x86/dell/dell_rbu.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * dell_rbu.c
0004  * Bios Update driver for Dell systems
0005  * Author: Dell Inc
0006  *         Abhay Salunke <abhay_salunke@dell.com>
0007  *
0008  * Copyright (C) 2005 Dell Inc.
0009  *
0010  * Remote BIOS Update (rbu) driver is used for updating DELL BIOS by
0011  * creating entries in the /sys file systems on Linux 2.6 and higher
0012  * kernels. The driver supports two mechanism to update the BIOS namely
0013  * contiguous and packetized. Both these methods still require having some
0014  * application to set the CMOS bit indicating the BIOS to update itself
0015  * after a reboot.
0016  *
0017  * Contiguous method:
0018  * This driver writes the incoming data in a monolithic image by allocating
0019  * contiguous physical pages large enough to accommodate the incoming BIOS
0020  * image size.
0021  *
0022  * Packetized method:
0023  * The driver writes the incoming packet image by allocating a new packet
0024  * on every time the packet data is written. This driver requires an
0025  * application to break the BIOS image in to fixed sized packet chunks.
0026  *
0027  * See Documentation/admin-guide/dell_rbu.rst for more info.
0028  */
0029
0030 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0031
0032 #include <linux/init.h>
0033 #include <linux/module.h>
0034 #include <linux/slab.h>
0035 #include <linux/string.h>
0036 #include <linux/errno.h>
0037 #include <linux/blkdev.h>
0038 #include <linux/platform_device.h>
0039 #include <linux/spinlock.h>
0040 #include <linux/moduleparam.h>
0041 #include <linux/firmware.h>
0042 #include <linux/dma-mapping.h>
0043 #include <asm/set_memory.h>
0044
0045 MODULE_AUTHOR("Abhay Salunke <abhay_salunke@dell.com>");
0046 MODULE_DESCRIPTION("Driver for updating BIOS image on DELL systems");
0047 MODULE_LICENSE("GPL");
0048 MODULE_VERSION("3.2");
0049
0050 #define BIOS_SCAN_LIMIT 0xffffffff
0051 #define MAX_IMAGE_LENGTH 16
0052 static struct _rbu_data {
0053     void *image_update_buffer;
0054     unsigned long image_update_buffer_size;
0055     unsigned long bios_image_size;
0056     int image_update_ordernum;
0057     spinlock_t lock;
0058     unsigned long packet_read_count;
0059     unsigned long num_packets;
0060     unsigned long packetsize;
0061     unsigned long imagesize;
0062     int entry_created;
0063 } rbu_data;
0064
0065 static char image_type[MAX_IMAGE_LENGTH + 1] = "mono";
0066 module_param_string(image_type, image_type, sizeof (image_type), 0);
0067 MODULE_PARM_DESC(image_type, "BIOS image type. choose- mono or packet or init");
0068
0069 static unsigned long allocation_floor = 0x100000;
0070 module_param(allocation_floor, ulong, 0644);
0071 MODULE_PARM_DESC(allocation_floor, "Minimum address for allocations when using Packet mode");
0072
0073 struct packet_data {
0074     struct list_head list;
0075     size_t length;
0076     void *data;
0077     int ordernum;
0078 };
0079
0080 static struct packet_data packet_data_head;
0081
0082 static struct platform_device *rbu_device;
0083 static int context;
0084
0085 static void init_packet_head(void)
0086 {
0087     INIT_LIST_HEAD(&packet_data_head.list);
0088     rbu_data.packet_read_count = 0;
0089     rbu_data.num_packets = 0;
0090     rbu_data.packetsize = 0;
0091     rbu_data.imagesize = 0;
0092 }
0093
0094 static int create_packet(void *data, size_t length)
0095 {
0096     struct packet_data *newpacket;
0097     int ordernum = 0;
0098     int retval = 0;
0099     unsigned int packet_array_size = 0;
0100     void **invalid_addr_packet_array = NULL;
0101     void *packet_data_temp_buf = NULL;
0102     unsigned int idx = 0;
0103
0104     pr_debug("entry\n");
0105
0106     if (!rbu_data.packetsize) {
0107         pr_debug("packetsize not specified\n");
0108         retval = -EINVAL;
0109         goto out_noalloc;
0110     }
0111
0112     spin_unlock(&rbu_data.lock);
0113
0114     newpacket = kzalloc(sizeof (struct packet_data), GFP_KERNEL);
0115
0116     if (!newpacket) {
0117         pr_warn("failed to allocate new packet\n");
0118         retval = -ENOMEM;
0119         spin_lock(&rbu_data.lock);
0120         goto out_noalloc;
0121     }
0122
0123     ordernum = get_order(length);
0124
0125     /*
0126      * BIOS errata mean we cannot allocate packets below 1MB or they will
0127      * be overwritten by BIOS.
0128      *
0129      * array to temporarily hold packets
0130      * that are below the allocation floor
0131      *
0132      * NOTE: very simplistic because we only need the floor to be at 1MB
0133      *       due to BIOS errata. This shouldn't be used for higher floors
0134      *       or you will run out of mem trying to allocate the array.
0135      */
0136     packet_array_size = max_t(unsigned int, allocation_floor / rbu_data.packetsize, 1);
0137     invalid_addr_packet_array = kcalloc(packet_array_size, sizeof(void *),
0138                         GFP_KERNEL);
0139
0140     if (!invalid_addr_packet_array) {
0141         pr_warn("failed to allocate invalid_addr_packet_array\n");
0142         retval = -ENOMEM;
0143         spin_lock(&rbu_data.lock);
0144         goto out_alloc_packet;
0145     }
0146
0147     while (!packet_data_temp_buf) {
0148         packet_data_temp_buf = (unsigned char *)
0149             __get_free_pages(GFP_KERNEL, ordernum);
0150         if (!packet_data_temp_buf) {
0151             pr_warn("failed to allocate new packet\n");
0152             retval = -ENOMEM;
0153             spin_lock(&rbu_data.lock);
0154             goto out_alloc_packet_array;
0155         }
0156
0157         if ((unsigned long)virt_to_phys(packet_data_temp_buf)
0158                 < allocation_floor) {
0159             pr_debug("packet 0x%lx below floor at 0x%lx\n",
0160                     (unsigned long)virt_to_phys(
0161                         packet_data_temp_buf),
0162                     allocation_floor);
0163             invalid_addr_packet_array[idx++] = packet_data_temp_buf;
0164             packet_data_temp_buf = NULL;
0165         }
0166     }
0167     /*
0168      * set to uncachable or it may never get written back before reboot
0169      */
0170     set_memory_uc((unsigned long)packet_data_temp_buf, 1 << ordernum);
0171
0172     spin_lock(&rbu_data.lock);
0173
0174     newpacket->data = packet_data_temp_buf;
0175
0176     pr_debug("newpacket at physical addr %lx\n",
0177         (unsigned long)virt_to_phys(newpacket->data));
0178
0179     /* packets may not have fixed size */
0180     newpacket->length = length;
0181     newpacket->ordernum = ordernum;
0182     ++rbu_data.num_packets;
0183
0184     /* initialize the newly created packet headers */
0185     INIT_LIST_HEAD(&newpacket->list);
0186     list_add_tail(&newpacket->list, &packet_data_head.list);
0187
0188     memcpy(newpacket->data, data, length);
0189
0190     pr_debug("exit\n");
0191
0192 out_alloc_packet_array:
0193     /* always free packet array */
0194     while (idx--) {
0195         pr_debug("freeing unused packet below floor 0x%lx\n",
0196             (unsigned long)virt_to_phys(invalid_addr_packet_array[idx]));
0197         free_pages((unsigned long)invalid_addr_packet_array[idx], ordernum);
0198     }
0199     kfree(invalid_addr_packet_array);
0200
0201 out_alloc_packet:
0202     /* if error, free data */
0203     if (retval)
0204         kfree(newpacket);
0205
0206 out_noalloc:
0207     return retval;
0208 }
0209
0210 static int packetize_data(const u8 *data, size_t length)
0211 {
0212     int rc = 0;
0213     int done = 0;
0214     int packet_length;
0215     u8 *temp;
0216     u8 *end = (u8 *) data + length;
0217     pr_debug("data length %zd\n", length);
0218     if (!rbu_data.packetsize) {
0219         pr_warn("packetsize not specified\n");
0220         return -EIO;
0221     }
0222
0223     temp = (u8 *) data;
0224
0225     /* packetize the hunk */
0226     while (!done) {
0227         if ((temp + rbu_data.packetsize) < end)
0228             packet_length = rbu_data.packetsize;
0229         else {
0230             /* this is the last packet */
0231             packet_length = end - temp;
0232             done = 1;
0233         }
0234
0235         if ((rc = create_packet(temp, packet_length)))
0236             return rc;
0237
0238         pr_debug("%p:%td\n", temp, (end - temp));
0239         temp += packet_length;
0240     }
0241
0242     rbu_data.imagesize = length;
0243
0244     return rc;
0245 }
0246
0247 static int do_packet_read(char *data, struct packet_data *newpacket,
0248     int length, int bytes_read, int *list_read_count)
0249 {
0250     void *ptemp_buf;
0251     int bytes_copied = 0;
0252     int j = 0;
0253
0254     *list_read_count += newpacket->length;
0255
0256     if (*list_read_count > bytes_read) {
0257         /* point to the start of unread data */
0258         j = newpacket->length - (*list_read_count - bytes_read);
0259         /* point to the offset in the packet buffer */
0260         ptemp_buf = (u8 *) newpacket->data + j;
0261         /*
0262          * check if there is enough room in
0263          * * the incoming buffer
0264          */
0265         if (length > (*list_read_count - bytes_read))
0266             /*
0267              * copy what ever is there in this
0268              * packet and move on
0269              */
0270             bytes_copied = (*list_read_count - bytes_read);
0271         else
0272             /* copy the remaining */
0273             bytes_copied = length;
0274         memcpy(data, ptemp_buf, bytes_copied);
0275     }
0276     return bytes_copied;
0277 }
0278
0279 static int packet_read_list(char *data, size_t * pread_length)
0280 {
0281     struct packet_data *newpacket;
0282     int temp_count = 0;
0283     int bytes_copied = 0;
0284     int bytes_read = 0;
0285     int remaining_bytes = 0;
0286     char *pdest = data;
0287
0288     /* check if we have any packets */
0289     if (0 == rbu_data.num_packets)
0290         return -ENOMEM;
0291
0292     remaining_bytes = *pread_length;
0293     bytes_read = rbu_data.packet_read_count;
0294
0295     list_for_each_entry(newpacket, (&packet_data_head.list)->next, list) {
0296         bytes_copied = do_packet_read(pdest, newpacket,
0297             remaining_bytes, bytes_read, &temp_count);
0298         remaining_bytes -= bytes_copied;
0299         bytes_read += bytes_copied;
0300         pdest += bytes_copied;
0301         /*
0302          * check if we reached end of buffer before reaching the
0303          * last packet
0304          */
0305         if (remaining_bytes == 0)
0306             break;
0307     }
0308     /*finally set the bytes read */
0309     *pread_length = bytes_read - rbu_data.packet_read_count;
0310     rbu_data.packet_read_count = bytes_read;
0311     return 0;
0312 }
0313
0314 static void packet_empty_list(void)
0315 {
0316     struct packet_data *newpacket, *tmp;
0317
0318     list_for_each_entry_safe(newpacket, tmp, (&packet_data_head.list)->next, list) {
0319         list_del(&newpacket->list);
0320
0321         /*
0322          * zero out the RBU packet memory before freeing
0323          * to make sure there are no stale RBU packets left in memory
0324          */
0325         memset(newpacket->data, 0, rbu_data.packetsize);
0326         set_memory_wb((unsigned long)newpacket->data,
0327             1 << newpacket->ordernum);
0328         free_pages((unsigned long) newpacket->data,
0329             newpacket->ordernum);
0330         kfree(newpacket);
0331     }
0332     rbu_data.packet_read_count = 0;
0333     rbu_data.num_packets = 0;
0334     rbu_data.imagesize = 0;
0335 }
0336
0337 /*
0338  * img_update_free: Frees the buffer allocated for storing BIOS image
0339  * Always called with lock held and returned with lock held
0340  */
0341 static void img_update_free(void)
0342 {
0343     if (!rbu_data.image_update_buffer)
0344         return;
0345     /*
0346      * zero out this buffer before freeing it to get rid of any stale
0347      * BIOS image copied in memory.
0348      */
0349     memset(rbu_data.image_update_buffer, 0,
0350         rbu_data.image_update_buffer_size);
0351     free_pages((unsigned long) rbu_data.image_update_buffer,
0352         rbu_data.image_update_ordernum);
0353
0354     /*
0355      * Re-initialize the rbu_data variables after a free
0356      */
0357     rbu_data.image_update_ordernum = -1;
0358     rbu_data.image_update_buffer = NULL;
0359     rbu_data.image_update_buffer_size = 0;
0360     rbu_data.bios_image_size = 0;
0361 }
0362
0363 /*
0364  * img_update_realloc: This function allocates the contiguous pages to
0365  * accommodate the requested size of data. The memory address and size
0366  * values are stored globally and on every call to this function the new
0367  * size is checked to see if more data is required than the existing size.
0368  * If true the previous memory is freed and new allocation is done to
0369  * accommodate the new size. If the incoming size is less then than the
0370  * already allocated size, then that memory is reused. This function is
0371  * called with lock held and returns with lock held.
0372  */
0373 static int img_update_realloc(unsigned long size)
0374 {
0375     unsigned char *image_update_buffer = NULL;
0376     unsigned long img_buf_phys_addr;
0377     int ordernum;
0378
0379     /*
0380      * check if the buffer of sufficient size has been
0381      * already allocated
0382      */
0383     if (rbu_data.image_update_buffer_size >= size) {
0384         /*
0385          * check for corruption
0386          */
0387         if ((size != 0) && (rbu_data.image_update_buffer == NULL)) {
0388             pr_err("corruption check failed\n");
0389             return -EINVAL;
0390         }
0391         /*
0392          * we have a valid pre-allocated buffer with
0393          * sufficient size
0394          */
0395         return 0;
0396     }
0397
0398     /*
0399      * free any previously allocated buffer
0400      */
0401     img_update_free();
0402
0403     spin_unlock(&rbu_data.lock);
0404
0405     ordernum = get_order(size);
0406     image_update_buffer =
0407         (unsigned char *)__get_free_pages(GFP_DMA32, ordernum);
0408     spin_lock(&rbu_data.lock);
0409     if (!image_update_buffer) {
0410         pr_debug("Not enough memory for image update: size = %ld\n", size);
0411         return -ENOMEM;
0412     }
0413
0414     img_buf_phys_addr = (unsigned long)virt_to_phys(image_update_buffer);
0415     if (WARN_ON_ONCE(img_buf_phys_addr > BIOS_SCAN_LIMIT))
0416         return -EINVAL; /* can't happen per definition */
0417
0418     rbu_data.image_update_buffer = image_update_buffer;
0419     rbu_data.image_update_buffer_size = size;
0420     rbu_data.bios_image_size = rbu_data.image_update_buffer_size;
0421     rbu_data.image_update_ordernum = ordernum;
0422     return 0;
0423 }
0424
0425 static ssize_t read_packet_data(char *buffer, loff_t pos, size_t count)
0426 {
0427     int retval;
0428     size_t bytes_left;
0429     size_t data_length;
0430     char *ptempBuf = buffer;
0431
0432     /* check to see if we have something to return */
0433     if (rbu_data.num_packets == 0) {
0434         pr_debug("no packets written\n");
0435         retval = -ENOMEM;
0436         goto read_rbu_data_exit;
0437     }
0438
0439     if (pos > rbu_data.imagesize) {
0440         retval = 0;
0441         pr_warn("data underrun\n");
0442         goto read_rbu_data_exit;
0443     }
0444
0445     bytes_left = rbu_data.imagesize - pos;
0446     data_length = min(bytes_left, count);
0447
0448     if ((retval = packet_read_list(ptempBuf, &data_length)) < 0)
0449         goto read_rbu_data_exit;
0450
0451     if ((pos + count) > rbu_data.imagesize) {
0452         rbu_data.packet_read_count = 0;
0453         /* this was the last copy */
0454         retval = bytes_left;
0455     } else
0456         retval = count;
0457
0458       read_rbu_data_exit:
0459     return retval;
0460 }
0461
0462 static ssize_t read_rbu_mono_data(char *buffer, loff_t pos, size_t count)
0463 {
0464     /* check to see if we have something to return */
0465     if ((rbu_data.image_update_buffer == NULL) ||
0466         (rbu_data.bios_image_size == 0)) {
0467         pr_debug("image_update_buffer %p, bios_image_size %lu\n",
0468             rbu_data.image_update_buffer,
0469             rbu_data.bios_image_size);
0470         return -ENOMEM;
0471     }
0472
0473     return memory_read_from_buffer(buffer, count, &pos,
0474             rbu_data.image_update_buffer, rbu_data.bios_image_size);
0475 }
0476
0477 static ssize_t data_read(struct file *filp, struct kobject *kobj,
0478              struct bin_attribute *bin_attr,
0479              char *buffer, loff_t pos, size_t count)
0480 {
0481     ssize_t ret_count = 0;
0482
0483     spin_lock(&rbu_data.lock);
0484
0485     if (!strcmp(image_type, "mono"))
0486         ret_count = read_rbu_mono_data(buffer, pos, count);
0487     else if (!strcmp(image_type, "packet"))
0488         ret_count = read_packet_data(buffer, pos, count);
0489     else
0490         pr_debug("invalid image type specified\n");
0491
0492     spin_unlock(&rbu_data.lock);
0493     return ret_count;
0494 }
0495 static BIN_ATTR_RO(data, 0);
0496
0497 static void callbackfn_rbu(const struct firmware *fw, void *context)
0498 {
0499     rbu_data.entry_created = 0;
0500
0501     if (!fw)
0502         return;
0503
0504     if (!fw->size)
0505         goto out;
0506
0507     spin_lock(&rbu_data.lock);
0508     if (!strcmp(image_type, "mono")) {
0509         if (!img_update_realloc(fw->size))
0510             memcpy(rbu_data.image_update_buffer,
0511                 fw->data, fw->size);
0512     } else if (!strcmp(image_type, "packet")) {
0513         /*
0514          * we need to free previous packets if a
0515          * new hunk of packets needs to be downloaded
0516          */
0517         packet_empty_list();
0518         if (packetize_data(fw->data, fw->size))
0519             /* Incase something goes wrong when we are
0520              * in middle of packetizing the data, we
0521              * need to free up whatever packets might
0522              * have been created before we quit.
0523              */
0524             packet_empty_list();
0525     } else
0526         pr_debug("invalid image type specified\n");
0527     spin_unlock(&rbu_data.lock);
0528  out:
0529     release_firmware(fw);
0530 }
0531
0532 static ssize_t image_type_read(struct file *filp, struct kobject *kobj,
0533                    struct bin_attribute *bin_attr,
0534                    char *buffer, loff_t pos, size_t count)
0535 {
0536     int size = 0;
0537     if (!pos)
0538         size = scnprintf(buffer, count, "%s\n", image_type);
0539     return size;
0540 }
0541
0542 static ssize_t image_type_write(struct file *filp, struct kobject *kobj,
0543                 struct bin_attribute *bin_attr,
0544                 char *buffer, loff_t pos, size_t count)
0545 {
0546     int rc = count;
0547     int req_firm_rc = 0;
0548     int i;
0549     spin_lock(&rbu_data.lock);
0550     /*
0551      * Find the first newline or space
0552      */
0553     for (i = 0; i < count; ++i)
0554         if (buffer[i] == '\n' || buffer[i] == ' ') {
0555             buffer[i] = '\0';
0556             break;
0557         }
0558     if (i == count)
0559         buffer[count] = '\0';
0560
0561     if (strstr(buffer, "mono"))
0562         strcpy(image_type, "mono");
0563     else if (strstr(buffer, "packet"))
0564         strcpy(image_type, "packet");
0565     else if (strstr(buffer, "init")) {
0566         /*
0567          * If due to the user error the driver gets in a bad
0568          * state where even though it is loaded , the
0569          * /sys/class/firmware/dell_rbu entries are missing.
