1 /* 2 * PowerNV OPAL Firmware Update Interface 3 * 4 * Copyright 2013 IBM Corp. 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define DEBUG 13 14 #include <linux/kernel.h> 15 #include <linux/reboot.h> 16 #include <linux/init.h> 17 #include <linux/kobject.h> 18 #include <linux/sysfs.h> 19 #include <linux/slab.h> 20 #include <linux/mm.h> 21 #include <linux/vmalloc.h> 22 #include <linux/pagemap.h> 23 24 #include <asm/opal.h> 25 26 /* FLASH status codes */ 27 #define FLASH_NO_OP -1099 /* No operation initiated by user */ 28 #define FLASH_NO_AUTH -9002 /* Not a service authority partition */ 29 30 /* Validate image status values */ 31 #define VALIDATE_IMG_READY -1001 /* Image ready for validation */ 32 #define VALIDATE_IMG_INCOMPLETE -1002 /* User copied < VALIDATE_BUF_SIZE */ 33 34 /* Manage image status values */ 35 #define MANAGE_ACTIVE_ERR -9001 /* Cannot overwrite active img */ 36 37 /* Flash image status values */ 38 #define FLASH_IMG_READY 0 /* Img ready for flash on reboot */ 39 #define FLASH_INVALID_IMG -1003 /* Flash image shorter than expected */ 40 #define FLASH_IMG_NULL_DATA -1004 /* Bad data in sg list entry */ 41 #define FLASH_IMG_BAD_LEN -1005 /* Bad length in sg list entry */ 42 43 /* Manage operation tokens */ 44 #define FLASH_REJECT_TMP_SIDE 0 /* Reject temporary fw image */ 45 #define FLASH_COMMIT_TMP_SIDE 1 /* Commit temporary fw image */ 46 47 /* Update tokens */ 48 #define FLASH_UPDATE_CANCEL 0 /* Cancel update request */ 49 #define FLASH_UPDATE_INIT 1 /* Initiate update */ 50 51 /* Validate image update result tokens */ 52 #define VALIDATE_TMP_UPDATE 0 /* T side will be updated */ 53 #define VALIDATE_FLASH_AUTH 1 /* Partition does not have authority */ 54 #define VALIDATE_INVALID_IMG 2 /* Candidate image is not valid */ 55 #define VALIDATE_CUR_UNKNOWN 3 /* Current fixpack level is unknown */ 56 /* 57 * Current T side will be committed to P side before being replace with new 58 * image, and the new image is downlevel from current image 59 */ 60 #define VALIDATE_TMP_COMMIT_DL 4 61 /* 62 * Current T side will be committed to P side before being replaced with new 63 * image 64 */ 65 #define VALIDATE_TMP_COMMIT 5 66 /* 67 * T side will be updated with a downlevel image 68 */ 69 #define VALIDATE_TMP_UPDATE_DL 6 70 /* 71 * The candidate image's release date is later than the system's firmware 72 * service entitlement date - service warranty period has expired 73 */ 74 #define VALIDATE_OUT_OF_WRNTY 7 75 76 /* Validate buffer size */ 77 #define VALIDATE_BUF_SIZE 4096 78 79 /* XXX: Assume candidate image size is <= 1GB */ 80 #define MAX_IMAGE_SIZE 0x40000000 81 82 /* Flash sg list version */ 83 #define SG_LIST_VERSION (1UL) 84 85 /* Image status */ 86 enum { 87 IMAGE_INVALID, 88 IMAGE_LOADING, 89 IMAGE_READY, 90 }; 91 92 /* Candidate image data */ 93 struct image_data_t { 94 int status; 95 void *data; 96 uint32_t size; 97 }; 98 99 /* Candidate image header */ 100 struct image_header_t { 101 uint16_t magic; 102 uint16_t version; 103 uint32_t size; 104 }; 105 106 struct validate_flash_t { 107 int status; /* Return status */ 108 void *buf; /* Candidate image buffer */ 109 uint32_t buf_size; /* Image size */ 110 uint32_t result; /* Update results token */ 111 }; 112 113 struct manage_flash_t { 114 int status; /* Return status */ 115 }; 116 117 struct update_flash_t { 118 int status; /* Return