0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011 #include <linux/acpi.h>
0012 #include <linux/device.h>
0013 #include <linux/efi.h>
0014 #include <linux/err.h>
0015 #include <linux/errno.h>
0016 #include <linux/file.h>
0017 #include <linux/fs.h>
0018 #include <linux/idr.h>
0019 #include <linux/miscdevice.h>
0020 #include <linux/module.h>
0021 #include <linux/platform_device.h>
0022 #include <linux/string.h>
0023 #include <linux/uaccess.h>
0024 #include <linux/uio.h>
0025 #include <linux/uuid.h>
0026
0027 #include <uapi/linux/pfrut.h>
0028
0029 #define PFRU_FUNC_STANDARD_QUERY 0
0030 #define PFRU_FUNC_QUERY_UPDATE_CAP 1
0031 #define PFRU_FUNC_QUERY_BUF 2
0032 #define PFRU_FUNC_START 3
0033
0034 #define PFRU_CODE_INJECT_TYPE 1
0035 #define PFRU_DRIVER_UPDATE_TYPE 2
0036
0037 #define PFRU_REVID_1 1
0038 #define PFRU_REVID_2 2
0039 #define PFRU_DEFAULT_REV_ID PFRU_REVID_1
0040
0041 enum cap_index {
0042 CAP_STATUS_IDX = 0,
0043 CAP_UPDATE_IDX = 1,
0044 CAP_CODE_TYPE_IDX = 2,
0045 CAP_FW_VER_IDX = 3,
0046 CAP_CODE_RT_VER_IDX = 4,
0047 CAP_DRV_TYPE_IDX = 5,
0048 CAP_DRV_RT_VER_IDX = 6,
0049 CAP_DRV_SVN_IDX = 7,
0050 CAP_PLAT_ID_IDX = 8,
0051 CAP_OEM_ID_IDX = 9,
0052 CAP_OEM_INFO_IDX = 10,
0053 CAP_NR_IDX
0054 };
0055
0056 enum buf_index {
0057 BUF_STATUS_IDX = 0,
0058 BUF_EXT_STATUS_IDX = 1,
0059 BUF_ADDR_LOW_IDX = 2,
0060 BUF_ADDR_HI_IDX = 3,
0061 BUF_SIZE_IDX = 4,
0062 BUF_NR_IDX
0063 };
0064
0065 enum update_index {
0066 UPDATE_STATUS_IDX = 0,
0067 UPDATE_EXT_STATUS_IDX = 1,
0068 UPDATE_AUTH_TIME_LOW_IDX = 2,
0069 UPDATE_AUTH_TIME_HI_IDX = 3,
0070 UPDATE_EXEC_TIME_LOW_IDX = 4,
0071 UPDATE_EXEC_TIME_HI_IDX = 5,
0072 UPDATE_NR_IDX
0073 };
0074
0075 enum pfru_start_action {
0076 START_STAGE = 0,
0077 START_ACTIVATE = 1,
0078 START_STAGE_ACTIVATE = 2,
0079 };
0080
0081 struct pfru_device {
0082 u32 rev_id, index;
0083 struct device *parent_dev;
0084 struct miscdevice miscdev;
0085 };
0086
0087 static DEFINE_IDA(pfru_ida);
0088
0089
0090
0091
0092
0093
0094
0095 static const guid_t pfru_guid =
0096 GUID_INIT(0xECF9533B, 0x4A3C, 0x4E89, 0x93, 0x9E, 0xC7, 0x71,
0097 0x12, 0x60, 0x1C, 0x6D);
0098
0099
0100 static const guid_t pfru_code_inj_guid =
0101 GUID_INIT(0xB2F84B79, 0x7B6E, 0x4E45, 0x88, 0x5F, 0x3F, 0xB9,
0102 0xBB, 0x18, 0x54, 0x02);
0103
0104
0105 static const guid_t pfru_drv_update_guid =
0106 GUID_INIT(0x4569DD8C, 0x75F1, 0x429A, 0xA3, 0xD6, 0x24, 0xDE,
0107 0x80, 0x97, 0xA0, 0xDF);
0108
0109 static inline int pfru_valid_revid(u32 id)
0110 {
0111 return id == PFRU_REVID_1 || id == PFRU_REVID_2;
0112 }
0113
0114 static inline struct pfru_device *to_pfru_dev(struct file *file)
0115 {
0116 return container_of(file->private_data, struct pfru_device, miscdev);
0117 }
0118
0119 static int query_capability(struct pfru_update_cap_info *cap_hdr,
