search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
agp: fix arbitrary kernel memory writes
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / drivers / char / i8k.c
blobd72433f2d310deb6cf909cb1feb30e92919887cd
1 /*
2 * i8k.c -- Linux driver for accessing the SMM BIOS on Dell laptops.
3 * See http://www.debian.org/~dz/i8k/ for more information
4 * and for latest version of this driver.
5 *
6 * Copyright (C) 2001 Massimo Dal Zotto <dz@debian.org>
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2, or (at your option) any
11 * later version.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 */
18
19 #include <linux/module.h>
20 #include <linux/types.h>
21 #include <linux/init.h>
22 #include <linux/proc_fs.h>
23 #include <linux/seq_file.h>
24 #include <linux/dmi.h>
25 #include <linux/capability.h>
26 #include <linux/mutex.h>
27 #include <asm/uaccess.h>
28 #include <asm/io.h>
29
30 #include <linux/i8k.h>
31
32 #define I8K_VERSION "1.14 21/02/2005"
33
34 #define I8K_SMM_FN_STATUS 0x0025
35 #define I8K_SMM_POWER_STATUS 0x0069
36 #define I8K_SMM_SET_FAN 0x01a3
37 #define I8K_SMM_GET_FAN 0x00a3
38 #define I8K_SMM_GET_SPEED 0x02a3
39 #define I8K_SMM_GET_TEMP 0x10a3
40 #define I8K_SMM_GET_DELL_SIG1 0xfea3
41 #define I8K_SMM_GET_DELL_SIG2 0xffa3
42 #define I8K_SMM_BIOS_VERSION 0x00a6
43
44 #define I8K_FAN_MULT 30
45 #define I8K_MAX_TEMP 127
46
47 #define I8K_FN_NONE 0x00
48 #define I8K_FN_UP 0x01
49 #define I8K_FN_DOWN 0x02
50 #define I8K_FN_MUTE 0x04
51 #define I8K_FN_MASK 0x07
52 #define I8K_FN_SHIFT 8
53
54 #define I8K_POWER_AC 0x05
55 #define I8K_POWER_BATTERY 0x01
56
57 #define I8K_TEMPERATURE_BUG 1
58
59 static DEFINE_MUTEX(i8k_mutex);
60 static char bios_version[4];
61
62 MODULE_AUTHOR("Massimo Dal Zotto (dz@debian.org)");
63 MODULE_DESCRIPTION("Driver for accessing SMM BIOS on Dell laptops");
64 MODULE_LICENSE("GPL");
65
66 static int force;
67 module_param(force, bool, 0);
68 MODULE_PARM_DESC(force, "Force loading without checking for supported models");
69
70 static int ignore_dmi;
71 module_param(ignore_dmi, bool, 0);
72 MODULE_PARM_DESC(ignore_dmi, "Continue probing hardware even if DMI data does not match");
73
74 static int restricted;
75 module_param(restricted, bool, 0);
76 MODULE_PARM_DESC(restricted, "Allow fan control if SYS_ADMIN capability set");
77
78 static int power_status;
79 module_param(power_status, bool, 0600);
80 MODULE_PARM_DESC(power_status, "Report power status in /proc/i8k");
81
82 static int fan_mult = I8K_FAN_MULT;
83 module_param(fan_mult, int, 0);
84 MODULE_PARM_DESC(fan_mult, "Factor to multiply fan speed with");
85
86 static int i8k_open_fs(struct inode *inode, struct file *file);
87 static long i8k_ioctl(struct file *, unsigned int, unsigned long);
88
89 static const struct file_operations i8k_fops = {
90 .owner = THIS_MODULE,
91 .open = i8k_open_fs,
92 .read = seq_read,
93 .llseek = seq_lseek,
94 .release = single_release,
95 .unlocked_ioctl = i8k_ioctl,
96 };
97
98 struct smm_regs {
99 unsigned int eax;
100 unsigned int ebx __attribute__ ((packed));
101 unsigned int ecx __attribute__ ((packed));
102 unsigned int edx __attribute__ ((packed));
103 unsigned int esi __attribute__ ((packed));
104 unsigned int edi __attribute__ ((packed));
105 };
106
107 static inline const char *i8k_get_dmi_data(int field)
108 {
109 const char *dmi_data = dmi_get_system_info(field);
110
111 return dmi_data && *dmi_data ? dmi_data : "?";
112 }
113
114 /*
115 * Call the System Management Mode BIOS. Code provided by Jonathan Buzzard.
116 */
117 static int i8k_smm(struct smm_regs *regs)
118 {
119 int rc;
120 int eax = regs->eax;
121
122 #if defined(CONFIG_X86_64)
123 asm volatile("pushq %%rax\n\t"
124 "movl 0(%%rax),%%edx\n\t"
125 "pushq %%rdx\n\t"
126 "movl 4(%%rax),%%ebx\n\t"
127 "movl 8(%%rax),%%ecx\n\t"
128 "movl 12(%%rax),%%edx\n\t"
129 "movl 16(%%rax),%%esi\n\t"
130 "movl 20(%%rax),%%edi\n\t"
131 "popq %%rax\n\t"
132 "out %%al,$0xb2\n\t"
133 "out %%al,$0x84\n\t"
134 "xchgq %%rax,(%%rsp)\n\t"
135 "movl %%ebx,4(%%rax)\n\t"
136 "movl %%ecx,8(%%rax)\n\t"
137 "movl %%edx,12(%%rax)\n\t"
138 "movl %%esi,16(%%rax)\n\t"
139 "movl %%edi,20(%%rax)\n\t"
140 "popq %%rdx\n\t"
141 "movl %%edx,0(%%rax)\n\t"
142 "lahf\n\t"
143 "shrl $8,%%eax\n\t"
144 "andl $1,%%eax\n"
145 :"=a"(rc)
146 : "a"(regs)
147 : "%ebx", "%ecx", "%edx", "%esi", "%edi", "memory");
148 #else
149 asm volatile("pushl %%eax\n\t"
150 "movl 0(%%eax),%%edx\n\t"
151 "push %%edx\n\t"
152 "movl 4(%%eax),%%ebx\n\t"
153 "movl 8(%%eax),%%ecx\n\t"
154 "movl 12(%%eax),%%edx\n\t"
155 "movl 16(%%eax),%%esi\n\t"
156 "movl 20(%%eax),%%edi\n\t"
157 "popl %%eax\n\t"
158 "out %%al,$0xb2\n\t"
159 "out %%al,$0x84\n\t"
160 "xchgl %%eax,(%%esp)\n\t"
161 "movl %%ebx,4(%%eax)\n\t"
162 "movl %%ecx,8(%%eax)\n\t"
163 "movl %%edx,12(%%eax)\n\t"
164 "movl %%esi,16(%%eax)\n\t"
165 "movl %%edi,20(%%eax)\n\t"
166 "popl %%edx\n\t"
167 "movl %%edx,0(%%eax)\n\t"
168 "lahf\n\t"
169 "shrl $8,%%eax\n\t"
170 "andl $1,%%eax\n"
171 :"=a"(rc)
172 : "a"(regs)
173 : "%ebx", "%ecx", "%edx", "%esi", "%edi", "memory");
174 #endif
175 if (rc != 0 || (regs->eax & 0xffff) == 0xffff || regs->eax == eax)
176 return -EINVAL;
177
178 return 0;
179 }
180
181 /*
182 * Read the bios version. Return the version as an integer corresponding
183 * to the ascii value, for example "A17" is returned as 0x00413137.
184 */
185 static int i8k_get_bios_version(void)
186 {
187 struct smm_regs regs = { .eax = I8K_SMM_BIOS_VERSION, };
188
189 return i8k_smm(&regs) ? : regs.eax;
190 }
191
192 /*
193 * Read the Fn key status.
194 */
195 static int i8k_get_fn_status(void)
196 {
197 struct smm_regs regs = { .eax = I8K_SMM_FN_STATUS, };
198 int rc;
199
200 if ((rc = i8k_smm(&regs)) < 0)
201 return rc;
202
203 switch ((regs.eax >> I8K_FN_SHIFT) & I8K_FN_MASK) {
204 case I8K_FN_UP:
205 return I8K_VOL_UP;
206 case I8K_FN_DOWN:
207 return I8K_VOL_DOWN;
208 case I8K_FN_MUTE:
209 return I8K_VOL_MUTE;
210 default:
211 return 0;
212 }
213 }
214
215 /*
216 * Read the power status.
