| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Linux closes stdout at the end of prom_init which triggers the FW quiesce
code which closes the virtio-serial instance. This misses stopping the
virtio queues. However this seemed working for a little longer (until the
Linux driver took over) till 300384f3dc68 which moved the VQ descriptors
around which caused use-after-free corruption.
This adds virtio_queue_term_vq(), cleanup in the forth driver and a few
checks.
Fixes: 300384f3dc68 ("virtio: Store queue descriptors in virtio_device")
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[groug: - fix changelog
- don't restore emit]
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The "io" word of term-io.fs opens two separate instances of the device
for stdin and stdout. The prom_init() function in Linux closes stdin at
some point, which internally calls quiesce and shuts the device down
through a quiesce hook.
When the "open-count" variable in virtio-serial.fs reaches 0, ie. when
closing the last instance, we call "close" two times, which is clearly
wrong. This never hits however because the stdout instance is never
closed which prevents "open-count" to reach 0.
It would make more sense to shutdown the device when closing the last
instance, for symmetry with the first open that initializes the device.
Change the shutdown sequence to do that rather than relying on a quiesce
hook.
Have quiesce to explicitly close stdout, which is supposedly the last
instance, and shutdown the device.
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
term-io.fs already overrides "emit", "key" and "key?" with its own version:
- "term-io-emit" calls the "write" method of the "stdout" instance, which
then calls "virtio-serial-putchar"
- "term-io-key" calls the "read" method of the "stdout" instance, which then
calls "virtio-serial-getchar"
- "term-io-key?" calls "serial-key?" if the device is a serial device, which
is the case here and we already override "serial-key?" with
"virtio-serial-term-key?".
It thus looks weird to rely on these shortcuts. Especially, when IOMMU is
enabled, we need a valid instance in "dmap-map-in" and going through
"term-io-emit" buys us that.
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Fixes: 300384f3dc68 ("virtio: Store queue descriptors in virtio_device")
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Measure and log the GPT table including LBA1 and all GPT table entries
with a non-zero Type GUID.
We follow the specification "TCG PC Client Platform Firmware Profile
Specification" for the format of what needs to be logged and measured.
See section "Event Logging" subsection "Measuring UEFI Variables" for
the UEFI_GPT_DATA structure.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement a TPM 2 menu and enable the user to clear the TPM
and its activate PCR banks.
The main TPM menu is activated by pressing the 't' key during
firmware startup.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This patch adds TPM 2.0 support along with the firmware API that Linux
uses to transfer the firmware log.
The firmware API follows the "PFW Virtual TPM Driver" specification.
The API has callers in existing Linux code (prom_init.c) from TPM 1.2
times but the API also works for TPM 2.0 without modifications.
The TPM 2.0 support logs PCR extensions of measurements of code and data.
For this part we follow the TCG specification "TCG PC Client
Platform Firmware Profile Specification" (section "Event Logging").
Other relevant specs for the construction of TPM commands are:
- Trusted Platform Module Library; Part 2 Structures
- Trusted Platform Module Library; Part 3 Commands
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
[aik: removed new blank lines at EOF]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The following patch adds a SHA256 implementation based on the algorithm
description in NIST FIPS PUB 180-4. The patch includes test cases that test
the sha256 implementation and pass on big and little endian ppc64 hosts.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This patch adds a TPM driver for the CRQ interface as used by
the QEMU PAPR implementation.
Also add a Readme that explains the benefits and installation procedure
for the vTPM.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Make the print_version global variable accessible so that
we can measure the firmware version.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Make linker script variables related to 'text' addresses available
to the code so we can measure the static core root of trust contents.
When hashing the 'data' part of SLOF we do not end up with the same
measurements for the same firmware when booting with different
configurations, so we don't make those available.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement SLOF_get_keystroke() and SLOF_reset() helper functions.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
We recently fixed node creation at CAS in order to support early hotplug
of devices between boot and CAS. Let's handle node removal now to support
early hot *un*plug of devices.
This is achieved by associating a generation number to each FDT received
from QEMU and tagging all nodes with this number in a "slof,from-fdt"
property. The generation number is kept in the fdt-generation# variable.
