xref: /openbmc/qemu/hw/nvram/fw_cfg.c (revision 1a7c00bb)
1  /*
2   * QEMU Firmware configuration device emulation
3   *
4   * Copyright (c) 2008 Gleb Natapov
5   *
6   * Permission is hereby granted, free of charge, to any person obtaining a copy
7   * of this software and associated documentation files (the "Software"), to deal
8   * in the Software without restriction, including without limitation the rights
9   * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in
14   * all copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19   * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22   * THE SOFTWARE.
23   */
24  
25  #include "qemu/osdep.h"
26  #include "hw/hw.h"
27  #include "sysemu/sysemu.h"
28  #include "sysemu/dma.h"
29  #include "hw/boards.h"
30  #include "hw/nvram/fw_cfg.h"
31  #include "hw/sysbus.h"
32  #include "trace.h"
33  #include "qemu/error-report.h"
34  #include "qemu/option.h"
35  #include "qemu/config-file.h"
36  #include "qemu/cutils.h"
37  #include "qapi/error.h"
38  
39  #define FW_CFG_FILE_SLOTS_DFLT 0x20
40  
41  /* FW_CFG_VERSION bits */
42  #define FW_CFG_VERSION      0x01
43  #define FW_CFG_VERSION_DMA  0x02
44  
45  /* FW_CFG_DMA_CONTROL bits */
46  #define FW_CFG_DMA_CTL_ERROR   0x01
47  #define FW_CFG_DMA_CTL_READ    0x02
48  #define FW_CFG_DMA_CTL_SKIP    0x04
49  #define FW_CFG_DMA_CTL_SELECT  0x08
50  #define FW_CFG_DMA_CTL_WRITE   0x10
51  
52  #define FW_CFG_DMA_SIGNATURE 0x51454d5520434647ULL /* "QEMU CFG" */
53  
54  struct FWCfgEntry {
55      uint32_t len;
56      bool allow_write;
57      uint8_t *data;
58      void *callback_opaque;
59      FWCfgCallback select_cb;
60      FWCfgWriteCallback write_cb;
61  };
62  
63  #define JPG_FILE 0
64  #define BMP_FILE 1
65  
66  static char *read_splashfile(char *filename, gsize *file_sizep,
67                               int *file_typep)
68  {
69      GError *err = NULL;
70      gchar *content;
71      int file_type;
72      unsigned int filehead;
73      int bmp_bpp;
74  
75      if (!g_file_get_contents(filename, &content, file_sizep, &err)) {
76          error_report("failed to read splash file '%s': %s",
77                       filename, err->message);
78          g_error_free(err);
79          return NULL;
80      }
81  
82      /* check file size */
83      if (*file_sizep < 30) {
84          goto error;
85      }
86  
87      /* check magic ID */
88      filehead = lduw_le_p(content);
89      if (filehead == 0xd8ff) {
90          file_type = JPG_FILE;
91      } else if (filehead == 0x4d42) {
92          file_type = BMP_FILE;
93      } else {
94          goto error;
95      }
96  
97      /* check BMP bpp */
98      if (file_type == BMP_FILE) {
99          bmp_bpp = lduw_le_p(&content[28]);
100          if (bmp_bpp != 24) {
101              goto error;
102          }
103      }
104  
105      /* return values */
106      *file_typep = file_type;
107  
108      return content;
109  
110  error:
111      error_report("splash file '%s' format not recognized; must be JPEG "
112                   "or 24 bit BMP", filename);
113      g_free(content);
114      return NULL;
115  }
116  
117  static void fw_cfg_bootsplash(FWCfgState *s)
118  {
119      const char *boot_splash_filename = NULL;
120      const char *boot_splash_time = NULL;
121      char *filename, *file_data;
122      gsize file_size;
123      int file_type;
124  
125      /* get user configuration */
126      QemuOptsList *plist = qemu_find_opts("boot-opts");
127      QemuOpts *opts = QTAILQ_FIRST(&plist->head);
128      boot_splash_filename = qemu_opt_get(opts, "splash");
129      boot_splash_time = qemu_opt_get(opts, "splash-time");
130  
131      /* insert splash time if user configurated */
132      if (boot_splash_time) {
133          int64_t bst_val = qemu_opt_get_number(opts, "splash-time", -1);
134          uint16_t bst_le16;
135  
136          /* validate the input */
137          if (bst_val < 0 || bst_val > 0xffff) {
138              error_report("splash-time is invalid,"
139                           "it should be a value between 0 and 65535");
140              exit(1);
141          }
142          /* use little endian format */
143          bst_le16 = cpu_to_le16(bst_val);
144          fw_cfg_add_file(s, "etc/boot-menu-wait",
145                          g_memdup(&bst_le16, sizeof bst_le16), sizeof bst_le16);
146      }
147  
148      /* insert splash file if user configurated */
149      if (boot_splash_filename) {
150          filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, boot_splash_filename);
151          if (filename == NULL) {
152              error_report("failed to find file '%s'", boot_splash_filename);
153              return;
154          }
155  
156          /* loading file data */
157          file_data = read_splashfile(filename, &file_size, &file_type);
158          if (file_data == NULL) {
159              g_free(filename);
160              return;
161          }
162          g_free(boot_splash_filedata);
163          boot_splash_filedata = (uint8_t *)file_data;
164  
165          /* insert data */
166          if (file_type == JPG_FILE) {
167              fw_cfg_add_file(s, "bootsplash.jpg",
168                              boot_splash_filedata, file_size);
169          } else {
170              fw_cfg_add_file(s, "bootsplash.bmp",
171                              boot_splash_filedata, file_size);
172          }
173          g_free(filename);
174      }
175  }
176  
177  static void fw_cfg_reboot(FWCfgState *s)
