search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[PATCH] g_file_storage: fix obscure race condition
[linux/fpc-iii.git] / drivers / firmware / dell_rbu.c
blob4f4ba9b6d1821bce9a53bbdc4470d2caba99c16e
1 /*
2 * dell_rbu.c
3 * Bios Update driver for Dell systems
4 * Author: Dell Inc
5 * Abhay Salunke <abhay_salunke@dell.com>
6 *
7 * Copyright (C) 2005 Dell Inc.
8 *
9 * Remote BIOS Update (rbu) driver is used for updating DELL BIOS by
10 * creating entries in the /sys file systems on Linux 2.6 and higher
11 * kernels. The driver supports two mechanism to update the BIOS namely
12 * contiguous and packetized. Both these methods still require having some
13 * application to set the CMOS bit indicating the BIOS to update itself
14 * after a reboot.
15 *
16 * Contiguous method:
17 * This driver writes the incoming data in a monolithic image by allocating
18 * contiguous physical pages large enough to accommodate the incoming BIOS
19 * image size.
20 *
21 * Packetized method:
22 * The driver writes the incoming packet image by allocating a new packet
23 * on every time the packet data is written. This driver requires an
24 * application to break the BIOS image in to fixed sized packet chunks.
25 *
26 * See Documentation/dell_rbu.txt for more info.
27 *
28 * This program is free software; you can redistribute it and/or modify
29 * it under the terms of the GNU General Public License v2.0 as published by
30 * the Free Software Foundation
31 *
32 * This program is distributed in the hope that it will be useful,
33 * but WITHOUT ANY WARRANTY; without even the implied warranty of
34 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
35 * GNU General Public License for more details.
36 */
37 #include <linux/version.h>
38 #include <linux/config.h>
39 #include <linux/init.h>
40 #include <linux/module.h>
41 #include <linux/string.h>
42 #include <linux/errno.h>
43 #include <linux/blkdev.h>
44 #include <linux/device.h>
45 #include <linux/spinlock.h>
46 #include <linux/moduleparam.h>
47 #include <linux/firmware.h>
48 #include <linux/dma-mapping.h>
49
50 MODULE_AUTHOR("Abhay Salunke <abhay_salunke@dell.com>");
51 MODULE_DESCRIPTION("Driver for updating BIOS image on DELL systems");
52 MODULE_LICENSE("GPL");
53 MODULE_VERSION("3.0");
54
55 #define BIOS_SCAN_LIMIT 0xffffffff
56 #define MAX_IMAGE_LENGTH 16
57 static struct _rbu_data {
58 void *image_update_buffer;
59 unsigned long image_update_buffer_size;
60 unsigned long bios_image_size;
61 int image_update_ordernum;
62 int dma_alloc;
63 spinlock_t lock;
64 unsigned long packet_read_count;
65 unsigned long num_packets;
66 unsigned long packetsize;
67 unsigned long imagesize;
68 int entry_created;
69 } rbu_data;
70
71 static char image_type[MAX_IMAGE_LENGTH + 1] = "mono";
72 module_param_string(image_type, image_type, sizeof (image_type), 0);
73 MODULE_PARM_DESC(image_type,
74 "BIOS image type. choose- mono or packet or init");
75
76 struct packet_data {
77 struct list_head list;
78 size_t length;
79 void *data;
80 int ordernum;
81 };
82
83 static struct packet_data packet_data_head;
84
85 static struct platform_device *rbu_device;
86 static int context;
87 static dma_addr_t dell_rbu_dmaaddr;
88
89 static void init_packet_head(void)
90 {
91 INIT_LIST_HEAD(&packet_data_head.list);
92 rbu_data.packet_read_count = 0;
93 rbu_data.num_packets = 0;
94 rbu_data.packetsize = 0;
95 rbu_data.imagesize = 0;
