Revert "firmware: add sanity check on shutdown/suspend"
[muen/linux.git] / drivers / base / firmware_class.c
1 /*
2  * firmware_class.c - Multi purpose firmware loading support
3  *
4  * Copyright (c) 2003 Manuel Estrada Sainz
5  *
6  * Please see Documentation/firmware_class/ for more information.
7  *
8  */
9
10 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11
12 #include <linux/capability.h>
13 #include <linux/device.h>
14 #include <linux/module.h>
15 #include <linux/init.h>
16 #include <linux/timer.h>
17 #include <linux/vmalloc.h>
18 #include <linux/interrupt.h>
19 #include <linux/bitops.h>
20 #include <linux/mutex.h>
21 #include <linux/workqueue.h>
22 #include <linux/highmem.h>
23 #include <linux/firmware.h>
24 #include <linux/slab.h>
25 #include <linux/sched.h>
26 #include <linux/file.h>
27 #include <linux/list.h>
28 #include <linux/fs.h>
29 #include <linux/async.h>
30 #include <linux/pm.h>
31 #include <linux/suspend.h>
32 #include <linux/syscore_ops.h>
33 #include <linux/reboot.h>
34 #include <linux/security.h>
35
36 #include <generated/utsrelease.h>
37
38 #include "base.h"
39
40 MODULE_AUTHOR("Manuel Estrada Sainz");
41 MODULE_DESCRIPTION("Multi purpose firmware loading support");
42 MODULE_LICENSE("GPL");
43
44 /* Builtin firmware support */
45
46 #ifdef CONFIG_FW_LOADER
47
48 extern struct builtin_fw __start_builtin_fw[];
49 extern struct builtin_fw __end_builtin_fw[];
50
51 static bool fw_get_builtin_firmware(struct firmware *fw, const char *name,
52                                     void *buf, size_t size)
53 {
54         struct builtin_fw *b_fw;
55
56         for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++) {
57                 if (strcmp(name, b_fw->name) == 0) {
58                         fw->size = b_fw->size;
59                         fw->data = b_fw->data;
60
61                         if (buf && fw->size <= size)
62                                 memcpy(buf, fw->data, fw->size);
63                         return true;
64                 }
65         }
66
67         return false;
68 }
69
70 static bool fw_is_builtin_firmware(const struct firmware *fw)
71 {
72         struct builtin_fw *b_fw;
73
74         for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++)
75                 if (fw->data == b_fw->data)
76                         return true;
77
78         return false;
79 }
80
81 #else /* Module case - no builtin firmware support */
82
83 static inline bool fw_get_builtin_firmware(struct firmware *fw,
84                                            const char *name, void *buf,
85                                            size_t size)
86 {
87         return false;
88 }
89
90 static inline bool fw_is_builtin_firmware(const struct firmware *fw)
91 {
92         return false;
93 }
94 #endif
95
96 enum fw_status {
97         FW_STATUS_UNKNOWN,
98         FW_STATUS_LOADING,
99         FW_STATUS_DONE,
100         FW_STATUS_ABORTED,
101 };
102
103 static int loading_timeout = 60;        /* In seconds */
104
105 static inline long firmware_loading_timeout(void)
106 {
107         return loading_timeout > 0 ? loading_timeout * HZ : MAX_JIFFY_OFFSET;
108 }
109
110 /*
111  * Concurrent request_firmware() for the same firmware need to be
112  * serialized.  struct fw_state is simple state machine which hold the
113  * state of the firmware loading.
114  */
115 struct fw_state {
116         struct completion completion;
117         enum fw_status status;
118 };
119
120 static void fw_state_init(struct fw_state *fw_st)
121 {
122         init_completion(&fw_st->completion);
123         fw_st->status = FW_STATUS_UNKNOWN;
124 }
125
126 static inline bool __fw_state_is_done(enum fw_status status)
127 {
128         return status == FW_STATUS_DONE || status == FW_STATUS_ABORTED;
129 }
130
131 static int __fw_state_wait_common(struct fw_state *fw_st, long timeout)
132 {
133         long ret;
134
135         ret = wait_for_completion_killable_timeout(&fw_st->completion, timeout);
136         if (ret != 0 && fw_st->status == FW_STATUS_ABORTED)
137                 return -ENOENT;
138         if (!ret)
139                 return -ETIMEDOUT;
140
141         return ret < 0 ? ret : 0;
142 }
143
144 static void __fw_state_set(struct fw_state *fw_st,
145                            enum fw_status status)
146 {
147         WRITE_ONCE(fw_st->status, status);
148
149         if (status == FW_STATUS_DONE || status == FW_STATUS_ABORTED)
150                 complete_all(&fw_st->completion);
151 }
152
153 #define fw_state_start(fw_st)                                   \
154         __fw_state_set(fw_st, FW_STATUS_LOADING)
155 #define fw_state_done(fw_st)                                    \
156         __fw_state_set(fw_st, FW_STATUS_DONE)
157 #define fw_state_aborted(fw_st)                                 \
158         __fw_state_set(fw_st, FW_STATUS_ABORTED)
159 #define fw_state_wait(fw_st)                                    \
160         __fw_state_wait_common(fw_st, MAX_SCHEDULE_TIMEOUT)
161
162 static int __fw_state_check(struct fw_state *fw_st, enum fw_status status)
163 {
164         return fw_st->status == status;
165 }
166
167 #define fw_state_is_aborted(fw_st)                              \
168         __fw_state_check(fw_st, FW_STATUS_ABORTED)
169
170 #ifdef CONFIG_FW_LOADER_USER_HELPER
171
172 #define fw_state_aborted(fw_st)                                 \
173         __fw_state_set(fw_st, FW_STATUS_ABORTED)
174 #define fw_state_is_done(fw_st)                                 \
175         __fw_state_check(fw_st, FW_STATUS_DONE)
176 #define fw_state_is_loading(fw_st)                              \
177         __fw_state_check(fw_st, FW_STATUS_LOADING)
178 #define fw_state_wait_timeout(fw_st, timeout)                   \
179         __fw_state_wait_common(fw_st, timeout)
180
181 #endif /* CONFIG_FW_LOADER_USER_HELPER */
182
183 /* firmware behavior options */
184 #define FW_OPT_UEVENT   (1U << 0)
185 #define FW_OPT_NOWAIT   (1U << 1)
186 #ifdef CONFIG_FW_LOADER_USER_HELPER
187 #define FW_OPT_USERHELPER       (1U << 2)
188 #else
189 #define FW_OPT_USERHELPER       0
190 #endif
191 #ifdef CONFIG_FW_LOADER_USER_HELPER_FALLBACK
192 #define FW_OPT_FALLBACK         FW_OPT_USERHELPER
193 #else
194 #define FW_OPT_FALLBACK         0
195 #endif
196 #define FW_OPT_NO_WARN  (1U << 3)
197 #define FW_OPT_NOCACHE  (1U << 4)
198
199 struct firmware_cache {
200         /* firmware_buf instance will be added into the below list */
201         spinlock_t lock;
202         struct list_head head;
203         int state;
204
205 #ifdef CONFIG_PM_SLEEP
206         /*
207          * Names of firmware images which have been cached successfully
208          * will be added into the below list so that device uncache
209          * helper can trace which firmware images have been cached
210          * before.
