1 /* 2 * QEMU Firmware configuration device emulation 3 * 4 * Copyright (c) 2008 Gleb Natapov 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 #include "qemu/osdep.h" 25 #include "hw/hw.h" 26 #include "sysemu/sysemu.h" 27 #include "sysemu/dma.h" 28 #include "hw/boards.h" 29 #include "hw/isa/isa.h" 30 #include "hw/nvram/fw_cfg.h" 31 #include "hw/sysbus.h" 32 #include "trace.h" 33 #include "qemu/error-report.h" 34 #include "qemu/config-file.h" 35 #include "qemu/cutils.h" 36 #include "qapi/error.h" 37 38 #define FW_CFG_NAME "fw_cfg" 39 #define FW_CFG_PATH "/machine/" FW_CFG_NAME 40 41 #define TYPE_FW_CFG "fw_cfg" 42 #define TYPE_FW_CFG_IO "fw_cfg_io" 43 #define TYPE_FW_CFG_MEM "fw_cfg_mem" 44 45 #define FW_CFG(obj) OBJECT_CHECK(FWCfgState, (obj), TYPE_FW_CFG) 46 #define FW_CFG_IO(obj) OBJECT_CHECK(FWCfgIoState, (obj), TYPE_FW_CFG_IO) 47 #define FW_CFG_MEM(obj) OBJECT_CHECK(FWCfgMemState, (obj), TYPE_FW_CFG_MEM) 48 49 /* FW_CFG_VERSION bits */ 50 #define FW_CFG_VERSION 0x01 51 #define FW_CFG_VERSION_DMA 0x02 52 53 /* FW_CFG_DMA_CONTROL bits */ 54 #define FW_CFG_DMA_CTL_ERROR 0x01 55 #define FW_CFG_DMA_CTL_READ 0x02 56 #define FW_CFG_DMA_CTL_SKIP 0x04 57 #define FW_CFG_DMA_CTL_SELECT 0x08 58 #define FW_CFG_DMA_CTL_WRITE 0x10 59 60 #define FW_CFG_DMA_SIGNATURE 0x51454d5520434647ULL /* "QEMU CFG" */ 61 62 typedef struct FWCfgEntry { 63 uint32_t len; 64 bool allow_write; 65 uint8_t *data; 66 void *callback_opaque; 67 FWCfgReadCallback read_callback; 68 } FWCfgEntry; 69 70 struct FWCfgState { 71 /*< private >*/ 72 SysBusDevice parent_obj; 73 /*< public >*/ 74 75 uint16_t file_slots; 76 FWCfgEntry *entries[2]; 77 int *entry_order; 78 FWCfgFiles *files; 79 uint16_t cur_entry; 80 uint32_t cur_offset; 81 Notifier machine_ready; 82 83 int fw_cfg_order_override; 84 85 bool dma_enabled; 86 dma_addr_t dma_addr; 87 AddressSpace *dma_as; 88 MemoryRegion dma_iomem; 89 }; 90 91 struct FWCfgIoState { 92 /*< private >*/ 93 FWCfgState parent_obj; 94 /*< public >*/ 95 96 MemoryRegion comb_iomem; 97 uint32_t iobase, dma_iobase; 98 }; 99 100 struct FWCfgMemState { 101 /*< private >*/ 102 FWCfgState parent_obj; 103 /*< public >*/ 104 105 MemoryRegion ctl_iomem, data_iomem; 106 uint32_t data_width; 107 MemoryRegionOps wide_data_ops; 108 }; 109 110 #define JPG_FILE 0 111 #define BMP_FILE 1 112 113 static char *read_splashfile(char *filename, gsize *file_sizep, 114 int *file_typep) 115 { 116 GError *err = NULL; 117 gboolean res; 118 gchar *content; 119 int file_type; 120 unsigned int filehead; 121 int bmp_bpp; 122 123 res = g_file_get_contents(filename, &content, file_sizep, &err); 124 if (res == FALSE) { 125 error_report("failed to read splash file '%s'", filename); 126 g_error_free(err); 127 return NULL; 128 } 129 130 /* check file size */ 131 if (*file_sizep < 30) { 132 goto error; 133 } 134 135 /* check magic ID */ 136 filehead = ((content[0] & 0xff) + (content[1] << 8)) & 0xffff; 137 if (filehead == 0xd8ff) { 138 file_type = JPG_FILE; 139 } else if (filehead == 0x4d42) { 140 file_type = BMP_FILE; 141 } else { 142 goto error; 143 } 144 145 /* check BMP bpp */ 146 if (file_type == BMP_FILE) { 147 bmp_bpp = (content[28] + (content[29] << 8)) & 0xffff; 148 if (bmp_bpp != 24) { 149 goto error; 150 } 151 } 152 153 /* return values */ 154 *file_typep = file_type; 155 156 return content; 157 158 error: 159 error_report("splash file '%s' format not recognized; must be JPEG " 160 "or 24 bit BMP", filename); 161 g_free(content); 162 return NULL; 163 } 164 165 static void fw_cfg_bootsplash(FWCfgState *s) 166 { 167 int boot_splash_time = -1; 168 const char *boot_splash_filename = NULL; 169 char *p; 170 char *filename, *file_data; 171 gsize file_size; 172 int file_type; 173 const char *temp; 174 175 /* get user configuration */ 176 QemuOptsList *plist = qemu_find_opts("boot-opts"); 177 QemuOpts *opts = QTAILQ_FIRST(&plist->head); 178 if (opts != NULL) { 179 temp = qemu_opt_get(opts, "splash"); 180 if (temp != NULL) { 181 boot_splash_filename = temp; 182 } 183 temp = qemu_opt_get(opts, "splash-time"); 184 if (temp != NULL) { 185 p = (char *)temp; 186 boot_splash_time = strtol(p, &p, 10); 187 } 188 } 189 190 /* insert