2019-05-27 06:55:01 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2005-04-16 22:20:36 +00:00
|
|
|
/*
|
|
|
|
|
*
|
|
|
|
|
* Procedures for interfacing to the RTAS on CHRP machines.
|
|
|
|
|
*
|
|
|
|
|
* Peter Bergner, IBM March 2001.
|
|
|
|
|
* Copyright (C) 2001 IBM.
|
|
|
|
|
*/
|
|
|
|
|
|
2021-08-02 20:40:32 +00:00
|
|
|
#include <linux/stdarg.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <linux/kernel.h>
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
|
#include <linux/spinlock.h>
|
2011-07-22 22:24:23 +00:00
|
|
|
#include <linux/export.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <linux/init.h>
|
2006-01-11 20:17:48 +00:00
|
|
|
#include <linux/capability.h>
|
2005-11-07 05:41:59 +00:00
|
|
|
#include <linux/delay.h>
|
2013-05-07 04:34:11 +00:00
|
|
|
#include <linux/cpu.h>
|
2019-08-02 19:29:25 +00:00
|
|
|
#include <linux/sched.h>
|
2007-11-13 16:15:13 +00:00
|
|
|
#include <linux/smp.h>
|
|
|
|
|
#include <linux/completion.h>
|
|
|
|
|
#include <linux/cpumask.h>
|
2010-07-12 04:36:09 +00:00
|
|
|
#include <linux/memblock.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 08:04:11 +00:00
|
|
|
#include <linux/slab.h>
|
2011-07-26 00:13:10 +00:00
|
|
|
#include <linux/reboot.h>
|
2018-05-02 13:20:48 +00:00
|
|
|
#include <linux/syscalls.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2021-06-17 15:51:03 +00:00
|
|
|
#include <asm/interrupt.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <asm/prom.h>
|
|
|
|
|
#include <asm/rtas.h>
|
2006-01-31 06:17:47 +00:00
|
|
|
#include <asm/hvcall.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <asm/machdep.h>
|
2006-03-28 12:15:54 +00:00
|
|
|
#include <asm/firmware.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <asm/page.h>
|
|
|
|
|
#include <asm/param.h>
|
|
|
|
|
#include <asm/delay.h>
|
2016-12-24 19:46:01 +00:00
|
|
|
#include <linux/uaccess.h>
|
2006-01-11 00:54:09 +00:00
|
|
|
#include <asm/udbg.h>
|
2006-03-22 23:00:08 +00:00
|
|
|
#include <asm/syscalls.h>
|
2007-11-13 16:15:13 +00:00
|
|
|
#include <asm/smp.h>
|
2011-07-26 23:09:06 +00:00
|
|
|
#include <linux/atomic.h>
|
2009-06-16 16:42:50 +00:00
|
|
|
#include <asm/time.h>
|
2009-08-28 12:06:29 +00:00
|
|
|
#include <asm/mmu.h>
|
2010-12-01 12:31:26 +00:00
|
|
|
#include <asm/topology.h>
|
powerpc/rtas: Implement reentrant rtas call
Implement rtas_call_reentrant() for reentrant rtas-calls:
"ibm,int-on", "ibm,int-off",ibm,get-xive" and "ibm,set-xive".
On LoPAPR Version 1.1 (March 24, 2016), from 7.3.10.1 to 7.3.10.4,
items 2 and 3 say:
2 - For the PowerPC External Interrupt option: The * call must be
reentrant to the number of processors on the platform.
3 - For the PowerPC External Interrupt option: The * argument call
buffer for each simultaneous call must be physically unique.
So, these rtas-calls can be called in a lockless way, if using
a different buffer for each cpu doing such rtas call.
For this, it was suggested to add the buffer (struct rtas_args)
in the PACA struct, so each cpu can have it's own buffer.
The PACA struct received a pointer to rtas buffer, which is
allocated in the memory range available to rtas 32-bit.
Reentrant rtas calls are useful to avoid deadlocks in crashing,
where rtas-calls are needed, but some other thread crashed holding
the rtas.lock.
This is a backtrace of a deadlock from a kdump testing environment:
#0 arch_spin_lock
#1 lock_rtas ()
#2 rtas_call (token=8204, nargs=1, nret=1, outputs=0x0)
#3 ics_rtas_mask_real_irq (hw_irq=4100)
#4 machine_kexec_mask_interrupts
#5 default_machine_crash_shutdown
#6 machine_crash_shutdown
#7 __crash_kexec
#8 crash_kexec
#9 oops_end
Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
[mpe: Move under #ifdef PSERIES to avoid build breakage]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200518234245.200672-3-leobras.c@gmail.com
2020-05-18 23:42:45 +00:00
|
|
|
#include <asm/paca.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2015-11-24 11:26:12 +00:00
|
|
|
/* This is here deliberately so it's only used in this file */
|
|
|
|
|
void enter_rtas(unsigned long);
|
|
|
|
|
|
2021-06-17 15:51:03 +00:00
|
|
|
static inline void do_enter_rtas(unsigned long args)
|
|
|
|
|
{
|
|
|
|
|
enter_rtas(args);
|
|
|
|
|
|
|
|
|
|
srr_regs_clobbered(); /* rtas uses SRRs, invalidate */
|
|
|
|
|
}
|
|
|
|
|
|
2005-10-26 07:05:24 +00:00
|
|
|
struct rtas_t rtas = {
|
2009-12-03 11:38:57 +00:00
|
|
|
.lock = __ARCH_SPIN_LOCK_UNLOCKED
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
2006-06-23 08:20:11 +00:00
|
|
|
EXPORT_SYMBOL(rtas);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
DEFINE_SPINLOCK(rtas_data_buf_lock);
|
2006-06-23 08:20:11 +00:00
|
|
|
EXPORT_SYMBOL(rtas_data_buf_lock);
|
|
|
|
|
|
2005-10-26 07:05:24 +00:00
|
|
|
char rtas_data_buf[RTAS_DATA_BUF_SIZE] __cacheline_aligned;
|
2006-06-23 08:20:11 +00:00
|
|
|
EXPORT_SYMBOL(rtas_data_buf);
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
unsigned long rtas_rmo_buf;
|
|
|
|
|
|
2005-11-03 03:41:19 +00:00
|
|
|
/*
|
|
|
|
|
* If non-NULL, this gets called when the kernel terminates.
|
|
|
|
|
* This is done like this so rtas_flash can be a module.
|
|
|
|
|
*/
|
|
|
|
|
void (*rtas_flash_term_hook)(int);
|
|
|
|
|
EXPORT_SYMBOL(rtas_flash_term_hook);
|
|
|
|
|
|
2009-06-16 16:42:49 +00:00
|
|
|
/* RTAS use home made raw locking instead of spin_lock_irqsave
|
|
|
|
|
* because those can be called from within really nasty contexts
|
|
|
|
|
* such as having the timebase stopped which would lockup with
|
|
|
|
|
* normal locks and spinlock debugging enabled
|
|
|
|
|
*/
|
|
|
|
|
static unsigned long lock_rtas(void)
|
|
|
|
|
{
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
|
|
local_irq_save(flags);
|
|
|
|
|
preempt_disable();
|
2017-10-18 11:51:09 +00:00
|
|
|
arch_spin_lock(&rtas.lock);
|
2009-06-16 16:42:49 +00:00
|
|
|
return flags;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void unlock_rtas(unsigned long flags)
|
|
|
|
|
{
|
2009-12-02 19:01:25 +00:00
|
|
|
arch_spin_unlock(&rtas.lock);
|
2009-06-16 16:42:49 +00:00
|
|
|
local_irq_restore(flags);
|
|
|
|
|
preempt_enable();
|
|
|
|
|
}
|
|
|
|
|
|
2005-10-26 07:05:24 +00:00
|
|
|
/*
|
|
|
|
|
* call_rtas_display_status and call_rtas_display_status_delay
|
|
|
|
|
* are designed only for very early low-level debugging, which
|
|
|
|
|
* is why the token is hard-coded to 10.
|
|
|
|
|
*/
|
2013-08-06 16:01:31 +00:00
|
|
|
static void call_rtas_display_status(unsigned char c)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
unsigned long s;
|
|
|
|
|
|
|
|
|
|
if (!rtas.base)
|
|
|
|
|
return;
|
|
|
|
|
|
2015-11-24 11:26:11 +00:00
|
|
|
s = lock_rtas();
|
|
|
|
|
rtas_call_unlocked(&rtas.args, 10, 1, 1, NULL, c);
|
2009-06-16 16:42:49 +00:00
|
|
|
unlock_rtas(s);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
2006-01-11 00:54:09 +00:00
|
|
|
static void call_rtas_display_status_delay(char c)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
static int pending_newline = 0; /* did last write end with unprinted newline? */
|
|
|
|
|
static int width = 16;
|
|
|
|
|
|
|
|
|
|
if (c == '\n') {
|
|
|
|
|
while (width-- > 0)
|
|
|
|
|
call_rtas_display_status(' ');
|
|
|
|
|
width = 16;
|
2005-11-07 05:41:59 +00:00
|
|
|
mdelay(500);
|
2005-04-16 22:20:36 +00:00
|
|
|
pending_newline = 1;
|
|
|
|
|
} else {
|
|
|
|
|
if (pending_newline) {
|
|
|
|
|
call_rtas_display_status('\r');
|
|
|
|
|
call_rtas_display_status('\n');
|
|
|
|
|
}
|
|
|
|
|
pending_newline = 0;
|
|
|
|
|
if (width--) {
|
|
|
|
|
call_rtas_display_status(c);
|
|
|
|
|
udelay(10000);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-06-23 08:20:16 +00:00
|
|
|
void __init udbg_init_rtas_panel(void)
|
2006-01-11 00:54:09 +00:00
|
|
|
{
|
|
|
|
|
udbg_putc = call_rtas_display_status_delay;
|
|
|
|
|
}
|
|
|
|
|
|
2006-06-23 08:20:16 +00:00
|
|
|
#ifdef CONFIG_UDBG_RTAS_CONSOLE
|
|
|
|
|
|
|
|
|
|
/* If you think you're dying before early_init_dt_scan_rtas() does its
|
|
|
|
|
* work, you can hard code the token values for your firmware here and
|
|
|
|
|
* hardcode rtas.base/entry etc.
|
|
|
|
|
*/
|
|
|
|
|
static unsigned int rtas_putchar_token = RTAS_UNKNOWN_SERVICE;
|
|
|
|
|
static unsigned int rtas_getchar_token = RTAS_UNKNOWN_SERVICE;
|
|
|
|
|
|
|
|
|
|
static void udbg_rtascon_putc(char c)
|
|
|
|
|
{
|
|
|
|
|
int tries;
|
|
|
|
|
|
|
|
|
|
if (!rtas.base)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* Add CRs before LFs */
|
|
|
|
|
if (c == '\n')
|
|
|
|
|
udbg_rtascon_putc('\r');
|
|
|
|
|
|
|
|
|
|
/* if there is more than one character to be displayed, wait a bit */
|
|
|
|
|
for (tries = 0; tries < 16; tries++) {
|
|
|
|
|
if (rtas_call(rtas_putchar_token, 1, 1, NULL, c) == 0)
|
|
|
|
|
break;
|
|
|
|
|
udelay(1000);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int udbg_rtascon_getc_poll(void)
|
|
|
|
|
{
|
|
|
|
|
int c;
|
|
|
|
|
|
|
|
|
|
if (!rtas.base)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
if (rtas_call(rtas_getchar_token, 0, 2, &c))
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
return c;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int udbg_rtascon_getc(void)
|
|
|
|
|
{
|
|
|
|
|
int c;
|
|
|
|
|
|
|
|
|
|
while ((c = udbg_rtascon_getc_poll()) == -1)
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
return c;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void __init udbg_init_rtas_console(void)
|
|
|
|
|
{
|
|
|
|
|
udbg_putc = udbg_rtascon_putc;
|
|
|
|
|
udbg_getc = udbg_rtascon_getc;
|
|
|
|
|
udbg_getc_poll = udbg_rtascon_getc_poll;
|
|
|
|
|
}
|
|
|
|
|
#endif /* CONFIG_UDBG_RTAS_CONSOLE */
|
|
|
|
|
|
2005-10-26 07:05:24 +00:00
|
|
|
void rtas_progress(char *s, unsigned short hex)
|
2005-06-22 23:43:28 +00:00
|
|
|
{
|
|
|
|
|
struct device_node *root;
|
2006-07-12 05:35:54 +00:00
|
|
|
int width;
|
2013-08-06 16:01:29 +00:00
|
|
|
const __be32 *p;
|
2005-06-22 23:43:28 +00:00
|
|
|
char *os;
|
|
|
|
|
static int display_character, set_indicator;
|
2006-07-12 05:35:54 +00:00
|
|
|
static int display_width, display_lines, form_feed;
|
2007-02-17 19:11:19 +00:00
|
|
|
static const int *row_width;
|
2005-06-22 23:43:28 +00:00
|
|
|
static DEFINE_SPINLOCK(progress_lock);
|
2005-06-23 06:09:41 +00:00
|
|
|
static int current_line;
|
2005-06-22 23:43:28 +00:00
|
|
|
static int pending_newline = 0; /* did last write end with unprinted newline? */
|
|
|
|
|
|
|
|
|
|
if (!rtas.base)
|
|
|
|
|
return;
|
|
|
|
|
|
2005-06-23 06:09:41 +00:00
|
|
|
if (display_width == 0) {
|
|
|
|
|
display_width = 0x10;
|
2007-04-24 03:50:55 +00:00
|
|
|
if ((root = of_find_node_by_path("/rtas"))) {
|
2007-04-03 12:26:41 +00:00
|
|
|
if ((p = of_get_property(root,
|
2005-06-23 06:09:41 +00:00
|
|
|
"ibm,display-line-length", NULL)))
|
2013-08-06 16:01:29 +00:00
|
|
|
display_width = be32_to_cpu(*p);
|
2007-04-03 12:26:41 +00:00
|
|
|
if ((p = of_get_property(root,
|
2005-06-23 06:09:41 +00:00
|
|
|
"ibm,form-feed", NULL)))
|
2013-08-06 16:01:29 +00:00
|
|
|
form_feed = be32_to_cpu(*p);
|
2007-04-03 12:26:41 +00:00
|
|
|
if ((p = of_get_property(root,
|
2005-06-23 06:09:41 +00:00
|
|
|
"ibm,display-number-of-lines", NULL)))
|
2013-08-06 16:01:29 +00:00
|
|
|
display_lines = be32_to_cpu(*p);
|
2007-04-03 12:26:41 +00:00
|
|
|
row_width = of_get_property(root,
|
2005-06-23 06:09:41 +00:00
|
|
|
"ibm,display-truncation-length", NULL);
|
2007-04-24 03:50:55 +00:00
|
|
|
of_node_put(root);
|
2005-06-23 06:09:41 +00:00
|
|
|
}
|
2005-06-22 23:43:28 +00:00
|
|
|
display_character = rtas_token("display-character");
|
|
|
|
|
set_indicator = rtas_token("set-indicator");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (display_character == RTAS_UNKNOWN_SERVICE) {
|
|
|
|
|
/* use hex display if available */
|
|
|
|
|
if (set_indicator != RTAS_UNKNOWN_SERVICE)
|
|
|
|
|
rtas_call(set_indicator, 3, 1, NULL, 6, 0, hex);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
spin_lock(&progress_lock);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Last write ended with newline, but we didn't print it since
|
|
|
|
|
* it would just clear the bottom line of output. Print it now
|
|
|
|
|
* instead.
|
|
|
|
|
*
|
2005-06-23 06:09:41 +00:00
|
|
|
* If no newline is pending and form feed is supported, clear the
|
|
|
|
|
* display with a form feed; otherwise, print a CR to start output
|
|
|
|
|
* at the beginning of the line.
|
2005-06-22 23:43:28 +00:00
|
|
|
*/
|
|
|
|
|
if (pending_newline) {
|
|
|
|
|
rtas_call(display_character, 1, 1, NULL, '\r');
|
|
|
|
|
rtas_call(display_character, 1, 1, NULL, '\n');
|
|
|
|
|
pending_newline = 0;
|
|
|
|
|
} else {
|
2005-06-23 06:09:41 +00:00
|
|
|
current_line = 0;
|
|
|
|
|
if (form_feed)
|
|
|
|
|
rtas_call(display_character, 1, 1, NULL,
|
|
|
|
|
(char)form_feed);
|
|
|
|
|
else
|
|
|
|
|
rtas_call(display_character, 1, 1, NULL, '\r');
|
2005-06-22 23:43:28 +00:00
|
|
|
}
|
|
|
|
|
|
2005-06-23 06:09:41 +00:00
|
|
|
if (row_width)
|
|
|
|
|
width = row_width[current_line];
|
|
|
|
|
else
|
|
|
|
|
width = display_width;
|
2005-06-22 23:43:28 +00:00
|
|
|
os = s;
|
|
|
|
|
while (*os) {
|
|
|
|
|
if (*os == '\n' || *os == '\r') {
|
|
|
|
|
/* If newline is the last character, save it
|
|
|
|
|
* until next call to avoid bumping up the
|
|
|
|
|
* display output.
|
|
|
|
|
*/
|
|
|
|
|
if (*os == '\n' && !os[1]) {
|
|
|
|
|
pending_newline = 1;
|
2005-06-23 06:09:41 +00:00
|
|
|
current_line++;
|
|
|
|
|
if (current_line > display_lines-1)
|
|
|
|
|
current_line = display_lines-1;
|
2005-06-22 23:43:28 +00:00
|
|
|
spin_unlock(&progress_lock);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* RTAS wants CR-LF, not just LF */
|
|
|
|
|
|
|
|
|
|
if (*os == '\n') {
|
|
|
|
|
rtas_call(display_character, 1, 1, NULL, '\r');
|
|
|
|
|
rtas_call(display_character, 1, 1, NULL, '\n');
|
|
|
|
|
} else {
|
|
|
|
|
/* CR might be used to re-draw a line, so we'll
|
|
|
|
|
* leave it alone and not add LF.
|
|
|
|
|
*/
|
|
|
|
|
rtas_call(display_character, 1, 1, NULL, *os);
|
|
|
|
|
}
|
|
|
|
|
|
2005-06-23 06:09:41 +00:00
|
|
|
if (row_width)
|
|
|
|
|
width = row_width[current_line];
|
|
|
|
|
else
|
|
|
|
|
width = display_width;
|
2005-06-22 23:43:28 +00:00
|
|
|
} else {
|
|
|
|
|
width--;
|
|
|
|
|
rtas_call(display_character, 1, 1, NULL, *os);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
os++;
|
|
|
|
|
|
|
|
|
|
/* if we overwrite the screen length */
|
|
|
|
|
if (width <= 0)
|
|
|
|
|
while ((*os != 0) && (*os != '\n') && (*os != '\r'))
|
|
|
|
|
os++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
spin_unlock(&progress_lock);
|
|
|
|
|
}
|
2005-11-03 03:41:19 +00:00
|
|
|
EXPORT_SYMBOL(rtas_progress); /* needed by rtas_flash module */
|
2005-06-22 23:43:28 +00:00
|
|
|
|
2005-10-26 07:05:24 +00:00
|
|
|
int rtas_token(const char *service)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2013-08-06 16:01:29 +00:00
|
|
|
const __be32 *tokp;
|
2005-10-26 07:05:24 +00:00
|
|
|
if (rtas.dev == NULL)
|
2005-04-16 22:20:36 +00:00
|
|
|
return RTAS_UNKNOWN_SERVICE;
|
2007-04-03 12:26:41 +00:00
|
|
|
tokp = of_get_property(rtas.dev, service, NULL);
|
2013-08-06 16:01:29 +00:00
|
|
|
return tokp ? be32_to_cpu(*tokp) : RTAS_UNKNOWN_SERVICE;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2006-06-23 08:20:11 +00:00
|
|
|
EXPORT_SYMBOL(rtas_token);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2006-12-07 00:50:45 +00:00
|
|
|
int rtas_service_present(const char *service)
|
|
|
|
|
{
|
|
|
|
|
return rtas_token(service) != RTAS_UNKNOWN_SERVICE;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(rtas_service_present);
|
|
|
|
|
|
2005-10-26 07:05:24 +00:00
|
|
|
#ifdef CONFIG_RTAS_ERROR_LOGGING
|
2005-04-16 22:20:36 +00:00
|
|
|
/*
|
|
|
|
|
* Return the firmware-specified size of the error log buffer
|
|
|
|
|
* for all rtas calls that require an error buffer argument.
|
|
|
|
|
* This includes 'check-exception' and 'rtas-last-error'.
|
|
|
|
|
*/
|
|
|
|
|
int rtas_get_error_log_max(void)
|
|
|
|
|
{
|
|
|
|
|
static int rtas_error_log_max;
|
|
|
|
|
if (rtas_error_log_max)
|
|
|
|
|
return rtas_error_log_max;
|
|
|
|
|
|
|
|
|
|
rtas_error_log_max = rtas_token ("rtas-error-log-max");
|
|
|
|
|
if ((rtas_error_log_max == RTAS_UNKNOWN_SERVICE) ||
|
|
|
|
|
(rtas_error_log_max > RTAS_ERROR_LOG_MAX)) {
|
2005-10-26 07:05:24 +00:00
|
|
|
printk (KERN_WARNING "RTAS: bad log buffer size %d\n",
|
|
|
|
|
rtas_error_log_max);
|
2005-04-16 22:20:36 +00:00
|
|
|
rtas_error_log_max = RTAS_ERROR_LOG_MAX;
|
|
|
|
|
}
|
|
|
|
|
return rtas_error_log_max;
|
|
|
|
|
}
|
2005-10-26 07:05:24 +00:00
|
|
|
EXPORT_SYMBOL(rtas_get_error_log_max);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
|
2008-05-08 04:27:19 +00:00
|
|
|
static char rtas_err_buf[RTAS_ERROR_LOG_MAX];
|
|
|
|
|
static int rtas_last_error_token;
|
2005-10-26 07:05:24 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/** Return a copy of the detailed error text associated with the
|
|
|
|
|
* most recent failed call to rtas. Because the error text
|
|
|
|
|
* might go stale if there are any other intervening rtas calls,
|
|
|
|
|
* this routine must be called atomically with whatever produced
|
|
|
|
|
* the error (i.e. with rtas.lock still held from the previous call).
