1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Procedures for interfacing to the RTAS on CHRP machines. 5 * 6 * Peter Bergner, IBM March 2001. 7 * Copyright (C) 2001 IBM. 8 */ 9 10 #define pr_fmt(fmt) "rtas: " fmt 11 12 #include <linux/bsearch.h> 13 #include <linux/capability.h> 14 #include <linux/delay.h> 15 #include <linux/export.h> 16 #include <linux/init.h> 17 #include <linux/kconfig.h> 18 #include <linux/kernel.h> 19 #include <linux/lockdep.h> 20 #include <linux/memblock.h> 21 #include <linux/mutex.h> 22 #include <linux/of.h> 23 #include <linux/of_fdt.h> 24 #include <linux/reboot.h> 25 #include <linux/sched.h> 26 #include <linux/security.h> 27 #include <linux/slab.h> 28 #include <linux/spinlock.h> 29 #include <linux/stdarg.h> 30 #include <linux/syscalls.h> 31 #include <linux/types.h> 32 #include <linux/uaccess.h> 33 #include <linux/xarray.h> 34 35 #include <asm/delay.h> 36 #include <asm/firmware.h> 37 #include <asm/interrupt.h> 38 #include <asm/machdep.h> 39 #include <asm/mmu.h> 40 #include <asm/page.h> 41 #include <asm/rtas-work-area.h> 42 #include <asm/rtas.h> 43 #include <asm/time.h> 44 #include <asm/trace.h> 45 #include <asm/udbg.h> 46 47 struct rtas_filter { 48 /* Indexes into the args buffer, -1 if not used */ 49 const int buf_idx1; 50 const int size_idx1; 51 const int buf_idx2; 52 const int size_idx2; 53 /* 54 * Assumed buffer size per the spec if the function does not 55 * have a size parameter, e.g. ibm,errinjct. 0 if unused. 56 */ 57 const int fixed_size; 58 }; 59 60 /** 61 * struct rtas_function - Descriptor for RTAS functions. 62 * 63 * @token: Value of @name if it exists under the /rtas node. 64 * @name: Function name. 65 * @filter: If non-NULL, invoking this function via the rtas syscall is 66 * generally allowed, and @filter describes constraints on the 67 * arguments. See also @banned_for_syscall_on_le. 68 * @banned_for_syscall_on_le: Set when call via sys_rtas is generally allowed 69 * but specifically restricted on ppc64le. Such 70 * functions are believed to have no users on 71 * ppc64le, and we want to keep it that way. It does 72 * not make sense for this to be set when @filter 73 * is NULL. 74 * @lock: Pointer to an optional dedicated per-function mutex. This 75 * should be set for functions that require multiple calls in 76 * sequence to complete a single operation, and such sequences 77 * will disrupt each other if allowed to interleave. Users of 78 * this function are required to hold the associated lock for 79 * the duration of the call sequence. Add an explanatory 80 * comment to the function table entry if setting this member. 81 */ 82 struct rtas_function { 83 s32 token; 84 const bool banned_for_syscall_on_le:1; 85 const char * const name; 86 const struct rtas_filter *filter; 87 struct mutex *lock; 88 }; 89 90 /* 91 * Per-function locks for sequence-based RTAS functions. 92 */ 93 static DEFINE_MUTEX(rtas_ibm_activate_firmware_lock); 94 static DEFINE_MUTEX(rtas_ibm_get_dynamic_sensor_state_lock); 95 static DEFINE_MUTEX(rtas_ibm_get_indices_lock); 96 static DEFINE_MUTEX(rtas_ibm_lpar_perftools_lock); 97 static DEFINE_MUTEX(rtas_ibm_physical_attestation_lock); 98 static DEFINE_MUTEX(rtas_ibm_set_dynamic_indicator_lock); 99 DEFINE_MUTEX(rtas_ibm_get_vpd_lock); 100 101 static struct rtas_function rtas_function_table[] __ro_after_init = { 102 [RTAS_FNIDX__CHECK_EXCEPTION] = { 103 .name = "check-exception", 104 }, 105 [RTAS_FNIDX__DISPLAY_CHARACTER] = { 106 .name = "display-character", 107 .filter = &(const struct rtas_filter) { 108 .buf_idx1 = -1, .size_idx1 = -1, 109 .buf_idx2 = -1, .size_idx2 = -1, 110 }, 111 }, 112 [RTAS_FNIDX__EVENT_SCAN] = { 113 .name = "event-scan", 114 }, 115 [RTAS_FNIDX__FREEZE_TIME_BASE] = { 116 .name = "freeze-time-base", 117 }, 118 [RTAS_FNIDX__GET_POWER_LEVEL] = { 119 .name = "get-power-level", 120 .filter = &(const struct rtas_filter) { 121 .buf_idx1 = -1, .size_idx1 = -1, 122 .buf_idx2 = -1, .size_idx2 = -1, 123 }, 124 }, 125 [RTAS_FNIDX__GET_SENSOR_STATE] = { 126 .name = "get-sensor-state", 127 .filter = &(const struct rtas_filter) { 128 .buf_idx1 = -1, .size_idx1 = -1, 129 .buf_idx2 = -1, .size_idx2 = -1, 130 }, 131 }, 132 [RTAS_FNIDX__GET_TERM_CHAR] = { 133 .name = "get-term-char", 134 }, 135 [RTAS_FNIDX__GET_TIME_OF_DAY] = { 136 .name = "get-time-of-day", 137 .filter = &(const struct rtas_filter) { 138 .buf_idx1 = -1, .size_idx1 = -1, 139 .buf_idx2 = -1, .size_idx2 = -1, 140 }, 141 }, 142 [RTAS_FNIDX__IBM_ACTIVATE_FIRMWARE] = { 143 .name = "ibm,activate-firmware", 144 .filter = &(const struct rtas_filter) { 145 .buf_idx1 = -1, .size_idx1 = -1, 146 .buf_idx2 = -1, .size_idx2 = -1, 147 }, 148 /* 149 * PAPR+ as of v2.13 doesn't explicitly impose any 150 * restriction, but this typically requires multiple 151 * calls before success, and there's no reason to 152 * allow sequences to interleave. 153 */ 154 .lock = &rtas_ibm_activate_firmware_lock, 155 }, 156 [RTAS_FNIDX__IBM_CBE_START_PTCAL] = { 157 .name = "ibm,cbe-start-ptcal", 158 }, 159 [RTAS_FNIDX__IBM_CBE_STOP_PTCAL] = { 160 .name = "ibm,cbe-stop-ptcal", 161 }, 162 [RTAS_FNIDX__IBM_CHANGE_MSI] = { 163 .name = "ibm,change-msi", 164 }, 165 [RTAS_FNIDX__IBM_CLOSE_ERRINJCT] = { 166 .name = "ibm,close-errinjct", 167 .filter = &(const struct rtas_filter) { 168 .buf_idx1 = -1, .size_idx1 = -1, 169 .buf_idx2 = -1, .size_idx2 = -1, 170 }, 171 }, 172 [RTAS_FNIDX__IBM_CONFIGURE_BRIDGE] = { 173 .name = "ibm,configure-bridge", 174 }, 175 [RTAS_FNIDX__IBM_CONFIGURE_CONNECTOR] = { 176 .name = "ibm,configure-connector", 177 .filter = &(const struct rtas_filter) { 178 .buf_idx1 = 0, .size_idx1 = -1, 179 .buf_idx2 = 1, .size_idx2 = -1, 180 .fixed_size = 4096, 181 }, 182 }, 183 [RTAS_FNIDX__IBM_CONFIGURE_KERNEL_DUMP] = { 184 .name = "ibm,configure-kernel-dump", 185 }, 186 [RTAS_FNIDX__IBM_CONFIGURE_PE] = { 187 .name = "ibm,configure-pe", 188 }, 189 [RTAS_FNIDX__IBM_CREATE_PE_DMA_WINDOW] = { 190 .name = "ibm,create-pe-dma-window", 191 }, 192 [RTAS_FNIDX__IBM_DISPLAY_MESSAGE] = { 193 .name = "ibm,display-message", 194 .filter = &(const struct rtas_filter) { 195 .buf_idx1 = 0, .size_idx1 = -1, 196 .buf_idx2 = -1, .size_idx2 = -1, 197 }, 198 }, 199 [RTAS_FNIDX__IBM_ERRINJCT] = { 200 .name = "ibm,errinjct", 201 .filter = &(const struct rtas_filter) { 202 .buf_idx1 = 2, .size_idx1 = -1, 203 .buf_idx2 = -1, .size_idx2 = -1, 204 .fixed_size = 1024, 205 }, 206 }, 207 [RTAS_FNIDX__IBM_EXTI2C] = { 208 .name = "ibm,exti2c", 209 }, 210 [RTAS_FNIDX__IBM_GET_CONFIG_ADDR_INFO] = { 211 .name = "ibm,get-config-addr-info", 212 }, 213 [RTAS_FNIDX__IBM_GET_CONFIG_ADDR_INFO2] = { 214 .name = "ibm,get-config-addr-info2", 215 .filter = &(const struct rtas_filter) { 216 .buf_idx1 = -1, .size_idx1 = -1, 217 .buf_idx2 = -1, .size_idx2 = -1, 218 }, 219 }, 220 [RTAS_FNIDX__IBM_GET_DYNAMIC_SENSOR_STATE] = { 221 .name = "ibm,get-dynamic-sensor-state", 222 .filter = &(const struct rtas_filter) { 223 .buf_idx1 = 1, .size_idx1 = -1, 224 .buf_idx2 = -1, .size_idx2 = -1, 225 }, 226 /* 227 * PAPR+ v2.13 R1–7.3.19–3 is explicit that the OS 228 * must not call ibm,get-dynamic-sensor-state with 229 * different inputs until a non-retry status has been 230 * returned. 231 */ 232 .lock = &rtas_ibm_get_dynamic_sensor_state_lock, 233 }, 234 [RTAS_FNIDX__IBM_GET_INDICES] = { 235 .name = "ibm,get-indices", 236 .filter = &(const struct rtas_filter) { 237 .buf_idx1 = 2, .size_idx1 = 3, 238 .buf_idx2 = -1, .size_idx2 = -1, 239 }, 240 /* 241 * PAPR+ v2.13 R1–7.3.17–2 says that the OS must not 242 * interleave ibm,get-indices call sequences with 243 * different inputs. 244 */ 245 .lock = &rtas_ibm_get_indices_lock, 246 }, 247 [RTAS_FNIDX__IBM_GET_RIO_TOPOLOGY] = { 248 .name = "ibm,get-rio-topology", 249 }, 250 [RTAS_FNIDX__IBM_GET_SYSTEM_PARAMETER] = { 251 .name = "ibm,get-system-parameter", 252 .filter = &(const struct rtas_filter) { 253 .buf_idx1 = 1, .size_idx1 = 2, 254 .buf_idx2 = -1, .size_idx2 = -1, 255 }, 256 }, 257 [RTAS_FNIDX__IBM_GET_VPD] = { 258 .name = "ibm,get-vpd", 259 .filter = &(const struct rtas_filter) { 260 .buf_idx1 = 0, .size_idx1 = -1, 261 .buf_idx2 = 1, .size_idx2 = 2, 262 }, 263 /* 264 * PAPR+ v2.13 R1–7.3.20–4 indicates that sequences 265 * should not be allowed to interleave. 