subr_firmware.c revision 166756
1154974Smlaier/*- 2154974Smlaier * Copyright (c) 2005, Sam Leffler <sam@errno.com> 3154974Smlaier * All rights reserved. 4154974Smlaier * 5154974Smlaier * Redistribution and use in source and binary forms, with or without 6154974Smlaier * modification, are permitted provided that the following conditions 7154974Smlaier * are met: 8154974Smlaier * 1. Redistributions of source code must retain the above copyright 9154974Smlaier * notice unmodified, this list of conditions, and the following 10154974Smlaier * disclaimer. 11154974Smlaier * 2. Redistributions in binary form must reproduce the above copyright 12154974Smlaier * notice, this list of conditions and the following disclaimer in the 13154974Smlaier * documentation and/or other materials provided with the distribution. 14154974Smlaier * 15154974Smlaier * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16154974Smlaier * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17154974Smlaier * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18154974Smlaier * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19154974Smlaier * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20154974Smlaier * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21154974Smlaier * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22154974Smlaier * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23154974Smlaier * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24154974Smlaier * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25154974Smlaier */ 26154974Smlaier 27154974Smlaier#include <sys/cdefs.h> 28154974Smlaier__FBSDID("$FreeBSD: head/sys/kern/subr_firmware.c 166756 2007-02-15 17:21:31Z luigi $"); 29154974Smlaier 30154974Smlaier#include <sys/param.h> 31154974Smlaier#include <sys/kernel.h> 32154974Smlaier#include <sys/malloc.h> 33154974Smlaier#include <sys/queue.h> 34154974Smlaier#include <sys/taskqueue.h> 35154974Smlaier#include <sys/systm.h> 36154974Smlaier#include <sys/lock.h> 37154974Smlaier#include <sys/mutex.h> 38154974Smlaier#include <sys/errno.h> 39154974Smlaier#include <sys/linker.h> 40154974Smlaier#include <sys/firmware.h> 41164033Srwatson#include <sys/priv.h> 42154974Smlaier#include <sys/proc.h> 43154974Smlaier#include <sys/module.h> 44154974Smlaier 45166756Sluigi/* 46166756Sluigi * Loadable firmware support. See sys/sys/firmware.h and firmware(9) 47166756Sluigi * form more details on the subsystem. 48166756Sluigi * 49166756Sluigi * 'struct firmware' is the user-visible part of the firmware table. 50166756Sluigi * Additional internal information is stored in a 'struct priv_fw' 51166756Sluigi * (currently a static array). A slot is in use if FW_INUSE is true: 52166756Sluigi */ 53166756Sluigi 54166756Sluigi#define FW_INUSE(p) ((p)->file != NULL || (p)->fw.name != NULL) 55166756Sluigi 56166756Sluigi/* 57166756Sluigi * fw.name != NULL when an image is registered; file != NULL for 58166756Sluigi * autoloaded images whose handling has not been completed. 59166756Sluigi * 60166756Sluigi * The state of a slot evolves as follows: 61166756Sluigi * firmware_register --> fw.name = image_name 62166756Sluigi * (autoloaded image) --> file = module reference 63166756Sluigi * firmware_unregister --> fw.name = NULL 64166756Sluigi * (unloadentry complete) --> file = NULL 65166756Sluigi * 66166756Sluigi * In order for the above to work, the 'file' field must remain 67166756Sluigi * unchanged in firmware_unregister(). 68166756Sluigi * 69166756Sluigi * Images residing in the same module are linked to each other 70166756Sluigi * through the 'parent' argument of firmware_register(). 71166756Sluigi * One image (typically, one with the same name as the module to let 72166756Sluigi * the autoloading mechanism work) is considered the parent image for 73166756Sluigi * all other images in the same module. Children affect the refcount 74166756Sluigi * on the parent image preventing improper unloading of the image itself. 75166756Sluigi */ 76166756Sluigi 77166756Sluigistruct priv_fw { 78166756Sluigi int refcnt; /* reference count */ 79166756Sluigi 80166756Sluigi /* 81166756Sluigi * parent entry, see above. Set on firmware_register(), 82166756Sluigi * cleared on firmware_unregister(). 83166756Sluigi */ 84166756Sluigi struct priv_fw *parent; 85166756Sluigi 86166756Sluigi int flags; /* record FIRMWARE_UNLOAD requests */ 87166756Sluigi#define FW_UNLOAD 0x100 88166756Sluigi 89166756Sluigi /* 90166756Sluigi * 'file' is private info managed by the autoload/unload code. 91166756Sluigi * Set at the end of firmware_get(), cleared only in the 92166756Sluigi * firmware_task, so the latter can depend on its value even 93166756Sluigi * while the lock is not held. 94166756Sluigi */ 95166756Sluigi linker_file_t file; /* module file, if autoloaded */ 96166756Sluigi 97166756Sluigi /* 98166756Sluigi * 'fw' is the externally visible image information. 99166756Sluigi * We do not make it the first field in priv_fw, to avoid the 100166756Sluigi * temptation of casting pointers to each other. 101166756Sluigi * Use PRIV_FW(fw) to get a pointer to the cointainer of fw. 102166756Sluigi * Beware, PRIV_FW does not work for a NULL pointer. 103166756Sluigi */ 104166756Sluigi struct firmware fw; /* externally visible information */ 105166756Sluigi}; 106166756Sluigi 107166756Sluigi/* 108166756Sluigi * PRIV_FW returns the pointer to the container of struct firmware *x. 109166756Sluigi * Cast to intptr_t to override the 'const' attribute of x 110166756Sluigi */ 111166756Sluigi#define PRIV_FW(x) ((struct priv_fw *) \ 112166756Sluigi ((intptr_t)(x) - offsetof(struct priv_fw, fw)) ) 113166756Sluigi 114166756Sluigi/* 115166756Sluigi * At the moment we use a static array as backing store for the registry. 116166756Sluigi * Should we move to a dynamic structure, keep in mind that we cannot 117166756Sluigi * reallocate the array because pointers are held externally. 118166756Sluigi * A list may work, though. 119166756Sluigi */ 120154974Smlaier#define FIRMWARE_MAX 30 121166756Sluigistatic struct priv_fw firmware_table[FIRMWARE_MAX]; 122166756Sluigi 123166756Sluigi/* 124166756Sluigi * module release are handled in a separate task as they might sleep. 125166756Sluigi */ 126154974Smlaierstruct task firmware_task; 127166756Sluigi 128166756Sluigi/* 129166756Sluigi * This mutex protects accesses to the firmware table. 130166756Sluigi */ 131154974Smlaierstruct mtx firmware_mtx; 132154974SmlaierMTX_SYSINIT(firmware, &firmware_mtx, "firmware table", MTX_DEF); 133154974Smlaier 134154974Smlaier/* 135166756Sluigi * Helper function to lookup a name. 136166756Sluigi * As a side effect, it sets the pointer to a free slot, if any. 137166756Sluigi * This way we can concentrate most of the registry scanning in 138166756Sluigi * this function, which makes it easier to replace the registry 139166756Sluigi * with some other data structure. 140166756Sluigi */ 141166756Sluigistatic struct priv_fw * 142166756Sluigilookup(const char *name, struct priv_fw **empty_slot) 143166756Sluigi{ 144166756Sluigi struct priv_fw *fp = NULL; 145166756Sluigi struct priv_fw *dummy; 146166756Sluigi int i; 147166756Sluigi 148166756Sluigi if (empty_slot == NULL) 149166756Sluigi empty_slot = &dummy; 150166756Sluigi *empty_slot = NULL; 151166756Sluigi for (i = 0; i < FIRMWARE_MAX; i++) { 152166756Sluigi fp = &firmware_table[i]; 153166756Sluigi if (fp->fw.name != NULL && strcasecmp(name, fp->fw.name) == 0) 154166756Sluigi break; 155166756Sluigi