xref: /illumos-gate/usr/src/cmd/bhyve/common/bootrom.c (revision 3fe455549728ac525df3be56130ad8e075d645d7) 
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2015 Neel Natu <neel@freebsd.org>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include <sys/param.h>
30 
31 #include <sys/types.h>
32 #include <sys/mman.h>
33 #include <sys/stat.h>
34 
35 #include <machine/vmm.h>
36 
37 #include <err.h>
38 #include <errno.h>
39 #include <fcntl.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <unistd.h>
44 #include <stdbool.h>
45 
46 #include <vmmapi.h>
47 
48 #include "bhyverun.h"
49 #include "bootrom.h"
50 #include "debug.h"
51 #include "mem.h"
52 
53 #define	BOOTROM_SIZE	(16 * 1024 * 1024)	/* 16 MB */
54 
55 /*
56  * ROM region is 16 MB at the top of 4GB ("low") memory.
57  *
58  * The size is limited so it doesn't encroach into reserved MMIO space (e.g.,
59  * APIC, HPET, MSI).
60  *
61  * It is allocated in page-multiple blocks on a first-come first-serve basis,
62  * from high to low, during initialization, and does not change at runtime.
63  */
64 static char *romptr;	/* Pointer to userspace-mapped bootrom region. */
65 static vm_paddr_t gpa_base;	/* GPA of low end of region. */
66 static vm_paddr_t gpa_allocbot;	/* Low GPA of free region. */
67 static vm_paddr_t gpa_alloctop;	/* High GPA, minus 1, of free region. */
68 
69 #define CFI_BCS_WRITE_BYTE      0x10
70 #define CFI_BCS_CLEAR_STATUS    0x50
71 #define CFI_BCS_READ_STATUS     0x70
72 #define CFI_BCS_READ_ARRAY      0xff
73 
74 static struct bootrom_var_state {
75 	uint8_t		*mmap;
76 	uint64_t	gpa;
77 	off_t		size;
78 	uint8_t		cmd;
79 } var = { NULL, 0, 0, CFI_BCS_READ_ARRAY };
80 
81 /*
82  * Emulate just those CFI basic commands that will convince EDK II
83  * that the Firmware Volume area is writable and persistent.
84  */
85 static int
86 bootrom_var_mem_handler(struct vcpu *vcpu __unused, int dir, uint64_t addr,
87     int size, uint64_t *val, void *arg1 __unused, long arg2 __unused)
88 {
89 	off_t offset;
90 
91 	offset = addr - var.gpa;
92 	if (offset + size > var.size || offset < 0 || offset + size <= offset)
93 		return (EINVAL);
94 
95 	if (dir == MEM_F_WRITE) {
96 		switch (var.cmd) {
97 		case CFI_BCS_WRITE_BYTE:
98 			memcpy(var.mmap + offset, val, size);
99 			var.cmd = CFI_BCS_READ_ARRAY;
100 			break;
101 		default:
102 			var.cmd = *(uint8_t *)val;
103 		}
104 	} else {
105 		switch (var.cmd) {
106 		case CFI_BCS_CLEAR_STATUS:
107 		case CFI_BCS_READ_STATUS:
108 			memset(val, 0, size);
109 			var.cmd = CFI_BCS_READ_ARRAY;
110 			break;
111 		default:
112 			memcpy(val, var.mmap + offset, size);
113 			break;
114 		}
115 	}
116 	return (0);
117 }
118 
119 void
120 init_bootrom(struct vmctx *ctx)
121 {
122 	vm_paddr_t highmem;
123 
124 	romptr = vm_create_devmem(ctx, VM_BOOTROM, "bootrom", BOOTROM_SIZE);
125 	if (romptr == MAP_FAILED)
126 		err(4, "%s: vm_create_devmem", __func__);
127 	highmem = vm_get_highmem_base(ctx);
128 	gpa_base = highmem - BOOTROM_SIZE;
129 	gpa_allocbot = gpa_base;
130 	gpa_alloctop = highmem - 1;
131 }
132 
133 int
134 bootrom_alloc(struct vmctx *ctx, size_t len, int prot, int flags,
135     char **region_out, uint64_t *gpa_out)
136 {
137 	static const int bootrom_valid_flags = BOOTROM_ALLOC_TOP;
138 
139 	vm_paddr_t gpa;
140 	vm_ooffset_t segoff;
141 
142 	if (flags & ~bootrom_valid_flags) {
143 		warnx("%s: Invalid flags: %x", __func__,
144 		    flags & ~bootrom_valid_flags);
145 		return (EINVAL);
146 	}
147 	if (prot & ~_PROT_ALL) {
148 		warnx("%s: Invalid protection: %x", __func__,
149 		    prot & ~_PROT_ALL);
150 		return (EINVAL);
151 	}
152 
153 	if (len == 0 || len > BOOTROM_SIZE) {
154 		warnx("ROM size %zu is invalid", len);
155 		return (EINVAL);
156 	}
157 	if (len & PAGE_MASK) {
158 		warnx("ROM size %zu is not a multiple of the page size",
159 		    len);
160 		return (EINVAL);
161 	}
162 
163 	if (flags & BOOTROM_ALLOC_TOP) {
164 		gpa = (gpa_alloctop - len) + 1;
165 		if (gpa < gpa_allocbot) {
166 			warnx("No room for %zu ROM in bootrom region", len);
167 			return (ENOMEM);
168 		}
169 	} else {
170 		gpa = gpa_allocbot;
171 		if (gpa > (gpa_alloctop - len) + 1) {
172 			warnx("No room for %zu ROM in bootrom region", len);
173 			return (ENOMEM);
174 		}
175 	}
176 
177 	segoff = gpa - gpa_base;
178 	if (vm_mmap_memseg(ctx, gpa, VM_BOOTROM, segoff, len, prot) != 0) {
179 		int serrno = errno;
180 		warn("%s: vm_mmap_mapseg", __func__);
181 		return (serrno);
182 	}
183 
184 	if (flags & BOOTROM_ALLOC_TOP)
185 		gpa_alloctop = gpa - 1;
186 	else
187 		gpa_allocbot = gpa + len;
188 
189 	*region_out = romptr + segoff;
190 	if (gpa_out != NULL)
191 		*gpa_out = gpa;
192 	return (0);
193 }
194 
195 int
196 bootrom_loadrom(struct vmctx *ctx)
197 {
198 	struct stat sbuf;
199 	ssize_t rlen;
200 	off_t rom_size, var_size, total_size;
201 	char *ptr, *romfile;
202 	int fd, varfd, i, rv;
203 	const char *bootrom, *varfile;
204 
205 	rv = -1;
206 	varfd = -1;
207 
208 	bootrom = get_config_value("bootrom");
209 	if (bootrom == NULL) {
210 		return (0);
211 	}
212 
213 	/*
214 	 * get_config_value_node may use a thread local buffer to return
215 	 * variables. So, when we query the second variable, the first variable
216 	 * might get overwritten. For that reason, the bootrom should be
217 	 * duplicated.
