1 /*
2 * firmware_class.c - Multi purpose firmware loading support
3 *
4 * Copyright (c) 2003 Manuel Estrada Sainz
5 *
6 * Please see Documentation/firmware_class/ for more information.
7 *
8 */
9
10 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11
12 #include <linux/capability.h>
13 #include <linux/device.h>
14 #include <linux/module.h>
15 #include <linux/init.h>
16 #include <linux/timer.h>
17 #include <linux/vmalloc.h>
18 #include <linux/interrupt.h>
19 #include <linux/bitops.h>
20 #include <linux/mutex.h>
21 #include <linux/workqueue.h>
22 #include <linux/highmem.h>
23 #include <linux/firmware.h>
24 #include <linux/slab.h>
25 #include <linux/sched.h>
26 #include <linux/file.h>
27 #include <linux/list.h>
28 #include <linux/fs.h>
29 #include <linux/async.h>
30 #include <linux/pm.h>
31 #include <linux/suspend.h>
32 #include <linux/syscore_ops.h>
33 #include <linux/reboot.h>
34 #include <linux/security.h>
35
36 #include <generated/utsrelease.h>
37
38 #include "base.h"
39
40 MODULE_AUTHOR("Manuel Estrada Sainz");
41 MODULE_DESCRIPTION("Multi purpose firmware loading support");
42 MODULE_LICENSE("GPL");
43
44 /* Builtin firmware support */
45
46 #ifdef CONFIG_FW_LOADER
47
48 extern struct builtin_fw __start_builtin_fw[];
49 extern struct builtin_fw __end_builtin_fw[];
50
fw_get_builtin_firmware(struct firmware * fw,const char * name,void * buf,size_t size)51 static bool fw_get_builtin_firmware(struct firmware *fw, const char *name,
52 void *buf, size_t size)
53 {
54 struct builtin_fw *b_fw;
55
56 for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++) {
57 if (strcmp(name, b_fw->name) == 0) {
58 fw->size = b_fw->size;
59 fw->data = b_fw->data;
60
61 if (buf && fw->size <= size)
62 memcpy(buf, fw->data, fw->size);
63 return true;
64 }
65 }
66
67 return false;
68 }
69
fw_is_builtin_firmware(const struct firmware * fw)70 static bool fw_is_builtin_firmware(const struct firmware *fw)
71 {
72 struct builtin_fw *b_fw;
73
74 for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++)
75 if (fw->data == b_fw->data)
76 return true;
77
78 return false;
79 }
80
81 #else /* Module case - no builtin firmware support */
82
fw_get_builtin_firmware(struct firmware * fw,const char * name,void * buf,size_t size)83 static inline bool fw_get_builtin_firmware(struct firmware *fw,
84 const char *name, void *buf,
85 size_t size)
86 {
87 return false;
88 }
89
fw_is_builtin_firmware(const struct firmware * fw)90 static inline bool fw_is_builtin_firmware(const struct firmware *fw)
91 {
92 return false;
93 }
94 #endif
95
96 enum fw_status {
97 FW_STATUS_UNKNOWN,
98 FW_STATUS_LOADING,
99 FW_STATUS_DONE,
100 FW_STATUS_ABORTED,
101 };
102
103 static int loading_timeout = 60; /* In seconds */
104
firmware_loading_timeout(void)105 static inline long firmware_loading_timeout(void)
106 {
107 return loading_timeout > 0 ? loading_timeout * HZ : MAX_JIFFY_OFFSET;
108 }
109
110 /*
111 * Concurrent request_firmware() for the same firmware need to be
112 * serialized. struct fw_state is simple state machine which hold the
113 * state of the firmware loading.
114 */
115 struct fw_state {
116 struct completion completion;
117 enum fw_status status;
118 };
119
fw_state_init(struct fw_state * fw_st)120 static void fw_state_init(struct fw_state *fw_st)
121 {
122 init_completion(&fw_st->completion);
123 fw_st->status = FW_STATUS_UNKNOWN;
124 }
125
__fw_state_is_done(enum fw_status status)126 static inline bool __fw_state_is_done(enum fw_status status)
127 {
128 return status == FW_STATUS_DONE || status == FW_STATUS_ABORTED;
129 }
130
__fw_state_wait_common(struct fw_state * fw_st,long timeout)131 static int __fw_state_wait_common(struct fw_state *fw_st, long timeout)
132 {
133 long ret;
134
135 ret = wait_for_completion_killable_timeout(&fw_st->completion, timeout);
136 if (ret != 0 && fw_st->status == FW_STATUS_ABORTED)
137 return -ENOENT;
138 if (!ret)
139 return -ETIMEDOUT;
140
141 return ret < 0 ? ret : 0;
142 }
143
__fw_state_set(struct fw_state * fw_st,enum fw_status status)144 static void __fw_state_set(struct fw_state *fw_st,
145 enum fw_status status)
146 {
147 WRITE_ONCE(fw_st->status, status);
148
149 if (status == FW_STATUS_DONE || status == FW_STATUS_ABORTED)
150 complete_all(&fw_st->completion);
151 }
152
153 #define fw_state_start(fw_st) \
154 __fw_state_set(fw_st, FW_STATUS_LOADING)
155 #define fw_state_done(fw_st) \
156 __fw_state_set(fw_st, FW_STATUS_DONE)
157 #define fw_state_aborted(fw_st) \
158 __fw_state_set(fw_st, FW_STATUS_ABORTED)
159 #define fw_state_wait(fw_st) \
160 __fw_state_wait_common(fw_st, MAX_SCHEDULE_TIMEOUT)
161
__fw_state_check(struct fw_state * fw_st,enum fw_status status)162 static int __fw_state_check(struct fw_state *fw_st, enum fw_status status)
163 {
164 return fw_st->status == status;
165 }
166
167 #define fw_state_is_aborted(fw_st) \
168 __fw_state_check(fw_st, FW_STATUS_ABORTED)
169
170 #ifdef CONFIG_FW_LOADER_USER_HELPER
171
172 #define fw_state_aborted(fw_st) \
173 __fw_state_set(fw_st, FW_STATUS_ABORTED)
174 #define fw_state_is_done(fw_st) \
175 __fw_state_check(fw_st, FW_STATUS_DONE)
176 #define fw_state_is_loading(fw_st) \
177 __fw_state_check(fw_st, FW_STATUS_LOADING)
178 #define fw_state_wait_timeout(fw_st, timeout) \
179 __fw_state_wait_common(fw_st, timeout)
180
181 #endif /* CONFIG_FW_LOADER_USER_HELPER */
182
183 /* firmware behavior options */
184 #define FW_OPT_UEVENT (1U << 0)
185 #define FW_OPT_NOWAIT (1U << 1)
186 #ifdef CONFIG_FW_LOADER_USER_HELPER
187 #define FW_OPT_USERHELPER (1U << 2)
188 #else
189 #define FW_OPT_USERHELPER 0
190 #endif
191 #ifdef CONFIG_FW_LOADER_USER_HELPER_FALLBACK
192 #define FW_OPT_FALLBACK FW_OPT_USERHELPER
193 #else
194 #define FW_OPT_FALLBACK 0
195 #endif
196 #define FW_OPT_NO_WARN (1U << 3)
197 #define FW_OPT_NOCACHE (1U << 4)
198
199 struct firmware_cache {
200 /* firmware_buf instance will be added into the below list */
201 spinlock_t lock;
202 struct list_head head;
203 int state;
204
205 #ifdef CONFIG_PM_SLEEP
206 /*
207 * Names of firmware images which have been cached successfully
208 * will be added into the below list so that device uncache
209 * helper can trace which firmware images have been cached
210 * before.
