1 /*
2 *
3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2012, Intel Corporation.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * more details.
14 *
15 */
16
17
18 #include <linux/export.h>
19 #include <linux/kthread.h>
20 #include <linux/interrupt.h>
21 #include <linux/fs.h>
22 #include <linux/jiffies.h>
23 #include <linux/slab.h>
24 #include <linux/pm_runtime.h>
25
26 #include <linux/mei.h>
27
28 #include "mei_dev.h"
29 #include "hbm.h"
30 #include "client.h"
31
32
33 /**
34 * mei_irq_compl_handler - dispatch complete handlers
35 * for the completed callbacks
36 *
37 * @dev: mei device
38 * @cmpl_list: list of completed cbs
39 */
mei_irq_compl_handler(struct mei_device * dev,struct list_head * cmpl_list)40 void mei_irq_compl_handler(struct mei_device *dev, struct list_head *cmpl_list)
41 {
42 struct mei_cl_cb *cb, *next;
43 struct mei_cl *cl;
44
45 list_for_each_entry_safe(cb, next, cmpl_list, list) {
46 cl = cb->cl;
47 list_del_init(&cb->list);
48
49 dev_dbg(dev->dev, "completing call back.\n");
50 mei_cl_complete(cl, cb);
51 }
52 }
53 EXPORT_SYMBOL_GPL(mei_irq_compl_handler);
54
55 /**
56 * mei_cl_hbm_equal - check if hbm is addressed to the client
57 *
58 * @cl: host client
59 * @mei_hdr: header of mei client message
60 *
61 * Return: true if matches, false otherwise
62 */
mei_cl_hbm_equal(struct mei_cl * cl,struct mei_msg_hdr * mei_hdr)63 static inline int mei_cl_hbm_equal(struct mei_cl *cl,
64 struct mei_msg_hdr *mei_hdr)
65 {
66 return mei_cl_host_addr(cl) == mei_hdr->host_addr &&
67 mei_cl_me_id(cl) == mei_hdr->me_addr;
68 }
69
70 /**
71 * mei_irq_discard_msg - discard received message
72 *
73 * @dev: mei device
74 * @hdr: message header
75 */
mei_irq_discard_msg(struct mei_device * dev,struct mei_msg_hdr * hdr)76 static void mei_irq_discard_msg(struct mei_device *dev, struct mei_msg_hdr *hdr)
77 {
78 /*
79 * no need to check for size as it is guarantied
80 * that length fits into rd_msg_buf
81 */
82 mei_read_slots(dev, dev->rd_msg_buf, hdr->length);
83 dev_dbg(dev->dev, "discarding message " MEI_HDR_FMT "\n",
84 MEI_HDR_PRM(hdr));
85 }
86
87 /**
88 * mei_cl_irq_read_msg - process client message
89 *
90 * @cl: reading client
91 * @mei_hdr: header of mei client message
92 * @cmpl_list: completion list
93 *
94 * Return: always 0
95 */
mei_cl_irq_read_msg(struct mei_cl * cl,struct mei_msg_hdr * mei_hdr,struct list_head * cmpl_list)96 static int mei_cl_irq_read_msg(struct mei_cl *cl,
97 struct mei_msg_hdr *mei_hdr,
98 struct list_head *cmpl_list)
99 {
100 struct mei_device *dev = cl->dev;
101 struct mei_cl_cb *cb;
102 size_t buf_sz;
103
104 cb = list_first_entry_or_null(&cl->rd_pending, struct mei_cl_cb, list);
105 if (!cb) {
106 if (!mei_cl_is_fixed_address(cl)) {
107 cl_err(dev, cl, "pending read cb not found\n");
108 goto discard;
109 }
110 cb = mei_cl_alloc_cb(cl, mei_cl_mtu(cl), MEI_FOP_READ, cl->fp);
111 if (!cb)
112 goto discard;
113 list_add_tail(&cb->list, &cl->rd_pending);
114 }
115
116 if (!mei_cl_is_connected(cl)) {
117 cl_dbg(dev, cl, "not connected\n");
118 cb->status = -ENODEV;
119 goto discard;
120 }
121
122 buf_sz = mei_hdr->length + cb->buf_idx;
123 /* catch for integer overflow */
124 if (buf_sz < cb->buf_idx) {
125 cl_err(dev, cl, "message is too big len %d idx %zu\n",
126 mei_hdr->length, cb->buf_idx);
127 cb->status = -EMSGSIZE;
128 goto discard;
129 }
130
131 if (cb->buf.size < buf_sz) {
132 cl_dbg(dev, cl, "message overflow. size %zu len %d idx %zu\n",
133 cb->buf.size, mei_hdr->length, cb->buf_idx);
134 cb->status = -EMSGSIZE;
135 goto discard;
136 }
137
138 mei_read_slots(dev, cb->buf.data + cb->buf_idx, mei_hdr->length);
139
140 cb->buf_idx += mei_hdr->length;
141
142 if (mei_hdr->msg_complete) {
143 cl_dbg(dev, cl, "completed read length = %zu\n", cb->buf_idx);
144 list_move_tail(&cb->list, cmpl_list);
145 } else {
146 pm_runtime_mark_last_busy(dev->dev);
147 pm_request_autosuspend(dev->dev);
148 }
149
150 return 0;
151
152 discard:
153 if (cb)
154 list_move_tail(&cb->list, cmpl_list);
155 mei_irq_discard_msg(dev, mei_hdr);
156 return 0;
157 }
158
159 /**
160 * mei_cl_irq_disconnect_rsp - send disconnection response message
161 *
162 * @cl: client
163 * @cb: callback block.