211          */
212         spinlock_t name_lock;
213         struct list_head fw_names;
214
215         struct delayed_work work;
216
217         struct notifier_block   pm_notify;
218 #endif
219 };
220
221 struct firmware_buf {
222         struct kref ref;
223         struct list_head list;
224         struct firmware_cache *fwc;
225         struct fw_state fw_st;
226         void *data;
227         size_t size;
228         size_t allocated_size;
229 #ifdef CONFIG_FW_LOADER_USER_HELPER
230         bool is_paged_buf;
231         bool need_uevent;
232         struct page **pages;
233         int nr_pages;
234         int page_array_size;
235         struct list_head pending_list;
236 #endif
237         const char *fw_id;
238 };
239
240 struct fw_cache_entry {
241         struct list_head list;
242         const char *name;
243 };
244
245 struct fw_name_devm {
246         unsigned long magic;
247         const char *name;
248 };
249
250 #define to_fwbuf(d) container_of(d, struct firmware_buf, ref)
251
252 #define FW_LOADER_NO_CACHE      0
253 #define FW_LOADER_START_CACHE   1
254
255 static int fw_cache_piggyback_on_request(const char *name);
256
257 /* fw_lock could be moved to 'struct firmware_priv' but since it is just
258  * guarding for corner cases a global lock should be OK */
259 static DEFINE_MUTEX(fw_lock);
260
261 static struct firmware_cache fw_cache;
262
263 static struct firmware_buf *__allocate_fw_buf(const char *fw_name,
264                                               struct firmware_cache *fwc,
265                                               void *dbuf, size_t size)
266 {
267         struct firmware_buf *buf;
268
269         buf = kzalloc(sizeof(*buf), GFP_ATOMIC);
270         if (!buf)
271                 return NULL;
272
273         buf->fw_id = kstrdup_const(fw_name, GFP_ATOMIC);
274         if (!buf->fw_id) {
275                 kfree(buf);
276                 return NULL;
277         }
278
279         kref_init(&buf->ref);
280         buf->fwc = fwc;
281         buf->data = dbuf;
282         buf->allocated_size = size;
283         fw_state_init(&buf->fw_st);
284 #ifdef CONFIG_FW_LOADER_USER_HELPER
285         INIT_LIST_HEAD(&buf->pending_list);
286 #endif
287
288         pr_debug("%s: fw-%s buf=%p\n", __func__, fw_name, buf);
289
290         return buf;
291 }
292
293 static struct firmware_buf *__fw_lookup_buf(const char *fw_name)
294 {
295         struct firmware_buf *tmp;
296         struct firmware_cache *fwc = &fw_cache;
297
298         list_for_each_entry(tmp, &fwc->head, list)
299                 if (!strcmp(tmp->fw_id, fw_name))
300                         return tmp;
301         return NULL;
302 }
303
304 /* Returns 1 for batching firmware requests with the same name */
305 static int fw_lookup_and_allocate_buf(const char *fw_name,
306                                       struct firmware_cache *fwc,
307                                       struct firmware_buf **buf, void *dbuf,
308                                       size_t size)
309 {
310         struct firmware_buf *tmp;
311
312         spin_lock(&fwc->lock);
313         tmp = __fw_lookup_buf(fw_name);
314         if (tmp) {
315                 kref_get(&tmp->ref);
316                 spin_unlock(&fwc->lock);
317                 *buf = tmp;
318                 pr_debug("batched request - sharing the same struct firmware_buf and lookup for multiple requests\n");
319                 return 1;
320         }
321         tmp = __allocate_fw_buf(fw_name, fwc, dbuf, size);
322         if (tmp)
323                 list_add(&tmp->list, &fwc->head);
324         spin_unlock(&fwc->lock);
325
326         *buf = tmp;
327
328         return tmp ? 0 : -ENOMEM;
329 }
330
331 static void __fw_free_buf(struct kref *ref)
332         __releases(&fwc->lock)
333 {
334         struct firmware_buf *buf = to_fwbuf(ref);
335         struct firmware_cache *fwc = buf->fwc;
336
337         pr_debug("%s: fw-%s buf=%p data=%p size=%u\n",
338                  __func__, buf->fw_id, buf, buf->data,
339                  (unsigned int)buf->size);
340
341         list_del(&buf->list);
342         spin_unlock(&fwc->lock);
343
344 #ifdef CONFIG_FW_LOADER_USER_HELPER
345         if (buf->is_paged_buf) {
346                 int i;
347                 vunmap(buf->data);
348                 for (i = 0; i < buf->nr_pages; i++)
349                         __free_page(buf->pages[i]);
350                 vfree(buf->pages);
351         } else
352 #endif
353         if (!buf->allocated_size)
354                 vfree(buf->data);
355         kfree_const(buf->fw_id);
356         kfree(buf);
357 }
358
359 static void fw_free_buf(struct firmware_buf *buf)
360 {
361         struct firmware_cache *fwc = buf->fwc;
362         spin_lock(&fwc->lock);
363         if (!kref_put(&buf->ref, __fw_free_buf))
364                 spin_unlock(&fwc->lock);
365 }
366
367 /* direct firmware loading support */
368 static char fw_path_para[256];
369 static const char * const fw_path[] = {
370         fw_path_para,
371         "/lib/firmware/updates/" UTS_RELEASE,
372         "/lib/firmware/updates",
373         "/lib/firmware/" UTS_RELEASE,
374         "/lib/firmware"
375 };
376
377 /*
378  * Typical usage is that passing 'firmware_class.path=$CUSTOMIZED_PATH'
379  * from kernel command line because firmware_class is generally built in
380  * kernel instead of module.
381  */
382 module_param_string(path, fw_path_para, sizeof(fw_path_para), 0644);
383 MODULE_PARM_DESC(path, "customized firmware image search path with a higher priority than default path");
384
385 static int
386 fw_get_filesystem_firmware(struct device *device, struct firmware_buf *buf)
387 {
388         loff_t size;
389         int i, len;
390         int rc = -ENOENT;
391         char *path;
392         enum kernel_read_file_id id = READING_FIRMWARE;
393         size_t msize = INT_MAX;
394
395         /* Already populated data member means we're loading into a buffer */
396         if (buf->data) {
397                 id = READING_FIRMWARE_PREALLOC_BUFFER;
398                 msize = buf->allocated_size;
399         }
400
401         path = __getname();
402         if (!path)
403                 return -ENOMEM;
404
405         for (i = 0; i < ARRAY_SIZE(fw_path); i++) {
406                 /* skip the unset customized path */
407                 if (!fw_path[i][0])
408                         continue;
409
410                 len = snprintf(path, PATH_MAX, "%s/%s",
411                                fw_path[i], buf->fw_id);
412                 if (len >= PATH_MAX) {
413                         rc = -ENAMETOOLONG;
414                         break;
415                 }
416
417                 buf->size = 0;
418                 rc = kernel_read_file_from_path(path, &buf->data, &size, msize,
419                                                 id);
420                 if (rc) {
421                         if (rc == -ENOENT)
422                                 dev_dbg(device, "loading %s failed with error %d\n",
423                                          path, rc);
424                         else
425                                 dev_warn(device, "loading %s failed with error %d\n",
426                                          path, rc);
427                         continue;
428                 }
429                 dev_dbg(device, "direct-loading %s\n", buf->fw_id);
430                 buf->size = size;
431                 fw_state_done(&buf->fw_st);
432                 break;
433         }
434         __putname(path);
435
436         return rc;
437 }
438
439 /* firmware holds the ownership of pages */
440 static void firmware_free_data(const struct firmware *fw)
441 {
442         /* Loaded directly? */
443         if (!fw->priv) {
444                 vfree(fw->data);
445                 return;
446         }
447         fw_free_buf(fw->priv);
448 }
449
450 /* store the pages buffer info firmware from buf */
451 static void fw_set_page_data(struct firmware_buf *buf, struct firmware *fw)
452 {
453         fw->priv = buf;
454 #ifdef CONFIG_FW_LOADER_USER_HELPER
455         fw->pages = buf->pages;
456 #endif
457         fw->size = buf->size;
458         fw->data = buf->data;
459
460         pr_debug("%s: fw-%s buf=%p data=%p size=%u\n",
461                  __func__, buf->fw_id, buf, buf->data,
462                  (unsigned int)buf->size);
463 }
464
465 #ifdef CONFIG_PM_SLEEP
466 static void fw_name_devm_release(struct device *dev, void *res)
467 {
468         struct fw_name_devm *fwn = res;
469
470         if (fwn->magic == (unsigned long)&fw_cache)
471                 pr_debug("%s: fw_name-%s devm-%p released\n",
472                                 __func__, fwn->name, res);
473         kfree_const(fwn->name);
474 }
475
476 static int fw_devm_match(struct device *dev, void *res,
477                 void *match_data)
478 {
479         struct fw_name_devm *fwn = res;
480
481         return (fwn->magic == (unsigned long)&fw_cache) &&
482                 !strcmp(fwn->name, match_data);
483 }
484
485 static struct fw_name_devm *fw_find_devm_name(struct device *dev,
486                 const char *name)
487 {
488         struct fw_name_devm *fwn;
489
490         fwn = devres_find(dev, fw_name_devm_release,
491                           fw_devm_match, (void *)name);
492         return fwn;
493 }
494
495 /* add firmware name into devres list */
496 static int fw_add_devm_name(struct device *dev, const char *name)
497 {
498         struct fw_name_devm *fwn;
499
500         fwn = fw_find_devm_name(dev, name);
501         if (fwn)
502                 return 1;
503
504         fwn = devres_alloc(fw_name_devm_release, sizeof(struct fw_name_devm),
505                            GFP_KERNEL);
506         if (!fwn)
507                 return -ENOMEM;
508         fwn->name = kstrdup_const(name, GFP_KERNEL);
509         if (!fwn->name) {
510                 devres_free(fwn);
511                 return -ENOMEM;
512         }
513
514         fwn->magic = (unsigned long)&fw_cache;
515         devres_add(dev, fwn);
516
517         return 0;
518 }
519 #else
520 static int fw_add_devm_name(struct device *dev, const char *name)
521 {
522         return 0;
523 }
524 #endif
525
526 static int assign_firmware_buf(struct firmware *fw, struct device *device,
527                                unsigned int opt_flags)
528 {
529         struct firmware_buf *buf = fw->priv;
530
531         mutex_lock(&fw_lock);
532         if (!buf->size || fw_state_is_aborted(&buf->fw_st)) {
533                 mutex_unlock(&fw_lock);
534                 return -ENOENT;
535         }
536
537         /*
538          * add firmware name into devres list so that we can auto cache
539          * and uncache firmware for device.