It starts at 0 for the initial boot time FDT, and it is incremented at
each subsequent CAS. All boot time nodes hence get "slof,from-fdt" == 0,
all nodes present at CAS get "slof,from-fdt" == 1 and so on in case the
guest calls CAS again. If a device gets hot unplugged before quiesce, we
hence can detect it doesn't have the right generation number and thus
delete the node from the DT. Note that this only affects nodes coming
from the FDT. Nodes created by SLOF don't have the "slof,from-fdt"
property, and therefore cannot be candidates to deletion.
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Now that QEMU passes a full FDT at CAS without rebooting, a guest that
has switched from XICS to XIVE ends up being presented an malformed
"interrupt-controller" node in the DT:
# dtc -I fs -O dts /proc/device-tree
<stdout>: Warning (unit_address_vs_reg): /interrupt-controller: node has a reg or ranges property, but no unit name
...
interrupt-controller {
ibm,xive-eq-sizes = <0x10>;
device_type = "power-ivpe";
ibm,interrupt-server-ranges = <0x00 0x03>;
compatible = "ibm,power-ivpe";
#interrupt-cells = <0x02>;
reg = <0x60302 0x31b0000 0x00 0x10000 0x60302 0x31a0000 0x00 0x10000>;
phandle = <0xe7448a8>;
ibm,xive-lisn-ranges = <0x00 0x03>;
interrupt-controller;
};
The node should have its unit set to "60302031b0000" as reported by dtc.
Also the node still has an "ibm,interrupt-server-ranges" property which
only makes sense with XICS.
This happens because we find an existing "interrupt-controller" node,
which describes a XICS controller, and we _wrongly_ decide to copy
all the properties from the new node into it. Delete the existing node
instead so that we create a new node with the appropriate properties
and unit name.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
So far we only allowed new ibm,dynamic-reconfiguration-memory and memory
nodes in the FDT update blob at ibm,client-architecture-support (CAS).
DRC do not have unit addresses and are easy, for memory nodes we use
an address from the node name.
For early hot plugged PCI devices (plugged after reset but before CAS)
we have to have a similar hack as for memory@ but parse the address
differently because of different binding.
Instead, this changes new nodes creation. At pass#0 when we copy phandles
from the FDT update blob to SLOF, we create new nodes with all
new properties and call "finish-device" only after all properties are
copied to the new nodes. At this point we particularly care about "reg"
as this is the unit address which SLOF parses for us and sets the unit
address in "finish-device"; we could skip other properties for later
passes.
Note this creates naked nodes with no methods normally added to the nodes
as this bypasses normal discovery which SLOF performs at start. So
if pass#1 does not find the node created in pass#0, this points to
missing "decode-unit" at the new node parent (happens when adding bridge-
under-bridge) and this prints a message and resets.
While at this, fix few trailing spaces and comments.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[groug: - use fdt-reg-unit to set the unit name
- consolidate finish-device and unit name for nodes and subnodes
with a new fdt-cas-finish-device word ]
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
c2358afb40d4 ("Add support for 64bit LE ABI v1 and v2 support") added
little endian ELF support for one of two ELF loading helpers, this fixes
oversight. With this changes, 'boot disk:2,boot\zImage' is able to handle
little-endian zimages.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This allows booting from ext4 filesystems when EXT4_EXTENTS_FL is set in
inode.
Based on:
https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
When incompat flags has INCOMPAT_64BIT set ("Enable a filesystem size
over 2^32 blocks"), the group descriptor size is stored at 0xFE
and these days it is 0x40 so use that rather than the default value
of 0x20.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
A le32 value at 0x20 offset in supernode is:
0x20 __le32 s_blocks_per_group Blocks per group
Size of group descriptors is a le16 value at 0xfe.
Rename group-desc-size according to the ext2/4 spec.
This should cause no behavioral change.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This adds support for:
"Linux filesystem data" 0FC63DAF-8483-4772-8E79-3D69D8477DE4
Previously, Linux used the same GUID for the data partitions as Windows
(Basic data partition: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7).
