Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / f0133f3c5b8bb34ec4dec50c27e7a655aeee8935 / . / drivers / firmware / efi / capsule.c
blob: 0de55944ac0be9efd6f2034e8dccb2a475b241c3 [file] [log] [blame]
Matt Flemingf0133f32016-04-25 21:06:59 +0100[diff] [blame^]1/*
2 * EFI capsule support.
3 *
4 * Copyright 2013 Intel Corporation; author Matt Fleming
5 *
6 * This file is part of the Linux kernel, and is made available under
7 * the terms of the GNU General Public License version 2.
8 */
9
10#define pr_fmt(fmt) "efi: " fmt
11
12#include <linux/slab.h>
13#include <linux/mutex.h>
14#include <linux/highmem.h>
15#include <linux/efi.h>
16#include <linux/vmalloc.h>
17#include <asm/io.h>
18
19typedef struct {
20 u64 length;
21 u64 data;
22} efi_capsule_block_desc_t;
23
24static bool capsule_pending;
25static int efi_reset_type = -1;
26
27/*
28 * capsule_mutex serialises access to both capsule_pending and
29 * efi_reset_type.
30 */
31static DEFINE_MUTEX(capsule_mutex);
32
33/**
34 * efi_capsule_pending - has a capsule been passed to the firmware?
35 * @reset_type: store the type of EFI reset if capsule is pending
36 *
37 * To ensure that the registered capsule is processed correctly by the
38 * firmware we need to perform a specific type of reset. If a capsule is
39 * pending return the reset type in @reset_type.
40 *
41 * This function will race with callers of efi_capsule_update(), for
42 * example, calling this function while somebody else is in
43 * efi_capsule_update() but hasn't reached efi_capsue_update_locked()
44 * will miss the updates to capsule_pending and efi_reset_type after
45 * efi_capsule_update_locked() completes.
46 *
47 * A non-racy use is from platform reboot code because we use
48 * system_state to ensure no capsules can be sent to the firmware once
49 * we're at SYSTEM_RESTART. See efi_capsule_update_locked().
50 */
51bool efi_capsule_pending(int *reset_type)
52{
53 bool rv = false;
54
55 mutex_lock(&capsule_mutex);
56 if (!capsule_pending)
57 goto out;
58
59 if (reset_type)
60 *reset_type = efi_reset_type;
61 rv = true;
62out:
63 mutex_unlock(&capsule_mutex);
64 return rv;
65}
66
67/*
68 * Whitelist of EFI capsule flags that we support.
69 *
70 * We do not handle EFI_CAPSULE_INITIATE_RESET because that would
71 * require us to prepare the kernel for reboot. Refuse to load any
72 * capsules with that flag and any other flags that we do not know how
73 * to handle.
74 */
75#define EFI_CAPSULE_SUPPORTED_FLAG_MASK \
76 (EFI_CAPSULE_PERSIST_ACROSS_RESET | EFI_CAPSULE_POPULATE_SYSTEM_TABLE)
77
78/**
79 * efi_capsule_supported - does the firmware support the capsule?
80 * @guid: vendor guid of capsule
81 * @flags: capsule flags
82 * @size: size of capsule data
83 * @reset: the reset type required for this capsule
84 *
85 * Check whether a capsule with @flags is supported by the firmware
86 * and that @size doesn't exceed the maximum size for a capsule.
87 *
88 * No attempt is made to check @reset against the reset type required
89 * by any pending capsules because of the races involved.
90 */
91int efi_capsule_supported(efi_guid_t guid, u32 flags, size_t size, int *reset)
92{
93 efi_capsule_header_t *capsule;
94 efi_status_t status;
95 u64 max_size;
96 int rv = 0;
97
98 if (flags & ~EFI_CAPSULE_SUPPORTED_FLAG_MASK)
99 return -EINVAL;
100
101 capsule = kmalloc(sizeof(*capsule), GFP_KERNEL);
102 if (!capsule)
103 return -ENOMEM;
104
105 capsule->headersize = capsule->imagesize = sizeof(*capsule);
106 memcpy(&capsule->guid, &guid, sizeof(efi_guid_t));
107 capsule->flags = flags;
108
109 status = efi.query_capsule_caps(&capsule, 1, &max_size, reset);
110 if (status != EFI_SUCCESS) {
111 rv = efi_status_to_err(status);
112 goto out;
113 }
114
115 if (size > max_size)
116 rv = -ENOSPC;
117out:
118 kfree(capsule);
119 return rv;
120}
121EXPORT_SYMBOL_GPL(efi_capsule_supported);
122
123/*
124 * Every scatter gather list (block descriptor) page must end with a
125 * continuation pointer. The last continuation pointer of the last
126 * page must be zero to mark the end of the chain.
127 */
128#define SGLIST_PER_PAGE ((PAGE_SIZE / sizeof(efi_capsule_block_desc_t)) - 1)
129
130/*
131 * How many scatter gather list (block descriptor) pages do we need
132 * to map @count pages?
133 */
134static inline unsigned int sg_pages_num(unsigned int count)
135{
136 return DIV_ROUND_UP(count, SGLIST_PER_PAGE);
137}
138
139/**
140 * efi_capsule_update_locked - pass a single capsule to the firmware
141 * @capsule: capsule to send to the firmware
142 * @sg_pages: array of scatter gather (block descriptor) pages
143 * @reset: the reset type required for @capsule
144 *
145 * Since this function must be called under capsule_mutex check
146 * whether efi_reset_type will conflict with @reset, and atomically
147 * set it and capsule_pending if a capsule was successfully sent to
148 * the firmware.
