xref: /freebsd/sbin/nvmecontrol/firmware.c (revision 2276e53940c2a2bf7c7e9cb705e51de4202258c2)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2013 EMC Corp.
5  * All rights reserved.
6  *
7  * Copyright (C) 2012-2013 Intel Corporation
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #include <sys/param.h>
33 #include <sys/ioccom.h>
34 #include <sys/stat.h>
35 #include <sys/types.h>
36 
37 #include <ctype.h>
38 #include <err.h>
39 #include <fcntl.h>
40 #include <inttypes.h>
41 #include <stdbool.h>
42 #include <stddef.h>
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <sysexits.h>
47 #include <unistd.h>
48 
49 #include "nvmecontrol.h"
50 
51 /* Tables for command line parsing */
52 
53 static cmd_fn_t firmware;
54 
55 #define NONE 0xffffffffu
56 static struct options {
57 	bool		activate;
58 	uint32_t	slot;
59 	const char	*fw_img;
60 	const char	*dev;
61 } opt = {
62 	.activate = false,
63 	.slot = NONE,
64 	.fw_img = NULL,
65 	.dev = NULL,
66 };
67 
68 static const struct opts firmware_opts[] = {
69 #define OPT(l, s, t, opt, addr, desc) { l, s, t, &opt.addr, desc }
70 	OPT("activate", 'a', arg_none, opt, activate,
71 	    "Attempt to activate firmware"),
72 	OPT("slot", 's', arg_uint32, opt, slot,
73 	    "Slot to activate and/or download firmware to"),
74 	OPT("firmware", 'f', arg_path, opt, fw_img,
75 	    "Firmware image to download"),
76 	{ NULL, 0, arg_none, NULL, NULL }
77 };
78 #undef OPT
79 
80 static const struct args firmware_args[] = {
81 	{ arg_string, &opt.dev, "controller-id|namespace-id" },
82 	{ arg_none, NULL, NULL },
83 };
84 
85 static struct cmd firmware_cmd = {
86 	.name = "firmware",
87 	.fn = firmware,
88 	.descr = "Download firmware image to controller",
89 	.ctx_size = sizeof(opt),
90 	.opts = firmware_opts,
91 	.args = firmware_args,
92 };
93 
94 CMD_COMMAND(firmware_cmd);
95 
96 /* End of tables for command line parsing */
97 
98 static int
99 slot_has_valid_firmware(int fd, int slot)
100 {
101 	struct nvme_firmware_page	fw;
102 	int				has_fw = false;
103 
104 	read_logpage(fd, NVME_LOG_FIRMWARE_SLOT,
105 	    NVME_GLOBAL_NAMESPACE_TAG, 0, 0, 0, &fw, sizeof(fw));
106 
107 	if (fw.revision[slot-1] != 0LLU)
108 		has_fw = true;
109 
110 	return (has_fw);
111 }
112 
113 static void
114 read_image_file(const char *path, void **buf, int32_t *size)
115 {
116 	struct stat	sb;
117 	int32_t		filesize;
118 	int		fd;
119 
120 	*size = 0;
121 	*buf = NULL;
122 
123 	if ((fd = open(path, O_RDONLY)) < 0)
124 		err(EX_NOINPUT, "unable to open '%s'", path);
125 	if (fstat(fd, &sb) < 0)
126 		err(EX_NOINPUT, "unable to stat '%s'", path);
127 
128 	/*
129 	 * The NVMe spec does not explicitly state a maximum firmware image
130 	 *  size, although one can be inferred from the dword size limitation
131 	 *  for the size and offset fields in the Firmware Image Download
132 	 *  command.
133 	 *
134 	 * Technically, the max is UINT32_MAX * sizeof(uint32_t), since the
135 	 *  size and offsets are specified in terms of dwords (not bytes), but
136 	 *  realistically INT32_MAX is sufficient here and simplifies matters
137 	 *  a bit.