164 * @cmpl_list: complete list.
165 *
166 * Return: 0, OK; otherwise, error.
167 */
mei_cl_irq_disconnect_rsp(struct mei_cl * cl,struct mei_cl_cb * cb,struct list_head * cmpl_list)168 static int mei_cl_irq_disconnect_rsp(struct mei_cl *cl, struct mei_cl_cb *cb,
169 struct list_head *cmpl_list)
170 {
171 struct mei_device *dev = cl->dev;
172 u32 msg_slots;
173 int slots;
174 int ret;
175
176 msg_slots = mei_hbm2slots(sizeof(struct hbm_client_connect_response));
177 slots = mei_hbuf_empty_slots(dev);
178 if (slots < 0)
179 return -EOVERFLOW;
180
181 if ((u32)slots < msg_slots)
182 return -EMSGSIZE;
183
184 ret = mei_hbm_cl_disconnect_rsp(dev, cl);
185 list_move_tail(&cb->list, cmpl_list);
186
187 return ret;
188 }
189
190 /**
191 * mei_cl_irq_read - processes client read related operation from the
192 * interrupt thread context - request for flow control credits
193 *
194 * @cl: client
195 * @cb: callback block.
196 * @cmpl_list: complete list.
197 *
198 * Return: 0, OK; otherwise, error.
199 */
mei_cl_irq_read(struct mei_cl * cl,struct mei_cl_cb * cb,struct list_head * cmpl_list)200 static int mei_cl_irq_read(struct mei_cl *cl, struct mei_cl_cb *cb,
201 struct list_head *cmpl_list)
202 {
203 struct mei_device *dev = cl->dev;
204 u32 msg_slots;
205 int slots;
206 int ret;
207
208 if (!list_empty(&cl->rd_pending))
209 return 0;
210
211 msg_slots = mei_hbm2slots(sizeof(struct hbm_flow_control));
212 slots = mei_hbuf_empty_slots(dev);
213 if (slots < 0)
214 return -EOVERFLOW;
215
216 if ((u32)slots < msg_slots)
217 return -EMSGSIZE;
218
219 ret = mei_hbm_cl_flow_control_req(dev, cl);
220 if (ret) {
221 cl->status = ret;
222 cb->buf_idx = 0;
223 list_move_tail(&cb->list, cmpl_list);
224 return ret;
225 }
226
227 pm_runtime_mark_last_busy(dev->dev);
228 pm_request_autosuspend(dev->dev);
229
230 list_move_tail(&cb->list, &cl->rd_pending);
231
232 return 0;
233 }
234
hdr_is_hbm(struct mei_msg_hdr * mei_hdr)235 static inline bool hdr_is_hbm(struct mei_msg_hdr *mei_hdr)
236 {
237 return mei_hdr->host_addr == 0 && mei_hdr->me_addr == 0;
238 }
239
hdr_is_fixed(struct mei_msg_hdr * mei_hdr)240 static inline bool hdr_is_fixed(struct mei_msg_hdr *mei_hdr)
241 {
242 return mei_hdr->host_addr == 0 && mei_hdr->me_addr != 0;
243 }
244
hdr_is_valid(u32 msg_hdr)245 static inline int hdr_is_valid(u32 msg_hdr)
246 {
247 struct mei_msg_hdr *mei_hdr;
248
249 mei_hdr = (struct mei_msg_hdr *)&msg_hdr;
250 if (!msg_hdr || mei_hdr->reserved)
251 return -EBADMSG;
252
253 return 0;
254 }
255
256 /**
257 * mei_irq_read_handler - bottom half read routine after ISR to
258 * handle the read processing.
259 *
260 * @dev: the device structure
261 * @cmpl_list: An instance of our list structure
262 * @slots: slots to read.