0570          * to cover this situation the user can recreate entries
0571          * by writing init to image_type.
0572          */
0573         if (!rbu_data.entry_created) {
0574             spin_unlock(&rbu_data.lock);
0575             req_firm_rc = request_firmware_nowait(THIS_MODULE,
0576                 FW_ACTION_NOUEVENT, "dell_rbu",
0577                 &rbu_device->dev, GFP_KERNEL, &context,
0578                 callbackfn_rbu);
0579             if (req_firm_rc) {
0580                 pr_err("request_firmware_nowait failed %d\n", rc);
0581                 rc = -EIO;
0582             } else
0583                 rbu_data.entry_created = 1;
0584
0585             spin_lock(&rbu_data.lock);
0586         }
0587     } else {
0588         pr_warn("image_type is invalid\n");
0589         spin_unlock(&rbu_data.lock);
0590         return -EINVAL;
0591     }
0592
0593     /* we must free all previous allocations */
0594     packet_empty_list();
0595     img_update_free();
0596     spin_unlock(&rbu_data.lock);
0597
0598     return rc;
0599 }
0600 static BIN_ATTR_RW(image_type, 0);
0601
0602 static ssize_t packet_size_read(struct file *filp, struct kobject *kobj,
0603                 struct bin_attribute *bin_attr,
0604                 char *buffer, loff_t pos, size_t count)
0605 {
0606     int size = 0;
0607     if (!pos) {
0608         spin_lock(&rbu_data.lock);
0609         size = scnprintf(buffer, count, "%lu\n", rbu_data.packetsize);
0610         spin_unlock(&rbu_data.lock);
0611     }
0612     return size;
0613 }
0614
0615 static ssize_t packet_size_write(struct file *filp, struct kobject *kobj,
0616                  struct bin_attribute *bin_attr,
0617                  char *buffer, loff_t pos, size_t count)
0618 {
0619     unsigned long temp;
0620     spin_lock(&rbu_data.lock);
0621     packet_empty_list();
0622     sscanf(buffer, "%lu", &temp);
0623     if (temp < 0xffffffff)
0624         rbu_data.packetsize = temp;
0625
0626     spin_unlock(&rbu_data.lock);
0627     return count;
0628 }
0629 static BIN_ATTR_RW(packet_size, 0);
0630
0631 static struct bin_attribute *rbu_bin_attrs[] = {
0632     &bin_attr_data,
0633     &bin_attr_image_type,
0634     &bin_attr_packet_size,
0635     NULL
0636 };
0637
0638 static const struct attribute_group rbu_group = {
0639     .bin_attrs = rbu_bin_attrs,
0640 };
0641
0642 static int __init dcdrbu_init(void)
0643 {
0644     int rc;
0645     spin_lock_init(&rbu_data.lock);
0646
0647     init_packet_head();
0648     rbu_device = platform_device_register_simple("dell_rbu", -1, NULL, 0);
0649     if (IS_ERR(rbu_device)) {
0650         pr_err("platform_device_register_simple failed\n");
0651         return PTR_ERR(rbu_device);
0652     }
0653
0654     rc = sysfs_create_group(&rbu_device->dev.kobj, &rbu_group);
0655     if (rc)
0656         goto out_devreg;
0657
0658     rbu_data.entry_created = 0;
0659     return 0;
0660
0661 out_devreg:
0662     platform_device_unregister(rbu_device);
0663     return rc;
0664 }
0665
0666 static __exit void dcdrbu_exit(void)
0667 {
0668     spin_lock(&rbu_data.lock);
0669     packet_empty_list();
0670     img_update_free();
0671     spin_unlock(&rbu_data.lock);
0672     sysfs_remove_group(&rbu_device->dev.kobj, &rbu_group);
0673     platform_device_unregister(rbu_device);
0674 }
0675
0676 module_exit(dcdrbu_exit);
0677 module_init(dcdrbu_init);