1  // SPDX-License-Identifier: GPL-2.0
2  /*
3   * main.c - Multi purpose firmware loading support
4   *
5   * Copyright (c) 2003 Manuel Estrada Sainz
6   *
7   * Please see Documentation/driver-api/firmware/ for more information.
8   *
9   */
10  
11  #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12  
13  #include <linux/capability.h>
14  #include <linux/device.h>
15  #include <linux/kernel_read_file.h>
16  #include <linux/module.h>
17  #include <linux/init.h>
18  #include <linux/initrd.h>
19  #include <linux/timer.h>
20  #include <linux/vmalloc.h>
21  #include <linux/interrupt.h>
22  #include <linux/bitops.h>
23  #include <linux/mutex.h>
24  #include <linux/workqueue.h>
25  #include <linux/highmem.h>
26  #include <linux/firmware.h>
27  #include <linux/slab.h>
28  #include <linux/sched.h>
29  #include <linux/file.h>
30  #include <linux/list.h>
31  #include <linux/fs.h>
32  #include <linux/async.h>
33  #include <linux/pm.h>
34  #include <linux/suspend.h>
35  #include <linux/syscore_ops.h>
36  #include <linux/reboot.h>
37  #include <linux/security.h>
38  #include <linux/zstd.h>
39  #include <linux/xz.h>
40  
41  #include <generated/utsrelease.h>
42  
43  #include "../base.h"
44  #include "firmware.h"
45  #include "fallback.h"
46  
47  MODULE_AUTHOR("Manuel Estrada Sainz");
48  MODULE_DESCRIPTION("Multi purpose firmware loading support");
49  MODULE_LICENSE("GPL");
50  
51  struct firmware_cache {
52  	/* firmware_buf instance will be added into the below list */
53  	spinlock_t lock;
54  	struct list_head head;
55  	int state;
56  
57  #ifdef CONFIG_FW_CACHE
58  	/*
59  	 * Names of firmware images which have been cached successfully
60  	 * will be added into the below list so that device uncache
61  	 * helper can trace which firmware images have been cached
62  	 * before.
63  	 */
64  	spinlock_t name_lock;
65  	struct list_head fw_names;
66  
67  	struct delayed_work work;
68  
69  	struct notifier_block   pm_notify;
70  #endif
71  };
72  
73  struct fw_cache_entry {
74  	struct list_head list;
75  	const char *name;
76  };
77  
78  struct fw_name_devm {
79  	unsigned long magic;
80  	const char *name;
81  };
82  
to_fw_priv(struct kref * ref)83  static inline struct fw_priv *to_fw_priv(struct kref *ref)
84  {
85  	return container_of(ref, struct fw_priv, ref);
86  }
87  
88  #define	FW_LOADER_NO_CACHE	0
89  #define	FW_LOADER_START_CACHE	1
90  
91  /* fw_lock could be moved to 'struct fw_sysfs' but since it is just
92   * guarding for corner cases a global lock should be OK */
93  DEFINE_MUTEX(fw_lock);
94  
95  struct firmware_cache fw_cache;
96  bool fw_load_abort_all;
97  
fw_state_init(struct fw_priv * fw_priv)98  void fw_state_init(struct fw_priv *fw_priv)
99  {
100  	struct fw_state *fw_st = &fw_priv->fw_st;
101  
102  	init_completion(&fw_st->completion);
103  	fw_st->status = FW_STATUS_UNKNOWN;
104  }
105  
fw_state_wait(struct fw_priv * fw_priv)106  static inline int fw_state_wait(struct fw_priv *fw_priv)
107  {
108  	return __fw_state_wait_common(fw_priv, MAX_SCHEDULE_TIMEOUT);
109  }
110  
111  static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv);
112  
__allocate_fw_priv(const char * fw_name,struct firmware_cache * fwc,void * dbuf,size_t size,size_t offset,u32 opt_flags)113  static struct fw_priv *__allocate_fw_priv(const char *fw_name,
114  					  struct firmware_cache *fwc,
115  					  void *dbuf,
116  					  size_t size,
117  					  size_t offset,
118  					  u32 opt_flags)
119  {
120  	struct fw_priv *fw_priv;
121  
122  	/* For a partial read, the buffer must be preallocated. */
123  	if ((opt_flags & FW_OPT_PARTIAL) && !dbuf)
124  		return NULL;
125  
126  	/* Only partial reads are allowed to use an offset. */
127  	if (offset != 0 && !(opt_flags & FW_OPT_PARTIAL))
128  		return NULL;
129  
130  	fw_priv = kzalloc(sizeof(*fw_priv), GFP_ATOMIC);
131  	if (!fw_priv)
132  		return NULL;
133  
134  	fw_priv->fw_name = kstrdup_const(fw_name, GFP_ATOMIC);
135  	if (!fw_priv->fw_name) {
136  		kfree(fw_priv);
137  		return NULL;
138  	}
139  
140  	kref_init(&fw_priv->ref);
141  	fw_priv->fwc = fwc;
142  	fw_priv->data = dbuf;
143  	fw_priv->allocated_size = size;
144  	fw_priv->offset = offset;
145  	fw_priv->opt_flags = opt_flags;
146  	fw_state_init(fw_priv);
147  #ifdef CONFIG_FW_LOADER_USER_HELPER
148  	INIT_LIST_HEAD(&fw_priv->pending_list);
149  #endif
150  
151  	pr_debug("%s: fw-%s fw_priv=%p\n", __func__, fw_name, fw_priv);
152  
153  	return fw_priv;
154  }
155  
__lookup_fw_priv(const char * fw_name)156  static struct fw_priv *__lookup_fw_priv(const char *fw_name)
157  {
158  	struct fw_priv *tmp;
159  	struct firmware_cache *fwc = &fw_cache;
160  
161  	list_for_each_entry(tmp, &fwc->head, list)
162  		if (!strcmp(tmp->fw_name, fw_name))
163  			return tmp;
164  	return NULL;
165  }
166  
167  /* Returns 1 for batching firmware requests with the same name */
alloc_lookup_fw_priv(const char * fw_name,struct firmware_cache * fwc,struct fw_priv ** fw_priv,void * dbuf,size_t size,size_t offset,u32 opt_flags)168  int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc,
169  			 struct fw_priv **fw_priv, void *dbuf, size_t size,
170  			 size_t offset, u32 opt_flags)
171  {
172  	struct fw_priv *tmp;
173  
174  	spin_lock(&fwc->lock);
175  	/*
176  	 * Do not merge requests that are marked to be non-cached or
177  	 * are performing partial reads.