178  {
179      const char *reboot_timeout = NULL;
180      int64_t rt_val = -1;
181  
182      /* get user configuration */
183      QemuOptsList *plist = qemu_find_opts("boot-opts");
184      QemuOpts *opts = QTAILQ_FIRST(&plist->head);
185      reboot_timeout = qemu_opt_get(opts, "reboot-timeout");
186  
187      if (reboot_timeout) {
188          rt_val = qemu_opt_get_number(opts, "reboot-timeout", -1);
189          /* validate the input */
190          if (rt_val < 0 || rt_val > 0xffff) {
191              error_report("reboot timeout is invalid,"
192                           "it should be a value between 0 and 65535");
193              exit(1);
194          }
195      }
196  
197      fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&rt_val, 4), 4);
198  }
199  
200  static void fw_cfg_write(FWCfgState *s, uint8_t value)
201  {
202      /* nothing, write support removed in QEMU v2.4+ */
203  }
204  
205  static inline uint16_t fw_cfg_file_slots(const FWCfgState *s)
206  {
207      return s->file_slots;
208  }
209  
210  /* Note: this function returns an exclusive limit. */
211  static inline uint32_t fw_cfg_max_entry(const FWCfgState *s)
212  {
213      return FW_CFG_FILE_FIRST + fw_cfg_file_slots(s);
214  }
215  
216  static int fw_cfg_select(FWCfgState *s, uint16_t key)
217  {
218      int arch, ret;
219      FWCfgEntry *e;
220  
221      s->cur_offset = 0;
222      if ((key & FW_CFG_ENTRY_MASK) >= fw_cfg_max_entry(s)) {
223          s->cur_entry = FW_CFG_INVALID;
224          ret = 0;
225      } else {
226          s->cur_entry = key;
227          ret = 1;
228          /* entry successfully selected, now run callback if present */
229          arch = !!(key & FW_CFG_ARCH_LOCAL);
230          e = &s->entries[arch][key & FW_CFG_ENTRY_MASK];
231          if (e->select_cb) {
232              e->select_cb(e->callback_opaque);
233          }
234      }
235  
236      trace_fw_cfg_select(s, key, ret);
237      return ret;
238  }
239  
240  static uint64_t fw_cfg_data_read(void *opaque, hwaddr addr, unsigned size)
241  {
242      FWCfgState *s = opaque;
243      int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
244      FWCfgEntry *e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
245                      &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
246      uint64_t value = 0;
247  
248      assert(size > 0 && size <= sizeof(value));
249      if (s->cur_entry != FW_CFG_INVALID && e->data && s->cur_offset < e->len) {
250          /* The least significant 'size' bytes of the return value are
251           * expected to contain a string preserving portion of the item
252           * data, padded with zeros on the right in case we run out early.
253           * In technical terms, we're composing the host-endian representation
254           * of the big endian interpretation of the fw_cfg string.
255           */
256          do {
257              value = (value << 8) | e->data[s->cur_offset++];
258          } while (--size && s->cur_offset < e->len);
259          /* If size is still not zero, we *did* run out early, so continue
260           * left-shifting, to add the appropriate number of padding zeros
261           * on the right.
262           */
263          value <<= 8 * size;
264      }
265  
266      trace_fw_cfg_read(s, value);
267      return value;
268  }
269  
270  static void fw_cfg_data_mem_write(void *opaque, hwaddr addr,
271                                    uint64_t value, unsigned size)
272  {
273      FWCfgState *s = opaque;
274      unsigned i = size;
275  
276      do {
277          fw_cfg_write(s, value >> (8 * --i));
278      } while (i);
279  }
280  
281  static void fw_cfg_dma_transfer(FWCfgState *s)
282  {
283      dma_addr_t len;
284      FWCfgDmaAccess dma;
285      int arch;
286      FWCfgEntry *e;
287      int read = 0, write = 0;
288      dma_addr_t dma_addr;
289  
290      /* Reset the address before the next access */
291      dma_addr = s->dma_addr;
292      s->dma_addr = 0;
293  
294      if (dma_memory_read(s->dma_as, dma_addr, &dma, sizeof(dma))) {
295          stl_be_dma(s->dma_as, dma_addr + offsetof(FWCfgDmaAccess, control),
296                     FW_CFG_DMA_CTL_ERROR);
297          return;
298      }
299  
300      dma.address = be64_to_cpu(dma.address);
301      dma.length = be32_to_cpu(dma.length);
302      dma.control = be32_to_cpu(dma.control);
303  
304      if (dma.control & FW_CFG_DMA_CTL_SELECT) {
305          fw_cfg_select(s, dma.control >> 16);
306      }
307  
308      arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
309      e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
310          &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
311  
312      if (dma.control & FW_CFG_DMA_CTL_READ) {
313          read = 1;
314          write = 0;
315      } else if (dma.control & FW_CFG_DMA_CTL_WRITE) {
316          read = 0;
317          write = 1;
318      } else if (dma.control & FW_CFG_DMA_CTL_SKIP) {
319          read = 0;
320          write = 0;
321      } else {
322          dma.length = 0;
323      }
324  
325      dma.control = 0;
326  
327      while (dma.length > 0 && !(dma.control & FW_CFG_DMA_CTL_ERROR)) {
328          if (s->cur_entry == FW_CFG_INVALID || !e->data ||
329                                  s->cur_offset >= e->len) {
330              len = dma.length;
331  
332              /* If the access is not a read access, it will be a skip access,
333               * tested before.
334               */
335              if (read) {
336                  if (dma_memory_set(s->dma_as, dma.address, 0, len)) {
337                      dma.control |= FW_CFG_DMA_CTL_ERROR;
338                  }
339              }
340              if (write) {
341                  dma.control |= FW_CFG_DMA_CTL_ERROR;
342              }
343          } else {
344              if (dma.length <= (e->len - s->cur_offset)) {
345                  len = dma.length;
346              } else {
347                  len = (e->len - s->cur_offset);
348              }
349  
350              /* If the access is not a read access, it will be a skip access,
351               * tested before.
352               */
353              if (read) {
354                  if (dma_memory_write(s->dma_as, dma.address,
355                                      &e->data[s->cur_offset], len)) {
356                      dma.control |= FW_CFG_DMA_CTL_ERROR;
357                  }
358              }
359              if (write) {
360                  if (!e->allow_write ||
361                      len != dma.length ||
362                      dma_memory_read(s->dma_as, dma.address,
363                                      &e->data[s->cur_offset], len)) {
364                      dma.control |= FW_CFG_DMA_CTL_ERROR;
365                  } else if (e->write_cb) {
366                      e->write_cb(e->callback_opaque, s->cur_offset, len);
367                  }
368              }
369  
370              s->cur_offset += len;
371          }
372  
373          dma.address += len;
374          dma.length  -= len;
375  
376      }
377  
378      stl_be_dma(s->dma_as, dma_addr + offsetof(FWCfgDmaAccess, control),
379                  dma.control);
380  
381      trace_fw_cfg_read(s, 0);
382  }
383  
384  static uint64_t fw_cfg_dma_mem_read(void *opaque, hwaddr addr,
385                                      unsigned size)
386  {
387      /* Return a signature value (and handle various read sizes) */
388      return extract64(FW_CFG_DMA_SIGNATURE, (8 - addr - size) * 8, size * 8);
389  }
390  
391  static void fw_cfg_dma_mem_write(void *opaque, hwaddr addr,
392                                   uint64_t value, unsigned size)
393  {
394      FWCfgState *s = opaque;
395  
396      if (size == 4) {
397          if (addr == 0) {
398              /* FWCfgDmaAccess high address */
399              s->dma_addr = value << 32;
400          } else if (addr == 4) {
401              /* FWCfgDmaAccess low address */
402              s->dma_addr |= value;
403              fw_cfg_dma_transfer(s);
404          }
405      } else if (size == 8 && addr == 0) {
406          s->dma_addr = value;
407          fw_cfg_dma_transfer(s);
408      }
409  }
410  
411  static bool fw_cfg_dma_mem_valid(void *opaque, hwaddr addr,
412                                   unsigned size, bool is_write,
413                                   MemTxAttrs attrs)
414  {
415      return !is_write || ((size == 4 && (addr == 0 || addr == 4)) ||
416                           (size == 8 && addr == 0));
417  }
418  
419  static bool fw_cfg_data_mem_valid(void *opaque, hwaddr addr,
420                                    unsigned size, bool is_write,
421                                    MemTxAttrs attrs)
422  {
423      return addr == 0;
424  }
425  
426  static uint64_t fw_cfg_ctl_mem_read(void *opaque, hwaddr addr, unsigned size)
427  {
428      return 0;
429  }
430  
431  static void fw_cfg_ctl_mem_write(void *opaque, hwaddr addr,
432                                   uint64_t value, unsigned size)
433  {
434      fw_cfg_select(opaque, (uint16_t)value);
435  }
436  
437  static bool fw_cfg_ctl_mem_valid(void *opaque, hwaddr addr,
438                                   unsigned size, bool is_write,
439                                   MemTxAttrs attrs)
440  {
441      return is_write && size == 2;
442  }
443  
444  static void fw_cfg_comb_write(void *opaque, hwaddr addr,
445                                uint64_t value, unsigned size)
446  {
447      switch (size) {
448      case 1:
449          fw_cfg_write(opaque, (uint8_t)value);
450          break;
451      case 2:
452          fw_cfg_select(opaque, (uint16_t)value);
453          break;
454      }
455  }
456  
457  static bool fw_cfg_comb_valid(void *opaque, hwaddr addr,
458                                unsigned size, bool is_write,
459                                MemTxAttrs attrs)
460  {
461      return (size == 1) || (is_write && size == 2);
462  }
463  
464  static const MemoryRegionOps fw_cfg_ctl_mem_ops = {
465      .read = fw_cfg_ctl_mem_read,
466      .write = fw_cfg_ctl_mem_write,
467      .endianness = DEVICE_BIG_ENDIAN,
468      .valid.accepts = fw_cfg_ctl_mem_valid,
469  };
470  
471  static const MemoryRegionOps fw_cfg_data_mem_ops = {
472      .read = fw_cfg_data_read,
473      .write = fw_cfg_data_mem_write,
474      .endianness = DEVICE_BIG_ENDIAN,
475      .valid = {
476          .min_access_size = 1,
477          .max_access_size = 1,
478          .accepts = fw_cfg_data_mem_valid,
479      },
480  };
481  
482  static const MemoryRegionOps fw_cfg_comb_mem_ops = {
483      .read = fw_cfg_data_read,
484      .write = fw_cfg_comb_write,
485      .endianness = DEVICE_LITTLE_ENDIAN,
486      .valid.accepts = fw_cfg_comb_valid,
487  };
488  
489  static const MemoryRegionOps fw_cfg_dma_mem_ops = {
490      .read = fw_cfg_dma_mem_read,
491      .write = fw_cfg_dma_mem_write,
492      .endianness = DEVICE_BIG_ENDIAN,
493      .valid.accepts = fw_cfg_dma_mem_valid,
494      .valid.max_access_size = 8,
495      .impl.max_access_size = 8,
496  };
497  
498  static void fw_cfg_reset(DeviceState *d)
499  {
500      FWCfgState *s = FW_CFG(d);
501  
502      /* we never register a read callback for FW_CFG_SIGNATURE */
503      fw_cfg_select(s, FW_CFG_SIGNATURE);