|
|
|
|
|
*/
|
2005-10-26 07:05:24 +00:00
|
|
|
static char *__fetch_rtas_last_error(char *altbuf)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
struct rtas_args err_args, save_args;
|
|
|
|
|
u32 bufsz;
|
2005-10-26 07:05:24 +00:00
|
|
|
char *buf = NULL;
|
|
|
|
|
|
|
|
|
|
if (rtas_last_error_token == -1)
|
|
|
|
|
return NULL;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
bufsz = rtas_get_error_log_max();
|
|
|
|
|
|
2013-08-06 16:01:31 +00:00
|
|
|
err_args.token = cpu_to_be32(rtas_last_error_token);
|
|
|
|
|
err_args.nargs = cpu_to_be32(2);
|
|
|
|
|
err_args.nret = cpu_to_be32(1);
|
|
|
|
|
err_args.args[0] = cpu_to_be32(__pa(rtas_err_buf));
|
|
|
|
|
err_args.args[1] = cpu_to_be32(bufsz);
|
2005-04-16 22:20:36 +00:00
|
|
|
err_args.args[2] = 0;
|
|
|
|
|
|
|
|
|
|
save_args = rtas.args;
|
|
|
|
|
rtas.args = err_args;
|
|
|
|
|
|
2021-06-17 15:51:03 +00:00
|
|
|
do_enter_rtas(__pa(&rtas.args));
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
err_args = rtas.args;
|
|
|
|
|
rtas.args = save_args;
|
|
|
|
|
|
2005-10-26 07:05:24 +00:00
|
|
|
/* Log the error in the unlikely case that there was one. */
|
|
|
|
|
if (unlikely(err_args.args[2] == 0)) {
|
|
|
|
|
if (altbuf) {
|
|
|
|
|
buf = altbuf;
|
|
|
|
|
} else {
|
|
|
|
|
buf = rtas_err_buf;
|
2015-03-30 03:10:37 +00:00
|
|
|
if (slab_is_available())
|
2005-10-26 07:05:24 +00:00
|
|
|
buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC);
|
|
|
|
|
}
|
|
|
|
|
if (buf)
|
|
|
|
|
memcpy(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return buf;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
2005-10-26 07:05:24 +00:00
|
|
|
#define get_errorlog_buffer() kmalloc(RTAS_ERROR_LOG_MAX, GFP_KERNEL)
|
|
|
|
|
|
|
|
|
|
#else /* CONFIG_RTAS_ERROR_LOGGING */
|
|
|
|
|
#define __fetch_rtas_last_error(x) NULL
|
|
|
|
|
#define get_errorlog_buffer() NULL
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-12-16 10:01:42 +00:00
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
va_rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret,
|
|
|
|
|
va_list list)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
args->token = cpu_to_be32(token);
|
|
|
|
|
args->nargs = cpu_to_be32(nargs);
|
|
|
|
|
args->nret = cpu_to_be32(nret);
|
|
|
|
|
args->rets = &(args->args[nargs]);
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < nargs; ++i)
|
|
|
|
|
args->args[i] = cpu_to_be32(va_arg(list, __u32));
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < nret; ++i)
|
|
|
|
|
args->rets[i] = 0;
|
|
|
|
|
|
2021-06-17 15:51:03 +00:00
|
|
|
do_enter_rtas(__pa(args));
|
2015-12-16 10:01:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret, ...)
|
|
|
|
|
{
|
|
|
|
|
va_list list;
|
|
|
|
|
|
|
|
|
|
va_start(list, nret);
|
|
|
|
|
va_rtas_call_unlocked(args, token, nargs, nret, list);
|
|
|
|
|
va_end(list);
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
int rtas_call(int token, int nargs, int nret, int *outputs, ...)
|
|
|
|
|
{
|
|
|
|
|
va_list list;
|
2005-10-26 07:05:24 +00:00
|
|
|
int i;
|
2005-04-16 22:20:36 +00:00
|
|
|
unsigned long s;
|
|
|
|
|
struct rtas_args *rtas_args;
|
2005-10-26 07:05:24 +00:00
|
|
|
char *buff_copy = NULL;
|
2005-04-16 22:20:36 +00:00
|
|
|
int ret;
|
|
|
|
|
|
2006-06-23 08:20:10 +00:00
|
|
|
if (!rtas.entry || token == RTAS_UNKNOWN_SERVICE)
|
2005-04-16 22:20:36 +00:00
|
|
|
return -1;
|
|
|
|
|
|
2009-06-16 16:42:49 +00:00
|
|
|
s = lock_rtas();
|
2015-12-16 10:01:42 +00:00
|
|
|
|
|
|
|
|
/* We use the global rtas args buffer */
|
2005-04-16 22:20:36 +00:00
|
|
|
rtas_args = &rtas.args;
|
|
|
|
|
|
|
|
|
|
va_start(list, outputs);
|
2015-12-16 10:01:42 +00:00
|
|
|
va_rtas_call_unlocked(rtas_args, token, nargs, nret, list);
|
2005-04-16 22:20:36 +00:00
|
|
|
va_end(list);
|
|
|
|
|
|
|
|
|
|
/* A -1 return code indicates that the last command couldn't
|
|
|
|
|
be completed due to a hardware error. */
|
2013-08-06 16:01:31 +00:00
|
|
|
if (be32_to_cpu(rtas_args->rets[0]) == -1)
|
2005-10-26 07:05:24 +00:00
|
|
|
buff_copy = __fetch_rtas_last_error(NULL);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
if (nret > 1 && outputs != NULL)
|
|
|
|
|
for (i = 0; i < nret-1; ++i)
|
2013-08-06 16:01:31 +00:00
|
|
|
outputs[i] = be32_to_cpu(rtas_args->rets[i+1]);
|
|
|
|
|
ret = (nret > 0)? be32_to_cpu(rtas_args->rets[0]): 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2009-06-16 16:42:49 +00:00
|
|
|
unlock_rtas(s);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
if (buff_copy) {
|
|
|
|
|
log_error(buff_copy, ERR_TYPE_RTAS_LOG, 0);
|
2015-03-30 03:10:37 +00:00
|
|
|
if (slab_is_available())
|
2005-04-16 22:20:36 +00:00
|
|
|
kfree(buff_copy);
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
2006-06-23 08:20:11 +00:00
|
|
|
EXPORT_SYMBOL(rtas_call);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2006-06-05 21:31:48 +00:00
|
|
|
/* For RTAS_BUSY (-2), delay for 1 millisecond. For an extended busy status
|
|
|
|
|
* code of 990n, perform the hinted delay of 10^n (last digit) milliseconds.
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
2006-06-05 21:31:48 +00:00
|
|
|
unsigned int rtas_busy_delay_time(int status)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2006-06-05 21:31:48 +00:00
|
|
|
int order;
|
|
|
|
|
unsigned int ms = 0;
|
|
|
|
|
|
|
|
|
|
if (status == RTAS_BUSY) {
|
|
|
|
|
ms = 1;
|
2015-07-22 16:56:47 +00:00
|
|
|
} else if (status >= RTAS_EXTENDED_DELAY_MIN &&
|
|
|
|
|
status <= RTAS_EXTENDED_DELAY_MAX) {
|
|
|
|
|
order = status - RTAS_EXTENDED_DELAY_MIN;
|
2006-06-05 21:31:48 +00:00
|
|
|
for (ms = 1; order > 0; order--)
|
|
|
|
|
ms *= 10;
|
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2006-06-05 21:31:48 +00:00
|
|
|
return ms;
|
|
|
|
|
}
|
2006-06-23 08:20:11 +00:00
|
|
|
EXPORT_SYMBOL(rtas_busy_delay_time);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2006-06-05 21:31:48 +00:00
|
|
|
/* For an RTAS busy status code, perform the hinted delay. */
|
|
|
|
|
unsigned int rtas_busy_delay(int status)
|
|
|
|
|
{
|
|
|
|
|
unsigned int ms;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2006-06-05 21:31:48 +00:00
|
|
|
might_sleep();
|
|
|
|
|
ms = rtas_busy_delay_time(status);
|
2011-04-07 01:54:07 +00:00
|
|
|
if (ms && need_resched())
|
2006-06-05 21:31:48 +00:00
|
|
|
msleep(ms);
|
|
|
|
|
|
|
|
|
|
return ms;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2006-06-23 08:20:11 +00:00
|
|
|
EXPORT_SYMBOL(rtas_busy_delay);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2008-05-08 04:27:19 +00:00
|
|
|
static int rtas_error_rc(int rtas_rc)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
switch (rtas_rc) {
|
|
|
|
|
case -1: /* Hardware Error */
|
|
|
|
|
rc = -EIO;
|
|
|
|
|
break;
|
|
|
|
|
case -3: /* Bad indicator/domain/etc */
|
|
|
|
|
rc = -EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
case -9000: /* Isolation error */
|
|
|
|
|
rc = -EFAULT;
|
|
|
|
|
break;
|
|
|
|
|
case -9001: /* Outstanding TCE/PTE */
|
|
|
|
|
rc = -EEXIST;
|
|
|
|
|
break;
|
|
|
|
|
case -9002: /* No usable slot */
|
|
|
|
|
rc = -ENODEV;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
printk(KERN_ERR "%s: unexpected RTAS error %d\n",
|
2008-03-28 21:21:07 +00:00
|
|
|
__func__, rtas_rc);
|
2005-04-16 22:20:36 +00:00
|
|
|
rc = -ERANGE;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int rtas_get_power_level(int powerdomain, int *level)
|
|
|
|
|
{
|
|
|
|
|
int token = rtas_token("get-power-level");
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
if (token == RTAS_UNKNOWN_SERVICE)
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
|
|
|
|
while ((rc = rtas_call(token, 1, 2, level, powerdomain)) == RTAS_BUSY)
|
|
|
|
|
udelay(1);
|
|
|
|
|
|
|
|
|
|
if (rc < 0)
|
|
|
|
|
return rtas_error_rc(rc);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2006-06-23 08:20:11 +00:00
|
|
|
EXPORT_SYMBOL(rtas_get_power_level);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
int rtas_set_power_level(int powerdomain, int level, int *setlevel)
|
|
|
|
|
{
|
|
|
|
|
int token = rtas_token("set-power-level");
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
if (token == RTAS_UNKNOWN_SERVICE)
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
2006-06-05 21:31:48 +00:00
|
|
|
do {
|
2005-04-16 22:20:36 +00:00
|
|
|
rc = rtas_call(token, 2, 2, setlevel, powerdomain, level);
|
2006-06-05 21:31:48 +00:00
|
|
|
} while (rtas_busy_delay(rc));
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
if (rc < 0)
|
|
|
|
|
return rtas_error_rc(rc);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2006-06-23 08:20:11 +00:00
|
|
|
EXPORT_SYMBOL(rtas_set_power_level);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
int rtas_get_sensor(int sensor, int index, int *state)
|
|
|
|
|
{
|
|
|
|
|
int token = rtas_token("get-sensor-state");
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
if (token == RTAS_UNKNOWN_SERVICE)
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
2006-06-05 21:31:48 +00:00
|
|
|
do {
|
2005-04-16 22:20:36 +00:00
|
|
|
rc = rtas_call(token, 2, 2, state, sensor, index);
|
2006-06-05 21:31:48 +00:00
|
|
|
} while (rtas_busy_delay(rc));
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
if (rc < 0)
|
|
|
|
|
