1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * main.c - Multi purpose firmware loading support
4 *
5 * Copyright (c) 2003 Manuel Estrada Sainz
6 *
7 * Please see Documentation/driver-api/firmware/ for more information.
8 *
9 */
10
11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12
13 #include <linux/capability.h>
14 #include <linux/device.h>
15 #include <linux/kernel_read_file.h>
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/initrd.h>
19 #include <linux/timer.h>
20 #include <linux/vmalloc.h>
21 #include <linux/interrupt.h>
22 #include <linux/bitops.h>
23 #include <linux/mutex.h>
24 #include <linux/workqueue.h>
25 #include <linux/highmem.h>
26 #include <linux/firmware.h>
27 #include <linux/slab.h>
28 #include <linux/sched.h>
29 #include <linux/file.h>
30 #include <linux/list.h>
31 #include <linux/fs.h>
32 #include <linux/async.h>
33 #include <linux/pm.h>
34 #include <linux/suspend.h>
35 #include <linux/syscore_ops.h>
36 #include <linux/reboot.h>
37 #include <linux/security.h>
38 #include <linux/zstd.h>
39 #include <linux/xz.h>
40
41 #include <generated/utsrelease.h>
42
43 #include "../base.h"
44 #include "firmware.h"
45 #include "fallback.h"
46
47 MODULE_AUTHOR("Manuel Estrada Sainz");
48 MODULE_DESCRIPTION("Multi purpose firmware loading support");
49 MODULE_LICENSE("GPL");
50
51 struct firmware_cache {
52 /* firmware_buf instance will be added into the below list */
53 spinlock_t lock;
54 struct list_head head;
55 int state;
56
57 #ifdef CONFIG_FW_CACHE
58 /*
59 * Names of firmware images which have been cached successfully
60 * will be added into the below list so that device uncache
61 * helper can trace which firmware images have been cached
62 * before.
63 */
64 spinlock_t name_lock;
65 struct list_head fw_names;
66
67 struct delayed_work work;
68
69 struct notifier_block pm_notify;
70 #endif
71 };
72
73 struct fw_cache_entry {
74 struct list_head list;
75 const char *name;
76 };
77
78 struct fw_name_devm {
79 unsigned long magic;
80 const char *name;
81 };
82
to_fw_priv(struct kref * ref)83 static inline struct fw_priv *to_fw_priv(struct kref *ref)
84 {
85 return container_of(ref, struct fw_priv, ref);
86 }
87
88 #define FW_LOADER_NO_CACHE 0
89 #define FW_LOADER_START_CACHE 1
90
91 /* fw_lock could be moved to 'struct fw_sysfs' but since it is just
92 * guarding for corner cases a global lock should be OK */
93 DEFINE_MUTEX(fw_lock);
94
95 struct firmware_cache fw_cache;
96 bool fw_load_abort_all;
97
fw_state_init(struct fw_priv * fw_priv)98 void fw_state_init(struct fw_priv *fw_priv)
99 {
100 struct fw_state *fw_st = &fw_priv->fw_st;
101
102 init_completion(&fw_st->completion);
103 fw_st->status = FW_STATUS_UNKNOWN;
104 }
105
fw_state_wait(struct fw_priv * fw_priv)106 static inline int fw_state_wait(struct fw_priv *fw_priv)
107 {
108 return __fw_state_wait_common(fw_priv, MAX_SCHEDULE_TIMEOUT);
109 }
110
111 static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv);
112
__allocate_fw_priv(const char * fw_name,struct firmware_cache * fwc,void * dbuf,size_t size,size_t offset,u32 opt_flags)113 static struct fw_priv *__allocate_fw_priv(const char *fw_name,
114 struct firmware_cache *fwc,
115 void *dbuf,
116 size_t size,
117 size_t offset,
118 u32 opt_flags)
119 {
120 struct fw_priv *fw_priv;
121
122 /* For a partial read, the buffer must be preallocated. */
123 if ((opt_flags & FW_OPT_PARTIAL) && !dbuf)
124 return NULL;
125
126 /* Only partial reads are allowed to use an offset. */
127 if (offset != 0 && !(opt_flags & FW_OPT_PARTIAL))
128 return NULL;
129
130 fw_priv = kzalloc(sizeof(*fw_priv), GFP_ATOMIC);
131 if (!fw_priv)
132 return NULL;
133
134 fw_priv->fw_name = kstrdup_const(fw_name, GFP_ATOMIC);
135 if (!fw_priv->fw_name) {
136 kfree(fw_priv);
137 return NULL;
138 }
139
140 kref_init(&fw_priv->ref);
141 fw_priv->fwc = fwc;
142 fw_priv->data = dbuf;
143 fw_priv->allocated_size = size;
144 fw_priv->offset = offset;
145 fw_priv->opt_flags = opt_flags;
146 fw_state_init(fw_priv);
147 #ifdef CONFIG_FW_LOADER_USER_HELPER
148 INIT_LIST_HEAD(&fw_priv->pending_list);
149 #endif
150
151 pr_debug("%s: fw-%s fw_priv=%p\n", __func__, fw_name, fw_priv);
152
153 return fw_priv;
154 }
155
__lookup_fw_priv(const char * fw_name)156 static struct fw_priv *__lookup_fw_priv(const char *fw_name)
157 {
158 struct fw_priv *tmp;
159 struct firmware_cache *fwc = &fw_cache;
160
161 list_for_each_entry(tmp, &fwc->head, list)
162 if (!strcmp(tmp->fw_name, fw_name))
163 return tmp;
164 return NULL;
165 }
166
167 /* Returns 1 for batching firmware requests with the same name */
alloc_lookup_fw_priv(const char * fw_name,struct firmware_cache * fwc,struct fw_priv ** fw_priv,void * dbuf,size_t size,size_t offset,u32 opt_flags)168 int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc,
169 struct fw_priv **fw_priv, void *dbuf, size_t size,
170 size_t offset, u32 opt_flags)
171 {
172 struct fw_priv *tmp;
173
174 spin_lock(&fwc->lock);
175 /*
176 * Do not merge requests that are marked to be non-cached or
177 * are performing partial reads.
178 */
179 if (!(opt_flags & (FW_OPT_NOCACHE | FW_OPT_PARTIAL))) {
180 tmp = __lookup_fw_priv(fw_name);
181 if (tmp) {
182 kref_get(&tmp->ref);
183 spin_unlock(&fwc->lock);
184 *fw_priv = tmp;
185 pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n");
186 return 1;
187 }
188 }
189
190 tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size, offset, opt_flags);
191 if (tmp) {
192 INIT_LIST_HEAD(&tmp->list);
193 if (!(opt_flags & FW_OPT_NOCACHE))
194 list_add(&tmp->list, &fwc->head);
195 }
196 spin_unlock(&fwc->lock);
197
198 *fw_priv = tmp;
199
200 return tmp ? 0 : -ENOMEM;
201 }
202
__free_fw_priv(struct kref * ref)203 static void __free_fw_priv(struct kref *ref)
204 __releases(&fwc->lock)
205 {
206 struct fw_priv *fw_priv = to_fw_priv(ref);
207 struct firmware_cache *fwc = fw_priv->fwc;
208
209 pr_debug("%s: fw-%s fw_priv=%p data=%p size=%u\n",
210 __func__, fw_priv->fw_name, fw_priv, fw_priv->data,
211 (unsigned int)fw_priv->size);
212
213 list_del(&fw_priv->list);
214 spin_unlock(&fwc->lock);
215
216 if (fw_is_paged_buf(fw_priv))
217 fw_free_paged_buf(fw_priv);
218 else if (!fw_priv->allocated_size)
219 vfree(fw_priv->data);
220
221 kfree_const(fw_priv->fw_name);
222 kfree(fw_priv);
223 }
224
free_fw_priv(struct fw_priv * fw_priv)225 void free_fw_priv(struct fw_priv *fw_priv)
226 {
227 struct firmware_cache *fwc = fw_priv->fwc;
228 spin_lock(&fwc->lock);
229 if (!kref_put(&fw_priv->ref, __free_fw_priv))
230 spin_unlock(&fwc->lock);
231 }
232
233 #ifdef CONFIG_FW_LOADER_PAGED_BUF
fw_is_paged_buf(struct fw_priv * fw_priv)234 bool fw_is_paged_buf(struct fw_priv *fw_priv)
235 {
236 return fw_priv->is_paged_buf;
237 }
238
fw_free_paged_buf(struct fw_priv * fw_priv)239 void fw_free_paged_buf(struct fw_priv *fw_priv)
240 {
241 int i;
242
243 if (!fw_priv->pages)
244 return;
245
246 vunmap(fw_priv->data);
247
248 for (i = 0; i < fw_priv->nr_pages; i++)
249 __free_page(fw_priv->pages[i]);
250 kvfree(fw_priv->pages);
251 fw_priv->pages = NULL;
252 fw_priv->page_array_size = 0;
253 fw_priv->nr_pages = 0;
254 fw_priv->data = NULL;
255 fw_priv->size = 0;
256 }
257
fw_grow_paged_buf(struct fw_priv * fw_priv,int pages_needed)258 int fw_grow_paged_buf(struct fw_priv *fw_priv, int pages_needed)
259 {
260 /* If the array of pages is too small, grow it */
261 if (fw_priv->page_array_size < pages_needed) {
262 int new_array_size = max(pages_needed,
263 fw_priv->page_array_size * 2);
264 struct page **new_pages;
265
266 new_pages = kvmalloc_array(new_array_size, sizeof(void *),
267 GFP_KERNEL);
268 if (!new_pages)
269 return -ENOMEM;
270 memcpy(new_pages, fw_priv->pages,
271 fw_priv->page_array_size * sizeof(void *));
272 memset(&new_pages[fw_priv->page_array_size], 0, sizeof(void *) *
273 (new_array_size - fw_priv->page_array_size));
274 kvfree(fw_priv->pages);
275 fw_priv->pages = new_pages;
276 fw_priv->page_array_size = new_array_size;
277 }
278
279 while (fw_priv->nr_pages < pages_needed) {
280 fw_priv->pages[fw_priv->nr_pages] =
281 alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
282
283 if (!fw_priv->pages[fw_priv->nr_pages])
284 return -ENOMEM;
285 fw_priv->nr_pages++;
286 }
287
288 return 0;
289 }
290
fw_map_paged_buf(struct fw_priv * fw_priv)291 int fw_map_paged_buf(struct fw_priv *fw_priv)
292 {
293 /* one pages buffer should be mapped/unmapped only once */
294 if (!fw_priv->pages)
295 return 0;
296
297 vunmap(fw_priv->data);
298 fw_priv->data = vmap(fw_priv->pages, fw_priv->nr_pages, 0,
299 PAGE_KERNEL_RO);
300 if (!fw_priv->data)
301 return -ENOMEM;
302
303 return 0;
304 }
305 #endif
306
307 /*
308 * ZSTD-compressed firmware support
309 */
310 #ifdef CONFIG_FW_LOADER_COMPRESS_ZSTD
fw_decompress_zstd(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)311 static int fw_decompress_zstd(struct device *dev, struct fw_priv *fw_priv,
312 size_t in_size, const void *in_buffer)
313 {
314 size_t len, out_size, workspace_size;
315 void *workspace, *out_buf;
316 zstd_dctx *ctx;
317 int err;
318
319 if (fw_priv->allocated_size) {
320 out_size = fw_priv->allocated_size;
321 out_buf = fw_priv->data;
322 } else {
323 zstd_frame_header params;
324
325 if (zstd_get_frame_header(¶ms, in_buffer, in_size) ||
326 params.frameContentSize == ZSTD_CONTENTSIZE_UNKNOWN) {
327 dev_dbg(dev, "%s: invalid zstd header\n", __func__);
328 return -EINVAL;
329 }
330 out_size = params.frameContentSize;
331 out_buf = vzalloc(out_size);
332 if (!out_buf)
333 return -ENOMEM;
334 }
335
336 workspace_size = zstd_dctx_workspace_bound();
337 workspace = kvzalloc(workspace_size, GFP_KERNEL);
338 if (!workspace) {
339 err = -ENOMEM;
340 goto error;
341 }
342
343 ctx = zstd_init_dctx(workspace, workspace_size);
344 if (!ctx) {
345 dev_dbg(dev, "%s: failed to initialize context\n", __func__);
346 err = -EINVAL;
347 goto error;
348 }
349
350 len = zstd_decompress_dctx(ctx, out_buf, out_size, in_buffer, in_size);
351 if (zstd_is_error(len)) {
352 dev_dbg(dev, "%s: failed to decompress: %d\n", __func__,
353 zstd_get_error_code(len));
354 err = -EINVAL;
355 goto error;
356 }
357
358 if (!fw_priv->allocated_size)
359 fw_priv->data = out_buf;
360 fw_priv->size = len;
361 err = 0;
362
363 error:
364 kvfree(workspace);
365 if (err && !fw_priv->allocated_size)
366 vfree(out_buf);
367 return err;
368 }
369 #endif /* CONFIG_FW_LOADER_COMPRESS_ZSTD */
370
371 /*
372 * XZ-compressed firmware support
373 */
374 #ifdef CONFIG_FW_LOADER_COMPRESS_XZ
375 /* show an error and return the standard error code */
fw_decompress_xz_error(struct device * dev,enum xz_ret xz_ret)376 static int fw_decompress_xz_error(struct device *dev, enum xz_ret xz_ret)
377 {
378 if (xz_ret != XZ_STREAM_END) {
379 dev_warn(dev, "xz decompression failed (xz_ret=%d)\n", xz_ret);
380 return xz_ret == XZ_MEM_ERROR ? -ENOMEM : -EINVAL;
381 }
382 return 0;
383 }
384
385 /* single-shot decompression onto the pre-allocated buffer */
fw_decompress_xz_single(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)386 static int fw_decompress_xz_single(struct device *dev, struct fw_priv *fw_priv,
387 size_t in_size, const void *in_buffer)
388 {
389 struct xz_dec *xz_dec;
390 struct xz_buf xz_buf;
391 enum xz_ret xz_ret;
392
393 xz_dec = xz_dec_init(XZ_SINGLE, (u32)-1);
394 if (!xz_dec)
395 return -ENOMEM;
396
397 xz_buf.in_size = in_size;
398 xz_buf.in = in_buffer;
399 xz_buf.in_pos = 0;
400 xz_buf.out_size = fw_priv->allocated_size;
401 xz_buf.out = fw_priv->data;
402 xz_buf.out_pos = 0;
403
404 xz_ret = xz_dec_run(xz_dec, &xz_buf);
405 xz_dec_end(xz_dec);
406
407 fw_priv->size = xz_buf.out_pos;
408 return fw_decompress_xz_error(dev, xz_ret);
409 }
410
411 /* decompression on paged buffer and map it */
fw_decompress_xz_pages(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)412 static int fw_decompress_xz_pages(struct device *dev, struct fw_priv *fw_priv,
413 size_t in_size, const void *in_buffer)
414 {
415 struct xz_dec *xz_dec;
416 struct xz_buf xz_buf;
417 enum xz_ret xz_ret;
418 struct page *page;
419 int err = 0;
420
421 xz_dec = xz_dec_init(XZ_DYNALLOC, (u32)-1);
422 if (!xz_dec)
423 return -ENOMEM;
424
425 xz_buf.in_size = in_size;
426 xz_buf.in = in_buffer;
427 xz_buf.in_pos = 0;
428
429 fw_priv->is_paged_buf = true;
430 fw_priv->size = 0;
431 do {
432 if (fw_grow_paged_buf(fw_priv, fw_priv->nr_pages + 1)) {
