firmware/efi/capsule-loader.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * EFI capsule loader driver.
0004  *
0005  * Copyright 2015 Intel Corporation
0006  */
0007
0008 #define pr_fmt(fmt) "efi: " fmt
0009
0010 #include <linux/kernel.h>
0011 #include <linux/module.h>
0012 #include <linux/miscdevice.h>
0013 #include <linux/highmem.h>
0014 #include <linux/io.h>
0015 #include <linux/slab.h>
0016 #include <linux/mutex.h>
0017 #include <linux/efi.h>
0018 #include <linux/vmalloc.h>
0019
0020 #define NO_FURTHER_WRITE_ACTION -1
0021
0022 /**
0023  * efi_free_all_buff_pages - free all previous allocated buffer pages
0024  * @cap_info: pointer to current instance of capsule_info structure
0025  *
0026  *  In addition to freeing buffer pages, it flags NO_FURTHER_WRITE_ACTION
0027  *  to cease processing data in subsequent write(2) calls until close(2)
0028  *  is called.
0029  **/
0030 static void efi_free_all_buff_pages(struct capsule_info *cap_info)
0031 {
0032     while (cap_info->index > 0)
0033         __free_page(cap_info->pages[--cap_info->index]);
0034
0035     cap_info->index = NO_FURTHER_WRITE_ACTION;
0036 }
0037
0038 int __efi_capsule_setup_info(struct capsule_info *cap_info)
0039 {
0040     size_t pages_needed;
0041     int ret;
0042     void *temp_page;
0043
0044     pages_needed = ALIGN(cap_info->total_size, PAGE_SIZE) / PAGE_SIZE;
0045
0046     if (pages_needed == 0) {
0047         pr_err("invalid capsule size\n");
0048         return -EINVAL;
0049     }
0050
0051     /* Check if the capsule binary supported */
0052     ret = efi_capsule_supported(cap_info->header.guid,
0053                     cap_info->header.flags,
0054                     cap_info->header.imagesize,
0055                     &cap_info->reset_type);
0056     if (ret) {
0057         pr_err("capsule not supported\n");
0058         return ret;
0059     }
0060
0061     temp_page = krealloc(cap_info->pages,
0062                  pages_needed * sizeof(void *),
0063                  GFP_KERNEL | __GFP_ZERO);
0064     if (!temp_page)
0065         return -ENOMEM;
0066
0067     cap_info->pages = temp_page;
0068
0069     temp_page = krealloc(cap_info->phys,
0070                  pages_needed * sizeof(phys_addr_t *),
0071                  GFP_KERNEL | __GFP_ZERO);
0072     if (!temp_page)
0073         return -ENOMEM;
0074
0075     cap_info->phys = temp_page;
0076
0077     return 0;
0078 }
0079
0080 /**
0081  * efi_capsule_setup_info - obtain the efi capsule header in the binary and
0082  *              setup capsule_info structure
0083  * @cap_info: pointer to current instance of capsule_info structure
0084  * @kbuff: a mapped first page buffer pointer
0085  * @hdr_bytes: the total received number of bytes for efi header
0086  *
0087  * Platforms with non-standard capsule update mechanisms can override
0088  * this __weak function so they can perform any required capsule
0089  * image munging. See quark_quirk_function() for an example.
0090  **/
0091 int __weak efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff,
0092                   size_t hdr_bytes)
0093 {
0094     /* Only process data block that is larger than efi header size */
0095     if (hdr_bytes < sizeof(efi_capsule_header_t))
0096         return 0;
0097
0098     memcpy(&cap_info->header, kbuff, sizeof(cap_info->header));
0099     cap_info->total_size = cap_info->header.imagesize;
0100
0101     return __efi_capsule_setup_info(cap_info);
0102 }
0103
0104 /**
0105  * efi_capsule_submit_update - invoke the efi_capsule_update API once binary
0106  *                 upload done
0107  * @cap_info: pointer to current instance of capsule_info structure
0108  **/
0109 static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info)
0110 {
0111     bool do_vunmap = false;
0112     int ret;
0113
0114     /*
0115      * cap_info->capsule may have been assigned already by a quirk
0116      * handler, so only overwrite it if it is NULL
0117      */
0118     if (!cap_info->capsule) {
0119         cap_info->capsule = vmap(cap_info->pages, cap_info->index,
0120                      VM_MAP, PAGE_KERNEL);
0121         if (!cap_info->capsule)
0122             return -ENOMEM;
0123         do_vunmap = true;
0124     }
0125
0126     ret = efi_capsule_update(cap_info->capsule, cap_info->phys);
0127     if (do_vunmap)
0128         vunmap(cap_info->capsule);
0129     if (ret) {
0130         pr_err("capsule update failed\n");
0131         return ret;
0132     }
0133
0134     /* Indicate capsule binary uploading is done */
0135     cap_info->index = NO_FURTHER_WRITE_ACTION;
0136
0137     if (cap_info->header.flags & EFI_CAPSULE_PERSIST_ACROSS_RESET) {
0138         pr_info("Successfully uploaded capsule file with reboot type '%s'\n",
0139             !cap_info->reset_type ? "RESET_COLD" :
0140             cap_info->reset_type == 1 ? "RESET_WARM" :
0141             "RESET_SHUTDOWN");
0142     } else {
0143         pr_info("Successfully processed capsule file\n");
0144     }
0145
0146     return 0;
0147 }
0148
0149 /**
0150  * efi_capsule_write - store the capsule binary and pass it to
0151  *             efi_capsule_update() API
0152  * @file: file pointer
0153  * @buff: buffer pointer
0154  * @count: number of bytes in @buff
0155  * @offp: not used
0156  *
0157  *  Expectation:
0158  *  - A user space tool should start at the beginning of capsule binary and
0159  *    pass data in sequentially.
0160  *  - Users should close and re-open this file note in order to upload more
0161  *    capsules.
0162  *  - After an error returned, user should close the file and restart the
0163  *    operation for the next try otherwise -EIO will be returned until the
0164  *    file is closed.
0165  *  - An EFI capsule header must be located at the beginning of capsule
0166  *    binary file and passed in as first block data of write operation.
0167  **/
0168 static ssize_t efi_capsule_write(struct file *file, const char __user *buff,
0169                  size_t count, loff_t *offp)
0170 {
0171     int ret;
0172     struct capsule_info *cap_info = file->private_data;
0173     struct page *page;
0174     void *kbuff = NULL;
0175     size_t write_byte;
0176
0177     if (count == 0)
0178         return 0;
0179
0180     /* Return error while NO_FURTHER_WRITE_ACTION is flagged */
0181     if (cap_info->index < 0)
0182         return -EIO;
0183
0184     /* Only alloc a new page when previous page is full */
0185     if (!cap_info->page_bytes_remain) {
0186         page = alloc_page(GFP_KERNEL);
0187         if (!page) {
0188             ret = -ENOMEM;
0189             goto failed;
0190         }
0191
0192         cap_info->pages[cap_info->index] = page;
0193         cap_info->phys[cap_info->index] = page_to_phys(page);
0194         cap_info->page_bytes_remain = PAGE_SIZE;
0195         cap_info->index++;
0196     } else {
0197         page = cap_info->pages[cap_info->index - 1];
0198     }
0199
0200     kbuff = kmap(page);
0201     kbuff += PAGE_SIZE - cap_info->page_bytes_remain;
0202
0203     /* Copy capsule binary data from user space to kernel space buffer */
0204     write_byte = min_t(size_t, count, cap_info->page_bytes_remain);
0205     if (copy_from_user(kbuff, buff, write_byte)) {
0206         ret = -EFAULT;
0207         goto fail_unmap;
0208     }
0209     cap_info->page_bytes_remain -= write_byte;
0210
0211     /* Setup capsule binary info structure */
0212     if (cap_info->header.headersize == 0) {
0213         ret = efi_capsule_setup_info(cap_info, kbuff - cap_info->count,
0214                          cap_info->count + write_byte);
0215         if (ret)
0216             goto fail_unmap;
0217     }
0218
0219     cap_info->count += write_byte;
0220     kunmap(page);
0221
0222     /* Submit the full binary to efi_capsule_update() API */
0223     if (cap_info->header.headersize > 0 &&
0224         cap_info->count >= cap_info->total_size) {
0225         if (cap_info->count > cap_info->total_size) {
0226             pr_err("capsule upload size exceeded header defined size\n");
0227             ret = -EINVAL;
0228             goto failed;
0229         }
0230
0231         ret = efi_capsule_submit_update(cap_info);
0232         if (ret)
0233             goto failed;
0234     }
0235
0236     return write_byte;
0237
0238 fail_unmap:
0239     kunmap(page);
0240 failed:
0241     efi_free_all_buff_pages(cap_info);
0242     return ret;
0243 }
0244
0245 /**
0246  * efi_capsule_release - called by file close
0247  * @inode: not used
0248  * @file: file pointer
0249  *
0250  *  We will not free successfully submitted pages since efi update
0251  *  requires data to be maintained across system reboot.
0252  **/
0253 static int efi_capsule_release(struct inode *inode, struct file *file)
0254 {
0255     struct capsule_info *cap_info = file->private_data;
0256
0257     if (cap_info->index > 0 &&
0258         (cap_info->header.headersize == 0 ||
0259          cap_info->count < cap_info->total_size)) {
0260         pr_err("capsule upload not complete\n");
0261         efi_free_all_buff_pages(cap_info);
0262     }
0263
0264     kfree(cap_info->pages);
0265     kfree(cap_info->phys);
0266     kfree(file->private_data);
0267     file->private_data = NULL;
0268     return 0;
0269 }
0270
0271 /**
0272  * efi_capsule_open - called by file open
0273  * @inode: not used
0274  * @file: file pointer
0275  *
0276  *  Will allocate each capsule_info memory for each file open call.
0277  *  This provided the capability to support multiple file open feature
0278  *  where user is not needed to wait for others to finish in order to
0279  *  upload their capsule binary.
0280  **/
0281 static int efi_capsule_open(struct inode *inode, struct file *file)
0282 {
0283     struct capsule_info *cap_info;
0284
0285     cap_info = kzalloc(sizeof(*cap_info), GFP_KERNEL);
0286     if (!cap_info)
0287         return -ENOMEM;
0288
0289     cap_info->pages = kzalloc(sizeof(void *), GFP_KERNEL);
0290     if (!cap_info->pages) {
0291         kfree(cap_info);
0292         return -ENOMEM;
0293     }
0294
0295     cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);
0296     if (!cap_info->phys) {
0297         kfree(cap_info->pages);
0298         kfree(cap_info);
0299         return -ENOMEM;
0300     }
0301
0302     file->private_data = cap_info;
0303
0304     return 0;
0305 }
0306
0307 static const struct file_operations efi_capsule_fops = {
0308     .owner = THIS_MODULE,
0309     .open = efi_capsule_open,
0310     .write = efi_capsule_write,
0311     .release = efi_capsule_release,
0312     .llseek = no_llseek,
0313 };
0314
0315 static struct miscdevice efi_capsule_misc = {
0316     .minor = MISC_DYNAMIC_MINOR,
0317     .name = "efi_capsule_loader",
0318     .fops = &efi_capsule_fops,
0319 };
0320
0321 static int __init efi_capsule_loader_init(void)
0322 {
0323     int ret;
0324
0325     if (!efi_enabled(EFI_RUNTIME_SERVICES))
0326         return -ENODEV;
0327
0328     ret = misc_register(&efi_capsule_misc);
0329     if (ret)
0330         pr_err("Unable to register capsule loader device\n");
0331
0332     return ret;
0333 }
0334 module_init(efi_capsule_loader_init);
0335
0336 static void __exit efi_capsule_loader_exit(void)
0337 {
0338     misc_deregister(&efi_capsule_misc);
0339 }
0340 module_exit(efi_capsule_loader_exit);
0341
0342 MODULE_DESCRIPTION("EFI capsule firmware binary loader");
0343 MODULE_LICENSE("GPL v2");