1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Procedures for interfacing to the RTAS on CHRP machines. 5 * 6 * Peter Bergner, IBM March 2001. 7 * Copyright (C) 2001 IBM. 8 */ 9 10 #include <linux/stdarg.h> 11 #include <linux/kernel.h> 12 #include <linux/types.h> 13 #include <linux/spinlock.h> 14 #include <linux/export.h> 15 #include <linux/init.h> 16 #include <linux/capability.h> 17 #include <linux/delay.h> 18 #include <linux/cpu.h> 19 #include <linux/sched.h> 20 #include <linux/smp.h> 21 #include <linux/completion.h> 22 #include <linux/cpumask.h> 23 #include <linux/memblock.h> 24 #include <linux/slab.h> 25 #include <linux/reboot.h> 26 #include <linux/syscalls.h> 27 #include <linux/of.h> 28 #include <linux/of_fdt.h> 29 30 #include <asm/interrupt.h> 31 #include <asm/rtas.h> 32 #include <asm/hvcall.h> 33 #include <asm/machdep.h> 34 #include <asm/firmware.h> 35 #include <asm/page.h> 36 #include <asm/param.h> 37 #include <asm/delay.h> 38 #include <linux/uaccess.h> 39 #include <asm/udbg.h> 40 #include <asm/syscalls.h> 41 #include <asm/smp.h> 42 #include <linux/atomic.h> 43 #include <asm/time.h> 44 #include <asm/mmu.h> 45 #include <asm/topology.h> 46 47 /* This is here deliberately so it's only used in this file */ 48 void enter_rtas(unsigned long); 49 50 static inline void do_enter_rtas(unsigned long args) 51 { 52 unsigned long msr; 53 54 /* 55 * Make sure MSR[RI] is currently enabled as it will be forced later 56 * in enter_rtas. 57 */ 58 msr = mfmsr(); 59 BUG_ON(!(msr & MSR_RI)); 60 61 BUG_ON(!irqs_disabled()); 62 63 hard_irq_disable(); /* Ensure MSR[EE] is disabled on PPC64 */ 64 65 enter_rtas(args); 66 67 srr_regs_clobbered(); /* rtas uses SRRs, invalidate */ 68 } 69 70 struct rtas_t rtas = { 71 .lock = __ARCH_SPIN_LOCK_UNLOCKED 72 }; 73 EXPORT_SYMBOL(rtas); 74 75 DEFINE_SPINLOCK(rtas_data_buf_lock); 76 EXPORT_SYMBOL(rtas_data_buf_lock); 77 78 char rtas_data_buf[RTAS_DATA_BUF_SIZE] __cacheline_aligned; 79 EXPORT_SYMBOL(rtas_data_buf); 80 81 unsigned long rtas_rmo_buf; 82 83 /* 84 * If non-NULL, this gets called when the kernel terminates. 85 * This is done like this so rtas_flash can be a module. 86 */ 87 void (*rtas_flash_term_hook)(int); 88 EXPORT_SYMBOL(rtas_flash_term_hook); 89 90 /* RTAS use home made raw locking instead of spin_lock_irqsave 91 * because those can be called from within really nasty contexts 92 * such as having the timebase stopped which would lockup with 93 * normal locks and spinlock debugging enabled 94 */ 95 static unsigned long lock_rtas(void) 96 { 97 unsigned long flags; 98 99 local_irq_save(flags); 100 preempt_disable(); 101 arch_spin_lock(&rtas.lock); 102 return flags; 103 } 104 105 static void unlock_rtas(unsigned long flags) 106 { 107 arch_spin_unlock(&rtas.lock); 108 local_irq_restore(flags); 109 preempt_enable(); 110 } 111 112 /* 113 * call_rtas_display_status and call_rtas_display_status_delay 114 * are designed only for very early low-level debugging, which 115 * is why the token is hard-coded to 10. 116 */ 117 static void call_rtas_display_status(unsigned char c) 118 { 119 unsigned long s; 120 121 if (!rtas.base) 122 return; 123 124 s = lock_rtas(); 125 rtas_call_unlocked(&rtas.args, 10, 1, 1, NULL, c); 126 unlock_rtas(s); 127 } 128 129 static void call_rtas_display_status_delay(char c) 130 { 131 static int pending_newline = 0; /* did last write end with unprinted newline? */ 132 static int width = 16; 133 134 if (c == '\n') { 135 while (width-- > 0) 136 call_rtas_display_status(' '); 137 width = 16; 138 mdelay(500); 139 pending_newline = 1; 140 } else { 141 if (pending_newline) { 142 call_rtas_display_status('\r'); 143 call_rtas_display_status('\n'); 144 } 145 pending_newline = 0; 146 if (width--) { 147 call_rtas_display_status(c); 148 udelay(10000); 149 } 150 } 151 } 152 153 void __init udbg_init_rtas_panel(void) 154 { 155 udbg_putc = call_rtas_display_status_delay; 156 } 157 158 #ifdef CONFIG_UDBG_RTAS_CONSOLE 159 160 /* If you think you're dying before early_init_dt_scan_rtas() does its 161 * work, you can hard code the token values for your firmware here and 162 * hardcode rtas.base/entry etc. 163 */ 164 static unsigned int rtas_putchar_token = RTAS_UNKNOWN_SERVICE; 165 static unsigned int rtas_getchar_token = RTAS_UNKNOWN_SERVICE; 166 167 static void udbg_rtascon_putc(char c) 168 { 169 int tries; 170 171 if (!rtas.base) 172 return; 173 174 /* Add CRs before LFs */ 175 if (c == '\n') 176 udbg_rtascon_putc('\r'); 177 178 /* if there is more than one character to be displayed, wait a bit */ 179 for (tries = 0; tries < 16; tries++) { 180 if (rtas_call(rtas_putchar_token, 1, 1, NULL, c) == 0) 181 break; 182 udelay(1000); 183 } 184 } 185 186 static int udbg_rtascon_getc_poll(void) 187 { 188 int c; 189 190 if (!rtas.base) 191 return -1; 192 193 if (rtas_call(rtas_getchar_token, 0, 2, &c)) 194 return -1; 195 196 return c; 197 } 198 199 static int udbg_rtascon_getc(void) 200 { 201 int c; 202 203 while ((c = udbg_rtascon_getc_poll()) == -1) 204 ; 205 206 return c; 207 } 208 209 210 void __init udbg_init_rtas_console(void) 211 { 212 udbg_putc = udbg_rtascon_putc; 213 udbg_getc = udbg_rtascon_getc; 214 udbg_getc_poll = udbg_rtascon_getc_poll; 215 } 216 #endif /* CONFIG_UDBG_RTAS_CONSOLE */ 217 218 void rtas_progress(char *s, unsigned short hex) 219 { 220 struct device_node *root; 221 int width; 222 const __be32 *p; 223 char *os; 224 static int display_character, set_indicator; 225 static int display_width, display_lines, form_feed; 226 static const int *row_width; 227 static DEFINE_SPINLOCK(progress_lock); 228 static int current_line; 229 static int pending_newline = 0; /* did last write end with unprinted newline? */ 230 231 if (!rtas.base) 232 return; 233 234 if (display_width == 0) { 235 display_width = 0x10; 236 if ((root = of_find_node_by_path("/rtas"))) { 237 if ((p = of_get_property(root, 238 "ibm,display-line-length", NULL))) 239 display_width = be32_to_cpu(*p); 240 if ((p = of_get_property(root, 241 "ibm,form-feed", NULL))) 242 form_feed = be32_to_cpu(*p); 243 if ((p = of_get_property(root, 244 "ibm,display-number-of-lines", NULL))) 245 display_lines = be32_to_cpu(*p); 246 row_width = of_get_property(root, 247 "ibm,display-truncation-length", NULL); 248 of_node_put(root); 249 } 250 display_character = rtas_token("display-character"); 251 set_indicator = rtas_token("set-indicator"); 252 } 253 254 if (display_character == RTAS_UNKNOWN_SERVICE) { 255 /* use hex display if available */ 256 if (set_indicator != RTAS_UNKNOWN_SERVICE) 257 rtas_call(set_indicator, 3, 1, NULL, 6, 0, hex); 258 return; 259 } 260 261 spin_lock(&progress_lock); 262 263 /* 264 * Last write ended with newline, but we didn't print it since 265 * it would just clear the bottom line of output. Print it now 266 * instead. 267 * 268 * If no newline is pending and form feed is supported, clear the 269 * display with a form feed; otherwise, print a CR to start output 270 * at the beginning of the line. 271 */ 272 if (pending_newline) { 273 rtas_call(display_character, 1, 1, NULL, '\r'); 274 rtas_call(display_character, 1, 1, NULL, '\n'); 275 pending_newline = 0; 276 } else { 277 current_line = 0; 278 if (form_feed) 279 rtas_call(display_character, 1, 1, NULL, 280 (char)form_feed); 281 else 282 rtas_call(display_character, 1, 1, NULL, '\r'); 283 } 284 285 if (row_width) 286 width = row_width[current_line]; 287 else 288 width = display_width; 289 os = s; 290 while (*os) { 291 if (*os == '\n' || *os == '\r') { 292 /* If newline is the last character, save it 293 * until next call to avoid bumping up the 294 * display output. 295 */ 296 if (*os == '\n' && !os[1]) { 297 pending_newline = 1; 298 current_line++; 299 if (current_line > display_lines-1) 300 current_line = display_lines-1; 301 spin_unlock(&progress_lock); 302 return; 303 } 304 305 /* RTAS wants CR-LF, not just LF */ 306 307 if (*os == '\n') { 308 rtas_call(display_character, 1, 1, NULL, '\r'); 309 rtas_call(display_character, 1, 1, NULL, '\n'); 310 } else { 311 /* CR might be used to re-draw a line, so we'll 312 * leave it alone and not add LF. 313 */ 314 rtas_call(display_character, 1, 1, NULL, *os); 315 } 316 317 if (row_width) 318 width = row_width[current_line]; 319 else 320 width = display_width; 321 } else { 322 width--; 323 rtas_call(display_character, 1, 1, NULL, *os); 324 } 325 326 os++; 327 328 /* if we overwrite the screen length */ 329 if (width <= 0) 330 while ((*os != 0) && (*os != '\n') && (*os != '\r')) 331 os++; 332 } 333 334 spin_unlock(&progress_lock); 335 } 336 EXPORT_SYMBOL(rtas_progress); /* needed by rtas_flash module */ 337 338 int rtas_token(const char *service) 339 { 340 const __be32 *tokp; 341 if (rtas.dev == NULL) 342 return RTAS_UNKNOWN_SERVICE; 343 tokp = of_get_property(rtas.dev, service, NULL); 344 return tokp ? be32_to_cpu(*tokp) : RTAS_UNKNOWN_SERVICE; 345 } 346 EXPORT_SYMBOL(rtas_token); 347 348 int rtas_service_present(const char *service) 349 { 350 return rtas_token(service) != RTAS_UNKNOWN_SERVICE; 351 } 352 EXPORT_SYMBOL(rtas_service_present); 353 354 #ifdef CONFIG_RTAS_ERROR_LOGGING 355 /* 356 * Return the firmware-specified size of the error log buffer 357 * for all rtas calls that require an error buffer argument. 358 * This includes 'check-exception' and 'rtas-last-error'. 