433 err = -ENOMEM;
434 goto out;
435 }
436
437 /* decompress onto the new allocated page */
438 page = fw_priv->pages[fw_priv->nr_pages - 1];
439 xz_buf.out = kmap_local_page(page);
440 xz_buf.out_pos = 0;
441 xz_buf.out_size = PAGE_SIZE;
442 xz_ret = xz_dec_run(xz_dec, &xz_buf);
443 kunmap_local(xz_buf.out);
444 fw_priv->size += xz_buf.out_pos;
445 /* partial decompression means either end or error */
446 if (xz_buf.out_pos != PAGE_SIZE)
447 break;
448 } while (xz_ret == XZ_OK);
449
450 err = fw_decompress_xz_error(dev, xz_ret);
451 if (!err)
452 err = fw_map_paged_buf(fw_priv);
453
454 out:
455 xz_dec_end(xz_dec);
456 return err;
457 }
458
fw_decompress_xz(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)459 static int fw_decompress_xz(struct device *dev, struct fw_priv *fw_priv,
460 size_t in_size, const void *in_buffer)
461 {
462 /* if the buffer is pre-allocated, we can perform in single-shot mode */
463 if (fw_priv->data)
464 return fw_decompress_xz_single(dev, fw_priv, in_size, in_buffer);
465 else
466 return fw_decompress_xz_pages(dev, fw_priv, in_size, in_buffer);
467 }
468 #endif /* CONFIG_FW_LOADER_COMPRESS_XZ */
469
470 /* direct firmware loading support */
471 #define CUSTOM_FW_PATH_COUNT 10
472 #define PATH_SIZE 255
473 static char fw_path_para[CUSTOM_FW_PATH_COUNT][PATH_SIZE];
474 static const char * const fw_path[] = {
475 fw_path_para[0],
476 fw_path_para[1],
477 fw_path_para[2],
478 fw_path_para[3],
479 fw_path_para[4],
480 fw_path_para[5],
481 fw_path_para[6],
482 fw_path_para[7],
483 fw_path_para[8],
484 fw_path_para[9],
485 "/lib/firmware/updates/" UTS_RELEASE,
486 "/lib/firmware/updates",
487 "/lib/firmware/" UTS_RELEASE,
488 "/lib/firmware"
489 };
490
491 static char strpath[PATH_SIZE * CUSTOM_FW_PATH_COUNT];
firmware_param_path_set(const char * val,const struct kernel_param * kp)492 static int firmware_param_path_set(const char *val, const struct kernel_param *kp)
493 {
494 int i;
495 char *path, *end;
496
497 strscpy(strpath, val, sizeof(strpath));
498 /* Remove leading and trailing spaces from path */
499 path = strim(strpath);
500 for (i = 0; path && i < CUSTOM_FW_PATH_COUNT; i++) {
501 end = strchr(path, ',');
502
503 /* Skip continuous token case, for example ',,,' */
504 if (end == path) {
505 i--;
506 path = ++end;
507 continue;
508 }
509
510 if (end != NULL)
511 *end = '\0';
512 else {
513 /* end of the string reached and no other tockens ',' */
514 strscpy(fw_path_para[i], path, PATH_SIZE);
515 break;
516 }
517
518 strscpy(fw_path_para[i], path, PATH_SIZE);
519 path = ++end;
520 }
521
522 return 0;
523 }
524
firmware_param_path_get(char * buffer,const struct kernel_param * kp)525 static int firmware_param_path_get(char *buffer, const struct kernel_param *kp)
526 {
527 int count = 0, i;
528
529 for (i = 0; i < CUSTOM_FW_PATH_COUNT; i++) {
530 if (strlen(fw_path_para[i]) != 0)
531 count += scnprintf(buffer + count, PATH_SIZE, "%s%s", fw_path_para[i], ",");
532 }
533
534 buffer[count - 1] = '\0';
535
536 return count - 1;
537 }
538 /*
539 * Typical usage is that passing 'firmware_class.path=/vendor,/firwmare_mnt'
540 * from kernel command line because firmware_class is generally built in
541 * kernel instead of module. ',' is used as delimiter for setting 10
542 * custom paths for firmware loader.
543 */
544
545 static const struct kernel_param_ops firmware_param_ops = {
546 .set = firmware_param_path_set,
547 .get = firmware_param_path_get,
548 };
549 module_param_cb(path, &firmware_param_ops, NULL, 0644);
550 MODULE_PARM_DESC(path, "customized firmware image search path with a higher priority than default path");
551
552 static int
fw_get_filesystem_firmware(struct device * device,struct fw_priv * fw_priv,const char * suffix,int (* decompress)(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer))553 fw_get_filesystem_firmware(struct device *device, struct fw_priv *fw_priv,
554 const char *suffix,
555 int (*decompress)(struct device *dev,
556 struct fw_priv *fw_priv,
557 size_t in_size,
558 const void *in_buffer))
559 {
560 size_t size;
561 int i, len, maxlen = 0;
562 int rc = -ENOENT;
563 char *path, *nt = NULL;
564 size_t msize = INT_MAX;
565 void *buffer = NULL;
566
567 /* Already populated data member means we're loading into a buffer */
568 if (!decompress && fw_priv->data) {
569 buffer = fw_priv->data;
570 msize = fw_priv->allocated_size;
571 }
572
573 path = __getname();
574 if (!path)
575 return -ENOMEM;
576
577 wait_for_initramfs();
578 for (i = 0; i < ARRAY_SIZE(fw_path); i++) {
579 size_t file_size = 0;
580 size_t *file_size_ptr = NULL;
581
582 /* skip the unset customized path */
583 if (!fw_path[i][0])
584 continue;
585
586 /* strip off \n from customized path */
587 maxlen = strlen(fw_path[i]);
588 if (i == 0) {
589 nt = strchr(fw_path[i], '\n');
590 if (nt)
591 maxlen = nt - fw_path[i];
592 }
593
594 len = snprintf(path, PATH_MAX, "%.*s/%s%s",
595 maxlen, fw_path[i],
596 fw_priv->fw_name, suffix);
597 if (len >= PATH_MAX) {
598 rc = -ENAMETOOLONG;
599 break;
600 }
601
602 fw_priv->size = 0;
603
604 /*
605 * The total file size is only examined when doing a partial
606 * read; the "full read" case needs to fail if the whole
607 * firmware was not completely loaded.
608 */
609 if ((fw_priv->opt_flags & FW_OPT_PARTIAL) && buffer)
610 file_size_ptr = &file_size;
611
612 /* load firmware files from the mount namespace of init */
613 rc = kernel_read_file_from_path_initns(path, fw_priv->offset,
614 &buffer, msize,
615 file_size_ptr,
616 READING_FIRMWARE);
617 if (rc < 0) {
618 if (!(fw_priv->opt_flags & FW_OPT_NO_WARN)) {
619 if (rc != -ENOENT)
620 dev_warn(device,
621 "loading %s failed with error %d\n",
622 path, rc);
623 else
624 dev_dbg(device,
625 "loading %s failed for no such file or directory.\n",
626 path);
627 }
628 continue;
629 }
630 size = rc;
631 rc = 0;
632
633 dev_dbg(device, "Loading firmware from %s\n", path);
634 if (decompress) {
635 dev_dbg(device, "f/w decompressing %s\n",
636 fw_priv->fw_name);
637 rc = decompress(device, fw_priv, size, buffer);
638 /* discard the superfluous original content */
639 vfree(buffer);
640 buffer = NULL;
641 if (rc) {
642 fw_free_paged_buf(fw_priv);
643 continue;
644 }
645 } else {
646 dev_dbg(device, "direct-loading %s\n",
647 fw_priv->fw_name);
648 if (!fw_priv->data)
649 fw_priv->data = buffer;
650 fw_priv->size = size;
651 }
652 fw_state_done(fw_priv);
653 break;
654 }
655 __putname(path);
656
657 return rc;
658 }
659
660 /* firmware holds the ownership of pages */
firmware_free_data(const struct firmware * fw)661 static void firmware_free_data(const struct firmware *fw)
662 {
663 /* Loaded directly? */
664 if (!fw->priv) {
665 vfree(fw->data);
666 return;
667 }
668 free_fw_priv(fw->priv);
669 }
670
671 /* store the pages buffer info firmware from buf */
fw_set_page_data(struct fw_priv * fw_priv,struct firmware * fw)672 static void fw_set_page_data(struct fw_priv *fw_priv, struct firmware *fw)
673 {
674 fw->priv = fw_priv;
675 fw->size = fw_priv->size;
676 fw->data = fw_priv->data;
677
678 pr_debug("%s: fw-%s fw_priv=%p data=%p size=%u\n",
679 __func__, fw_priv->fw_name, fw_priv, fw_priv->data,
680 (unsigned int)fw_priv->size);
681 }
682
683 #ifdef CONFIG_FW_CACHE
