drivers/firmware/efi/capsule-loader.c

   1 /*
   2  * EFI capsule loader driver.
   3  *
   4  * Copyright 2015 Intel Corporation
   5  *
   6  * This file is part of the Linux kernel, and is made available under
   7  * the terms of the GNU General Public License version 2.
   8  */
   9
  10 #define pr_fmt(fmt) "efi: " fmt
  11
  12 #include <linux/kernel.h>
  13 #include <linux/module.h>
  14 #include <linux/miscdevice.h>
  15 #include <linux/highmem.h>
  16 #include <linux/slab.h>
  17 #include <linux/mutex.h>
  18 #include <linux/efi.h>
  19 #include <linux/vmalloc.h>
  20
  21 #define NO_FURTHER_WRITE_ACTION -1
  22
  23 /**
  24  * efi_free_all_buff_pages - free all previous allocated buffer pages
  25  * @cap_info: pointer to current instance of capsule_info structure
  26  *
  27  *      In addition to freeing buffer pages, it flags NO_FURTHER_WRITE_ACTION
  28  *      to cease processing data in subsequent write(2) calls until close(2)
  29  *      is called.
  30  **/
  31 static void efi_free_all_buff_pages(struct capsule_info *cap_info)
  32 {
  33         while (cap_info->index > 0)
  34                 __free_page(cap_info->pages[--cap_info->index]);
  35
  36         cap_info->index = NO_FURTHER_WRITE_ACTION;
  37 }
  38
  39 int __efi_capsule_setup_info(struct capsule_info *cap_info)
  40 {
  41         size_t pages_needed;
  42         int ret;
  43         void *temp_page;
  44
  45         pages_needed = ALIGN(cap_info->total_size, PAGE_SIZE) / PAGE_SIZE;
  46
  47         if (pages_needed == 0) {
  48                 pr_err("invalid capsule size\n");
  49                 return -EINVAL;
  50         }
  51
  52         /* Check if the capsule binary supported */
  53         ret = efi_capsule_supported(cap_info->header.guid,
  54                                     cap_info->header.flags,
  55                                     cap_info->header.imagesize,
  56                                     &cap_info->reset_type);
  57         if (ret) {
  58                 pr_err("capsule not supported\n");
  59                 return ret;
  60         }
  61
  62         temp_page = krealloc(cap_info->pages,
  63                              pages_needed * sizeof(void *),
  64                              GFP_KERNEL | __GFP_ZERO);
  65         if (!temp_page)
  66                 return -ENOMEM;
  67
  68         cap_info->pages = temp_page;
  69
  70         temp_page = krealloc(cap_info->phys,
  71                              pages_needed * sizeof(phys_addr_t *),
  72                              GFP_KERNEL | __GFP_ZERO);
  73         if (!temp_page)
  74                 return -ENOMEM;
  75
  76         cap_info->phys = temp_page;
  77
  78         return 0;
  79 }
  80
  81 /**
  82  * efi_capsule_setup_info - obtain the efi capsule header in the binary and
  83  *                          setup capsule_info structure
  84  * @cap_info: pointer to current instance of capsule_info structure
  85  * @kbuff: a mapped first page buffer pointer
  86  * @hdr_bytes: the total received number of bytes for efi header
  87  *
  88  * Platforms with non-standard capsule update mechanisms can override
  89  * this __weak function so they can perform any required capsule
  90  * image munging. See quark_quirk_function() for an example.
  91  **/
  92 int __weak efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff,
  93                                   size_t hdr_bytes)
  94 {
  95         /* Only process data block that is larger than efi header size */
  96         if (hdr_bytes < sizeof(efi_capsule_header_t))
  97                 return 0;
  98
  99         memcpy(&cap_info->header, kbuff, sizeof(cap_info->header));
 100         cap_info->total_size = cap_info->header.imagesize;
 101
 102         return __efi_capsule_setup_info(cap_info);
 103 }
 104
 105 /**
 106  * efi_capsule_submit_update - invoke the efi_capsule_update API once binary
 107  *                             upload done
 108  * @cap_info: pointer to current instance of capsule_info structure
 109  **/
 110 static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info)
 111 {
 112         bool do_vunmap = false;
 113         int ret;
 114
 115         /*
 116          * cap_info->capsule may have been assigned already by a quirk
 117          * handler, so only overwrite it if it is NULL
 118          */
 119         if (!cap_info->capsule) {
 120                 cap_info->capsule = vmap(cap_info->pages, cap_info->index,
 121                                          VM_MAP, PAGE_KERNEL);
 122                 if (!cap_info->capsule)
 123                         return -ENOMEM;
 124                 do_vunmap = true;
 125         }
 126
 127         ret = efi_capsule_update(cap_info->capsule, cap_info->phys);
 128         if (do_vunmap)
 129                 vunmap(cap_info->capsule);
 130         if (ret) {
 131                 pr_err("capsule update failed\n");
 132                 return ret;
 133         }
 134
 135         /* Indicate capsule binary uploading is done */
 136         cap_info->index = NO_FURTHER_WRITE_ACTION;
 137
 138         if (cap_info->header.flags & EFI_CAPSULE_PERSIST_ACROSS_RESET) {
 139                 pr_info("Successfully uploaded capsule file with reboot type '%s'\n",
 140                         !cap_info->reset_type ? "RESET_COLD" :
 141                         cap_info->reset_type == 1 ? "RESET_WARM" :
 142                         "RESET_SHUTDOWN");
 143         } else {
 144                 pr_info("Successfully processed capsule file\n");
 145         }
 146
 147         return 0;
 148 }
 149
 150 /**
 151  * efi_capsule_write - store the capsule binary and pass it to
 152  *                     efi_capsule_update() API
 153  * @file: file pointer
 154  * @buff: buffer pointer
 155  * @count: number of bytes in @buff
 156  * @offp: not used
 157  *
 158  *      Expectation:
 159  *      - A user space tool should start at the beginning of capsule binary and
 160  *        pass data in sequentially.
 161  *      - Users should close and re-open this file note in order to upload more
 162  *        capsules.
 163  *      - After an error returned, user should close the file and restart the
 164  *        operation for the next try otherwise -EIO will be returned until the
 165  *        file is closed.
 166  *      - An EFI capsule header must be located at the beginning of capsule
 167  *        binary file and passed in as first block data of write operation.
 168  **/
 169 static ssize_t efi_capsule_write(struct file *file, const char __user *buff,
 170                                  size_t count, loff_t *offp)
 171 {
 172         int ret = 0;
 173         struct capsule_info *cap_info = file->private_data;
 174         struct page *page;
 175         void *kbuff = NULL;
 176         size_t write_byte;
 177
 178         if (count == 0)
 179                 return 0;
 180
 181         /* Return error while NO_FURTHER_WRITE_ACTION is flagged */
 182         if (cap_info->index < 0)
 183                 return -EIO;
 184
 185         /* Only alloc a new page when previous page is full */
 186         if (!cap_info->page_bytes_remain) {
 187                 page = alloc_page(GFP_KERNEL);
 188                 if (!page) {
 189                         ret = -ENOMEM;
 190                         goto failed;
 191                 }
 192
 193                 cap_info->pages[cap_info->index] = page;
 194                 cap_info->phys[cap_info->index] = page_to_phys(page);
 195                 cap_info->page_bytes_remain = PAGE_SIZE;
 196                 cap_info->index++;
 197         } else {
 198                 page = cap_info->pages[cap_info->index - 1];
 199         }
 200
 201         kbuff = kmap(page);
 202         kbuff += PAGE_SIZE - cap_info->page_bytes_remain;
 203
 204         /* Copy capsule binary data from user space to kernel space buffer */
 205         write_byte = min_t(size_t, count, cap_info->page_bytes_remain);
 206         if (copy_from_user(kbuff, buff, write_byte)) {
 207                 ret = -EFAULT;
 208                 goto fail_unmap;
 209         }
 210         cap_info->page_bytes_remain -= write_byte;
 211
 212         /* Setup capsule binary info structure */
 213         if (cap_info->header.headersize == 0) {
 214                 ret = efi_capsule_setup_info(cap_info, kbuff - cap_info->count,
 215                                              cap_info->count + write_byte);
 216                 if (ret)
 217                         goto fail_unmap;
 218         }
 219
 220         cap_info->count += write_byte;
 221         kunmap(page);
 222
 223         /* Submit the full binary to efi_capsule_update() API */
 224         if (cap_info->header.headersize > 0 &&
 225             cap_info->count >= cap_info->total_size) {
 226                 if (cap_info->count > cap_info->total_size) {
 227                         pr_err("capsule upload size exceeded header defined size\n");
 228                         ret = -EINVAL;
 229                         goto failed;
 230                 }
 231
 232                 ret = efi_capsule_submit_update(cap_info);
 233                 if (ret)
 234                         goto failed;
 235         }
 236
 237         return write_byte;
 238
 239 fail_unmap:
 240         kunmap(page);
 241 failed:
 242         efi_free_all_buff_pages(cap_info);
 243         return ret;
 244 }
 245
 246 /**
 247  * efi_capsule_flush - called by file close or file flush
 248  * @file: file pointer
 249  * @id: not used
 250  *
 251  *      If a capsule is being partially uploaded then calling this function
 252  *      will be treated as upload termination and will free those completed
 253  *      buffer pages and -ECANCELED will be returned.
