1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * EFI capsule loader driver. |
4 | * |
5 | * Copyright 2015 Intel Corporation |
6 | */ |
7 | |
8 | #define pr_fmt(fmt) "efi: " fmt |
9 | |
10 | #include <linux/kernel.h> |
11 | #include <linux/module.h> |
12 | #include <linux/miscdevice.h> |
13 | #include <linux/highmem.h> |
14 | #include <linux/io.h> |
15 | #include <linux/slab.h> |
16 | #include <linux/mutex.h> |
17 | #include <linux/efi.h> |
18 | #include <linux/vmalloc.h> |
19 | |
20 | #define NO_FURTHER_WRITE_ACTION -1 |
21 | |
22 | /** |
23 | * efi_free_all_buff_pages - free all previous allocated buffer pages |
24 | * @cap_info: pointer to current instance of capsule_info structure |
25 | * |
26 | * In addition to freeing buffer pages, it flags NO_FURTHER_WRITE_ACTION |
27 | * to cease processing data in subsequent write(2) calls until close(2) |
28 | * is called. |
29 | **/ |
30 | static void efi_free_all_buff_pages(struct capsule_info *cap_info) |
31 | { |
32 | while (cap_info->index > 0) |
33 | __free_page(cap_info->pages[--cap_info->index]); |
34 | |
35 | cap_info->index = NO_FURTHER_WRITE_ACTION; |
36 | } |
37 | |
38 | int __efi_capsule_setup_info(struct capsule_info *cap_info) |
39 | { |
40 | size_t pages_needed; |
41 | int ret; |
42 | void *temp_page; |
43 | |
44 | pages_needed = ALIGN(cap_info->total_size, PAGE_SIZE) / PAGE_SIZE; |
45 | |
46 | if (pages_needed == 0) { |
47 | pr_err("invalid capsule size\n" ); |
48 | return -EINVAL; |
49 | } |
50 | |
51 | /* Check if the capsule binary supported */ |
52 | ret = efi_capsule_supported(guid: cap_info->header.guid, |
53 | flags: cap_info->header.flags, |
54 | size: cap_info->header.imagesize, |
55 | reset: &cap_info->reset_type); |
56 | if (ret) { |
57 | pr_err("capsule not supported\n" ); |
58 | return ret; |
59 | } |
60 | |
61 | temp_page = krealloc(objp: cap_info->pages, |
62 | new_size: pages_needed * sizeof(void *), |
63 | GFP_KERNEL | __GFP_ZERO); |
64 | if (!temp_page) |
65 | return -ENOMEM; |
66 | |
67 | cap_info->pages = temp_page; |
68 | |
69 | temp_page = krealloc(objp: cap_info->phys, |
70 | new_size: pages_needed * sizeof(phys_addr_t *), |
71 | GFP_KERNEL | __GFP_ZERO); |
72 | if (!temp_page) |
73 | return -ENOMEM; |
74 | |
75 | cap_info->phys = temp_page; |
76 | |
77 | return 0; |
78 | } |
79 | |
80 | /** |
81 | * efi_capsule_setup_info - obtain the efi capsule header in the binary and |
82 | * setup capsule_info structure |
83 | * @cap_info: pointer to current instance of capsule_info structure |
84 | * @kbuff: a mapped first page buffer pointer |
85 | * @hdr_bytes: the total received number of bytes for efi header |
86 | * |
87 | * Platforms with non-standard capsule update mechanisms can override |
88 | * this __weak function so they can perform any required capsule |
89 | * image munging. See quark_quirk_function() for an example. |
90 | **/ |
91 | int __weak efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff, |
92 | size_t hdr_bytes) |
93 | { |
94 | /* Only process data block that is larger than efi header size */ |
95 | if (hdr_bytes < sizeof(efi_capsule_header_t)) |
96 | return 0; |
97 | |
98 | memcpy(&cap_info->header, kbuff, sizeof(cap_info->header)); |
99 | cap_info->total_size = cap_info->header.imagesize; |
100 | |
101 | return __efi_capsule_setup_info(cap_info); |
102 | } |
103 | |
104 | /** |
105 | * efi_capsule_submit_update - invoke the efi_capsule_update API once binary |
106 | * upload done |
107 | * @cap_info: pointer to current instance of capsule_info structure |
108 | **/ |
109 | static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info) |
110 | { |
111 | bool do_vunmap = false; |
112 | int ret; |
113 | |
114 | /* |
115 | * cap_info->capsule may have been assigned already by a quirk |