359 */ 360 int rtas_get_error_log_max(void) 361 { 362 static int rtas_error_log_max; 363 if (rtas_error_log_max) 364 return rtas_error_log_max; 365 366 rtas_error_log_max = rtas_token ("rtas-error-log-max"); 367 if ((rtas_error_log_max == RTAS_UNKNOWN_SERVICE) || 368 (rtas_error_log_max > RTAS_ERROR_LOG_MAX)) { 369 printk (KERN_WARNING "RTAS: bad log buffer size %d\n", 370 rtas_error_log_max); 371 rtas_error_log_max = RTAS_ERROR_LOG_MAX; 372 } 373 return rtas_error_log_max; 374 } 375 EXPORT_SYMBOL(rtas_get_error_log_max); 376 377 378 static char rtas_err_buf[RTAS_ERROR_LOG_MAX]; 379 static int rtas_last_error_token; 380 381 /** Return a copy of the detailed error text associated with the 382 * most recent failed call to rtas. Because the error text 383 * might go stale if there are any other intervening rtas calls, 384 * this routine must be called atomically with whatever produced 385 * the error (i.e. with rtas.lock still held from the previous call). 386 */ 387 static char *__fetch_rtas_last_error(char *altbuf) 388 { 389 struct rtas_args err_args, save_args; 390 u32 bufsz; 391 char *buf = NULL; 392 393 if (rtas_last_error_token == -1) 394 return NULL; 395 396 bufsz = rtas_get_error_log_max(); 397 398 err_args.token = cpu_to_be32(rtas_last_error_token); 399 err_args.nargs = cpu_to_be32(2); 400 err_args.nret = cpu_to_be32(1); 401 err_args.args[0] = cpu_to_be32(__pa(rtas_err_buf)); 402 err_args.args[1] = cpu_to_be32(bufsz); 403 err_args.args[2] = 0; 404 405 save_args = rtas.args; 406 rtas.args = err_args; 407 408 do_enter_rtas(__pa(&rtas.args)); 409 410 err_args = rtas.args; 411 rtas.args = save_args; 412 413 /* Log the error in the unlikely case that there was one. */ 414 if (unlikely(err_args.args[2] == 0)) { 415 if (altbuf) { 416 buf = altbuf; 417 } else { 418 buf = rtas_err_buf; 419 if (slab_is_available()) 420 buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC); 421 } 422 if (buf) 423 memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX); 424 } 425 426 return buf; 427 } 428 429 #define get_errorlog_buffer() kmalloc(RTAS_ERROR_LOG_MAX, GFP_KERNEL) 430 431 #else /* CONFIG_RTAS_ERROR_LOGGING */ 432 #define __fetch_rtas_last_error(x) NULL 433 #define get_errorlog_buffer() NULL 434 #endif 435 436 437 static void 438 va_rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret, 439 va_list list) 440 { 441 int i; 442 443 args->token = cpu_to_be32(token); 444 args->nargs = cpu_to_be32(nargs); 445 args->nret = cpu_to_be32(nret); 446 args->rets = &(args->args[nargs]); 447 448 for (i = 0; i < nargs; ++i) 449 args->args[i] = cpu_to_be32(va_arg(list, __u32)); 450 451 for (i = 0; i < nret; ++i) 452 args->rets[i] = 0; 453 454 do_enter_rtas(__pa(args)); 455 } 456 457 void rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret, ...) 458 { 459 va_list list; 460 461 va_start(list, nret); 462 va_rtas_call_unlocked(args, token, nargs, nret, list); 463 va_end(list); 464 } 465 466 int rtas_call(int token, int nargs, int nret, int *outputs, ...) 467 { 468 va_list list; 469 int i; 470 unsigned long s; 471 struct rtas_args *rtas_args; 472 char *buff_copy = NULL; 473 int ret; 474 475 if (!rtas.entry || token == RTAS_UNKNOWN_SERVICE) 476 return -1; 477 478 if ((mfmsr() & (MSR_IR|MSR_DR)) != (MSR_IR|MSR_DR)) { 479 WARN_ON_ONCE(1); 480 return -1; 481 } 482 483 s = lock_rtas(); 484 485 /* We use the global rtas args buffer */ 486 rtas_args = &rtas.args; 487 488 va_start(list, outputs); 489 va_rtas_call_unlocked(rtas_args, token, nargs, nret, list); 490 va_end(list); 491 492 /* A -1 return code indicates that the last command couldn't 493 be completed due to a hardware error. */ 494 if (be32_to_cpu(rtas_args->rets[0]) == -1) 495 buff_copy = __fetch_rtas_last_error(NULL); 496 497 if (nret > 1 && outputs != NULL) 498 for (i = 0; i < nret-1; ++i) 499 outputs[i] = be32_to_cpu(rtas_args->rets[i+1]); 500 ret = (nret > 0)? be32_to_cpu(rtas_args->rets[0]): 0; 501 502 unlock_rtas(s); 503 504 if (buff_copy) { 505 log_error(buff_copy, ERR_TYPE_RTAS_LOG, 0); 506 if (slab_is_available()) 507 kfree(buff_copy); 508 } 509 return ret; 510 } 511 EXPORT_SYMBOL(rtas_call); 512 513 /** 514 * rtas_busy_delay_time() - From an RTAS status value, calculate the 515 * suggested delay time in milliseconds. 516 * 517 * @status: a value returned from rtas_call() or similar APIs which return 518 * the status of a RTAS function call. 519 * 520 * Context: Any context. 521 * 522 * Return: 523 * * 100000 - If @status is 9905. 524 * * 10000 - If @status is 9904. 525 * * 1000 - If @status is 9903. 526 * * 100 - If @status is 9902. 527 * * 10 - If @status is 9901. 528 * * 1 - If @status is either 9900 or -2. This is "wrong" for -2, but 529 * some callers depend on this behavior, and the worst outcome 530 * is that they will delay for longer than necessary. 531 * * 0 - If @status is not a busy or extended delay value. 532 */ 533 unsigned int rtas_busy_delay_time(int status) 534 { 535 int order; 536 unsigned int ms = 0; 537 538 if (status == RTAS_BUSY) { 539 ms = 1; 540 } else if (status >= RTAS_EXTENDED_DELAY_MIN && 541 status <= RTAS_EXTENDED_DELAY_MAX) { 542 order = status - RTAS_EXTENDED_DELAY_MIN; 543 for (ms = 1; order > 0; order--) 544 ms *= 10; 545 } 546 547 return ms; 548 } 549 EXPORT_SYMBOL(rtas_busy_delay_time); 550 551 /** 552 * rtas_busy_delay() - helper for RTAS busy and extended delay statuses 553 * 554 * @status: a value returned from rtas_call() or similar APIs which return 555 * the status of a RTAS function call. 556 * 557 * Context: Process context. May sleep or schedule. 558 * 559 * Return: 560 * * true - @status is RTAS_BUSY or an extended delay hint. The 561 * caller may assume that the CPU has been yielded if necessary, 562 * and that an appropriate delay for @status has elapsed. 563 * Generally the caller should reattempt the RTAS call which 564 * yielded @status. 565 * 566 * * false - @status is not @RTAS_BUSY nor an extended delay hint. The 567 * caller is responsible for handling @status. 568 */ 569 bool rtas_busy_delay(int status) 570 { 571 unsigned int ms; 572 bool ret; 573 574 switch (status) { 575 case RTAS_EXTENDED_DELAY_MIN...RTAS_EXTENDED_DELAY_MAX: 576 ret = true; 577 ms = rtas_busy_delay_time(status); 578 /* 579 * The extended delay hint can be as high as 100 seconds. 580 * Surely any function returning such a status is either 581 * buggy or isn't going to be significantly slowed by us 582 * polling at 1HZ. Clamp the sleep time to one second. 583 */ 584 ms = clamp(ms, 1U, 1000U); 585 /* 586 * The delay hint is an order-of-magnitude suggestion, not 587 * a minimum. It is fine, possibly even advantageous, for 588 * us to pause for less time than hinted. For small values, 589 * use usleep_range() to ensure we don't sleep much longer 590 * than actually needed. 591 * 592 * See Documentation/timers/timers-howto.rst for 593 * explanation of the threshold used here. In effect we use 594 * usleep_range() for 9900 and 9901, msleep() for 595 * 9902-9905. 596 */ 597 if (ms <= 20) 598 usleep_range(ms * 100, ms * 1000); 599 else 600 msleep(ms); 601 break; 602 case RTAS_BUSY: 603 ret = true; 604 /* 605 * We should call again immediately if there's no other 606 * work to do. 607 */ 608 cond_resched(); 609 break; 610 default: 611 ret = false; 612 /* 613 * Not a busy or extended delay status; the caller should 614 * handle @status itself. Ensure we warn on misuses in 615 * atomic context regardless. 616 */ 617 might_sleep(); 618 break; 619 } 620 621 return ret; 622 } 623 EXPORT_SYMBOL(rtas_busy_delay); 624 625 static int rtas_error_rc(int rtas_rc) 626 { 627 int rc; 628 629 switch (rtas_rc) { 630 case -1: /* Hardware Error */ 631 rc = -EIO; 632 break; 633 case -3: /* Bad indicator/domain/etc */ 634 rc = -EINVAL; 635 break; 636 case -9000: /* Isolation error */ 637 rc = -EFAULT; 638 break; 639 case -9001: /* Outstanding TCE/PTE */ 640 rc = -EEXIST; 641 break; 642 case -9002: /* No usable slot */ 643 rc = -ENODEV; 644 break; 645 default: 646 printk(KERN_ERR "%s: unexpected RTAS error %d\n", 647 __func__, rtas_rc); 648 rc = -ERANGE; 649 break; 650 } 651 return rc; 652 } 653 654 int rtas_get_power_level(int powerdomain, int *level) 655 { 656 int token = rtas_token("get-power-level"); 657 int rc; 658 659 if (token == RTAS_UNKNOWN_SERVICE) 660 return -ENOENT; 661 662 while ((rc = rtas_call(token, 1, 2, level, powerdomain)) == RTAS_BUSY) 663 udelay(1); 664 665 if (rc < 0) 666 return rtas_error_rc(rc); 667 return rc; 668 } 669 EXPORT_SYMBOL(rtas_get_power_level); 670 671 int rtas_set_power_level(int powerdomain, int level, int *setlevel) 672 { 673 int token = rtas_token("set-power-level"); 674 int rc; 675 676 if (token == RTAS_UNKNOWN_SERVICE) 677 return -ENOENT; 678 679 do { 680 rc = rtas_call(token, 2, 2, setlevel, powerdomain, level); 681 } while (rtas_busy_delay(rc)); 682 683 if (rc < 0) 684 return rtas_error_rc(rc); 685 return rc; 686 } 687 EXPORT_SYMBOL(rtas_set_power_level); 688 689 int rtas_get_sensor(int sensor, int index, int *state) 690 { 691 int token = rtas_token("get-sensor-state"); 692 int rc; 693 694 if (token == RTAS_UNKNOWN_SERVICE) 695 return -ENOENT; 696 697 do { 698 rc = rtas_call(token, 2, 2, state, sensor, index); 699 } while (rtas_busy_delay(rc)); 700 701 if (rc < 0) 702 return rtas_error_rc(rc); 703 return rc; 704 } 705 EXPORT_SYMBOL(rtas_get_sensor); 706 707 int rtas_get_sensor_fast(int sensor, int