3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2012, Intel Corporation.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
19 #include <linux/module.h>
20 #include <linux/moduleparam.h>
21 #include <linux/kernel.h>
22 #include <linux/device.h>
24 #include <linux/errno.h>
25 #include <linux/types.h>
26 #include <linux/fcntl.h>
27 #include <linux/aio.h>
28 #include <linux/pci.h>
29 #include <linux/poll.h>
30 #include <linux/init.h>
31 #include <linux/ioctl.h>
32 #include <linux/cdev.h>
33 #include <linux/sched.h>
34 #include <linux/uuid.h>
35 #include <linux/compat.h>
36 #include <linux/jiffies.h>
37 #include <linux/interrupt.h>
38 #include <linux/miscdevice.h>
40 #include <linux/mei.h>
47 * mei_open - the open function
49 * @inode: pointer to inode structure
50 * @file: pointer to file structure
52 * returns 0 on success, <0 on error
54 static int mei_open(struct inode
*inode
, struct file
*file
)
56 struct miscdevice
*misc
= file
->private_data
;
59 struct mei_device
*dev
;
67 pdev
= container_of(misc
->parent
, struct pci_dev
, dev
);
69 dev
= pci_get_drvdata(pdev
);
73 mutex_lock(&dev
->device_lock
);
75 cl
= mei_cl_allocate(dev
);
80 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
81 dev_dbg(&dev
->pdev
->dev
, "dev_state != MEI_ENABLED dev_state = %s\n",
82 mei_dev_state_str(dev
->dev_state
));
86 if (dev
->open_handle_count
>= MEI_MAX_OPEN_HANDLE_COUNT
) {
87 dev_err(&dev
->pdev
->dev
, "open_handle_count exceded %d",
88 MEI_MAX_OPEN_HANDLE_COUNT
);
92 err
= mei_cl_link(cl
, MEI_HOST_CLIENT_ID_ANY
);
96 file
->private_data
= cl
;
97 mutex_unlock(&dev
->device_lock
);
99 return nonseekable_open(inode
, file
);
102 mutex_unlock(&dev
->device_lock
);
109 * mei_release - the release function
111 * @inode: pointer to inode structure
112 * @file: pointer to file structure
114 * returns 0 on success, <0 on error
116 static int mei_release(struct inode
*inode
, struct file
*file
)
118 struct mei_cl
*cl
= file
->private_data
;
119 struct mei_cl_cb
*cb
;
120 struct mei_device
*dev
;
123 if (WARN_ON(!cl
|| !cl
->dev
))
128 mutex_lock(&dev
->device_lock
);
129 if (cl
== &dev
->iamthif_cl
) {
130 rets
= mei_amthif_release(dev
, file
);
133 if (cl
->state
== MEI_FILE_CONNECTED
) {
134 cl
->state
= MEI_FILE_DISCONNECTING
;
135 dev_dbg(&dev
->pdev
->dev
,
136 "disconnecting client host client = %d, "
140 rets
= mei_cl_disconnect(cl
);
142 mei_cl_flush_queues(cl
);
143 dev_dbg(&dev
->pdev
->dev
, "remove client host client = %d, ME client = %d\n",
147 if (dev
->open_handle_count
> 0) {
148 clear_bit(cl
->host_client_id
, dev
->host_clients_map
);
149 dev
->open_handle_count
--;
157 cb
= mei_cl_find_read_cb(cl
);
158 /* Remove entry from read list */
166 file
->private_data
= NULL
;
175 mutex_unlock(&dev
->device_lock
);
181 * mei_read - the read function.
