/*
 *
 * Intel Management Engine Interface (Intel MEI) Linux driver
 * Copyright (c) 2003-2011, Intel Corporation.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 */

#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/kernel.h>
#include <linux/device.h>
#include <linux/fs.h>
#include <linux/errno.h>
#include <linux/types.h>
#include <linux/fcntl.h>
#include <linux/aio.h>
#include <linux/pci.h>
#include <linux/poll.h>
#include <linux/init.h>
#include <linux/ioctl.h>
#include <linux/cdev.h>
#include <linux/sched.h>
#include <linux/uuid.h>
#include <linux/compat.h>
#include <linux/jiffies.h>
#include <linux/interrupt.h>
#include <linux/miscdevice.h>

#include "mei_dev.h"
#include "mei.h"
#include "interface.h"
#include "mei_version.h"


#define MEI_READ_TIMEOUT 45
#define MEI_DRIVER_NAME	"mei"
#define MEI_DEV_NAME "mei"

/*
 *  mei driver strings
 */
static char mei_driver_name[] = MEI_DRIVER_NAME;
static const char mei_driver_string[] = "Intel(R) Management Engine Interface";
static const char mei_driver_version[] = MEI_DRIVER_VERSION;

/* The device pointer */
/* Currently this driver works as long as there is only a single AMT device. */
struct pci_dev *mei_device;

/* mei_pci_tbl - PCI Device ID Table */
static DEFINE_PCI_DEVICE_TABLE(mei_pci_tbl) = {
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_82946GZ)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_82G35)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_82Q965)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_82G965)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_82GM965)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_82GME965)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9_82Q35)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9_82G33)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9_82Q33)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9_82X38)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9_3200)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9_6)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9_7)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9_8)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9_9)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9_10)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9M_1)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9M_2)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9M_3)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH9M_4)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH10_1)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH10_2)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH10_3)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_ICH10_4)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_IBXPK_1)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_IBXPK_2)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_CPT_1)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_PBG_1)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_PPT_1)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_PPT_2)},
	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, MEI_DEV_ID_PPT_3)},

	/* required last entry */
	{0, }
};

MODULE_DEVICE_TABLE(pci, mei_pci_tbl);

static DEFINE_MUTEX(mei_mutex);


/**
 * mei_clear_list - removes all callbacks associated with file
 *		from mei_cb_list
 *
 * @dev: device structure.
 * @file: file structure
 * @mei_cb_list: callbacks list
 *
 * mei_clear_list is called to clear resources associated with file
 * when application calls close function or Ctrl-C was pressed
 *
 * returns true if callback removed from the list, false otherwise
 */
static bool mei_clear_list(struct mei_device *dev,
		struct file *file, struct list_head *mei_cb_list)
{
	struct mei_cl_cb *cb_pos = NULL;
	struct mei_cl_cb *cb_next = NULL;
	struct file *file_temp;
	bool removed = false;

	/* list all list member */
	list_for_each_entry_safe(cb_pos, cb_next, mei_cb_list, cb_list) {
		file_temp = (struct file *)cb_pos->file_object;
		/* check if list member associated with a file */
		if (file_temp == file) {
			/* remove member from the list */
			list_del(&cb_pos->cb_list);
			/* check if cb equal to current iamthif cb */
			if (dev->iamthif_current_cb == cb_pos) {
				dev->iamthif_current_cb = NULL;
				/* send flow control to iamthif client */
				mei_send_flow_control(dev, &dev->iamthif_cl);
			}
			/* free all allocated buffers */
			mei_free_cb_private(cb_pos);
			cb_pos = NULL;
			removed = true;
		}
	}
	return removed;
}

/**
 * mei_clear_lists - removes all callbacks associated with file
 *
 * @dev: device structure
 * @file: file structure
 *
 * mei_clear_lists is called to clear resources associated with file
 * when application calls close function or Ctrl-C was pressed
 *
 * returns true if callback removed from the list, false otherwise
 */
static bool mei_clear_lists(struct mei_device *dev, struct file *file)
{
	bool removed = false;

	/* remove callbacks associated with a file */
	mei_clear_list(dev, file, &dev->amthi_cmd_list.mei_cb.cb_list);
	if (mei_clear_list(dev, file,
			    &dev->amthi_read_complete_list.mei_cb.cb_list))
		removed = true;

	mei_clear_list(dev, file, &dev->ctrl_rd_list.mei_cb.cb_list);

	if (mei_clear_list(dev, file, &dev->ctrl_wr_list.mei_cb.cb_list))
		removed = true;

	if (mei_clear_list(dev, file, &dev->write_waiting_list.mei_cb.cb_list))
		removed = true;

	if (mei_clear_list(dev, file, &dev->write_list.mei_cb.cb_list))
		removed = true;