 254  **/
 255 static int efi_capsule_flush(struct file *file, fl_owner_t id)
 256 {
 257         int ret = 0;
 258         struct capsule_info *cap_info = file->private_data;
 259
 260         if (cap_info->index > 0) {
 261                 pr_err("capsule upload not complete\n");
 262                 efi_free_all_buff_pages(cap_info);
 263                 ret = -ECANCELED;
 264         }
 265
 266         return ret;
 267 }
 268
 269 /**
 270  * efi_capsule_release - called by file close
 271  * @inode: not used
 272  * @file: file pointer
 273  *
 274  *      We will not free successfully submitted pages since efi update
 275  *      requires data to be maintained across system reboot.
 276  **/
 277 static int efi_capsule_release(struct inode *inode, struct file *file)
 278 {
 279         struct capsule_info *cap_info = file->private_data;
 280
 281         kfree(cap_info->pages);
 282         kfree(cap_info->phys);
 283         kfree(file->private_data);
 284         file->private_data = NULL;
 285         return 0;
 286 }
 287
 288 /**
 289  * efi_capsule_open - called by file open
 290  * @inode: not used
 291  * @file: file pointer
 292  *
 293  *      Will allocate each capsule_info memory for each file open call.
 294  *      This provided the capability to support multiple file open feature
 295  *      where user is not needed to wait for others to finish in order to
 296  *      upload their capsule binary.
 297  **/
 298 static int efi_capsule_open(struct inode *inode, struct file *file)
 299 {
 300         struct capsule_info *cap_info;
 301
 302         cap_info = kzalloc(sizeof(*cap_info), GFP_KERNEL);
 303         if (!cap_info)
 304                 return -ENOMEM;
 305
 306         cap_info->pages = kzalloc(sizeof(void *), GFP_KERNEL);
 307         if (!cap_info->pages) {
 308                 kfree(cap_info);
 309                 return -ENOMEM;
 310         }
 311
 312         cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);
 313         if (!cap_info->phys) {
 314                 kfree(cap_info->pages);
 315                 kfree(cap_info);
 316                 return -ENOMEM;
 317         }
 318
 319         file->private_data = cap_info;
 320
 321         return 0;
 322 }
 323
 324 static const struct file_operations efi_capsule_fops = {
 325         .owner = THIS_MODULE,
 326         .open = efi_capsule_open,
 327         .write = efi_capsule_write,
 328         .flush = efi_capsule_flush,
 329         .release = efi_capsule_release,
 330         .llseek = no_llseek,
 331 };
 332
 333 static struct miscdevice efi_capsule_misc = {
 334         .minor = MISC_DYNAMIC_MINOR,
 335         .name = "efi_capsule_loader",
 336         .fops = &efi_capsule_fops,
 337 };
 338
 339 static int __init efi_capsule_loader_init(void)
 340 {
 341         int ret;
 342
 343         if (!efi_enabled(EFI_RUNTIME_SERVICES))
 344                 return -ENODEV;
 345
 346         ret = misc_register(&efi_capsule_misc);
 347         if (ret)
 348                 pr_err("Unable to register capsule loader device\n");
 349
 350         return ret;
 351 }
 352 module_init(efi_capsule_loader_init);
 353
 354 static void __exit efi_capsule_loader_exit(void)
 355 {
 356         misc_deregister(&efi_capsule_misc);
 357 }
 358 module_exit(efi_capsule_loader_exit);
 359
 360 MODULE_DESCRIPTION("EFI capsule firmware binary loader");
 361 MODULE_LICENSE("GPL v2");