status */ 119 }; 120 121 static struct image_header_t image_header; 122 static struct image_data_t image_data; 123 static struct validate_flash_t validate_flash_data; 124 static struct manage_flash_t manage_flash_data; 125 static struct update_flash_t update_flash_data; 126 127 static DEFINE_MUTEX(image_data_mutex); 128 129 /* 130 * Validate candidate image 131 */ 132 static inline void opal_flash_validate(void) 133 { 134 long ret; 135 void *buf = validate_flash_data.buf; 136 __be32 size, result; 137 138 ret = opal_validate_flash(__pa(buf), &size, &result); 139 140 validate_flash_data.status = ret; 141 validate_flash_data.buf_size = be32_to_cpu(size); 142 validate_flash_data.result = be32_to_cpu(result); 143 } 144 145 /* 146 * Validate output format: 147 * validate result token 148 * current image version details 149 * new image version details 150 */ 151 static ssize_t validate_show(struct kobject *kobj, 152 struct kobj_attribute *attr, char *buf) 153 { 154 struct validate_flash_t *args_buf = &validate_flash_data; 155 int len; 156 157 /* Candidate image is not validated */ 158 if (args_buf->status < VALIDATE_TMP_UPDATE) { 159 len = sprintf(buf, "%d\n", args_buf->status); 160 goto out; 161 } 162 163 /* Result token */ 164 len = sprintf(buf, "%d\n", args_buf->result); 165 166 /* Current and candidate image version details */ 167 if ((args_buf->result != VALIDATE_TMP_UPDATE) && 168 (args_buf->result < VALIDATE_CUR_UNKNOWN)) 169 goto out; 170 171 if (args_buf->buf_size > (VALIDATE_BUF_SIZE - len)) { 172 memcpy(buf + len, args_buf->buf, VALIDATE_BUF_SIZE - len); 173 len = VALIDATE_BUF_SIZE; 174 } else { 175 memcpy(buf + len, args_buf->buf, args_buf->buf_size); 176 len += args_buf->buf_size; 177 } 178 out: 179 /* Set status to default */ 180 args_buf->status = FLASH_NO_OP; 181 return len; 182 } 183 184 /* 185 * Validate candidate firmware image 186 * 187 * Note: 188 * We are only interested in first 4K bytes of the 189 * candidate image. 190 */ 191 static ssize_t validate_store(struct kobject *kobj, 192 struct kobj_attribute *attr, 193 const char *buf, size_t count) 194 { 195 struct validate_flash_t *args_buf = &validate_flash_data; 196 197 if (buf[0] != '1') 198 return -EINVAL; 199 200 mutex_lock(&image_data_mutex); 201 202 if (image_data.status != IMAGE_READY || 203 image_data.size < VALIDATE_BUF_SIZE) { 204 args_buf->result = VALIDATE_INVALID_IMG; 205 args_buf->status = VALIDATE_IMG_INCOMPLETE; 206 goto out; 207 } 208 209 /* Copy first 4k bytes of candidate image */ 210 memcpy(args_buf->buf, image_data.data, VALIDATE_BUF_SIZE); 211 212 args_buf->status = VALIDATE_IMG_READY; 213 args_buf->buf_size = VALIDATE_BUF_SIZE; 214 215 /* Validate candidate image */ 216 opal_flash_validate(); 217 218 out: 219 mutex_unlock(&image_data_mutex); 220 return count; 221 } 222 223 /* 224 * Manage flash routine 225 */ 226 static inline void opal_flash_manage(uint8_t op) 227 { 228 struct manage_flash_t *const args_buf = &manage_flash_data; 229 230 args_buf->status = opal_manage_flash(op); 231 } 232 233 /* 234 * Show manage flash status 235 */ 236 static ssize_t manage_show(struct kobject *kobj, 237 struct kobj_attribute *attr, char *buf) 238 { 239 struct manage_flash_t *const args_buf = &manage_flash_data; 240 int rc; 241 242 rc = sprintf(buf, "%d\n", args_buf->status); 243 /* Set status to default*/ 244 args_buf->status = FLASH_NO_OP; 