1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (c) 2003-2018, Intel Corporation. All rights reserved.
4 * Intel Management Engine Interface (Intel MEI) Linux driver
7 #include <linux/export.h>
8 #include <linux/kthread.h>
9 #include <linux/interrupt.h>
11 #include <linux/jiffies.h>
12 #include <linux/slab.h>
13 #include <linux/pm_runtime.h>
15 #include <linux/mei.h>
23 * mei_irq_compl_handler - dispatch complete handlers
24 * for the completed callbacks
27 * @cmpl_list: list of completed cbs
29 void mei_irq_compl_handler(struct mei_device *dev, struct list_head *cmpl_list)
31 struct mei_cl_cb *cb, *next;
34 list_for_each_entry_safe(cb, next, cmpl_list, list) {
36 list_del_init(&cb->list);
38 dev_dbg(dev->dev, "completing call back.\n");
39 mei_cl_complete(cl, cb);
42 EXPORT_SYMBOL_GPL(mei_irq_compl_handler);
45 * mei_cl_hbm_equal - check if hbm is addressed to the client
48 * @mei_hdr: header of mei client message
50 * Return: true if matches, false otherwise
52 static inline int mei_cl_hbm_equal(struct mei_cl *cl,
53 struct mei_msg_hdr *mei_hdr)
55 return mei_cl_host_addr(cl) == mei_hdr->host_addr &&
56 mei_cl_me_id(cl) == mei_hdr->me_addr;
60 * mei_irq_discard_msg - discard received message
63 * @hdr: message header
64 * @discard_len: the length of the message to discard (excluding header)
66 static void mei_irq_discard_msg(struct mei_device *dev, struct mei_msg_hdr *hdr,
70 mei_dma_ring_read(dev, NULL,
71 hdr->extension[dev->rd_msg_hdr_count - 2]);
75 * no need to check for size as it is guaranteed
76 * that length fits into rd_msg_buf
78 mei_read_slots(dev, dev->rd_msg_buf, discard_len);
79 dev_dbg(dev->dev, "discarding message " MEI_HDR_FMT "\n",
84 * mei_cl_irq_read_msg - process client message
87 * @mei_hdr: header of mei client message
88 * @meta: extend meta header
89 * @cmpl_list: completion list
93 static int mei_cl_irq_read_msg(struct mei_cl *cl,
94 struct mei_msg_hdr *mei_hdr,
95 struct mei_ext_meta_hdr *meta,
96 struct list_head *cmpl_list)
98 struct mei_device *dev = cl->dev;
101 struct mei_ext_hdr_vtag *vtag_hdr = NULL;
102 struct mei_ext_hdr_gsc_f2h *gsc_f2h = NULL;
108 length = mei_hdr->length;
110 if (mei_hdr->extended) {
111 ext_len = sizeof(*meta) + mei_slots2data(meta->size);
115 cb = list_first_entry_or_null(&cl->rd_pending, struct mei_cl_cb, list);
117 if (!mei_cl_is_fixed_address(cl)) {
118 cl_err(dev, cl, "pending read cb not found\n");
121 cb = mei_cl_alloc_cb(cl, mei_cl_mtu(cl), MEI_FOP_READ, cl->fp);
124 list_add_tail(&cb->list, &cl->rd_pending);
127 if (mei_hdr->extended) {
128 struct mei_ext_hdr *ext = mei_ext_begin(meta);
131 case MEI_EXT_HDR_VTAG:
132 vtag_hdr = (struct mei_ext_hdr_vtag *)ext;
134 case MEI_EXT_HDR_GSC:
135 gsc_f2h = (struct mei_ext_hdr_gsc_f2h *)ext;
136 cb->ext_hdr = kzalloc(sizeof(*gsc_f2h), GFP_KERNEL);
138 cb->status = -ENOMEM;
142 case MEI_EXT_HDR_NONE:
145 cl_err(dev, cl, "unknown extended header\n");
146 cb->status = -EPROTO;
150 ext = mei_ext_next(ext);
151 } while (!mei_ext_last(meta, ext));
153 if (!vtag_hdr && !gsc_f2h) {
154 cl_dbg(dev, cl, "no vtag or gsc found in extended header.\n");
155 cb->status = -EPROTO;
161 cl_dbg(dev, cl, "vtag: %d\n", vtag_hdr->vtag);
162 if (cb->vtag && cb->vtag != vtag_hdr->vtag) {
163 cl_err(dev, cl, "mismatched tag: %d != %d\n",
164 cb->vtag, vtag_hdr->vtag);
165 cb->status = -EPROTO;
168 cb->vtag = vtag_hdr->vtag;
172 u32 ext_hdr_len = mei_ext_hdr_len(&gsc_f2h->hdr);
174 if (!dev->hbm_f_gsc_supported) {
175 cl_err(dev, cl, "gsc extended header is not supported\n");
176 cb->status = -EPROTO;
181 cl_err(dev, cl, "no data allowed in cb with gsc\n");
182 cb->status = -EPROTO;
185 if (ext_hdr_len > sizeof(*gsc_f2h)) {
186 cl_err(dev, cl, "gsc extended header is too big %u\n", ext_hdr_len);
187 cb->status = -EPROTO;
190 memcpy(cb->ext_hdr, gsc_f2h, ext_hdr_len);
193 if (!mei_cl_is_connected(cl)) {
194 cl_dbg(dev, cl, "not connected\n");
195 cb->status = -ENODEV;
199 if (mei_hdr->dma_ring)
200 length = mei_hdr->extension[mei_data2slots(ext_len)];
202 buf_sz = length + cb->buf_idx;
203 /* catch for integer overflow */
204 if (buf_sz < cb->buf_idx) {
205 cl_err(dev, cl, "message is too big len %d idx %zu\n",
206 length, cb->buf_idx);
207 cb->status = -EMSGSIZE;
211 if (cb->buf.size < buf_sz) {
212 cl_dbg(dev, cl, "message overflow. size %zu len %d idx %zu\n",
213 cb->buf.size, length, cb->buf_idx);
214 cb->status = -EMSGSIZE;
218 if (mei_hdr->dma_ring) {
219 mei_dma_ring_read(dev, cb->buf.data + cb->buf_idx, length);
220 /* for DMA read 0 length to generate interrupt to the device */
221 mei_read_slots(dev, cb->buf.data + cb->buf_idx, 0);
223 mei_read_slots(dev, cb->buf.data + cb->buf_idx, length);
226 cb->buf_idx += length;
228 if (mei_hdr->msg_complete) {
229 cl_dbg(dev, cl, "completed read length = %zu\n", cb->buf_idx);
230 list_move_tail(&cb->list, cmpl_list);
232 pm_runtime_mark_last_busy(dev->dev);
233 pm_request_autosuspend(dev->dev);
240 list_move_tail(&cb->list, cmpl_list);
241 mei_irq_discard_msg(dev, mei_hdr, length);
246 * mei_cl_irq_disconnect_rsp - send disconnection response message
249 * @cb: callback block.
250 * @cmpl_list: complete list.
252 * Return: 0, OK; otherwise, error.
254 static int mei_cl_irq_disconnect_rsp(struct mei_cl *cl, struct mei_cl_cb *cb,
255 struct list_head *cmpl_list)
257 struct mei_device *dev = cl->dev;
262 msg_slots = mei_hbm2slots(sizeof(struct hbm_client_connect_response));
263 slots = mei_hbuf_empty_slots(dev);
267 if ((u32)slots < msg_slots)
270 ret = mei_hbm_cl_disconnect_rsp(dev, cl);
271 list_move_tail(&cb->list, cmpl_list);
277 * mei_cl_irq_read - processes client read related operation from the
278 * interrupt thread context - request for flow control credits
281 * @cb: callback block.
282 * @cmpl_list: complete list.
284 * Return: 0, OK; otherwise, error.
286 static int mei_cl_irq_read(struct mei_cl *cl, struct mei_cl_cb *cb,
287 struct list_head *cmpl_list)
289 struct mei_device *dev = cl->dev;
294 if (!list_empty(&cl->rd_pending))
297 msg_slots = mei_hbm2slots(sizeof(struct hbm_flow_control));
298 slots = mei_hbuf_empty_slots(dev);
302 if ((u32)slots < msg_slots)
305 ret = mei_hbm_cl_flow_control_req(dev, cl);
309 list_move_tail(&cb->list, cmpl_list);
313 pm_runtime_mark_last_busy(dev->dev);
314 pm_request_autosuspend(dev->dev);
316 list_move_tail(&cb->list, &cl->rd_pending);
321 static inline bool hdr_is_hbm(struct mei_msg_hdr *mei_hdr)
323 return mei_hdr->host_addr == 0 && mei_hdr->me_addr == 0;
326 static inline bool hdr_is_fixed(struct mei_msg_hdr *mei_hdr)
328 return mei_hdr->host_addr == 0 && mei_hdr->me_addr != 0;
331 static inline int hdr_is_valid(u32 msg_hdr)
333 struct mei_msg_hdr *mei_hdr;
334 u32 expected_len = 0;
336 mei_hdr = (struct mei_msg_hdr *)&msg_hdr;
337 if (!msg_hdr || mei_hdr->reserved)
340 if (mei_hdr->dma_ring)
341 expected_len += MEI_SLOT_SIZE;
342 if (mei_hdr->extended)
343 expected_len += MEI_SLOT_SIZE;
344 if (mei_hdr->length < expected_len)
351 * mei_irq_read_handler - bottom half read routine after ISR to
352 * handle the read processing.