return rtas_error_rc(rc);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2006-06-23 08:20:11 +00:00
|
|
|
EXPORT_SYMBOL(rtas_get_sensor);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2015-07-17 10:46:58 +00:00
|
|
|
int rtas_get_sensor_fast(int sensor, int index, int *state)
|
|
|
|
|
{
|
|
|
|
|
int token = rtas_token("get-sensor-state");
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
if (token == RTAS_UNKNOWN_SERVICE)
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
|
|
|
|
rc = rtas_call(token, 2, 2, state, sensor, index);
|
|
|
|
|
WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN &&
|
|
|
|
|
rc <= RTAS_EXTENDED_DELAY_MAX));
|
|
|
|
|
|
|
|
|
|
if (rc < 0)
|
|
|
|
|
return rtas_error_rc(rc);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-11 09:14:25 +00:00
|
|
|
bool rtas_indicator_present(int token, int *maxindex)
|
|
|
|
|
{
|
|
|
|
|
int proplen, count, i;
|
|
|
|
|
const struct indicator_elem {
|
2013-08-06 16:01:29 +00:00
|
|
|
__be32 token;
|
|
|
|
|
__be32 maxindex;
|
2008-12-11 09:14:25 +00:00
|
|
|
} *indicators;
|
|
|
|
|
|
|
|
|
|
indicators = of_get_property(rtas.dev, "rtas-indicators", &proplen);
|
|
|
|
|
if (!indicators)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
count = proplen / sizeof(struct indicator_elem);
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < count; i++) {
|
2013-08-06 16:01:29 +00:00
|
|
|
if (__be32_to_cpu(indicators[i].token) != token)
|
2008-12-11 09:14:25 +00:00
|
|
|
continue;
|
|
|
|
|
if (maxindex)
|
2013-08-06 16:01:29 +00:00
|
|
|
*maxindex = __be32_to_cpu(indicators[i].maxindex);
|
2008-12-11 09:14:25 +00:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(rtas_indicator_present);
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
int rtas_set_indicator(int indicator, int index, int new_value)
|
|
|
|
|
{
|
|
|
|
|
int token = rtas_token("set-indicator");
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
if (token == RTAS_UNKNOWN_SERVICE)
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
2006-06-05 21:31:48 +00:00
|
|
|
do {
|
2005-04-16 22:20:36 +00:00
|
|
|
rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value);
|
2006-06-05 21:31:48 +00:00
|
|
|
} while (rtas_busy_delay(rc));
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
if (rc < 0)
|
|
|
|
|
return rtas_error_rc(rc);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2006-06-23 08:20:11 +00:00
|
|
|
EXPORT_SYMBOL(rtas_set_indicator);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2006-07-27 21:29:00 +00:00
|
|
|
/*
|
|
|
|
|
* Ignoring RTAS extended delay
|
|
|
|
|
*/
|
|
|
|
|
int rtas_set_indicator_fast(int indicator, int index, int new_value)
|
|
|
|
|
{
|
|
|
|
|
int rc;
|
|
|
|
|
int token = rtas_token("set-indicator");
|
|
|
|
|
|
|
|
|
|
if (token == RTAS_UNKNOWN_SERVICE)
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
|
|
|
|
rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value);
|
|
|
|
|
|
2015-07-22 16:56:47 +00:00
|
|
|
WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN &&
|
|
|
|
|
rc <= RTAS_EXTENDED_DELAY_MAX));
|
2006-07-27 21:29:00 +00:00
|
|
|
|
|
|
|
|
if (rc < 0)
|
|
|
|
|
return rtas_error_rc(rc);
|
|
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-07 21:51:36 +00:00
|
|
|
/**
|
|
|
|
|
* rtas_ibm_suspend_me() - Call ibm,suspend-me to suspend the LPAR.
|
|
|
|
|
*
|
|
|
|
|
* @fw_status: RTAS call status will be placed here if not NULL.
|
|
|
|
|
*
|
|
|
|
|
* rtas_ibm_suspend_me() should be called only on a CPU which has
|
|
|
|
|
* received H_CONTINUE from the H_JOIN hcall. All other active CPUs
|
|
|
|
|
* should be waiting to return from H_JOIN.
|
|
|
|
|
*
|
|
|
|
|
* rtas_ibm_suspend_me() may suspend execution of the OS
|
|
|
|
|
* indefinitely. Callers should take appropriate measures upon return, such as
|
|
|
|
|
* resetting watchdog facilities.
|
|
|
|
|
*
|
|
|
|
|
* Callers may choose to retry this call if @fw_status is
|
|
|
|
|
* %RTAS_THREADS_ACTIVE.
|
|
|
|
|
*
|
|
|
|
|
* Return:
|
|
|
|
|
* 0 - The partition has resumed from suspend, possibly after
|
|
|
|
|
* migration to a different host.
|
|
|
|
|
* -ECANCELED - The operation was aborted.
|
|
|
|
|
* -EAGAIN - There were other CPUs not in H_JOIN at the time of the call.
|
|
|
|
|
* -EBUSY - Some other condition prevented the suspend from succeeding.
|
|
|
|
|
* -EIO - Hardware/platform error.
|
|
|
|
|
*/
|
|
|
|
|
int rtas_ibm_suspend_me(int *fw_status)
|
|
|
|
|
{
|
|
|
|
|
int fwrc;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
fwrc = rtas_call(rtas_token("ibm,suspend-me"), 0, 1, NULL);
|
|
|
|
|
|
|
|
|
|
switch (fwrc) {
|
|
|
|
|
case 0:
|
|
|
|
|
ret = 0;
|
|
|
|
|
break;
|
|
|
|
|
case RTAS_SUSPEND_ABORTED:
|
|
|
|
|
ret = -ECANCELED;
|
|
|
|
|
break;
|
|
|
|
|
case RTAS_THREADS_ACTIVE:
|
|
|
|
|
ret = -EAGAIN;
|
|
|
|
|
break;
|
|
|
|
|
case RTAS_NOT_SUSPENDABLE:
|
|
|
|
|
case RTAS_OUTSTANDING_COPROC:
|
|
|
|
|
ret = -EBUSY;
|
|
|
|
|
break;
|
|
|
|
|
case -1:
|
|
|
|
|
default:
|
|
|
|
|
ret = -EIO;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (fw_status)
|
|
|
|
|
*fw_status = fwrc;
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-12 00:54:52 +00:00
|
|
|
void __noreturn rtas_restart(char *cmd)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2005-11-03 03:41:19 +00:00
|
|
|
if (rtas_flash_term_hook)
|
|
|
|
|
rtas_flash_term_hook(SYS_RESTART);
|
2005-04-16 22:20:36 +00:00
|
|
|
printk("RTAS system-reboot returned %d\n",
|
|
|
|
|
rtas_call(rtas_token("system-reboot"), 0, 1, NULL));
|
|
|
|
|
for (;;);
|
|
|
|
|
}
|
|
|
|
|
|
2005-10-26 07:05:24 +00:00
|
|
|
void rtas_power_off(void)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2005-11-03 03:41:19 +00:00
|
|
|
if (rtas_flash_term_hook)
|
|
|
|
|
rtas_flash_term_hook(SYS_POWER_OFF);
|
2005-04-16 22:20:36 +00:00
|
|
|
/* allow power on only with power button press */
|
|
|
|
|
printk("RTAS power-off returned %d\n",
|
|
|
|
|
rtas_call(rtas_token("power-off"), 2, 1, NULL, -1, -1));
|
|
|
|
|
for (;;);
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-12 00:54:52 +00:00
|
|
|
void __noreturn rtas_halt(void)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2005-11-03 03:41:19 +00:00
|
|
|
if (rtas_flash_term_hook)
|
|
|
|
|
rtas_flash_term_hook(SYS_HALT);
|
|
|
|
|
/* allow power on only with power button press */
|
|
|
|
|
printk("RTAS power-off returned %d\n",
|
|
|
|
|
rtas_call(rtas_token("power-off"), 2, 1, NULL, -1, -1));
|
|
|
|
|
for (;;);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Must be in the RMO region, so we place it here */
|
|
|
|
|
static char rtas_os_term_buf[2048];
|
|
|
|
|
|
2007-12-02 22:30:04 +00:00
|
|
|
void rtas_os_term(char *str)
|
2007-11-20 01:28:15 +00:00
|
|
|
{
|
|
|
|
|
int status;
|
2006-08-21 16:11:32 +00:00
|
|
|
|
powerpc/pseries: Call ibm,os-term if the ibm,extended-os-term is present
We have had issues in the past with ibm,os-term initiating shutdown of a
partition. This is confusing to the user, especially if panic_timeout is
non zero.
The temporary fix was to avoid calling ibm,os-term if a panic_timeout was set
and since we set it on every boot we basically never call ibm,os-term.
An extended version of ibm,os-term has since been implemented which gives us
the behaviour we want:
"When the platform supports extended ibm,os-term behavior, the return to the
RTAS will always occur unless there is a kernel assisted dump active as
initiated by an ibm,configure-kernel-dump call."
This patch checks for the ibm,extended-os-term property and calls ibm,os-term
if it exists.
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2010-02-18 12:11:51 +00:00
|
|
|
/*
|
|
|
|
|
* Firmware with the ibm,extended-os-term property is guaranteed
|
|
|
|
|
* to always return from an ibm,os-term call. Earlier versions without
|
|
|
|
|
* this property may terminate the partition which we want to avoid
|
|
|
|
|
* since it interferes with panic_timeout.
|
|
|
|
|
*/
|
|
|
|
|
if (RTAS_UNKNOWN_SERVICE == rtas_token("ibm,os-term") ||
|
|
|
|
|
RTAS_UNKNOWN_SERVICE == rtas_token("ibm,extended-os-term"))
|
2005-04-16 22:20:36 +00:00
|
|
|
return;
|
|
|
|
|
|
2007-12-02 22:30:04 +00:00
|
|
|
snprintf(rtas_os_term_buf, 2048, "OS panic: %s", str);
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
do {
|
|
|
|
|
status = rtas_call(rtas_token("ibm,os-term"), 1, 1, NULL,
|
|
|
|
|
__pa(rtas_os_term_buf));
|
2006-06-05 21:31:48 +00:00
|
|
|
} while (rtas_busy_delay(status));
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2006-06-05 21:31:48 +00:00
|
|
|
if (status != 0)
|
powerpc/pseries: Call ibm,os-term if the ibm,extended-os-term is present
We have had issues in the past with ibm,os-term initiating shutdown of a
partition. This is confusing to the user, especially if panic_timeout is
non zero.
The temporary fix was to avoid calling ibm,os-term if a panic_timeout was set
and since we set it on every boot we basically never call ibm,os-term.
An extended version of ibm,os-term has since been implemented which gives us
the behaviour we want:
"When the platform supports extended ibm,os-term behavior, the return to the
RTAS will always occur unless there is a kernel assisted dump active as
initiated by an ibm,configure-kernel-dump call."
This patch checks for the ibm,extended-os-term property and calls ibm,os-term
if it exists.