96 }
97
98 static int create_packet(void *data, size_t length)
99 {
100 struct packet_data *newpacket;
101 int ordernum = 0;
102
103 pr_debug("create_packet: entry \n");
104
105 if (!rbu_data.packetsize) {
106 pr_debug("create_packet: packetsize not specified\n");
107 return -EINVAL;
108 }
109 spin_unlock(&rbu_data.lock);
110 newpacket = kmalloc(sizeof (struct packet_data), GFP_KERNEL);
111 spin_lock(&rbu_data.lock);
112
113 if (!newpacket) {
114 printk(KERN_WARNING
115 "dell_rbu:%s: failed to allocate new "
116 "packet\n", __FUNCTION__);
117 return -ENOMEM;
118 }
119
120 ordernum = get_order(length);
121 /*
122 * there is no upper limit on memory
123 * address for packetized mechanism
124 */
125 spin_unlock(&rbu_data.lock);
126 newpacket->data = (unsigned char *) __get_free_pages(GFP_KERNEL,
127 ordernum);
128 spin_lock(&rbu_data.lock);
129
130 pr_debug("create_packet: newpacket %p\n", newpacket->data);
131
132 if (!newpacket->data) {
133 printk(KERN_WARNING
134 "dell_rbu:%s: failed to allocate new "
135 "packet\n", __FUNCTION__);
136 kfree(newpacket);
137 return -ENOMEM;
138 }
139
140 newpacket->ordernum = ordernum;
141 ++rbu_data.num_packets;
142 /*
143 * initialize the newly created packet headers
144 */
145 INIT_LIST_HEAD(&newpacket->list);
146 list_add_tail(&newpacket->list, &packet_data_head.list);
147 /*
148 * packets may not have fixed size
149 */
150 newpacket->length = length;
151
152 memcpy(newpacket->data, data, length);
153
154 pr_debug("create_packet: exit \n");
155
156 return 0;
157 }
158
159 static int packetize_data(void *data, size_t length)
160 {
161 int rc = 0;
162 int done = 0;
163 int packet_length;
164 u8 *temp;
165 u8 *end = (u8 *) data + length;
166 pr_debug("packetize_data: data length %d\n", length);
167 if (!rbu_data.packetsize) {
168 printk(KERN_WARNING
169 "dell_rbu: packetsize not specified\n");
170 return -EIO;
171 }
172
173 temp = (u8 *) data;
174
175 /* packetize the hunk */
176 while (!done) {
177 if ((temp + rbu_data.packetsize) < end)
178 packet_length = rbu_data.packetsize;
179 else {
180 /* this is the last packet */
181 packet_length = end - temp;
182 done = 1;
183 }
184
185 if ((rc = create_packet(temp, packet_length)))
186 return rc;
187
188 pr_debug("%lu:%lu\n", temp, (end - temp));
189 temp += packet_length;
190 }
191
192 rbu_data.imagesize = length;
193
194 return rc;
195 }
196
197 static int do_packet_read(char *data, struct list_head *ptemp_list,
198 int length, int bytes_read, int *list_read_count)
199 {
200 void *ptemp_buf;
201 struct packet_data *newpacket = NULL;
202 int bytes_copied = 0;
203 int j = 0;
204
205 newpacket = list_entry(ptemp_list, struct packet_data, list);
206 *list_read_count += newpacket->length;
207
208 if (*list_read_count > bytes_read) {
209 /* point to the start of unread data */
210 j = newpacket->length - (*list_read_count - bytes_read);
211 /* point to the offset in the packet buffer */
212 ptemp_buf = (u8 *) newpacket->data + j;
213 /*
214 * check if there is enough room in
215 * * the incoming buffer
216 */
217 if (length > (*list_read_count - bytes_read))
218 /*
219 * copy what ever is there in this
220 * packet and move on
221 */
222 bytes_copied = (*list_read_count - bytes_read);
223 else
224 /* copy the remaining */
225 bytes_copied = length;
226 memcpy(data, ptemp_buf, bytes_copied);
227 }
228 return bytes_copied;
229 }
230