index, int *state) 708 { 709 int token = rtas_token("get-sensor-state"); 710 int rc; 711 712 if (token == RTAS_UNKNOWN_SERVICE) 713 return -ENOENT; 714 715 rc = rtas_call(token, 2, 2, state, sensor, index); 716 WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN && 717 rc <= RTAS_EXTENDED_DELAY_MAX)); 718 719 if (rc < 0) 720 return rtas_error_rc(rc); 721 return rc; 722 } 723 724 bool rtas_indicator_present(int token, int *maxindex) 725 { 726 int proplen, count, i; 727 const struct indicator_elem { 728 __be32 token; 729 __be32 maxindex; 730 } *indicators; 731 732 indicators = of_get_property(rtas.dev, "rtas-indicators", &proplen); 733 if (!indicators) 734 return false; 735 736 count = proplen / sizeof(struct indicator_elem); 737 738 for (i = 0; i < count; i++) { 739 if (__be32_to_cpu(indicators[i].token) != token) 740 continue; 741 if (maxindex) 742 *maxindex = __be32_to_cpu(indicators[i].maxindex); 743 return true; 744 } 745 746 return false; 747 } 748 EXPORT_SYMBOL(rtas_indicator_present); 749 750 int rtas_set_indicator(int indicator, int index, int new_value) 751 { 752 int token = rtas_token("set-indicator"); 753 int rc; 754 755 if (token == RTAS_UNKNOWN_SERVICE) 756 return -ENOENT; 757 758 do { 759 rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value); 760 } while (rtas_busy_delay(rc)); 761 762 if (rc < 0) 763 return rtas_error_rc(rc); 764 return rc; 765 } 766 EXPORT_SYMBOL(rtas_set_indicator); 767 768 /* 769 * Ignoring RTAS extended delay 770 */ 771 int rtas_set_indicator_fast(int indicator, int index, int new_value) 772 { 773 int rc; 774 int token = rtas_token("set-indicator"); 775 776 if (token == RTAS_UNKNOWN_SERVICE) 777 return -ENOENT; 778 779 rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value); 780 781 WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN && 782 rc <= RTAS_EXTENDED_DELAY_MAX)); 783 784 if (rc < 0) 785 return rtas_error_rc(rc); 786 787 return rc; 788 } 789 790 /** 791 * rtas_ibm_suspend_me() - Call ibm,suspend-me to suspend the LPAR. 792 * 793 * @fw_status: RTAS call status will be placed here if not NULL. 794 * 795 * rtas_ibm_suspend_me() should be called only on a CPU which has 796 * received H_CONTINUE from the H_JOIN hcall. All other active CPUs 797 * should be waiting to return from H_JOIN. 798 * 799 * rtas_ibm_suspend_me() may suspend execution of the OS 800 * indefinitely. Callers should take appropriate measures upon return, such as 801 * resetting watchdog facilities. 802 * 803 * Callers may choose to retry this call if @fw_status is 804 * %RTAS_THREADS_ACTIVE. 805 * 806 * Return: 807 * 0 - The partition has resumed from suspend, possibly after 808 * migration to a different host. 809 * -ECANCELED - The operation was aborted. 810 * -EAGAIN - There were other CPUs not in H_JOIN at the time of the call. 811 * -EBUSY - Some other condition prevented the suspend from succeeding. 812 * -EIO - Hardware/platform error. 813 */ 814 int rtas_ibm_suspend_me(int *fw_status) 815 { 816 int fwrc; 817 int ret; 818 819 fwrc = rtas_call(rtas_token("ibm,suspend-me"), 0, 1, NULL); 820 821 switch (fwrc) { 822 case 0: 823 ret = 0; 824 break; 825 case RTAS_SUSPEND_ABORTED: 826 ret = -ECANCELED; 827 break; 828 case RTAS_THREADS_ACTIVE: 829 ret = -EAGAIN; 830 break; 831 case RTAS_NOT_SUSPENDABLE: 832 case RTAS_OUTSTANDING_COPROC: 833 ret = -EBUSY; 834 break; 835 case -1: 836 default: 837 ret = -EIO; 838 break; 839 } 840 841 if (fw_status) 842 *fw_status = fwrc; 843 844 return ret; 845 } 846 847 void __noreturn rtas_restart(char *cmd) 848 { 849 if (rtas_flash_term_hook) 850 rtas_flash_term_hook(SYS_RESTART); 851 printk("RTAS system-reboot returned %d\n", 852 rtas_call(rtas_token("system-reboot"), 0, 1, NULL)); 853 for (;;); 854 } 855 856 void rtas_power_off(void) 857 { 858 if (rtas_flash_term_hook) 859 rtas_flash_term_hook(SYS_POWER_OFF); 860 /* allow power on only with power button press */ 861 printk("RTAS power-off returned %d\n", 862 rtas_call(rtas_token("power-off"), 2, 1, NULL, -1, -1)); 863 for (;;); 864 } 865 866 void __noreturn rtas_halt(void) 867 { 868 if (rtas_flash_term_hook) 869 rtas_flash_term_hook(SYS_HALT); 870 /* allow power on only with power button press */ 871 printk("RTAS power-off returned %d\n", 872 rtas_call(rtas_token("power-off"), 2, 1, NULL, -1, -1)); 873 for (;;); 874 } 875 876 /* Must be in the RMO region, so we place it here */ 877 static char rtas_os_term_buf[2048]; 878 879 void rtas_os_term(char *str) 880 { 881 int status; 882 883 /* 884 * Firmware with the ibm,extended-os-term property is guaranteed 885 * to always return from an ibm,os-term call. Earlier versions without 886 * this property may terminate the partition which we want to avoid 887 * since it interferes with panic_timeout. 