178  	 */
179  	if (!(opt_flags & (FW_OPT_NOCACHE | FW_OPT_PARTIAL))) {
180  		tmp = __lookup_fw_priv(fw_name);
181  		if (tmp) {
182  			kref_get(&tmp->ref);
183  			spin_unlock(&fwc->lock);
184  			*fw_priv = tmp;
185  			pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n");
186  			return 1;
187  		}
188  	}
189  
190  	tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size, offset, opt_flags);
191  	if (tmp) {
192  		INIT_LIST_HEAD(&tmp->list);
193  		if (!(opt_flags & FW_OPT_NOCACHE))
194  			list_add(&tmp->list, &fwc->head);
195  	}
196  	spin_unlock(&fwc->lock);
197  
198  	*fw_priv = tmp;
199  
200  	return tmp ? 0 : -ENOMEM;
201  }
202  
__free_fw_priv(struct kref * ref)203  static void __free_fw_priv(struct kref *ref)
204  	__releases(&fwc->lock)
205  {
206  	struct fw_priv *fw_priv = to_fw_priv(ref);
207  	struct firmware_cache *fwc = fw_priv->fwc;
208  
209  	pr_debug("%s: fw-%s fw_priv=%p data=%p size=%u\n",
210  		 __func__, fw_priv->fw_name, fw_priv, fw_priv->data,
211  		 (unsigned int)fw_priv->size);
212  
213  	list_del(&fw_priv->list);
214  	spin_unlock(&fwc->lock);
215  
216  	if (fw_is_paged_buf(fw_priv))
217  		fw_free_paged_buf(fw_priv);
218  	else if (!fw_priv->allocated_size)
219  		vfree(fw_priv->data);
220  
221  	kfree_const(fw_priv->fw_name);
222  	kfree(fw_priv);
223  }
224  
free_fw_priv(struct fw_priv * fw_priv)225  void free_fw_priv(struct fw_priv *fw_priv)
226  {
227  	struct firmware_cache *fwc = fw_priv->fwc;
228  	spin_lock(&fwc->lock);
229  	if (!kref_put(&fw_priv->ref, __free_fw_priv))
230  		spin_unlock(&fwc->lock);
231  }
232  
233  #ifdef CONFIG_FW_LOADER_PAGED_BUF
fw_is_paged_buf(struct fw_priv * fw_priv)234  bool fw_is_paged_buf(struct fw_priv *fw_priv)
235  {
236  	return fw_priv->is_paged_buf;
237  }
238  
fw_free_paged_buf(struct fw_priv * fw_priv)239  void fw_free_paged_buf(struct fw_priv *fw_priv)
240  {
241  	int i;
242  
243  	if (!fw_priv->pages)
244  		return;
245  
246  	vunmap(fw_priv->data);
247  
248  	for (i = 0; i < fw_priv->nr_pages; i++)
249  		__free_page(fw_priv->pages[i]);
250  	kvfree(fw_priv->pages);
251  	fw_priv->pages = NULL;
252  	fw_priv->page_array_size = 0;
253  	fw_priv->nr_pages = 0;
254  	fw_priv->data = NULL;
255  	fw_priv->size = 0;
256  }
257  
fw_grow_paged_buf(struct fw_priv * fw_priv,int pages_needed)258  int fw_grow_paged_buf(struct fw_priv *fw_priv, int pages_needed)
259  {
260  	/* If the array of pages is too small, grow it */
261  	if (fw_priv->page_array_size < pages_needed) {
262  		int new_array_size = max(pages_needed,
263  					 fw_priv->page_array_size * 2);
264  		struct page **new_pages;
265  
266  		new_pages = kvmalloc_array(new_array_size, sizeof(void *),
267  					   GFP_KERNEL);
268  		if (!new_pages)
269  			return -ENOMEM;
270  		memcpy(new_pages, fw_priv->pages,
271  		       fw_priv->page_array_size * sizeof(void *));
272  		memset(&new_pages[fw_priv->page_array_size], 0, sizeof(void *) *
273  		       (new_array_size - fw_priv->page_array_size));
274  		kvfree(fw_priv->pages);
275  		fw_priv->pages = new_pages;
276  		fw_priv->page_array_size = new_array_size;
277  	}
278  
279  	while (fw_priv->nr_pages < pages_needed) {
280  		fw_priv->pages[fw_priv->nr_pages] =
281  			alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
282  
283  		if (!fw_priv->pages[fw_priv->nr_pages])
284  			return -ENOMEM;
285  		fw_priv->nr_pages++;
286  	}
287  
288  	return 0;
289  }
290  
fw_map_paged_buf(struct fw_priv * fw_priv)291  int fw_map_paged_buf(struct fw_priv *fw_priv)
292  {
293  	/* one pages buffer should be mapped/unmapped only once */
294  	if (!fw_priv->pages)
295  		return 0;
296  
297  	vunmap(fw_priv->data);
298  	fw_priv->data = vmap(fw_priv->pages, fw_priv->nr_pages, 0,
299  			     PAGE_KERNEL_RO);
300  	if (!fw_priv->data)
301  		return -ENOMEM;
302  
303  	return 0;
304  }
305  #endif
306  
307  /*
308   * ZSTD-compressed firmware support
309   */
310  #ifdef CONFIG_FW_LOADER_COMPRESS_ZSTD
fw_decompress_zstd(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)311  static int fw_decompress_zstd(struct device *dev, struct fw_priv *fw_priv,
312  			      size_t in_size, const void *in_buffer)
313  {
314  	size_t len, out_size, workspace_size;
315  	void *workspace, *out_buf;
316  	zstd_dctx *ctx;
317  	int err;
318  
319  	if (fw_priv->allocated_size) {
320  		out_size = fw_priv->allocated_size;
321  		out_buf = fw_priv->data;
322  	} else {
323  		zstd_frame_header params;
324  
325  		if (zstd_get_frame_header(&params, in_buffer, in_size) ||
326  		    params.frameContentSize == ZSTD_CONTENTSIZE_UNKNOWN) {
327  			dev_dbg(dev, "%s: invalid zstd header\n", __func__);
328  			return -EINVAL;
329  		}
330  		out_size = params.frameContentSize;
331  		out_buf = vzalloc(out_size);
332  		if (!out_buf)
333  			return -ENOMEM;
334  	}
335  
336  	workspace_size = zstd_dctx_workspace_bound();
337  	workspace = kvzalloc(workspace_size, GFP_KERNEL);
338  	if (!workspace) {
339  		err = -ENOMEM;
340  		goto error;
341  	}
342  
343  	ctx = zstd_init_dctx(workspace, workspace_size);
344  	if (!ctx) {
345  		dev_dbg(dev, "%s: failed to initialize context\n", __func__);
346  		err = -EINVAL;
347  		goto error;
348  	}
349  
350  	len = zstd_decompress_dctx(ctx, out_buf, out_size, in_buffer, in_size);
351  	if (zstd_is_error(len)) {
352  		dev_dbg(dev, "%s: failed to decompress: %d\n", __func__,
353  			zstd_get_error_code(len));
354  		err = -EINVAL;
355  		goto error;
356  	}
357  
358  	if (!fw_priv->allocated_size)
359  		fw_priv->data = out_buf;
360  	fw_priv->size = len;
361  	err = 0;
362  
363   error:
364  	kvfree(workspace);
365  	if (err && !fw_priv->allocated_size)
366  		vfree(out_buf);
367  	return err;
368  }
369  #endif /* CONFIG_FW_LOADER_COMPRESS_ZSTD */
370  
371  /*
372   * XZ-compressed firmware support
373   */
374  #ifdef CONFIG_FW_LOADER_COMPRESS_XZ
375  /* show an error and return the standard error code */
fw_decompress_xz_error(struct device * dev,enum xz_ret xz_ret)376  static int fw_decompress_xz_error(struct device *dev, enum xz_ret xz_ret)
377  {
378  	if (xz_ret != XZ_STREAM_END) {
379  		dev_warn(dev, "xz decompression failed (xz_ret=%d)\n", xz_ret);
380  		return xz_ret == XZ_MEM_ERROR ? -ENOMEM : -EINVAL;
381  	}
382  	return 0;
383  }
384  
385  /* single-shot decompression onto the pre-allocated buffer */
fw_decompress_xz_single(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)386  static int fw_decompress_xz_single(struct device *dev, struct fw_priv *fw_priv,
387  				   size_t in_size, const void *in_buffer)
388  {
389  	struct xz_dec *xz_dec;
390  	struct xz_buf xz_buf;
391  	enum xz_ret xz_ret;
392  
393  	xz_dec = xz_dec_init(XZ_SINGLE, (u32)-1);
394  	if (!xz_dec)
395  		return -ENOMEM;
396  
397  	xz_buf.in_size = in_size;
398  	xz_buf.in = in_buffer;
399  	xz_buf.in_pos = 0;
400  	xz_buf.out_size = fw_priv->allocated_size;
401  	xz_buf.out = fw_priv->data;
402  	xz_buf.out_pos = 0;
403  
404  	xz_ret = xz_dec_run(xz_dec, &xz_buf);
405  	xz_dec_end(xz_dec);
406  
407  	fw_priv->size = xz_buf.out_pos;
408  	return fw_decompress_xz_error(dev, xz_ret);
409  }
410  
411  /* decompression on paged buffer and map it */
fw_decompress_xz_pages(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)412  static int fw_decompress_xz_pages(struct device *dev, struct fw_priv *fw_priv,
413  				  size_t in_size, const void *in_buffer)
414  {
415  	struct xz_dec *xz_dec;
416  	struct xz_buf xz_buf;
417  	enum xz_ret xz_ret;
418  	struct page *page;
419  	int err = 0;
420  
421  	xz_dec = xz_dec_init(XZ_DYNALLOC, (u32)-1);
422  	if (!xz_dec)
423  		return -ENOMEM;
424  
425  	xz_buf.in_size = in_size;
426  	xz_buf.in = in_buffer;
427  	xz_buf.in_pos = 0;
428  
429  	fw_priv->is_paged_buf = true;
430  	fw_priv->size = 0;
431  	do {
432  		if (fw_grow_paged_buf(fw_priv, fw_priv->nr_pages + 1)) {
433  			err = -ENOMEM;
434  			goto out;
435  		}
436  
437  		/* decompress onto the new allocated page */
438  		page = fw_priv->pages[fw_priv->nr_pages - 1];
439  		xz_buf.out = kmap_local_page(page);
440  		xz_buf.out_pos = 0;
441  		xz_buf.out_size = PAGE_SIZE;
442  		xz_ret = xz_dec_run(xz_dec, &xz_buf);
443  		kunmap_local(xz_buf.out);
444  		fw_priv->size += xz_buf.out_pos;
445  		/* partial decompression means either end or error */
446  		if (xz_buf.out_pos != PAGE_SIZE)
447  			break;
448  	} while (xz_ret == XZ_OK);
449  
450  	err = fw_decompress_xz_error(dev, xz_ret);
451  	if (!err)
452  		err = fw_map_paged_buf(fw_priv);
453  
454   out:
455  	xz_dec_end(xz_dec);
456  	return err;
457  }
458  
fw_decompress_xz(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)459  static int fw_decompress_xz(struct device *dev, struct fw_priv *fw_priv,
460  			    size_t in_size, const void *in_buffer)
461  {
462  	/* if the buffer is pre-allocated, we can perform in single-shot mode */
463  	if (fw_priv->data)
464  		return fw_decompress_xz_single(dev, fw_priv, in_size, in_buffer);
465  	else
466  		return fw_decompress_xz_pages(dev, fw_priv, in_size, in_buffer);
467  }
468  #endif /* CONFIG_FW_LOADER_COMPRESS_XZ */
469  
470  /* direct firmware loading support */
471  static char fw_path_para[256];
472  static const char * const fw_path[] = {
473  	fw_path_para,
474  	"/lib/firmware/updates/" UTS_RELEASE,
475  	"/lib/firmware/updates",
476  	"/lib/firmware/" UTS_RELEASE,
477  	"/lib/firmware"
478  };
479  
480  /*
481   * Typical usage is that passing 'firmware_class.path=$CUSTOMIZED_PATH'
482   * from kernel command line because firmware_class is generally built in
483   * kernel instead of module.