0120 struct pfru_device *pfru_dev)
0121 {
0122 acpi_handle handle = ACPI_HANDLE(pfru_dev->parent_dev);
0123 union acpi_object *out_obj;
0124 int ret = -EINVAL;
0125
0126 out_obj = acpi_evaluate_dsm_typed(handle, &pfru_guid,
0127 pfru_dev->rev_id,
0128 PFRU_FUNC_QUERY_UPDATE_CAP,
0129 NULL, ACPI_TYPE_PACKAGE);
0130 if (!out_obj)
0131 return ret;
0132
0133 if (out_obj->package.count < CAP_NR_IDX ||
0134 out_obj->package.elements[CAP_STATUS_IDX].type != ACPI_TYPE_INTEGER ||
0135 out_obj->package.elements[CAP_UPDATE_IDX].type != ACPI_TYPE_INTEGER ||
0136 out_obj->package.elements[CAP_CODE_TYPE_IDX].type != ACPI_TYPE_BUFFER ||
0137 out_obj->package.elements[CAP_FW_VER_IDX].type != ACPI_TYPE_INTEGER ||
0138 out_obj->package.elements[CAP_CODE_RT_VER_IDX].type != ACPI_TYPE_INTEGER ||
0139 out_obj->package.elements[CAP_DRV_TYPE_IDX].type != ACPI_TYPE_BUFFER ||
0140 out_obj->package.elements[CAP_DRV_RT_VER_IDX].type != ACPI_TYPE_INTEGER ||
0141 out_obj->package.elements[CAP_DRV_SVN_IDX].type != ACPI_TYPE_INTEGER ||
0142 out_obj->package.elements[CAP_PLAT_ID_IDX].type != ACPI_TYPE_BUFFER ||
0143 out_obj->package.elements[CAP_OEM_ID_IDX].type != ACPI_TYPE_BUFFER ||
0144 out_obj->package.elements[CAP_OEM_INFO_IDX].type != ACPI_TYPE_BUFFER)
0145 goto free_acpi_buffer;
0146
0147 cap_hdr->status = out_obj->package.elements[CAP_STATUS_IDX].integer.value;
0148 if (cap_hdr->status != DSM_SUCCEED) {
0149 ret = -EBUSY;
0150 dev_dbg(pfru_dev->parent_dev, "Error Status:%d\n", cap_hdr->status);
0151 goto free_acpi_buffer;
0152 }
0153
0154 cap_hdr->update_cap = out_obj->package.elements[CAP_UPDATE_IDX].integer.value;
0155 memcpy(&cap_hdr->code_type,
0156 out_obj->package.elements[CAP_CODE_TYPE_IDX].buffer.pointer,
0157 out_obj->package.elements[CAP_CODE_TYPE_IDX].buffer.length);
0158 cap_hdr->fw_version =
0159 out_obj->package.elements[CAP_FW_VER_IDX].integer.value;
0160 cap_hdr->code_rt_version =
0161 out_obj->package.elements[CAP_CODE_RT_VER_IDX].integer.value;
0162 memcpy(&cap_hdr->drv_type,
0163 out_obj->package.elements[CAP_DRV_TYPE_IDX].buffer.pointer,
0164 out_obj->package.elements[CAP_DRV_TYPE_IDX].buffer.length);
0165 cap_hdr->drv_rt_version =
0166 out_obj->package.elements[CAP_DRV_RT_VER_IDX].integer.value;
0167 cap_hdr->drv_svn =
0168 out_obj->package.elements[CAP_DRV_SVN_IDX].integer.value;
0169 memcpy(&cap_hdr->platform_id,
0170 out_obj->package.elements[CAP_PLAT_ID_IDX].buffer.pointer,
0171 out_obj->package.elements[CAP_PLAT_ID_IDX].buffer.length);
0172 memcpy(&cap_hdr->oem_id,
0173 out_obj->package.elements[CAP_OEM_ID_IDX].buffer.pointer,
0174 out_obj->package.elements[CAP_OEM_ID_IDX].buffer.length);
0175 cap_hdr->oem_info_len =
0176 out_obj->package.elements[CAP_OEM_INFO_IDX].buffer.length;
0177
0178 ret = 0;
0179
0180 free_acpi_buffer:
0181 kfree(out_obj);
0182
0183 return ret;
0184 }
0185
0186 static int query_buffer(struct pfru_com_buf_info *info,
0187 struct pfru_device *pfru_dev)
0188 {
0189 acpi_handle handle = ACPI_HANDLE(pfru_dev->parent_dev);
0190 union acpi_object *out_obj;
0191 int ret = -EINVAL;
0192
0193 out_obj = acpi_evaluate_dsm_typed(handle, &pfru_guid,
0194 pfru_dev->rev_id, PFRU_FUNC_QUERY_BUF,
0195 NULL, ACPI_TYPE_PACKAGE);
0196 if (!out_obj)
0197 return ret;
0198
0199 if (out_obj->package.count < BUF_NR_IDX ||
0200 out_obj->package.elements[BUF_STATUS_IDX].type != ACPI_TYPE_INTEGER ||
0201 out_obj->package.elements[BUF_EXT_STATUS_IDX].type != ACPI_TYPE_INTEGER ||
0202 out_obj->package.elements[BUF_ADDR_LOW_IDX].type != ACPI_TYPE_INTEGER ||
0203 out_obj->package.elements[BUF_ADDR_HI_IDX].type != ACPI_TYPE_INTEGER ||
0204 out_obj->package.elements[BUF_SIZE_IDX].type != ACPI_TYPE_INTEGER)
0205 goto free_acpi_buffer;
0206
0207 info->status = out_obj->package.elements[BUF_STATUS_IDX].integer.value;
0208 info->ext_status =
0209 out_obj->package.elements[BUF_EXT_STATUS_IDX].integer.value;
0210 if (info->status != DSM_SUCCEED) {
0211 ret = -EBUSY;
0212 dev_dbg(pfru_dev->parent_dev, "Error Status:%d\n", info->status);
0213 dev_dbg(pfru_dev->parent_dev, "Error Extended Status:%d\n", info->ext_status);
0214
0215 goto free_acpi_buffer;
0216 }
0217
0218 info->addr_lo =
0219 out_obj->package.elements[BUF_ADDR_LOW_IDX].integer.value;
0220 info->addr_hi =
0221 out_obj->package.elements[BUF_ADDR_HI_IDX].integer.value;
0222 info->buf_size = out_obj->package.elements[BUF_SIZE_IDX].integer.value;
0223
0224 ret = 0;
0225
0226 free_acpi_buffer:
0227 kfree(out_obj);
0228
0229 return ret;
0230 }
0231
0232 static int get_image_type(const struct efi_manage_capsule_image_header *img_hdr,
0233 struct pfru_device *pfru_dev)
0234 {
0235 const efi_guid_t *image_type_id = &img_hdr->image_type_id;
0236
0237
0238 if (guid_equal(image_type_id, &pfru_code_inj_guid))
0239 return PFRU_CODE_INJECT_TYPE;
0240
0241 if (guid_equal(image_type_id, &pfru_drv_update_guid))
0242 return PFRU_DRIVER_UPDATE_TYPE;
0243
0244 return -EINVAL;
0245 }
0246
0247 static int adjust_efi_size(const struct efi_manage_capsule_image_header *img_hdr,
0248 int size)
0249 {
0250
0251
0252
0253
0254
0255
0256
0257 size += sizeof(struct efi_manage_capsule_image_header);
0258 switch (img_hdr->ver) {
0259 case 1:
0260 return size - 2 * sizeof(u64);
0261
0262 case 2:
0263 return size - sizeof(u64);
0264
0265 default:
0266
0267 return -EINVAL;
0268 }
0269 }
0270
0271 static bool applicable_image(const void *data, struct pfru_update_cap_info *cap,
0272 struct pfru_device *pfru_dev)
0273 {
0274 struct pfru_payload_hdr *payload_hdr;
0275 const efi_capsule_header_t *cap_hdr = data;
0276 const struct efi_manage_capsule_header *m_hdr;
0277 const struct efi_manage_capsule_image_header *m_img_hdr;
0278 const struct efi_image_auth *auth;
0279 int type, size;
0280
0281
0282
0283
0284
0285
0286
0287 size = cap_hdr->headersize;
0288 m_hdr = data + size;
0289
0290
0291
0292
0293 size += offsetof(struct efi_manage_capsule_header, offset_list) +
0294 (m_hdr->emb_drv_cnt + m_hdr->payload_cnt) * sizeof(u64);
0295 m_img_hdr = data + size;
0296
0297 type = get_image_type(m_img_hdr, pfru_dev);
0298 if (type < 0)
0299 return false;
0300
0301 size = adjust_efi_size(m_img_hdr, size);
0302 if (size < 0)
0303 return false;
0304
0305 auth = data + size;
0306 size += sizeof(u64) + auth->auth_info.hdr.len;
0307 payload_hdr = (struct pfru_payload_hdr *)(data + size);
0308
0309
0310 if (type == PFRU_CODE_INJECT_TYPE)
0311 return payload_hdr->rt_ver >= cap->code_rt_version;
0312
0313 return payload_hdr->rt_ver >= cap->drv_rt_version;
0314 }
0315
0316 static void print_update_debug_info(struct pfru_updated_result *result,
0317 struct pfru_device *pfru_dev)
0318 {
0319 dev_dbg(pfru_dev->parent_dev, "Update result:\n");
0320 dev_dbg(pfru_dev->parent_dev, "Authentication Time Low:%lld\n",
0321 result->low_auth_time);
0322 dev_dbg(pfru_dev->parent_dev, "Authentication Time High:%lld\n",
0323 result->high_auth_time);
0324 dev_dbg(pfru_dev->parent_dev, "Execution Time Low:%lld\n",
0325 result->low_exec_time);
0326 dev_dbg(pfru_dev->parent_dev, "Execution Time High:%lld\n",
0327 result->high_exec_time);
0328 }
0329
0330 static int start_update(int action, struct pfru_device *pfru_dev)
0331 {
0332 union acpi_object *out_obj, in_obj, in_buf;
0333 struct pfru_updated_result update_result;
0334 acpi_handle handle;
0335 int ret = -EINVAL;
0336
0337 memset(&in_obj, 0, sizeof(in_obj));
0338 memset(&in_buf, 0, sizeof(in_buf));
0339 in_obj.type = ACPI_TYPE_PACKAGE;
0340 in_obj.package.count = 1;
0341 in_obj.package.elements = &in_buf;
0342 in_buf.type = ACPI_TYPE_INTEGER;
0343 in_buf.integer.value = action;
0344
0345 handle = ACPI_HANDLE(pfru_dev->parent_dev);
0346 out_obj = acpi_evaluate_dsm_typed(handle, &pfru_guid,
0347 pfru_dev->rev_id, PFRU_FUNC_START,
0348 &in_obj, ACPI_TYPE_PACKAGE);
0349 if (!out_obj)
0350 return ret;
0351
0352 if (out_obj->package.count < UPDATE_NR_IDX ||
0353 out_obj->package.elements[UPDATE_STATUS_IDX].type != ACPI_TYPE_INTEGER ||
0354 out_obj->package.elements[UPDATE_EXT_STATUS_IDX].type != ACPI_TYPE_INTEGER ||
0355 out_obj->package.elements[UPDATE_AUTH_TIME_LOW_IDX].type != ACPI_TYPE_INTEGER ||
0356 out_obj->package.elements[UPDATE_AUTH_TIME_HI_IDX].type != ACPI_TYPE_INTEGER ||
0357 out_obj->package.elements[UPDATE_EXEC_TIME_LOW_IDX].type != ACPI_TYPE_INTEGER ||
0358 out_obj->package.elements[UPDATE_EXEC_TIME_HI_IDX].type != ACPI_TYPE_INTEGER)
0359 goto free_acpi_buffer;
0360
0361 update_result.status =
0362 out_obj->package.elements[UPDATE_STATUS_IDX].integer.value;
0363 update_result.ext_status =
0364 out_obj->package.elements[UPDATE_EXT_STATUS_IDX].integer.value;
0365
0366 if (update_result.status != DSM_SUCCEED) {
0367 ret = -EBUSY;
0368 dev_dbg(pfru_dev->parent_dev, "Error Status:%d\n", update_result.status);
0369 dev_dbg(pfru_dev->parent_dev, "Error Extended Status:%d\n",
0370 update_result.ext_status);
0371
0372 goto free_acpi_buffer;
0373 }
0374
0375 update_result.low_auth_time =
0376 out_obj->package.elements[UPDATE_AUTH_TIME_LOW_IDX].integer.value;
0377 update_result.high_auth_time =
0378 out_obj->package.elements[UPDATE_AUTH_TIME_HI_IDX].integer.value;
0379 update_result.low_exec_time =
0380 out_obj->package.elements[UPDATE_EXEC_TIME_LOW_IDX].integer.value;
0381 update_result.high_exec_time =
0382 out_obj->package.elements[UPDATE_EXEC_TIME_HI_IDX].integer.value;
0383
0384 print_update_debug_info(&update_result, pfru_dev);
0385 ret = 0;
0386
0387 free_acpi_buffer:
0388 kfree(out_obj);
0389
0390 return ret;
0391 }
0392
0393 static long pfru_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
0394 {
0395 struct pfru_update_cap_info cap_hdr;
0396 struct pfru_device *pfru_dev = to_pfru_dev(file);
0397 void __user *p = (void __user *)arg;
0398 u32 rev;
0399 int ret;
0400
0401 switch (cmd) {
0402 case PFRU_IOC_QUERY_CAP:
0403 ret = query_capability(&cap_hdr, pfru_dev);
0404 if (ret)
0405 return ret;
0406
0407 if (copy_to_user(p, &cap_hdr, sizeof(cap_hdr)))
0408 return -EFAULT;
0409
0410 return 0;
0411
0412 case PFRU_IOC_SET_REV:
0413 if (copy_from_user(&rev, p, sizeof(rev)))
0414 return -EFAULT;
0415
0416 if (!pfru_valid_revid(rev))
0417 return -EINVAL;
0418
0419 pfru_dev->rev_id = rev;
0420
0421 return 0;
0422
0423 case PFRU_IOC_STAGE:
0424 return start_update(START_STAGE, pfru_dev);
0425
0426 case PFRU_IOC_ACTIVATE:
0427 return start_update(START_ACTIVATE, pfru_dev);
0428
0429 case PFRU_IOC_STAGE_ACTIVATE:
0430 return start_update(START_STAGE_ACTIVATE, pfru_dev);
0431
0432 default:
0433 return -ENOTTY;
0434 }
0435 }
0436
0437 static ssize_t pfru_write(struct file *file, const char __user *buf,
0438 size_t len, loff_t *ppos)
0439 {
0440 struct pfru_device *pfru_dev = to_pfru_dev(file);
0441 struct pfru_update_cap_info cap;
0442 struct pfru_com_buf_info buf_info;
0443 phys_addr_t phy_addr;
0444 struct iov_iter iter;
0445 struct iovec iov;
0446 char *buf_ptr;
0447 int ret;
0448
0449 ret = query_buffer(&buf_info, pfru_dev);
0450 if (ret)
0451 return ret;
0452
0453 if (len > buf_info.buf_size)
0454 return -EINVAL;
0455
0456 iov.iov_base = (void __user *)buf;
0457 iov.iov_len = len;
0458 iov_iter_init(&iter, WRITE, &iov, 1, len);
0459
0460
0461 phy_addr = (phys_addr_t)((buf_info.addr_hi << 32) | buf_info.addr_lo);
0462 buf_ptr = memremap(phy_addr, buf_info.buf_size, MEMREMAP_WB);
0463 if (!buf_ptr)
0464 return -ENOMEM;
