1/*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2002-2020 M. Warner Losh <imp@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28#include <sys/cdefs.h>
29#include "opt_bus.h"
30#include "opt_ddb.h"
31
32#include <sys/param.h>
33#include <sys/conf.h>
34#include <sys/eventhandler.h>
35#include <sys/filio.h>
36#include <sys/lock.h>
37#include <sys/kernel.h>
38#include <sys/malloc.h>
39#include <sys/mutex.h>
40#include <sys/poll.h>
41#include <sys/priv.h>
42#include <sys/proc.h>
43#include <sys/condvar.h>
44#include <sys/queue.h>
45#include <machine/bus.h>
46#include <sys/sbuf.h>
47#include <sys/selinfo.h>
48#include <sys/smp.h>
49#include <sys/sysctl.h>
50#include <sys/systm.h>
51#include <sys/uio.h>
52#include <sys/bus.h>
53
54#include <machine/cpu.h>
55#include <machine/stdarg.h>
56
57#include <vm/uma.h>
58#include <vm/vm.h>
59
60#include <ddb/ddb.h>
61
62STAILQ_HEAD(devq, dev_event_info);
63
64static struct dev_softc {
65	int		inuse;
66	int		nonblock;
67	int		queued;
68	int		async;
69	struct mtx	mtx;
70	struct cv	cv;
71	struct selinfo	sel;
72	struct devq	devq;
73	struct sigio	*sigio;
74	uma_zone_t	zone;
75} devsoftc;
76
77/*
78 * This design allows only one reader for /dev/devctl.  This is not desirable
79 * in the long run, but will get a lot of hair out of this implementation.
80 * Maybe we should make this device a clonable device.
81 *
82 * Also note: we specifically do not attach a device to the device_t tree
83 * to avoid potential chicken and egg problems.  One could argue that all
84 * of this belongs to the root node.
85 */
86
87#define DEVCTL_DEFAULT_QUEUE_LEN 1000
88static int sysctl_devctl_queue(SYSCTL_HANDLER_ARGS);
89static int devctl_queue_length = DEVCTL_DEFAULT_QUEUE_LEN;
90SYSCTL_PROC(_hw_bus, OID_AUTO, devctl_queue, CTLTYPE_INT | CTLFLAG_RWTUN |
91    CTLFLAG_MPSAFE, NULL, 0, sysctl_devctl_queue, "I", "devctl queue length");
92static bool nomatch_enabled = true;
93SYSCTL_BOOL(_hw_bus, OID_AUTO, devctl_nomatch_enabled, CTLFLAG_RWTUN,
94    &nomatch_enabled, 0, "enable nomatch events");
95
96static void devctl_attach_handler(void *arg __unused, device_t dev);
97static void devctl_detach_handler(void *arg __unused, device_t dev,
98    enum evhdev_detach state);
99static void devctl_nomatch_handler(void *arg __unused, device_t dev);
100
101static d_open_t		devopen;
102static d_close_t	devclose;
103static d_read_t		devread;
104static d_ioctl_t	devioctl;
105static d_poll_t		devpoll;
106static d_kqfilter_t	devkqfilter;
107
108#define DEVCTL_BUFFER (1024 - sizeof(void *))
109struct dev_event_info {
110	STAILQ_ENTRY(dev_event_info) dei_link;
111	char dei_data[DEVCTL_BUFFER];
112};
113
114
115static struct cdevsw dev_cdevsw = {
116	.d_version =	D_VERSION,
117	.d_open =	devopen,
118	.d_close =	devclose,
119	.d_read =	devread,
120	.d_ioctl =	devioctl,
121	.d_poll =	devpoll,
122	.d_kqfilter =	devkqfilter,
123	.d_name =	"devctl",
124};
125
126static void	filt_devctl_detach(struct knote *kn);
127static int	filt_devctl_read(struct knote *kn, long hint);
128
129static struct filterops devctl_rfiltops = {
130	.f_isfd = 1,
131	.f_detach = filt_devctl_detach,
132	.f_event = filt_devctl_read,
133};
134
135static struct cdev *devctl_dev;
136static void devaddq(const char *type, const char *what, device_t dev);
137
138static struct devctlbridge {
139	send_event_f *send_f;
140} devctl_notify_hook = { .send_f = NULL };
141
142static void
143devctl_init(void)
144{
145	int reserve;
146	uma_zone_t z;
147
148	devctl_dev = make_dev_credf(MAKEDEV_ETERNAL, &dev_cdevsw, 0, NULL,
149	    UID_ROOT, GID_WHEEL, 0600, "devctl");
150	mtx_init(&devsoftc.mtx, "dev mtx", "devd", MTX_DEF);
151	cv_init(&devsoftc.cv, "dev cv");
152	STAILQ_INIT(&devsoftc.devq);
153	knlist_init_mtx(&devsoftc.sel.si_note, &devsoftc.mtx);
154	if (devctl_queue_length > 0) {
155		/*
156		 * Allocate a zone for the messages. Preallocate 2% of these for
157		 * a reserve. Allow only devctl_queue_length slabs to cap memory
158		 * usage.  The reserve usually allows coverage of surges of
159		 * events during memory shortages. Normally we won't have to
160		 * re-use events from the queue, but will in extreme shortages.