217 */
218 static int i8k_get_power_status(void)
219 {
220 struct smm_regs regs = { .eax = I8K_SMM_POWER_STATUS, };
221 int rc;
222
223 if ((rc = i8k_smm(&regs)) < 0)
224 return rc;
225
226 return (regs.eax & 0xff) == I8K_POWER_AC ? I8K_AC : I8K_BATTERY;
227 }
228
229 /*
230 * Read the fan status.
231 */
232 static int i8k_get_fan_status(int fan)
233 {
234 struct smm_regs regs = { .eax = I8K_SMM_GET_FAN, };
235
236 regs.ebx = fan & 0xff;
237 return i8k_smm(&regs) ? : regs.eax & 0xff;
238 }
239
240 /*
241 * Read the fan speed in RPM.
242 */
243 static int i8k_get_fan_speed(int fan)
244 {
245 struct smm_regs regs = { .eax = I8K_SMM_GET_SPEED, };
246
247 regs.ebx = fan & 0xff;
248 return i8k_smm(&regs) ? : (regs.eax & 0xffff) * fan_mult;
249 }
250
251 /*
252 * Set the fan speed (off, low, high). Returns the new fan status.
253 */
254 static int i8k_set_fan(int fan, int speed)
255 {
256 struct smm_regs regs = { .eax = I8K_SMM_SET_FAN, };
257
258 speed = (speed < 0) ? 0 : ((speed > I8K_FAN_MAX) ? I8K_FAN_MAX : speed);
259 regs.ebx = (fan & 0xff) | (speed << 8);
260
261 return i8k_smm(&regs) ? : i8k_get_fan_status(fan);
262 }
263
264 /*
265 * Read the cpu temperature.
266 */
267 static int i8k_get_temp(int sensor)
268 {
269 struct smm_regs regs = { .eax = I8K_SMM_GET_TEMP, };
270 int rc;
271 int temp;
272
273 #ifdef I8K_TEMPERATURE_BUG
274 static int prev;
275 #endif
276 regs.ebx = sensor & 0xff;
277 if ((rc = i8k_smm(&regs)) < 0)
278 return rc;
279
280 temp = regs.eax & 0xff;
281
282 #ifdef I8K_TEMPERATURE_BUG
283 /*
284 * Sometimes the temperature sensor returns 0x99, which is out of range.
285 * In this case we return (once) the previous cached value. For example:
286 # 1003655137 00000058 00005a4b
287 # 1003655138 00000099 00003a80 <--- 0x99 = 153 degrees
288 # 1003655139 00000054 00005c52
289 */
290 if (temp > I8K_MAX_TEMP) {
291 temp = prev;
292 prev = I8K_MAX_TEMP;
293 } else {
294 prev = temp;
295 }
296 #endif
297
298 return temp;
299 }
300
301 static int i8k_get_dell_signature(int req_fn)
302 {
303 struct smm_regs regs = { .eax = req_fn, };
304 int rc;
305
306 if ((rc = i8k_smm(&regs)) < 0)
307 return rc;
308
309 return regs.eax == 1145651527 && regs.edx == 1145392204 ? 0 : -1;
310 }
311
312 static int
313 i8k_ioctl_unlocked(struct file *fp, unsigned int cmd, unsigned long arg)
314 {
315 int val = 0;
316 int speed;
317 unsigned char buff[16];
318 int __user *argp = (int __user *)arg;
319
320 if (!argp)
321 return -EINVAL;
322
323 switch (cmd) {
324 case I8K_BIOS_VERSION:
325 val = i8k_get_bios_version();
326 break;
327
328 case I8K_MACHINE_ID:
329 memset(buff, 0, 16);
330 strlcpy(buff, i8k_get_dmi_data(DMI_PRODUCT_SERIAL), sizeof(buff));
331 break;
332
333 case I8K_FN_STATUS:
334 val = i8k_get_fn_status();
335 break;
336
337 case I8K_POWER_STATUS:
338 val = i8k_get_power_status();
339 break;
340
341 case I8K_GET_TEMP:
342 val = i8k_get_temp(0);
343 break;
344
345 case I8K_GET_SPEED:
346 if (copy_from_user(&val, argp, sizeof(int)))
347 return -EFAULT;
348
349 val = i8k_get_fan_speed(val);
350 break;
351
352 case I8K_GET_FAN:
353 if (copy_from_user(&val, argp, sizeof(int)))
354 return -EFAULT;
355
356 val = i8k_get_fan_status(val);
357 break;
358
359 case I8K_SET_FAN:
360 if (restricted && !capable(CAP_SYS_ADMIN))
361 return -EPERM;
362
363 if (copy_from_user(&val, argp, sizeof(int)))
364 return -EFAULT;
365
366 if (copy_from_user(&speed, argp + 1, sizeof(int)))
367 return -EFAULT;
368
369 val = i8k_set_fan(val, speed);
370 break;
371
372 default:
373 return -EINVAL;
