linux/drivers/base/firmware_loader/fallback.c
<<
>>
Prefs 
   1// SPDX-License-Identifier: GPL-2.0
   2
   3#include <linux/types.h>
   4#include <linux/kconfig.h>
   5#include <linux/list.h>
   6#include <linux/slab.h>
   7#include <linux/security.h>
   8#include <linux/highmem.h>
   9#include <linux/umh.h>
  10#include <linux/sysctl.h>
  11#include <linux/vmalloc.h>
  12
  13#include "fallback.h"
  14#include "firmware.h"
  15
  16/*
  17 * firmware fallback mechanism
  18 */
  19
  20extern struct firmware_fallback_config fw_fallback_config;
  21
  22/* These getters are vetted to use int properly */
  23static inline int __firmware_loading_timeout(void)
  24{
  25        return fw_fallback_config.loading_timeout;
  26}
  27
  28/* These setters are vetted to use int properly */
  29static void __fw_fallback_set_timeout(int timeout)
  30{
  31        fw_fallback_config.loading_timeout = timeout;
  32}
  33
  34/*
  35 * use small loading timeout for caching devices' firmware because all these
  36 * firmware images have been loaded successfully at lease once, also system is
  37 * ready for completing firmware loading now. The maximum size of firmware in
  38 * current distributions is about 2M bytes, so 10 secs should be enough.
  39 */
  40void fw_fallback_set_cache_timeout(void)
  41{
  42        fw_fallback_config.old_timeout = __firmware_loading_timeout();
  43        __fw_fallback_set_timeout(10);
  44}
  45
  46/* Restores the timeout to the value last configured during normal operation */
  47void fw_fallback_set_default_timeout(void)
  48{
  49        __fw_fallback_set_timeout(fw_fallback_config.old_timeout);
  50}
  51
  52static long firmware_loading_timeout(void)
  53{
  54        return __firmware_loading_timeout() > 0 ?
  55                __firmware_loading_timeout() * HZ : MAX_JIFFY_OFFSET;
  56}
  57
  58static inline bool fw_sysfs_done(struct fw_priv *fw_priv)
  59{
  60        return __fw_state_check(fw_priv, FW_STATUS_DONE);
  61}
  62
  63static inline bool fw_sysfs_loading(struct fw_priv *fw_priv)
  64{
  65        return __fw_state_check(fw_priv, FW_STATUS_LOADING);
  66}
  67
  68static inline int fw_sysfs_wait_timeout(struct fw_priv *fw_priv,  long timeout)
  69{
  70        return __fw_state_wait_common(fw_priv, timeout);
  71}
  72
  73struct fw_sysfs {
  74        bool nowait;
  75        struct device dev;
  76        struct fw_priv *fw_priv;
  77        struct firmware *fw;
  78};
  79
  80static struct fw_sysfs *to_fw_sysfs(struct device *dev)
  81{
  82        return container_of(dev, struct fw_sysfs, dev);
  83}
  84
  85static void __fw_load_abort(struct fw_priv *fw_priv)
  86{
  87        /*
  88         * There is a small window in which user can write to 'loading'
  89         * between loading done and disappearance of 'loading'
  90         */
  91        if (fw_sysfs_done(fw_priv))
  92                return;
  93
  94        list_del_init(&fw_priv->pending_list);
  95        fw_state_aborted(fw_priv);
  96}
  97
  98static void fw_load_abort(struct fw_sysfs *fw_sysfs)
  99{
 100        struct fw_priv *fw_priv = fw_sysfs->fw_priv;
 101
 102        __fw_load_abort(fw_priv);
 103}
 104
 105static LIST_HEAD(pending_fw_head);
 106
 107void kill_pending_fw_fallback_reqs(bool only_kill_custom)
 108{
 109        struct fw_priv *fw_priv;
 110        struct fw_priv *next;
 111
 112        mutex_lock(&fw_lock);
 113        list_for_each_entry_safe(fw_priv, next, &pending_fw_head,
 114                                 pending_list) {
 115                if (!fw_priv->need_uevent || !only_kill_custom)
 116                         __fw_load_abort(fw_priv);
 117        }
 118        mutex_unlock(&fw_lock);
 119}
 120
 121static ssize_t timeout_show(struct class *class, struct class_attribute *attr,
 122                            char *buf)
 123{
 124        return sprintf(buf, "%d\n", __firmware_loading_timeout());
 125}
 126
 127/**
 128 * firmware_timeout_store() - set number of seconds to wait for firmware
 129 * @class: device class pointer
 130 * @attr: device attribute pointer
 131 * @buf: buffer to scan for timeout value
 132 * @count: number of bytes in @buf
 133 *
 134 *      Sets the number of seconds to wait for the firmware.  Once
 135 *      this expires an error will be returned to the driver and no
 136 *      firmware will be provided.
