projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mei: fix device reset on mei_cl_irq_read_msg allocation failure
[deliverable/linux.git] / drivers / misc / mei / interrupt.c
1 /*
2 *
3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2012, Intel Corporation.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * more details.
14 *
15 */
16
17
18 #include <linux/export.h>
19 #include <linux/kthread.h>
20 #include <linux/interrupt.h>
21 #include <linux/fs.h>
22 #include <linux/jiffies.h>
23 #include <linux/slab.h>
24
25 #include <linux/mei.h>
26
27 #include "mei_dev.h"
28 #include "hbm.h"
29 #include "client.h"
30
31
32 /**
33 * mei_irq_compl_handler - dispatch complete handlers
34 * for the completed callbacks
35 *
36 * @dev: mei device
37 * @compl_list: list of completed cbs
38 */
39 void mei_irq_compl_handler(struct mei_device *dev, struct mei_cl_cb *compl_list)
40 {
41 struct mei_cl_cb *cb, *next;
42 struct mei_cl *cl;
43
44 list_for_each_entry_safe(cb, next, &compl_list->list, list) {
45 cl = cb->cl;
46 list_del(&cb->list);
47
48 dev_dbg(dev->dev, "completing call back.\n");
49 if (cl == &dev->iamthif_cl)
50 mei_amthif_complete(dev, cb);
51 else
52 mei_cl_complete(cl, cb);
53 }
54 }
55 EXPORT_SYMBOL_GPL(mei_irq_compl_handler);
56
57 /**
58 * mei_cl_hbm_equal - check if hbm is addressed to the client
59 *
60 * @cl: host client
61 * @mei_hdr: header of mei client message
62 *
63 * Return: true if matches, false otherwise
64 */
65 static inline int mei_cl_hbm_equal(struct mei_cl *cl,
66 struct mei_msg_hdr *mei_hdr)
67 {
68 return cl->host_client_id == mei_hdr->host_addr &&
69 cl->me_client_id == mei_hdr->me_addr;
70 }
71 /**
72 * mei_cl_is_reading - checks if the client is in reading state
73 *
74 * @cl: mei client
75 *
76 * Return: true if the client is reading
77 */
78 static bool mei_cl_is_reading(struct mei_cl *cl)
79 {
80 return cl->state == MEI_FILE_CONNECTED &&
81 cl->reading_state != MEI_READ_COMPLETE;
82 }
83
84 /**
85 * mei_cl_irq_read_msg - process client message
86 *
87 * @cl: reading client
88 * @mei_hdr: header of mei client message
89 * @complete_list: completion list
90 *
91 * Return: always 0
92 */
93 static int mei_cl_irq_read_msg(struct mei_cl *cl,
94 struct mei_msg_hdr *mei_hdr,
95 struct mei_cl_cb *complete_list)
96 {
97 struct mei_device *dev = cl->dev;
98 struct mei_cl_cb *cb;
99 unsigned char *buffer = NULL;
100
101 list_for_each_entry(cb, &dev->read_list.list, list) {
102 if (cl == cb->cl)
103 break;
104 }
105
106 if (&cb->list == &dev->read_list.list) {
107 dev_err(dev->dev, "no reader found\n");
108 goto out;
109 }
110
111 if (!mei_cl_is_reading(cl)) {
112 cl_err(dev, cl, "cl is not reading state=%d reading state=%d\n",
113 cl->state, cl->reading_state);
114 goto out;
115 }
116
117 cl->reading_state = MEI_READING;
118
119 if (cb->response_buffer.size == 0 ||
120 cb->response_buffer.data == NULL) {
121 cl_err(dev, cl, "response buffer is not allocated.\n");
122 list_move_tail(&cb->list, &complete_list->list);
123 cb->status = -ENOMEM;
124 goto out;
125 }
126
127 if (cb->response_buffer.size < mei_hdr->length + cb->buf_idx) {
128 cl_dbg(dev, cl, "message overflow. size %d len %d idx %ld\n",
129 cb->response_buffer.size, mei_hdr->length, cb->buf_idx);
130 buffer = krealloc(cb->response_buffer.data,
131 mei_hdr->length + cb->buf_idx,
132 GFP_KERNEL);
133
134 if (!buffer) {
135 cb->status = -ENOMEM;
136 list_move_tail(&cb->list, &complete_list->list);
137 goto out;
138 }
139 cb->response_buffer.data = buffer;
140 cb->response_buffer.size = mei_hdr->length + cb->buf_idx;
141 }
142
143 buffer = cb->response_buffer.data + cb->buf_idx;
144 mei_read_slots(dev, buffer, mei_hdr->length);
145
146 cb->buf_idx += mei_hdr->length;
147 if (mei_hdr->msg_complete) {
148 cl_dbg(dev, cl, "completed read length = %lu\n",
149 cb->buf_idx);
150 list_move_tail(&cb->list, &complete_list->list);
151 }
152
153 out:
154 if (!buffer) {
155 /* assume that mei_hdr->length <= MEI_RD_MSG_BUF_SIZE */
156 BUG_ON(mei_hdr->length > MEI_RD_MSG_BUF_SIZE);
157 mei_read_slots(dev, dev->rd_msg_buf, mei_hdr->length);
158 dev_dbg(dev->dev, "discarding message " MEI_HDR_FMT "\n",
159 MEI_HDR_PRM(mei_hdr));
160 }
161
162 return 0;
163 }
164
165 /**
166 * mei_cl_irq_disconnect_rsp - send disconnection response message
167 *
168 * @cl: client
169 * @cb: callback block.
170 * @cmpl_list: complete list.
171 *
172 * Return: 0, OK; otherwise, error.
173 */
174 static int mei_cl_irq_disconnect_rsp(struct mei_cl *cl, struct mei_cl_cb *cb,
175 struct mei_cl_cb *cmpl_list)
176 {
177 struct mei_device *dev = cl->dev;
178 u32 msg_slots;
179 int slots;
180 int ret;
181
182 slots = mei_hbuf_empty_slots(dev);
183 msg_slots = mei_data2slots(sizeof(struct hbm_client_connect_response));
184
185 if (slots < msg_slots)
186 return -EMSGSIZE;
187
188 ret = mei_hbm_cl_disconnect_rsp(dev, cl);
189
190 cl->state = MEI_FILE_DISCONNECTED;
191 cl->status = 0;
192 list_del(&cb->list);
193 mei_io_cb_free(cb);
194
195 return ret;
196 }
197
198
199
200 /**
201 * mei_cl_irq_disconnect - processes close related operation from
202 * interrupt thread context - send disconnect request
203 *
204 * @cl: client
205 * @cb: callback block.
206 * @cmpl_list: complete list.
207 *
208 * Return: 0, OK; otherwise, error.
209 */
210 static int mei_cl_irq_disconnect(struct mei_cl *cl, struct mei_cl_cb *cb,
211 struct mei_cl_cb *cmpl_list)
212 {
213 struct mei_device *dev = cl->dev;
214 u32 msg_slots;
215 int slots;
216
217 msg_slots = mei_data2slots(sizeof(struct hbm_client_connect_request));
218 slots = mei_hbuf_empty_slots(dev);
219
220 if (slots < msg_slots)
221 return -EMSGSIZE;
222
223 if (mei_hbm_cl_disconnect_req(dev, cl)) {
224 cl->status = 0;
225 cb->buf_idx = 0;
226 list_move_tail(&cb->list, &cmpl_list->list);
227 return -EIO;
228 }
229
230 cl->state = MEI_FILE_DISCONNECTING;
231 cl->status = 0;
232 cb->buf_idx = 0;
233 list_move_tail(&cb->list, &dev->ctrl_rd_list.list);
234 cl->timer_count = MEI_CONNECT_TIMEOUT;
235
236 return 0;
237 }
238
239
240 /**
241 * mei_cl_irq_read - processes client read related operation from the
242 * interrupt thread context - request for flow control credits
243 *
244 * @cl: client
245 * @cb: callback block.
246 * @cmpl_list: complete list.
247 *
248 * Return: 0, OK; otherwise, error.
249 */
250 static int mei_cl_irq_read(struct mei_cl *cl, struct mei_cl_cb *cb,
251 struct mei_cl_cb *cmpl_list)
252 {
253 struct mei_device *dev = cl->dev;
254 u32 msg_slots;
255 int slots;
256 int ret;
257
258 msg_slots = mei_data2slots(sizeof(struct hbm_flow_control));
259 slots = mei_hbuf_empty_slots(dev);
260
261 if (slots < msg_slots)
262 return -EMSGSIZE;
263
264 ret = mei_hbm_cl_flow_control_req(dev, cl);
265 if (ret) {
266 cl->status = ret;
267 cb->buf_idx = 0;
268 list_move_tail(&cb->list, &cmpl_list->list);
269 return ret;
270 }
271
272 list_move_tail(&cb->list, &dev->read_list.list);
273
274 return 0;
275 }
276
277
278 /**
279 * mei_cl_irq_connect - send connect request in irq_thread context
280 *
281 * @cl: client
282 * @cb: callback block.
