Commit | Line | Data |
---|---|---|
26d7f65f MF |
1 | #define pr_fmt(fmt) "efi: " fmt |
2 | ||
eeb9db09 ST |
3 | #include <linux/init.h> |
4 | #include <linux/kernel.h> | |
5 | #include <linux/string.h> | |
6 | #include <linux/time.h> | |
7 | #include <linux/types.h> | |
8 | #include <linux/efi.h> | |
9 | #include <linux/slab.h> | |
10 | #include <linux/memblock.h> | |
11 | #include <linux/bootmem.h> | |
44be28e9 | 12 | #include <linux/acpi.h> |
d394f2d9 | 13 | #include <linux/dmi.h> |
eeb9db09 ST |
14 | #include <asm/efi.h> |
15 | #include <asm/uv/uv.h> | |
16 | ||
17 | #define EFI_MIN_RESERVE 5120 | |
18 | ||
19 | #define EFI_DUMMY_GUID \ | |
20 | EFI_GUID(0x4424ac57, 0xbe4b, 0x47dd, 0x9e, 0x97, 0xed, 0x50, 0xf0, 0x9f, 0x92, 0xa9) | |
21 | ||
22 | static efi_char16_t efi_dummy_name[6] = { 'D', 'U', 'M', 'M', 'Y', 0 }; | |
23 | ||
24 | static bool efi_no_storage_paranoia; | |
25 | ||
26 | /* | |
27 | * Some firmware implementations refuse to boot if there's insufficient | |
28 | * space in the variable store. The implementation of garbage collection | |
29 | * in some FW versions causes stale (deleted) variables to take up space | |
30 | * longer than intended and space is only freed once the store becomes | |
31 | * almost completely full. | |
32 | * | |
33 | * Enabling this option disables the space checks in | |
34 | * efi_query_variable_store() and forces garbage collection. | |
35 | * | |
36 | * Only enable this option if deleting EFI variables does not free up | |
37 | * space in your variable store, e.g. if despite deleting variables | |
38 | * you're unable to create new ones. | |
39 | */ | |
40 | static int __init setup_storage_paranoia(char *arg) | |
41 | { | |
42 | efi_no_storage_paranoia = true; | |
43 | return 0; | |
44 | } | |
45 | early_param("efi_no_storage_paranoia", setup_storage_paranoia); | |
46 | ||
47 | /* | |
48 | * Deleting the dummy variable which kicks off garbage collection | |
49 | */ | |
50 | void efi_delete_dummy_variable(void) | |
51 | { | |
52 | efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID, | |
53 | EFI_VARIABLE_NON_VOLATILE | | |
54 | EFI_VARIABLE_BOOTSERVICE_ACCESS | | |
55 | EFI_VARIABLE_RUNTIME_ACCESS, | |
56 | 0, NULL); | |
57 | } | |
58 | ||
ca0e30dc AB |
59 | /* |
60 | * In the nonblocking case we do not attempt to perform garbage | |
61 | * collection if we do not have enough free space. Rather, we do the | |
62 | * bare minimum check and give up immediately if the available space | |
63 | * is below EFI_MIN_RESERVE. | |
64 | * | |
65 | * This function is intended to be small and simple because it is | |
66 | * invoked from crash handler paths. | |
67 | */ | |
68 | static efi_status_t | |
69 | query_variable_store_nonblocking(u32 attributes, unsigned long size) | |
70 | { | |
71 | efi_status_t status; | |
72 | u64 storage_size, remaining_size, max_size; | |
73 | ||
74 | status = efi.query_variable_info_nonblocking(attributes, &storage_size, | |
75 | &remaining_size, | |
76 | &max_size); | |
77 | if (status != EFI_SUCCESS) | |
78 | return status; | |
79 | ||
80 | if (remaining_size - size < EFI_MIN_RESERVE) | |
81 | return EFI_OUT_OF_RESOURCES; | |
82 | ||
83 | return EFI_SUCCESS; | |
84 | } | |
85 | ||
eeb9db09 ST |
86 | /* |
87 | * Some firmware implementations refuse to boot if there's insufficient space | |
88 | * in the variable store. Ensure that we never use more than a safe limit. | |
89 | * | |