else if (!FW_INUSE(fp)) 156166756Sluigi *empty_slot = fp; 157166756Sluigi } 158166756Sluigi return (i < FIRMWARE_MAX ) ? fp : NULL; 159166756Sluigi} 160166756Sluigi 161166756Sluigi/* 162154974Smlaier * Register a firmware image with the specified name. The 163154974Smlaier * image name must not already be registered. If this is a 164154974Smlaier * subimage then parent refers to a previously registered 165154974Smlaier * image that this should be associated with. 166154974Smlaier */ 167166756Sluigiconst struct firmware * 168154974Smlaierfirmware_register(const char *imagename, const void *data, size_t datasize, 169166756Sluigi unsigned int version, const struct firmware *parent) 170154974Smlaier{ 171166756Sluigi struct priv_fw *match, *frp; 172154974Smlaier 173154974Smlaier mtx_lock(&firmware_mtx); 174166756Sluigi /* 175166756Sluigi * Do a lookup to make sure the name is unique or find a free slot. 176166756Sluigi */ 177166756Sluigi match = lookup(imagename, &frp); 178166756Sluigi if (match != NULL) { 179166756Sluigi mtx_unlock(&firmware_mtx); 180166756Sluigi printf("%s: image %s already registered!\n", 181166756Sluigi __func__, imagename); 182166756Sluigi return NULL; 183154974Smlaier } 184154974Smlaier if (frp == NULL) { 185154974Smlaier mtx_unlock(&firmware_mtx); 186154974Smlaier printf("%s: cannot register image %s, firmware table full!\n", 187154974Smlaier __func__, imagename); 188154974Smlaier return NULL; 189154974Smlaier } 190166756Sluigi bzero(frp, sizeof(frp)); /* start from a clean record */ 191166756Sluigi frp->fw.name = imagename; 192166756Sluigi frp->fw.data = data; 193166756Sluigi frp->fw.datasize = datasize; 194166756Sluigi frp->fw.version = version; 195166756Sluigi if (parent != NULL) { 196166756Sluigi frp->parent = PRIV_FW(parent); 197166756Sluigi frp->parent->refcnt++; 198166756Sluigi } 199154974Smlaier mtx_unlock(&firmware_mtx); 200166465Smlaier if (bootverbose) 201166465Smlaier printf("firmware: '%s' version %u: %zu bytes loaded at %p\n", 202166465Smlaier imagename, version, datasize, data); 203166756Sluigi return &frp->fw; 204154974Smlaier} 205154974Smlaier 206154974Smlaier/* 207154974Smlaier * Unregister/remove a firmware image. If there are outstanding 208154974Smlaier * references an error is returned and the image is not removed 209154974Smlaier * from the registry. 210154974Smlaier */ 211154974Smlaierint 212154974Smlaierfirmware_unregister(const char *imagename) 213154974Smlaier{ 214166756Sluigi struct priv_fw *fp; 215166756Sluigi int err; 216154974Smlaier 217154974Smlaier mtx_lock(&firmware_mtx); 218166756Sluigi fp = lookup(imagename, NULL); 219166756Sluigi if (fp == NULL) { 220166756Sluigi /* 221166756Sluigi * It is ok for the lookup to fail; this can happen 222166756Sluigi * when a module is unloaded on last reference and the 223166756Sluigi * module unload handler unregister's each of it's 224166756Sluigi * firmware images. 225166756Sluigi */ 226166756Sluigi err = 0; 227166756Sluigi } else if (fp->refcnt != 0) { /* cannot unregister */ 228166756Sluigi err = EBUSY; 229166756Sluigi } else { 230166756Sluigi linker_file_t x = fp->file; /* save value */ 231166756Sluigi 232166756Sluigi if (fp->parent != NULL) /* release parent reference */ 233166756Sluigi fp->parent->refcnt--; 234166756Sluigi /* 235166756Sluigi * Clear the whole entry with bzero to make sure we 236166756Sluigi * do not forget anything. Then restore 'file' which is 237166756Sluigi * non-null for autoloaded images. 238166756Sluigi */ 239166756Sluigi bzero(fp, sizeof(struct priv_fw)); 240166756Sluigi fp->file = x; 241166756Sluigi err = 0; 242154974Smlaier } 243154974Smlaier mtx_unlock(&firmware_mtx); 244166756Sluigi return err; 245154974Smlaier} 246154974Smlaier 247154974Smlaier/* 248154974Smlaier * Lookup and potentially load the specified firmware image. 