Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Reviewed-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
P7 did not have enough PSI TCEs to map trace buffers, and so it was
P8 only, and not updated for P9 despite P9 having 256KB
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This catches one more case missed by commit 2354857fca.
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The cache update functions take void * pointer with sizing information
in order to operate on some fundamentally different types. Make specific
functions for each type, which use proper types.
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
BUILD_ASSERT can not be used for constants generated by the assembler
or linker. This results in variable length arrays that do not catch
the failure condition. This was caught by sparse.
Remove these and add some equivalent as/ld checks which actually do
the right thing.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The slw patch saving array is too small, which results in slw_reinit
overwriting 32 bytes beyond the end of it. The size is increased to
0x100, which is the architecture interrupt vector size.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Remove the check to see if the "status" property already exists. This
function is intended to only be called once so failing an assert is
fine since it indicates a programming error.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Add a way to locate the secureboot node without needing to hardcode a
specific version string. The ibm,secureboot node has historically only
been used by firmware.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[oliver: removed extra whitespace]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds an initial port of the userspace unit tests for exercising
the API that were originally developed out of tree. Future revisions will
adjust the naming schemes and general formatting to match that of other
tests within skiboot.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[oliver: Use SPDX headers]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch provides the OPAL runtime service frontend for the host OS to
retrieve secure variables, and append new ones for processing on the
next reboot. These calls operate on the internal abstraction or utilize
the platform-provided driver hooks, and therefore this API should not
need to be updated to support changes in storage or backend drivers.
Included are the following functions:
- opal_secvar_get()
- opal_secvar_get_next()
- opal_secvar_enqueue_update()
opal_secvar_get() retrieves the data blob associated with a given key.
The data buffer may be set to NULL to only query for variable size. This
runtime service only operates on the variable bank.
opal_secvar_get_next() can be used to iterate through the list of
variable keys in the variable bank. Supplying an empty key (or zero key
length) returns the key of the first variable in the variable bank.
Supplying a valid key returns the key of the next variable in sequence.
opal_secvar_enqueue_update() provides a method for the host OS to submit
a new variable for processing on next boot, by appending it to the
update bank. As this does not affect the variable bank, appending a
variable via this runtime service will not affect the output of the
previous set of functions. The update queue is only processed during
secvar initialization.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[oliver: style fixes]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
---
V2:
- removed opal_secvar_backend, replaced by DT node
- removed unnecessary argument casting
- all calls return OPAL_RESOURCE if secvar failed to init
V3:
- remove metadata from API parameters
- remove opal_secvar_get_size
- change enqueue to replace an update with a repeat name, rather
than enqueueing the duplicate
- change enqueue to unstage an update matching a key if size is zero
- make all key parameters const where possible
- rename key_size to key_buf_size in _get_next
- fix leaking node when enqueue could not allocate the secvar
V4:
- enqueue update now uses secvar alloc/realloc
- use storage-defined max var size instead of hardcoded constant
|
|
This patch implements a platform-independent abstraction for storing and
retrieving secure variables, as required for host OS secure boot. This
serves as the main entry point for initializing the in-memory cache of the
secure variables, which also kicks off any platform-specific logic that may
be needed. This patch also provides core functions for the subsequent
patches in this series to utilize.
The base secure variable implementation makes use of two types of
drivers, to be selected by the platform: "storage" drivers, and
"backend" drivers. The storage driver implements the hooks required to
write the secure variables to some form of non-volatile memory, and load
the variables on boot. The backend driver defines how the variables
should be interpreted, and processed.
Secure variables are stored in two types of banks, the "variable" bank
and the "update" bank. Variables that have been validated and processed
are stored in the variable bank. This bank is effectively read-only
after the base secvar initialization. Any proposed variable updates are
instead stored in the update bank. During secvar initialization, the
backend driver processes variables from the update bank, and if valid,
adds the new variable to the variable bank.
