3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2011, Intel Corporation.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
18 #include <linux/kernel.h>
20 #include <linux/errno.h>
21 #include <linux/types.h>
22 #include <linux/fcntl.h>
23 #include <linux/aio.h>
24 #include <linux/pci.h>
25 #include <linux/init.h>
26 #include <linux/ioctl.h>
27 #include <linux/cdev.h>
28 #include <linux/list.h>
29 #include <linux/delay.h>
30 #include <linux/sched.h>
31 #include <linux/uuid.h>
32 #include <linux/jiffies.h>
33 #include <linux/uaccess.h>
39 #include "interface.h"
40 #include "mei_version.h"
45 * mei_ioctl_connect_client - the connect to fw client IOCTL function
47 * @dev: the device structure
48 * @data: IOCTL connect data, input and output parameters
49 * @file: private data of the file object
51 * Locking: called under "dev->device_lock" lock
53 * returns 0 on success, <0 on failure.
55 int mei_ioctl_connect_client(struct file
*file
,
56 struct mei_connect_client_data
*data
)
58 struct mei_device
*dev
;
60 struct mei_client
*client
;
62 struct mei_cl
*cl_pos
= NULL
;
63 struct mei_cl
*cl_next
= NULL
;
64 long timeout
= CONNECT_TIMEOUT
;
69 cl
= file
->private_data
;
70 if (WARN_ON(!cl
|| !cl
->dev
))
75 dev_dbg(&dev
->pdev
->dev
, "mei_ioctl_connect_client() Entry\n");
78 /* buffered ioctl cb */
79 cb
= kzalloc(sizeof(struct mei_cl_cb
), GFP_KERNEL
);
84 INIT_LIST_HEAD(&cb
->cb_list
);
86 cb
->major_file_operations
= MEI_IOCTL
;
88 if (dev
->mei_state
!= MEI_ENABLED
) {
92 if (cl
->state
!= MEI_FILE_INITIALIZING
&&
93 cl
->state
!= MEI_FILE_DISCONNECTED
) {
98 /* find ME client we're trying to connect to */
99 i
= mei_find_me_client_index(dev
, data
->in_client_uuid
);
100 if (i
>= 0 && !dev
->me_clients
[i
].props
.fixed_address
) {
101 cl
->me_client_id
= dev
->me_clients
[i
].client_id
;
102 cl
->state
= MEI_FILE_CONNECTING
;
105 dev_dbg(&dev
->pdev
->dev
, "Connect to FW Client ID = %d\n",
107 dev_dbg(&dev
->pdev
->dev
, "FW Client - Protocol Version = %d\n",
108 dev
->me_clients
[i
].props
.protocol_version
);
109 dev_dbg(&dev
->pdev
->dev
, "FW Client - Max Msg Len = %d\n",
110 dev
->me_clients
[i
].props
.max_msg_length
);
112 /* if we're connecting to amthi client so we will use the exist
115 if (uuid_le_cmp(data
->in_client_uuid
, mei_amthi_guid
) == 0) {
116 dev_dbg(&dev
->pdev
->dev
, "FW Client is amthi\n");
117 if (dev
->iamthif_cl
.state
!= MEI_FILE_CONNECTED
) {
121 clear_bit(cl
->host_client_id
, dev
->host_clients_map
);
122 list_for_each_entry_safe(cl_pos
, cl_next
,
123 &dev
->file_list
, link
) {
124 if (mei_cl_cmp_id(cl
, cl_pos
)) {
125 dev_dbg(&dev
->pdev
->dev
,
126 "remove file private data node host"
127 " client = %d, ME client = %d.\n",
128 cl_pos
->host_client_id
,
129 cl_pos
->me_client_id
);
130 list_del(&cl_pos
->link
);
134 dev_dbg(&dev
->pdev
->dev
, "free file private data memory.\n");
138 file
->private_data
= &dev
->iamthif_cl
;
140 client
= &data
->out_client_properties
;
141 client
->max_msg_length
=
142 dev
->me_clients
[i
].props
.max_msg_length
;
143 client
->protocol_version
=
144 dev
