3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2012, Intel Corporation.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
19 #include <linux/module.h>
20 #include <linux/moduleparam.h>
21 #include <linux/kernel.h>
22 #include <linux/device.h>
24 #include <linux/errno.h>
25 #include <linux/types.h>
26 #include <linux/fcntl.h>
27 #include <linux/aio.h>
28 #include <linux/pci.h>
29 #include <linux/poll.h>
30 #include <linux/init.h>
31 #include <linux/ioctl.h>
32 #include <linux/cdev.h>
33 #include <linux/sched.h>
34 #include <linux/uuid.h>
35 #include <linux/compat.h>
36 #include <linux/jiffies.h>
37 #include <linux/interrupt.h>
38 #include <linux/miscdevice.h>
40 #include <linux/mei.h>
47 * mei_open - the open function
49 * @inode: pointer to inode structure
50 * @file: pointer to file structure
52 * returns 0 on success, <0 on error
54 static int mei_open(struct inode
*inode
, struct file
*file
)
56 struct miscdevice
*misc
= file
->private_data
;
59 struct mei_device
*dev
;
67 pdev
= container_of(misc
->parent
, struct pci_dev
, dev
);
69 dev
= pci_get_drvdata(pdev
);
73 mutex_lock(&dev
->device_lock
);
75 cl
= mei_cl_allocate(dev
);
80 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
81 dev_dbg(&dev
->pdev
->dev
, "dev_state != MEI_ENABLED dev_state = %s\n",
82 mei_dev_state_str(dev
->dev_state
));
86 if (dev
->open_handle_count
>= MEI_MAX_OPEN_HANDLE_COUNT
) {
87 dev_err(&dev
->pdev
->dev
, "open_handle_count exceded %d",
88 MEI_MAX_OPEN_HANDLE_COUNT
);
92 err
= mei_cl_link(cl
, MEI_HOST_CLIENT_ID_ANY
);
96 file
->private_data
= cl
;
97 mutex_unlock(&dev
->device_lock
);
99 return nonseekable_open(inode
, file
);
102 mutex_unlock(&dev
->device_lock
);
109 * mei_release - the release function
111 * @inode: pointer to inode structure
112 * @file: pointer to file structure
114 * returns 0 on success, <0 on error
116 static int mei_release(struct inode
*inode
, struct file
*file
)
118 struct mei_cl
*cl
= file
->private_data
;
119 struct mei_cl_cb
*cb
;
120 struct mei_device
*dev
;
123 if (WARN_ON(!cl
|| !cl
->dev
))
128 mutex_lock(&dev
->device_lock
);
129 if (cl
== &dev
->iamthif_cl
) {
130 rets
= mei_amthif_release(dev
, file
);
133 if (cl
->state
== MEI_FILE_CONNECTED
) {
134 cl
->state
= MEI_FILE_DISCONNECTING
;
135 dev_dbg(&dev
->pdev
->dev
,
136 "disconnecting client host client = %d, "
140 rets
= mei_cl_disconnect(cl
);
142 mei_cl_flush_queues(cl
);
143 dev_dbg(&dev
->pdev
->dev
, "remove client host client = %d, ME client = %d\n",
147 if (dev
->open_handle_count
> 0) {
148 clear_bit(cl
->host_client_id
, dev
->host_clients_map
);
149 dev
->open_handle_count
--;
157 cb
= mei_cl_find_read_cb(cl
);
158 /* Remove entry from read list */
166 file
->private_data
= NULL
;
172 mutex_unlock(&dev
->device_lock
);
178 * mei_read - the read function.