90 | * Return EFI_SUCCESS if it is safe to write 'size' bytes to the variable | |
91 | * store. | |
92 | */ | |
ca0e30dc AB |
93 | efi_status_t efi_query_variable_store(u32 attributes, unsigned long size, |
94 | bool nonblocking) | |
eeb9db09 ST |
95 | { |
96 | efi_status_t status; | |
97 | u64 storage_size, remaining_size, max_size; | |
98 | ||
99 | if (!(attributes & EFI_VARIABLE_NON_VOLATILE)) | |
100 | return 0; | |
101 | ||
ca0e30dc AB |
102 | if (nonblocking) |
103 | return query_variable_store_nonblocking(attributes, size); | |
104 | ||
eeb9db09 ST |
105 | status = efi.query_variable_info(attributes, &storage_size, |
106 | &remaining_size, &max_size); | |
107 | if (status != EFI_SUCCESS) | |
108 | return status; | |
109 | ||
110 | /* | |
111 | * We account for that by refusing the write if permitting it would | |
112 | * reduce the available space to under 5KB. This figure was provided by | |
113 | * Samsung, so should be safe. | |
114 | */ | |
115 | if ((remaining_size - size < EFI_MIN_RESERVE) && | |
116 | !efi_no_storage_paranoia) { | |
117 | ||
118 | /* | |
119 | * Triggering garbage collection may require that the firmware | |
120 | * generate a real EFI_OUT_OF_RESOURCES error. We can force | |
121 | * that by attempting to use more space than is available. | |
122 | */ | |
123 | unsigned long dummy_size = remaining_size + 1024; | |
124 | void *dummy = kzalloc(dummy_size, GFP_ATOMIC); | |
125 | ||
126 | if (!dummy) | |
127 | return EFI_OUT_OF_RESOURCES; | |
128 | ||
129 | status = efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID, | |
130 | EFI_VARIABLE_NON_VOLATILE | | |
131 | EFI_VARIABLE_BOOTSERVICE_ACCESS | | |
132 | EFI_VARIABLE_RUNTIME_ACCESS, | |
133 | dummy_size, dummy); | |
134 | ||
135 | if (status == EFI_SUCCESS) { | |
136 | /* | |
137 | * This should have failed, so if it didn't make sure | |
138 | * that we delete it... | |
139 | */ | |
140 | efi_delete_dummy_variable(); | |
141 | } | |
142 | ||
143 | kfree(dummy); | |
144 | ||
145 | /* | |
146 | * The runtime code may now have triggered a garbage collection | |
147 | * run, so check the variable info again | |
148 | */ | |
149 | status = efi.query_variable_info(attributes, &storage_size, | |
150 | &remaining_size, &max_size); | |
151 | ||
152 | if (status != EFI_SUCCESS) | |
153 | return status; | |
154 | ||
155 | /* | |
156 | * There still isn't enough room, so return an error | |
157 | */ | |
158 | if (remaining_size - size < EFI_MIN_RESERVE) | |
159 | return EFI_OUT_OF_RESOURCES; | |
160 | } | |
161 | ||
162 | return EFI_SUCCESS; | |
163 | } | |
164 | EXPORT_SYMBOL_GPL(efi_query_variable_store); | |
165 | ||
452308de MF |
166 | /* |
167 | * Helper function for efi_reserve_boot_services() to figure out if we | |
168 | * can free regions in efi_free_boot_services(). | |
169 | * | |
170 | * Use this function to ensure we do not free regions owned by somebody | |
171 | * else. We must only reserve (and then free) regions: | |
172 | * | |
173 | * - Not within any part of the kernel | |
174 | * - Not the BIOS reserved area (E820_RESERVED, E820_NVS, etc) | |
175 | */ | |
176 | static bool can_free_region(u64 start, u64 size) | |
177 | { | |
178 | if (start + size > __pa_symbol(_text) && start <= __pa_symbol(_end)) | |
179 | return false; | |
180 | ||
181 | if (!e820_all_mapped(start, start+size, E820_RAM)) | |
182 | return false; | |
183 | ||
184 | return true; | |
185 | } | |
186 | ||
eeb9db09 ST |
187 | /* |
