1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Procedures for interfacing to the RTAS on CHRP machines. 5 * 6 * Peter Bergner, IBM March 2001. 7 * Copyright (C) 2001 IBM. 8 */ 9 10 #include <linux/stdarg.h> 11 #include <linux/kernel.h> 12 #include <linux/types.h> 13 #include <linux/spinlock.h> 14 #include <linux/export.h> 15 #include <linux/init.h> 16 #include <linux/capability.h> 17 #include <linux/delay.h> 18 #include <linux/cpu.h> 19 #include <linux/sched.h> 20 #include <linux/smp.h> 21 #include <linux/completion.h> 22 #include <linux/cpumask.h> 23 #include <linux/memblock.h> 24 #include <linux/slab.h> 25 #include <linux/reboot.h> 26 #include <linux/syscalls.h> 27 28 #include <asm/interrupt.h> 29 #include <asm/prom.h> 30 #include <asm/rtas.h> 31 #include <asm/hvcall.h> 32 #include <asm/machdep.h> 33 #include <asm/firmware.h> 34 #include <asm/page.h> 35 #include <asm/param.h> 36 #include <asm/delay.h> 37 #include <linux/uaccess.h> 38 #include <asm/udbg.h> 39 #include <asm/syscalls.h> 40 #include <asm/smp.h> 41 #include <linux/atomic.h> 42 #include <asm/time.h> 43 #include <asm/mmu.h> 44 #include <asm/topology.h> 45 #include <asm/paca.h> 46 47 /* This is here deliberately so it's only used in this file */ 48 void enter_rtas(unsigned long); 49 50 static inline void do_enter_rtas(unsigned long args) 51 { 52 enter_rtas(args); 53 54 srr_regs_clobbered(); /* rtas uses SRRs, invalidate */ 55 } 56 57 struct rtas_t rtas = { 58 .lock = __ARCH_SPIN_LOCK_UNLOCKED 59 }; 60 EXPORT_SYMBOL(rtas); 61 62 DEFINE_SPINLOCK(rtas_data_buf_lock); 63 EXPORT_SYMBOL(rtas_data_buf_lock); 64 65 char rtas_data_buf[RTAS_DATA_BUF_SIZE] __cacheline_aligned; 66 EXPORT_SYMBOL(rtas_data_buf); 67 68 unsigned long rtas_rmo_buf; 69 70 /* 71 * If non-NULL, this gets called when the kernel terminates. 72 * This is done like this so rtas_flash can be a module. 73 */ 74 void (*rtas_flash_term_hook)(int); 75 EXPORT_SYMBOL(rtas_flash_term_hook); 76 77 /* RTAS use home made raw locking instead of spin_lock_irqsave 78 * because those can be called from within really nasty contexts 79 * such as having the timebase stopped which would lockup with 80 * normal locks and spinlock debugging enabled 81 */ 82 static unsigned long lock_rtas(void) 83 { 84 unsigned long flags; 85 86 local_irq_save(flags); 87 preempt_disable(); 88 arch_spin_lock(&rtas.lock); 89 return flags; 90 } 91 92 static void unlock_rtas(unsigned long flags) 93 { 94 arch_spin_unlock(&rtas.lock); 95 local_irq_restore(flags); 96 preempt_enable(); 97 } 98 99 /* 100 * call_rtas_display_status and call_rtas_display_status_delay 101 * are designed only for very early low-level debugging, which 102 * is why the token is hard-coded to 10. 103 */ 104 static void call_rtas_display_status(unsigned char c) 105 { 106 unsigned long s; 107 108 if (!rtas.base) 109 return; 110 111 s = lock_rtas(); 112 rtas_call_unlocked(&rtas.args, 10, 1, 1, NULL, c); 113 unlock_rtas(s); 114 } 115 116 static void call_rtas_display_status_delay(char c) 117 { 118 static int pending_newline = 0; /* did last write end with unprinted newline? */ 119 static int width = 16; 120 121 if (c == '\n') { 122 while (width-- > 0) 123 call_rtas_display_status(' '); 124 width = 16; 125 mdelay(500); 126 pending_newline = 1; 127 } else { 128 if (pending_newline) { 129 call_rtas_display_status('\r'); 130 call_rtas_display_status('\n'); 131 } 132 pending_newline = 0; 133 if (width--) { 134 call_rtas_display_status(c); 135 udelay(10000); 136 } 137 } 138 } 139 140 void __init udbg_init_rtas_panel(void) 141 { 142 udbg_putc = call_rtas_display_status_delay; 143 } 144 145 #ifdef CONFIG_UDBG_RTAS_CONSOLE 146 147 /* If you think you're dying before early_init_dt_scan_rtas() does its 148 * work, you can hard code the token values for your firmware here and 149 * hardcode rtas.base/entry etc. 150 */ 151 static unsigned int rtas_putchar_token = RTAS_UNKNOWN_SERVICE; 152 static unsigned int rtas_getchar_token = RTAS_UNKNOWN_SERVICE; 153 154 static void udbg_rtascon_putc(char c) 155 { 156 int tries; 157 158 if (!rtas.base) 159 return; 160 161 /* Add CRs before LFs */ 162 if (c == '\n') 163 udbg_rtascon_putc('\r'); 164 165 /* if there is more than one character to be displayed, wait a bit */ 166 for (tries = 0; tries < 16; tries++) { 167 if (rtas_call(rtas_putchar_token, 1, 1, NULL, c) == 0) 168 break; 169 udelay(1000); 170 } 171 } 172 173 static int udbg_rtascon_getc_poll(void) 174 { 175 int c; 176 177 if (!rtas.base) 178 return -1; 179 180 if (rtas_call(rtas_getchar_token, 0, 2, &c)) 181 return -1; 182 183 return c; 184 } 185 186 static int udbg_rtascon_getc(void) 187 { 188 int c; 189 190 while ((c = udbg_rtascon_getc_poll()) == -1) 191 ; 192 193 return c; 194 } 195 196 197 void __init udbg_init_rtas_console(void) 198 { 199 udbg_putc = udbg_rtascon_putc; 200 udbg_getc = udbg_rtascon_getc; 201 udbg_getc_poll = udbg_rtascon_getc_poll; 202 } 203 #endif /* CONFIG_UDBG_RTAS_CONSOLE */ 204 205 void rtas_progress(char *s, unsigned short hex) 206 { 207 struct device_node *root; 208 int width; 209 const __be32 *p; 210 char *os; 211 static int display_character, set_indicator; 212 static int display_width, display_lines, form_feed; 213 static const int *row_width; 214 static DEFINE_SPINLOCK(progress_lock); 215 static int current_line; 216 static int pending_newline = 0; /* did last write end with unprinted newline? */ 217 218 if (!rtas.base) 219 return; 220 221 if (display_width == 0) { 222 display_width = 0x10; 223 if ((root = of_find_node_by_path("/rtas"))) { 224 if ((p = of_get_property(root, 225 "ibm,display-line-length", NULL))) 226 display_width = be32_to_cpu(*p); 227 if ((p = of_get_property(root, 228 "ibm,form-feed", NULL))) 229 form_feed = be32_to_cpu(*p); 230 if ((p = of_get_property(root, 231 "ibm,display-number-of-lines", NULL))) 232 display_lines = be32_to_cpu(*p); 233 row_width = of_get_property(root, 234 "ibm,display-truncation-length", NULL); 235 of_node_put(root); 236 } 237 display_character = rtas_token("display-character"); 238 set_indicator = rtas_token("set-indicator"); 239 } 240 241 if (display_character == RTAS_UNKNOWN_SERVICE) { 242 /* use hex display if available */ 243 if (set_indicator != RTAS_UNKNOWN_SERVICE) 244 rtas_call(set_indicator, 3, 1, NULL, 6, 0, hex); 245 return; 246 } 247 248 spin_lock(&progress_lock); 249 250 /* 251 * Last write ended with newline, but we didn't print it since 252 * it would just clear the bottom line of output. Print it now 253 * instead. 254 * 255 * If no newline is pending and form feed is supported, clear the 256 * display with a form feed; otherwise, print a CR to start output 257 * at the beginning of the line. 258 */ 259 if (pending_newline) { 260 rtas_call(display_character, 1, 1, NULL, '\r'); 261 rtas_call(display_character, 1, 1, NULL, '\n'); 262 pending_newline = 0; 263 } else { 264 current_line = 0; 265 if (form_feed) 266 rtas_call(display_character, 1, 1, NULL, 267 (char)form_feed); 268 else 269 rtas_call(display_character, 1, 1, NULL, '\r'); 270 } 271 272 if (row_width) 273 width = row_width[current_line]; 274 else 275 width = display_width; 276 os = s; 277 while (*os) { 278 if (*os == '\n' || *os == '\r') { 279 /* If newline is the last character, save it 280 * until next call to avoid bumping up the 281 * display output. 282 */ 283 if (*os == '\n' && !os[1]) { 284 pending_newline = 1; 285 current_line++; 286 if (current_line > display_lines-1) 287 current_line = display_lines-1; 288 spin_unlock(&progress_lock); 289 return; 290 } 291 292 /* RTAS wants CR-LF, not just LF */ 293 294 if (*os == '\n') { 295 rtas_call(display_character, 1, 1, NULL, '\r'); 296 rtas_call(display_character, 1, 1, NULL, '\n'); 297 } else { 298 /* CR might be used to re-draw a line, so we'll 299 * leave it alone and not add LF. 300 */ 301 rtas_call(display_character, 1, 1, NULL, *os); 302 } 303 304 if (row_width) 305 width = row_width[current_line]; 306 else 307 width = display_width; 308 } else { 309 width--; 310 rtas_call(display_character, 1, 1, NULL, *os); 311 } 312 313 os++; 314 315 /* if we overwrite the screen length */ 316 if (width <= 0) 317 while ((*os != 0) && (*os != '\n') && (*os != '\r')) 318 os++; 319 } 320 321 spin_unlock(&progress_lock); 322 } 323 EXPORT_SYMBOL(rtas_progress); /* needed by rtas_flash module */ 324 325 int rtas_token(const char *service) 326 { 327 const __be32 *tokp; 328 if (rtas.dev == NULL) 329 return RTAS_UNKNOWN_SERVICE; 330 tokp = of_get_property(rtas.dev, service, NULL); 331 return tokp ? be32_to_cpu(*tokp) : RTAS_UNKNOWN_SERVICE; 332 } 333 EXPORT_SYMBOL(rtas_token); 334 335 int rtas_service_present(const char *service) 336 { 337 return rtas_token(service) != RTAS_UNKNOWN_SERVICE; 338 } 339 EXPORT_SYMBOL(rtas_service_present); 340 341 #ifdef CONFIG_RTAS_ERROR_LOGGING 342 /* 343 * Return the firmware-specified size of the error log buffer 344 * for all rtas calls that require an error buffer argument. 345 * This includes 'check-exception' and 'rtas-last-error'. 346 */ 347 int rtas_get_error_log_max(void) 348 { 349 static int rtas_error_log_max; 350 if (rtas_error_log_max) 351 return rtas_error_log_max; 352 353 rtas_error_log_max = rtas_token ("rtas-error-log-max"); 354 if ((rtas_error_log_max == RTAS_UNKNOWN_SERVICE) || 355 (rtas_error_log_max > RTAS_ERROR_LOG_MAX)) { 356 printk (KERN_WARNING "RTAS: bad log buffer size %d\n", 357 rtas_error_log_max); 358 rtas_error_log_max = RTAS_ERROR_LOG_MAX; 359 } 360 return rtas_error_log_max; 361 } 362 EXPORT_SYMBOL(rtas_get_error_log_max); 363 364 365 static char rtas_err_buf[RTAS_ERROR_LOG_MAX]; 366 static int rtas_last_error_token; 367 368 /** Return a copy of the detailed error text associated with the 369 * most recent failed call to rtas. Because the error text 370 * might go stale if there are any other intervening rtas calls, 371 * this routine must be called atomically with whatever produced 372 * the error (i.e. with rtas.lock still held from the previous call). 373 */ 374 static char *__fetch_rtas_last_error(char *altbuf) 375 { 376 struct rtas_args err_args, save_args; 377 u32 bufsz; 378 char *buf = NULL; 379 380 if (rtas_last_error_token == -1) 381 return NULL; 382 383 bufsz = rtas_get_error_log_max(); 384 385 err_args.token = cpu_to_be32(rtas_last_error_token); 386 err_args.nargs = cpu_to_be32(2); 387 err_args.nret = cpu_to_be32(1); 388 err_args.args[0] = cpu_to_be32(__pa(rtas_err_buf)); 389 err_args.args[1] = cpu_to_be32(bufsz); 390 err_args.args[2] = 0; 391 392 save_args = rtas.args; 393 rtas.args = err_args; 394 395 do_enter_rtas(__pa(&rtas.args)); 396 397 err_args = rtas.args; 398 rtas.args = save_args; 399 400 /* Log the error in the unlikely case that there was one. */ 401 if (unlikely(err_args.args[2] == 0)) { 402 if (altbuf) { 403 buf = altbuf; 404 } else { 405 buf = rtas_err_buf; 406 if (slab_is_available()) 407 buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC); 408 } 409 if (buf) 410 memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); 411 } 412 413 return buf; 414 } 415 416 #define get_errorlog_buffer() kmalloc(RTAS_ERROR_LOG_MAX, GFP_KERNEL) 417 418 #else /* CONFIG_RTAS_ERROR_LOGGING */ 419 #define __fetch_rtas_last_error(x) NULL 420 #define get_errorlog_buffer() NULL 421 #endif 422 423 424 static void 425 va_rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret, 426 va_list list) 427 { 428 int i; 429 430 args->token = cpu_to_be32(token); 431 args->nargs = cpu_to_be32(nargs); 432 args->nret = cpu_to_be32(nret); 433 args->rets = &(args->args[nargs]); 434 435 for (i = 0; i < nargs; ++i) 436 args->args[i] = cpu_to_be32(va_arg(list, __u32)); 437 438 for (i = 0; i < nret; ++i) 439 args->rets[i] = 0; 440 441 do_enter_rtas(__pa(args)); 442 } 443 444 void rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret, ...) 445 { 446 va_list list; 447 448 va_start(list, nret); 449 va_rtas_call_unlocked(args, token, nargs, nret, list); 450 va_end(list); 451 } 452 453 int rtas_call(int token, int nargs, int nret, int *outputs, ...) 454 { 455 va_list list; 456 int i; 457 unsigned long s; 458 struct rtas_args *rtas_args; 459 char *buff_copy = NULL; 460 int ret; 461 462 if (!rtas.entry || token == RTAS_UNKNOWN_SERVICE) 463 return -1; 464 465 s = lock_rtas(); 466 467 /* We use the global rtas args buffer */ 468 rtas_args = &rtas.args; 469 470 va_start(list, outputs); 471 va_rtas_call_unlocked(rtas_args, token, nargs, nret, list); 472 va_end(list); 473 474 /* A -1 return code indicates that the last command couldn't 475 be completed due to a hardware error. */ 476 if (be32_to_cpu(rtas_args->rets[0]) == -1) 477 buff_copy = __fetch_rtas_last_error(NULL); 478 479 if (nret > 1 && outputs != NULL) 480 for (i = 0; i < nret-1; ++i) 481 outputs[i] = be32_to_cpu(rtas_args->rets[i+1]); 482 ret = (nret > 0)? be32_to_cpu(rtas_args->rets[0]): 0; 483 484 unlock_rtas(s); 485 486 if (buff_copy) { 487 log_error(buff_copy, ERR_TYPE_RTAS_LOG, 0); 488 if (slab_is_available()) 489 kfree(buff_copy); 490 } 491 return ret; 492 } 493 EXPORT_SYMBOL(rtas_call); 494 495 /** 496 * rtas_busy_delay_time() - From an RTAS status value, calculate the 497 * suggested delay time in milliseconds. 498 * 499 * @status: a value returned from rtas_call() or similar APIs which return 500 * the status of a RTAS function call. 501 * 502 * Context: Any context. 503 * 504 * Return: 505 * * 100000 - If @status is 9905. 506 * * 10000 - If @status is 9904. 507 * * 1000 - If @status is 9903. 508 * * 100 - If @status is 9902. 509 * * 10 - If @status is 9901. 510 * * 1 - If @status is either 9900 or -2. This is "wrong" for -2, but 511 * some callers depend on this behavior, and the worst outcome 512 * is that they will delay for longer than necessary. 513 * * 0 - If @status is not a busy or extended delay value. 514 */ 515 unsigned int rtas_busy_delay_time(int status) 516 { 517 int order; 518 unsigned int ms = 0; 519 520 if (status == RTAS_BUSY) { 521 ms = 1; 522 } else if (status >= RTAS_EXTENDED_DELAY_MIN && 523 status <= RTAS_EXTENDED_DELAY_MAX) { 524 order = status - RTAS_EXTENDED_DELAY_MIN; 525 for (ms = 1; order > 0; order--) 526 ms *= 10; 527 } 528 529 return ms; 530 } 531 EXPORT_SYMBOL(rtas_busy_delay_time); 532 533 /** 534 * rtas_busy_delay() - helper for RTAS busy and extended delay statuses 535 * 536 * @status: a value returned from rtas_call() or similar APIs which return 537 * the status of a RTAS function call. 538 * 539 * Context: Process context. May sleep or schedule. 540 * 541 * Return: 542 * * true - @status is RTAS_BUSY or an extended delay hint. The 543 * caller may assume that the CPU has been yielded if necessary, 544 * and that an appropriate delay for @status has elapsed. 545 * Generally the caller should reattempt the RTAS call which 546 * yielded @status. 547 * 548 * * false - @status is not @RTAS_BUSY nor an extended delay hint. The 549 * caller is responsible for handling @status. 550 */ 551 bool rtas_busy_delay(int status) 552 { 553 unsigned int ms; 554 bool ret; 555 556 switch (status) { 557 case RTAS_EXTENDED_DELAY_MIN...RTAS_EXTENDED_DELAY_MAX: 558 ret = true; 559 ms = rtas_busy_delay_time(status); 560 /* 561 * The extended delay hint can be as high as 100 seconds. 562 * Surely any function returning such a status is either 563 * buggy or isn't going to be significantly slowed by us 564 * polling at 1HZ. Clamp the sleep time to one second. 565 */ 566 ms = clamp(ms, 1U, 1000U); 567 /* 568 * The delay hint is an order-of-magnitude suggestion, not 569 * a minimum. It is fine, possibly even advantageous, for 570 * us to pause for less time than hinted. For small values, 571 * use usleep_range() to ensure we don't sleep much longer 572 * than actually needed. 573 * 574 * See Documentation/timers/timers-howto.rst for 575 * explanation of the threshold used here. In effect we use 576 * usleep_range() for 9900 and 9901, msleep() for 577 * 9902-9905. 578 */ 579 if (ms <= 20) 580 usleep_range(ms * 100, ms * 1000); 581 else 582 msleep(ms); 583 break; 584 case RTAS_BUSY: 585 ret = true; 586 /* 587 * We should call again immediately if there's no other 588 * work to do. 589 */ 590 cond_resched(); 591 break; 592 default: 593 ret = false; 594 /* 595 * Not a busy or extended delay status; the caller should 596 * handle @status itself. Ensure we warn on misuses in 597 * atomic context regardless. 598 */ 599 might_sleep(); 600 break; 601 } 602 603 return ret; 604 } 605 EXPORT_SYMBOL(rtas_busy_delay); 606 607 static int rtas_error_rc(int rtas_rc) 608 { 609 int rc; 610 611 switch (rtas_rc) { 612 case -1: /* Hardware Error */ 613 rc = -EIO; 614 break; 615 case -3: /* Bad indicator/domain/etc */ 616 rc = -EINVAL; 617 break; 618 case -9000: /* Isolation error */ 619 rc = -EFAULT; 620 break; 621 case -9001: /* Outstanding TCE/PTE */ 622 rc = -EEXIST; 623 break; 624 case -9002: /* No usable slot */ 625 rc = -ENODEV; 626 break; 627 default: 628 printk(KERN_ERR "%s: unexpected RTAS error %d\n", 629 __func__, rtas_rc); 630 rc = -ERANGE; 631 break; 632 } 633 return rc; 634 } 635 636 int rtas_get_power_level(int powerdomain, int *level) 637 { 638 int token = rtas_token("get-power-level"); 639 int rc; 640 641 if (token == RTAS_UNKNOWN_SERVICE) 642 return -ENOENT; 643 644 while ((rc = rtas_call(token, 1, 2, level, powerdomain)) == RTAS_BUSY) 645 udelay(1); 646 647 if (rc < 0) 648 return rtas_error_rc(rc); 649 return rc; 650 } 651 EXPORT_SYMBOL(rtas_get_power_level); 652 653 int rtas_set_power_level(int powerdomain, int level, int *setlevel) 654 { 655 int token = rtas_token("set-power-level"); 656 int rc; 657 658 if (token == RTAS_UNKNOWN_SERVICE) 659 return -ENOENT; 660 661 do { 662 rc = rtas_call(token, 2, 2, setlevel, powerdomain, level); 663 } while (rtas_busy_delay(rc)); 664 665 if (rc < 0) 666 return rtas_error_rc(rc); 667 return rc; 668 } 669 EXPORT_SYMBOL(rtas_set_power_level); 670 671 int rtas_get_sensor(int sensor, int index, int *state) 672 { 673 int token = rtas_token("get-sensor-state"); 674 int rc; 675 676 if (token == RTAS_UNKNOWN_SERVICE) 677 return -ENOENT; 678 679 do { 680 rc = rtas_call(token, 2, 2, state, sensor, index); 681 } while (rtas_busy_delay(rc)); 682 683 if (rc < 0) 684 return rtas_error_rc(rc); 685 return rc; 686 } 687 EXPORT_SYMBOL(rtas_get_sensor); 688 689 int rtas_get_sensor_fast(int sensor, int index, int *state) 690 { 691 int token = rtas_token("get-sensor-state"); 692 int rc; 693 694 if (token == RTAS_UNKNOWN_SERVICE) 695 return -ENOENT; 696 697 rc = rtas_call(token, 2, 2, state, sensor, index); 698 WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN && 699 rc <= RTAS_EXTENDED_DELAY_MAX)); 700 701 if (rc < 0) 702 return rtas_error_rc(rc); 703 return rc; 704 } 705 706 bool rtas_indicator_present(int token, int *maxindex) 707 { 708 int proplen, count, i; 709 const struct indicator_elem { 710 __be32 token; 711 __be32 maxindex; 712 } *indicators; 713 714 indicators = of_get_property(rtas.dev, "rtas-indicators", &proplen); 715 if (!indicators) 716 return false; 717 718 count = proplen / sizeof(struct indicator_elem); 719 720 for (i = 0; i < count; i++) { 721 if (__be32_to_cpu(indicators[i].token) != token) 722 continue; 723 if (maxindex) 724 *maxindex = __be32_to_cpu(indicators[i].maxindex); 725 return true; 726 } 727 728 return false; 729 } 730 EXPORT_SYMBOL(rtas_indicator_present); 731 732 int rtas_set_indicator(int indicator, int index, int new_value) 733 { 734 int token = rtas_token("set-indicator"); 735 int rc; 736 737 if (token == RTAS_UNKNOWN_SERVICE) 738 return -ENOENT; 739 740 do { 741 rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value); 742 } while (rtas_busy_delay(rc)); 743 744 if (rc < 0) 745 return rtas_error_rc(rc); 746 return rc; 747 } 748 EXPORT_SYMBOL(rtas_set_indicator); 749 750 /* 751 * Ignoring RTAS extended delay 752 */ 753 int rtas_set_indicator_fast(int indicator, int index, int new_value) 754 { 755 int rc; 756 int token = rtas_token("set-indicator"); 757 758 if (token == RTAS_UNKNOWN_SERVICE) 759 return -ENOENT; 760 761 rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value); 762 763 WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN && 764 rc <= RTAS_EXTENDED_DELAY_MAX)); 765 766 if (rc < 0) 767 return rtas_error_rc(rc); 768 769 return rc; 770 } 771 772 /** 773 * rtas_ibm_suspend_me() - Call ibm,suspend-me to suspend the LPAR. 774 * 775 * @fw_status: RTAS call status will be placed here if not NULL. 776 * 777 * rtas_ibm_suspend_me() should be called only on a CPU which has 778 * received H_CONTINUE from the H_JOIN hcall. All other active CPUs 779 * should be waiting to return from H_JOIN. 780 * 781 * rtas_ibm_suspend_me() may suspend execution of the OS 782 * indefinitely. Callers should take appropriate measures upon return, such as 783 * resetting watchdog facilities. 784 * 785 * Callers may choose to retry this call if @fw_status is 786 * %RTAS_THREADS_ACTIVE. 787 * 788 * Return: 789 * 0 - The partition has resumed from suspend, possibly after 790 * migration to a different host. 791 * -ECANCELED - The operation was aborted. 792 * -EAGAIN - There were other CPUs not in H_JOIN at the time of the call. 793 * -EBUSY - Some other condition prevented the suspend from succeeding. 794 * -EIO - Hardware/platform error. 795 */ 796 int rtas_ibm_suspend_me(int *fw_status) 797 { 798 int fwrc; 799 int ret; 800 801 fwrc = rtas_call(rtas_token("ibm,suspend-me"), 0, 1, NULL); 802 803 switch (fwrc) { 804 case 0: 805 ret = 0; 806 break; 807 case RTAS_SUSPEND_ABORTED: 808 ret = -ECANCELED; 809 break; 810 case RTAS_THREADS_ACTIVE: 811 ret = -EAGAIN; 812 break; 813 case RTAS_NOT_SUSPENDABLE: 814 case RTAS_OUTSTANDING_COPROC: 815 ret = -EBUSY; 816 break; 817 case -1: 818 default: 819 ret = -EIO; 820 break; 821 } 822 823 if (fw_status) 824 *fw_status = fwrc; 825 826 return ret; 827 } 828 829 void __noreturn rtas_restart(char *cmd) 830 { 831 if (rtas_flash_term_hook) 832 rtas_flash_term_hook(SYS_RESTART); 833 printk("RTAS system-reboot returned %d\n", 834 rtas_call(rtas_token("system-reboot"), 0, 1, NULL)); 835 for (;;); 836 } 837 838 void rtas_power_off(void) 839 { 840 if (rtas_flash_term_hook) 841 rtas_flash_term_hook(SYS_POWER_OFF); 842 /* allow power on only with power button press */ 843 printk("RTAS power-off returned %d\n", 844 rtas_call(rtas_token("power-off"), 2, 1, NULL, -1, -1)); 845 for (;;); 846 } 847 848 void __noreturn rtas_halt(void) 849 { 850 if (rtas_flash_term_hook) 851 rtas_flash_term_hook(SYS_HALT); 852 /* allow power on only with power button press */ 853 printk("RTAS power-off returned %d\n", 854 rtas_call(rtas_token("power-off"), 2, 1, NULL, -1, -1)); 855 for (;;); 856 } 857 858 /* Must be in the RMO region, so we place it here */ 859 static char rtas_os_term_buf[2048]; 860 861 void rtas_os_term(char *str) 862 { 863 int status; 864 865 /* 866 * Firmware with the ibm,extended-os-term property is guaranteed 867 * to always return from an ibm,os-term call. Earlier versions without 868 * this property may terminate the partition which we want to avoid 869 * since it interferes with panic_timeout. 870 */ 871 if (RTAS_UNKNOWN_SERVICE == rtas_token("ibm,os-term") || 872 RTAS_UNKNOWN_SERVICE == rtas_token("ibm,extended-os-term")) 873 return; 874 875 snprintf(rtas_os_term_buf, 2048, "OS panic: %s", str); 876 877 do { 878 status = rtas_call(rtas_token("ibm,os-term"), 1, 1, NULL, 879 __pa(rtas_os_term_buf)); 880 } while (rtas_busy_delay(status)); 881 882 if (status != 0) 883 printk(KERN_EMERG "ibm,os-term call failed %d\n", status); 884 } 885 886 /** 887 * rtas_activate_firmware() - Activate a new version of firmware. 888 * 889 * Context: This function may sleep. 