138 	 */
139 	if (sb.st_size > INT32_MAX)
140 		errx(EX_USAGE, "size of file '%s' is too large (%jd bytes)",
141 		    path, (intmax_t)sb.st_size);
142 	filesize = (int32_t)sb.st_size;
143 	if ((*buf = malloc(filesize)) == NULL)
144 		errx(EX_OSERR, "unable to malloc %d bytes", filesize);
145 	if ((*size = read(fd, *buf, filesize)) < 0)
146 		err(EX_IOERR, "error reading '%s'", path);
147 	/* XXX assuming no short reads */
148 	if (*size != filesize)
149 		errx(EX_IOERR,
150 		    "error reading '%s' (read %d bytes, requested %d bytes)",
151 		    path, *size, filesize);
152 	close(fd);
153 }
154 
155 static void
156 update_firmware(int fd, uint8_t *payload, int32_t payload_size, uint8_t fwug)
157 {
158 	struct nvme_pt_command	pt;
159 	uint64_t		max_xfer_size;
160 	int32_t			off;
161 	uint32_t		resid, size;
162 	void			*chunk;
163 
164 	off = 0;
165 	resid = payload_size;
166 
167 	if (ioctl(fd, NVME_GET_MAX_XFER_SIZE, &max_xfer_size) < 0)
168 		err(EX_IOERR, "query max transfer size failed");
169 	if (fwug != 0 && fwug != 0xFF)
170 		max_xfer_size = MIN(max_xfer_size, (uint64_t)fwug << 12);
171 
172 	if ((chunk = aligned_alloc(PAGE_SIZE, max_xfer_size)) == NULL)
173 		errx(EX_OSERR, "unable to malloc %zd bytes", (size_t)max_xfer_size);
174 
175 	while (resid > 0) {
176 		size = (resid >= max_xfer_size) ?  max_xfer_size : resid;
177 		memcpy(chunk, payload + off, size);
178 
179 		memset(&pt, 0, sizeof(pt));
180 		pt.cmd.opc = NVME_OPC_FIRMWARE_IMAGE_DOWNLOAD;
181 		pt.cmd.cdw10 = htole32((size / sizeof(uint32_t)) - 1);
182 		pt.cmd.cdw11 = htole32(off / sizeof(uint32_t));
183 		pt.buf = chunk;
184 		pt.len = size;
185 		pt.is_read = 0;
186 
187 		if (ioctl(fd, NVME_PASSTHROUGH_CMD, &pt) < 0)
188 			err(EX_IOERR, "firmware download request failed");
189 
190 		if (nvme_completion_is_error(&pt.cpl))
191 			errx(EX_IOERR, "firmware download request returned error");
192 
193 		resid -= size;
194 		off += size;
195 	}
196 	free(chunk);
197 }
198 
199 static int
200 activate_firmware(int fd, int slot, int activate_action)
201 {
202 	struct nvme_pt_command	pt;
203 	uint16_t sct, sc;
204 
205 	memset(&pt, 0, sizeof(pt));
206 	pt.cmd.opc = NVME_OPC_FIRMWARE_ACTIVATE;
207 	pt.cmd.cdw10 = htole32((activate_action << 3) | slot);
208 	pt.is_read = 0;
209 
210 	if (ioctl(fd, NVME_PASSTHROUGH_CMD, &pt) < 0)
211 		err(EX_IOERR, "firmware activate request failed");
212 
213 	sct = NVME_STATUS_GET_SCT(pt.cpl.status);
214 	sc = NVME_STATUS_GET_SC(pt.cpl.status);
215 
216 	if (sct == NVME_SCT_COMMAND_SPECIFIC &&
217 	    sc == NVME_SC_FIRMWARE_REQUIRES_RESET)
218 		return 1;
219 
220 	if (nvme_completion_is_error(&pt.cpl))
221 		errx(EX_IOERR, "firmware activate request returned error");
222 
223 	return 0;
224 }
225 
226 static void
227 firmware(const struct cmd *f, int argc, char *argv[])
228 {
229 	int				fd = -1;
230 	int				activate_action, reboot_required;
231 	char				prompt[64];
232 	void				*buf = NULL;
233 	char				*path;
234 	int32_t				size = 0, nsid;
235 	uint16_t			oacs_fw;
236 	uint8_t				fw_slot1_ro, fw_num_slots;
237 	struct nvme_controller_data	cdata;
238 
239 	if (arg_parse(argc, argv, f))
240 		return;
241 
242 	if (opt.slot == 0) {
243 		fprintf(stderr,
244 		    "0 is not a valid slot number. "
245 		    "Slot numbers start at 1.\n");
246 		arg_help(argc, argv, f);
247 	} else if (opt.slot > 7 && opt.slot != NONE) {
248 		fprintf(stderr,
249 		    "Slot number %s specified which is "
250 		    "greater than max allowed slot number of "
251 		    "7.\n", optarg);
252 		arg_help(argc, argv, f);
253 	}
254 
255 	if (!opt.activate && opt.fw_img == NULL) {
256 		fprintf(stderr,
257 		    "Neither a replace ([-f path_to_firmware]) nor "