231 static int packet_read_list(char *data, size_t * pread_length)
232 {
233 struct list_head *ptemp_list;
234 int temp_count = 0;
235 int bytes_copied = 0;
236 int bytes_read = 0;
237 int remaining_bytes = 0;
238 char *pdest = data;
239
240 /* check if we have any packets */
241 if (0 == rbu_data.num_packets)
242 return -ENOMEM;
243
244 remaining_bytes = *pread_length;
245 bytes_read = rbu_data.packet_read_count;
246
247 ptemp_list = (&packet_data_head.list)->next;
248 while (!list_empty(ptemp_list)) {
249 bytes_copied = do_packet_read(pdest, ptemp_list,
250 remaining_bytes, bytes_read, &temp_count);
251 remaining_bytes -= bytes_copied;
252 bytes_read += bytes_copied;
253 pdest += bytes_copied;
254 /*
255 * check if we reached end of buffer before reaching the
256 * last packet
257 */
258 if (remaining_bytes == 0)
259 break;
260
261 ptemp_list = ptemp_list->next;
262 }
263 /*finally set the bytes read */
264 *pread_length = bytes_read - rbu_data.packet_read_count;
265 rbu_data.packet_read_count = bytes_read;
266 return 0;
267 }
268
269 static void packet_empty_list(void)
270 {
271 struct list_head *ptemp_list;
272 struct list_head *pnext_list;
273 struct packet_data *newpacket;
274
275 ptemp_list = (&packet_data_head.list)->next;
276 while (!list_empty(ptemp_list)) {
277 newpacket =
278 list_entry(ptemp_list, struct packet_data, list);
279 pnext_list = ptemp_list->next;
280 list_del(ptemp_list);
281 ptemp_list = pnext_list;
282 /*
283 * zero out the RBU packet memory before freeing
284 * to make sure there are no stale RBU packets left in memory
285 */
286 memset(newpacket->data, 0, rbu_data.packetsize);
287 free_pages((unsigned long) newpacket->data,
288 newpacket->ordernum);
289 kfree(newpacket);
290 }
291 rbu_data.packet_read_count = 0;
292 rbu_data.num_packets = 0;
293 rbu_data.imagesize = 0;
294 }
295
296 /*
297 * img_update_free: Frees the buffer allocated for storing BIOS image
298 * Always called with lock held and returned with lock held
299 */
300 static void img_update_free(void)
301 {
302 if (!rbu_data.image_update_buffer)
303 return;
304 /*
305 * zero out this buffer before freeing it to get rid of any stale
306 * BIOS image copied in memory.
307 */
308 memset(rbu_data.image_update_buffer, 0,
309 rbu_data.image_update_buffer_size);
310 if (rbu_data.dma_alloc == 1)
311 dma_free_coherent(NULL, rbu_data.bios_image_size,
312 rbu_data.image_update_buffer, dell_rbu_dmaaddr);
313 else
314 free_pages((unsigned long) rbu_data.image_update_buffer,
315 rbu_data.image_update_ordernum);
316
317 /*
318 * Re-initialize the rbu_data variables after a free
319 */
320 rbu_data.image_update_ordernum = -1;
321 rbu_data.image_update_buffer = NULL;
322 rbu_data.image_update_buffer_size = 0;
323 rbu_data.bios_image_size = 0;
324 rbu_data.dma_alloc = 0;
325 }
326
327 /*
328 * img_update_realloc: This function allocates the contiguous pages to
329 * accommodate the requested size of data. The memory address and size
330 * values are stored globally and on every call to this function the new
331 * size is checked to see if more data is required than the existing size.
332 * If true the previous memory is freed and new allocation is done to
333 * accommodate the new size. If the incoming size is less then than the
334 * already allocated size, then that memory is reused. This function is
335 * called with lock held and returns with lock held.