0465
0466 if (!copy_from_iter_full(buf_ptr, len, &iter)) {
0467 ret = -EINVAL;
0468 goto unmap;
0469 }
0470
0471
0472 ret = query_capability(&cap, pfru_dev);
0473 if (ret)
0474 goto unmap;
0475
0476 if (!applicable_image(buf_ptr, &cap, pfru_dev))
0477 ret = -EINVAL;
0478
0479 unmap:
0480 memunmap(buf_ptr);
0481
0482 return ret ?: len;
0483 }
0484
0485 static const struct file_operations acpi_pfru_fops = {
0486 .owner = THIS_MODULE,
0487 .write = pfru_write,
0488 .unlocked_ioctl = pfru_ioctl,
0489 .llseek = noop_llseek,
0490 };
0491
0492 static int acpi_pfru_remove(struct platform_device *pdev)
0493 {
0494 struct pfru_device *pfru_dev = platform_get_drvdata(pdev);
0495
0496 misc_deregister(&pfru_dev->miscdev);
0497
0498 return 0;
0499 }
0500
0501 static void pfru_put_idx(void *data)
0502 {
0503 struct pfru_device *pfru_dev = data;
0504
0505 ida_free(&pfru_ida, pfru_dev->index);
0506 }
0507
0508 static int acpi_pfru_probe(struct platform_device *pdev)
0509 {
0510 acpi_handle handle = ACPI_HANDLE(&pdev->dev);
0511 struct pfru_device *pfru_dev;
0512 int ret;
0513
0514 if (!acpi_has_method(handle, "_DSM")) {
0515 dev_dbg(&pdev->dev, "Missing _DSM\n");
0516 return -ENODEV;
0517 }
0518
0519 pfru_dev = devm_kzalloc(&pdev->dev, sizeof(*pfru_dev), GFP_KERNEL);
0520 if (!pfru_dev)
0521 return -ENOMEM;
0522
0523 ret = ida_alloc(&pfru_ida, GFP_KERNEL);
0524 if (ret < 0)
0525 return ret;
0526
0527 pfru_dev->index = ret;
0528 ret = devm_add_action_or_reset(&pdev->dev, pfru_put_idx, pfru_dev);
0529 if (ret)
0530 return ret;
0531
0532 pfru_dev->rev_id = PFRU_DEFAULT_REV_ID;
0533 pfru_dev->parent_dev = &pdev->dev;
0534
0535 pfru_dev->miscdev.minor = MISC_DYNAMIC_MINOR;
0536 pfru_dev->miscdev.name = devm_kasprintf(&pdev->dev, GFP_KERNEL,
0537 "pfru%d", pfru_dev->index);
0538 if (!pfru_dev->miscdev.name)
0539 return -ENOMEM;
0540
0541 pfru_dev->miscdev.nodename = devm_kasprintf(&pdev->dev, GFP_KERNEL,
0542 "acpi_pfr_update%d", pfru_dev->index);
0543 if (!pfru_dev->miscdev.nodename)
0544 return -ENOMEM;
0545
0546 pfru_dev->miscdev.fops = &acpi_pfru_fops;
0547 pfru_dev->miscdev.parent = &pdev->dev;
0548
0549 ret = misc_register(&pfru_dev->miscdev);
0550 if (ret)
0551 return ret;
0552
0553 platform_set_drvdata(pdev, pfru_dev);
0554
0555 return 0;
0556 }
0557
0558 static const struct acpi_device_id acpi_pfru_ids[] = {
0559 {"INTC1080"},
0560 {}
0561 };
0562 MODULE_DEVICE_TABLE(acpi, acpi_pfru_ids);
0563
0564 static struct platform_driver acpi_pfru_driver = {
0565 .driver = {
0566 .name = "pfr_update",
0567 .acpi_match_table = acpi_pfru_ids,
0568 },
0569 .probe = acpi_pfru_probe,
0570 .remove = acpi_pfru_remove,
0571 };
0572 module_platform_driver(acpi_pfru_driver);
0573
0574 MODULE_DESCRIPTION("Platform Firmware Runtime Update device driver");
0575 MODULE_LICENSE("GPL v2");
