1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * Procedures for interfacing to the RTAS on CHRP machines.
5 *
6 * Peter Bergner, IBM March 2001.
7 * Copyright (C) 2001 IBM.
8 */
9
10 #include <linux/stdarg.h>
11 #include <linux/kernel.h>
12 #include <linux/types.h>
13 #include <linux/spinlock.h>
14 #include <linux/export.h>
15 #include <linux/init.h>
16 #include <linux/capability.h>
17 #include <linux/delay.h>
18 #include <linux/cpu.h>
19 #include <linux/sched.h>
20 #include <linux/smp.h>
21 #include <linux/completion.h>
22 #include <linux/cpumask.h>
23 #include <linux/memblock.h>
24 #include <linux/slab.h>
25 #include <linux/reboot.h>
26 #include <linux/syscalls.h>
27
28 #include <asm/interrupt.h>
29 #include <asm/prom.h>
30 #include <asm/rtas.h>
31 #include <asm/hvcall.h>
32 #include <asm/machdep.h>
33 #include <asm/firmware.h>
34 #include <asm/page.h>
35 #include <asm/param.h>
36 #include <asm/delay.h>
37 #include <linux/uaccess.h>
38 #include <asm/udbg.h>
39 #include <asm/syscalls.h>
40 #include <asm/smp.h>
41 #include <linux/atomic.h>
42 #include <asm/time.h>
43 #include <asm/mmu.h>
44 #include <asm/topology.h>
45
46 /* This is here deliberately so it's only used in this file */
47 void enter_rtas(unsigned long);
48
do_enter_rtas(unsigned long args)49 static inline void do_enter_rtas(unsigned long args)
50 {
51 unsigned long msr;
52
53 /*
54 * Make sure MSR[RI] is currently enabled as it will be forced later
55 * in enter_rtas.
56 */
57 msr = mfmsr();
58 BUG_ON(!(msr & MSR_RI));
59
60 enter_rtas(args);
61
62 srr_regs_clobbered(); /* rtas uses SRRs, invalidate */
63 }
64
65 struct rtas_t rtas = {
66 .lock = __ARCH_SPIN_LOCK_UNLOCKED
67 };
68 EXPORT_SYMBOL(rtas);
69
70 DEFINE_SPINLOCK(rtas_data_buf_lock);
71 EXPORT_SYMBOL(rtas_data_buf_lock);
72
73 char rtas_data_buf[RTAS_DATA_BUF_SIZE] __cacheline_aligned;
74 EXPORT_SYMBOL(rtas_data_buf);
75
76 unsigned long rtas_rmo_buf;
77
78 /*
79 * If non-NULL, this gets called when the kernel terminates.
80 * This is done like this so rtas_flash can be a module.
81 */
82 void (*rtas_flash_term_hook)(int);
83 EXPORT_SYMBOL(rtas_flash_term_hook);
84
85 /* RTAS use home made raw locking instead of spin_lock_irqsave
86 * because those can be called from within really nasty contexts
87 * such as having the timebase stopped which would lockup with
88 * normal locks and spinlock debugging enabled
89 */
lock_rtas(void)90 static unsigned long lock_rtas(void)
91 {
92 unsigned long flags;
93
94 local_irq_save(flags);
95 preempt_disable();
96 arch_spin_lock(&rtas.lock);
97 return flags;
98 }
99
unlock_rtas(unsigned long flags)100 static void unlock_rtas(unsigned long flags)
101 {
102 arch_spin_unlock(&rtas.lock);
103 local_irq_restore(flags);
104 preempt_enable();
105 }
106
107 /*
108 * call_rtas_display_status and call_rtas_display_status_delay
109 * are designed only for very early low-level debugging, which
110 * is why the token is hard-coded to 10.
111 */
call_rtas_display_status(unsigned char c)112 static void call_rtas_display_status(unsigned char c)
113 {
114 unsigned long s;
115
116 if (!rtas.base)
117 return;
118
119 s = lock_rtas();
120 rtas_call_unlocked(&rtas.args, 10, 1, 1, NULL, c);
121 unlock_rtas(s);
122 }
123
call_rtas_display_status_delay(char c)124 static void call_rtas_display_status_delay(char c)
125 {
126 static int pending_newline = 0; /* did last write end with unprinted newline? */
127 static int width = 16;
128
129 if (c == '\n') {
130 while (width-- > 0)
131 call_rtas_display_status(' ');
132 width = 16;
133 mdelay(500);
134 pending_newline = 1;
135 } else {
136 if (pending_newline) {
137 call_rtas_display_status('\r');
138 call_rtas_display_status('\n');
139 }
140 pending_newline = 0;
141 if (width--) {
142 call_rtas_display_status(c);
143 udelay(10000);
144 }
145 }
146 }
147
udbg_init_rtas_panel(void)148 void __init udbg_init_rtas_panel(void)
149 {
150 udbg_putc = call_rtas_display_status_delay;
151 }
152
153 #ifdef CONFIG_UDBG_RTAS_CONSOLE
154
155 /* If you think you're dying before early_init_dt_scan_rtas() does its
156 * work, you can hard code the token values for your firmware here and
157 * hardcode rtas.base/entry etc.