266 */ 267 .lock = &rtas_ibm_get_vpd_lock, 268 }, 269 [RTAS_FNIDX__IBM_GET_XIVE] = { 270 .name = "ibm,get-xive", 271 }, 272 [RTAS_FNIDX__IBM_INT_OFF] = { 273 .name = "ibm,int-off", 274 }, 275 [RTAS_FNIDX__IBM_INT_ON] = { 276 .name = "ibm,int-on", 277 }, 278 [RTAS_FNIDX__IBM_IO_QUIESCE_ACK] = { 279 .name = "ibm,io-quiesce-ack", 280 }, 281 [RTAS_FNIDX__IBM_LPAR_PERFTOOLS] = { 282 .name = "ibm,lpar-perftools", 283 .filter = &(const struct rtas_filter) { 284 .buf_idx1 = 2, .size_idx1 = 3, 285 .buf_idx2 = -1, .size_idx2 = -1, 286 }, 287 /* 288 * PAPR+ v2.13 R1–7.3.26–6 says the OS should allow 289 * only one call sequence in progress at a time. 290 */ 291 .lock = &rtas_ibm_lpar_perftools_lock, 292 }, 293 [RTAS_FNIDX__IBM_MANAGE_FLASH_IMAGE] = { 294 .name = "ibm,manage-flash-image", 295 }, 296 [RTAS_FNIDX__IBM_MANAGE_STORAGE_PRESERVATION] = { 297 .name = "ibm,manage-storage-preservation", 298 }, 299 [RTAS_FNIDX__IBM_NMI_INTERLOCK] = { 300 .name = "ibm,nmi-interlock", 301 }, 302 [RTAS_FNIDX__IBM_NMI_REGISTER] = { 303 .name = "ibm,nmi-register", 304 }, 305 [RTAS_FNIDX__IBM_OPEN_ERRINJCT] = { 306 .name = "ibm,open-errinjct", 307 .filter = &(const struct rtas_filter) { 308 .buf_idx1 = -1, .size_idx1 = -1, 309 .buf_idx2 = -1, .size_idx2 = -1, 310 }, 311 }, 312 [RTAS_FNIDX__IBM_OPEN_SRIOV_ALLOW_UNFREEZE] = { 313 .name = "ibm,open-sriov-allow-unfreeze", 314 }, 315 [RTAS_FNIDX__IBM_OPEN_SRIOV_MAP_PE_NUMBER] = { 316 .name = "ibm,open-sriov-map-pe-number", 317 }, 318 [RTAS_FNIDX__IBM_OS_TERM] = { 319 .name = "ibm,os-term", 320 }, 321 [RTAS_FNIDX__IBM_PARTNER_CONTROL] = { 322 .name = "ibm,partner-control", 323 }, 324 [RTAS_FNIDX__IBM_PHYSICAL_ATTESTATION] = { 325 .name = "ibm,physical-attestation", 326 .filter = &(const struct rtas_filter) { 327 .buf_idx1 = 0, .size_idx1 = 1, 328 .buf_idx2 = -1, .size_idx2 = -1, 329 }, 330 /* 331 * This follows a sequence-based pattern similar to 332 * ibm,get-vpd et al. Since PAPR+ restricts 333 * interleaving call sequences for other functions of 334 * this style, assume the restriction applies here, 335 * even though it's not explicit in the spec. 336 */ 337 .lock = &rtas_ibm_physical_attestation_lock, 338 }, 339 [RTAS_FNIDX__IBM_PLATFORM_DUMP] = { 340 .name = "ibm,platform-dump", 341 .filter = &(const struct rtas_filter) { 342 .buf_idx1 = 4, .size_idx1 = 5, 343 .buf_idx2 = -1, .size_idx2 = -1, 344 }, 345 /* 346 * PAPR+ v2.13 7.3.3.4.1 indicates that concurrent 347 * sequences of ibm,platform-dump are allowed if they 348 * are operating on different dump tags. So leave the 349 * lock pointer unset for now. This may need 350 * reconsideration if kernel-internal users appear. 351 */ 352 }, 353 [RTAS_FNIDX__IBM_POWER_OFF_UPS] = { 354 .name = "ibm,power-off-ups", 355 }, 356 [RTAS_FNIDX__IBM_QUERY_INTERRUPT_SOURCE_NUMBER] = { 357 .name = "ibm,query-interrupt-source-number", 358 }, 359 [RTAS_FNIDX__IBM_QUERY_PE_DMA_WINDOW] = { 360 .name = "ibm,query-pe-dma-window", 361 }, 362 [RTAS_FNIDX__IBM_READ_PCI_CONFIG] = { 363 .name = "ibm,read-pci-config", 364 }, 365 [RTAS_FNIDX__IBM_READ_SLOT_RESET_STATE] = { 366 .name = "ibm,read-slot-reset-state", 367 .filter = &(const struct rtas_filter) { 368 .buf_idx1 = -1, .size_idx1 = -1, 369 .buf_idx2 = -1, .size_idx2 = -1, 370 }, 371 }, 372 [RTAS_FNIDX__IBM_READ_SLOT_RESET_STATE2] = { 373 .name = "ibm,read-slot-reset-state2", 374 }, 375 [RTAS_FNIDX__IBM_REMOVE_PE_DMA_WINDOW] = { 376 .name = "ibm,remove-pe-dma-window", 377 }, 378 [RTAS_FNIDX__IBM_RESET_PE_DMA_WINDOWS] = { 379 .name = "ibm,reset-pe-dma-windows", 380 }, 381 [RTAS_FNIDX__IBM_SCAN_LOG_DUMP] = { 382 .name = "ibm,scan-log-dump", 383 .filter = &(const struct rtas_filter) { 384 .buf_idx1 = 0, .size_idx1 = 1, 385 .buf_idx2 = -1, .size_idx2 = -1, 386 }, 387 }, 388 [RTAS_FNIDX__IBM_SET_DYNAMIC_INDICATOR] = { 389 .name = "ibm,set-dynamic-indicator", 390 .filter = &(const struct rtas_filter) { 391 .buf_idx1 = 2, .size_idx1 = -1, 392 .buf_idx2 = -1, .size_idx2 = -1, 393 }, 394 /* 395 * PAPR+ v2.13 R1–7.3.18–3 says the OS must not call 396 * this function with different inputs until a 397 * non-retry status has been returned. 398 */ 399 .lock = &rtas_ibm_set_dynamic_indicator_lock, 400 }, 401 [RTAS_FNIDX__IBM_SET_EEH_OPTION] = { 402 .name = "ibm,set-eeh-option", 403 .filter = &(const struct rtas_filter) { 404 .buf_idx1 = -1, .size_idx1 = -1, 405 .buf_idx2 = -1, .size_idx2 = -1, 406 }, 407 }, 408 [RTAS_FNIDX__IBM_SET_SLOT_RESET] = { 409 .name = "ibm,set-slot-reset", 410 }, 411 [RTAS_FNIDX__IBM_SET_SYSTEM_PARAMETER] = { 412 .name = "ibm,set-system-parameter", 413 .filter = &(const struct rtas_filter) { 414 .buf_idx1 = 1, .size_idx1 = -1, 415 .buf_idx2 = -1, .size_idx2 = -1, 416 }, 417 }, 418 [RTAS_FNIDX__IBM_SET_XIVE] = { 419 .name = "ibm,set-xive", 420 }, 421 [RTAS_FNIDX__IBM_SLOT_ERROR_DETAIL] = { 422 .name = "ibm,slot-error-detail", 423 }, 424 [RTAS_FNIDX__IBM_SUSPEND_ME] = { 425 .name = "ibm,suspend-me", 426 .banned_for_syscall_on_le = true, 427 .filter = &(const struct rtas_filter) { 428 .buf_idx1 = -1, .size_idx1 = -1, 429 .buf_idx2 = -1, .size_idx2 = -1, 430 }, 431 }, 432 [RTAS_FNIDX__IBM_TUNE_DMA_PARMS] = { 433 .name = "ibm,tune-dma-parms", 434 }, 435 [RTAS_FNIDX__IBM_UPDATE_FLASH_64_AND_REBOOT] = { 436 .name = "ibm,update-flash-64-and-reboot", 437 }, 438 [RTAS_FNIDX__IBM_UPDATE_NODES] = { 439 .name = "ibm,update-nodes", 440 .banned_for_syscall_on_le = true, 441 .filter = &(const struct rtas_filter) { 442 .buf_idx1 = 0, .size_idx1 = -1, 443 .buf_idx2 = -1, .size_idx2 = -1, 444 .fixed_size = 4096, 445 }, 446 }, 447 [RTAS_FNIDX__IBM_UPDATE_PROPERTIES] = { 448 .name = "ibm,update-properties", 449 .banned_for_syscall_on_le = true, 450 .filter = &(const struct rtas_filter) { 451 .buf_idx1 = 0, .size_idx1 = -1, 452 .buf_idx2 = -1, .size_idx2 = -1, 453 .fixed_size = 4096, 454 }, 455 }, 456 [RTAS_FNIDX__IBM_VALIDATE_FLASH_IMAGE] = { 457 .name = "ibm,validate-flash-image", 458 }, 459 [RTAS_FNIDX__IBM_WRITE_PCI_CONFIG] = { 460 .name = "ibm,write-pci-config", 461 }, 462 [RTAS_FNIDX__NVRAM_FETCH] = { 463 .name = "nvram-fetch", 464 }, 465 [RTAS_FNIDX__NVRAM_STORE] = { 466 .name = "nvram-store", 467 }, 468 [RTAS_FNIDX__POWER_OFF] = { 469 .name = "power-off", 470 }, 471 [RTAS_FNIDX__PUT_TERM_CHAR] = { 472 .name = "put-term-char", 473 }, 474 [RTAS_FNIDX__QUERY_CPU_STOPPED_STATE] = { 475 .name = "query-cpu-stopped-state", 476 }, 477 [RTAS_FNIDX__READ_PCI_CONFIG] = { 478 .name = "read-pci-config", 479 }, 480 [RTAS_FNIDX__RTAS_LAST_ERROR] = { 481 .name = "rtas-last-error", 482 }, 483 [RTAS_FNIDX__SET_INDICATOR] = { 484 .name = "set-indicator", 485 .filter = &(const struct rtas_filter) { 486 .buf_idx1 = -1, .size_idx1 = -1, 487 .buf_idx2 = -1, .size_idx2 = -1, 488 }, 489 }, 490 [RTAS_FNIDX__SET_POWER_LEVEL] = { 491 .name = "set-power-level", 492 .filter = &(const struct rtas_filter) { 493 .buf_idx1 = -1, .size_idx1 = -1, 494 .buf_idx2 = -1, .size_idx2 = -1, 495 }, 496 }, 497 [RTAS_FNIDX__SET_TIME_FOR_POWER_ON] = { 498 .name = "set-time-for-power-on", 499 .filter = &(const struct rtas_filter) { 500 .buf_idx1 = -1, .size_idx1 = -1, 501 .buf_idx2 = -1, .size_idx2 = -1, 502 }, 503 }, 504 [RTAS_FNIDX__SET_TIME_OF_DAY] = { 505 .name = "set-time-of-day", 506 .filter = &(const struct rtas_filter) { 507 .buf_idx1 = -1, .size_idx1 = -1, 508 .buf_idx2 = -1, .size_idx2 = -1, 509 }, 510 }, 511 [RTAS_FNIDX__START_CPU] = { 512 .name = "start-cpu", 513 }, 514 [RTAS_FNIDX__STOP_SELF] = { 515 .name = "stop-self", 516 }, 517 [RTAS_FNIDX__SYSTEM_REBOOT] = { 518 .name = "system-reboot", 519 }, 520 [RTAS_FNIDX__THAW_TIME_BASE] = { 521 .name = "thaw-time-base", 522 }, 523 [RTAS_FNIDX__WRITE_PCI_CONFIG] = { 524 .name = "write-pci-config", 525 }, 526 }; 527 528 #define for_each_rtas_function(funcp) \ 529 for (funcp = &rtas_function_table[0]; \ 530 funcp < &rtas_function_table[ARRAY_SIZE(rtas_function_table)]; \ 531 ++funcp) 532 533 /* 534 * Nearly all RTAS calls need to be serialized. All uses of the 535 * default rtas_args block must hold rtas_lock. 536 * 537 * Exceptions to the RTAS serialization requirement (e.g. stop-self) 538 * must use a separate rtas_args structure. 