	/* check if iamthif_current_cb not NULL */
	if (dev->iamthif_current_cb && !removed) {
		/* check file and iamthif current cb association */
		if (dev->iamthif_current_cb->file_object == file) {
			/* remove cb */
			mei_free_cb_private(dev->iamthif_current_cb);
			dev->iamthif_current_cb = NULL;
			removed = true;
		}
	}
	return removed;
}
/**
 * find_read_list_entry - find read list entry
 *
 * @dev: device structure
 * @file: pointer to file structure
 *
 * returns cb on success, NULL on error
 */
static struct mei_cl_cb *find_read_list_entry(
		struct mei_device *dev,
		struct mei_cl *cl)
{
	struct mei_cl_cb *pos = NULL;
	struct mei_cl_cb *next = NULL;

	dev_dbg(&dev->pdev->dev, "remove read_list CB\n");
	list_for_each_entry_safe(pos, next,
			&dev->read_list.mei_cb.cb_list, cb_list) {
		struct mei_cl *cl_temp;
		cl_temp = (struct mei_cl *)pos->file_private;

		if (mei_cl_cmp_id(cl, cl_temp))
			return pos;
	}
	return NULL;
}

/**
 * mei_open - the open function
 *
 * @inode: pointer to inode structure
 * @file: pointer to file structure
 *
 * returns 0 on success, <0 on error
 */
static int mei_open(struct inode *inode, struct file *file)
{
	struct mei_cl *cl;
	struct mei_device *dev;
	unsigned long cl_id;
	int err;

	err = -ENODEV;
	if (!mei_device)
		goto out;

	dev = pci_get_drvdata(mei_device);
	if (!dev)
		goto out;

	mutex_lock(&dev->device_lock);
	err = -ENOMEM;
	cl = mei_cl_allocate(dev);
	if (!cl)
		goto out_unlock;

	err = -ENODEV;
	if (dev->mei_state != MEI_ENABLED) {
		dev_dbg(&dev->pdev->dev, "mei_state != MEI_ENABLED  mei_state= %d\n",
		    dev->mei_state);
		goto out_unlock;
	}
	err = -EMFILE;
	if (dev->open_handle_count >= MEI_MAX_OPEN_HANDLE_COUNT)
		goto out_unlock;

	cl_id = find_first_zero_bit(dev->host_clients_map, MEI_CLIENTS_MAX);
	if (cl_id >= MEI_CLIENTS_MAX)
		goto out_unlock;

	cl->host_client_id  = cl_id;

	dev_dbg(&dev->pdev->dev, "client_id = %d\n", cl->host_client_id);

	dev->open_handle_count++;

	list_add_tail(&cl->link, &dev->file_list);

	set_bit(cl->host_client_id, dev->host_clients_map);
	cl->state = MEI_FILE_INITIALIZING;
	cl->sm_state = 0;

	file->private_data = cl;
	mutex_unlock(&dev->device_lock);

	return nonseekable_open(inode, file);

out_unlock:
	mutex_unlock(&dev->device_lock);
	kfree(cl);
out:
	return err;
}

/**
 * mei_release - the release function
 *
 * @inode: pointer to inode structure
 * @file: pointer to file structure
 *
 * returns 0 on success, <0 on error
 */
static int mei_release(struct inode *inode, struct file *file)
{
	struct mei_cl *cl = file->private_data;
	struct mei_cl_cb *cb;
	struct mei_device *dev;
	int rets = 0;

	if (WARN_ON(!cl || !cl->dev))
		return -ENODEV;

	dev = cl->dev;

	mutex_lock(&dev->device_lock);
	if (cl != &dev->iamthif_cl) {
		if (cl->state == MEI_FILE_CONNECTED) {
			cl->state = MEI_FILE_DISCONNECTING;
			dev_dbg(&dev->pdev->dev,
				"disconnecting client host client = %d, "
			    "ME client = %d\n",
			    cl->host_client_id,
			    cl->me_client_id);
			rets = mei_disconnect_host_client(dev, cl);
		}
		mei_cl_flush_queues(cl);
		dev_dbg(&dev->pdev->dev, "remove client host client = %d, ME client = %d\n",
		    cl->host_client_id,
		    cl->me_client_id);

		if (dev->open_handle_count > 0) {
			clear_bit(cl->host_client_id, dev->host_clients_map);
			dev->open_handle_count--;
		}
		mei_remove_client_from_file_list(dev, cl->host_client_id);

		/* free read cb */
		cb = NULL;
		if (cl->read_cb) {
			cb = find_read_list_entry(dev, cl);
			/* Remove entry from read list */
			if (cb)
				list_del(&cb->cb_list);

			cb = cl->read_cb;
			cl->read_cb = NULL;
		}

		file->private_data = NULL;

		if (cb) {
			mei_free_cb_private(cb);
			cb = NULL;
		}

		kfree(cl);
	} else {
		if (dev->open_handle_count > 0)
			dev->open_handle_count--;

		if (dev->iamthif_file_object == file &&
		    dev->iamthif_state != MEI_IAMTHIF_IDLE) {

			dev_dbg(&dev->pdev->dev, "amthi canceled iamthif state %d\n",
			    dev->iamthif_state);
			dev->iamthif_canceled = true;
			if (dev->iamthif_state == MEI_IAMTHIF_READ_COMPLETE) {
				dev_dbg(&dev->pdev->dev, "run next amthi iamthif cb\n");
				mei_run_next_iamthif_cmd(dev);
			}
		}

		if (mei_clear_lists(dev, file))
			dev->iamthif_state = MEI_IAMTHIF_IDLE;

	}
	mutex_unlock(&dev->device_lock);
	return rets;
}


/**
 * mei_read - the read function.
 *
 * @file: pointer to file structure
 * @ubuf: pointer to user buffer
 * @length: buffer length
 * @offset: data offset in buffer
 *
 * returns >=0 data length on success , <0 on error
 */
static ssize_t mei_read(struct file *file, char __user *ubuf,
			size_t length, loff_t *offset)
{
	struct mei_cl *cl = file->private_data;
	struct mei_cl_cb *cb_pos = NULL;
	struct mei_cl_cb *cb = NULL;
	struct mei_device *dev;
	int i;
	int rets;
	int err;


	if (WARN_ON(!cl || !cl->dev))
		return -ENODEV;

	dev = cl->dev;

	mutex_lock(&dev->device_lock);
	if (dev->mei_state != MEI_ENABLED) {
		rets = -ENODEV;
		goto out;
	}

	if ((cl->sm_state & MEI_WD_STATE_INDEPENDENCE_MSG_SENT) == 0) {
		/* Do not allow to read watchdog client */
		i = mei_find_me_client_index(dev, mei_wd_guid);
		if (i >= 0) {
			struct mei_me_client *me_client = &dev->me_clients[i];

			if (cl->me_client_id == me_client->client_id) {
				rets = -EBADF;
				goto out;
			}
		}
	} else {
		cl->sm_state &= ~MEI_WD_STATE_INDEPENDENCE_MSG_SENT;
	}

	if (cl == &dev->iamthif_cl) {
		rets = amthi_read(dev, file, ubuf, length, offset);
		goto out;
	}

	if (cl->read_cb && cl->read_cb->information > *offset) {
		cb = cl->read_cb;
		goto copy_buffer;
	} else if (cl->read_cb && cl->read_cb->information > 0 &&
		   cl->read_cb->information <= *offset) {
		cb = cl->read_cb;
		rets = 0;
		goto free;
	} else if ((!cl->read_cb || !cl->read_cb->information) &&
		    *offset > 0) {
		/*Offset needs to be cleaned for contingous reads*/
		*offset = 0;
		rets = 0;
		goto out;
	}

	err = mei_start_read(dev, cl);
	if (err && err != -EBUSY) {
		dev_dbg(&dev->pdev->dev,
			"mei start read failure with status = %d\n", err);
		rets = err;
		goto out;
	}

	if (MEI_READ_COMPLETE != cl->reading_state &&
			!waitqueue_active(&cl->rx_wait)) {
		if (file->f_flags & O_NONBLOCK) {
			rets = -EAGAIN;
			goto out;
		}

		mutex_unlock(&dev->device_lock);

		if (wait_event_interruptible(cl->rx_wait,
			(MEI_READ_COMPLETE == cl->reading_state ||
			 MEI_FILE_INITIALIZING == cl->state ||
			 MEI_FILE_DISCONNECTED == cl->state ||
			 MEI_FILE_DISCONNECTING == cl->state))) {
			if (signal_pending(current))
				return -EINTR;
			return -ERESTARTSYS;
		}

		mutex_lock(&dev->device_lock);
		if (MEI_FILE_INITIALIZING == cl->state ||
		    MEI_FILE_DISCONNECTED == cl->state ||
		    MEI_FILE_DISCONNECTING == cl->state) {
			rets = -EBUSY;
			goto out;
		}
	}

	cb = cl->read_cb;

	if (!cb) {
		rets = -ENODEV;
		goto out;
	}
	if (cl->reading_state != MEI_READ_COMPLETE) {
		rets = 0;
		goto out;
	}
	/* now copy the data to user space */
copy_buffer:
	dev_dbg(&dev->pdev->dev, "cb->response_buffer size - %d\n",
	    cb->response_buffer.size);
	dev_dbg(&dev->pdev->dev, "cb->information - %lu\n",
	    cb->information);
	if (length == 0 || ubuf == NULL || *offset > cb->information) {
		rets = -EMSGSIZE;
		goto free;
	}

	/* length is being turncated to PAGE_SIZE, however, */
	/* information size may be longer */
	length = min_t(size_t, length, (cb->information - *offset));

	if (copy_to_user(ubuf, cb->response_buffer.data + *offset, length)) {
		rets = -EFAULT;
		goto free;
	}

	rets = length;
	*offset += length;
	if ((unsigned long)*offset < cb->information)
		goto out;

free:
	cb_pos = find_read_list_entry(dev, cl);
	/* Remove entry from read list */
	if (cb_pos)
		list_del(&cb_pos->cb_list);
	mei_free_cb_private(cb);
	cl->reading_state = MEI_IDLE;
	cl->read_cb = NULL;
	cl->read_pending = 0;
out:
	dev_dbg(&dev->pdev->dev, "end mei read rets= %d\n", rets);
	mutex_unlock(&dev->device_lock);
	return rets;
}

/**
 * mei_write - the write function.
 *
 * @file: pointer to file structure
 * @ubuf: pointer to user buffer
 * @length: buffer length
 * @offset: data offset in buffer
 *
 * returns >=0 data length on success , <0 on error
 */
static ssize_t mei_write(struct file *file, const char __user *ubuf,
			 size_t length, loff_t *offset)
{
	struct mei_cl *cl = file->private_data;
	struct mei_cl_cb *write_cb = NULL;
	struct mei_msg_hdr mei_hdr;
	struct mei_device *dev;
	unsigned long timeout = 0;
	int rets;
	int i;

	if (WARN_ON(!cl || !cl->dev))
		return -ENODEV;

	dev = cl->dev;

	mutex_lock(&dev->device_lock);

	if (dev->mei_state != MEI_ENABLED) {
		mutex_unlock(&dev->device_lock);
		return -ENODEV;
	}

	if (cl == &dev->iamthif_cl) {
		write_cb = find_amthi_read_list_entry(dev, file);

		if (write_cb) {
			timeout = write_cb->read_time +
					msecs_to_jiffies(IAMTHIF_READ_TIMER);

			if (time_after(jiffies, timeout) ||
				 cl->reading_state == MEI_READ_COMPLETE) {
					*offset = 0;
					list_del(&write_cb->cb_list);
					mei_free_cb_private(write_cb);
					write_cb = NULL;
			}
		}
	}

	/* free entry used in read */
	if (cl->reading_state == MEI_READ_COMPLETE) {
		*offset = 0;
		write_cb = find_read_list_entry(dev, cl);
		if (write_cb) {
			list_del(&write_cb->cb_list);
			mei_free_cb_private(write_cb);
			write_cb = NULL;
			cl->reading_state = MEI_IDLE;
			cl->read_cb = NULL;
			cl->read_pending = 0;
		}
	} else if (cl->reading_state == MEI_IDLE && !cl->read_pending)
		*offset = 0;


	write_cb = kzalloc(sizeof(struct mei_cl_cb), GFP_KERNEL);
	if (!write_cb) {
		mutex_unlock(&dev->device_lock);
		return -ENOMEM;
	}

	write_cb->file_object = file;
	write_cb->file_private = cl;
	write_cb->request_buffer.data = kmalloc(length, GFP_KERNEL);
	rets = -ENOMEM;
	if (!write_cb->request_buffer.data)
		goto unlock_dev;

	dev_dbg(&dev->pdev->dev, "length =%d\n", (int) length);

	rets = -EFAULT;
	if (copy_from_user(write_cb->request_buffer.data, ubuf, length))
		goto unlock_dev;

	cl->sm_state = 0;
	if (length == 4 &&
	    ((memcmp(mei_wd_state_independence_msg[0],
				 write_cb->request_buffer.data, 4) == 0) ||
	     (memcmp(mei_wd_state_independence_msg[1],
				 write_cb->request_buffer.data, 4) == 0) ||
	     (memcmp(mei_wd_state_independence_msg[2],
				 write_cb->request_buffer.data, 4) == 0)))
		cl->sm_state |= MEI_WD_STATE_INDEPENDENCE_MSG_SENT;