180 * @file: pointer to file structure
181 * @ubuf: pointer to user buffer
182 * @length: buffer length
183 * @offset: data offset in buffer
185 * returns >=0 data length on success , <0 on error
187 static ssize_t
mei_read(struct file
*file
, char __user
*ubuf
,
188 size_t length
, loff_t
*offset
)
190 struct mei_cl
*cl
= file
->private_data
;
191 struct mei_cl_cb
*cb_pos
= NULL
;
192 struct mei_cl_cb
*cb
= NULL
;
193 struct mei_device
*dev
;
198 if (WARN_ON(!cl
|| !cl
->dev
))
204 mutex_lock(&dev
->device_lock
);
205 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
215 if (cl
== &dev
->iamthif_cl
) {
216 rets
= mei_amthif_read(dev
, file
, ubuf
, length
, offset
);
223 if (cb
->buf_idx
> *offset
)
225 /* offset is beyond buf_idx we have no more data return 0 */
226 if (cb
->buf_idx
> 0 && cb
->buf_idx
<= *offset
) {
230 /* Offset needs to be cleaned for contiguous reads*/
231 if (cb
->buf_idx
== 0 && *offset
> 0)
233 } else if (*offset
> 0) {
237 err
= mei_cl_read_start(cl
, length
);
238 if (err
&& err
!= -EBUSY
) {
239 dev_dbg(&dev
->pdev
->dev
,
240 "mei start read failure with status = %d\n", err
);
245 if (MEI_READ_COMPLETE
!= cl
->reading_state
&&
246 !waitqueue_active(&cl
->rx_wait
)) {
247 if (file
->f_flags
& O_NONBLOCK
) {
252 mutex_unlock(&dev
->device_lock
);
254 if (wait_event_interruptible(cl
->rx_wait
,
255 (MEI_READ_COMPLETE
== cl
->reading_state
||
256 MEI_FILE_INITIALIZING
== cl
->state
||
257 MEI_FILE_DISCONNECTED
== cl
->state
||
258 MEI_FILE_DISCONNECTING
== cl
->state
))) {
259 if (signal_pending(current
))
264 mutex_lock(&dev
->device_lock
);
265 if (MEI_FILE_INITIALIZING
== cl
->state
||
266 MEI_FILE_DISCONNECTED
== cl
->state
||
267 MEI_FILE_DISCONNECTING
== cl
->state
) {
279 if (cl
->reading_state
!= MEI_READ_COMPLETE
) {
283 /* now copy the data to user space */
285 dev_dbg(&dev
->pdev
->dev
, "buf.size = %d buf.idx= %ld\n",
286 cb
->response_buffer
.size
, cb
->buf_idx
);
287 if (length
== 0 || ubuf
== NULL
|| *offset
> cb
->buf_idx
) {
292 /* length is being truncated to PAGE_SIZE,
293 * however buf_idx may point beyond that */
294 length
= min_t(size_t, length
, cb
->buf_idx
- *offset
);
296 if (copy_to_user(ubuf
, cb
->response_buffer
.data
+ *offset
, length
)) {
303 if ((unsigned long)*offset
< cb
->buf_idx
)
307 cb_pos
= mei_cl_find_read_cb(cl
);
308 /* Remove entry from read list */
310 list_del(&cb_pos
->list
);
312 cl
->reading_state
= MEI_IDLE
;
315 dev_dbg(&dev
->pdev
->dev
, "end mei read rets= %d\n", rets
);
316 mutex_unlock(&dev
->device_lock
);
320 * mei_write - the write function.
322 * @file: pointer to file structure
323 * @ubuf: pointer to user buffer
324 * @length: buffer length
325 * @offset: data offset in buffer
327 * returns >=0 data length on success , <0 on error
329 static ssize_t
mei_write(struct file
*file
, const char __user
*ubuf
,
330 size_t length
, loff_t
*offset
)
332 struct mei_cl
*cl
= file
->private_data
;
333 struct mei_cl_cb
*write_cb
= NULL
;
334 struct mei_device
*dev
;
335 unsigned long timeout
= 0;
339 if (WARN_ON(!cl
|| !cl
->dev
))
344 mutex_lock(&dev
->device_lock
);
346 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
351 id
= mei_me_cl_by_id(dev
, cl
->me_client_id
);
362 if (length
> dev
->me_clients
[id
].props
.max_msg_length
) {
367 if (cl
->state
!= MEI_FILE_CONNECTED
) {
368 dev_err(&dev
->pdev
->dev
, "host client = %d, is not connected to ME client = %d",
369 cl
->host_client_id
, cl
->me_client_id
);
373 if (cl
== &dev
->iamthif_cl
) {
374 write_cb
= mei_amthif_find_read_list_entry(dev
, file
);
377 timeout