504  }
505  
506  /* Save restore 32 bit int as uint16_t
507     This is a Big hack, but it is how the old state did it.
508     Or we broke compatibility in the state, or we can't use struct tm
509   */
510  
511  static int get_uint32_as_uint16(QEMUFile *f, void *pv, size_t size,
512                                  const VMStateField *field)
513  {
514      uint32_t *v = pv;
515      *v = qemu_get_be16(f);
516      return 0;
517  }
518  
519  static int put_unused(QEMUFile *f, void *pv, size_t size,
520                        const VMStateField *field, QJSON *vmdesc)
521  {
522      fprintf(stderr, "uint32_as_uint16 is only used for backward compatibility.\n");
523      fprintf(stderr, "This functions shouldn't be called.\n");
524  
525      return 0;
526  }
527  
528  static const VMStateInfo vmstate_hack_uint32_as_uint16 = {
529      .name = "int32_as_uint16",
530      .get  = get_uint32_as_uint16,
531      .put  = put_unused,
532  };
533  
534  #define VMSTATE_UINT16_HACK(_f, _s, _t)                                    \
535      VMSTATE_SINGLE_TEST(_f, _s, _t, 0, vmstate_hack_uint32_as_uint16, uint32_t)
536  
537  
538  static bool is_version_1(void *opaque, int version_id)
539  {
540      return version_id == 1;
541  }
542  
543  bool fw_cfg_dma_enabled(void *opaque)
544  {
545      FWCfgState *s = opaque;
546  
547      return s->dma_enabled;
548  }
549  
550  static const VMStateDescription vmstate_fw_cfg_dma = {
551      .name = "fw_cfg/dma",
552      .needed = fw_cfg_dma_enabled,
553      .fields = (VMStateField[]) {
554          VMSTATE_UINT64(dma_addr, FWCfgState),
555          VMSTATE_END_OF_LIST()
556      },
557  };
558  
559  static const VMStateDescription vmstate_fw_cfg = {
560      .name = "fw_cfg",
561      .version_id = 2,
562      .minimum_version_id = 1,
563      .fields = (VMStateField[]) {
564          VMSTATE_UINT16(cur_entry, FWCfgState),
565          VMSTATE_UINT16_HACK(cur_offset, FWCfgState, is_version_1),
566          VMSTATE_UINT32_V(cur_offset, FWCfgState, 2),
567          VMSTATE_END_OF_LIST()
568      },
569      .subsections = (const VMStateDescription*[]) {
570          &vmstate_fw_cfg_dma,
571          NULL,
572      }
573  };
574  
575  static void fw_cfg_add_bytes_callback(FWCfgState *s, uint16_t key,
576                                        FWCfgCallback select_cb,
577                                        FWCfgWriteCallback write_cb,
578                                        void *callback_opaque,
579                                        void *data, size_t len,
580                                        bool read_only)
581  {
582      int arch = !!(key & FW_CFG_ARCH_LOCAL);
583  
584      key &= FW_CFG_ENTRY_MASK;
585  
586      assert(key < fw_cfg_max_entry(s) && len < UINT32_MAX);
587      assert(s->entries[arch][key].data == NULL); /* avoid key conflict */
588  
589      s->entries[arch][key].data = data;
590      s->entries[arch][key].len = (uint32_t)len;
591      s->entries[arch][key].select_cb = select_cb;
592      s->entries[arch][key].write_cb = write_cb;
593      s->entries[arch][key].callback_opaque = callback_opaque;
594      s->entries[arch][key].allow_write = !read_only;
595  }
596  
597  static void *fw_cfg_modify_bytes_read(FWCfgState *s, uint16_t key,
598                                                void *data, size_t len)
599  {
600      void *ptr;
601      int arch = !!(key & FW_CFG_ARCH_LOCAL);
602  
603      key &= FW_CFG_ENTRY_MASK;
604  
605      assert(key < fw_cfg_max_entry(s) && len < UINT32_MAX);
606  
607      /* return the old data to the function caller, avoid memory leak */
608      ptr = s->entries[arch][key].data;
609      s->entries[arch][key].data = data;
610      s->entries[arch][key].len = len;
611      s->entries[arch][key].callback_opaque = NULL;
612      s->entries[arch][key].allow_write = false;
613  
614      return ptr;
615  }
616  
617  void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void *data, size_t len)
618  {
619      fw_cfg_add_bytes_callback(s, key, NULL, NULL, NULL, data, len, true);
620  }
621  
622  void fw_cfg_add_string(FWCfgState *s, uint16_t key, const char *value)
623  {
624      size_t sz = strlen(value) + 1;
625  
626      fw_cfg_add_bytes(s, key, g_memdup(value, sz), sz);
627  }
628  
629  void fw_cfg_add_i16(FWCfgState *s, uint16_t key, uint16_t value)
630  {
631      uint16_t *copy;
632  
633      copy = g_malloc(sizeof(value));
634      *copy = cpu_to_le16(value);
635      fw_cfg_add_bytes(s, key, copy, sizeof(value));
636  }
637  