	INIT_LIST_HEAD(&write_cb->cb_list);
	if (cl == &dev->iamthif_cl) {
		write_cb->response_buffer.data =
		    kmalloc(dev->iamthif_mtu, GFP_KERNEL);
		if (!write_cb->response_buffer.data) {
			rets = -ENOMEM;
			goto unlock_dev;
		}
		if (dev->mei_state != MEI_ENABLED) {
			rets = -ENODEV;
			goto unlock_dev;
		}
		for (i = 0; i < dev->me_clients_num; i++) {
			if (dev->me_clients[i].client_id ==
				dev->iamthif_cl.me_client_id)
				break;
		}

		if (WARN_ON(dev->me_clients[i].client_id != cl->me_client_id)) {
			rets = -ENODEV;
			goto unlock_dev;
		}
		if (i == dev->me_clients_num ||
		    (dev->me_clients[i].client_id !=
		      dev->iamthif_cl.me_client_id)) {
			rets = -ENODEV;
			goto unlock_dev;
		} else if (length > dev->me_clients[i].props.max_msg_length ||
			   length <= 0) {
			rets = -EMSGSIZE;
			goto unlock_dev;
		}

		write_cb->response_buffer.size = dev->iamthif_mtu;
		write_cb->major_file_operations = MEI_IOCTL;
		write_cb->information = 0;
		write_cb->request_buffer.size = length;
		if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) {
			rets = -ENODEV;
			goto unlock_dev;
		}

		if (!list_empty(&dev->amthi_cmd_list.mei_cb.cb_list) ||
				dev->iamthif_state != MEI_IAMTHIF_IDLE) {
			dev_dbg(&dev->pdev->dev, "amthi_state = %d\n",
					(int) dev->iamthif_state);
			dev_dbg(&dev->pdev->dev, "add amthi cb to amthi cmd waiting list\n");
			list_add_tail(&write_cb->cb_list,
					&dev->amthi_cmd_list.mei_cb.cb_list);
			rets = length;
		} else {
			dev_dbg(&dev->pdev->dev, "call amthi write\n");
			rets = amthi_write(dev, write_cb);

			if (rets) {
				dev_dbg(&dev->pdev->dev, "amthi write failed with status = %d\n",
				    rets);
				goto unlock_dev;
			}
			rets = length;
		}
		mutex_unlock(&dev->device_lock);
		return rets;
	}

	write_cb->major_file_operations = MEI_WRITE;
	/* make sure information is zero before we start */

	write_cb->information = 0;
	write_cb->request_buffer.size = length;

	dev_dbg(&dev->pdev->dev, "host client = %d, ME client = %d\n",
	    cl->host_client_id, cl->me_client_id);
	if (cl->state != MEI_FILE_CONNECTED) {
		rets = -ENODEV;
		dev_dbg(&dev->pdev->dev, "host client = %d,  is not connected to ME client = %d",
		    cl->host_client_id,
		    cl->me_client_id);
		goto unlock_dev;
	}
	for (i = 0; i < dev->me_clients_num; i++) {
		if (dev->me_clients[i].client_id ==
		    cl->me_client_id)
			break;
	}
	if (WARN_ON(dev->me_clients[i].client_id != cl->me_client_id)) {
		rets = -ENODEV;
		goto unlock_dev;
	}
	if (i == dev->me_clients_num) {
		rets = -ENODEV;
		goto unlock_dev;
	}
	if (length > dev->me_clients[i].props.max_msg_length || length <= 0) {
		rets = -EINVAL;
		goto unlock_dev;
	}
	write_cb->file_private = cl;

	rets = mei_flow_ctrl_creds(dev, cl);
	if (rets < 0)
		goto unlock_dev;

	if (rets && dev->mei_host_buffer_is_empty) {
		rets = 0;
		dev->mei_host_buffer_is_empty = false;
		if (length > ((((dev->host_hw_state & H_CBD) >> 24) *
			sizeof(u32)) - sizeof(struct mei_msg_hdr))) {

			mei_hdr.length =
				(((dev->host_hw_state & H_CBD) >> 24) *
				sizeof(u32)) -
				sizeof(struct mei_msg_hdr);
			mei_hdr.msg_complete = 0;
		} else {
			mei_hdr.length = length;
			mei_hdr.msg_complete = 1;
		}
		mei_hdr.host_addr = cl->host_client_id;
		mei_hdr.me_addr = cl->me_client_id;
		mei_hdr.reserved = 0;
		dev_dbg(&dev->pdev->dev, "call mei_write_message header=%08x.\n",
		    *((u32 *) &mei_hdr));
		if (!mei_write_message(dev, &mei_hdr,
			(unsigned char *) (write_cb->request_buffer.data),
			mei_hdr.length)) {
			rets = -ENODEV;
			goto unlock_dev;
		}
		cl->writing_state = MEI_WRITING;
		write_cb->information = mei_hdr.length;
		if (mei_hdr.msg_complete) {
			if (mei_flow_ctrl_reduce(dev, cl)) {
				rets = -ENODEV;
				goto unlock_dev;
			}
			list_add_tail(&write_cb->cb_list,
				      &dev->write_waiting_list.mei_cb.cb_list);
		} else {
			list_add_tail(&write_cb->cb_list,
				      &dev->write_list.mei_cb.cb_list);
		}