218 	 */
219 	romfile = strdup(bootrom);
220 	if (romfile == NULL) {
221 		return (-1);
222 	}
223 
224 	fd = open(romfile, O_RDONLY);
225 	if (fd < 0) {
226 		EPRINTLN("Error opening bootrom \"%s\": %s",
227 		    romfile, strerror(errno));
228 		goto done;
229 	}
230 
231 	if (fstat(fd, &sbuf) < 0) {
232 		EPRINTLN("Could not fstat bootrom file \"%s\": %s", romfile,
233 		    strerror(errno));
234 		goto done;
235 	}
236 
237 	rom_size = sbuf.st_size;
238 
239 	varfile = get_config_value("bootvars");
240 	var_size = 0;
241 	if (varfile != NULL) {
242 		varfd = open(varfile, O_RDWR);
243 		if (varfd < 0) {
244 			EPRINTLN("Error opening bootrom variable file "
245 			    "\"%s\": %s", varfile, strerror(errno));
246 			goto done;
247 		}
248 
249 		if (fstat(varfd, &sbuf) < 0) {
250 			EPRINTLN(
251 			    "Could not fstat bootrom variable file \"%s\": %s",
252 			    varfile, strerror(errno));
253 			goto done;
254 		}
255 
256 		var_size = sbuf.st_size;
257 	}
258 
259 	if (var_size > BOOTROM_SIZE ||
260 	    (var_size != 0 && var_size < PAGE_SIZE)) {
261 		EPRINTLN("Invalid bootrom variable size %ld",
262 		    var_size);
263 		goto done;
264 	}
265 
266 	total_size = rom_size + var_size;
267 
268 	if (total_size > BOOTROM_SIZE) {
269 		EPRINTLN("Invalid bootrom and variable aggregate size %ld",
270 		    total_size);
271 		goto done;
272 	}
273 
274 	/* Map the bootrom into the guest address space */
275 	if (bootrom_alloc(ctx, rom_size, PROT_READ | PROT_EXEC,
276 	    BOOTROM_ALLOC_TOP, &ptr, NULL) != 0) {
277 		goto done;
278 	}
279 
280 	/* Read 'romfile' into the guest address space */
281 	for (i = 0; i < rom_size / PAGE_SIZE; i++) {
282 		rlen = read(fd, ptr + i * PAGE_SIZE, PAGE_SIZE);
283 		if (rlen != PAGE_SIZE) {
284 			EPRINTLN("Incomplete read of page %d of bootrom "
285 			    "file %s: %ld bytes", i, romfile, rlen);
286 			goto done;
287 		}
288 	}
289 
290 	if (varfd >= 0) {
291 #ifdef __FreeBSD__
292 		var.mmap = mmap(NULL, var_size, PROT_READ | PROT_WRITE,
293 		    MAP_SHARED, varfd, 0);
294 #else
295 		var.mmap = (uint8_t *)mmap(NULL, var_size,
296 		    PROT_READ | PROT_WRITE, MAP_SHARED, varfd, 0);
297 #endif
298 		if (var.mmap == MAP_FAILED)
299 			goto done;
300 		var.size = var_size;
301 		var.gpa = (gpa_alloctop - var_size) + 1;
302 		gpa_alloctop = var.gpa - 1;
303 		rv = register_mem(&(struct mem_range){
304 		    .name = "bootrom variable",
305 		    .flags = MEM_F_RW,
306 		    .handler = bootrom_var_mem_handler,
307 		    .base = var.gpa,
308 		    .size = var.size,
309 		});
310 		if (rv != 0)
311 			goto done;
312 	}
313 
314 	rv = 0;
315 done:
316 	if (varfd >= 0)
317 		close(varfd);
318 	if (fd >= 0)
319 		close(fd);
320 	free(romfile);
321 	return (rv);
322 }
323 
324 /*
325  * Are we relying on a bootrom to initialize the guest's CPU context?
326  */
327 bool
328 bootrom_boot(void)
329 {
330 	return (get_config_value("bootrom") != NULL);
331 }
332