Merge tag 'char-misc-4.13-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregk...
[karo-tx-linux.git] / drivers / base / firmware_class.c
1 /*
2  * firmware_class.c - Multi purpose firmware loading support
3  *
4  * Copyright (c) 2003 Manuel Estrada Sainz
5  *
6  * Please see Documentation/firmware_class/ for more information.
7  *
8  */
9
10 #include <linux/capability.h>
11 #include <linux/device.h>
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/timer.h>
15 #include <linux/vmalloc.h>
16 #include <linux/interrupt.h>
17 #include <linux/bitops.h>
18 #include <linux/mutex.h>
19 #include <linux/workqueue.h>
20 #include <linux/highmem.h>
21 #include <linux/firmware.h>
22 #include <linux/slab.h>
23 #include <linux/sched.h>
24 #include <linux/file.h>
25 #include <linux/list.h>
26 #include <linux/fs.h>
27 #include <linux/async.h>
28 #include <linux/pm.h>
29 #include <linux/suspend.h>
30 #include <linux/syscore_ops.h>
31 #include <linux/reboot.h>
32 #include <linux/security.h>
33 #include <linux/swait.h>
34
35 #include <generated/utsrelease.h>
36
37 #include "base.h"
38
39 MODULE_AUTHOR("Manuel Estrada Sainz");
40 MODULE_DESCRIPTION("Multi purpose firmware loading support");
41 MODULE_LICENSE("GPL");
42
43 /* Builtin firmware support */
44
45 #ifdef CONFIG_FW_LOADER
46
47 extern struct builtin_fw __start_builtin_fw[];
48 extern struct builtin_fw __end_builtin_fw[];
49
50 static bool fw_get_builtin_firmware(struct firmware *fw, const char *name,
51                                     void *buf, size_t size)
52 {
53         struct builtin_fw *b_fw;
54
55         for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++) {
56                 if (strcmp(name, b_fw->name) == 0) {
57                         fw->size = b_fw->size;
58                         fw->data = b_fw->data;
59
60                         if (buf && fw->size <= size)
61                                 memcpy(buf, fw->data, fw->size);
62                         return true;
63                 }
64         }
65
66         return false;
67 }
68
69 static bool fw_is_builtin_firmware(const struct firmware *fw)
70 {
71         struct builtin_fw *b_fw;
72
73         for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++)
74                 if (fw->data == b_fw->data)
75                         return true;
76
77         return false;
78 }
79
80 #else /* Module case - no builtin firmware support */
81
82 static inline bool fw_get_builtin_firmware(struct firmware *fw,
83                                            const char *name, void *buf,
84                                            size_t size)
85 {
86         return false;
87 }
88
89 static inline bool fw_is_builtin_firmware(const struct firmware *fw)
90 {
91         return false;
92 }
93 #endif
94
95 enum fw_status {
96         FW_STATUS_UNKNOWN,
97         FW_STATUS_LOADING,
98         FW_STATUS_DONE,
99         FW_STATUS_ABORTED,
100 };
101
102 static int loading_timeout = 60;        /* In seconds */
103
104 static inline long firmware_loading_timeout(void)
105 {
106         return loading_timeout > 0 ? loading_timeout * HZ : MAX_JIFFY_OFFSET;
107 }
108
109 /*
110  * Concurrent request_firmware() for the same firmware need to be
111  * serialized.  struct fw_state is simple state machine which hold the
112  * state of the firmware loading.
113  */
114 struct fw_state {
115         struct swait_queue_head wq;
116         enum fw_status status;
117 };
118
119 static void fw_state_init(struct fw_state *fw_st)
120 {
121         init_swait_queue_head(&fw_st->wq);
122         fw_st->status = FW_STATUS_UNKNOWN;
123 }
124
125 static inline bool __fw_state_is_done(enum fw_status status)
126 {
127         return status == FW_STATUS_DONE || status == FW_STATUS_ABORTED;
128 }
129
130 static int __fw_state_wait_common(struct fw_state *fw_st, long timeout)
131 {
132         long ret;
133
134         ret = swait_event_interruptible_timeout(fw_st->wq,
135                                 __fw_state_is_done(READ_ONCE(fw_st->status)),
136                                 timeout);
137         if (ret != 0 && fw_st->status == FW_STATUS_ABORTED)
138                 return -ENOENT;
139         if (!ret)
140                 return -ETIMEDOUT;
141
142         return ret < 0 ? ret : 0;
143 }
144
145 static void __fw_state_set(struct fw_state *fw_st,
146                            enum fw_status status)
147 {
148         WRITE_ONCE(fw_st->status, status);
149
150         if (status == FW_STATUS_DONE || status == FW_STATUS_ABORTED)
151                 swake_up(&fw_st->wq);
152 }
153
154 #define fw_state_start(fw_st)                                   \
155         __fw_state_set(fw_st, FW_STATUS_LOADING)
156 #define fw_state_done(fw_st)                                    \
157         __fw_state_set(fw_st, FW_STATUS_DONE)
158 #define fw_state_wait(fw_st)                                    \
159         __fw_state_wait_common(fw_st, MAX_SCHEDULE_TIMEOUT)
160
161 #ifndef CONFIG_FW_LOADER_USER_HELPER
162
163 #define fw_state_is_aborted(fw_st)      false
164
165 #else /* CONFIG_FW_LOADER_USER_HELPER */
166
167 static int __fw_state_check(struct fw_state *fw_st, enum fw_status status)
168 {
169         return fw_st->status == status;
170 }
171
172 #define fw_state_aborted(fw_st)                                 \
173         __fw_state_set(fw_st, FW_STATUS_ABORTED)
174 #define fw_state_is_done(fw_st)                                 \
175         __fw_state_check(fw_st, FW_STATUS_DONE)
176 #define fw_state_is_loading(fw_st)                              \
177         __fw_state_check(fw_st, FW_STATUS_LOADING)
178 #define fw_state_is_aborted(fw_st)                              \
179         __fw_state_check(fw_st, FW_STATUS_ABORTED)
180 #define fw_state_wait_timeout(fw_st, timeout)                   \
181         __fw_state_wait_common(fw_st, timeout)
182
183 #endif /* CONFIG_FW_LOADER_USER_HELPER */
184
185 /* firmware behavior options */
186 #define FW_OPT_UEVENT   (1U << 0)
187 #define FW_OPT_NOWAIT   (1U << 1)
188 #ifdef CONFIG_FW_LOADER_USER_HELPER
189 #define FW_OPT_USERHELPER       (1U << 2)
190 #else
191 #define FW_OPT_USERHELPER       0
192 #endif
193 #ifdef CONFIG_FW_LOADER_USER_HELPER_FALLBACK
194 #define FW_OPT_FALLBACK         FW_OPT_USERHELPER
195 #else
196 #define FW_OPT_FALLBACK         0
197 #endif
198 #define FW_OPT_NO_WARN  (1U << 3)
199 #define FW_OPT_NOCACHE  (1U << 4)
200
201 struct firmware_cache {
202         /* firmware_buf instance will be added into the below list */
203         spinlock_t lock;
204         struct list_head head;
205         int state;
206
207 #ifdef CONFIG_PM_SLEEP
208         /*
209          * Names of firmware images which have been cached successfully
210          * will be added into the below list so that device uncache
211          * helper can trace which firmware images have been cached
212          * before.