484   */
485  module_param_string(path, fw_path_para, sizeof(fw_path_para), 0644);
486  MODULE_PARM_DESC(path, "customized firmware image search path with a higher priority than default path");
487  
488  static int
fw_get_filesystem_firmware(struct device * device,struct fw_priv * fw_priv,const char * suffix,int (* decompress)(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer))489  fw_get_filesystem_firmware(struct device *device, struct fw_priv *fw_priv,
490  			   const char *suffix,
491  			   int (*decompress)(struct device *dev,
492  					     struct fw_priv *fw_priv,
493  					     size_t in_size,
494  					     const void *in_buffer))
495  {
496  	size_t size;
497  	int i, len, maxlen = 0;
498  	int rc = -ENOENT;
499  	char *path, *nt = NULL;
500  	size_t msize = INT_MAX;
501  	void *buffer = NULL;
502  
503  	/* Already populated data member means we're loading into a buffer */
504  	if (!decompress && fw_priv->data) {
505  		buffer = fw_priv->data;
506  		msize = fw_priv->allocated_size;
507  	}
508  
509  	path = __getname();
510  	if (!path)
511  		return -ENOMEM;
512  
513  	wait_for_initramfs();
514  	for (i = 0; i < ARRAY_SIZE(fw_path); i++) {
515  		size_t file_size = 0;
516  		size_t *file_size_ptr = NULL;
517  
518  		/* skip the unset customized path */
519  		if (!fw_path[i][0])
520  			continue;
521  
522  		/* strip off \n from customized path */
523  		maxlen = strlen(fw_path[i]);
524  		if (i == 0) {
525  			nt = strchr(fw_path[i], '\n');
526  			if (nt)
527  				maxlen = nt - fw_path[i];
528  		}
529  
530  		len = snprintf(path, PATH_MAX, "%.*s/%s%s",
531  			       maxlen, fw_path[i],
532  			       fw_priv->fw_name, suffix);
533  		if (len >= PATH_MAX) {
534  			rc = -ENAMETOOLONG;
535  			break;
536  		}
537  
538  		fw_priv->size = 0;
539  
540  		/*
541  		 * The total file size is only examined when doing a partial
542  		 * read; the "full read" case needs to fail if the whole
543  		 * firmware was not completely loaded.
544  		 */
545  		if ((fw_priv->opt_flags & FW_OPT_PARTIAL) && buffer)
546  			file_size_ptr = &file_size;
547  
548  		/* load firmware files from the mount namespace of init */
549  		rc = kernel_read_file_from_path_initns(path, fw_priv->offset,
550  						       &buffer, msize,
551  						       file_size_ptr,
552  						       READING_FIRMWARE);
553  		if (rc < 0) {
554  			if (!(fw_priv->opt_flags & FW_OPT_NO_WARN)) {
555  				if (rc != -ENOENT)
556  					dev_warn(device,
557  						 "loading %s failed with error %d\n",
558  						 path, rc);
559  				else
560  					dev_dbg(device,
561  						"loading %s failed for no such file or directory.\n",
562  						path);
563  			}
564  			continue;
565  		}
566  		size = rc;
567  		rc = 0;
568  
569  		dev_dbg(device, "Loading firmware from %s\n", path);
570  		if (decompress) {
571  			dev_dbg(device, "f/w decompressing %s\n",
572  				fw_priv->fw_name);
573  			rc = decompress(device, fw_priv, size, buffer);
574  			/* discard the superfluous original content */
575  			vfree(buffer);
576  			buffer = NULL;
577  			if (rc) {
578  				fw_free_paged_buf(fw_priv);
579  				continue;
580  			}
581  		} else {
582  			dev_dbg(device, "direct-loading %s\n",
583  				fw_priv->fw_name);
584  			if (!fw_priv->data)
585  				fw_priv->data = buffer;
586  			fw_priv->size = size;
587  		}
588  		fw_state_done(fw_priv);
589  		break;
590  	}
591  	__putname(path);
592  
593  	return rc;
594  }
595  
596  /* firmware holds the ownership of pages */
firmware_free_data(const struct firmware * fw)597  static void firmware_free_data(const struct firmware *fw)
598  {
599  	/* Loaded directly? */
600  	if (!fw->priv) {
601  		vfree(fw->data);
602  		return;
603  	}
604  	free_fw_priv(fw->priv);
605  }
606  
607  /* store the pages buffer info firmware from buf */
fw_set_page_data(struct fw_priv * fw_priv,struct firmware * fw)608  static void fw_set_page_data(struct fw_priv *fw_priv, struct firmware *fw)
609  {
610  	fw->priv = fw_priv;
611  	fw->size = fw_priv->size;
612  	fw->data = fw_priv->data;
613  
614  	pr_debug("%s: fw-%s fw_priv=%p data=%p size=%u\n",
615  		 __func__, fw_priv->fw_name, fw_priv, fw_priv->data,
616  		 (unsigned int)fw_priv->size);
617  }
618  
619  #ifdef CONFIG_FW_CACHE
fw_name_devm_release(struct device * dev,void * res)620  static void fw_name_devm_release(struct device *dev, void *res)
621  {
622  	struct fw_name_devm *fwn = res;
623  
624  	if (fwn->magic == (unsigned long)&fw_cache)
625  		pr_debug("%s: fw_name-%s devm-%p released\n",
626  				__func__, fwn->name, res);
627  	kfree_const(fwn->name);
628  }
629  
fw_devm_match(struct device * dev,void * res,void * match_data)630  static int fw_devm_match(struct device *dev, void *res,
631  		void *match_data)
632  {
633  	struct fw_name_devm *fwn = res;
634  
635  	return (fwn->magic == (unsigned long)&fw_cache) &&
636  		!strcmp(fwn->name, match_data);
637  }
638  
fw_find_devm_name(struct device * dev,const char * name)639  static struct fw_name_devm *fw_find_devm_name(struct device *dev,
640  		const char *name)
641  {
642  	struct fw_name_devm *fwn;
643  
644  	fwn = devres_find(dev, fw_name_devm_release,
645  			  fw_devm_match, (void *)name);
646  	return fwn;
647  }
648  
fw_cache_is_setup(struct device * dev,const char * name)649  static bool fw_cache_is_setup(struct device *dev, const char *name)
650  {
651  	struct fw_name_devm *fwn;
652  
653  	fwn = fw_find_devm_name(dev, name);
654  	if (fwn)
655  		return true;
656  
657  	return false;
658  }
659  
660  /* add firmware name into devres list */
fw_add_devm_name(struct device * dev,const char * name)661  static int fw_add_devm_name(struct device *dev, const char *name)
662  {
663  	struct fw_name_devm *fwn;
664  
665  	if (fw_cache_is_setup(dev, name))
666  		return 0;
667  
668  	fwn = devres_alloc(fw_name_devm_release, sizeof(struct fw_name_devm),
669  			   GFP_KERNEL);
670  	if (!fwn)
671  		return -ENOMEM;
672  	fwn->name = kstrdup_const(name, GFP_KERNEL);
673  	if (!fwn->name) {
674  		devres_free(fwn);
675  		return -ENOMEM;
676  	}
677  
678  	fwn->magic = (unsigned long)&fw_cache;
679  	devres_add(dev, fwn);
680  
681  	return 0;
682  }
683  #else
fw_cache_is_setup(struct device * dev,const char * name)684  static bool fw_cache_is_setup(struct device *dev, const char *name)
685  {
686  	return false;
687  }
688  
fw_add_devm_name(struct device * dev,const char * name)689  static int fw_add_devm_name(struct device *dev, const char *name)
690  {
691  	return 0;
692  }
693  #endif
694  
assign_fw(struct firmware * fw,struct device * device)695  int assign_fw(struct firmware *fw, struct device *device)
696  {
697  	struct fw_priv *fw_priv = fw->priv;
698  	int ret;
699  
700  	mutex_lock(&fw_lock);
701  	if (!fw_priv->size || fw_state_is_aborted(fw_priv)) {
702  		mutex_unlock(&fw_lock);
703  		return -ENOENT;
704  	}
705  
706  	/*
707  	 * add firmware name into devres list so that we can auto cache
708  	 * and uncache firmware for device.
709  	 *
710  	 * device may has been deleted already, but the problem
711  	 * should be fixed in devres or driver core.
712  	 */
713  	/* don't cache firmware handled without uevent */
714  	if (device && (fw_priv->opt_flags & FW_OPT_UEVENT) &&
715  	    !(fw_priv->opt_flags & FW_OPT_NOCACHE)) {
716  		ret = fw_add_devm_name(device, fw_priv->fw_name);
717  		if (ret) {
718  			mutex_unlock(&fw_lock);
719  			return ret;
720  		}
721  	}
722  
723  	/*
724  	 * After caching firmware image is started, let it piggyback
725  	 * on request firmware.
726  	 */
727  	if (!(fw_priv->opt_flags & FW_OPT_NOCACHE) &&
728  	    fw_priv->fwc->state == FW_LOADER_START_CACHE)
729  		fw_cache_piggyback_on_request(fw_priv);
730  
731  	/* pass the pages buffer to driver at the last minute */
732  	fw_set_page_data(fw_priv, fw);
733  	mutex_unlock(&fw_lock);
734  	return 0;
735  }
736  
737  /* prepare firmware and firmware_buf structs;
738   * return 0 if a firmware is already assigned, 1 if need to load one,
739   * or a negative error code
740   */
741  static int
_request_firmware_prepare(struct firmware ** firmware_p,const char * name,struct device * device,void * dbuf,size_t size,size_t offset,u32 opt_flags)742  _request_firmware_prepare(struct firmware **firmware_p, const char *name,
743  			  struct device *device, void *dbuf, size_t size,
744  			  size_t offset, u32 opt_flags)
745  {
746  	struct firmware *firmware;
747  	struct fw_priv *fw_priv;
748  	int ret;
749  
750  	*firmware_p = firmware = kzalloc(sizeof(*firmware), GFP_KERNEL);
751  	if (!firmware) {
752  		dev_err(device, "%s: kmalloc(struct firmware) failed\n",
753  			__func__);
754  		return -ENOMEM;
755  	}
756  
757  	if (firmware_request_builtin_buf(firmware, name, dbuf, size)) {
758  		dev_dbg(device, "using built-in %s\n", name);
759  		return 0; /* assigned */
760  	}
761  
762  	ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size,
763  				   offset, opt_flags);
764  
765  	/*
766  	 * bind with 'priv' now to avoid warning in failure path
767  	 * of requesting firmware.
768  	 */
769  	firmware->priv = fw_priv;
770  
771  	if (ret > 0) {
772  		ret = fw_state_wait(fw_priv);
773  		if (!ret) {
774  			fw_set_page_data(fw_priv, firmware);
775  			return 0; /* assigned */
776  		}
777  	}
778  
779  	if (ret < 0)
780  		return ret;
781  	return 1; /* need to load */
782  }
783  
784  /*
785   * Batched requests need only one wake, we need to do this step last due to the
786   * fallback mechanism. The buf is protected with kref_get(), and it won't be
787   * released until the last user calls release_firmware().
788   *
789   * Failed batched requests are possible as well, in such cases we just share
790   * the struct fw_priv and won't release it until all requests are woken
791   * and have gone through this same path.
792   */
fw_abort_batch_reqs(struct firmware * fw)793  static void fw_abort_batch_reqs(struct firmware *fw)
794  {
795  	struct fw_priv *fw_priv;
796  
797  	/* Loaded directly? */
798  	if (!fw || !fw->priv)
799  		return;
800  
801  	fw_priv = fw->priv;
802  	mutex_lock(&fw_lock);
803  	if (!fw_state_is_aborted(fw_priv))
804  		fw_state_aborted(fw_priv);
805  	mutex_unlock(&fw_lock);
806  }
807  
808  #if defined(CONFIG_FW_LOADER_DEBUG)
809  #include <crypto/hash.h>
810  #include <crypto/sha2.h>
811  
fw_log_firmware_info(const struct firmware * fw,const char * name,struct device * device)812  static void fw_log_firmware_info(const struct firmware *fw, const char *name, struct device *device)
813  {
814  	struct shash_desc *shash;
815  	struct crypto_shash *alg;
816  	u8 *sha256buf;
817  	char *outbuf;
818  
819  	alg = crypto_alloc_shash("sha256", 0, 0);
820  	if (IS_ERR(alg))
821  		return;
822  
823  	sha256buf = kmalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
824  	outbuf = kmalloc(SHA256_BLOCK_SIZE + 1, GFP_KERNEL);
825  	shash = kmalloc(sizeof(*shash) + crypto_shash_descsize(alg), GFP_KERNEL);
826  	if (!sha256buf || !outbuf || !shash)
827  		goto out_free;
828  
829  	shash->tfm = alg;
830  
831  	if (crypto_shash_digest(shash, fw->data, fw->size, sha256buf) < 0)
832  		goto out_free;
833  
834  	for (int i = 0; i < SHA256_DIGEST_SIZE; i++)
835  		sprintf(&outbuf[i * 2], "%02x", sha256buf[i]);
836  	outbuf[SHA256_BLOCK_SIZE] = 0;
837  	dev_dbg(device, "Loaded FW: %s, sha256: %s\n", name, outbuf);
838  
839  out_free:
840  	kfree(shash);
841  	kfree(outbuf);
842  	kfree(sha256buf);
843  	crypto_free_shash(alg);
844  }
845  #else
fw_log_firmware_info(const struct firmware * fw,const char * name,struct device * device)846  static void fw_log_firmware_info(const struct firmware *fw, const char *name,
847  				 struct device *device)
848  {}
849  #endif
850  
851  /*
852   * Reject firmware file names with ".." path components.
853   * There are drivers that construct firmware file names from device-supplied
854   * strings, and we don't want some device to be able to tell us "I would like to
855   * be sent my firmware from ../../../etc/shadow, please".
856   *
857   * Search for ".." surrounded by either '/' or start/end of string.
858   *
859   * This intentionally only looks at the firmware name, not at the firmware base
860   * directory or at symlink contents.
861   */
name_contains_dotdot(const char * name)862  static bool name_contains_dotdot(const char *name)
863  {
864  	size_t name_len = strlen(name);
865  
866  	return strcmp(name, "..") == 0 || strncmp(name, "../", 3) == 0 ||
867  	       strstr(name, "/../") != NULL ||
868  	       (name_len >= 3 && strcmp(name+name_len-3, "/..") == 0);
869  }
870  
871  /* called from request_firmware() and request_firmware_work_func() */
872  static int
_request_firmware(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size,size_t offset,u32 opt_flags)873  _request_firmware(const struct firmware **firmware_p, const char *name,
874  		  struct device *device, void *buf, size_t size,
875  		  size_t offset, u32 opt_flags)
876  {
877  	struct firmware *fw = NULL;
878  	struct cred *kern_cred = NULL;
879  	const struct cred *old_cred;
880  	bool nondirect = false;
881  	int ret;
882  
883  	if (!firmware_p)
884  		return -EINVAL;
885  
886  	if (!name || name[0] == '\0') {
887  		ret = -EINVAL;
888  		goto out;
889  	}
890  
891  	if (name_contains_dotdot(name)) {
892  		dev_warn(device,
893  			 "Firmware load for '%s' refused, path contains '..' component\n",
894  			 name);
895  		ret = -EINVAL;
896  		goto out;
897  	}
898  
899  	ret = _request_firmware_prepare(&fw, name, device, buf, size,
900  					offset, opt_flags);
901  	if (ret <= 0) /* error or already assigned */
902  		goto out;
903  
904  	/*
905  	 * We are about to try to access the firmware file. Because we may have been
906  	 * called by a driver when serving an unrelated request from userland, we use
907  	 * the kernel credentials to read the file.
908  	 */
909  	kern_cred = prepare_kernel_cred(&init_task);
910  	if (!kern_cred) {
911  		ret = -ENOMEM;
912  		goto out;
913  	}
914  	old_cred = override_creds(kern_cred);
915  
916  	ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL);
917  
918  	/* Only full reads can support decompression, platform, and sysfs. */
919  	if (!(opt_flags & FW_OPT_PARTIAL))
920  		nondirect = true;
921  
922  #ifdef CONFIG_FW_LOADER_COMPRESS_ZSTD
923  	if (ret == -ENOENT && nondirect)
924  		ret = fw_get_filesystem_firmware(device, fw->priv, ".zst",
925  						 fw_decompress_zstd);
926  #endif
927  #ifdef CONFIG_FW_LOADER_COMPRESS_XZ
928  	if (ret == -ENOENT && nondirect)
929  		ret = fw_get_filesystem_firmware(device, fw->priv, ".xz",
930  						 fw_decompress_xz);
931  #endif
932  	if (ret == -ENOENT && nondirect)
933  		ret = firmware_fallback_platform(fw->priv);
934  
935  	if (ret) {
936  		if (!(opt_flags & FW_OPT_NO_WARN))
937  			dev_warn(device,
938  				 "Direct firmware load for %s failed with error %d\n",
939  				 name, ret);
940  		if (nondirect)
941  			ret = firmware_fallback_sysfs(fw, name, device,
942  						      opt_flags, ret);
943  	} else
944  		ret = assign_fw(fw, device);
945  
946  	revert_creds(old_cred);
947  	put_cred(kern_cred);
948  
949  out:
950  	if (ret < 0) {
951  		fw_abort_batch_reqs(fw);
952  		release_firmware(fw);
953  		fw = NULL;
954  	} else {
955  		fw_log_firmware_info(fw, name, device);
956  	}
957  
958  	*firmware_p = fw;
959  	return ret;
960  }
961  
962  /**
963   * request_firmware() - send firmware request and wait for it
964   * @firmware_p: pointer to firmware image
965   * @name: name of firmware file
966   * @device: device for which firmware is being loaded
967   *
968   *      @firmware_p will be used to return a firmware image by the name
969   *      of @name for device @device.
970   *
971   *      Should be called from user context where sleeping is allowed.
972   *
973   *      @name will be used as $FIRMWARE in the uevent environment and
974   *      should be distinctive enough not to be confused with any other
975   *      firmware image for this or any other device.
976   *	It must not contain any ".." path components - "foo/bar..bin" is
977   *	allowed, but "foo/../bar.bin" is not.
978   *
979   *	Caller must hold the reference count of @device.
980   *
981   *	The function can be called safely inside device's suspend and
982   *	resume callback.
983   **/
984  int
request_firmware(const struct firmware ** firmware_p,const char * name,struct device * device)985  request_firmware(const struct firmware **firmware_p, const char *name,
986  		 struct device *device)
987  {
988  	int ret;
989  
990  	/* Need to pin this module until return */
991  	__module_get(THIS_MODULE);
992  	ret = _request_firmware(firmware_p, name, device, NULL, 0, 0,
993  				FW_OPT_UEVENT);
994  	module_put(THIS_MODULE);
995  	return ret;
996  }
997  EXPORT_SYMBOL(request_firmware);
998  
999  /**
1000   * firmware_request_nowarn() - request for an optional fw module
1001   * @firmware: pointer to firmware image
1002   * @name: name of firmware file
1003   * @device: device for which firmware is being loaded
1004   *
1005   * This function is similar in behaviour to request_firmware(), except it
1006   * doesn't produce warning messages when the file is not found. The sysfs
1007   * fallback mechanism is enabled if direct filesystem lookup fails. However,
1008   * failures to find the firmware file with it are still suppressed. It is
1009   * therefore up to the driver to check for the return value of this call and to
1010   * decide when to inform the users of errors.
1011   **/
firmware_request_nowarn(const struct firmware ** firmware,const char * name,struct device * device)1012  int firmware_request_nowarn(const struct firmware **firmware, const char *name,
1013  			    struct device *device)
1014  {
1015  	int ret;
1016  
1017  	/* Need to pin this module until return */
1018  	__module_get(THIS_MODULE);
1019  	ret = _request_firmware(firmware, name, device, NULL, 0, 0,
1020  				FW_OPT_UEVENT | FW_OPT_NO_WARN);
1021  	module_put(THIS_MODULE);
1022  	return ret;
1023  }
1024  EXPORT_SYMBOL_GPL(firmware_request_nowarn);
1025  
1026  /**
1027   * request_firmware_direct() - load firmware directly without usermode helper
1028   * @firmware_p: pointer to firmware image
1029   * @name: name of firmware file
1030   * @device: device for which firmware is being loaded
1031   *
1032   * This function works pretty much like request_firmware(), but this doesn't
1033   * fall back to usermode helper even if the firmware couldn't be loaded
1034   * directly from fs.  Hence it's useful for loading optional firmwares, which
1035   * aren't always present, without extra long timeouts of udev.
1036   **/
request_firmware_direct(const struct firmware ** firmware_p,const char * name,struct device * device)1037  int request_firmware_direct(const struct firmware **firmware_p,
1038  			    const char *name, struct device *device)
1039  {
1040  	int ret;
1041  
1042  	__module_get(THIS_MODULE);
1043  	ret = _request_firmware(firmware_p, name, device, NULL, 0, 0,
1044  				FW_OPT_UEVENT | FW_OPT_NO_WARN |
1045  				FW_OPT_NOFALLBACK_SYSFS);
1046  	module_put(THIS_MODULE);
1047  	return ret;
1048  }
1049  EXPORT_SYMBOL_GPL(request_firmware_direct);
1050  
1051  /**
1052   * firmware_request_platform() - request firmware with platform-fw fallback
1053   * @firmware: pointer to firmware image
1054   * @name: name of firmware file
1055   * @device: device for which firmware is being loaded
1056   *
1057   * This function is similar in behaviour to request_firmware, except that if
1058   * direct filesystem lookup fails, it will fallback to looking for a copy of the
1059   * requested firmware embedded in the platform's main (e.g. UEFI) firmware.
1060   **/
firmware_request_platform(const struct firmware ** firmware,const char * name,struct device * device)1061  int firmware_request_platform(const struct firmware **firmware,
1062  			      const char *name, struct device *device)
1063  {
1064  	int ret;
1065  
1066  	/* Need to pin this module until return */
1067  	__module_get(THIS_MODULE);
1068  	ret = _request_firmware(firmware, name, device, NULL, 0, 0,
1069  				FW_OPT_UEVENT | FW_OPT_FALLBACK_PLATFORM);
1070  	module_put(THIS_MODULE);
1071  	return ret;
1072  }
1073  EXPORT_SYMBOL_GPL(firmware_request_platform);
1074  
1075  /**
1076   * firmware_request_cache() - cache firmware for suspend so resume can use it
1077   * @device: device for which firmware should be cached for
1078   * @name: name of firmware file
1079   *
1080   * There are some devices with an optimization that enables the device to not
1081   * require loading firmware on system reboot. This optimization may still
1082   * require the firmware present on resume from suspend. This routine can be
1083   * used to ensure the firmware is present on resume from suspend in these
1084   * situations. This helper is not compatible with drivers which use
1085   * request_firmware_into_buf() or request_firmware_nowait() with no uevent set.