540          *
541          * device may has been deleted already, but the problem
542          * should be fixed in devres or driver core.
543          */
544         /* don't cache firmware handled without uevent */
545         if (device && (opt_flags & FW_OPT_UEVENT) &&
546             !(opt_flags & FW_OPT_NOCACHE))
547                 fw_add_devm_name(device, buf->fw_id);
548
549         /*
550          * After caching firmware image is started, let it piggyback
551          * on request firmware.
552          */
553         if (!(opt_flags & FW_OPT_NOCACHE) &&
554             buf->fwc->state == FW_LOADER_START_CACHE) {
555                 if (fw_cache_piggyback_on_request(buf->fw_id))
556                         kref_get(&buf->ref);
557         }
558
559         /* pass the pages buffer to driver at the last minute */
560         fw_set_page_data(buf, fw);
561         mutex_unlock(&fw_lock);
562         return 0;
563 }
564
565 /*
566  * user-mode helper code
567  */
568 #ifdef CONFIG_FW_LOADER_USER_HELPER
569 struct firmware_priv {
570         bool nowait;
571         struct device dev;
572         struct firmware_buf *buf;
573         struct firmware *fw;
574 };
575
576 static struct firmware_priv *to_firmware_priv(struct device *dev)
577 {
578         return container_of(dev, struct firmware_priv, dev);
579 }
580
581 static void __fw_load_abort(struct firmware_buf *buf)
582 {
583         /*
584          * There is a small window in which user can write to 'loading'
585          * between loading done and disappearance of 'loading'
586          */
587         if (fw_state_is_done(&buf->fw_st))
588                 return;
589
590         list_del_init(&buf->pending_list);
591         fw_state_aborted(&buf->fw_st);
592 }
593
594 static void fw_load_abort(struct firmware_priv *fw_priv)
595 {
596         struct firmware_buf *buf = fw_priv->buf;
597
598         __fw_load_abort(buf);
599 }
600
601 static LIST_HEAD(pending_fw_head);
602
603 static void kill_pending_fw_fallback_reqs(bool only_kill_custom)
604 {
605         struct firmware_buf *buf;
606         struct firmware_buf *next;
607
608         mutex_lock(&fw_lock);
609         list_for_each_entry_safe(buf, next, &pending_fw_head, pending_list) {
610                 if (!buf->need_uevent || !only_kill_custom)
611                          __fw_load_abort(buf);
612         }
613         mutex_unlock(&fw_lock);
614 }
615
616 static ssize_t timeout_show(struct class *class, struct class_attribute *attr,
617                             char *buf)
618 {
619         return sprintf(buf, "%d\n", loading_timeout);
620 }
621
622 /**
623  * firmware_timeout_store - set number of seconds to wait for firmware
624  * @class: device class pointer
625  * @attr: device attribute pointer
626  * @buf: buffer to scan for timeout value
627  * @count: number of bytes in @buf
628  *
629  *      Sets the number of seconds to wait for the firmware.  Once
630  *      this expires an error will be returned to the driver and no
631  *      firmware will be provided.
632  *
633  *      Note: zero means 'wait forever'.
634  **/
635 static ssize_t timeout_store(struct class *class, struct class_attribute *attr,
636                              const char *buf, size_t count)
637 {
638         loading_timeout = simple_strtol(buf, NULL, 10);
639         if (loading_timeout < 0)
640                 loading_timeout = 0;
641
642         return count;
643 }
644 static CLASS_ATTR_RW(timeout);
645
646 static struct attribute *firmware_class_attrs[] = {
647         &class_attr_timeout.attr,
648         NULL,
649 };
650 ATTRIBUTE_GROUPS(firmware_class);
651
652 static void fw_dev_release(struct device *dev)
653 {
654         struct firmware_priv *fw_priv = to_firmware_priv(dev);
655
656         kfree(fw_priv);
657 }
658
659 static int do_firmware_uevent(struct firmware_priv *fw_priv, struct kobj_uevent_env *env)
660 {
661         if (add_uevent_var(env, "FIRMWARE=%s", fw_priv->buf->fw_id))
662                 return -ENOMEM;
663         if (add_uevent_var(env, "TIMEOUT=%i", loading_timeout))
664                 return -ENOMEM;
665         if (add_uevent_var(env, "ASYNC=%d", fw_priv->nowait))
666                 return -ENOMEM;
667
668         return 0;
669 }
670
671 static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
672 {
673         struct firmware_priv *fw_priv = to_firmware_priv(dev);
674         int err = 0;
675
676         mutex_lock(&fw_lock);
677         if (fw_priv->buf)
678                 err = do_firmware_uevent(fw_priv, env);
679         mutex_unlock(&fw_lock);
680         return err;
681 }
682
683 static struct class firmware_class = {
684         .name           = "firmware",
685         .class_groups   = firmware_class_groups,
686         .dev_uevent     = firmware_uevent,
687         .dev_release    = fw_dev_release,
688 };
689
690 static ssize_t firmware_loading_show(struct device *dev,
691                                      struct device_attribute *attr, char *buf)
692 {
693         struct firmware_priv *fw_priv = to_firmware_priv(dev);
694         int loading = 0;
695
696         mutex_lock(&fw_lock);
697         if (fw_priv->buf)
698                 loading = fw_state_is_loading(&fw_priv->buf->fw_st);
699         mutex_unlock(&fw_lock);
700
701         return sprintf(buf, "%d\n", loading);
702 }
703
704 /* Some architectures don't have PAGE_KERNEL_RO */
705 #ifndef PAGE_KERNEL_RO
706 #define PAGE_KERNEL_RO PAGE_KERNEL
707 #endif
708
709 /* one pages buffer should be mapped/unmapped only once */
710 static int fw_map_pages_buf(struct firmware_buf *buf)
711 {
712         if (!buf->is_paged_buf)
713                 return 0;
714
715         vunmap(buf->data);
716         buf->data = vmap(buf->pages, buf->nr_pages, 0, PAGE_KERNEL_RO);
717         if (!buf->data)
718                 return -ENOMEM;
719         return 0;
720 }
721
722 /**
723  * firmware_loading_store - set value in the 'loading' control file
724  * @dev: device pointer
725  * @attr: device attribute pointer
726  * @buf: buffer to scan for loading control value
727  * @count: number of bytes in @buf
728  *
729  *      The relevant values are:
730  *
731  *       1: Start a load, discarding any previous partial load.