161		 */
162		z = devsoftc.zone = uma_zcreate("DEVCTL",
163		    sizeof(struct dev_event_info), NULL, NULL, NULL, NULL,
164		    UMA_ALIGN_PTR, 0);
165		reserve = max(devctl_queue_length / 50, 100);	/* 2% reserve */
166		uma_zone_set_max(z, devctl_queue_length);
167		uma_zone_set_maxcache(z, 0);
168		uma_zone_reserve(z, reserve);
169		uma_prealloc(z, reserve);
170	}
171	EVENTHANDLER_REGISTER(device_attach, devctl_attach_handler,
172	    NULL, EVENTHANDLER_PRI_LAST);
173	EVENTHANDLER_REGISTER(device_detach, devctl_detach_handler,
174	    NULL, EVENTHANDLER_PRI_LAST);
175	EVENTHANDLER_REGISTER(device_nomatch, devctl_nomatch_handler,
176	    NULL, EVENTHANDLER_PRI_LAST);
177}
178SYSINIT(devctl_init, SI_SUB_DRIVERS, SI_ORDER_SECOND, devctl_init, NULL);
179
180/*
181 * A device was added to the tree.  We are called just after it successfully
182 * attaches (that is, probe and attach success for this device).  No call
183 * is made if a device is merely parented into the tree.  See devnomatch
184 * if probe fails.  If attach fails, no notification is sent (but maybe
185 * we should have a different message for this).
186 */
187static void
188devctl_attach_handler(void *arg __unused, device_t dev)
189{
190	devaddq("+", device_get_nameunit(dev), dev);
191}
192
193/*
194 * A device was removed from the tree.  We are called just before this
195 * happens.
196 */
197static void
198devctl_detach_handler(void *arg __unused, device_t dev, enum evhdev_detach state)
199{
200	if (state == EVHDEV_DETACH_COMPLETE)
201		devaddq("-", device_get_nameunit(dev), dev);
202}
203
204/*
205 * Called when there's no match for this device.  This is only called
206 * the first time that no match happens, so we don't keep getting this
207 * message.  Should that prove to be undesirable, we can change it.
208 * This is called when all drivers that can attach to a given bus
209 * decline to accept this device.  Other errors may not be detected.
210 */
211static void
212devctl_nomatch_handler(void *arg __unused, device_t dev)
213{
214	if (nomatch_enabled)
215		devaddq("?", "", dev);
216}
217
218static int
219devopen(struct cdev *dev, int oflags, int devtype, struct thread *td)
220{
221	mtx_lock(&devsoftc.mtx);
222	if (devsoftc.inuse) {
223		mtx_unlock(&devsoftc.mtx);
224		return (EBUSY);
225	}
226	/* move to init */
227	devsoftc.inuse = 1;
228	mtx_unlock(&devsoftc.mtx);
229	return (0);
230}
231
232static int
233devclose(struct cdev *dev, int fflag, int devtype, struct thread *td)
234{
235	mtx_lock(&devsoftc.mtx);
236	devsoftc.inuse = 0;
237	devsoftc.nonblock = 0;
238	devsoftc.async = 0;
239	cv_broadcast(&devsoftc.cv);
240	funsetown(&devsoftc.sigio);
241	mtx_unlock(&devsoftc.mtx);
242	return (0);
243}
244
245/*
246 * The read channel for this device is used to report changes to
247 * userland in realtime.  We are required to free the data as well as
248 * the n1 object because we allocate them separately.  Also note that
249 * we return one record at a time.  If you try to read this device a
250 * character at a time, you will lose the rest of the data.  Listening
251 * programs are expected to cope.