336 */
337 static int img_update_realloc(unsigned long size)
338 {
339 unsigned char *image_update_buffer = NULL;
340 unsigned long rc;
341 unsigned long img_buf_phys_addr;
342 int ordernum;
343 int dma_alloc = 0;
344
345 /*
346 * check if the buffer of sufficient size has been
347 * already allocated
348 */
349 if (rbu_data.image_update_buffer_size >= size) {
350 /*
351 * check for corruption
352 */
353 if ((size != 0) && (rbu_data.image_update_buffer == NULL)) {
354 printk(KERN_ERR "dell_rbu:%s: corruption "
355 "check failed\n", __FUNCTION__);
356 return -EINVAL;
357 }
358 /*
359 * we have a valid pre-allocated buffer with
360 * sufficient size
361 */
362 return 0;
363 }
364
365 /*
366 * free any previously allocated buffer
367 */
368 img_update_free();
369
370 spin_unlock(&rbu_data.lock);
371
372 ordernum = get_order(size);
373 image_update_buffer =
374 (unsigned char *) __get_free_pages(GFP_KERNEL, ordernum);
375
376 img_buf_phys_addr =
377 (unsigned long) virt_to_phys(image_update_buffer);
378
379 if (img_buf_phys_addr > BIOS_SCAN_LIMIT) {
380 free_pages((unsigned long) image_update_buffer, ordernum);
381 ordernum = -1;
382 image_update_buffer = dma_alloc_coherent(NULL, size,
383 &dell_rbu_dmaaddr, GFP_KERNEL);
384 dma_alloc = 1;
385 }
386
387 spin_lock(&rbu_data.lock);
388
389 if (image_update_buffer != NULL) {
390 rbu_data.image_update_buffer = image_update_buffer;
391 rbu_data.image_update_buffer_size = size;
392 rbu_data.bios_image_size =
393 rbu_data.image_update_buffer_size;
394 rbu_data.image_update_ordernum = ordernum;
395 rbu_data.dma_alloc = dma_alloc;
396 rc = 0;
397 } else {
398 pr_debug("Not enough memory for image update:"
399 "size = %ld\n", size);
400 rc = -ENOMEM;
401 }
402
403 return rc;
404 }
405
406 static ssize_t read_packet_data(char *buffer, loff_t pos, size_t count)
407 {
408 int retval;
409 size_t bytes_left;
410 size_t data_length;
411 char *ptempBuf = buffer;
412
413 /* check to see if we have something to return */
414 if (rbu_data.num_packets == 0) {
415 pr_debug("read_packet_data: no packets written\n");
416 retval = -ENOMEM;
417 goto read_rbu_data_exit;
418 }
419
420 if (pos > rbu_data.imagesize) {
421 retval = 0;
422 printk(KERN_WARNING "dell_rbu:read_packet_data: "
423 "data underrun\n");
424 goto read_rbu_data_exit;
425 }
426
427 bytes_left = rbu_data.imagesize - pos;
428 data_length = min(bytes_left, count);
429
430 if ((retval = packet_read_list(ptempBuf, &data_length)) < 0)
431 goto read_rbu_data_exit;
432
433 if ((pos + count) > rbu_data.imagesize) {
434 rbu_data.packet_read_count = 0;
435 /* this was the last copy */
436 retval = bytes_left;
437 } else
438 retval = count;
439
440 read_rbu_data_exit:
441 return retval;
442 }
443
444 static ssize_t read_rbu_mono_data(char *buffer, loff_t pos, size_t count)
445 {
446 unsigned char *ptemp = NULL;
447 size_t bytes_left = 0;
448 size_t data_length = 0;
449 ssize_t ret_count = 0;
450
451 /* check to see if we have something to return */
452 if ((rbu_data.image_update_buffer == NULL) ||
453 (rbu_data.bios_image_size == 0)) {
454 pr_debug("read_rbu_data_mono: image_update_buffer %p ,"
455 "bios_image_size %lu\n",
456 rbu_data.image_update_buffer,
457 rbu_data.bios_image_size);
458 ret_count = -ENOMEM;
459 goto read_rbu_data_exit;
