1
/*-
2
 * SPDX-License-Identifier: BSD-2-Clause
3
 *
4
 * Copyright (c) 2015 Neel Natu <[email protected]>
5
 * All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in the
14
 *    documentation and/or other materials provided with the distribution.
15
 *
16
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
17
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26
 * SUCH DAMAGE.
27
 */
28

29
#include <sys/param.h>
30
#include <sys/types.h>
31
#include <sys/mman.h>
32
#include <sys/stat.h>
33

34
#include <dev/vmm/vmm_mem.h>
35
#include <machine/vmm.h>
36

37
#include <err.h>
38
#include <errno.h>
39
#include <fcntl.h>
40
#include <stdio.h>
41
#include <stdlib.h>
42
#include <string.h>
43
#include <unistd.h>
44
#include <stdbool.h>
45

46
#include <vmmapi.h>
47

48
#include "bhyverun.h"
49
#include "bootrom.h"
50
#include "debug.h"
51
#include "mem.h"
52

53
#define	BOOTROM_SIZE	(16 * 1024 * 1024)	/* 16 MB */
54

55
/*
56
 * ROM region is 16 MB at the top of 4GB ("low") memory.
57
 *
58
 * The size is limited so it doesn't encroach into reserved MMIO space (e.g.,
59
 * APIC, HPET, MSI).
60
 *
61
 * It is allocated in page-multiple blocks on a first-come first-serve basis,
62
 * from high to low, during initialization, and does not change at runtime.
63
 */
64
static char *romptr;	/* Pointer to userspace-mapped bootrom region. */
65
static vm_paddr_t gpa_base;	/* GPA of low end of region. */
66
static vm_paddr_t gpa_allocbot;	/* Low GPA of free region. */
67
static vm_paddr_t gpa_alloctop;	/* High GPA, minus 1, of free region. */
68

69
#define CFI_BCS_WRITE_BYTE      0x10
70
#define CFI_BCS_CLEAR_STATUS    0x50
71
#define CFI_BCS_READ_STATUS     0x70
72
#define CFI_BCS_READ_ARRAY      0xff
73

74
static struct bootrom_var_state {
75
	uint8_t		*mmap;
76
	uint64_t	gpa;
77
	off_t		size;
78
	uint8_t		cmd;
79
} var = { NULL, 0, 0, CFI_BCS_READ_ARRAY };
80

81
/*
82
 * Emulate just those CFI basic commands that will convince EDK II
83
 * that the Firmware Volume area is writable and persistent.
84
 */
85
static int
86
bootrom_var_mem_handler(struct vcpu *vcpu __unused, int dir, uint64_t addr,
87
    int size, uint64_t *val, void *arg1 __unused, long arg2 __unused)
88
{
89
	off_t offset;
90

91
	offset = addr - var.gpa;
92
	if (offset + size > var.size || offset < 0 || offset + size <= offset)
93
		return (EINVAL);
94

95
	if (dir == MEM_F_WRITE) {
96
		switch (var.cmd) {
97
		case CFI_BCS_WRITE_BYTE:
98
			memcpy(var.mmap + offset, val, size);
99
			var.cmd = CFI_BCS_READ_ARRAY;
100
			break;
101
		default:
102
			var.cmd = *(uint8_t *)val;
103
		}
104
	} else {
105
		switch (var.cmd) {
106
		case CFI_BCS_CLEAR_STATUS:
107
		case CFI_BCS_READ_STATUS:
108
			memset(val, 0, size);
109
			var.cmd = CFI_BCS_READ_ARRAY;
110
			break;
111
		default:
112
			memcpy(val, var.mmap + offset, size);
113
			break;
114
		}
115
	}
116
	return (0);
117
}
118

119
void
120
init_bootrom(struct vmctx *ctx)
121
{
122
	vm_paddr_t highmem;
123

124
	romptr = vm_create_devmem(ctx, VM_BOOTROM, "bootrom", BOOTROM_SIZE);
125
	if (romptr == MAP_FAILED)
126
		err(4, "%s: vm_create_devmem", __func__);
127
	highmem = vm_get_highmem_base(ctx);
128
	gpa_base = highmem - BOOTROM_SIZE;
129
	gpa_allocbot = gpa_base;
130
	gpa_alloctop = highmem - 1;
131
}
132

133
int
134
bootrom_alloc(struct vmctx *ctx, size_t len, int prot, int flags,
135
    char **region_out, uint64_t *gpa_out)
136
{
137
	static const int bootrom_valid_flags = BOOTROM_ALLOC_TOP;
138

139
	vm_paddr_t gpa;
140
	vm_ooffset_t segoff;
141

142
	if (flags & ~bootrom_valid_flags) {
143
		warnx("%s: Invalid flags: %x", __func__,
144
		    flags & ~bootrom_valid_flags);
145
		return (EINVAL);
146
	}
147
	if (prot & ~_PROT_ALL) {
148
		warnx("%s: Invalid protection: %x", __func__,
149
		    prot & ~_PROT_ALL);
150
		return (EINVAL);
151
	}
152

153
	if (len == 0 || len > BOOTROM_SIZE) {
154
		warnx("ROM size %zu is invalid", len);
155
		return (EINVAL);
156
	}
157
	if (len & PAGE_MASK) {
158
		warnx("ROM size %zu is not a multiple of the page size",
159
		    len);
160
		return (EINVAL);
161
	}
162