263 *
264 * Return: 0 on success, <0 on failure.
265 */
mei_irq_read_handler(struct mei_device * dev,struct list_head * cmpl_list,s32 * slots)266 int mei_irq_read_handler(struct mei_device *dev,
267 struct list_head *cmpl_list, s32 *slots)
268 {
269 struct mei_msg_hdr *mei_hdr;
270 struct mei_cl *cl;
271 int ret;
272
273 if (!dev->rd_msg_hdr) {
274 dev->rd_msg_hdr = mei_read_hdr(dev);
275 (*slots)--;
276 dev_dbg(dev->dev, "slots =%08x.\n", *slots);
277
278 ret = hdr_is_valid(dev->rd_msg_hdr);
279 if (ret) {
280 dev_err(dev->dev, "corrupted message header 0x%08X\n",
281 dev->rd_msg_hdr);
282 goto end;
283 }
284 }
285
286 mei_hdr = (struct mei_msg_hdr *)&dev->rd_msg_hdr;
287 dev_dbg(dev->dev, MEI_HDR_FMT, MEI_HDR_PRM(mei_hdr));
288
289 if (mei_slots2data(*slots) < mei_hdr->length) {
290 dev_err(dev->dev, "less data available than length=%08x.\n",
291 *slots);
292 /* we can't read the message */
293 ret = -ENODATA;
294 goto end;
295 }
296
297 /* HBM message */
298 if (hdr_is_hbm(mei_hdr)) {
299 ret = mei_hbm_dispatch(dev, mei_hdr);
300 if (ret) {
301 dev_dbg(dev->dev, "mei_hbm_dispatch failed ret = %d\n",
302 ret);
303 goto end;
304 }
305 goto reset_slots;
306 }
307
308 /* find recipient cl */
309 list_for_each_entry(cl, &dev->file_list, link) {
310 if (mei_cl_hbm_equal(cl, mei_hdr)) {
311 cl_dbg(dev, cl, "got a message\n");
312 break;
313 }
314 }
315
316 /* if no recipient cl was found we assume corrupted header */
317 if (&cl->link == &dev->file_list) {
318 /* A message for not connected fixed address clients
319 * should be silently discarded
320 * On power down client may be force cleaned,
321 * silently discard such messages
322 */
323 if (hdr_is_fixed(mei_hdr) ||
324 dev->dev_state == MEI_DEV_POWER_DOWN) {
325 mei_irq_discard_msg(dev, mei_hdr);
326 ret = 0;
327 goto reset_slots;
328 }
329 dev_err(dev->dev, "no destination client found 0x%08X\n",
330 dev->rd_msg_hdr);
331 ret = -EBADMSG;
332 goto end;
333 }
334
335 ret = mei_cl_irq_read_msg(cl, mei_hdr, cmpl_list);
336
337
338 reset_slots:
339 /* reset the number of slots and header */
340 *slots = mei_count_full_read_slots(dev);
341 dev->rd_msg_hdr = 0;
342
343 if (*slots == -EOVERFLOW) {
344 /* overflow - reset */
345 dev_err(dev->dev, "resetting due to slots overflow.\n");
346 /* set the event since message has been read */
347 ret = -ERANGE;
348 goto end;
349 }
350 end:
351 return ret;
352 }
353 EXPORT_SYMBOL_GPL(mei_irq_read_handler);
354
355
356 /**
357 * mei_irq_write_handler - dispatch write requests
358 * after irq received
359 *
360 * @dev: the device structure
361 * @cmpl_list: An instance of our list structure
362 *
363 * Return: 0 on success, <0 on failure.