188 | * The UEFI specification makes it clear that the operating system is free to do | |
189 | * whatever it wants with boot services code after ExitBootServices() has been | |
190 | * called. Ignoring this recommendation a significant bunch of EFI implementations | |
191 | * continue calling into boot services code (SetVirtualAddressMap). In order to | |
192 | * work around such buggy implementations we reserve boot services region during | |
193 | * EFI init and make sure it stays executable. Then, after SetVirtualAddressMap(), it | |
194 | * is discarded. | |
195 | */ | |
196 | void __init efi_reserve_boot_services(void) | |
197 | { | |
78ce248f | 198 | efi_memory_desc_t *md; |
eeb9db09 | 199 | |
78ce248f | 200 | for_each_efi_memory_desc(md) { |
eeb9db09 ST |
201 | u64 start = md->phys_addr; |
202 | u64 size = md->num_pages << EFI_PAGE_SHIFT; | |
452308de | 203 | bool already_reserved; |
eeb9db09 ST |
204 | |
205 | if (md->type != EFI_BOOT_SERVICES_CODE && | |
206 | md->type != EFI_BOOT_SERVICES_DATA) | |
207 | continue; | |
452308de MF |
208 | |
209 | already_reserved = memblock_is_region_reserved(start, size); | |
210 | ||
211 | /* | |
212 | * Because the following memblock_reserve() is paired | |
213 | * with free_bootmem_late() for this region in | |
214 | * efi_free_boot_services(), we must be extremely | |
215 | * careful not to reserve, and subsequently free, | |
216 | * critical regions of memory (like the kernel image) or | |
217 | * those regions that somebody else has already | |
218 | * reserved. | |
219 | * | |
220 | * A good example of a critical region that must not be | |
221 | * freed is page zero (first 4Kb of memory), which may | |
222 | * contain boot services code/data but is marked | |
223 | * E820_RESERVED by trim_bios_range(). | |
224 | */ | |
225 | if (!already_reserved) { | |
eeb9db09 | 226 | memblock_reserve(start, size); |
452308de MF |
227 | |
228 | /* | |
229 | * If we are the first to reserve the region, no | |
230 | * one else cares about it. We own it and can | |
231 | * free it later. | |
232 | */ | |
233 | if (can_free_region(start, size)) | |
234 | continue; | |
235 | } | |
236 | ||
237 | /* | |
238 | * We don't own the region. We must not free it. | |
239 | * | |
240 | * Setting this bit for a boot services region really | |
241 | * doesn't make sense as far as the firmware is | |
242 | * concerned, but it does provide us with a way to tag | |
243 | * those regions that must not be paired with | |
244 | * free_bootmem_late(). | |
245 | */ | |
246 | md->attribute |= EFI_MEMORY_RUNTIME; | |
eeb9db09 ST |
247 | } |
248 | } | |
249 | ||
250 | void __init efi_free_boot_services(void) | |
251 | { | |
78ce248f | 252 | efi_memory_desc_t *md; |
eeb9db09 | 253 | |
78ce248f | 254 | for_each_efi_memory_desc(md) { |
eeb9db09 ST |
255 | unsigned long long start = md->phys_addr; |
256 | unsigned long long size = md->num_pages << EFI_PAGE_SHIFT; | |
257 | ||
258 | if (md->type != EFI_BOOT_SERVICES_CODE && | |
259 | md->type != EFI_BOOT_SERVICES_DATA) | |
260 | continue; | |
261 | ||
452308de MF |
262 | /* Do not free, someone else owns it: */ |
263 | if (md->attribute & EFI_MEMORY_RUNTIME) | |
eeb9db09 ST |
264 | continue; |
265 | ||
266 | free_bootmem_late(start, size); | |
267 | } | |
268 | ||
269 | efi_unmap_memmap(); | |
270 | } | |
271 | ||
272 | /* | |
273 | * A number of config table entries get remapped to virtual addresses | |
