Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / base / firmware_class.c
blob72c644b191a480f36910973a2b34d17179e90f44
1 /*
2 * firmware_class.c - Multi purpose firmware loading support
4 * Copyright (c) 2003 Manuel Estrada Sainz
6 * Please see Documentation/firmware_class/ for more information.
8 */
10 #include <linux/capability.h>
11 #include <linux/device.h>
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/timer.h>
15 #include <linux/vmalloc.h>
16 #include <linux/interrupt.h>
17 #include <linux/bitops.h>
18 #include <linux/mutex.h>
19 #include <linux/kthread.h>
20 #include <linux/highmem.h>
21 #include <linux/firmware.h>
22 #include <linux/slab.h>
24 #define to_dev(obj) container_of(obj, struct device, kobj)
26 MODULE_AUTHOR("Manuel Estrada Sainz");
27 MODULE_DESCRIPTION("Multi purpose firmware loading support");
28 MODULE_LICENSE("GPL");
30 /* Builtin firmware support */
32 #ifdef CONFIG_FW_LOADER
34 extern struct builtin_fw __start_builtin_fw[];
35 extern struct builtin_fw __end_builtin_fw[];
37 static bool fw_get_builtin_firmware(struct firmware *fw, const char *name)
39 struct builtin_fw *b_fw;
41 for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++) {
42 if (strcmp(name, b_fw->name) == 0) {
43 fw->size = b_fw->size;
44 fw->data = b_fw->data;
45 return true;
49 return false;
52 static bool fw_is_builtin_firmware(const struct firmware *fw)
54 struct builtin_fw *b_fw;
56 for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++)
57 if (fw->data == b_fw->data)
58 return true;
60 return false;
63 #else /* Module case - no builtin firmware support */
65 static inline bool fw_get_builtin_firmware(struct firmware *fw, const char *name)
67 return false;
70 static inline bool fw_is_builtin_firmware(const struct firmware *fw)
72 return false;
74 #endif
76 enum {
77 FW_STATUS_LOADING,
78 FW_STATUS_DONE,
79 FW_STATUS_ABORT,
82 static int loading_timeout = 60; /* In seconds */
84 static inline long firmware_loading_timeout(void)
86 return loading_timeout > 0 ? loading_timeout * HZ : MAX_SCHEDULE_TIMEOUT;
89 /* fw_lock could be moved to 'struct firmware_priv' but since it is just
90 * guarding for corner cases a global lock should be OK */
91 static DEFINE_MUTEX(fw_lock);
93 struct firmware_priv {
94 struct completion completion;
95 struct firmware *fw;
96 unsigned long status;
97 struct page **pages;
98 int nr_pages;
99 int page_array_size;
100 struct timer_list timeout;
101 struct device dev;
102 bool nowait;
103 char fw_id[];
106 static struct firmware_priv *to_firmware_priv(struct device *dev)
108 return container_of(dev, struct firmware_priv, dev);
111 static void fw_load_abort(struct firmware_priv *fw_priv)
113 set_bit(FW_STATUS_ABORT, &fw_priv->status);
114 wmb();
115 complete(&fw_priv->completion);
118 static ssize_t firmware_timeout_show(struct class *class,
119 struct class_attribute *attr,
120 char *buf)
122 return sprintf(buf, "%d\n", loading_timeout);
126 * firmware_timeout_store - set number of seconds to wait for firmware
127 * @class: device class pointer
128 * @attr: device attribute pointer
129 * @buf: buffer to scan for timeout value
130 * @count: number of bytes in @buf
132 * Sets the number of seconds to wait for the firmware. Once
133 * this expires an error will be returned to the driver and no
134 * firmware will be provided.
136 * Note: zero means 'wait forever'.