->me_clients
[i
].props
.protocol_version
;
145 rets
= dev
->iamthif_cl
.status
;
150 if (cl
->state
!= MEI_FILE_CONNECTING
) {
156 /* prepare the output buffer */
157 client
= &data
->out_client_properties
;
158 client
->max_msg_length
= dev
->me_clients
[i
].props
.max_msg_length
;
159 client
->protocol_version
= dev
->me_clients
[i
].props
.protocol_version
;
160 dev_dbg(&dev
->pdev
->dev
, "Can connect?\n");
161 if (dev
->mei_host_buffer_is_empty
162 && !mei_other_client_is_connecting(dev
, cl
)) {
163 dev_dbg(&dev
->pdev
->dev
, "Sending Connect Message\n");
164 dev
->mei_host_buffer_is_empty
= false;
165 if (!mei_connect(dev
, cl
)) {
166 dev_dbg(&dev
->pdev
->dev
, "Sending connect message - failed\n");
170 dev_dbg(&dev
->pdev
->dev
, "Sending connect message - succeeded\n");
171 cl
->timer_count
= MEI_CONNECT_TIMEOUT
;
172 cb
->file_private
= cl
;
173 list_add_tail(&cb
->cb_list
,
174 &dev
->ctrl_rd_list
.mei_cb
.
180 dev_dbg(&dev
->pdev
->dev
, "Queuing the connect request due to device busy\n");
181 cb
->file_private
= cl
;
182 dev_dbg(&dev
->pdev
->dev
, "add connect cb to control write list.\n");
183 list_add_tail(&cb
->cb_list
,
184 &dev
->ctrl_wr_list
.mei_cb
.cb_list
);
186 mutex_unlock(&dev
->device_lock
);
187 err
= wait_event_timeout(dev
->wait_recvd_msg
,
188 (MEI_FILE_CONNECTED
== cl
->state
||
189 MEI_FILE_DISCONNECTED
== cl
->state
),
192 mutex_lock(&dev
->device_lock
);
193 if (MEI_FILE_CONNECTED
== cl
->state
) {
194 dev_dbg(&dev
->pdev
->dev
, "successfully connected to FW client.\n");
198 dev_dbg(&dev
->pdev
->dev
, "failed to connect to FW client.cl->state = %d.\n",
201 dev_dbg(&dev
->pdev
->dev
,
202 "wait_event_interruptible_timeout failed on client"
203 " connect message fw response message.\n");
207 mei_io_list_flush(&dev
->ctrl_rd_list
, cl
);
208 mei_io_list_flush(&dev
->ctrl_wr_list
, cl
);
213 dev_dbg(&dev
->pdev
->dev
, "free connect cb memory.");
219 * find_amthi_read_list_entry - finds a amthilist entry for current file
221 * @dev: the device structure
222 * @file: pointer to file object
224 * returns returned a list entry on success, NULL on failure.
226 struct mei_cl_cb
*find_amthi_read_list_entry(
227 struct mei_device
*dev
,
230 struct mei_cl
*cl_temp
;
231 struct mei_cl_cb
*cb_pos
= NULL
;
232 struct mei_cl_cb
*cb_next
= NULL
;
234 if (!dev
->amthi_read_complete_list
.status
&&
235 !list_empty(&dev
->amthi_read_complete_list
.mei_cb
.cb_list
)) {
236 list_for_each_entry_safe(cb_pos
, cb_next
,
237 &dev
->amthi_read_complete_list
.mei_cb
.cb_list
, cb_list
) {
238 cl_temp
= (struct mei_cl
*)cb_pos
->file_private
;
239 if (cl_temp
&& cl_temp
== &dev
->iamthif_cl
&&
240 cb_pos
->file_object
== file
)
248 * amthi_read - read data from AMTHI client
250 * @dev: the device structure
251 * @if_num: minor number
252 * @file: pointer to file object
253 * @*ubuf: pointer to user data in user space
254 * @length: data length to read
255 * @offset: data read offset
257 * Locking: called under "dev->device_lock" lock
260 * returned data length on success,
261 * zero if no data to read,
262 * negative on failure.
264 int amthi_read(struct mei_device
*dev
, struct file
*file
,
265 char __user
*ubuf
, size_t length
, loff_t
*offset
)
269 struct mei_cl_cb
*cb
= NULL
;
270 struct mei_cl
*cl
= file
->private_data
;
271 unsigned long timeout
;
274 /* Only Posible if we are in timeout */
275 if (!cl
|| cl
!= &dev
->iamthif_cl
) {
276 dev_dbg(&dev
->pdev
->dev
, "bad file ext.\n");
280 for (i
= 0; i
< dev
->me_clients_num
; i
++) {
281 if (dev
->me_clients
[i
].client_id
==
282 dev
->iamthif_cl
.me_client_id
)
286 if (i
== dev
->me_clients_num
) {
287 dev_dbg(&dev
->pdev
->dev
, "amthi client not found.\n");
290 if (WARN_ON(dev
->me_clients
[i
].client_id
!= cl
->me_client_id
))
293 dev_dbg(&dev
->pdev
->dev
, "checking amthi data\n");
294 cb
= find_amthi_read_list_entry(dev
, file
);
296 /* Check for if we can block or not*/
297 if (cb
== NULL
&& file
->f_flags
& O_NONBLOCK
)
301 dev_dbg(&dev
->pdev
->dev
, "waiting for amthi data\n");
303 /* unlock the Mutex */
304 mutex_unlock(&dev
->device_lock
);
306 wait_ret
= wait_event_interruptible(dev
->iamthif_cl
.wait
,
307 (cb
= find_amthi_read_list_entry(dev
, file
)));
312 dev_dbg(&dev
->pdev
->dev
, "woke up from sleep\n");
314 /* Locking again the Mutex */
315 mutex_lock(&dev
->device_lock
);
319 dev_dbg(&dev
->pdev
->dev
, "Got amthi data\n");
320 dev
->iamthif_timer
= 0;
323 timeout
= cb
->read_time
+
324 msecs_to_jiffies(IAMTHIF_READ_TIMER
);
325 dev_dbg(&dev
->pdev
->dev
, "amthi timeout = %lud\n",
328 if (time_after(jiffies
, timeout
)) {
329 dev_dbg(&dev
->pdev
->dev
, "amthi Time out\n");
330 /* 15 sec for the message has expired */
331 list_del(&cb
->cb_list
);
336 /* if the whole message will fit remove it from the list */
337 if (cb
->information
>= *offset
&&
338 length
>= (cb
->information
- *offset
))
339 list_del(&cb
->cb_list
);
340 else if (cb
->information
> 0 && cb
->information
<= *offset
) {
341 /* end of the message has been reached */
342 list_del(&cb
->cb_list
);
346 /* else means that not full buffer will be read and do not
347 * remove message from deletion list
350 dev_dbg(&dev
->pdev
->dev
, "amthi cb->response_buffer size - %d\n",
351 cb
->response_buffer
.size
);
352 dev_dbg(&dev
->pdev
->dev
, "amthi cb->information - %lu\n",
355 /* length is being turncated to PAGE_SIZE, however,
356 * the information may be longer */
357 length
= min_t(size_t, length
, (cb
->information
- *offset
));
359 if (copy_to_user(ubuf
,
360 cb
->response_buffer
.data
+ *offset
,
365 if ((*offset
+ length
) < cb
->information
) {
371 dev_dbg(&dev
->pdev
->dev
, "free amthi cb memory.\n");
373 mei_free_cb_private(cb
);
379 * mei_start_read - the start read client message function.