213          */
214         spinlock_t name_lock;
215         struct list_head fw_names;
216
217         struct delayed_work work;
218
219         struct notifier_block   pm_notify;
220 #endif
221 };
222
223 struct firmware_buf {
224         struct kref ref;
225         struct list_head list;
226         struct firmware_cache *fwc;
227         struct fw_state fw_st;
228         void *data;
229         size_t size;
230         size_t allocated_size;
231 #ifdef CONFIG_FW_LOADER_USER_HELPER
232         bool is_paged_buf;
233         bool need_uevent;
234         struct page **pages;
235         int nr_pages;
236         int page_array_size;
237         struct list_head pending_list;
238 #endif
239         const char *fw_id;
240 };
241
242 struct fw_cache_entry {
243         struct list_head list;
244         const char *name;
245 };
246
247 struct fw_name_devm {
248         unsigned long magic;
249         const char *name;
250 };
251
252 #define to_fwbuf(d) container_of(d, struct firmware_buf, ref)
253
254 #define FW_LOADER_NO_CACHE      0
255 #define FW_LOADER_START_CACHE   1
256
257 static int fw_cache_piggyback_on_request(const char *name);
258
259 /* fw_lock could be moved to 'struct firmware_priv' but since it is just
260  * guarding for corner cases a global lock should be OK */
261 static DEFINE_MUTEX(fw_lock);
262
263 static bool __enable_firmware = false;
264
265 static void enable_firmware(void)
266 {
267         mutex_lock(&fw_lock);
268         __enable_firmware = true;
269         mutex_unlock(&fw_lock);
270 }
271
272 static void disable_firmware(void)
273 {
274         mutex_lock(&fw_lock);
275         __enable_firmware = false;
276         mutex_unlock(&fw_lock);
277 }
278
279 /*
280  * When disabled only the built-in firmware and the firmware cache will be
281  * used to look for firmware.
282  */
283 static bool firmware_enabled(void)
284 {
285         bool enabled = false;
286
287         mutex_lock(&fw_lock);
288         if (__enable_firmware)
289                 enabled = true;
290         mutex_unlock(&fw_lock);
291
292         return enabled;
293 }
294
295 static struct firmware_cache fw_cache;
296
297 static struct firmware_buf *__allocate_fw_buf(const char *fw_name,
298                                               struct firmware_cache *fwc,
299                                               void *dbuf, size_t size)
300 {
301         struct firmware_buf *buf;
302
303         buf = kzalloc(sizeof(*buf), GFP_ATOMIC);
304         if (!buf)
305                 return NULL;
306
307         buf->fw_id = kstrdup_const(fw_name, GFP_ATOMIC);
308         if (!buf->fw_id) {
309                 kfree(buf);
310                 return NULL;
311         }
312
313         kref_init(&buf->ref);
314         buf->fwc = fwc;
315         buf->data = dbuf;
316         buf->allocated_size = size;
317         fw_state_init(&buf->fw_st);
318 #ifdef CONFIG_FW_LOADER_USER_HELPER
319         INIT_LIST_HEAD(&buf->pending_list);
320 #endif
321
322         pr_debug("%s: fw-%s buf=%p\n", __func__, fw_name, buf);
323
324         return buf;
325 }
326
327 static struct firmware_buf *__fw_lookup_buf(const char *fw_name)
328 {
329         struct firmware_buf *tmp;
330         struct firmware_cache *fwc = &fw_cache;
331
332         list_for_each_entry(tmp, &fwc->head, list)
333                 if (!strcmp(tmp->fw_id, fw_name))
334                         return tmp;
335         return NULL;
336 }
337
338 static int fw_lookup_and_allocate_buf(const char *fw_name,
339                                       struct firmware_cache *fwc,
340                                       struct firmware_buf **buf, void *dbuf,
341                                       size_t size)
342 {
343         struct firmware_buf *tmp;
344
345         spin_lock(&fwc->lock);
346         tmp = __fw_lookup_buf(fw_name);
347         if (tmp) {
348                 kref_get(&tmp->ref);
349                 spin_unlock(&fwc->lock);
350                 *buf = tmp;
351                 return 1;
352         }
353         tmp = __allocate_fw_buf(fw_name, fwc, dbuf, size);
354         if (tmp)
355                 list_add(&tmp->list, &fwc->head);
356         spin_unlock(&fwc->lock);
357
358         *buf = tmp;
359
360         return tmp ? 0 : -ENOMEM;
361 }
362
363 static void __fw_free_buf(struct kref *ref)
364         __releases(&fwc->lock)
365 {
366         struct firmware_buf *buf = to_fwbuf(ref);
367         struct firmware_cache *fwc = buf->fwc;
368
369         pr_debug("%s: fw-%s buf=%p data=%p size=%u\n",
370                  __func__, buf->fw_id, buf, buf->data,
371                  (unsigned int)buf->size);
372
373         list_del(&buf->list);
374         spin_unlock(&fwc->lock);
375
376 #ifdef CONFIG_FW_LOADER_USER_HELPER
377         if (buf->is_paged_buf) {
378                 int i;
379                 vunmap(buf->data);
380                 for (i = 0; i < buf->nr_pages; i++)
381                         __free_page(buf->pages[i]);
382                 vfree(buf->pages);
383         } else
384 #endif
385         if (!buf->allocated_size)
386                 vfree(buf->data);
387         kfree_const(buf->fw_id);
388         kfree(buf);
389 }
390
391 static void fw_free_buf(struct firmware_buf *buf)
392 {
393         struct firmware_cache *fwc = buf->fwc;
394         spin_lock(&fwc->lock);
395         if (!kref_put(&buf->ref, __fw_free_buf))
396                 spin_unlock(&fwc->lock);
397 }
398
399 /* direct firmware loading support */
400 static char fw_path_para[256];
401 static const char * const fw_path[] = {
402         fw_path_para,
403         "/lib/firmware/updates/" UTS_RELEASE,
404         "/lib/firmware/updates",
405         "/lib/firmware/" UTS_RELEASE,
406         "/lib/firmware"
407 };
408
409 /*
410  * Typical usage is that passing 'firmware_class.path=$CUSTOMIZED_PATH'
411  * from kernel command line because firmware_class is generally built in
412  * kernel instead of module.
413  */
414 module_param_string(path, fw_path_para, sizeof(fw_path_para), 0644);
415 MODULE_PARM_DESC(path, "customized firmware image search path with a higher priority than default path");
416
417 static int
418 fw_get_filesystem_firmware(struct device *device, struct firmware_buf *buf)
419 {
420         loff_t size;
421         int i, len;
422         int rc = -ENOENT;
423         char *path;
424         enum kernel_read_file_id id = READING_FIRMWARE;
425         size_t msize = INT_MAX;
426
427         /* Already populated data member means we're loading into a buffer */
428         if (buf->data) {
429                 id = READING_FIRMWARE_PREALLOC_BUFFER;
430                 msize = buf->allocated_size;
431         }
432
433         path = __getname();
434         if (!path)
435                 return -ENOMEM;
436
437         for (i = 0; i < ARRAY_SIZE(fw_path); i++) {
438                 /* skip the unset customized path */
439                 if (!fw_path[i][0])
440                         continue;
441
442                 len = snprintf(path, PATH_MAX, "%s/%s",
443                                fw_path[i], buf->fw_id);
444                 if (len >= PATH_MAX) {
445                         rc = -ENAMETOOLONG;
446                         break;
447                 }
448
449                 buf->size = 0;
450                 rc = kernel_read_file_from_path(path, &buf->data, &size, msize,
451                                                 id);
452                 if (rc) {
453                         if (rc == -ENOENT)
454                                 dev_dbg(device, "loading %s failed with error %d\n",
455                                          path, rc);
456                         else
457                                 dev_warn(device, "loading %s failed with error %d\n",
458                                          path, rc);
459                         continue;
460                 }
461                 dev_dbg(device, "direct-loading %s\n", buf->fw_id);
462                 buf->size = size;
463                 fw_state_done(&buf->fw_st);
464                 break;
465         }
466         __putname(path);
467
468         return rc;
469 }
470
471 /* firmware holds the ownership of pages */
472 static void firmware_free_data(const struct firmware *fw)
473 {
474         /* Loaded directly? */
475         if (!fw->priv) {
476                 vfree(fw->data);
477                 return;
478         }
479         fw_free_buf(fw->priv);
480 }
481
482 /* store the pages buffer info firmware from buf */
483 static void fw_set_page_data(struct firmware_buf *buf, struct firmware *fw)
484 {
485         fw->priv = buf;
486 #ifdef CONFIG_FW_LOADER_USER_HELPER
487         fw->pages = buf->pages;
488 #endif
489         fw->size = buf->size;
490         fw->data = buf->data;
491
492         pr_debug("%s: fw-%s buf=%p data=%p size=%u\n",
493                  __func__, buf->fw_id, buf, buf->data,
494                  (unsigned int)buf->size);
495 }
496
497 #ifdef CONFIG_PM_SLEEP
498 static void fw_name_devm_release(struct device *dev, void *res)
499 {
500         struct fw_name_devm *fwn = res;
501
502         if (fwn->magic == (unsigned long)&fw_cache)
503                 pr_debug("%s: fw_name-%s devm-%p released\n",
504                                 __func__, fwn->name, res);
505         kfree_const(fwn->name);
506 }
507
508 static int fw_devm_match(struct device *dev, void *res,
509                 void *match_data)
510 {
511         struct fw_name_devm *fwn = res;
512
513         return (fwn->magic == (unsigned long)&fw_cache) &&
514                 !strcmp(fwn->name, match_data);
515 }
516
517 static struct fw_name_devm *fw_find_devm_name(struct device *dev,
518                 const char *name)
519 {
520         struct fw_name_devm *fwn;
521
522         fwn = devres_find(dev, fw_name_devm_release,
523                           fw_devm_match, (void *)name);
524         return fwn;
525 }
526
527 /* add firmware name into devres list */
528 static int fw_add_devm_name(struct device *dev, const char *name)
529 {
530         struct fw_name_devm *fwn;
531
532         fwn = fw_find_devm_name(dev, name);
533         if (fwn)
534                 return 1;
535
536         fwn = devres_alloc(fw_name_devm_release, sizeof(struct fw_name_devm),
537                            GFP_KERNEL);
538         if (!fwn)
539                 return -ENOMEM;
540         fwn->name = kstrdup_const(name, GFP_KERNEL);
541         if (!fwn->name) {
542                 devres_free(fwn);
543                 return -ENOMEM;
544         }
545
546         fwn->magic = (unsigned long)&fw_cache;
547         devres_add(dev, fwn);
548
549         return 0;
550 }
551 #else
552 static int fw_add_devm_name(struct device *dev, const char *name)
553 {
554         return 0;
555 }
556 #endif
557
558 static int assign_firmware_buf(struct firmware *fw, struct device *device,
559                                unsigned int opt_flags)
560 {
561         struct firmware_buf *buf = fw->priv;
562
563         mutex_lock(&fw_lock);
564         if (!buf->size || fw_state_is_aborted(&buf->fw_st)) {
565                 mutex_unlock(&fw_lock);
566                 return -ENOENT;
567         }
568
569         /*
570          * add firmware name into devres list so that we can auto cache
571          * and uncache firmware for device.
