MIPS: Yosemite, Emma: Fix off-by-two in arcs_cmdline buffer size check
[linux-2.6/linux-mips.git] / drivers / base / firmware_class.c
blob06ed6b4e7df5ecc0d236cd73ee2690933f8e8ee7
1 /*
2 * firmware_class.c - Multi purpose firmware loading support
4 * Copyright (c) 2003 Manuel Estrada Sainz
6 * Please see Documentation/firmware_class/ for more information.
8 */
10 #include <linux/capability.h>
11 #include <linux/device.h>
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/timer.h>
15 #include <linux/vmalloc.h>
16 #include <linux/interrupt.h>
17 #include <linux/bitops.h>
18 #include <linux/mutex.h>
19 #include <linux/kthread.h>
20 #include <linux/highmem.h>
21 #include <linux/firmware.h>
22 #include <linux/slab.h>
24 #define to_dev(obj) container_of(obj, struct device, kobj)
26 MODULE_AUTHOR("Manuel Estrada Sainz");
27 MODULE_DESCRIPTION("Multi purpose firmware loading support");
28 MODULE_LICENSE("GPL");
30 /* Builtin firmware support */
32 #ifdef CONFIG_FW_LOADER
34 extern struct builtin_fw __start_builtin_fw[];
35 extern struct builtin_fw __end_builtin_fw[];
37 static bool fw_get_builtin_firmware(struct firmware *fw, const char *name)
39 struct builtin_fw *b_fw;
41 for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++) {
42 if (strcmp(name, b_fw->name) == 0) {
43 fw->size = b_fw->size;
44 fw->data = b_fw->data;
45 return true;
49 return false;
52 static bool fw_is_builtin_firmware(const struct firmware *fw)
54 struct builtin_fw *b_fw;
56 for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++)
57 if (fw->data == b_fw->data)
58 return true;
60 return false;
63 #else /* Module case - no builtin firmware support */
65 static inline bool fw_get_builtin_firmware(struct firmware *fw, const char *name)
67 return false;
70 static inline bool fw_is_builtin_firmware(const struct firmware *fw)
72 return false;
74 #endif
76 enum {
77 FW_STATUS_LOADING,
78 FW_STATUS_DONE,
79 FW_STATUS_ABORT,
82 static int loading_timeout = 60; /* In seconds */
84 /* fw_lock could be moved to 'struct firmware_priv' but since it is just
85 * guarding for corner cases a global lock should be OK */
86 static DEFINE_MUTEX(fw_lock);
88 struct firmware_priv {
89 struct completion completion;
90 struct firmware *fw;
91 unsigned long status;
92 struct page **pages;
93 int nr_pages;
94 int page_array_size;
95 struct timer_list timeout;
96 struct device dev;
97 bool nowait;
98 char fw_id[];
101 static struct firmware_priv *to_firmware_priv(struct device *dev)
103 return container_of(dev, struct firmware_priv, dev);
106 static void fw_load_abort(struct firmware_priv *fw_priv)
108 set_bit(FW_STATUS_ABORT, &fw_priv->status);
109 wmb();
110 complete(&fw_priv->completion);
113 static ssize_t firmware_timeout_show(struct class *class,
114 struct class_attribute *attr,
115 char *buf)
117 return sprintf(buf, "%d\n", loading_timeout);
121 * firmware_timeout_store - set number of seconds to wait for firmware
122 * @class: device class pointer
123 * @attr: device attribute pointer
124 * @buf: buffer to scan for timeout value
125 * @count: number of bytes in @buf
127 * Sets the number of seconds to wait for the firmware. Once
128 * this expires an error will be returned to the driver and no
129 * firmware will be provided.
131 * Note: zero means 'wait forever'.