183 * @file: pointer to file structure
184 * @ubuf: pointer to user buffer
185 * @length: buffer length
186 * @offset: data offset in buffer
188 * returns >=0 data length on success , <0 on error
190 static ssize_t
mei_read(struct file
*file
, char __user
*ubuf
,
191 size_t length
, loff_t
*offset
)
193 struct mei_cl
*cl
= file
->private_data
;
194 struct mei_cl_cb
*cb_pos
= NULL
;
195 struct mei_cl_cb
*cb
= NULL
;
196 struct mei_device
*dev
;
202 if (WARN_ON(!cl
|| !cl
->dev
))
207 mutex_lock(&dev
->device_lock
);
208 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
213 if ((cl
->sm_state
& MEI_WD_STATE_INDEPENDENCE_MSG_SENT
) == 0) {
214 /* Do not allow to read watchdog client */
215 i
= mei_me_cl_by_uuid(dev
, &mei_wd_guid
);
217 struct mei_me_client
*me_client
= &dev
->me_clients
[i
];
218 if (cl
->me_client_id
== me_client
->client_id
) {
224 cl
->sm_state
&= ~MEI_WD_STATE_INDEPENDENCE_MSG_SENT
;
227 if (cl
== &dev
->iamthif_cl
) {
228 rets
= mei_amthif_read(dev
, file
, ubuf
, length
, offset
);
232 if (cl
->read_cb
&& cl
->read_cb
->buf_idx
> *offset
) {
235 } else if (cl
->read_cb
&& cl
->read_cb
->buf_idx
> 0 &&
236 cl
->read_cb
->buf_idx
<= *offset
) {
240 } else if ((!cl
->read_cb
|| !cl
->read_cb
->buf_idx
) && *offset
> 0) {
241 /*Offset needs to be cleaned for contiguous reads*/
247 err
= mei_cl_read_start(cl
, length
);
248 if (err
&& err
!= -EBUSY
) {
249 dev_dbg(&dev
->pdev
->dev
,
250 "mei start read failure with status = %d\n", err
);
255 if (MEI_READ_COMPLETE
!= cl
->reading_state
&&
256 !waitqueue_active(&cl
->rx_wait
)) {
257 if (file
->f_flags
& O_NONBLOCK
) {
262 mutex_unlock(&dev
->device_lock
);
264 if (wait_event_interruptible(cl
->rx_wait
,
265 (MEI_READ_COMPLETE
== cl
->reading_state
||
266 MEI_FILE_INITIALIZING
== cl
->state
||
267 MEI_FILE_DISCONNECTED
== cl
->state
||
268 MEI_FILE_DISCONNECTING
== cl
->state
))) {
269 if (signal_pending(current
))
274 mutex_lock(&dev
->device_lock
);
275 if (MEI_FILE_INITIALIZING
== cl
->state
||
276 MEI_FILE_DISCONNECTED
== cl
->state
||
277 MEI_FILE_DISCONNECTING
== cl
->state
) {
289 if (cl
->reading_state
!= MEI_READ_COMPLETE
) {
293 /* now copy the data to user space */
295 dev_dbg(&dev
->pdev
->dev
, "buf.size = %d buf.idx= %ld\n",
296 cb
->response_buffer
.size
, cb
->buf_idx
);
297 if (length
== 0 || ubuf
== NULL
|| *offset
> cb
->buf_idx
) {
302 /* length is being truncated to PAGE_SIZE,
303 * however buf_idx may point beyond that */
304 length
= min_t(size_t, length
, cb
->buf_idx
- *offset
);
306 if (copy_to_user(ubuf
, cb
->response_buffer
.data
+ *offset
, length
)) {
313 if ((unsigned long)*offset
< cb
->buf_idx
)
317 cb_pos
= mei_cl_find_read_cb(cl
);
318 /* Remove entry from read list */
320 list_del(&cb_pos
->list
);
322 cl
->reading_state
= MEI_IDLE
;
325 dev_dbg(&dev
->pdev
->dev
, "end mei read rets= %d\n", rets
);
326 mutex_unlock(&dev
->device_lock
);
330 * mei_write - the write function.
332 * @file: pointer to file structure
333 * @ubuf: pointer to user buffer
334 * @length: buffer length
335 * @offset: data offset in buffer
337 * returns >=0 data length on success , <0 on error
339 static ssize_t
mei_write(struct file
*file
, const char __user
*ubuf
,
340 size_t length
, loff_t
*offset
)
342 struct mei_cl
*cl
= file
->private_data
;
343 struct mei_cl_cb
*write_cb
= NULL
;
344 struct mei_device
*dev
;
345 unsigned long timeout
= 0;
349 if (WARN_ON(!cl
|| !cl
->dev
))
354 mutex_lock(&dev
->device_lock
);
356 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
361 id
= mei_me_cl_by_id(dev
, cl
->me_client_id
);
366 if (length
> dev
->me_clients
[id
].props
.max_msg_length
|| length
<= 0) {
371 if (cl
->state
!= MEI_FILE_CONNECTED
) {
372 dev_err(&dev
->pdev
->dev
, "host client = %d, is not connected to ME client = %d",