252 */
253static int
254devread(struct cdev *dev, struct uio *uio, int ioflag)
255{
256	struct dev_event_info *n1;
257	int rv;
258
259	mtx_lock(&devsoftc.mtx);
260	while (STAILQ_EMPTY(&devsoftc.devq)) {
261		if (devsoftc.nonblock) {
262			mtx_unlock(&devsoftc.mtx);
263			return (EAGAIN);
264		}
265		rv = cv_wait_sig(&devsoftc.cv, &devsoftc.mtx);
266		if (rv) {
267			/*
268			 * Need to translate ERESTART to EINTR here? -- jake
269			 */
270			mtx_unlock(&devsoftc.mtx);
271			return (rv);
272		}
273	}
274	n1 = STAILQ_FIRST(&devsoftc.devq);
275	STAILQ_REMOVE_HEAD(&devsoftc.devq, dei_link);
276	devsoftc.queued--;
277	mtx_unlock(&devsoftc.mtx);
278	rv = uiomove(n1->dei_data, strlen(n1->dei_data), uio);
279	uma_zfree(devsoftc.zone, n1);
280	return (rv);
281}
282
283static	int
284devioctl(struct cdev *dev, u_long cmd, caddr_t data, int fflag, struct thread *td)
285{
286	switch (cmd) {
287	case FIONBIO:
288		if (*(int*)data)
289			devsoftc.nonblock = 1;
290		else
291			devsoftc.nonblock = 0;
292		return (0);
293	case FIOASYNC:
294		if (*(int*)data)
295			devsoftc.async = 1;
296		else
297			devsoftc.async = 0;
298		return (0);
299	case FIOSETOWN:
300		return fsetown(*(int *)data, &devsoftc.sigio);
301	case FIOGETOWN:
302		*(int *)data = fgetown(&devsoftc.sigio);
303		return (0);
304
305		/* (un)Support for other fcntl() calls. */
306	case FIOCLEX:
307	case FIONCLEX:
308	case FIONREAD:
309	default:
310		break;
311	}
312	return (ENOTTY);
313}
314
315static	int
316devpoll(struct cdev *dev, int events, struct thread *td)
317{
318	int	revents = 0;
319
320	mtx_lock(&devsoftc.mtx);
321	if (events & (POLLIN | POLLRDNORM)) {
322		if (!STAILQ_EMPTY(&devsoftc.devq))
323			revents = events & (POLLIN | POLLRDNORM);
324		else
325			selrecord(td, &devsoftc.sel);
326	}
327	mtx_unlock(&devsoftc.mtx);
328
329	return (revents);
330}
331
332static int
333devkqfilter(struct cdev *dev, struct knote *kn)
334{
335	int error;
336
337	if (kn->kn_filter == EVFILT_READ) {
338		kn->kn_fop = &devctl_rfiltops;
339		knlist_add(&devsoftc.sel.si_note, kn, 0);
340		error = 0;
341	} else
342		error = EINVAL;
343	return (error);
344}
345
346static void
347filt_devctl_detach(struct knote *kn)
348{
349	knlist_remove(&devsoftc.sel.si_note, kn, 0);
350}
351
352static int
353filt_devctl_read(struct knote *kn, long hint)
354{
355	kn->kn_data = devsoftc.queued;
356	return (kn->kn_data != 0);
357}
358
359/**
360 * @brief Return whether the userland process is running
361 */
362bool
363devctl_process_running(void)
364{
365	return (devsoftc.inuse == 1);
366}
367
368static struct dev_event_info *
369devctl_alloc_dei(void)
370{
371	struct dev_event_info *dei = NULL;
372
373	mtx_lock(&devsoftc.mtx);
374	if (devctl_queue_length == 0)
375		goto out;
376	dei = uma_zalloc(devsoftc.zone, M_NOWAIT);
377	if (dei == NULL)
378		dei = uma_zalloc(devsoftc.zone, M_NOWAIT | M_USE_RESERVE);
379	if (dei == NULL) {
380		/*
381		 * Guard against no items in the queue. Normally, this won't
382		 * happen, but if lots of events happen all at once and there's
383		 * a chance we're out of allocated space but none have yet been
384		 * queued when we get here, leaving nothing to steal. This can
385		 * also happen with error injection. Fail safe by returning
386		 * NULL in that case..