381 * @dev: the device structure
382 * @if_num: minor number
383 * @cl: private data of the file object
385 * returns 0 on success, <0 on failure.
387 int mei_start_read(struct mei_device
*dev
, struct mei_cl
*cl
)
389 struct mei_cl_cb
*cb
;
393 if (cl
->state
!= MEI_FILE_CONNECTED
)
396 if (dev
->mei_state
!= MEI_ENABLED
)
399 dev_dbg(&dev
->pdev
->dev
, "check if read is pending.\n");
400 if (cl
->read_pending
|| cl
->read_cb
) {
401 dev_dbg(&dev
->pdev
->dev
, "read is pending.\n");
405 cb
= kzalloc(sizeof(struct mei_cl_cb
), GFP_KERNEL
);
409 dev_dbg(&dev
->pdev
->dev
, "allocation call back successful. host client = %d, ME client = %d\n",
410 cl
->host_client_id
, cl
->me_client_id
);
412 for (i
= 0; i
< dev
->me_clients_num
; i
++) {
413 if (dev
->me_clients
[i
].client_id
== cl
->me_client_id
)
418 if (WARN_ON(dev
->me_clients
[i
].client_id
!= cl
->me_client_id
)) {
423 if (i
== dev
->me_clients_num
) {
428 cb
->response_buffer
.size
= dev
->me_clients
[i
].props
.max_msg_length
;
429 cb
->response_buffer
.data
=
430 kmalloc(cb
->response_buffer
.size
, GFP_KERNEL
);
431 if (!cb
->response_buffer
.data
) {
435 dev_dbg(&dev
->pdev
->dev
, "allocation call back data success.\n");
436 cb
->major_file_operations
= MEI_READ
;
437 /* make sure information is zero before we start */
439 cb
->file_private
= (void *) cl
;
441 if (dev
->mei_host_buffer_is_empty
) {
442 dev
->mei_host_buffer_is_empty
= false;
443 if (!mei_send_flow_control(dev
, cl
)) {
447 list_add_tail(&cb
->cb_list
,
448 &dev
->read_list
.mei_cb
.cb_list
);
451 list_add_tail(&cb
->cb_list
,
452 &dev
->ctrl_wr_list
.mei_cb
.cb_list
);
456 mei_free_cb_private(cb
);
461 * amthi_write - write iamthif data to amthi client
463 * @dev: the device structure
464 * @cb: mei call back struct
466 * returns 0 on success, <0 on failure.
468 int amthi_write(struct mei_device
*dev
, struct mei_cl_cb
*cb
)
470 struct mei_msg_hdr mei_hdr
;
476 dev_dbg(&dev
->pdev
->dev
, "write data to amthi client.\n");
478 dev
->iamthif_state
= MEI_IAMTHIF_WRITING
;
479 dev
->iamthif_current_cb
= cb
;
480 dev
->iamthif_file_object
= cb
->file_object
;
481 dev
->iamthif_canceled
= false;
482 dev
->iamthif_ioctl
= true;
483 dev
->iamthif_msg_buf_size
= cb
->request_buffer
.size
;
484 memcpy(dev
->iamthif_msg_buf
, cb
->request_buffer
.data
,
485 cb
->request_buffer
.size
);
487 ret
= mei_flow_ctrl_creds(dev
, &dev
->iamthif_cl
);
491 if (ret
&& dev
->mei_host_buffer_is_empty
) {
493 dev
->mei_host_buffer_is_empty
= false;
494 if (cb
->request_buffer
.size
>
495 (((dev
->host_hw_state
& H_CBD
) >> 24) * sizeof(u32
))
496 -sizeof(struct mei_msg_hdr
)) {
498 (((dev
->host_hw_state
& H_CBD