fw_name_devm_release(struct device * dev,void * res)684 static void fw_name_devm_release(struct device *dev, void *res)
685 {
686 struct fw_name_devm *fwn = res;
687
688 if (fwn->magic == (unsigned long)&fw_cache)
689 pr_debug("%s: fw_name-%s devm-%p released\n",
690 __func__, fwn->name, res);
691 kfree_const(fwn->name);
692 }
693
fw_devm_match(struct device * dev,void * res,void * match_data)694 static int fw_devm_match(struct device *dev, void *res,
695 void *match_data)
696 {
697 struct fw_name_devm *fwn = res;
698
699 return (fwn->magic == (unsigned long)&fw_cache) &&
700 !strcmp(fwn->name, match_data);
701 }
702
fw_find_devm_name(struct device * dev,const char * name)703 static struct fw_name_devm *fw_find_devm_name(struct device *dev,
704 const char *name)
705 {
706 struct fw_name_devm *fwn;
707
708 fwn = devres_find(dev, fw_name_devm_release,
709 fw_devm_match, (void *)name);
710 return fwn;
711 }
712
fw_cache_is_setup(struct device * dev,const char * name)713 static bool fw_cache_is_setup(struct device *dev, const char *name)
714 {
715 struct fw_name_devm *fwn;
716
717 fwn = fw_find_devm_name(dev, name);
718 if (fwn)
719 return true;
720
721 return false;
722 }
723
724 /* add firmware name into devres list */
fw_add_devm_name(struct device * dev,const char * name)725 static int fw_add_devm_name(struct device *dev, const char *name)
726 {
727 struct fw_name_devm *fwn;
728
729 if (fw_cache_is_setup(dev, name))
730 return 0;
731
732 fwn = devres_alloc(fw_name_devm_release, sizeof(struct fw_name_devm),
733 GFP_KERNEL);
734 if (!fwn)
735 return -ENOMEM;
736 fwn->name = kstrdup_const(name, GFP_KERNEL);
737 if (!fwn->name) {
738 devres_free(fwn);
739 return -ENOMEM;
740 }
741
742 fwn->magic = (unsigned long)&fw_cache;
743 devres_add(dev, fwn);
744
745 return 0;
746 }
747 #else
fw_cache_is_setup(struct device * dev,const char * name)748 static bool fw_cache_is_setup(struct device *dev, const char *name)
749 {
750 return false;
751 }
752
fw_add_devm_name(struct device * dev,const char * name)753 static int fw_add_devm_name(struct device *dev, const char *name)
754 {
755 return 0;
756 }
757 #endif
758
assign_fw(struct firmware * fw,struct device * device)759 int assign_fw(struct firmware *fw, struct device *device)
760 {
761 struct fw_priv *fw_priv = fw->priv;
762 int ret;
763
764 mutex_lock(&fw_lock);
765 if (!fw_priv->size || fw_state_is_aborted(fw_priv)) {
766 mutex_unlock(&fw_lock);
767 return -ENOENT;
768 }
769
770 /*
771 * add firmware name into devres list so that we can auto cache
772 * and uncache firmware for device.
773 *
774 * device may has been deleted already, but the problem
775 * should be fixed in devres or driver core.
776 */
777 /* don't cache firmware handled without uevent */
778 if (device && (fw_priv->opt_flags & FW_OPT_UEVENT) &&
779 !(fw_priv->opt_flags & FW_OPT_NOCACHE)) {
780 ret = fw_add_devm_name(device, fw_priv->fw_name);
781 if (ret) {
782 mutex_unlock(&fw_lock);
783 return ret;
784 }
785 }
786
787 /*
788 * After caching firmware image is started, let it piggyback
789 * on request firmware.
790 */
791 if (!(fw_priv->opt_flags & FW_OPT_NOCACHE) &&
792 fw_priv->fwc->state == FW_LOADER_START_CACHE)
793 fw_cache_piggyback_on_request(fw_priv);
794
795 /* pass the pages buffer to driver at the last minute */
796 fw_set_page_data(fw_priv, fw);
797 mutex_unlock(&fw_lock);
798 return 0;
799 }
800
801 /* prepare firmware and firmware_buf structs;
802 * return 0 if a firmware is already assigned, 1 if need to load one,
803 * or a negative error code
804 */
805 static int
_request_firmware_prepare(struct firmware ** firmware_p,const char * name,struct device * device,void * dbuf,size_t size,size_t offset,u32 opt_flags)806 _request_firmware_prepare(struct firmware **firmware_p, const char *name,
807 struct device *device, void *dbuf, size_t size,
808 size_t offset, u32 opt_flags)
809 {
810 struct firmware *firmware;
811 struct fw_priv *fw_priv;
812 int ret;
813
814 *firmware_p = firmware = kzalloc(sizeof(*firmware), GFP_KERNEL);
815 if (!firmware) {
816 dev_err(device, "%s: kmalloc(struct firmware) failed\n",
817 __func__);
818 return -ENOMEM;
819 }
820
821 if (firmware_request_builtin_buf(firmware, name, dbuf, size)) {
822 dev_dbg(device, "using built-in %s\n", name);
823 return 0; /* assigned */
824 }
825
826 ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size,
827 offset, opt_flags);
828
829 /*
830 * bind with 'priv' now to avoid warning in failure path
831 * of requesting firmware.
832 */
833 firmware->priv = fw_priv;
834
835 if (ret > 0) {
836 ret = fw_state_wait(fw_priv);
837 if (!ret) {
838 fw_set_page_data(fw_priv, firmware);
839 return 0; /* assigned */
840 }
841 }
842
843 if (ret < 0)
844 return ret;
845 return 1; /* need to load */
846 }
847
848 /*
849 * Batched requests need only one wake, we need to do this step last due to the
850 * fallback mechanism. The buf is protected with kref_get(), and it won't be
851 * released until the last user calls release_firmware().
852 *
853 * Failed batched requests are possible as well, in such cases we just share
854 * the struct fw_priv and won't release it until all requests are woken
855 * and have gone through this same path.
856 */
fw_abort_batch_reqs(struct firmware * fw)857 static void fw_abort_batch_reqs(struct firmware *fw)
858 {
859 struct fw_priv *fw_priv;
860
861 /* Loaded directly? */
862 if (!fw || !fw->priv)
863 return;
864
865 fw_priv = fw->priv;
866 mutex_lock(&fw_lock);
867 if (!fw_state_is_aborted(fw_priv))
868 fw_state_aborted(fw_priv);
869 mutex_unlock(&fw_lock);
870 }
871
872 #if defined(CONFIG_FW_LOADER_DEBUG)
873 #include <crypto/hash.h>
874 #include <crypto/sha2.h>
875
fw_log_firmware_info(const struct firmware * fw,const char * name,struct device * device)876 static void fw_log_firmware_info(const struct firmware *fw, const char *name, struct device *device)
877 {
878 struct shash_desc *shash;
879 struct crypto_shash *alg;
880 u8 *sha256buf;
881 char *outbuf;
882
883 alg = crypto_alloc_shash("sha256", 0, 0);
884 if (IS_ERR(alg))
885 return;
886
887 sha256buf = kmalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
888 outbuf = kmalloc(SHA256_BLOCK_SIZE + 1, GFP_KERNEL);
889 shash = kmalloc(sizeof(*shash) + crypto_shash_descsize(alg), GFP_KERNEL);
890 if (!sha256buf || !outbuf || !shash)
891 goto out_free;
892
893 shash->tfm = alg;
894
895 if (crypto_shash_digest(shash, fw->data, fw->size, sha256buf) < 0)
896 goto out_free;
897
898 for (int i = 0; i < SHA256_DIGEST_SIZE; i++)
899 sprintf(&outbuf[i * 2], "%02x", sha256buf[i]);
900 outbuf[SHA256_BLOCK_SIZE] = 0;
901 dev_dbg(device, "Loaded FW: %s, sha256: %s\n", name, outbuf);
902
903 out_free:
904 kfree(shash);
905 kfree(outbuf);
906 kfree(sha256buf);
907 crypto_free_shash(alg);
908 }
909 #else
fw_log_firmware_info(const struct firmware * fw,const char * name,struct device * device)910 static void fw_log_firmware_info(const struct firmware *fw, const char *name,
911 struct device *device)
912 {}
913 #endif
914
915 /*
916 * Reject firmware file names with ".." path components.
917 * There are drivers that construct firmware file names from device-supplied
918 * strings, and we don't want some device to be able to tell us "I would like to
919 * be sent my firmware from ../../../etc/shadow, please".