387		 */
388		if (devsoftc.queued == 0)
389			goto out;
390		dei = STAILQ_FIRST(&devsoftc.devq);
391		STAILQ_REMOVE_HEAD(&devsoftc.devq, dei_link);
392		devsoftc.queued--;
393	}
394	MPASS(dei != NULL);
395	*dei->dei_data = '\0';
396out:
397	mtx_unlock(&devsoftc.mtx);
398	return (dei);
399}
400
401static struct dev_event_info *
402devctl_alloc_dei_sb(struct sbuf *sb)
403{
404	struct dev_event_info *dei;
405
406	dei = devctl_alloc_dei();
407	if (dei != NULL)
408		sbuf_new(sb, dei->dei_data, sizeof(dei->dei_data), SBUF_FIXEDLEN);
409	return (dei);
410}
411
412static void
413devctl_free_dei(struct dev_event_info *dei)
414{
415	uma_zfree(devsoftc.zone, dei);
416}
417
418static void
419devctl_queue(struct dev_event_info *dei)
420{
421	mtx_lock(&devsoftc.mtx);
422	STAILQ_INSERT_TAIL(&devsoftc.devq, dei, dei_link);
423	devsoftc.queued++;
424	cv_broadcast(&devsoftc.cv);
425	KNOTE_LOCKED(&devsoftc.sel.si_note, 0);
426	mtx_unlock(&devsoftc.mtx);
427	selwakeup(&devsoftc.sel);
428	if (devsoftc.async && devsoftc.sigio != NULL)
429		pgsigio(&devsoftc.sigio, SIGIO, 0);
430}
431
432/**
433 * @brief Send a 'notification' to userland, using standard ways
434 */
435void
436devctl_notify(const char *system, const char *subsystem, const char *type,
437    const char *data)
438{
439	struct dev_event_info *dei;
440	struct sbuf sb;
441
442	if (system == NULL || subsystem == NULL || type == NULL)
443		return;
444	if (devctl_notify_hook.send_f != NULL)
445		devctl_notify_hook.send_f(system, subsystem, type, data);
446	dei = devctl_alloc_dei_sb(&sb);
447	if (dei == NULL)
448		return;
449	sbuf_cpy(&sb, "!system=");
450	sbuf_cat(&sb, system);
451	sbuf_cat(&sb, " subsystem=");
452	sbuf_cat(&sb, subsystem);
453	sbuf_cat(&sb, " type=");
454	sbuf_cat(&sb, type);
455	if (data != NULL) {
456		sbuf_putc(&sb, ' ');
457		sbuf_cat(&sb, data);
458	}
459	sbuf_putc(&sb, '\n');
460	if (sbuf_finish(&sb) != 0)
461		devctl_free_dei(dei);	/* overflow -> drop it */
462	else
463		devctl_queue(dei);
464}
465
466/*
467 * Common routine that tries to make sending messages as easy as possible.
468 * We allocate memory for the data, copy strings into that, but do not
469 * free it unless there's an error.  The dequeue part of the driver should
470 * free the data.  We don't send data when the device is disabled.  We do
471 * send data, even when we have no listeners, because we wish to avoid
472 * races relating to startup and restart of listening applications.
473 *
474 * devaddq is designed to string together the type of event, with the
475 * object of that event, plus the plug and play info and location info
476 * for that event.  This is likely most useful for devices, but less
477 * useful for other consumers of this interface.  Those should use
478 * the devctl_notify() interface instead.
