1 /*
2  * PowerNV OPAL Firmware Update Interface
3  *
4  * Copyright 2013 IBM Corp.
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #define DEBUG
13 
14 #include <linux/kernel.h>
15 #include <linux/reboot.h>
16 #include <linux/init.h>
17 #include <linux/kobject.h>
18 #include <linux/sysfs.h>
19 #include <linux/slab.h>
20 #include <linux/mm.h>
21 #include <linux/vmalloc.h>
22 #include <linux/pagemap.h>
23 
24 #include <asm/opal.h>
25 
26 /* FLASH status codes */
27 #define FLASH_NO_OP		-1099	/* No operation initiated by user */
28 #define FLASH_NO_AUTH		-9002	/* Not a service authority partition */
29 
30 /* Validate image status values */
31 #define VALIDATE_IMG_READY	-1001	/* Image ready for validation */
32 #define VALIDATE_IMG_INCOMPLETE	-1002	/* User copied < VALIDATE_BUF_SIZE */
33 
34 /* Manage image status values */
35 #define MANAGE_ACTIVE_ERR	-9001	/* Cannot overwrite active img */
36 
37 /* Flash image status values */
38 #define FLASH_IMG_READY		0	/* Img ready for flash on reboot */
39 #define FLASH_INVALID_IMG	-1003	/* Flash image shorter than expected */
40 #define FLASH_IMG_NULL_DATA	-1004	/* Bad data in sg list entry */
41 #define FLASH_IMG_BAD_LEN	-1005	/* Bad length in sg list entry */
42 
43 /* Manage operation tokens */
44 #define FLASH_REJECT_TMP_SIDE	0	/* Reject temporary fw image */
45 #define FLASH_COMMIT_TMP_SIDE	1	/* Commit temporary fw image */
46 
47 /* Update tokens */
48 #define FLASH_UPDATE_CANCEL	0	/* Cancel update request */
49 #define FLASH_UPDATE_INIT	1	/* Initiate update */
50 
51 /* Validate image update result tokens */
52 #define VALIDATE_TMP_UPDATE	0     /* T side will be updated */
53 #define VALIDATE_FLASH_AUTH	1     /* Partition does not have authority */
54 #define VALIDATE_INVALID_IMG	2     /* Candidate image is not valid */
55 #define VALIDATE_CUR_UNKNOWN	3     /* Current fixpack level is unknown */
56 /*
57  * Current T side will be committed to P side before being replace with new
58  * image, and the new image is downlevel from current image
59  */
60 #define VALIDATE_TMP_COMMIT_DL	4
61 /*
62  * Current T side will be committed to P side before being replaced with new
63  * image
64  */
65 #define VALIDATE_TMP_COMMIT	5
66 /*
67  * T side will be updated with a downlevel image
68  */
69 #define VALIDATE_TMP_UPDATE_DL	6
70 /*
71  * The candidate image's release date is later than the system's firmware
72  * service entitlement date - service warranty period has expired
73  */
74 #define VALIDATE_OUT_OF_WRNTY	7
75 
76 /* Validate buffer size */
77 #define VALIDATE_BUF_SIZE	4096
78 
79 /* XXX: Assume candidate image size is <= 256MB */
80 #define MAX_IMAGE_SIZE	0x10000000
81 
82 /* Flash sg list version */
83 #define SG_LIST_VERSION (1UL)
84 
85 /* Image status */
86 enum {
87 	IMAGE_INVALID,
88 	IMAGE_LOADING,
89 	IMAGE_READY,
90 };
91 
92 /* Candidate image data */
93 struct image_data_t {
94 	int		status;
95 	void		*data;
96 	uint32_t	size;
97 };
98 
99 /* Candidate image header */
100 struct image_header_t {
101 	uint16_t	magic;
102 	uint16_t	version;
103 	uint32_t	size;
104 };
105 
106 /* Scatter/gather entry */
107 struct opal_sg_entry {
108 	void	*data;
109 	long	length;
110 };
111 
112 /* We calculate number of entries based on PAGE_SIZE */
113 #define SG_ENTRIES_PER_NODE ((PAGE_SIZE - 16) / sizeof(struct opal_sg_entry))
114 
115 /*
116  * This struct is very similar but not identical to that
117  * needed by the opal flash update. All we need to do for
118  * opal is rewrite num_entries into a version/length and
119  * translate the pointers to absolute.
120  */
121 struct opal_sg_list {
122 	unsigned long num_entries;
123 	struct opal_sg_list *next;
124 	struct opal_sg_entry entry[SG_ENTRIES_PER_NODE];
125 };
126 
127 struct validate_flash_t {
128 	int		status;		/* Return status */
129 	void		*buf;		/* Candiate image buffer */
130 	uint32_t	buf_size;	/* Image size */
131 	uint32_t	result;		/* Update results token */
132 };
133 
134 struct manage_flash_t {
135 	int status;		/* Return status */
136 };
137 
138 struct update_flash_t {
139 	int status;		/* Return status */
140 };
141 
142 static struct image_header_t	image_header;
143 static struct image_data_t	image_data;
144 static struct validate_flash_t	validate_flash_data;
145 static struct manage_flash_t	manage_flash_data;
146 static struct update_flash_t	update_flash_data;
147 
148 static DEFINE_MUTEX(image_data_mutex);
149 
150 /*
151  * Validate candidate image
152  */
153 static inline void opal_flash_validate(void)
154 {
155 	struct validate_flash_t *args_buf = &validate_flash_data;
156 
157 	args_buf->status = opal_validate_flash(__pa(args_buf->buf),
158 					       &(args_buf->buf_size),
159 					       &(args_buf->result));
160 }
161 
162 /*
163  * Validate output format:
164  *     validate result token
165  *     current image version details
166  *     new image version details
167  */
168 static ssize_t validate_show(struct kobject *kobj,
169 			     struct kobj_attribute *attr, char *buf)
170 {
171 	struct validate_flash_t *args_buf = &validate_flash_data;
172 	int len;
173 
174 	/* Candidate image is not validated */
175 	if (args_buf->status < VALIDATE_TMP_UPDATE) {
176 		len = sprintf(buf, "%d\n", args_buf->status);
177 		goto out;
178 	}
179 
180 	/* Result token */
181 	len = sprintf(buf, "%d\n", args_buf->result);
182 
183 	/* Current and candidate image version details */
184 	if ((args_buf->result != VALIDATE_TMP_UPDATE) &&
185 	    (args_buf->result < VALIDATE_CUR_UNKNOWN))
186 		goto out;
187 
188 	if (args_buf->buf_size > (VALIDATE_BUF_SIZE - len)) {
189 		memcpy(buf + len, args_buf->buf, VALIDATE_BUF_SIZE - len);
190 		len = VALIDATE_BUF_SIZE;
191 	} else {
192 		memcpy(buf + len, args_buf->buf, args_buf->buf_size);
193 		len += args_buf->buf_size;
194 	}
195 out:
196 	/* Set status to default */
197 	args_buf->status = FLASH_NO_OP;
198 	return len;
199 }
200 
201 /*
202  * Validate candidate firmware image
203  *
204  * Note:
205  *   We are only interested in first 4K bytes of the
206  *   candidate image.
207  */
208 static ssize_t validate_store(struct kobject *kobj,
209 			      struct kobj_attribute *attr,
210 			      const char *buf, size_t count)
211 {
212 	struct validate_flash_t *args_buf = &validate_flash_data;
213 
214 	if (buf[0] != '1')
215 		return -EINVAL;
216 
217 	mutex_lock(&image_data_mutex);
218 
219 	if (image_data.status != IMAGE_READY ||
220 	    image_data.size < VALIDATE_BUF_SIZE) {
221 		args_buf->result = VALIDATE_INVALID_IMG;
222 		args_buf->status = VALIDATE_IMG_INCOMPLETE;
223 		goto out;
224 	}
225 
226 	/* Copy first 4k bytes of candidate image */
227 	memcpy(args_buf->buf, image_data.data, VALIDATE_BUF_SIZE);
228 
229 	args_buf->status = VALIDATE_IMG_READY;
230 	args_buf->buf_size = VALIDATE_BUF_SIZE;
231 
232 	/* Validate candidate image */
233 	opal_flash_validate();
234 
235 out:
236 	mutex_unlock(&image_data_mutex);
237 	return count;
238 }
239 
240 /*
241  * Manage flash routine
242  */
243 static inline void opal_flash_manage(uint8_t op)
244 {
245 	struct manage_flash_t *const args_buf = &manage_flash_data;
246 
247 	args_buf->status = opal_manage_flash(op);
248 }
249 
250 /*
251  * Show manage flash status
252  */
253 static ssize_t manage_show(struct kobject *kobj,
254 			   struct kobj_attribute *attr, char *buf)
255 {
256 	struct manage_flash_t *const args_buf = &manage_flash_data;
257 	int rc;
258 
259 	rc = sprintf(buf, "%d\n", args_buf->status);
260 	/* Set status to default*/
261 	args_buf->status = FLASH_NO_OP;
262 	return rc;
263 }
264 
265 /*
266  * Manage operations:
267  *   0 - Reject
268  *   1 - Commit
269  */
270 static ssize_t manage_store(struct kobject *kobj,
271 			    struct kobj_attribute *attr,
272 			    const char *buf, size_t count)
273 {
274 	uint8_t op;
275 	switch (buf[0]) {
276 	case '0':
277 		op = FLASH_REJECT_TMP_SIDE;
278 		break;
279 	case '1':
280 		op = FLASH_COMMIT_TMP_SIDE;
281 		break;
282 	default:
283 		return -EINVAL;
284 	}
285 
286 	/* commit/reject temporary image */
287 	opal_flash_manage(op);
288 	return count;
289 }
290 
291 /*
292  * Free sg list
293  */
294 static void free_sg_list(struct opal_sg_list *list)
295 {
296 	struct opal_sg_list *sg1;
297 	while (list) {
298 		sg1 = list->next;
299 		kfree(list);
300 		list = sg1;
301 	}
302 	list = NULL;
303 }
304 
305 /*
306  * Build candidate image scatter gather list
307  *
308  * list format:
309  *   -----------------------------------
310  *  |  VER (8) | Entry length in bytes  |
311  *   -----------------------------------
312  *  |  Pointer to next entry            |
313  *   -----------------------------------
314  *  |  Address of memory area 1         |
315  *   -----------------------------------
316  *  |  Length of memory area 1          |
317  *   -----------------------------------
318  *  |   .........                       |
319  *   -----------------------------------
320  *  |   .........                       |
321  *   -----------------------------------
322  *  |  Address of memory area N         |
323  *   -----------------------------------
324  *  |  Length of memory area N          |
325  *   -----------------------------------
326  */
327 static struct opal_sg_list *image_data_to_sglist(void)
328 {
329 	struct opal_sg_list *sg1, *list = NULL;
330 	void *addr;
331 	int size;
332 
333 	addr = image_data.data;
334 	size = image_data.size;
335 
336 	sg1 = kzalloc((sizeof(struct opal_sg_list)), GFP_KERNEL);
337 	if (!sg1)
338 		return NULL;
339 
340 	list = sg1;
341 	sg1->num_entries = 0;
342 	while (size > 0) {
343 		/* Translate virtual address to physical address */
344 		sg1->entry[sg1->num_entries].data =
345 			(void *)(vmalloc_to_pfn(addr) << PAGE_SHIFT);
346 
347 		if (size > PAGE_SIZE)
348 			sg1->entry[sg1->num_entries].length = PAGE_SIZE;
349 		else
350 			sg1->entry[sg1->num_entries].length = size;
351 
352 		sg1->num_entries++;
353 		if (sg1->num_entries >= SG_ENTRIES_PER_NODE) {
354 			sg1->next = kzalloc((sizeof(struct opal_sg_list)),
355 					    GFP_KERNEL);
356 			if (!sg1->next) {
357 				pr_err("%s : Failed to allocate memory\n",
358 				       __func__);
359 				goto nomem;
360 			}
361 
362 			sg1 = sg1->next;
363 			sg1->num_entries = 0;
364 		}
365 		addr += PAGE_SIZE;
366 		size -= PAGE_SIZE;
367 	}
368 	return list;
369 nomem:
370 	free_sg_list(list);
371 	return NULL;
372 }
373 
374 /*
375  * OPAL update flash
376  */
377 static int opal_flash_update(int op)
378 {
379 	struct opal_sg_list *sg, *list, *next;
380 	unsigned long addr;
381 	int64_t rc = OPAL_PARAMETER;
382 
383 	if (op == FLASH_UPDATE_CANCEL) {
384 		pr_alert("FLASH: Image update cancelled\n");
385 		addr = '\0';
386 		goto flash;
387 	}
388 
389 	list = image_data_to_sglist();
390 	if (!list)
391 		goto invalid_img;
392 
393 	/* First entry address */
394 	addr = __pa(list);
395 
396 	/* Translate sg list address to absolute */
397 	for (sg = list; sg; sg = next) {
398 		next = sg->next;
399 		/* Don't translate NULL pointer for last entry */
400 		if (sg->next)
401 			sg->next = (struct opal_sg_list *)__pa(sg->next);
402 		else
403 			sg->next = NULL;
404 
405 		/* Make num_entries into the version/length field */
406 		sg->num_entries = (SG_LIST_VERSION << 56) |
407 			(sg->num_entries * sizeof(struct opal_sg_entry) + 16);
408 	}
409 
410 	pr_alert("FLASH: Image is %u bytes\n", image_data.size);
411 	pr_alert("FLASH: Image update requested\n");
412 	pr_alert("FLASH: Image will be updated during system reboot\n");
413 	pr_alert("FLASH: This will take several minutes. Do not power off!\n");
414 
415 flash:
416 	rc = opal_update_flash(addr);
417 
418 invalid_img:
419 	return rc;
420 }
421 
422 /*
423  * Show candidate image status
424  */
425 static ssize_t update_show(struct kobject *kobj,
426 			   struct kobj_attribute *attr, char *buf)
427 {
428 	struct update_flash_t *const args_buf = &update_flash_data;
429 	return sprintf(buf, "%d\n", args_buf->status);
430 }
431 
432 /*
433  * Set update image flag
434  *  1 - Flash new image
435  *  0 - Cancel flash request
436  */
437 static ssize_t update_store(struct kobject *kobj,
438 			    struct kobj_attribute *attr,
439 			    const char *buf, size_t count)
440 {
441 	struct update_flash_t *const args_buf = &update_flash_data;
442 	int rc = count;
443 
444 	mutex_lock(&image_data_mutex);
445 
446 	switch (buf[0]) {
447 	case '0':
448 		if (args_buf->status == FLASH_IMG_READY)
449 			opal_flash_update(FLASH_UPDATE_CANCEL);
450 		args_buf->status = FLASH_NO_OP;
451 		break;
452 	case '1':
453 		/* Image is loaded? */
454 		if (image_data.status == IMAGE_READY)
455 			args_buf->status =
456 				opal_flash_update(FLASH_UPDATE_INIT);
457 		else
458 			args_buf->status = FLASH_INVALID_IMG;
459 		break;
460 	default:
461 		rc = -EINVAL;
462 	}
463 
464 	mutex_unlock(&image_data_mutex);
465 	return rc;
466 }
467 
468 /*
469  * Free image buffer
470  */
471 static void free_image_buf(void)
472 {
473 	void *addr;
474 	int size;
475 
476 	addr = image_data.data;
477 	size = PAGE_ALIGN(image_data.size);
478 	while (size > 0) {
479 		ClearPageReserved(vmalloc_to_page(addr));
480 		addr += PAGE_SIZE;
481 		size -= PAGE_SIZE;
482 	}
483 	vfree(image_data.data);
484 	image_data.data = NULL;
485 	image_data.status = IMAGE_INVALID;
486 }
487 
488 /*
489  * Allocate image buffer.
490  */
491 static int alloc_image_buf(char *buffer, size_t count)
492 {
493 	void *addr;
494 	int size;
495 
496 	if (count < sizeof(struct image_header_t)) {
497 		pr_warn("FLASH: Invalid candidate image\n");
498 		return -EINVAL;
499 	}
500 
501 	memcpy(&image_header, (void *)buffer, sizeof(struct image_header_t));
502 	image_data.size = be32_to_cpu(image_header.size);
503 	pr_debug("FLASH: Candiate image size = %u\n", image_data.size);
504 
505 	if (image_data.size > MAX_IMAGE_SIZE) {
506 		pr_warn("FLASH: Too large image\n");
507 		return -EINVAL;
508 	}
509 	if (image_data.size < VALIDATE_BUF_SIZE) {
510 		pr_warn("FLASH: Image is shorter than expected\n");
511 		return -EINVAL;
512 	}
513 
514 	image_data.data = vzalloc(PAGE_ALIGN(image_data.size));
515 	if (!image_data.data) {
516 		pr_err("%s : Failed to allocate memory\n", __func__);
517 		return -ENOMEM;
518 	}
519 
520 	/* Pin memory */
521 	addr = image_data.data;
522 	size = PAGE_ALIGN(image_data.size);
523 	while (size > 0) {
524 		SetPageReserved(vmalloc_to_page(addr));
525 		addr += PAGE_SIZE;
526 		size -= PAGE_SIZE;
527 	}
528 
529 	image_data.status = IMAGE_LOADING;
530 	return 0;
531 }
532 
533 /*
534  * Copy candidate image
535  *
536  * Parse candidate image header to get total image size
537  * and pre-allocate required memory.
538  */
539 static ssize_t image_data_write(struct file *filp, struct kobject *kobj,
540 				struct bin_attribute *bin_attr,
541 				char *buffer, loff_t pos, size_t count)
542 {
543 	int rc;
544 
545 	mutex_lock(&image_data_mutex);
546 
547 	/* New image ? */
548 	if (pos == 0) {
549 		/* Free memory, if already allocated */
550 		if (image_data.data)
551 			free_image_buf();
552 
553 		/* Cancel outstanding image update request */
554 		if (update_flash_data.status == FLASH_IMG_READY)
555 			opal_flash_update(FLASH_UPDATE_CANCEL);
556 
557 		/* Allocate memory */
558 		rc = alloc_image_buf(buffer, count);
559 		if (rc)
560 			goto out;
561 	}
562 
563 	if (image_data.status != IMAGE_LOADING) {
564 		rc = -ENOMEM;
565 		goto out;
566 	}
567 
568 	if ((pos + count) > image_data.size) {
569 		rc = -EINVAL;
570 		goto out;
571 	}
572 
573 	memcpy(image_data.data + pos, (void *)buffer, count);
574 	rc = count;
575 
576 	/* Set image status */
577 	if ((pos + count) == image_data.size) {
578 		pr_debug("FLASH: Candidate image loaded....\n");
579 		image_data.status = IMAGE_READY;
580 	}
581 
582 out:
583 	mutex_unlock(&image_data_mutex);
584 	return rc;
585 }
586 
587 /*
588  * sysfs interface :
589  *  OPAL uses below sysfs files for code update.
590  *  We create these files under /sys/firmware/opal.
591  *
592  *   image		: Interface to load candidate firmware image
593  *   validate_flash	: Validate firmware image
594  *   manage_flash	: Commit/Reject firmware image
595  *   update_flash	: Flash new firmware image
596  *
597  */
598 static struct bin_attribute image_data_attr = {
599 	.attr = {.name = "image", .mode = 0200},
600 	.size = MAX_IMAGE_SIZE,	/* Limit image size */
601 	.write = image_data_write,
602 };
603 
604 static struct kobj_attribute validate_attribute =
605 	__ATTR(validate_flash, 0600, validate_show, validate_store);
606 
607 static struct kobj_attribute manage_attribute =
608 	__ATTR(manage_flash, 0600, manage_show, manage_store);
609 
610 static struct kobj_attribute update_attribute =
611 	__ATTR(update_flash, 0600, update_show, update_store);
612 
613 static struct attribute *image_op_attrs[] = {
614 	&validate_attribute.attr,
615 	&manage_attribute.attr,
616 	&update_attribute.attr,
617 	NULL	/* need to NULL terminate the list of attributes */
618 };
619 
620 static struct attribute_group image_op_attr_group = {
621 	.attrs = image_op_attrs,
622 };
623 
624 void __init opal_flash_init(void)
625 {
626 	int ret;
627 
628 	/* Allocate validate image buffer */
629 	validate_flash_data.buf = kzalloc(VALIDATE_BUF_SIZE, GFP_KERNEL);
630 	if (!validate_flash_data.buf) {
631 		pr_err("%s : Failed to allocate memory\n", __func__);
632 		return;
633 	}
634 
635 	/* Make sure /sys/firmware/opal directory is created */
636 	if (!opal_kobj) {
637 		pr_warn("FLASH: opal kobject is not available\n");
638 		goto nokobj;
639 	}
640 
641 	/* Create the sysfs files */
642 	ret = sysfs_create_group(opal_kobj, &image_op_attr_group);
643 	if (ret) {
644 		pr_warn("FLASH: Failed to create sysfs files\n");
645 		goto nokobj;
646 	}
647 
648 	ret = sysfs_create_bin_file(opal_kobj, &image_data_attr);
649 	if (ret) {
650 		pr_warn("FLASH: Failed to create sysfs files\n");
651 		goto nosysfs_file;
652 	}
653 
654 	/* Set default status */
655 	validate_flash_data.status = FLASH_NO_OP;
656 	manage_flash_data.status = FLASH_NO_OP;
657 	update_flash_data.status = FLASH_NO_OP;
658 	image_data.status = IMAGE_INVALID;
659 	return;
660 
661 nosysfs_file:
662 	sysfs_remove_group(opal_kobj, &image_op_attr_group);
663 
664 nokobj:
665 	kfree(validate_flash_data.buf);
666 	return;
667 }
668