283 * @cmpl_list: complete list.
284 *
285 * Return: 0, OK; otherwise, error.
286 */
287 static int mei_cl_irq_connect(struct mei_cl *cl, struct mei_cl_cb *cb,
288 struct mei_cl_cb *cmpl_list)
289 {
290 struct mei_device *dev = cl->dev;
291 u32 msg_slots;
292 int slots;
293 int ret;
294
295 msg_slots = mei_data2slots(sizeof(struct hbm_client_connect_request));
296 slots = mei_hbuf_empty_slots(dev);
297
298 if (mei_cl_is_other_connecting(cl))
299 return 0;
300
301 if (slots < msg_slots)
302 return -EMSGSIZE;
303
304 cl->state = MEI_FILE_CONNECTING;
305
306 ret = mei_hbm_cl_connect_req(dev, cl);
307 if (ret) {
308 cl->status = ret;
309 cb->buf_idx = 0;
310 list_del(&cb->list);
311 return ret;
312 }
313
314 list_move_tail(&cb->list, &dev->ctrl_rd_list.list);
315 cl->timer_count = MEI_CONNECT_TIMEOUT;
316 return 0;
317 }
318
319
320 /**
321 * mei_irq_read_handler - bottom half read routine after ISR to
322 * handle the read processing.
323 *
324 * @dev: the device structure
325 * @cmpl_list: An instance of our list structure
326 * @slots: slots to read.
327 *
328 * Return: 0 on success, <0 on failure.
329 */
330 int mei_irq_read_handler(struct mei_device *dev,
331 struct mei_cl_cb *cmpl_list, s32 *slots)
332 {
333 struct mei_msg_hdr *mei_hdr;
334 struct mei_cl *cl;
335 int ret;
336
337 if (!dev->rd_msg_hdr) {
338 dev->rd_msg_hdr = mei_read_hdr(dev);
339 (*slots)--;
340 dev_dbg(dev->dev, "slots =%08x.\n", *slots);
341 }
342 mei_hdr = (struct mei_msg_hdr *) &dev->rd_msg_hdr;
343 dev_dbg(dev->dev, MEI_HDR_FMT, MEI_HDR_PRM(mei_hdr));
344
345 if (mei_hdr->reserved || !dev->rd_msg_hdr) {
346 dev_err(dev->dev, "corrupted message header 0x%08X\n",
347 dev->rd_msg_hdr);
348 ret = -EBADMSG;
349 goto end;
350 }
351
352 if (mei_slots2data(*slots) < mei_hdr->length) {
353 dev_err(dev->dev, "less data available than length=%08x.\n",
354 *slots);
355 /* we can't read the message */
356 ret = -ENODATA;
357 goto end;
358 }
359
360 /* HBM message */
361 if (mei_hdr->host_addr == 0 && mei_hdr->me_addr == 0) {
362 ret = mei_hbm_dispatch(dev, mei_hdr);
363 if (ret) {
364 dev_dbg(dev->dev, "mei_hbm_dispatch failed ret = %d\n",
365 ret);
366 goto end;
367 }
368 goto reset_slots;
369 }
370
371 /* find recipient cl */
372 list_for_each_entry(cl, &dev->file_list, link) {
373 if (mei_cl_hbm_equal(cl, mei_hdr)) {
374 cl_dbg(dev, cl, "got a message\n");
375 break;
376 }
377 }
378
379 /* if no recipient cl was found we assume corrupted header */
380 if (&cl->link == &dev->file_list) {
381 dev_err(dev->dev, "no destination client found 0x%08X\n",
382 dev->rd_msg_hdr);
383 ret = -EBADMSG;
384 goto end;
385 }
386
387 if (mei_hdr->host_addr == dev->iamthif_cl.host_client_id &&
388 MEI_FILE_CONNECTED == dev->iamthif_cl.state &&
389 dev->iamthif_state == MEI_IAMTHIF_READING) {
390
391 ret = mei_amthif_irq_read_msg(dev, mei_hdr, cmpl_list);
392 if (ret) {
393 dev_err(dev->dev, "mei_amthif_irq_read_msg failed = %d\n",
394 ret);
395 goto end;
396 }
397 } else {
398 ret = mei_cl_irq_read_msg(cl, mei_hdr, cmpl_list);
399 }
400
401
402 reset_slots:
403 /* reset the number of slots and header */
404 *slots = mei_count_full_read_slots(dev);
405 dev->rd_msg_hdr = 0;
406
407 if (*slots == -EOVERFLOW) {
408 /* overflow - reset */
409 dev_err(dev->dev, "resetting due to slots overflow.\n");
410 /* set the event since message has been read */
411 ret = -ERANGE;
412 goto end;
413 }
414 end:
415 return ret;
416 }
417 EXPORT_SYMBOL_GPL(mei_irq_read_handler);
418
419
420 /**
421 * mei_irq_write_handler - dispatch write requests
422 * after irq received
423 *
424 * @dev: the device structure
425 * @cmpl_list: An instance of our list structure
426 *
427 * Return: 0 on success, <0 on failure.
428 */
429 int mei_irq_write_handler(struct mei_device *dev, struct mei_cl_cb *cmpl_list)
430 {
431
432 struct mei_cl *cl;
433 struct mei_cl_cb *cb, *next;
434 struct mei_cl_cb *list;
435 s32 slots;
436 int ret;
437
438
439 if (!mei_hbuf_acquire(dev))
440 return 0;
441
442 slots = mei_hbuf_empty_slots(dev);
443 if (slots <= 0)
444 return -EMSGSIZE;
445
446 /* complete all waiting for write CB */
447 dev_dbg(dev->dev, "complete all waiting for write cb.\n");
448
449 list = &dev->write_waiting_list;
450 list_for_each_entry_safe(cb, next, &list->list, list) {
451 cl = cb->cl;
452
453 cl->status = 0;
454 list_del(&cb->list);
455 if (cb->fop_type == MEI_FOP_WRITE &&
456 cl != &dev->iamthif_cl) {
457 cl_dbg(dev, cl, "MEI WRITE COMPLETE\n");
458 cl->writing_state = MEI_WRITE_COMPLETE;
459 list_add_tail(&cb->list, &cmpl_list->list);
460 }
461 if (cl == &dev->iamthif_cl) {
462 cl_dbg(dev, cl, "check iamthif flow control.\n");
463 if (dev->iamthif_flow_control_pending) {
464 ret = mei_amthif_irq_read(dev, &slots);
465 if (ret)
466 return ret;
467 }
468 }
469 }
470
471 if (dev->wd_state == MEI_WD_STOPPING) {
472 dev->wd_state = MEI_WD_IDLE;
473 wake_up(&dev->wait_stop_wd);
474 }
475
476 if (mei_cl_is_connected(&dev->wd_cl)) {
477 if (dev->wd_pending &&
478 mei_cl_flow_ctrl_creds(&dev->wd_cl) > 0) {
479 ret = mei_wd_send(dev);
480 if (ret)
481 return ret;
482 dev->wd_pending = false;
483 }
484 }
485
486 /* complete control write list CB */
487 dev_dbg(dev->dev, "complete control write list cb.\n");
488 list_for_each_entry_safe(cb, next, &dev->ctrl_wr_list.list, list) {
489 cl = cb->cl;
490 switch (cb->fop_type) {
491 case MEI_FOP_DISCONNECT:
492 /* send disconnect message */
493 ret = mei_cl_irq_disconnect(cl, cb, cmpl_list);
494 if (ret)
495 return ret;
496
497 break;
498 case MEI_FOP_READ:
499 /* send flow control message */
500 ret = mei_cl_irq_read(cl, cb, cmpl_list);
501 if (ret)
502 return ret;
503
504 break;
505 case MEI_FOP_CONNECT:
506 /* connect message */
507 ret = mei_cl_irq_connect(cl, cb, cmpl_list);
508 if (ret)
509 return ret;
510
511 break;
512 case MEI_FOP_DISCONNECT_RSP:
513 /* send disconnect resp */
514 ret = mei_cl_irq_disconnect_rsp(cl, cb, cmpl_list);
515 if (ret)
516 return ret;
517 break;
518 default:
519 BUG();
520 }
521
522 }
523 /* complete write list CB */
524 dev_dbg(dev->dev, "complete write list cb.\n");
525 list_for_each_entry_safe(cb, next, &dev->write_list.list, list) {
526 cl = cb->cl;
527 if (cl == &dev->iamthif_cl)
528 ret = mei_amthif_irq_write(cl, cb, cmpl_list);
529 else
530 ret = mei_cl_irq_write(cl, cb, cmpl_list);
531 if (ret)
532 return ret;
533 }
534 return 0;
535 }
536 EXPORT_SYMBOL_GPL(mei_irq_write_handler);
537
538
539
540 /**
541 * mei_timer - timer function.