) >> 24) *
499 sizeof(u32
)) - sizeof(struct mei_msg_hdr
);
500 mei_hdr
.msg_complete
= 0;
502 mei_hdr
.length
= cb
->request_buffer
.size
;
503 mei_hdr
.msg_complete
= 1;
506 mei_hdr
.host_addr
= dev
->iamthif_cl
.host_client_id
;
507 mei_hdr
.me_addr
= dev
->iamthif_cl
.me_client_id
;
508 mei_hdr
.reserved
= 0;
509 dev
->iamthif_msg_buf_index
+= mei_hdr
.length
;
510 if (!mei_write_message(dev
, &mei_hdr
,
511 (unsigned char *)(dev
->iamthif_msg_buf
),
515 if (mei_hdr
.msg_complete
) {
516 if (mei_flow_ctrl_reduce(dev
, &dev
->iamthif_cl
))
518 dev
->iamthif_flow_control_pending
= true;
519 dev
->iamthif_state
= MEI_IAMTHIF_FLOW_CONTROL
;
520 dev_dbg(&dev
->pdev
->dev
, "add amthi cb to write waiting list\n");
521 dev
->iamthif_current_cb
= cb
;
522 dev
->iamthif_file_object
= cb
->file_object
;
523 list_add_tail(&cb
->cb_list
,
524 &dev
->write_waiting_list
.mei_cb
.cb_list
);
526 dev_dbg(&dev
->pdev
->dev
, "message does not complete, "
527 "so add amthi cb to write list.\n");
528 list_add_tail(&cb
->cb_list
,
529 &dev
->write_list
.mei_cb
.cb_list
);
532 if (!(dev
->mei_host_buffer_is_empty
))
533 dev_dbg(&dev
->pdev
->dev
, "host buffer is not empty");
535 dev_dbg(&dev
->pdev
->dev
, "No flow control credentials, "
536 "so add iamthif cb to write list.\n");
537 list_add_tail(&cb
->cb_list
,
538 &dev
->write_list
.mei_cb
.cb_list
);
544 * iamthif_ioctl_send_msg - send cmd data to amthi client
546 * @dev: the device structure
548 * returns 0 on success, <0 on failure.
550 void mei_run_next_iamthif_cmd(struct mei_device
*dev
)
552 struct mei_cl
*cl_tmp
;
553 struct mei_cl_cb
*cb_pos
= NULL
;
554 struct mei_cl_cb
*cb_next
= NULL
;
560 dev
->iamthif_msg_buf_size
= 0;
561 dev
->iamthif_msg_buf_index
= 0;
562 dev
->iamthif_canceled
= false;
563 dev
->iamthif_ioctl
= true;
564 dev
->iamthif_state
= MEI_IAMTHIF_IDLE
;
565 dev
->iamthif_timer
= 0;
566 dev
->iamthif_file_object
= NULL
;
568 if (dev
->amthi_cmd_list
.status
== 0 &&
569 !list_empty(&dev
->amthi_cmd_list
.mei_cb
.cb_list
)) {
570 dev_dbg(&dev
->pdev
->dev
, "complete amthi cmd_list cb.\n");
572 list_for_each_entry_safe(cb_pos
, cb_next
,
573 &dev
->amthi_cmd_list
.mei_cb
.cb_list
, cb_list
) {
574 list_del(&cb_pos
->cb_list
);
575 cl_tmp
= (struct mei_cl
*)cb_pos
->file_private
;
577 if (cl_tmp
&& cl_tmp
== &dev
->iamthif_cl
) {
578 status
= amthi_write(dev
, cb_pos
);
580 dev_dbg(&dev
->pdev
->dev
,
581 "amthi write failed status = %d\n",
592 * mei_free_cb_private - free mei_cb_private related memory
594 * @cb: mei callback struct
596 void mei_free_cb_private(struct mei_cl_cb
*cb
)
601 kfree(cb
->request_buffer
.data
);
602 kfree(cb
->response_buffer
.data
);