3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2012, Intel Corporation.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
19 #include <linux/module.h>
20 #include <linux/moduleparam.h>
21 #include <linux/kernel.h>
22 #include <linux/device.h>
24 #include <linux/errno.h>
25 #include <linux/types.h>
26 #include <linux/fcntl.h>
27 #include <linux/aio.h>
28 #include <linux/pci.h>
29 #include <linux/poll.h>
30 #include <linux/init.h>
31 #include <linux/ioctl.h>
32 #include <linux/cdev.h>
33 #include <linux/sched.h>
34 #include <linux/uuid.h>
35 #include <linux/compat.h>
36 #include <linux/jiffies.h>
37 #include <linux/interrupt.h>
38 #include <linux/miscdevice.h>
40 #include <linux/mei.h>
46 * mei_open - the open function
48 * @inode: pointer to inode structure
49 * @file: pointer to file structure
51 * returns 0 on success, <0 on error
53 static int mei_open(struct inode *inode, struct file *file)
55 struct miscdevice *misc = file->private_data;
58 struct mei_device *dev;
65 pdev = container_of(misc->parent, struct pci_dev, dev);
67 dev = pci_get_drvdata(pdev);
71 mutex_lock(&dev->device_lock);
76 if (dev->dev_state != MEI_DEV_ENABLED) {
77 dev_dbg(&dev->pdev->dev, "dev_state != MEI_ENABLED dev_state = %s\n",
78 mei_dev_state_str(dev->dev_state));
83 cl = mei_cl_allocate(dev);
87 /* open_handle_count check is handled in the mei_cl_link */
88 err = mei_cl_link(cl, MEI_HOST_CLIENT_ID_ANY);
92 file->private_data = cl;
94 mutex_unlock(&dev->device_lock);
96 return nonseekable_open(inode, file);
99 mutex_unlock(&dev->device_lock);
105 * mei_release - the release function
107 * @inode: pointer to inode structure
108 * @file: pointer to file structure
110 * returns 0 on success, <0 on error
112 static int mei_release(struct inode *inode, struct file *file)
114 struct mei_cl *cl = file->private_data;
115 struct mei_cl_cb *cb;
116 struct mei_device *dev;
119 if (WARN_ON(!cl || !cl->dev))
124 mutex_lock(&dev->device_lock);
125 if (cl == &dev->iamthif_cl) {
126 rets = mei_amthif_release(dev, file);
129 if (cl->state == MEI_FILE_CONNECTED) {
130 cl->state = MEI_FILE_DISCONNECTING;
131 dev_dbg(&dev->pdev->dev,
132 "disconnecting client host client = %d, "
136 rets = mei_cl_disconnect(cl);
138 mei_cl_flush_queues(cl);
139 dev_dbg(&dev->pdev->dev, "remove client host client = %d, ME client = %d\n",
149 cb = mei_cl_find_read_cb(cl);
150 /* Remove entry from read list */
158 file->private_data = NULL;
164 mutex_unlock(&dev->device_lock);
170 * mei_read - the read function.
172 * @file: pointer to file structure
173 * @ubuf: pointer to user buffer
174 * @length: buffer length
175 * @offset: data offset in buffer
177 * returns >=0 data length on success , <0 on error
179 static ssize_t mei_read(struct file *file, char __user *ubuf,
180 size_t length, loff_t *offset)
182 struct mei_cl *cl = file->private_data;
183 struct mei_cl_cb *cb_pos = NULL;
184 struct mei_cl_cb *cb = NULL;
185 struct mei_device *dev;
190 if (WARN_ON(!cl || !cl->dev))
196 mutex_lock(&dev->device_lock);
197 if (dev->dev_state != MEI_DEV_ENABLED) {
207 if (cl == &dev->iamthif_cl) {
208 rets = mei_amthif_read(dev, file, ubuf, length, offset);
215 if (cb->buf_idx > *offset)
217 /* offset is beyond buf_idx we have no more data return 0 */
218 if (cb->buf_idx > 0 && cb->buf_idx <= *offset) {
222 /* Offset needs to be cleaned for contiguous reads*/
223 if (cb->buf_idx == 0 && *offset > 0)
225 } else if (*offset > 0) {
229 err = mei_cl_read_start(cl, length);
230 if (err && err != -EBUSY) {
231 dev_dbg(&dev->pdev->dev,
232 "mei start read failure with status = %d\n", err);
237 if (MEI_READ_COMPLETE != cl->reading_state &&
238 !waitqueue_active(&cl->rx_wait)) {
239 if (file->f_flags & O_NONBLOCK) {
244 mutex_unlock(&dev->device_lock);
246 if (wait_event_interruptible(cl->rx_wait,
247 MEI_READ_COMPLETE == cl->reading_state ||
248 mei_cl_is_transitioning(cl))) {
250 if (signal_pending(current))
255 mutex_lock(&dev->device_lock);
256 if (mei_cl_is_transitioning(cl)) {
268 if (cl->reading_state != MEI_READ_COMPLETE) {
272 /* now copy the data to user space */
274 dev_dbg(&dev->pdev->dev, "buf.size = %d buf.idx= %ld\n",
275 cb->response_buffer.size, cb->buf_idx);
276 if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) {
281 /* length is being truncated to PAGE_SIZE,
282 * however buf_idx may point beyond that */
283 length = min_t(size_t, length, cb->buf_idx - *offset);
285 if (copy_to_user(ubuf, cb->response_buffer.data + *offset, length)) {
292 if ((unsigned long)*offset < cb->buf_idx)
296 cb_pos = mei_cl_find_read_cb(cl);
297 /* Remove entry from read list */
299 list_del(&cb_pos->list);
301 cl->reading_state = MEI_IDLE;
304 dev_dbg(&dev->pdev->dev, "end mei read rets= %d\n", rets);
305 mutex_unlock(&dev->device_lock);
309 * mei_write - the write function.