539 */ 540 static DEFINE_RAW_SPINLOCK(rtas_lock); 541 static struct rtas_args rtas_args; 542 543 /** 544 * rtas_function_token() - RTAS function token lookup. 545 * @handle: Function handle, e.g. RTAS_FN_EVENT_SCAN. 546 * 547 * Context: Any context. 548 * Return: the token value for the function if implemented by this platform, 549 * otherwise RTAS_UNKNOWN_SERVICE. 550 */ 551 s32 rtas_function_token(const rtas_fn_handle_t handle) 552 { 553 const size_t index = handle.index; 554 const bool out_of_bounds = index >= ARRAY_SIZE(rtas_function_table); 555 556 if (WARN_ONCE(out_of_bounds, "invalid function index %zu", index)) 557 return RTAS_UNKNOWN_SERVICE; 558 /* 559 * Various drivers attempt token lookups on non-RTAS 560 * platforms. 561 */ 562 if (!rtas.dev) 563 return RTAS_UNKNOWN_SERVICE; 564 565 return rtas_function_table[index].token; 566 } 567 EXPORT_SYMBOL_GPL(rtas_function_token); 568 569 static int rtas_function_cmp(const void *a, const void *b) 570 { 571 const struct rtas_function *f1 = a; 572 const struct rtas_function *f2 = b; 573 574 return strcmp(f1->name, f2->name); 575 } 576 577 /* 578 * Boot-time initialization of the function table needs the lookup to 579 * return a non-const-qualified object. Use rtas_name_to_function() 580 * in all other contexts. 581 */ 582 static struct rtas_function *__rtas_name_to_function(const char *name) 583 { 584 const struct rtas_function key = { 585 .name = name, 586 }; 587 struct rtas_function *found; 588 589 found = bsearch(&key, rtas_function_table, ARRAY_SIZE(rtas_function_table), 590 sizeof(rtas_function_table[0]), rtas_function_cmp); 591 592 return found; 593 } 594 595 static const struct rtas_function *rtas_name_to_function(const char *name) 596 { 597 return __rtas_name_to_function(name); 598 } 599 600 static DEFINE_XARRAY(rtas_token_to_function_xarray); 601 602 static int __init rtas_token_to_function_xarray_init(void) 603 { 604 const struct rtas_function *func; 605 int err = 0; 606 607 for_each_rtas_function(func) { 608 const s32 token = func->token; 609 610 if (token == RTAS_UNKNOWN_SERVICE) 611 continue; 612 613 err = xa_err(xa_store(&rtas_token_to_function_xarray, 614 token, (void *)func, GFP_KERNEL)); 615 if (err) 616 break; 617 } 618 619 return err; 620 } 621 arch_initcall(rtas_token_to_function_xarray_init); 622 623 /* 624 * For use by sys_rtas(), where the token value is provided by user 625 * space and we don't want to warn on failed lookups. 626 */ 627 static const struct rtas_function *rtas_token_to_function_untrusted(s32 token) 628 { 629 return xa_load(&rtas_token_to_function_xarray, token); 630 } 631 632 /* 633 * Reverse lookup for deriving the function descriptor from a 634 * known-good token value in contexts where the former is not already 635 * available. @token must be valid, e.g. derived from the result of a 636 * prior lookup against the function table. 637 */ 638 static const struct rtas_function *rtas_token_to_function(s32 token) 639 { 640 const struct rtas_function *func; 641 642 if (WARN_ONCE(token < 0, "invalid token %d", token)) 643 return NULL; 644 645 func = rtas_token_to_function_untrusted(token); 646 if (func) 647 return func; 648 /* 649 * Fall back to linear scan in case the reverse mapping hasn't 650 * been initialized yet. 651 */ 652 if (xa_empty(&rtas_token_to_function_xarray)) { 653 for_each_rtas_function(func) { 654 if (func->token == token) 655 return func; 656 } 657 } 658 659 WARN_ONCE(true, "unexpected failed lookup for token %d", token); 660 return NULL; 661 } 662 663 /* This is here deliberately so it's only used in this file */ 664 void enter_rtas(unsigned long); 665 666 static void __do_enter_rtas(struct rtas_args *args) 667 { 668 enter_rtas(__pa(args)); 669 srr_regs_clobbered(); /* rtas uses SRRs, invalidate */ 670 } 671 672 static void __do_enter_rtas_trace(struct rtas_args *args) 673 { 674 const struct rtas_function *func = rtas_token_to_function(be32_to_cpu(args->token)); 675 676 /* 677 * If there is a per-function lock, it must be held by the 678 * caller. 679 */ 680 if (func->lock) 681 lockdep_assert_held(func->lock); 682 683 if (args == &rtas_args) 684 lockdep_assert_held(&rtas_lock); 685 686 trace_rtas_input(args, func->name); 687 trace_rtas_ll_entry(args); 688 689 __do_enter_rtas(args); 690 691 trace_rtas_ll_exit(args); 692 trace_rtas_output(args, func->name); 693 } 694 695 static void do_enter_rtas(struct rtas_args *args) 696 { 697 const unsigned long msr = mfmsr(); 698 /* 699 * Situations where we want to skip any active tracepoints for 700 * safety reasons: 701 * 702 * 1. The last code executed on an offline CPU as it stops, 703 * i.e. we're about to call stop-self. The tracepoints' 704 * function name lookup uses xarray, which uses RCU, which 705 * isn't valid to call on an offline CPU. Any events 706 * emitted on an offline CPU will be discarded anyway. 707 * 708 * 2. In real mode, as when invoking ibm,nmi-interlock from 709 * the pseries MCE handler. We cannot count on trace 710 * buffers or the entries in rtas_token_to_function_xarray 711 * to be contained in the RMO. 712 */ 713 const unsigned long mask = MSR_IR | MSR_DR; 714 const bool can_trace = likely(cpu_online(raw_smp_processor_id()) && 715 (msr & mask) == mask); 716 /* 717 * Make sure MSR[RI] is currently enabled as it will be forced later 718 * in enter_rtas. 719 */ 720 BUG_ON(!(msr & MSR_RI)); 721 722 BUG_ON(!irqs_disabled()); 723 724 hard_irq_disable(); /* Ensure MSR[EE] is disabled on PPC64 */ 725 726 if (can_trace) 727 __do_enter_rtas_trace(args); 728 else 729 __do_enter_rtas(args); 730 } 731 732 struct rtas_t rtas; 733 734 DEFINE_SPINLOCK(rtas_data_buf_lock); 735 EXPORT_SYMBOL_GPL(rtas_data_buf_lock); 736 737 char rtas_data_buf[RTAS_DATA_BUF_SIZE] __aligned(SZ_4K); 738 EXPORT_SYMBOL_GPL(rtas_data_buf); 739 740 unsigned long rtas_rmo_buf; 741 742 /* 743 * If non-NULL, this gets called when the kernel terminates. 744 * This is done like this so rtas_flash can be a module. 745 */ 746 void (*rtas_flash_term_hook)(int); 747 EXPORT_SYMBOL_GPL(rtas_flash_term_hook); 748 749 /* 750 * call_rtas_display_status and call_rtas_display_status_delay 751 * are designed only for very early low-level debugging, which 752 * is why the token is hard-coded to 10. 753 */ 754 static void call_rtas_display_status(unsigned char c) 755 { 756 unsigned long flags; 757 758 if (!rtas.base) 759 return; 760 761 raw_spin_lock_irqsave(&rtas_lock, flags); 762 rtas_call_unlocked(&rtas_args, 10, 1, 1, NULL, c); 763 raw_spin_unlock_irqrestore(&rtas_lock, flags); 764 } 765 766 static void call_rtas_display_status_delay(char c) 767 { 768 static int pending_newline = 0; /* did last write end with unprinted newline? */ 769 static int width = 16; 770 771 if (c == '\n') { 772 while (width-- > 0) 773 call_rtas_display_status(' '); 774 width = 16; 775 mdelay(500); 776 pending_newline = 1; 777 } else { 778 if (pending_newline) { 779 call_rtas_display_status('\r'); 780 call_rtas_display_status('\n'); 781 } 782 pending_newline = 0; 783 if (width--) { 784 call_rtas_display_status(c); 785 udelay(10000); 786 } 787 } 788 } 789 790 void __init udbg_init_rtas_panel(void) 791 { 792 udbg_putc = call_rtas_display_status_delay; 793 } 794 795 #ifdef CONFIG_UDBG_RTAS_CONSOLE 796 797 /* If you think you're dying before early_init_dt_scan_rtas() does its 798 * work, you can hard code the token values for your firmware here and 799 * hardcode rtas.base/entry etc. 800 */ 801 static unsigned int rtas_putchar_token = RTAS_UNKNOWN_SERVICE; 802 static unsigned int rtas_getchar_token = RTAS_UNKNOWN_SERVICE; 803 804 static void udbg_rtascon_putc(char c) 805 { 806 int tries; 807 808 if (!rtas.base) 809 return; 810 811 /* Add CRs before LFs */ 812 if (c == '\n') 813 udbg_rtascon_putc('\r'); 814 815 /* if there is more than one character to be displayed, wait a bit */ 816 for (tries = 0; tries < 16; tries++) { 817 if (rtas_call(rtas_putchar_token, 1, 1, NULL, c) == 0) 818 break; 819 udelay(1000); 820 } 821 } 822 823 static int udbg_rtascon_getc_poll(void) 824 { 825 int c; 826 827 if (!rtas.base) 828 return -1; 829 830 if (rtas_call(rtas_getchar_token, 0, 2, &c)) 831 return -1; 832 833 return c; 834 } 835 836 static int udbg_rtascon_getc(void) 837 { 838 int c; 839 840 while ((c = udbg_rtascon_getc_poll()) == -1) 841 ; 842 843 return c; 844 } 845 846 847 void __init udbg_init_rtas_console(void) 848 { 849 udbg_putc = udbg_rtascon_putc; 850 udbg_getc = udbg_rtascon_getc; 851 udbg_getc_poll = udbg_rtascon_getc_poll; 852 } 853 #endif /* CONFIG_UDBG_RTAS_CONSOLE */ 854 855 void rtas_progress(char *s, unsigned short hex) 856 { 857 struct device_node *root; 858 int width; 859 const __be32 *p; 860 char *os; 861 static int display_character, set_indicator; 862 static int display_width, display_lines, form_feed; 863 static const int *row_width; 864 static DEFINE_SPINLOCK(progress_lock); 865 static int current_line; 866 static int pending_newline = 0; /* did last write end with unprinted newline? */ 867 868 if (!rtas.base) 869 return; 870 871 if (display_width == 0) { 872 display_width = 0x10; 873 if ((root = of_find_node_by_path("/rtas"))) { 874 if ((p = of_get_property(root, 875 "ibm,display-line-length", NULL))) 876 display_width = be32_to_cpu(*p); 877 if ((p = of_get_property(root, 878 "ibm,form-feed", NULL))) 879 form_feed = be32_to_cpu(*p); 880 if ((p = of_get_property(root, 881 "ibm,display-number-of-lines", NULL))) 882 display_lines = be32_to_cpu(*p); 883 row_width = of_get_property(root, 884 "ibm,display-truncation-length", NULL); 885 of_node_put(root); 886 } 887 display_character = rtas_function_token(RTAS_FN_DISPLAY_CHARACTER); 888 set_indicator = rtas_function_token(RTAS_FN_SET_INDICATOR); 889 } 890 891 if (display_character == RTAS_UNKNOWN_SERVICE) { 892 /* use hex display if available */ 893 if (set_indicator != RTAS_UNKNOWN_SERVICE) 894 rtas_call(set_indicator, 3, 1, NULL, 6, 0, hex); 895 return; 896 } 897 898 spin_lock(&progress_lock); 899 900 /* 901 * Last write ended with newline, but we didn't print it since 902 * it would just clear the bottom line of output. Print it now 903 * instead. 904 * 905 * If no newline is pending and form feed is supported, clear the 906 * display with a form feed; otherwise, print a CR to start output 907 * at the beginning of the line. 908 */ 909 if (pending_newline) { 910 rtas_call(display_character, 1, 1, NULL, '\r'); 911 rtas_call(display_character, 1, 1, NULL, '\n'); 912 pending_newline = 0; 913 } else { 914 current_line = 0; 915 if (form_feed) 916 rtas_call(display_character, 1, 1, NULL, 917 (char)form_feed); 918 else 919 rtas_call(display_character, 1, 1, NULL, '\r'); 920 } 921 922 if (row_width) 923 width = row_width[current_line]; 924 else 925 width = display_width; 926 os = s; 927 while (*os) { 928 if (*os == '\n' || *os == '\r') { 929 /* If newline is the last character, save it 930 * until next call to avoid bumping up the 931 * display output. 932 */ 933 if (*os == '\n' && !os[1]) { 934 pending_newline = 1; 935 current_line++; 936 if (current_line > display_lines-1) 937 current_line = display_lines-1; 938 spin_unlock(&progress_lock); 939 return; 940 } 941 942 /* RTAS wants CR-LF, not just LF */ 943 944 if (*os == '\n') { 945 rtas_call(display_character, 1, 1, NULL, '\r'); 946 rtas_call(display_character, 1, 1, NULL, '\n'); 947 } else { 948 /* CR might be used to re-draw a line, so we'll 949 * leave it alone and not add LF. 950 */ 951 rtas_call(display_character, 1, 1, NULL, *os); 952 } 953 954 if (row_width) 955 width = row_width[current_line]; 956 else 957 width = display_width; 958 } else { 959 width--; 960 rtas_call(display_character, 1, 1, NULL, *os); 961 } 962 963 os++; 964 965 /* if we overwrite the screen length */ 966 if (width <= 0) 967 while ((*os != 0) && (*os != '\n') && (*os != '\r')) 968 os++; 969 } 970 971 spin_unlock(&progress_lock); 972 } 973 EXPORT_SYMBOL_GPL(rtas_progress); /* needed by rtas_flash module */ 974 975 int rtas_token(const char *service) 976 { 977 const struct rtas_function *func; 978 const __be32 *tokp; 979 980 if (rtas.dev == NULL) 981 return RTAS_UNKNOWN_SERVICE; 982 983 func = rtas_name_to_function(service); 984 if (func) 985 return func->token; 986 /* 987 * The caller is looking up a name that is not known to be an 988 * RTAS function. Either it's a function that needs to be 989 * added to the table, or they're misusing rtas_token() to 990 * access non-function properties of the /rtas node. Warn and 991 * fall back to the legacy behavior. 992 */ 993 WARN_ONCE(1, "unknown function `%s`, should it be added to rtas_function_table?\n", 994 service); 995 996 tokp = of_get_property(rtas.dev, service, NULL); 997 return tokp ? be32_to_cpu(*tokp) : RTAS_UNKNOWN_SERVICE; 998 } 999 EXPORT_SYMBOL_GPL(rtas_token); 1000 1001 #ifdef CONFIG_RTAS_ERROR_LOGGING 1002 1003 static u32 rtas_error_log_max __ro_after_init = RTAS_ERROR_LOG_MAX; 1004 1005 /* 1006 * Return the firmware-specified size of the error log buffer 1007 * for all rtas calls that require an error buffer argument. 1008 * This includes 'check-exception' and 'rtas-last-error'. 1009 */ 1010 int rtas_get_error_log_max(void) 1011 { 1012 return rtas_error_log_max; 1013 } 1014 1015 static void __init init_error_log_max(void) 1016 { 1017 static const char propname[] __initconst = "rtas-error-log-max"; 1018 u32 max; 1019 1020 if (of_property_read_u32(rtas.dev, propname, &max)) { 1021 pr_warn("%s not found, using default of %u\n", 1022 propname, RTAS_ERROR_LOG_MAX); 1023 max = RTAS_ERROR_LOG_MAX; 1024 } 1025 1026 if (max > RTAS_ERROR_LOG_MAX) { 1027 pr_warn("%s = %u, clamping max error log size to %u\n", 1028 propname, max, RTAS_ERROR_LOG_MAX); 1029 max = RTAS_ERROR_LOG_MAX; 1030 } 1031 1032 rtas_error_log_max = max; 1033 } 1034 1035 1036 static char rtas_err_buf[RTAS_ERROR_LOG_MAX]; 1037 1038 /** Return a copy of the detailed error text associated with the 1039 * most recent failed call to rtas. Because the error text 1040 * might go stale if there are any other intervening rtas calls, 1041 * this routine must be called atomically with whatever produced 1042 * the error (i.e. with rtas_lock still held from the previous call). 1043 */ 1044 static char *__fetch_rtas_last_error(char *altbuf) 1045 { 1046 const s32 token = rtas_function_token(RTAS_FN_RTAS_LAST_ERROR); 1047 struct rtas_args err_args, save_args; 1048 u32 bufsz; 1049 char *buf = NULL; 1050 1051 lockdep_assert_held(&rtas_lock); 1052 1053 if (token == -1) 1054 return NULL; 1055 1056 bufsz = rtas_get_error_log_max(); 1057 1058 err_args.token = cpu_to_be32(token); 1059 err_args.nargs = cpu_to_be32(2); 1060 err_args.nret = cpu_to_be32(1); 1061 err_args.args[0] = cpu_to_be32(__pa(rtas_err_buf)); 1062 err_args.args[1] = cpu_to_be32(bufsz); 1063 err_args.args[2] = 0; 1064 1065 save_args = rtas_args; 1066 rtas_args = err_args; 1067 1068 do_enter_rtas(&rtas_args); 1069 1070 err_args = rtas_args; 1071 rtas_args = save_args; 1072 1073 /* Log the error in the unlikely case that there was one. */ 1074 if (unlikely(err_args.args[2] == 0)) { 1075 if (altbuf) { 1076 buf = altbuf; 1077 } else { 1078 buf = rtas_err_buf; 1079 if (slab_is_available()) 1080 buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC); 1081 } 1082 if (buf) 1083 memmove(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); 1084 } 1085 1086 return buf; 1087 } 1088 1089 #define get_errorlog_buffer() kmalloc(RTAS_ERROR_LOG_MAX, GFP_KERNEL) 1090 1091 #else /* CONFIG_RTAS_ERROR_LOGGING */ 1092 #define __fetch_rtas_last_error(x) NULL 1093 #define get_errorlog_buffer() NULL 1094 static void __init init_error_log_max(void) {} 1095 #endif 1096 1097 1098 static void 1099 va_rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret, 1100 va_list list) 1101 { 1102 int i; 1103 1104 args->token = cpu_to_be32(token); 1105 args->nargs = cpu_to_be32(nargs); 1106 args->nret = cpu_to_be32(nret); 1107 args->rets = &(args->args[nargs]); 1108 1109 for (i = 0; i < nargs; ++i) 1110 args->args[i] = cpu_to_be32(va_arg(list, __u32)); 1111 1112 for (i = 0; i < nret; ++i) 1113 args->rets[i] = 0; 1114 1115 do_enter_rtas(args); 1116 } 1117 1118 /** 1119 * rtas_call_unlocked() - Invoke an RTAS firmware function without synchronization. 1120 * @args: RTAS parameter block to be used for the call, must obey RTAS addressing 1121 * constraints. 1122 * @token: Identifies the function being invoked. 1123 * @nargs: Number of input parameters. Does not include token. 1124 * @nret: Number of output parameters, including the call status. 1125 * @....: List of @nargs input parameters. 1126 * 1127 * Invokes the RTAS function indicated by @token, which the caller 1128 * should obtain via rtas_function_token(). 1129 * 1130 * This function is similar to rtas_call(), but must be used with a 1131 * limited set of RTAS calls specifically exempted from the general 1132 * requirement that only one RTAS call may be in progress at any 1133 * time. Examples include stop-self and ibm,nmi-interlock. 1134 */ 1135 void rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret, ...) 1136 { 1137 va_list list; 1138 1139 va_start(list, nret); 1140 va_rtas_call_unlocked(args, token, nargs, nret, list); 1141 va_end(list); 1142 } 1143 1144 static bool token_is_restricted_errinjct(s32 token) 1145 { 1146 return token == rtas_function_token(RTAS_FN_IBM_OPEN_ERRINJCT) || 1147 token == rtas_function_token(RTAS_FN_IBM_ERRINJCT); 1148 } 1149 1150 /** 1151 * rtas_call() - Invoke an RTAS firmware function. 1152 * @token: Identifies the function being invoked. 1153 * @nargs: Number of input parameters. Does not include token. 1154 * @nret: Number of output parameters, including the call status. 1155 * @outputs: Array of @nret output words. 1156 * @....: List of @nargs input parameters. 1157 * 1158 * Invokes the RTAS function indicated by @token, which the caller 1159 * should obtain via rtas_function_token(). 1160 * 1161 * The @nargs and @nret arguments must match the number of input and 1162 * output parameters specified for the RTAS function. 1163 * 1164 * rtas_call() returns RTAS status codes, not conventional Linux errno 1165 * values. Callers must translate any failure to an appropriate errno 1166 * in syscall context. Most callers of RTAS functions that can return 1167 * -2 or 990x should use rtas_busy_delay() to correctly handle those 1168 * statuses before calling again. 1169 * 1170 * The return value descriptions are adapted from 7.2.8 [RTAS] Return 1171 * Codes of the PAPR and CHRP specifications. 1172 * 1173 * Context: Process context preferably, interrupt context if 1174 * necessary. Acquires an internal spinlock and may perform 1175 * GFP_ATOMIC slab allocation in error path. Unsafe for NMI 1176 * context. 1177 * Return: 1178 * * 0 - RTAS function call succeeded. 1179 * * -1 - RTAS function encountered a hardware or 1180 * platform error, or the token is invalid, 1181 * or the function is restricted by kernel policy. 1182 * * -2 - Specs say "A necessary hardware device was busy, 1183 * and the requested function could not be 1184 * performed. The operation should be retried at 1185 * a later time." This is misleading, at least with 1186 * respect to current RTAS implementations. What it 1187 * usually means in practice is that the function 1188 * could not be completed while meeting RTAS's 1189 * deadline for returning control to the OS (250us 1190 * for PAPR/PowerVM, typically), but the call may be 1191 * immediately reattempted to resume work on it. 1192 * * -3 - Parameter error. 1193 * * -7 - Unexpected state change. 1194 * * 9000...9899 - Vendor-specific success codes. 1195 * * 9900...9905 - Advisory extended delay. Caller should try 1196 * again after ~10^x ms has elapsed, where x is 1197 * the last digit of the status [0-5]. Again going 1198 * beyond the PAPR text, 990x on PowerVM indicates 1199 * contention for RTAS-internal resources. Other 1200 * RTAS call sequences in progress should be 1201 * allowed to complete before reattempting the 1202 * call. 1203 * * -9000 - Multi-level isolation error. 1204 * * -9999...-9004 - Vendor-specific error codes. 1205 * * Additional negative values - Function-specific error. 1206 * * Additional positive values - Function-specific success. 1207 */ 1208 int rtas_call(int token, int nargs, int nret, int *outputs, ...) 1209 { 1210 struct pin_cookie cookie; 1211 va_list list; 1212 int i; 1213 unsigned long flags; 1214 struct rtas_args *args; 1215 char *buff_copy = NULL; 1216 int ret; 1217 1218 if (!rtas.entry || token == RTAS_UNKNOWN_SERVICE) 1219 return -1; 1220 1221 if (token_is_restricted_errinjct(token)) { 1222 /* 1223 * It would be nicer to not discard the error value 1224 * from security_locked_down(), but callers expect an 1225 * RTAS status, not an errno. 1226 */ 1227 if (security_locked_down(LOCKDOWN_RTAS_ERROR_INJECTION)) 1228 return -1; 1229 } 1230 1231 if ((mfmsr() & (MSR_IR|MSR_DR)) != (MSR_IR|MSR_DR)) { 1232 WARN_ON_ONCE(1); 1233 return -1; 1234 } 1235 1236 raw_spin_lock_irqsave(&rtas_lock, flags); 1237 cookie = lockdep_pin_lock(&rtas_lock); 1238 1239 /* We use the global rtas args buffer */ 1240 args = &rtas_args; 1241 1242 va_start(list, outputs); 1243 va_rtas_call_unlocked(args, token, nargs, nret, list); 1244 va_end(list); 1245 1246 /* A -1 return code indicates that the last command couldn't 1247 be completed due to a hardware error. */ 1248 if (be32_to_cpu(args->rets[0]) == -1) 1249 buff_copy = __fetch_rtas_last_error(NULL); 1250 1251 if (nret > 1 && outputs != NULL) 1252 for (i = 0; i < nret-1; ++i) 1253 outputs[i] = be32_to_cpu(args->rets[i + 1]); 1254 ret = (nret > 0) ? be32_to_cpu(args->rets[0]) : 0; 1255 1256 lockdep_unpin_lock(&rtas_lock, cookie); 1257 raw_spin_unlock_irqrestore(&rtas_lock, flags); 1258 1259 if (buff_copy) { 1260 log_error(buff_copy, ERR_TYPE_RTAS_LOG, 0); 1261 if (slab_is_available()) 1262 kfree(buff_copy); 1263 } 1264 return ret; 1265 } 1266 EXPORT_SYMBOL_GPL(rtas_call); 1267 1268 /** 1269 * rtas_busy_delay_time() - From an RTAS status value, calculate the 1270 * suggested delay time in milliseconds. 1271 * 1272 * @status: a value returned from rtas_call() or similar APIs which return 1273 * the status of a RTAS function call. 1274 * 1275 * Context: Any context. 1276 * 1277 * Return: 1278 * * 100000 - If @status is 9905. 1279 * * 10000 - If @status is 9904. 1280 * * 1000 - If @status is 9903. 1281 * * 100 - If @status is 9902. 1282 * * 10 - If @status is 9901. 1283 * * 1 - If @status is either 9900 or -2. This is "wrong" for -2, but 1284 * some callers depend on this behavior, and the worst outcome 1285 * is that they will delay for longer than necessary. 1286 * * 0 - If @status is not a busy or extended delay value. 1287 */ 1288 unsigned int rtas_busy_delay_time(int status) 1289 { 1290 int order; 1291 unsigned int ms = 0; 1292 1293 if (status == RTAS_BUSY) { 1294 ms = 1; 1295 } else if (status >= RTAS_EXTENDED_DELAY_MIN && 1296 status <= RTAS_EXTENDED_DELAY_MAX) { 1297 order = status - RTAS_EXTENDED_DELAY_MIN; 1298 for (ms = 1; order > 0; order--) 1299 ms *= 10; 1300 } 1301 1302 return ms; 1303 } 1304 1305 /* 1306 * Early boot fallback for rtas_busy_delay(). 1307 */ 1308 static bool __init rtas_busy_delay_early(int status) 1309 { 1310 static size_t successive_ext_delays __initdata; 1311 bool retry; 1312 1313 switch (status) { 1314 case RTAS_EXTENDED_DELAY_MIN...RTAS_EXTENDED_DELAY_MAX: 1315 /* 1316 * In the unlikely case that we receive an extended 1317 * delay status in early boot, the OS is probably not 1318 * the cause, and there's nothing we can do to clear 1319 * the condition. Best we can do is delay for a bit 1320 * and hope it's transient. Lie to the caller if it 1321 * seems like we're stuck in a retry loop. 1322 */ 1323 mdelay(1); 1324 retry = true; 1325 successive_ext_delays += 1; 1326 if (successive_ext_delays > 1000) { 1327 pr_err("too many extended delays, giving up\n"); 1328 dump_stack(); 1329 retry = false; 1330 successive_ext_delays = 0; 1331 } 1332 break; 1333 case RTAS_BUSY: 1334 retry = true; 1335 successive_ext_delays = 0; 1336 break; 1337 default: 1338 retry = false; 1339 successive_ext_delays = 0; 1340 break; 1341 } 1342 1343 return retry; 1344 } 1345 1346 /** 1347 * rtas_busy_delay() - helper for RTAS busy and extended delay statuses 1348 * 1349 * @status: a value returned from rtas_call() or similar APIs which return 1350 * the status of a RTAS function call. 1351 * 1352 * Context: Process context. May sleep or schedule. 1353 * 1354 * Return: 1355 * * true - @status is RTAS_BUSY or an extended delay hint. The 1356 * caller may assume that the CPU has been yielded if necessary, 1357 * and that an appropriate delay for @status has elapsed. 1358 * Generally the caller should reattempt the RTAS call which 1359 * yielded @status. 1360 * 1361 * * false - @status is not @RTAS_BUSY nor an extended delay hint. The 1362 * caller is responsible for handling @status. 1363 */ 1364 bool __ref rtas_busy_delay(int status) 1365 { 1366 unsigned int ms; 1367 bool ret; 1368 1369 /* 1370 * Can't do timed sleeps before timekeeping is up. 1371 */ 1372 if (system_state < SYSTEM_SCHEDULING) 1373 return rtas_busy_delay_early(status); 1374 1375 switch (status) { 1376 case RTAS_EXTENDED_DELAY_MIN...RTAS_EXTENDED_DELAY_MAX: 1377 ret = true; 1378 ms = rtas_busy_delay_time(status); 1379 /* 1380 * The extended delay hint can be as high as 100 seconds. 1381 * Surely any function returning such a status is either 1382 * buggy or isn't going to be significantly slowed by us 1383 * polling at 1HZ. Clamp the sleep time to one second. 1384 */ 1385 ms = clamp(ms, 1U, 1000U); 1386 /* 1387 * The delay hint is an order-of-magnitude suggestion, not 1388 * a minimum. It is fine, possibly even advantageous, for 1389 * us to pause for less time than hinted. For small values, 1390 * use usleep_range() to ensure we don't sleep much longer 1391 * than actually needed. 1392 * 1393 * See Documentation/timers/timers-howto.rst for 1394 * explanation of the threshold used here. In effect we use 1395 * usleep_range() for 9900 and 9901, msleep() for 1396 * 9902-9905. 1397 */ 1398 if (ms <= 20) 1399 usleep_range(ms * 100, ms * 1000); 1400 else 1401 msleep(ms); 1402 break; 1403 case RTAS_BUSY: 1404 ret = true; 1405 /* 1406 * We should call again immediately if there's no other 1407 * work to do. 1408 */ 1409 cond_resched(); 1410 break; 1411 default: 1412 ret = false; 1413 /* 1414 * Not a busy or extended delay status; the caller should 1415 * handle @status itself. Ensure we warn on misuses in 1416 * atomic context regardless. 1417 */ 1418 might_sleep(); 1419 break; 1420 } 1421 1422 return ret; 1423 } 1424 EXPORT_SYMBOL_GPL(rtas_busy_delay); 1425 1426 int rtas_error_rc(int rtas_rc) 1427 { 1428 int rc; 1429 1430 switch (rtas_rc) { 1431 case RTAS_HARDWARE_ERROR: /* Hardware Error */ 1432 rc = -EIO; 1433 break; 1434 case RTAS_INVALID_PARAMETER: /* Bad indicator/domain/etc */ 1435 rc = -EINVAL; 1436 break; 1437 case -9000: /* Isolation error */ 1438 rc = -EFAULT; 1439 break; 1440 case -9001: /* Outstanding TCE/PTE */ 1441 rc = -EEXIST; 1442 break; 1443 case -9002: /* No usable slot */ 1444 rc = -ENODEV; 1445 break; 1446 default: 1447 pr_err("%s: unexpected error %d\n", __func__, rtas_rc); 1448 rc = -ERANGE; 1449 break; 1450 } 1451 return rc; 1452 } 1453 EXPORT_SYMBOL_GPL(rtas_error_rc); 1454 1455 int rtas_get_power_level(int powerdomain, int *level) 1456 { 1457 int token = rtas_function_token(RTAS_FN_GET_POWER_LEVEL); 1458 int rc; 1459 1460 if (token == RTAS_UNKNOWN_SERVICE) 1461 return -ENOENT; 1462 1463 while ((rc = rtas_call(token, 1, 2, level, powerdomain)) == RTAS_BUSY) 1464 udelay(1); 1465 1466 if (rc < 0) 1467 return rtas_error_rc(rc); 1468 return rc; 1469 } 1470 EXPORT_SYMBOL_GPL(rtas_get_power_level); 1471 1472 int rtas_set_power_level(int powerdomain, int level, int *setlevel) 1473 { 1474 int token = rtas_function_token(RTAS_FN_SET_POWER_LEVEL); 1475 int rc; 1476 1477 if (token == RTAS_UNKNOWN_SERVICE) 1478 return -ENOENT; 1479 1480 do { 1481 rc = rtas_call(token, 2, 2, setlevel, powerdomain, level); 1482 } while (rtas_busy_delay(rc)); 1483 1484 if (rc < 0) 1485 return rtas_error_rc(rc); 1486 return rc; 1487 } 1488 EXPORT_SYMBOL_GPL(rtas_set_power_level); 1489 1490 int rtas_get_sensor(int sensor, int index, int *state) 1491 { 1492 int token = rtas_function_token(RTAS_FN_GET_SENSOR_STATE); 1493 int rc; 1494 1495 if (token == RTAS_UNKNOWN_SERVICE) 1496 return -ENOENT; 1497 1498 do { 1499 rc = rtas_call(token, 2, 2, state, sensor, index); 1500 } while (rtas_busy_delay(rc)); 1501 1502 if (rc < 0) 1503 return rtas_error_rc(rc); 1504 return rc; 1505 } 1506 EXPORT_SYMBOL_GPL(rtas_get_sensor); 1507 1508 int rtas_get_sensor_fast(int sensor, int index, int *state) 1509 { 1510 int token = rtas_function_token(RTAS_FN_GET_SENSOR_STATE); 1511 int rc; 1512 1513 if (token == RTAS_UNKNOWN_SERVICE) 1514 return -ENOENT; 1515 1516 rc = rtas_call(token, 2, 2, state, sensor, index); 1517 WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN && 1518 rc <= RTAS_EXTENDED_DELAY_MAX)); 1519 1520 if (rc < 0) 1521 return rtas_error_rc(rc); 1522 return rc; 1523 } 1524 1525 bool rtas_indicator_present(int token, int *maxindex) 1526 { 1527 int proplen, count, i; 1528 const struct indicator_elem { 1529 __be32 token; 1530 __be32 maxindex; 1531 } *indicators; 1532 1533 indicators = of_get_property(rtas.dev, "rtas-indicators", &proplen); 1534 if (!indicators) 1535 return false; 1536 1537 count = proplen / sizeof(struct indicator_elem); 1538 1539 for (i = 0; i < count; i++) { 1540 if (__be32_to_cpu(indicators[i].token) != token) 1541 continue; 1542 if (maxindex) 1543 *maxindex = __be32_to_cpu(indicators[i].maxindex); 1544 return true; 1545 } 1546 1547 return false; 1548 } 1549 1550 int rtas_set_indicator(int indicator, int index, int new_value) 1551 { 1552 int token = rtas_function_token(RTAS_FN_SET_INDICATOR); 1553 int rc; 1554 1555 if (token == RTAS_UNKNOWN_SERVICE) 1556 return -ENOENT; 1557 1558 do { 1559 rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value); 1560 } while (rtas_busy_delay(rc)); 1561 1562 if (rc < 0) 1563 return rtas_error_rc(rc); 1564 return rc; 1565 } 1566 EXPORT_SYMBOL_GPL(rtas_set_indicator); 1567 1568 /* 1569 * Ignoring RTAS extended delay 1570 */ 1571 int rtas_set_indicator_fast(int indicator, int index, int new_value) 1572 { 1573 int token = rtas_function_token(RTAS_FN_SET_INDICATOR); 1574 int rc; 1575 1576 if (token == RTAS_UNKNOWN_SERVICE) 1577 return -ENOENT; 1578 1579 rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value); 1580 1581 WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN && 1582 rc <= RTAS_EXTENDED_DELAY_MAX)); 1583 1584 if (rc < 0) 1585 return rtas_error_rc(rc); 1586 1587 return rc; 1588 } 1589 1590 /** 1591 * rtas_ibm_suspend_me() - Call ibm,suspend-me to suspend the LPAR. 1592 * 1593 * @fw_status: RTAS call status will be placed here if not NULL. 1594 * 1595 * rtas_ibm_suspend_me() should be called only on a CPU which has 1596 * received H_CONTINUE from the H_JOIN hcall. All other active CPUs 1597 * should be waiting to return from H_JOIN. 1598 * 1599 * rtas_ibm_suspend_me() may suspend execution of the OS 1600 * indefinitely. Callers should take appropriate measures upon return, such as 1601 * resetting watchdog facilities. 1602 * 1603 * Callers may choose to retry this call if @fw_status is 1604 * %RTAS_THREADS_ACTIVE. 1605 * 1606 * Return: 1607 * 0 - The partition has resumed from suspend, possibly after 1608 * migration to a different host. 1609 * -ECANCELED - The operation was aborted. 1610 * -EAGAIN - There were other CPUs not in H_JOIN at the time of the call. 1611 * -EBUSY - Some other condition prevented the suspend from succeeding. 1612 * -EIO - Hardware/platform error. 