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2010-02-18 12:11:51 +00:00
|
|
|
printk(KERN_EMERG "ibm,os-term call failed %d\n", status);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
2020-12-07 21:51:37 +00:00
|
|
|
/**
|
|
|
|
|
* rtas_activate_firmware() - Activate a new version of firmware.
|
|
|
|
|
*
|
|
|
|
|
* Activate a new version of partition firmware. The OS must call this
|
|
|
|
|
* after resuming from a partition hibernation or migration in order
|
|
|
|
|
* to maintain the ability to perform live firmware updates. It's not
|
|
|
|
|
* catastrophic for this method to be absent or to fail; just log the
|
|
|
|
|
* condition in that case.
|
|
|
|
|
*
|
|
|
|
|
* Context: This function may sleep.
|
|
|
|
|
*/
|
|
|
|
|
void rtas_activate_firmware(void)
|
|
|
|
|
{
|
|
|
|
|
int token;
|
|
|
|
|
int fwrc;
|
|
|
|
|
|
|
|
|
|
token = rtas_token("ibm,activate-firmware");
|
|
|
|
|
if (token == RTAS_UNKNOWN_SERVICE) {
|
|
|
|
|
pr_notice("ibm,activate-firmware method unavailable\n");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
fwrc = rtas_call(token, 0, 1, NULL);
|
|
|
|
|
} while (rtas_busy_delay(fwrc));
|
|
|
|
|
|
|
|
|
|
if (fwrc)
|
|
|
|
|
pr_err("ibm,activate-firmware failed (%i)\n", fwrc);
|
|
|
|
|
}
|
|
|
|
|
|
2006-01-14 00:39:24 +00:00
|
|
|
#ifdef CONFIG_PPC_PSERIES
|
powerpc/rtas: Implement reentrant rtas call
Implement rtas_call_reentrant() for reentrant rtas-calls:
"ibm,int-on", "ibm,int-off",ibm,get-xive" and "ibm,set-xive".
On LoPAPR Version 1.1 (March 24, 2016), from 7.3.10.1 to 7.3.10.4,
items 2 and 3 say:
2 - For the PowerPC External Interrupt option: The * call must be
reentrant to the number of processors on the platform.
3 - For the PowerPC External Interrupt option: The * argument call
buffer for each simultaneous call must be physically unique.
So, these rtas-calls can be called in a lockless way, if using
a different buffer for each cpu doing such rtas call.
For this, it was suggested to add the buffer (struct rtas_args)
in the PACA struct, so each cpu can have it's own buffer.
The PACA struct received a pointer to rtas buffer, which is
allocated in the memory range available to rtas 32-bit.
Reentrant rtas calls are useful to avoid deadlocks in crashing,
where rtas-calls are needed, but some other thread crashed holding
the rtas.lock.
This is a backtrace of a deadlock from a kdump testing environment:
#0 arch_spin_lock
#1 lock_rtas ()
#2 rtas_call (token=8204, nargs=1, nret=1, outputs=0x0)
#3 ics_rtas_mask_real_irq (hw_irq=4100)
#4 machine_kexec_mask_interrupts
#5 default_machine_crash_shutdown
#6 machine_crash_shutdown
#7 __crash_kexec
#8 crash_kexec
#9 oops_end
Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
[mpe: Move under #ifdef PSERIES to avoid build breakage]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200518234245.200672-3-leobras.c@gmail.com
2020-05-18 23:42:45 +00:00
|
|
|
/**
|
|
|
|
|
* rtas_call_reentrant() - Used for reentrant rtas calls
|
|
|
|
|
* @token: Token for desired reentrant RTAS call
|
|
|
|
|
* @nargs: Number of Input Parameters
|
|
|
|
|
* @nret: Number of Output Parameters
|
|
|
|
|
* @outputs: Array of outputs
|
|
|
|
|
* @...: Inputs for desired RTAS call
|
|
|
|
|
*
|
|
|
|
|
* According to LoPAR documentation, only "ibm,int-on", "ibm,int-off",
|
|
|
|
|
* "ibm,get-xive" and "ibm,set-xive" are currently reentrant.
|
|
|
|
|
* Reentrant calls need their own rtas_args buffer, so not using rtas.args, but
|
|
|
|
|
* PACA one instead.
|
|
|
|
|
*
|
|
|
|
|
* Return: -1 on error,
|
|
|
|
|
* First output value of RTAS call if (nret > 0),
|
|
|
|
|
* 0 otherwise,
|
|
|
|
|
*/
|
|
|
|
|
int rtas_call_reentrant(int token, int nargs, int nret, int *outputs, ...)
|
|
|
|
|
{
|
|
|
|
|
va_list list;
|
|
|
|
|
struct rtas_args *args;
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
int i, ret = 0;
|
|
|
|
|
|
|
|
|
|
if (!rtas.entry || token == RTAS_UNKNOWN_SERVICE)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
local_irq_save(flags);
|
|
|
|
|
preempt_disable();
|
|
|
|
|
|
|
|
|
|
/* We use the per-cpu (PACA) rtas args buffer */
|
|
|
|
|
args = local_paca->rtas_args_reentrant;
|
|
|
|
|
|
|
|
|
|
va_start(list, outputs);
|
|
|
|
|
va_rtas_call_unlocked(args, token, nargs, nret, list);
|
|
|
|
|
va_end(list);
|
|
|
|
|
|
|
|
|
|
if (nret > 1 && outputs)
|
|
|
|
|
for (i = 0; i < nret - 1; ++i)
|
|
|
|
|
outputs[i] = be32_to_cpu(args->rets[i + 1]);
|
|
|
|
|
|
|
|
|
|
if (nret > 0)
|
|
|
|
|
ret = be32_to_cpu(args->rets[0]);
|
|
|
|
|
|
|
|
|
|
local_irq_restore(flags);
|
|
|
|
|
preempt_enable();
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-07 21:51:48 +00:00
|
|
|
#endif /* CONFIG_PPC_PSERIES */
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2012-03-21 15:47:07 +00:00
|
|
|
/**
|
|
|
|
|
* Find a specific pseries error log in an RTAS extended event log.
|
|
|
|
|
* @log: RTAS error/event log
|
|
|
|
|
* @section_id: two character section identifier
|
|
|
|
|
*
|
|
|
|
|
* Returns a pointer to the specified errorlog or NULL if not found.
|
|
|
|
|
*/
|
|
|
|
|
struct pseries_errorlog *get_pseries_errorlog(struct rtas_error_log *log,
|
|
|
|
|
uint16_t section_id)
|
|
|
|
|
{
|
|
|
|
|
struct rtas_ext_event_log_v6 *ext_log =
|
|
|
|
|
(struct rtas_ext_event_log_v6 *)log->buffer;
|
|
|
|
|
struct pseries_errorlog *sect;
|
|
|
|
|
unsigned char *p, *log_end;
|
2014-04-04 07:35:13 +00:00
|
|
|
uint32_t ext_log_length = rtas_error_extended_log_length(log);
|
|
|
|
|
uint8_t log_format = rtas_ext_event_log_format(ext_log);
|
|
|
|
|
uint32_t company_id = rtas_ext_event_company_id(ext_log);
|
2012-03-21 15:47:07 +00:00
|
|
|
|
|
|
|
|
/* Check that we understand the format */
|
2014-04-04 07:35:13 +00:00
|
|
|
if (ext_log_length < sizeof(struct rtas_ext_event_log_v6) ||
|
|
|
|
|
log_format != RTAS_V6EXT_LOG_FORMAT_EVENT_LOG ||
|
|
|
|
|
company_id != RTAS_V6EXT_COMPANY_ID_IBM)
|
2012-03-21 15:47:07 +00:00
|
|
|
return NULL;
|
|
|
|
|
|
2014-04-04 07:35:13 +00:00
|
|
|
log_end = log->buffer + ext_log_length;
|
2012-03-21 15:47:07 +00:00
|
|
|
p = ext_log->vendor_log;
|
|
|
|
|
|
|
|
|
|
while (p < log_end) {
|
|
|
|
|
sect = (struct pseries_errorlog *)p;
|
2014-04-04 07:35:13 +00:00
|
|
|
if (pseries_errorlog_id(sect) == section_id)
|
2012-03-21 15:47:07 +00:00
|
|
|
return sect;
|
2014-04-04 07:35:13 +00:00
|
|
|
p += pseries_errorlog_length(sect);
|
2012-03-21 15:47:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
powerpc/rtas: Restrict RTAS requests from userspace
A number of userspace utilities depend on making calls to RTAS to retrieve
information and update various things.
The existing API through which we expose RTAS to userspace exposes more
RTAS functionality than we actually need, through the sys_rtas syscall,
which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they
want with arbitrary arguments.
Many RTAS calls take the address of a buffer as an argument, and it's up to
the caller to specify the physical address of the buffer as an argument. We
allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can
access, and then expose the physical address and size of this buffer in
/proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address,
poke at the buffer using /dev/mem, and pass an address in the RMO buffer to
the RTAS call.
However, there's nothing stopping the caller from specifying whatever
address they want in the RTAS call, and it's easy to construct a series of
RTAS calls that can overwrite arbitrary bytes (even without /dev/mem
access).
Additionally, there are some RTAS calls that do potentially dangerous
things and for which there are no legitimate userspace use cases.
In the past, this would not have been a particularly big deal as it was
assumed that root could modify all system state freely, but with Secure
Boot and lockdown we need to care about this.
We can't fundamentally change the ABI at this point, however we can address
this by implementing a filter that checks RTAS calls against a list
of permitted calls and forces the caller to use addresses within the RMO
buffer.
The list is based off the list of calls that are used by the librtas
userspace library, and has been tested with a number of existing userspace
RTAS utilities. For compatibility with any applications we are not aware of
that require other calls, the filter can be turned off at build time.
Cc: stable@vger.kernel.org
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200820044512.7543-1-ajd@linux.ibm.com
2020-08-20 04:45:12 +00:00
|
|
|
#ifdef CONFIG_PPC_RTAS_FILTER
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The sys_rtas syscall, as originally designed, allows root to pass
|
|
|
|
|
* arbitrary physical addresses to RTAS calls. A number of RTAS calls
|
|
|
|
|
* can be abused to write to arbitrary memory and do other things that
|
|
|
|
|
* are potentially harmful to system integrity, and thus should only
|
|
|
|
|
* be used inside the kernel and not exposed to userspace.
|
|
|
|
|
*
|
|
|
|
|
* All known legitimate users of the sys_rtas syscall will only ever
|
|
|
|
|
* pass addresses that fall within the RMO buffer, and use a known
|
|
|
|
|
* subset of RTAS calls.
|
|
|
|
|
*
|
|
|
|
|
* Accordingly, we filter RTAS requests to check that the call is
|
|
|
|
|
* permitted, and that provided pointers fall within the RMO buffer.
|
|
|
|
|
* The rtas_filters list contains an entry for each permitted call,
|
|
|
|
|
* with the indexes of the parameters which are expected to contain
|
|
|
|
|
* addresses and sizes of buffers allocated inside the RMO buffer.
|
|
|
|
|
*/
|
|
|
|
|
struct rtas_filter {
|
|
|
|
|
const char *name;
|
|
|
|
|
int token;
|
|
|
|
|
/* Indexes into the args buffer, -1 if not used */
|
|
|
|
|
int buf_idx1;
|
|
|
|
|
int size_idx1;
|
|
|
|
|
int buf_idx2;
|
|
|
|
|
int size_idx2;
|
|
|
|
|
|
|
|
|
|
int fixed_size;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static struct rtas_filter rtas_filters[] __ro_after_init = {
|
|
|
|
|
{ "ibm,activate-firmware", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "ibm,configure-connector", -1, 0, -1, 1, -1, 4096 }, /* Special cased */
|
|
|
|
|
{ "display-character", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "ibm,display-message", -1, 0, -1, -1, -1 },
|
|
|
|
|
{ "ibm,errinjct", -1, 2, -1, -1, -1, 1024 },
|
|
|
|
|
{ "ibm,close-errinjct", -1, -1, -1, -1, -1 },
|
2020-12-08 19:54:34 +00:00
|
|
|
{ "ibm,open-errinjct", -1, -1, -1, -1, -1 },
|
powerpc/rtas: Restrict RTAS requests from userspace
A number of userspace utilities depend on making calls to RTAS to retrieve
information and update various things.
The existing API through which we expose RTAS to userspace exposes more
RTAS functionality than we actually need, through the sys_rtas syscall,
which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they
want with arbitrary arguments.
Many RTAS calls take the address of a buffer as an argument, and it's up to
the caller to specify the physical address of the buffer as an argument. We
allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can
access, and then expose the physical address and size of this buffer in
/proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address,
poke at the buffer using /dev/mem, and pass an address in the RMO buffer to
the RTAS call.
However, there's nothing stopping the caller from specifying whatever
address they want in the RTAS call, and it's easy to construct a series of
RTAS calls that can overwrite arbitrary bytes (even without /dev/mem
access).
Additionally, there are some RTAS calls that do potentially dangerous
things and for which there are no legitimate userspace use cases.
In the past, this would not have been a particularly big deal as it was
assumed that root could modify all system state freely, but with Secure
Boot and lockdown we need to care about this.
We can't fundamentally change the ABI at this point, however we can address
this by implementing a filter that checks RTAS calls against a list
of permitted calls and forces the caller to use addresses within the RMO
buffer.
The list is based off the list of calls that are used by the librtas
userspace library, and has been tested with a number of existing userspace
RTAS utilities. For compatibility with any applications we are not aware of
that require other calls, the filter can be turned off at build time.
Cc: stable@vger.kernel.org
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200820044512.7543-1-ajd@linux.ibm.com
2020-08-20 04:45:12 +00:00
|
|
|
{ "ibm,get-config-addr-info2", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "ibm,get-dynamic-sensor-state", -1, 1, -1, -1, -1 },
|
|
|
|
|
{ "ibm,get-indices", -1, 2, 3, -1, -1 },
|
|
|
|
|
{ "get-power-level", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "get-sensor-state", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "ibm,get-system-parameter", -1, 1, 2, -1, -1 },
|
|
|
|
|
{ "get-time-of-day", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "ibm,get-vpd", -1, 0, -1, 1, 2 },
|
|
|
|
|
{ "ibm,lpar-perftools", -1, 2, 3, -1, -1 },
|
|
|
|
|
{ "ibm,platform-dump", -1, 4, 5, -1, -1 },
|
|
|
|
|
{ "ibm,read-slot-reset-state", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "ibm,scan-log-dump", -1, 0, 1, -1, -1 },
|
|
|
|
|
{ "ibm,set-dynamic-indicator", -1, 2, -1, -1, -1 },
|
|
|
|
|
{ "ibm,set-eeh-option", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "set-indicator", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "set-power-level", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "set-time-for-power-on", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "ibm,set-system-parameter", -1, 1, -1, -1, -1 },
|
|
|
|
|
{ "set-time-of-day", -1, -1, -1, -1, -1 },
|
powerpc/rtas: prevent suspend-related sys_rtas use on LE
While drmgr has had work in some areas to make its RTAS syscall
interactions endian-neutral, its code for performing partition
migration via the syscall has never worked on LE. While it is able to
complete ibm,suspend-me successfully, it crashes when attempting the
subsequent ibm,update-nodes call.
drmgr is the only known (or plausible) user of ibm,suspend-me,
ibm,update-nodes, and ibm,update-properties, so allow them only in
big-endian configurations.
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20201207215200.1785968-2-nathanl@linux.ibm.com
2020-12-07 21:51:33 +00:00
|
|
|
#ifdef CONFIG_CPU_BIG_ENDIAN
|
powerpc/rtas: Restrict RTAS requests from userspace
A number of userspace utilities depend on making calls to RTAS to retrieve
information and update various things.
The existing API through which we expose RTAS to userspace exposes more
RTAS functionality than we actually need, through the sys_rtas syscall,
which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they
want with arbitrary arguments.
Many RTAS calls take the address of a buffer as an argument, and it's up to
the caller to specify the physical address of the buffer as an argument. We
allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can
access, and then expose the physical address and size of this buffer in
/proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address,
poke at the buffer using /dev/mem, and pass an address in the RMO buffer to
the RTAS call.
However, there's nothing stopping the caller from specifying whatever
address they want in the RTAS call, and it's easy to construct a series of
RTAS calls that can overwrite arbitrary bytes (even without /dev/mem
access).
Additionally, there are some RTAS calls that do potentially dangerous
things and for which there are no legitimate userspace use cases.
In the past, this would not have been a particularly big deal as it was
assumed that root could modify all system state freely, but with Secure
Boot and lockdown we need to care about this.
We can't fundamentally change the ABI at this point, however we can address
this by implementing a filter that checks RTAS calls against a list
of permitted calls and forces the caller to use addresses within the RMO
buffer.
The list is based off the list of calls that are used by the librtas
userspace library, and has been tested with a number of existing userspace
RTAS utilities. For compatibility with any applications we are not aware of
that require other calls, the filter can be turned off at build time.
Cc: stable@vger.kernel.org
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200820044512.7543-1-ajd@linux.ibm.com
2020-08-20 04:45:12 +00:00
|
|
|
{ "ibm,suspend-me", -1, -1, -1, -1, -1 },
|
|
|
|
|
{ "ibm,update-nodes", -1, 0, -1, -1, -1, 4096 },
|
|
|
|
|
{ "ibm,update-properties", -1, 0, -1, -1, -1, 4096 },
|
powerpc/rtas: prevent suspend-related sys_rtas use on LE
While drmgr has had work in some areas to make its RTAS syscall
interactions endian-neutral, its code for performing partition
migration via the syscall has never worked on LE. While it is able to
complete ibm,suspend-me successfully, it crashes when attempting the
subsequent ibm,update-nodes call.
drmgr is the only known (or plausible) user of ibm,suspend-me,
ibm,update-nodes, and ibm,update-properties, so allow them only in
big-endian configurations.
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20201207215200.1785968-2-nathanl@linux.ibm.com
2020-12-07 21:51:33 +00:00
|
|
|
#endif
|
powerpc/rtas: Restrict RTAS requests from userspace
A number of userspace utilities depend on making calls to RTAS to retrieve
information and update various things.
The existing API through which we expose RTAS to userspace exposes more
RTAS functionality than we actually need, through the sys_rtas syscall,
which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they
want with arbitrary arguments.
Many RTAS calls take the address of a buffer as an argument, and it's up to
the caller to specify the physical address of the buffer as an argument. We
allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can
access, and then expose the physical address and size of this buffer in
/proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address,
poke at the buffer using /dev/mem, and pass an address in the RMO buffer to
the RTAS call.
However, there's nothing stopping the caller from specifying whatever
address they want in the RTAS call, and it's easy to construct a series of
RTAS calls that can overwrite arbitrary bytes (even without /dev/mem
access).
Additionally, there are some RTAS calls that do potentially dangerous
things and for which there are no legitimate userspace use cases.
In the past, this would not have been a particularly big deal as it was
assumed that root could modify all system state freely, but with Secure
Boot and lockdown we need to care about this.
We can't fundamentally change the ABI at this point, however we can address
this by implementing a filter that checks RTAS calls against a list
of permitted calls and forces the caller to use addresses within the RMO
buffer.
The list is based off the list of calls that are used by the librtas
userspace library, and has been tested with a number of existing userspace
RTAS utilities. For compatibility with any applications we are not aware of
that require other calls, the filter can be turned off at build time.
Cc: stable@vger.kernel.org
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200820044512.7543-1-ajd@linux.ibm.com
2020-08-20 04:45:12 +00:00
|
|
|
{ "ibm,physical-attestation", -1, 0, 1, -1, -1 },
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static bool in_rmo_buf(u32 base, u32 end)
|
|
|
|
|
{
|
|
|
|
|
return base >= rtas_rmo_buf &&
|
2021-04-08 14:06:30 +00:00
|
|
|
base < (rtas_rmo_buf + RTAS_USER_REGION_SIZE) &&
|
powerpc/rtas: Restrict RTAS requests from userspace
A number of userspace utilities depend on making calls to RTAS to retrieve
information and update various things.
The existing API through which we expose RTAS to userspace exposes more
RTAS functionality than we actually need, through the sys_rtas syscall,
which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they
want with arbitrary arguments.
Many RTAS calls take the address of a buffer as an argument, and it's up to
the caller to specify the physical address of the buffer as an argument. We
allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can
access, and then expose the physical address and size of this buffer in
/proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address,
poke at the buffer using /dev/mem, and pass an address in the RMO buffer to
the RTAS call.
However, there's nothing stopping the caller from specifying whatever
address they want in the RTAS call, and it's easy to construct a series of
RTAS calls that can overwrite arbitrary bytes (even without /dev/mem
access).
Additionally, there are some RTAS calls that do potentially dangerous
things and for which there are no legitimate userspace use cases.
In the past, this would not have been a particularly big deal as it was
assumed that root could modify all system state freely, but with Secure
Boot and lockdown we need to care about this.
We can't fundamentally change the ABI at this point, however we can address
this by implementing a filter that checks RTAS calls against a list
of permitted calls and forces the caller to use addresses within the RMO
buffer.
The list is based off the list of calls that are used by the librtas
userspace library, and has been tested with a number of existing userspace
RTAS utilities. For compatibility with any applications we are not aware of
that require other calls, the filter can be turned off at build time.
Cc: stable@vger.kernel.org
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200820044512.7543-1-ajd@linux.ibm.com
2020-08-20 04:45:12 +00:00
|
|
|
base <= end &&
|
|
|
|
|
end >= rtas_rmo_buf &&
|
2021-04-08 14:06:30 +00:00
|
|
|
end < (rtas_rmo_buf + RTAS_USER_REGION_SIZE);
|
powerpc/rtas: Restrict RTAS requests from userspace
A number of userspace utilities depend on making calls to RTAS to retrieve
information and update various things.
The existing API through which we expose RTAS to userspace exposes more
RTAS functionality than we actually need, through the sys_rtas syscall,
which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they
want with arbitrary arguments.
Many RTAS calls take the address of a buffer as an argument, and it's up to
the caller to specify the physical address of the buffer as an argument. We
allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can
access, and then expose the physical address and size of this buffer in
/proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address,
poke at the buffer using /dev/mem, and pass an address in the RMO buffer to
the RTAS call.
However, there's nothing stopping the caller from specifying whatever
address they want in the RTAS call, and it's easy to construct a series of
RTAS calls that can overwrite arbitrary bytes (even without /dev/mem
access).