732  *       0: Conclude the load and hand the data to the driver code.
733  *      -1: Conclude the load with an error and discard any written data.
734  **/
735 static ssize_t firmware_loading_store(struct device *dev,
736                                       struct device_attribute *attr,
737                                       const char *buf, size_t count)
738 {
739         struct firmware_priv *fw_priv = to_firmware_priv(dev);
740         struct firmware_buf *fw_buf;
741         ssize_t written = count;
742         int loading = simple_strtol(buf, NULL, 10);
743         int i;
744
745         mutex_lock(&fw_lock);
746         fw_buf = fw_priv->buf;
747         if (fw_state_is_aborted(&fw_buf->fw_st))
748                 goto out;
749
750         switch (loading) {
751         case 1:
752                 /* discarding any previous partial load */
753                 if (!fw_state_is_done(&fw_buf->fw_st)) {
754                         for (i = 0; i < fw_buf->nr_pages; i++)
755                                 __free_page(fw_buf->pages[i]);
756                         vfree(fw_buf->pages);
757                         fw_buf->pages = NULL;
758                         fw_buf->page_array_size = 0;
759                         fw_buf->nr_pages = 0;
760                         fw_state_start(&fw_buf->fw_st);
761                 }
762                 break;
763         case 0:
764                 if (fw_state_is_loading(&fw_buf->fw_st)) {
765                         int rc;
766
767                         /*
768                          * Several loading requests may be pending on
769                          * one same firmware buf, so let all requests
770                          * see the mapped 'buf->data' once the loading
771                          * is completed.
772                          * */
773                         rc = fw_map_pages_buf(fw_buf);
774                         if (rc)
775                                 dev_err(dev, "%s: map pages failed\n",
776                                         __func__);
777                         else
778                                 rc = security_kernel_post_read_file(NULL,
779                                                 fw_buf->data, fw_buf->size,
780                                                 READING_FIRMWARE);
781
782                         /*
783                          * Same logic as fw_load_abort, only the DONE bit
784                          * is ignored and we set ABORT only on failure.
785                          */
786                         list_del_init(&fw_buf->pending_list);
787                         if (rc) {
788                                 fw_state_aborted(&fw_buf->fw_st);
789                                 written = rc;
790                         } else {
791                                 fw_state_done(&fw_buf->fw_st);
792                         }
793                         break;
794                 }
795                 /* fallthrough */
796         default:
797                 dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
798                 /* fallthrough */
799         case -1:
800                 fw_load_abort(fw_priv);
801                 break;
802         }
803 out:
804         mutex_unlock(&fw_lock);
805         return written;
806 }
807
808 static DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
809
810 static void firmware_rw_buf(struct firmware_buf *buf, char *buffer,
811                            loff_t offset, size_t count, bool read)
812 {
813         if (read)
814                 memcpy(buffer, buf->data + offset, count);
815         else
816                 memcpy(buf->data + offset, buffer, count);
817 }
818
819 static void firmware_rw(struct firmware_buf *buf, char *buffer,
820                         loff_t offset, size_t count, bool read)
821 {
822         while (count) {
823                 void *page_data;
824                 int page_nr = offset >> PAGE_SHIFT;
825                 int page_ofs = offset & (PAGE_SIZE-1);
826                 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
827
828                 page_data = kmap(buf->pages[page_nr]);
829
830                 if (read)
831                         memcpy(buffer, page_data + page_ofs, page_cnt);
832                 else
833                         memcpy(page_data + page_ofs, buffer, page_cnt);
834
835                 kunmap(buf->pages[page_nr]);
836                 buffer += page_cnt;
837                 offset += page_cnt;
838                 count -= page_cnt;
839         }
840 }
841
842 static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
843                                   struct bin_attribute *bin_attr,
844                                   char *buffer, loff_t offset, size_t count)
845 {
846         struct device *dev = kobj_to_dev(kobj);
847         struct firmware_priv *fw_priv = to_firmware_priv(dev);
848         struct firmware_buf *buf;
849         ssize_t ret_count;
850
851         mutex_lock(&fw_lock);
852         buf = fw_priv->buf;
853         if (!buf || fw_state_is_done(&buf->fw_st)) {
854                 ret_count = -ENODEV;
855                 goto out;
856         }
857         if (offset > buf->size) {
858                 ret_count = 0;
859                 goto out;
860         }
861         if (count > buf->size - offset)
862                 count = buf->size - offset;
863
864         ret_count = count;
865
866         if (buf->data)
867                 firmware_rw_buf(buf, buffer, offset, count, true);
868         else
869                 firmware_rw(buf, buffer, offset, count, true);
870
871 out:
872         mutex_unlock(&fw_lock);
873         return ret_count;
874 }
875
876 static int fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size)
877 {
878         struct firmware_buf *buf = fw_priv->buf;
879         int pages_needed = PAGE_ALIGN(min_size) >> PAGE_SHIFT;
880
881         /* If the array of pages is too small, grow it... */
882         if (buf->page_array_size < pages_needed) {
883                 int new_array_size = max(pages_needed,
884                                          buf->page_array_size * 2);
885                 struct page **new_pages;
886
887                 new_pages = vmalloc(new_array_size * sizeof(void *));
888                 if (!new_pages) {
889                         fw_load_abort(fw_priv);
890                         return -ENOMEM;
891                 }
892                 memcpy(new_pages, buf->pages,
893                        buf->page_array_size * sizeof(void *));
894                 memset(&new_pages[buf->page_array_size], 0, sizeof(void *) *
895                        (new_array_size - buf->page_array_size));
896                 vfree(buf->pages);
897                 buf->pages = new_pages;
898                 buf->page_array_size = new_array_size;
899         }
900
901         while (buf->nr_pages < pages_needed) {
902                 buf->pages[buf->nr_pages] =
903                         alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
904
905                 if (!buf->pages[buf->nr_pages]) {
906                         fw_load_abort(fw_priv);
907                         return -ENOMEM;
908                 }
909                 buf->nr_pages++;
910         }
911         return 0;
912 }
913
914 /**
915  * firmware_data_write - write method for firmware
916  * @filp: open sysfs file
917  * @kobj: kobject for the device
918  * @bin_attr: bin_attr structure
919  * @buffer: buffer being written
920  * @offset: buffer offset for write in total data store area
921  * @count: buffer size
922  *
923  *      Data written to the 'data' attribute will be later handed to
924  *      the driver as a firmware image.
925  **/
926 static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
927                                    struct bin_attribute *bin_attr,
928                                    char *buffer, loff_t offset, size_t count)
929 {
930         struct device *dev = kobj_to_dev(kobj);
931         struct firmware_priv *fw_priv = to_firmware_priv(dev);
932         struct firmware_buf *buf;
933         ssize_t retval;
934
935         if (!capable(CAP_SYS_RAWIO))
936                 return -EPERM;
937
938         mutex_lock(&fw_lock);
939         buf = fw_priv->buf;
940         if (!buf || fw_state_is_done(&buf->fw_st)) {
941                 retval = -ENODEV;
942                 goto out;
943         }
944
945         if (buf->data) {
946                 if (offset + count > buf->allocated_size) {
947                         retval = -ENOMEM;
948                         goto out;
949                 }
950                 firmware_rw_buf(buf, buffer, offset, count, false);
951                 retval = count;
952         } else {
953                 retval = fw_realloc_buffer(fw_priv, offset + count);
954                 if (retval)
955                         goto out;
956
957                 retval = count;
958                 firmware_rw(buf, buffer, offset, count, false);
959         }
960
961         buf->size = max_t(size_t, offset + count, buf->size);
962 out:
963         mutex_unlock(&fw_lock);
964         return retval;
965 }
966
967 static struct bin_attribute firmware_attr_data = {
968         .attr = { .name = "data", .mode = 0644 },
969         .size = 0,
970         .read = firmware_data_read,
971         .write = firmware_data_write,
972 };
973
974 static struct attribute *fw_dev_attrs[] = {
975         &dev_attr_loading.attr,
976         NULL
977 };
978
979 static struct bin_attribute *fw_dev_bin_attrs[] = {
980         &firmware_attr_data,
981         NULL
982 };
983
984 static const struct attribute_group fw_dev_attr_group = {
985         .attrs = fw_dev_attrs,
986         .bin_attrs = fw_dev_bin_attrs,
987 };
988
989 static const struct attribute_group *fw_dev_attr_groups[] = {
990         &fw_dev_attr_group,
991         NULL
992 };
993
994 static struct firmware_priv *
995 fw_create_instance(struct firmware *firmware, const char *fw_name,
996                    struct device *device, unsigned int opt_flags)
997 {
998         struct firmware_priv *fw_priv;
999         struct device *f_dev;
1000
1001         fw_priv = kzalloc(sizeof(*fw_priv), GFP_KERNEL);
1002         if (!fw_priv) {
1003                 fw_priv = ERR_PTR(-ENOMEM);
1004                 goto exit;
1005         }
1006
1007         fw_priv->nowait = !!(opt_flags & FW_OPT_NOWAIT);
1008         fw_priv->fw = firmware;
1009         f_dev = &fw_priv->dev;
1010
1011         device_initialize(f_dev);
1012         dev_set_name(f_dev, "%s", fw_name);
1013         f_dev->parent = device;
1014         f_dev->class = &firmware_class;
1015         f_dev->groups = fw_dev_attr_groups;
1016 exit:
1017         return fw_priv;
1018 }
1019
1020 /* load a firmware via user helper */
1021 static int _request_firmware_load(struct firmware_priv *fw_priv,
1022                                   unsigned int opt_flags, long timeout)
1023 {
1024         int retval = 0;
1025         struct device *f_dev = &fw_priv->dev;
1026         struct firmware_buf *buf = fw_priv->buf;
1027
1028         /* fall back on userspace loading */
1029         if (!buf->data)
1030                 buf->is_paged_buf = true;
1031
1032         dev_set_uevent_suppress(f_dev, true);
1033
1034         retval = device_add(f_dev);
1035         if (retval) {
1036                 dev_err(f_dev, "%s: device_register failed\n", __func__);
1037                 goto err_put_dev;
1038         }
1039
1040         mutex_lock(&fw_lock);
1041         list_add(&buf->pending_list, &pending_fw_head);
1042         mutex_unlock(&fw_lock);
1043
1044         if (opt_flags & FW_OPT_UEVENT) {
1045                 buf->need_uevent = true;
1046                 dev_set_uevent_suppress(f_dev, false);
1047                 dev_dbg(f_dev, "firmware: requesting %s\n", buf->fw_id);
1048                 kobject_uevent(&fw_priv->dev.kobj, KOBJ_ADD);
1049         } else {
1050                 timeout = MAX_JIFFY_OFFSET;
1051         }
1052
1053         retval = fw_state_wait_timeout(&buf->fw_st, timeout);
1054         if (retval < 0) {
1055                 mutex_lock(&fw_lock);
1056                 fw_load_abort(fw_priv);
1057                 mutex_unlock(&fw_lock);
1058         }
1059
1060         if (fw_state_is_aborted(&buf->fw_st)) {
1061                 if (retval == -ERESTARTSYS)
1062                         retval = -EINTR;
1063                 else
1064                         retval = -EAGAIN;
1065         } else if (buf->is_paged_buf && !buf->data)
1066                 retval = -ENOMEM;
1067
1068         device_del(f_dev);
1069 err_put_dev:
1070         put_device(f_dev);
1071         return retval;
1072 }
1073
1074 static int fw_load_from_user_helper(struct firmware *firmware,
1075                                     const char *name, struct device *device,
1076                                     unsigned int opt_flags)
1077 {
1078         struct firmware_priv *fw_priv;
1079         long timeout;
1080         int ret;
1081
1082         timeout = firmware_loading_timeout();
1083         if (opt_flags & FW_OPT_NOWAIT) {
1084                 timeout = usermodehelper_read_lock_wait(timeout);
1085                 if (!timeout) {
1086                         dev_dbg(device, "firmware: %s loading timed out\n",
1087                                 name);
1088                         return -EBUSY;
1089                 }
1090         } else {
1091                 ret = usermodehelper_read_trylock();
1092                 if (WARN_ON(ret)) {
1093                         dev_err(device, "firmware: %s will not be loaded\n",
1094                                 name);
1095                         return ret;
1096                 }
1097         }
1098
1099         fw_priv = fw_create_instance(firmware, name, device, opt_flags);
1100         if (IS_ERR(fw_priv)) {
1101                 ret = PTR_ERR(fw_priv);
1102                 goto out_unlock;
1103         }
1104
1105         fw_priv->buf = firmware->priv;
1106         ret = _request_firmware_load(fw_priv, opt_flags, timeout);
1107
1108         if (!ret)
1109                 ret = assign_firmware_buf(firmware, device, opt_flags);
1110
1111 out_unlock:
1112         usermodehelper_read_unlock();
1113
1114         return ret;
1115 }
1116
1117 #else /* CONFIG_FW_LOADER_USER_HELPER */
1118 static inline int
1119 fw_load_from_user_helper(struct firmware *firmware, const char *name,
1120                          struct device *device, unsigned int opt_flags)
1121 {
1122         return -ENOENT;
1123 }
1124
1125 static inline void kill_pending_fw_fallback_reqs(bool only_kill_custom) { }
1126
1127 #endif /* CONFIG_FW_LOADER_USER_HELPER */
1128
1129 /* prepare firmware and firmware_buf structs;
1130  * return 0 if a firmware is already assigned, 1 if need to load one,
1131  * or a negative error code
1132  */
1133 static int
1134 _request_firmware_prepare(struct firmware **firmware_p, const char *name,
1135                           struct device *device, void *dbuf, size_t size)
1136 {
1137         struct firmware *firmware;
1138         struct firmware_buf *buf;
1139         int ret;
1140
1141         *firmware_p = firmware = kzalloc(sizeof(*firmware), GFP_KERNEL);
1142         if (!firmware) {
1143                 dev_err(device, "%s: kmalloc(struct firmware) failed\n",
1144                         __func__);
1145                 return -ENOMEM;
1146         }
1147
1148         if (fw_get_builtin_firmware(firmware, name, dbuf, size)) {
1149                 dev_dbg(device, "using built-in %s\n", name);
1150                 return 0; /* assigned */
1151         }
1152
1153         ret = fw_lookup_and_allocate_buf(name, &fw_cache, &buf, dbuf, size);
1154
1155         /*
1156          * bind with 'buf' now to avoid warning in failure path
1157          * of requesting firmware.
1158          */
1159         firmware->priv = buf;
1160
1161         if (ret > 0) {
1162                 ret = fw_state_wait(&buf->fw_st);
1163                 if (!ret) {
1164                         fw_set_page_data(buf, firmware);
1165                         return 0; /* assigned */
1166                 }
1167         }
1168
1169         if (ret < 0)
1170                 return ret;
1171         return 1; /* need to load */
1172 }
1173
1174 /*
1175  * Batched requests need only one wake, we need to do this step last due to the
1176  * fallback mechanism. The buf is protected with kref_get(), and it won't be
1177  * released until the last user calls release_firmware().