572          *
573          * device may has been deleted already, but the problem
574          * should be fixed in devres or driver core.
575          */
576         /* don't cache firmware handled without uevent */
577         if (device && (opt_flags & FW_OPT_UEVENT) &&
578             !(opt_flags & FW_OPT_NOCACHE))
579                 fw_add_devm_name(device, buf->fw_id);
580
581         /*
582          * After caching firmware image is started, let it piggyback
583          * on request firmware.
584          */
585         if (!(opt_flags & FW_OPT_NOCACHE) &&
586             buf->fwc->state == FW_LOADER_START_CACHE) {
587                 if (fw_cache_piggyback_on_request(buf->fw_id))
588                         kref_get(&buf->ref);
589         }
590
591         /* pass the pages buffer to driver at the last minute */
592         fw_set_page_data(buf, fw);
593         mutex_unlock(&fw_lock);
594         return 0;
595 }
596
597 /*
598  * user-mode helper code
599  */
600 #ifdef CONFIG_FW_LOADER_USER_HELPER
601 struct firmware_priv {
602         bool nowait;
603         struct device dev;
604         struct firmware_buf *buf;
605         struct firmware *fw;
606 };
607
608 static struct firmware_priv *to_firmware_priv(struct device *dev)
609 {
610         return container_of(dev, struct firmware_priv, dev);
611 }
612
613 static void __fw_load_abort(struct firmware_buf *buf)
614 {
615         /*
616          * There is a small window in which user can write to 'loading'
617          * between loading done and disappearance of 'loading'
618          */
619         if (fw_state_is_done(&buf->fw_st))
620                 return;
621
622         list_del_init(&buf->pending_list);
623         fw_state_aborted(&buf->fw_st);
624 }
625
626 static void fw_load_abort(struct firmware_priv *fw_priv)
627 {
628         struct firmware_buf *buf = fw_priv->buf;
629
630         __fw_load_abort(buf);
631 }
632
633 static LIST_HEAD(pending_fw_head);
634
635 static void kill_pending_fw_fallback_reqs(bool only_kill_custom)
636 {
637         struct firmware_buf *buf;
638         struct firmware_buf *next;
639
640         mutex_lock(&fw_lock);
641         list_for_each_entry_safe(buf, next, &pending_fw_head, pending_list) {
642                 if (!buf->need_uevent || !only_kill_custom)
643                          __fw_load_abort(buf);
644         }
645         mutex_unlock(&fw_lock);
646 }
647
648 static ssize_t timeout_show(struct class *class, struct class_attribute *attr,
649                             char *buf)
650 {
651         return sprintf(buf, "%d\n", loading_timeout);
652 }
653
654 /**
655  * firmware_timeout_store - set number of seconds to wait for firmware
656  * @class: device class pointer
657  * @attr: device attribute pointer
658  * @buf: buffer to scan for timeout value
659  * @count: number of bytes in @buf
660  *
661  *      Sets the number of seconds to wait for the firmware.  Once
662  *      this expires an error will be returned to the driver and no
663  *      firmware will be provided.
664  *
665  *      Note: zero means 'wait forever'.
666  **/
667 static ssize_t timeout_store(struct class *class, struct class_attribute *attr,
668                              const char *buf, size_t count)
669 {
670         loading_timeout = simple_strtol(buf, NULL, 10);
671         if (loading_timeout < 0)
672                 loading_timeout = 0;
673
674         return count;
675 }
676 static CLASS_ATTR_RW(timeout);
677
678 static struct attribute *firmware_class_attrs[] = {
679         &class_attr_timeout.attr,
680         NULL,
681 };
682 ATTRIBUTE_GROUPS(firmware_class);
683
684 static void fw_dev_release(struct device *dev)
685 {
686         struct firmware_priv *fw_priv = to_firmware_priv(dev);
687
688         kfree(fw_priv);
689 }
690
691 static int do_firmware_uevent(struct firmware_priv *fw_priv, struct kobj_uevent_env *env)
692 {
693         if (add_uevent_var(env, "FIRMWARE=%s", fw_priv->buf->fw_id))
694                 return -ENOMEM;
695         if (add_uevent_var(env, "TIMEOUT=%i", loading_timeout))
696                 return -ENOMEM;
697         if (add_uevent_var(env, "ASYNC=%d", fw_priv->nowait))
698                 return -ENOMEM;
699
700         return 0;
701 }
702
703 static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
704 {
705         struct firmware_priv *fw_priv = to_firmware_priv(dev);
706         int err = 0;
707
708         mutex_lock(&fw_lock);
709         if (fw_priv->buf)
710                 err = do_firmware_uevent(fw_priv, env);
711         mutex_unlock(&fw_lock);
712         return err;
713 }
714
715 static struct class firmware_class = {
716         .name           = "firmware",
717         .class_groups   = firmware_class_groups,
718         .dev_uevent     = firmware_uevent,
719         .dev_release    = fw_dev_release,
720 };
721
722 static ssize_t firmware_loading_show(struct device *dev,
723                                      struct device_attribute *attr, char *buf)
724 {
725         struct firmware_priv *fw_priv = to_firmware_priv(dev);
726         int loading = 0;
727
728         mutex_lock(&fw_lock);
729         if (fw_priv->buf)
730                 loading = fw_state_is_loading(&fw_priv->buf->fw_st);
731         mutex_unlock(&fw_lock);
732
733         return sprintf(buf, "%d\n", loading);
734 }
735
736 /* Some architectures don't have PAGE_KERNEL_RO */
737 #ifndef PAGE_KERNEL_RO
738 #define PAGE_KERNEL_RO PAGE_KERNEL
739 #endif
740
741 /* one pages buffer should be mapped/unmapped only once */
742 static int fw_map_pages_buf(struct firmware_buf *buf)
743 {
744         if (!buf->is_paged_buf)
745                 return 0;
746
747         vunmap(buf->data);
748         buf->data = vmap(buf->pages, buf->nr_pages, 0, PAGE_KERNEL_RO);
749         if (!buf->data)
750                 return -ENOMEM;
751         return 0;
752 }
753
754 /**
755  * firmware_loading_store - set value in the 'loading' control file
756  * @dev: device pointer
757  * @attr: device attribute pointer
758  * @buf: buffer to scan for loading control value
759  * @count: number of bytes in @buf
760  *
761  *      The relevant values are:
762  *
763  *       1: Start a load, discarding any previous partial load.