splash time if user configurated */ 191 if (boot_splash_time >= 0) { 192 /* validate the input */ 193 if (boot_splash_time > 0xffff) { 194 error_report("splash time is big than 65535, force it to 65535."); 195 boot_splash_time = 0xffff; 196 } 197 /* use little endian format */ 198 qemu_extra_params_fw[0] = (uint8_t)(boot_splash_time & 0xff); 199 qemu_extra_params_fw[1] = (uint8_t)((boot_splash_time >> 8) & 0xff); 200 fw_cfg_add_file(s, "etc/boot-menu-wait", qemu_extra_params_fw, 2); 201 } 202 203 /* insert splash file if user configurated */ 204 if (boot_splash_filename != NULL) { 205 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, boot_splash_filename); 206 if (filename == NULL) { 207 error_report("failed to find file '%s'.", boot_splash_filename); 208 return; 209 } 210 211 /* loading file data */ 212 file_data = read_splashfile(filename, &file_size, &file_type); 213 if (file_data == NULL) { 214 g_free(filename); 215 return; 216 } 217 g_free(boot_splash_filedata); 218 boot_splash_filedata = (uint8_t *)file_data; 219 boot_splash_filedata_size = file_size; 220 221 /* insert data */ 222 if (file_type == JPG_FILE) { 223 fw_cfg_add_file(s, "bootsplash.jpg", 224 boot_splash_filedata, boot_splash_filedata_size); 225 } else { 226 fw_cfg_add_file(s, "bootsplash.bmp", 227 boot_splash_filedata, boot_splash_filedata_size); 228 } 229 g_free(filename); 230 } 231 } 232 233 static void fw_cfg_reboot(FWCfgState *s) 234 { 235 int reboot_timeout = -1; 236 char *p; 237 const char *temp; 238 239 /* get user configuration */ 240 QemuOptsList *plist = qemu_find_opts("boot-opts"); 241 QemuOpts *opts = QTAILQ_FIRST(&plist->head); 242 if (opts != NULL) { 243 temp = qemu_opt_get(opts, "reboot-timeout"); 244 if (temp != NULL) { 245 p = (char *)temp; 246 reboot_timeout = strtol(p, &p, 10); 247 } 248 } 249 /* validate the input */ 250 if (reboot_timeout > 0xffff) { 251 error_report("reboot timeout is larger than 65535, force it to 65535."); 252 reboot_timeout = 0xffff; 253 } 254 fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&reboot_timeout, 4), 4); 255 } 256 257 static void fw_cfg_write(FWCfgState *s, uint8_t value) 258 { 259 /* nothing, write support removed in QEMU v2.4+ */ 260 } 261 262 static inline uint16_t fw_cfg_file_slots(const FWCfgState *s) 263 { 264 return s->file_slots; 265 } 266 267 /* Note: this function returns an exclusive limit. */ 268 static inline uint32_t fw_cfg_max_entry(const FWCfgState *s) 269 { 270 return FW_CFG_FILE_FIRST + fw_cfg_file_slots(s); 271 } 272 273 static int fw_cfg_select(FWCfgState *s, uint16_t key) 274 { 275 int arch, ret; 276 FWCfgEntry *e; 277 278 s->cur_offset = 0; 279 if ((key & FW_CFG_ENTRY_MASK) >= fw_cfg_max_entry(s)) { 280 s->cur_entry = FW_CFG_INVALID; 281 ret = 0; 282 } else { 283 s->cur_entry = key; 284 ret = 1; 285 /* entry successfully selected, now run callback if present */ 286 arch = !!(key & FW_CFG_ARCH_LOCAL); 287 e = &s->entries[arch][key & FW_CFG_ENTRY_MASK]; 288 if (e->read_callback) { 289 e->read_callback(e->callback_opaque); 290 } 291 } 292 293 trace_fw_cfg_select(s, key, ret); 294 return ret; 295 } 296 297 static uint64_t fw_cfg_data_read(void *opaque, hwaddr addr, unsigned size) 298 { 299 FWCfgState *s = opaque; 300 int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL); 301 FWCfgEntry *e = (s->cur_entry == FW_CFG_INVALID) ? NULL : 302 &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK]; 303 uint64_t value = 0; 304 305 assert(size > 0 && size <= sizeof(value)); 306 if (s->cur_entry != FW_CFG_INVALID && e->data && s->cur_offset < e->len) { 307 /* The least significant 'size' bytes of the return value are 308 * expected to contain a string preserving portion of the item 309 * data, padded with zeros on the right in case we run out early. 310 * In technical terms, we're composing the host-endian representation 311 * of the big endian interpretation of the fw_cfg string. 312 */ 313 do { 314 value = (value << 8) | e->data[s->cur_offset++]; 315 } while (--size && s->cur_offset < e->len); 316 /* If size is still not zero, we *did* run out early, so continue 317 * left-shifting, to add the appropriate number of padding zeros 318 * on the right. 