133 static ssize_t firmware_timeout_store(struct class *class,
134 struct class_attribute *attr,
135 const char *buf, size_t count)
137 loading_timeout = simple_strtol(buf, NULL, 10);
138 if (loading_timeout < 0)
139 loading_timeout = 0;
141 return count;
144 static struct class_attribute firmware_class_attrs[] = {
145 __ATTR(timeout, S_IWUSR | S_IRUGO,
146 firmware_timeout_show, firmware_timeout_store),
147 __ATTR_NULL
150 static void fw_dev_release(struct device *dev)
152 struct firmware_priv *fw_priv = to_firmware_priv(dev);
153 int i;
155 for (i = 0; i < fw_priv->nr_pages; i++)
156 __free_page(fw_priv->pages[i]);
157 kfree(fw_priv->pages);
158 kfree(fw_priv);
160 module_put(THIS_MODULE);
163 static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
165 struct firmware_priv *fw_priv = to_firmware_priv(dev);
167 if (add_uevent_var(env, "FIRMWARE=%s", fw_priv->fw_id))
168 return -ENOMEM;
169 if (add_uevent_var(env, "TIMEOUT=%i", loading_timeout))
170 return -ENOMEM;
171 if (add_uevent_var(env, "ASYNC=%d", fw_priv->nowait))
172 return -ENOMEM;
174 return 0;
177 static struct class firmware_class = {
178 .name = "firmware",
179 .class_attrs = firmware_class_attrs,
180 .dev_uevent = firmware_uevent,
181 .dev_release = fw_dev_release,
184 static ssize_t firmware_loading_show(struct device *dev,
185 struct device_attribute *attr, char *buf)
187 struct firmware_priv *fw_priv = to_firmware_priv(dev);
188 int loading = test_bit(FW_STATUS_LOADING, &fw_priv->status);
190 return sprintf(buf, "%d\n", loading);
193 static void firmware_free_data(const struct firmware *fw)
195 int i;
196 vunmap(fw->data);
197 if (fw->pages) {
198 for (i = 0; i < PFN_UP(fw->size); i++)
199 __free_page(fw->pages[i]);
200 kfree(fw->pages);
204 /* Some architectures don't have PAGE_KERNEL_RO */
205 #ifndef PAGE_KERNEL_RO
206 #define PAGE_KERNEL_RO PAGE_KERNEL
207 #endif
209 * firmware_loading_store - set value in the 'loading' control file
210 * @dev: device pointer
211 * @attr: device attribute pointer
212 * @buf: buffer to scan for loading control value
213 * @count: number of bytes in @buf
215 * The relevant values are:
217 * 1: Start a load, discarding any previous partial load.
218 * 0: Conclude the load and hand the data to the driver code.
219 * -1: Conclude the load with an error and discard any written data.
221 static ssize_t firmware_loading_store(struct device *dev,
222 struct device_attribute *attr,
223 const char *buf, size_t count)
225 struct firmware_priv *fw_priv = to_firmware_priv(dev);
226 int loading = simple_strtol(buf, NULL, 10);
227 int i;
229 switch (loading) {
230 case 1:
231 mutex_lock(&fw_lock);
232 if (!fw_priv->fw) {
233 mutex_unlock(&fw_lock);
234 break;
236 firmware_free_data(fw_priv->fw);
237 memset(fw_priv->fw, 0, sizeof(struct firmware));
238 /* If the pages are not owned by 'struct firmware' */
239 for (i = 0; i < fw_priv->nr_pages; i++)
240 __free_page(fw_priv->pages[i]);
241 kfree(fw_priv->pages);
242 fw_priv->pages = NULL;
243 fw_priv->page_array_size = 0;
244 fw_priv->nr_pages = 0;
245 set_bit(FW_STATUS_LOADING, &fw_priv->status);
246 mutex_unlock(&fw_lock);
247 break;
248 case 0:
249 if (test_bit(FW_STATUS_LOADING, &fw_priv->status)) {
250 vunmap(fw_priv->fw->data);
251 fw_priv->fw->data = vmap(fw_priv->pages,
252 fw_priv->nr_pages,
253 0, PAGE_KERNEL_RO);
254 if (!fw_priv->fw->data) {
255 dev_err(dev, "%s: vmap() failed\n", __func__);
256 goto err;
258 /* Pages are now owned by 'struct firmware' */
259 fw_priv->fw->pages = fw_priv->pages;
260 fw_priv->pages = NULL;
262 fw_priv->page_array_size = 0;
263 fw_priv->nr_pages = 0;
264 complete(&fw_priv->completion);
265 clear_bit(FW_STATUS_LOADING, &fw_priv->status);
266 break;
268 /* fallthrough */
269 default:
270 dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
271 /* fallthrough */
272 case -1:
273 err:
274 fw_load_abort(fw_priv);
275 break;
278 return count;