	} else {

		write_cb->information = 0;
		cl->writing_state = MEI_WRITING;
		list_add_tail(&write_cb->cb_list,
			      &dev->write_list.mei_cb.cb_list);
	}
	mutex_unlock(&dev->device_lock);
	return length;

unlock_dev:
	mutex_unlock(&dev->device_lock);
	mei_free_cb_private(write_cb);
	return rets;
}


/**
 * mei_ioctl - the IOCTL function
 *
 * @file: pointer to file structure
 * @cmd: ioctl command
 * @data: pointer to mei message structure
 *
 * returns 0 on success , <0 on error
 */
static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
{
	struct mei_device *dev;
	struct mei_cl *cl = file->private_data;
	struct mei_connect_client_data *connect_data = NULL;
	int rets;

	if (cmd != IOCTL_MEI_CONNECT_CLIENT)
		return -EINVAL;

	if (WARN_ON(!cl || !cl->dev))
		return -ENODEV;

	dev = cl->dev;

	dev_dbg(&dev->pdev->dev, "IOCTL cmd = 0x%x", cmd);

	mutex_lock(&dev->device_lock);
	if (dev->mei_state != MEI_ENABLED) {
		rets = -ENODEV;
		goto out;
	}

	dev_dbg(&dev->pdev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n");

	connect_data = kzalloc(sizeof(struct mei_connect_client_data),
							GFP_KERNEL);
	if (!connect_data) {
		rets = -ENOMEM;
		goto out;
	}
	dev_dbg(&dev->pdev->dev, "copy connect data from user\n");
	if (copy_from_user(connect_data, (char __user *)data,
				sizeof(struct mei_connect_client_data))) {
		dev_dbg(&dev->pdev->dev, "failed to copy data from userland\n");
		rets = -EFAULT;
		goto out;
	}
	rets = mei_ioctl_connect_client(file, connect_data);

	/* if all is ok, copying the data back to user. */
	if (rets)
		goto out;

	dev_dbg(&dev->pdev->dev, "copy connect data to user\n");
	if (copy_to_user((char __user *)data, connect_data,
				sizeof(struct mei_connect_client_data))) {
		dev_dbg(&dev->pdev->dev, "failed to copy data to userland\n");
		rets = -EFAULT;
		goto out;
	}

out:
	kfree(connect_data);
	mutex_unlock(&dev->device_lock);
	return rets;
}

/**
 * mei_compat_ioctl - the compat IOCTL function
 *
 * @file: pointer to file structure
 * @cmd: ioctl command
 * @data: pointer to mei message structure
 *
 * returns 0 on success , <0 on error
 */
#ifdef CONFIG_COMPAT
static long mei_compat_ioctl(struct file *file,
			unsigned int cmd, unsigned long data)
{
	return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data));
}
#endif


/**
 * mei_poll - the poll function
 *
 * @file: pointer to file structure
 * @wait: pointer to poll_table structure
 *
 * returns poll mask
 */
static unsigned int mei_poll(struct file *file, poll_table *wait)
{
	struct mei_cl *cl = file->private_data;
	struct mei_device *dev;
	unsigned int mask = 0;

	if (WARN_ON(!cl || !cl->dev))
		return mask;

	dev = cl->dev;

	mutex_lock(&dev->device_lock);

	if (dev->mei_state != MEI_ENABLED)
		goto out;


	if (cl == &dev->iamthif_cl) {
		mutex_unlock(&dev->device_lock);
		poll_wait(file, &dev->iamthif_cl.wait, wait);
		mutex_lock(&dev->device_lock);
		if (dev->iamthif_state == MEI_IAMTHIF_READ_COMPLETE &&
			dev->iamthif_file_object == file) {
			mask |= (POLLIN | POLLRDNORM);
			dev_dbg(&dev->pdev->dev, "run next amthi cb\n");
			mei_run_next_iamthif_cmd(dev);
		}
		goto out;
	}

	mutex_unlock(&dev->device_lock);
	poll_wait(file, &cl->tx_wait, wait);
	mutex_lock(&dev->device_lock);
	if (MEI_WRITE_COMPLETE == cl->writing_state)
		mask |= (POLLIN | POLLRDNORM);

out:
	mutex_unlock(&dev->device_lock);
	return mask;
}

/*
 * file operations structure will be used for mei char device.
 */
static const struct file_operations mei_fops = {
	.owner = THIS_MODULE,
	.read = mei_read,
	.unlocked_ioctl = mei_ioctl,
#ifdef CONFIG_COMPAT
	.compat_ioctl = mei_compat_ioctl,
#endif
	.open = mei_open,
	.release = mei_release,
	.write = mei_write,
	.poll = mei_poll,
	.llseek = no_llseek
};