1613 */ 1614 int rtas_ibm_suspend_me(int *fw_status) 1615 { 1616 int token = rtas_function_token(RTAS_FN_IBM_SUSPEND_ME); 1617 int fwrc; 1618 int ret; 1619 1620 fwrc = rtas_call(token, 0, 1, NULL); 1621 1622 switch (fwrc) { 1623 case 0: 1624 ret = 0; 1625 break; 1626 case RTAS_SUSPEND_ABORTED: 1627 ret = -ECANCELED; 1628 break; 1629 case RTAS_THREADS_ACTIVE: 1630 ret = -EAGAIN; 1631 break; 1632 case RTAS_NOT_SUSPENDABLE: 1633 case RTAS_OUTSTANDING_COPROC: 1634 ret = -EBUSY; 1635 break; 1636 case -1: 1637 default: 1638 ret = -EIO; 1639 break; 1640 } 1641 1642 if (fw_status) 1643 *fw_status = fwrc; 1644 1645 return ret; 1646 } 1647 1648 void __noreturn rtas_restart(char *cmd) 1649 { 1650 if (rtas_flash_term_hook) 1651 rtas_flash_term_hook(SYS_RESTART); 1652 pr_emerg("system-reboot returned %d\n", 1653 rtas_call(rtas_function_token(RTAS_FN_SYSTEM_REBOOT), 0, 1, NULL)); 1654 for (;;); 1655 } 1656 1657 void rtas_power_off(void) 1658 { 1659 if (rtas_flash_term_hook) 1660 rtas_flash_term_hook(SYS_POWER_OFF); 1661 /* allow power on only with power button press */ 1662 pr_emerg("power-off returned %d\n", 1663 rtas_call(rtas_function_token(RTAS_FN_POWER_OFF), 2, 1, NULL, -1, -1)); 1664 for (;;); 1665 } 1666 1667 void __noreturn rtas_halt(void) 1668 { 1669 if (rtas_flash_term_hook) 1670 rtas_flash_term_hook(SYS_HALT); 1671 /* allow power on only with power button press */ 1672 pr_emerg("power-off returned %d\n", 1673 rtas_call(rtas_function_token(RTAS_FN_POWER_OFF), 2, 1, NULL, -1, -1)); 1674 for (;;); 1675 } 1676 1677 /* Must be in the RMO region, so we place it here */ 1678 static char rtas_os_term_buf[2048]; 1679 static bool ibm_extended_os_term; 1680 1681 void rtas_os_term(char *str) 1682 { 1683 s32 token = rtas_function_token(RTAS_FN_IBM_OS_TERM); 1684 static struct rtas_args args; 1685 int status; 1686 1687 /* 1688 * Firmware with the ibm,extended-os-term property is guaranteed 1689 * to always return from an ibm,os-term call. Earlier versions without 1690 * this property may terminate the partition which we want to avoid 1691 * since it interferes with panic_timeout. 1692 */ 1693 1694 if (token == RTAS_UNKNOWN_SERVICE || !ibm_extended_os_term) 1695 return; 1696 1697 snprintf(rtas_os_term_buf, 2048, "OS panic: %s", str); 1698 1699 /* 1700 * Keep calling as long as RTAS returns a "try again" status, 1701 * but don't use rtas_busy_delay(), which potentially 1702 * schedules. 1703 */ 1704 do { 1705 rtas_call_unlocked(&args, token, 1, 1, NULL, __pa(rtas_os_term_buf)); 1706 status = be32_to_cpu(args.rets[0]); 1707 } while (rtas_busy_delay_time(status)); 1708 1709 if (status != 0) 1710 pr_emerg("ibm,os-term call failed %d\n", status); 1711 } 1712 1713 /** 1714 * rtas_activate_firmware() - Activate a new version of firmware. 1715 * 1716 * Context: This function may sleep. 1717 * 1718 * Activate a new version of partition firmware. The OS must call this 1719 * after resuming from a partition hibernation or migration in order 1720 * to maintain the ability to perform live firmware updates. It's not 1721 * catastrophic for this method to be absent or to fail; just log the 1722 * condition in that case. 1723 */ 1724 void rtas_activate_firmware(void) 1725 { 1726 int token = rtas_function_token(RTAS_FN_IBM_ACTIVATE_FIRMWARE); 1727 int fwrc; 1728 1729 if (token == RTAS_UNKNOWN_SERVICE) { 1730 pr_notice("ibm,activate-firmware method unavailable\n"); 1731 return; 1732 } 1733 1734 mutex_lock(&rtas_ibm_activate_firmware_lock); 1735 1736 do { 1737 fwrc = rtas_call(token, 0, 1, NULL); 1738 } while (rtas_busy_delay(fwrc)); 1739 1740 mutex_unlock(&rtas_ibm_activate_firmware_lock); 1741 1742 if (fwrc) 1743 pr_err("ibm,activate-firmware failed (%i)\n", fwrc); 1744 } 1745 1746 /** 1747 * get_pseries_errorlog() - Find a specific pseries error log in an RTAS 1748 * extended event log. 1749 * @log: RTAS error/event log 1750 * @section_id: two character section identifier 1751 * 1752 * Return: A pointer to the specified errorlog or NULL if not found. 1753 */ 1754 noinstr struct pseries_errorlog *get_pseries_errorlog(struct rtas_error_log *log, 1755 uint16_t section_id) 1756 { 1757 struct rtas_ext_event_log_v6 *ext_log = 1758 (struct rtas_ext_event_log_v6 *)log->buffer; 1759 struct pseries_errorlog *sect; 1760 unsigned char *p, *log_end; 1761 uint32_t ext_log_length = rtas_error_extended_log_length(log); 1762 uint8_t log_format = rtas_ext_event_log_format(ext_log); 1763 uint32_t company_id = rtas_ext_event_company_id(ext_log); 1764 1765 /* Check that we understand the format */ 1766 if (ext_log_length < sizeof(struct rtas_ext_event_log_v6) || 1767 log_format != RTAS_V6EXT_LOG_FORMAT_EVENT_LOG || 1768 company_id != RTAS_V6EXT_COMPANY_ID_IBM) 1769 return NULL; 1770 1771 log_end = log->buffer + ext_log_length; 1772 p = ext_log->vendor_log; 1773 1774 while (p < log_end) { 1775 sect = (struct pseries_errorlog *)p; 1776 if (pseries_errorlog_id(sect) == section_id) 1777 return sect; 1778 p += pseries_errorlog_length(sect); 1779 } 1780 1781 return NULL; 1782 } 1783 1784 /* 1785 * The sys_rtas syscall, as originally designed, allows root to pass 1786 * arbitrary physical addresses to RTAS calls. A number of RTAS calls 1787 * can be abused to write to arbitrary memory and do other things that 1788 * are potentially harmful to system integrity, and thus should only 1789 * be used inside the kernel and not exposed to userspace. 1790 * 1791 * All known legitimate users of the sys_rtas syscall will only ever 1792 * pass addresses that fall within the RMO buffer, and use a known 1793 * subset of RTAS calls. 1794 * 1795 * Accordingly, we filter RTAS requests to check that the call is 1796 * permitted, and that provided pointers fall within the RMO buffer. 1797 * If a function is allowed to be invoked via the syscall, then its 1798 * entry in the rtas_functions table points to a rtas_filter that 1799 * describes its constraints, with the indexes of the parameters which 1800 * are expected to contain addresses and sizes of buffers allocated 1801 * inside the RMO buffer. 1802 */ 1803 1804 static bool in_rmo_buf(u32 base, u32 end) 1805 { 1806 return base >= rtas_rmo_buf && 1807 base < (rtas_rmo_buf + RTAS_USER_REGION_SIZE) && 1808 base <= end && 1809 end >= rtas_rmo_buf && 1810 end < (rtas_rmo_buf + RTAS_USER_REGION_SIZE); 1811 } 1812 1813 static bool block_rtas_call(const struct rtas_function *func, int nargs, 1814 struct rtas_args *args) 1815 { 1816 const struct rtas_filter *f; 1817 const bool is_platform_dump = 1818 func == &rtas_function_table[RTAS_FNIDX__IBM_PLATFORM_DUMP]; 1819 const bool is_config_conn = 1820 func == &rtas_function_table[RTAS_FNIDX__IBM_CONFIGURE_CONNECTOR]; 1821 u32 base, size, end; 1822 1823 /* 1824 * Only functions with filters attached are allowed. 1825 */ 1826 f = func->filter; 1827 if (!f) 1828 goto err; 1829 /* 1830 * And some functions aren't allowed on LE. 1831 */ 1832 if (IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) && func->banned_for_syscall_on_le) 1833 goto err; 1834 1835 if (f->buf_idx1 != -1) { 1836 base = be32_to_cpu(args->args[f->buf_idx1]); 1837 if (f->size_idx1 != -1) 1838 size = be32_to_cpu(args->args[f->size_idx1]); 1839 else if (f->fixed_size) 1840 size = f->fixed_size; 1841 else 1842 size = 1; 1843 1844 end = base + size - 1; 1845 1846 /* 1847 * Special case for ibm,platform-dump - NULL buffer 1848 * address is used to indicate end of dump processing 1849 */ 1850 if (is_platform_dump && base == 0) 1851 return false; 1852 1853 if (!in_rmo_buf(base, end)) 1854 goto err; 1855 } 1856 1857 if (f->buf_idx2 != -1) { 1858 base = be32_to_cpu(args->args[f->buf_idx2]); 1859 if (f->size_idx2 != -1) 1860 size = be32_to_cpu(args->args[f->size_idx2]); 1861 else if (f->fixed_size) 1862 size = f->fixed_size; 1863 else 1864 size = 1; 1865 end = base + size - 1; 1866 1867 /* 1868 * Special case for ibm,configure-connector where the 1869 * address can be 0 1870 */ 1871 if (is_config_conn && base == 0) 1872 return false; 1873 1874 if (!in_rmo_buf(base, end)) 1875 goto err; 1876 } 1877 1878 return false; 1879 err: 1880 pr_err_ratelimited("sys_rtas: RTAS call blocked - exploit attempt?