 137 *
 138 *      Note: zero means 'wait forever'.
 139 **/
 140static ssize_t timeout_store(struct class *class, struct class_attribute *attr,
 141                             const char *buf, size_t count)
 142{
 143        int tmp_loading_timeout = simple_strtol(buf, NULL, 10);
 144
 145        if (tmp_loading_timeout < 0)
 146                tmp_loading_timeout = 0;
 147
 148        __fw_fallback_set_timeout(tmp_loading_timeout);
 149
 150        return count;
 151}
 152static CLASS_ATTR_RW(timeout);
 153
 154static struct attribute *firmware_class_attrs[] = {
 155        &class_attr_timeout.attr,
 156        NULL,
 157};
 158ATTRIBUTE_GROUPS(firmware_class);
 159
 160static void fw_dev_release(struct device *dev)
 161{
 162        struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
 163
 164        kfree(fw_sysfs);
 165}
 166
 167static int do_firmware_uevent(struct fw_sysfs *fw_sysfs, struct kobj_uevent_env *env)
 168{
 169        if (add_uevent_var(env, "FIRMWARE=%s", fw_sysfs->fw_priv->fw_name))
 170                return -ENOMEM;
 171        if (add_uevent_var(env, "TIMEOUT=%i", __firmware_loading_timeout()))
 172                return -ENOMEM;
 173        if (add_uevent_var(env, "ASYNC=%d", fw_sysfs->nowait))
 174                return -ENOMEM;
 175
 176        return 0;
 177}
 178
 179static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
 180{
 181        struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
 182        int err = 0;
 183
 184        mutex_lock(&fw_lock);
 185        if (fw_sysfs->fw_priv)
 186                err = do_firmware_uevent(fw_sysfs, env);
 187        mutex_unlock(&fw_lock);
 188        return err;
 189}
 190
 191static struct class firmware_class = {
 192        .name           = "firmware",
 193        .class_groups   = firmware_class_groups,
 194        .dev_uevent     = firmware_uevent,
 195        .dev_release    = fw_dev_release,
 196};
 197
 198int register_sysfs_loader(void)
 199{
 200        return class_register(&firmware_class);
 201}
 202
 203void unregister_sysfs_loader(void)
 204{
 205        class_unregister(&firmware_class);
 206}
 207
 208static ssize_t firmware_loading_show(struct device *dev,
 209                                     struct device_attribute *attr, char *buf)
 210{
 211        struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
 212        int loading = 0;
 213
 214        mutex_lock(&fw_lock);
 215        if (fw_sysfs->fw_priv)
 216                loading = fw_sysfs_loading(fw_sysfs->fw_priv);
 217        mutex_unlock(&fw_lock);
 218
 219        return sprintf(buf, "%d\n", loading);
 220}
 221
 222/**
 223 * firmware_loading_store() - set value in the 'loading' control file
 224 * @dev: device pointer
 225 * @attr: device attribute pointer
 226 * @buf: buffer to scan for loading control value
 227 * @count: number of bytes in @buf
 228 *
 229 *      The relevant values are:
 230 *
 231 *       1: Start a load, discarding any previous partial load.