158 */
159 static unsigned int rtas_putchar_token = RTAS_UNKNOWN_SERVICE;
160 static unsigned int rtas_getchar_token = RTAS_UNKNOWN_SERVICE;
161
udbg_rtascon_putc(char c)162 static void udbg_rtascon_putc(char c)
163 {
164 int tries;
165
166 if (!rtas.base)
167 return;
168
169 /* Add CRs before LFs */
170 if (c == '\n')
171 udbg_rtascon_putc('\r');
172
173 /* if there is more than one character to be displayed, wait a bit */
174 for (tries = 0; tries < 16; tries++) {
175 if (rtas_call(rtas_putchar_token, 1, 1, NULL, c) == 0)
176 break;
177 udelay(1000);
178 }
179 }
180
udbg_rtascon_getc_poll(void)181 static int udbg_rtascon_getc_poll(void)
182 {
183 int c;
184
185 if (!rtas.base)
186 return -1;
187
188 if (rtas_call(rtas_getchar_token, 0, 2, &c))
189 return -1;
190
191 return c;
192 }
193
udbg_rtascon_getc(void)194 static int udbg_rtascon_getc(void)
195 {
196 int c;
197
198 while ((c = udbg_rtascon_getc_poll()) == -1)
199 ;
200
201 return c;
202 }
203
204
udbg_init_rtas_console(void)205 void __init udbg_init_rtas_console(void)
206 {
207 udbg_putc = udbg_rtascon_putc;
208 udbg_getc = udbg_rtascon_getc;
209 udbg_getc_poll = udbg_rtascon_getc_poll;
210 }
211 #endif /* CONFIG_UDBG_RTAS_CONSOLE */
212
rtas_progress(char * s,unsigned short hex)213 void rtas_progress(char *s, unsigned short hex)
214 {
215 struct device_node *root;
216 int width;
217 const __be32 *p;
218 char *os;
219 static int display_character, set_indicator;
220 static int display_width, display_lines, form_feed;
221 static const int *row_width;
222 static DEFINE_SPINLOCK(progress_lock);
223 static int current_line;
224 static int pending_newline = 0; /* did last write end with unprinted newline? */
225
226 if (!rtas.base)
227 return;
228
229 if (display_width == 0) {
230 display_width = 0x10;
231 if ((root = of_find_node_by_path("/rtas"))) {
232 if ((p = of_get_property(root,
233 "ibm,display-line-length", NULL)))
234 display_width = be32_to_cpu(*p);
235 if ((p = of_get_property(root,
236 "ibm,form-feed", NULL)))
237 form_feed = be32_to_cpu(*p);
238 if ((p = of_get_property(root,
239 "ibm,display-number-of-lines", NULL)))
240 display_lines = be32_to_cpu(*p);
241 row_width = of_get_property(root,
242 "ibm,display-truncation-length", NULL);
243 of_node_put(root);
244 }
245 display_character = rtas_token("display-character");
246 set_indicator = rtas_token("set-indicator");
247 }
248
249 if (display_character == RTAS_UNKNOWN_SERVICE) {
250 /* use hex display if available */
251 if (set_indicator != RTAS_UNKNOWN_SERVICE)
252 rtas_call(set_indicator, 3, 1, NULL, 6, 0, hex);
253 return;
254 }
255
256 spin_lock(&progress_lock);
257
258 /*
259 * Last write ended with newline, but we didn't print it since
260 * it would just clear the bottom line of output. Print it now
261 * instead.
262 *
263 * If no newline is pending and form feed is supported, clear the
264 * display with a form feed; otherwise, print a CR to start output
265 * at the beginning of the line.
266 */
267 if (pending_newline) {
268 rtas_call(display_character, 1, 1, NULL, '\r');
269 rtas_call(display_character, 1, 1, NULL, '\n');
270 pending_newline = 0;
271 } else {
272 current_line = 0;
273 if (form_feed)
274 rtas_call(display_character, 1, 1, NULL,
275 (char)form_feed);
276 else
277 rtas_call(display_character, 1, 1, NULL, '\r');
278 }
279
280 if (row_width)
281 width = row_width[current_line];
282 else
283 width = display_width;
284 os = s;
285 while (*os) {
286 if (*os == '\n' || *os == '\r') {
287 /* If newline is the last character, save it
288 * until next call to avoid bumping up the
289 * display output.
290 */
291 if (*os == '\n' && !os[1]) {
292 pending_newline = 1;
293 current_line++;
294 if (current_line > display_lines-1)
295 current_line = display_lines-1;
296 spin_unlock(&progress_lock);
297 return;
298 }
299
300 /* RTAS wants CR-LF, not just LF */
301
302 if (*os == '\n') {
303 rtas_call(display_character, 1, 1, NULL, '\r');
304 rtas_call(display_character, 1, 1, NULL, '\n');
305 } else {
306 /* CR might be used to re-draw a line, so we'll
307 * leave it alone and not add LF.
308 */
309 rtas_call(display_character, 1, 1, NULL, *os);
310 }
311
312 if (row_width)
313 width = row_width[current_line];
314 else
315 width = display_width;
316 } else {
317 width--;
318 rtas_call(display_character, 1, 1, NULL, *os);
319 }
320
321 os++;
322
323 /* if we overwrite the screen length */
324 if (width <= 0)
325 while ((*os != 0) && (*os != '\n') && (*os != '\r'))
326 os++;
327 }
328
329 spin_unlock(&progress_lock);
330 }
331 EXPORT_SYMBOL(rtas_progress); /* needed by rtas_flash module */
332
rtas_token(const char * service)333 int rtas_token(const char *service)
334 {
335 const __be32 *tokp;
336 if (rtas.dev == NULL)
337 return RTAS_UNKNOWN_SERVICE;
338 tokp = of_get_property(rtas.dev, service, NULL);
339 return tokp ? be32_to_cpu(*tokp) : RTAS_UNKNOWN_SERVICE;
340 }
341 EXPORT_SYMBOL(rtas_token);
342
rtas_service_present(const char * service)343 int rtas_service_present(const char *service)
344 {
345 return rtas_token(service) != RTAS_UNKNOWN_SERVICE;
346 }
347 EXPORT_SYMBOL(rtas_service_present);
348
349 #ifdef CONFIG_RTAS_ERROR_LOGGING
350 /*
351 * Return the firmware-specified size of the error log buffer
352 * for all rtas calls that require an error buffer argument.
353 * This includes 'check-exception' and 'rtas-last-error'.