Additionally, there are some RTAS calls that do potentially dangerous
things and for which there are no legitimate userspace use cases.
In the past, this would not have been a particularly big deal as it was
assumed that root could modify all system state freely, but with Secure
Boot and lockdown we need to care about this.
We can't fundamentally change the ABI at this point, however we can address
this by implementing a filter that checks RTAS calls against a list
of permitted calls and forces the caller to use addresses within the RMO
buffer.
The list is based off the list of calls that are used by the librtas
userspace library, and has been tested with a number of existing userspace
RTAS utilities. For compatibility with any applications we are not aware of
that require other calls, the filter can be turned off at build time.
Cc: stable@vger.kernel.org
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200820044512.7543-1-ajd@linux.ibm.com
2020-08-20 04:45:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool block_rtas_call(int token, int nargs,
|
|
|
|
|
struct rtas_args *args)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(rtas_filters); i++) {
|
|
|
|
|
struct rtas_filter *f = &rtas_filters[i];
|
|
|
|
|
u32 base, size, end;
|
|
|
|
|
|
|
|
|
|
if (token != f->token)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (f->buf_idx1 != -1) {
|
|
|
|
|
base = be32_to_cpu(args->args[f->buf_idx1]);
|
|
|
|
|
if (f->size_idx1 != -1)
|
|
|
|
|
size = be32_to_cpu(args->args[f->size_idx1]);
|
|
|
|
|
else if (f->fixed_size)
|
|
|
|
|
size = f->fixed_size;
|
|
|
|
|
else
|
|
|
|
|
size = 1;
|
|
|
|
|
|
|
|
|
|
end = base + size - 1;
|
|
|
|
|
if (!in_rmo_buf(base, end))
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (f->buf_idx2 != -1) {
|
|
|
|
|
base = be32_to_cpu(args->args[f->buf_idx2]);
|
|
|
|
|
if (f->size_idx2 != -1)
|
|
|
|
|
size = be32_to_cpu(args->args[f->size_idx2]);
|
|
|
|
|
else if (f->fixed_size)
|
|
|
|
|
size = f->fixed_size;
|
|
|
|
|
else
|
|
|
|
|
size = 1;
|
|
|
|
|
end = base + size - 1;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Special case for ibm,configure-connector where the
|
|
|
|
|
* address can be 0
|
|
|
|
|
*/
|
|
|
|
|
if (!strcmp(f->name, "ibm,configure-connector") &&
|
|
|
|
|
base == 0)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
if (!in_rmo_buf(base, end))
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err:
|
|
|
|
|
pr_err_ratelimited("sys_rtas: RTAS call blocked - exploit attempt?\n");
|
|
|
|
|
pr_err_ratelimited("sys_rtas: token=0x%x, nargs=%d (called by %s)\n",
|
|
|
|
|
token, nargs, current->comm);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-08 14:06:29 +00:00
|
|
|
static void __init rtas_syscall_filter_init(void)
|
|
|
|
|
{
|
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(rtas_filters); i++)
|
|
|
|
|
rtas_filters[i].token = rtas_token(rtas_filters[i].name);
|
|
|
|
|
}
|
|
|
|
|
|
powerpc/rtas: Restrict RTAS requests from userspace
A number of userspace utilities depend on making calls to RTAS to retrieve
information and update various things.
The existing API through which we expose RTAS to userspace exposes more
RTAS functionality than we actually need, through the sys_rtas syscall,
which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they
want with arbitrary arguments.
Many RTAS calls take the address of a buffer as an argument, and it's up to
the caller to specify the physical address of the buffer as an argument. We
allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can
access, and then expose the physical address and size of this buffer in
/proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address,
poke at the buffer using /dev/mem, and pass an address in the RMO buffer to
the RTAS call.
However, there's nothing stopping the caller from specifying whatever
address they want in the RTAS call, and it's easy to construct a series of
RTAS calls that can overwrite arbitrary bytes (even without /dev/mem
access).
Additionally, there are some RTAS calls that do potentially dangerous
things and for which there are no legitimate userspace use cases.
In the past, this would not have been a particularly big deal as it was
assumed that root could modify all system state freely, but with Secure
Boot and lockdown we need to care about this.
We can't fundamentally change the ABI at this point, however we can address
this by implementing a filter that checks RTAS calls against a list
of permitted calls and forces the caller to use addresses within the RMO
buffer.
The list is based off the list of calls that are used by the librtas
userspace library, and has been tested with a number of existing userspace
RTAS utilities. For compatibility with any applications we are not aware of
that require other calls, the filter can be turned off at build time.
Cc: stable@vger.kernel.org
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200820044512.7543-1-ajd@linux.ibm.com
2020-08-20 04:45:12 +00:00
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
static bool block_rtas_call(int token, int nargs,
|
|
|
|
|
struct rtas_args *args)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-08 14:06:29 +00:00
|
|
|
static void __init rtas_syscall_filter_init(void)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
powerpc/rtas: Restrict RTAS requests from userspace
A number of userspace utilities depend on making calls to RTAS to retrieve
information and update various things.
The existing API through which we expose RTAS to userspace exposes more
RTAS functionality than we actually need, through the sys_rtas syscall,
which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they
want with arbitrary arguments.
Many RTAS calls take the address of a buffer as an argument, and it's up to
the caller to specify the physical address of the buffer as an argument. We
allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can
access, and then expose the physical address and size of this buffer in
/proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address,
poke at the buffer using /dev/mem, and pass an address in the RMO buffer to
the RTAS call.
However, there's nothing stopping the caller from specifying whatever
address they want in the RTAS call, and it's easy to construct a series of
RTAS calls that can overwrite arbitrary bytes (even without /dev/mem
access).
Additionally, there are some RTAS calls that do potentially dangerous
things and for which there are no legitimate userspace use cases.
In the past, this would not have been a particularly big deal as it was
assumed that root could modify all system state freely, but with Secure
Boot and lockdown we need to care about this.
We can't fundamentally change the ABI at this point, however we can address
this by implementing a filter that checks RTAS calls against a list
of permitted calls and forces the caller to use addresses within the RMO
buffer.
The list is based off the list of calls that are used by the librtas
userspace library, and has been tested with a number of existing userspace
RTAS utilities. For compatibility with any applications we are not aware of
that require other calls, the filter can be turned off at build time.
Cc: stable@vger.kernel.org
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200820044512.7543-1-ajd@linux.ibm.com
2020-08-20 04:45:12 +00:00
|
|
|
#endif /* CONFIG_PPC_RTAS_FILTER */
|
|
|
|
|
|
2014-03-19 16:02:51 +00:00
|
|
|
/* We assume to be passed big endian arguments */
|
2018-05-02 13:20:48 +00:00
|
|
|
SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
struct rtas_args args;
|
|
|
|
|
unsigned long flags;
|
2005-10-26 07:05:24 +00:00
|
|
|
char *buff_copy, *errbuf = NULL;
|
2014-03-19 16:02:51 +00:00
|
|
|
int nargs, nret, token;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
|
|
|
return -EPERM;
|
|
|
|
|
|
2015-10-16 10:23:29 +00:00
|
|
|
if (!rtas.entry)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
if (copy_from_user(&args, uargs, 3 * sizeof(u32)) != 0)
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
2014-03-19 16:02:51 +00:00
|
|
|
nargs = be32_to_cpu(args.nargs);
|
|
|
|
|
nret = be32_to_cpu(args.nret);
|
|
|
|
|
token = be32_to_cpu(args.token);
|
|
|
|
|
|
2016-03-18 06:36:33 +00:00
|
|
|
if (nargs >= ARRAY_SIZE(args.args)
|
2014-03-19 16:02:51 +00:00
|
|
|
|| nret > ARRAY_SIZE(args.args)
|
|
|
|
|
|| nargs + nret > ARRAY_SIZE(args.args))
|
2005-04-16 22:20:36 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
/* Copy in args. */
|
|
|
|
|
if (copy_from_user(args.args, uargs->args,
|
|
|
|
|
nargs * sizeof(rtas_arg_t)) != 0)
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
2014-03-19 16:02:51 +00:00
|
|
|
if (token == RTAS_UNKNOWN_SERVICE)
|
2006-01-14 00:39:24 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2008-07-30 16:23:27 +00:00
|
|
|
args.rets = &args.args[nargs];
|
2014-03-19 16:02:51 +00:00
|
|
|
memset(args.rets, 0, nret * sizeof(rtas_arg_t));
|
2008-07-30 16:23:27 +00:00
|
|
|
|
powerpc/rtas: Restrict RTAS requests from userspace
A number of userspace utilities depend on making calls to RTAS to retrieve
information and update various things.
The existing API through which we expose RTAS to userspace exposes more
RTAS functionality than we actually need, through the sys_rtas syscall,
which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they
want with arbitrary arguments.
Many RTAS calls take the address of a buffer as an argument, and it's up to
the caller to specify the physical address of the buffer as an argument. We
allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can
access, and then expose the physical address and size of this buffer in
/proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address,
poke at the buffer using /dev/mem, and pass an address in the RMO buffer to
the RTAS call.
However, there's nothing stopping the caller from specifying whatever
address they want in the RTAS call, and it's easy to construct a series of
RTAS calls that can overwrite arbitrary bytes (even without /dev/mem
access).
Additionally, there are some RTAS calls that do potentially dangerous
things and for which there are no legitimate userspace use cases.
In the past, this would not have been a particularly big deal as it was
assumed that root could modify all system state freely, but with Secure
Boot and lockdown we need to care about this.
We can't fundamentally change the ABI at this point, however we can address
this by implementing a filter that checks RTAS calls against a list
of permitted calls and forces the caller to use addresses within the RMO
buffer.
The list is based off the list of calls that are used by the librtas
userspace library, and has been tested with a number of existing userspace
RTAS utilities. For compatibility with any applications we are not aware of
that require other calls, the filter can be turned off at build time.
