ssize_t
fw_status_show(struct device
*device
,
640 struct device_attribute
*attr
, char *buf
)
642 struct mei_device
*dev
= dev_get_drvdata(device
);
643 struct mei_fw_status fw_status
;
647 mutex_lock(&dev
->device_lock
);
648 err
= mei_fw_status(dev
, &fw_status
);
649 mutex_unlock(&dev
->device_lock
);
651 dev_err(device
, "read fw_status error = %d\n", err
);
655 for (i
= 0; i
< fw_status
.count
; i
++)
656 cnt
+= scnprintf(buf
+ cnt
, PAGE_SIZE
- cnt
, "%08X\n",
657 fw_status
.status
[i
]);
660 static DEVICE_ATTR_RO(fw_status
);
662 static struct attribute
*mei_attrs
[] = {
663 &dev_attr_fw_status
.attr
,
666 ATTRIBUTE_GROUPS(mei
);
669 * file operations structure will be used for mei char device.
671 static const struct file_operations mei_fops
= {
672 .owner
= THIS_MODULE
,
674 .unlocked_ioctl
= mei_ioctl
,
676 .compat_ioctl
= mei_compat_ioctl
,
679 .release
= mei_release
,
685 static struct class *mei_class
;
686 static dev_t mei_devt
;
687 #define MEI_MAX_DEVS MINORMASK
688 static DEFINE_MUTEX(mei_minor_lock
);
689 static DEFINE_IDR(mei_idr
);
692 * mei_minor_get - obtain next free device minor number
694 * @dev: device pointer
696 * Return: allocated minor, or -ENOSPC if no free minor left
698 static int mei_minor_get(struct mei_device
*dev
)
702 mutex_lock(&mei_minor_lock
);
703 ret
= idr_alloc(&mei_idr
, dev
, 0, MEI_MAX_DEVS
, GFP_KERNEL
);
706 else if (ret
== -ENOSPC
)
707 dev_err(dev
->dev
, "too many mei devices\n");
709 mutex_unlock(&mei_minor_lock
);
714 * mei_minor_free - mark device minor number as free
716 * @dev: device pointer
718 static void mei_minor_free(struct mei_device
*dev
)
720 mutex_lock(&mei_minor_lock
);
721 idr_remove(&mei_idr
, dev
->minor
);
722 mutex_unlock(&mei_minor_lock
);
725 int mei_register(struct mei_device
*dev
, struct device
*parent
)
727 struct device
*clsdev
; /* class device */
730 ret
= mei_minor_get(dev
);
734 /* Fill in the data structures */
735 devno
= MKDEV(MAJOR(mei_devt
), dev
->minor
);
736 cdev_init(&dev
->cdev
, &mei_fops
);
737 dev
->cdev
.owner
= mei_fops
.owner
;
740 ret
= cdev_add(&dev
->cdev
, devno
, 1);
742 dev_err(parent
, "unable to add device %d:%d\n",
743 MAJOR(mei_devt
), dev
->minor
);
747 clsdev
= device_create_with_groups(mei_class
, parent
, devno
,
749 "mei%d", dev
->minor
);
751 if (IS_ERR(clsdev
)) {
752 dev_err(parent
, "unable to create device %d:%d\n",
753 MAJOR(mei_devt
), dev
->minor
);
754 ret
= PTR_ERR(clsdev
);
758 ret
= mei_dbgfs_register(dev
, dev_name(clsdev
));
760 dev_err(clsdev
, "cannot register debugfs ret = %d\n", ret
);
767 device_destroy(mei_class
, devno
);
769 cdev_del(&dev
->cdev
);
774 EXPORT_SYMBOL_GPL(mei_register
);
776 void mei_deregister(struct mei_device
*dev
)
780 devno
= dev
->cdev
.dev
;
781 cdev_del(&dev
->cdev
);
783 mei_dbgfs_deregister(dev
);
785 device_destroy(mei_class
, devno
);
789 EXPORT_SYMBOL_GPL(mei_deregister
);
791 static int __init
mei_init(void)
795 mei_class
= class_create(THIS_MODULE
, "mei");
796 if (IS_ERR(mei_class
)) {
797 pr_err("couldn't create class\n");
798 ret
= PTR_ERR(mei_class
);
802 ret
= alloc_chrdev_region(&mei_devt
, 0, MEI_MAX_DEVS
, "mei");
804 pr_err("unable to allocate char dev region\n");
808 ret
= mei_cl_bus_init();
810 pr_err("unable to initialize bus\n");
817 unregister_chrdev_region(mei_devt
, MEI_MAX_DEVS
);
819 class_destroy(mei_class
);
824 static void __exit
mei_exit(void)
826 unregister_chrdev_region(mei_devt
, MEI_MAX_DEVS
);
827 class_destroy(mei_class
);
831 module_init(mei_init
);
832 module_exit(mei_exit
);
834 MODULE_AUTHOR("Intel Corporation");
835 MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
836 MODULE_LICENSE("GPL v2");