319 */ 320 value <<= 8 * size; 321 } 322 323 trace_fw_cfg_read(s, value); 324 return value; 325 } 326 327 static void fw_cfg_data_mem_write(void *opaque, hwaddr addr, 328 uint64_t value, unsigned size) 329 { 330 FWCfgState *s = opaque; 331 unsigned i = size; 332 333 do { 334 fw_cfg_write(s, value >> (8 * --i)); 335 } while (i); 336 } 337 338 static void fw_cfg_dma_transfer(FWCfgState *s) 339 { 340 dma_addr_t len; 341 FWCfgDmaAccess dma; 342 int arch; 343 FWCfgEntry *e; 344 int read = 0, write = 0; 345 dma_addr_t dma_addr; 346 347 /* Reset the address before the next access */ 348 dma_addr = s->dma_addr; 349 s->dma_addr = 0; 350 351 if (dma_memory_read(s->dma_as, dma_addr, &dma, sizeof(dma))) { 352 stl_be_dma(s->dma_as, dma_addr + offsetof(FWCfgDmaAccess, control), 353 FW_CFG_DMA_CTL_ERROR); 354 return; 355 } 356 357 dma.address = be64_to_cpu(dma.address); 358 dma.length = be32_to_cpu(dma.length); 359 dma.control = be32_to_cpu(dma.control); 360 361 if (dma.control & FW_CFG_DMA_CTL_SELECT) { 362 fw_cfg_select(s, dma.control >> 16); 363 } 364 365 arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL); 366 e = (s->cur_entry == FW_CFG_INVALID) ? NULL : 367 &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK]; 368 369 if (dma.control & FW_CFG_DMA_CTL_READ) { 370 read = 1; 371 write = 0; 372 } else if (dma.control & FW_CFG_DMA_CTL_WRITE) { 373 read = 0; 374 write = 1; 375 } else if (dma.control & FW_CFG_DMA_CTL_SKIP) { 376 read = 0; 377 write = 0; 378 } else { 379 dma.length = 0; 380 } 381 382 dma.control = 0; 383 384 while (dma.length > 0 && !(dma.control & FW_CFG_DMA_CTL_ERROR)) { 385 if (s->cur_entry == FW_CFG_INVALID || !e->data || 386 s->cur_offset >= e->len) { 387 len = dma.length; 388 389 /* If the access is not a read access, it will be a skip access, 390 * tested before. 391 */ 392 if (read) { 393 if (dma_memory_set(s->dma_as, dma.address, 0, len)) { 394 dma.control |= FW_CFG_DMA_CTL_ERROR; 395 } 396 } 397 if (write) { 398 dma.control |= FW_CFG_DMA_CTL_ERROR; 399 } 400 } else { 401 if (dma.length <= (e->len - s->cur_offset)) { 402 len = dma.length; 403 } else { 404 len = (e->len - s->cur_offset); 405 } 406 407 /* If the access is not a read access, it will be a skip access, 408 * tested before. 409 */ 410 if (read) { 411 if (dma_memory_write(s->dma_as, dma.address, 412 &e->data[s->cur_offset], len)) { 413 dma.control |= FW_CFG_DMA_CTL_ERROR; 414 } 415 } 416 if (write) { 417 if (!e->allow_write || 418 len != dma.length || 419 dma_memory_read(s->dma_as, dma.address, 420 &e->data[s->cur_offset], len)) { 421 dma.control |= FW_CFG_DMA_CTL_ERROR; 422 } 423 } 424 425 s->cur_offset += len; 426 } 427 428 dma.address += len; 429 dma.length -= len; 430 431 } 432 433 stl_be_dma(s->dma_as, dma_addr + offsetof(FWCfgDmaAccess, control), 434 dma.control); 435 436 trace_fw_cfg_read(s, 0); 437 } 438 439 static uint64_t fw_cfg_dma_mem_read(void *opaque, hwaddr addr, 440 unsigned size) 441 { 442 /* Return a signature value (and handle various read sizes) */ 443 return extract64(FW_CFG_DMA_SIGNATURE, (8 - addr - size) * 8, size * 8); 444 } 445 446 static void fw_cfg_dma_mem_write(void *opaque, hwaddr addr, 447 uint64_t value, unsigned size) 448 { 449 FWCfgState *s = opaque; 450 451 if (size == 4) { 452 if (addr == 0) { 453 /* FWCfgDmaAccess high address */ 454 s->dma_addr = value << 32; 455 } else if (addr == 4) { 456 /* FWCfgDmaAccess low address */ 457 s->dma_addr |= value; 458 fw_cfg_dma_transfer(s); 459 } 460 } else if (size == 8 && addr == 0) { 461 s->dma_addr = value; 462 fw_cfg_dma_transfer(s); 463 } 464 } 465 466 static bool fw_cfg_dma_mem_valid(void *opaque, hwaddr addr, 467 unsigned size, bool is_write) 468 { 469 return !is_write || ((size == 4 && (addr == 0 || addr == 4)) || 470 (size == 8 && addr == 0)); 471 } 472 473 static bool fw_cfg_data_mem_valid(void *opaque, hwaddr addr, 474 unsigned size, bool is_write) 475 { 476 return addr == 0; 477 } 478 479 static void fw_cfg_ctl_mem_write(void *opaque, hwaddr addr, 480 uint64_t value, unsigned size) 481 { 482 fw_cfg_select(opaque, (uint16_t)value); 483 } 484 485 static bool fw_cfg_ctl_mem_valid(void *opaque, hwaddr addr, 486 