638  void fw_cfg_modify_i16(FWCfgState *s, uint16_t key, uint16_t value)
639  {
640      uint16_t *copy, *old;
641  
642      copy = g_malloc(sizeof(value));
643      *copy = cpu_to_le16(value);
644      old = fw_cfg_modify_bytes_read(s, key, copy, sizeof(value));
645      g_free(old);
646  }
647  
648  void fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t value)
649  {
650      uint32_t *copy;
651  
652      copy = g_malloc(sizeof(value));
653      *copy = cpu_to_le32(value);
654      fw_cfg_add_bytes(s, key, copy, sizeof(value));
655  }
656  
657  void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value)
658  {
659      uint64_t *copy;
660  
661      copy = g_malloc(sizeof(value));
662      *copy = cpu_to_le64(value);
663      fw_cfg_add_bytes(s, key, copy, sizeof(value));
664  }
665  
666  void fw_cfg_set_order_override(FWCfgState *s, int order)
667  {
668      assert(s->fw_cfg_order_override == 0);
669      s->fw_cfg_order_override = order;
670  }
671  
672  void fw_cfg_reset_order_override(FWCfgState *s)
673  {
674      assert(s->fw_cfg_order_override != 0);
675      s->fw_cfg_order_override = 0;
676  }
677  
678  /*
679   * This is the legacy order list.  For legacy systems, files are in
680   * the fw_cfg in the order defined below, by the "order" value.  Note
681   * that some entries (VGA ROMs, NIC option ROMS, etc.) go into a
682   * specific area, but there may be more than one and they occur in the
683   * order that the user specifies them on the command line.  Those are
684   * handled in a special manner, using the order override above.
685   *
686   * For non-legacy, the files are sorted by filename to avoid this kind
687   * of complexity in the future.
688   *
689   * This is only for x86, other arches don't implement versioning so
690   * they won't set legacy mode.
691   */
692  static struct {
693      const char *name;
694      int order;
695  } fw_cfg_order[] = {
696      { "etc/boot-menu-wait", 10 },
697      { "bootsplash.jpg", 11 },
698      { "bootsplash.bmp", 12 },
699      { "etc/boot-fail-wait", 15 },
700      { "etc/smbios/smbios-tables", 20 },
701      { "etc/smbios/smbios-anchor", 30 },
702      { "etc/e820", 40 },
703      { "etc/reserved-memory-end", 50 },
704      { "genroms/kvmvapic.bin", 55 },
705      { "genroms/linuxboot.bin", 60 },
706      { }, /* VGA ROMs from pc_vga_init come here, 70. */
707      { }, /* NIC option ROMs from pc_nic_init come here, 80. */
708      { "etc/system-states", 90 },
709      { }, /* User ROMs come here, 100. */
710      { }, /* Device FW comes here, 110. */
711      { "etc/extra-pci-roots", 120 },
712      { "etc/acpi/tables", 130 },
713      { "etc/table-loader", 140 },
714      { "etc/tpm/log", 150 },
715      { "etc/acpi/rsdp", 160 },
716      { "bootorder", 170 },
717  
718  #define FW_CFG_ORDER_OVERRIDE_LAST 200
719  };
720  
721  static int get_fw_cfg_order(FWCfgState *s, const char *name)
722  {
723      int i;
724  
725      if (s->fw_cfg_order_override > 0) {
726          return s->fw_cfg_order_override;
727      }
728  
729      for (i = 0; i < ARRAY_SIZE(fw_cfg_order); i++) {
730          if (fw_cfg_order[i].name == NULL) {
731              continue;
732          }
733  
734          if (strcmp(name, fw_cfg_order[i].name) == 0) {
735              return fw_cfg_order[i].order;
736          }
737      }
738  
739      /* Stick unknown stuff at the end. */
740      warn_report("Unknown firmware file in legacy mode: %s", name);
741      return FW_CFG_ORDER_OVERRIDE_LAST;
742  }
743  
744  void fw_cfg_add_file_callback(FWCfgState *s,  const char *filename,
745                                FWCfgCallback select_cb,
746                                FWCfgWriteCallback write_cb,
747                                void *callback_opaque,
748                                void *data, size_t len, bool read_only)
749  {
750      int i, index, count;
751      size_t dsize;
752      MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
753      int order = 0;
754  
755      if (!s->files) {
756          dsize = sizeof(uint32_t) + sizeof(FWCfgFile) * fw_cfg_file_slots(s);
757          s->files = g_malloc0(dsize);
758          fw_cfg_add_bytes(s, FW_CFG_FILE_DIR, s->files, dsize);
759      }
760  
761      count = be32_to_cpu(s->files->count);
762      assert(count < fw_cfg_file_slots(s));
763  
764      /* Find the insertion point. */
765      if (mc->legacy_fw_cfg_order) {
766          /*
767           * Sort by order. For files with the same order, we keep them
768           * in the sequence in which they were added.