888 */ 889 if (RTAS_UNKNOWN_SERVICE == rtas_token("ibm,os-term") || 890 RTAS_UNKNOWN_SERVICE == rtas_token("ibm,extended-os-term")) 891 return; 892 893 snprintf(rtas_os_term_buf, 2048, "OS panic: %s", str); 894 895 do { 896 status = rtas_call(rtas_token("ibm,os-term"), 1, 1, NULL, 897 __pa(rtas_os_term_buf)); 898 } while (rtas_busy_delay(status)); 899 900 if (status != 0) 901 printk(KERN_EMERG "ibm,os-term call failed %d\n", status); 902 } 903 904 /** 905 * rtas_activate_firmware() - Activate a new version of firmware. 906 * 907 * Context: This function may sleep. 908 * 909 * Activate a new version of partition firmware. The OS must call this 910 * after resuming from a partition hibernation or migration in order 911 * to maintain the ability to perform live firmware updates. It's not 912 * catastrophic for this method to be absent or to fail; just log the 913 * condition in that case. 914 */ 915 void rtas_activate_firmware(void) 916 { 917 int token; 918 int fwrc; 919 920 token = rtas_token("ibm,activate-firmware"); 921 if (token == RTAS_UNKNOWN_SERVICE) { 922 pr_notice("ibm,activate-firmware method unavailable\n"); 923 return; 924 } 925 926 do { 927 fwrc = rtas_call(token, 0, 1, NULL); 928 } while (rtas_busy_delay(fwrc)); 929 930 if (fwrc) 931 pr_err("ibm,activate-firmware failed (%i)\n", fwrc); 932 } 933 934 /** 935 * get_pseries_errorlog() - Find a specific pseries error log in an RTAS 936 * extended event log. 937 * @log: RTAS error/event log 938 * @section_id: two character section identifier 939 * 940 * Return: A pointer to the specified errorlog or NULL if not found. 941 */ 942 noinstr struct pseries_errorlog *get_pseries_errorlog(struct rtas_error_log *log, 943 uint16_t section_id) 944 { 945 struct rtas_ext_event_log_v6 *ext_log = 946 (struct rtas_ext_event_log_v6 *)log->buffer; 947 struct pseries_errorlog *sect; 948 unsigned char *p, *log_end; 949 uint32_t ext_log_length = rtas_error_extended_log_length(log); 950 uint8_t log_format = rtas_ext_event_log_format(ext_log); 951 uint32_t company_id = rtas_ext_event_company_id(ext_log); 952 953 /* Check that we understand the format */ 954 if (ext_log_length < sizeof(struct rtas_ext_event_log_v6) || 955 log_format != RTAS_V6EXT_LOG_FORMAT_EVENT_LOG || 956 company_id != RTAS_V6EXT_COMPANY_ID_IBM) 957 return NULL; 958 959 log_end = log->buffer + ext_log_length; 960 p = ext_log->vendor_log; 961 962 while (p < log_end) { 963 sect = (struct pseries_errorlog *)p; 964 if (pseries_errorlog_id(sect) == section_id) 965 return sect; 966 p += pseries_errorlog_length(sect); 967 } 968 969 return NULL; 970 } 971 972 #ifdef CONFIG_PPC_RTAS_FILTER 973 974 /* 975 * The sys_rtas syscall, as originally designed, allows root to pass 976 * arbitrary physical addresses to RTAS calls. A number of RTAS calls 977 * can be abused to write to arbitrary memory and do other things that 978 * are potentially harmful to system integrity, and thus should only 979 * be used inside the kernel and not exposed to userspace. 980 * 981 * All known legitimate users of the sys_rtas syscall will only ever 982 * pass addresses that fall within the RMO buffer, and use a known 983 * subset of RTAS calls. 984 * 985 * Accordingly, we filter RTAS requests to check that the call is 986 * permitted, and that provided pointers fall within the RMO buffer. 987 * The rtas_filters list contains an entry for each permitted call, 988 * with the indexes of the parameters which are expected to contain 989 * addresses and sizes of buffers allocated inside the RMO buffer. 990 */ 991 struct rtas_filter { 992 const char *name; 993 int token; 994 /* Indexes into the args buffer, -1 if not used */ 995 int buf_idx1; 996 int size_idx1; 997 int buf_idx2; 998 int size_idx2; 999 1000 int fixed_size; 1001 }; 1002 1003 static struct rtas_filter rtas_filters[] __ro_after_init = { 1004 { "ibm,activate-firmware", -1, -1, -1, -1, -1 }, 1005 { "ibm,configure-connector", -1, 0, -1, 1, -1, 4096 }, /* Special cased */ 1006 { "display-character", -1, -1, -1, -1, -1 }, 1007 { "ibm,display-message", -1, 0, -1, -1, -1 }, 1008 { "ibm,errinjct", -1, 2, -1, -1, -1, 1024 }, 1009 { "ibm,close-errinjct", -1, -1, -1, -1, -1 }, 1010 { "ibm,open-errinjct", -1, -1, -1, -1, -1 }, 1011 { "ibm,get-config-addr-info2", -1, -1, -1, -1, -1 }, 1012 { "ibm,get-dynamic-sensor-state", -1, 1, -1, -1, -1 }, 1013 { "ibm,get-indices", -1, 2, 3, -1, -1 }, 1014 { "get-power-level", -1, -1, -1, -1, -1 }, 1015 { "get-sensor-state", -1, -1, -1, -1, -1 }, 1016 { "ibm,get-system-parameter", -1, 1, 2, -1, -1 }, 1017 { "get-time-of-day", -1, -1, -1, -1, -1 }, 1018 { "ibm,get-vpd", -1, 0, -1, 1, 2 }, 1019 { "ibm,lpar-perftools", -1, 2, 3, -1, -1 }, 1020 { "ibm,platform-dump", -1, 4, 5, -1, -1 }, /* Special cased */ 1021 { "ibm,read-slot-reset-state", -1, -1, -1, -1, -1 }, 1022 { "ibm,scan-log-dump", -1, 0, 1, -1, -1 }, 1023 { "ibm,set-dynamic-indicator", -1, 2, -1, -1, -1 }, 1024 { "ibm,set-eeh-option", -1, -1, -1, -1, -1 }, 1025 { "set-indicator", -1, -1, -1, -1, -1 }, 1026 { "set-power-level", -1, -1, -1, -1, -1 }, 1027 { "set-time-for-power-on", -1, -1, -1, -1, -1 }, 1028 { "ibm,set-system-parameter", -1, 1, -1, -1, -1 }, 1029 { "set-time-of-day", -1, -1, -1, -1, -1 }, 1030 #ifdef CONFIG_CPU_BIG_ENDIAN 1031 { "ibm,suspend-me", -1, -1, -1, -1, -1 }, 1032 { "ibm,update-nodes", -1, 0, -1, -1, -1, 4096 }, 1033 { "ibm,update-properties", -1, 0, -1, -1, -1, 4096 }, 1034 #endif 1035 { "ibm,physical-attestation", -1, 0, 1, -1, -1 }, 1036 }; 1037 1038 static bool in_rmo_buf(u32 base, u32 end) 1039 { 1040 return base >= rtas_rmo_buf && 1041 base < (rtas_rmo_buf + RTAS_USER_REGION_SIZE) && 1042 base <= end && 1043 end >= rtas_rmo_buf && 1044 end < (rtas_rmo_buf + RTAS_USER_REGION_SIZE); 1045 } 1046 1047 static bool block_rtas_call(int token, int nargs, 1048 struct rtas_args *args) 1049 { 1050 int i; 1051 1052 for (i = 0; i < ARRAY_SIZE(rtas_filters); i++) { 1053 struct rtas_filter *f = &rtas_filters[i]; 1054 u32 base, size, end; 1055 1056 if (token != f->token) 1057 continue; 1058 1059 if (f->buf_idx1 != -1) { 1060 base = be32_to_cpu(args->args[f->buf_idx1]); 1061 if (f->size_idx1 != -1) 1062 size = be32_to_cpu(args->args[f->size_idx1]); 1063 else if (f->fixed_size) 1064 size = f->fixed_size; 1065 else 1066 size = 1; 1067 1068 end = base + size - 1; 1069 1070 /* 1071 * Special case for ibm,platform-dump - NULL buffer 1072 * address is used to indicate end of dump processing 1073 */ 1074 if (!strcmp(f->name, "ibm,platform-dump") && 1075 base == 0) 1076 return false; 1077 1078 if (!in_rmo_buf(base, end)) 1079 goto err; 1080 } 1081 1082 if (f->buf_idx2 != -1) { 1083 base = be32_to_cpu(args->args[f->buf_idx2]); 1084 if (f->size_idx2 != -1) 1085 size = be32_to_cpu(args->args[f->size_idx2]); 1086 else if (f->fixed_size) 1087 size = f->fixed_size; 1088 else 1089 size = 1; 1090 end = base + size - 1; 1091 1092 /* 1093 * Special case for ibm,configure-connector where the 1094 * address can be 0 1095 */ 1096 if (!strcmp(f->name, "ibm,configure-connector") && 1097 base == 0) 1098 return false; 1099 1100 if (!in_rmo_buf(base, end)) 1101 goto err; 1102 } 1103 1104 return false; 1105 } 1106 1107 err: 1108 pr_err_ratelimited("sys_rtas: RTAS call blocked - exploit attempt?\n"); 1109 pr_err_ratelimited("sys_rtas: token=0x%x, nargs=%d (called by %s)\n", 1110 token, nargs, current->comm); 1111 return true; 1112 } 1113 1114 static void __init rtas_syscall_filter_init(void) 1115 { 1116 unsigned int i; 1117 1118 for (i = 0; i < ARRAY_SIZE(rtas_filters); i++) 1119 rtas_filters[i].token = rtas_token(rtas_filters[i].name); 1120 } 1121 1122 #else 1123 1124 static bool block_rtas_call(int token, int nargs, 1125 struct rtas_args *args) 1126 { 1127 return false; 1128 } 1129 1130 static void __init rtas_syscall_filter_init(void) 1131 { 1132 } 1133 1134 #endif /* CONFIG_PPC_RTAS_FILTER */ 1135 1136 /* We assume to be passed big endian arguments */ 1137 SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs) 1138 { 1139 struct rtas_args args; 1140 unsigned long flags; 1141 char *buff_copy, *errbuf = NULL; 1142 int nargs, nret, token; 1143 1144 if (!capable(CAP_SYS_ADMIN)) 1145 return -EPERM; 1146 1147 if (!rtas.entry) 1148 return -EINVAL; 1149 1150 if (copy_from_user(&args, uargs, 3 * sizeof(u32)) != 0) 1151 return -EFAULT; 1152 1153 nargs = be32_to_cpu(args.nargs); 1154 nret = be32_to_cpu(args.nret); 1155 token = be32_to_cpu(args.token); 1156 1157 if (nargs >= ARRAY_SIZE(args.args) 1158 || nret > ARRAY_SIZE(args.args) 1159 || nargs + nret > ARRAY_SIZE(args.args)) 1160 return -EINVAL; 1161 1162 /* Copy in args. */ 1163 if (copy_from_user(args.args, uargs->args, 1164 nargs * sizeof(rtas_arg_t)) != 0) 1165 return -EFAULT; 1166 1167 if (token == RTAS_UNKNOWN_SERVICE) 1168 return -EINVAL; 1169 1170 args.rets = &args.args[nargs]; 1171 memset(args.rets, 0, nret * sizeof(rtas_arg_t)); 1172 1173 if (block_rtas_call(token, nargs, &args)) 1174 return -EINVAL; 1175 1176 /* Need to handle ibm,suspend_me call specially */ 1177 if (token == rtas_token("ibm,suspend-me")) { 1178 1179 /* 1180 * rtas_ibm_suspend_me assumes the streamid handle is in cpu 1181 * endian, or at least the hcall within it requires it. 1182 */ 1183 int rc = 0; 1184 u64 handle = ((u64)be32_to_cpu(args.args[0]) << 32) 1185 | be32_to_cpu(args.args[1]); 1186 rc = rtas_syscall_dispatch_ibm_suspend_me(handle); 1187 if (rc == -EAGAIN) 1188 args.rets[0] = cpu_to_be32(RTAS_NOT_SUSPENDABLE); 1189 else if (rc == -EIO) 1190 args.rets[0] = cpu_to_be32(-1); 1191 else if (rc) 1192 return rc; 1193 goto copy_return; 1194 } 1195 1196 buff_copy = get_errorlog_buffer(); 1197 1198 flags = lock_rtas(); 1199 1200 rtas.args = args; 1201 do_enter_rtas(__pa(&rtas.args)); 1202 args = rtas.args; 1203 1204 /* A -1 return code indicates that the last command couldn't 1205 be completed due to a hardware error. */ 1206 if (be32_to_cpu(args.rets[0]) == -1) 1207 errbuf = __fetch_rtas_last_error(buff_copy); 1208 1209 unlock_rtas(flags); 1210 1211 if (buff_copy) { 1212 if (errbuf) 1213 log_error(errbuf, ERR_TYPE_RTAS_LOG, 0); 1214 kfree(buff_copy); 1215 } 1216 1217 copy_return: 1218 /* Copy out args. */ 1219 if (copy_to_user(uargs->args + nargs, 1220 args.args + nargs, 1221 nret * sizeof(rtas_arg_t)) != 0) 1222 return -EFAULT; 1223 1224 return 0; 1225 } 1226 1227 /* 1228 * Call early during boot, before mem init, to retrieve the RTAS 1229 * information from the device-tree and allocate the RMO buffer for userland 1230 * accesses. 1231 */ 1232 void __init rtas_initialize(void) 1233 { 1234 unsigned long rtas_region = RTAS_INSTANTIATE_MAX; 1235 u32 base, size, entry; 1236 int no_base, no_size, no_entry; 1237 1238 /* Get RTAS dev node and fill up our "rtas" structure with infos 1239 * about it. 1240 */ 1241 rtas.dev = of_find_node_by_name(NULL, "rtas"); 1242 if (!rtas.dev) 1243 return; 1244 1245 no_base = of_property_read_u32(rtas.dev, "linux,rtas-base", &base); 1246 no_size = of_property_read_u32(rtas.dev, "rtas-size", &size); 1247 if (no_base || no_size) { 1248 of_node_put(rtas.dev); 1249 rtas.dev = NULL; 1250 return; 1251 } 1252 1253 rtas.base = base; 1254 rtas.size = size; 1255 no_entry = of_property_read_u32(rtas.dev, "linux,rtas-entry", &entry); 1256 rtas.entry = no_entry ? rtas.base : entry; 1257 1258 /* If RTAS was found, allocate the RMO buffer for it and look for 1259 * the stop-self token if any 1260 */ 1261 #ifdef CONFIG_PPC64 1262 if (firmware_has_feature(FW_FEATURE_LPAR)) 1263 rtas_region = min(ppc64_rma_size, RTAS_INSTANTIATE_MAX); 1264 #endif 1265 rtas_rmo_buf = memblock_phys_alloc_range(RTAS_USER_REGION_SIZE, PAGE_SIZE, 1266 0, rtas_region); 1267 if (!rtas_rmo_buf) 1268 panic("ERROR: RTAS: Failed to allocate %lx bytes below %pa\n", 1269 PAGE_SIZE, &rtas_region); 1270 1271 #ifdef CONFIG_RTAS_ERROR_LOGGING 1272 rtas_last_error_token = rtas_token("rtas-last-error"); 1273 #endif 1274 1275 rtas_syscall_filter_init(); 1276 } 1277 1278 int __init early_init_dt_scan_rtas(unsigned long node, 1279 const char *uname, int depth, void *data) 1280 { 1281 const u32 *basep, *entryp, *sizep; 1282 1283 if (depth != 1 || strcmp(uname, "rtas") != 0) 1284 return 0; 1285 1286 basep = of_get_flat_dt_prop(node, "linux,rtas-base", NULL); 1287 entryp = of_get_flat_dt_prop(node, "linux,rtas-entry", NULL); 1288 sizep = of_get_flat_dt_prop(node, "rtas-size", NULL); 1289 1290 #ifdef CONFIG_PPC64 1291 /* need this feature to decide the crashkernel offset */ 1292 if (of_get_flat_dt_prop(node, "ibm,hypertas-functions", NULL)) 1293 powerpc_firmware_features |= FW_FEATURE_LPAR; 1294 #endif 1295 1296 if (basep && entryp && sizep) { 1297 rtas.base = *basep; 1298 rtas.entry = *entryp; 1299 rtas.size = *sizep; 1300 } 1301 1302 #ifdef CONFIG_UDBG_RTAS_CONSOLE 1303 basep = of_get_flat_dt_prop(node, "put-term-char", NULL); 1304 if (basep) 1305 rtas_putchar_token = *basep; 1306 1307 basep = of_get_flat_dt_prop(node, "get-term-char", NULL); 1308 if (basep) 1309 rtas_getchar_token = *basep; 1310 1311 if (rtas_putchar_token != RTAS_UNKNOWN_SERVICE && 1312 rtas_getchar_token != RTAS_UNKNOWN_SERVICE) 1313 udbg_init_rtas_console(); 1314 1315 #endif 1316 1317 /* break now */ 1318 return 1; 1319 } 1320 1321 static arch_spinlock_t timebase_lock; 1322 static u64 timebase = 0; 1323 1324 void rtas_give_timebase(void) 1325 { 1326 unsigned long flags; 1327 1328 local_irq_save(flags); 1329 hard_irq_disable(); 1330 arch_spin_lock(&timebase_lock); 1331 rtas_call(rtas_token("freeze-time-base"), 0, 1, NULL); 1332 timebase = get_tb(); 1333 arch_spin_unlock(&timebase_lock); 1334 1335 while (timebase) 1336 barrier(); 1337 rtas_call(rtas_token("thaw-time-base"), 0, 1, NULL); 1338 local_irq_restore(flags); 1339 } 1340 1341 void rtas_take_timebase(void) 1342 { 1343 while (!timebase) 1344 barrier(); 1345 arch_spin_lock(&timebase_lock); 1346 set_tb(timebase >> 32, timebase & 0xffffffff); 1347 timebase = 0; 1348 arch_spin_unlock(&timebase_lock); 1349 } 1350