138 static ssize_t firmware_timeout_store(struct class *class,
139 struct class_attribute *attr,
140 const char *buf, size_t count)
142 loading_timeout = simple_strtol(buf, NULL, 10);
143 if (loading_timeout < 0)
144 loading_timeout = 0;
146 return count;
149 static struct class_attribute firmware_class_attrs[] = {
150 __ATTR(timeout, S_IWUSR | S_IRUGO,
151 firmware_timeout_show, firmware_timeout_store),
152 __ATTR_NULL
155 static void fw_dev_release(struct device *dev)
157 struct firmware_priv *fw_priv = to_firmware_priv(dev);
158 int i;
160 for (i = 0; i < fw_priv->nr_pages; i++)
161 __free_page(fw_priv->pages[i]);
162 kfree(fw_priv->pages);
163 kfree(fw_priv);
165 module_put(THIS_MODULE);
168 static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
170 struct firmware_priv *fw_priv = to_firmware_priv(dev);
172 if (add_uevent_var(env, "FIRMWARE=%s", fw_priv->fw_id))
173 return -ENOMEM;
174 if (add_uevent_var(env, "TIMEOUT=%i", loading_timeout))
175 return -ENOMEM;
176 if (add_uevent_var(env, "ASYNC=%d", fw_priv->nowait))
177 return -ENOMEM;
179 return 0;
182 static struct class firmware_class = {
183 .name = "firmware",
184 .class_attrs = firmware_class_attrs,
185 .dev_uevent = firmware_uevent,
186 .dev_release = fw_dev_release,
189 static ssize_t firmware_loading_show(struct device *dev,
190 struct device_attribute *attr, char *buf)
192 struct firmware_priv *fw_priv = to_firmware_priv(dev);
193 int loading = test_bit(FW_STATUS_LOADING, &fw_priv->status);
195 return sprintf(buf, "%d\n", loading);
198 static void firmware_free_data(const struct firmware *fw)
200 int i;
201 vunmap(fw->data);
202 if (fw->pages) {
203 for (i = 0; i < PFN_UP(fw->size); i++)
204 __free_page(fw->pages[i]);
205 kfree(fw->pages);
209 /* Some architectures don't have PAGE_KERNEL_RO */
210 #ifndef PAGE_KERNEL_RO
211 #define PAGE_KERNEL_RO PAGE_KERNEL
212 #endif
214 * firmware_loading_store - set value in the 'loading' control file
215 * @dev: device pointer
216 * @attr: device attribute pointer
217 * @buf: buffer to scan for loading control value
218 * @count: number of bytes in @buf
220 * The relevant values are:
222 * 1: Start a load, discarding any previous partial load.
223 * 0: Conclude the load and hand the data to the driver code.
224 * -1: Conclude the load with an error and discard any written data.
226 static ssize_t firmware_loading_store(struct device *dev,
227 struct device_attribute *attr,
228 const char *buf, size_t count)
230 struct firmware_priv *fw_priv = to_firmware_priv(dev);
231 int loading = simple_strtol(buf, NULL, 10);
232 int i;
234 mutex_lock(&fw_lock);
236 if (!fw_priv->fw)
237 goto out;
239 switch (loading) {
240 case 1:
241 firmware_free_data(fw_priv->fw);
242 memset(fw_priv->fw, 0, sizeof(struct firmware));
243 /* If the pages are not owned by 'struct firmware' */
244 for (i = 0; i < fw_priv->nr_pages; i++)
245 __free_page(fw_priv->pages[i]);
246 kfree(fw_priv->pages);
247 fw_priv->pages = NULL;
248 fw_priv->page_array_size = 0;
249 fw_priv->nr_pages = 0;
250 set_bit(FW_STATUS_LOADING, &fw_priv->status);
251 break;
252 case 0:
253 if (test_bit(FW_STATUS_LOADING, &fw_priv->status)) {
254 vunmap(fw_priv->fw->data);
255 fw_priv->fw->data = vmap(fw_priv->pages,
256 fw_priv->nr_pages,
257 0, PAGE_KERNEL_RO);
258 if (!fw_priv->fw->data) {
259 dev_err(dev, "%s: vmap() failed\n", __func__);
260 goto err;
262 /* Pages are now owned by 'struct firmware' */
263 fw_priv->fw->pages = fw_priv->pages;
264 fw_priv->pages = NULL;
266 fw_priv->page_array_size = 0;
267 fw_priv->nr_pages = 0;
268 complete(&fw_priv->completion);
269 clear_bit(FW_STATUS_LOADING, &fw_priv->status);
270 break;
272 /* fallthrough */
273 default:
274 dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
275 /* fallthrough */
276 case -1:
277 err:
278 fw_load_abort(fw_priv);
279 break;
281 out:
282 mutex_unlock(&fw_lock);
283 return count;
286 static DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