unsigned size, bool is_write) 487 { 488 return is_write && size == 2; 489 } 490 491 static void fw_cfg_comb_write(void *opaque, hwaddr addr, 492 uint64_t value, unsigned size) 493 { 494 switch (size) { 495 case 1: 496 fw_cfg_write(opaque, (uint8_t)value); 497 break; 498 case 2: 499 fw_cfg_select(opaque, (uint16_t)value); 500 break; 501 } 502 } 503 504 static bool fw_cfg_comb_valid(void *opaque, hwaddr addr, 505 unsigned size, bool is_write) 506 { 507 return (size == 1) || (is_write && size == 2); 508 } 509 510 static const MemoryRegionOps fw_cfg_ctl_mem_ops = { 511 .write = fw_cfg_ctl_mem_write, 512 .endianness = DEVICE_BIG_ENDIAN, 513 .valid.accepts = fw_cfg_ctl_mem_valid, 514 }; 515 516 static const MemoryRegionOps fw_cfg_data_mem_ops = { 517 .read = fw_cfg_data_read, 518 .write = fw_cfg_data_mem_write, 519 .endianness = DEVICE_BIG_ENDIAN, 520 .valid = { 521 .min_access_size = 1, 522 .max_access_size = 1, 523 .accepts = fw_cfg_data_mem_valid, 524 }, 525 }; 526 527 static const MemoryRegionOps fw_cfg_comb_mem_ops = { 528 .read = fw_cfg_data_read, 529 .write = fw_cfg_comb_write, 530 .endianness = DEVICE_LITTLE_ENDIAN, 531 .valid.accepts = fw_cfg_comb_valid, 532 }; 533 534 static const MemoryRegionOps fw_cfg_dma_mem_ops = { 535 .read = fw_cfg_dma_mem_read, 536 .write = fw_cfg_dma_mem_write, 537 .endianness = DEVICE_BIG_ENDIAN, 538 .valid.accepts = fw_cfg_dma_mem_valid, 539 .valid.max_access_size = 8, 540 .impl.max_access_size = 8, 541 }; 542 543 static void fw_cfg_reset(DeviceState *d) 544 { 545 FWCfgState *s = FW_CFG(d); 546 547 /* we never register a read callback for FW_CFG_SIGNATURE */ 548 fw_cfg_select(s, FW_CFG_SIGNATURE); 549 } 550 551 /* Save restore 32 bit int as uint16_t 552 This is a Big hack, but it is how the old state did it. 553 Or we broke compatibility in the state, or we can't use struct tm 554 */ 555 556 static int get_uint32_as_uint16(QEMUFile *f, void *pv, size_t size) 557 { 558 uint32_t *v = pv; 559 *v = qemu_get_be16(f); 560 return 0; 561 } 562 563 static void put_unused(QEMUFile *f, void *pv, size_t size) 564 { 565 fprintf(stderr, "uint32_as_uint16 is only used for backward compatibility.\n"); 566 fprintf(stderr, "This functions shouldn't be called.\n"); 567 } 568 569 static const VMStateInfo vmstate_hack_uint32_as_uint16 = { 570 .name = "int32_as_uint16", 571 .get = get_uint32_as_uint16, 572 .put = put_unused, 573 }; 574 575 #define VMSTATE_UINT16_HACK(_f, _s, _t) \ 576 VMSTATE_SINGLE_TEST(_f, _s, _t, 0, vmstate_hack_uint32_as_uint16, uint32_t) 577 578 579 static bool is_version_1(void *opaque, int version_id) 580 { 581 return version_id == 1; 582 } 583 584 bool fw_cfg_dma_enabled(void *opaque) 585 { 586 FWCfgState *s = opaque; 587 588 return s->dma_enabled; 589 } 590 591 static const VMStateDescription vmstate_fw_cfg_dma = { 592 .name = "fw_cfg/dma", 593 .needed = fw_cfg_dma_enabled, 594 .fields = (VMStateField[]) { 595 VMSTATE_UINT64(dma_addr, FWCfgState), 596 VMSTATE_END_OF_LIST() 597 }, 598 }; 599 600 static const VMStateDescription vmstate_fw_cfg = { 601 .name = "fw_cfg", 602 .version_id = 2, 603 .minimum_version_id = 1, 604 .fields = (VMStateField[]) { 605 VMSTATE_UINT16(cur_entry, FWCfgState), 606 VMSTATE_UINT16_HACK(cur_offset, FWCfgState, is_version_1), 607 VMSTATE_UINT32_V(cur_offset, FWCfgState, 2), 608 VMSTATE_END_OF_LIST() 609 }, 610 .subsections = (const VMStateDescription*[]) { 611 &vmstate_fw_cfg_dma, 612 NULL, 613 } 614 }; 615 616 static void fw_cfg_add_bytes_read_callback(FWCfgState *s, uint16_t key, 617 FWCfgReadCallback callback, 618 void *callback_opaque, 619 void *data, size_t len, 620 bool read_only) 621 { 622 int arch = !!(key & FW_CFG_ARCH_LOCAL); 623 624 key &= FW_CFG_ENTRY_MASK; 625 626 assert(key < fw_cfg_max_entry(s) && len < UINT32_MAX); 627 assert(s->entries[arch][key].data == NULL); /* avoid key conflict */ 628 629 s->entries[arch][key].data = data; 630 s->entries[arch][key].len = (uint32_t)len; 631 s->entries[arch][key].read_callback = callback; 632 s->entries[arch][key].callback_opaque = callback_opaque; 633 s->entries[arch][key].allow_write = !read_only; 634 } 635 636 static void *fw_cfg_modify_bytes_read(FWCfgState *s, uint16_t key, 637 void *data, size_t len) 638 { 639 void *ptr; 640 int arch = !!(key & FW_CFG_ARCH_LOCAL); 641 642 key &= FW_CFG_ENTRY_MASK; 643 644 assert(key < fw_cfg_max_entry(s) && len < UINT32_MAX); 645 646 /* return the old data to the function caller, avoid memory leak */ 647 ptr = s->entries[arch][key].data; 648 s->entries[arch][key].data = data; 649 s->entries[arch][key].len = len; 650 s->entries[arch][key].callback_opaque = NULL; 651 s->entries[arch][key].allow_write = false; 652 653 return ptr; 654 } 655 656 void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void *data, size_t len) 657 { 658 fw_cfg_add_bytes_read_callback(s, key, NULL, NULL, data, len, true); 659 } 660 661 void fw_cfg_add_string(FWCfgState *s, uint16_t key, const char *value) 662 { 663 size_t sz = strlen(value) + 1; 664 665 fw_cfg_add_bytes(s, key, g_memdup(value, sz), sz); 666 } 667 668 void fw_cfg_add_i16(FWCfgState *s, uint16_t key, uint16_t value) 669 { 670 uint16_t *copy; 671 672 copy = g_malloc(sizeof(value)); 673 *copy = cpu_to_le16(value); 674 fw_cfg_add_bytes(s, key, copy, sizeof(value)); 675 } 676 677 void fw_cfg_modify_i16(FWCfgState *s, uint16_t key, uint16_t value) 678 { 679 uint16_t *copy, *old; 680 681 copy = g_malloc(sizeof(value)); 682 *copy = cpu_to_le16(value); 683 old = fw_cfg_modify_bytes_read(s, key, copy, sizeof(value)); 684 g_free(old); 685 } 686 687 void fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t value) 688 { 689 uint32_t *copy; 690 691 copy = g_malloc(sizeof(value)); 692 *copy = cpu_to_le32(value); 693 fw_cfg_add_bytes(s, key, copy, sizeof(value)); 694 } 695 696 void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value) 697 { 698 uint64_t *copy; 699 700 copy = g_malloc(sizeof(value)); 701 *copy = cpu_to_le64(value); 702 fw_cfg_add_bytes(s, key, copy, sizeof(value)); 703 } 704 705 void fw_cfg_set_order_override(FWCfgState *s, int order) 706 { 707 assert(s->fw_cfg_order_override == 0); 708 s->fw_cfg_order_override = order; 709 } 710 711 void fw_cfg_reset_order_override(FWCfgState *s) 712 { 713 assert(s->fw_cfg_order_override != 0); 714 s->fw_cfg_order_override = 0; 715 } 716 717 /* 718 * This is the legacy order list. For legacy systems, files are in 719 * the fw_cfg in the order defined below, by the "order" value. Note 720 * that some entries (VGA ROMs, NIC option ROMS, etc.) go into a 721 * specific area, but there may be more than one and they occur in the 722 * order that the user specifies them on the command line. Those are 723 * handled in a special manner, using the order override above. 724 * 725 * For non-legacy, the files are sorted by filename to avoid this kind 726 * of complexity in the future. 727 * 728 * This is only for x86, other arches don't implement versioning so 729 * they won't set legacy mode. 730 */ 731 static struct { 732 const char *name; 733 int order; 734 } fw_cfg_order[] = { 735 { "etc/boot-menu-wait", 10 }, 736 { "bootsplash.jpg", 11 }, 737 { "bootsplash.bmp", 12 }, 738 { "etc/boot-fail-wait", 15 }, 739 { "etc/smbios/smbios-tables", 20 }, 740 { "etc/smbios/smbios-anchor", 30 }, 741 { "etc/e820", 40 }, 742 { "etc/reserved-memory-end", 50 }, 743 { "genroms/kvmvapic.bin", 55 }, 744 { "genroms/linuxboot.bin", 60 }, 745 { }, /* VGA ROMs from pc_vga_init come here, 70. */ 746 { }, /* NIC option ROMs from pc_nic_init come here, 80. */ 747 { "etc/system-states", 90 }, 748 { }, /* User ROMs come here, 100. */ 749 { }, /* Device FW comes here, 110. */ 750 { "etc/extra-pci-roots", 120 }, 751 { "etc/acpi/tables", 130 }, 752 { "etc/table-loader", 140 }, 753 { "etc/tpm/log", 150 }, 754 { "etc/acpi/rsdp", 160 }, 755 { "bootorder", 170 }, 756 757 #define FW_CFG_ORDER_OVERRIDE_LAST 200 758 }; 759 760 static int get_fw_cfg_order(FWCfgState *s, const char *name) 761 { 762 int i; 763 764 if (s->fw_cfg_order_override > 0) { 765 return s->fw_cfg_order_override; 766 } 767 768 for (i = 0; i < ARRAY_SIZE(fw_cfg_order); i++) { 769 if (fw_cfg_order[i].name == NULL) { 770 continue; 771 } 772 773 if (strcmp(name, fw_cfg_order[i].name) == 0) { 774 return fw_cfg_order[i].order; 775 } 776 } 777 778 /* Stick unknown stuff at the end. */ 779 error_report("warning: Unknown firmware file in legacy mode: %s", name); 780 return FW_CFG_ORDER_OVERRIDE_LAST; 781 } 782 783 void fw_cfg_add_file_callback(FWCfgState *s, const char *filename, 784 FWCfgReadCallback callback, void *callback_opaque, 785 void *data, size_t len, bool read_only) 786 { 787 int i, index, count; 788 size_t dsize; 789 MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine()); 790 int order = 0; 791 792 if (!s->files) { 793 dsize = sizeof(uint32_t) + sizeof(FWCfgFile) * fw_cfg_file_slots(s); 794 s->files = g_malloc0(dsize); 795 fw_cfg_add_bytes(s, FW_CFG_FILE_DIR, s->files, dsize); 796 } 797 798 count = be32_to_cpu(s->files->count); 799 assert(count < fw_cfg_file_slots(s)); 800 801 /* Find the insertion point. */ 802 if (mc->legacy_fw_cfg_order) { 803 /* 804 * Sort by order. For files with the same order, we keep them 805 * in the sequence in which they were added. 806 */ 807 order = get_fw_cfg_order(s, filename); 808 for (index = count; 809 index > 0 && order < s->entry_order[index - 1]; 810 index--); 811 } else { 812 /* Sort by file name. */ 813 for (index = count; 814 index > 0 && strcmp(filename, s->files->f[index - 1].name) < 0; 815 index--); 816 } 817 818 /* 819 * Move all the entries from the index point and after down one 820 * to create a slot for the new entry. Because calculations are 821 * being done with the index, make it so that "i" is the current 822 * index and "i - 1" is the one being copied from, thus the 823 * unusual start and end in the for statement. 824 */ 825 for (i = count + 1; i > index; i--) { 826 s->files->f[i] = s->files->f[i - 1]; 827 s->files->f[i].select = cpu_to_be16(FW_CFG_FILE_FIRST + i); 828 s->entries[0][FW_CFG_FILE_FIRST + i] = 829 s->entries[0][FW_CFG_FILE_FIRST + i - 1]; 830 s->entry_order[i] = s->entry_order[i - 1]; 831 } 832 833 memset(&s->files->f[index], 0, sizeof(FWCfgFile)); 834 memset(&s->entries[0][FW_CFG_FILE_FIRST + index], 0, sizeof(FWCfgEntry)); 835 836 pstrcpy(s->files->f[index].name, sizeof(s->files->f[index].name), filename); 837 for (i = 0; i <= count; i++) { 838 if (i != index && 839 strcmp(s->files->f[index].name, s->files->f[i].name) == 0) { 840 error_report("duplicate fw_cfg file name: %s", 841 s->files->f[index].name); 842 exit(1); 843 } 844 } 845 846 fw_cfg_add_bytes_read_callback(s, FW_CFG_FILE_FIRST + index, 847 callback, callback_opaque, data, len, 848 read_only); 849 850 s->files->f[index].size = cpu_to_be32(len); 851 s->files->f[index].select = cpu_to_be16(FW_CFG_FILE_FIRST + index); 852 s->entry_order[index] = order; 853 trace_fw_cfg_add_file(s, index, s->files->f[index].name, len); 854 855 s->files->count = cpu_to_be32(count+1); 856 } 857 858 void fw_cfg_add_file(FWCfgState *s, const char *filename, 859 void *data, size_t len) 860 { 861 fw_cfg_add_file_callback(s, filename, NULL, NULL, data, len, true); 862 } 863 864 void *fw_cfg_modify_file(FWCfgState *s, const char *filename, 865 void *data, size_t len) 866 { 867 int i, index; 868 void *ptr = NULL; 869 870 assert(s->files); 871 872 index = be32_to_cpu(s->files->count); 873 assert(index < fw_cfg_file_slots(s)); 874 875 for (i = 0; i < index; i++) { 876 if (strcmp(filename, s->files->f[i].name) == 0) { 877 ptr = fw_cfg_modify_bytes_read(s, FW_CFG_FILE_FIRST + i, 878 data, len); 879 s->files->f[i].size = cpu_to_be32(len); 880 return ptr; 881 } 882 } 883 /* add new one */ 884 fw_cfg_add_file_callback(s, filename, NULL, NULL, data, len, true); 885 return NULL; 886 } 887 888 static void fw_cfg_machine_reset(void *opaque) 889 { 890 void *ptr; 891 size_t len; 892 FWCfgState *s = opaque; 893 char *bootindex = get_boot_devices_list(&len, false); 894 895 ptr = fw_cfg_modify_file(s, "bootorder", (uint8_t *)bootindex, len); 896 g_free(ptr); 897 } 898 899 static void fw_cfg_machine_ready(struct Notifier *n, void *data) 900 { 901 FWCfgState *s = container_of(n, FWCfgState, machine_ready); 902 qemu_register_reset(fw_cfg_machine_reset, s); 903 } 904 905 906 907 static void fw_cfg_init1(DeviceState *dev) 908 { 909 FWCfgState *s = FW_CFG(dev); 910 MachineState *machine = MACHINE(qdev_get_machine()); 911 912 assert(!object_resolve_path(FW_CFG_PATH, NULL)); 913 914 