311 * @file: pointer to file structure
312 * @ubuf: pointer to user buffer
313 * @length: buffer length
314 * @offset: data offset in buffer
316 * returns >=0 data length on success , <0 on error
318 static ssize_t mei_write(struct file *file, const char __user *ubuf,
319 size_t length, loff_t *offset)
321 struct mei_cl *cl = file->private_data;
322 struct mei_cl_cb *write_cb = NULL;
323 struct mei_device *dev;
324 unsigned long timeout = 0;
328 if (WARN_ON(!cl || !cl->dev))
333 mutex_lock(&dev->device_lock);
335 if (dev->dev_state != MEI_DEV_ENABLED) {
340 id = mei_me_cl_by_id(dev, cl->me_client_id);
351 if (length > dev->me_clients[id].props.max_msg_length) {
356 if (cl->state != MEI_FILE_CONNECTED) {
357 dev_err(&dev->pdev->dev, "host client = %d, is not connected to ME client = %d",
358 cl->host_client_id, cl->me_client_id);
362 if (cl == &dev->iamthif_cl) {
363 write_cb = mei_amthif_find_read_list_entry(dev, file);
366 timeout = write_cb->read_time +
367 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER);
369 if (time_after(jiffies, timeout) ||
370 cl->reading_state == MEI_READ_COMPLETE) {
372 list_del(&write_cb->list);
373 mei_io_cb_free(write_cb);
379 /* free entry used in read */
380 if (cl->reading_state == MEI_READ_COMPLETE) {
382 write_cb = mei_cl_find_read_cb(cl);
384 list_del(&write_cb->list);
385 mei_io_cb_free(write_cb);
387 cl->reading_state = MEI_IDLE;
390 } else if (cl->reading_state == MEI_IDLE)
394 write_cb = mei_io_cb_init(cl, file);
396 dev_err(&dev->pdev->dev, "write cb allocation failed\n");
400 rets = mei_io_cb_alloc_req_buf(write_cb, length);
404 rets = copy_from_user(write_cb->request_buffer.data, ubuf, length);
406 dev_err(&dev->pdev->dev, "failed to copy data from userland\n");
411 if (cl == &dev->iamthif_cl) {
412 rets = mei_amthif_write(dev, write_cb);
415 dev_err(&dev->pdev->dev,
416 "amthif write failed with status = %d\n", rets);
419 mutex_unlock(&dev->device_lock);
423 rets = mei_cl_write(cl, write_cb, false);
425 mutex_unlock(&dev->device_lock);
427 mei_io_cb_free(write_cb);
432 * mei_ioctl_connect_client - the connect to fw client IOCTL function
434 * @dev: the device structure
435 * @data: IOCTL connect data, input and output parameters
436 * @file: private data of the file object
438 * Locking: called under "dev->device_lock" lock
440 * returns 0 on success, <0 on failure.