Cc: stable@vger.kernel.org
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200820044512.7543-1-ajd@linux.ibm.com
2020-08-20 04:45:12 +00:00
|
|
|
if (block_rtas_call(token, nargs, &args))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2006-01-14 00:39:24 +00:00
|
|
|
/* Need to handle ibm,suspend_me call specially */
|
2021-04-08 14:06:28 +00:00
|
|
|
if (token == rtas_token("ibm,suspend-me")) {
|
2015-01-21 02:32:00 +00:00
|
|
|
|
|
|
|
|
/*
|
2015-03-27 19:47:25 +00:00
|
|
|
* rtas_ibm_suspend_me assumes the streamid handle is in cpu
|
|
|
|
|
* endian, or at least the hcall within it requires it.
|
2015-01-21 02:32:00 +00:00
|
|
|
*/
|
2015-03-27 19:47:25 +00:00
|
|
|
int rc = 0;
|
2015-01-21 02:32:00 +00:00
|
|
|
u64 handle = ((u64)be32_to_cpu(args.args[0]) << 32)
|
|
|
|
|
| be32_to_cpu(args.args[1]);
|
2020-12-07 21:51:47 +00:00
|
|
|
rc = rtas_syscall_dispatch_ibm_suspend_me(handle);
|
2015-03-27 19:47:25 +00:00
|
|
|
if (rc == -EAGAIN)
|
|
|
|
|
args.rets[0] = cpu_to_be32(RTAS_NOT_SUSPENDABLE);
|
|
|
|
|
else if (rc == -EIO)
|
|
|
|
|
args.rets[0] = cpu_to_be32(-1);
|
|
|
|
|
else if (rc)
|
2006-01-14 00:39:24 +00:00
|
|
|
return rc;
|
|
|
|
|
goto copy_return;
|
|
|
|
|
}
|
|
|
|
|
|
2005-10-26 07:05:24 +00:00
|
|
|
buff_copy = get_errorlog_buffer();
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2009-06-16 16:42:49 +00:00
|
|
|
flags = lock_rtas();
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
rtas.args = args;
|
2021-06-17 15:51:03 +00:00
|
|
|
do_enter_rtas(__pa(&rtas.args));
|
2005-04-16 22:20:36 +00:00
|
|
|
args = rtas.args;
|
|
|
|
|
|
|
|
|
|
/* A -1 return code indicates that the last command couldn't
|
|
|
|
|
be completed due to a hardware error. */
|
2014-03-19 16:02:51 +00:00
|
|
|
if (be32_to_cpu(args.rets[0]) == -1)
|
2005-10-26 07:05:24 +00:00
|
|
|
errbuf = __fetch_rtas_last_error(buff_copy);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2009-06-16 16:42:49 +00:00
|
|
|
unlock_rtas(flags);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
if (buff_copy) {
|
2005-10-26 07:05:24 +00:00
|
|
|
if (errbuf)
|
|
|
|
|
log_error(errbuf, ERR_TYPE_RTAS_LOG, 0);
|
2005-04-16 22:20:36 +00:00
|
|
|
kfree(buff_copy);
|
|
|
|
|
}
|
|
|
|
|
|
2006-01-14 00:39:24 +00:00
|
|
|
copy_return:
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Copy out args. */
|
|
|
|
|
if (copy_to_user(uargs->args + nargs,
|
|
|
|
|
args.args + nargs,
|
2014-03-19 16:02:51 +00:00
|
|
|
nret * sizeof(rtas_arg_t)) != 0)
|
2005-04-16 22:20:36 +00:00
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2014-09-17 12:15:34 +00:00
|
|
|
* Call early during boot, before mem init, to retrieve the RTAS
|
|
|
|
|
* information from the device-tree and allocate the RMO buffer for userland
|
2005-04-16 22:20:36 +00:00
|
|
|
* accesses.
|
|
|
|
|
*/
|
|
|
|
|
void __init rtas_initialize(void)
|
|
|
|
|
{
|
2005-10-26 07:05:24 +00:00
|
|
|
unsigned long rtas_region = RTAS_INSTANTIATE_MAX;
|
2017-01-23 22:49:53 +00:00
|
|
|
u32 base, size, entry;
|
|
|
|
|
int no_base, no_size, no_entry;
|
2005-10-26 07:05:24 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Get RTAS dev node and fill up our "rtas" structure with infos
|
|
|
|
|
* about it.
|
|
|
|
|
*/
|
|
|
|
|
rtas.dev = of_find_node_by_name(NULL, "rtas");
|
2005-10-26 07:05:24 +00:00
|
|
|
if (!rtas.dev)
|
|
|
|
|
return;
|
|
|
|
|
|
2017-01-23 22:49:53 +00:00
|
|
|
no_base = of_property_read_u32(rtas.dev, "linux,rtas-base", &base);
|
|
|
|
|
no_size = of_property_read_u32(rtas.dev, "rtas-size", &size);
|
|
|
|
|
if (no_base || no_size) {
|
2017-01-23 22:49:54 +00:00
|
|
|
of_node_put(rtas.dev);
|
2017-01-23 22:49:52 +00:00
|
|
|
rtas.dev = NULL;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-23 22:49:53 +00:00
|
|
|
rtas.base = base;
|
|
|
|
|
rtas.size = size;
|
|
|
|
|
no_entry = of_property_read_u32(rtas.dev, "linux,rtas-entry", &entry);
|
|
|
|
|
rtas.entry = no_entry ? rtas.base : entry;
|
2017-01-23 22:49:52 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* If RTAS was found, allocate the RMO buffer for it and look for
|
|
|
|
|
* the stop-self token if any
|
|
|
|
|
*/
|
2005-10-26 07:05:24 +00:00
|
|
|
#ifdef CONFIG_PPC64
|
2021-04-08 14:06:28 +00:00
|
|
|
if (firmware_has_feature(FW_FEATURE_LPAR))
|
2010-07-06 22:39:02 +00:00
|
|
|
rtas_region = min(ppc64_rma_size, RTAS_INSTANTIATE_MAX);
|
2005-10-26 07:05:24 +00:00
|
|
|
#endif
|
2021-04-08 14:06:30 +00:00
|
|
|
rtas_rmo_buf = memblock_phys_alloc_range(RTAS_USER_REGION_SIZE, PAGE_SIZE,
|
2019-03-12 06:29:35 +00:00
|
|
|
0, rtas_region);
|
|
|
|
|
if (!rtas_rmo_buf)
|
|
|
|
|
panic("ERROR: RTAS: Failed to allocate %lx bytes below %pa\n",
|
|
|
|
|
PAGE_SIZE, &rtas_region);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2005-10-26 07:05:24 +00:00
|
|
|
#ifdef CONFIG_RTAS_ERROR_LOGGING
|
|
|
|
|
rtas_last_error_token = rtas_token("rtas-last-error");
|
|
|
|
|
#endif
|
powerpc/rtas: Restrict RTAS requests from userspace
A number of userspace utilities depend on making calls to RTAS to retrieve
information and update various things.
The existing API through which we expose RTAS to userspace exposes more
RTAS functionality than we actually need, through the sys_rtas syscall,
which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they
want with arbitrary arguments.
Many RTAS calls take the address of a buffer as an argument, and it's up to
the caller to specify the physical address of the buffer as an argument. We
allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can
access, and then expose the physical address and size of this buffer in
/proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address,
poke at the buffer using /dev/mem, and pass an address in the RMO buffer to
the RTAS call.
However, there's nothing stopping the caller from specifying whatever
address they want in the RTAS call, and it's easy to construct a series of
RTAS calls that can overwrite arbitrary bytes (even without /dev/mem
access).
Additionally, there are some RTAS calls that do potentially dangerous
things and for which there are no legitimate userspace use cases.
In the past, this would not have been a particularly big deal as it was
assumed that root could modify all system state freely, but with Secure
Boot and lockdown we need to care about this.
We can't fundamentally change the ABI at this point, however we can address
this by implementing a filter that checks RTAS calls against a list
of permitted calls and forces the caller to use addresses within the RMO
buffer.
The list is based off the list of calls that are used by the librtas
userspace library, and has been tested with a number of existing userspace
RTAS utilities. For compatibility with any applications we are not aware of
that require other calls, the filter can be turned off at build time.
Cc: stable@vger.kernel.org
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200820044512.7543-1-ajd@linux.ibm.com
2020-08-20 04:45:12 +00:00
|
|
|
|
2021-04-08 14:06:29 +00:00
|
|
|
rtas_syscall_filter_init();
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2006-06-23 08:20:13 +00:00
|
|
|
|
|
|
|
|
int __init early_init_dt_scan_rtas(unsigned long node,
|
|
|
|
|
const char *uname, int depth, void *data)
|
|
|
|
|
{
|
2014-04-02 04:49:03 +00:00
|
|
|
const u32 *basep, *entryp, *sizep;
|
2006-06-23 08:20:13 +00:00
|
|
|
|
|
|
|
|
if (depth != 1 || strcmp(uname, "rtas") != 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
basep = of_get_flat_dt_prop(node, "linux,rtas-base", NULL);
|
|
|
|
|
entryp = of_get_flat_dt_prop(node, "linux,rtas-entry", NULL);
|
|
|
|
|
sizep = of_get_flat_dt_prop(node, "rtas-size", NULL);
|
|
|
|
|
|
|
|
|
|
if (basep && entryp && sizep) {
|
|
|
|
|
rtas.base = *basep;
|
|
|
|
|
rtas.entry = *entryp;
|
|
|
|
|
rtas.size = *sizep;
|
|
|
|
|
}
|
|
|
|
|
|
2006-06-23 08:20:16 +00:00
|
|
|
#ifdef CONFIG_UDBG_RTAS_CONSOLE
|
|
|
|
|
basep = of_get_flat_dt_prop(node, "put-term-char", NULL);
|
|
|
|
|
if (basep)
|
|
|
|
|
rtas_putchar_token = *basep;
|
|
|
|
|
|
|
|
|
|
basep = of_get_flat_dt_prop(node, "get-term-char", NULL);
|
|
|
|
|
if (basep)
|
|
|
|
|
rtas_getchar_token = *basep;
|
2006-08-17 04:12:14 +00:00
|
|
|
|
|
|
|
|
if (rtas_putchar_token != RTAS_UNKNOWN_SERVICE &&
|
|
|
|
|
rtas_getchar_token != RTAS_UNKNOWN_SERVICE)
|
|
|
|
|
udbg_init_rtas_console();
|
|
|
|
|
|
2006-06-23 08:20:16 +00:00
|
|
|
#endif
|
|
|
|
|
|
2006-06-23 08:20:13 +00:00
|
|
|
/* break now */
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2009-06-16 16:42:50 +00:00
|
|
|
|
2009-12-02 18:49:50 +00:00
|
|
|
static arch_spinlock_t timebase_lock;
|
2009-06-16 16:42:50 +00:00
|
|
|
static u64 timebase = 0;
|
|
|
|
|
|
2013-06-24 19:30:09 +00:00
|
|
|
void rtas_give_timebase(void)
|
2009-06-16 16:42:50 +00:00
|
|
|
{
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
|
|
local_irq_save(flags);
|
|
|
|
|
hard_irq_disable();
|
2009-12-02 19:01:25 +00:00
|
|
|
arch_spin_lock(&timebase_lock);
|
2009-06-16 16:42:50 +00:00
|
|
|
rtas_call(rtas_token("freeze-time-base"), 0, 1, NULL);
|
|
|
|
|
timebase = get_tb();
|
2009-12-02 19:01:25 +00:00
|
|
|
arch_spin_unlock(&timebase_lock);
|
2009-06-16 16:42:50 +00:00
|
|
|
|
|
|
|
|
while (timebase)
|
|
|
|
|
barrier();
|
|
|
|
|
rtas_call(rtas_token("thaw-time-base"), 0, 1, NULL);
|
|
|
|
|
local_irq_restore(flags);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-24 19:30:09 +00:00
|
|
|
void rtas_take_timebase(void)
|
2009-06-16 16:42:50 +00:00
|
|
|
{
|
|
|
|
|
while (!timebase)
|
|
|
|
|
barrier();
|
2009-12-02 19:01:25 +00:00
|
|
|
arch_spin_lock(&timebase_lock);
|
2009-06-16 16:42:50 +00:00
|
|
|
set_tb(timebase >> 32, timebase & 0xffffffff);
|
|
|
|
|
timebase = 0;
|
2009-12-02 19:01:25 +00:00
|
|
|
arch_spin_unlock(&timebase_lock);
|
2009-06-16 16:42:50 +00:00
|
|
|
}
|