354 */
rtas_get_error_log_max(void)355 int rtas_get_error_log_max(void)
356 {
357 static int rtas_error_log_max;
358 if (rtas_error_log_max)
359 return rtas_error_log_max;
360
361 rtas_error_log_max = rtas_token ("rtas-error-log-max");
362 if ((rtas_error_log_max == RTAS_UNKNOWN_SERVICE) ||
363 (rtas_error_log_max > RTAS_ERROR_LOG_MAX)) {
364 printk (KERN_WARNING "RTAS: bad log buffer size %d\n",
365 rtas_error_log_max);
366 rtas_error_log_max = RTAS_ERROR_LOG_MAX;
367 }
368 return rtas_error_log_max;
369 }
370 EXPORT_SYMBOL(rtas_get_error_log_max);
371
372
373 static char rtas_err_buf[RTAS_ERROR_LOG_MAX];
374 static int rtas_last_error_token;
375
376 /** Return a copy of the detailed error text associated with the
377 * most recent failed call to rtas. Because the error text
378 * might go stale if there are any other intervening rtas calls,
379 * this routine must be called atomically with whatever produced
380 * the error (i.e. with rtas.lock still held from the previous call).
381 */
__fetch_rtas_last_error(char * altbuf)382 static char *__fetch_rtas_last_error(char *altbuf)
383 {
384 struct rtas_args err_args, save_args;
385 u32 bufsz;
386 char *buf = NULL;
387
388 if (rtas_last_error_token == -1)
389 return NULL;
390
391 bufsz = rtas_get_error_log_max();
392
393 err_args.token = cpu_to_be32(rtas_last_error_token);
394 err_args.nargs = cpu_to_be32(2);
395 err_args.nret = cpu_to_be32(1);
396 err_args.args[0] = cpu_to_be32(__pa(rtas_err_buf));
397 err_args.args[1] = cpu_to_be32(bufsz);
398 err_args.args[2] = 0;
399
400 save_args = rtas.args;
401 rtas.args = err_args;
402
403 do_enter_rtas(__pa(&rtas.args));
404
405 err_args = rtas.args;
406 rtas.args = save_args;
407
408 /* Log the error in the unlikely case that there was one. */
409 if (unlikely(err_args.args[2] == 0)) {
410 if (altbuf) {
411 buf = altbuf;
412 } else {
413 buf = rtas_err_buf;
414 if (slab_is_available())
415 buf = kmalloc(RTAS_ERROR_LOG_MAX, GFP_ATOMIC);
416 }
417 if (buf)
418 memmove(buf, rtas_err_buf, RTAS_ERROR_LOG_MAX);
419 }
420
421 return buf;
422 }
423
424 #define get_errorlog_buffer() kmalloc(RTAS_ERROR_LOG_MAX, GFP_KERNEL)
425
426 #else /* CONFIG_RTAS_ERROR_LOGGING */
427 #define __fetch_rtas_last_error(x) NULL
428 #define get_errorlog_buffer() NULL
429 #endif
430
431
432 static void
va_rtas_call_unlocked(struct rtas_args * args,int token,int nargs,int nret,va_list list)433 va_rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret,
434 va_list list)
435 {
436 int i;
437
438 args->token = cpu_to_be32(token);
439 args->nargs = cpu_to_be32(nargs);
440 args->nret = cpu_to_be32(nret);
441 args->rets = &(args->args[nargs]);
442
443 for (i = 0; i < nargs; ++i)
444 args->args[i] = cpu_to_be32(va_arg(list, __u32));
445
446 for (i = 0; i < nret; ++i)
447 args->rets[i] = 0;
448
449 do_enter_rtas(__pa(args));
450 }
451
rtas_call_unlocked(struct rtas_args * args,int token,int nargs,int nret,...)452 void rtas_call_unlocked(struct rtas_args *args, int token, int nargs, int nret, ...)
453 {
454 va_list list;
455
456 va_start(list, nret);
457 va_rtas_call_unlocked(args, token, nargs, nret, list);
458 va_end(list);
459 }
460
rtas_call(int token,int nargs,int nret,int * outputs,...)461 int rtas_call(int token, int nargs, int nret, int *outputs, ...)
462 {
463 va_list list;
464 int i;
465 unsigned long s;
466 struct rtas_args *rtas_args;
467 char *buff_copy = NULL;
468 int ret;
469
470 if (!rtas.entry || token == RTAS_UNKNOWN_SERVICE)
471 return -1;
472
473 s = lock_rtas();
474
475 /* We use the global rtas args buffer */
476 rtas_args = &rtas.args;
477
478 va_start(list, outputs);
479 va_rtas_call_unlocked(rtas_args, token, nargs, nret, list);
480 va_end(list);
481
482 /* A -1 return code indicates that the last command couldn't
483 be completed due to a hardware error. */
484 if (be32_to_cpu(rtas_args->rets[0]) == -1)
485 buff_copy = __fetch_rtas_last_error(NULL);
486
487 if (nret > 1 && outputs != NULL)
488 for (i = 0; i < nret-1; ++i)
489 outputs[i] = be32_to_cpu(rtas_args->rets[i+1]);
490 ret = (nret > 0)? be32_to_cpu(rtas_args->rets[0]): 0;
491
492 unlock_rtas(s);
493
494 if (buff_copy) {
495 log_error(buff_copy, ERR_TYPE_RTAS_LOG, 0);
496 if (slab_is_available())
497 kfree(buff_copy);
498 }
499 return ret;
500 }
501 EXPORT_SYMBOL(rtas_call);
502
503 /* For RTAS_BUSY (-2), delay for 1 millisecond. For an extended busy status
504 * code of 990n, perform the hinted delay of 10^n (last digit) milliseconds.