442 static int mei_ioctl_connect_client(struct file *file,
443 struct mei_connect_client_data *data)
445 struct mei_device *dev;
446 struct mei_client *client;
451 cl = file->private_data;
452 if (WARN_ON(!cl || !cl->dev))
457 if (dev->dev_state != MEI_DEV_ENABLED) {
462 if (cl->state != MEI_FILE_INITIALIZING &&
463 cl->state != MEI_FILE_DISCONNECTED) {
468 /* find ME client we're trying to connect to */
469 i = mei_me_cl_by_uuid(dev, &data->in_client_uuid);
470 if (i < 0 || dev->me_clients[i].props.fixed_address) {
471 dev_dbg(&dev->pdev->dev, "Cannot connect to FW Client UUID = %pUl\n",
472 &data->in_client_uuid);
477 cl->me_client_id = dev->me_clients[i].client_id;
478 cl->state = MEI_FILE_CONNECTING;
480 dev_dbg(&dev->pdev->dev, "Connect to FW Client ID = %d\n",
482 dev_dbg(&dev->pdev->dev, "FW Client - Protocol Version = %d\n",
483 dev->me_clients[i].props.protocol_version);
484 dev_dbg(&dev->pdev->dev, "FW Client - Max Msg Len = %d\n",
485 dev->me_clients[i].props.max_msg_length);
487 /* if we're connecting to amthif client then we will use the
488 * existing connection
490 if (uuid_le_cmp(data->in_client_uuid, mei_amthif_guid) == 0) {
491 dev_dbg(&dev->pdev->dev, "FW Client is amthi\n");
492 if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) {
500 dev->iamthif_open_count++;
501 file->private_data = &dev->iamthif_cl;
503 client = &data->out_client_properties;
504 client->max_msg_length =
505 dev->me_clients[i].props.max_msg_length;
506 client->protocol_version =
507 dev->me_clients[i].props.protocol_version;
508 rets = dev->iamthif_cl.status;
514 /* prepare the output buffer */
515 client = &data->out_client_properties;
516 client->max_msg_length = dev->me_clients[i].props.max_msg_length;
517 client->protocol_version = dev->me_clients[i].props.protocol_version;
518 dev_dbg(&dev->pdev->dev, "Can connect?\n");
521 rets = mei_cl_connect(cl, file);
529 * mei_ioctl - the IOCTL function
531 * @file: pointer to file structure
532 * @cmd: ioctl command
533 * @data: pointer to mei message structure
535 * returns 0 on success , <0 on error
537 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
539 struct mei_device *dev;
540 struct mei_cl *cl = file->private_data;
541 struct mei_connect_client_data *connect_data = NULL;
544 if (cmd != IOCTL_MEI_CONNECT_CLIENT)
547 if (WARN_ON(!cl || !cl->dev))
552 dev_dbg(&dev->pdev->dev, "IOCTL cmd = 0x%x", cmd);
554 mutex_lock(&dev->device_lock);
555 if (dev->dev_state != MEI_DEV_ENABLED) {
560 dev_dbg(&dev->pdev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n");
562 connect_data = kzalloc(sizeof(struct mei_connect_client_data),
568 dev_dbg(&dev->pdev->dev, "copy connect data from user\n");
569 if (copy_from_user(connect_data, (char __user *)data,
570 sizeof(struct mei_connect_client_data))) {
571 dev_err(&dev->pdev->dev, "failed to copy data from userland\n");
576 rets = mei_ioctl_connect_client(file, connect_data);
578 /* if all is ok, copying the data back to user. */
582 dev_dbg(&dev->pdev->dev, "copy connect data to user\n");
583 if (copy_to_user((char __user *)data, connect_data,
584 sizeof(struct mei_connect_client_data))) {
585 dev_dbg(&dev->pdev->dev, "failed to copy data to userland\n");
592 mutex_unlock(&dev->device_lock);
597 * mei_compat_ioctl - the compat IOCTL function
599 * @file: pointer to file structure
600 * @cmd: ioctl command
601 * @data: pointer to mei message structure
603 * returns 0 on success , <0 on error
606 static long mei_compat_ioctl(struct file *file,
607 unsigned int cmd, unsigned long data)
609 return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data));
615 * mei_poll - the poll function
617 * @file: pointer to file structure
618 * @wait: pointer to poll_table structure
622 static unsigned int mei_poll(struct file *file, poll_table *wait)
624 struct mei_cl *cl = file->private_data;
625 struct mei_device *dev;
626 unsigned int mask = 0;
628 if (WARN_ON(!cl || !cl->dev))
633 mutex_lock(&dev->device_lock);
635 if (!mei_cl_is_connected(cl)) {
640 mutex_unlock(&dev->device_lock);
643 if (cl == &dev->iamthif_cl)
644 return mei_amthif_poll(dev, file, wait);
646 poll_wait(file, &cl->tx_wait, wait);
648 mutex_lock(&dev->device_lock);
650 if (!mei_cl_is_connected(cl)) {
655 if (MEI_WRITE_COMPLETE == cl->writing_state)
656 mask |= (POLLIN | POLLRDNORM);
659 mutex_unlock(&dev->device_lock);
664 * file operations structure will be used for mei char device.
666 static const struct file_operations mei_fops = {
667 .owner = THIS_MODULE,
669 .unlocked_ioctl = mei_ioctl,
671 .compat_ioctl = mei_compat_ioctl,
674 .release = mei_release,
683 static struct miscdevice mei_misc_device = {
686 .minor = MISC_DYNAMIC_MINOR,
690 int mei_register(struct mei_device *dev)
693 mei_misc_device.parent = &dev->pdev->dev;
694 ret = misc_register(&mei_misc_device);
698 if (mei_dbgfs_register(dev, mei_misc_device.name))
699 dev_err(&dev->pdev->dev, "cannot register debugfs\n");
703 EXPORT_SYMBOL_GPL(mei_register);
705 void mei_deregister(struct mei_device *dev)
707 mei_dbgfs_deregister(dev);
708 misc_deregister(&mei_misc_device);
709 mei_misc_device.parent = NULL;
711 EXPORT_SYMBOL_GPL(mei_deregister);
713 static int __init mei_init(void)
715 return mei_cl_bus_init();
718 static void __exit mei_exit(void)
723 module_init(mei_init);
724 module_exit(mei_exit);
726 MODULE_AUTHOR("Intel Corporation");
727 MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
728 MODULE_LICENSE("GPL v2");