354 * @dev: the device structure
355 * @cmpl_list: An instance of our list structure
356 * @slots: slots to read.
358 * Return: 0 on success, <0 on failure.
360 int mei_irq_read_handler(struct mei_device *dev,
361 struct list_head *cmpl_list, s32 *slots)
363 struct mei_msg_hdr *mei_hdr;
364 struct mei_ext_meta_hdr *meta_hdr = NULL;
372 if (!dev->rd_msg_hdr[0]) {
373 dev->rd_msg_hdr[0] = mei_read_hdr(dev);
374 dev->rd_msg_hdr_count = 1;
376 dev_dbg(dev->dev, "slots =%08x.\n", *slots);
378 ret = hdr_is_valid(dev->rd_msg_hdr[0]);
380 dev_err(dev->dev, "corrupted message header 0x%08X\n",
386 mei_hdr = (struct mei_msg_hdr *)dev->rd_msg_hdr;
387 dev_dbg(dev->dev, MEI_HDR_FMT, MEI_HDR_PRM(mei_hdr));
389 if (mei_slots2data(*slots) < mei_hdr->length) {
390 dev_err(dev->dev, "less data available than length=%08x.\n",
392 /* we can't read the message */
398 hdr_size_left = mei_hdr->length;
400 if (mei_hdr->extended) {
401 if (!dev->rd_msg_hdr[1]) {
402 dev->rd_msg_hdr[1] = mei_read_hdr(dev);
403 dev->rd_msg_hdr_count++;
405 dev_dbg(dev->dev, "extended header is %08x\n", dev->rd_msg_hdr[1]);
407 meta_hdr = ((struct mei_ext_meta_hdr *)&dev->rd_msg_hdr[1]);
408 if (check_add_overflow((u32)sizeof(*meta_hdr),
409 mei_slots2data(meta_hdr->size),
411 dev_err(dev->dev, "extended message size too big %d\n",
415 if (hdr_size_left < hdr_size_ext) {
416 dev_err(dev->dev, "corrupted message header len %d\n",
420 hdr_size_left -= hdr_size_ext;
422 ext_hdr_end = meta_hdr->size + 2;
423 for (i = dev->rd_msg_hdr_count; i < ext_hdr_end; i++) {
424 dev->rd_msg_hdr[i] = mei_read_hdr(dev);
425 dev_dbg(dev->dev, "extended header %d is %08x\n", i,
427 dev->rd_msg_hdr_count++;
432 if (mei_hdr->dma_ring) {
433 if (hdr_size_left != sizeof(dev->rd_msg_hdr[ext_hdr_end])) {
434 dev_err(dev->dev, "corrupted message header len %d\n",
439 dev->rd_msg_hdr[ext_hdr_end] = mei_read_hdr(dev);
440 dev->rd_msg_hdr_count++;
442 mei_hdr->length -= sizeof(dev->rd_msg_hdr[ext_hdr_end]);
446 if (hdr_is_hbm(mei_hdr)) {
447 ret = mei_hbm_dispatch(dev, mei_hdr);
449 dev_dbg(dev->dev, "mei_hbm_dispatch failed ret = %d\n",
456 /* find recipient cl */
457 list_for_each_entry(cl, &dev->file_list, link) {
458 if (mei_cl_hbm_equal(cl, mei_hdr)) {
459 cl_dbg(dev, cl, "got a message\n");
460 ret = mei_cl_irq_read_msg(cl, mei_hdr, meta_hdr, cmpl_list);
465 /* if no recipient cl was found we assume corrupted header */
466 /* A message for not connected fixed address clients
467 * should be silently discarded
468 * On power down client may be force cleaned,
469 * silently discard such messages
471 if (hdr_is_fixed(mei_hdr) ||
472 dev->dev_state == MEI_DEV_POWER_DOWN) {
473 mei_irq_discard_msg(dev, mei_hdr, mei_hdr->length);
477 dev_err(dev->dev, "no destination client found 0x%08X\n", dev->rd_msg_hdr[0]);
482 /* reset the number of slots and header */
483 memset(dev->rd_msg_hdr, 0, sizeof(dev->rd_msg_hdr));
484 dev->rd_msg_hdr_count = 0;
485 *slots = mei_count_full_read_slots(dev);
486 if (*slots == -EOVERFLOW) {
487 /* overflow - reset */
488 dev_err(dev->dev, "resetting due to slots overflow.\n");
489 /* set the event since message has been read */
496 EXPORT_SYMBOL_GPL(mei_irq_read_handler);
500 * mei_irq_write_handler - dispatch write requests
503 * @dev: the device structure
504 * @cmpl_list: An instance of our list structure
506 * Return: 0 on success, <0 on failure.