764  *       0: Conclude the load and hand the data to the driver code.
765  *      -1: Conclude the load with an error and discard any written data.
766  **/
767 static ssize_t firmware_loading_store(struct device *dev,
768                                       struct device_attribute *attr,
769                                       const char *buf, size_t count)
770 {
771         struct firmware_priv *fw_priv = to_firmware_priv(dev);
772         struct firmware_buf *fw_buf;
773         ssize_t written = count;
774         int loading = simple_strtol(buf, NULL, 10);
775         int i;
776
777         mutex_lock(&fw_lock);
778         fw_buf = fw_priv->buf;
779         if (fw_state_is_aborted(&fw_buf->fw_st))
780                 goto out;
781
782         switch (loading) {
783         case 1:
784                 /* discarding any previous partial load */
785                 if (!fw_state_is_done(&fw_buf->fw_st)) {
786                         for (i = 0; i < fw_buf->nr_pages; i++)
787                                 __free_page(fw_buf->pages[i]);
788                         vfree(fw_buf->pages);
789                         fw_buf->pages = NULL;
790                         fw_buf->page_array_size = 0;
791                         fw_buf->nr_pages = 0;
792                         fw_state_start(&fw_buf->fw_st);
793                 }
794                 break;
795         case 0:
796                 if (fw_state_is_loading(&fw_buf->fw_st)) {
797                         int rc;
798
799                         /*
800                          * Several loading requests may be pending on
801                          * one same firmware buf, so let all requests
802                          * see the mapped 'buf->data' once the loading
803                          * is completed.
804                          * */
805                         rc = fw_map_pages_buf(fw_buf);
806                         if (rc)
807                                 dev_err(dev, "%s: map pages failed\n",
808                                         __func__);
809                         else
810                                 rc = security_kernel_post_read_file(NULL,
811                                                 fw_buf->data, fw_buf->size,
812                                                 READING_FIRMWARE);
813
814                         /*
815                          * Same logic as fw_load_abort, only the DONE bit
816                          * is ignored and we set ABORT only on failure.
817                          */
818                         list_del_init(&fw_buf->pending_list);
819                         if (rc) {
820                                 fw_state_aborted(&fw_buf->fw_st);
821                                 written = rc;
822                         } else {
823                                 fw_state_done(&fw_buf->fw_st);
824                         }
825                         break;
826                 }
827                 /* fallthrough */
828         default:
829                 dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
830                 /* fallthrough */
831         case -1:
832                 fw_load_abort(fw_priv);
833                 break;
834         }
835 out:
836         mutex_unlock(&fw_lock);
837         return written;
838 }
839
840 static DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
841
842 static void firmware_rw_buf(struct firmware_buf *buf, char *buffer,
843                            loff_t offset, size_t count, bool read)
844 {
845         if (read)
846                 memcpy(buffer, buf->data + offset, count);
847         else
848                 memcpy(buf->data + offset, buffer, count);
849 }
850
851 static void firmware_rw(struct firmware_buf *buf, char *buffer,
852                         loff_t offset, size_t count, bool read)
853 {
854         while (count) {
855                 void *page_data;
856                 int page_nr = offset >> PAGE_SHIFT;
857                 int page_ofs = offset & (PAGE_SIZE-1);
858                 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
859
860                 page_data = kmap(buf->pages[page_nr]);
861
862                 if (read)
863                         memcpy(buffer, page_data + page_ofs, page_cnt);
864                 else
865                         memcpy(page_data + page_ofs, buffer, page_cnt);
866
867                 kunmap(buf->pages[page_nr]);
868                 buffer += page_cnt;
869                 offset += page_cnt;
870                 count -= page_cnt;
871         }
872 }
873
874 static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
875                                   struct bin_attribute *bin_attr,
876                                   char *buffer, loff_t offset, size_t count)
877 {
878         struct device *dev = kobj_to_dev(kobj);
879         struct firmware_priv *fw_priv = to_firmware_priv(dev);
880         struct firmware_buf *buf;
881         ssize_t ret_count;
882
883         mutex_lock(&fw_lock);
884         buf = fw_priv->buf;
885         if (!buf || fw_state_is_done(&buf->fw_st)) {
886                 ret_count = -ENODEV;
887                 goto out;
888         }
889         if (offset > buf->size) {
890                 ret_count = 0;
891                 goto out;
892         }
893         if (count > buf->size - offset)
894                 count = buf->size - offset;
895
896         ret_count = count;
897
898         if (buf->data)
899                 firmware_rw_buf(buf, buffer, offset, count, true);
900         else
901                 firmware_rw(buf, buffer, offset, count, true);
902
903 out:
904         mutex_unlock(&fw_lock);
905         return ret_count;
906 }
907
908 static int fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size)
909 {
910         struct firmware_buf *buf = fw_priv->buf;
911         int pages_needed = PAGE_ALIGN(min_size) >> PAGE_SHIFT;
912
913         /* If the array of pages is too small, grow it... */
914         if (buf->page_array_size < pages_needed) {
915                 int new_array_size = max(pages_needed,
916                                          buf->page_array_size * 2);
917                 struct page **new_pages;
918
919                 new_pages = vmalloc(new_array_size * sizeof(void *));
920                 if (!new_pages) {
921                         fw_load_abort(fw_priv);
922                         return -ENOMEM;
923                 }
924                 memcpy(new_pages, buf->pages,
925                        buf->page_array_size * sizeof(void *));
926                 memset(&new_pages[buf->page_array_size], 0, sizeof(void *) *
927                        (new_array_size - buf->page_array_size));
928                 vfree(buf->pages);
929                 buf->pages = new_pages;
930                 buf->page_array_size = new_array_size;
931         }
932
933         while (buf->nr_pages < pages_needed) {
934                 buf->pages[buf->nr_pages] =
935                         alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
936
937                 if (!buf->pages[buf->nr_pages]) {
938                         fw_load_abort(fw_priv);
939                         return -ENOMEM;
940                 }
941                 buf->nr_pages++;
942         }
943         return 0;
944 }
945
946 /**
947  * firmware_data_write - write method for firmware
948  * @filp: open sysfs file
949  * @kobj: kobject for the device
950  * @bin_attr: bin_attr structure
951  * @buffer: buffer being written
952  * @offset: buffer offset for write in total data store area
953  * @count: buffer size
954  *
955  *      Data written to the 'data' attribute will be later handed to
956  *      the driver as a firmware image.
957  **/
958 static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
959                                    struct bin_attribute *bin_attr,
960                                    char *buffer, loff_t offset, size_t count)
961 {
962         struct device *dev = kobj_to_dev(kobj);
963         struct firmware_priv *fw_priv = to_firmware_priv(dev);
964         struct firmware_buf *buf;
965         ssize_t retval;
966
967         if (!capable(CAP_SYS_RAWIO))
968                 return -EPERM;
969
970         mutex_lock(&fw_lock);
971         buf = fw_priv->buf;
972         if (!buf || fw_state_is_done(&buf->fw_st)) {
973                 retval = -ENODEV;
974                 goto out;
975         }
976
977         if (buf->data) {
978                 if (offset + count > buf->allocated_size) {
979                         retval = -ENOMEM;
980                         goto out;
981                 }
982                 firmware_rw_buf(buf, buffer, offset, count, false);
983                 retval = count;
984         } else {
985                 retval = fw_realloc_buffer(fw_priv, offset + count);
986                 if (retval)
987                         goto out;
988
989                 retval = count;
990                 firmware_rw(buf, buffer, offset, count, false);
991         }
992
993         buf->size = max_t(size_t, offset + count, buf->size);
994 out:
995         mutex_unlock(&fw_lock);
996         return retval;
997 }
998
999 static struct bin_attribute firmware_attr_data = {
1000         .attr = { .name = "data", .mode = 0644 },
1001         .size = 0,
1002         .read = firmware_data_read,
1003         .write = firmware_data_write,
1004 };
1005
1006 static struct attribute *fw_dev_attrs[] = {
1007         &dev_attr_loading.attr,
1008         NULL
1009 };
1010
1011 static struct bin_attribute *fw_dev_bin_attrs[] = {
1012         &firmware_attr_data,
1013         NULL
1014 };
1015
1016 static const struct attribute_group fw_dev_attr_group = {
1017         .attrs = fw_dev_attrs,
1018         .bin_attrs = fw_dev_bin_attrs,
1019 };
1020
1021 static const struct attribute_group *fw_dev_attr_groups[] = {
1022         &fw_dev_attr_group,
1023         NULL
1024 };
1025
1026 static struct firmware_priv *
1027 fw_create_instance(struct firmware *firmware, const char *fw_name,
1028                    struct device *device, unsigned int opt_flags)
1029 {
1030         struct firmware_priv *fw_priv;
1031         struct device *f_dev;
1032
1033         fw_priv = kzalloc(sizeof(*fw_priv), GFP_KERNEL);
1034         if (!fw_priv) {
1035                 fw_priv = ERR_PTR(-ENOMEM);
1036                 goto exit;
1037         }
1038
1039         fw_priv->nowait = !!(opt_flags & FW_OPT_NOWAIT);
1040         fw_priv->fw = firmware;
1041         f_dev = &fw_priv->dev;
1042
1043         device_initialize(f_dev);
1044         dev_set_name(f_dev, "%s", fw_name);
1045         f_dev->parent = device;
1046         f_dev->class = &firmware_class;
1047         f_dev->groups = fw_dev_attr_groups;
1048 exit:
1049         return fw_priv;
1050 }
1051
1052 /* load a firmware via user helper */
1053 static int _request_firmware_load(struct firmware_priv *fw_priv,
1054                                   unsigned int opt_flags, long timeout)
1055 {
1056         int retval = 0;
1057         struct device *f_dev = &fw_priv->dev;
1058         struct firmware_buf *buf = fw_priv->buf;
1059
1060         /* fall back on userspace loading */
1061         if (!buf->data)
1062                 buf->is_paged_buf = true;
1063
1064         dev_set_uevent_suppress(f_dev, true);
1065
1066         retval = device_add(f_dev);
1067         if (retval) {
1068                 dev_err(f_dev, "%s: device_register failed\n", __func__);
1069                 goto err_put_dev;
1070         }
1071
1072         mutex_lock(&fw_lock);
1073         list_add(&buf->pending_list, &pending_fw_head);
1074         mutex_unlock(&fw_lock);
1075
1076         if (opt_flags & FW_OPT_UEVENT) {
1077                 buf->need_uevent = true;
1078                 dev_set_uevent_suppress(f_dev, false);
1079                 dev_dbg(f_dev, "firmware: requesting %s\n", buf->fw_id);
1080                 kobject_uevent(&fw_priv->dev.kobj, KOBJ_ADD);
1081         } else {
1082                 timeout = MAX_JIFFY_OFFSET;
1083         }
1084
1085         retval = fw_state_wait_timeout(&buf->fw_st, timeout);
1086         if (retval < 0) {
1087                 mutex_lock(&fw_lock);
1088                 fw_load_abort(fw_priv);
1089                 mutex_unlock(&fw_lock);
1090         }
1091
1092         if (fw_state_is_aborted(&buf->fw_st))
1093                 retval = -EAGAIN;
1094         else if (buf->is_paged_buf && !buf->data)
1095                 retval = -ENOMEM;
1096
1097         device_del(f_dev);
1098 err_put_dev:
1099         put_device(f_dev);
1100         return retval;
1101 }
1102
1103 static int fw_load_from_user_helper(struct firmware *firmware,
1104                                     const char *name, struct device *device,
1105                                     unsigned int opt_flags)
1106 {
1107         struct firmware_priv *fw_priv;
1108         long timeout;
1109         int ret;
1110
1111         timeout = firmware_loading_timeout();
1112         if (opt_flags & FW_OPT_NOWAIT) {
1113                 timeout = usermodehelper_read_lock_wait(timeout);
1114                 if (!timeout) {
1115                         dev_dbg(device, "firmware: %s loading timed out\n",
1116                                 name);
1117                         return -EBUSY;
1118                 }
1119         } else {
1120                 ret = usermodehelper_read_trylock();
1121                 if (WARN_ON(ret)) {
1122                         dev_err(device, "firmware: %s will not be loaded\n",
1123                                 name);
1124                         return ret;
1125                 }
1126         }
1127
1128         fw_priv = fw_create_instance(firmware, name, device, opt_flags);
1129         if (IS_ERR(fw_priv)) {
1130                 ret = PTR_ERR(fw_priv);
1131                 goto out_unlock;
1132         }
1133
1134         fw_priv->buf = firmware->priv;
1135         ret = _request_firmware_load(fw_priv, opt_flags, timeout);
1136
1137         if (!ret)
1138                 ret = assign_firmware_buf(firmware, device, opt_flags);
1139
1140 out_unlock:
1141         usermodehelper_read_unlock();
1142
1143         return ret;
1144 }
1145
1146 #else /* CONFIG_FW_LOADER_USER_HELPER */
1147 static inline int
1148 fw_load_from_user_helper(struct firmware *firmware, const char *name,
1149                          struct device *device, unsigned int opt_flags)
1150 {
1151         return -ENOENT;
1152 }
1153
1154 static inline void kill_pending_fw_fallback_reqs(bool only_kill_custom) { }
1155
1156 #endif /* CONFIG_FW_LOADER_USER_HELPER */
1157
1158 /* prepare firmware and firmware_buf structs;
1159  * return 0 if a firmware is already assigned, 1 if need to load one,
1160  * or a negative error code
1161  */
1162 static int
1163 _request_firmware_prepare(struct firmware **firmware_p, const char *name,
1164                           struct device *device, void *dbuf, size_t size)
1165 {
1166         struct firmware *firmware;
1167         struct firmware_buf *buf;
1168         int ret;
1169
1170         *firmware_p = firmware = kzalloc(sizeof(*firmware), GFP_KERNEL);
1171         if (!firmware) {
1172                 dev_err(device, "%s: kmalloc(struct firmware) failed\n",
1173                         __func__);
1174                 return -ENOMEM;
1175         }
1176
1177         if (fw_get_builtin_firmware(firmware, name, dbuf, size)) {
1178                 dev_dbg(device, "using built-in %s\n", name);
1179                 return 0; /* assigned */
1180         }
1181
1182         ret = fw_lookup_and_allocate_buf(name, &fw_cache, &buf, dbuf, size);
1183
1184         /*
1185          * bind with 'buf' now to avoid warning in failure path
1186          * of requesting firmware.
1187          */
1188         firmware->priv = buf;
1189
1190         if (ret > 0) {
1191                 ret = fw_state_wait(&buf->fw_st);
1192                 if (!ret) {
1193                         fw_set_page_data(buf, firmware);
1194                         return 0; /* assigned */
1195                 }
1196         }
1197
1198         if (ret < 0)
1199                 return ret;
1200         return 1; /* need to load */
1201 }
1202
1203 /* called from request_firmware() and request_firmware_work_func() */
1204 static int
1205 _request_firmware(const struct firmware **firmware_p, const char *name,
1206                   struct device *device, void *buf, size_t size,
1207                   unsigned int opt_flags)
1208 {
1209         struct firmware *fw = NULL;
1210         int ret;
1211
1212         if (!firmware_p)
1213                 return -EINVAL;
1214
1215         if (!name || name[0] == '\0') {
1216                 ret = -EINVAL;
1217                 goto out;
1218         }
1219
1220         ret = _request_firmware_prepare(&fw, name, device, buf, size);
1221         if (ret <= 0) /* error or already assigned */
1222                 goto out;
1223
1224         if (!firmware_enabled()) {
1225                 WARN(1, "firmware request while host is not available\n");
1226                 ret = -EHOSTDOWN;
1227                 goto out;
1228         }
1229
1230         ret = fw_get_filesystem_firmware(device, fw->priv);
1231         if (ret) {
1232                 if (!(opt_flags & FW_OPT_NO_WARN))
1233                         dev_warn(device,
1234                                  "Direct firmware load for %s failed with error %d\n",
1235                                  name, ret);
1236                 if (opt_flags & FW_OPT_USERHELPER) {
1237                         dev_warn(device, "Falling back to user helper\n");
1238                         ret = fw_load_from_user_helper(fw, name, device,
1239                                                        opt_flags);
1240                 }
1241         } else
1242                 ret = assign_firmware_buf(fw, device, opt_flags);
1243
1244  out:
1245         if (ret < 0) {
1246                 release_firmware(fw);
1247                 fw = NULL;
1248         }
1249
1250         *firmware_p = fw;
1251         return ret;
1252 }
1253
1254 /**
1255  * request_firmware: - send firmware request and wait for it
1256  * @firmware_p: pointer to firmware image
1257  * @name: name of firmware file
1258  * @device: device for which firmware is being loaded
1259  *
1260  *      @firmware_p will be used to return a firmware image by the name
1261  *      of @name for device @device.
1262  *
1263  *      Should be called from user context where sleeping is allowed.
1264  *
1265  *      @name will be used as $FIRMWARE in the uevent environment and
1266  *      should be distinctive enough not to be confused with any other
1267  *      firmware image for this or any other device.
1268  *
1269  *      Caller must hold the reference count of @device.
1270  *
1271  *      The function can be called safely inside device's suspend and
1272  *      resume callback.
1273  **/
1274 int
1275 request_firmware(const struct firmware **firmware_p, const char *name,
1276                  struct device *device)
1277 {
1278         int ret;
1279
1280         /* Need to pin this module until return */
1281         __module_get(THIS_MODULE);
1282         ret = _request_firmware(firmware_p, name, device, NULL, 0,
1283                                 FW_OPT_UEVENT | FW_OPT_FALLBACK);
1284         module_put(THIS_MODULE);
1285         return ret;
1286 }
1287 EXPORT_SYMBOL(request_firmware);
1288
1289 /**
1290  * request_firmware_direct: - load firmware directly without usermode helper
1291  * @firmware_p: pointer to firmware image
1292  * @name: name of firmware file
1293  * @device: device for which firmware is being loaded
1294  *
1295  * This function works pretty much like request_firmware(), but this doesn't
1296  * fall back to usermode helper even if the firmware couldn't be loaded
1297  * directly from fs.  Hence it's useful for loading optional firmwares, which
1298  * aren't always present, without extra long timeouts of udev.
1299  **/
1300 int request_firmware_direct(const struct firmware **firmware_p,
1301                             const char *name, struct device *device)
1302 {
1303         int ret;
1304
1305         __module_get(THIS_MODULE);
1306         ret = _request_firmware(firmware_p, name, device, NULL, 0,
1307                                 FW_OPT_UEVENT | FW_OPT_NO_WARN);
1308         module_put(THIS_MODULE);
1309         return ret;
1310 }
1311 EXPORT_SYMBOL_GPL(request_firmware_direct);
1312
1313 /**
1314  * request_firmware_into_buf - load firmware into a previously allocated buffer
1315  * @firmware_p: pointer to firmware image
1316  * @name: name of firmware file
1317  * @device: device for which firmware is being loaded and DMA region allocated
1318  * @buf: address of buffer to load firmware into
1319  * @size: size of buffer
1320  *
1321  * This function works pretty much like request_firmware(), but it doesn't
1322  * allocate a buffer to hold the firmware data. Instead, the firmware
1323  * is loaded directly into the buffer pointed to by @buf and the @firmware_p
1324  * data member is pointed at @buf.
1325  *
1326  * This function doesn't cache firmware either.
1327  */
1328 int
1329 request_firmware_into_buf(const struct firmware **firmware_p, const char *name,
1330                           struct device *device, void *buf, size_t size)
1331 {
1332         int ret;
1333
1334         __module_get(THIS_MODULE);
1335         ret = _request_firmware(firmware_p, name, device, buf, size,
1336                                 FW_OPT_UEVENT | FW_OPT_FALLBACK |
1337                                 FW_OPT_NOCACHE);
1338         module_put(THIS_MODULE);
1339         return ret;
1340 }
1341 EXPORT_SYMBOL(request_firmware_into_buf);
1342
1343 /**
1344  * release_firmware: - release the resource associated with a firmware image
1345  * @fw: firmware resource to release
1346  **/
1347 void release_firmware(const struct firmware *fw)
1348 {
1349         if (fw) {
1350                 if (!fw_is_builtin_firmware(fw))
1351                         firmware_free_data(fw);
1352                 kfree(fw);
1353         }
1354 }
1355 EXPORT_SYMBOL(release_firmware);
1356
1357 /* Async support */
1358 struct firmware_work {
1359         struct work_struct work;
1360         struct module *module;
1361         const char *name;
1362         struct device *device;
1363         void *context;
1364         void (*cont)(const struct firmware *fw, void *context);
1365         unsigned int opt_flags;
1366 };
1367
1368 static void request_firmware_work_func(struct work_struct *work)
1369 {
1370         struct firmware_work *fw_work;
1371         const struct firmware *fw;
1372
1373         fw_work = container_of(work, struct firmware_work, work);
1374
1375         _request_firmware(&fw, fw_work->name, fw_work->device, NULL, 0,
1376                           fw_work->opt_flags);
1377         fw_work->cont(fw, fw_work->context);
1378         put_device(fw_work->device); /* taken in request_firmware_nowait() */
1379
1380         module_put(fw_work->module);
1381         kfree_const(fw_work->name);
1382         kfree(fw_work);
1383 }
1384
1385 /**
1386  * request_firmware_nowait - asynchronous version of request_firmware
1387  * @module: module requesting the firmware
1388  * @uevent: sends uevent to copy the firmware image if this flag
1389  *      is non-zero else the firmware copy must be done manually.
1390  * @name: name of firmware file
1391  * @device: device for which firmware is being loaded
1392  * @gfp: allocation flags
1393  * @context: will be passed over to @cont, and
1394  *      @fw may be %NULL if firmware request fails.
1395  * @cont: function will be called asynchronously when the firmware
1396  *      request is over.
1397  *
1398  *      Caller must hold the reference count of @device.
1399  *
1400  *      Asynchronous variant of request_firmware() for user contexts:
1401  *              - sleep for as small periods as possible since it may
1402  *                increase kernel boot time of built-in device drivers
1403  *                requesting firmware in their ->probe() methods, if
1404  *                @gfp is GFP_KERNEL.
1405  *
1406  *              - can't sleep at all if @gfp is GFP_ATOMIC.
1407  **/
1408 int
1409 request_firmware_nowait(
1410         struct module *module, bool uevent,
1411         const char *name, struct device *device, gfp_t gfp, void *context,
1412         void (*cont)(const struct firmware *fw, void *context))
1413 {
1414         struct firmware_work *fw_work;
1415
1416         fw_work = kzalloc(sizeof(struct firmware_work), gfp);
1417         if (!fw_work)
1418                 return -ENOMEM;
1419
1420         fw_work->module = module;
1421         fw_work->name = kstrdup_const(name, gfp);
1422         if (!fw_work->name) {
1423                 kfree(fw_work);
1424                 return -ENOMEM;
1425         }
1426         fw_work->device = device;
1427         fw_work->context = context;
1428         fw_work->cont = cont;
1429         fw_work->opt_flags = FW_OPT_NOWAIT | FW_OPT_FALLBACK |
1430                 (uevent ? FW_OPT_UEVENT : FW_OPT_USERHELPER);
1431
1432         if (!try_module_get(module)) {
1433                 kfree_const(fw_work->name);
1434                 kfree(fw_work);
1435                 return -EFAULT;
1436         }
1437
1438         get_device(fw_work->device);
1439         INIT_WORK(&fw_work->work, request_firmware_work_func);
1440         schedule_work(&fw_work->work);
1441         return 0;
1442 }
1443 EXPORT_SYMBOL(request_firmware_nowait);
1444
1445 #ifdef CONFIG_PM_SLEEP
1446 static ASYNC_DOMAIN_EXCLUSIVE(fw_cache_domain);
1447
1448 /**
1449  * cache_firmware - cache one firmware image in kernel memory space
1450  * @fw_name: the firmware image name
1451  *
1452  * Cache firmware in kernel memory so that drivers can use it when
1453  * system isn't ready for them to request firmware image from userspace.