288 static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
289 struct bin_attribute *bin_attr,
290 char *buffer, loff_t offset, size_t count)
292 struct device *dev = to_dev(kobj);
293 struct firmware_priv *fw_priv = to_firmware_priv(dev);
294 struct firmware *fw;
295 ssize_t ret_count;
297 mutex_lock(&fw_lock);
298 fw = fw_priv->fw;
299 if (!fw || test_bit(FW_STATUS_DONE, &fw_priv->status)) {
300 ret_count = -ENODEV;
301 goto out;
303 if (offset > fw->size) {
304 ret_count = 0;
305 goto out;
307 if (count > fw->size - offset)
308 count = fw->size - offset;
310 ret_count = count;
312 while (count) {
313 void *page_data;
314 int page_nr = offset >> PAGE_SHIFT;
315 int page_ofs = offset & (PAGE_SIZE-1);
316 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
318 page_data = kmap(fw_priv->pages[page_nr]);
320 memcpy(buffer, page_data + page_ofs, page_cnt);
322 kunmap(fw_priv->pages[page_nr]);
323 buffer += page_cnt;
324 offset += page_cnt;
325 count -= page_cnt;
327 out:
328 mutex_unlock(&fw_lock);
329 return ret_count;
332 static int fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size)
334 int pages_needed = ALIGN(min_size, PAGE_SIZE) >> PAGE_SHIFT;
336 /* If the array of pages is too small, grow it... */
337 if (fw_priv->page_array_size < pages_needed) {
338 int new_array_size = max(pages_needed,
339 fw_priv->page_array_size * 2);
340 struct page **new_pages;
342 new_pages = kmalloc(new_array_size * sizeof(void *),
343 GFP_KERNEL);
344 if (!new_pages) {
345 fw_load_abort(fw_priv);
346 return -ENOMEM;
348 memcpy(new_pages, fw_priv->pages,
349 fw_priv->page_array_size * sizeof(void *));
350 memset(&new_pages[fw_priv->page_array_size], 0, sizeof(void *) *
351 (new_array_size - fw_priv->page_array_size));
352 kfree(fw_priv->pages);
353 fw_priv->pages = new_pages;
354 fw_priv->page_array_size = new_array_size;
357 while (fw_priv->nr_pages < pages_needed) {
358 fw_priv->pages[fw_priv->nr_pages] =
359 alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
361 if (!fw_priv->pages[fw_priv->nr_pages]) {
362 fw_load_abort(fw_priv);
363 return -ENOMEM;
365 fw_priv->nr_pages++;
367 return 0;
371 * firmware_data_write - write method for firmware
372 * @filp: open sysfs file
373 * @kobj: kobject for the device
374 * @bin_attr: bin_attr structure
375 * @buffer: buffer being written
376 * @offset: buffer offset for write in total data store area
377 * @count: buffer size
379 * Data written to the 'data' attribute will be later handed to
380 * the driver as a firmware image.
382 static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
383 struct bin_attribute *bin_attr,
384 char *buffer, loff_t offset, size_t count)
386 struct device *dev = to_dev(kobj);
387 struct firmware_priv *fw_priv = to_firmware_priv(dev);
388 struct firmware *fw;
389 ssize_t retval;
391 if (!capable(CAP_SYS_RAWIO))
392 return -EPERM;
394 mutex_lock(&fw_lock);
395 fw = fw_priv->fw;
396 if (!fw || test_bit(FW_STATUS_DONE, &fw_priv->status)) {
397 retval = -ENODEV;
398 goto out;
400 retval = fw_realloc_buffer(fw_priv, offset + count);
401 if (retval)
402 goto out;
404 retval = count;
406 while (count) {
407 void *page_data;
408 int page_nr = offset >> PAGE_SHIFT;
409 int page_ofs = offset & (PAGE_SIZE - 1);
410 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
412 page_data = kmap(fw_priv->pages[page_nr]);
414 memcpy(page_data + page_ofs, buffer, page_cnt);
416 kunmap(fw_priv->pages[page_nr]);
417 buffer += page_cnt;
418 offset += page_cnt;
419 count -= page_cnt;
422 fw->size = max_t(size_t, offset, fw->size);
423 out:
424 mutex_unlock(&fw_lock);
425 return retval;
428 static struct bin_attribute firmware_attr_data = {
429 .attr = { .name = "data", .mode = 0644 },
430 .size = 0,
431 .read = firmware_data_read,
432 .write = firmware_data_write,
435 static void firmware_class_timeout(u_long data)
437 struct firmware_priv *fw_priv = (struct firmware_priv *) data;