460 }
461
462 if (pos > rbu_data.bios_image_size) {
463 ret_count = 0;
464 goto read_rbu_data_exit;
465 }
466
467 bytes_left = rbu_data.bios_image_size - pos;
468 data_length = min(bytes_left, count);
469
470 ptemp = rbu_data.image_update_buffer;
471 memcpy(buffer, (ptemp + pos), data_length);
472
473 if ((pos + count) > rbu_data.bios_image_size)
474 /* this was the last copy */
475 ret_count = bytes_left;
476 else
477 ret_count = count;
478 read_rbu_data_exit:
479 return ret_count;
480 }
481
482 static ssize_t read_rbu_data(struct kobject *kobj, char *buffer,
483 loff_t pos, size_t count)
484 {
485 ssize_t ret_count = 0;
486
487 spin_lock(&rbu_data.lock);
488
489 if (!strcmp(image_type, "mono"))
490 ret_count = read_rbu_mono_data(buffer, pos, count);
491 else if (!strcmp(image_type, "packet"))
492 ret_count = read_packet_data(buffer, pos, count);
493 else
494 pr_debug("read_rbu_data: invalid image type specified\n");
495
496 spin_unlock(&rbu_data.lock);
497 return ret_count;
498 }
499
500 static void callbackfn_rbu(const struct firmware *fw, void *context)
501 {
502 int rc = 0;
503
504 if (!fw || !fw->size) {
505 rbu_data.entry_created = 0;
506 return;
507 }
508
509 spin_lock(&rbu_data.lock);
510 if (!strcmp(image_type, "mono")) {
511 if (!img_update_realloc(fw->size))
512 memcpy(rbu_data.image_update_buffer,
513 fw->data, fw->size);
514 } else if (!strcmp(image_type, "packet")) {
515 /*
516 * we need to free previous packets if a
517 * new hunk of packets needs to be downloaded
518 */
519 packet_empty_list();
520 if (packetize_data(fw->data, fw->size))
521 /* Incase something goes wrong when we are
522 * in middle of packetizing the data, we
523 * need to free up whatever packets might
524 * have been created before we quit.
525 */
526 packet_empty_list();
527 } else
528 pr_debug("invalid image type specified.\n");
529 spin_unlock(&rbu_data.lock);
530
531 rc = request_firmware_nowait(THIS_MODULE, FW_ACTION_NOHOTPLUG,
532 "dell_rbu", &rbu_device->dev, &context, callbackfn_rbu);
533 if (rc)
534 printk(KERN_ERR
535 "dell_rbu:%s request_firmware_nowait failed"
536 " %d\n", __FUNCTION__, rc);
537 else
538 rbu_data.entry_created = 1;
539 }
540
541 static ssize_t read_rbu_image_type(struct kobject *kobj, char *buffer,
542 loff_t pos, size_t count)
543 {
544 int size = 0;
545 if (!pos)
546 size = sprintf(buffer, "%s\n", image_type);
547 return size;
548 }
549
550 static ssize_t write_rbu_image_type(struct kobject *kobj, char *buffer,
551 loff_t pos, size_t count)
552 {
553 int rc = count;
554 int req_firm_rc = 0;
555 int i;
556 spin_lock(&rbu_data.lock);
557 /*
558 * Find the first newline or space
559 */
560 for (i = 0; i < count; ++i)
561 if (buffer[i] == '\n' || buffer[i] == ' ') {
562 buffer[i] = '\0';
563 break;
564 }
565 if (i == count)
566 buffer[count] = '\0';
567
568 if (strstr(buffer, "mono"))
569 strcpy(image_type, "mono");
570 else if (strstr(buffer, "packet"))
571 strcpy(image_type, "packet");
572 else if (strstr(buffer, "init")) {
573 /*
574 * If due to the user error the driver gets in a bad
575 * state where even though it is loaded , the
576 * /sys/class/firmware/dell_rbu entries are missing.
577 * to cover this situation the user can recreate entries
578 * by writing init to image_type.