274 | * after entering EFI virtual mode. However, the kexec kernel requires | |
275 | * their physical addresses therefore we pass them via setup_data and | |
276 | * correct those entries to their respective physical addresses here. | |
277 | * | |
278 | * Currently only handles smbios which is necessary for some firmware | |
279 | * implementation. | |
280 | */ | |
281 | int __init efi_reuse_config(u64 tables, int nr_tables) | |
282 | { | |
283 | int i, sz, ret = 0; | |
284 | void *p, *tablep; | |
285 | struct efi_setup_data *data; | |
286 | ||
287 | if (!efi_setup) | |
288 | return 0; | |
289 | ||
290 | if (!efi_enabled(EFI_64BIT)) | |
291 | return 0; | |
292 | ||
293 | data = early_memremap(efi_setup, sizeof(*data)); | |
294 | if (!data) { | |
295 | ret = -ENOMEM; | |
296 | goto out; | |
297 | } | |
298 | ||
299 | if (!data->smbios) | |
300 | goto out_memremap; | |
301 | ||
302 | sz = sizeof(efi_config_table_64_t); | |
303 | ||
304 | p = tablep = early_memremap(tables, nr_tables * sz); | |
305 | if (!p) { | |
306 | pr_err("Could not map Configuration table!\n"); | |
307 | ret = -ENOMEM; | |
308 | goto out_memremap; | |
309 | } | |
310 | ||
311 | for (i = 0; i < efi.systab->nr_tables; i++) { | |
312 | efi_guid_t guid; | |
313 | ||
314 | guid = ((efi_config_table_64_t *)p)->guid; | |
315 | ||
316 | if (!efi_guidcmp(guid, SMBIOS_TABLE_GUID)) | |
317 | ((efi_config_table_64_t *)p)->table = data->smbios; | |
318 | p += sz; | |
319 | } | |
98a716b6 | 320 | early_memunmap(tablep, nr_tables * sz); |
eeb9db09 ST |
321 | |
322 | out_memremap: | |
98a716b6 | 323 | early_memunmap(data, sizeof(*data)); |
eeb9db09 ST |
324 | out: |
325 | return ret; | |
326 | } | |
327 | ||
d394f2d9 AT |
328 | static const struct dmi_system_id sgi_uv1_dmi[] = { |
329 | { NULL, "SGI UV1", | |
330 | { DMI_MATCH(DMI_PRODUCT_NAME, "Stoutland Platform"), | |
331 | DMI_MATCH(DMI_PRODUCT_VERSION, "1.0"), | |
332 | DMI_MATCH(DMI_BIOS_VENDOR, "SGI.COM"), | |
333 | } | |
334 | }, | |
335 | { } /* NULL entry stops DMI scanning */ | |
336 | }; | |
337 | ||
eeb9db09 ST |
338 | void __init efi_apply_memmap_quirks(void) |
339 | { | |
340 | /* | |
341 | * Once setup is done earlier, unmap the EFI memory map on mismatched | |
342 | * firmware/kernel architectures since there is no support for runtime | |
343 | * services. | |
344 | */ | |
345 | if (!efi_runtime_supported()) { | |
26d7f65f | 346 | pr_info("Setup done, disabling due to 32/64-bit mismatch\n"); |
eeb9db09 ST |
347 | efi_unmap_memmap(); |
348 | } | |
349 | ||
d394f2d9 AT |
350 | /* UV2+ BIOS has a fix for this issue. UV1 still needs the quirk. */ |
351 | if (dmi_check_system(sgi_uv1_dmi)) | |
eeb9db09 ST |
352 | set_bit(EFI_OLD_MEMMAP, &efi.flags); |
353 | } | |
44be28e9 MF |
354 | |
355 | /* | |
356 | * For most modern platforms the preferred method of powering off is via | |
357 | * ACPI. However, there are some that are known to require the use of | |
358 | * EFI runtime services and for which ACPI does not work at all. | |
359 | * | |
360 | * Using EFI is a last resort, to be used only if no other option | |
361 | * exists. | |
362 | */ | |
363 | bool efi_reboot_required(void) | |
364 | { | |
365 | if (!acpi_gbl_reduced_hardware) | |
366 | return false; | |
367 | ||
368 | efi_reboot_quirk_mode = EFI_RESET_WARM; | |
369 | return true; | |
370 | } | |
371 | ||
372 | bool efi_poweroff_required(void) | |
373 | { | |
13737181 | 374 | return acpi_gbl_reduced_hardware || acpi_no_s5; |
44be28e9 | 375 | } |