890 * 891 * Activate a new version of partition firmware. The OS must call this 892 * after resuming from a partition hibernation or migration in order 893 * to maintain the ability to perform live firmware updates. It's not 894 * catastrophic for this method to be absent or to fail; just log the 895 * condition in that case. 896 */ 897 void rtas_activate_firmware(void) 898 { 899 int token; 900 int fwrc; 901 902 token = rtas_token("ibm,activate-firmware"); 903 if (token == RTAS_UNKNOWN_SERVICE) { 904 pr_notice("ibm,activate-firmware method unavailable\n"); 905 return; 906 } 907 908 do { 909 fwrc = rtas_call(token, 0, 1, NULL); 910 } while (rtas_busy_delay(fwrc)); 911 912 if (fwrc) 913 pr_err("ibm,activate-firmware failed (%i)\n", fwrc); 914 } 915 916 #ifdef CONFIG_PPC_PSERIES 917 /** 918 * rtas_call_reentrant() - Used for reentrant rtas calls 919 * @token: Token for desired reentrant RTAS call 920 * @nargs: Number of Input Parameters 921 * @nret: Number of Output Parameters 922 * @outputs: Array of outputs 923 * @...: Inputs for desired RTAS call 924 * 925 * According to LoPAR documentation, only "ibm,int-on", "ibm,int-off", 926 * "ibm,get-xive" and "ibm,set-xive" are currently reentrant. 927 * Reentrant calls need their own rtas_args buffer, so not using rtas.args, but 928 * PACA one instead. 929 * 930 * Return: -1 on error, 931 * First output value of RTAS call if (nret > 0), 932 * 0 otherwise, 933 */ 934 int rtas_call_reentrant(int token, int nargs, int nret, int *outputs, ...) 935 { 936 va_list list; 937 struct rtas_args *args; 938 unsigned long flags; 939 int i, ret = 0; 940 941 if (!rtas.entry || token == RTAS_UNKNOWN_SERVICE) 942 return -1; 943 944 local_irq_save(flags); 945 preempt_disable(); 946 947 /* We use the per-cpu (PACA) rtas args buffer */ 948 args = local_paca->rtas_args_reentrant; 949 950 va_start(list, outputs); 951 va_rtas_call_unlocked(args, token, nargs, nret, list); 952 va_end(list); 953 954 if (nret > 1 && outputs) 955 for (i = 0; i < nret - 1; ++i) 956 outputs[i] = be32_to_cpu(args->rets[i + 1]); 957 958 if (nret > 0) 959 ret = be32_to_cpu(args->rets[0]); 960 961 local_irq_restore(flags); 962 preempt_enable(); 963 964 return ret; 965 } 966 967 #endif /* CONFIG_PPC_PSERIES */ 968 969 /** 970 * get_pseries_errorlog() - Find a specific pseries error log in an RTAS 971 * extended event log. 972 * @log: RTAS error/event log 973 * @section_id: two character section identifier 974 * 975 * Return: A pointer to the specified errorlog or NULL if not found. 976 */ 977 struct pseries_errorlog *get_pseries_errorlog(struct rtas_error_log *log, 978 uint16_t section_id) 979 { 980 struct rtas_ext_event_log_v6 *ext_log = 981 (struct rtas_ext_event_log_v6 *)log->buffer; 982 struct pseries_errorlog *sect; 983 unsigned char *p, *log_end; 984 uint32_t ext_log_length = rtas_error_extended_log_length(log); 985 uint8_t log_format = rtas_ext_event_log_format(ext_log); 986 uint32_t company_id = rtas_ext_event_company_id(ext_log); 987 988 /* Check that we understand the format */ 989 if (ext_log_length < sizeof(struct rtas_ext_event_log_v6) || 990 log_format != RTAS_V6EXT_LOG_FORMAT_EVENT_LOG || 991 company_id != RTAS_V6EXT_COMPANY_ID_IBM) 992 return NULL; 993 994 log_end = log->buffer + ext_log_length; 995 p = ext_log->vendor_log; 996 997 while (p < log_end) { 998 sect = (struct pseries_errorlog *)p; 999 if (pseries_errorlog_id(sect) == section_id) 1000 return sect; 1001 p += pseries_errorlog_length(sect); 1002 } 1003 1004 return NULL; 1005 } 1006 1007 #ifdef CONFIG_PPC_RTAS_FILTER 1008 1009 /* 1010 * The sys_rtas syscall, as originally designed, allows root to pass 1011 * arbitrary physical addresses to RTAS calls. A number of RTAS calls 1012 * can be abused to write to arbitrary memory and do other things that 1013 * are potentially harmful to system integrity, and thus should only 1014 * be used inside the kernel and not exposed to userspace. 1015 * 1016 * All known legitimate users of the sys_rtas syscall will only ever 1017 * pass addresses that fall within the RMO buffer, and use a known 1018 * subset of RTAS calls. 1019 * 1020 * Accordingly, we filter RTAS requests to check that the call is 1021 * permitted, and that provided pointers fall within the RMO buffer. 1022 * The rtas_filters list contains an entry for each permitted call, 1023 * with the indexes of the parameters which are expected to contain 1024 * addresses and sizes of buffers allocated inside the RMO buffer. 1025 */ 1026 struct rtas_filter { 1027 const char *name; 1028 int token; 1029 /* Indexes into the args buffer, -1 if not used */ 1030 int buf_idx1; 1031 int size_idx1; 1032 int buf_idx2; 1033 int size_idx2; 1034 1035 int fixed_size; 1036 }; 1037 1038 static struct rtas_filter rtas_filters[] __ro_after_init = { 1039 { "ibm,activate-firmware", -1, -1, -1, -1, -1 }, 1040 { "ibm,configure-connector", -1, 0, -1, 1, -1, 4096 }, /* Special cased */ 1041 { "display-character", -1, -1, -1, -1, -1 }, 1042 { "ibm,display-message", -1, 0, -1, -1, -1 }, 1043 { "ibm,errinjct", -1, 2, -1, -1, -1, 1024 }, 1044 { "ibm,close-errinjct", -1, -1, -1, -1, -1 }, 1045 { "ibm,open-errinjct", -1, -1, -1, -1, -1 }, 1046 { "ibm,get-config-addr-info2", -1, -1, -1, -1, -1 }, 1047 { "ibm,get-dynamic-sensor-state", -1, 1, -1, -1, -1 }, 1048 { "ibm,get-indices", -1, 2, 3, -1, -1 }, 1049 { "get-power-level", -1, -1, -1, -1, -1 }, 1050 { "get-sensor-state", -1, -1, -1, -1, -1 }, 1051 { "ibm,get-system-parameter", -1, 1, 2, -1, -1 }, 1052 { "get-time-of-day", -1, -1, -1, -1, -1 }, 1053 { "ibm,get-vpd", -1, 0, -1, 1, 2 }, 1054 { "ibm,lpar-perftools", -1, 2, 3, -1, -1 }, 1055 { "ibm,platform-dump", -1, 4, 5, -1, -1 }, 1056 { "ibm,read-slot-reset-state", -1, -1, -1, -1, -1 }, 1057 { "ibm,scan-log-dump", -1, 0, 1, -1, -1 }, 1058 { "ibm,set-dynamic-indicator", -1, 2, -1, -1, -1 }, 1059 { "ibm,set-eeh-option", -1, -1, -1, -1, -1 }, 1060 { "set-indicator", -1, -1, -1, -1, -1 }, 1061 { "set-power-level", -1, -1, -1, -1, -1 }, 1062 { "set-time-for-power-on", -1, -1, -1, -1, -1 }, 1063 { "ibm,set-system-parameter", -1, 1, -1, -1, -1 }, 1064 { "set-time-of-day", -1, -1, -1, -1, -1 }, 1065 #ifdef CONFIG_CPU_BIG_ENDIAN 1066 { "ibm,suspend-me", -1, -1, -1, -1, -1 }, 1067 { "ibm,update-nodes", -1, 0, -1, -1, -1, 4096 }, 1068 { "ibm,update-properties", -1, 0, -1, -1, -1, 4096 }, 1069 #endif 1070 { "ibm,physical-attestation", -1, 0, 1, -1, -1 }, 1071 }; 1072 1073 static bool in_rmo_buf(u32 base, u32 end) 1074 { 1075 return base >= rtas_rmo_buf && 1076 base < (rtas_rmo_buf + RTAS_USER_REGION_SIZE) && 1077 base <= end && 1078 end >= rtas_rmo_buf && 1079 end < (rtas_rmo_buf + RTAS_USER_REGION_SIZE); 1080 } 1081 1082 static bool block_rtas_call(int token, int nargs, 1083 struct rtas_args *args) 1084 { 1085 int i; 1086 1087 for (i = 0; i < ARRAY_SIZE(rtas_filters); i++) { 1088 struct rtas_filter *f = &rtas_filters[i]; 1089 u32 base, size, end; 1090 1091 if (token != f->token) 1092 continue; 1093 1094 if (f->buf_idx1 != -1) { 1095 base = be32_to_cpu(args->args[f->buf_idx1]); 1096 if (f->size_idx1 != -1) 1097 size = be32_to_cpu(args->args[f->size_idx1]); 1098 else if (f->fixed_size) 1099 size = f->fixed_size; 1100 else 1101 size = 1; 1102 1103 end = base + size - 1; 1104 if (!in_rmo_buf(base, end)) 1105 goto err; 1106 } 1107 1108 if (f->buf_idx2 != -1) { 1109 base = be32_to_cpu(args->args[f->buf_idx2]); 1110 if (f->size_idx2 != -1) 1111 size = be32_to_cpu(args->args[f->size_idx2]); 1112 else if (f->fixed_size) 1113 size = f->fixed_size; 1114 else 1115 size = 1; 1116 end = base + size - 1; 1117 1118 /* 1119 * Special case for ibm,configure-connector where the 1120 * address can be 0 1121 */ 1122 if (!strcmp(f->name, "ibm,configure-connector") && 1123 base == 0) 1124 return false; 1125 1126 if (!in_rmo_buf(base, end)) 1127 goto err; 1128 } 1129 1130 return false; 1131 } 1132 1133 err: 1134 pr_err_ratelimited("sys_rtas: RTAS call blocked - exploit attempt?\n"); 1135 pr_err_ratelimited("sys_rtas: token=0x%x, nargs=%d (called by %s)\n", 1136 token, nargs, current->comm); 1137 return true; 1138 } 1139 1140 static void __init rtas_syscall_filter_init(void) 1141 { 1142 unsigned int i; 1143 1144 for (i = 0; i < ARRAY_SIZE(rtas_filters); i++) 1145 rtas_filters[i].token = rtas_token(rtas_filters[i].name); 1146 } 1147 1148 #else 1149 1150 static bool block_rtas_call(int token, int nargs, 1151 struct rtas_args *args) 1152 { 1153 return false; 1154 } 1155 1156 static void __init rtas_syscall_filter_init(void) 1157 { 1158 } 1159 1160 #endif /* CONFIG_PPC_RTAS_FILTER */ 1161 1162 /* We assume to be passed big endian arguments */ 1163 SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs) 1164 { 1165 struct rtas_args args; 1166 unsigned long flags; 1167 char *buff_copy, *errbuf = NULL; 1168 int nargs, nret, token; 1169 1170 if (!capable(CAP_SYS_ADMIN)) 1171 return -EPERM; 1172 1173 if (!rtas.entry) 1174 return -EINVAL; 1175 1176 if (copy_from_user(&args, uargs, 3 * sizeof(u32)) != 0) 1177 return -EFAULT; 1178 1179 nargs = be32_to_cpu(args.nargs); 1180 nret = be32_to_cpu(args.nret); 1181 token = be32_to_cpu(args.token); 1182 1183 if (nargs >= ARRAY_SIZE(args.args) 1184 || nret > ARRAY_SIZE(args.args) 1185 || nargs + nret > ARRAY_SIZE(args.args)) 1186 return -EINVAL; 1187 1188 /* Copy in args. */ 1189 if (copy_from_user(args.args, uargs->args, 1190 nargs * sizeof(rtas_arg_t)) != 0) 1191 return -EFAULT; 1192 1193 if (token == RTAS_UNKNOWN_SERVICE) 1194 return -EINVAL; 1195 1196 args.rets = &args.args[nargs]; 1197 memset(args.rets, 0, nret * sizeof(rtas_arg_t)); 1198 1199 if (block_rtas_call(token, nargs, &args)) 1200 return -EINVAL; 1201 1202 /* Need to handle ibm,suspend_me call specially */ 1203 if (token == rtas_token("ibm,suspend-me")) { 1204 1205 /* 1206 * rtas_ibm_suspend_me assumes the streamid handle is in cpu 1207 * endian, or at least the hcall within it requires it. 1208 */ 1209 int rc = 0; 1210 u64 handle = ((u64)be32_to_cpu(args.args[0]) << 32) 1211 | be32_to_cpu(args.args[1]); 1212 rc = rtas_syscall_dispatch_ibm_suspend_me(handle); 1213 if (rc == -EAGAIN) 1214 args.rets[0] = cpu_to_be32(RTAS_NOT_SUSPENDABLE); 1215 else if (rc == -EIO) 1216 args.rets[0] = cpu_to_be32(-1); 1217 else if (rc) 1218 return rc; 1219 goto copy_return; 1220 } 1221 1222 buff_copy = get_errorlog_buffer(); 1223 1224 flags = lock_rtas(); 1225 1226 rtas.args = args; 1227 do_enter_rtas(__pa(&rtas.args)); 1228 args = rtas.args; 1229 1230 /* A -1 return code indicates that the last command couldn't 1231 be completed due to a hardware error. */ 1232 if (be32_to_cpu(args.rets[0]) == -1) 1233 errbuf = __fetch_rtas_last_error(buff_copy); 1234 1235 unlock_rtas(flags); 1236 1237 if (buff_copy) { 1238 if (errbuf) 1239 log_error(errbuf, ERR_TYPE_RTAS_LOG, 0); 1240 kfree(buff_copy); 1241 } 1242 1243 copy_return: 1244 /* Copy out args. */ 1245 if (copy_to_user(uargs->args + nargs, 1246 args.args + nargs, 1247 nret * sizeof(rtas_arg_t)) != 0) 1248 return -EFAULT; 1249 1250 return 0; 1251 } 1252 1253 /* 1254 * Call early during boot, before mem init, to retrieve the RTAS 1255 * information from the device-tree and allocate the RMO buffer for userland 1256 * accesses. 1257 */ 1258 void __init rtas_initialize(void) 1259 { 1260 unsigned long rtas_region = RTAS_INSTANTIATE_MAX; 1261 u32 base, size, entry; 1262 int no_base, no_size, no_entry; 1263 1264 /* Get RTAS dev node and fill up our "rtas" structure with infos 1265 * about it. 1266 */ 1267 rtas.dev = of_find_node_by_name(NULL, "rtas"); 1268 if (!rtas.dev) 1269 return; 1270 1271 no_base = of_property_read_u32(rtas.dev, "linux,rtas-base", &base); 1272 no_size = of_property_read_u32(rtas.dev, "rtas-size", &size); 1273 if (no_base || no_size) { 1274 of_node_put(rtas.dev); 1275 rtas.dev = NULL; 1276 return; 1277 } 1278 1279 rtas.base = base; 1280 rtas.size = size; 1281 no_entry = of_property_read_u32(rtas.dev, "linux,rtas-entry", &entry); 1282 rtas.entry = no_entry ? rtas.base : entry; 1283 1284 /* If RTAS was found, allocate the RMO buffer for it and look for 1285 * the stop-self token if any 1286 */ 1287 #ifdef CONFIG_PPC64 1288 if (firmware_has_feature(FW_FEATURE_LPAR)) 1289 rtas_region = min(ppc64_rma_size, RTAS_INSTANTIATE_MAX); 1290 #endif 1291 rtas_rmo_buf = memblock_phys_alloc_range(RTAS_USER_REGION_SIZE, PAGE_SIZE, 1292 0, rtas_region); 1293 if (!rtas_rmo_buf) 1294 panic("ERROR: RTAS: Failed to allocate %lx bytes below %pa\n", 1295 PAGE_SIZE, &rtas_region); 1296 1297 #ifdef CONFIG_RTAS_ERROR_LOGGING 1298 rtas_last_error_token = rtas_token("rtas-last-error"); 1299 #endif 1300 1301 rtas_syscall_filter_init(); 1302 } 1303 1304 int __init early_init_dt_scan_rtas(unsigned long node, 1305 const char *uname, int depth, void *data) 1306 { 1307 const u32 *basep, *entryp, *sizep; 1308 1309 if (depth != 1 || strcmp(uname, "rtas") != 0) 1310 return 0; 1311 1312 basep = of_get_flat_dt_prop(node, "linux,rtas-base", NULL); 1313 entryp = of_get_flat_dt_prop(node, "linux,rtas-entry", NULL); 1314 sizep = of_get_flat_dt_prop(node, "rtas-size", NULL); 1315 1316 if (basep && entryp && sizep) { 1317 rtas.base = *basep; 1318 rtas.entry = *entryp; 1319 rtas.size = *sizep; 1320 } 1321 1322 #ifdef CONFIG_UDBG_RTAS_CONSOLE 1323 basep = of_get_flat_dt_prop(node, "put-term-char", NULL); 1324 if (basep) 1325 rtas_putchar_token = *basep; 1326 1327 basep = of_get_flat_dt_prop(node, "get-term-char", NULL); 1328 if (basep) 1329 rtas_getchar_token = *basep; 1330 1331 if (rtas_putchar_token != RTAS_UNKNOWN_SERVICE && 1332 rtas_getchar_token != RTAS_UNKNOWN_SERVICE) 1333 udbg_init_rtas_console(); 1334 1335 #endif 1336 1337 /* break now */ 1338 return 1; 1339 } 1340 1341 static arch_spinlock_t timebase_lock; 1342 static u64 timebase = 0; 1343 1344 void rtas_give_timebase(void) 1345 { 1346 unsigned long flags; 1347 1348 local_irq_save(flags); 1349 hard_irq_disable(); 1350 arch_spin_lock(&timebase_lock); 1351 rtas_call(rtas_token("freeze-time-base"), 0, 1, NULL); 1352 timebase = get_tb(); 1353 arch_spin_unlock(&timebase_lock); 1354 1355 while (timebase) 1356 barrier(); 1357 rtas_call(rtas_token("thaw-time-base"), 0, 1, NULL); 1358 local_irq_restore(flags); 1359 } 1360 1361 void rtas_take_timebase(void) 1362 { 1363 while (!timebase) 1364 barrier(); 1365 arch_spin_lock(&timebase_lock); 1366 set_tb(timebase >> 32, timebase & 0xffffffff); 1367 timebase = 0; 1368 arch_spin_unlock(&timebase_lock); 1369 } 1370