163
	if (flags & BOOTROM_ALLOC_TOP) {
164
		gpa = (gpa_alloctop - len) + 1;
165
		if (gpa < gpa_allocbot) {
166
			warnx("No room for %zu ROM in bootrom region", len);
167
			return (ENOMEM);
168
		}
169
	} else {
170
		gpa = gpa_allocbot;
171
		if (gpa > (gpa_alloctop - len) + 1) {
172
			warnx("No room for %zu ROM in bootrom region", len);
173
			return (ENOMEM);
174
		}
175
	}
176

177
	segoff = gpa - gpa_base;
178
	if (vm_mmap_memseg(ctx, gpa, VM_BOOTROM, segoff, len, prot) != 0) {
179
		int serrno = errno;
180
		warn("%s: vm_mmap_mapseg", __func__);
181
		return (serrno);
182
	}
183

184
	if (flags & BOOTROM_ALLOC_TOP)
185
		gpa_alloctop = gpa - 1;
186
	else
187
		gpa_allocbot = gpa + len;
188

189
	*region_out = romptr + segoff;
190
	if (gpa_out != NULL)
191
		*gpa_out = gpa;
192
	return (0);
193
}
194

195
int
196
bootrom_loadrom(struct vmctx *ctx)
197
{
198
	struct stat sbuf;
199
	ssize_t rlen;
200
	off_t rom_size, var_size, total_size;
201
	char *ptr, *romfile;
202
	int fd, varfd, i, rv;
203
	const char *bootrom, *varfile;
204

205
	rv = -1;
206
	varfd = -1;
207

208
	bootrom = get_config_value("bootrom");
209
	if (bootrom == NULL) {
210
		return (0);
211
	}
212

213
	/*
214
	 * get_config_value_node may use a thread local buffer to return
215
	 * variables. So, when we query the second variable, the first variable
216
	 * might get overwritten. For that reason, the bootrom should be
217
	 * duplicated.
218
	 */
219
	romfile = strdup(bootrom);
220
	if (romfile == NULL) {
221
		return (-1);
222
	}
223

224
	fd = open(romfile, O_RDONLY);
225
	if (fd < 0) {
226
		EPRINTLN("Error opening bootrom \"%s\": %s",
227
		    romfile, strerror(errno));
228
		goto done;
229
	}
230

231
	if (fstat(fd, &sbuf) < 0) {
232
		EPRINTLN("Could not fstat bootrom file \"%s\": %s", romfile,
233
		    strerror(errno));
234
		goto done;
235
	}
236

237
	rom_size = sbuf.st_size;
238

239
	varfile = get_config_value("bootvars");
240
	var_size = 0;
241
	if (varfile != NULL) {
242
		varfd = open(varfile, O_RDWR);
243
		if (varfd < 0) {
244
			EPRINTLN("Error opening bootrom variable file "
245
			    "\"%s\": %s", varfile, strerror(errno));
246
			goto done;
247
		}
248

249
		if (fstat(varfd, &sbuf) < 0) {
250
			EPRINTLN(
251
			    "Could not fstat bootrom variable file \"%s\": %s",
252
			    varfile, strerror(errno));
253
			goto done;
254
		}
255

256
		var_size = sbuf.st_size;
257
	}
258

259
	if (var_size > BOOTROM_SIZE ||
260
	    (var_size != 0 && var_size < PAGE_SIZE)) {
261
		EPRINTLN("Invalid bootrom variable size %ld",
262
		    var_size);
263
		goto done;
264
	}
265

266
	total_size = rom_size + var_size;
267

268
	if (total_size > BOOTROM_SIZE) {
269
		EPRINTLN("Invalid bootrom and variable aggregate size %ld",
270
		    total_size);
271
		goto done;
272
	}
273

274
	/* Map the bootrom into the guest address space */
275
	if (bootrom_alloc(ctx, rom_size, PROT_READ | PROT_EXEC,
276
	    BOOTROM_ALLOC_TOP, &ptr, NULL) != 0) {
277
		goto done;
278
	}
279

280
	/* Read 'romfile' into the guest address space */
281
	for (i = 0; i < rom_size / PAGE_SIZE; i++) {
282
		rlen = read(fd, ptr + i * PAGE_SIZE, PAGE_SIZE);
283
		if (rlen != PAGE_SIZE) {
284
			EPRINTLN("Incomplete read of page %d of bootrom "
285
			    "file %s: %ld bytes", i, romfile, rlen);
286
			goto done;
287
		}
288
	}
289

290
	if (varfd >= 0) {
291
		var.mmap = mmap(NULL, var_size, PROT_READ | PROT_WRITE,
292
		    MAP_SHARED, varfd, 0);
293
		if (var.mmap == MAP_FAILED)
294
			goto done;
295
		var.size = var_size;
296
		var.gpa = (gpa_alloctop - var_size) + 1;
297
		gpa_alloctop = var.gpa - 1;
298
		rv = register_mem(&(struct mem_range){
299
		    .name = "bootrom variable",
300
		    .flags = MEM_F_RW,
301
		    .handler = bootrom_var_mem_handler,
302
		    .base = var.gpa,
303
		    .size = var.size,
304
		});
305
		if (rv != 0)
306
			goto done;
307
	}
308

309
	rv = 0;
310
done:
311
	if (varfd >= 0)
312
		close(varfd);
313
	if (fd >= 0)
314
		close(fd);
315
	free(romfile);
316
	return (rv);
317
}
318

319
/*
320
 * Are we relying on a bootrom to initialize the guest's CPU context?
321
 */
322
bool
323
bootrom_boot(void)
324
{
325
	return (get_config_value("bootrom") != NULL);
326
}
327

328