479 *
480 * Output:
481 *	${type}${what} at $(location dev) $(pnp-info dev) on $(parent dev)
482 */
483static void
484devaddq(const char *type, const char *what, device_t dev)
485{
486	struct dev_event_info *dei;
487	const char *parstr;
488	struct sbuf sb;
489	size_t beginlen;
490
491	dei = devctl_alloc_dei_sb(&sb);
492	if (dei == NULL)
493		return;
494	sbuf_cpy(&sb, type);
495	sbuf_cat(&sb, what);
496	sbuf_cat(&sb, " at ");
497	beginlen = sbuf_len(&sb);
498
499	/* Add in the location */
500	bus_child_location(dev, &sb);
501	sbuf_putc(&sb, ' ');
502
503	/* Add in pnpinfo */
504	bus_child_pnpinfo(dev, &sb);
505
506	/* Get the parent of this device, or / if high enough in the tree. */
507	if (device_get_parent(dev) == NULL)
508		parstr = ".";	/* Or '/' ? */
509	else
510		parstr = device_get_nameunit(device_get_parent(dev));
511	sbuf_cat(&sb, " on ");
512	sbuf_cat(&sb, parstr);
513	sbuf_putc(&sb, '\n');
514	if (sbuf_finish(&sb) != 0)
515		goto bad;
516	if (devctl_notify_hook.send_f != NULL) {
517		const char *t;
518
519		switch (*type) {
520		case '+':
521			t = "ATTACH";
522			break;
523		case '-':
524			t = "DETACH";
525			break;
526		default:
527			t = "NOMATCH";
528			break;
529		}
530		devctl_notify_hook.send_f("device",
531		    what, t, sbuf_data(&sb) + beginlen);
532	}
533	devctl_queue(dei);
534	return;
535bad:
536	devctl_free_dei(dei);
537}
538
539static int
540sysctl_devctl_queue(SYSCTL_HANDLER_ARGS)
541{
542	int q, error;
543
544	q = devctl_queue_length;
545	error = sysctl_handle_int(oidp, &q, 0, req);
546	if (error || !req->newptr)
547		return (error);
548	if (q < 0)
549		return (EINVAL);
550
551	/*
552	 * When set as a tunable, we've not yet initialized the mutex.
553	 * It is safe to just assign to devctl_queue_length and return
554	 * as we're racing no one. We'll use whatever value set in
555	 * devinit.
556	 */
557	if (!mtx_initialized(&devsoftc.mtx)) {
558		devctl_queue_length = q;
559		return (0);
560	}
561
562	/*
563	 * XXX It's hard to grow or shrink the UMA zone. Only allow
564	 * disabling the queue size for the moment until underlying
565	 * UMA issues can be sorted out.
566	 */
567	if (q != 0)
568		return (EINVAL);
569	if (q == devctl_queue_length)
570		return (0);
571	mtx_lock(&devsoftc.mtx);
572	devctl_queue_length = 0;
573	uma_zdestroy(devsoftc.zone);
574	devsoftc.zone = 0;
575	mtx_unlock(&devsoftc.mtx);
576	return (0);
577}
578
579/**
580 * @brief safely quotes strings that might have double quotes in them.
581 *
582 * The devctl protocol relies on quoted strings having matching quotes.
583 * This routine quotes any internal quotes so the resulting string
584 * is safe to pass to snprintf to construct, for example pnp info strings.
585 *
586 * @param sb	sbuf to place the characters into
587 * @param src	Original buffer.
588 */
589void
590devctl_safe_quote_sb(struct sbuf *sb, const char *src)
591{
592	while (*src != '\0') {
593		if (*src == '"' || *src == '\\')
594			sbuf_putc(sb, '\\');
595		sbuf_putc(sb, *src++);
596	}
597}
598
599void
600devctl_set_notify_hook(send_event_f *hook)
601{
602	devctl_notify_hook.send_f = hook;
603}
604
605void
606devctl_unset_notify_hook(void)
607{
608	devctl_notify_hook.send_f = NULL;
609}
610
611