439 fw_load_abort(fw_priv);
442 static struct firmware_priv *
443 fw_create_instance(const struct firmware *firmware, const char *fw_name,
444 struct device *device, bool uevent, bool nowait)
446 struct firmware_priv *fw_priv;
447 struct device *f_dev;
448 int error;
450 fw_priv = kzalloc(sizeof(*fw_priv) + strlen(fw_name) + 1 , GFP_KERNEL);
451 if (!fw_priv) {
452 dev_err(device, "%s: kmalloc failed\n", __func__);
453 error = -ENOMEM;
454 goto err_out;
457 fw_priv->fw = (struct firmware *)firmware;
458 fw_priv->nowait = nowait;
459 strcpy(fw_priv->fw_id, fw_name);
460 init_completion(&fw_priv->completion);
461 setup_timer(&fw_priv->timeout,
462 firmware_class_timeout, (u_long) fw_priv);
464 f_dev = &fw_priv->dev;
466 device_initialize(f_dev);
467 dev_set_name(f_dev, "%s", dev_name(device));
468 f_dev->parent = device;
469 f_dev->class = &firmware_class;
471 dev_set_uevent_suppress(f_dev, true);
473 /* Need to pin this module until class device is destroyed */
474 __module_get(THIS_MODULE);
476 error = device_add(f_dev);
477 if (error) {
478 dev_err(device, "%s: device_register failed\n", __func__);
479 goto err_put_dev;
482 error = device_create_bin_file(f_dev, &firmware_attr_data);
483 if (error) {
484 dev_err(device, "%s: sysfs_create_bin_file failed\n", __func__);
485 goto err_del_dev;
488 error = device_create_file(f_dev, &dev_attr_loading);
489 if (error) {
490 dev_err(device, "%s: device_create_file failed\n", __func__);
491 goto err_del_bin_attr;
494 if (uevent)
495 dev_set_uevent_suppress(f_dev, false);
497 return fw_priv;
499 err_del_bin_attr:
500 device_remove_bin_file(f_dev, &firmware_attr_data);
501 err_del_dev:
502 device_del(f_dev);
503 err_put_dev:
504 put_device(f_dev);
505 err_out:
506 return ERR_PTR(error);
509 static void fw_destroy_instance(struct firmware_priv *fw_priv)
511 struct device *f_dev = &fw_priv->dev;
513 device_remove_file(f_dev, &dev_attr_loading);
514 device_remove_bin_file(f_dev, &firmware_attr_data);
515 device_unregister(f_dev);
518 static int _request_firmware_prepare(const struct firmware **firmware_p,
519 const char *name, struct device *device)
521 struct firmware *firmware;
523 if (!firmware_p)
524 return -EINVAL;
526 *firmware_p = firmware = kzalloc(sizeof(*firmware), GFP_KERNEL);
527 if (!firmware) {
528 dev_err(device, "%s: kmalloc(struct firmware) failed\n",
529 __func__);
530 return -ENOMEM;
533 if (fw_get_builtin_firmware(firmware, name)) {
534 dev_dbg(device, "firmware: using built-in firmware %s\n", name);
535 return 0;
538 return 1;
541 static void _request_firmware_cleanup(const struct firmware **firmware_p)
543 release_firmware(*firmware_p);
544 *firmware_p = NULL;
547 static int _request_firmware(const struct firmware *firmware,
548 const char *name, struct device *device,
549 bool uevent, bool nowait, long timeout)
551 struct firmware_priv *fw_priv;
552 int retval = 0;
554 if (uevent)
555 dev_dbg(device, "firmware: requesting %s\n", name);
557 fw_priv = fw_create_instance(firmware, name, device, uevent, nowait);
558 if (IS_ERR(fw_priv))
559 return PTR_ERR(fw_priv);
561 if (uevent) {
562 if (timeout != MAX_SCHEDULE_TIMEOUT)
563 mod_timer(&fw_priv->timeout,
564 round_jiffies_up(jiffies + timeout));
566 kobject_uevent(&fw_priv->dev.kobj, KOBJ_ADD);
569 wait_for_completion(&fw_priv->completion);
571 set_bit(FW_STATUS_DONE, &fw_priv->status);
572 del_timer_sync(&fw_priv->timeout);
574 mutex_lock(&fw_lock);
575 if (!fw_priv->fw->size || test_bit(FW_STATUS_ABORT, &fw_priv->status))
576 retval = -ENOENT;
577 fw_priv->fw = NULL;
578 mutex_unlock(&fw_lock);
580 fw_destroy_instance(fw_priv);
581 return retval;
585 * request_firmware: - send firmware request and wait for it
586 * @firmware_p: pointer to firmware image
587 * @name: name of firmware file
588 * @device: device for which firmware is being loaded
590 * @firmware_p will be used to return a firmware image by the name
591 * of @name for device @device.
