linux/arch/powerpc/platforms/pseries/papr-vpd.c
Nathan Lynch 514f6ff436 powerpc/pseries: Add papr-vpd character driver for VPD retrieval
PowerVM LPARs may retrieve Vital Product Data (VPD) for system
components using the ibm,get-vpd RTAS function.

We can expose this to user space with a /dev/papr-vpd character
device, where the programming model is:

  struct papr_location_code plc = { .str = "", }; /* obtain all VPD */
  int devfd = open("/dev/papr-vpd", O_RDONLY);
  int vpdfd = ioctl(devfd, PAPR_VPD_CREATE_HANDLE, &plc);
  size_t size = lseek(vpdfd, 0, SEEK_END);
  char *buf = malloc(size);
  pread(devfd, buf, size, 0);

When a file descriptor is obtained from ioctl(PAPR_VPD_CREATE_HANDLE),
the file contains the result of a complete ibm,get-vpd sequence. The
file contents are immutable from the POV of user space. To get a new
view of the VPD, the client must create a new handle.

This design choice insulates user space from most of the complexities
that ibm,get-vpd brings:

* ibm,get-vpd must be called more than once to obtain complete
  results.

* Only one ibm,get-vpd call sequence should be in progress at a time;
  interleaved sequences will disrupt each other. Callers must have a
  protocol for serializing their use of the function.

* A call sequence in progress may receive a "VPD changed, try again"
  status, requiring the client to abandon the sequence and start
  over.

The memory required for the VPD buffers seems acceptable, around 20KB
for all VPD on one of my systems. And the value of the
/rtas/ibm,vpd-size DT property (the estimated maximum size of VPD) is
consistently 300KB across various systems I've checked.

I've implemented support for this new ABI in the rtas_get_vpd()
function in librtas, which the vpdupdate command currently uses to
populate its VPD database. I've verified that an unmodified vpdupdate
binary generates an identical database when using a librtas.so that
prefers the new ABI.

Along with the papr-vpd.h header exposed to user space, this
introduces a common papr-miscdev.h uapi header to share a base ioctl
ID with similar drivers to come.

Tested-by: Michal Suchánek <msuchanek@suse.de>
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20231212-papr-sys_rtas-vs-lockdown-v6-9-e9eafd0c8c6c@linux.ibm.com
2023-12-13 21:38:21 +11:00