245 return rc; 246 } 247 248 /* 249 * Manage operations: 250 * 0 - Reject 251 * 1 - Commit 252 */ 253 static ssize_t manage_store(struct kobject *kobj, 254 struct kobj_attribute *attr, 255 const char *buf, size_t count) 256 { 257 uint8_t op; 258 switch (buf[0]) { 259 case '0': 260 op = FLASH_REJECT_TMP_SIDE; 261 break; 262 case '1': 263 op = FLASH_COMMIT_TMP_SIDE; 264 break; 265 default: 266 return -EINVAL; 267 } 268 269 /* commit/reject temporary image */ 270 opal_flash_manage(op); 271 return count; 272 } 273 274 /* 275 * Free sg list 276 */ 277 static void free_sg_list(struct opal_sg_list *list) 278 { 279 struct opal_sg_list *sg1; 280 while (list) { 281 sg1 = list->next; 282 kfree(list); 283 list = sg1; 284 } 285 list = NULL; 286 } 287 288 /* 289 * Build candidate image scatter gather list 290 * 291 * list format: 292 * ----------------------------------- 293 * | VER (8) | Entry length in bytes | 294 * ----------------------------------- 295 * | Pointer to next entry | 296 * ----------------------------------- 297 * | Address of memory area 1 | 298 * ----------------------------------- 299 * | Length of memory area 1 | 300 * ----------------------------------- 301 * | ......... | 302 * ----------------------------------- 303 * | ......... | 304 * ----------------------------------- 305 * | Address of memory area N | 306 * ----------------------------------- 307 * | Length of memory area N | 308 * ----------------------------------- 309 */ 310 static struct opal_sg_list *image_data_to_sglist(void) 311 { 312 struct opal_sg_list *sg1, *list = NULL; 313 void *addr; 314 int size; 315 316 addr = image_data.data; 317 size = image_data.size; 318 319 sg1 = kzalloc(PAGE_SIZE, GFP_KERNEL); 320 if (!sg1) 321 return NULL; 322 323 list = sg1; 324 sg1->num_entries = 0; 325 while (size > 0) { 326 /* Translate virtual address to physical address */ 327 sg1->entry[sg1->num_entries].data = 328 (void *)(vmalloc_to_pfn(addr) << PAGE_SHIFT); 329 330 if (size > PAGE_SIZE) 331 sg1->entry[sg1->num_entries].length = PAGE_SIZE; 332 else 333 sg1->entry[sg1->num_entries].length = size; 334 335 sg1->num_entries++; 336 if (sg1->num_entries >= SG_ENTRIES_PER_NODE) { 337 sg1->next = kzalloc(PAGE_SIZE, GFP_KERNEL); 338 if (!sg1->next) { 339 pr_err("%s : Failed to allocate memory\n", 340 __func__); 341 goto nomem; 342 } 343 344 sg1 = sg1->next; 345 sg1->num_entries = 0; 346 } 347 addr += PAGE_SIZE; 348 size -= PAGE_SIZE; 349 } 350 return list; 351 nomem: 352 free_sg_list(list); 353 return NULL; 354 } 355 356 /* 357 * OPAL update flash 358 */ 359 static int opal_flash_update(int op) 360 { 361 struct opal_sg_list *sg, *list, *next; 362 unsigned long addr; 363 int64_t rc = OPAL_PARAMETER; 364 365 if (op == FLASH_UPDATE_CANCEL) { 366 pr_alert("FLASH: Image update cancelled\n"); 367 addr = '\0'; 368 goto flash; 369 } 370 371 list = image_data_to_sglist(); 372 if (!list) 373 goto invalid_img; 374 375 /* First entry address */ 376 addr = __pa(list); 377 378 /* Translate sg list address to absolute */ 379 for (sg = list; sg; sg = next) { 380 next = sg->next; 381 /* Don't translate NULL pointer for last entry */ 382 if (sg->next) 383 sg->next = (struct opal_sg_list *)__pa(sg->next); 384 else 385 sg->next = NULL; 386 387 /* 388 * Convert num_entries to version/length format 389 * to satisfy OPAL. 390 */ 391 sg->num_entries = (SG_LIST_VERSION << 56) | 392 (sg->num_entries * sizeof(struct opal_sg_entry) + 16); 393 } 394 395 pr_alert("FLASH: Image is %u bytes\n", image_data.size); 396 pr_alert("FLASH: Image update requested\n"); 397 pr_alert("FLASH: Image will be updated during system reboot\n"); 398 pr_alert("FLASH: This will take several minutes. Do not power off!\n"); 399 400 flash: 401 rc = opal_update_flash(addr); 402 403 invalid_img: 404 return rc; 405 } 406 407 /* 408 * Show candidate image status 409 */ 410 static ssize_t update_show(struct kobject *kobj, 411 struct kobj_attribute *attr, char *buf) 412 { 413 struct update_flash_t *const args_buf = &update_flash_data; 414 return sprintf(buf, "%d\n", args_buf->status); 415 } 416 417 /* 418 * Set update image flag 419 * 1 - Flash new image 420 * 0 - Cancel flash request 421 */ 422 static ssize_t update_store(struct kobject *kobj, 423 struct kobj_attribute *attr, 424 const char *buf, size_t count) 425 { 426 struct update_flash_t *const args_buf = &update_flash_data; 427 int rc = count; 428 429 mutex_lock(&image_data_mutex); 430 431 switch (buf[0]) { 432 case '0': 433 if (args_buf->status == FLASH_IMG_READY) 434 opal_flash_update(FLASH_UPDATE_CANCEL); 435 args_buf->status = FLASH_NO_OP; 436 break; 437 case '1': 438 /* Image is loaded? */ 439 if (image_data.status == IMAGE_READY) 440 args_buf->status = 441 opal_flash_update(FLASH_UPDATE_INIT); 442 else 443 args_buf->status = FLASH_INVALID_IMG; 444 break; 445 default: 446 rc = -EINVAL; 447 } 448 449 mutex_unlock(&image_data_mutex); 450 return rc; 451 } 452 453 /* 454 * Free image buffer 455 */ 456 static void free_image_buf(void) 457 { 458 void *addr; 459 int size; 460 461 addr = image_data.data; 462 size = PAGE_ALIGN(image_data.size); 463 while (size > 0) { 464 ClearPageReserved(vmalloc_to_page(addr)); 465 addr += PAGE_SIZE; 466 size -= PAGE_SIZE; 467 } 468 vfree(image_data.data); 469 image_data.data = NULL; 470 image_data.status = IMAGE_INVALID; 471 } 472 473 /* 474 * Allocate image buffer. 475 */ 476 static int alloc_image_buf(char *buffer, size_t count) 477 { 478 void *addr; 479 int size; 480 481 if (count < sizeof(struct image_header_t)) { 482 pr_warn("FLASH: Invalid candidate image\n"); 483 return -EINVAL; 484 } 485 486 memcpy(&image_header, (void *)buffer, sizeof(struct image_header_t)); 487 image_data.size = be32_to_cpu(image_header.size); 488 pr_debug("FLASH: Candidate image size = %u\n", image_data.size); 489 490 if (image_data.size > MAX_IMAGE_SIZE) { 491 pr_warn("FLASH: Too large image\n"); 492 return -EINVAL; 493 } 494 if (image_data.size < VALIDATE_BUF_SIZE) { 495 pr_warn("FLASH: Image is shorter than expected\n"); 496 return -EINVAL; 497 } 498 499 image_data.data = vzalloc(PAGE_ALIGN(image_data.size)); 500 if (!image_data.data) { 501 pr_err("%s : Failed to allocate memory\n", __func__); 502 return -ENOMEM; 503 } 504 505 /* Pin memory */ 506 addr = image_data.data; 507 size = PAGE_ALIGN(image_data.size); 508 while (size > 0) { 509 SetPageReserved(vmalloc_to_page(addr)); 510 addr += PAGE_SIZE; 511 size -= PAGE_SIZE; 512 } 513 514 image_data.status = IMAGE_LOADING; 515 return 0; 516 } 517 518 /* 519 * Copy candidate image 520 * 521 * Parse candidate image header to get total image size 522 * and pre-allocate required memory. 