\n"); 1881 pr_err_ratelimited("sys_rtas: %s nargs=%d (called by %s)\n", 1882 func->name, nargs, current->comm); 1883 return true; 1884 } 1885 1886 /* We assume to be passed big endian arguments */ 1887 SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs) 1888 { 1889 const struct rtas_function *func; 1890 struct pin_cookie cookie; 1891 struct rtas_args args; 1892 unsigned long flags; 1893 char *buff_copy, *errbuf = NULL; 1894 int nargs, nret, token; 1895 1896 if (!capable(CAP_SYS_ADMIN)) 1897 return -EPERM; 1898 1899 if (!rtas.entry) 1900 return -EINVAL; 1901 1902 if (copy_from_user(&args, uargs, 3 * sizeof(u32)) != 0) 1903 return -EFAULT; 1904 1905 nargs = be32_to_cpu(args.nargs); 1906 nret = be32_to_cpu(args.nret); 1907 token = be32_to_cpu(args.token); 1908 1909 if (nargs >= ARRAY_SIZE(args.args) 1910 || nret > ARRAY_SIZE(args.args) 1911 || nargs + nret > ARRAY_SIZE(args.args)) 1912 return -EINVAL; 1913 1914 /* Copy in args. */ 1915 if (copy_from_user(args.args, uargs->args, 1916 nargs * sizeof(rtas_arg_t)) != 0) 1917 return -EFAULT; 1918 1919 /* 1920 * If this token doesn't correspond to a function the kernel 1921 * understands, you're not allowed to call it. 1922 */ 1923 func = rtas_token_to_function_untrusted(token); 1924 if (!func) 1925 return -EINVAL; 1926 1927 args.rets = &args.args[nargs]; 1928 memset(args.rets, 0, nret * sizeof(rtas_arg_t)); 1929 1930 if (block_rtas_call(func, nargs, &args)) 1931 return -EINVAL; 1932 1933 if (token_is_restricted_errinjct(token)) { 1934 int err; 1935 1936 err = security_locked_down(LOCKDOWN_RTAS_ERROR_INJECTION); 1937 if (err) 1938 return err; 1939 } 1940 1941 /* Need to handle ibm,suspend_me call specially */ 1942 if (token == rtas_function_token(RTAS_FN_IBM_SUSPEND_ME)) { 1943 1944 /* 1945 * rtas_ibm_suspend_me assumes the streamid handle is in cpu 1946 * endian, or at least the hcall within it requires it. 1947 */ 1948 int rc = 0; 1949 u64 handle = ((u64)be32_to_cpu(args.args[0]) << 32) 1950 | be32_to_cpu(args.args[1]); 1951 rc = rtas_syscall_dispatch_ibm_suspend_me(handle); 1952 if (rc == -EAGAIN) 1953 args.rets[0] = cpu_to_be32(RTAS_NOT_SUSPENDABLE); 1954 else if (rc == -EIO) 1955 args.rets[0] = cpu_to_be32(-1); 1956 else if (rc) 1957 return rc; 1958 goto copy_return; 1959 } 1960 1961 buff_copy = get_errorlog_buffer(); 1962 1963 /* 1964 * If this function has a mutex assigned to it, we must 1965 * acquire it to avoid interleaving with any kernel-based uses 1966 * of the same function. Kernel-based sequences acquire the 1967 * appropriate mutex explicitly. 1968 */ 1969 if (func->lock) 1970 mutex_lock(func->lock); 1971 1972 raw_spin_lock_irqsave(&rtas_lock, flags); 1973 cookie = lockdep_pin_lock(&rtas_lock); 1974 1975 rtas_args = args; 1976 do_enter_rtas(&rtas_args); 1977 args = rtas_args; 1978 1979 /* A -1 return code indicates that the last command couldn't 1980 be completed due to a hardware error. */ 1981 if (be32_to_cpu(args.rets[0]) == -1) 1982 errbuf = __fetch_rtas_last_error(buff_copy); 1983 1984 lockdep_unpin_lock(&rtas_lock, cookie); 1985 raw_spin_unlock_irqrestore(&rtas_lock, flags); 1986 1987 if (func->lock) 1988 mutex_unlock(func->lock); 1989 1990 if (buff_copy) { 1991 if (errbuf) 1992 log_error(errbuf, ERR_TYPE_RTAS_LOG, 0); 1993 kfree(buff_copy); 1994 } 1995 1996 copy_return: 1997 /* Copy out args. */ 1998 if (copy_to_user(uargs->args + nargs, 1999 args.args + nargs, 2000 nret * sizeof(rtas_arg_t)) != 0) 2001 return -EFAULT; 2002 2003 return 0; 2004 } 2005 2006 static void __init rtas_function_table_init(void) 2007 { 2008 struct property *prop; 2009 2010 for (size_t i = 0; i < ARRAY_SIZE(rtas_function_table); ++i) { 2011 struct rtas_function *curr = &rtas_function_table[i]; 2012 struct rtas_function *prior; 2013 int cmp; 2014 2015 curr->token = RTAS_UNKNOWN_SERVICE; 2016 2017 if (i == 0) 2018 continue; 2019 /* 2020 * Ensure table is sorted correctly for binary search 2021 * on function names. 2022 */ 2023 prior = &rtas_function_table[i - 1]; 2024 2025 cmp = strcmp(prior->name, curr->name); 2026 if (cmp < 0) 2027 continue; 2028 2029 if (cmp == 0) { 2030 pr_err("'%s' has duplicate function table entries\n", 2031 curr->name); 2032 } else { 2033 pr_err("function table unsorted: '%s' wrongly precedes '%s'\n", 2034 prior->name, curr->name); 2035 } 2036 } 2037 2038 for_each_property_of_node(rtas.dev, prop) { 2039 struct rtas_function *func; 2040 2041 if (prop->length != sizeof(u32)) 2042 continue; 2043 2044 func = __rtas_name_to_function(prop->name); 2045 if (!func) 2046 continue; 2047 2048 func->token = be32_to_cpup((__be32 *)prop->value); 2049 2050 pr_debug("function %s has token %u\n", func->name, func->token); 2051 } 2052 } 2053 2054 /* 2055 * Call early during boot, before mem init, to retrieve the RTAS 2056 * information from the device-tree and allocate the RMO buffer for userland 2057 * accesses. 2058 */ 2059 void __init rtas_initialize(void) 2060 { 2061 unsigned long rtas_region = RTAS_INSTANTIATE_MAX; 2062 u32 base, size, entry; 2063 int no_base, no_size, no_entry; 2064 2065 /* Get RTAS dev node and fill up our "rtas" structure with infos 2066 * about it. 2067 */ 2068 rtas.dev = of_find_node_by_name(NULL, "rtas"); 2069 if (!rtas.dev) 2070 return; 2071 2072 no_base = of_property_read_u32(rtas.dev, "linux,rtas-base", &base); 2073 no_size = of_property_read_u32(rtas.dev, "rtas-size", &size); 2074 if (no_base || no_size) { 2075 of_node_put(rtas.dev); 2076 rtas.dev = NULL; 2077 return; 2078 } 2079 2080 rtas.base = base; 2081 rtas.size = size; 2082 no_entry = of_property_read_u32(rtas.dev, "linux,rtas-entry", &entry); 2083 rtas.entry = no_entry ? rtas.base : entry; 2084 2085 init_error_log_max(); 2086 2087 /* Must be called before any function token lookups */ 2088 rtas_function_table_init(); 2089 2090 /* 2091 * Discover this now to avoid a device tree lookup in the 2092 * panic path. 2093 */ 2094 ibm_extended_os_term = of_property_read_bool(rtas.dev, "ibm,extended-os-term"); 2095 2096 /* If RTAS was found, allocate the RMO buffer for it and look for 2097 * the stop-self token if any 2098 */ 2099 #ifdef CONFIG_PPC64 2100 if (firmware_has_feature(FW_FEATURE_LPAR)) 2101 rtas_region = min(ppc64_rma_size, RTAS_INSTANTIATE_MAX); 2102 #endif 2103 rtas_rmo_buf = memblock_phys_alloc_range(RTAS_USER_REGION_SIZE, PAGE_SIZE, 2104 0, rtas_region); 2105 if (!rtas_rmo_buf) 2106 panic("ERROR: RTAS: Failed to allocate %lx bytes below %pa\n", 2107 PAGE_SIZE, &rtas_region); 2108 2109 rtas_work_area_reserve_arena(rtas_region); 2110 } 2111 2112 int __init early_init_dt_scan_rtas(unsigned long node, 2113 const char *uname, int depth, void *data) 2114 { 2115 const u32 *basep, *entryp, *sizep; 2116 2117 if (depth != 1 || strcmp(uname, "rtas") != 0) 2118 return 0; 2119 2120 basep = of_get_flat_dt_prop(node, "linux,rtas-base", NULL); 2121 entryp = of_get_flat_dt_prop(node, "linux,rtas-entry", NULL); 2122 sizep = of_get_flat_dt_prop(node, "rtas-size", NULL); 2123 2124 #ifdef CONFIG_PPC64 2125 /* need this feature to decide the crashkernel offset */ 2126 if (of_get_flat_dt_prop(node, "ibm,hypertas-functions", NULL)) 2127 powerpc_firmware_features |= FW_FEATURE_LPAR; 2128 #endif 2129 2130 if (basep && entryp && sizep) { 2131 rtas.base = *basep; 2132 rtas.entry = *entryp; 2133 rtas.size = *sizep; 2134 } 2135 2136 #ifdef CONFIG_UDBG_RTAS_CONSOLE 2137 basep = of_get_flat_dt_prop(node, "put-term-char", NULL); 2138 if (basep) 2139 rtas_putchar_token = *basep; 2140 2141 basep = of_get_flat_dt_prop(node, "get-term-char", NULL); 2142 if (basep) 2143 rtas_getchar_token = *basep; 2144 2145 if (rtas_putchar_token != RTAS_UNKNOWN_SERVICE && 2146 rtas_getchar_token != RTAS_UNKNOWN_SERVICE) 2147 udbg_init_rtas_console(); 2148 2149 #endif 2150 2151 /* break now */ 2152 return 1; 2153 } 2154 2155 static DEFINE_RAW_SPINLOCK(timebase_lock); 2156 static u64 timebase = 0; 2157 2158 void rtas_give_timebase(void) 2159 { 2160 unsigned long flags; 2161 2162 raw_spin_lock_irqsave(&timebase_lock, flags); 2163 hard_irq_disable(); 2164 rtas_call(rtas_function_token(RTAS_FN_FREEZE_TIME_BASE), 0, 1, NULL); 2165 timebase = get_tb(); 2166 raw_spin_unlock(&timebase_lock); 2167 2168 while (timebase) 2169 barrier(); 2170 rtas_call(rtas_function_token(RTAS_FN_THAW_TIME_BASE), 0, 1, NULL); 2171 local_irq_restore(flags); 2172 } 2173 2174 void rtas_take_timebase(void) 2175 { 2176 while (!timebase) 2177 barrier(); 2178 raw_spin_lock(&timebase_lock); 2179 set_tb(timebase >> 32, timebase & 0xffffffff); 2180 timebase = 0; 2181 raw_spin_unlock(&timebase_lock); 2182 } 2183