/*
 * Misc Device Struct
 */
static struct miscdevice  mei_misc_device = {
		.name = MEI_DRIVER_NAME,
		.fops = &mei_fops,
		.minor = MISC_DYNAMIC_MINOR,
};

/**
 * mei_probe - Device Initialization Routine
 *
 * @pdev: PCI device structure
 * @ent: entry in kcs_pci_tbl
 *
 * returns 0 on success, <0 on failure.
 */
static int __devinit mei_probe(struct pci_dev *pdev,
				const struct pci_device_id *ent)
{
	struct mei_device *dev;
	int err;

	mutex_lock(&mei_mutex);
	if (mei_device) {
		err = -EEXIST;
		goto end;
	}
	/* enable pci dev */
	err = pci_enable_device(pdev);
	if (err) {
		printk(KERN_ERR "mei: Failed to enable pci device.\n");
		goto end;
	}
	/* set PCI host mastering  */
	pci_set_master(pdev);
	/* pci request regions for mei driver */
	err = pci_request_regions(pdev, mei_driver_name);
	if (err) {
		printk(KERN_ERR "mei: Failed to get pci regions.\n");
		goto disable_device;
	}
	/* allocates and initializes the mei dev structure */
	dev = mei_device_init(pdev);
	if (!dev) {
		err = -ENOMEM;
		goto release_regions;
	}
	/* mapping  IO device memory */
	dev->mem_addr = pci_iomap(pdev, 0, 0);
	if (!dev->mem_addr) {
		printk(KERN_ERR "mei: mapping I/O device memory failure.\n");
		err = -ENOMEM;
		goto free_device;
	}
	pci_enable_msi(pdev);

	 /* request and enable interrupt */
	if (pci_dev_msi_enabled(pdev))
		err = request_threaded_irq(pdev->irq,
			NULL,
			mei_interrupt_thread_handler,
			0, mei_driver_name, dev);
	else
		err = request_threaded_irq(pdev->irq,
			mei_interrupt_quick_handler,
			mei_interrupt_thread_handler,
			IRQF_SHARED, mei_driver_name, dev);

	if (err) {
		printk(KERN_ERR "mei: request_threaded_irq failure. irq = %d\n",
		       pdev->irq);
		goto unmap_memory;
	}
	INIT_DELAYED_WORK(&dev->timer_work, mei_timer);
	if (mei_hw_init(dev)) {
		printk(KERN_ERR "mei: Init hw failure.\n");
		err = -ENODEV;
		goto release_irq;
	}

	err = misc_register(&mei_misc_device);
	if (err)
		goto release_irq;

	mei_device = pdev;
	pci_set_drvdata(pdev, dev);


	schedule_delayed_work(&dev->timer_work, HZ);

	mutex_unlock(&mei_mutex);

	pr_debug("mei: Driver initialization successful.\n");

	return 0;

release_irq:
	/* disable interrupts */
	dev->host_hw_state = mei_hcsr_read(dev);
	mei_disable_interrupts(dev);
	flush_scheduled_work();
	free_irq(pdev->irq, dev);
	pci_disable_msi(pdev);
unmap_memory:
	pci_iounmap(pdev, dev->mem_addr);
free_device:
	kfree(dev);
release_regions:
	pci_release_regions(pdev);
disable_device:
	pci_disable_device(pdev);
end:
	mutex_unlock(&mei_mutex);
	printk(KERN_ERR "mei: Driver initialization failed.\n");
	return err;
}

/**
 * mei_remove - Device Removal Routine
 *
 * @pdev: PCI device structure
 *
 * mei_remove is called by the PCI subsystem to alert the driver
 * that it should release a PCI device.
 */
static void __devexit mei_remove(struct pci_dev *pdev)
{
	struct mei_device *dev;

	if (mei_device != pdev)
		return;

	dev = pci_get_drvdata(pdev);
	if (!dev)
		return;

	mutex_lock(&dev->device_lock);

	mei_wd_stop(dev, false);

	mei_device = NULL;

	if (dev->iamthif_cl.state == MEI_FILE_CONNECTED) {
		dev->iamthif_cl.state = MEI_FILE_DISCONNECTING;
		mei_disconnect_host_client(dev, &dev->iamthif_cl);
	}
	if (dev->wd_cl.state == MEI_FILE_CONNECTED) {
		dev->wd_cl.state = MEI_FILE_DISCONNECTING;
		mei_disconnect_host_client(dev, &dev->wd_cl);
	}