281 static DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
283 static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
284 struct bin_attribute *bin_attr,
285 char *buffer, loff_t offset, size_t count)
287 struct device *dev = to_dev(kobj);
288 struct firmware_priv *fw_priv = to_firmware_priv(dev);
289 struct firmware *fw;
290 ssize_t ret_count;
292 mutex_lock(&fw_lock);
293 fw = fw_priv->fw;
294 if (!fw || test_bit(FW_STATUS_DONE, &fw_priv->status)) {
295 ret_count = -ENODEV;
296 goto out;
298 if (offset > fw->size) {
299 ret_count = 0;
300 goto out;
302 if (count > fw->size - offset)
303 count = fw->size - offset;
305 ret_count = count;
307 while (count) {
308 void *page_data;
309 int page_nr = offset >> PAGE_SHIFT;
310 int page_ofs = offset & (PAGE_SIZE-1);
311 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
313 page_data = kmap(fw_priv->pages[page_nr]);
315 memcpy(buffer, page_data + page_ofs, page_cnt);
317 kunmap(fw_priv->pages[page_nr]);
318 buffer += page_cnt;
319 offset += page_cnt;
320 count -= page_cnt;
322 out:
323 mutex_unlock(&fw_lock);
324 return ret_count;
327 static int fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size)
329 int pages_needed = ALIGN(min_size, PAGE_SIZE) >> PAGE_SHIFT;
331 /* If the array of pages is too small, grow it... */
332 if (fw_priv->page_array_size < pages_needed) {
333 int new_array_size = max(pages_needed,
334 fw_priv->page_array_size * 2);
335 struct page **new_pages;
337 new_pages = kmalloc(new_array_size * sizeof(void *),
338 GFP_KERNEL);
339 if (!new_pages) {
340 fw_load_abort(fw_priv);
341 return -ENOMEM;
343 memcpy(new_pages, fw_priv->pages,
344 fw_priv->page_array_size * sizeof(void *));
345 memset(&new_pages[fw_priv->page_array_size], 0, sizeof(void *) *
346 (new_array_size - fw_priv->page_array_size));
347 kfree(fw_priv->pages);
348 fw_priv->pages = new_pages;
349 fw_priv->page_array_size = new_array_size;
352 while (fw_priv->nr_pages < pages_needed) {
353 fw_priv->pages[fw_priv->nr_pages] =
354 alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
356 if (!fw_priv->pages[fw_priv->nr_pages]) {
357 fw_load_abort(fw_priv);
358 return -ENOMEM;
360 fw_priv->nr_pages++;
362 return 0;
366 * firmware_data_write - write method for firmware
367 * @filp: open sysfs file
368 * @kobj: kobject for the device
369 * @bin_attr: bin_attr structure
370 * @buffer: buffer being written
371 * @offset: buffer offset for write in total data store area
372 * @count: buffer size
374 * Data written to the 'data' attribute will be later handed to
375 * the driver as a firmware image.
377 static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
378 struct bin_attribute *bin_attr,
379 char *buffer, loff_t offset, size_t count)
381 struct device *dev = to_dev(kobj);
382 struct firmware_priv *fw_priv = to_firmware_priv(dev);
383 struct firmware *fw;
384 ssize_t retval;
386 if (!capable(CAP_SYS_RAWIO))
387 return -EPERM;
389 mutex_lock(&fw_lock);
390 fw = fw_priv->fw;
391 if (!fw || test_bit(FW_STATUS_DONE, &fw_priv->status)) {
392 retval = -ENODEV;
393 goto out;
395 retval = fw_realloc_buffer(fw_priv, offset + count);
396 if (retval)
397 goto out;
399 retval = count;
401 while (count) {
402 void *page_data;
403 int page_nr = offset >> PAGE_SHIFT;
404 int page_ofs = offset & (PAGE_SIZE - 1);
405 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
407 page_data = kmap(fw_priv->pages[page_nr]);
409 memcpy(page_data + page_ofs, buffer, page_cnt);
411 kunmap(fw_priv->pages[page_nr]);
412 buffer += page_cnt;
413 offset += page_cnt;
414 count -= page_cnt;
417 fw->size = max_t(size_t, offset, fw->size);
418 out:
419 mutex_unlock(&fw_lock);
420 return retval;
423 static struct bin_attribute firmware_attr_data = {
424 .attr = { .name = "data", .mode = 0644 },
425 .size = 0,
426 .read = firmware_data_read,
427 .write = firmware_data_write,
430 static void firmware_class_timeout(u_long data)
432 struct firmware_priv *fw_priv = (struct firmware_priv *) data;
434 fw_load_abort(fw_priv);
437 static struct firmware_priv *
438 fw_create_instance(struct firmware *firmware, const char *fw_name,
439 struct device *device, bool uevent, bool nowait)
441 struct firmware_priv *fw_priv;
442 struct device *f_dev;
443 int error;
445 fw_priv = kzalloc(sizeof(*fw_priv) + strlen(fw_name) + 1 , GFP_KERNEL);
446 if (!fw_priv) {
447 dev_err(device, "%s: kmalloc failed\n", __func__);
448 error = -ENOMEM;
449 goto err_out;
452 fw_priv->fw = firmware;
453 fw_priv->nowait = nowait;
454 strcpy(fw_priv->fw_id, fw_name);
455 init_completion(&fw_priv->completion);
456 setup_timer(&fw_priv->timeout,
457 firmware_class_timeout, (u_long) fw_priv);
459 f_dev = &fw_priv->dev;
461 device_initialize(f_dev);
462 dev_set_name(f_dev, "%s", dev_name(device));
463 f_dev->parent = device;
464 f_dev->class = &firmware_class;
466 dev_set_uevent_suppress(f_dev, true);
468 /* Need to pin this module until class device is destroyed */
469 __module_get(THIS_MODULE);
471 error = device_add(f_dev);
472 if (error) {
473 dev_err(device, "%s: device_register failed\n", __func__);
474 goto err_put_dev;
477 error = device_create_bin_file(f_dev, &firmware_attr_data);
478 if (error) {
479 dev_err(device, "%s: sysfs_create_bin_file failed\n", __func__);
480 goto err_del_dev;
483 error = device_create_file(f_dev, &dev_attr_loading);
484 if (error) {
485 dev_err(device, "%s: device_create_file failed\n", __func__);
486 goto err_del_bin_attr;
489 if (uevent)
490 dev_set_uevent_suppress(f_dev, false);
492 return fw_priv;
494 err_del_bin_attr:
495 device_remove_bin_file(f_dev, &firmware_attr_data);
496 err_del_dev:
497 device_del(f_dev);
498 err_put_dev:
499 put_device(f_dev);
500 err_out:
501 return ERR_PTR(error);
504 static void fw_destroy_instance(struct firmware_priv *fw_priv)
506 struct device *f_dev = &fw_priv->dev;
508 device_remove_file(f_dev, &dev_attr_loading);
509 device_remove_bin_file(f_dev, &firmware_attr_data);
510 device_unregister(f_dev);
513 static int _request_firmware(const struct firmware **firmware_p,
514 const char *name, struct device *device,
515 bool uevent, bool nowait)
517 struct firmware_priv *fw_priv;
518 struct firmware *firmware;
519 int retval = 0;
521 if (!firmware_p)
522 return -EINVAL;
524 *firmware_p = firmware = kzalloc(sizeof(*firmware), GFP_KERNEL);
525 if (!firmware) {
526 dev_err(device, "%s: kmalloc(struct firmware) failed\n",
527 __func__);
528 retval = -ENOMEM;
529 goto out;
532 if (fw_get_builtin_firmware(firmware, name)) {
533 dev_dbg(device, "firmware: using built-in firmware %s\n", name);
534 return 0;
537 if (WARN_ON(usermodehelper_is_disabled())) {
538 dev_err(device, "firmware: %s will not be loaded\n", name);
539 retval = -EBUSY;
540 goto out;
543 if (uevent)
544 dev_dbg(device, "firmware: requesting %s\n", name);
546 fw_priv = fw_create_instance(firmware, name, device, uevent, nowait);
547 if (IS_ERR(fw_priv)) {
548 retval = PTR_ERR(fw_priv);
549 goto out;
552 if (uevent) {
553 if (loading_timeout > 0)
554 mod_timer(&fw_priv->timeout,
555 round_jiffies_up(jiffies +
556 loading_timeout * HZ));
558 kobject_uevent(&fw_priv->dev.kobj, KOBJ_ADD);
561 wait_for_completion(&fw_priv->completion);
563 set_bit(FW_STATUS_DONE, &fw_priv->status);
564 del_timer_sync(&fw_priv->timeout);
566 mutex_lock(&fw_lock);
567 if (!fw_priv->fw->size || test_bit(FW_STATUS_ABORT, &fw_priv->status))
568 retval = -ENOENT;
569 fw_priv->fw = NULL;
570 mutex_unlock(&fw_lock);
572 fw_destroy_instance(fw_priv);
574 out:
575 if (retval) {
576 release_firmware(firmware);
577 *firmware_p = NULL;
580 return retval;
584 * request_firmware: - send firmware request and wait for it
585 * @firmware_p: pointer to firmware image
586 * @name: name of firmware file
587 * @device: device for which firmware is being loaded
589 * @firmware_p will be used to return a firmware image by the name
590 * of @name for device @device.