374 }
375
376 if (val < 0)
377 return val;
378
379 switch (cmd) {
380 case I8K_BIOS_VERSION:
381 if (copy_to_user(argp, &val, 4))
382 return -EFAULT;
383
384 break;
385 case I8K_MACHINE_ID:
386 if (copy_to_user(argp, buff, 16))
387 return -EFAULT;
388
389 break;
390 default:
391 if (copy_to_user(argp, &val, sizeof(int)))
392 return -EFAULT;
393
394 break;
395 }
396
397 return 0;
398 }
399
400 static long i8k_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
401 {
402 long ret;
403
404 mutex_lock(&i8k_mutex);
405 ret = i8k_ioctl_unlocked(fp, cmd, arg);
406 mutex_unlock(&i8k_mutex);
407
408 return ret;
409 }
410
411 /*
412 * Print the information for /proc/i8k.
413 */
414 static int i8k_proc_show(struct seq_file *seq, void *offset)
415 {
416 int fn_key, cpu_temp, ac_power;
417 int left_fan, right_fan, left_speed, right_speed;
418
419 cpu_temp = i8k_get_temp(0); /* 11100 µs */
420 left_fan = i8k_get_fan_status(I8K_FAN_LEFT); /* 580 µs */
421 right_fan = i8k_get_fan_status(I8K_FAN_RIGHT); /* 580 µs */
422 left_speed = i8k_get_fan_speed(I8K_FAN_LEFT); /* 580 µs */
423 right_speed = i8k_get_fan_speed(I8K_FAN_RIGHT); /* 580 µs */
424 fn_key = i8k_get_fn_status(); /* 750 µs */
425 if (power_status)
426 ac_power = i8k_get_power_status(); /* 14700 µs */
427 else
428 ac_power = -1;
429
430 /*
431 * Info:
432 *
433 * 1) Format version (this will change if format changes)
434 * 2) BIOS version
435 * 3) BIOS machine ID
436 * 4) Cpu temperature
437 * 5) Left fan status
438 * 6) Right fan status
439 * 7) Left fan speed
440 * 8) Right fan speed
441 * 9) AC power
442 * 10) Fn Key status
443 */
444 return seq_printf(seq, "%s %s %s %d %d %d %d %d %d %d\n",
445 I8K_PROC_FMT,
446 bios_version,
447 i8k_get_dmi_data(DMI_PRODUCT_SERIAL),
448 cpu_temp,
449 left_fan, right_fan, left_speed, right_speed,
450 ac_power, fn_key);
451 }
452
453 static int i8k_open_fs(struct inode *inode, struct file *file)
454 {
455 return single_open(file, i8k_proc_show, NULL);
456 }
457
458 static struct dmi_system_id __initdata i8k_dmi_table[] = {
459 {
460 .ident = "Dell Inspiron",
461 .matches = {
462 DMI_MATCH(DMI_SYS_VENDOR, "Dell Computer"),
463 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron"),
464 },
465 },
466 {
467 .ident = "Dell Latitude",
468 .matches = {
469 DMI_MATCH(DMI_SYS_VENDOR, "Dell Computer"),
470 DMI_MATCH(DMI_PRODUCT_NAME, "Latitude"),
471 },
472 },
473 {
474 .ident = "Dell Inspiron 2",
475 .matches = {
476 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
477 DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron"),
478 },
479 },
480 {
481 .ident = "Dell Latitude 2",
482 .matches = {
483 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
484 DMI_MATCH(DMI_PRODUCT_NAME, "Latitude"),
485 },
486 },
487 { /* UK Inspiron 6400 */
488 .ident = "Dell Inspiron 3",
489 .matches = {
490 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
491 DMI_MATCH(DMI_PRODUCT_NAME, "MM061"),
492 },
493 },
494 {
495 .ident = "Dell Inspiron 3",
496 .matches = {
497 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
498 DMI_MATCH(DMI_PRODUCT_NAME, "MP061"),
499 },
500 },
501 {
502 .ident = "Dell Precision",
503 .matches = {
504 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
505 DMI_MATCH(DMI_PRODUCT_NAME, "Precision"),
506 },
507 },
508 {
509 .ident = "Dell Vostro",
510 .matches = {
511 DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
512 DMI_MATCH(DMI_PRODUCT_NAME, "Vostro"),
513 },
514 },
515 { }
516 };
517
518 /*
519 * Probe for the presence of a supported laptop.