542 *
543 * @work: pointer to the work_struct structure
544 *
545 */
546 void mei_timer(struct work_struct *work)
547 {
548 unsigned long timeout;
549 struct mei_cl *cl;
550
551 struct mei_device *dev = container_of(work,
552 struct mei_device, timer_work.work);
553
554
555 mutex_lock(&dev->device_lock);
556
557 /* Catch interrupt stalls during HBM init handshake */
558 if (dev->dev_state == MEI_DEV_INIT_CLIENTS &&
559 dev->hbm_state != MEI_HBM_IDLE) {
560
561 if (dev->init_clients_timer) {
562 if (--dev->init_clients_timer == 0) {
563 dev_err(dev->dev, "timer: init clients timeout hbm_state = %d.\n",
564 dev->hbm_state);
565 mei_reset(dev);
566 goto out;
567 }
568 }
569 }
570
571 if (dev->dev_state != MEI_DEV_ENABLED)
572 goto out;
573
574 /*** connect/disconnect timeouts ***/
575 list_for_each_entry(cl, &dev->file_list, link) {
576 if (cl->timer_count) {
577 if (--cl->timer_count == 0) {
578 dev_err(dev->dev, "timer: connect/disconnect timeout.\n");
579 mei_reset(dev);
580 goto out;
581 }
582 }
583 }
584
585 if (!mei_cl_is_connected(&dev->iamthif_cl))
586 goto out;
587
588 if (dev->iamthif_stall_timer) {
589 if (--dev->iamthif_stall_timer == 0) {
590 dev_err(dev->dev, "timer: amthif hanged.\n");
591 mei_reset(dev);
592 dev->iamthif_msg_buf_size = 0;
593 dev->iamthif_msg_buf_index = 0;
594 dev->iamthif_canceled = false;
595 dev->iamthif_ioctl = true;
596 dev->iamthif_state = MEI_IAMTHIF_IDLE;
597 dev->iamthif_timer = 0;
598
599 mei_io_cb_free(dev->iamthif_current_cb);
600 dev->iamthif_current_cb = NULL;
601
602 dev->iamthif_file_object = NULL;
603 mei_amthif_run_next_cmd(dev);
604 }
605 }
606
607 if (dev->iamthif_timer) {
608
609 timeout = dev->iamthif_timer +
610 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER);
611
612 dev_dbg(dev->dev, "dev->iamthif_timer = %ld\n",
613 dev->iamthif_timer);
614 dev_dbg(dev->dev, "timeout = %ld\n", timeout);
615 dev_dbg(dev->dev, "jiffies = %ld\n", jiffies);
616 if (time_after(jiffies, timeout)) {
617 /*
618 * User didn't read the AMTHI data on time (15sec)
619 * freeing AMTHI for other requests
620 */
621
622 dev_dbg(dev->dev, "freeing AMTHI for other requests\n");
623
624 mei_io_list_flush(&dev->amthif_rd_complete_list,
625 &dev->iamthif_cl);
626 mei_io_cb_free(dev->iamthif_current_cb);
627 dev->iamthif_current_cb = NULL;
628
629 dev->iamthif_file_object->private_data = NULL;
630 dev->iamthif_file_object = NULL;
631 dev->iamthif_timer = 0;
632 mei_amthif_run_next_cmd(dev);
633
634 }
635 }
636 out:
637 if (dev->dev_state != MEI_DEV_DISABLED)
638 schedule_delayed_work(&dev->timer_work, 2 * HZ);
639 mutex_unlock(&dev->device_lock);
640 }
Linux kernel - Deliverables
This page took 0.044751 seconds and 5 git commands to generate.