258 		    "activate ([-a]) firmware image action\n"
259 		    "was specified.\n");
260 		arg_help(argc, argv, f);
261 	}
262 
263 	if (opt.activate && opt.fw_img == NULL && opt.slot == 0) {
264 		fprintf(stderr,
265 		    "Slot number to activate not specified.\n");
266 		arg_help(argc, argv, f);
267 	}
268 
269 	open_dev(opt.dev, &fd, 1, 1);
270 	get_nsid(fd, &path, &nsid);
271 	if (nsid != 0) {
272 		close(fd);
273 		open_dev(path, &fd, 1, 1);
274 	}
275 	free(path);
276 
277 	if (read_controller_data(fd, &cdata))
278 		errx(EX_IOERR, "Identify request failed");
279 
280 	oacs_fw = (cdata.oacs >> NVME_CTRLR_DATA_OACS_FIRMWARE_SHIFT) &
281 		NVME_CTRLR_DATA_OACS_FIRMWARE_MASK;
282 
283 	if (oacs_fw == 0)
284 		errx(EX_UNAVAILABLE,
285 		    "controller does not support firmware activate/download");
286 
287 	fw_slot1_ro = (cdata.frmw >> NVME_CTRLR_DATA_FRMW_SLOT1_RO_SHIFT) &
288 		NVME_CTRLR_DATA_FRMW_SLOT1_RO_MASK;
289 
290 	if (opt.fw_img && opt.slot == 1 && fw_slot1_ro)
291 		errx(EX_UNAVAILABLE, "slot %d is marked as read only", opt.slot);
292 
293 	fw_num_slots = (cdata.frmw >> NVME_CTRLR_DATA_FRMW_NUM_SLOTS_SHIFT) &
294 		NVME_CTRLR_DATA_FRMW_NUM_SLOTS_MASK;
295 
296 	if (opt.slot > fw_num_slots)
297 		errx(EX_UNAVAILABLE,
298 		    "slot %d specified but controller only supports %d slots",
299 		    opt.slot, fw_num_slots);
300 
301 	if (opt.activate && opt.fw_img == NULL &&
302 	    !slot_has_valid_firmware(fd, opt.slot))
303 		errx(EX_UNAVAILABLE,
304 		    "slot %d does not contain valid firmware,\n"
305 		    "try 'nvmecontrol logpage -p 3 %s' to get a list "
306 		    "of available images\n",
307 		    opt.slot, opt.dev);
308 
309 	if (opt.fw_img)
310 		read_image_file(opt.fw_img, &buf, &size);
311 
312 	if (opt.fw_img != NULL&& opt.activate)
313 		printf("You are about to download and activate "
314 		       "firmware image (%s) to controller %s.\n"
315 		       "This may damage your controller and/or "
316 		       "overwrite an existing firmware image.\n",
317 		       opt.fw_img, opt.dev);
318 	else if (opt.activate)
319 		printf("You are about to activate a new firmware "
320 		       "image on controller %s.\n"
321 		       "This may damage your controller.\n",
322 		       opt.dev);
323 	else if (opt.fw_img != NULL)
324 		printf("You are about to download firmware image "
325 		       "(%s) to controller %s.\n"
326 		       "This may damage your controller and/or "
327 		       "overwrite an existing firmware image.\n",
328 		       opt.fw_img, opt.dev);
329 
330 	printf("Are you sure you want to continue? (yes/no) ");
331 	while (1) {
332 		fgets(prompt, sizeof(prompt), stdin);
333 		if (strncasecmp(prompt, "yes", 3) == 0)
334 			break;
335 		if (strncasecmp(prompt, "no", 2) == 0)
336 			exit(EX_DATAERR);
337 		printf("Please answer \"yes\" or \"no\". ");
338 	}
339 
340 	if (opt.fw_img != NULL) {
341 		update_firmware(fd, buf, size, cdata.fwug);
342 		if (opt.activate)
343 			activate_action = NVME_AA_REPLACE_ACTIVATE;
344 		else
345 			activate_action = NVME_AA_REPLACE_NO_ACTIVATE;
346 	} else {
347 		activate_action = NVME_AA_ACTIVATE;
348 	}
349 
350 	reboot_required = activate_firmware(fd, opt.slot, activate_action);
351 
352 	if (opt.activate) {
353 		if (reboot_required) {
354 			printf("New firmware image activated but requires "
355 			       "conventional reset (i.e. reboot) to "
356 			       "complete activation.\n");
357 		} else {
358 			printf("New firmware image activated and will take "
359 			       "effect after next controller reset.\n"
360 			       "Controller reset can be initiated via "
361 			       "'nvmecontrol reset %s'\n",
362 			       opt.dev);
363 		}
364 	}
365 
366 	close(fd);
367 	exit(0);
368 }
369