1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Procedures for interfacing to the RTAS on CHRP machines. 5 * 6 * Peter Bergner, IBM March 2001. 7 * Copyright (C) 2001 IBM. 8 */ 9 10 #include <linux/stdarg.h> 11 #include <linux/kernel.h> 12 #include <linux/types.h> 13 #include <linux/spinlock.h> 14 #include <linux/export.h> 15 #include <linux/init.h> 16 #include <linux/capability.h> 17 #include <linux/delay.h> 18 #include <linux/cpu.h> 19 #include <linux/sched.h> 20 #include <linux/smp.h> 21 #include <linux/completion.h> 22 #include <linux/cpumask.h> 23 #include <linux/memblock.h> 24 #include <linux/slab.h> 25 #include <linux/reboot.h> 26 #include <linux/syscalls.h> 27 #include <linux/of.h> 28 #include <linux/of_fdt.h> 29 30 #include <asm/interrupt.h> 31 #include <asm/rtas.h> 32 #include <asm/hvcall.h> 33 #include <asm/machdep.h> 34 #include <asm/firmware.h> 35 #include <asm/page.h> 36 #include <asm/param.h> 37 #include <asm/delay.h> 38 #include <linux/uaccess.h> 39 #include <asm/udbg.h> 40 #include <asm/syscalls.h> 41 #include <asm/smp.h> 42 #include <linux/atomic.h> 43 #include <asm/time.h> 44 #include <asm/mmu.h> 45 #include <asm/topology.h> 46 #include <asm/paca.h> 47 48 /* This is here deliberately so it's only used in this file */ 49 void enter_rtas(unsigned long); 50 51 static inline void do_enter_rtas(unsigned long args) 52 { 53 unsigned long msr; 54 55 /* 56 * Make sure MSR[RI] is currently enabled as it will be forced later 57 * in enter_rtas. 58 */ 59 msr = mfmsr(); 60 BUG_ON(!(msr & MSR_RI)); 61 62 BUG_ON(!irqs_disabled()); 63 64 hard_irq_disable(); /* Ensure MSR[EE] is disabled on PPC64 */ 65 66 enter_rtas(args); 67 68 srr_regs_clobbered(); /* rtas uses SRRs, invalidate */ 69 } 70 71 struct rtas_t rtas = { 72 .lock = __ARCH_SPIN_LOCK_UNLOCKED 73 }; 74 EXPORT_SYMBOL(rtas); 75 76 DEFINE_SPINLOCK(rtas_data_buf_lock); 77 EXPORT_SYMBOL(rtas_data_buf_lock); 78 79 char rtas_data_buf[RTAS_DATA_BUF_SIZE] __cacheline_aligned; 80 EXPORT_SYMBOL(rtas_data_buf); 81 82 unsigned long rtas_rmo_buf; 83 84 /* 85 * If non-NULL, this gets called when the kernel terminates. 86 * This is done like this so rtas_flash can be a module. 87 */ 88 void (*rtas_flash_term_hook)(int); 89 EXPORT_SYMBOL(rtas_flash_term_hook); 90 91 /* RTAS use home made raw locking instead of spin_lock_irqsave 92 * because those can be called from within really nasty contexts 93 * such as having the timebase stopped which would lockup with 94 * normal locks and spinlock debugging enabled 95 */ 96 static unsigned long lock_rtas(void) 97 { 98 unsigned long flags; 99 100 local_irq_save(flags); 101 preempt_disable(); 102 arch_spin_lock(&rtas.lock); 103 return flags; 104 } 105 106 static void unlock_rtas(unsigned long flags) 107 { 108 arch_spin_unlock(&rtas.lock); 109 local_irq_restore(flags); 110 preempt_enable(); 111 } 112 113 /* 114 * call_rtas_display_status and call_rtas_display_status_delay 115 * are designed only for very early low-level debugging, which 116 * is why the token is hard-coded to 10. 117 */ 118 static void call_rtas_display_status(unsigned char c) 119 { 120 unsigned long s; 121 122 if (!rtas.base) 123 return; 124 125 s = lock_rtas(); 126 rtas_call_unlocked(&rtas.args, 10, 1, 1, NULL, c); 127 unlock_rtas(s); 128 } 129 130 static void call_rtas_display_status_delay(char c) 131 { 132 static int pending_newline = 0; /* did last write end with unprinted newline? */ 133 static int width = 16; 134 135 if (c == '\n') { 136 while (width-- > 0) 137 call_rtas_display_status(' '); 138 width = 16; 139 mdelay(500); 140 pending_newline = 1; 141 } else { 142 if (pending_newline) { 143 call_rtas_display_status('\r'); 144 call_rtas_display_status('\n'); 145 } 146 pending_newline = 0; 147 if (width--) { 148 call_rtas_display_status(c); 149 udelay(10000); 150 } 151 } 152 } 153 154 void __init udbg_init_rtas_panel(void) 155 { 156 udbg_putc = call_rtas_display_status_delay; 157 } 158 159 #ifdef CONFIG_UDBG_RTAS_CONSOLE 160 161 /* If you think you're dying before early_init_dt_scan_rtas() does its 162 * work, you can hard code the token values for your firmware here and 163 * hardcode rtas.base/entry etc. 164 */ 165 static unsigned int rtas_putchar_token = RTAS_UNKNOWN_SERVICE; 166 static unsigned int rtas_getchar_token = RTAS_UNKNOWN_SERVICE; 167 168 static void udbg_rtascon_putc(char c) 169 { 170 int tries; 171 172 if (!rtas.base) 173 return; 174 175 /* Add CRs before LFs */ 176 if (c == '\n') 177 udbg_rtascon_putc('\r'); 178 179 /* if there is more than one character to be displayed, wait a bit */ 180 for (tries = 0; tries < 16; tries++) { 181 if (rtas_call(rtas_putchar_token, 1, 1, NULL, c) == 0) 182 break; 183 udelay(1000); 184 } 185 } 186 187 static int udbg_rtascon_getc_poll(void) 188 { 189 int c; 190 191 if (!rtas.base) 192 return -1; 193 194 if (rtas_call(rtas_getchar_token, 0, 2, &c)) 195 return -1; 196 197 return c; 198 } 199 200 static int udbg_rtascon_getc(void) 201 { 202 int c; 203 204 while ((c = udbg_rtascon_getc_poll()) == -1) 205 ; 206 207 return c; 208 } 209 210 211 void __init udbg_init_rtas_console(void) 212 { 213 udbg_putc = udbg_rtascon_putc; 214 udbg_getc = udbg_rtascon_getc; 215 udbg_getc_poll = udbg_rtascon_getc_poll; 216 } 217 #endif /* CONFIG_UDBG_RTAS_CONSOLE */ 218 219 void rtas_progress(char *s, unsigned short hex) 220 { 221 struct device_node *root; 222 int width; 223 const __be32 *p; 224 char *os; 225 static int display_character, set_indicator; 226 static int display_width, display_lines, form_feed; 227 static const int *row_width; 228 static DEFINE_SPINLOCK(progress_lock); 229 static int current_line; 230 static int pending_newline = 0; /* did last write end with unprinted newline? */ 231 232 if (!rtas.base) 233 return; 234 235 if (display_width == 0) { 236 display_width = 0x10; 237 if ((root = of_find_node_by_path("/rtas"))) { 238 if ((p = of_get_property(root, 239 "ibm,display-line-length", NULL))) 240 display_width = be32_to_cpu(*p); 241 if ((p = of_get_property(root, 242 "ibm,form-feed", NULL))) 243 form_feed = be32_to_cpu(*p); 244 if ((p = of_get_property(root, 245 "ibm,display-number-of-lines", NULL))) 246 display_lines = be32_to_cpu(*p); 247 row_width = of_get_property(root, 248 "ibm,display-truncation-length", NULL); 249 of_node_put(root); 250 } 251 display_character = rtas_token("display-character"); 252 set_indicator = rtas_token("set-indicator"); 253 } 254 255 if (display_character == RTAS_UNKNOWN_SERVICE) { 256 /* use hex display if available */ 257 if (set_indicator != RTAS_UNKNOWN_SERVICE) 258 rtas_call(set_indicator, 3, 1, NULL, 6, 0, hex); 259 return; 260 } 261 262 spin_lock(&progress_lock); 263 264 /* 265 * Last write ended with newline, but we didn't print it since 266 * it would just clear the bottom line of output. Print it now 267 * instead. 268 * 269 * If no newline is pending and form feed is supported, clear the 270 * display with a form feed; otherwise, print a CR to start output 271 * at the beginning of the line. 272 */ 273 if (pending_newline) { 274 rtas_call(display_character, 1, 1, NULL, '\r'); 275 rtas_call(display_character, 1, 1, NULL, '\n'); 276 pending_newline = 0; 277 } else { 278 current_line = 0; 279 if (form_feed) 280 rtas_call(display_character, 1, 1, NULL, 281 (char)form_feed); 282 else 283 rtas_call(display_character, 1, 1, NULL, '\r'); 284 } 285 286 if (row_width) 287 width = row_width[current_line]; 288 else 289 width = display_width; 290 os = s; 291 while (*os) { 292 if (*os == '\n' || *os == '\r') { 293 /* If newline is the last character, save it 294 * until next call to avoid bumping up the 295 * display output. 296 */ 297 if (*os == '\n' && !os[1]) { 298 pending_newline = 1; 299 current_line++; 300 if (current_line > display_lines-1) 301 current_line = display_lines-1; 302 spin_unlock(&progress_lock); 303 return; 304 } 305 306 /* RTAS wants CR-LF, not just LF */ 307 308 if (*os == '\n') { 309 rtas_call(display_character, 1, 1, NULL, '\r'); 310 rtas_call(display_character, 1, 1, NULL, '\n'); 311 } else { 312 /* CR might be used to re-draw a line, so we'll 313 * leave it alone and not add LF. 314 */ 315 rtas_call(display_character, 1, 1, NULL, *os); 316 } 317 318 if (row_width) 319 width = row_width[current_line]; 320 else 321 width = display_width; 322 } else { 323 width--; 324 rtas_call(display_character, 1, 1, NULL, *os); 325 } 326 327 os++; 328 329 /* if we overwrite the screen length */ 330 if (width <= 0) 331 while ((*os != 0) && (*os != '\n') && (*os != '\r')) 332 os++; 333 } 334 335 spin_unlock(&progress_lock); 336 } 337 EXPORT_SYMBOL(rtas_progress); /* needed by rtas_flash module */ 338 339 int rtas_token(const char *service) 340 { 341 const __be32 *tokp; 342 if (rtas.dev == NULL) 343 return RTAS_UNKNOWN_SERVICE; 344 tokp = of_get_property(rtas.dev, service, NULL); 345 return tokp ? be32_to_cpu(*tokp) : RTAS_UNKNOWN_SERVICE; 346 } 347 EXPORT_SYMBOL(rtas_token); 348 349 int rtas_service_present(const char *service) 350 { 351 return rtas_token(service) != RTAS_UNKNOWN_SERVICE; 352 } 353 EXPORT_SYMBOL(rtas_service_present); 354 355 #ifdef CONFIG_RTAS_ERROR_LOGGING 356 /* 357 * Return the firmware-specified size of the error log buffer 358 * for all rtas calls that require an error buffer argument. 359 * This includes 'check-exception' and 'rtas-last-error'. 360 */ 361 int rtas_get_error_log_max(void) 362 { 363 static int rtas_error_log_max; 364 if (rtas_error_log_max) 365 return rtas_error_log_max; 366 367 rtas_error_log_max = rtas_token ("rtas-error-log-max"); 368 if ((rtas_error_log_max == RTAS_UNKNOWN_SERVICE) || 369 (rtas_error_log_max > RTAS_ERROR_LOG_MAX)) { 370 printk (KERN_WARNING "RTAS: bad log buffer size %d\n", 371 rtas_error_log_max); 372 rtas_error_log_max = RTAS_ERROR_LOG_MAX; 373 } 374 return rtas_error_log_max; 375 } 376 EXPORT_SYMBOL(rtas_get_error_log_max); 377 378 379 static char rtas_err_buf[RTAS_ERROR_LOG_MAX]; 380 static int rtas_last_error_token; 381 382 /** Return a copy of the detailed error text associated with the 383 * most recent failed call to rtas. Because the error text 384 * might go stale if there are any other intervening rtas calls, 385 * this routine must be called atomically with whatever produced 386 * the error (i.e. with rtas.lock still held from the previous call). 387 */ 388 static char *__fetch_rtas_last_error(char *altbuf) 389 { 390 struct rtas_args err_args, save_args; 391 u32 bufsz; 392 char *buf = NULL; 393 394 if (rtas_last_error_token == -1) 395 return NULL; 396 397 bufsz = rtas_get_error_log_max(); 398 399 err_args.token = cpu_to_be32(rtas_last_error_token); 400 err_args.nargs = cpu_to_be32(2); 401 err_args.nret = cpu_to_be32(1); 402 err_args.args[0] = cpu_to_be32(__pa(rtas_err_buf)); 403 err_args.args[1] = cpu_to_be32(bufsz); 404 err_args.args[2] = 0; 405 406 save_args = rtas.args; 407 rtas.args = err_args; 408 409 do_enter_rtas(__pa(&rtas.args)); 410 411 err_args = rtas.args; 412 rtas.args = save_args; 413 414 /* Log the error in the unlikely case that there was one. */ 415 if (unlikely(err_args.args[2] == 0)) { 416 if (altbuf) { 417 buf = altbuf; 418 } else { 419 buf = rtas_err_buf; 420 if (slab_is_available()) 421 buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC); 422 } 423 if (buf) 424 memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); 425 } 426 427 return buf; 428 } 429 430 #define get_errorlog_buffer() kmalloc(RTAS_ERROR_LOG_MAX, GFP_KERNEL) 431 432 #else /* CONFIG_RTAS_ERROR_LOGGING */ 433 #define __fetch_rtas_last_error(x) NULL 434 #define get_errorlog_buffer() NULL 435 #endif 436 437 438 static void 439 va_rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret, 440 va_list list) 441 { 442 int i; 443 444 args->token = cpu_to_be32(token); 445 args->nargs = cpu_to_be32(nargs); 446 args->nret = cpu_to_be32(nret); 447 args->rets = &(args->args[nargs]); 448 449 for (i = 0; i < nargs; ++i) 450 args->args[i] = cpu_to_be32(va_arg(list, __u32)); 451 452 for (i = 0; i < nret; ++i) 453 args->rets[i] = 0; 454 455 do_enter_rtas(__pa(args)); 456 } 457 458 void rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret, ...) 459 { 460 va_list list; 461 462 va_start(list, nret); 463 va_rtas_call_unlocked(args, token, nargs, nret, list); 464 va_end(list); 465 } 466 467 int rtas_call(int token, int nargs, int nret, int *outputs, ...) 468 { 469 va_list list; 470 int i; 471 unsigned long s; 472 struct rtas_args *rtas_args; 473 char *buff_copy = NULL; 474 int ret; 475 476 if (!rtas.entry || token == RTAS_UNKNOWN_SERVICE) 477 return -1; 478 479 if ((mfmsr() & (MSR_IR|MSR_DR)) != (MSR_IR|MSR_DR)) { 480 WARN_ON_ONCE(1); 481 return -1; 482 } 483 484 s = lock_rtas(); 485 486 /* We use the global rtas args buffer */ 487 rtas_args = &rtas.args; 488 489 va_start(list, outputs); 490 va_rtas_call_unlocked(rtas_args, token, nargs, nret, list); 491 va_end(list); 492 493 /* A -1 return code indicates that the last command couldn't 494 be completed due to a hardware error. */ 495 if (be32_to_cpu(rtas_args->rets[0]) == -1) 496 buff_copy = __fetch_rtas_last_error(NULL); 497 498 if (nret > 1 && outputs != NULL) 499 for (i = 0; i < nret-1; ++i) 500 outputs[i] = be32_to_cpu(rtas_args->rets[i+1]); 501 ret = (nret > 0)? be32_to_cpu(rtas_args->rets[0]): 0; 502 503 unlock_rtas(s); 504 505 if (buff_copy) { 506 log_error(buff_copy, ERR_TYPE_RTAS_LOG, 0); 507 if (slab_is_available()) 508 kfree(buff_copy); 509 } 510 return ret; 511 } 512 EXPORT_SYMBOL(rtas_call); 513 514 /** 515 * rtas_busy_delay_time() - From an RTAS status value, calculate the 516 * suggested delay time in milliseconds. 517 * 518 * @status: a value returned from rtas_call() or similar APIs which return 519 * the status of a RTAS function call. 520 * 521 * Context: Any context. 522 * 523 * Return: 524 * * 100000 - If @status is 9905. 525 * * 10000 - If @status is 9904. 526 * * 1000 - If @status is 9903. 527 * * 100 - If @status is 9902. 528 * * 10 - If @status is 9901. 529 * * 1 - If @status is either 9900 or -2. This is "wrong" for -2, but 530 * some callers depend on this behavior, and the worst outcome 531 * is that they will delay for longer than necessary. 532 * * 0 - If @status is not a busy or extended delay value. 533 */ 534 unsigned int rtas_busy_delay_time(int status) 535 { 536 int order; 537 unsigned int ms = 0; 538 539 if (status == RTAS_BUSY) { 540 ms = 1; 541 } else if (status >= RTAS_EXTENDED_DELAY_MIN && 542 status <= RTAS_EXTENDED_DELAY_MAX) { 543 order = status - RTAS_EXTENDED_DELAY_MIN; 544 for (ms = 1; order > 0; order--) 545 ms *= 10; 546 } 547 548 return ms; 549 } 550 EXPORT_SYMBOL(rtas_busy_delay_time); 551 552 /** 553 * rtas_busy_delay() - helper for RTAS busy and extended delay statuses 554 * 555 * @status: a value returned from rtas_call() or similar APIs which return 556 * the status of a RTAS function call. 557 * 558 * Context: Process context. May sleep or schedule. 559 * 560 * Return: 561 * * true - @status is RTAS_BUSY or an extended delay hint. The 562 * caller may assume that the CPU has been yielded if necessary, 563 * and that an appropriate delay for @status has elapsed. 564 * Generally the caller should reattempt the RTAS call which 565 * yielded @status. 566 * 567 * * false - @status is not @RTAS_BUSY nor an extended delay hint. The 568 * caller is responsible for handling @status. 569 */ 570 bool rtas_busy_delay(int status) 571 { 572 unsigned int ms; 573 bool ret; 574 575 switch (status) { 576 case RTAS_EXTENDED_DELAY_MIN...RTAS_EXTENDED_DELAY_MAX: 577 ret = true; 578 ms = rtas_busy_delay_time(status); 579 /* 580 * The extended delay hint can be as high as 100 seconds. 581 * Surely any function returning such a status is either 582 * buggy or isn't going to be significantly slowed by us 583 * polling at 1HZ. Clamp the sleep time to one second. 584 */ 585 ms = clamp(ms, 1U, 1000U); 586 /* 587 * The delay hint is an order-of-magnitude suggestion, not 588 * a minimum. It is fine, possibly even advantageous, for 589 * us to pause for less time than hinted. For small values, 590 * use usleep_range() to ensure we don't sleep much longer 591 * than actually needed. 592 * 593 * See Documentation/timers/timers-howto.rst for 594 * explanation of the threshold used here. In effect we use 595 * usleep_range() for 9900 and 9901, msleep() for 596 * 9902-9905. 597 */ 598 if (ms <= 20) 599 usleep_range(ms * 100, ms * 1000); 600 else 601 msleep(ms); 602 break; 603 case RTAS_BUSY: 604 ret = true; 605 /* 606 * We should call again immediately if there's no other 607 * work to do. 608 */ 609 cond_resched(); 610 break; 611 default: 612 ret = false; 613 /* 614 * Not a busy or extended delay status; the caller should 615 * handle @status itself. Ensure we warn on misuses in 616 * atomic context regardless. 617 */ 618 might_sleep(); 619 break; 620 } 621 622 return ret; 623 } 624 EXPORT_SYMBOL(rtas_busy_delay); 625 626 static int rtas_error_rc(int rtas_rc) 627 { 628 int rc; 629 630 switch (rtas_rc) { 631 case -1: /* Hardware Error */ 632 rc = -EIO; 633 break; 634 case -3: /* Bad indicator/domain/etc */ 635 rc = -EINVAL; 636 break; 637 case -9000: /* Isolation error */ 638 rc = -EFAULT; 639 break; 640 case -9001: /* Outstanding TCE/PTE */ 641 rc = -EEXIST; 642 break; 643 case -9002: /* No usable slot */ 644 rc = -ENODEV; 645 break; 646 default: 647 printk(KERN_ERR "%s: unexpected RTAS error %d\n", 648 __func__, rtas_rc); 649 rc = -ERANGE; 650 break; 651 } 652 return rc; 653 } 654 655 int rtas_get_power_level(int powerdomain, int *level) 656 { 657 int token = rtas_token("get-power-level"); 658 int rc; 659 660 if (token == RTAS_UNKNOWN_SERVICE) 661 return -ENOENT; 662 663 while ((rc = rtas_call(token, 1, 2, level, powerdomain)) == RTAS_BUSY) 664 udelay(1); 665 666 if (rc < 0) 667 return rtas_error_rc(rc); 668 return rc; 669 } 670 EXPORT_SYMBOL(rtas_get_power_level); 671 672 int rtas_set_power_level(int powerdomain, int level, int *setlevel) 673 { 674 int token = rtas_token("set-power-level"); 675 int rc; 676 677 if (token == RTAS_UNKNOWN_SERVICE) 678 return -ENOENT; 679 680 do { 681 rc = rtas_call(token, 2, 2, setlevel, powerdomain, level); 682 } while (rtas_busy_delay(rc)); 683 684 if (rc < 0) 685 return rtas_error_rc(rc); 686 return rc; 687 } 688 EXPORT_SYMBOL(rtas_set_power_level); 689 690 int rtas_get_sensor(int sensor, int index, int *state) 691 { 692 int token = rtas_token("get-sensor-state"); 693 int rc; 694 695 if (token == RTAS_UNKNOWN_SERVICE) 696 return -ENOENT; 697 698 do { 699 rc = rtas_call(token, 2, 2, state, sensor, index); 700 } while (rtas_busy_delay(rc)); 701 702 if (rc < 0) 703 return rtas_error_rc(rc); 704 return rc; 705 } 706 EXPORT_SYMBOL(rtas_get_sensor); 707 708 int rtas_get_sensor_fast(int sensor, int index, int *state) 709 { 710 int token = rtas_token("get-sensor-state"); 711 int rc; 712 713 if (token == RTAS_UNKNOWN_SERVICE) 714 return -ENOENT; 715 716 rc = rtas_call(token, 2, 2, state, sensor, index); 717 WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN && 718 rc <= RTAS_EXTENDED_DELAY_MAX)); 719 720 if (rc < 0) 721 return rtas_error_rc(rc); 722 return rc; 723 } 724 725 bool rtas_indicator_present(int token, int *maxindex) 726 { 727 int proplen, count, i; 728 const struct indicator_elem { 729 __be32 token; 730 __be32 maxindex; 731 } *indicators; 732 733 indicators = of_get_property(rtas.dev, "rtas-indicators", &proplen); 734 if (!indicators) 735 return false; 736 737 count = proplen / sizeof(struct indicator_elem); 738 739 for (i = 0; i < count; i++) { 740 if (__be32_to_cpu(indicators[i].token) != token) 741 continue; 742 if (maxindex) 743 *maxindex = __be32_to_cpu(indicators[i].maxindex); 744 return true; 745 } 746 747 return false; 748 } 749 EXPORT_SYMBOL(rtas_indicator_present); 750 751 int rtas_set_indicator(int indicator, int index, int new_value) 752 { 753 int token = rtas_token("set-indicator"); 754 int rc; 755 756 if (token == RTAS_UNKNOWN_SERVICE) 757 return -ENOENT; 758 759 do { 760 rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value); 761 } while (rtas_busy_delay(rc)); 762 763 if (rc < 0) 764 return rtas_error_rc(rc); 765 return rc; 766 } 767 EXPORT_SYMBOL(rtas_set_indicator); 768 769 /* 770 * Ignoring RTAS extended delay 771 */ 772 int rtas_set_indicator_fast(int indicator, int index, int new_value) 773 { 774 int rc; 775 int token = rtas_token("set-indicator"); 776 777 if (token == RTAS_UNKNOWN_SERVICE) 778 return -ENOENT; 779 780 rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value); 781 782 WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN && 783 rc <= RTAS_EXTENDED_DELAY_MAX)); 784 785 if (rc < 0) 786 return rtas_error_rc(rc); 787 788 return rc; 789 } 790 791 /** 792 * rtas_ibm_suspend_me() - Call ibm,suspend-me to suspend the LPAR. 793 * 794 * @fw_status: RTAS call status will be placed here if not NULL. 795 * 796 * rtas_ibm_suspend_me() should be called only on a CPU which has 797 * received H_CONTINUE from the H_JOIN hcall. All other active CPUs 798 * should be waiting to return from H_JOIN. 799 * 800 * rtas_ibm_suspend_me() may suspend execution of the OS 801 * indefinitely. Callers should take appropriate measures upon return, such as 802 * resetting watchdog facilities. 803 * 804 * Callers may choose to retry this call if @fw_status is 805 * %RTAS_THREADS_ACTIVE. 806 * 807 * Return: 808 * 0 - The partition has resumed from suspend, possibly after 809 * migration to a different host. 810 * -ECANCELED - The operation was aborted. 811 * -EAGAIN - There were other CPUs not in H_JOIN at the time of the call. 812 * -EBUSY - Some other condition prevented the suspend from succeeding. 813 * -EIO - Hardware/platform error. 814 */ 815 int rtas_ibm_suspend_me(int *fw_status) 816 { 817 int fwrc; 818 int ret; 819 820 fwrc = rtas_call(rtas_token("ibm,suspend-me"), 0, 1, NULL); 821 822 switch (fwrc) { 823 case 0: 824 ret = 0; 825 break; 826 case RTAS_SUSPEND_ABORTED: 827 ret = -ECANCELED; 828 break; 829 case RTAS_THREADS_ACTIVE: 830 ret = -EAGAIN; 831 break; 832 case RTAS_NOT_SUSPENDABLE: 833 case RTAS_OUTSTANDING_COPROC: 834 ret = -EBUSY; 835 break; 836 case -1: 837 default: 838 ret = -EIO; 839 break; 840 } 841 842 if (fw_status) 843 *fw_status = fwrc; 844 845 return ret; 846 } 847 848 void __noreturn rtas_restart(char *cmd) 849 { 850 if (rtas_flash_term_hook) 851 rtas_flash_term_hook(SYS_RESTART); 852 printk("RTAS system-reboot returned %d\n", 853 rtas_call(rtas_token("system-reboot"), 0, 1, NULL)); 854 for (;;); 855 } 856 857 void rtas_power_off(void) 858 { 859 if (rtas_flash_term_hook) 860 rtas_flash_term_hook(SYS_POWER_OFF); 861 /* allow power on only with power button press */ 862 printk("RTAS power-off returned %d\n", 863 rtas_call(rtas_token("power-off"), 2, 1, NULL, -1, -1)); 864 for (;;); 865 } 866 867 void __noreturn rtas_halt(void) 868 { 869 if (rtas_flash_term_hook) 870 rtas_flash_term_hook(SYS_HALT); 871 /* allow power on only with power button press */ 872 printk("RTAS power-off returned %d\n", 873 rtas_call(rtas_token("power-off"), 2, 1, NULL, -1, -1)); 874 for (;;); 875 } 876 877 /* Must be in the RMO region, so we place it here */ 878 static char rtas_os_term_buf[2048]; 879 880 void rtas_os_term(char *str) 881 { 882 int status; 883 884 /* 885 * Firmware with the ibm,extended-os-term property is guaranteed 886 * to always return from an ibm,os-term call. Earlier versions without 887 * this property may terminate the partition which we want to avoid 888 * since it interferes with panic_timeout. 889 */ 890 if (RTAS_UNKNOWN_SERVICE == rtas_token("ibm,os-term") || 891 RTAS_UNKNOWN_SERVICE == rtas_token("ibm,extended-os-term")) 892 return; 893 894 snprintf(rtas_os_term_buf, 2048, "OS panic: %s", str); 895 896 do { 897 status = rtas_call(rtas_token("ibm,os-term"), 1, 1, NULL, 898 __pa(rtas_os_term_buf)); 899 } while (rtas_busy_delay(status)); 900 901 if (status != 0) 902 printk(KERN_EMERG "ibm,os-term call failed %d\n", status); 903 } 904 905 /** 906 * rtas_activate_firmware() - Activate a new version of firmware. 907 * 908 * Context: This function may sleep. 909 * 910 * Activate a new version of partition firmware. The OS must call this 911 * after resuming from a partition hibernation or migration in order 912 * to maintain the ability to perform live firmware updates. It's not 913 * catastrophic for this method to be absent or to fail; just log the 914 * condition in that case. 915 */ 916 void rtas_activate_firmware(void) 917 { 918 int token; 919 int fwrc; 920 921 token = rtas_token("ibm,activate-firmware"); 922 if (token == RTAS_UNKNOWN_SERVICE) { 923 pr_notice("ibm,activate-firmware method unavailable\n"); 924 return; 925 } 926 927 do { 928 fwrc = rtas_call(token, 0, 1, NULL); 929 } while (rtas_busy_delay(fwrc)); 930 931 if (fwrc) 932 pr_err("ibm,activate-firmware failed (%i)\n", fwrc); 933 } 934 935 #ifdef CONFIG_PPC_PSERIES 936 /** 937 * rtas_call_reentrant() - Used for reentrant rtas calls 938 * @token: Token for desired reentrant RTAS call 939 * @nargs: Number of Input Parameters 940 * @nret: Number of Output Parameters 941 * @outputs: Array of outputs 942 * @...: Inputs for desired RTAS call 943 * 944 * According to LoPAR documentation, only "ibm,int-on", "ibm,int-off", 945 * "ibm,get-xive" and "ibm,set-xive" are currently reentrant. 946 * Reentrant calls need their own rtas_args buffer, so not using rtas.args, but 947 * PACA one instead. 948 * 949 * Return: -1 on error, 950 * First output value of RTAS call if (nret > 0), 951 * 0 otherwise, 952 */ 953 int rtas_call_reentrant(int token, int nargs, int nret, int *outputs, ...) 954 { 955 va_list list; 956 struct rtas_args *args; 957 unsigned long flags; 958 int i, ret = 0; 959 960 if (!rtas.entry || token == RTAS_UNKNOWN_SERVICE) 961 return -1; 962 963 local_irq_save(flags); 964 preempt_disable(); 965 966 /* We use the per-cpu (PACA) rtas args buffer */ 967 args = local_paca->rtas_args_reentrant; 968 969 va_start(list, outputs); 970 va_rtas_call_unlocked(args, token, nargs, nret, list); 971 va_end(list); 972 973 if (nret > 1 && outputs) 974 for (i = 0; i < nret - 1; ++i) 975 outputs[i] = be32_to_cpu(args->rets[i + 1]); 976 977 if (nret > 0) 978 ret = be32_to_cpu(args->rets[0]); 979 980 local_irq_restore(flags); 981 preempt_enable(); 982 983 return ret; 984 } 985 986 #endif /* CONFIG_PPC_PSERIES */ 987 988 /** 989 * get_pseries_errorlog() - Find a specific pseries error log in an RTAS 990 * extended event log. 991 * @log: RTAS error/event log 992 * @section_id: two character section identifier 993 * 994 * Return: A pointer to the specified errorlog or NULL if not found. 995 */ 996 struct pseries_errorlog *get_pseries_errorlog(struct rtas_error_log *log, 997 uint16_t section_id) 998 { 999 struct rtas_ext_event_log_v6 *ext_log = 1000 (struct rtas_ext_event_log_v6 *)log->buffer; 1001 struct pseries_errorlog *sect; 1002 unsigned char *p, *log_end; 1003 uint32_t ext_log_length = rtas_error_extended_log_length(log); 1004 uint8_t log_format = rtas_ext_event_log_format(ext_log); 1005 uint32_t company_id = rtas_ext_event_company_id(ext_log); 1006 1007 /* Check that we understand the format */ 1008 if (ext_log_length < sizeof(struct rtas_ext_event_log_v6) || 1009 log_format != RTAS_V6EXT_LOG_FORMAT_EVENT_LOG || 1010 company_id != RTAS_V6EXT_COMPANY_ID_IBM) 1011 return NULL; 1012 1013 log_end = log->buffer + ext_log_length; 1014 p = ext_log->vendor_log; 1015 1016 while (p < log_end) { 1017 sect = (struct pseries_errorlog *)p; 1018 if (pseries_errorlog_id(sect) == section_id) 1019 return sect; 1020 p += pseries_errorlog_length(sect); 1021 } 1022 1023 return NULL; 1024 } 1025 1026 #ifdef CONFIG_PPC_RTAS_FILTER 1027 1028 /* 1029 * The sys_rtas syscall, as originally designed, allows root to pass 1030 * arbitrary physical addresses to RTAS calls. A number of RTAS calls 1031 * can be abused to write to arbitrary memory and do other things that 1032 * are potentially harmful to system integrity, and thus should only 1033 * be used inside the kernel and not exposed to userspace. 1034 * 1035 * All known legitimate users of the sys_rtas syscall will only ever 1036 * pass addresses that fall within the RMO buffer, and use a known 1037 * subset of RTAS calls. 1038 * 1039 * Accordingly, we filter RTAS requests to check that the call is 1040 * permitted, and that provided pointers fall within the RMO buffer. 1041 * The rtas_filters list contains an entry for each permitted call, 1042 * with the indexes of the parameters which are expected to contain 1043 * addresses and sizes of buffers allocated inside the RMO buffer. 1044 */ 1045 struct rtas_filter { 1046 const char *name; 1047 int token; 1048 /* Indexes into the args buffer, -1 if not used */ 1049 int buf_idx1; 1050 int size_idx1; 1051 int buf_idx2; 1052 int size_idx2; 1053 1054 int fixed_size; 1055 }; 1056 1057 static struct rtas_filter rtas_filters[] __ro_after_init = { 1058 { "ibm,activate-firmware", -1, -1, -1, -1, -1 }, 1059 { "ibm,configure-connector", -1, 0, -1, 1, -1, 4096 }, /* Special cased */ 1060 { "display-character", -1, -1, -1, -1, -1 }, 1061 { "ibm,display-message", -1, 0, -1, -1, -1 }, 1062 { "ibm,errinjct", -1, 2, -1, -1, -1, 1024 }, 1063 { "ibm,close-errinjct", -1, -1, -1, -1, -1 }, 1064 { "ibm,open-errinjct", -1, -1, -1, -1, -1 }, 1065 { "ibm,get-config-addr-info2", -1, -1, -1, -1, -1 }, 1066 { "ibm,get-dynamic-sensor-state", -1, 1, -1, -1, -1 }, 1067 { "ibm,get-indices", -1, 2, 3, -1, -1 }, 1068 { "get-power-level", -1, -1, -1, -1, -1 }, 1069 { "get-sensor-state", -1, -1, -1, -1, -1 }, 1070 { "ibm,get-system-parameter", -1, 1, 2, -1, -1 }, 1071 { "get-time-of-day", -1, -1, -1, -1, -1 }, 1072 { "ibm,get-vpd", -1, 0, -1, 1, 2 }, 1073 { "ibm,lpar-perftools", -1, 2, 3, -1, -1 }, 1074 { "ibm,platform-dump", -1, 4, 5, -1, -1 }, 1075 { "ibm,read-slot-reset-state", -1, -1, -1, -1, -1 }, 1076 { "ibm,scan-log-dump", -1, 0, 1, -1, -1 }, 1077 { "ibm,set-dynamic-indicator", -1, 2, -1, -1, -1 }, 1078 { "ibm,set-eeh-option", -1, -1, -1, -1, -1 }, 1079 { "set-indicator", -1, -1, -1, -1, -1 }, 1080 { "set-power-level", -1, -1, -1, -1, -1 }, 1081 { "set-time-for-power-on", -1, -1, -1, -1, -1 }, 1082 { "ibm,set-system-parameter", -1, 1, -1, -1, -1 }, 1083 { "set-time-of-day", -1, -1, -1, -1, -1 }, 1084 #ifdef CONFIG_CPU_BIG_ENDIAN 1085 { "ibm,suspend-me", -1, -1, -1, -1, -1 }, 1086 { "ibm,update-nodes", -1, 0, -1, -1, -1, 4096 }, 1087 { "ibm,update-properties", -1, 0, -1, -1, -1, 4096 }, 1088 #endif 1089 { "ibm,physical-attestation", -1, 0, 1, -1, -1 }, 1090 }; 1091 1092 static bool in_rmo_buf(u32 base, u32 end) 1093 { 1094 return base >= rtas_rmo_buf && 1095 base < (rtas_rmo_buf + RTAS_USER_REGION_SIZE) && 1096 base <= end && 1097 end >= rtas_rmo_buf && 1098 end < (rtas_rmo_buf + RTAS_USER_REGION_SIZE); 1099 } 1100 1101 static bool block_rtas_call(int token, int nargs, 1102 struct rtas_args *args) 1103 { 1104 int i; 1105 1106 for (i = 0; i < ARRAY_SIZE(rtas_filters); i++) { 1107 struct rtas_filter *f = &rtas_filters[i]; 1108 u32 base, size, end; 1109 1110 if (token != f->token) 1111 continue; 1112 1113 if (f->buf_idx1 != -1) { 1114 base = be32_to_cpu(args->args[f->buf_idx1]); 1115 if (f->size_idx1 != -1) 1116 size = be32_to_cpu(args->args[f->size_idx1]); 1117 else if (f->fixed_size) 1118 size = f->fixed_size; 1119 else 1120 size = 1; 1121 1122 end = base + size - 1; 1123 if (!in_rmo_buf(base, end)) 1124 goto err; 1125 } 1126 1127 if (f->buf_idx2 != -1) { 1128 base = be32_to_cpu(args->args[f->buf_idx2]); 1129 if (f->size_idx2 != -1) 1130 size = be32_to_cpu(args->args[f->size_idx2]); 1131 else if (f->fixed_size) 1132 size = f->fixed_size; 1133 else 1134 size = 1; 1135 end = base + size - 1; 1136 1137 /* 1138 * Special case for ibm,configure-connector where the 1139 * address can be 0 1140 */ 1141 if (!strcmp(f->name, "ibm,configure-connector") && 1142 base == 0) 1143 return false; 1144 1145 if (!in_rmo_buf(base, end)) 1146 goto err; 1147 } 1148 1149 return false; 1150 } 1151 1152 err: 1153 pr_err_ratelimited("sys_rtas: RTAS call blocked - exploit attempt?\n"); 1154 pr_err_ratelimited("sys_rtas: token=0x%x, nargs=%d (called by %s)\n", 1155 token, nargs, current->comm); 1156 return true; 1157 } 1158 1159 static void __init rtas_syscall_filter_init(void) 1160 { 1161 unsigned int i; 1162 1163 for (i = 0; i < ARRAY_SIZE(rtas_filters); i++) 1164 rtas_filters[i].token = rtas_token(rtas_filters[i].name); 1165 } 1166 1167 #else 1168 1169 static bool block_rtas_call(int token, int nargs, 1170 struct rtas_args *args) 1171 { 1172 return false; 1173 } 1174 1175 static void __init rtas_syscall_filter_init(void) 1176 { 1177 } 1178 1179 #endif /* CONFIG_PPC_RTAS_FILTER */ 1180 1181 /* We assume to be passed big endian arguments */ 1182 SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs) 1183 { 1184 struct rtas_args args; 1185 unsigned long flags; 1186 char *buff_copy, *errbuf = NULL; 1187 int nargs, nret, token; 1188 1189 if (!capable(CAP_SYS_ADMIN)) 1190 return -EPERM; 1191 1192 if (!rtas.entry) 1193 return -EINVAL; 1194 1195 if (copy_from_user(&args, uargs, 3 * sizeof(u32)) != 0) 1196 return -EFAULT; 1197 1198 nargs = be32_to_cpu(args.nargs); 1199 nret = be32_to_cpu(args.nret); 1200 token = be32_to_cpu(args.token); 1201 1202 if (nargs >= ARRAY_SIZE(args.args) 1203 || nret > ARRAY_SIZE(args.args) 1204 || nargs + nret > ARRAY_SIZE(args.args)) 1205 return -EINVAL; 1206 1207 /* Copy in args. */ 1208 if (copy_from_user(args.args, uargs->args, 1209 nargs * sizeof(rtas_arg_t)) != 0) 1210 return -EFAULT; 1211 1212 if (token == RTAS_UNKNOWN_SERVICE) 1213 return -EINVAL; 1214 1215 args.rets = &args.args[nargs]; 1216 memset(args.rets, 0, nret * sizeof(rtas_arg_t)); 1217 1218 if (block_rtas_call(token, nargs, &args)) 1219 return -EINVAL; 1220 1221 /* Need to handle ibm,suspend_me call specially */ 1222 if (token == rtas_token("ibm,suspend-me")) { 1223 1224 /* 1225 * rtas_ibm_suspend_me assumes the streamid handle is in cpu 1226 * endian, or at least the hcall within it requires it. 1227 */ 1228 int rc = 0; 1229 u64 handle = ((u64)be32_to_cpu(args.args[0]) << 32) 1230 | be32_to_cpu(args.args[1]); 1231 rc = rtas_syscall_dispatch_ibm_suspend_me(handle); 1232 if (rc == -EAGAIN) 1233 args.rets[0] = cpu_to_be32(RTAS_NOT_SUSPENDABLE); 1234 else if (rc == -EIO) 1235 args.rets[0] = cpu_to_be32(-1); 1236 else if (rc) 1237 return rc; 1238 goto copy_return; 1239 } 1240 1241 buff_copy = get_errorlog_buffer(); 1242 1243 flags = lock_rtas(); 1244 1245 rtas.args = args; 1246 do_enter_rtas(__pa(&rtas.args)); 1247 args = rtas.args; 1248 1249 /* A -1 return code indicates that the last command couldn't 1250 be completed due to a hardware error. */ 1251 if (be32_to_cpu(args.rets[0]) == -1) 1252 errbuf = __fetch_rtas_last_error(buff_copy); 1253 1254 unlock_rtas(flags); 1255 1256 if (buff_copy) { 1257 if (errbuf) 1258 log_error(errbuf, ERR_TYPE_RTAS_LOG, 0); 1259 kfree(buff_copy); 1260 } 1261 1262 copy_return: 1263 /* Copy out args. */ 1264 if (copy_to_user(uargs->args + nargs, 1265 args.args + nargs, 1266 nret * sizeof(rtas_arg_t)) != 0) 1267 return -EFAULT; 1268 1269 return 0; 1270 } 1271 1272 /* 1273 * Call early during boot, before mem init, to retrieve the RTAS 1274 * information from the device-tree and allocate the RMO buffer for userland 1275 * accesses. 1276 */ 1277 void __init rtas_initialize(void) 1278 { 1279 unsigned long rtas_region = RTAS_INSTANTIATE_MAX; 1280 u32 base, size, entry; 1281 int no_base, no_size, no_entry; 1282 1283 /* Get RTAS dev node and fill up our "rtas" structure with infos 1284 * about it. 1285 */ 1286 rtas.dev = of_find_node_by_name(NULL, "rtas"); 1287 if (!rtas.dev) 1288 return; 1289 1290 no_base = of_property_read_u32(rtas.dev, "linux,rtas-base", &base); 1291 no_size = of_property_read_u32(rtas.dev, "rtas-size", &size); 1292 if (no_base || no_size) { 1293 of_node_put(rtas.dev); 1294 rtas.dev = NULL; 1295 return; 1296 } 1297 1298 rtas.base = base; 1299 rtas.size = size; 1300 no_entry = of_property_read_u32(rtas.dev, "linux,rtas-entry", &entry); 1301 rtas.entry = no_entry ? rtas.base : entry; 1302 1303 /* If RTAS was found, allocate the RMO buffer for it and look for 1304 * the stop-self token if any 1305 */ 1306 #ifdef CONFIG_PPC64 1307 if (firmware_has_feature(FW_FEATURE_LPAR)) 1308 rtas_region = min(ppc64_rma_size, RTAS_INSTANTIATE_MAX); 1309 #endif 1310 rtas_rmo_buf = memblock_phys_alloc_range(RTAS_USER_REGION_SIZE, PAGE_SIZE, 1311 0, rtas_region); 1312 if (!rtas_rmo_buf) 1313 panic("ERROR: RTAS: Failed to allocate %lx bytes below %pa\n", 1314 PAGE_SIZE, &rtas_region); 1315 1316 #ifdef CONFIG_RTAS_ERROR_LOGGING 1317 rtas_last_error_token = rtas_token("rtas-last-error"); 1318 #endif 1319 1320 rtas_syscall_filter_init(); 1321 } 1322 1323 int __init early_init_dt_scan_rtas(unsigned long node, 1324 const char *uname, int depth, void *data) 1325 { 1326 const u32 *basep, *entryp, *sizep; 1327 1328 if (depth != 1 || strcmp(uname, "rtas") != 0) 1329 return 0; 1330 1331 basep = of_get_flat_dt_prop(node, "linux,rtas-base", NULL); 1332 entryp = of_get_flat_dt_prop(node, "linux,rtas-entry", NULL); 1333 sizep = of_get_flat_dt_prop(node, "rtas-size", NULL); 1334 1335 #ifdef CONFIG_PPC64 1336 /* need this feature to decide the crashkernel offset */ 1337 if (of_get_flat_dt_prop(node, "ibm,hypertas-functions", NULL)) 1338 powerpc_firmware_features |= FW_FEATURE_LPAR; 1339 #endif 1340 1341 if (basep && entryp && sizep) { 1342 rtas.base = *basep; 1343 rtas.entry = *entryp; 1344 rtas.size = *sizep; 1345 } 1346 1347 #ifdef CONFIG_UDBG_RTAS_CONSOLE 1348 basep = of_get_flat_dt_prop(node, "put-term-char", NULL); 1349 if (basep) 1350 rtas_putchar_token = *basep; 1351 1352 basep = of_get_flat_dt_prop(node, "get-term-char", NULL); 1353 if (basep) 1354 rtas_getchar_token = *basep; 1355 1356 if (rtas_putchar_token != RTAS_UNKNOWN_SERVICE && 1357 rtas_getchar_token != RTAS_UNKNOWN_SERVICE) 1358 udbg_init_rtas_console(); 1359 1360 #endif 1361 1362 /* break now */ 1363 return 1; 1364 } 1365 1366 static arch_spinlock_t timebase_lock; 1367 static u64 timebase = 0; 1368 1369 void rtas_give_timebase(void) 1370 { 1371 unsigned long flags; 1372 1373 local_irq_save(flags); 1374 hard_irq_disable(); 1375 arch_spin_lock(&timebase_lock); 1376 rtas_call(rtas_token("freeze-time-base"), 0, 1, NULL); 1377 timebase = get_tb(); 1378 arch_spin_unlock(&timebase_lock); 1379 1380 while (timebase) 1381 barrier(); 1382 rtas_call(rtas_token("thaw-time-base"), 0, 1, NULL); 1383 local_irq_restore(flags); 1384 } 1385 1386 void rtas_take_timebase(void) 1387 { 1388 while (!timebase) 1389 barrier(); 1390 arch_spin_lock(&timebase_lock); 1391 set_tb(timebase >> 32, timebase & 0xffffffff); 1392 timebase = 0; 1393 arch_spin_unlock(&timebase_lock); 1394 } 1395