firmware/google/memconsole-coreboot.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * memconsole-coreboot.c
0004  *
0005  * Memory based BIOS console accessed through coreboot table.
0006  *
0007  * Copyright 2017 Google Inc.
0008  */
0009
0010 #include <linux/device.h>
0011 #include <linux/io.h>
0012 #include <linux/kernel.h>
0013 #include <linux/module.h>
0014
0015 #include "memconsole.h"
0016 #include "coreboot_table.h"
0017
0018 #define CB_TAG_CBMEM_CONSOLE    0x17
0019
0020 /* CBMEM firmware console log descriptor. */
0021 struct cbmem_cons {
0022     u32 size_dont_access_after_boot;
0023     u32 cursor;
0024     u8  body[];
0025 } __packed;
0026
0027 #define CURSOR_MASK ((1 << 28) - 1)
0028 #define OVERFLOW (1 << 31)
0029
0030 static struct cbmem_cons *cbmem_console;
0031 static u32 cbmem_console_size;
0032
0033 /*
0034  * The cbmem_console structure is read again on every access because it may
0035  * change at any time if runtime firmware logs new messages. This may rarely
0036  * lead to race conditions where the firmware overwrites the beginning of the
0037  * ring buffer with more lines after we have already read |cursor|. It should be
0038  * rare and harmless enough that we don't spend extra effort working around it.
0039  */
0040 static ssize_t memconsole_coreboot_read(char *buf, loff_t pos, size_t count)
0041 {
0042     u32 cursor = cbmem_console->cursor & CURSOR_MASK;
0043     u32 flags = cbmem_console->cursor & ~CURSOR_MASK;
0044     u32 size = cbmem_console_size;
0045     struct seg {    /* describes ring buffer segments in logical order */
0046         u32 phys;   /* physical offset from start of mem buffer */
0047         u32 len;    /* length of segment */
0048     } seg[2] = { {0}, {0} };
0049     size_t done = 0;
0050     int i;
0051
0052     if (flags & OVERFLOW) {
0053         if (cursor > size)  /* Shouldn't really happen, but... */
0054             cursor = 0;
0055         seg[0] = (struct seg){.phys = cursor, .len = size - cursor};
0056         seg[1] = (struct seg){.phys = 0, .len = cursor};
0057     } else {
0058         seg[0] = (struct seg){.phys = 0, .len = min(cursor, size)};
0059     }
0060
0061     for (i = 0; i < ARRAY_SIZE(seg) && count > done; i++) {
0062         done += memory_read_from_buffer(buf + done, count - done, &pos,
0063             cbmem_console->body + seg[i].phys, seg[i].len);
0064         pos -= seg[i].len;
0065     }
0066     return done;
0067 }
0068
0069 static int memconsole_probe(struct coreboot_device *dev)
0070 {
0071     struct cbmem_cons *tmp_cbmc;
0072
0073     tmp_cbmc = memremap(dev->cbmem_ref.cbmem_addr,
0074                 sizeof(*tmp_cbmc), MEMREMAP_WB);
0075
0076     if (!tmp_cbmc)
0077         return -ENOMEM;
0078
0079     /* Read size only once to prevent overrun attack through /dev/mem. */
0080     cbmem_console_size = tmp_cbmc->size_dont_access_after_boot;
0081     cbmem_console = devm_memremap(&dev->dev, dev->cbmem_ref.cbmem_addr,
0082                  cbmem_console_size + sizeof(*cbmem_console),
0083                  MEMREMAP_WB);
0084     memunmap(tmp_cbmc);
0085
0086     if (IS_ERR(cbmem_console))
0087         return PTR_ERR(cbmem_console);
0088
0089     memconsole_setup(memconsole_coreboot_read);
0090
0091     return memconsole_sysfs_init();
0092 }
0093
0094 static void memconsole_remove(struct coreboot_device *dev)
0095 {
0096     memconsole_exit();
0097 }
0098
0099 static struct coreboot_driver memconsole_driver = {
0100     .probe = memconsole_probe,
0101     .remove = memconsole_remove,
0102     .drv = {
0103         .name = "memconsole",
0104     },
0105     .tag = CB_TAG_CBMEM_CONSOLE,
0106 };
0107 module_coreboot_driver(memconsole_driver);
0108
0109 MODULE_AUTHOR("Google, Inc.");
0110 MODULE_LICENSE("GPL");