The new GUID (Linux filesystem data: 0FC63DAF-8483-4772-8E79-3D69D8477DE4)
was defined jointly by GPT fdisk and GNU.
Source:
https://en.wikipedia.org/wiki/GUID_Partition_Table#cite_note-linwin-40
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
We are going to add limited support for ext4 and Linux GPT partitions.
This moves try-ext2-files and (interpose-filesystem) earlier to be called
from try-gpt-dos-partition.
This simplifies UUID defining and handling.
This should cause no behavioral change.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This is aiming qemu 5.0.
This is equal to 20191206, however that was a partial
backport for regression happened in qemu 4.2 and
that got the 20191209 tag which will take over
20191206 when updated although that would be a downgrade
so we need a bigger tag.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The previous approach to merge the QEMU FDT into the existing tree and
then patch it turned to be broken as we patch properties based on their
names only so we patch not just what QEMU provides (which was
the intention) but also all properties SLOF created. This breaks one of
them - "interrupt-map" - it is created by QEMU for a PHB but SLOF creates
it for PCI bridges and since they have different sizes, patching phandles
at fixed offset fails.
Rather than skipping certain nodes in the SLOF tree, this uses different
approach: now we read the QEMU FDT in 3 passes:
1. find all phandle/linux-phandle properties and store these in the SLOF
internal tree to allow phandle->node lookup later;
2. walk through all FDT properties, patch them if needed using
phandles from the SLOF tree and save patched values in SLOF properties;
3. delete phandle/linux-phandle properties created in 1. This is safe
as SLOF does not create these properties anyway.
Fixes: 44d06f9e68cf ("fdt: Update phandles after H_CAS")
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
fdt-fix-cas-node returns the end address after it's finished which
the caller (ibm,client-architecture-support) does not use or drop.
This renames fdt-fix-cas-node to (fdt-fix-cas-node) and adds a wrapper
on top of that which does the drop. This will be used later for 2-pass
tree patching.
While at this, exit the function if memory allocation failed.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
When QEMU is started with iommu_platform=on, the guest driver must accept
it or the device will fail.
This enables IOMMU support for virtio-net, -scsi, -block, -serial, -9p
devices. -serial and -9p are only compile tested though.
For virtio-net we map all RX buffers once and TX when xmit() is called
and unmap older pages when we are about to reuse the VQ descriptor.
As all other devices are synchronous, we unmap IOMMU pages right after
completion of a transaction.
This depends on QEMU's:
https://patchwork.ozlabs.org/patch/1194067/
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
Changes:
v5:
* fixed queue size calculation
* reworked virtio_free_desc() to only unmap what is has mapped
v4:
* ditched vqs->id in virtio_queue_init_vq
v2:
* added Mike's fs/dma-instance-function.fs
* total rework
|
|
They call parent node (which is a device) methods.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Every virtio device negotiates virtio protocol features before setting
up internal queue descriptors with one exception which is virtio-net.
This moves virtio_queue_init_vq() later to have feature negotiation
happened sooner. This is going to be used for IOMMU setup later.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
At the moment desc/avail/used pointers are read from the device every
time we need them. This works for now unless iommu_platform=on is used,
desc/avail/used stored in the config space are bus addresses while
SLOF should keep using the guest physical addresses.
virtio-net stores queue descriptors already, virtio-serial does it in
global statics, move them into virtio_device.
The next patch will use this to allow IOMMU.
While at this, move repeating avail->flags/idx setup into
virtio_queue_init_vq() except virtio-serial which vq_rx->avail->idx is
setup differently.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
Changes:
v4:
* removed vqs::id as it is not really used
* replaced vq_size with vq->size in virtio-serial.c
|
|
The immediate problem with the code is that it relies on memory allocator
aligning addresses to the size. This is true for SLOF but not for GRUB
and in unaligned situations we end up mapping more pages than bm-alloc
allocated.
This fixes the problem by calculating aligned DMA size before calling
bm-alloc.