= write_cb
->read_time
+
378 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER
);
380 if (time_after(jiffies
, timeout
) ||
381 cl
->reading_state
== MEI_READ_COMPLETE
) {
383 list_del(&write_cb
->list
);
384 mei_io_cb_free(write_cb
);
390 /* free entry used in read */
391 if (cl
->reading_state
== MEI_READ_COMPLETE
) {
393 write_cb
= mei_cl_find_read_cb(cl
);
395 list_del(&write_cb
->list
);
396 mei_io_cb_free(write_cb
);
398 cl
->reading_state
= MEI_IDLE
;
401 } else if (cl
->reading_state
== MEI_IDLE
)
405 write_cb
= mei_io_cb_init(cl
, file
);
407 dev_err(&dev
->pdev
->dev
, "write cb allocation failed\n");
411 rets
= mei_io_cb_alloc_req_buf(write_cb
, length
);
415 rets
= copy_from_user(write_cb
->request_buffer
.data
, ubuf
, length
);
417 dev_err(&dev
->pdev
->dev
, "failed to copy data from userland\n");
422 if (cl
== &dev
->iamthif_cl
) {
423 rets
= mei_amthif_write(dev
, write_cb
);
426 dev_err(&dev
->pdev
->dev
,
427 "amthif write failed with status = %d\n", rets
);
430 mutex_unlock(&dev
->device_lock
);
434 rets
= mei_cl_write(cl
, write_cb
, false);
436 mutex_unlock(&dev
->device_lock
);
438 mei_io_cb_free(write_cb
);
443 * mei_ioctl_connect_client - the connect to fw client IOCTL function
445 * @dev: the device structure
446 * @data: IOCTL connect data, input and output parameters
447 * @file: private data of the file object
449 * Locking: called under "dev->device_lock" lock
451 * returns 0 on success, <0 on failure.
453 static int mei_ioctl_connect_client(struct file
*file
,
454 struct mei_connect_client_data
*data
)
456 struct mei_device
*dev
;
457 struct mei_client
*client
;
462 cl
= file
->private_data
;
463 if (WARN_ON(!cl
|| !cl
->dev
))
468 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
473 if (cl
->state
!= MEI_FILE_INITIALIZING
&&
474 cl
->state
!= MEI_FILE_DISCONNECTED
) {
479 /* find ME client we're trying to connect to */
480 i
= mei_me_cl_by_uuid(dev
, &data
->in_client_uuid
);
481 if (i
< 0 || dev
->me_clients
[i
].props
.fixed_address
) {
482 dev_dbg(&dev
->pdev
->dev
, "Cannot connect to FW Client UUID = %pUl\n",
483 &data
->in_client_uuid
);
488 cl
->me_client_id
= dev
->me_clients
[i
].client_id
;
489 cl
->state
= MEI_FILE_CONNECTING
;
491 dev_dbg(&dev
->pdev
->dev
, "Connect to FW Client ID = %d\n",
493 dev_dbg(&dev
->pdev
->dev
, "FW Client - Protocol Version = %d\n",
494 dev
->me_clients
[i
].props
.protocol_version
);
495 dev_dbg(&dev
->pdev
->dev
, "FW Client - Max Msg Len = %d\n",
496 dev
->me_clients
[i
].props
.max_msg_length
);
498 /* if we're connecting to amthif client then we will use the
499 * existing connection
501 if (uuid_le_cmp(data
->in_client_uuid
, mei_amthif_guid
) == 0) {
502 dev_dbg(&dev
->pdev
->dev
, "FW Client is amthi\n");
503 if (dev
->iamthif_cl
.state
!= MEI_FILE_CONNECTED
) {
507 clear_bit(cl
->host_client_id
, dev
->host_clients_map
);
512 file
->private_data
= &dev
->iamthif_cl
;
514 client
= &data
->out_client_properties
;
515 client
->max_msg_length
=
516 dev
->me_clients
[i
].props
.max_msg_length
;
517 client
->protocol_version
=
518 dev
->me_clients
[i
].props
.protocol_version
;
519 rets
= dev
->iamthif_cl
.status
;
525 /* prepare the output buffer */
526 client
= &data
->out_client_properties
;
527 client
->max_msg_length
= dev
->me_clients
[i
].props
.max_msg_length
;
528 client
->protocol_version
= dev
->me_clients
[i
].props
.protocol_version
;
529 dev_dbg(&dev
->pdev
->dev
, "Can connect?\n");
532 rets
= mei_cl_connect(cl
, file
);
540 * mei_ioctl - the IOCTL function
542 * @file: pointer to file structure
543 * @cmd: ioctl command
544 * @data: pointer to mei message structure
546 * returns 0 on success , <0 on error
548 static long mei_ioctl(struct file
*file
, unsigned int cmd
, unsigned long data
)
550 struct mei_device
*dev
;
551 struct mei_cl
*cl
= file
->private_data
;
552 struct mei_connect_client_data
*connect_data
= NULL
;
555 if (cmd
!= IOCTL_MEI_CONNECT_CLIENT
)
558 if (WARN_ON(!cl
|| !cl
->dev
))
563 dev_dbg(&dev
->pdev
->dev
, "IOCTL cmd = 0x%x", cmd
);
565 mutex_lock(&dev
->device_lock
);
566 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
571 dev_dbg(&dev
->pdev
->dev
, ": IOCTL_MEI_CONNECT_CLIENT.\n");
573 connect_data
= kzalloc(sizeof(struct mei_connect_client_data
),
579 dev_dbg(&dev
->pdev
->dev
, "copy connect data from user\n");
580 if (copy_from_user(connect_data
, (char __user
*)data
,
581 sizeof(struct mei_connect_client_data
))) {
582 dev_err(&dev
->pdev
->dev
, "failed to copy data from userland\n");
587 rets
= mei_ioctl_connect_client(file
, connect_data
);
589 /* if all is ok, copying the data back to user. */
593 dev_dbg(&dev
->pdev
->dev
, "copy connect data to user\n");
594 if (copy_to_user((char __user
*)data
, connect_data
,
595 sizeof(struct mei_connect_client_data
))) {
596 dev_dbg(&dev
->pdev
->dev
, "failed to copy data to userland\n");
603 mutex_unlock(&dev
->device_lock
);
608 * mei_compat_ioctl - the compat IOCTL function
610 * @file: pointer to file structure
611 * @cmd: ioctl command
612 * @data: pointer to mei message structure
614 * returns 0 on success , <0 on error
617 static long mei_compat_ioctl(struct file
*file
,
618 unsigned int cmd
, unsigned long data
)
620 return mei_ioctl(file
, cmd
, (unsigned long)compat_ptr(data
));
626 * mei_poll - the poll function
628 * @file: pointer to file structure
629 * @wait: pointer to poll_table structure
633 static unsigned int mei_poll(struct file
*file
, poll_table
*wait
)
635 struct mei_cl
*cl
= file
->private_data
;
636 struct mei_device
*dev
;
637 unsigned int mask
= 0;
639 if (WARN_ON(!cl
|| !cl
->dev
))
644 mutex_lock(&dev
->device_lock
);
646 if (!mei_cl_is_connected(cl
)) {
651 mutex_unlock(&dev
->device_lock
);
654 if (cl
== &dev
->iamthif_cl
)
655 return mei_amthif_poll(dev
, file
, wait
);
657 poll_wait(file
, &cl
->tx_wait
, wait
);
659 mutex_lock(&dev
->device_lock
);
661 if (!mei_cl_is_connected(cl
)) {
666 if (MEI_WRITE_COMPLETE
== cl
->writing_state
)
667 mask
|= (POLLIN
| POLLRDNORM
);
670 mutex_unlock(&dev
->device_lock
);
675 * file operations structure will be used for mei char device.
677 static const struct file_operations mei_fops
= {
678 .owner
= THIS_MODULE
,
680 .unlocked_ioctl
= mei_ioctl
,
682 .compat_ioctl
= mei_compat_ioctl
,
685 .release
= mei_release
,
694 static struct miscdevice mei_misc_device
= {
697 .minor
= MISC_DYNAMIC_MINOR
,
701 int mei_register(struct mei_device
*dev
)
704 mei_misc_device
.parent
= &dev
->pdev
->dev
;
705 ret
= misc_register(&mei_misc_device
);
709 if (mei_dbgfs_register(dev
, mei_misc_device
.name
))
710 dev_err(&dev
->pdev
->dev
, "cannot register debugfs\n");
714 EXPORT_SYMBOL_GPL(mei_register
);
716 void mei_deregister(struct mei_device
*dev
)
718 mei_dbgfs_deregister(dev
);
719 misc_deregister(&mei_misc_device
);
720 mei_misc_device
.parent
= NULL
;
722 EXPORT_SYMBOL_GPL(mei_deregister
);
724 static int __init
mei_init(void)
726 return mei_cl_bus_init();
729 static void __exit
mei_exit(void)
734 module_init(mei_init
);
735 module_exit(mei_exit
);
737 MODULE_AUTHOR("Intel Corporation");
738 MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
739 MODULE_LICENSE("GPL v2");