249166756Sluigi * If the firmware is not found in the registry, try to load a kernel 250166756Sluigi * module named as the image name. 251166756Sluigi * If the firmware is located, a reference is returned. The caller must 252166756Sluigi * release this reference for the image to be eligible for removal/unload. 253154974Smlaier */ 254166756Sluigiconst struct firmware * 255154974Smlaierfirmware_get(const char *imagename) 256154974Smlaier{ 257154974Smlaier struct thread *td; 258166756Sluigi struct priv_fw *fp; 259154974Smlaier linker_file_t result; 260154974Smlaier 261154974Smlaier mtx_lock(&firmware_mtx); 262166756Sluigi fp = lookup(imagename, NULL); 263166756Sluigi if (fp != NULL) 264166756Sluigi goto found; 265154974Smlaier /* 266166756Sluigi * Image not present, try to load the module holding it. 267154974Smlaier */ 268154974Smlaier mtx_unlock(&firmware_mtx); 269154974Smlaier td = curthread; 270164033Srwatson if (priv_check(td, PRIV_FIRMWARE_LOAD) != 0 || 271164033Srwatson securelevel_gt(td->td_ucred, 0) != 0) { 272154974Smlaier printf("%s: insufficient privileges to " 273154974Smlaier "load firmware image %s\n", __func__, imagename); 274154974Smlaier return NULL; 275154974Smlaier } 276154974Smlaier (void) linker_reference_module(imagename, NULL, &result); 277166756Sluigi /* 278166756Sluigi * After loading the module, see if the image is registered now. 279166756Sluigi */ 280154974Smlaier mtx_lock(&firmware_mtx); 281166756Sluigi fp = lookup(imagename, NULL); 282166756Sluigi if (fp == NULL) { 283154974Smlaier mtx_unlock(&firmware_mtx); 284166756Sluigi printf("%s: failed to load firmware image %s\n", 285166756Sluigi __func__, imagename); 286166756Sluigi (void) linker_release_module(imagename, NULL, NULL); 287166756Sluigi return NULL; 288166756Sluigi } 289166756Sluigi fp->file = result; /* record the module identity */ 290154974Smlaier 291166756Sluigifound: /* common exit point on success */ 292166756Sluigi fp->refcnt++; 293154974Smlaier mtx_unlock(&firmware_mtx); 294166756Sluigi return &fp->fw; 295154974Smlaier} 296154974Smlaier 297154974Smlaier/* 298166756Sluigi * Release a reference to a firmware image returned by firmware_get. 299166756Sluigi * The caller may specify, with the FIRMWARE_UNLOAD flag, its desire 300166756Sluigi * to release the resource, but the flag is only advisory. 301166756Sluigi * 302166756Sluigi * If this is the last reference to the firmware image, and this is an 303166756Sluigi * autoloaded module, wake up the firmware_task to figure out what to do 304166756Sluigi * with the associated module. 305154974Smlaier */ 306154974Smlaiervoid 307166756Sluigifirmware_put(const struct firmware *p, int flags) 308154974Smlaier{ 309166756Sluigi struct priv_fw *fp = PRIV_FW(p); 310166756Sluigi 311154974Smlaier mtx_lock(&firmware_mtx); 312154974Smlaier fp->refcnt--; 313159486Siedowse if (fp->refcnt == 0) { 314166756Sluigi if (flags & FIRMWARE_UNLOAD) 315166756Sluigi fp->flags |= FW_UNLOAD; 316166756Sluigi if (fp->file) 317166756Sluigi taskqueue_enqueue(taskqueue_thread, &firmware_task); 318159486Siedowse } 319154974Smlaier mtx_unlock(&firmware_mtx); 320154974Smlaier} 321154974Smlaier 322154974Smlaier/* 323166756Sluigi * The body of the task in charge of unloading autoloaded modules 324166756Sluigi * that are not needed anymore. 325166756Sluigi * Images can be cross-linked so we may need to make multiple passes, 326166756Sluigi * but the time we spend in the loop is bounded because we clear entries 327166756Sluigi * as we touch them. 328166756Sluigi */ 329166756Sluigistatic void 330166756Sluigiunloadentry(void *unused1, int unused2) 331166756Sluigi{ 332166756Sluigi int limit = FIRMWARE_MAX; 333166756Sluigi int i; /* current cycle */ 334166756Sluigi 335166756Sluigi mtx_lock(&firmware_mtx); 336166756Sluigi /* 337166756Sluigi * Scan the table. limit is set to make sure we make another 338166756Sluigi * full sweep after matching an entry that requires unloading. 