211 */
212 spinlock_t name_lock;
213 struct list_head fw_names;
214
215 struct delayed_work work;
216
217 struct notifier_block pm_notify;
218 #endif
219 };
220
221 struct firmware_buf {
222 struct kref ref;
223 struct list_head list;
224 struct firmware_cache *fwc;
225 struct fw_state fw_st;
226 void *data;
227 size_t size;
228 size_t allocated_size;
229 #ifdef CONFIG_FW_LOADER_USER_HELPER
230 bool is_paged_buf;
231 bool need_uevent;
232 struct page **pages;
233 int nr_pages;
234 int page_array_size;
235 struct list_head pending_list;
236 #endif
237 const char *fw_id;
238 };
239
240 struct fw_cache_entry {
241 struct list_head list;
242 const char *name;
243 };
244
245 struct fw_name_devm {
246 unsigned long magic;
247 const char *name;
248 };
249
250 #define to_fwbuf(d) container_of(d, struct firmware_buf, ref)
251
252 #define FW_LOADER_NO_CACHE 0
253 #define FW_LOADER_START_CACHE 1
254
255 static int fw_cache_piggyback_on_request(const char *name);
256
257 /* fw_lock could be moved to 'struct firmware_priv' but since it is just
258 * guarding for corner cases a global lock should be OK */
259 static DEFINE_MUTEX(fw_lock);
260
261 static struct firmware_cache fw_cache;
262
__allocate_fw_buf(const char * fw_name,struct firmware_cache * fwc,void * dbuf,size_t size)263 static struct firmware_buf *__allocate_fw_buf(const char *fw_name,
264 struct firmware_cache *fwc,
265 void *dbuf, size_t size)
266 {
267 struct firmware_buf *buf;
268
269 buf = kzalloc(sizeof(*buf), GFP_ATOMIC);
270 if (!buf)
271 return NULL;
272
273 buf->fw_id = kstrdup_const(fw_name, GFP_ATOMIC);
274 if (!buf->fw_id) {
275 kfree(buf);
276 return NULL;
277 }
278
279 kref_init(&buf->ref);
280 buf->fwc = fwc;
281 buf->data = dbuf;
282 buf->allocated_size = size;
283 fw_state_init(&buf->fw_st);
284 #ifdef CONFIG_FW_LOADER_USER_HELPER
285 INIT_LIST_HEAD(&buf->pending_list);
286 #endif
287
288 pr_debug("%s: fw-%s buf=%p\n", __func__, fw_name, buf);
289
290 return buf;
291 }
292
__fw_lookup_buf(const char * fw_name)293 static struct firmware_buf *__fw_lookup_buf(const char *fw_name)
294 {
295 struct firmware_buf *tmp;
296 struct firmware_cache *fwc = &fw_cache;
297
298 list_for_each_entry(tmp, &fwc->head, list)
299 if (!strcmp(tmp->fw_id, fw_name))
300 return tmp;
301 return NULL;
302 }
303
304 /* Returns 1 for batching firmware requests with the same name */
fw_lookup_and_allocate_buf(const char * fw_name,struct firmware_cache * fwc,struct firmware_buf ** buf,void * dbuf,size_t size)305 static int fw_lookup_and_allocate_buf(const char *fw_name,
306 struct firmware_cache *fwc,
307 struct firmware_buf **buf, void *dbuf,
308 size_t size)
309 {
310 struct firmware_buf *tmp;
311
312 spin_lock(&fwc->lock);
313 tmp = __fw_lookup_buf(fw_name);
314 if (tmp) {
315 kref_get(&tmp->ref);
316 spin_unlock(&fwc->lock);
317 *buf = tmp;
318 pr_debug("batched request - sharing the same struct firmware_buf and lookup for multiple requests\n");
319 return 1;
320 }
321 tmp = __allocate_fw_buf(fw_name, fwc, dbuf, size);
322 if (tmp)
323 list_add(&tmp->list, &fwc->head);
324 spin_unlock(&fwc->lock);
325
326 *buf = tmp;
327
328 return tmp ? 0 : -ENOMEM;
329 }
330
__fw_free_buf(struct kref * ref)331 static void __fw_free_buf(struct kref *ref)
332 __releases(&fwc->lock)
333 {
334 struct firmware_buf *buf = to_fwbuf(ref);
335 struct firmware_cache *fwc = buf->fwc;
336
337 pr_debug("%s: fw-%s buf=%p data=%p size=%u\n",
338 __func__, buf->fw_id, buf, buf->data,
339 (unsigned int)buf->size);
340
341 list_del(&buf->list);
342 spin_unlock(&fwc->lock);
343
344 #ifdef CONFIG_FW_LOADER_USER_HELPER
345 if (buf->is_paged_buf) {
346 int i;
347 vunmap(buf->data);
348 for (i = 0; i < buf->nr_pages; i++)
349 __free_page(buf->pages[i]);
350 vfree(buf->pages);
351 } else
352 #endif
353 if (!buf->allocated_size)
354 vfree(buf->data);
355 kfree_const(buf->fw_id);
356 kfree(buf);
357 }
358
fw_free_buf(struct firmware_buf * buf)359 static void fw_free_buf(struct firmware_buf *buf)
360 {
361 struct firmware_cache *fwc = buf->fwc;
362 spin_lock(&fwc->lock);
363 if (!kref_put(&buf->ref, __fw_free_buf))
364 spin_unlock(&fwc->lock);
365 }
366
367 /* direct firmware loading support */
368 static char fw_path_para[256];
369 static const char * const fw_path[] = {
370 fw_path_para,
371 "/lib/firmware/updates/" UTS_RELEASE,
372 "/lib/firmware/updates",
373 "/lib/firmware/" UTS_RELEASE,
374 "/lib/firmware"
375 };
376
377 /*
378 * Typical usage is that passing 'firmware_class.path=$CUSTOMIZED_PATH'
379 * from kernel command line because firmware_class is generally built in
380 * kernel instead of module.
381 */
382 module_param_string(path, fw_path_para, sizeof(fw_path_para), 0644);
383 MODULE_PARM_DESC(path, "customized firmware image search path with a higher priority than default path");
384
385 static int
fw_get_filesystem_firmware(struct device * device,struct firmware_buf * buf)386 fw_get_filesystem_firmware(struct device *device, struct firmware_buf *buf)
387 {
388 loff_t size;
389 int i, len;
390 int rc = -ENOENT;
391 char *path;
392 enum kernel_read_file_id id = READING_FIRMWARE;
393 size_t msize = INT_MAX;
394
395 /* Already populated data member means we're loading into a buffer */
396 if (buf->data) {
397 id = READING_FIRMWARE_PREALLOC_BUFFER;
398 msize = buf->allocated_size;
399 }
400
401 path = __getname();
402 if (!path)
403 return -ENOMEM;
404
405 for (i = 0; i < ARRAY_SIZE(fw_path); i++) {
406 /* skip the unset customized path */
407 if (!fw_path[i][0])
408 continue;
409
410 len = snprintf(path, PATH_MAX, "%s/%s",
411 fw_path[i], buf->fw_id);
412 if (len >= PATH_MAX) {
413 rc = -ENAMETOOLONG;
414 break;
415 }
416
417 buf->size = 0;
418 rc = kernel_read_file_from_path(path, &buf->data, &size, msize,
419 id);
420 if (rc) {
421 if (rc == -ENOENT)
422 dev_dbg(device, "loading %s failed with error %d\n",
423 path, rc);
424 else
425 dev_warn(device, "loading %s failed with error %d\n",
426 path, rc);
427 continue;
428 }
429 dev_dbg(device, "direct-loading %s\n", buf->fw_id);
430 buf->size = size;
431 fw_state_done(&buf->fw_st);
432 break;
433 }
434 __putname(path);
435
436 return rc;
437 }
438
439 /* firmware holds the ownership of pages */
firmware_free_data(const struct firmware * fw)440 static void firmware_free_data(const struct firmware *fw)
441 {
442 /* Loaded directly? */
443 if (!fw->priv) {
444 vfree(fw->data);
445 return;
446 }
447 fw_free_buf(fw->priv);
448 }
449
450 /* store the pages buffer info firmware from buf */
fw_set_page_data(struct firmware_buf * buf,struct firmware * fw)451 static void fw_set_page_data(struct firmware_buf *buf, struct firmware *fw)
452 {
453 fw->priv = buf;
454 #ifdef CONFIG_FW_LOADER_USER_HELPER
455 fw->pages = buf->pages;
456 #endif
457 fw->size = buf->size;
458 fw->data = buf->data;
459
460 pr_debug("%s: fw-%s buf=%p data=%p size=%u\n",
461 __func__, buf->fw_id, buf, buf->data,
462 (unsigned int)buf->size);
463 }
464
465 #ifdef CONFIG_PM_SLEEP
fw_name_devm_release(struct device * dev,void * res)466 static void fw_name_devm_release(struct device *dev, void *res)
467 {
468 struct fw_name_devm *fwn = res;
469
470 if (fwn->magic == (unsigned long)&fw_cache)
471 pr_debug("%s: fw_name-%s devm-%p released\n",
472 __func__, fwn->name, res);
473 kfree_const(fwn->name);
474 }
475
fw_devm_match(struct device * dev,void * res,void * match_data)476 static int fw_devm_match(struct device *dev, void *res,
477 void *match_data)
478 {
479 struct fw_name_devm *fwn = res;
480
481 return (fwn->magic == (unsigned long)&fw_cache) &&
482 !strcmp(fwn->name, match_data);
483 }
484
fw_find_devm_name(struct device * dev,const char * name)485 static struct fw_name_devm *fw_find_devm_name(struct device *dev,
486 const char *name)
487 {
488 struct fw_name_devm *fwn;
489
490 fwn = devres_find(dev, fw_name_devm_release,
491 fw_devm_match, (void *)name);
492 return fwn;
493 }
494
495 /* add firmware name into devres list */
fw_add_devm_name(struct device * dev,const char * name)496 static int fw_add_devm_name(struct device *dev, const char *name)
497 {
498 struct fw_name_devm *fwn;
499
500 fwn = fw_find_devm_name(dev, name);
501 if (fwn)
502 return 1;
503
504 fwn = devres_alloc(fw_name_devm_release, sizeof(struct fw_name_devm),
505 GFP_KERNEL);
506 if (!fwn)
507 return -ENOMEM;
508 fwn->name = kstrdup_const(name, GFP_KERNEL);
509 if (!fwn->name) {
510 devres_free(fwn);
511 return -ENOMEM;
512 }
513
514 fwn->magic = (unsigned long)&fw_cache;
515 devres_add(dev, fwn);
516
517 return 0;
518 }
519 #else
fw_add_devm_name(struct device * dev,const char * name)520 static int fw_add_devm_name(struct device *dev, const char *name)
521 {
522 return 0;
523 }
524 #endif
525
assign_firmware_buf(struct firmware * fw,struct device * device,unsigned int opt_flags)526 static int assign_firmware_buf(struct firmware *fw, struct device *device,
527 unsigned int opt_flags)
528 {
529 struct firmware_buf *buf = fw->priv;
530
531 mutex_lock(&fw_lock);
532 if (!buf->size || fw_state_is_aborted(&buf->fw_st)) {
533 mutex_unlock(&fw_lock);
534 return -ENOENT;
535 }
536
537 /*
538 * add firmware name into devres list so that we can auto cache
539 * and uncache firmware for device.