505 */
rtas_busy_delay_time(int status)506 unsigned int rtas_busy_delay_time(int status)
507 {
508 int order;
509 unsigned int ms = 0;
510
511 if (status == RTAS_BUSY) {
512 ms = 1;
513 } else if (status >= RTAS_EXTENDED_DELAY_MIN &&
514 status <= RTAS_EXTENDED_DELAY_MAX) {
515 order = status - RTAS_EXTENDED_DELAY_MIN;
516 for (ms = 1; order > 0; order--)
517 ms *= 10;
518 }
519
520 return ms;
521 }
522 EXPORT_SYMBOL(rtas_busy_delay_time);
523
524 /* For an RTAS busy status code, perform the hinted delay. */
rtas_busy_delay(int status)525 unsigned int rtas_busy_delay(int status)
526 {
527 unsigned int ms;
528
529 might_sleep();
530 ms = rtas_busy_delay_time(status);
531 if (ms && need_resched())
532 msleep(ms);
533
534 return ms;
535 }
536 EXPORT_SYMBOL(rtas_busy_delay);
537
rtas_error_rc(int rtas_rc)538 static int rtas_error_rc(int rtas_rc)
539 {
540 int rc;
541
542 switch (rtas_rc) {
543 case -1: /* Hardware Error */
544 rc = -EIO;
545 break;
546 case -3: /* Bad indicator/domain/etc */
547 rc = -EINVAL;
548 break;
549 case -9000: /* Isolation error */
550 rc = -EFAULT;
551 break;
552 case -9001: /* Outstanding TCE/PTE */
553 rc = -EEXIST;
554 break;
555 case -9002: /* No usable slot */
556 rc = -ENODEV;
557 break;
558 default:
559 printk(KERN_ERR "%s: unexpected RTAS error %d\n",
560 __func__, rtas_rc);
561 rc = -ERANGE;
562 break;
563 }
564 return rc;
565 }
566
rtas_get_power_level(int powerdomain,int * level)567 int rtas_get_power_level(int powerdomain, int *level)
568 {
569 int token = rtas_token("get-power-level");
570 int rc;
571
572 if (token == RTAS_UNKNOWN_SERVICE)
573 return -ENOENT;
574
575 while ((rc = rtas_call(token, 1, 2, level, powerdomain)) == RTAS_BUSY)
576 udelay(1);
577
578 if (rc < 0)
579 return rtas_error_rc(rc);
580 return rc;
581 }
582 EXPORT_SYMBOL(rtas_get_power_level);
583
rtas_set_power_level(int powerdomain,int level,int * setlevel)584 int rtas_set_power_level(int powerdomain, int level, int *setlevel)
585 {
586 int token = rtas_token("set-power-level");
587 int rc;
588
589 if (token == RTAS_UNKNOWN_SERVICE)
590 return -ENOENT;
591
592 do {
593 rc = rtas_call(token, 2, 2, setlevel, powerdomain, level);
594 } while (rtas_busy_delay(rc));
595
596 if (rc < 0)
597 return rtas_error_rc(rc);
598 return rc;
599 }
600 EXPORT_SYMBOL(rtas_set_power_level);
601
rtas_get_sensor(int sensor,int index,int * state)602 int rtas_get_sensor(int sensor, int index, int *state)
603 {
604 int token = rtas_token("get-sensor-state");
605 int rc;
606
607 if (token == RTAS_UNKNOWN_SERVICE)
608 return -ENOENT;
609
610 do {
611 rc = rtas_call(token, 2, 2, state, sensor, index);
612 } while (rtas_busy_delay(rc));
613
614 if (rc < 0)
615 return rtas_error_rc(rc);
616 return rc;
617 }
618 EXPORT_SYMBOL(rtas_get_sensor);
619
rtas_get_sensor_fast(int sensor,int index,int * state)620 int rtas_get_sensor_fast(int sensor, int index, int *state)
621 {
622 int token = rtas_token("get-sensor-state");
623 int rc;
624
625 if (token == RTAS_UNKNOWN_SERVICE)
626 return -ENOENT;
627
628 rc = rtas_call(token, 2, 2, state, sensor, index);
629 WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN &&
630 rc <= RTAS_EXTENDED_DELAY_MAX));
631
632 if (rc < 0)
633 return rtas_error_rc(rc);
634 return rc;
635 }
636
rtas_indicator_present(int token,int * maxindex)637 bool rtas_indicator_present(int token, int *maxindex)
638 {
639 int proplen, count, i;
640 const struct indicator_elem {
641 __be32 token;
642 __be32 maxindex;
643 } *indicators;
644
645 indicators = of_get_property(rtas.dev, "rtas-indicators", &proplen);
646 if (!indicators)
647 return false;
648
649 count = proplen / sizeof(struct indicator_elem);
650
651 for (i = 0; i < count; i++) {
652 if (__be32_to_cpu(indicators[i].token) != token)
653 continue;
654 if (maxindex)
655 *maxindex = __be32_to_cpu(indicators[i].maxindex);
656 return true;
657 }
658
659 return false;
660 }
661 EXPORT_SYMBOL(rtas_indicator_present);
662
rtas_set_indicator(int indicator,int index,int new_value)663 int rtas_set_indicator(int indicator, int index, int new_value)
664 {
665 int token = rtas_token("set-indicator");
666 int rc;
667
668 if (token == RTAS_UNKNOWN_SERVICE)
669 return -ENOENT;
670
671 do {
672 rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value);
673 } while (rtas_busy_delay(rc));
674
675 if (rc < 0)
676 return rtas_error_rc(rc);
677 return rc;
678 }
679 EXPORT_SYMBOL(rtas_set_indicator);
680
681 /*
682 * Ignoring RTAS extended delay
683 */
rtas_set_indicator_fast(int indicator,int index,int new_value)684 int rtas_set_indicator_fast(int indicator, int index, int new_value)
685 {
686 int rc;
687 int token = rtas_token("set-indicator");
688
689 if (token == RTAS_UNKNOWN_SERVICE)
690 return -ENOENT;
691
692 rc = rtas_call(token, 3, 1, NULL, indicator, index, new_value);
693
694 WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN &&
695 rc <= RTAS_EXTENDED_DELAY_MAX));
696
697 if (rc < 0)
698 return rtas_error_rc(rc);
699
700 return rc;
701 }
702
703 /**
704 * rtas_ibm_suspend_me() - Call ibm,suspend-me to suspend the LPAR.