339166756Sluigi */ 340166756Sluigi for (i = 0; i < limit; i++) { 341166756Sluigi struct priv_fw *fp; 342166756Sluigi int err; 343166756Sluigi 344166756Sluigi fp = &firmware_table[i % FIRMWARE_MAX]; 345166756Sluigi if (fp->fw.name == NULL || fp->file == NULL || 346166756Sluigi fp->refcnt != 0 || (fp->flags & FW_UNLOAD) == 0) 347166756Sluigi continue; 348166756Sluigi 349166756Sluigi /* 350166756Sluigi * Found an entry. Now: 351166756Sluigi * 1. bump up limit to make sure we make another full round; 352166756Sluigi * 2. clear FW_UNLOAD so we don't try this entry again. 353166756Sluigi * 3. release the lock while trying to unload the module. 354166756Sluigi * 'file' remains set so that the entry cannot be reused 355166756Sluigi * in the meantime (it also means that fp->file will 356166756Sluigi * not change while we release the lock). 357166756Sluigi */ 358166756Sluigi limit = i + FIRMWARE_MAX; /* make another full round */ 359166756Sluigi fp->flags &= ~FW_UNLOAD; /* do not try again */ 360166756Sluigi 361166756Sluigi mtx_unlock(&firmware_mtx); 362166756Sluigi err = linker_release_module(NULL, NULL, fp->file); 363166756Sluigi mtx_lock(&firmware_mtx); 364166756Sluigi 365166756Sluigi /* 366166756Sluigi * We rely on the module to call firmware_unregister() 367166756Sluigi * on unload to actually release the entry. 368166756Sluigi * If err = 0 we can drop our reference as the system 369166756Sluigi * accepted it. Otherwise unloading failed (e.g. the 370166756Sluigi * module itself gave an error) so our reference is 371166756Sluigi * still valid. 372166756Sluigi */ 373166756Sluigi if (err == 0) 374166756Sluigi fp->file = NULL; 375166756Sluigi } 376166756Sluigi mtx_unlock(&firmware_mtx); 377166756Sluigi} 378166756Sluigi 379166756Sluigi/* 380154974Smlaier * Module glue. 381154974Smlaier */ 382154974Smlaierstatic int 383154974Smlaierfirmware_modevent(module_t mod, int type, void *unused) 384154974Smlaier{ 385166756Sluigi struct priv_fw *fp; 386166756Sluigi int i, err = EINVAL; 387159486Siedowse 388154974Smlaier switch (type) { 389154974Smlaier case MOD_LOAD: 390154974Smlaier TASK_INIT(&firmware_task, 0, unloadentry, NULL); 391154974Smlaier return 0; 392166756Sluigi 393154974Smlaier case MOD_UNLOAD: 394166756Sluigi /* request all autoloaded modules to be released */ 395166756Sluigi mtx_lock(&firmware_mtx); 396159486Siedowse for (i = 0; i < FIRMWARE_MAX; i++) { 397159589Sjhb fp = &firmware_table[i]; 398166756Sluigi fp->flags |= FW_UNLOAD;; 399159486Siedowse } 400166756Sluigi mtx_unlock(&firmware_mtx); 401159486Siedowse taskqueue_enqueue(taskqueue_thread, &firmware_task); 402154974Smlaier taskqueue_drain(taskqueue_thread, &firmware_task); 403166756Sluigi for (i = 0; i < FIRMWARE_MAX; i++) { 404166756Sluigi fp = &firmware_table[i]; 405166756Sluigi if (fp->fw.name != NULL) { 406166756Sluigi printf("%s: image %p ref %d still active slot %d\n", 407166756Sluigi __func__, fp->fw.name, 408166756Sluigi fp->refcnt, i); 409166756Sluigi err = EINVAL; 410166756Sluigi } 411166756Sluigi } 412166756Sluigi return err; 413154974Smlaier } 414154974Smlaier return EINVAL; 415154974Smlaier} 416154974Smlaier 417154974Smlaierstatic moduledata_t firmware_mod = { 418154974Smlaier "firmware", 419154974Smlaier firmware_modevent, 420154974Smlaier 0 421154974Smlaier}; 422154974SmlaierDECLARE_MODULE(firmware, firmware_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST); 423154974SmlaierMODULE_VERSION(firmware, 1); 424