 232 *       0: Conclude the load and hand the data to the driver code.
 233 *      -1: Conclude the load with an error and discard any written data.
 234 **/
 235static ssize_t firmware_loading_store(struct device *dev,
 236                                      struct device_attribute *attr,
 237                                      const char *buf, size_t count)
 238{
 239        struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
 240        struct fw_priv *fw_priv;
 241        ssize_t written = count;
 242        int loading = simple_strtol(buf, NULL, 10);
 243
 244        mutex_lock(&fw_lock);
 245        fw_priv = fw_sysfs->fw_priv;
 246        if (fw_state_is_aborted(fw_priv))
 247                goto out;
 248
 249        switch (loading) {
 250        case 1:
 251                /* discarding any previous partial load */
 252                if (!fw_sysfs_done(fw_priv)) {
 253                        fw_free_paged_buf(fw_priv);
 254                        fw_state_start(fw_priv);
 255                }
 256                break;
 257        case 0:
 258                if (fw_sysfs_loading(fw_priv)) {
 259                        int rc;
 260
 261                        /*
 262                         * Several loading requests may be pending on
 263                         * one same firmware buf, so let all requests
 264                         * see the mapped 'buf->data' once the loading
 265                         * is completed.
 266                         * */
 267                        rc = fw_map_paged_buf(fw_priv);
 268                        if (rc)
 269                                dev_err(dev, "%s: map pages failed\n",
 270                                        __func__);
 271                        else
 272                                rc = security_kernel_post_read_file(NULL,
 273                                                fw_priv->data, fw_priv->size,
 274                                                READING_FIRMWARE);
 275
 276                        /*
 277                         * Same logic as fw_load_abort, only the DONE bit
 278                         * is ignored and we set ABORT only on failure.
 279                         */
 280                        list_del_init(&fw_priv->pending_list);
 281                        if (rc) {
 282                                fw_state_aborted(fw_priv);
 283                                written = rc;
 284                        } else {
 285                                fw_state_done(fw_priv);
 286                        }
 287                        break;
 288                }
 289                /* fallthrough */
 290        default:
 291                dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
 292                /* fallthrough */
 293        case -1:
 294                fw_load_abort(fw_sysfs);
 295                break;
 296        }
 297out:
 298        mutex_unlock(&fw_lock);
 299        return written;
 300}
 301
 302static DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
 303
 304static void firmware_rw_data(struct fw_priv *fw_priv, char *buffer,
 305                           loff_t offset, size_t count, bool read)
 306{
 307        if (read)
 308                memcpy(buffer, fw_priv->data + offset, count);
 309        else
 310                memcpy(fw_priv->data + offset, buffer, count);
 311}
 312
 313static void firmware_rw(struct fw_priv *fw_priv, char *buffer,
 314                        loff_t offset, size_t count, bool read)
 315{
 316        while (count) {
 317                void *page_data;
 318                int page_nr = offset >> PAGE_SHIFT;
 319                int page_ofs = offset & (PAGE_SIZE-1);
 320                int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
 321
 322                page_data = kmap(fw_priv->pages[page_nr]);
 323
 324                if (read)
 325                        memcpy(buffer, page_data + page_ofs, page_cnt);
 326                else