920 *
921 * Search for ".." surrounded by either '/' or start/end of string.
922 *
923 * This intentionally only looks at the firmware name, not at the firmware base
924 * directory or at symlink contents.
925 */
name_contains_dotdot(const char * name)926 static bool name_contains_dotdot(const char *name)
927 {
928 size_t name_len = strlen(name);
929
930 return strcmp(name, "..") == 0 || strncmp(name, "../", 3) == 0 ||
931 strstr(name, "/../") != NULL ||
932 (name_len >= 3 && strcmp(name+name_len-3, "/..") == 0);
933 }
934
935 /* called from request_firmware() and request_firmware_work_func() */
936 static int
_request_firmware(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size,size_t offset,u32 opt_flags)937 _request_firmware(const struct firmware **firmware_p, const char *name,
938 struct device *device, void *buf, size_t size,
939 size_t offset, u32 opt_flags)
940 {
941 struct firmware *fw = NULL;
942 struct cred *kern_cred = NULL;
943 const struct cred *old_cred;
944 bool nondirect = false;
945 int ret;
946
947 if (!firmware_p)
948 return -EINVAL;
949
950 if (!name || name[0] == '\0') {
951 ret = -EINVAL;
952 goto out;
953 }
954
955 if (name_contains_dotdot(name)) {
956 dev_warn(device,
957 "Firmware load for '%s' refused, path contains '..' component\n",
958 name);
959 ret = -EINVAL;
960 goto out;
961 }
962
963 ret = _request_firmware_prepare(&fw, name, device, buf, size,
964 offset, opt_flags);
965 if (ret <= 0) /* error or already assigned */
966 goto out;
967
968 /*
969 * We are about to try to access the firmware file. Because we may have been
970 * called by a driver when serving an unrelated request from userland, we use
971 * the kernel credentials to read the file.
972 */
973 kern_cred = prepare_kernel_cred(&init_task);
974 if (!kern_cred) {
975 ret = -ENOMEM;
976 goto out;
977 }
978 old_cred = override_creds(kern_cred);
979
980 ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL);
981
982 /* Only full reads can support decompression, platform, and sysfs. */
983 if (!(opt_flags & FW_OPT_PARTIAL))
984 nondirect = true;
985
986 #ifdef CONFIG_FW_LOADER_COMPRESS_ZSTD
987 if (ret == -ENOENT && nondirect)
988 ret = fw_get_filesystem_firmware(device, fw->priv, ".zst",
989 fw_decompress_zstd);
990 #endif
991 #ifdef CONFIG_FW_LOADER_COMPRESS_XZ
992 if (ret == -ENOENT && nondirect)
993 ret = fw_get_filesystem_firmware(device, fw->priv, ".xz",
994 fw_decompress_xz);
995 #endif
996 if (ret == -ENOENT && nondirect)
997 ret = firmware_fallback_platform(fw->priv);
998
999 if (ret) {
1000 if (!(opt_flags & FW_OPT_NO_WARN))
1001 dev_warn(device,
1002 "Direct firmware load for %s failed with error %d\n",
1003 name, ret);
1004 if (nondirect)
1005 ret = firmware_fallback_sysfs(fw, name, device,
1006 opt_flags, ret);
1007 } else
1008 ret = assign_fw(fw, device);
1009
1010 revert_creds(old_cred);
1011 put_cred(kern_cred);
1012
1013 out:
1014 if (ret < 0) {
1015 fw_abort_batch_reqs(fw);
1016 release_firmware(fw);
1017 fw = NULL;
1018 } else {
1019 fw_log_firmware_info(fw, name, device);
1020 }
1021
1022 *firmware_p = fw;
1023 return ret;
1024 }
1025
1026 /**
1027 * request_firmware() - send firmware request and wait for it
1028 * @firmware_p: pointer to firmware image
1029 * @name: name of firmware file
1030 * @device: device for which firmware is being loaded
1031 *
1032 * @firmware_p will be used to return a firmware image by the name
1033 * of @name for device @device.
1034 *
1035 * Should be called from user context where sleeping is allowed.
1036 *
1037 * @name will be used as $FIRMWARE in the uevent environment and
1038 * should be distinctive enough not to be confused with any other
1039 * firmware image for this or any other device.
1040 * It must not contain any ".." path components - "foo/bar..bin" is
1041 * allowed, but "foo/../bar.bin" is not.
1042 *
1043 * Caller must hold the reference count of @device.
1044 *
1045 * The function can be called safely inside device's suspend and
1046 * resume callback.
1047 **/
1048 int
request_firmware(const struct firmware ** firmware_p,const char * name,struct device * device)1049 request_firmware(const struct firmware **firmware_p, const char *name,
1050 struct device *device)
1051 {
1052 int ret;
1053
1054 /* Need to pin this module until return */
1055 __module_get(THIS_MODULE);
1056 ret = _request_firmware(firmware_p, name, device, NULL, 0, 0,
1057 FW_OPT_UEVENT);
1058 module_put(THIS_MODULE);
1059 return ret;
1060 }
1061 EXPORT_SYMBOL(request_firmware);
1062
1063 /**
1064 * firmware_request_nowarn() - request for an optional fw module
1065 * @firmware: pointer to firmware image
1066 * @name: name of firmware file
1067 * @device: device for which firmware is being loaded
1068 *
1069 * This function is similar in behaviour to request_firmware(), except it
1070 * doesn't produce warning messages when the file is not found. The sysfs
1071 * fallback mechanism is enabled if direct filesystem lookup fails. However,
1072 * failures to find the firmware file with it are still suppressed. It is
1073 * therefore up to the driver to check for the return value of this call and to
1074 * decide when to inform the users of errors.
1075 **/
firmware_request_nowarn(const struct firmware ** firmware,const char * name,struct device * device)1076 int firmware_request_nowarn(const struct firmware **firmware, const char *name,
1077 struct device *device)
1078 {
1079 int ret;
1080
1081 /* Need to pin this module until return */
1082 __module_get(THIS_MODULE);
1083 ret = _request_firmware(firmware, name, device, NULL, 0, 0,
1084 FW_OPT_UEVENT | FW_OPT_NO_WARN);
1085 module_put(THIS_MODULE);
1086 return ret;
1087 }
1088 EXPORT_SYMBOL_GPL(firmware_request_nowarn);
1089
1090 /**
1091 * request_firmware_direct() - load firmware directly without usermode helper
1092 * @firmware_p: pointer to firmware image
1093 * @name: name of firmware file
1094 * @device: device for which firmware is being loaded
1095 *
1096 * This function works pretty much like request_firmware(), but this doesn't
1097 * fall back to usermode helper even if the firmware couldn't be loaded
1098 * directly from fs. Hence it's useful for loading optional firmwares, which
1099 * aren't always present, without extra long timeouts of udev.
1100 **/
request_firmware_direct(const struct firmware ** firmware_p,const char * name,struct device * device)1101 int request_firmware_direct(const struct firmware **firmware_p,
1102 const char *name, struct device *device)
1103 {
1104 int ret;
1105
1106 __module_get(THIS_MODULE);
1107 ret = _request_firmware(firmware_p, name, device, NULL, 0, 0,
1108 FW_OPT_UEVENT | FW_OPT_NO_WARN |
1109 FW_OPT_NOFALLBACK_SYSFS);
1110 module_put(THIS_MODULE);
1111 return ret;
1112 }
1113 EXPORT_SYMBOL_GPL(request_firmware_direct);
1114
1115 /**
1116 * firmware_request_platform() - request firmware with platform-fw fallback
1117 * @firmware: pointer to firmware image
1118 * @name: name of firmware file
1119 * @device: device for which firmware is being loaded
1120 *
1121 * This function is similar in behaviour to request_firmware, except that if
1122 * direct filesystem lookup fails, it will fallback to looking for a copy of the
1123 * requested firmware embedded in the platform's main (e.g. UEFI) firmware.