542 lines
14 KiB
C
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// SPDX-License-Identifier: GPL-2.0-only
#define pr_fmt(fmt) "papr-vpd: " fmt
#include <linux/anon_inodes.h>
#include <linux/build_bug.h>
#include <linux/file.h>
#include <linux/fs.h>
#include <linux/init.h>
#include <linux/lockdep.h>
#include <linux/kernel.h>
#include <linux/miscdevice.h>
#include <linux/signal.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/string_helpers.h>
#include <linux/uaccess.h>
#include <asm/machdep.h>
#include <asm/papr-vpd.h>
#include <asm/rtas-work-area.h>
#include <asm/rtas.h>
#include <uapi/asm/papr-vpd.h>
/*
* Function-specific return values for ibm,get-vpd, derived from PAPR+
* v2.13 7.3.20 "ibm,get-vpd RTAS Call".
*/
#define RTAS_IBM_GET_VPD_COMPLETE 0 /* All VPD has been retrieved. */
#define RTAS_IBM_GET_VPD_MORE_DATA 1 /* More VPD is available. */
#define RTAS_IBM_GET_VPD_START_OVER -4 /* VPD changed, restart call sequence. */
/**
* struct rtas_ibm_get_vpd_params - Parameters (in and out) for ibm,get-vpd.
* @loc_code: In: Caller-provided location code buffer. Must be RTAS-addressable.
* @work_area: In: Caller-provided work area buffer for results.
* @sequence: In: Sequence number. Out: Next sequence number.
* @written: Out: Bytes written by ibm,get-vpd to @work_area.
* @status: Out: RTAS call status.
*/
struct rtas_ibm_get_vpd_params {
const struct papr_location_code *loc_code;
struct rtas_work_area *work_area;
u32 sequence;
u32 written;
s32 status;
};
/**
* rtas_ibm_get_vpd() - Call ibm,get-vpd to fill a work area buffer.
* @params: See &struct rtas_ibm_get_vpd_params.
*
* Calls ibm,get-vpd until it errors or successfully deposits data
* into the supplied work area. Handles RTAS retry statuses. Maps RTAS
* error statuses to reasonable errno values.
*
* The caller is expected to invoke rtas_ibm_get_vpd() multiple times
* to retrieve all the VPD for the provided location code. Only one
* sequence should be in progress at any time; starting a new sequence
* will disrupt any sequence already in progress. Serialization of VPD
* retrieval sequences is the responsibility of the caller.
*
* The caller should inspect @params.status to determine whether more
* calls are needed to complete the sequence.
*
* Context: May sleep.
* Return: -ve on error, 0 otherwise.
*/
static int rtas_ibm_get_vpd(struct rtas_ibm_get_vpd_params *params)
{
const struct papr_location_code *loc_code = params->loc_code;
struct rtas_work_area *work_area = params->work_area;
u32 rets[2];
s32 fwrc;
int ret;
lockdep_assert_held(&rtas_ibm_get_vpd_lock);
do {
fwrc = rtas_call(rtas_function_token(RTAS_FN_IBM_GET_VPD), 4, 3,
rets,
__pa(loc_code),
rtas_work_area_phys(work_area),
rtas_work_area_size(work_area),
params->sequence);
} while (rtas_busy_delay(fwrc));
switch (fwrc) {
case RTAS_HARDWARE_ERROR:
ret = -EIO;
break;
case RTAS_INVALID_PARAMETER:
ret = -EINVAL;
break;
case RTAS_IBM_GET_VPD_START_OVER:
ret = -EAGAIN;
break;
case RTAS_IBM_GET_VPD_MORE_DATA:
params->sequence = rets[0];
fallthrough;
case RTAS_IBM_GET_VPD_COMPLETE:
params->written = rets[1];
/*
* Kernel or firmware bug, do not continue.
*/
if (WARN(params->written > rtas_work_area_size(work_area),
"possible write beyond end of work area"))
ret = -EFAULT;
else
ret = 0;
break;
default:
ret = -EIO;
pr_err_ratelimited("unexpected ibm,get-vpd status %d\n", fwrc);
break;
}
params->status = fwrc;
return ret;
}
/*
* Internal VPD "blob" APIs for accumulating ibm,get-vpd results into
* an immutable buffer to be attached to a file descriptor.
*/
struct vpd_blob {
const char *data;
size_t len;
};
static bool vpd_blob_has_data(const struct vpd_blob *blob)
{
return blob->data && blob->len;
}
static void vpd_blob_free(const struct vpd_blob *blob)
{
if (blob) {
kvfree(blob->data);
kfree(blob);
}
}
/**
* vpd_blob_extend() - Append data to a &struct vpd_blob.
* @blob: The blob to extend.
* @data: The new data to append to @blob.
* @len: The length of @data.
*
* Context: May sleep.
* Return: -ENOMEM on allocation failure, 0 otherwise.
*/
static int vpd_blob_extend(struct vpd_blob *blob, const char *data, size_t len)
{
const size_t new_len = blob->len + len;
const size_t old_len = blob->len;
const char *old_ptr = blob->data;
char *new_ptr;
new_ptr = old_ptr ?
kvrealloc(old_ptr, old_len, new_len, GFP_KERNEL_ACCOUNT) :
kvmalloc(len, GFP_KERNEL_ACCOUNT);
if (!new_ptr)
return -ENOMEM;
memcpy(&new_ptr[old_len], data, len);
blob->data = new_ptr;
blob->len = new_len;
return 0;
}
/**
* vpd_blob_generate() - Construct a new &struct vpd_blob.
* @generator: Function that supplies the blob data.
* @arg: Context pointer supplied by caller, passed to @generator.