 327                        memcpy(page_data + page_ofs, buffer, page_cnt);
 328
 329                kunmap(fw_priv->pages[page_nr]);
 330                buffer += page_cnt;
 331                offset += page_cnt;
 332                count -= page_cnt;
 333        }
 334}
 335
 336static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
 337                                  struct bin_attribute *bin_attr,
 338                                  char *buffer, loff_t offset, size_t count)
 339{
 340        struct device *dev = kobj_to_dev(kobj);
 341        struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
 342        struct fw_priv *fw_priv;
 343        ssize_t ret_count;
 344
 345        mutex_lock(&fw_lock);
 346        fw_priv = fw_sysfs->fw_priv;
 347        if (!fw_priv || fw_sysfs_done(fw_priv)) {
 348                ret_count = -ENODEV;
 349                goto out;
 350        }
 351        if (offset > fw_priv->size) {
 352                ret_count = 0;
 353                goto out;
 354        }
 355        if (count > fw_priv->size - offset)
 356                count = fw_priv->size - offset;
 357
 358        ret_count = count;
 359
 360        if (fw_priv->data)
 361                firmware_rw_data(fw_priv, buffer, offset, count, true);
 362        else
 363                firmware_rw(fw_priv, buffer, offset, count, true);
 364
 365out:
 366        mutex_unlock(&fw_lock);
 367        return ret_count;
 368}
 369
 370static int fw_realloc_pages(struct fw_sysfs *fw_sysfs, int min_size)
 371{
 372        int err;
 373
 374        err = fw_grow_paged_buf(fw_sysfs->fw_priv,
 375                                PAGE_ALIGN(min_size) >> PAGE_SHIFT);
 376        if (err)
 377                fw_load_abort(fw_sysfs);
 378        return err;
 379}
 380
 381/**
 382 * firmware_data_write() - write method for firmware
 383 * @filp: open sysfs file
 384 * @kobj: kobject for the device
 385 * @bin_attr: bin_attr structure
 386 * @buffer: buffer being written
 387 * @offset: buffer offset for write in total data store area
 388 * @count: buffer size
 389 *
 390 *      Data written to the 'data' attribute will be later handed to
 391 *      the driver as a firmware image.
 392 **/
 393static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
 394                                   struct bin_attribute *bin_attr,
 395                                   char *buffer, loff_t offset, size_t count)
 396{
 397        struct device *dev = kobj_to_dev(kobj);
 398        struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
 399        struct fw_priv *fw_priv;
 400        ssize_t retval;
 401
 402        if (!capable(CAP_SYS_RAWIO))
 403                return -EPERM;
 404
 405        mutex_lock(&fw_lock);
 406        fw_priv = fw_sysfs->fw_priv;
 407        if (!fw_priv || fw_sysfs_done(fw_priv)) {
 408                retval = -ENODEV;
 409                goto out;
 410        }
 411
 412        if (fw_priv->data) {
 413                if (offset + count > fw_priv->allocated_size) {
 414                        retval = -ENOMEM;
 415                        goto out;
 416                }
 417                firmware_rw_data(fw_priv, buffer, offset, count, false);
 418                retval = count;
 419        } else {
 420                retval = fw_realloc_pages(fw_sysfs, offset + count);
 421                if (retval)
 422                        goto out;
 423
 424                retval = count;
 425                firmware_rw(fw_priv, buffer, offset, count, false);
 426        }
 427
 428        fw_priv->size = max_t(size_t, offset + count, fw_priv->size);
 429out:
 430        mutex_unlock(&fw_lock);
 431        return retval;
 432}
 433
 434static struct bin_attribute firmware_attr_data = {
 435        .attr = { .name = "data", .mode = 0644 },
 436        .size = 0,
 437        .read = firmware_data_read,
 438        .write = firmware_data_write,
 439};
 440
 441static struct attribute *fw_dev_attrs[] = {
 442        &dev_attr_loading.attr,
 443        NULL