579 */
580 if (!rbu_data.entry_created) {
581 spin_unlock(&rbu_data.lock);
582 req_firm_rc = request_firmware_nowait(THIS_MODULE,
583 FW_ACTION_NOHOTPLUG, "dell_rbu",
584 &rbu_device->dev, &context,
585 callbackfn_rbu);
586 if (req_firm_rc) {
587 printk(KERN_ERR
588 "dell_rbu:%s request_firmware_nowait"
589 " failed %d\n", __FUNCTION__, rc);
590 rc = -EIO;
591 } else
592 rbu_data.entry_created = 1;
593
594 spin_lock(&rbu_data.lock);
595 }
596 } else {
597 printk(KERN_WARNING "dell_rbu: image_type is invalid\n");
598 spin_unlock(&rbu_data.lock);
599 return -EINVAL;
600 }
601
602 /* we must free all previous allocations */
603 packet_empty_list();
604 img_update_free();
605 spin_unlock(&rbu_data.lock);
606
607 return rc;
608 }
609
610 static ssize_t read_rbu_packet_size(struct kobject *kobj, char *buffer,
611 loff_t pos, size_t count)
612 {
613 int size = 0;
614 if (!pos) {
615 spin_lock(&rbu_data.lock);
616 size = sprintf(buffer, "%lu\n", rbu_data.packetsize);
617 spin_unlock(&rbu_data.lock);
618 }
619 return size;
620 }
621
622 static ssize_t write_rbu_packet_size(struct kobject *kobj, char *buffer,
623 loff_t pos, size_t count)
624 {
625 unsigned long temp;
626 spin_lock(&rbu_data.lock);
627 packet_empty_list();
628 sscanf(buffer, "%lu", &temp);
629 if (temp < 0xffffffff)
630 rbu_data.packetsize = temp;
631
632 spin_unlock(&rbu_data.lock);
633 return count;
634 }
635
636 static struct bin_attribute rbu_data_attr = {
637 .attr = {.name = "data",.owner = THIS_MODULE,.mode = 0444},
638 .read = read_rbu_data,
639 };
640
641 static struct bin_attribute rbu_image_type_attr = {
642 .attr = {.name = "image_type",.owner = THIS_MODULE,.mode = 0644},
643 .read = read_rbu_image_type,
644 .write = write_rbu_image_type,
645 };
646
647 static struct bin_attribute rbu_packet_size_attr = {
648 .attr = {.name = "packet_size",.owner = THIS_MODULE,.mode = 0644},
649 .read = read_rbu_packet_size,
650 .write = write_rbu_packet_size,
651 };
652
653 static int __init dcdrbu_init(void)
654 {
655 int rc = 0;
656 spin_lock_init(&rbu_data.lock);
657
658 init_packet_head();
659 rbu_device =
660 platform_device_register_simple("dell_rbu", -1, NULL, 0);
661 if (!rbu_device) {
662 printk(KERN_ERR
663 "dell_rbu:%s:platform_device_register_simple "
664 "failed\n", __FUNCTION__);
665 return -EIO;
666 }
667
668 sysfs_create_bin_file(&rbu_device->dev.kobj, &rbu_data_attr);
669 sysfs_create_bin_file(&rbu_device->dev.kobj, &rbu_image_type_attr);
670 sysfs_create_bin_file(&rbu_device->dev.kobj,
671 &rbu_packet_size_attr);
672
673 rc = request_firmware_nowait(THIS_MODULE, FW_ACTION_NOHOTPLUG,
674 "dell_rbu", &rbu_device->dev, &context, callbackfn_rbu);
675 if (rc)
676 printk(KERN_ERR "dell_rbu:%s:request_firmware_nowait"
677 " failed %d\n", __FUNCTION__, rc);
678 else
679 rbu_data.entry_created = 1;
680
681 return rc;
682
683 }
684
685 static __exit void dcdrbu_exit(void)
686 {
687 spin_lock(&rbu_data.lock);
688 packet_empty_list();
689 img_update_free();
690 spin_unlock(&rbu_data.lock);
691 platform_device_unregister(rbu_device);
692 }
693
694 module_exit(dcdrbu_exit);
695 module_init(dcdrbu_init);
Linux with added FPC-III support