149 *
150 * We also check to see if the system is about to restart, and if so,
151 * abort. This avoids races between efi_capsule_update() and
152 * efi_capsule_pending().
153 */
154static int
155efi_capsule_update_locked(efi_capsule_header_t *capsule,
156 struct page **sg_pages, int reset)
157{
158 efi_physical_addr_t sglist_phys;
159 efi_status_t status;
160
161 lockdep_assert_held(&capsule_mutex);
162
163 /*
164 * If someone has already registered a capsule that requires a
165 * different reset type, we're out of luck and must abort.
166 */
167 if (efi_reset_type >= 0 && efi_reset_type != reset) {
168 pr_err("Conflicting capsule reset type %d (%d).\n",
169 reset, efi_reset_type);
170 return -EINVAL;
171 }
172
173 /*
174 * If the system is getting ready to restart it may have
175 * called efi_capsule_pending() to make decisions (such as
176 * whether to force an EFI reboot), and we're racing against
177 * that call. Abort in that case.
178 */
179 if (unlikely(system_state == SYSTEM_RESTART)) {
180 pr_warn("Capsule update raced with reboot, aborting.\n");
181 return -EINVAL;
182 }
183
184 sglist_phys = page_to_phys(sg_pages[0]);
185
186 status = efi.update_capsule(&capsule, 1, sglist_phys);
187 if (status == EFI_SUCCESS) {
188 capsule_pending = true;
189 efi_reset_type = reset;
190 }
191
192 return efi_status_to_err(status);
193}
194
195/**
196 * efi_capsule_update - send a capsule to the firmware
197 * @capsule: capsule to send to firmware
198 * @pages: an array of capsule data pages
199 *
200 * Build a scatter gather list with EFI capsule block descriptors to
201 * map the capsule described by @capsule with its data in @pages and
202 * send it to the firmware via the UpdateCapsule() runtime service.
203 *
204 * @capsule must be a virtual mapping of the first page in @pages
205 * (@pages[0]) in the kernel address space. That is, a
206 * capsule_header_t that describes the entire contents of the capsule
207 * must be at the start of the first data page.
208 *
209 * Even though this function will validate that the firmware supports
210 * the capsule guid, users will likely want to check that
211 * efi_capsule_supported() returns true before calling this function
212 * because it makes it easier to print helpful error messages.
213 *
214 * If the capsule is successfully submitted to the firmware, any
215 * subsequent calls to efi_capsule_pending() will return true. @pages
216 * must not be released or modified if this function returns
217 * successfully.
218 *
219 * Callers must be prepared for this function to fail, which can
220 * happen if we raced with system reboot or if there is already a
221 * pending capsule that has a reset type that conflicts with the one
222 * required by @capsule. Do NOT use efi_capsule_pending() to detect
223 * this conflict since that would be racy. Instead, submit the capsule
224 * to efi_capsule_update() and check the return value.
225 *
226 * Return 0 on success, a converted EFI status code on failure.
227 */
228int efi_capsule_update(efi_capsule_header_t *capsule, struct page **pages)
229{
230 u32 imagesize = capsule->imagesize;
231 efi_guid_t guid = capsule->guid;
232 unsigned int count, sg_count;
233 u32 flags = capsule->flags;
234 struct page **sg_pages;
235 int rv, reset_type;
236 int i, j;
237
238 rv = efi_capsule_supported(guid, flags, imagesize, &reset_type);
239 if (rv)
240 return rv;
241
242 count = DIV_ROUND_UP(imagesize, PAGE_SIZE);
243 sg_count = sg_pages_num(count);
244
245 sg_pages = kzalloc(sg_count * sizeof(*sg_pages), GFP_KERNEL);
246 if (!sg_pages)
247 return -ENOMEM;
248
249 for (i = 0; i < sg_count; i++) {
250 sg_pages[i] = alloc_page(GFP_KERNEL);
251 if (!sg_pages[i]) {
252 rv = -ENOMEM;
253 goto out;
254 }
255 }
256
257 for (i = 0; i < sg_count; i++) {
258 efi_capsule_block_desc_t *sglist;
259
260 sglist = kmap(sg_pages[i]);
261 if (!sglist) {
262 rv = -ENOMEM;
263 goto out;
264 }
265
266 for (j = 0; j < SGLIST_PER_PAGE && count > 0; j++) {
267 u64 sz = min_t(u64, imagesize, PAGE_SIZE);
268
269 sglist[j].length = sz;
270 sglist[j].data = page_to_phys(*pages++);
271
272 imagesize -= sz;
273 count--;
274 }
275
276 /* Continuation pointer */
277 sglist[j].length = 0;
278
279 if (i + 1 == sg_count)
280 sglist[j].data = 0;
281 else
282 sglist[j].data = page_to_phys(sg_pages[i + 1]);
283
284 kunmap(sg_pages[i]);
285 }
286
287 mutex_lock(&capsule_mutex);
288 rv = efi_capsule_update_locked(capsule, sg_pages, reset_type);
289 mutex_unlock(&capsule_mutex);
290
291out:
292 for (i = 0; rv && i < sg_count; i++) {
293 if (sg_pages[i])
294 __free_page(sg_pages[i]);
295 }
296
297 kfree(sg_pages);
298 return rv;
299}
300EXPORT_SYMBOL_GPL(efi_capsule_update);