373 cl
->host_client_id
, cl
->me_client_id
);
377 if (cl
== &dev
->iamthif_cl
) {
378 write_cb
= mei_amthif_find_read_list_entry(dev
, file
);
381 timeout
= write_cb
->read_time
+
382 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER
);
384 if (time_after(jiffies
, timeout
) ||
385 cl
->reading_state
== MEI_READ_COMPLETE
) {
387 list_del(&write_cb
->list
);
388 mei_io_cb_free(write_cb
);
394 /* free entry used in read */
395 if (cl
->reading_state
== MEI_READ_COMPLETE
) {
397 write_cb
= mei_cl_find_read_cb(cl
);
399 list_del(&write_cb
->list
);
400 mei_io_cb_free(write_cb
);
402 cl
->reading_state
= MEI_IDLE
;
405 } else if (cl
->reading_state
== MEI_IDLE
)
409 write_cb
= mei_io_cb_init(cl
, file
);
411 dev_err(&dev
->pdev
->dev
, "write cb allocation failed\n");
415 rets
= mei_io_cb_alloc_req_buf(write_cb
, length
);
419 rets
= copy_from_user(write_cb
->request_buffer
.data
, ubuf
, length
);
425 ((memcmp(mei_wd_state_independence_msg
[0],
426 write_cb
->request_buffer
.data
, 4) == 0) ||
427 (memcmp(mei_wd_state_independence_msg
[1],
428 write_cb
->request_buffer
.data
, 4) == 0) ||
429 (memcmp(mei_wd_state_independence_msg
[2],
430 write_cb
->request_buffer
.data
, 4) == 0)))
431 cl
->sm_state
|= MEI_WD_STATE_INDEPENDENCE_MSG_SENT
;
433 if (cl
== &dev
->iamthif_cl
) {
434 rets
= mei_amthif_write(dev
, write_cb
);
437 dev_err(&dev
->pdev
->dev
,
438 "amthif write failed with status = %d\n", rets
);
441 mutex_unlock(&dev
->device_lock
);
445 rets
= mei_cl_write(cl
, write_cb
, false);
447 mutex_unlock(&dev
->device_lock
);
449 mei_io_cb_free(write_cb
);
454 * mei_ioctl_connect_client - the connect to fw client IOCTL function
456 * @dev: the device structure
457 * @data: IOCTL connect data, input and output parameters
458 * @file: private data of the file object
460 * Locking: called under "dev->device_lock" lock
462 * returns 0 on success, <0 on failure.
464 static int mei_ioctl_connect_client(struct file
*file
,
465 struct mei_connect_client_data
*data
)
467 struct mei_device
*dev
;
468 struct mei_client
*client
;
473 cl
= file
->private_data
;
474 if (WARN_ON(!cl
|| !cl
->dev
))
479 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
484 if (cl
->state
!= MEI_FILE_INITIALIZING
&&
485 cl
->state
!= MEI_FILE_DISCONNECTED
) {
490 /* find ME client we're trying to connect to */
491 i
= mei_me_cl_by_uuid(dev
, &data
->in_client_uuid
);
492 if (i
>= 0 && !dev
->me_clients
[i
].props
.fixed_address
) {
493 cl
->me_client_id
= dev
->me_clients
[i
].client_id
;
494 cl
->state
= MEI_FILE_CONNECTING
;
497 dev_dbg(&dev
->pdev
->dev
, "Connect to FW Client ID = %d\n",
499 dev_dbg(&dev
->pdev
->dev
, "FW Client - Protocol Version = %d\n",
500 dev
->me_clients
[i
].props
.protocol_version
);
501 dev_dbg(&dev
->pdev
->dev
, "FW Client - Max Msg Len = %d\n",
502 dev
->me_clients
[i
].props
.max_msg_length
);
504 /* if we're connecting to amthif client then we will use the
505 * existing connection
507 if (uuid_le_cmp(data
->in_client_uuid
, mei_amthif_guid
) == 0) {
508 dev_dbg(&dev
->pdev
->dev
, "FW Client is amthi\n");
509 if (dev
->iamthif_cl
.state
!= MEI_FILE_CONNECTED
) {
513 clear_bit(cl
->host_client_id
, dev
->host_clients_map
);
518 file
->private_data
= &dev
->iamthif_cl
;
520 client
= &data
->out_client_properties
;
521 client
->max_msg_length
=
522 dev
->me_clients
[i
].props
.max_msg_length
;
523 client
->protocol_version
=
524 dev
->me_clients
[i
].props
.protocol_version
;
525 rets
= dev
->iamthif_cl
.status
;
530 if (cl
->state
!= MEI_FILE_CONNECTING
) {
536 /* prepare the output buffer */
537 client
= &data
->out_client_properties
;
538 client
->max_msg_length
= dev
->me_clients
[i
].props
.max_msg_length
;
539 client
->protocol_version
= dev
->me_clients
[i
].props
.protocol_version
;