769           */
770          order = get_fw_cfg_order(s, filename);
771          for (index = count;
772               index > 0 && order < s->entry_order[index - 1];
773               index--);
774      } else {
775          /* Sort by file name. */
776          for (index = count;
777               index > 0 && strcmp(filename, s->files->f[index - 1].name) < 0;
778               index--);
779      }
780  
781      /*
782       * Move all the entries from the index point and after down one
783       * to create a slot for the new entry.  Because calculations are
784       * being done with the index, make it so that "i" is the current
785       * index and "i - 1" is the one being copied from, thus the
786       * unusual start and end in the for statement.
787       */
788      for (i = count; i > index; i--) {
789          s->files->f[i] = s->files->f[i - 1];
790          s->files->f[i].select = cpu_to_be16(FW_CFG_FILE_FIRST + i);
791          s->entries[0][FW_CFG_FILE_FIRST + i] =
792              s->entries[0][FW_CFG_FILE_FIRST + i - 1];
793          s->entry_order[i] = s->entry_order[i - 1];
794      }
795  
796      memset(&s->files->f[index], 0, sizeof(FWCfgFile));
797      memset(&s->entries[0][FW_CFG_FILE_FIRST + index], 0, sizeof(FWCfgEntry));
798  
799      pstrcpy(s->files->f[index].name, sizeof(s->files->f[index].name), filename);
800      for (i = 0; i <= count; i++) {
801          if (i != index &&
802              strcmp(s->files->f[index].name, s->files->f[i].name) == 0) {
803              error_report("duplicate fw_cfg file name: %s",
804                           s->files->f[index].name);
805              exit(1);
806          }
807      }
808  
809      fw_cfg_add_bytes_callback(s, FW_CFG_FILE_FIRST + index,
810                                select_cb, write_cb,
811                                callback_opaque, data, len,
812                                read_only);
813  
814      s->files->f[index].size   = cpu_to_be32(len);
815      s->files->f[index].select = cpu_to_be16(FW_CFG_FILE_FIRST + index);
816      s->entry_order[index] = order;
817      trace_fw_cfg_add_file(s, index, s->files->f[index].name, len);
818  
819      s->files->count = cpu_to_be32(count+1);
820  }
821  
822  void fw_cfg_add_file(FWCfgState *s,  const char *filename,
823                       void *data, size_t len)
824  {
825      fw_cfg_add_file_callback(s, filename, NULL, NULL, NULL, data, len, true);
826  }
827  
828  void *fw_cfg_modify_file(FWCfgState *s, const char *filename,
829                          void *data, size_t len)
830  {
831      int i, index;
832      void *ptr = NULL;
833  
834      assert(s->files);
835  
836      index = be32_to_cpu(s->files->count);
837  
838      for (i = 0; i < index; i++) {
839          if (strcmp(filename, s->files->f[i].name) == 0) {
840              ptr = fw_cfg_modify_bytes_read(s, FW_CFG_FILE_FIRST + i,
841                                             data, len);
842              s->files->f[i].size   = cpu_to_be32(len);
843              return ptr;
844          }
845      }
846  
847      assert(index < fw_cfg_file_slots(s));
848  
849      /* add new one */
850      fw_cfg_add_file_callback(s, filename, NULL, NULL, NULL, data, len, true);
851      return NULL;
852  }
853  
854  static void fw_cfg_machine_reset(void *opaque)
855  {
856      void *ptr;
857      size_t len;
858      FWCfgState *s = opaque;
859      char *bootindex = get_boot_devices_list(&len);
860  
861      ptr = fw_cfg_modify_file(s, "bootorder", (uint8_t *)bootindex, len);
862      g_free(ptr);
863  }
864  
865  static void fw_cfg_machine_ready(struct Notifier *n, void *data)
866  {
867      FWCfgState *s = container_of(n, FWCfgState, machine_ready);
868      qemu_register_reset(fw_cfg_machine_reset, s);
869  }
870  
871  
872  
873  static void fw_cfg_common_realize(DeviceState *dev, Error **errp)
874  {
875      FWCfgState *s = FW_CFG(dev);
876      MachineState *machine = MACHINE(qdev_get_machine());
877      uint32_t version = FW_CFG_VERSION;
878  
879      if (!fw_cfg_find()) {
880          error_setg(errp, "at most one %s device is permitted", TYPE_FW_CFG);
881          return;
882      }
883  
884      fw_cfg_add_bytes(s, FW_CFG_SIGNATURE, (char *)"QEMU", 4);
885      fw_cfg_add_bytes(s, FW_CFG_UUID, &qemu_uuid, 16);
886      fw_cfg_add_i16(s, FW_CFG_NOGRAPHIC, (uint16_t)!machine->enable_graphics);
887      fw_cfg_add_i16(s, FW_CFG_BOOT_MENU, (uint16_t)boot_menu);
888      fw_cfg_bootsplash(s);
889      fw_cfg_reboot(s);
890  
891      if (s->dma_enabled) {
892          version |= FW_CFG_VERSION_DMA;
