1 /* 2 * PowerNV OPAL Firmware Update Interface 3 * 4 * Copyright 2013 IBM Corp. 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define DEBUG 13 14 #include <linux/kernel.h> 15 #include <linux/reboot.h> 16 #include <linux/init.h> 17 #include <linux/kobject.h> 18 #include <linux/sysfs.h> 19 #include <linux/slab.h> 20 #include <linux/mm.h> 21 #include <linux/vmalloc.h> 22 #include <linux/pagemap.h> 23 #include <linux/delay.h> 24 25 #include <asm/opal.h> 26 27 /* FLASH status codes */ 28 #define FLASH_NO_OP -1099 /* No operation initiated by user */ 29 #define FLASH_NO_AUTH -9002 /* Not a service authority partition */ 30 31 /* Validate image status values */ 32 #define VALIDATE_IMG_READY -1001 /* Image ready for validation */ 33 #define VALIDATE_IMG_INCOMPLETE -1002 /* User copied < VALIDATE_BUF_SIZE */ 34 35 /* Manage image status values */ 36 #define MANAGE_ACTIVE_ERR -9001 /* Cannot overwrite active img */ 37 38 /* Flash image status values */ 39 #define FLASH_IMG_READY 0 /* Img ready for flash on reboot */ 40 #define FLASH_INVALID_IMG -1003 /* Flash image shorter than expected */ 41 #define FLASH_IMG_NULL_DATA -1004 /* Bad data in sg list entry */ 42 #define FLASH_IMG_BAD_LEN -1005 /* Bad length in sg list entry */ 43 44 /* Manage operation tokens */ 45 #define FLASH_REJECT_TMP_SIDE 0 /* Reject temporary fw image */ 46 #define FLASH_COMMIT_TMP_SIDE 1 /* Commit temporary fw image */ 47 48 /* Update tokens */ 49 #define FLASH_UPDATE_CANCEL 0 /* Cancel update request */ 50 #define FLASH_UPDATE_INIT 1 /* Initiate update */ 51 52 /* Validate image update result tokens */ 53 #define VALIDATE_TMP_UPDATE 0 /* T side will be updated */ 54 #define VALIDATE_FLASH_AUTH 1 /* Partition does not have authority */ 55 #define VALIDATE_INVALID_IMG 2 /* Candidate image is not valid */ 56 #define VALIDATE_CUR_UNKNOWN 3 /* Current fixpack level is unknown */ 57 /* 58 * Current T side will be committed to P side before being replace with new 59 * image, and the new image is downlevel from current image 60 */ 61 #define VALIDATE_TMP_COMMIT_DL 4 62 /* 63 * Current T side will be committed to P side before being replaced with new 64 * image 65 */ 66 #define VALIDATE_TMP_COMMIT 5 67 /* 68 * T side will be updated with a downlevel image 69 */ 70 #define VALIDATE_TMP_UPDATE_DL 6 71 /* 72 * The candidate image's release date is later than the system's firmware 73 * service entitlement date - service warranty period has expired 74 */ 75 #define VALIDATE_OUT_OF_WRNTY 7 76 77 /* Validate buffer size */ 78 #define VALIDATE_BUF_SIZE 4096 79 80 /* XXX: Assume candidate image size is <= 1GB */ 81 #define MAX_IMAGE_SIZE 0x40000000 82 83 /* Image status */ 84 enum { 85 IMAGE_INVALID, 86 IMAGE_LOADING, 87 IMAGE_READY, 88 }; 89 90 /* Candidate image data */ 91 struct image_data_t { 92 int status; 93 void *data; 94 uint32_t size; 95 }; 96 97 /* Candidate image header */ 98 struct image_header_t { 99 uint16_t magic; 100 uint16_t version; 101 uint32_t size; 102 }; 103 104 struct validate_flash_t { 105 int status; /* Return status */ 106 void *buf; /* Candidate image buffer */ 107 uint32_t buf_size; /* Image size */ 108 uint32_t result; /* Update results token */ 109 }; 110 111 struct manage_flash_t { 112 int status; /* Return status */ 113 }; 114 115 struct update_flash_t { 116 int status; /* Return status */ 117 }; 118 119 static struct image_header_t image_header; 120 static struct image_data_t image_data; 121 static struct validate_flash_t validate_flash_data; 122 static struct manage_flash_t manage_flash_data; 123 static struct update_flash_t update_flash_data; 124 125 static DEFINE_MUTEX(image_data_mutex); 126 127 /* 128 * Validate candidate image 129 */ 130 static inline void opal_flash_validate(void) 131 { 132 long ret; 133 void *buf = validate_flash_data.buf; 134 __be32 size, result; 135 136 ret = opal_validate_flash(__pa(buf), &size, &result); 137 138 validate_flash_data.status = ret; 139 validate_flash_data.buf_size = be32_to_cpu(size); 140 validate_flash_data.result = be32_to_cpu(result); 141 } 142 143 /* 144 * Validate output format: 145 * validate result token 146 * current image version details 147 * new image version details 148 */ 149 static ssize_t validate_show(struct kobject *kobj, 150 struct kobj_attribute *attr, char *buf) 151 { 152 struct validate_flash_t *args_buf = &validate_flash_data; 153 int len; 154 155 /* Candidate image is not validated */ 156 if (args_buf->status < VALIDATE_TMP_UPDATE) { 157 len = sprintf(buf, "%d\n", args_buf->status); 158 goto out; 159 } 160 161 /* Result token */ 162 len = sprintf(buf, "%d\n", args_buf->result); 163 164 /* Current and candidate image version details */ 165 if ((args_buf->result != VALIDATE_TMP_UPDATE) && 166 (args_buf->result < VALIDATE_CUR_UNKNOWN)) 167 goto out; 168 169 if (args_buf->buf_size > (VALIDATE_BUF_SIZE - len)) { 170 memcpy(buf + len, args_buf->buf, VALIDATE_BUF_SIZE - len); 171 len = VALIDATE_BUF_SIZE; 172 } else { 173 memcpy(buf + len, args_buf->buf, args_buf->buf_size); 174 len += args_buf->buf_size; 175 } 176 out: 177 /* Set status to default */ 178 args_buf->status = FLASH_NO_OP; 179 return len; 180 } 181 182 /* 183 * Validate candidate firmware image 184 * 185 * Note: 186 * We are only interested in first 4K bytes of the 187 * candidate image. 188 */ 189 static ssize_t validate_store(struct kobject *kobj, 190 struct kobj_attribute *attr, 191 const char *buf, size_t count) 192 { 193 struct validate_flash_t *args_buf = &validate_flash_data; 194 195 if (buf[0] != '1') 196 return -EINVAL; 197 198 mutex_lock(&image_data_mutex); 199 200 if (image_data.status != IMAGE_READY || 201 image_data.size < VALIDATE_BUF_SIZE) { 202 args_buf->result = VALIDATE_INVALID_IMG; 203 args_buf->status = VALIDATE_IMG_INCOMPLETE; 204 goto out; 205 } 206 207 /* Copy first 4k bytes of candidate image */ 208 memcpy(args_buf->buf, image_data.data, VALIDATE_BUF_SIZE); 209 210 args_buf->status = VALIDATE_IMG_READY; 211 args_buf->buf_size = VALIDATE_BUF_SIZE; 212 213 /* Validate candidate image */ 214 opal_flash_validate(); 215 216 out: 217 mutex_unlock(&image_data_mutex); 218 return count; 219 } 220 221 /* 222 * Manage flash routine 223 */ 224 static inline void opal_flash_manage(uint8_t op) 225 { 226 struct manage_flash_t *const args_buf = &manage_flash_data; 227 228 args_buf->status = opal_manage_flash(op); 229 } 230 231 /* 232 * Show manage flash status 233 */ 234 static ssize_t manage_show(struct kobject *kobj, 235 struct kobj_attribute *attr, char *buf) 236 { 237 struct manage_flash_t *const args_buf = &manage_flash_data; 238 int rc; 239 240 rc = sprintf(buf, "%d\n", args_buf->status); 241 /* Set status to default*/ 242 args_buf->status = FLASH_NO_OP; 243 return rc; 244 } 245 246 /* 247 * Manage operations: 248 * 0 - Reject 249 * 1 - Commit 250 */ 251 static ssize_t manage_store(struct kobject *kobj, 252 struct kobj_attribute *attr, 253 const char *buf, size_t count) 254 { 255 uint8_t op; 256 switch (buf[0]) { 257 case '0': 258 op = FLASH_REJECT_TMP_SIDE; 259 break; 260 case '1': 261 op = FLASH_COMMIT_TMP_SIDE; 262 break; 263 default: 264 return -EINVAL; 265 } 266 267 /* commit/reject temporary image */ 268 opal_flash_manage(op); 269 return count; 270 } 271 272 /* 273 * OPAL update flash 274 */ 275 static int opal_flash_update(int op) 276 { 277 struct opal_sg_list *list; 278 unsigned long addr; 279 int64_t rc = OPAL_PARAMETER; 280 281 if (op == FLASH_UPDATE_CANCEL) { 282 pr_alert("FLASH: Image update cancelled\n"); 283 addr = '\0'; 284 goto flash; 285 } 286 287 list = opal_vmalloc_to_sg_list(image_data.data, image_data.size); 288 if (!list) 289 goto invalid_img; 290 291 /* First entry address */ 292 addr = __pa(list); 293 294 flash: 295 rc = opal_update_flash(addr); 296 297 invalid_img: 298 return rc; 299 } 300 301 /* Return CPUs to OPAL before starting FW update */ 302 static void flash_return_cpu(void *info) 303 { 304 int cpu = smp_processor_id(); 305 306 if (!cpu_online(cpu)) 307 return; 308 309 /* Disable IRQ */ 310 hard_irq_disable(); 311 312 /* Return the CPU to OPAL */ 313 opal_return_cpu(); 314 } 315 316 /* This gets called just before system reboots */ 317 void opal_flash_term_callback(void) 318 { 319 struct cpumask mask; 320 321 if (update_flash_data.status != FLASH_IMG_READY) 322 return; 323 324 pr_alert("FLASH: Flashing new firmware\n"); 325 pr_alert("FLASH: Image is %u bytes\n", image_data.size); 326 pr_alert("FLASH: Performing flash and reboot/shutdown\n"); 327 pr_alert("FLASH: This will take several minutes. Do not power off!\n"); 328 329 /* Small delay to help getting the above message out */ 330 msleep(500); 331 332 /* Return secondary CPUs to firmware */ 333 cpumask_copy(&mask, cpu_online_mask); 334 cpumask_clear_cpu(smp_processor_id(), &mask); 335 if (!cpumask_empty(&mask)) 336 smp_call_function_many(&mask, 337 flash_return_cpu, NULL, false); 338 /* Hard disable interrupts */ 339 hard_irq_disable(); 340 } 341 342 /* 343 * Show candidate image status 344 */ 345 static ssize_t update_show(struct kobject *kobj, 346 struct kobj_attribute *attr, char *buf) 347 { 348 struct update_flash_t *const args_buf = &update_flash_data; 349 return sprintf(buf, "%d\n", args_buf->status); 350 } 351 352 /* 353 * Set update image flag 354 * 1 - Flash new image 355 * 0 - Cancel flash request 356 */ 357 static ssize_t update_store(struct kobject *kobj, 358 struct kobj_attribute *attr, 359 const char *buf, size_t count) 360 { 361 struct update_flash_t *const args_buf = &update_flash_data; 362 int rc = count; 363 364 mutex_lock(&image_data_mutex); 365 366 switch (buf[0]) { 367 case '0': 368 if (args_buf->status == FLASH_IMG_READY) 369 opal_flash_update(FLASH_UPDATE_CANCEL); 370 args_buf->status = FLASH_NO_OP; 371 break; 372 case '1': 373 /* Image is loaded? */ 374 if (image_data.status == IMAGE_READY) 375 args_buf->status = 376 opal_flash_update(FLASH_UPDATE_INIT); 377 else 378 args_buf->status = FLASH_INVALID_IMG; 379 break; 380 default: 381 rc = -EINVAL; 382 } 383 384 mutex_unlock(&image_data_mutex); 385 return rc; 386 } 387 388 /* 389 * Free image buffer 390 */ 391 static void free_image_buf(void) 392 { 393 void *addr; 394 int size; 395 396 addr = image_data.data; 397 size = PAGE_ALIGN(image_data.size); 398 while (size > 0) { 399 ClearPageReserved(vmalloc_to_page(addr)); 400 addr += PAGE_SIZE; 401 size -= PAGE_SIZE; 402 } 403 vfree(image_data.data); 404 image_data.data = NULL; 405 image_data.status = IMAGE_INVALID; 406 } 407 408 /* 409 * Allocate image buffer. 410 */ 411 static int alloc_image_buf(char *buffer, size_t count) 412 { 413 void *addr; 414 int size; 415 416 if (count < sizeof(struct image_header_t)) { 417 pr_warn("FLASH: Invalid candidate image\n"); 418 return -EINVAL; 419 } 420 421 memcpy(&image_header, (void *)buffer, sizeof(struct image_header_t)); 422 image_data.size = be32_to_cpu(image_header.size); 423 pr_debug("FLASH: Candidate image size = %u\n", image_data.size); 424 425 if (image_data.size > MAX_IMAGE_SIZE) { 426 pr_warn("FLASH: Too large image\n"); 427 return -EINVAL; 428 } 429 if (image_data.size < VALIDATE_BUF_SIZE) { 430 pr_warn("FLASH: Image is shorter than expected\n"); 431 return -EINVAL; 432 } 433 434 image_data.data = vzalloc(PAGE_ALIGN(image_data.size)); 435 if (!image_data.data) { 436 pr_err("%s : Failed to allocate memory\n", __func__); 437 return -ENOMEM; 438 } 439 440 /* Pin memory */ 441 addr = image_data.data; 442 size = PAGE_ALIGN(image_data.size); 443 while (size > 0) { 444 SetPageReserved(vmalloc_to_page(addr)); 445 addr += PAGE_SIZE; 446 size -= PAGE_SIZE; 447 } 448 449 image_data.status = IMAGE_LOADING; 450 return 0; 451 } 452 453 /* 454 * Copy candidate image 455 * 456 * Parse candidate image header to get total image size 457 * and pre-allocate required memory. 458 */ 459 static ssize_t image_data_write(struct file *filp, struct kobject *kobj, 460 struct bin_attribute *bin_attr, 461 char *buffer, loff_t pos, size_t count) 462 { 463 int rc; 464 465 mutex_lock(&image_data_mutex); 466 467 /* New image ? */ 468 if (pos == 0) { 469 /* Free memory, if already allocated */ 470 if (image_data.data) 471 free_image_buf(); 472 473 /* Cancel outstanding image update request */ 474 if (update_flash_data.status == FLASH_IMG_READY) 475 opal_flash_update(FLASH_UPDATE_CANCEL); 476 477 /* Allocate memory */ 478 rc = alloc_image_buf(buffer, count); 479 if (rc) 480 goto out; 481 } 482 483 if (image_data.status != IMAGE_LOADING) { 484 rc = -ENOMEM; 485 goto out; 486 } 487 488 if ((pos + count) > image_data.size) { 489 rc = -EINVAL; 490 goto out; 491 } 492 493 memcpy(image_data.data + pos, (void *)buffer, count); 494 rc = count; 495 496 /* Set image status */ 497 if ((pos + count) == image_data.size) { 498 pr_debug("FLASH: Candidate image loaded....\n"); 499 image_data.status = IMAGE_READY; 500 } 501 502 out: 503 mutex_unlock(&image_data_mutex); 504 return rc; 505 } 506 507 /* 508 * sysfs interface : 509 * OPAL uses below sysfs files for code update. 510 * We create these files under /sys/firmware/opal. 511 * 512 * image : Interface to load candidate firmware image 513 * validate_flash : Validate firmware image 514 * manage_flash : Commit/Reject firmware image 515 * update_flash : Flash new firmware image 516 * 517 */ 518 static struct bin_attribute image_data_attr = { 519 .attr = {.name = "image", .mode = 0200}, 520 .size = MAX_IMAGE_SIZE, /* Limit image size */ 521 .write = image_data_write, 522 }; 523 524 static struct kobj_attribute validate_attribute = 525 __ATTR(validate_flash, 0600, validate_show, validate_store); 526 527 static struct kobj_attribute manage_attribute = 528 __ATTR(manage_flash, 0600, manage_show, manage_store); 529 530 static struct kobj_attribute update_attribute = 531 __ATTR(update_flash, 0600, update_show, update_store); 532 533 static struct attribute *image_op_attrs[] = { 534 &validate_attribute.attr, 535 &manage_attribute.attr, 536 &update_attribute.attr, 537 NULL /* need to NULL terminate the list of attributes */ 538 }; 539 540 static struct attribute_group image_op_attr_group = { 541 .attrs = image_op_attrs, 542 }; 543 544 void __init opal_flash_init(void) 545 { 546 int ret; 547 548 /* Allocate validate image buffer */ 549 validate_flash_data.buf = kzalloc(VALIDATE_BUF_SIZE, GFP_KERNEL); 550 if (!validate_flash_data.buf) { 551 pr_err("%s : Failed to allocate memory\n", __func__); 552 return; 553 } 554 555 /* Make sure /sys/firmware/opal directory is created */ 556 if (!opal_kobj) { 557 pr_warn("FLASH: opal kobject is not available\n"); 558 goto nokobj; 559 } 560 561 /* Create the sysfs files */ 562 ret = sysfs_create_group(opal_kobj, &image_op_attr_group); 563 if (ret) { 564 pr_warn("FLASH: Failed to create sysfs files\n"); 565 goto nokobj; 566 } 567 568 ret = sysfs_create_bin_file(opal_kobj, &image_data_attr); 569 if (ret) { 570 pr_warn("FLASH: Failed to create sysfs files\n"); 571 goto nosysfs_file; 572 } 573 574 /* Set default status */ 575 validate_flash_data.status = FLASH_NO_OP; 576 manage_flash_data.status = FLASH_NO_OP; 577 update_flash_data.status = FLASH_NO_OP; 578 image_data.status = IMAGE_INVALID; 579 return; 580 581 nosysfs_file: 582 sysfs_remove_group(opal_kobj, &image_op_attr_group); 583 584 nokobj: 585 kfree(validate_flash_data.buf); 586 return; 587 } 588