object_property_add_child(OBJECT(machine), FW_CFG_NAME, OBJECT(s), NULL); 915 916 qdev_init_nofail(dev); 917 918 fw_cfg_add_bytes(s, FW_CFG_SIGNATURE, (char *)"QEMU", 4); 919 fw_cfg_add_bytes(s, FW_CFG_UUID, &qemu_uuid, 16); 920 fw_cfg_add_i16(s, FW_CFG_NOGRAPHIC, (uint16_t)!machine->enable_graphics); 921 fw_cfg_add_i16(s, FW_CFG_BOOT_MENU, (uint16_t)boot_menu); 922 fw_cfg_bootsplash(s); 923 fw_cfg_reboot(s); 924 925 s->machine_ready.notify = fw_cfg_machine_ready; 926 qemu_add_machine_init_done_notifier(&s->machine_ready); 927 } 928 929 FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t dma_iobase, 930 AddressSpace *dma_as) 931 { 932 DeviceState *dev; 933 FWCfgState *s; 934 uint32_t version = FW_CFG_VERSION; 935 bool dma_requested = dma_iobase && dma_as; 936 937 dev = qdev_create(NULL, TYPE_FW_CFG_IO); 938 qdev_prop_set_uint32(dev, "iobase", iobase); 939 qdev_prop_set_uint32(dev, "dma_iobase", dma_iobase); 940 if (!dma_requested) { 941 qdev_prop_set_bit(dev, "dma_enabled", false); 942 } 943 944 fw_cfg_init1(dev); 945 s = FW_CFG(dev); 946 947 if (s->dma_enabled) { 948 /* 64 bits for the address field */ 949 s->dma_as = dma_as; 950 s->dma_addr = 0; 951 952 version |= FW_CFG_VERSION_DMA; 953 } 954 955 fw_cfg_add_i32(s, FW_CFG_ID, version); 956 957 return s; 958 } 959 960 FWCfgState *fw_cfg_init_io(uint32_t iobase) 961 { 962 return fw_cfg_init_io_dma(iobase, 0, NULL); 963 } 964 965 FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr, 966 hwaddr data_addr, uint32_t data_width, 967 hwaddr dma_addr, AddressSpace *dma_as) 968 { 969 DeviceState *dev; 970 SysBusDevice *sbd; 971 FWCfgState *s; 972 uint32_t version = FW_CFG_VERSION; 973 bool dma_requested = dma_addr && dma_as; 974 975 dev = qdev_create(NULL, TYPE_FW_CFG_MEM); 976 qdev_prop_set_uint32(dev, "data_width", data_width); 977 if (!dma_requested) { 978 qdev_prop_set_bit(dev, "dma_enabled", false); 979 } 980 981 fw_cfg_init1(dev); 982 983 sbd = SYS_BUS_DEVICE(dev); 984 sysbus_mmio_map(sbd, 0, ctl_addr); 985 sysbus_mmio_map(sbd, 1, data_addr); 986 987 s = FW_CFG(dev); 988 989 if (s->dma_enabled) { 990 s->dma_as = dma_as; 991 s->dma_addr = 0; 992 sysbus_mmio_map(sbd, 2, dma_addr); 993 version |= FW_CFG_VERSION_DMA; 994 } 995 996 fw_cfg_add_i32(s, FW_CFG_ID, version); 997 998 return s; 999 } 1000 1001 FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr) 1002 { 1003 return fw_cfg_init_mem_wide(ctl_addr, data_addr, 1004 fw_cfg_data_mem_ops.valid.max_access_size, 1005 0, NULL); 1006 } 1007 1008 1009 FWCfgState *fw_cfg_find(void) 1010 { 1011 return FW_CFG(object_resolve_path(FW_CFG_PATH, NULL)); 1012 } 1013 1014 static void fw_cfg_class_init(ObjectClass *klass, void *data) 1015 { 1016 DeviceClass *dc = DEVICE_CLASS(klass); 1017 1018 dc->reset = fw_cfg_reset; 1019 dc->vmsd = &vmstate_fw_cfg; 1020 } 1021 1022 static const TypeInfo fw_cfg_info = { 1023 .name = TYPE_FW_CFG, 1024 .parent = TYPE_SYS_BUS_DEVICE, 1025 .abstract = true, 1026 .instance_size = sizeof(FWCfgState), 1027 .class_init = fw_cfg_class_init, 1028 }; 1029 1030 static void fw_cfg_file_slots_allocate(FWCfgState *s, Error **errp) 1031 { 1032 uint16_t file_slots_max; 1033 1034 if (fw_cfg_file_slots(s) < FW_CFG_FILE_SLOTS_MIN) { 1035 error_setg(errp, "\"file_slots\" must be at least 0x%x", 1036 FW_CFG_FILE_SLOTS_MIN); 1037 return; 1038 } 1039 1040 /* (UINT16_MAX & FW_CFG_ENTRY_MASK) is the highest inclusive selector value 1041 * that we permit. The actual (exclusive) value coming from the 1042 * configuration is (FW_CFG_FILE_FIRST + fw_cfg_file_slots(s)). */ 1043 file_slots_max = (UINT16_MAX & FW_CFG_ENTRY_MASK) - FW_CFG_FILE_FIRST + 1; 1044 if (fw_cfg_file_slots(s) > file_slots_max) { 1045 error_setg(errp, "\"file_slots\" must not exceed 0x%" PRIx16, 1046 file_slots_max); 1047 return; 1048 } 1049 1050 s->entries[0] = g_new0(FWCfgEntry, fw_cfg_max_entry(s)); 1051 s->entries[1] = g_new0(FWCfgEntry, fw_cfg_max_entry(s)); 1052 s->entry_order = g_new0(int, fw_cfg_max_entry(s)); 1053 } 1054 1055 static Property fw_cfg_io_properties[] = { 1056 DEFINE_PROP_UINT32("iobase", FWCfgIoState, iobase, -1), 1057 DEFINE_PROP_UINT32("dma_iobase", FWCfgIoState, dma_iobase, -1), 1058 