705 *
706 * @fw_status: RTAS call status will be placed here if not NULL.
707 *
708 * rtas_ibm_suspend_me() should be called only on a CPU which has
709 * received H_CONTINUE from the H_JOIN hcall. All other active CPUs
710 * should be waiting to return from H_JOIN.
711 *
712 * rtas_ibm_suspend_me() may suspend execution of the OS
713 * indefinitely. Callers should take appropriate measures upon return, such as
714 * resetting watchdog facilities.
715 *
716 * Callers may choose to retry this call if @fw_status is
717 * %RTAS_THREADS_ACTIVE.
718 *
719 * Return:
720 * 0 - The partition has resumed from suspend, possibly after
721 * migration to a different host.
722 * -ECANCELED - The operation was aborted.
723 * -EAGAIN - There were other CPUs not in H_JOIN at the time of the call.
724 * -EBUSY - Some other condition prevented the suspend from succeeding.
725 * -EIO - Hardware/platform error.
726 */
rtas_ibm_suspend_me(int * fw_status)727 int rtas_ibm_suspend_me(int *fw_status)
728 {
729 int fwrc;
730 int ret;
731
732 fwrc = rtas_call(rtas_token("ibm,suspend-me"), 0, 1, NULL);
733
734 switch (fwrc) {
735 case 0:
736 ret = 0;
737 break;
738 case RTAS_SUSPEND_ABORTED:
739 ret = -ECANCELED;
740 break;
741 case RTAS_THREADS_ACTIVE:
742 ret = -EAGAIN;
743 break;
744 case RTAS_NOT_SUSPENDABLE:
745 case RTAS_OUTSTANDING_COPROC:
746 ret = -EBUSY;
747 break;
748 case -1:
749 default:
750 ret = -EIO;
751 break;
752 }
753
754 if (fw_status)
755 *fw_status = fwrc;
756
757 return ret;
758 }
759
rtas_restart(char * cmd)760 void __noreturn rtas_restart(char *cmd)
761 {
762 if (rtas_flash_term_hook)
763 rtas_flash_term_hook(SYS_RESTART);
764 printk("RTAS system-reboot returned %d\n",
765 rtas_call(rtas_token("system-reboot"), 0, 1, NULL));
766 for (;;);
767 }
768
rtas_power_off(void)769 void rtas_power_off(void)
770 {
771 if (rtas_flash_term_hook)
772 rtas_flash_term_hook(SYS_POWER_OFF);
773 /* allow power on only with power button press */
774 printk("RTAS power-off returned %d\n",
775 rtas_call(rtas_token("power-off"), 2, 1, NULL, -1, -1));
776 for (;;);
777 }
778
rtas_halt(void)779 void __noreturn rtas_halt(void)
780 {
781 if (rtas_flash_term_hook)
782 rtas_flash_term_hook(SYS_HALT);
783 /* allow power on only with power button press */
784 printk("RTAS power-off returned %d\n",
785 rtas_call(rtas_token("power-off"), 2, 1, NULL, -1, -1));
786 for (;;);
787 }
788
789 /* Must be in the RMO region, so we place it here */
790 static char rtas_os_term_buf[2048];
791 static s32 ibm_os_term_token = RTAS_UNKNOWN_SERVICE;
792
rtas_os_term(char * str)793 void rtas_os_term(char *str)
794 {
795 int status;
796
797 /*
798 * Firmware with the ibm,extended-os-term property is guaranteed
799 * to always return from an ibm,os-term call. Earlier versions without
800 * this property may terminate the partition which we want to avoid
801 * since it interferes with panic_timeout.
802 */
803 if (ibm_os_term_token == RTAS_UNKNOWN_SERVICE)
804 return;
805
806 snprintf(rtas_os_term_buf, 2048, "OS panic: %s", str);
807
808 /*
809 * Keep calling as long as RTAS returns a "try again" status,
810 * but don't use rtas_busy_delay(), which potentially
811 * schedules.
812 */
813 do {
814 status = rtas_call(ibm_os_term_token, 1, 1, NULL,
815 __pa(rtas_os_term_buf));
816 } while (rtas_busy_delay_time(status));
817
818 if (status != 0)
819 printk(KERN_EMERG "ibm,os-term call failed %d\n", status);
820 }
821
822 /**
823 * rtas_activate_firmware() - Activate a new version of firmware.
824 *
825 * Activate a new version of partition firmware. The OS must call this
826 * after resuming from a partition hibernation or migration in order
827 * to maintain the ability to perform live firmware updates. It's not
828 * catastrophic for this method to be absent or to fail; just log the
829 * condition in that case.
830 *
831 * Context: This function may sleep.
832 */
rtas_activate_firmware(void)833 void rtas_activate_firmware(void)
834 {
835 int token;
836 int fwrc;
837
838 token = rtas_token("ibm,activate-firmware");
839 if (token == RTAS_UNKNOWN_SERVICE) {
840 pr_notice("ibm,activate-firmware method unavailable\n");
841 return;
842 }
843
844 do {
845 fwrc = rtas_call(token, 0, 1, NULL);
846 } while (rtas_busy_delay(fwrc));
847
848 if (fwrc)
849 pr_err("ibm,activate-firmware failed (%i)\n", fwrc);
850 }
851
852 /**
853 * Find a specific pseries error log in an RTAS extended event log.