523 */ 524 static ssize_t image_data_write(struct file *filp, struct kobject *kobj, 525 struct bin_attribute *bin_attr, 526 char *buffer, loff_t pos, size_t count) 527 { 528 int rc; 529 530 mutex_lock(&image_data_mutex); 531 532 /* New image ? */ 533 if (pos == 0) { 534 /* Free memory, if already allocated */ 535 if (image_data.data) 536 free_image_buf(); 537 538 /* Cancel outstanding image update request */ 539 if (update_flash_data.status == FLASH_IMG_READY) 540 opal_flash_update(FLASH_UPDATE_CANCEL); 541 542 /* Allocate memory */ 543 rc = alloc_image_buf(buffer, count); 544 if (rc) 545 goto out; 546 } 547 548 if (image_data.status != IMAGE_LOADING) { 549 rc = -ENOMEM; 550 goto out; 551 } 552 553 if ((pos + count) > image_data.size) { 554 rc = -EINVAL; 555 goto out; 556 } 557 558 memcpy(image_data.data + pos, (void *)buffer, count); 559 rc = count; 560 561 /* Set image status */ 562 if ((pos + count) == image_data.size) { 563 pr_debug("FLASH: Candidate image loaded....\n"); 564 image_data.status = IMAGE_READY; 565 } 566 567 out: 568 mutex_unlock(&image_data_mutex); 569 return rc; 570 } 571 572 /* 573 * sysfs interface : 574 * OPAL uses below sysfs files for code update. 575 * We create these files under /sys/firmware/opal. 576 * 577 * image : Interface to load candidate firmware image 578 * validate_flash : Validate firmware image 579 * manage_flash : Commit/Reject firmware image 580 * update_flash : Flash new firmware image 581 * 582 */ 583 static struct bin_attribute image_data_attr = { 584 .attr = {.name = "image", .mode = 0200}, 585 .size = MAX_IMAGE_SIZE, /* Limit image size */ 586 .write = image_data_write, 587 }; 588 589 static struct kobj_attribute validate_attribute = 590 __ATTR(validate_flash, 0600, validate_show, validate_store); 591 592 static struct kobj_attribute manage_attribute = 593 __ATTR(manage_flash, 0600, manage_show, manage_store); 594 595 static struct kobj_attribute update_attribute = 596 __ATTR(update_flash, 0600, update_show, update_store); 597 598 static struct attribute *image_op_attrs[] = { 599 &validate_attribute.attr, 600 &manage_attribute.attr, 601 &update_attribute.attr, 602 NULL /* need to NULL terminate the list of attributes */ 603 }; 604 605 static struct attribute_group image_op_attr_group = { 606 .attrs = image_op_attrs, 607 }; 608 609 void __init opal_flash_init(void) 610 { 611 int ret; 612 613 /* Allocate validate image buffer */ 614 validate_flash_data.buf = kzalloc(VALIDATE_BUF_SIZE, GFP_KERNEL); 615 if (!validate_flash_data.buf) { 616 pr_err("%s : Failed to allocate memory\n", __func__); 617 return; 618 } 619 620 /* Make sure /sys/firmware/opal directory is created */ 621 if (!opal_kobj) { 622 pr_warn("FLASH: opal kobject is not available\n"); 623 goto nokobj; 624 } 625 626 /* Create the sysfs files */ 627 ret = sysfs_create_group(opal_kobj, &image_op_attr_group); 628 if (ret) { 629 pr_warn("FLASH: Failed to create sysfs files\n"); 630 goto nokobj; 631 } 632 633 ret = sysfs_create_bin_file(opal_kobj, &image_data_attr); 634 if (ret) { 635 pr_warn("FLASH: Failed to create sysfs files\n"); 636 goto nosysfs_file; 637 } 638 639 /* Set default status */ 640 validate_flash_data.status = FLASH_NO_OP; 641 manage_flash_data.status = FLASH_NO_OP; 642 update_flash_data.status = FLASH_NO_OP; 643 image_data.status = IMAGE_INVALID; 644 return; 645 646 nosysfs_file: 647 sysfs_remove_group(opal_kobj, &image_op_attr_group); 648 649 nokobj: 650 kfree(validate_flash_data.buf); 651 return; 652 } 653