1454  * Once it returns successfully, driver can use request_firmware or its
1455  * nowait version to get the cached firmware without any interacting
1456  * with userspace
1457  *
1458  * Return 0 if the firmware image has been cached successfully
1459  * Return !0 otherwise
1460  *
1461  */
1462 static int cache_firmware(const char *fw_name)
1463 {
1464         int ret;
1465         const struct firmware *fw;
1466
1467         pr_debug("%s: %s\n", __func__, fw_name);
1468
1469         ret = request_firmware(&fw, fw_name, NULL);
1470         if (!ret)
1471                 kfree(fw);
1472
1473         pr_debug("%s: %s ret=%d\n", __func__, fw_name, ret);
1474
1475         return ret;
1476 }
1477
1478 static struct firmware_buf *fw_lookup_buf(const char *fw_name)
1479 {
1480         struct firmware_buf *tmp;
1481         struct firmware_cache *fwc = &fw_cache;
1482
1483         spin_lock(&fwc->lock);
1484         tmp = __fw_lookup_buf(fw_name);
1485         spin_unlock(&fwc->lock);
1486
1487         return tmp;
1488 }
1489
1490 /**
1491  * uncache_firmware - remove one cached firmware image
1492  * @fw_name: the firmware image name
1493  *
1494  * Uncache one firmware image which has been cached successfully
1495  * before.
1496  *
1497  * Return 0 if the firmware cache has been removed successfully
1498  * Return !0 otherwise
1499  *
1500  */
1501 static int uncache_firmware(const char *fw_name)
1502 {
1503         struct firmware_buf *buf;
1504         struct firmware fw;
1505
1506         pr_debug("%s: %s\n", __func__, fw_name);
1507
1508         if (fw_get_builtin_firmware(&fw, fw_name, NULL, 0))
1509                 return 0;
1510
1511         buf = fw_lookup_buf(fw_name);
1512         if (buf) {
1513                 fw_free_buf(buf);
1514                 return 0;
1515         }
1516
1517         return -EINVAL;
1518 }
1519
1520 static struct fw_cache_entry *alloc_fw_cache_entry(const char *name)
1521 {
1522         struct fw_cache_entry *fce;
1523
1524         fce = kzalloc(sizeof(*fce), GFP_ATOMIC);
1525         if (!fce)
1526                 goto exit;
1527
1528         fce->name = kstrdup_const(name, GFP_ATOMIC);
1529         if (!fce->name) {
1530                 kfree(fce);
1531                 fce = NULL;
1532                 goto exit;
1533         }
1534 exit:
1535         return fce;
1536 }
1537
1538 static int __fw_entry_found(const char *name)
1539 {
1540         struct firmware_cache *fwc = &fw_cache;
1541         struct fw_cache_entry *fce;
1542
1543         list_for_each_entry(fce, &fwc->fw_names, list) {
1544                 if (!strcmp(fce->name, name))
1545                         return 1;
1546         }
1547         return 0;
1548 }
1549
1550 static int fw_cache_piggyback_on_request(const char *name)
1551 {
1552         struct firmware_cache *fwc = &fw_cache;
1553         struct fw_cache_entry *fce;
1554         int ret = 0;
1555
1556         spin_lock(&fwc->name_lock);
1557         if (__fw_entry_found(name))
1558                 goto found;
1559
1560         fce = alloc_fw_cache_entry(name);
1561         if (fce) {
1562                 ret = 1;
1563                 list_add(&fce->list, &fwc->fw_names);
1564                 pr_debug("%s: fw: %s\n", __func__, name);
1565         }
1566 found:
1567         spin_unlock(&fwc->name_lock);
1568         return ret;
1569 }
1570
1571 static void free_fw_cache_entry(struct fw_cache_entry *fce)
1572 {
1573         kfree_const(fce->name);
1574         kfree(fce);
1575 }
1576
1577 static void __async_dev_cache_fw_image(void *fw_entry,
1578                                        async_cookie_t cookie)
1579 {
1580         struct fw_cache_entry *fce = fw_entry;
1581         struct firmware_cache *fwc = &fw_cache;
1582         int ret;
1583
1584         ret = cache_firmware(fce->name);
1585         if (ret) {
1586                 spin_lock(&fwc->name_lock);
1587                 list_del(&fce->list);
1588                 spin_unlock(&fwc->name_lock);
1589
1590                 free_fw_cache_entry(fce);
1591         }
1592 }
1593
1594 /* called with dev->devres_lock held */
1595 static void dev_create_fw_entry(struct device *dev, void *res,
1596                                 void *data)
1597 {
1598         struct fw_name_devm *fwn = res;
1599         const char *fw_name = fwn->name;
1600         struct list_head *head = data;
1601         struct fw_cache_entry *fce;
1602
1603         fce = alloc_fw_cache_entry(fw_name);
1604         if (fce)
1605                 list_add(&fce->list, head);
1606 }
1607
1608 static int devm_name_match(struct device *dev, void *res,
1609                            void *match_data)
1610 {
1611         struct fw_name_devm *fwn = res;
1612         return (fwn->magic == (unsigned long)match_data);
1613 }
1614
1615 static void dev_cache_fw_image(struct device *dev, void *data)
1616 {
1617         LIST_HEAD(todo);
1618         struct fw_cache_entry *fce;
1619         struct fw_cache_entry *fce_next;
1620         struct firmware_cache *fwc = &fw_cache;
1621
1622         devres_for_each_res(dev, fw_name_devm_release,
1623                             devm_name_match, &fw_cache,
1624                             dev_create_fw_entry, &todo);
1625
1626         list_for_each_entry_safe(fce, fce_next, &todo, list) {
1627                 list_del(&fce->list);
1628
1629                 spin_lock(&fwc->name_lock);
1630                 /* only one cache entry for one firmware */
1631                 if (!__fw_entry_found(fce->name)) {
1632                         list_add(&fce->list, &fwc->fw_names);
1633                 } else {
1634                         free_fw_cache_entry(fce);
1635                         fce = NULL;
1636                 }
1637                 spin_unlock(&fwc->name_lock);
1638
1639                 if (fce)
1640                         async_schedule_domain(__async_dev_cache_fw_image,
1641                                               (void *)fce,
1642                                               &fw_cache_domain);
1643         }
1644 }
1645
1646 static void __device_uncache_fw_images(void)
1647 {
1648         struct firmware_cache *fwc = &fw_cache;
1649         struct fw_cache_entry *fce;
1650
1651         spin_lock(&fwc->name_lock);
1652         while (!list_empty(&fwc->fw_names)) {
1653                 fce = list_entry(fwc->fw_names.next,
1654                                 struct fw_cache_entry, list);
1655                 list_del(&fce->list);
1656                 spin_unlock(&fwc->name_lock);
1657
1658                 uncache_firmware(fce->name);
1659                 free_fw_cache_entry(fce);
1660
1661                 spin_lock(&fwc->name_lock);
1662         }
1663         spin_unlock(&fwc->name_lock);
1664 }
1665
1666 /**
1667  * device_cache_fw_images - cache devices' firmware
1668  *
1669  * If one device called request_firmware or its nowait version
1670  * successfully before, the firmware names are recored into the
1671  * device's devres link list, so device_cache_fw_images can call
1672  * cache_firmware() to cache these firmwares for the device,
1673  * then the device driver can load its firmwares easily at
1674  * time when system is not ready to complete loading firmware.
1675  */
1676 static void device_cache_fw_images(void)
1677 {
1678         struct firmware_cache *fwc = &fw_cache;
1679         int old_timeout;
1680         DEFINE_WAIT(wait);
1681
1682         pr_debug("%s\n", __func__);
1683
1684         /* cancel uncache work */
1685         cancel_delayed_work_sync(&fwc->work);
1686
1687         /*
1688          * use small loading timeout for caching devices' firmware
1689          * because all these firmware images have been loaded
1690          * successfully at lease once, also system is ready for
1691          * completing firmware loading now. The maximum size of
1692          * firmware in current distributions is about 2M bytes,
1693          * so 10 secs should be enough.