854 * @log: RTAS error/event log
855 * @section_id: two character section identifier
856 *
857 * Returns a pointer to the specified errorlog or NULL if not found.
858 */
get_pseries_errorlog(struct rtas_error_log * log,uint16_t section_id)859 struct pseries_errorlog *get_pseries_errorlog(struct rtas_error_log *log,
860 uint16_t section_id)
861 {
862 struct rtas_ext_event_log_v6 *ext_log =
863 (struct rtas_ext_event_log_v6 *)log->buffer;
864 struct pseries_errorlog *sect;
865 unsigned char *p, *log_end;
866 uint32_t ext_log_length = rtas_error_extended_log_length(log);
867 uint8_t log_format = rtas_ext_event_log_format(ext_log);
868 uint32_t company_id = rtas_ext_event_company_id(ext_log);
869
870 /* Check that we understand the format */
871 if (ext_log_length < sizeof(struct rtas_ext_event_log_v6) ||
872 log_format != RTAS_V6EXT_LOG_FORMAT_EVENT_LOG ||
873 company_id != RTAS_V6EXT_COMPANY_ID_IBM)
874 return NULL;
875
876 log_end = log->buffer + ext_log_length;
877 p = ext_log->vendor_log;
878
879 while (p < log_end) {
880 sect = (struct pseries_errorlog *)p;
881 if (pseries_errorlog_id(sect) == section_id)
882 return sect;
883 p += pseries_errorlog_length(sect);
884 }
885
886 return NULL;
887 }
888
889 #ifdef CONFIG_PPC_RTAS_FILTER
890
891 /*
892 * The sys_rtas syscall, as originally designed, allows root to pass
893 * arbitrary physical addresses to RTAS calls. A number of RTAS calls
894 * can be abused to write to arbitrary memory and do other things that
895 * are potentially harmful to system integrity, and thus should only
896 * be used inside the kernel and not exposed to userspace.
897 *
898 * All known legitimate users of the sys_rtas syscall will only ever
899 * pass addresses that fall within the RMO buffer, and use a known
900 * subset of RTAS calls.
901 *
902 * Accordingly, we filter RTAS requests to check that the call is
903 * permitted, and that provided pointers fall within the RMO buffer.
904 * The rtas_filters list contains an entry for each permitted call,
905 * with the indexes of the parameters which are expected to contain
906 * addresses and sizes of buffers allocated inside the RMO buffer.
907 */
908 struct rtas_filter {
909 const char *name;
910 int token;
911 /* Indexes into the args buffer, -1 if not used */
912 int buf_idx1;
913 int size_idx1;
914 int buf_idx2;
915 int size_idx2;
916
917 int fixed_size;
918 };
919
920 static struct rtas_filter rtas_filters[] __ro_after_init = {
921 { "ibm,activate-firmware", -1, -1, -1, -1, -1 },
922 { "ibm,configure-connector", -1, 0, -1, 1, -1, 4096 }, /* Special cased */
923 { "display-character", -1, -1, -1, -1, -1 },
924 { "ibm,display-message", -1, 0, -1, -1, -1 },
925 { "ibm,errinjct", -1, 2, -1, -1, -1, 1024 },
926 { "ibm,close-errinjct", -1, -1, -1, -1, -1 },
927 { "ibm,open-errinjct", -1, -1, -1, -1, -1 },
928 { "ibm,get-config-addr-info2", -1, -1, -1, -1, -1 },
929 { "ibm,get-dynamic-sensor-state", -1, 1, -1, -1, -1 },
930 { "ibm,get-indices", -1, 2, 3, -1, -1 },
931 { "get-power-level", -1, -1, -1, -1, -1 },
932 { "get-sensor-state", -1, -1, -1, -1, -1 },
933 { "ibm,get-system-parameter", -1, 1, 2, -1, -1 },
934 { "get-time-of-day", -1, -1, -1, -1, -1 },
935 { "ibm,get-vpd", -1, 0, -1, 1, 2 },
936 { "ibm,lpar-perftools", -1, 2, 3, -1, -1 },
937 { "ibm,platform-dump", -1, 4, 5, -1, -1 }, /* Special cased */
938 { "ibm,read-slot-reset-state", -1, -1, -1, -1, -1 },
939 { "ibm,scan-log-dump", -1, 0, 1, -1, -1 },
940 { "ibm,set-dynamic-indicator", -1, 2, -1, -1, -1 },
941 { "ibm,set-eeh-option", -1, -1, -1, -1, -1 },
942 { "set-indicator", -1, -1, -1, -1, -1 },
943 { "set-power-level", -1, -1, -1, -1, -1 },
944 { "set-time-for-power-on", -1, -1, -1, -1, -1 },
945 { "ibm,set-system-parameter", -1, 1, -1, -1, -1 },
946 { "set-time-of-day", -1, -1, -1, -1, -1 },
947 #ifdef CONFIG_CPU_BIG_ENDIAN
948 { "ibm,suspend-me", -1, -1, -1, -1, -1 },
949 { "ibm,update-nodes", -1, 0, -1, -1, -1, 4096 },
950 { "ibm,update-properties", -1, 0, -1, -1, -1, 4096 },
951 #endif
952 { "ibm,physical-attestation", -1, 0, 1, -1, -1 },
953 };
954
in_rmo_buf(u32 base,u32 end)955 static bool in_rmo_buf(u32 base, u32 end)
956 {
957 return base >= rtas_rmo_buf &&
958 base < (rtas_rmo_buf + RTAS_USER_REGION_SIZE) &&
959 base <= end &&
960 end >= rtas_rmo_buf &&
961 end < (rtas_rmo_buf + RTAS_USER_REGION_SIZE);
962 }
963
block_rtas_call(int token,int nargs,struct rtas_args * args)964 static bool block_rtas_call(int token, int nargs,
965 struct rtas_args *args)
966 {
967 int i;
968
969 for (i = 0; i < ARRAY_SIZE(rtas_filters); i++) {
970 struct rtas_filter *f = &rtas_filters[i];
971 u32 base, size, end;