540 *
541 * device may has been deleted already, but the problem
542 * should be fixed in devres or driver core.
543 */
544 /* don't cache firmware handled without uevent */
545 if (device && (opt_flags & FW_OPT_UEVENT) &&
546 !(opt_flags & FW_OPT_NOCACHE))
547 fw_add_devm_name(device, buf->fw_id);
548
549 /*
550 * After caching firmware image is started, let it piggyback
551 * on request firmware.
552 */
553 if (!(opt_flags & FW_OPT_NOCACHE) &&
554 buf->fwc->state == FW_LOADER_START_CACHE) {
555 if (fw_cache_piggyback_on_request(buf->fw_id))
556 kref_get(&buf->ref);
557 }
558
559 /* pass the pages buffer to driver at the last minute */
560 fw_set_page_data(buf, fw);
561 mutex_unlock(&fw_lock);
562 return 0;
563 }
564
565 /*
566 * user-mode helper code
567 */
568 #ifdef CONFIG_FW_LOADER_USER_HELPER
569 struct firmware_priv {
570 bool nowait;
571 struct device dev;
572 struct firmware_buf *buf;
573 struct firmware *fw;
574 };
575
to_firmware_priv(struct device * dev)576 static struct firmware_priv *to_firmware_priv(struct device *dev)
577 {
578 return container_of(dev, struct firmware_priv, dev);
579 }
580
__fw_load_abort(struct firmware_buf * buf)581 static void __fw_load_abort(struct firmware_buf *buf)
582 {
583 /*
584 * There is a small window in which user can write to 'loading'
585 * between loading done and disappearance of 'loading'
586 */
587 if (fw_state_is_done(&buf->fw_st))
588 return;
589
590 list_del_init(&buf->pending_list);
591 fw_state_aborted(&buf->fw_st);
592 }
593
fw_load_abort(struct firmware_priv * fw_priv)594 static void fw_load_abort(struct firmware_priv *fw_priv)
595 {
596 struct firmware_buf *buf = fw_priv->buf;
597
598 __fw_load_abort(buf);
599 }
600
601 static LIST_HEAD(pending_fw_head);
602
kill_pending_fw_fallback_reqs(bool only_kill_custom)603 static void kill_pending_fw_fallback_reqs(bool only_kill_custom)
604 {
605 struct firmware_buf *buf;
606 struct firmware_buf *next;
607
608 mutex_lock(&fw_lock);
609 list_for_each_entry_safe(buf, next, &pending_fw_head, pending_list) {
610 if (!buf->need_uevent || !only_kill_custom)
611 __fw_load_abort(buf);
612 }
613 mutex_unlock(&fw_lock);
614 }
615
timeout_show(struct class * class,struct class_attribute * attr,char * buf)616 static ssize_t timeout_show(struct class *class, struct class_attribute *attr,
617 char *buf)
618 {
619 return sprintf(buf, "%d\n", loading_timeout);
620 }
621
622 /**
623 * firmware_timeout_store - set number of seconds to wait for firmware
624 * @class: device class pointer
625 * @attr: device attribute pointer
626 * @buf: buffer to scan for timeout value
627 * @count: number of bytes in @buf
628 *
629 * Sets the number of seconds to wait for the firmware. Once
630 * this expires an error will be returned to the driver and no
631 * firmware will be provided.
632 *
633 * Note: zero means 'wait forever'.
634 **/
timeout_store(struct class * class,struct class_attribute * attr,const char * buf,size_t count)635 static ssize_t timeout_store(struct class *class, struct class_attribute *attr,
636 const char *buf, size_t count)
637 {
638 loading_timeout = simple_strtol(buf, NULL, 10);
639 if (loading_timeout < 0)
640 loading_timeout = 0;
641
642 return count;
643 }
644 static CLASS_ATTR_RW(timeout);
645
646 static struct attribute *firmware_class_attrs[] = {
647 &class_attr_timeout.attr,
648 NULL,
649 };
650 ATTRIBUTE_GROUPS(firmware_class);
651
fw_dev_release(struct device * dev)652 static void fw_dev_release(struct device *dev)
653 {
654 struct firmware_priv *fw_priv = to_firmware_priv(dev);
655
656 kfree(fw_priv);
657 }
658
do_firmware_uevent(struct firmware_priv * fw_priv,struct kobj_uevent_env * env)659 static int do_firmware_uevent(struct firmware_priv *fw_priv, struct kobj_uevent_env *env)
660 {
661 if (add_uevent_var(env, "FIRMWARE=%s", fw_priv->buf->fw_id))
662 return -ENOMEM;
663 if (add_uevent_var(env, "TIMEOUT=%i", loading_timeout))
664 return -ENOMEM;
665 if (add_uevent_var(env, "ASYNC=%d", fw_priv->nowait))
666 return -ENOMEM;
667
668 return 0;
669 }
670
firmware_uevent(struct device * dev,struct kobj_uevent_env * env)671 static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
672 {
673 struct firmware_priv *fw_priv = to_firmware_priv(dev);
674 int err = 0;
675
676 mutex_lock(&fw_lock);
677 if (fw_priv->buf)
678 err = do_firmware_uevent(fw_priv, env);
679 mutex_unlock(&fw_lock);
680 return err;
681 }
682
683 static struct class firmware_class = {
684 .name = "firmware",
685 .class_groups = firmware_class_groups,
686 .dev_uevent = firmware_uevent,
687 .dev_release = fw_dev_release,
688 };
689
firmware_loading_show(struct device * dev,struct device_attribute * attr,char * buf)690 static ssize_t firmware_loading_show(struct device *dev,
691 struct device_attribute *attr, char *buf)
692 {
693 struct firmware_priv *fw_priv = to_firmware_priv(dev);
694 int loading = 0;
695
696 mutex_lock(&fw_lock);
697 if (fw_priv->buf)
698 loading = fw_state_is_loading(&fw_priv->buf->fw_st);
699 mutex_unlock(&fw_lock);
700
701 return sprintf(buf, "%d\n", loading);
702 }
703
704 /* Some architectures don't have PAGE_KERNEL_RO */
705 #ifndef PAGE_KERNEL_RO
706 #define PAGE_KERNEL_RO PAGE_KERNEL
707 #endif
708
709 /* one pages buffer should be mapped/unmapped only once */
fw_map_pages_buf(struct firmware_buf * buf)710 static int fw_map_pages_buf(struct firmware_buf *buf)
711 {
712 if (!buf->is_paged_buf)
713 return 0;
714
715 vunmap(buf->data);
716 buf->data = vmap(buf->pages, buf->nr_pages, 0, PAGE_KERNEL_RO);
717 if (!buf->data)
718 return -ENOMEM;
719 return 0;
720 }
721
722 /**
723 * firmware_loading_store - set value in the 'loading' control file
724 * @dev: device pointer
725 * @attr: device attribute pointer
726 * @buf: buffer to scan for loading control value
727 * @count: number of bytes in @buf
728 *
729 * The relevant values are:
730 *
731 * 1: Start a load, discarding any previous partial load.