364 */
mei_irq_write_handler(struct mei_device * dev,struct list_head * cmpl_list)365 int mei_irq_write_handler(struct mei_device *dev, struct list_head *cmpl_list)
366 {
367
368 struct mei_cl *cl;
369 struct mei_cl_cb *cb, *next;
370 s32 slots;
371 int ret;
372
373
374 if (!mei_hbuf_acquire(dev))
375 return 0;
376
377 slots = mei_hbuf_empty_slots(dev);
378 if (slots < 0)
379 return -EOVERFLOW;
380
381 if (slots == 0)
382 return -EMSGSIZE;
383
384 /* complete all waiting for write CB */
385 dev_dbg(dev->dev, "complete all waiting for write cb.\n");
386
387 list_for_each_entry_safe(cb, next, &dev->write_waiting_list, list) {
388 cl = cb->cl;
389
390 cl->status = 0;
391 cl_dbg(dev, cl, "MEI WRITE COMPLETE\n");
392 cl->writing_state = MEI_WRITE_COMPLETE;
393 list_move_tail(&cb->list, cmpl_list);
394 }
395
396 /* complete control write list CB */
397 dev_dbg(dev->dev, "complete control write list cb.\n");
398 list_for_each_entry_safe(cb, next, &dev->ctrl_wr_list, list) {
399 cl = cb->cl;
400 switch (cb->fop_type) {
401 case MEI_FOP_DISCONNECT:
402 /* send disconnect message */
403 ret = mei_cl_irq_disconnect(cl, cb, cmpl_list);
404 if (ret)
405 return ret;
406
407 break;
408 case MEI_FOP_READ:
409 /* send flow control message */
410 ret = mei_cl_irq_read(cl, cb, cmpl_list);
411 if (ret)
412 return ret;
413
414 break;
415 case MEI_FOP_CONNECT:
416 /* connect message */
417 ret = mei_cl_irq_connect(cl, cb, cmpl_list);
418 if (ret)
419 return ret;
420
421 break;
422 case MEI_FOP_DISCONNECT_RSP:
423 /* send disconnect resp */
424 ret = mei_cl_irq_disconnect_rsp(cl, cb, cmpl_list);
425 if (ret)
426 return ret;
427 break;
428
429 case MEI_FOP_NOTIFY_START:
430 case MEI_FOP_NOTIFY_STOP:
431 ret = mei_cl_irq_notify(cl, cb, cmpl_list);
432 if (ret)
433 return ret;
434 break;
435 default:
436 BUG();
437 }
438
439 }
440 /* complete write list CB */
441 dev_dbg(dev->dev, "complete write list cb.\n");
442 list_for_each_entry_safe(cb, next, &dev->write_list, list) {
443 cl = cb->cl;
444 ret = mei_cl_irq_write(cl, cb, cmpl_list);
445 if (ret)
446 return ret;
447 }
448 return 0;
449 }
450 EXPORT_SYMBOL_GPL(mei_irq_write_handler);
451
452
453 /**
454 * mei_connect_timeout - connect/disconnect timeouts
455 *
456 * @cl: host client
457 */
mei_connect_timeout(struct mei_cl * cl)458 static void mei_connect_timeout(struct mei_cl *cl)
459 {
460 struct mei_device *dev = cl->dev;
461
462 if (cl->state == MEI_FILE_CONNECTING) {
463 if (dev->hbm_f_dot_supported) {
464 cl->state = MEI_FILE_DISCONNECT_REQUIRED;
465 wake_up(&cl->wait);
466 return;
467 }
468 }
469 mei_reset(dev);
470 }
471
472 #define MEI_STALL_TIMER_FREQ (2 * HZ)
473 /**
474 * mei_schedule_stall_timer - re-arm stall_timer work
475 *
476 * Schedule stall timer
477 *
478 * @dev: the device structure
479 */
mei_schedule_stall_timer(struct mei_device * dev)480 void mei_schedule_stall_timer(struct mei_device *dev)
481 {
482 schedule_delayed_work(&dev->timer_work, MEI_STALL_TIMER_FREQ);
483 }
484
485 /**
486 * mei_timer - timer function.
487 *
488 * @work: pointer to the work_struct structure
489 *
490 */
mei_timer(struct work_struct * work)491 void mei_timer(struct work_struct *work)
492 {
493 struct mei_cl *cl;
494 struct mei_device *dev = container_of(work,
495 struct mei_device, timer_work.work);
496 bool reschedule_timer = false;
497
498 mutex_lock(&dev->device_lock);
499
500 /* Catch interrupt stalls during HBM init handshake */
501 if (dev->dev_state == MEI_DEV_INIT_CLIENTS &&
502 dev->hbm_state != MEI_HBM_IDLE) {
503
504 if (dev->init_clients_timer) {
505 if (--dev->init_clients_timer == 0) {
506 dev_err(dev->dev, "timer: init clients timeout hbm_state = %d.\n",
507 dev->hbm_state);
508 mei_reset(dev);
509 goto out;
510 }
511 reschedule_timer = true;
512 }
513 }
514
515 if (dev->dev_state != MEI_DEV_ENABLED)
516 goto out;
517
518 /*** connect/disconnect timeouts ***/
519 list_for_each_entry(cl, &dev->file_list, link) {
520 if (cl->timer_count) {
521 if (--cl->timer_count == 0) {
522 dev_err(dev->dev, "timer: connect/disconnect timeout.\n");
523 mei_connect_timeout(cl);
524 goto out;
525 }
526 reschedule_timer = true;
527 }
528 }
529
530 out:
531 if (dev->dev_state != MEI_DEV_DISABLED && reschedule_timer)
532 mei_schedule_stall_timer(dev);
533
534 mutex_unlock(&dev->device_lock);
535 }
536