1086   **/
firmware_request_cache(struct device * device,const char * name)1087  int firmware_request_cache(struct device *device, const char *name)
1088  {
1089  	int ret;
1090  
1091  	mutex_lock(&fw_lock);
1092  	ret = fw_add_devm_name(device, name);
1093  	mutex_unlock(&fw_lock);
1094  
1095  	return ret;
1096  }
1097  EXPORT_SYMBOL_GPL(firmware_request_cache);
1098  
1099  /**
1100   * request_firmware_into_buf() - load firmware into a previously allocated buffer
1101   * @firmware_p: pointer to firmware image
1102   * @name: name of firmware file
1103   * @device: device for which firmware is being loaded and DMA region allocated
1104   * @buf: address of buffer to load firmware into
1105   * @size: size of buffer
1106   *
1107   * This function works pretty much like request_firmware(), but it doesn't
1108   * allocate a buffer to hold the firmware data. Instead, the firmware
1109   * is loaded directly into the buffer pointed to by @buf and the @firmware_p
1110   * data member is pointed at @buf.
1111   *
1112   * This function doesn't cache firmware either.
1113   */
1114  int
request_firmware_into_buf(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size)1115  request_firmware_into_buf(const struct firmware **firmware_p, const char *name,
1116  			  struct device *device, void *buf, size_t size)
1117  {
1118  	int ret;
1119  
1120  	if (fw_cache_is_setup(device, name))
1121  		return -EOPNOTSUPP;
1122  
1123  	__module_get(THIS_MODULE);
1124  	ret = _request_firmware(firmware_p, name, device, buf, size, 0,
1125  				FW_OPT_UEVENT | FW_OPT_NOCACHE);
1126  	module_put(THIS_MODULE);
1127  	return ret;
1128  }
1129  EXPORT_SYMBOL(request_firmware_into_buf);
1130  
1131  /**
1132   * request_partial_firmware_into_buf() - load partial firmware into a previously allocated buffer
1133   * @firmware_p: pointer to firmware image
1134   * @name: name of firmware file
1135   * @device: device for which firmware is being loaded and DMA region allocated
1136   * @buf: address of buffer to load firmware into
1137   * @size: size of buffer
1138   * @offset: offset into file to read
1139   *
1140   * This function works pretty much like request_firmware_into_buf except
1141   * it allows a partial read of the file.
1142   */
1143  int
request_partial_firmware_into_buf(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size,size_t offset)1144  request_partial_firmware_into_buf(const struct firmware **firmware_p,
1145  				  const char *name, struct device *device,
1146  				  void *buf, size_t size, size_t offset)
1147  {
1148  	int ret;
1149  
1150  	if (fw_cache_is_setup(device, name))
1151  		return -EOPNOTSUPP;
1152  
1153  	__module_get(THIS_MODULE);
1154  	ret = _request_firmware(firmware_p, name, device, buf, size, offset,
1155  				FW_OPT_UEVENT | FW_OPT_NOCACHE |
1156  				FW_OPT_PARTIAL);
1157  	module_put(THIS_MODULE);
1158  	return ret;
1159  }
1160  EXPORT_SYMBOL(request_partial_firmware_into_buf);
1161  
1162  /**
1163   * release_firmware() - release the resource associated with a firmware image
1164   * @fw: firmware resource to release
1165   **/
release_firmware(const struct firmware * fw)1166  void release_firmware(const struct firmware *fw)
1167  {
1168  	if (fw) {
1169  		if (!firmware_is_builtin(fw))
1170  			firmware_free_data(fw);
1171  		kfree(fw);
1172  	}
1173  }
1174  EXPORT_SYMBOL(release_firmware);
1175  
1176  /* Async support */
1177  struct firmware_work {
1178  	struct work_struct work;
1179  	struct module *module;
1180  	const char *name;
1181  	struct device *device;
1182  	void *context;
1183  	void (*cont)(const struct firmware *fw, void *context);
1184  	u32 opt_flags;
1185  };
1186  
request_firmware_work_func(struct work_struct * work)1187  static void request_firmware_work_func(struct work_struct *work)
1188  {
1189  	struct firmware_work *fw_work;
1190  	const struct firmware *fw;
1191  
1192  	fw_work = container_of(work, struct firmware_work, work);
1193  
1194  	_request_firmware(&fw, fw_work->name, fw_work->device, NULL, 0, 0,
1195  			  fw_work->opt_flags);
1196  	fw_work->cont(fw, fw_work->context);
1197  	put_device(fw_work->device); /* taken in request_firmware_nowait() */
1198  
1199  	module_put(fw_work->module);
1200  	kfree_const(fw_work->name);
1201  	kfree(fw_work);
1202  }
1203  
1204  
_request_firmware_nowait(struct module * module,bool uevent,const char * name,struct device * device,gfp_t gfp,void * context,void (* cont)(const struct firmware * fw,void * context),bool nowarn)1205  static int _request_firmware_nowait(
1206  	struct module *module, bool uevent,
1207  	const char *name, struct device *device, gfp_t gfp, void *context,
1208  	void (*cont)(const struct firmware *fw, void *context), bool nowarn)
1209  {
1210  	struct firmware_work *fw_work;
1211  
1212  	fw_work = kzalloc(sizeof(struct firmware_work), gfp);
1213  	if (!fw_work)
1214  		return -ENOMEM;
1215  
1216  	fw_work->module = module;
1217  	fw_work->name = kstrdup_const(name, gfp);
1218  	if (!fw_work->name) {
1219  		kfree(fw_work);
1220  		return -ENOMEM;
1221  	}
1222  	fw_work->device = device;
1223  	fw_work->context = context;
1224  	fw_work->cont = cont;
1225  	fw_work->opt_flags = FW_OPT_NOWAIT |
1226  		(uevent ? FW_OPT_UEVENT : FW_OPT_USERHELPER) |
1227  		(nowarn ? FW_OPT_NO_WARN : 0);
1228  
1229  	if (!uevent && fw_cache_is_setup(device, name)) {
1230  		kfree_const(fw_work->name);
1231  		kfree(fw_work);
1232  		return -EOPNOTSUPP;
1233  	}
1234  
1235  	if (!try_module_get(module)) {
1236  		kfree_const(fw_work->name);
1237  		kfree(fw_work);
1238  		return -EFAULT;
1239  	}
1240  
1241  	get_device(fw_work->device);
1242  	INIT_WORK(&fw_work->work, request_firmware_work_func);
1243  	schedule_work(&fw_work->work);
1244  	return 0;
1245  }
1246  
1247  /**
1248   * request_firmware_nowait() - asynchronous version of request_firmware
1249   * @module: module requesting the firmware
1250   * @uevent: sends uevent to copy the firmware image if this flag
1251   *	is non-zero else the firmware copy must be done manually.
1252   * @name: name of firmware file
1253   * @device: device for which firmware is being loaded
1254   * @gfp: allocation flags
1255   * @context: will be passed over to @cont, and
1256   *	@fw may be %NULL if firmware request fails.
1257   * @cont: function will be called asynchronously when the firmware
1258   *	request is over.
1259   *
1260   *	Caller must hold the reference count of @device.
1261   *
1262   *	Asynchronous variant of request_firmware() for user contexts:
1263   *		- sleep for as small periods as possible since it may
1264   *		  increase kernel boot time of built-in device drivers
1265   *		  requesting firmware in their ->probe() methods, if
1266   *		  @gfp is GFP_KERNEL.
1267   *
1268   *		- can't sleep at all if @gfp is GFP_ATOMIC.
1269   **/
request_firmware_nowait(struct module * module,bool uevent,const char * name,struct device * device,gfp_t gfp,void * context,void (* cont)(const struct firmware * fw,void * context))1270  int request_firmware_nowait(
1271  	struct module *module, bool uevent,
1272  	const char *name, struct device *device, gfp_t gfp, void *context,
1273  	void (*cont)(const struct firmware *fw, void *context))
1274  {
1275  	return _request_firmware_nowait(module, uevent, name, device, gfp,
1276  					context, cont, false);
1277  
1278  }
1279  EXPORT_SYMBOL(request_firmware_nowait);
1280  
1281  /**
1282   * firmware_request_nowait_nowarn() - async version of request_firmware_nowarn
1283   * @module: module requesting the firmware
1284   * @name: name of firmware file
1285   * @device: device for which firmware is being loaded
1286   * @gfp: allocation flags
1287   * @context: will be passed over to @cont, and
1288   *	@fw may be %NULL if firmware request fails.