1178  *
1179  * Failed batched requests are possible as well, in such cases we just share
1180  * the struct firmware_buf and won't release it until all requests are woken
1181  * and have gone through this same path.
1182  */
1183 static void fw_abort_batch_reqs(struct firmware *fw)
1184 {
1185         struct firmware_buf *buf;
1186
1187         /* Loaded directly? */
1188         if (!fw || !fw->priv)
1189                 return;
1190
1191         buf = fw->priv;
1192         if (!fw_state_is_aborted(&buf->fw_st))
1193                 fw_state_aborted(&buf->fw_st);
1194 }
1195
1196 /* called from request_firmware() and request_firmware_work_func() */
1197 static int
1198 _request_firmware(const struct firmware **firmware_p, const char *name,
1199                   struct device *device, void *buf, size_t size,
1200                   unsigned int opt_flags)
1201 {
1202         struct firmware *fw = NULL;
1203         int ret;
1204
1205         if (!firmware_p)
1206                 return -EINVAL;
1207
1208         if (!name || name[0] == '\0') {
1209                 ret = -EINVAL;
1210                 goto out;
1211         }
1212
1213         ret = _request_firmware_prepare(&fw, name, device, buf, size);
1214         if (ret <= 0) /* error or already assigned */
1215                 goto out;
1216
1217         ret = fw_get_filesystem_firmware(device, fw->priv);
1218         if (ret) {
1219                 if (!(opt_flags & FW_OPT_NO_WARN))
1220                         dev_warn(device,
1221                                  "Direct firmware load for %s failed with error %d\n",
1222                                  name, ret);
1223                 if (opt_flags & FW_OPT_USERHELPER) {
1224                         dev_warn(device, "Falling back to user helper\n");
1225                         ret = fw_load_from_user_helper(fw, name, device,
1226                                                        opt_flags);
1227                 }
1228         } else
1229                 ret = assign_firmware_buf(fw, device, opt_flags);
1230
1231  out:
1232         if (ret < 0) {
1233                 fw_abort_batch_reqs(fw);
1234                 release_firmware(fw);
1235                 fw = NULL;
1236         }
1237
1238         *firmware_p = fw;
1239         return ret;
1240 }
1241
1242 /**
1243  * request_firmware: - send firmware request and wait for it
1244  * @firmware_p: pointer to firmware image
1245  * @name: name of firmware file
1246  * @device: device for which firmware is being loaded
1247  *
1248  *      @firmware_p will be used to return a firmware image by the name
1249  *      of @name for device @device.
1250  *
1251  *      Should be called from user context where sleeping is allowed.
1252  *
1253  *      @name will be used as $FIRMWARE in the uevent environment and
1254  *      should be distinctive enough not to be confused with any other
1255  *      firmware image for this or any other device.
1256  *
1257  *      Caller must hold the reference count of @device.
1258  *
1259  *      The function can be called safely inside device's suspend and
1260  *      resume callback.
1261  **/
1262 int
1263 request_firmware(const struct firmware **firmware_p, const char *name,
1264                  struct device *device)
1265 {
1266         int ret;
1267
1268         /* Need to pin this module until return */
1269         __module_get(THIS_MODULE);
1270         ret = _request_firmware(firmware_p, name, device, NULL, 0,
1271                                 FW_OPT_UEVENT | FW_OPT_FALLBACK);
1272         module_put(THIS_MODULE);
1273         return ret;
1274 }
1275 EXPORT_SYMBOL(request_firmware);
1276
1277 /**
1278  * request_firmware_direct: - load firmware directly without usermode helper
1279  * @firmware_p: pointer to firmware image
1280  * @name: name of firmware file
1281  * @device: device for which firmware is being loaded
1282  *
1283  * This function works pretty much like request_firmware(), but this doesn't
1284  * fall back to usermode helper even if the firmware couldn't be loaded
1285  * directly from fs.  Hence it's useful for loading optional firmwares, which
1286  * aren't always present, without extra long timeouts of udev.
1287  **/
1288 int request_firmware_direct(const struct firmware **firmware_p,
1289                             const char *name, struct device *device)
1290 {
1291         int ret;
1292
1293         __module_get(THIS_MODULE);
1294         ret = _request_firmware(firmware_p, name, device, NULL, 0,
1295                                 FW_OPT_UEVENT | FW_OPT_NO_WARN);
1296         module_put(THIS_MODULE);
1297         return ret;
1298 }
1299 EXPORT_SYMBOL_GPL(request_firmware_direct);
1300
1301 /**
1302  * request_firmware_into_buf - load firmware into a previously allocated buffer
1303  * @firmware_p: pointer to firmware image
1304  * @name: name of firmware file
1305  * @device: device for which firmware is being loaded and DMA region allocated
1306  * @buf: address of buffer to load firmware into
1307  * @size: size of buffer
1308  *
1309  * This function works pretty much like request_firmware(), but it doesn't
1310  * allocate a buffer to hold the firmware data. Instead, the firmware
1311  * is loaded directly into the buffer pointed to by @buf and the @firmware_p
1312  * data member is pointed at @buf.
1313  *
1314  * This function doesn't cache firmware either.
1315  */
1316 int
1317 request_firmware_into_buf(const struct firmware **firmware_p, const char *name,
1318                           struct device *device, void *buf, size_t size)
1319 {
1320         int ret;
1321
1322         __module_get(THIS_MODULE);
1323         ret = _request_firmware(firmware_p, name, device, buf, size,
1324                                 FW_OPT_UEVENT | FW_OPT_FALLBACK |
1325                                 FW_OPT_NOCACHE);
1326         module_put(THIS_MODULE);
1327         return ret;
1328 }
1329 EXPORT_SYMBOL(request_firmware_into_buf);
1330
1331 /**
1332  * release_firmware: - release the resource associated with a firmware image
1333  * @fw: firmware resource to release
1334  **/
1335 void release_firmware(const struct firmware *fw)
1336 {
1337         if (fw) {
1338                 if (!fw_is_builtin_firmware(fw))
1339                         firmware_free_data(fw);
1340                 kfree(fw);
1341         }
1342 }
1343 EXPORT_SYMBOL(release_firmware);
1344
1345 /* Async support */
1346 struct firmware_work {
1347         struct work_struct work;
1348         struct module *module;
1349         const char *name;
1350         struct device *device;
1351         void *context;
1352         void (*cont)(const struct firmware *fw, void *context);
1353         unsigned int opt_flags;
1354 };
1355
1356 static void request_firmware_work_func(struct work_struct *work)
1357 {
1358         struct firmware_work *fw_work;
1359         const struct firmware *fw;
1360
1361         fw_work = container_of(work, struct firmware_work, work);
1362
1363         _request_firmware(&fw, fw_work->name, fw_work->device, NULL, 0,
1364                           fw_work->opt_flags);
1365         fw_work->cont(fw, fw_work->context);
1366         put_device(fw_work->device); /* taken in request_firmware_nowait() */
1367
1368         module_put(fw_work->module);
1369         kfree_const(fw_work->name);
1370         kfree(fw_work);
1371 }
1372
1373 /**
1374  * request_firmware_nowait - asynchronous version of request_firmware
1375  * @module: module requesting the firmware
1376  * @uevent: sends uevent to copy the firmware image if this flag
1377  *      is non-zero else the firmware copy must be done manually.
1378  * @name: name of firmware file
1379  * @device: device for which firmware is being loaded
1380  * @gfp: allocation flags
1381  * @context: will be passed over to @cont, and
1382  *      @fw may be %NULL if firmware request fails.
1383  * @cont: function will be called asynchronously when the firmware
1384  *      request is over.
1385  *
1386  *      Caller must hold the reference count of @device.