1124 **/
firmware_request_platform(const struct firmware ** firmware,const char * name,struct device * device)1125 int firmware_request_platform(const struct firmware **firmware,
1126 const char *name, struct device *device)
1127 {
1128 int ret;
1129
1130 /* Need to pin this module until return */
1131 __module_get(THIS_MODULE);
1132 ret = _request_firmware(firmware, name, device, NULL, 0, 0,
1133 FW_OPT_UEVENT | FW_OPT_FALLBACK_PLATFORM);
1134 module_put(THIS_MODULE);
1135 return ret;
1136 }
1137 EXPORT_SYMBOL_GPL(firmware_request_platform);
1138
1139 /**
1140 * firmware_request_cache() - cache firmware for suspend so resume can use it
1141 * @name: name of firmware file
1142 * @device: device for which firmware should be cached for
1143 *
1144 * There are some devices with an optimization that enables the device to not
1145 * require loading firmware on system reboot. This optimization may still
1146 * require the firmware present on resume from suspend. This routine can be
1147 * used to ensure the firmware is present on resume from suspend in these
1148 * situations. This helper is not compatible with drivers which use
1149 * request_firmware_into_buf() or request_firmware_nowait() with no uevent set.
1150 **/
firmware_request_cache(struct device * device,const char * name)1151 int firmware_request_cache(struct device *device, const char *name)
1152 {
1153 int ret;
1154
1155 mutex_lock(&fw_lock);
1156 ret = fw_add_devm_name(device, name);
1157 mutex_unlock(&fw_lock);
1158
1159 return ret;
1160 }
1161 EXPORT_SYMBOL_GPL(firmware_request_cache);
1162
1163 /**
1164 * request_firmware_into_buf() - load firmware into a previously allocated buffer
1165 * @firmware_p: pointer to firmware image
1166 * @name: name of firmware file
1167 * @device: device for which firmware is being loaded and DMA region allocated
1168 * @buf: address of buffer to load firmware into
1169 * @size: size of buffer
1170 *
1171 * This function works pretty much like request_firmware(), but it doesn't
1172 * allocate a buffer to hold the firmware data. Instead, the firmware
1173 * is loaded directly into the buffer pointed to by @buf and the @firmware_p
1174 * data member is pointed at @buf.
1175 *
1176 * This function doesn't cache firmware either.
1177 */
1178 int
request_firmware_into_buf(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size)1179 request_firmware_into_buf(const struct firmware **firmware_p, const char *name,
1180 struct device *device, void *buf, size_t size)
1181 {
1182 int ret;
1183
1184 if (fw_cache_is_setup(device, name))
1185 return -EOPNOTSUPP;
1186
1187 __module_get(THIS_MODULE);
1188 ret = _request_firmware(firmware_p, name, device, buf, size, 0,
1189 FW_OPT_UEVENT | FW_OPT_NOCACHE);
1190 module_put(THIS_MODULE);
1191 return ret;
1192 }
1193 EXPORT_SYMBOL(request_firmware_into_buf);
1194
1195 /**
1196 * request_partial_firmware_into_buf() - load partial firmware into a previously allocated buffer
1197 * @firmware_p: pointer to firmware image
1198 * @name: name of firmware file
1199 * @device: device for which firmware is being loaded and DMA region allocated
1200 * @buf: address of buffer to load firmware into
1201 * @size: size of buffer
1202 * @offset: offset into file to read
1203 *
1204 * This function works pretty much like request_firmware_into_buf except
1205 * it allows a partial read of the file.
1206 */
1207 int
request_partial_firmware_into_buf(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size,size_t offset)1208 request_partial_firmware_into_buf(const struct firmware **firmware_p,
1209 const char *name, struct device *device,
1210 void *buf, size_t size, size_t offset)
1211 {
1212 int ret;
1213
1214 if (fw_cache_is_setup(device, name))
1215 return -EOPNOTSUPP;
1216
1217 __module_get(THIS_MODULE);
1218 ret = _request_firmware(firmware_p, name, device, buf, size, offset,
1219 FW_OPT_UEVENT | FW_OPT_NOCACHE |
1220 FW_OPT_PARTIAL);
1221 module_put(THIS_MODULE);
1222 return ret;
1223 }
1224 EXPORT_SYMBOL(request_partial_firmware_into_buf);
1225
1226 /**
1227 * release_firmware() - release the resource associated with a firmware image
1228 * @fw: firmware resource to release
1229 **/
release_firmware(const struct firmware * fw)1230 void release_firmware(const struct firmware *fw)
1231 {
1232 if (fw) {
1233 if (!firmware_is_builtin(fw))
1234 firmware_free_data(fw);
1235 kfree(fw);
1236 }
1237 }
1238 EXPORT_SYMBOL(release_firmware);
1239
1240 /* Async support */
1241 struct firmware_work {
1242 struct work_struct work;
1243 struct module *module;
1244 const char *name;
1245 struct device *device;
1246 void *context;
1247 void (*cont)(const struct firmware *fw, void *context);
1248 u32 opt_flags;
1249 };
1250
request_firmware_work_func(struct work_struct * work)1251 static void request_firmware_work_func(struct work_struct *work)
1252 {
1253 struct firmware_work *fw_work;
1254 const struct firmware *fw;
1255
1256 fw_work = container_of(work, struct firmware_work, work);
1257
1258 _request_firmware(&fw, fw_work->name, fw_work->device, NULL, 0, 0,
1259 fw_work->opt_flags);
1260 fw_work->cont(fw, fw_work->context);
1261 put_device(fw_work->device); /* taken in request_firmware_nowait() */
1262
1263 module_put(fw_work->module);
1264 kfree_const(fw_work->name);
1265 kfree(fw_work);
1266 }
1267
1268
_request_firmware_nowait(struct module * module,bool uevent,const char * name,struct device * device,gfp_t gfp,void * context,void (* cont)(const struct firmware * fw,void * context),bool nowarn)1269 static int _request_firmware_nowait(
1270 struct module *module, bool uevent,
1271 const char *name, struct device *device, gfp_t gfp, void *context,
1272 void (*cont)(const struct firmware *fw, void *context), bool nowarn)
1273 {
1274 struct firmware_work *fw_work;
1275
1276 fw_work = kzalloc(sizeof(struct firmware_work), gfp);
1277 if (!fw_work)
1278 return -ENOMEM;
1279
1280 fw_work->module = module;
1281 fw_work->name = kstrdup_const(name, gfp);
1282 if (!fw_work->name) {
1283 kfree(fw_work);
1284 return -ENOMEM;
1285 }
1286 fw_work->device = device;
1287 fw_work->context = context;
1288 fw_work->cont = cont;
1289 fw_work->opt_flags = FW_OPT_NOWAIT |
1290 (uevent ? FW_OPT_UEVENT : FW_OPT_USERHELPER) |
1291 (nowarn ? FW_OPT_NO_WARN : 0);
1292
1293 if (!uevent && fw_cache_is_setup(device, name)) {
1294 kfree_const(fw_work->name);
1295 kfree(fw_work);
1296 return -EOPNOTSUPP;
1297 }
1298
1299 if (!try_module_get(module)) {
1300 kfree_const(fw_work->name);
1301 kfree(fw_work);
1302 return -EFAULT;
1303 }
1304
1305 get_device(fw_work->device);
1306 INIT_WORK(&fw_work->work, request_firmware_work_func);
1307 schedule_work(&fw_work->work);
1308 return 0;
1309 }
1310
1311 /**
1312 * request_firmware_nowait() - asynchronous version of request_firmware
1313 * @module: module requesting the firmware
1314 * @uevent: sends uevent to copy the firmware image if this flag
1315 * is non-zero else the firmware copy must be done manually.
1316 * @name: name of firmware file
1317 * @device: device for which firmware is being loaded
1318 * @gfp: allocation flags
1319 * @context: will be passed over to @cont, and
1320 * @fw may be %NULL if firmware request fails.
1321 * @cont: function will be called asynchronously when the firmware
1322 * request is over.
1323 *
1324 * Caller must hold the reference count of @device.
1325 *
1326 * Asynchronous variant of request_firmware() for user contexts:
1327 * - sleep for as small periods as possible since it may
1328 * increase kernel boot time of built-in device drivers
1329 * requesting firmware in their ->probe() methods, if
1330 * @gfp is GFP_KERNEL.
1331 *
1332 * - can't sleep at all if @gfp is GFP_ATOMIC.
1333 **/
request_firmware_nowait(struct module * module,bool uevent,const char * name,struct device * device,gfp_t gfp,void * context,void (* cont)(const struct firmware * fw,void * context))1334 int request_firmware_nowait(
1335 struct module *module, bool uevent,
1336 const char *name, struct device *device, gfp_t gfp, void *context,
1337 void (*cont)(const struct firmware *fw, void *context))
1338 {
1339 return _request_firmware_nowait(module, uevent, name, device, gfp,
1340 context, cont, false);
1341
1342 }
1343 EXPORT_SYMBOL(request_firmware_nowait);
1344
1345 /**
1346 * firmware_request_nowait_nowarn() - async version of request_firmware_nowarn
1347 * @module: module requesting the firmware
1348 * @name: name of firmware file
1349 * @device: device for which firmware is being loaded
1350 * @gfp: allocation flags
1351 * @context: will be passed over to @cont, and
1352 * @fw may be %NULL if firmware request fails.
1353 * @cont: function will be called asynchronously when the firmware
1354 * request is over.
1355 *
1356 * Similar in function to request_firmware_nowait(), but doesn't print a warning
1357 * when the firmware file could not be found and always sends a uevent to copy
1358 * the firmware image.
1359 */
firmware_request_nowait_nowarn(struct module * module,const char * name,struct device * device,gfp_t gfp,void * context,void (* cont)(const struct firmware * fw,void * context))1360 int firmware_request_nowait_nowarn(
1361 struct module *module, const char *name,
1362 struct device *device, gfp_t gfp, void *context,
1363 void (*cont)(const struct firmware *fw, void *context))
1364 {
1365 return _request_firmware_nowait(module, FW_ACTION_UEVENT, name, device,
1366 gfp, context, cont, true);
1367 }
1368 EXPORT_SYMBOL_GPL(firmware_request_nowait_nowarn);
1369
1370 #ifdef CONFIG_FW_CACHE
1371 static ASYNC_DOMAIN_EXCLUSIVE(fw_cache_domain);
1372
1373 /**
1374 * cache_firmware() - cache one firmware image in kernel memory space
1375 * @fw_name: the firmware image name
1376 *
1377 * Cache firmware in kernel memory so that drivers can use it when
1378 * system isn't ready for them to request firmware image from userspace.
1379 * Once it returns successfully, driver can use request_firmware or its
1380 * nowait version to get the cached firmware without any interacting
1381 * with userspace
1382 *
1383 * Return 0 if the firmware image has been cached successfully
1384 * Return !0 otherwise
1385 *
1386 */
cache_firmware(const char * fw_name)1387 static int cache_firmware(const char *fw_name)
1388 {
1389 int ret;
1390 const struct firmware *fw;
1391
1392 pr_debug("%s: %s\n", __func__, fw_name);
1393
1394 ret = request_firmware(&fw, fw_name, NULL);
1395 if (!ret)
1396 kfree(fw);
1397
1398 pr_debug("%s: %s ret=%d\n", __func__, fw_name, ret);
1399
1400 return ret;
1401 }
1402
lookup_fw_priv(const char * fw_name)1403 static struct fw_priv *lookup_fw_priv(const char *fw_name)
1404 {
1405 struct fw_priv *tmp;
1406 struct firmware_cache *fwc = &fw_cache;
1407
1408 spin_lock(&fwc->lock);
1409 tmp = __lookup_fw_priv(fw_name);
1410 spin_unlock(&fwc->lock);
1411
1412 return tmp;
1413 }
1414
1415 /**
1416 * uncache_firmware() - remove one cached firmware image
1417 * @fw_name: the firmware image name
1418 *
1419 * Uncache one firmware image which has been cached successfully
1420 * before.
1421 *
1422 * Return 0 if the firmware cache has been removed successfully
1423 * Return !0 otherwise
1424 *
1425 */
uncache_firmware(const char * fw_name)1426 static int uncache_firmware(const char *fw_name)
1427 {
1428 struct fw_priv *fw_priv;
1429 struct firmware fw;
1430
1431 pr_debug("%s: %s\n", __func__, fw_name);
1432
1433 if (firmware_request_builtin(&fw, fw_name))
1434 return 0;
1435
1436 fw_priv = lookup_fw_priv(fw_name);
1437 if (fw_priv) {
1438 free_fw_priv(fw_priv);
1439 return 0;
1440 }
1441
1442 return -EINVAL;
1443 }
1444
alloc_fw_cache_entry(const char * name)1445 static struct fw_cache_entry *alloc_fw_cache_entry(const char *name)
1446 {
1447 struct fw_cache_entry *fce;
1448
1449 fce = kzalloc(sizeof(*fce), GFP_ATOMIC);
1450 if (!fce)
1451 goto exit;
1452
1453 fce->name = kstrdup_const(name, GFP_ATOMIC);
1454 if (!fce->name) {
1455 kfree(fce);
1456 fce = NULL;
1457 goto exit;
1458 }
1459 exit:
1460 return fce;
1461 }
1462
__fw_entry_found(const char * name)1463 static int __fw_entry_found(const char *name)
1464 {
1465 struct firmware_cache *fwc = &fw_cache;
1466 struct fw_cache_entry *fce;
1467
1468 list_for_each_entry(fce, &fwc->fw_names, list) {
1469 if (!strcmp(fce->name, name))
1470 return 1;
1471 }
1472 return 0;
1473 }
1474
fw_cache_piggyback_on_request(struct fw_priv * fw_priv)1475 static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv)
1476 {
1477 const char *name = fw_priv->fw_name;
1478 struct firmware_cache *fwc = fw_priv->fwc;
1479 struct fw_cache_entry *fce;
1480
1481 spin_lock(&fwc->name_lock);
1482 if (__fw_entry_found(name))
1483 goto found;
1484
1485 fce = alloc_fw_cache_entry(name);
1486 if (fce) {
1487 list_add(&fce->list, &fwc->fw_names);
1488 kref_get(&fw_priv->ref);
1489 pr_debug("%s: fw: %s\n", __func__, name);
1490 }
1491 found:
1492 spin_unlock(&fwc->name_lock);
1493 }
1494
free_fw_cache_entry(struct fw_cache_entry * fce)1495 static void free_fw_cache_entry(struct fw_cache_entry *fce)
1496 {
1497 kfree_const(fce->name);
1498 kfree(fce);
1499 }
1500
__async_dev_cache_fw_image(void * fw_entry,async_cookie_t cookie)1501 static void __async_dev_cache_fw_image(void *fw_entry,
1502 async_cookie_t cookie)
1503 {
1504 struct fw_cache_entry *fce = fw_entry;
1505 struct firmware_cache *fwc = &fw_cache;
1506 int ret;
1507
1508 ret = cache_firmware(fce->name);
1509 if (ret) {
1510 spin_lock(&fwc->name_lock);
1511 list_del(&fce->list);
1512 spin_unlock(&fwc->name_lock);
1513
1514 free_fw_cache_entry(fce);
1515 }
1516 }
1517
1518 /* called with dev->devres_lock held */
dev_create_fw_entry(struct device * dev,void * res,void * data)1519 static void dev_create_fw_entry(struct device *dev, void *res,
1520 void *data)
1521 {
1522 struct fw_name_devm *fwn = res;
1523 const char *fw_name = fwn->name;
1524 struct list_head *head = data;
1525 struct fw_cache_entry *fce;
1526
1527 fce = alloc_fw_cache_entry(fw_name);
1528 if (fce)
1529 list_add(&fce->list, head);
1530 }
1531
devm_name_match(struct device * dev,void * res,void * match_data)1532 static int devm_name_match(struct device *dev, void *res,
1533 void *match_data)
1534 {
1535 struct fw_name_devm *fwn = res;
1536 return (fwn->magic == (unsigned long)match_data);
1537 }
1538
dev_cache_fw_image(struct device * dev,void * data)1539 static void dev_cache_fw_image(struct device *dev, void *data)
1540 {
1541 LIST_HEAD(todo);
1542 struct fw_cache_entry *fce;
1543 struct fw_cache_entry *fce_next;
1544 struct firmware_cache *fwc = &fw_cache;
1545
1546 devres_for_each_res(dev, fw_name_devm_release,
1547 devm_name_match, &fw_cache,
1548 dev_create_fw_entry, &todo);
1549
1550 list_for_each_entry_safe(fce, fce_next, &todo, list) {
1551 list_del(&fce->list);
1552
1553 spin_lock(&fwc->name_lock);
1554 /* only one cache entry for one firmware */
1555 if (!__fw_entry_found(fce->name)) {
1556 list_add(&fce->list, &fwc->fw_names);
1557 } else {
1558 free_fw_cache_entry(fce);
1559 fce = NULL;
1560 }
1561 spin_unlock(&fwc->name_lock);
1562
1563 if (fce)
1564 async_schedule_domain(__async_dev_cache_fw_image,
1565 (void *)fce,
1566 &fw_cache_domain);
1567 }
1568 }
1569
__device_uncache_fw_images(void)1570 static void __device_uncache_fw_images(void)
1571 {
1572 struct firmware_cache *fwc = &fw_cache;
1573 struct fw_cache_entry *fce;
1574
1575 spin_lock(&fwc->name_lock);
1576 while (!list_empty(&fwc->fw_names)) {
1577 fce = list_entry(fwc->fw_names.next,
1578 struct fw_cache_entry, list);
1579 list_del(&fce->list);
1580 spin_unlock(&fwc->name_lock);
1581
1582 uncache_firmware(fce->name);
1583 free_fw_cache_entry(fce);
1584
1585 spin_lock(&fwc->name_lock);
1586 }
1587 spin_unlock(&fwc->name_lock);
1588 }
1589
1590 /**
1591 * device_cache_fw_images() - cache devices' firmware
1592 *
1593 * If one device called request_firmware or its nowait version
1594 * successfully before, the firmware names are recored into the
1595 * device's devres link list, so device_cache_fw_images can call
1596 * cache_firmware() to cache these firmwares for the device,
1597 * then the device driver can load its firmwares easily at
1598 * time when system is not ready to complete loading firmware.