 444};
 445
 446static struct bin_attribute *fw_dev_bin_attrs[] = {
 447        &firmware_attr_data,
 448        NULL
 449};
 450
 451static const struct attribute_group fw_dev_attr_group = {
 452        .attrs = fw_dev_attrs,
 453        .bin_attrs = fw_dev_bin_attrs,
 454};
 455
 456static const struct attribute_group *fw_dev_attr_groups[] = {
 457        &fw_dev_attr_group,
 458        NULL
 459};
 460
 461static struct fw_sysfs *
 462fw_create_instance(struct firmware *firmware, const char *fw_name,
 463                   struct device *device, enum fw_opt opt_flags)
 464{
 465        struct fw_sysfs *fw_sysfs;
 466        struct device *f_dev;
 467
 468        fw_sysfs = kzalloc(sizeof(*fw_sysfs), GFP_KERNEL);
 469        if (!fw_sysfs) {
 470                fw_sysfs = ERR_PTR(-ENOMEM);
 471                goto exit;
 472        }
 473
 474        fw_sysfs->nowait = !!(opt_flags & FW_OPT_NOWAIT);
 475        fw_sysfs->fw = firmware;
 476        f_dev = &fw_sysfs->dev;
 477
 478        device_initialize(f_dev);
 479        dev_set_name(f_dev, "%s", fw_name);
 480        f_dev->parent = device;
 481        f_dev->class = &firmware_class;
 482        f_dev->groups = fw_dev_attr_groups;
 483exit:
 484        return fw_sysfs;
 485}
 486
 487/**
 488 * fw_load_sysfs_fallback() - load a firmware via the sysfs fallback mechanism
 489 * @fw_sysfs: firmware sysfs information for the firmware to load
 490 * @opt_flags: flags of options, FW_OPT_*
 491 * @timeout: timeout to wait for the load
 492 *
 493 * In charge of constructing a sysfs fallback interface for firmware loading.
 494 **/
 495static int fw_load_sysfs_fallback(struct fw_sysfs *fw_sysfs,
 496                                  enum fw_opt opt_flags, long timeout)
 497{
 498        int retval = 0;
 499        struct device *f_dev = &fw_sysfs->dev;
 500        struct fw_priv *fw_priv = fw_sysfs->fw_priv;
 501
 502        /* fall back on userspace loading */
 503        if (!fw_priv->data)
 504                fw_priv->is_paged_buf = true;
 505
 506        dev_set_uevent_suppress(f_dev, true);
 507
 508        retval = device_add(f_dev);
 509        if (retval) {
 510                dev_err(f_dev, "%s: device_register failed\n", __func__);
 511                goto err_put_dev;
 512        }
 513
 514        mutex_lock(&fw_lock);
 515        list_add(&fw_priv->pending_list, &pending_fw_head);
 516        mutex_unlock(&fw_lock);
 517
 518        if (opt_flags & FW_OPT_UEVENT) {
 519                fw_priv->need_uevent = true;
 520                dev_set_uevent_suppress(f_dev, false);
 521                dev_dbg(f_dev, "firmware: requesting %s\n", fw_priv->fw_name);
 522                kobject_uevent(&fw_sysfs->dev.kobj, KOBJ_ADD);
 523        } else {
 524                timeout = MAX_JIFFY_OFFSET;
 525        }
 526
 527        retval = fw_sysfs_wait_timeout(fw_priv, timeout);
 528        if (retval < 0) {
 529                mutex_lock(&fw_lock);
 530                fw_load_abort(fw_sysfs);
 531                mutex_unlock(&fw_lock);
 532        }
 533
 534        if (fw_state_is_aborted(fw_priv)) {
 535                if (retval == -ERESTARTSYS)
 536                        retval = -EINTR;
 537                else
 538                        retval = -EAGAIN;
 539        } else if (fw_priv->is_paged_buf && !fw_priv->data)
 540                retval = -ENOMEM;
 541
 542        device_del(f_dev);
 543err_put_dev:
 544        put_device(f_dev);
 545        return retval;
 546}
 547
 548static int fw_load_from_user_helper(struct firmware *firmware,
 549                                    const char *name, struct device *device,
 550                                    enum fw_opt opt_flags)
 551{
 552        struct fw_sysfs *fw_sysfs;
 553        long timeout;
 554        int ret;
 555
 556        timeout = firmware_loading_timeout();
 557        if (opt_flags & FW_OPT_NOWAIT) {
 558                timeout = usermodehelper_read_lock_wait(timeout);
 559                if (!timeout) {