1387  *
1388  *      Asynchronous variant of request_firmware() for user contexts:
1389  *              - sleep for as small periods as possible since it may
1390  *                increase kernel boot time of built-in device drivers
1391  *                requesting firmware in their ->probe() methods, if
1392  *                @gfp is GFP_KERNEL.
1393  *
1394  *              - can't sleep at all if @gfp is GFP_ATOMIC.
1395  **/
1396 int
1397 request_firmware_nowait(
1398         struct module *module, bool uevent,
1399         const char *name, struct device *device, gfp_t gfp, void *context,
1400         void (*cont)(const struct firmware *fw, void *context))
1401 {
1402         struct firmware_work *fw_work;
1403
1404         fw_work = kzalloc(sizeof(struct firmware_work), gfp);
1405         if (!fw_work)
1406                 return -ENOMEM;
1407
1408         fw_work->module = module;
1409         fw_work->name = kstrdup_const(name, gfp);
1410         if (!fw_work->name) {
1411                 kfree(fw_work);
1412                 return -ENOMEM;
1413         }
1414         fw_work->device = device;
1415         fw_work->context = context;
1416         fw_work->cont = cont;
1417         fw_work->opt_flags = FW_OPT_NOWAIT | FW_OPT_FALLBACK |
1418                 (uevent ? FW_OPT_UEVENT : FW_OPT_USERHELPER);
1419
1420         if (!try_module_get(module)) {
1421                 kfree_const(fw_work->name);
1422                 kfree(fw_work);
1423                 return -EFAULT;
1424         }
1425
1426         get_device(fw_work->device);
1427         INIT_WORK(&fw_work->work, request_firmware_work_func);
1428         schedule_work(&fw_work->work);
1429         return 0;
1430 }
1431 EXPORT_SYMBOL(request_firmware_nowait);
1432
1433 #ifdef CONFIG_PM_SLEEP
1434 static ASYNC_DOMAIN_EXCLUSIVE(fw_cache_domain);
1435
1436 /**
1437  * cache_firmware - cache one firmware image in kernel memory space
1438  * @fw_name: the firmware image name
1439  *
1440  * Cache firmware in kernel memory so that drivers can use it when
1441  * system isn't ready for them to request firmware image from userspace.
1442  * Once it returns successfully, driver can use request_firmware or its
1443  * nowait version to get the cached firmware without any interacting
1444  * with userspace
1445  *
1446  * Return 0 if the firmware image has been cached successfully
1447  * Return !0 otherwise
1448  *
1449  */
1450 static int cache_firmware(const char *fw_name)
1451 {
1452         int ret;
1453         const struct firmware *fw;
1454
1455         pr_debug("%s: %s\n", __func__, fw_name);
1456
1457         ret = request_firmware(&fw, fw_name, NULL);
1458         if (!ret)
1459                 kfree(fw);
1460
1461         pr_debug("%s: %s ret=%d\n", __func__, fw_name, ret);
1462
1463         return ret;
1464 }
1465
1466 static struct firmware_buf *fw_lookup_buf(const char *fw_name)
1467 {
1468         struct firmware_buf *tmp;
1469         struct firmware_cache *fwc = &fw_cache;
1470
1471         spin_lock(&fwc->lock);
1472         tmp = __fw_lookup_buf(fw_name);
1473         spin_unlock(&fwc->lock);
1474
1475         return tmp;
1476 }
1477
1478 /**
1479  * uncache_firmware - remove one cached firmware image
1480  * @fw_name: the firmware image name
1481  *
1482  * Uncache one firmware image which has been cached successfully
1483  * before.
1484  *
1485  * Return 0 if the firmware cache has been removed successfully
1486  * Return !0 otherwise
1487  *
1488  */
1489 static int uncache_firmware(const char *fw_name)
1490 {
1491         struct firmware_buf *buf;
1492         struct firmware fw;
1493
1494         pr_debug("%s: %s\n", __func__, fw_name);
1495
1496         if (fw_get_builtin_firmware(&fw, fw_name, NULL, 0))
1497                 return 0;
1498
1499         buf = fw_lookup_buf(fw_name);
1500         if (buf) {
1501                 fw_free_buf(buf);
1502                 return 0;
1503         }
1504
1505         return -EINVAL;
1506 }
1507
1508 static struct fw_cache_entry *alloc_fw_cache_entry(const char *name)
1509 {
1510         struct fw_cache_entry *fce;
1511
1512         fce = kzalloc(sizeof(*fce), GFP_ATOMIC);
1513         if (!fce)
1514                 goto exit;
1515
1516         fce->name = kstrdup_const(name, GFP_ATOMIC);
1517         if (!fce->name) {
1518                 kfree(fce);
1519                 fce = NULL;
1520                 goto exit;
1521         }
1522 exit:
1523         return fce;
1524 }
1525
1526 static int __fw_entry_found(const char *name)
1527 {
1528         struct firmware_cache *fwc = &fw_cache;
1529         struct fw_cache_entry *fce;
1530
1531         list_for_each_entry(fce, &fwc->fw_names, list) {
1532                 if (!strcmp(fce->name, name))
1533                         return 1;
1534         }
1535         return 0;
1536 }
1537
1538 static int fw_cache_piggyback_on_request(const char *name)
1539 {
1540         struct firmware_cache *fwc = &fw_cache;
1541         struct fw_cache_entry *fce;
1542         int ret = 0;
1543
1544         spin_lock(&fwc->name_lock);
1545         if (__fw_entry_found(name))
1546                 goto found;
1547
1548         fce = alloc_fw_cache_entry(name);
1549         if (fce) {
1550                 ret = 1;
1551                 list_add(&fce->list, &fwc->fw_names);
1552                 pr_debug("%s: fw: %s\n", __func__, name);
1553         }
1554 found:
1555         spin_unlock(&fwc->name_lock);
1556         return ret;
1557 }
1558
1559 static void free_fw_cache_entry(struct fw_cache_entry *fce)
1560 {
1561         kfree_const(fce->name);
1562         kfree(fce);
1563 }
1564
1565 static void __async_dev_cache_fw_image(void *fw_entry,
1566                                        async_cookie_t cookie)
1567 {
1568         struct fw_cache_entry *fce = fw_entry;
1569         struct firmware_cache *fwc = &fw_cache;
1570         int ret;
1571
1572         ret = cache_firmware(fce->name);
1573         if (ret) {
1574                 spin_lock(&fwc->name_lock);
1575                 list_del(&fce->list);
1576                 spin_unlock(&fwc->name_lock);
1577
1578                 free_fw_cache_entry(fce);
1579         }
1580 }
1581
1582 /* called with dev->devres_lock held */
1583 static void dev_create_fw_entry(struct device *dev, void *res,
1584                                 void *data)
1585 {
1586         struct fw_name_devm *fwn = res;
1587         const char *fw_name = fwn->name;
1588         struct list_head *head = data;
1589         struct fw_cache_entry *fce;
1590
1591         fce = alloc_fw_cache_entry(fw_name);
1592         if (fce)
1593                 list_add(&fce->list, head);
1594 }
1595
1596 static int devm_name_match(struct device *dev, void *res,
1597                            void *match_data)
1598 {
1599         struct fw_name_devm *fwn = res;
1600         return (fwn->magic == (unsigned long)match_data);
1601 }
1602
1603 static void dev_cache_fw_image(struct device *dev, void *data)
1604 {
1605         LIST_HEAD(todo);
1606         struct fw_cache_entry *fce;
1607         struct fw_cache_entry *fce_next;
1608         struct firmware_cache *fwc = &fw_cache;
1609
1610         devres_for_each_res(dev, fw_name_devm_release,
1611                             devm_name_match, &fw_cache,
1612                             dev_create_fw_entry, &todo);
1613
1614         list_for_each_entry_safe(fce, fce_next, &todo, list) {
1615                 list_del(&fce->list);
1616
1617                 spin_lock(&fwc->name_lock);
1618                 /* only one cache entry for one firmware */
1619                 if (!__fw_entry_found(fce->name)) {
1620                         list_add(&fce->list, &fwc->fw_names);
1621                 } else {
1622                         free_fw_cache_entry(fce);
1623                         fce = NULL;
1624                 }
1625                 spin_unlock(&fwc->name_lock);
1626
1627                 if (fce)
1628                         async_schedule_domain(__async_dev_cache_fw_image,
1629                                               (void *)fce,
1630                                               &fw_cache_domain);
1631         }
1632 }
1633
1634 static void __device_uncache_fw_images(void)
1635 {
1636         struct firmware_cache *fwc = &fw_cache;
1637         struct fw_cache_entry *fce;
1638
1639         spin_lock(&fwc->name_lock);
1640         while (!list_empty(&fwc->fw_names)) {
1641                 fce = list_entry(fwc->fw_names.next,
1642                                 struct fw_cache_entry, list);
1643                 list_del(&fce->list);
1644                 spin_unlock(&fwc->name_lock);
1645
1646                 uncache_firmware(fce->name);
1647                 free_fw_cache_entry(fce);
1648
1649                 spin_lock(&fwc->name_lock);
1650         }
1651         spin_unlock(&fwc->name_lock);
1652 }
1653
1654 /**
1655  * device_cache_fw_images - cache devices' firmware
1656  *
1657  * If one device called request_firmware or its nowait version
1658  * successfully before, the firmware names are recored into the
1659  * device's devres link list, so device_cache_fw_images can call
1660  * cache_firmware() to cache these firmwares for the device,
1661  * then the device driver can load its firmwares easily at
1662  * time when system is not ready to complete loading firmware.