893      }
894  
895      fw_cfg_add_i32(s, FW_CFG_ID, version);
896  
897      s->machine_ready.notify = fw_cfg_machine_ready;
898      qemu_add_machine_init_done_notifier(&s->machine_ready);
899  }
900  
901  FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t dma_iobase,
902                                  AddressSpace *dma_as)
903  {
904      DeviceState *dev;
905      SysBusDevice *sbd;
906      FWCfgIoState *ios;
907      FWCfgState *s;
908      bool dma_requested = dma_iobase && dma_as;
909  
910      dev = qdev_create(NULL, TYPE_FW_CFG_IO);
911      if (!dma_requested) {
912          qdev_prop_set_bit(dev, "dma_enabled", false);
913      }
914  
915      object_property_add_child(OBJECT(qdev_get_machine()), TYPE_FW_CFG,
916                                OBJECT(dev), NULL);
917      qdev_init_nofail(dev);
918  
919      sbd = SYS_BUS_DEVICE(dev);
920      ios = FW_CFG_IO(dev);
921      sysbus_add_io(sbd, iobase, &ios->comb_iomem);
922  
923      s = FW_CFG(dev);
924  
925      if (s->dma_enabled) {
926          /* 64 bits for the address field */
927          s->dma_as = dma_as;
928          s->dma_addr = 0;
929          sysbus_add_io(sbd, dma_iobase, &s->dma_iomem);
930      }
931  
932      return s;
933  }
934  
935  FWCfgState *fw_cfg_init_io(uint32_t iobase)
936  {
937      return fw_cfg_init_io_dma(iobase, 0, NULL);
938  }
939  
940  FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
941                                   hwaddr data_addr, uint32_t data_width,
942                                   hwaddr dma_addr, AddressSpace *dma_as)
943  {
944      DeviceState *dev;
945      SysBusDevice *sbd;
946      FWCfgState *s;
947      bool dma_requested = dma_addr && dma_as;
948  
949      dev = qdev_create(NULL, TYPE_FW_CFG_MEM);
950      qdev_prop_set_uint32(dev, "data_width", data_width);
951      if (!dma_requested) {
952          qdev_prop_set_bit(dev, "dma_enabled", false);
953      }
954  
955      object_property_add_child(OBJECT(qdev_get_machine()), TYPE_FW_CFG,
956                                OBJECT(dev), NULL);
957      qdev_init_nofail(dev);
958  
959      sbd = SYS_BUS_DEVICE(dev);
960      sysbus_mmio_map(sbd, 0, ctl_addr);
961      sysbus_mmio_map(sbd, 1, data_addr);
962  
963      s = FW_CFG(dev);
964  
965      if (s->dma_enabled) {
966          s->dma_as = dma_as;
967          s->dma_addr = 0;
968          sysbus_mmio_map(sbd, 2, dma_addr);
969      }
970  
971      return s;
972  }
973  
974  FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr)
975  {
976      return fw_cfg_init_mem_wide(ctl_addr, data_addr,
977                                  fw_cfg_data_mem_ops.valid.max_access_size,
978                                  0, NULL);
979  }
980  
981  
982  FWCfgState *fw_cfg_find(void)
983  {
984      /* Returns NULL unless there is exactly one fw_cfg device */
985      return FW_CFG(object_resolve_path_type("", TYPE_FW_CFG, NULL));
986  }
987  
988  
989  static void fw_cfg_class_init(ObjectClass *klass, void *data)
990  {
991      DeviceClass *dc = DEVICE_CLASS(klass);
992  
993      dc->reset = fw_cfg_reset;
994      dc->vmsd = &vmstate_fw_cfg;
995  }
996  
997  static const TypeInfo fw_cfg_info = {
998      .name          = TYPE_FW_CFG,
999      .parent        = TYPE_SYS_BUS_DEVICE,
1000      .abstract      = true,
1001      .instance_size = sizeof(FWCfgState),
1002      .class_init    = fw_cfg_class_init,
1003  };
1004  
1005  static void fw_cfg_file_slots_allocate(FWCfgState *s, Error **errp)
1006  {
1007      uint16_t file_slots_max;
1008  
1009      if (fw_cfg_file_slots(s) < FW_CFG_FILE_SLOTS_MIN) {
1010          error_setg(errp, "\"file_slots\" must be at least 0x%x",
1011                     FW_CFG_FILE_SLOTS_MIN);
1012          return;
1013      }
1014  
1015      /* (UINT16_MAX & FW_CFG_ENTRY_MASK) is the highest inclusive selector value
1016       * that we permit. The actual (exclusive) value coming from the
1017       * configuration is (FW_CFG_FILE_FIRST + fw_cfg_file_slots(s)). */
1018      file_slots_max = (UINT16_MAX & FW_CFG_ENTRY_MASK) - FW_CFG_FILE_FIRST + 1;
1019      if (fw_cfg_file_slots(s) > file_slots_max) {
1020          error_setg(errp, "\"file_slots\" must not exceed 0x%" PRIx16,
1021                     file_slots_max);
1022          return;
1023      }
1024  
1025      s->entries[0] = g_new0(FWCfgEntry, fw_cfg_max_entry(s));
1026      s->entries[1] = g_new0(FWCfgEntry, fw_cfg_max_entry(s));
1027      s->entry_order = g_new0(int, fw_cfg_max_entry(s));
1028  }
1029  
1030  static Property fw_cfg_io_properties[] = {