1289   * @cont: function will be called asynchronously when the firmware
1290   *	request is over.
1291   *
1292   * Similar in function to request_firmware_nowait(), but doesn't print a warning
1293   * when the firmware file could not be found and always sends a uevent to copy
1294   * the firmware image.
1295   */
firmware_request_nowait_nowarn(struct module * module,const char * name,struct device * device,gfp_t gfp,void * context,void (* cont)(const struct firmware * fw,void * context))1296  int firmware_request_nowait_nowarn(
1297  	struct module *module, const char *name,
1298  	struct device *device, gfp_t gfp, void *context,
1299  	void (*cont)(const struct firmware *fw, void *context))
1300  {
1301  	return _request_firmware_nowait(module, FW_ACTION_UEVENT, name, device,
1302  					gfp, context, cont, true);
1303  }
1304  EXPORT_SYMBOL_GPL(firmware_request_nowait_nowarn);
1305  
1306  #ifdef CONFIG_FW_CACHE
1307  static ASYNC_DOMAIN_EXCLUSIVE(fw_cache_domain);
1308  
1309  /**
1310   * cache_firmware() - cache one firmware image in kernel memory space
1311   * @fw_name: the firmware image name
1312   *
1313   * Cache firmware in kernel memory so that drivers can use it when
1314   * system isn't ready for them to request firmware image from userspace.
1315   * Once it returns successfully, driver can use request_firmware or its
1316   * nowait version to get the cached firmware without any interacting
1317   * with userspace
1318   *
1319   * Return 0 if the firmware image has been cached successfully
1320   * Return !0 otherwise
1321   *
1322   */
cache_firmware(const char * fw_name)1323  static int cache_firmware(const char *fw_name)
1324  {
1325  	int ret;
1326  	const struct firmware *fw;
1327  
1328  	pr_debug("%s: %s\n", __func__, fw_name);
1329  
1330  	ret = request_firmware(&fw, fw_name, NULL);
1331  	if (!ret)
1332  		kfree(fw);
1333  
1334  	pr_debug("%s: %s ret=%d\n", __func__, fw_name, ret);
1335  
1336  	return ret;
1337  }
1338  
lookup_fw_priv(const char * fw_name)1339  static struct fw_priv *lookup_fw_priv(const char *fw_name)
1340  {
1341  	struct fw_priv *tmp;
1342  	struct firmware_cache *fwc = &fw_cache;
1343  
1344  	spin_lock(&fwc->lock);
1345  	tmp = __lookup_fw_priv(fw_name);
1346  	spin_unlock(&fwc->lock);
1347  
1348  	return tmp;
1349  }
1350  
1351  /**
1352   * uncache_firmware() - remove one cached firmware image
1353   * @fw_name: the firmware image name
1354   *
1355   * Uncache one firmware image which has been cached successfully
1356   * before.
1357   *
1358   * Return 0 if the firmware cache has been removed successfully
1359   * Return !0 otherwise
1360   *
1361   */
uncache_firmware(const char * fw_name)1362  static int uncache_firmware(const char *fw_name)
1363  {
1364  	struct fw_priv *fw_priv;
1365  	struct firmware fw;
1366  
1367  	pr_debug("%s: %s\n", __func__, fw_name);
1368  
1369  	if (firmware_request_builtin(&fw, fw_name))
1370  		return 0;
1371  
1372  	fw_priv = lookup_fw_priv(fw_name);
1373  	if (fw_priv) {
1374  		free_fw_priv(fw_priv);
1375  		return 0;
1376  	}
1377  
1378  	return -EINVAL;
1379  }
1380  
alloc_fw_cache_entry(const char * name)1381  static struct fw_cache_entry *alloc_fw_cache_entry(const char *name)
1382  {
1383  	struct fw_cache_entry *fce;
1384  
1385  	fce = kzalloc(sizeof(*fce), GFP_ATOMIC);
1386  	if (!fce)
1387  		goto exit;
1388  
1389  	fce->name = kstrdup_const(name, GFP_ATOMIC);
1390  	if (!fce->name) {
1391  		kfree(fce);
1392  		fce = NULL;
1393  		goto exit;
1394  	}
1395  exit:
1396  	return fce;
1397  }
1398  
__fw_entry_found(const char * name)1399  static int __fw_entry_found(const char *name)
1400  {
1401  	struct firmware_cache *fwc = &fw_cache;
1402  	struct fw_cache_entry *fce;
1403  
1404  	list_for_each_entry(fce, &fwc->fw_names, list) {
1405  		if (!strcmp(fce->name, name))
1406  			return 1;
1407  	}
1408  	return 0;
1409  }
1410  
fw_cache_piggyback_on_request(struct fw_priv * fw_priv)1411  static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv)
1412  {
1413  	const char *name = fw_priv->fw_name;
1414  	struct firmware_cache *fwc = fw_priv->fwc;
1415  	struct fw_cache_entry *fce;
1416  
1417  	spin_lock(&fwc->name_lock);
1418  	if (__fw_entry_found(name))
1419  		goto found;
1420  
1421  	fce = alloc_fw_cache_entry(name);
1422  	if (fce) {
1423  		list_add(&fce->list, &fwc->fw_names);
1424  		kref_get(&fw_priv->ref);
1425  		pr_debug("%s: fw: %s\n", __func__, name);
1426  	}
1427  found:
1428  	spin_unlock(&fwc->name_lock);
1429  }
1430  
free_fw_cache_entry(struct fw_cache_entry * fce)1431  static void free_fw_cache_entry(struct fw_cache_entry *fce)
1432  {
1433  	kfree_const(fce->name);
1434  	kfree(fce);
1435  }
1436  
__async_dev_cache_fw_image(void * fw_entry,async_cookie_t cookie)1437  static void __async_dev_cache_fw_image(void *fw_entry,
1438  				       async_cookie_t cookie)
1439  {
1440  	struct fw_cache_entry *fce = fw_entry;
1441  	struct firmware_cache *fwc = &fw_cache;
1442  	int ret;
1443  
1444  	ret = cache_firmware(fce->name);
1445  	if (ret) {
1446  		spin_lock(&fwc->name_lock);
1447  		list_del(&fce->list);
1448  		spin_unlock(&fwc->name_lock);
1449  
1450  		free_fw_cache_entry(fce);
1451  	}
1452  }
1453  
1454  /* called with dev->devres_lock held */
dev_create_fw_entry(struct device * dev,void * res,void * data)1455  static void dev_create_fw_entry(struct device *dev, void *res,
1456  				void *data)
1457  {
1458  	struct fw_name_devm *fwn = res;
1459  	const char *fw_name = fwn->name;
1460  	struct list_head *head = data;
1461  	struct fw_cache_entry *fce;
1462  
1463  	fce = alloc_fw_cache_entry(fw_name);
1464  	if (fce)
1465  		list_add(&fce->list, head);
1466  }
1467  
devm_name_match(struct device * dev,void * res,void * match_data)1468  static int devm_name_match(struct device *dev, void *res,
1469  			   void *match_data)
1470  {
1471  	struct fw_name_devm *fwn = res;
1472  	return (fwn->magic == (unsigned long)match_data);
1473  }
1474  
dev_cache_fw_image(struct device * dev,void * data)1475  static void dev_cache_fw_image(struct device *dev, void *data)
1476  {
1477  	LIST_HEAD(todo);
1478  	struct fw_cache_entry *fce;
1479  	struct fw_cache_entry *fce_next;
1480  	struct firmware_cache *fwc = &fw_cache;
1481  
1482  	devres_for_each_res(dev, fw_name_devm_release,
1483  			    devm_name_match, &fw_cache,
1484  			    dev_create_fw_entry, &todo);
1485  
1486  	list_for_each_entry_safe(fce, fce_next, &todo, list) {
1487  		list_del(&fce->list);
1488  
1489  		spin_lock(&fwc->name_lock);
1490  		/* only one cache entry for one firmware */
1491  		if (!__fw_entry_found(fce->name)) {
1492  			list_add(&fce->list, &fwc->fw_names);
1493  		} else {
1494  			free_fw_cache_entry(fce);
1495  			fce = NULL;
1496  		}
1497  		spin_unlock(&fwc->name_lock);
1498  
1499  		if (fce)
1500  			async_schedule_domain(__async_dev_cache_fw_image,
1501  					      (void *)fce,
1502  					      &fw_cache_domain);
1503  	}
1504  }
1505  
__device_uncache_fw_images(void)1506  static void __device_uncache_fw_images(void)
1507  {
1508  	struct firmware_cache *fwc = &fw_cache;
1509  	struct fw_cache_entry *fce;
1510  
1511  	spin_lock(&fwc->name_lock);
1512  	while (!list_empty(&fwc->fw_names)) {
1513  		fce = list_entry(fwc->fw_names.next,
1514  				struct fw_cache_entry, list);
1515  		list_del(&fce->list);
1516  		spin_unlock(&fwc->name_lock);
1517  
1518  		uncache_firmware(fce->name);
1519  		free_fw_cache_entry(fce);
1520  
1521  		spin_lock(&fwc->name_lock);
1522  	}
1523  	spin_unlock(&fwc->name_lock);
1524  }
1525  
1526  /**
1527   * device_cache_fw_images() - cache devices' firmware
1528   *
1529   * If one device called request_firmware or its nowait version
1530   * successfully before, the firmware names are recored into the
1531   * device's devres link list, so device_cache_fw_images can call
1532   * cache_firmware() to cache these firmwares for the device,
1533   * then the device driver can load its firmwares easily at
1534   * time when system is not ready to complete loading firmware.