While at this, simplify the code by removing global variables. Also
replace 1000/fff (the default 4K IOMMU page size) with tce-ps/mask.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
Changes:
v4:
* fixed code comments, tab/spaces
* fixed bm-alloc failure handling
|
|
This fixes these:
sloffs.c:466:2: warning: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Wunused-result]
read(fd, data, header_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* size_t -> ssize_t
* %ld for size_t -> %zd
* changed error handling in sloffs_header() - now it frees sloffs->name
|
|
For ages both vmlinux and zImage accepted the initramdisk location
in r3/r4 [1] [2]. If r3==r4==0, vmlinux looks at the device tree for
/chosen/linux,initrd-{start|end} but zImage does not so the QEMU user
can only pass vmlinux via -kernel if -initrd is passed as well.
This initializes r3/r4 to point to the initramdisk location when present.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/powerpc/kernel/prom_init.c?h=v5.3#n3230
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/powerpc/boot/of.c?h=v5.3#n89
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* improved readability
|
|
It is never called outside of virtio, make it static.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This silences multiple gcc warnings; no functional change otherwise.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This includes fixes for fullFDT render on CAS and gcc9.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
GCC 9 introduced some new compiler warnings that occur when taking the
address of a packed struct, e.g.:
lib/libnet/icmpv6.c:173:21: warning: taking address of packed member of
‘struct ip6hdr’ may result in an unaligned pointer value [-Waddress-of-packed-member]
173 | rtr = find_router (&(ip6h->src));
| ^~~~~~~~~~~~
Since these warnings are mainly about the ip6_addr_t values that are
embedded in these packed structs, and ip6_addr_t is reasonable small
(just 128 bit), let's fix it by passing around the IPv6 addresses by
value instead of pointer, which looks a little bit nicer anyway.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
gcc9 enforces -Waddress-of-packed-member, fix this.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
During the ibm,client-architecture-support client call, we rely on QEMU
providing a full device tree which SLOF then merged into its internal
tree so we rely on both SLOF and QEMU using the same node names for
devices of the same type.
This changes device tree node names to what QEMU uses.
The change was triggered by "(unknown-)legacy-device" which is used by
virtio-balloon; other changes either fix typos or remove devices which
are very unlikely to be implemented by QEMU for pseries, or even if they
are, we are ok with using generic class names anyway.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This is another update for QEMU 4.2; the correct USB host node names
are aimed to help with full FDT rebuild on CAS.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
QEMU creates nodes for PCI devices and preserves the node names with
one exception for USB hosts; this fixes it.
Fixes: be9b2fa44c73 ("pci: Use QEMU created PCI device nodes")
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
|
This is another update for QEMU 4.2.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The current if-condition can never be true.
Buglink: https://bugs.launchpad.net/qemu/+bug/1840646
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
At the moment SLOF generates phandles except a few exceptions such as
an interrupt controller (XICS/XIVE) and NVLink-related nodes. For these
nodes QEMU generates phandles which SLOF later detects and replaces with
the node addresses (which are phandles in SLOF).
However we are missing these updates when processing
the ibm,client-architecture-support client interface call - SLOF calls
QEMU with H_CAS to get an update for the device tree, and if that blob
contains phandles, they make it to the final tree unchanged with
undefined results.
This calls fdt-fix-phandles for the H_CAS update blob.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The Firmware Assisted Non-Maskable Interrupts Option (FWNMI) feature
requires some space for RTAS log which is in the RTAS blob area.
This expands the RTAS blob size to 2k.
More details here: https://patchwork.ozlabs.org/patch/1146765/
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This is for QEMU 4.2.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
We implement RTAS as a simple binary blob which calls directly into QEMU
via a custom hcall. So far we were relying on QEMU putting the RTAS blob
to the guest memory with its location in linux,rtas-base/rtas-size.
The problems with this are:
1. we need to peek a location in the guest ram in addition to slof, FDT
and sometime kernel and init ram disk; having one less image makes QEMU's
life easier.
2. for secure VMs, it is yet another image which needs to be signed and
verified.
This implements "instantiate-rtas" completely in SLOF, including KVM PR
support ("broken sc1").
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
|