*
* The @generator callback is invoked until it returns NULL. @arg is
* passed to @generator in its first argument on each call. When
* @generator returns data, it should store the data length in its
* second argument.
*
* Context: May sleep.
* Return: A completely populated &struct vpd_blob, or NULL on error.
*/
static const struct vpd_blob *
vpd_blob_generate(const char * (*generator)(void *, size_t *), void *arg)
{
struct vpd_blob *blob;
const char *buf;
size_t len;
int err = 0;
blob = kzalloc(sizeof(*blob), GFP_KERNEL_ACCOUNT);
if (!blob)
return NULL;
while (err == 0 && (buf = generator(arg, &len)))
err = vpd_blob_extend(blob, buf, len);
if (err != 0 || !vpd_blob_has_data(blob))
goto free_blob;
return blob;
free_blob:
vpd_blob_free(blob);
return NULL;
}
/*
* Internal VPD sequence APIs. A VPD sequence is a series of calls to
* ibm,get-vpd for a given location code. The sequence ends when an
* error is encountered or all VPD for the location code has been
* returned.
*/
/**
* struct vpd_sequence - State for managing a VPD sequence.
* @error: Shall be zero as long as the sequence has not encountered an error,
* -ve errno otherwise. Use vpd_sequence_set_err() to update this.
* @params: Parameter block to pass to rtas_ibm_get_vpd().
*/
struct vpd_sequence {
int error;
struct rtas_ibm_get_vpd_params params;
};
/**
* vpd_sequence_begin() - Begin a VPD retrieval sequence.
* @seq: Uninitialized sequence state.
* @loc_code: Location code that defines the scope of the VPD to return.
*
* Initializes @seq with the resources necessary to carry out a VPD
* sequence. Callers must pass @seq to vpd_sequence_end() regardless
* of whether the sequence succeeds.
*
* Context: May sleep.
*/
static void vpd_sequence_begin(struct vpd_sequence *seq,
const struct papr_location_code *loc_code)
{
/*
* Use a static data structure for the location code passed to
* RTAS to ensure it's in the RMA and avoid a separate work
* area allocation. Guarded by the function lock.
*/
static struct papr_location_code static_loc_code;
/*
* We could allocate the work area before acquiring the
* function lock, but that would allow concurrent requests to
* exhaust the limited work area pool for no benefit. So
* allocate the work area under the lock.
*/
mutex_lock(&rtas_ibm_get_vpd_lock);
static_loc_code = *loc_code;
*seq = (struct vpd_sequence) {
.params = {
.work_area = rtas_work_area_alloc(SZ_4K),
.loc_code = &static_loc_code,
.sequence = 1,
},
};
}
/**
* vpd_sequence_end() - Finalize a VPD retrieval sequence.
* @seq: Sequence state.
*
* Releases resources obtained by vpd_sequence_begin().
*/
static void vpd_sequence_end(struct vpd_sequence *seq)
{
rtas_work_area_free(seq->params.work_area);
mutex_unlock(&rtas_ibm_get_vpd_lock);
}
/**
* vpd_sequence_should_stop() - Determine whether a VPD retrieval sequence
* should continue.
* @seq: VPD sequence state.
*
* Examines the sequence error state and outputs of the last call to
* ibm,get-vpd to determine whether the sequence in progress should
* continue or stop.
*
* Return: True if the sequence has encountered an error or if all VPD for
* this sequence has been retrieved. False otherwise.
*/
static bool vpd_sequence_should_stop(const struct vpd_sequence *seq)
{
bool done;
if (seq->error)
return true;
switch (seq->params.status) {
case 0:
if (seq->params.written == 0)
done = false; /* Initial state. */
else
done = true; /* All data consumed. */
break;
case 1:
done = false; /* More data available. */
break;
default:
done = true; /* Error encountered. */
break;
}
return done;
}
static int vpd_sequence_set_err(struct vpd_sequence *seq, int err)
{
/* Preserve the first error recorded. */
if (seq->error == 0)
seq->error = err;
return seq->error;
}
/*
* Generator function to be passed to vpd_blob_generate().
*/
static const char *vpd_sequence_fill_work_area(void *arg, size_t *len)
{
struct vpd_sequence *seq = arg;
struct rtas_ibm_get_vpd_params *p = &seq->params;
if (vpd_sequence_should_stop(seq))
return NULL;
if (vpd_sequence_set_err(seq, rtas_ibm_get_vpd(p)))
return NULL;
*len = p->written;
return rtas_work_area_raw_buf(p->work_area);
}
/*
* Higher-level VPD retrieval code below. These functions use the
* vpd_blob_* and vpd_sequence_* APIs defined above to create fd-based
* VPD handles for consumption by user space.
*/
/**
* papr_vpd_run_sequence() - Run a single VPD retrieval sequence.
* @loc_code: Location code that defines the scope of VPD to return.
*
* Context: May sleep. Holds a mutex and an RTAS work area for its
* duration. Typically performs multiple sleepable slab
* allocations.
*
* Return: A populated &struct vpd_blob on success. Encoded error
* pointer otherwise.
*/
static const struct vpd_blob *papr_vpd_run_sequence(const struct papr_location_code *loc_code)
{
const struct vpd_blob *blob;
struct vpd_sequence seq;
vpd_sequence_begin(&seq, loc_code);
blob = vpd_blob_generate(vpd_sequence_fill_work_area, &seq);
if (!blob)
vpd_sequence_set_err(&seq, -ENOMEM);
vpd_sequence_end(&seq);
if (seq.error) {
vpd_blob_free(blob);
return ERR_PTR(seq.error);
}
return blob;
}
/**
* papr_vpd_retrieve() - Return the VPD for a location code.
* @loc_code: Location code that defines the scope of VPD to return.
*
* Run VPD sequences against @loc_code until a blob is successfully
* instantiated, or a hard error is encountered, or a fatal signal is
* pending.
*
* Context: May sleep.
* Return: A fully populated VPD blob when successful. Encoded error
* pointer otherwise.
*/
static const struct vpd_blob *papr_vpd_retrieve(const struct papr_location_code *loc_code)
{
const struct vpd_blob *blob;
/*
* EAGAIN means the sequence errored with a -4 (VPD changed)
* status from ibm,get-vpd, and we should attempt a new
* sequence. PAPR+ v2.13 R17.3.205 indicates that this
* should be a transient condition, not something that happens
* continuously. But we'll stop trying on a fatal signal.
*/
do {
blob = papr_vpd_run_sequence(loc_code);
if (!IS_ERR(blob)) /* Success. */
break;
if (PTR_ERR(blob) != -EAGAIN) /* Hard error. */
break;
pr_info_ratelimited("VPD changed during retrieval, retrying\n");
cond_resched();
} while (!fatal_signal_pending(current));
return blob;
}
static ssize_t papr_vpd_handle_read(struct file *file, char __user *buf, size_t size, loff_t *off)
{
const struct vpd_blob *blob = file->private_data;
/* bug: we should not instantiate a handle without any data attached. */
if (!vpd_blob_has_data(blob)) {
pr_err_once("handle without data\n");
return -EIO;
}
return simple_read_from_buffer(buf, size, off, blob->data, blob->len);
}
static int papr_vpd_handle_release(struct inode *inode, struct file *file)
{
const struct vpd_blob *blob = file->private_data;
vpd_blob_free(blob);
return 0;
}
static loff_t papr_vpd_handle_seek(struct file *file, loff_t off, int whence)
{
const struct vpd_blob *blob = file->private_data;
return fixed_size_llseek(file, off, whence, blob->len);
}
static const struct file_operations papr_vpd_handle_ops = {
.read = papr_vpd_handle_read,
.llseek = papr_vpd_handle_seek,
.release = papr_vpd_handle_release,
};
/**
* papr_vpd_create_handle() - Create a fd-based handle for reading VPD.
* @ulc: Location code in user memory; defines the scope of the VPD to
* retrieve.
*
* Handler for PAPR_VPD_IOC_CREATE_HANDLE ioctl command. Validates
* @ulc and instantiates an immutable VPD "blob" for it. The blob is
* attached to a file descriptor for reading by user space. The memory
* backing the blob is freed when the file is released.
*
* The entire requested VPD is retrieved by this call and all
* necessary RTAS interactions are performed before returning the fd
* to user space. This keeps the read handler simple and ensures that
* the kernel can prevent interleaving of ibm,get-vpd call sequences.
*
* Return: The installed fd number if successful, -ve errno otherwise.
*/
static long papr_vpd_create_handle(struct papr_location_code __user *ulc)
{
struct papr_location_code klc;
const struct vpd_blob *blob;
struct file *file;
long err;
int fd;
if (copy_from_user(&klc, ulc, sizeof(klc)))
return -EFAULT;
if (!string_is_terminated(klc.str, ARRAY_SIZE(klc.str)))
return -EINVAL;
blob = papr_vpd_retrieve(&klc);
if (IS_ERR(blob))
return PTR_ERR(blob);
fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC);
if (fd < 0) {
err = fd;
goto free_blob;
}
file = anon_inode_getfile("[papr-vpd]", &papr_vpd_handle_ops,
(void *)blob, O_RDONLY);
if (IS_ERR(file)) {
err = PTR_ERR(file);
goto put_fd;
}
file->f_mode |= FMODE_LSEEK | FMODE_PREAD;
fd_install(fd, file);
return fd;
put_fd:
put_unused_fd(fd);
free_blob:
vpd_blob_free(blob);
return err;
}
/*
* Top-level ioctl handler for /dev/papr-vpd.
*/
static long papr_vpd_dev_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (__force void __user *)arg;
long ret;
switch (ioctl) {
case PAPR_VPD_IOC_CREATE_HANDLE:
ret = papr_vpd_create_handle(argp);
break;
default:
ret = -ENOIOCTLCMD;
break;
}
return ret;
}
static const struct file_operations papr_vpd_ops = {
.unlocked_ioctl = papr_vpd_dev_ioctl,
};
static struct miscdevice papr_vpd_dev = {
.minor = MISC_DYNAMIC_MINOR,
.name = "papr-vpd",
.fops = &papr_vpd_ops,
};
static __init int papr_vpd_init(void)
{
if (!rtas_function_implemented(RTAS_FN_IBM_GET_VPD))
return -ENODEV;
return misc_register(&papr_vpd_dev);
}
machine_device_initcall(pseries, papr_vpd_init);