	/* Unregistering watchdog device */
	mei_watchdog_unregister(dev);

	/* remove entry if already in list */
	dev_dbg(&pdev->dev, "list del iamthif and wd file list.\n");
	mei_remove_client_from_file_list(dev, dev->wd_cl.host_client_id);
	mei_remove_client_from_file_list(dev, dev->iamthif_cl.host_client_id);

	dev->iamthif_current_cb = NULL;
	dev->me_clients_num = 0;

	mutex_unlock(&dev->device_lock);

	flush_scheduled_work();

	/* disable interrupts */
	mei_disable_interrupts(dev);

	free_irq(pdev->irq, dev);
	pci_disable_msi(pdev);
	pci_set_drvdata(pdev, NULL);

	if (dev->mem_addr)
		pci_iounmap(pdev, dev->mem_addr);

	kfree(dev);

	pci_release_regions(pdev);
	pci_disable_device(pdev);
}
#ifdef CONFIG_PM
static int mei_pci_suspend(struct device *device)
{
	struct pci_dev *pdev = to_pci_dev(device);
	struct mei_device *dev = pci_get_drvdata(pdev);
	int err;

	if (!dev)
		return -ENODEV;
	mutex_lock(&dev->device_lock);
	/* Stop watchdog if exists */
	err = mei_wd_stop(dev, true);
	/* Set new mei state */
	if (dev->mei_state == MEI_ENABLED ||
	    dev->mei_state == MEI_RECOVERING_FROM_RESET) {
		dev->mei_state = MEI_POWER_DOWN;
		mei_reset(dev, 0);
	}
	mutex_unlock(&dev->device_lock);

	free_irq(pdev->irq, dev);
	pci_disable_msi(pdev);

	return err;
}

static int mei_pci_resume(struct device *device)
{
	struct pci_dev *pdev = to_pci_dev(device);
	struct mei_device *dev;
	int err;

	dev = pci_get_drvdata(pdev);
	if (!dev)
		return -ENODEV;

	pci_enable_msi(pdev);

	/* request and enable interrupt */
	if (pci_dev_msi_enabled(pdev))
		err = request_threaded_irq(pdev->irq,
			NULL,
			mei_interrupt_thread_handler,
			0, mei_driver_name, dev);
	else
		err = request_threaded_irq(pdev->irq,
			mei_interrupt_quick_handler,
			mei_interrupt_thread_handler,
			IRQF_SHARED, mei_driver_name, dev);

	if (err) {
		printk(KERN_ERR "mei: Request_irq failure. irq = %d\n",
		       pdev->irq);
		return err;
	}

	mutex_lock(&dev->device_lock);
	dev->mei_state = MEI_POWER_UP;
	mei_reset(dev, 1);
	mutex_unlock(&dev->device_lock);

	/* Start timer if stopped in suspend */
	schedule_delayed_work(&dev->timer_work, HZ);

	return err;
}
static SIMPLE_DEV_PM_OPS(mei_pm_ops, mei_pci_suspend, mei_pci_resume);
#define MEI_PM_OPS	(&mei_pm_ops)
#else
#define MEI_PM_OPS	NULL
#endif /* CONFIG_PM */
/*
 *  PCI driver structure
 */
static struct pci_driver mei_driver = {
	.name = mei_driver_name,
	.id_table = mei_pci_tbl,
	.probe = mei_probe,
	.remove = __devexit_p(mei_remove),
	.shutdown = __devexit_p(mei_remove),
	.driver.pm = MEI_PM_OPS,
};

/**
 * mei_init_module - Driver Registration Routine
 *
 * mei_init_module is the first routine called when the driver is
 * loaded. All it does is to register with the PCI subsystem.
 *
 * returns 0 on success, <0 on failure.
 */
static int __init mei_init_module(void)
{
	int ret;

	pr_debug("mei: %s - version %s\n",
		mei_driver_string, mei_driver_version);
	/* init pci module */
	ret = pci_register_driver(&mei_driver);
	if (ret < 0)
		printk(KERN_ERR "mei: Error registering driver.\n");

	return ret;
}

module_init(mei_init_module);

/**
 * mei_exit_module - Driver Exit Cleanup Routine
 *
 * mei_exit_module is called just before the driver is removed
 * from memory.
 */
static void __exit mei_exit_module(void)
{
	misc_deregister(&mei_misc_device);
	pci_unregister_driver(&mei_driver);

	pr_debug("mei: Driver unloaded successfully.\n");
}

module_exit(mei_exit_module);


MODULE_AUTHOR("Intel Corporation");
MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
MODULE_LICENSE("GPL v2");
MODULE_VERSION(MEI_DRIVER_VERSION);