732 * 0: Conclude the load and hand the data to the driver code.
733 * -1: Conclude the load with an error and discard any written data.
734 **/
firmware_loading_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)735 static ssize_t firmware_loading_store(struct device *dev,
736 struct device_attribute *attr,
737 const char *buf, size_t count)
738 {
739 struct firmware_priv *fw_priv = to_firmware_priv(dev);
740 struct firmware_buf *fw_buf;
741 ssize_t written = count;
742 int loading = simple_strtol(buf, NULL, 10);
743 int i;
744
745 mutex_lock(&fw_lock);
746 fw_buf = fw_priv->buf;
747 if (fw_state_is_aborted(&fw_buf->fw_st))
748 goto out;
749
750 switch (loading) {
751 case 1:
752 /* discarding any previous partial load */
753 if (!fw_state_is_done(&fw_buf->fw_st)) {
754 for (i = 0; i < fw_buf->nr_pages; i++)
755 __free_page(fw_buf->pages[i]);
756 vfree(fw_buf->pages);
757 fw_buf->pages = NULL;
758 fw_buf->page_array_size = 0;
759 fw_buf->nr_pages = 0;
760 fw_state_start(&fw_buf->fw_st);
761 }
762 break;
763 case 0:
764 if (fw_state_is_loading(&fw_buf->fw_st)) {
765 int rc;
766
767 /*
768 * Several loading requests may be pending on
769 * one same firmware buf, so let all requests
770 * see the mapped 'buf->data' once the loading
771 * is completed.
772 * */
773 rc = fw_map_pages_buf(fw_buf);
774 if (rc)
775 dev_err(dev, "%s: map pages failed\n",
776 __func__);
777 else
778 rc = security_kernel_post_read_file(NULL,
779 fw_buf->data, fw_buf->size,
780 READING_FIRMWARE);
781
782 /*
783 * Same logic as fw_load_abort, only the DONE bit
784 * is ignored and we set ABORT only on failure.
785 */
786 list_del_init(&fw_buf->pending_list);
787 if (rc) {
788 fw_state_aborted(&fw_buf->fw_st);
789 written = rc;
790 } else {
791 fw_state_done(&fw_buf->fw_st);
792 }
793 break;
794 }
795 /* fallthrough */
796 default:
797 dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
798 /* fallthrough */
799 case -1:
800 fw_load_abort(fw_priv);
801 break;
802 }
803 out:
804 mutex_unlock(&fw_lock);
805 return written;
806 }
807
808 static DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
809
firmware_rw_buf(struct firmware_buf * buf,char * buffer,loff_t offset,size_t count,bool read)810 static void firmware_rw_buf(struct firmware_buf *buf, char *buffer,
811 loff_t offset, size_t count, bool read)
812 {
813 if (read)
814 memcpy(buffer, buf->data + offset, count);
815 else
816 memcpy(buf->data + offset, buffer, count);
817 }
818
firmware_rw(struct firmware_buf * buf,char * buffer,loff_t offset,size_t count,bool read)819 static void firmware_rw(struct firmware_buf *buf, char *buffer,
820 loff_t offset, size_t count, bool read)
821 {
822 while (count) {
823 void *page_data;
824 int page_nr = offset >> PAGE_SHIFT;
825 int page_ofs = offset & (PAGE_SIZE-1);
826 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
827
828 page_data = kmap(buf->pages[page_nr]);
829
830 if (read)
831 memcpy(buffer, page_data + page_ofs, page_cnt);
832 else
833 memcpy(page_data + page_ofs, buffer, page_cnt);
834
835 kunmap(buf->pages[page_nr]);
836 buffer += page_cnt;
837 offset += page_cnt;
838 count -= page_cnt;
839 }
840 }
841
firmware_data_read(struct file * filp,struct kobject * kobj,struct bin_attribute * bin_attr,char * buffer,loff_t offset,size_t count)842 static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
843 struct bin_attribute *bin_attr,
844 char *buffer, loff_t offset, size_t count)
845 {
846 struct device *dev = kobj_to_dev(kobj);
847 struct firmware_priv *fw_priv = to_firmware_priv(dev);
848 struct firmware_buf *buf;
849 ssize_t ret_count;
850
851 mutex_lock(&fw_lock);
852 buf = fw_priv->buf;
853 if (!buf || fw_state_is_done(&buf->fw_st)) {
854 ret_count = -ENODEV;
855 goto out;
856 }
857 if (offset > buf->size) {
858 ret_count = 0;
859 goto out;
860 }
861 if (count > buf->size - offset)
862 count = buf->size - offset;
863
864 ret_count = count;
865
866 if (buf->data)
867 firmware_rw_buf(buf, buffer, offset, count, true);
868 else
869 firmware_rw(buf, buffer, offset, count, true);
870
871 out:
872 mutex_unlock(&fw_lock);
873 return ret_count;
874 }
875
fw_realloc_buffer(struct firmware_priv * fw_priv,int min_size)876 static int fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size)
877 {
878 struct firmware_buf *buf = fw_priv->buf;
879 int pages_needed = PAGE_ALIGN(min_size) >> PAGE_SHIFT;
880
881 /* If the array of pages is too small, grow it... */
882 if (buf->page_array_size < pages_needed) {
883 int new_array_size = max(pages_needed,
884 buf->page_array_size * 2);
885 struct page **new_pages;
886
887 new_pages = vmalloc(new_array_size * sizeof(void *));
888 if (!new_pages) {
889 fw_load_abort(fw_priv);
890 return -ENOMEM;
891 }
892 memcpy(new_pages, buf->pages,
893 buf->page_array_size * sizeof(void *));
894 memset(&new_pages[buf->page_array_size], 0, sizeof(void *) *
895 (new_array_size - buf->page_array_size));
896 vfree(buf->pages);
897 buf->pages = new_pages;
898 buf->page_array_size = new_array_size;
899 }
900
901 while (buf->nr_pages < pages_needed) {
902 buf->pages[buf->nr_pages] =
903 alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
904
905 if (!buf->pages[buf->nr_pages]) {
906 fw_load_abort(fw_priv);
907 return -ENOMEM;
908 }
909 buf->nr_pages++;
910 }
911 return 0;
912 }
913
914 /**
915 * firmware_data_write - write method for firmware
916 * @filp: open sysfs file
917 * @kobj: kobject for the device
918 * @bin_attr: bin_attr structure
919 * @buffer: buffer being written
920 * @offset: buffer offset for write in total data store area
921 * @count: buffer size
922 *
923 * Data written to the 'data' attribute will be later handed to
924 * the driver as a firmware image.
925 **/
firmware_data_write(struct file * filp,struct kobject * kobj,struct bin_attribute * bin_attr,char * buffer,loff_t offset,size_t count)926 static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
927 struct bin_attribute *bin_attr,
928 char *buffer, loff_t offset, size_t count)
929 {
930 struct device *dev = kobj_to_dev(kobj);
931 struct firmware_priv *fw_priv = to_firmware_priv(dev);
932 struct firmware_buf *buf;
933 ssize_t retval;
934
935 if (!capable(CAP_SYS_RAWIO))
936 return -EPERM;
937
938 mutex_lock(&fw_lock);
939 buf = fw_priv->buf;
940 if (!buf || fw_state_is_done(&buf->fw_st)) {
941 retval = -ENODEV;
942 goto out;
943 }
944
945 if (buf->data) {
946 if (offset + count > buf->allocated_size) {
947 retval = -ENOMEM;
948 goto out;
949 }
950 firmware_rw_buf(buf, buffer, offset, count, false);
951 retval = count;
952 } else {
953 retval = fw_realloc_buffer(fw_priv, offset + count);
954 if (retval)
955 goto out;
956
957 retval = count;
958 firmware_rw(buf, buffer, offset, count, false);
959 }
960
961 buf->size = max_t(size_t, offset + count, buf->size);
962 out:
963 mutex_unlock(&fw_lock);
964 return retval;
965 }
966
967 static struct bin_attribute firmware_attr_data = {
968 .attr = { .name = "data", .mode = 0644 },
969 .size = 0,
970 .read = firmware_data_read,
971 .write = firmware_data_write,
972 };
973
974 static struct attribute *fw_dev_attrs[] = {
975 &dev_attr_loading.attr,
976 NULL
977 };
978
979 static struct bin_attribute *fw_dev_bin_attrs[] = {
980 &firmware_attr_data,
981 NULL
982 };
983
984 static const struct attribute_group fw_dev_attr_group = {
985 .attrs = fw_dev_attrs,
986 .bin_attrs = fw_dev_bin_attrs,
987 };
988
989 static const struct attribute_group *fw_dev_attr_groups[] = {
990 &fw_dev_attr_group,
991 NULL
992 };
993
994 static struct firmware_priv *
fw_create_instance(struct firmware * firmware,const char * fw_name,struct device * device,unsigned int opt_flags)995 fw_create_instance(struct firmware *firmware, const char *fw_name,
996 struct device *device, unsigned int opt_flags)
997 {
998 struct firmware_priv *fw_priv;
999 struct device *f_dev;
1000
1001 fw_priv = kzalloc(sizeof(*fw_priv), GFP_KERNEL);
1002 if (!fw_priv) {
1003 fw_priv = ERR_PTR(-ENOMEM);
1004 goto exit;
1005 }
1006
1007 fw_priv->nowait = !!(opt_flags & FW_OPT_NOWAIT);
1008 fw_priv->fw = firmware;
1009 f_dev = &fw_priv->dev;
1010
1011 device_initialize(f_dev);
1012 dev_set_name(f_dev, "%s", fw_name);
1013 f_dev->parent = device;
1014 f_dev->class = &firmware_class;
1015 f_dev->groups = fw_dev_attr_groups;
1016 exit:
1017 return fw_priv;
1018 }
1019
1020 /* load a firmware via user helper */
_request_firmware_load(struct firmware_priv * fw_priv,unsigned int opt_flags,long timeout)1021 static int _request_firmware_load(struct firmware_priv *fw_priv,
1022 unsigned int opt_flags, long timeout)
1023 {
1024 int retval = 0;
1025 struct device *f_dev = &fw_priv->dev;
1026 struct firmware_buf *buf = fw_priv->buf;
1027
1028 /* fall back on userspace loading */
1029 if (!buf->data)
1030 buf->is_paged_buf = true;
1031
1032 dev_set_uevent_suppress(f_dev, true);
1033
1034 retval = device_add(f_dev);
1035 if (retval) {
1036 dev_err(f_dev, "%s: device_register failed\n", __func__);
1037 goto err_put_dev;
1038 }
1039
1040 mutex_lock(&fw_lock);
1041 list_add(&buf->pending_list, &pending_fw_head);
1042 mutex_unlock(&fw_lock);
1043
1044 if (opt_flags & FW_OPT_UEVENT) {
1045 buf->need_uevent = true;
1046 dev_set_uevent_suppress(f_dev, false);
1047 dev_dbg(f_dev, "firmware: requesting %s\n", buf->fw_id);
1048 kobject_uevent(&fw_priv->dev.kobj, KOBJ_ADD);
1049 } else {
1050 timeout = MAX_JIFFY_OFFSET;
1051 }
1052
1053 retval = fw_state_wait_timeout(&buf->fw_st, timeout);
1054 if (retval < 0) {
1055 mutex_lock(&fw_lock);
1056 fw_load_abort(fw_priv);
1057 mutex_unlock(&fw_lock);
1058 }
1059
1060 if (fw_state_is_aborted(&buf->fw_st)) {
1061 if (retval == -ERESTARTSYS)
1062 retval = -EINTR;
1063 else
1064 retval = -EAGAIN;
1065 } else if (buf->is_paged_buf && !buf->data)
1066 retval = -ENOMEM;
1067
1068 device_del(f_dev);
1069 err_put_dev:
1070 put_device(f_dev);
1071 return retval;
1072 }
1073
fw_load_from_user_helper(struct firmware * firmware,const char * name,struct device * device,unsigned int opt_flags)1074 static int fw_load_from_user_helper(struct firmware *firmware,
1075 const char *name, struct device *device,
1076 unsigned int opt_flags)
1077 {
1078 struct firmware_priv *fw_priv;
1079 long timeout;
1080 int ret;
1081
1082 timeout = firmware_loading_timeout();
1083 if (opt_flags & FW_OPT_NOWAIT) {
1084 timeout = usermodehelper_read_lock_wait(timeout);
1085 if (!timeout) {
1086 dev_dbg(device, "firmware: %s loading timed out\n",
1087 name);
1088 return -EBUSY;
1089 }
1090 } else {
1091 ret = usermodehelper_read_trylock();
1092 if (WARN_ON(ret)) {
1093 dev_err(device, "firmware: %s will not be loaded\n",
1094 name);
1095 return ret;
1096 }
1097 }
1098
1099 fw_priv = fw_create_instance(firmware, name, device, opt_flags);
1100 if (IS_ERR(fw_priv)) {
1101 ret = PTR_ERR(fw_priv);
1102 goto out_unlock;
1103 }
1104
1105 fw_priv->buf = firmware->priv;
1106 ret = _request_firmware_load(fw_priv, opt_flags, timeout);
1107
1108 if (!ret)
1109 ret = assign_firmware_buf(firmware, device, opt_flags);
1110
1111 out_unlock:
1112 usermodehelper_read_unlock();
1113
1114 return ret;
1115 }
1116
1117 #else /* CONFIG_FW_LOADER_USER_HELPER */
1118 static inline int
fw_load_from_user_helper(struct firmware * firmware,const char * name,struct device * device,unsigned int opt_flags)1119 fw_load_from_user_helper(struct firmware *firmware, const char *name,
1120 struct device *device, unsigned int opt_flags)
1121 {
1122 return -ENOENT;
1123 }
1124
kill_pending_fw_fallback_reqs(bool only_kill_custom)1125 static inline void kill_pending_fw_fallback_reqs(bool only_kill_custom) { }
1126
1127 #endif /* CONFIG_FW_LOADER_USER_HELPER */
1128
1129 /* prepare firmware and firmware_buf structs;
1130 * return 0 if a firmware is already assigned, 1 if need to load one,
1131 * or a negative error code
1132 */
1133 static int
_request_firmware_prepare(struct firmware ** firmware_p,const char * name,struct device * device,void * dbuf,size_t size)1134 _request_firmware_prepare(struct firmware **firmware_p, const char *name,
1135 struct device *device, void *dbuf, size_t size)
1136 {
1137 struct firmware *firmware;
1138 struct firmware_buf *buf;
1139 int ret;
1140
1141 *firmware_p = firmware = kzalloc(sizeof(*firmware), GFP_KERNEL);
1142 if (!firmware) {
1143 dev_err(device, "%s: kmalloc(struct firmware) failed\n",
1144 __func__);
1145 return -ENOMEM;
1146 }
1147
1148 if (fw_get_builtin_firmware(firmware, name, dbuf, size)) {
1149 dev_dbg(device, "using built-in %s\n", name);
1150 return 0; /* assigned */
1151 }
1152
1153 ret = fw_lookup_and_allocate_buf(name, &fw_cache, &buf, dbuf, size);
1154
1155 /*
1156 * bind with 'buf' now to avoid warning in failure path
1157 * of requesting firmware.
1158 */
1159 firmware->priv = buf;
1160
1161 if (ret > 0) {
1162 ret = fw_state_wait(&buf->fw_st);
1163 if (!ret) {
1164 fw_set_page_data(buf, firmware);
1165 return 0; /* assigned */
1166 }
1167 }
1168
1169 if (ret < 0)
1170 return ret;
1171 return 1; /* need to load */
1172 }
1173
1174 /*
1175 * Batched requests need only one wake, we need to do this step last due to the
1176 * fallback mechanism. The buf is protected with kref_get(), and it won't be
1177 * released until the last user calls release_firmware().
1178 *
1179 * Failed batched requests are possible as well, in such cases we just share
1180 * the struct firmware_buf and won't release it until all requests are woken
1181 * and have gone through this same path.
1182 */
fw_abort_batch_reqs(struct firmware * fw)1183 static void fw_abort_batch_reqs(struct firmware *fw)
1184 {
1185 struct firmware_buf *buf;
1186
1187 /* Loaded directly? */
1188 if (!fw || !fw->priv)
1189 return;
1190
1191 buf = fw->priv;
1192 if (!fw_state_is_aborted(&buf->fw_st))
1193 fw_state_aborted(&buf->fw_st);
1194 }
1195
1196 /* called from request_firmware() and request_firmware_work_func() */
1197 static int
_request_firmware(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size,unsigned int opt_flags)1198 _request_firmware(const struct firmware **firmware_p, const char *name,
1199 struct device *device, void *buf, size_t size,
1200 unsigned int opt_flags)
1201 {
1202 struct firmware *fw = NULL;
1203 int ret;
1204
1205 if (!firmware_p)
1206 return -EINVAL;
1207
1208 if (!name || name[0] == '\0') {
1209 ret = -EINVAL;
1210 goto out;
1211 }
1212
1213 ret = _request_firmware_prepare(&fw, name, device, buf, size);
1214 if (ret <= 0) /* error or already assigned */
1215 goto out;
1216
1217 ret = fw_get_filesystem_firmware(device, fw->priv);
1218 if (ret) {
1219 if (!(opt_flags & FW_OPT_NO_WARN))
1220 dev_warn(device,
1221 "Direct firmware load for %s failed with error %d\n",
1222 name, ret);
1223 if (opt_flags & FW_OPT_USERHELPER) {
1224 dev_warn(device, "Falling back to user helper\n");
1225 ret = fw_load_from_user_helper(fw, name, device,
1226 opt_flags);
1227 }
1228 } else
1229 ret = assign_firmware_buf(fw, device, opt_flags);
1230
1231 out:
1232 if (ret < 0) {
1233 fw_abort_batch_reqs(fw);
1234 release_firmware(fw);
1235 fw = NULL;
1236 }
1237
1238 *firmware_p = fw;
1239 return ret;
1240 }
1241
1242 /**
1243 * request_firmware: - send firmware request and wait for it
1244 * @firmware_p: pointer to firmware image
1245 * @name: name of firmware file
1246 * @device: device for which firmware is being loaded
1247 *
1248 * @firmware_p will be used to return a firmware image by the name
1249 * of @name for device @device.
1250 *
1251 * Should be called from user context where sleeping is allowed.
1252 *
1253 * @name will be used as $FIRMWARE in the uevent environment and
1254 * should be distinctive enough not to be confused with any other
1255 * firmware image for this or any other device.
1256 *
1257 * Caller must hold the reference count of @device.
1258 *
1259 * The function can be called safely inside device's suspend and
1260 * resume callback.
1261 **/
1262 int
request_firmware(const struct firmware ** firmware_p,const char * name,struct device * device)1263 request_firmware(const struct firmware **firmware_p, const char *name,
1264 struct device *device)
1265 {
1266 int ret;
1267
1268 /* Need to pin this module until return */
1269 __module_get(THIS_MODULE);
1270 ret = _request_firmware(firmware_p, name, device, NULL, 0,
1271 FW_OPT_UEVENT | FW_OPT_FALLBACK);
1272 module_put(THIS_MODULE);
1273 return ret;
1274 }
1275 EXPORT_SYMBOL(request_firmware);
1276
1277 /**
1278 * request_firmware_direct: - load firmware directly without usermode helper
1279 * @firmware_p: pointer to firmware image
1280 * @name: name of firmware file
1281 * @device: device for which firmware is being loaded
1282 *
1283 * This function works pretty much like request_firmware(), but this doesn't
1284 * fall back to usermode helper even if the firmware couldn't be loaded
1285 * directly from fs. Hence it's useful for loading optional firmwares, which
1286 * aren't always present, without extra long timeouts of udev.
1287 **/
request_firmware_direct(const struct firmware ** firmware_p,const char * name,struct device * device)1288 int request_firmware_direct(const struct firmware **firmware_p,
1289 const char *name, struct device *device)
1290 {
1291 int ret;
1292
1293 __module_get(THIS_MODULE);
1294 ret = _request_firmware(firmware_p, name, device, NULL, 0,
1295 FW_OPT_UEVENT | FW_OPT_NO_WARN);
1296 module_put(THIS_MODULE);
1297 return ret;
1298 }
1299 EXPORT_SYMBOL_GPL(request_firmware_direct);
1300
1301 /**
1302 * request_firmware_into_buf - load firmware into a previously allocated buffer
1303 * @firmware_p: pointer to firmware image
1304 * @name: name of firmware file
1305 * @device: device for which firmware is being loaded and DMA region allocated
1306 * @buf: address of buffer to load firmware into
1307 * @size: size of buffer
1308 *
1309 * This function works pretty much like request_firmware(), but it doesn't
1310 * allocate a buffer to hold the firmware data. Instead, the firmware
1311 * is loaded directly into the buffer pointed to by @buf and the @firmware_p
1312 * data member is pointed at @buf.
1313 *
1314 * This function doesn't cache firmware either.
1315 */
1316 int
request_firmware_into_buf(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size)1317 request_firmware_into_buf(const struct firmware **firmware_p, const char *name,
1318 struct device *device, void *buf, size_t size)
1319 {
1320 int ret;
1321
1322 __module_get(THIS_MODULE);
1323 ret = _request_firmware(firmware_p, name, device, buf, size,
1324 FW_OPT_UEVENT | FW_OPT_FALLBACK |
1325 FW_OPT_NOCACHE);
1326 module_put(THIS_MODULE);
1327 return ret;
1328 }
1329 EXPORT_SYMBOL(request_firmware_into_buf);
1330
1331 /**
1332 * release_firmware: - release the resource associated with a firmware image
1333 * @fw: firmware resource to release
1334 **/
release_firmware(const struct firmware * fw)1335 void release_firmware(const struct firmware *fw)
1336 {
1337 if (fw) {
1338 if (!fw_is_builtin_firmware(fw))
1339 firmware_free_data(fw);
1340 kfree(fw);
1341 }
1342 }
1343 EXPORT_SYMBOL(release_firmware);
1344
1345 /* Async support */
1346 struct firmware_work {
1347 struct work_struct work;
1348 struct module *module;
1349 const char *name;
1350 struct device *device;
1351 void *context;
1352 void (*cont)(const struct firmware *fw, void *context);
1353 unsigned int opt_flags;
1354 };
1355
request_firmware_work_func(struct work_struct * work)1356 static void request_firmware_work_func(struct work_struct *work)
1357 {
1358 struct firmware_work *fw_work;
1359 const struct firmware *fw;
1360
1361 fw_work = container_of(work, struct firmware_work, work);
1362
1363 _request_firmware(&fw, fw_work->name, fw_work->device, NULL, 0,
1364 fw_work->opt_flags);
1365 fw_work->cont(fw, fw_work->context);
1366 put_device(fw_work->device); /* taken in request_firmware_nowait() */
1367
1368 module_put(fw_work->module);
1369 kfree_const(fw_work->name);
1370 kfree(fw_work);
1371 }
1372
1373 /**
1374 * request_firmware_nowait - asynchronous version of request_firmware
1375 * @module: module requesting the firmware
1376 * @uevent: sends uevent to copy the firmware image if this flag
1377 * is non-zero else the firmware copy must be done manually.
1378 * @name: name of firmware file
1379 * @device: device for which firmware is being loaded
1380 * @gfp: allocation flags
1381 * @context: will be passed over to @cont, and
1382 * @fw may be %NULL if firmware request fails.
1383 * @cont: function will be called asynchronously when the firmware
1384 * request is over.
1385 *
1386 * Caller must hold the reference count of @device.
1387 *
1388 * Asynchronous variant of request_firmware() for user contexts:
1389 * - sleep for as small periods as possible since it may
1390 * increase kernel boot time of built-in device drivers
1391 * requesting firmware in their ->probe() methods, if
1392 * @gfp is GFP_KERNEL.
1393 *
1394 * - can't sleep at all if @gfp is GFP_ATOMIC.
1395 **/
1396 int
request_firmware_nowait(struct module * module,bool uevent,const char * name,struct device * device,gfp_t gfp,void * context,void (* cont)(const struct firmware * fw,void * context))1397 request_firmware_nowait(
1398 struct module *module, bool uevent,
1399 const char *name, struct device *device, gfp_t gfp, void *context,
1400 void (*cont)(const struct firmware *fw, void *context))
1401 {
1402 struct firmware_work *fw_work;
1403
1404 fw_work = kzalloc(sizeof(struct firmware_work), gfp);
1405 if (!fw_work)
1406 return -ENOMEM;
1407
1408 fw_work->module = module;
1409 fw_work->name = kstrdup_const(name, gfp);
1410 if (!fw_work->name) {
1411 kfree(fw_work);
1412 return -ENOMEM;
1413 }
1414 fw_work->device = device;
1415 fw_work->context = context;
1416 fw_work->cont = cont;
1417 fw_work->opt_flags = FW_OPT_NOWAIT | FW_OPT_FALLBACK |
1418 (uevent ? FW_OPT_UEVENT : FW_OPT_USERHELPER);
1419
1420 if (!try_module_get(module)) {
1421 kfree_const(fw_work->name);
1422 kfree(fw_work);
1423 return -EFAULT;
1424 }
1425
1426 get_device(fw_work->device);
1427 INIT_WORK(&fw_work->work, request_firmware_work_func);
1428 schedule_work(&fw_work->work);
1429 return 0;
1430 }
1431 EXPORT_SYMBOL(request_firmware_nowait);
1432
1433 #ifdef CONFIG_PM_SLEEP
1434 static ASYNC_DOMAIN_EXCLUSIVE(fw_cache_domain);
1435
1436 /**
1437 * cache_firmware - cache one firmware image in kernel memory space
1438 * @fw_name: the firmware image name
1439 *
1440 * Cache firmware in kernel memory so that drivers can use it when
1441 * system isn't ready for them to request firmware image from userspace.
1442 * Once it returns successfully, driver can use request_firmware or its
1443 * nowait version to get the cached firmware without any interacting
1444 * with userspace
1445 *
1446 * Return 0 if the firmware image has been cached successfully
1447 * Return !0 otherwise
1448 *
1449 */
cache_firmware(const char * fw_name)1450 static int cache_firmware(const char *fw_name)
1451 {
1452 int ret;
1453 const struct firmware *fw;
1454
1455 pr_debug("%s: %s\n", __func__, fw_name);
1456
1457 ret = request_firmware(&fw, fw_name, NULL);
1458 if (!ret)
1459 kfree(fw);
1460
1461 pr_debug("%s: %s ret=%d\n", __func__, fw_name, ret);
1462
1463 return ret;
1464 }
1465
fw_lookup_buf(const char * fw_name)1466 static struct firmware_buf *fw_lookup_buf(const char *fw_name)
1467 {
1468 struct firmware_buf *tmp;
1469 struct firmware_cache *fwc = &fw_cache;
1470
1471 spin_lock(&fwc->lock);
1472 tmp = __fw_lookup_buf(fw_name);
1473 spin_unlock(&fwc->lock);
1474
1475 return tmp;
1476 }
1477
1478 /**
1479 * uncache_firmware - remove one cached firmware image
1480 * @fw_name: the firmware image name
1481 *
1482 * Uncache one firmware image which has been cached successfully
1483 * before.
1484 *
1485 * Return 0 if the firmware cache has been removed successfully
1486 * Return !0 otherwise
1487 *
1488 */
uncache_firmware(const char * fw_name)1489 static int uncache_firmware(const char *fw_name)
1490 {
1491 struct firmware_buf *buf;
1492 struct firmware fw;
1493
1494 pr_debug("%s: %s\n", __func__, fw_name);
1495
1496 if (fw_get_builtin_firmware(&fw, fw_name, NULL, 0))
1497 return 0;
1498
1499 buf = fw_lookup_buf(fw_name);
1500 if (buf) {
1501 fw_free_buf(buf);
1502 return 0;
1503 }
1504
1505 return -EINVAL;
1506 }
1507
alloc_fw_cache_entry(const char * name)1508 static struct fw_cache_entry *alloc_fw_cache_entry(const char *name)
1509 {
1510 struct fw_cache_entry *fce;
1511
1512 fce = kzalloc(sizeof(*fce), GFP_ATOMIC);
1513 if (!fce)
1514 goto exit;
1515
1516 fce->name = kstrdup_const(name, GFP_ATOMIC);
1517 if (!fce->name) {
1518 kfree(fce);
1519 fce = NULL;
1520 goto exit;
1521 }
1522 exit:
1523 return fce;
1524 }
1525
__fw_entry_found(const char * name)1526 static int __fw_entry_found(const char *name)
1527 {
1528 struct firmware_cache *fwc = &fw_cache;
1529 struct fw_cache_entry *fce;
1530
1531 list_for_each_entry(fce, &fwc->fw_names, list) {
1532 if (!strcmp(fce->name, name))
1533 return 1;
1534 }
1535 return 0;
1536 }
1537
fw_cache_piggyback_on_request(const char * name)1538 static int fw_cache_piggyback_on_request(const char *name)
1539 {
1540 struct firmware_cache *fwc = &fw_cache;
1541 struct fw_cache_entry *fce;
1542 int ret = 0;
1543
1544 spin_lock(&fwc->name_lock);
1545 if (__fw_entry_found(name))
1546 goto found;
1547
1548 fce = alloc_fw_cache_entry(name);
1549 if (fce) {
1550 ret = 1;
1551 list_add(&fce->list, &fwc->fw_names);
1552 pr_debug("%s: fw: %s\n", __func__, name);
1553 }
1554 found:
1555 spin_unlock(&fwc->name_lock);
1556 return ret;
1557 }
1558
free_fw_cache_entry(struct fw_cache_entry * fce)1559 static void free_fw_cache_entry(struct fw_cache_entry *fce)
1560 {
1561 kfree_const(fce->name);
1562 kfree(fce);
1563 }
1564
__async_dev_cache_fw_image(void * fw_entry,async_cookie_t cookie)1565 static void __async_dev_cache_fw_image(void *fw_entry,
1566 async_cookie_t cookie)
1567 {
1568 struct fw_cache_entry *fce = fw_entry;
1569 struct firmware_cache *fwc = &fw_cache;
1570 int ret;
1571
1572 ret = cache_firmware(fce->name);
1573 if (ret) {
1574 spin_lock(&fwc->name_lock);
1575 list_del(&fce->list);
1576 spin_unlock(&fwc->name_lock);
1577
1578 free_fw_cache_entry(fce);
1579 }
1580 }
1581
1582 /* called with dev->devres_lock held */
dev_create_fw_entry(struct device * dev,void * res,void * data)1583 static void dev_create_fw_entry(struct device *dev, void *res,
1584 void *data)
1585 {
1586 struct fw_name_devm *fwn = res;
1587 const char *fw_name = fwn->name;
1588 struct list_head *head = data;
1589 struct fw_cache_entry *fce;
1590
1591 fce = alloc_fw_cache_entry(fw_name);
1592 if (fce)
1593 list_add(&fce->list, head);
1594 }
1595
devm_name_match(struct device * dev,void * res,void * match_data)1596 static int devm_name_match(struct device *dev, void *res,
1597 void *match_data)
1598 {
1599 struct fw_name_devm *fwn = res;
1600 return (fwn->magic == (unsigned long)match_data);
1601 }
1602
dev_cache_fw_image(struct device * dev,void * data)1603 static void dev_cache_fw_image(struct device *dev, void *data)
1604 {
1605 LIST_HEAD(todo);
1606 struct fw_cache_entry *fce;
1607 struct fw_cache_entry *fce_next;
1608 struct firmware_cache *fwc = &fw_cache;
1609
1610 devres_for_each_res(dev, fw_name_devm_release,
1611 devm_name_match, &fw_cache,
1612 dev_create_fw_entry, &todo);
1613
1614 list_for_each_entry_safe(fce, fce_next, &todo, list) {
1615 list_del(&fce->list);
1616
1617 spin_lock(&fwc->name_lock);
1618 /* only one cache entry for one firmware */
1619 if (!__fw_entry_found(fce->name)) {
1620 list_add(&fce->list, &fwc->fw_names);
1621 } else {
1622 free_fw_cache_entry(fce);
1623 fce = NULL;
1624 }
1625 spin_unlock(&fwc->name_lock);
1626
1627 if (fce)
1628 async_schedule_domain(__async_dev_cache_fw_image,
1629 (void *)fce,
1630 &fw_cache_domain);
1631 }
1632 }
1633
__device_uncache_fw_images(void)1634 static void __device_uncache_fw_images(void)
1635 {
1636 struct firmware_cache *fwc = &fw_cache;
1637 struct fw_cache_entry *fce;
1638
1639 spin_lock(&fwc->name_lock);
1640 while (!list_empty(&fwc->fw_names)) {
1641 fce = list_entry(fwc->fw_names.next,
1642 struct fw_cache_entry, list);
1643 list_del(&fce->list);
1644 spin_unlock(&fwc->name_lock);
1645
1646 uncache_firmware(fce->name);
1647 free_fw_cache_entry(fce);
1648
1649 spin_lock(&fwc->name_lock);
1650 }
1651 spin_unlock(&fwc->name_lock);
1652 }
1653
1654 /**
1655 * device_cache_fw_images - cache devices' firmware
1656 *
1657 * If one device called request_firmware or its nowait version
1658 * successfully before, the firmware names are recored into the
1659 * device's devres link list, so device_cache_fw_images can call
1660 * cache_firmware() to cache these firmwares for the device,
1661 * then the device driver can load its firmwares easily at
1662 * time when system is not ready to complete loading firmware.
1663 */
device_cache_fw_images(void)1664 static void device_cache_fw_images(void)
1665 {
1666 struct firmware_cache *fwc = &fw_cache;
1667 int old_timeout;
1668 DEFINE_WAIT(wait);
1669
1670 pr_debug("%s\n", __func__);
1671
1672 /* cancel uncache work */
1673 cancel_delayed_work_sync(&fwc->work);
1674
1675 /*
1676 * use small loading timeout for caching devices' firmware
1677 * because all these firmware images have been loaded
1678 * successfully at lease once, also system is ready for
1679 * completing firmware loading now. The maximum size of
1680 * firmware in current distributions is about 2M bytes,
1681 * so 10 secs should be enough.
1682 */
1683 old_timeout = loading_timeout;
1684 loading_timeout = 10;
1685
1686 mutex_lock(&fw_lock);
1687 fwc->state = FW_LOADER_START_CACHE;
1688 dpm_for_each_dev(NULL, dev_cache_fw_image);
1689 mutex_unlock(&fw_lock);
1690
1691 /* wait for completion of caching firmware for all devices */
1692 async_synchronize_full_domain(&fw_cache_domain);
1693
1694 loading_timeout = old_timeout;
1695 }
1696
1697 /**
1698 * device_uncache_fw_images - uncache devices' firmware
1699 *
1700 * uncache all firmwares which have been cached successfully
1701 * by device_uncache_fw_images earlier
1702 */
device_uncache_fw_images(void)1703 static void device_uncache_fw_images(void)
1704 {
1705 pr_debug("%s\n", __func__);
1706 __device_uncache_fw_images();
1707 }
1708
device_uncache_fw_images_work(struct work_struct * work)1709 static void device_uncache_fw_images_work(struct work_struct *work)
1710 {
1711 device_uncache_fw_images();
1712 }
1713
1714 /**
1715 * device_uncache_fw_images_delay - uncache devices firmwares
1716 * @delay: number of milliseconds to delay uncache device firmwares
1717 *
1718 * uncache all devices's firmwares which has been cached successfully
1719 * by device_cache_fw_images after @delay milliseconds.
1720 */
device_uncache_fw_images_delay(unsigned long delay)1721 static void device_uncache_fw_images_delay(unsigned long delay)
1722 {
1723 queue_delayed_work(system_power_efficient_wq, &fw_cache.work,
1724 msecs_to_jiffies(delay));
1725 }
1726
fw_pm_notify(struct notifier_block * notify_block,unsigned long mode,void * unused)1727 static int fw_pm_notify(struct notifier_block *notify_block,
1728 unsigned long mode, void *unused)
1729 {
1730 switch (mode) {
1731 case PM_HIBERNATION_PREPARE:
1732 case PM_SUSPEND_PREPARE:
1733 case PM_RESTORE_PREPARE:
1734 /*
1735 * kill pending fallback requests with a custom fallback
1736 * to avoid stalling suspend.
1737 */
1738 kill_pending_fw_fallback_reqs(true);
1739 device_cache_fw_images();
1740 break;
1741
1742 case PM_POST_SUSPEND:
1743 case PM_POST_HIBERNATION:
1744 case PM_POST_RESTORE:
1745 /*
1746 * In case that system sleep failed and syscore_suspend is
1747 * not called.
1748 */
1749 mutex_lock(&fw_lock);
1750 fw_cache.state = FW_LOADER_NO_CACHE;
1751 mutex_unlock(&fw_lock);
1752
1753 device_uncache_fw_images_delay(10 * MSEC_PER_SEC);
1754 break;
1755 }
1756
1757 return 0;
1758 }
1759
1760 /* stop caching firmware once syscore_suspend is reached */
fw_suspend(void)1761 static int fw_suspend(void)
1762 {
1763 fw_cache.state = FW_LOADER_NO_CACHE;
1764 return 0;
1765 }
1766
1767 static struct syscore_ops fw_syscore_ops = {
1768 .suspend = fw_suspend,
1769 };
1770 #else
fw_cache_piggyback_on_request(const char * name)1771 static int fw_cache_piggyback_on_request(const char *name)
1772 {
1773 return 0;
1774 }
1775 #endif
1776
fw_cache_init(void)1777 static void __init fw_cache_init(void)
1778 {
1779 spin_lock_init(&fw_cache.lock);
1780 INIT_LIST_HEAD(&fw_cache.head);
1781 fw_cache.state = FW_LOADER_NO_CACHE;
1782
1783 #ifdef CONFIG_PM_SLEEP
1784 spin_lock_init(&fw_cache.name_lock);
1785 INIT_LIST_HEAD(&fw_cache.fw_names);
1786
1787 INIT_DELAYED_WORK(&fw_cache.work,
1788 device_uncache_fw_images_work);
1789
1790 fw_cache.pm_notify.notifier_call = fw_pm_notify;
1791 register_pm_notifier(&fw_cache.pm_notify);
1792
1793 register_syscore_ops(&fw_syscore_ops);
1794 #endif
1795 }
1796
fw_shutdown_notify(struct notifier_block * unused1,unsigned long unused2,void * unused3)1797 static int fw_shutdown_notify(struct notifier_block *unused1,
1798 unsigned long unused2, void *unused3)
1799 {
1800 /*
1801 * Kill all pending fallback requests to avoid both stalling shutdown,
1802 * and avoid a deadlock with the usermode_lock.
1803 */
1804 kill_pending_fw_fallback_reqs(false);
1805
1806 return NOTIFY_DONE;
1807 }
1808
1809 static struct notifier_block fw_shutdown_nb = {
1810 .notifier_call = fw_shutdown_notify,
1811 };
1812
firmware_class_init(void)1813 static int __init firmware_class_init(void)
1814 {
1815 fw_cache_init();
1816 register_reboot_notifier(&fw_shutdown_nb);
1817 #ifdef CONFIG_FW_LOADER_USER_HELPER
1818 return class_register(&firmware_class);
1819 #else
1820 return 0;
1821 #endif
1822 }
1823
firmware_class_exit(void)1824 static void __exit firmware_class_exit(void)
1825 {
1826 #ifdef CONFIG_PM_SLEEP
1827 unregister_syscore_ops(&fw_syscore_ops);
1828 unregister_pm_notifier(&fw_cache.pm_notify);
1829 #endif
1830 unregister_reboot_notifier(&fw_shutdown_nb);
1831 #ifdef CONFIG_FW_LOADER_USER_HELPER
1832 class_unregister(&firmware_class);
1833 #endif
1834 }
1835
1836 fs_initcall(firmware_class_init);
1837 module_exit(firmware_class_exit);
1838