NOTE: The name "backend" is subject to change. It operates more like a
scheme, so unless a better name comes along, it will likely change to
"scheme" or "schema" in the future.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[oliver: added missing SPDX tags, removed unused definitions, style fixes]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
---
V2:
- added secvar device tree node as child of ibm,secureboot
- added version and compatible properties to backend driver struct
- added secvar_ready flag for the API to detect if secvar
initialized successfully
- moved pre-process step to after initial variable load
- moved flags field from secvar struct to secvar node
V3:
- remove the metadata secvar field
- add probe_secvar() to bump compatible flag
- add device tree property for backend-agnostic secure mode setting
- remove backend minor version field
- remove static data allocation in secvar struct
V4:
- add alloc_secvar helpers
- removed ibm,secureboot version bump to v3
- secvars now store their allocated size seperate from the
data size (to permit overallocating)
- split device tree functions into their own file
- device tree changes:
- secvar now a child of ibm,opal
- compatible is "ibm,secvar-v1", backend creates its own node
- secure-mode is now a boolean os-secure-enforcing property
- storage and backends now have their own nodes
V5:
- removed storage device tree subnode
- moved max-var-size to secvar node
- added max-var-key-len
- fixed SPDX header in include/secvar.h
- removed obsolete enum
- removed unused devtree wrappers
- set secvar status prop earlier
V6:
- moved os-secureboot-enforcing to ibm,secureboot
- set secvar compatible based on backend
- removed backend node
|
|
This patch contains the work-in-progress documentation for the
secure variable design in OPAL. Future revisions of this patch
set will (hopefully) add new pieces of documentation here.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[oliver: whitespace error fixes, removed old backend node docs]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
---
V3:
- removed metadata
- removed get_size
- updated _get semantics for size queries
- added/expanded device tree properties
V4:
- updated for new device tree changes
V5:
- removed incorrect ibm,secureboot changes
- rewrote bindings using a different format
- moved secvar documentation under ibm,opal
V6:
- moved os-secureboot-enforcing to ibm,secureboot
- removed backend node from secvar node
- updated documentation on secvar node compatible
|
|
Commit eb86b148 added FSP -> HBRT notify message support. I assumed that
we just need to construct `firmware notify` PRD message and pass it to
HBRT. But HBRT expects OPAL to pass `struct prd_fw_msg` message with
message type PRD_FW_MSG_TYPE_HBRT_FSP.
Fixes: eb86b148 (prd: Implement generic FSP - HBRT interface)
Cc: Daniel M. Crowell <dcrowell@us.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
OPAL_MSG_PRD interface can handle message size <= OPAL_MSG_FIXED_PARAMS_SIZE.
But kernel prd driver had a bug where it will not copy partial data to user
space. This will create problem as opal-prd daemon tries to read message
continuously.
Commit 9cae036fa fixed this issue by enhancing opal-prd to allocate bigger
message size based on device tree.
For backward compatability (new OPAL and old kernel/userspace) lets restrict
OPAL_MSG_PRD messaging interface to send upto 32 bytes data. This is fine
as most of the messages are less than 32 bytes except FSP - HBRT messages
...which is new feature.
Cc: Jeremy Kerr <jk@ozlabs.org>
Cc: Vaidyanathan Srinivasan <svaidy@linux.vnet.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
.. helps in debugging.
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
If you try to allocate an amount of LPC memory that's not a power of 2,
we round the value up to the nearest power of 2.
By the magic of C, "1 << n" gets treated as an int, even if you're
assigning it to a uint64_t.
Change 1 to 1ULL to fix this.
(C, it's great.)
Reported-by: Alastair D'Silva <alistair@d-silva.org>
Cc: skiboot-stable@lists.ozlabs.org
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Setup IRQ and trigger port for each VAS instance. Export these
values through device-tree with 'interrupts' and 'ibm,vas-port'
properties in each VAS device node. Kernel setup IRQ and register
port address for each send window.
Enable 'vas-user-space' NVRAM config to allocate IRQ sources and
provide 'interrupts' property.
nvram -p ibm,skiboot --update-config vas-user-space=enable
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Signed-off-by: Haren Myneni <haren@us.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Soon hostboot/HDAT will provide consistent reserved node name. It will
just provide node name without starting string "ibm,". Commit 50d508c3
made sure that all device tree nodes starts with "ibm,".
But we use hostboot/HDAT provided name for `ibm,prd-label` property. So we
have to fix couple of our `ibm,prd-label` property based search/comparision
to accommodate this change.
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The ibm,chip-id property is not sufficent for Linux to work out the NUMA
node that a pmem region is placed on. Add any nodes that are compatible
with "pmem-region" to the pass where we add affinity information to the
normal memory@ nodes.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
On Aspeed BMCs can be configured to route LPC IO address 0x80 to a GPIO
port. Some systems use this to implement a boot progress indicator, but
not all of them.
There's no easy way to tell if this has been setup or not and if it
hasn't we get an LPC SYNC no-response error from out LPC master. When we
reach Linux and enable interrupts this results in this spurious error
being printed:
LPC[000]: Got SYNC no-response error. Error address reg: 0xd0010082
lpc_probe_write() is intended to catch situations where the peripherial
being written to might not be configured, so use that instead of
lpc_outb() to squash the error.