116 | * handler, so only overwrite it if it is NULL |
117 | */ |
118 | if (!cap_info->capsule) { |
119 | cap_info->capsule = vmap(pages: cap_info->pages, count: cap_info->index, |
120 | VM_MAP, PAGE_KERNEL); |
121 | if (!cap_info->capsule) |
122 | return -ENOMEM; |
123 | do_vunmap = true; |
124 | } |
125 | |
126 | ret = efi_capsule_update(capsule: cap_info->capsule, pages: cap_info->phys); |
127 | if (do_vunmap) |
128 | vunmap(addr: cap_info->capsule); |
129 | if (ret) { |
130 | pr_err("capsule update failed\n" ); |
131 | return ret; |
132 | } |
133 | |
134 | /* Indicate capsule binary uploading is done */ |
135 | cap_info->index = NO_FURTHER_WRITE_ACTION; |
136 | |
137 | if (cap_info->header.flags & EFI_CAPSULE_PERSIST_ACROSS_RESET) { |
138 | pr_info("Successfully uploaded capsule file with reboot type '%s'\n" , |
139 | !cap_info->reset_type ? "RESET_COLD" : |
140 | cap_info->reset_type == 1 ? "RESET_WARM" : |
141 | "RESET_SHUTDOWN" ); |
142 | } else { |
143 | pr_info("Successfully processed capsule file\n" ); |
144 | } |
145 | |
146 | return 0; |
147 | } |
148 | |
149 | /** |
150 | * efi_capsule_write - store the capsule binary and pass it to |
151 | * efi_capsule_update() API |
152 | * @file: file pointer |
153 | * @buff: buffer pointer |
154 | * @count: number of bytes in @buff |
155 | * @offp: not used |
156 | * |
157 | * Expectation: |
158 | * - A user space tool should start at the beginning of capsule binary and |
159 | * pass data in sequentially. |
160 | * - Users should close and re-open this file note in order to upload more |
161 | * capsules. |
162 | * - After an error returned, user should close the file and restart the |
163 | * operation for the next try otherwise -EIO will be returned until the |
164 | * file is closed. |
165 | * - An EFI capsule header must be located at the beginning of capsule |
166 | * binary file and passed in as first block data of write operation. |
167 | **/ |
168 | static ssize_t efi_capsule_write(struct file *file, const char __user *buff, |
169 | size_t count, loff_t *offp) |
170 | { |
171 | int ret; |
172 | struct capsule_info *cap_info = file->private_data; |
173 | struct page *page; |
174 | void *kbuff = NULL; |
175 | size_t write_byte; |
176 | |
177 | if (count == 0) |
178 | return 0; |
179 | |
180 | /* Return error while NO_FURTHER_WRITE_ACTION is flagged */ |
181 | if (cap_info->index < 0) |
182 | return -EIO; |
183 | |
184 | /* Only alloc a new page when previous page is full */ |
185 | if (!cap_info->page_bytes_remain) { |
186 | page = alloc_page(GFP_KERNEL); |
187 | if (!page) { |
188 | ret = -ENOMEM; |
189 | goto failed; |
190 | } |
191 | |
192 | cap_info->pages[cap_info->index] = page; |
193 | cap_info->phys[cap_info->index] = page_to_phys(page); |
194 | cap_info->page_bytes_remain = PAGE_SIZE; |
195 | cap_info->index++; |
196 | } else { |
197 | page = cap_info->pages[cap_info->index - 1]; |
198 | } |
199 | |
200 | kbuff = kmap(page); |
201 | kbuff += PAGE_SIZE - cap_info->page_bytes_remain; |
202 | |
203 | /* Copy capsule binary data from user space to kernel space buffer */ |
204 | write_byte = min_t(size_t, count, cap_info->page_bytes_remain); |
205 | if (copy_from_user(to: kbuff, from: buff, n: write_byte)) { |
206 | ret = -EFAULT; |
207 | goto fail_unmap; |
208 | } |
209 | cap_info->page_bytes_remain -= write_byte; |
210 | |
211 | /* Setup capsule binary info structure */ |
212 | if (cap_info->header.headersize == 0) { |
213 | ret = efi_capsule_setup_info(cap_info, kbuff: kbuff - cap_info->count, |
214 | hdr_bytes: cap_info->count + write_byte); |
215 | if (ret) |
216 | goto fail_unmap; |
217 | } |
218 | |
219 | cap_info->count += write_byte; |
220 | kunmap(page); |
221 | |