1031      DEFINE_PROP_BOOL("dma_enabled", FWCfgIoState, parent_obj.dma_enabled,
1032                       true),
1033      DEFINE_PROP_UINT16("x-file-slots", FWCfgIoState, parent_obj.file_slots,
1034                         FW_CFG_FILE_SLOTS_DFLT),
1035      DEFINE_PROP_END_OF_LIST(),
1036  };
1037  
1038  static void fw_cfg_io_realize(DeviceState *dev, Error **errp)
1039  {
1040      FWCfgIoState *s = FW_CFG_IO(dev);
1041      Error *local_err = NULL;
1042  
1043      fw_cfg_file_slots_allocate(FW_CFG(s), &local_err);
1044      if (local_err) {
1045          error_propagate(errp, local_err);
1046          return;
1047      }
1048  
1049      /* when using port i/o, the 8-bit data register ALWAYS overlaps
1050       * with half of the 16-bit control register. Hence, the total size
1051       * of the i/o region used is FW_CFG_CTL_SIZE */
1052      memory_region_init_io(&s->comb_iomem, OBJECT(s), &fw_cfg_comb_mem_ops,
1053                            FW_CFG(s), "fwcfg", FW_CFG_CTL_SIZE);
1054  
1055      if (FW_CFG(s)->dma_enabled) {
1056          memory_region_init_io(&FW_CFG(s)->dma_iomem, OBJECT(s),
1057                                &fw_cfg_dma_mem_ops, FW_CFG(s), "fwcfg.dma",
1058                                sizeof(dma_addr_t));
1059      }
1060  
1061      fw_cfg_common_realize(dev, errp);
1062  }
1063  
1064  static void fw_cfg_io_class_init(ObjectClass *klass, void *data)
1065  {
1066      DeviceClass *dc = DEVICE_CLASS(klass);
1067  
1068      dc->realize = fw_cfg_io_realize;
1069      dc->props = fw_cfg_io_properties;
1070  }
1071  
1072  static const TypeInfo fw_cfg_io_info = {
1073      .name          = TYPE_FW_CFG_IO,
1074      .parent        = TYPE_FW_CFG,
1075      .instance_size = sizeof(FWCfgIoState),
1076      .class_init    = fw_cfg_io_class_init,
1077  };
1078  
1079  
1080  static Property fw_cfg_mem_properties[] = {
1081      DEFINE_PROP_UINT32("data_width", FWCfgMemState, data_width, -1),
1082      DEFINE_PROP_BOOL("dma_enabled", FWCfgMemState, parent_obj.dma_enabled,
1083                       true),
1084      DEFINE_PROP_UINT16("x-file-slots", FWCfgMemState, parent_obj.file_slots,
1085                         FW_CFG_FILE_SLOTS_DFLT),
1086      DEFINE_PROP_END_OF_LIST(),
1087  };
1088  
1089  static void fw_cfg_mem_realize(DeviceState *dev, Error **errp)
1090  {
1091      FWCfgMemState *s = FW_CFG_MEM(dev);
1092      SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1093      const MemoryRegionOps *data_ops = &fw_cfg_data_mem_ops;
1094      Error *local_err = NULL;
1095  
1096      fw_cfg_file_slots_allocate(FW_CFG(s), &local_err);
1097      if (local_err) {
1098          error_propagate(errp, local_err);
1099          return;
1100      }
1101  
1102      memory_region_init_io(&s->ctl_iomem, OBJECT(s), &fw_cfg_ctl_mem_ops,
1103                            FW_CFG(s), "fwcfg.ctl", FW_CFG_CTL_SIZE);
1104      sysbus_init_mmio(sbd, &s->ctl_iomem);
1105  
1106      if (s->data_width > data_ops->valid.max_access_size) {
1107          s->wide_data_ops = *data_ops;
1108  
1109          s->wide_data_ops.valid.max_access_size = s->data_width;
1110          s->wide_data_ops.impl.max_access_size  = s->data_width;
1111          data_ops = &s->wide_data_ops;
1112      }
1113      memory_region_init_io(&s->data_iomem, OBJECT(s), data_ops, FW_CFG(s),
1114                            "fwcfg.data", data_ops->valid.max_access_size);
1115      sysbus_init_mmio(sbd, &s->data_iomem);
1116  
1117      if (FW_CFG(s)->dma_enabled) {
1118          memory_region_init_io(&FW_CFG(s)->dma_iomem, OBJECT(s),
1119                                &fw_cfg_dma_mem_ops, FW_CFG(s), "fwcfg.dma",
1120                                sizeof(dma_addr_t));
1121          sysbus_init_mmio(sbd, &FW_CFG(s)->dma_iomem);
1122      }
1123  
1124      fw_cfg_common_realize(dev, errp);
1125  }
1126  
1127  static void fw_cfg_mem_class_init(ObjectClass *klass, void *data)
1128  {
1129      DeviceClass *dc = DEVICE_CLASS(klass);
1130  
1131      dc->realize = fw_cfg_mem_realize;
1132      dc->props = fw_cfg_mem_properties;
1133  }
1134  
1135  static const TypeInfo fw_cfg_mem_info = {
1136      .name          = TYPE_FW_CFG_MEM,
1137      .parent        = TYPE_FW_CFG,
1138      .instance_size = sizeof(FWCfgMemState),
1139      .class_init    = fw_cfg_mem_class_init,
1140  };
1141  
1142  
1143  static void fw_cfg_register_types(void)
1144  {
1145      type_register_static(&fw_cfg_info);
1146      type_register_static(&fw_cfg_io_info);
1147      type_register_static(&fw_cfg_mem_info);
1148  }
1149  
1150  type_init(fw_cfg_register_types)
1151