1694          */
1695         old_timeout = loading_timeout;
1696         loading_timeout = 10;
1697
1698         mutex_lock(&fw_lock);
1699         fwc->state = FW_LOADER_START_CACHE;
1700         dpm_for_each_dev(NULL, dev_cache_fw_image);
1701         mutex_unlock(&fw_lock);
1702
1703         /* wait for completion of caching firmware for all devices */
1704         async_synchronize_full_domain(&fw_cache_domain);
1705
1706         loading_timeout = old_timeout;
1707 }
1708
1709 /**
1710  * device_uncache_fw_images - uncache devices' firmware
1711  *
1712  * uncache all firmwares which have been cached successfully
1713  * by device_uncache_fw_images earlier
1714  */
1715 static void device_uncache_fw_images(void)
1716 {
1717         pr_debug("%s\n", __func__);
1718         __device_uncache_fw_images();
1719 }
1720
1721 static void device_uncache_fw_images_work(struct work_struct *work)
1722 {
1723         device_uncache_fw_images();
1724 }
1725
1726 /**
1727  * device_uncache_fw_images_delay - uncache devices firmwares
1728  * @delay: number of milliseconds to delay uncache device firmwares
1729  *
1730  * uncache all devices's firmwares which has been cached successfully
1731  * by device_cache_fw_images after @delay milliseconds.
1732  */
1733 static void device_uncache_fw_images_delay(unsigned long delay)
1734 {
1735         queue_delayed_work(system_power_efficient_wq, &fw_cache.work,
1736                            msecs_to_jiffies(delay));
1737 }
1738
1739 /**
1740  * fw_pm_notify - notifier for suspend/resume
1741  * @notify_block: unused
1742  * @mode: mode we are switching to
1743  * @unused: unused
1744  *
1745  * Used to modify the firmware_class state as we move in between states.
1746  * The firmware_class implements a firmware cache to enable device driver
1747  * to fetch firmware upon resume before the root filesystem is ready. We
1748  * disable API calls which do not use the built-in firmware or the firmware
1749  * cache when we know these calls will not work.
1750  *
1751  * The inner logic behind all this is a bit complex so it is worth summarizing
1752  * the kernel's own suspend/resume process with context and focus on how this
1753  * can impact the firmware API.
1754  *
1755  * First a review on how we go to suspend::
1756  *
1757  *      pm_suspend() --> enter_state() -->
1758  *      sys_sync()
1759  *      suspend_prepare() -->
1760  *              __pm_notifier_call_chain(PM_SUSPEND_PREPARE, ...);
1761  *              suspend_freeze_processes() -->
1762  *                      freeze_processes() -->
1763  *                              __usermodehelper_set_disable_depth(UMH_DISABLED);
1764  *                              freeze all tasks ...
1765  *                      freeze_kernel_threads()
1766  *      suspend_devices_and_enter() -->
1767  *              dpm_suspend_start() -->
1768  *                              dpm_prepare()
1769  *                              dpm_suspend()
1770  *              suspend_enter()  -->
1771  *                      platform_suspend_prepare()
1772  *                      dpm_suspend_late()
1773  *                      freeze_enter()
1774  *                      syscore_suspend()
1775  *
1776  * When we resume we bail out of a loop from suspend_devices_and_enter() and
1777  * unwind back out to the caller enter_state() where we were before as follows::
1778  *
1779  *      enter_state() -->
1780  *      suspend_devices_and_enter() --> (bail from loop)
1781  *              dpm_resume_end() -->
1782  *                      dpm_resume()
1783  *                      dpm_complete()
1784  *      suspend_finish() -->
1785  *              suspend_thaw_processes() -->
1786  *                      thaw_processes() -->
1787  *                              __usermodehelper_set_disable_depth(UMH_FREEZING);
1788  *                              thaw_workqueues();
1789  *                              thaw all processes ...
1790  *                              usermodehelper_enable();
1791  *              pm_notifier_call_chain(PM_POST_SUSPEND);
1792  *
1793  * fw_pm_notify() works through pm_notifier_call_chain().
1794  */
1795 static int fw_pm_notify(struct notifier_block *notify_block,
1796                         unsigned long mode, void *unused)
1797 {
1798         switch (mode) {
1799         case PM_HIBERNATION_PREPARE:
1800         case PM_SUSPEND_PREPARE:
1801         case PM_RESTORE_PREPARE:
1802                 /*
1803                  * kill pending fallback requests with a custom fallback
1804                  * to avoid stalling suspend.
1805                  */
1806                 kill_pending_fw_fallback_reqs(true);
1807                 device_cache_fw_images();
1808                 disable_firmware();
1809                 break;
1810
1811         case PM_POST_SUSPEND:
1812         case PM_POST_HIBERNATION:
1813         case PM_POST_RESTORE:
1814                 /*
1815                  * In case that system sleep failed and syscore_suspend is
1816                  * not called.
1817                  */
1818                 mutex_lock(&fw_lock);
1819                 fw_cache.state = FW_LOADER_NO_CACHE;
1820                 mutex_unlock(&fw_lock);
1821                 enable_firmware();
1822
1823                 device_uncache_fw_images_delay(10 * MSEC_PER_SEC);
1824                 break;
1825         }
1826
1827         return 0;
1828 }
1829
1830 /* stop caching firmware once syscore_suspend is reached */
1831 static int fw_suspend(void)
1832 {
1833         fw_cache.state = FW_LOADER_NO_CACHE;
1834         return 0;
1835 }
1836
1837 static struct syscore_ops fw_syscore_ops = {
1838         .suspend = fw_suspend,
1839 };
1840 #else
1841 static int fw_cache_piggyback_on_request(const char *name)
1842 {
1843         return 0;
1844 }
1845 #endif
1846
1847 static void __init fw_cache_init(void)
1848 {
1849         spin_lock_init(&fw_cache.lock);
1850         INIT_LIST_HEAD(&fw_cache.head);
1851         fw_cache.state = FW_LOADER_NO_CACHE;
1852
1853 #ifdef CONFIG_PM_SLEEP
1854         spin_lock_init(&fw_cache.name_lock);
1855         INIT_LIST_HEAD(&fw_cache.fw_names);
1856
1857         INIT_DELAYED_WORK(&fw_cache.work,
1858                           device_uncache_fw_images_work);
1859
1860         fw_cache.pm_notify.notifier_call = fw_pm_notify;
1861         register_pm_notifier(&fw_cache.pm_notify);
1862
1863         register_syscore_ops(&fw_syscore_ops);
1864 #endif
1865 }
1866
1867 static int fw_shutdown_notify(struct notifier_block *unused1,
1868                               unsigned long unused2, void *unused3)
1869 {
1870         disable_firmware();
1871         /*
1872          * Kill all pending fallback requests to avoid both stalling shutdown,
1873          * and avoid a deadlock with the usermode_lock.
1874          */
1875         kill_pending_fw_fallback_reqs(false);
1876
1877         return NOTIFY_DONE;
1878 }
1879
1880 static struct notifier_block fw_shutdown_nb = {
1881         .notifier_call = fw_shutdown_notify,
1882 };
1883
1884 static int __init firmware_class_init(void)
1885 {
1886         enable_firmware();
1887         fw_cache_init();
1888         register_reboot_notifier(&fw_shutdown_nb);
1889 #ifdef CONFIG_FW_LOADER_USER_HELPER
1890         return class_register(&firmware_class);
1891 #else
1892         return 0;
1893 #endif
1894 }
1895
1896 static void __exit firmware_class_exit(void)
1897 {
1898         disable_firmware();
1899 #ifdef CONFIG_PM_SLEEP
1900         unregister_syscore_ops(&fw_syscore_ops);
1901         unregister_pm_notifier(&fw_cache.pm_notify);
1902 #endif
1903         unregister_reboot_notifier(&fw_shutdown_nb);
1904 #ifdef CONFIG_FW_LOADER_USER_HELPER
1905         class_unregister(&firmware_class);
1906 #endif
1907 }
1908
1909 fs_initcall(firmware_class_init);
1910 module_exit(firmware_class_exit);