 560                        dev_dbg(device, "firmware: %s loading timed out\n",
 561                                name);
 562                        return -EBUSY;
 563                }
 564        } else {
 565                ret = usermodehelper_read_trylock();
 566                if (WARN_ON(ret)) {
 567                        dev_err(device, "firmware: %s will not be loaded\n",
 568                                name);
 569                        return ret;
 570                }
 571        }
 572
 573        fw_sysfs = fw_create_instance(firmware, name, device, opt_flags);
 574        if (IS_ERR(fw_sysfs)) {
 575                ret = PTR_ERR(fw_sysfs);
 576                goto out_unlock;
 577        }
 578
 579        fw_sysfs->fw_priv = firmware->priv;
 580        ret = fw_load_sysfs_fallback(fw_sysfs, opt_flags, timeout);
 581
 582        if (!ret)
 583                ret = assign_fw(firmware, device, opt_flags);
 584
 585out_unlock:
 586        usermodehelper_read_unlock();
 587
 588        return ret;
 589}
 590
 591static bool fw_force_sysfs_fallback(enum fw_opt opt_flags)
 592{
 593        if (fw_fallback_config.force_sysfs_fallback)
 594                return true;
 595        if (!(opt_flags & FW_OPT_USERHELPER))
 596                return false;
 597        return true;
 598}
 599
 600static bool fw_run_sysfs_fallback(enum fw_opt opt_flags)
 601{
 602        int ret;
 603
 604        if (fw_fallback_config.ignore_sysfs_fallback) {
 605                pr_info_once("Ignoring firmware sysfs fallback due to sysctl knob\n");
 606                return false;
 607        }
 608
 609        if ((opt_flags & FW_OPT_NOFALLBACK))
 610                return false;
 611
 612        /* Also permit LSMs and IMA to fail firmware sysfs fallback */
 613        ret = security_kernel_load_data(LOADING_FIRMWARE);
 614        if (ret < 0)
 615                return false;
 616
 617        return fw_force_sysfs_fallback(opt_flags);
 618}
 619
 620/**
 621 * firmware_fallback_sysfs() - use the fallback mechanism to find firmware
 622 * @fw: pointer to firmware image
 623 * @name: name of firmware file to look for
 624 * @device: device for which firmware is being loaded
 625 * @opt_flags: options to control firmware loading behaviour
 626 * @ret: return value from direct lookup which triggered the fallback mechanism
 627 *
 628 * This function is called if direct lookup for the firmware failed, it enables
 629 * a fallback mechanism through userspace by exposing a sysfs loading
 630 * interface. Userspace is in charge of loading the firmware through the sysfs
 631 * loading interface. This sysfs fallback mechanism may be disabled completely
 632 * on a system by setting the proc sysctl value ignore_sysfs_fallback to true.
 633 * If this false we check if the internal API caller set the @FW_OPT_NOFALLBACK
 634 * flag, if so it would also disable the fallback mechanism. A system may want
 635 * to enfoce the sysfs fallback mechanism at all times, it can do this by
 636 * setting ignore_sysfs_fallback to false and force_sysfs_fallback to true.
 637 * Enabling force_sysfs_fallback is functionally equivalent to build a kernel
 638 * with CONFIG_FW_LOADER_USER_HELPER_FALLBACK.
 639 **/
 640int firmware_fallback_sysfs(struct firmware *fw, const char *name,
 641                            struct device *device,
 642                            enum fw_opt opt_flags,
 643                            int ret)
 644{
 645        if (!fw_run_sysfs_fallback(opt_flags))
 646                return ret;
 647
 648        if (!(opt_flags & FW_OPT_NO_WARN))
 649                dev_warn(device, "Falling back to sysfs fallback for: %s\n",
 650                                 name);
 651        else
 652                dev_dbg(device, "Falling back to sysfs fallback for: %s\n",
 653                                name);
 654        return fw_load_from_user_helper(fw, name, device, opt_flags);
 655}
 656
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.