14c87aefeSPatrick Mooney /*-
2*32640292SAndy Fiddaman * SPDX-License-Identifier: BSD-2-Clause
34c87aefeSPatrick Mooney *
44c87aefeSPatrick Mooney * Copyright (c) 2015 Neel Natu <neel@freebsd.org>
54c87aefeSPatrick Mooney * All rights reserved.
64c87aefeSPatrick Mooney *
74c87aefeSPatrick Mooney * Redistribution and use in source and binary forms, with or without
84c87aefeSPatrick Mooney * modification, are permitted provided that the following conditions
94c87aefeSPatrick Mooney * are met:
104c87aefeSPatrick Mooney * 1. Redistributions of source code must retain the above copyright
114c87aefeSPatrick Mooney * notice, this list of conditions and the following disclaimer.
124c87aefeSPatrick Mooney * 2. Redistributions in binary form must reproduce the above copyright
134c87aefeSPatrick Mooney * notice, this list of conditions and the following disclaimer in the
144c87aefeSPatrick Mooney * documentation and/or other materials provided with the distribution.
154c87aefeSPatrick Mooney *
164c87aefeSPatrick Mooney * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
174c87aefeSPatrick Mooney * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
184c87aefeSPatrick Mooney * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
194c87aefeSPatrick Mooney * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
204c87aefeSPatrick Mooney * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
214c87aefeSPatrick Mooney * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
224c87aefeSPatrick Mooney * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
234c87aefeSPatrick Mooney * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
244c87aefeSPatrick Mooney * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
254c87aefeSPatrick Mooney * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
264c87aefeSPatrick Mooney * SUCH DAMAGE.
274c87aefeSPatrick Mooney */
284c87aefeSPatrick Mooney
294c87aefeSPatrick Mooney #include <sys/param.h>
304c87aefeSPatrick Mooney
314c87aefeSPatrick Mooney #include <sys/types.h>
324c87aefeSPatrick Mooney #include <sys/mman.h>
334c87aefeSPatrick Mooney #include <sys/stat.h>
344c87aefeSPatrick Mooney
354c87aefeSPatrick Mooney #include <machine/vmm.h>
364c87aefeSPatrick Mooney
37154972afSPatrick Mooney #include <err.h>
384c87aefeSPatrick Mooney #include <errno.h>
394c87aefeSPatrick Mooney #include <fcntl.h>
404c87aefeSPatrick Mooney #include <stdio.h>
416dc98349SAndy Fiddaman #include <stdlib.h>
424c87aefeSPatrick Mooney #include <string.h>
434c87aefeSPatrick Mooney #include <unistd.h>
444c87aefeSPatrick Mooney #include <stdbool.h>
454c87aefeSPatrick Mooney
464c87aefeSPatrick Mooney #include <vmmapi.h>
476dc98349SAndy Fiddaman
484c87aefeSPatrick Mooney #include "bhyverun.h"
494c87aefeSPatrick Mooney #include "bootrom.h"
50154972afSPatrick Mooney #include "debug.h"
516dc98349SAndy Fiddaman #include "mem.h"
524c87aefeSPatrick Mooney
53154972afSPatrick Mooney #define BOOTROM_SIZE (16 * 1024 * 1024) /* 16 MB */
54154972afSPatrick Mooney
55154972afSPatrick Mooney /*
56154972afSPatrick Mooney * ROM region is 16 MB at the top of 4GB ("low") memory.
57154972afSPatrick Mooney *
58154972afSPatrick Mooney * The size is limited so it doesn't encroach into reserved MMIO space (e.g.,
59154972afSPatrick Mooney * APIC, HPET, MSI).
60154972afSPatrick Mooney *
61154972afSPatrick Mooney * It is allocated in page-multiple blocks on a first-come first-serve basis,
62154972afSPatrick Mooney * from high to low, during initialization, and does not change at runtime.
63154972afSPatrick Mooney */
64154972afSPatrick Mooney static char *romptr; /* Pointer to userspace-mapped bootrom region. */
65154972afSPatrick Mooney static vm_paddr_t gpa_base; /* GPA of low end of region. */
66154972afSPatrick Mooney static vm_paddr_t gpa_allocbot; /* Low GPA of free region. */
67154972afSPatrick Mooney static vm_paddr_t gpa_alloctop; /* High GPA, minus 1, of free region. */
68154972afSPatrick Mooney
696dc98349SAndy Fiddaman #define CFI_BCS_WRITE_BYTE 0x10
706dc98349SAndy Fiddaman #define CFI_BCS_CLEAR_STATUS 0x50
716dc98349SAndy Fiddaman #define CFI_BCS_READ_STATUS 0x70
726dc98349SAndy Fiddaman #define CFI_BCS_READ_ARRAY 0xff
736dc98349SAndy Fiddaman
746dc98349SAndy Fiddaman static struct bootrom_var_state {
756dc98349SAndy Fiddaman uint8_t *mmap;
766dc98349SAndy Fiddaman uint64_t gpa;
776dc98349SAndy Fiddaman off_t size;
786dc98349SAndy Fiddaman uint8_t cmd;
796dc98349SAndy Fiddaman } var = { NULL, 0, 0, CFI_BCS_READ_ARRAY };
806dc98349SAndy Fiddaman
816dc98349SAndy Fiddaman /*
826dc98349SAndy Fiddaman * Emulate just those CFI basic commands that will convince EDK II
836dc98349SAndy Fiddaman * that the Firmware Volume area is writable and persistent.
846dc98349SAndy Fiddaman */
856dc98349SAndy Fiddaman static int
bootrom_var_mem_handler(struct vcpu * vcpu __unused,int dir,uint64_t addr,int size,uint64_t * val,void * arg1 __unused,long arg2 __unused)86*32640292SAndy Fiddaman bootrom_var_mem_handler(struct vcpu *vcpu __unused, int dir, uint64_t addr,
87*32640292SAndy Fiddaman int size, uint64_t *val, void *arg1 __unused, long arg2 __unused)
886dc98349SAndy Fiddaman {
896dc98349SAndy Fiddaman off_t offset;
906dc98349SAndy Fiddaman
916dc98349SAndy Fiddaman offset = addr - var.gpa;
926dc98349SAndy Fiddaman if (offset + size > var.size || offset < 0 || offset + size <= offset)
936dc98349SAndy Fiddaman return (EINVAL);
946dc98349SAndy Fiddaman
956dc98349SAndy Fiddaman if (dir == MEM_F_WRITE) {
966dc98349SAndy Fiddaman switch (var.cmd) {
976dc98349SAndy Fiddaman case CFI_BCS_WRITE_BYTE:
986dc98349SAndy Fiddaman memcpy(var.mmap + offset, val, size);
996dc98349SAndy Fiddaman var.cmd = CFI_BCS_READ_ARRAY;
1006dc98349SAndy Fiddaman break;
1016dc98349SAndy Fiddaman default:
1026dc98349SAndy Fiddaman var.cmd = *(uint8_t *)val;
1036dc98349SAndy Fiddaman }
1046dc98349SAndy Fiddaman } else {
1056dc98349SAndy Fiddaman switch (var.cmd) {
1066dc98349SAndy Fiddaman case CFI_BCS_CLEAR_STATUS:
1076dc98349SAndy Fiddaman case CFI_BCS_READ_STATUS:
1086dc98349SAndy Fiddaman memset(val, 0, size);
1096dc98349SAndy Fiddaman var.cmd = CFI_BCS_READ_ARRAY;
1106dc98349SAndy Fiddaman break;
1116dc98349SAndy Fiddaman default:
1126dc98349SAndy Fiddaman memcpy(val, var.mmap + offset, size);
1136dc98349SAndy Fiddaman break;
1146dc98349SAndy Fiddaman }
1156dc98349SAndy Fiddaman }
1166dc98349SAndy Fiddaman return (0);
1176dc98349SAndy Fiddaman }
1186dc98349SAndy Fiddaman
119154972afSPatrick Mooney void
init_bootrom(struct vmctx * ctx)120154972afSPatrick Mooney init_bootrom(struct vmctx *ctx)
121154972afSPatrick Mooney {
122154972afSPatrick Mooney romptr = vm_create_devmem(ctx, VM_BOOTROM, "bootrom", BOOTROM_SIZE);
123154972afSPatrick Mooney if (romptr == MAP_FAILED)
124154972afSPatrick Mooney err(4, "%s: vm_create_devmem", __func__);
125154972afSPatrick Mooney gpa_base = (1ULL << 32) - BOOTROM_SIZE;
126154972afSPatrick Mooney gpa_allocbot = gpa_base;
127154972afSPatrick Mooney gpa_alloctop = (1ULL << 32) - 1;
128154972afSPatrick Mooney }
1294c87aefeSPatrick Mooney
1304c87aefeSPatrick Mooney int
bootrom_alloc(struct vmctx * ctx,size_t len,int prot,int flags,char ** region_out,uint64_t * gpa_out)131154972afSPatrick Mooney bootrom_alloc(struct vmctx *ctx, size_t len, int prot, int flags,
132154972afSPatrick Mooney char **region_out, uint64_t *gpa_out)
1334c87aefeSPatrick Mooney {
134154972afSPatrick Mooney static const int bootrom_valid_flags = BOOTROM_ALLOC_TOP;
135154972afSPatrick Mooney
1364c87aefeSPatrick Mooney vm_paddr_t gpa;
137154972afSPatrick Mooney vm_ooffset_t segoff;
138154972afSPatrick Mooney
139154972afSPatrick Mooney if (flags & ~bootrom_valid_flags) {
140154972afSPatrick Mooney warnx("%s: Invalid flags: %x", __func__,
141154972afSPatrick Mooney flags & ~bootrom_valid_flags);
142154972afSPatrick Mooney return (EINVAL);
143154972afSPatrick Mooney }
144154972afSPatrick Mooney if (prot & ~_PROT_ALL) {
145154972afSPatrick Mooney warnx("%s: Invalid protection: %x", __func__,
146154972afSPatrick Mooney prot & ~_PROT_ALL);
147154972afSPatrick Mooney return (EINVAL);
148154972afSPatrick Mooney }
149154972afSPatrick Mooney
150154972afSPatrick Mooney if (len == 0 || len > BOOTROM_SIZE) {
151154972afSPatrick Mooney warnx("ROM size %zu is invalid", len);
152154972afSPatrick Mooney return (EINVAL);
153154972afSPatrick Mooney }
154154972afSPatrick Mooney if (len & PAGE_MASK) {
155154972afSPatrick Mooney warnx("ROM size %zu is not a multiple of the page size",
156154972afSPatrick Mooney len);
157154972afSPatrick Mooney return (EINVAL);
158154972afSPatrick Mooney }
159154972afSPatrick Mooney
160154972afSPatrick Mooney if (flags & BOOTROM_ALLOC_TOP) {
161154972afSPatrick Mooney gpa = (gpa_alloctop - len) + 1;
162154972afSPatrick Mooney if (gpa < gpa_allocbot) {
163154972afSPatrick Mooney warnx("No room for %zu ROM in bootrom region", len);
164154972afSPatrick Mooney return (ENOMEM);
165154972afSPatrick Mooney }
166154972afSPatrick Mooney } else {
167154972afSPatrick Mooney gpa = gpa_allocbot;
168154972afSPatrick Mooney if (gpa > (gpa_alloctop - len) + 1) {
169154972afSPatrick Mooney warnx("No room for %zu ROM in bootrom region", len);
170154972afSPatrick Mooney return (ENOMEM);
171154972afSPatrick Mooney }
172154972afSPatrick Mooney }
173154972afSPatrick Mooney
174154972afSPatrick Mooney segoff = gpa - gpa_base;
175154972afSPatrick Mooney if (vm_mmap_memseg(ctx, gpa, VM_BOOTROM, segoff, len, prot) != 0) {
176154972afSPatrick Mooney int serrno = errno;
177154972afSPatrick Mooney warn("%s: vm_mmap_mapseg", __func__);
178154972afSPatrick Mooney return (serrno);
179154972afSPatrick Mooney }
180154972afSPatrick Mooney
181154972afSPatrick Mooney if (flags & BOOTROM_ALLOC_TOP)
182154972afSPatrick Mooney gpa_alloctop = gpa - 1;
183154972afSPatrick Mooney else
184154972afSPatrick Mooney gpa_allocbot = gpa + len;
185154972afSPatrick Mooney
186154972afSPatrick Mooney *region_out = romptr + segoff;
187154972afSPatrick Mooney if (gpa_out != NULL)
188154972afSPatrick Mooney *gpa_out = gpa;
189154972afSPatrick Mooney return (0);
190154972afSPatrick Mooney }
191154972afSPatrick Mooney
192154972afSPatrick Mooney int
bootrom_loadrom(struct vmctx * ctx,const nvlist_t * nvl)193d7b72f7bSAndy Fiddaman bootrom_loadrom(struct vmctx *ctx, const nvlist_t *nvl)
194154972afSPatrick Mooney {
195154972afSPatrick Mooney struct stat sbuf;
1964c87aefeSPatrick Mooney ssize_t rlen;
1976dc98349SAndy Fiddaman off_t rom_size, var_size, total_size;
198d7b72f7bSAndy Fiddaman char *ptr, *romfile;
1996dc98349SAndy Fiddaman int fd, varfd, i, rv;
200d7b72f7bSAndy Fiddaman const char *bootrom, *varfile;
2014c87aefeSPatrick Mooney
2024c87aefeSPatrick Mooney rv = -1;
2036dc98349SAndy Fiddaman varfd = -1;
2046dc98349SAndy Fiddaman
205d7b72f7bSAndy Fiddaman bootrom = get_config_value_node(nvl, "bootrom");
206d7b72f7bSAndy Fiddaman if (bootrom == NULL) {
207d7b72f7bSAndy Fiddaman return (-1);
208d7b72f7bSAndy Fiddaman }
209d7b72f7bSAndy Fiddaman
210d7b72f7bSAndy Fiddaman /*
211d7b72f7bSAndy Fiddaman * get_config_value_node may use a thread local buffer to return
212d7b72f7bSAndy Fiddaman * variables. So, when we query the second variable, the first variable
213d7b72f7bSAndy Fiddaman * might get overwritten. For that reason, the bootrom should be
214d7b72f7bSAndy Fiddaman * duplicated.
215d7b72f7bSAndy Fiddaman */
216d7b72f7bSAndy Fiddaman romfile = strdup(bootrom);
217d7b72f7bSAndy Fiddaman if (romfile == NULL) {
218d7b72f7bSAndy Fiddaman return (-1);
219d7b72f7bSAndy Fiddaman }
2206dc98349SAndy Fiddaman
2214c87aefeSPatrick Mooney fd = open(romfile, O_RDONLY);
2224c87aefeSPatrick Mooney if (fd < 0) {
223154972afSPatrick Mooney EPRINTLN("Error opening bootrom \"%s\": %s",
2244c87aefeSPatrick Mooney romfile, strerror(errno));
2254c87aefeSPatrick Mooney goto done;
2264c87aefeSPatrick Mooney }
2274c87aefeSPatrick Mooney
228d7b72f7bSAndy Fiddaman if (fstat(fd, &sbuf) < 0) {
229d7b72f7bSAndy Fiddaman EPRINTLN("Could not fstat bootrom file \"%s\": %s", romfile,
230d7b72f7bSAndy Fiddaman strerror(errno));
231d7b72f7bSAndy Fiddaman goto done;
232d7b72f7bSAndy Fiddaman }
233d7b72f7bSAndy Fiddaman
234d7b72f7bSAndy Fiddaman rom_size = sbuf.st_size;
235d7b72f7bSAndy Fiddaman
236d7b72f7bSAndy Fiddaman varfile = get_config_value_node(nvl, "bootvars");
237d7b72f7bSAndy Fiddaman var_size = 0;
2386dc98349SAndy Fiddaman if (varfile != NULL) {
2396dc98349SAndy Fiddaman varfd = open(varfile, O_RDWR);
2406dc98349SAndy Fiddaman if (varfd < 0) {
2416dc98349SAndy Fiddaman fprintf(stderr, "Error opening bootrom variable file "
2426dc98349SAndy Fiddaman "\"%s\": %s\n", varfile, strerror(errno));
2436dc98349SAndy Fiddaman goto done;
2446dc98349SAndy Fiddaman }
2456dc98349SAndy Fiddaman
2466dc98349SAndy Fiddaman if (fstat(varfd, &sbuf) < 0) {
247d7b72f7bSAndy Fiddaman fprintf(stderr,
248d7b72f7bSAndy Fiddaman "Could not fstat bootrom variable file \"%s\": %s\n",
249d7b72f7bSAndy Fiddaman varfile, strerror(errno));
2506dc98349SAndy Fiddaman goto done;
2516dc98349SAndy Fiddaman }
252d7b72f7bSAndy Fiddaman
2536dc98349SAndy Fiddaman var_size = sbuf.st_size;
2546dc98349SAndy Fiddaman }
2556dc98349SAndy Fiddaman
2566dc98349SAndy Fiddaman if (var_size > BOOTROM_SIZE ||
2576dc98349SAndy Fiddaman (var_size != 0 && var_size < PAGE_SIZE)) {
2586dc98349SAndy Fiddaman fprintf(stderr, "Invalid bootrom variable size %ld\n",
2596dc98349SAndy Fiddaman var_size);
2606dc98349SAndy Fiddaman goto done;
2616dc98349SAndy Fiddaman }
2626dc98349SAndy Fiddaman
2636dc98349SAndy Fiddaman total_size = rom_size + var_size;
2646dc98349SAndy Fiddaman
2656dc98349SAndy Fiddaman if (total_size > BOOTROM_SIZE) {
2666dc98349SAndy Fiddaman fprintf(stderr, "Invalid bootrom and variable aggregate size "
2676dc98349SAndy Fiddaman "%ld\n", total_size);
2686dc98349SAndy Fiddaman goto done;
2696dc98349SAndy Fiddaman }
2704c87aefeSPatrick Mooney
2714c87aefeSPatrick Mooney /* Map the bootrom into the guest address space */
2726dc98349SAndy Fiddaman if (bootrom_alloc(ctx, rom_size, PROT_READ | PROT_EXEC,
2736dc98349SAndy Fiddaman BOOTROM_ALLOC_TOP, &ptr, NULL) != 0) {
2744c87aefeSPatrick Mooney goto done;
2756dc98349SAndy Fiddaman }
2764c87aefeSPatrick Mooney
2774c87aefeSPatrick Mooney /* Read 'romfile' into the guest address space */
2786dc98349SAndy Fiddaman for (i = 0; i < rom_size / PAGE_SIZE; i++) {
2794c87aefeSPatrick Mooney rlen = read(fd, ptr + i * PAGE_SIZE, PAGE_SIZE);
2804c87aefeSPatrick Mooney if (rlen != PAGE_SIZE) {
281154972afSPatrick Mooney EPRINTLN("Incomplete read of page %d of bootrom "
282154972afSPatrick Mooney "file %s: %ld bytes", i, romfile, rlen);
2834c87aefeSPatrick Mooney goto done;
2844c87aefeSPatrick Mooney }
2854c87aefeSPatrick Mooney }
2866dc98349SAndy Fiddaman
2876dc98349SAndy Fiddaman if (varfd >= 0) {
2886dc98349SAndy Fiddaman #ifdef __FreeBSD__
2896dc98349SAndy Fiddaman var.mmap = mmap(NULL, var_size, PROT_READ | PROT_WRITE,
2906dc98349SAndy Fiddaman MAP_SHARED, varfd, 0);
2916dc98349SAndy Fiddaman #else
2926dc98349SAndy Fiddaman var.mmap = (uint8_t *)mmap(NULL, var_size,
2936dc98349SAndy Fiddaman PROT_READ | PROT_WRITE, MAP_SHARED, varfd, 0);
2946dc98349SAndy Fiddaman #endif
2956dc98349SAndy Fiddaman if (var.mmap == MAP_FAILED)
2966dc98349SAndy Fiddaman goto done;
2976dc98349SAndy Fiddaman var.size = var_size;
2986dc98349SAndy Fiddaman var.gpa = (gpa_alloctop - var_size) + 1;
2996dc98349SAndy Fiddaman gpa_alloctop = var.gpa - 1;
3006dc98349SAndy Fiddaman rv = register_mem(&(struct mem_range){
3016dc98349SAndy Fiddaman .name = "bootrom variable",
3026dc98349SAndy Fiddaman .flags = MEM_F_RW,
3036dc98349SAndy Fiddaman .handler = bootrom_var_mem_handler,
3046dc98349SAndy Fiddaman .base = var.gpa,
3056dc98349SAndy Fiddaman .size = var.size,
3066dc98349SAndy Fiddaman });
3076dc98349SAndy Fiddaman if (rv != 0)
3086dc98349SAndy Fiddaman goto done;
3096dc98349SAndy Fiddaman }
3106dc98349SAndy Fiddaman
3114c87aefeSPatrick Mooney rv = 0;
3124c87aefeSPatrick Mooney done:
313d7b72f7bSAndy Fiddaman if (varfd >= 0)
314d7b72f7bSAndy Fiddaman close(varfd);
3154c87aefeSPatrick Mooney if (fd >= 0)
3164c87aefeSPatrick Mooney close(fd);
317d7b72f7bSAndy Fiddaman free(romfile);
3184c87aefeSPatrick Mooney return (rv);
3194c87aefeSPatrick Mooney }
320