520 */
521 static int __init i8k_probe(void)
522 {
523 char buff[4];
524 int version;
525
526 /*
527 * Get DMI information
528 */
529 if (!dmi_check_system(i8k_dmi_table)) {
530 if (!ignore_dmi && !force)
531 return -ENODEV;
532
533 printk(KERN_INFO "i8k: not running on a supported Dell system.\n");
534 printk(KERN_INFO "i8k: vendor=%s, model=%s, version=%s\n",
535 i8k_get_dmi_data(DMI_SYS_VENDOR),
536 i8k_get_dmi_data(DMI_PRODUCT_NAME),
537 i8k_get_dmi_data(DMI_BIOS_VERSION));
538 }
539
540 strlcpy(bios_version, i8k_get_dmi_data(DMI_BIOS_VERSION), sizeof(bios_version));
541
542 /*
543 * Get SMM Dell signature
544 */
545 if (i8k_get_dell_signature(I8K_SMM_GET_DELL_SIG1) &&
546 i8k_get_dell_signature(I8K_SMM_GET_DELL_SIG2)) {
547 printk(KERN_ERR "i8k: unable to get SMM Dell signature\n");
548 if (!force)
549 return -ENODEV;
550 }
551
552 /*
553 * Get SMM BIOS version.
554 */
555 version = i8k_get_bios_version();
556 if (version <= 0) {
557 printk(KERN_WARNING "i8k: unable to get SMM BIOS version\n");
558 } else {
559 buff[0] = (version >> 16) & 0xff;
560 buff[1] = (version >> 8) & 0xff;
561 buff[2] = (version) & 0xff;
562 buff[3] = '\0';
563 /*
564 * If DMI BIOS version is unknown use SMM BIOS version.
565 */
566 if (!dmi_get_system_info(DMI_BIOS_VERSION))
567 strlcpy(bios_version, buff, sizeof(bios_version));
568
569 /*
570 * Check if the two versions match.
571 */
572 if (strncmp(buff, bios_version, sizeof(bios_version)) != 0)
573 printk(KERN_WARNING "i8k: BIOS version mismatch: %s != %s\n",
574 buff, bios_version);
575 }
576
577 return 0;
578 }
579
580 static int __init i8k_init(void)
581 {
582 struct proc_dir_entry *proc_i8k;
583
584 /* Are we running on an supported laptop? */
585 if (i8k_probe())
586 return -ENODEV;
587
588 /* Register the proc entry */
589 proc_i8k = proc_create("i8k", 0, NULL, &i8k_fops);
590 if (!proc_i8k)
591 return -ENOENT;
592
593 printk(KERN_INFO
594 "Dell laptop SMM driver v%s Massimo Dal Zotto (dz@debian.org)\n",
595 I8K_VERSION);
596
597 return 0;
598 }
599
600 static void __exit i8k_exit(void)
601 {
602 remove_proc_entry("i8k", NULL);
603 }
604
605 module_init(i8k_init);
606 module_exit(i8k_exit);
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree