Commit 65710cb6 authored by Ming Lei's avatar Ming Lei Committed by Greg Kroah-Hartman

firmware loader: simplify pages ownership transfer

This patch doesn't transfer ownership of pages' buffer to the
instance of firmware until the firmware loading is completed,
which will simplify firmware_loading_store a lot, so help
to introduce the following cache_firmware and uncache_firmware
mechanism during system suspend-resume cycle.

In fact, this patch fixes one bug: if writing data into
firmware loader device is bypassed between writting 1 and 0 to
'loading', OOPS will be triggered without the patch.

Also handle the vmap failure case, and add some comments to make
code more readable.
Signed-off-by: default avatarMing Lei <ming.lei@canonical.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 3cd52ab6
...@@ -93,6 +93,8 @@ struct firmware_priv { ...@@ -93,6 +93,8 @@ struct firmware_priv {
struct completion completion; struct completion completion;
struct firmware *fw; struct firmware *fw;
unsigned long status; unsigned long status;
void *data;
size_t size;
struct page **pages; struct page **pages;
int nr_pages; int nr_pages;
int page_array_size; int page_array_size;
...@@ -156,9 +158,11 @@ static void fw_dev_release(struct device *dev) ...@@ -156,9 +158,11 @@ static void fw_dev_release(struct device *dev)
struct firmware_priv *fw_priv = to_firmware_priv(dev); struct firmware_priv *fw_priv = to_firmware_priv(dev);
int i; int i;
/* free untransfered pages buffer */
for (i = 0; i < fw_priv->nr_pages; i++) for (i = 0; i < fw_priv->nr_pages; i++)
__free_page(fw_priv->pages[i]); __free_page(fw_priv->pages[i]);
kfree(fw_priv->pages); kfree(fw_priv->pages);
kfree(fw_priv); kfree(fw_priv);
module_put(THIS_MODULE); module_put(THIS_MODULE);
...@@ -194,6 +198,7 @@ static ssize_t firmware_loading_show(struct device *dev, ...@@ -194,6 +198,7 @@ static ssize_t firmware_loading_show(struct device *dev,
return sprintf(buf, "%d\n", loading); return sprintf(buf, "%d\n", loading);
} }
/* firmware holds the ownership of pages */
static void firmware_free_data(const struct firmware *fw) static void firmware_free_data(const struct firmware *fw)
{ {
int i; int i;
...@@ -237,9 +242,7 @@ static ssize_t firmware_loading_store(struct device *dev, ...@@ -237,9 +242,7 @@ static ssize_t firmware_loading_store(struct device *dev,
switch (loading) { switch (loading) {
case 1: case 1:
firmware_free_data(fw_priv->fw); /* discarding any previous partial load */
memset(fw_priv->fw, 0, sizeof(struct firmware));
/* If the pages are not owned by 'struct firmware' */
for (i = 0; i < fw_priv->nr_pages; i++) for (i = 0; i < fw_priv->nr_pages; i++)
__free_page(fw_priv->pages[i]); __free_page(fw_priv->pages[i]);
kfree(fw_priv->pages); kfree(fw_priv->pages);
...@@ -250,20 +253,6 @@ static ssize_t firmware_loading_store(struct device *dev, ...@@ -250,20 +253,6 @@ static ssize_t firmware_loading_store(struct device *dev,
break; break;
case 0: case 0:
if (test_bit(FW_STATUS_LOADING, &fw_priv->status)) { if (test_bit(FW_STATUS_LOADING, &fw_priv->status)) {
vunmap(fw_priv->fw->data);
fw_priv->fw->data = vmap(fw_priv->pages,
fw_priv->nr_pages,
0, PAGE_KERNEL_RO);
if (!fw_priv->fw->data) {
dev_err(dev, "%s: vmap() failed\n", __func__);
goto err;
}
/* Pages are now owned by 'struct firmware' */
fw_priv->fw->pages = fw_priv->pages;
fw_priv->pages = NULL;
fw_priv->page_array_size = 0;
fw_priv->nr_pages = 0;
complete(&fw_priv->completion); complete(&fw_priv->completion);
clear_bit(FW_STATUS_LOADING, &fw_priv->status); clear_bit(FW_STATUS_LOADING, &fw_priv->status);
break; break;
...@@ -273,7 +262,6 @@ static ssize_t firmware_loading_store(struct device *dev, ...@@ -273,7 +262,6 @@ static ssize_t firmware_loading_store(struct device *dev,
dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading); dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
/* fallthrough */ /* fallthrough */
case -1: case -1:
err:
fw_load_abort(fw_priv); fw_load_abort(fw_priv);
break; break;
} }
...@@ -299,12 +287,12 @@ static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj, ...@@ -299,12 +287,12 @@ static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
ret_count = -ENODEV; ret_count = -ENODEV;
goto out; goto out;
} }
if (offset > fw->size) { if (offset > fw_priv->size) {
ret_count = 0; ret_count = 0;
goto out; goto out;
} }
if (count > fw->size - offset) if (count > fw_priv->size - offset)
count = fw->size - offset; count = fw_priv->size - offset;
ret_count = count; ret_count = count;
...@@ -396,6 +384,7 @@ static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj, ...@@ -396,6 +384,7 @@ static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
retval = -ENODEV; retval = -ENODEV;
goto out; goto out;
} }
retval = fw_realloc_buffer(fw_priv, offset + count); retval = fw_realloc_buffer(fw_priv, offset + count);
if (retval) if (retval)
goto out; goto out;
...@@ -418,7 +407,7 @@ static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj, ...@@ -418,7 +407,7 @@ static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
count -= page_cnt; count -= page_cnt;
} }
fw->size = max_t(size_t, offset, fw->size); fw_priv->size = max_t(size_t, offset, fw_priv->size);
out: out:
mutex_unlock(&fw_lock); mutex_unlock(&fw_lock);
return retval; return retval;
...@@ -504,6 +493,29 @@ static void _request_firmware_cleanup(const struct firmware **firmware_p) ...@@ -504,6 +493,29 @@ static void _request_firmware_cleanup(const struct firmware **firmware_p)
*firmware_p = NULL; *firmware_p = NULL;
} }
/* transfer the ownership of pages to firmware */
static int fw_set_page_data(struct firmware_priv *fw_priv)
{
struct firmware *fw = fw_priv->fw;
fw_priv->data = vmap(fw_priv->pages, fw_priv->nr_pages,
0, PAGE_KERNEL_RO);
if (!fw_priv->data)
return -ENOMEM;
fw->data = fw_priv->data;
fw->pages = fw_priv->pages;
fw->size = fw_priv->size;
WARN_ON(PFN_UP(fw->size) != fw_priv->nr_pages);
fw_priv->nr_pages = 0;
fw_priv->pages = NULL;
fw_priv->data = NULL;
return 0;
}
static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent, static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent,
long timeout) long timeout)
{ {
...@@ -549,8 +561,12 @@ static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent, ...@@ -549,8 +561,12 @@ static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent,
del_timer_sync(&fw_priv->timeout); del_timer_sync(&fw_priv->timeout);
mutex_lock(&fw_lock); mutex_lock(&fw_lock);
if (!fw_priv->fw->size || test_bit(FW_STATUS_ABORT, &fw_priv->status)) if (!fw_priv->size || test_bit(FW_STATUS_ABORT, &fw_priv->status))
retval = -ENOENT; retval = -ENOENT;
/* transfer pages ownership at the last minute */
if (!retval)
retval = fw_set_page_data(fw_priv);
fw_priv->fw = NULL; fw_priv->fw = NULL;
mutex_unlock(&fw_lock); mutex_unlock(&fw_lock);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment