linux/drivers/misc/mei/interrupt.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * Copyright (c) 2003-2018, Intel Corporation. All rights reserved.
   4 * Intel Management Engine Interface (Intel MEI) Linux driver
   5 */
   6
   7#include <linux/export.h>
   8#include <linux/kthread.h>
   9#include <linux/interrupt.h>
  10#include <linux/fs.h>
  11#include <linux/jiffies.h>
  12#include <linux/slab.h>
  13#include <linux/pm_runtime.h>
  14
  15#include <linux/mei.h>
  16
  17#include "mei_dev.h"
  18#include "hbm.h"
  19#include "client.h"
  20
  21
  22/**
  23 * mei_irq_compl_handler - dispatch complete handlers
  24 *      for the completed callbacks
  25 *
  26 * @dev: mei device
  27 * @cmpl_list: list of completed cbs
  28 */
  29void mei_irq_compl_handler(struct mei_device *dev, struct list_head *cmpl_list)
  30{
  31        struct mei_cl_cb *cb, *next;
  32        struct mei_cl *cl;
  33
  34        list_for_each_entry_safe(cb, next, cmpl_list, list) {
  35                cl = cb->cl;
  36                list_del_init(&cb->list);
  37
  38                dev_dbg(dev->dev, "completing call back.\n");
  39                mei_cl_complete(cl, cb);
  40        }
  41}
  42EXPORT_SYMBOL_GPL(mei_irq_compl_handler);
  43
  44/**
  45 * mei_cl_hbm_equal - check if hbm is addressed to the client
  46 *
  47 * @cl: host client
  48 * @mei_hdr: header of mei client message
  49 *
  50 * Return: true if matches, false otherwise
  51 */
  52static inline int mei_cl_hbm_equal(struct mei_cl *cl,
  53                        struct mei_msg_hdr *mei_hdr)
  54{
  55        return  mei_cl_host_addr(cl) == mei_hdr->host_addr &&
  56                mei_cl_me_id(cl) == mei_hdr->me_addr;
  57}
  58
  59/**
  60 * mei_irq_discard_msg  - discard received message
  61 *
  62 * @dev: mei device
  63 * @hdr: message header
  64 * @discard_len: the length of the message to discard (excluding header)
  65 */
  66static void mei_irq_discard_msg(struct mei_device *dev, struct mei_msg_hdr *hdr,
  67                                size_t discard_len)
  68{
  69        if (hdr->dma_ring) {
  70                mei_dma_ring_read(dev, NULL,
  71                                  hdr->extension[dev->rd_msg_hdr_count - 2]);
  72                discard_len = 0;
  73        }
  74        /*
  75         * no need to check for size as it is guarantied
  76         * that length fits into rd_msg_buf
  77         */
  78        mei_read_slots(dev, dev->rd_msg_buf, discard_len);
  79        dev_dbg(dev->dev, "discarding message " MEI_HDR_FMT "\n",
  80                MEI_HDR_PRM(hdr));
  81}
  82
  83/**
  84 * mei_cl_irq_read_msg - process client message
  85 *
  86 * @cl: reading client
  87 * @mei_hdr: header of mei client message
  88 * @meta: extend meta header
  89 * @cmpl_list: completion list
  90 *
  91 * Return: always 0
  92 */
  93static int mei_cl_irq_read_msg(struct mei_cl *cl,
  94                               struct mei_msg_hdr *mei_hdr,
  95                               struct mei_ext_meta_hdr *meta,
  96                               struct list_head *cmpl_list)
  97{
  98        struct mei_device *dev = cl->dev;
  99        struct mei_cl_cb *cb;
 100
 101        size_t buf_sz;
 102        u32 length;
 103        int ext_len;
 104
 105        length = mei_hdr->length;
 106        ext_len = 0;
 107        if (mei_hdr->extended) {
 108                ext_len = sizeof(*meta) + mei_slots2data(meta->size);
 109                length -= ext_len;
 110        }
 111
 112        cb = list_first_entry_or_null(&cl->rd_pending, struct mei_cl_cb, list);
 113        if (!cb) {
 114                if (!mei_cl_is_fixed_address(cl)) {
 115                        cl_err(dev, cl, "pending read cb not found\n");
 116                        goto discard;
 117                }
 118                cb = mei_cl_alloc_cb(cl, mei_cl_mtu(cl), MEI_FOP_READ, cl->fp);
 119                if (!cb)
 120                        goto discard;
 121                list_add_tail(&cb->list, &cl->rd_pending);
 122        }
 123
 124        if (mei_hdr->extended) {
 125                struct mei_ext_hdr *ext;
 126                struct mei_ext_hdr *vtag = NULL;
 127
 128                ext = mei_ext_begin(meta);
 129                do {
 130                        switch (ext->type) {
 131                        case MEI_EXT_HDR_VTAG:
 132                                vtag = ext;
 133                                break;
 134                        case MEI_EXT_HDR_NONE:
 135                                fallthrough;
 136                        default:
 137                                cb->status = -EPROTO;
 138                                break;
 139                        }
 140
 141                        ext = mei_ext_next(ext);
 142                } while (!mei_ext_last(meta, ext));
 143
 144                if (!vtag) {
 145                        cl_dbg(dev, cl, "vtag not found in extended header.\n");
 146                        cb->status = -EPROTO;
 147                        goto discard;
 148                }
 149
 150                cl_dbg(dev, cl, "vtag: %d\n", vtag->ext_payload[0]);
 151                if (cb->vtag && cb->vtag != vtag->ext_payload[0]) {
 152                        cl_err(dev, cl, "mismatched tag: %d != %d\n",
 153                               cb->vtag, vtag->ext_payload[0]);
 154                        cb->status = -EPROTO;
 155                        goto discard;
 156                }
 157                cb->vtag = vtag->ext_payload[0];
 158        }
 159
 160        if (!mei_cl_is_connected(cl)) {
 161                cl_dbg(dev, cl, "not connected\n");
 162                cb->status = -ENODEV;
 163                goto discard;
 164        }
 165
 166        if (mei_hdr->dma_ring)
 167                length = mei_hdr->extension[mei_data2slots(ext_len)];
 168
 169        buf_sz = length + cb->buf_idx;
 170        /* catch for integer overflow */
 171        if (buf_sz < cb->buf_idx) {
 172                cl_err(dev, cl, "message is too big len %d idx %zu\n",
 173                       length, cb->buf_idx);
 174                cb->status = -EMSGSIZE;
 175                goto discard;
 176        }
 177
 178        if (cb->buf.size < buf_sz) {
 179                cl_dbg(dev, cl, "message overflow. size %zu len %d idx %zu\n",
 180                        cb->buf.size, length, cb->buf_idx);
 181                cb->status = -EMSGSIZE;
 182                goto discard;
 183        }
 184
 185        if (mei_hdr->dma_ring) {
 186                mei_dma_ring_read(dev, cb->buf.data + cb->buf_idx, length);
 187                /*  for DMA read 0 length to generate interrupt to the device */
 188                mei_read_slots(dev, cb->buf.data + cb->buf_idx, 0);
 189        } else {
 190                mei_read_slots(dev, cb->buf.data + cb->buf_idx, length);
 191        }
 192
 193        cb->buf_idx += length;
 194
 195        if (mei_hdr->msg_complete) {
 196                cl_dbg(dev, cl, "completed read length = %zu\n", cb->buf_idx);
 197                list_move_tail(&cb->list, cmpl_list);
 198        } else {
 199                pm_runtime_mark_last_busy(dev->dev);
 200                pm_request_autosuspend(dev->dev);
 201        }
 202
 203        return 0;
 204
 205discard:
 206        if (cb)
 207                list_move_tail(&cb->list, cmpl_list);
 208        mei_irq_discard_msg(dev, mei_hdr, length);
 209        return 0;
 210}
 211
 212/**
 213 * mei_cl_irq_disconnect_rsp - send disconnection response message
 214 *
 215 * @cl: client
 216 * @cb: callback block.
 217 * @cmpl_list: complete list.
 218 *
 219 * Return: 0, OK; otherwise, error.
 220 */
 221static int mei_cl_irq_disconnect_rsp(struct mei_cl *cl, struct mei_cl_cb *cb,
 222                                     struct list_head *cmpl_list)
 223{
 224        struct mei_device *dev = cl->dev;
 225        u32 msg_slots;
 226        int slots;
 227        int ret;
 228
 229        msg_slots = mei_hbm2slots(sizeof(struct hbm_client_connect_response));
 230        slots = mei_hbuf_empty_slots(dev);
 231        if (slots < 0)
 232                return -EOVERFLOW;
 233
 234        if ((u32)slots < msg_slots)
 235                return -EMSGSIZE;
 236
 237        ret = mei_hbm_cl_disconnect_rsp(dev, cl);
 238        list_move_tail(&cb->list, cmpl_list);
 239
 240        return ret;
 241}
 242
 243/**
 244 * mei_cl_irq_read - processes client read related operation from the
 245 *      interrupt thread context - request for flow control credits
 246 *
 247 * @cl: client
 248 * @cb: callback block.
 249 * @cmpl_list: complete list.
 250 *
 251 * Return: 0, OK; otherwise, error.
 252 */
 253static int mei_cl_irq_read(struct mei_cl *cl, struct mei_cl_cb *cb,
 254                           struct list_head *cmpl_list)
 255{
 256        struct mei_device *dev = cl->dev;
 257        u32 msg_slots;
 258        int slots;
 259        int ret;
 260
 261        if (!list_empty(&cl->rd_pending))
 262                return 0;
 263
 264        msg_slots = mei_hbm2slots(sizeof(struct hbm_flow_control));
 265        slots = mei_hbuf_empty_slots(dev);
 266        if (slots < 0)
 267                return -EOVERFLOW;
 268
 269        if ((u32)slots < msg_slots)
 270                return -EMSGSIZE;
 271
 272        ret = mei_hbm_cl_flow_control_req(dev, cl);
 273        if (ret) {
 274                cl->status = ret;
 275                cb->buf_idx = 0;
 276                list_move_tail(&cb->list, cmpl_list);
 277                return ret;
 278        }
 279
 280        pm_runtime_mark_last_busy(dev->dev);
 281        pm_request_autosuspend(dev->dev);
 282
 283        list_move_tail(&cb->list, &cl->rd_pending);
 284
 285        return 0;
 286}
 287
 288static inline bool hdr_is_hbm(struct mei_msg_hdr *mei_hdr)
 289{
 290        return mei_hdr->host_addr == 0 && mei_hdr->me_addr == 0;
 291}
 292
 293static inline bool hdr_is_fixed(struct mei_msg_hdr *mei_hdr)
 294{
 295        return mei_hdr->host_addr == 0 && mei_hdr->me_addr != 0;
 296}
 297
 298static inline int hdr_is_valid(u32 msg_hdr)
 299{
 300        struct mei_msg_hdr *mei_hdr;
 301        u32 expected_len = 0;
 302
 303        mei_hdr = (struct mei_msg_hdr *)&msg_hdr;
 304        if (!msg_hdr || mei_hdr->reserved)
 305                return -EBADMSG;
 306
 307        if (mei_hdr->dma_ring)
 308                expected_len += MEI_SLOT_SIZE;
 309        if (mei_hdr->extended)
 310                expected_len += MEI_SLOT_SIZE;
 311        if (mei_hdr->length < expected_len)
 312                return -EBADMSG;
 313
 314        return 0;
 315}
 316
 317/**
 318 * mei_irq_read_handler - bottom half read routine after ISR to
 319 * handle the read processing.
 320 *
 321 * @dev: the device structure
 322 * @cmpl_list: An instance of our list structure
 323 * @slots: slots to read.
 324 *
 325 * Return: 0 on success, <0 on failure.
 326 */
 327int mei_irq_read_handler(struct mei_device *dev,
 328                         struct list_head *cmpl_list, s32 *slots)
 329{
 330        struct mei_msg_hdr *mei_hdr;
 331        struct mei_ext_meta_hdr *meta_hdr = NULL;
 332        struct mei_cl *cl;
 333        int ret;
 334        u32 ext_meta_hdr_u32;
 335        u32 hdr_size_left;
 336        u32 hdr_size_ext;
 337        int i;
 338        int ext_hdr_end;
 339
 340        if (!dev->rd_msg_hdr[0]) {
 341                dev->rd_msg_hdr[0] = mei_read_hdr(dev);
 342                dev->rd_msg_hdr_count = 1;
 343                (*slots)--;
 344                dev_dbg(dev->dev, "slots =%08x.\n", *slots);
 345
 346                ret = hdr_is_valid(dev->rd_msg_hdr[0]);
 347                if (ret) {
 348                        dev_err(dev->dev, "corrupted message header 0x%08X\n",
 349                                dev->rd_msg_hdr[0]);
 350                        goto end;
 351                }
 352        }
 353
 354        mei_hdr = (struct mei_msg_hdr *)dev->rd_msg_hdr;
 355        dev_dbg(dev->dev, MEI_HDR_FMT, MEI_HDR_PRM(mei_hdr));
 356
 357        if (mei_slots2data(*slots) < mei_hdr->length) {
 358                dev_err(dev->dev, "less data available than length=%08x.\n",
 359                                *slots);
 360                /* we can't read the message */
 361                ret = -ENODATA;
 362                goto end;
 363        }
 364
 365        ext_hdr_end = 1;
 366        hdr_size_left = mei_hdr->length;
 367
 368        if (mei_hdr->extended) {
 369                if (!dev->rd_msg_hdr[1]) {
 370                        ext_meta_hdr_u32 = mei_read_hdr(dev);
 371                        dev->rd_msg_hdr[1] = ext_meta_hdr_u32;
 372                        dev->rd_msg_hdr_count++;
 373                        (*slots)--;
 374                        dev_dbg(dev->dev, "extended header is %08x\n",
 375                                ext_meta_hdr_u32);
 376                }
 377                meta_hdr = ((struct mei_ext_meta_hdr *)dev->rd_msg_hdr + 1);
 378                if (check_add_overflow((u32)sizeof(*meta_hdr),
 379                                       mei_slots2data(meta_hdr->size),
 380                                       &hdr_size_ext)) {
 381                        dev_err(dev->dev, "extended message size too big %d\n",
 382                                meta_hdr->size);
 383                        return -EBADMSG;
 384                }
 385                if (hdr_size_left < hdr_size_ext) {
 386                        dev_err(dev->dev, "corrupted message header len %d\n",
 387                                mei_hdr->length);
 388                        return -EBADMSG;
 389                }
 390                hdr_size_left -= hdr_size_ext;
 391
 392                ext_hdr_end = meta_hdr->size + 2;
 393                for (i = dev->rd_msg_hdr_count; i < ext_hdr_end; i++) {
 394                        dev->rd_msg_hdr[i] = mei_read_hdr(dev);
 395                        dev_dbg(dev->dev, "extended header %d is %08x\n", i,
 396                                dev->rd_msg_hdr[i]);
 397                        dev->rd_msg_hdr_count++;
 398                        (*slots)--;
 399                }
 400        }
 401
 402        if (mei_hdr->dma_ring) {
 403                if (hdr_size_left != sizeof(dev->rd_msg_hdr[ext_hdr_end])) {
 404                        dev_err(dev->dev, "corrupted message header len %d\n",
 405                                mei_hdr->length);
 406                        return -EBADMSG;
 407                }
 408
 409                dev->rd_msg_hdr[ext_hdr_end] = mei_read_hdr(dev);
 410                dev->rd_msg_hdr_count++;
 411                (*slots)--;
 412                mei_hdr->length -= sizeof(dev->rd_msg_hdr[ext_hdr_end]);
 413        }
 414
 415        /*  HBM message */
 416        if (hdr_is_hbm(mei_hdr)) {
 417                ret = mei_hbm_dispatch(dev, mei_hdr);
 418                if (ret) {
 419                        dev_dbg(dev->dev, "mei_hbm_dispatch failed ret = %d\n",
 420                                        ret);
 421                        goto end;
 422                }
 423                goto reset_slots;
 424        }
 425
 426        /* find recipient cl */
 427        list_for_each_entry(cl, &dev->file_list, link) {
 428                if (mei_cl_hbm_equal(cl, mei_hdr)) {
 429                        cl_dbg(dev, cl, "got a message\n");
 430                        break;
 431                }
 432        }
 433
 434        /* if no recipient cl was found we assume corrupted header */
 435        if (&cl->link == &dev->file_list) {
 436                /* A message for not connected fixed address clients
 437                 * should be silently discarded
 438                 * On power down client may be force cleaned,
 439                 * silently discard such messages
 440                 */
 441                if (hdr_is_fixed(mei_hdr) ||
 442                    dev->dev_state == MEI_DEV_POWER_DOWN) {
 443                        mei_irq_discard_msg(dev, mei_hdr, mei_hdr->length);
 444                        ret = 0;
 445                        goto reset_slots;
 446                }
 447                dev_err(dev->dev, "no destination client found 0x%08X\n",
 448                                dev->rd_msg_hdr[0]);
 449                ret = -EBADMSG;
 450                goto end;
 451        }
 452
 453        ret = mei_cl_irq_read_msg(cl, mei_hdr, meta_hdr, cmpl_list);
 454
 455
 456reset_slots:
 457        /* reset the number of slots and header */
 458        memset(dev->rd_msg_hdr, 0, sizeof(dev->rd_msg_hdr));
 459        dev->rd_msg_hdr_count = 0;
 460        *slots = mei_count_full_read_slots(dev);
 461        if (*slots == -EOVERFLOW) {
 462                /* overflow - reset */
 463                dev_err(dev->dev, "resetting due to slots overflow.\n");
 464                /* set the event since message has been read */
 465                ret = -ERANGE;
 466                goto end;
 467        }
 468end:
 469        return ret;
 470}
 471EXPORT_SYMBOL_GPL(mei_irq_read_handler);
 472
 473
 474/**
 475 * mei_irq_write_handler -  dispatch write requests
 476 *  after irq received
 477 *
 478 * @dev: the device structure
 479 * @cmpl_list: An instance of our list structure
 480 *
 481 * Return: 0 on success, <0 on failure.
 482 */
 483int mei_irq_write_handler(struct mei_device *dev, struct list_head *cmpl_list)
 484{
 485
 486        struct mei_cl *cl;
 487        struct mei_cl_cb *cb, *next;
 488        s32 slots;
 489        int ret;
 490
 491
 492        if (!mei_hbuf_acquire(dev))
 493                return 0;
 494
 495        slots = mei_hbuf_empty_slots(dev);
 496        if (slots < 0)
 497                return -EOVERFLOW;
 498
 499        if (slots == 0)
 500                return -EMSGSIZE;
 501
 502        /* complete all waiting for write CB */
 503        dev_dbg(dev->dev, "complete all waiting for write cb.\n");
 504
 505        list_for_each_entry_safe(cb, next, &dev->write_waiting_list, list) {
 506                cl = cb->cl;
 507
 508                cl->status = 0;
 509                cl_dbg(dev, cl, "MEI WRITE COMPLETE\n");
 510                cl->writing_state = MEI_WRITE_COMPLETE;
 511                list_move_tail(&cb->list, cmpl_list);
 512        }
 513
 514        /* complete control write list CB */
 515        dev_dbg(dev->dev, "complete control write list cb.\n");
 516        list_for_each_entry_safe(cb, next, &dev->ctrl_wr_list, list) {
 517                cl = cb->cl;
 518                switch (cb->fop_type) {
 519                case MEI_FOP_DISCONNECT:
 520                        /* send disconnect message */
 521                        ret = mei_cl_irq_disconnect(cl, cb, cmpl_list);
 522                        if (ret)
 523                                return ret;
 524
 525                        break;
 526                case MEI_FOP_READ:
 527                        /* send flow control message */
 528                        ret = mei_cl_irq_read(cl, cb, cmpl_list);
 529                        if (ret)
 530                                return ret;
 531
 532                        break;
 533                case MEI_FOP_CONNECT:
 534                        /* connect message */
 535                        ret = mei_cl_irq_connect(cl, cb, cmpl_list);
 536                        if (ret)
 537                                return ret;
 538
 539                        break;
 540                case MEI_FOP_DISCONNECT_RSP:
 541                        /* send disconnect resp */
 542                        ret = mei_cl_irq_disconnect_rsp(cl, cb, cmpl_list);
 543                        if (ret)
 544                                return ret;
 545                        break;
 546
 547                case MEI_FOP_NOTIFY_START:
 548                case MEI_FOP_NOTIFY_STOP:
 549                        ret = mei_cl_irq_notify(cl, cb, cmpl_list);
 550                        if (ret)
 551                                return ret;
 552                        break;
 553                case MEI_FOP_DMA_MAP:
 554                        ret = mei_cl_irq_dma_map(cl, cb, cmpl_list);
 555                        if (ret)
 556                                return ret;
 557                        break;
 558                case MEI_FOP_DMA_UNMAP:
 559                        ret = mei_cl_irq_dma_unmap(cl, cb, cmpl_list);
 560                        if (ret)
 561                                return ret;
 562                        break;
 563                default:
 564                        BUG();
 565                }
 566
 567        }
 568        /* complete  write list CB */
 569        dev_dbg(dev->dev, "complete write list cb.\n");
 570        list_for_each_entry_safe(cb, next, &dev->write_list, list) {
 571                cl = cb->cl;
 572                ret = mei_cl_irq_write(cl, cb, cmpl_list);
 573                if (ret)
 574                        return ret;
 575        }
 576        return 0;
 577}
 578EXPORT_SYMBOL_GPL(mei_irq_write_handler);
 579
 580
 581/**
 582 * mei_connect_timeout  - connect/disconnect timeouts
 583 *
 584 * @cl: host client
 585 */
 586static void mei_connect_timeout(struct mei_cl *cl)
 587{
 588        struct mei_device *dev = cl->dev;
 589
 590        if (cl->state == MEI_FILE_CONNECTING) {
 591                if (dev->hbm_f_dot_supported) {
 592                        cl->state = MEI_FILE_DISCONNECT_REQUIRED;
 593                        wake_up(&cl->wait);
 594                        return;
 595                }
 596        }
 597        mei_reset(dev);
 598}
 599
 600#define MEI_STALL_TIMER_FREQ (2 * HZ)
 601/**
 602 * mei_schedule_stall_timer - re-arm stall_timer work
 603 *
 604 * Schedule stall timer
 605 *
 606 * @dev: the device structure
 607 */
 608void mei_schedule_stall_timer(struct mei_device *dev)
 609{
 610        schedule_delayed_work(&dev->timer_work, MEI_STALL_TIMER_FREQ);
 611}
 612
 613/**
 614 * mei_timer - timer function.
 615 *
 616 * @work: pointer to the work_struct structure
 617 *
 618 */
 619void mei_timer(struct work_struct *work)
 620{
 621        struct mei_cl *cl;
 622        struct mei_device *dev = container_of(work,
 623                                        struct mei_device, timer_work.work);
 624        bool reschedule_timer = false;
 625
 626        mutex_lock(&dev->device_lock);
 627
 628        /* Catch interrupt stalls during HBM init handshake */
 629        if (dev->dev_state == MEI_DEV_INIT_CLIENTS &&
 630            dev->hbm_state != MEI_HBM_IDLE) {
 631
 632                if (dev->init_clients_timer) {
 633                        if (--dev->init_clients_timer == 0) {
 634                                dev_err(dev->dev, "timer: init clients timeout hbm_state = %d.\n",
 635                                        dev->hbm_state);
 636                                mei_reset(dev);
 637                                goto out;
 638                        }
 639                        reschedule_timer = true;
 640                }
 641        }
 642
 643        if (dev->dev_state != MEI_DEV_ENABLED)
 644                goto out;
 645
 646        /*** connect/disconnect timeouts ***/
 647        list_for_each_entry(cl, &dev->file_list, link) {
 648                if (cl->timer_count) {
 649                        if (--cl->timer_count == 0) {
 650                                dev_err(dev->dev, "timer: connect/disconnect timeout.\n");
 651                                mei_connect_timeout(cl);
 652                                goto out;
 653                        }
 654                        reschedule_timer = true;
 655                }
 656        }
 657
 658out:
 659        if (dev->dev_state != MEI_DEV_DISABLED && reschedule_timer)
 660                mei_schedule_stall_timer(dev);
 661
 662        mutex_unlock(&dev->device_lock);
 663}
 664