593 * Should be called from user context where sleeping is allowed.
595 * @name will be used as $FIRMWARE in the uevent environment and
596 * should be distinctive enough not to be confused with any other
597 * firmware image for this or any other device.
600 request_firmware(const struct firmware **firmware_p, const char *name,
601 struct device *device)
603 int ret;
605 ret = _request_firmware_prepare(firmware_p, name, device);
606 if (ret <= 0)
607 return ret;
609 ret = usermodehelper_read_trylock();
610 if (WARN_ON(ret)) {
611 dev_err(device, "firmware: %s will not be loaded\n", name);
612 } else {
613 ret = _request_firmware(*firmware_p, name, device, true, false,
614 firmware_loading_timeout());
615 usermodehelper_read_unlock();
617 if (ret)
618 _request_firmware_cleanup(firmware_p);
620 return ret;
624 * release_firmware: - release the resource associated with a firmware image
625 * @fw: firmware resource to release
627 void release_firmware(const struct firmware *fw)
629 if (fw) {
630 if (!fw_is_builtin_firmware(fw))
631 firmware_free_data(fw);
632 kfree(fw);
636 /* Async support */
637 struct firmware_work {
638 struct work_struct work;
639 struct module *module;
640 const char *name;
641 struct device *device;
642 void *context;
643 void (*cont)(const struct firmware *fw, void *context);
644 bool uevent;
647 static int request_firmware_work_func(void *arg)
649 struct firmware_work *fw_work = arg;
650 const struct firmware *fw;
651 long timeout;
652 int ret;
654 if (!arg) {
655 WARN_ON(1);
656 return 0;
659 ret = _request_firmware_prepare(&fw, fw_work->name, fw_work->device);
660 if (ret <= 0)
661 goto out;
663 timeout = usermodehelper_read_lock_wait(firmware_loading_timeout());
664 if (timeout) {
665 ret = _request_firmware(fw, fw_work->name, fw_work->device,
666 fw_work->uevent, true, timeout);
667 usermodehelper_read_unlock();
668 } else {
669 dev_dbg(fw_work->device, "firmware: %s loading timed out\n",
670 fw_work->name);
671 ret = -EAGAIN;
673 if (ret)
674 _request_firmware_cleanup(&fw);
676 out:
677 fw_work->cont(fw, fw_work->context);
679 module_put(fw_work->module);
680 kfree(fw_work);
682 return ret;
686 * request_firmware_nowait - asynchronous version of request_firmware
687 * @module: module requesting the firmware
688 * @uevent: sends uevent to copy the firmware image if this flag
689 * is non-zero else the firmware copy must be done manually.
690 * @name: name of firmware file
691 * @device: device for which firmware is being loaded
692 * @gfp: allocation flags
693 * @context: will be passed over to @cont, and
694 * @fw may be %NULL if firmware request fails.
695 * @cont: function will be called asynchronously when the firmware
696 * request is over.
698 * Asynchronous variant of request_firmware() for user contexts where
699 * it is not possible to sleep for long time. It can't be called
700 * in atomic contexts.
703 request_firmware_nowait(
704 struct module *module, bool uevent,
705 const char *name, struct device *device, gfp_t gfp, void *context,
706 void (*cont)(const struct firmware *fw, void *context))
708 struct task_struct *task;
709 struct firmware_work *fw_work;
711 fw_work = kzalloc(sizeof (struct firmware_work), gfp);
712 if (!fw_work)
713 return -ENOMEM;
715 fw_work->module = module;
716 fw_work->name = name;
717 fw_work->device = device;
718 fw_work->context = context;
719 fw_work->cont = cont;
720 fw_work->uevent = uevent;
722 if (!try_module_get(module)) {
723 kfree(fw_work);
724 return -EFAULT;
727 task = kthread_run(request_firmware_work_func, fw_work,
728 "firmware/%s", name);
729 if (IS_ERR(task)) {
730 fw_work->cont(NULL, fw_work->context);
731 module_put(fw_work->module);
732 kfree(fw_work);
733 return PTR_ERR(task);
736 return 0;
739 static int __init firmware_class_init(void)
741 return class_register(&firmware_class);
744 static void __exit firmware_class_exit(void)
746 class_unregister(&firmware_class);
749 fs_initcall(firmware_class_init);
750 module_exit(firmware_class_exit);
752 EXPORT_SYMBOL(release_firmware);
753 EXPORT_SYMBOL(request_firmware);
754 EXPORT_SYMBOL(request_firmware_nowait);