222 | /* Submit the full binary to efi_capsule_update() API */ |
223 | if (cap_info->header.headersize > 0 && |
224 | cap_info->count >= cap_info->total_size) { |
225 | if (cap_info->count > cap_info->total_size) { |
226 | pr_err("capsule upload size exceeded header defined size\n" ); |
227 | ret = -EINVAL; |
228 | goto failed; |
229 | } |
230 | |
231 | ret = efi_capsule_submit_update(cap_info); |
232 | if (ret) |
233 | goto failed; |
234 | } |
235 | |
236 | return write_byte; |
237 | |
238 | fail_unmap: |
239 | kunmap(page); |
240 | failed: |
241 | efi_free_all_buff_pages(cap_info); |
242 | return ret; |
243 | } |
244 | |
245 | /** |
246 | * efi_capsule_release - called by file close |
247 | * @inode: not used |
248 | * @file: file pointer |
249 | * |
250 | * We will not free successfully submitted pages since efi update |
251 | * requires data to be maintained across system reboot. |
252 | **/ |
253 | static int efi_capsule_release(struct inode *inode, struct file *file) |
254 | { |
255 | struct capsule_info *cap_info = file->private_data; |
256 | |
257 | if (cap_info->index > 0 && |
258 | (cap_info->header.headersize == 0 || |
259 | cap_info->count < cap_info->total_size)) { |
260 | pr_err("capsule upload not complete\n" ); |
261 | efi_free_all_buff_pages(cap_info); |
262 | } |
263 | |
264 | kfree(objp: cap_info->pages); |
265 | kfree(objp: cap_info->phys); |
266 | kfree(objp: file->private_data); |
267 | file->private_data = NULL; |
268 | return 0; |
269 | } |
270 | |
271 | /** |
272 | * efi_capsule_open - called by file open |
273 | * @inode: not used |
274 | * @file: file pointer |
275 | * |
276 | * Will allocate each capsule_info memory for each file open call. |
277 | * This provided the capability to support multiple file open feature |
278 | * where user is not needed to wait for others to finish in order to |
279 | * upload their capsule binary. |
280 | **/ |
281 | static int efi_capsule_open(struct inode *inode, struct file *file) |
282 | { |
283 | struct capsule_info *cap_info; |
284 | |
285 | cap_info = kzalloc(size: sizeof(*cap_info), GFP_KERNEL); |
286 | if (!cap_info) |
287 | return -ENOMEM; |
288 | |
289 | cap_info->pages = kzalloc(size: sizeof(void *), GFP_KERNEL); |
290 | if (!cap_info->pages) { |
291 | kfree(objp: cap_info); |
292 | return -ENOMEM; |
293 | } |
294 | |
295 | cap_info->phys = kzalloc(size: sizeof(phys_addr_t), GFP_KERNEL); |
296 | if (!cap_info->phys) { |
297 | kfree(objp: cap_info->pages); |
298 | kfree(objp: cap_info); |
299 | return -ENOMEM; |
300 | } |
301 | |
302 | file->private_data = cap_info; |
303 | |
304 | return 0; |
305 | } |
306 | |
307 | static const struct file_operations efi_capsule_fops = { |
308 | .owner = THIS_MODULE, |
309 | .open = efi_capsule_open, |
310 | .write = efi_capsule_write, |
311 | .release = efi_capsule_release, |
312 | .llseek = no_llseek, |
313 | }; |
314 | |
315 | static struct miscdevice efi_capsule_misc = { |
316 | .minor = MISC_DYNAMIC_MINOR, |
317 | .name = "efi_capsule_loader" , |
318 | .fops = &efi_capsule_fops, |
319 | }; |
320 | |
321 | static int __init efi_capsule_loader_init(void) |
322 | { |
323 | int ret; |
324 | |
325 | if (!efi_enabled(EFI_RUNTIME_SERVICES)) |
326 | return -ENODEV; |
327 | |
328 | ret = misc_register(misc: &efi_capsule_misc); |
329 | if (ret) |
330 | pr_err("Unable to register capsule loader device\n" ); |
331 | |
332 | return ret; |
333 | } |
334 | module_init(efi_capsule_loader_init); |
335 | |
336 | static void __exit efi_capsule_loader_exit(void) |
337 | { |
338 | misc_deregister(misc: &efi_capsule_misc); |
339 | } |
340 | module_exit(efi_capsule_loader_exit); |
341 | |
342 | MODULE_DESCRIPTION("EFI capsule firmware binary loader" ); |
343 | MODULE_LICENSE("GPL v2" ); |
344 | |