1599 */
device_cache_fw_images(void)1600 static void device_cache_fw_images(void)
1601 {
1602 struct firmware_cache *fwc = &fw_cache;
1603 DEFINE_WAIT(wait);
1604
1605 pr_debug("%s\n", __func__);
1606
1607 /* cancel uncache work */
1608 cancel_delayed_work_sync(&fwc->work);
1609
1610 fw_fallback_set_cache_timeout();
1611
1612 mutex_lock(&fw_lock);
1613 fwc->state = FW_LOADER_START_CACHE;
1614 dpm_for_each_dev(NULL, dev_cache_fw_image);
1615 mutex_unlock(&fw_lock);
1616
1617 /* wait for completion of caching firmware for all devices */
1618 async_synchronize_full_domain(&fw_cache_domain);
1619
1620 fw_fallback_set_default_timeout();
1621 }
1622
1623 /**
1624 * device_uncache_fw_images() - uncache devices' firmware
1625 *
1626 * uncache all firmwares which have been cached successfully
1627 * by device_uncache_fw_images earlier
1628 */
device_uncache_fw_images(void)1629 static void device_uncache_fw_images(void)
1630 {
1631 pr_debug("%s\n", __func__);
1632 __device_uncache_fw_images();
1633 }
1634
device_uncache_fw_images_work(struct work_struct * work)1635 static void device_uncache_fw_images_work(struct work_struct *work)
1636 {
1637 device_uncache_fw_images();
1638 }
1639
1640 /**
1641 * device_uncache_fw_images_delay() - uncache devices firmwares
1642 * @delay: number of milliseconds to delay uncache device firmwares
1643 *
1644 * uncache all devices's firmwares which has been cached successfully
1645 * by device_cache_fw_images after @delay milliseconds.
1646 */
device_uncache_fw_images_delay(unsigned long delay)1647 static void device_uncache_fw_images_delay(unsigned long delay)
1648 {
1649 queue_delayed_work(system_power_efficient_wq, &fw_cache.work,
1650 msecs_to_jiffies(delay));
1651 }
1652
fw_pm_notify(struct notifier_block * notify_block,unsigned long mode,void * unused)1653 static int fw_pm_notify(struct notifier_block *notify_block,
1654 unsigned long mode, void *unused)
1655 {
1656 switch (mode) {
1657 case PM_HIBERNATION_PREPARE:
1658 case PM_SUSPEND_PREPARE:
1659 case PM_RESTORE_PREPARE:
1660 /*
1661 * Here, kill pending fallback requests will only kill
1662 * non-uevent firmware request to avoid stalling suspend.
1663 */
1664 kill_pending_fw_fallback_reqs(false);
1665 device_cache_fw_images();
1666 break;
1667
1668 case PM_POST_SUSPEND:
1669 case PM_POST_HIBERNATION:
1670 case PM_POST_RESTORE:
1671 /*
1672 * In case that system sleep failed and syscore_suspend is
1673 * not called.
1674 */
1675 mutex_lock(&fw_lock);
1676 fw_cache.state = FW_LOADER_NO_CACHE;
1677 mutex_unlock(&fw_lock);
1678
1679 device_uncache_fw_images_delay(10 * MSEC_PER_SEC);
1680 break;
1681 }
1682
1683 return 0;
1684 }
1685
1686 /* stop caching firmware once syscore_suspend is reached */
fw_suspend(void)1687 static int fw_suspend(void)
1688 {
1689 fw_cache.state = FW_LOADER_NO_CACHE;
1690 return 0;
1691 }
1692
1693 static struct syscore_ops fw_syscore_ops = {
1694 .suspend = fw_suspend,
1695 };
1696
register_fw_pm_ops(void)1697 static int __init register_fw_pm_ops(void)
1698 {
1699 int ret;
1700
1701 spin_lock_init(&fw_cache.name_lock);
1702 INIT_LIST_HEAD(&fw_cache.fw_names);
1703
1704 INIT_DELAYED_WORK(&fw_cache.work,
1705 device_uncache_fw_images_work);
1706
1707 fw_cache.pm_notify.notifier_call = fw_pm_notify;
1708 ret = register_pm_notifier(&fw_cache.pm_notify);
1709 if (ret)
1710 return ret;
1711
1712 register_syscore_ops(&fw_syscore_ops);
1713
1714 return ret;
1715 }
1716
unregister_fw_pm_ops(void)1717 static inline void unregister_fw_pm_ops(void)
1718 {
1719 unregister_syscore_ops(&fw_syscore_ops);
1720 unregister_pm_notifier(&fw_cache.pm_notify);
1721 }
1722 #else
fw_cache_piggyback_on_request(struct fw_priv * fw_priv)1723 static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv)
1724 {
1725 }
register_fw_pm_ops(void)1726 static inline int register_fw_pm_ops(void)
1727 {
1728 return 0;
1729 }
unregister_fw_pm_ops(void)1730 static inline void unregister_fw_pm_ops(void)
1731 {
1732 }
1733 #endif
1734
fw_cache_init(void)1735 static void __init fw_cache_init(void)
1736 {
1737 spin_lock_init(&fw_cache.lock);
1738 INIT_LIST_HEAD(&fw_cache.head);
1739 fw_cache.state = FW_LOADER_NO_CACHE;
1740 }
1741
fw_shutdown_notify(struct notifier_block * unused1,unsigned long unused2,void * unused3)1742 static int fw_shutdown_notify(struct notifier_block *unused1,
1743 unsigned long unused2, void *unused3)
1744 {
1745 /*
1746 * Kill all pending fallback requests to avoid both stalling shutdown,
1747 * and avoid a deadlock with the usermode_lock.
1748 */
1749 kill_pending_fw_fallback_reqs(true);
1750
1751 return NOTIFY_DONE;
1752 }
1753
1754 static struct notifier_block fw_shutdown_nb = {
1755 .notifier_call = fw_shutdown_notify,
1756 };
1757
firmware_class_init(void)1758 static int __init firmware_class_init(void)
1759 {
1760 int ret;
1761
1762 /* No need to unfold these on exit */
1763 fw_cache_init();
1764
1765 ret = register_fw_pm_ops();
1766 if (ret)
1767 return ret;
1768
1769 ret = register_reboot_notifier(&fw_shutdown_nb);
1770 if (ret)
1771 goto out;
1772
1773 return register_sysfs_loader();
1774
1775 out:
1776 unregister_fw_pm_ops();
1777 return ret;
1778 }
1779
firmware_class_exit(void)1780 static void __exit firmware_class_exit(void)
1781 {
1782 unregister_fw_pm_ops();
1783 unregister_reboot_notifier(&fw_shutdown_nb);
1784 unregister_sysfs_loader();
1785 }
1786
1787 fs_initcall(firmware_class_init);
1788 module_exit(firmware_class_exit);
1789