540 dev_dbg(&dev
->pdev
->dev
, "Can connect?\n");
543 rets
= mei_cl_connect(cl
, file
);
546 dev_dbg(&dev
->pdev
->dev
, "free connect cb memory.");
552 * mei_ioctl - the IOCTL function
554 * @file: pointer to file structure
555 * @cmd: ioctl command
556 * @data: pointer to mei message structure
558 * returns 0 on success , <0 on error
560 static long mei_ioctl(struct file
*file
, unsigned int cmd
, unsigned long data
)
562 struct mei_device
*dev
;
563 struct mei_cl
*cl
= file
->private_data
;
564 struct mei_connect_client_data
*connect_data
= NULL
;
567 if (cmd
!= IOCTL_MEI_CONNECT_CLIENT
)
570 if (WARN_ON(!cl
|| !cl
->dev
))
575 dev_dbg(&dev
->pdev
->dev
, "IOCTL cmd = 0x%x", cmd
);
577 mutex_lock(&dev
->device_lock
);
578 if (dev
->dev_state
!= MEI_DEV_ENABLED
) {
583 dev_dbg(&dev
->pdev
->dev
, ": IOCTL_MEI_CONNECT_CLIENT.\n");
585 connect_data
= kzalloc(sizeof(struct mei_connect_client_data
),
591 dev_dbg(&dev
->pdev
->dev
, "copy connect data from user\n");
592 if (copy_from_user(connect_data
, (char __user
*)data
,
593 sizeof(struct mei_connect_client_data
))) {
594 dev_dbg(&dev
->pdev
->dev
, "failed to copy data from userland\n");
599 rets
= mei_ioctl_connect_client(file
, connect_data
);
601 /* if all is ok, copying the data back to user. */
605 dev_dbg(&dev
->pdev
->dev
, "copy connect data to user\n");
606 if (copy_to_user((char __user
*)data
, connect_data
,
607 sizeof(struct mei_connect_client_data
))) {
608 dev_dbg(&dev
->pdev
->dev
, "failed to copy data to userland\n");
615 mutex_unlock(&dev
->device_lock
);
620 * mei_compat_ioctl - the compat IOCTL function
622 * @file: pointer to file structure
623 * @cmd: ioctl command
624 * @data: pointer to mei message structure
626 * returns 0 on success , <0 on error
629 static long mei_compat_ioctl(struct file
*file
,
630 unsigned int cmd
, unsigned long data
)
632 return mei_ioctl(file
, cmd
, (unsigned long)compat_ptr(data
));
638 * mei_poll - the poll function
640 * @file: pointer to file structure
641 * @wait: pointer to poll_table structure
645 static unsigned int mei_poll(struct file
*file
, poll_table
*wait
)
647 struct mei_cl
*cl
= file
->private_data
;
648 struct mei_device
*dev
;
649 unsigned int mask
= 0;
651 if (WARN_ON(!cl
|| !cl
->dev
))
656 mutex_lock(&dev
->device_lock
);
658 if (dev
->dev_state
!= MEI_DEV_ENABLED
)
662 if (cl
== &dev
->iamthif_cl
) {
663 mask
= mei_amthif_poll(dev
, file
, wait
);
667 mutex_unlock(&dev
->device_lock
);
668 poll_wait(file
, &cl
->tx_wait
, wait
);
669 mutex_lock(&dev
->device_lock
);
670 if (MEI_WRITE_COMPLETE
== cl
->writing_state
)
671 mask
|= (POLLIN
| POLLRDNORM
);
674 mutex_unlock(&dev
->device_lock
);
679 * file operations structure will be used for mei char device.
681 static const struct file_operations mei_fops
= {
682 .owner
= THIS_MODULE
,
684 .unlocked_ioctl
= mei_ioctl
,
686 .compat_ioctl
= mei_compat_ioctl
,
689 .release
= mei_release
,
698 static struct miscdevice mei_misc_device
= {
701 .minor
= MISC_DYNAMIC_MINOR
,
705 int mei_register(struct mei_device
*dev
)
708 mei_misc_device
.parent
= &dev
->pdev
->dev
;
709 ret
= misc_register(&mei_misc_device
);
713 if (mei_dbgfs_register(dev
, mei_misc_device
.name
))
714 dev_err(&dev
->pdev
->dev
, "cannot register debugfs\n");
718 EXPORT_SYMBOL_GPL(mei_register
);
720 void mei_deregister(struct mei_device
*dev
)
722 mei_dbgfs_deregister(dev
);
723 misc_deregister(&mei_misc_device
);
724 mei_misc_device
.parent
= NULL
;
726 EXPORT_SYMBOL_GPL(mei_deregister
);
728 static int __init
mei_init(void)
730 return mei_cl_bus_init();
733 static void __exit
mei_exit(void)
738 module_init(mei_init
);
739 module_exit(mei_exit
);
741 MODULE_AUTHOR("Intel Corporation");
742 MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
743 MODULE_LICENSE("GPL v2");