1535   */
device_cache_fw_images(void)1536  static void device_cache_fw_images(void)
1537  {
1538  	struct firmware_cache *fwc = &fw_cache;
1539  	DEFINE_WAIT(wait);
1540  
1541  	pr_debug("%s\n", __func__);
1542  
1543  	/* cancel uncache work */
1544  	cancel_delayed_work_sync(&fwc->work);
1545  
1546  	fw_fallback_set_cache_timeout();
1547  
1548  	mutex_lock(&fw_lock);
1549  	fwc->state = FW_LOADER_START_CACHE;
1550  	dpm_for_each_dev(NULL, dev_cache_fw_image);
1551  	mutex_unlock(&fw_lock);
1552  
1553  	/* wait for completion of caching firmware for all devices */
1554  	async_synchronize_full_domain(&fw_cache_domain);
1555  
1556  	fw_fallback_set_default_timeout();
1557  }
1558  
1559  /**
1560   * device_uncache_fw_images() - uncache devices' firmware
1561   *
1562   * uncache all firmwares which have been cached successfully
1563   * by device_uncache_fw_images earlier
1564   */
device_uncache_fw_images(void)1565  static void device_uncache_fw_images(void)
1566  {
1567  	pr_debug("%s\n", __func__);
1568  	__device_uncache_fw_images();
1569  }
1570  
device_uncache_fw_images_work(struct work_struct * work)1571  static void device_uncache_fw_images_work(struct work_struct *work)
1572  {
1573  	device_uncache_fw_images();
1574  }
1575  
1576  /**
1577   * device_uncache_fw_images_delay() - uncache devices firmwares
1578   * @delay: number of milliseconds to delay uncache device firmwares
1579   *
1580   * uncache all devices's firmwares which has been cached successfully
1581   * by device_cache_fw_images after @delay milliseconds.
1582   */
device_uncache_fw_images_delay(unsigned long delay)1583  static void device_uncache_fw_images_delay(unsigned long delay)
1584  {
1585  	queue_delayed_work(system_power_efficient_wq, &fw_cache.work,
1586  			   msecs_to_jiffies(delay));
1587  }
1588  
fw_pm_notify(struct notifier_block * notify_block,unsigned long mode,void * unused)1589  static int fw_pm_notify(struct notifier_block *notify_block,
1590  			unsigned long mode, void *unused)
1591  {
1592  	switch (mode) {
1593  	case PM_HIBERNATION_PREPARE:
1594  	case PM_SUSPEND_PREPARE:
1595  	case PM_RESTORE_PREPARE:
1596  		/*
1597  		 * Here, kill pending fallback requests will only kill
1598  		 * non-uevent firmware request to avoid stalling suspend.
1599  		 */
1600  		kill_pending_fw_fallback_reqs(false);
1601  		device_cache_fw_images();
1602  		break;
1603  
1604  	case PM_POST_SUSPEND:
1605  	case PM_POST_HIBERNATION:
1606  	case PM_POST_RESTORE:
1607  		/*
1608  		 * In case that system sleep failed and syscore_suspend is
1609  		 * not called.
1610  		 */
1611  		mutex_lock(&fw_lock);
1612  		fw_cache.state = FW_LOADER_NO_CACHE;
1613  		mutex_unlock(&fw_lock);
1614  
1615  		device_uncache_fw_images_delay(10 * MSEC_PER_SEC);
1616  		break;
1617  	}
1618  
1619  	return 0;
1620  }
1621  
1622  /* stop caching firmware once syscore_suspend is reached */
fw_suspend(void)1623  static int fw_suspend(void)
1624  {
1625  	fw_cache.state = FW_LOADER_NO_CACHE;
1626  	return 0;
1627  }
1628  
1629  static struct syscore_ops fw_syscore_ops = {
1630  	.suspend = fw_suspend,
1631  };
1632  
register_fw_pm_ops(void)1633  static int __init register_fw_pm_ops(void)
1634  {
1635  	int ret;
1636  
1637  	spin_lock_init(&fw_cache.name_lock);
1638  	INIT_LIST_HEAD(&fw_cache.fw_names);
1639  
1640  	INIT_DELAYED_WORK(&fw_cache.work,
1641  			  device_uncache_fw_images_work);
1642  
1643  	fw_cache.pm_notify.notifier_call = fw_pm_notify;
1644  	ret = register_pm_notifier(&fw_cache.pm_notify);
1645  	if (ret)
1646  		return ret;
1647  
1648  	register_syscore_ops(&fw_syscore_ops);
1649  
1650  	return ret;
1651  }
1652  
unregister_fw_pm_ops(void)1653  static inline void unregister_fw_pm_ops(void)
1654  {
1655  	unregister_syscore_ops(&fw_syscore_ops);
1656  	unregister_pm_notifier(&fw_cache.pm_notify);
1657  }
1658  #else
fw_cache_piggyback_on_request(struct fw_priv * fw_priv)1659  static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv)
1660  {
1661  }
register_fw_pm_ops(void)1662  static inline int register_fw_pm_ops(void)
1663  {
1664  	return 0;
1665  }
unregister_fw_pm_ops(void)1666  static inline void unregister_fw_pm_ops(void)
1667  {
1668  }
1669  #endif
1670  
fw_cache_init(void)1671  static void __init fw_cache_init(void)
1672  {
1673  	spin_lock_init(&fw_cache.lock);
1674  	INIT_LIST_HEAD(&fw_cache.head);
1675  	fw_cache.state = FW_LOADER_NO_CACHE;
1676  }
1677  
fw_shutdown_notify(struct notifier_block * unused1,unsigned long unused2,void * unused3)1678  static int fw_shutdown_notify(struct notifier_block *unused1,
1679  			      unsigned long unused2, void *unused3)
1680  {
1681  	/*
1682  	 * Kill all pending fallback requests to avoid both stalling shutdown,
1683  	 * and avoid a deadlock with the usermode_lock.
1684  	 */
1685  	kill_pending_fw_fallback_reqs(true);
1686  
1687  	return NOTIFY_DONE;
1688  }
1689  
1690  static struct notifier_block fw_shutdown_nb = {
1691  	.notifier_call = fw_shutdown_notify,
1692  };
1693  
firmware_class_init(void)1694  static int __init firmware_class_init(void)
1695  {
1696  	int ret;
1697  
1698  	/* No need to unfold these on exit */
1699  	fw_cache_init();
1700  
1701  	ret = register_fw_pm_ops();
1702  	if (ret)
1703  		return ret;
1704  
1705  	ret = register_reboot_notifier(&fw_shutdown_nb);
1706  	if (ret)
1707  		goto out;
1708  
1709  	return register_sysfs_loader();
1710  
1711  out:
1712  	unregister_fw_pm_ops();
1713  	return ret;
1714  }
1715  
firmware_class_exit(void)1716  static void __exit firmware_class_exit(void)
1717  {
1718  	unregister_fw_pm_ops();
1719  	unregister_reboot_notifier(&fw_shutdown_nb);
1720  	unregister_sysfs_loader();
1721  }
1722  
1723  fs_initcall(firmware_class_init);
1724  module_exit(firmware_class_exit);
1725