972
973 if (token != f->token)
974 continue;
975
976 if (f->buf_idx1 != -1) {
977 base = be32_to_cpu(args->args[f->buf_idx1]);
978 if (f->size_idx1 != -1)
979 size = be32_to_cpu(args->args[f->size_idx1]);
980 else if (f->fixed_size)
981 size = f->fixed_size;
982 else
983 size = 1;
984
985 end = base + size - 1;
986
987 /*
988 * Special case for ibm,platform-dump - NULL buffer
989 * address is used to indicate end of dump processing
990 */
991 if (!strcmp(f->name, "ibm,platform-dump") &&
992 base == 0)
993 return false;
994
995 if (!in_rmo_buf(base, end))
996 goto err;
997 }
998
999 if (f->buf_idx2 != -1) {
1000 base = be32_to_cpu(args->args[f->buf_idx2]);
1001 if (f->size_idx2 != -1)
1002 size = be32_to_cpu(args->args[f->size_idx2]);
1003 else if (f->fixed_size)
1004 size = f->fixed_size;
1005 else
1006 size = 1;
1007 end = base + size - 1;
1008
1009 /*
1010 * Special case for ibm,configure-connector where the
1011 * address can be 0
1012 */
1013 if (!strcmp(f->name, "ibm,configure-connector") &&
1014 base == 0)
1015 return false;
1016
1017 if (!in_rmo_buf(base, end))
1018 goto err;
1019 }
1020
1021 return false;
1022 }
1023
1024 err:
1025 pr_err_ratelimited("sys_rtas: RTAS call blocked - exploit attempt?\n");
1026 pr_err_ratelimited("sys_rtas: token=0x%x, nargs=%d (called by %s)\n",
1027 token, nargs, current->comm);
1028 return true;
1029 }
1030
rtas_syscall_filter_init(void)1031 static void __init rtas_syscall_filter_init(void)
1032 {
1033 unsigned int i;
1034
1035 for (i = 0; i < ARRAY_SIZE(rtas_filters); i++)
1036 rtas_filters[i].token = rtas_token(rtas_filters[i].name);
1037 }
1038
1039 #else
1040
block_rtas_call(int token,int nargs,struct rtas_args * args)1041 static bool block_rtas_call(int token, int nargs,
1042 struct rtas_args *args)
1043 {
1044 return false;
1045 }
1046
rtas_syscall_filter_init(void)1047 static void __init rtas_syscall_filter_init(void)
1048 {
1049 }
1050
1051 #endif /* CONFIG_PPC_RTAS_FILTER */
1052
1053 /* We assume to be passed big endian arguments */
SYSCALL_DEFINE1(rtas,struct rtas_args __user *,uargs)1054 SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs)
1055 {
1056 struct rtas_args args;
1057 unsigned long flags;
1058 char *buff_copy, *errbuf = NULL;
1059 int nargs, nret, token;
1060
1061 if (!capable(CAP_SYS_ADMIN))
1062 return -EPERM;
1063
1064 if (!rtas.entry)
1065 return -EINVAL;
1066
1067 if (copy_from_user(&args, uargs, 3 * sizeof(u32)) != 0)
1068 return -EFAULT;
1069
1070 nargs = be32_to_cpu(args.nargs);
1071 nret = be32_to_cpu(args.nret);
1072 token = be32_to_cpu(args.token);
1073
1074 if (nargs >= ARRAY_SIZE(args.args)
1075 || nret > ARRAY_SIZE(args.args)
1076 || nargs + nret > ARRAY_SIZE(args.args))
1077 return -EINVAL;
1078
1079 /* Copy in args. */
1080 if (copy_from_user(args.args, uargs->args,
1081 nargs * sizeof(rtas_arg_t)) != 0)
1082 return -EFAULT;
1083
1084 if (token == RTAS_UNKNOWN_SERVICE)
1085 return -EINVAL;
1086
1087 args.rets = &args.args[nargs];
1088 memset(args.rets, 0, nret * sizeof(rtas_arg_t));
1089
1090 if (block_rtas_call(token, nargs, &args))
1091 return -EINVAL;
1092
1093 /* Need to handle ibm,suspend_me call specially */
1094 if (token == rtas_token("ibm,suspend-me")) {
1095
1096 /*
1097 * rtas_ibm_suspend_me assumes the streamid handle is in cpu
1098 * endian, or at least the hcall within it requires it.
1099 */
1100 int rc = 0;
1101 u64 handle = ((u64)be32_to_cpu(args.args[0]) << 32)
1102 | be32_to_cpu(args.args[1]);
1103 rc = rtas_syscall_dispatch_ibm_suspend_me(handle);
1104 if (rc == -EAGAIN)
1105 args.rets[0] = cpu_to_be32(RTAS_NOT_SUSPENDABLE);
1106 else if (rc == -EIO)
1107 args.rets[0] = cpu_to_be32(-1);
1108 else if (rc)
1109 return rc;
1110 goto copy_return;
1111 }
1112
1113 buff_copy = get_errorlog_buffer();
1114
1115 flags = lock_rtas();
1116
1117 rtas.args = args;
1118 do_enter_rtas(__pa(&rtas.args));
1119 args = rtas.args;
1120
1121 /* A -1 return code indicates that the last command couldn't
1122 be completed due to a hardware error. */
1123 if (be32_to_cpu(args.rets[0]) == -1)
1124 errbuf = __fetch_rtas_last_error(buff_copy);
1125
1126 unlock_rtas(flags);
1127
1128 if (buff_copy) {
1129 if (errbuf)
1130 log_error(errbuf, ERR_TYPE_RTAS_LOG, 0);
1131 kfree(buff_copy);
1132 }
1133
1134 copy_return:
1135 /* Copy out args. */
1136 if (copy_to_user(uargs->args + nargs,
1137 args.args + nargs,
1138 nret * sizeof(rtas_arg_t)) != 0)
1139 return -EFAULT;
1140
1141 return 0;
1142 }
1143
1144 /*
1145 * Call early during boot, before mem init, to retrieve the RTAS
1146 * information from the device-tree and allocate the RMO buffer for userland
1147 * accesses.