1663  */
1664 static void device_cache_fw_images(void)
1665 {
1666         struct firmware_cache *fwc = &fw_cache;
1667         int old_timeout;
1668         DEFINE_WAIT(wait);
1669
1670         pr_debug("%s\n", __func__);
1671
1672         /* cancel uncache work */
1673         cancel_delayed_work_sync(&fwc->work);
1674
1675         /*
1676          * use small loading timeout for caching devices' firmware
1677          * because all these firmware images have been loaded
1678          * successfully at lease once, also system is ready for
1679          * completing firmware loading now. The maximum size of
1680          * firmware in current distributions is about 2M bytes,
1681          * so 10 secs should be enough.
1682          */
1683         old_timeout = loading_timeout;
1684         loading_timeout = 10;
1685
1686         mutex_lock(&fw_lock);
1687         fwc->state = FW_LOADER_START_CACHE;
1688         dpm_for_each_dev(NULL, dev_cache_fw_image);
1689         mutex_unlock(&fw_lock);
1690
1691         /* wait for completion of caching firmware for all devices */
1692         async_synchronize_full_domain(&fw_cache_domain);
1693
1694         loading_timeout = old_timeout;
1695 }
1696
1697 /**
1698  * device_uncache_fw_images - uncache devices' firmware
1699  *
1700  * uncache all firmwares which have been cached successfully
1701  * by device_uncache_fw_images earlier
1702  */
1703 static void device_uncache_fw_images(void)
1704 {
1705         pr_debug("%s\n", __func__);
1706         __device_uncache_fw_images();
1707 }
1708
1709 static void device_uncache_fw_images_work(struct work_struct *work)
1710 {
1711         device_uncache_fw_images();
1712 }
1713
1714 /**
1715  * device_uncache_fw_images_delay - uncache devices firmwares
1716  * @delay: number of milliseconds to delay uncache device firmwares
1717  *
1718  * uncache all devices's firmwares which has been cached successfully
1719  * by device_cache_fw_images after @delay milliseconds.
1720  */
1721 static void device_uncache_fw_images_delay(unsigned long delay)
1722 {
1723         queue_delayed_work(system_power_efficient_wq, &fw_cache.work,
1724                            msecs_to_jiffies(delay));
1725 }
1726
1727 static int fw_pm_notify(struct notifier_block *notify_block,
1728                         unsigned long mode, void *unused)
1729 {
1730         switch (mode) {
1731         case PM_HIBERNATION_PREPARE:
1732         case PM_SUSPEND_PREPARE:
1733         case PM_RESTORE_PREPARE:
1734                 /*
1735                  * kill pending fallback requests with a custom fallback
1736                  * to avoid stalling suspend.
1737                  */
1738                 kill_pending_fw_fallback_reqs(true);
1739                 device_cache_fw_images();
1740                 break;
1741
1742         case PM_POST_SUSPEND:
1743         case PM_POST_HIBERNATION:
1744         case PM_POST_RESTORE:
1745                 /*
1746                  * In case that system sleep failed and syscore_suspend is
1747                  * not called.
1748                  */
1749                 mutex_lock(&fw_lock);
1750                 fw_cache.state = FW_LOADER_NO_CACHE;
1751                 mutex_unlock(&fw_lock);
1752
1753                 device_uncache_fw_images_delay(10 * MSEC_PER_SEC);
1754                 break;
1755         }
1756
1757         return 0;
1758 }
1759
1760 /* stop caching firmware once syscore_suspend is reached */
1761 static int fw_suspend(void)
1762 {
1763         fw_cache.state = FW_LOADER_NO_CACHE;
1764         return 0;
1765 }
1766
1767 static struct syscore_ops fw_syscore_ops = {
1768         .suspend = fw_suspend,
1769 };
1770 #else
1771 static int fw_cache_piggyback_on_request(const char *name)
1772 {
1773         return 0;
1774 }
1775 #endif
1776
1777 static void __init fw_cache_init(void)
1778 {
1779         spin_lock_init(&fw_cache.lock);
1780         INIT_LIST_HEAD(&fw_cache.head);
1781         fw_cache.state = FW_LOADER_NO_CACHE;
1782
1783 #ifdef CONFIG_PM_SLEEP
1784         spin_lock_init(&fw_cache.name_lock);
1785         INIT_LIST_HEAD(&fw_cache.fw_names);
1786
1787         INIT_DELAYED_WORK(&fw_cache.work,
1788                           device_uncache_fw_images_work);
1789
1790         fw_cache.pm_notify.notifier_call = fw_pm_notify;
1791         register_pm_notifier(&fw_cache.pm_notify);
1792
1793         register_syscore_ops(&fw_syscore_ops);
1794 #endif
1795 }
1796
1797 static int fw_shutdown_notify(struct notifier_block *unused1,
1798                               unsigned long unused2, void *unused3)
1799 {
1800         /*
1801          * Kill all pending fallback requests to avoid both stalling shutdown,
1802          * and avoid a deadlock with the usermode_lock.
1803          */
1804         kill_pending_fw_fallback_reqs(false);
1805
1806         return NOTIFY_DONE;
1807 }
1808
1809 static struct notifier_block fw_shutdown_nb = {
1810         .notifier_call = fw_shutdown_notify,
1811 };
1812
1813 static int __init firmware_class_init(void)
1814 {
1815         fw_cache_init();
1816         register_reboot_notifier(&fw_shutdown_nb);
1817 #ifdef CONFIG_FW_LOADER_USER_HELPER
1818         return class_register(&firmware_class);
1819 #else
1820         return 0;
1821 #endif
1822 }
1823
1824 static void __exit firmware_class_exit(void)
1825 {
1826 #ifdef CONFIG_PM_SLEEP
1827         unregister_syscore_ops(&fw_syscore_ops);
1828         unregister_pm_notifier(&fw_cache.pm_notify);
1829 #endif
1830         unregister_reboot_notifier(&fw_shutdown_nb);
1831 #ifdef CONFIG_FW_LOADER_USER_HELPER
1832         class_unregister(&firmware_class);
1833 #endif
1834 }
1835
1836 fs_initcall(firmware_class_init);
1837 module_exit(firmware_class_exit);