508 int mei_irq_write_handler(struct mei_device *dev, struct list_head *cmpl_list)
512 struct mei_cl_cb *cb, *next;
517 if (!mei_hbuf_acquire(dev))
520 slots = mei_hbuf_empty_slots(dev);
527 /* complete all waiting for write CB */
528 dev_dbg(dev->dev, "complete all waiting for write cb.\n");
530 list_for_each_entry_safe(cb, next, &dev->write_waiting_list, list) {
534 cl_dbg(dev, cl, "MEI WRITE COMPLETE\n");
535 cl->writing_state = MEI_WRITE_COMPLETE;
536 list_move_tail(&cb->list, cmpl_list);
539 /* complete control write list CB */
540 dev_dbg(dev->dev, "complete control write list cb.\n");
541 list_for_each_entry_safe(cb, next, &dev->ctrl_wr_list, list) {
543 switch (cb->fop_type) {
544 case MEI_FOP_DISCONNECT:
545 /* send disconnect message */
546 ret = mei_cl_irq_disconnect(cl, cb, cmpl_list);
552 /* send flow control message */
553 ret = mei_cl_irq_read(cl, cb, cmpl_list);
558 case MEI_FOP_CONNECT:
559 /* connect message */
560 ret = mei_cl_irq_connect(cl, cb, cmpl_list);
565 case MEI_FOP_DISCONNECT_RSP:
566 /* send disconnect resp */
567 ret = mei_cl_irq_disconnect_rsp(cl, cb, cmpl_list);
572 case MEI_FOP_NOTIFY_START:
573 case MEI_FOP_NOTIFY_STOP:
574 ret = mei_cl_irq_notify(cl, cb, cmpl_list);
578 case MEI_FOP_DMA_MAP:
579 ret = mei_cl_irq_dma_map(cl, cb, cmpl_list);
583 case MEI_FOP_DMA_UNMAP:
584 ret = mei_cl_irq_dma_unmap(cl, cb, cmpl_list);
593 /* complete write list CB */
594 dev_dbg(dev->dev, "complete write list cb.\n");
595 list_for_each_entry_safe(cb, next, &dev->write_list, list) {
597 ret = mei_cl_irq_write(cl, cb, cmpl_list);
603 EXPORT_SYMBOL_GPL(mei_irq_write_handler);
607 * mei_connect_timeout - connect/disconnect timeouts
611 static void mei_connect_timeout(struct mei_cl *cl)
613 struct mei_device *dev = cl->dev;
615 if (cl->state == MEI_FILE_CONNECTING) {
616 if (dev->hbm_f_dot_supported) {
617 cl->state = MEI_FILE_DISCONNECT_REQUIRED;
625 #define MEI_STALL_TIMER_FREQ (2 * HZ)
627 * mei_schedule_stall_timer - re-arm stall_timer work
629 * @dev: the device structure
631 * Schedule stall timer
633 void mei_schedule_stall_timer(struct mei_device *dev)
635 schedule_delayed_work(&dev->timer_work, MEI_STALL_TIMER_FREQ);
639 * mei_timer - timer function.
641 * @work: pointer to the work_struct structure
644 void mei_timer(struct work_struct *work)
647 struct mei_device *dev = container_of(work,
648 struct mei_device, timer_work.work);
649 bool reschedule_timer = false;
651 mutex_lock(&dev->device_lock);
653 /* Catch interrupt stalls during HBM init handshake */
654 if (dev->dev_state == MEI_DEV_INIT_CLIENTS &&
655 dev->hbm_state != MEI_HBM_IDLE) {
657 if (dev->init_clients_timer) {
658 if (--dev->init_clients_timer == 0) {
659 dev_err(dev->dev, "timer: init clients timeout hbm_state = %d.\n",
664 reschedule_timer = true;
668 if (dev->dev_state != MEI_DEV_ENABLED)
671 /*** connect/disconnect timeouts ***/
672 list_for_each_entry(cl, &dev->file_list, link) {
673 if (cl->timer_count) {
674 if (--cl->timer_count == 0) {
675 dev_err(dev->dev, "timer: connect/disconnect timeout.\n");
676 mei_connect_timeout(cl);
679 reschedule_timer = true;
684 if (dev->dev_state != MEI_DEV_DISABLED && reschedule_timer)
685 mei_schedule_stall_timer(dev);
687 mutex_unlock(&dev->device_lock);
projects / linux-modified.git / blob