1148 */
rtas_initialize(void)1149 void __init rtas_initialize(void)
1150 {
1151 unsigned long rtas_region = RTAS_INSTANTIATE_MAX;
1152 u32 base, size, entry;
1153 int no_base, no_size, no_entry;
1154
1155 /* Get RTAS dev node and fill up our "rtas" structure with infos
1156 * about it.
1157 */
1158 rtas.dev = of_find_node_by_name(NULL, "rtas");
1159 if (!rtas.dev)
1160 return;
1161
1162 no_base = of_property_read_u32(rtas.dev, "linux,rtas-base", &base);
1163 no_size = of_property_read_u32(rtas.dev, "rtas-size", &size);
1164 if (no_base || no_size) {
1165 of_node_put(rtas.dev);
1166 rtas.dev = NULL;
1167 return;
1168 }
1169
1170 rtas.base = base;
1171 rtas.size = size;
1172 no_entry = of_property_read_u32(rtas.dev, "linux,rtas-entry", &entry);
1173 rtas.entry = no_entry ? rtas.base : entry;
1174
1175 /*
1176 * Discover these now to avoid device tree lookups in the
1177 * panic path.
1178 */
1179 if (of_property_read_bool(rtas.dev, "ibm,extended-os-term"))
1180 ibm_os_term_token = rtas_token("ibm,os-term");
1181
1182 /* If RTAS was found, allocate the RMO buffer for it and look for
1183 * the stop-self token if any
1184 */
1185 #ifdef CONFIG_PPC64
1186 if (firmware_has_feature(FW_FEATURE_LPAR))
1187 rtas_region = min(ppc64_rma_size, RTAS_INSTANTIATE_MAX);
1188 #endif
1189 rtas_rmo_buf = memblock_phys_alloc_range(RTAS_USER_REGION_SIZE, PAGE_SIZE,
1190 0, rtas_region);
1191 if (!rtas_rmo_buf)
1192 panic("ERROR: RTAS: Failed to allocate %lx bytes below %pa\n",
1193 PAGE_SIZE, &rtas_region);
1194
1195 #ifdef CONFIG_RTAS_ERROR_LOGGING
1196 rtas_last_error_token = rtas_token("rtas-last-error");
1197 #endif
1198
1199 rtas_syscall_filter_init();
1200 }
1201
early_init_dt_scan_rtas(unsigned long node,const char * uname,int depth,void * data)1202 int __init early_init_dt_scan_rtas(unsigned long node,
1203 const char *uname, int depth, void *data)
1204 {
1205 const u32 *basep, *entryp, *sizep;
1206
1207 if (depth != 1 || strcmp(uname, "rtas") != 0)
1208 return 0;
1209
1210 basep = of_get_flat_dt_prop(node, "linux,rtas-base", NULL);
1211 entryp = of_get_flat_dt_prop(node, "linux,rtas-entry", NULL);
1212 sizep = of_get_flat_dt_prop(node, "rtas-size", NULL);
1213
1214 #ifdef CONFIG_PPC64
1215 /* need this feature to decide the crashkernel offset */
1216 if (of_get_flat_dt_prop(node, "ibm,hypertas-functions", NULL))
1217 powerpc_firmware_features |= FW_FEATURE_LPAR;
1218 #endif
1219
1220 if (basep && entryp && sizep) {
1221 rtas.base = *basep;
1222 rtas.entry = *entryp;
1223 rtas.size = *sizep;
1224 }
1225
1226 #ifdef CONFIG_UDBG_RTAS_CONSOLE
1227 basep = of_get_flat_dt_prop(node, "put-term-char", NULL);
1228 if (basep)
1229 rtas_putchar_token = *basep;
1230
1231 basep = of_get_flat_dt_prop(node, "get-term-char", NULL);
1232 if (basep)
1233 rtas_getchar_token = *basep;
1234
1235 if (rtas_putchar_token != RTAS_UNKNOWN_SERVICE &&
1236 rtas_getchar_token != RTAS_UNKNOWN_SERVICE)
1237 udbg_init_rtas_console();
1238
1239 #endif
1240
1241 /* break now */
1242 return 1;
1243 }
1244
1245 static arch_spinlock_t timebase_lock;
1246 static u64 timebase = 0;
1247
rtas_give_timebase(void)1248 void rtas_give_timebase(void)
1249 {
1250 unsigned long flags;
1251
1252 local_irq_save(flags);
1253 hard_irq_disable();
1254 arch_spin_lock(&timebase_lock);
1255 rtas_call(rtas_token("freeze-time-base"), 0, 1, NULL);
1256 timebase = get_tb();
1257 arch_spin_unlock(&timebase_lock);
1258
1259 while (timebase)
1260 barrier();
1261 rtas_call(rtas_token("thaw-time-base"), 0, 1, NULL);
1262 local_irq_restore(flags);
1263 }
1264
rtas_take_timebase(void)1265 void rtas_take_timebase(void)
1266 {
1267 while (!timebase)
1268 barrier();
1269 arch_spin_lock(&timebase_lock);
1270 set_tb(timebase >> 32, timebase & 0xffffffff);
1271 timebase = 0;
1272 arch_spin_unlock(&timebase_lock);
1273 }
1274