592 * Should be called from user context where sleeping is allowed.
594 * @name will be used as $FIRMWARE in the uevent environment and
595 * should be distinctive enough not to be confused with any other
596 * firmware image for this or any other device.
599 request_firmware(const struct firmware **firmware_p, const char *name,
600 struct device *device)
602 return _request_firmware(firmware_p, name, device, true, false);
606 * release_firmware: - release the resource associated with a firmware image
607 * @fw: firmware resource to release
609 void release_firmware(const struct firmware *fw)
611 if (fw) {
612 if (!fw_is_builtin_firmware(fw))
613 firmware_free_data(fw);
614 kfree(fw);
618 /* Async support */
619 struct firmware_work {
620 struct work_struct work;
621 struct module *module;
622 const char *name;
623 struct device *device;
624 void *context;
625 void (*cont)(const struct firmware *fw, void *context);
626 bool uevent;
629 static int request_firmware_work_func(void *arg)
631 struct firmware_work *fw_work = arg;
632 const struct firmware *fw;
633 int ret;
635 if (!arg) {
636 WARN_ON(1);
637 return 0;
640 ret = _request_firmware(&fw, fw_work->name, fw_work->device,
641 fw_work->uevent, true);
642 fw_work->cont(fw, fw_work->context);
644 module_put(fw_work->module);
645 kfree(fw_work);
647 return ret;
651 * request_firmware_nowait - asynchronous version of request_firmware
652 * @module: module requesting the firmware
653 * @uevent: sends uevent to copy the firmware image if this flag
654 * is non-zero else the firmware copy must be done manually.
655 * @name: name of firmware file
656 * @device: device for which firmware is being loaded
657 * @gfp: allocation flags
658 * @context: will be passed over to @cont, and
659 * @fw may be %NULL if firmware request fails.
660 * @cont: function will be called asynchronously when the firmware
661 * request is over.
663 * Asynchronous variant of request_firmware() for user contexts where
664 * it is not possible to sleep for long time. It can't be called
665 * in atomic contexts.
668 request_firmware_nowait(
669 struct module *module, bool uevent,
670 const char *name, struct device *device, gfp_t gfp, void *context,
671 void (*cont)(const struct firmware *fw, void *context))
673 struct task_struct *task;
674 struct firmware_work *fw_work;
676 fw_work = kzalloc(sizeof (struct firmware_work), gfp);
677 if (!fw_work)
678 return -ENOMEM;
680 fw_work->module = module;
681 fw_work->name = name;
682 fw_work->device = device;
683 fw_work->context = context;
684 fw_work->cont = cont;
685 fw_work->uevent = uevent;
687 if (!try_module_get(module)) {
688 kfree(fw_work);
689 return -EFAULT;
692 task = kthread_run(request_firmware_work_func, fw_work,
693 "firmware/%s", name);
694 if (IS_ERR(task)) {
695 fw_work->cont(NULL, fw_work->context);
696 module_put(fw_work->module);
697 kfree(fw_work);
698 return PTR_ERR(task);
701 return 0;
704 static int __init firmware_class_init(void)
706 return class_register(&firmware_class);
709 static void __exit firmware_class_exit(void)
711 class_unregister(&firmware_class);
714 fs_initcall(firmware_class_init);
715 module_exit(firmware_class_exit);
717 EXPORT_SYMBOL(release_firmware);
718 EXPORT_SYMBOL(request_firmware);
719 EXPORT_SYMBOL(request_firmware_nowait);