DEFINE_PROP_BOOL("dma_enabled", FWCfgIoState, parent_obj.dma_enabled, 1059 true), 1060 DEFINE_PROP_UINT16("x-file-slots", FWCfgIoState, parent_obj.file_slots, 1061 FW_CFG_FILE_SLOTS_MIN), 1062 DEFINE_PROP_END_OF_LIST(), 1063 }; 1064 1065 static void fw_cfg_io_realize(DeviceState *dev, Error **errp) 1066 { 1067 FWCfgIoState *s = FW_CFG_IO(dev); 1068 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1069 Error *local_err = NULL; 1070 1071 fw_cfg_file_slots_allocate(FW_CFG(s), &local_err); 1072 if (local_err) { 1073 error_propagate(errp, local_err); 1074 return; 1075 } 1076 1077 /* when using port i/o, the 8-bit data register ALWAYS overlaps 1078 * with half of the 16-bit control register. Hence, the total size 1079 * of the i/o region used is FW_CFG_CTL_SIZE */ 1080 memory_region_init_io(&s->comb_iomem, OBJECT(s), &fw_cfg_comb_mem_ops, 1081 FW_CFG(s), "fwcfg", FW_CFG_CTL_SIZE); 1082 sysbus_add_io(sbd, s->iobase, &s->comb_iomem); 1083 1084 if (FW_CFG(s)->dma_enabled) { 1085 memory_region_init_io(&FW_CFG(s)->dma_iomem, OBJECT(s), 1086 &fw_cfg_dma_mem_ops, FW_CFG(s), "fwcfg.dma", 1087 sizeof(dma_addr_t)); 1088 sysbus_add_io(sbd, s->dma_iobase, &FW_CFG(s)->dma_iomem); 1089 } 1090 } 1091 1092 static void fw_cfg_io_class_init(ObjectClass *klass, void *data) 1093 { 1094 DeviceClass *dc = DEVICE_CLASS(klass); 1095 1096 dc->realize = fw_cfg_io_realize; 1097 dc->props = fw_cfg_io_properties; 1098 } 1099 1100 static const TypeInfo fw_cfg_io_info = { 1101 .name = TYPE_FW_CFG_IO, 1102 .parent = TYPE_FW_CFG, 1103 .instance_size = sizeof(FWCfgIoState), 1104 .class_init = fw_cfg_io_class_init, 1105 }; 1106 1107 1108 static Property fw_cfg_mem_properties[] = { 1109 DEFINE_PROP_UINT32("data_width", FWCfgMemState, data_width, -1), 1110 DEFINE_PROP_BOOL("dma_enabled", FWCfgMemState, parent_obj.dma_enabled, 1111 true), 1112 DEFINE_PROP_UINT16("x-file-slots", FWCfgMemState, parent_obj.file_slots, 1113 FW_CFG_FILE_SLOTS_MIN), 1114 DEFINE_PROP_END_OF_LIST(), 1115 }; 1116 1117 static void fw_cfg_mem_realize(DeviceState *dev, Error **errp) 1118 { 1119 FWCfgMemState *s = FW_CFG_MEM(dev); 1120 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1121 const MemoryRegionOps *data_ops = &fw_cfg_data_mem_ops; 1122 Error *local_err = NULL; 1123 1124 fw_cfg_file_slots_allocate(FW_CFG(s), &local_err); 1125 if (local_err) { 1126 error_propagate(errp, local_err); 1127 return; 1128 } 1129 1130 memory_region_init_io(&s->ctl_iomem, OBJECT(s), &fw_cfg_ctl_mem_ops, 1131 FW_CFG(s), "fwcfg.ctl", FW_CFG_CTL_SIZE); 1132 sysbus_init_mmio(sbd, &s->ctl_iomem); 1133 1134 if (s->data_width > data_ops->valid.max_access_size) { 1135 /* memberwise copy because the "old_mmio" member is const */ 1136 s->wide_data_ops.read = data_ops->read; 1137 s->wide_data_ops.write = data_ops->write; 1138 s->wide_data_ops.endianness = data_ops->endianness; 1139 s->wide_data_ops.valid = data_ops->valid; 1140 s->wide_data_ops.impl = data_ops->impl; 1141 1142 s->wide_data_ops.valid.max_access_size = s->data_width; 1143 s->wide_data_ops.impl.max_access_size = s->data_width; 1144 data_ops = &s->wide_data_ops; 1145 } 1146 memory_region_init_io(&s->data_iomem, OBJECT(s), data_ops, FW_CFG(s), 1147 "fwcfg.data", data_ops->valid.max_access_size); 1148 sysbus_init_mmio(sbd, &s->data_iomem); 1149 1150 if (FW_CFG(s)->dma_enabled) { 1151 memory_region_init_io(&FW_CFG(s)->dma_iomem, OBJECT(s), 1152 &fw_cfg_dma_mem_ops, FW_CFG(s), "fwcfg.dma", 1153 sizeof(dma_addr_t)); 1154 sysbus_init_mmio(sbd, &FW_CFG(s)->dma_iomem); 1155 } 1156 } 1157 1158 static void fw_cfg_mem_class_init(ObjectClass *klass, void *data) 1159 { 1160 DeviceClass *dc = DEVICE_CLASS(klass); 1161 1162 dc->realize = fw_cfg_mem_realize; 1163 dc->props = fw_cfg_mem_properties; 1164 } 1165 1166 static const TypeInfo fw_cfg_mem_info = { 1167 .name = TYPE_FW_CFG_MEM, 1168 .parent = TYPE_FW_CFG, 1169 .instance_size = sizeof(FWCfgMemState), 1170 .class_init = fw_cfg_mem_class_init, 1171 }; 1172 1173 1174 static void fw_cfg_register_types(void) 1175 { 1176 type_register_static(&fw_cfg_info); 1177 type_register_static(&fw_cfg_io_info); 1178 type_register_static(&fw_cfg_mem_info); 1179 } 1180 1181 type_init(fw_cfg_register_types) 1182