Cc: Ranga <stewart@flamingspork.com>
Cc: Andrew Jeffery <andrew@aj.id.au>
Acked-by: Andrew Jeffery <andrew@aj.id.au>
[oliver: fixed the test]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
During `opal-prd pm-complex reset` OPAL msglog is filled
with these logs.. which are not useful for debugging. And
Hence lets silence these logs.
Cc: Vaidyanathan Srinivasan <svaidy@linux.vnet.ibm.com>
Cc: Gautham R. Shenoy <ego@linux.vnet.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This allows us to test various combinations of the Linux
spectre/meltdown mitigations.
The default values of the existing settings remain the same.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The following offsets into the ESB MMIO allow to read or manipulate
the PQ bits. They must be used with an 8-byte load instruction. They
all return the previous state of the interrupt (atomically).
Additionally, some ESB pages support doing an EOI via a store and
some ESBs support doing a trigger via a separate trigger page.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
It was used by bringup code only.
Using HW interrupt numbers in a high range was a way to check that HW
interrupt numbers (OPAL) and logical interrupt numbers (Linux) were
not getting mixed in the event queues.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This defines the size of our VP space which is constrained by the
definition of the END structure in the XIVE architecture for POWER9:
#define EQ_W6_NVT_BLOCK PPC_BITMASK32(9,12)
#define EQ_W6_NVT_INDEX PPC_BITMASK32(13,31)
The NVT/VP id is returned to the hypervisor by the OPAL call
opal_xive_get_vp_info() and later pushed in W2 of the OS CAM line when
a vCPU is dispatched on an HW thread.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The pressure relief is disabled (PC_TCTXT_CFG_STORE_ACK) because we
use the same field in the NVT W1 to stash the VP END base index.
We do not need to disable manually the ACK# register in the NVT W5.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
EQ 7 was missing from the cleanup loop.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
When setting the silent/gather escalation for a VP, all EQs [0-6]
should point to the silent EQ 7. Fix the loop in routine
xive_setup_silent_gather() to include EQ 6 which was missing.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The priority number 7 is used in a couple of places but it has
different meanings. It can be the maximum priority number or the
escalation priority number.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Wehn allocating a EQ set for a VP, the EQ base index bit is marked as
allocated even if allocation fails, due to a lack of available pages.
Move bit assignment at the end of xive_alloc_eq_set().
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
These were needed to workaround HW bugs in PHB4 LSIs of POWER9 DD1.0
processors.
HW395455 P9/PHB4: Wrong Interrupt ESB CI Load Opcode Location in 64K
page mode
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
These were needed to workaround HW bugs in PHB4 LSIs of POWER9 DD1.0
processors. Keep the flags in case of a similar issue in the next
generation of the XIVE logic and keep it also for Linux which still
has handlers in its XIVE layer.
However, there is no need to keep the code in POWER9 XIVE driver.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
block group mode is now required, it can not be disabled.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
An indirect table is a one page array of XIVE VSDs pointing to subpages
containing XIVE virtual structures: NVTs, ENDs, EASs or ESBs.
The OPAL XIVE driver uses direct tables for the EAS and ESB tables. The
number of interrupts being 1M, the tables are respectivelly 256K and 8M
per chip. We want the EAS lookup to be fast so we keep this table direct.
The NVT and END are bigger structures (64 and 32 bytes). If the table
were direct, we would use 32M and 32M of OPAL memory per chip. They are
indirect today and Linux allocates the pages on behalf of OPAL when a
new indirect subpage is needed. We plan to increase the NVT space and
END space in P10.
Remove USE_INDIRECT ifdef and associated code not used anymore.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
There is no reason to issue loads on XSCOM when syncing the interrupt
controller. All should be in place to use MMIOs.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The XIVE driver exposes an API to the core OPAL layer and to other
OPAL drivers. This is a minor cleanup preparing ground for future XIVE
logic.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This is moving the definitions of the registers of the P9 XIVE
interrupt controller and the P9 XIVE internal structures in a specific
header file and moving the definitions related to the thread interrupt
context area to a common file.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
CMD_REG should be writable, not read-only. Fix this, initializing it
with a default "unset" value (0xffffffff).
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Add a log line for when the PPE indicates it's not in the ready state,
and make all the SALT lines start with a capital to look nicer.
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Though they are currently identical to the OS, it may become necessary
to distinguish npu3 phbs from npu2 ones at some point. Add a unique
string to the compatible property.
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
npu3_chip_possible_gpus() works by dividing the number of NVLink-mode
bricks by the number of bricks connecting a single GPU. In a system with
no GPUs, the latter value is unknown, so the function returns zero and
we trip a somewhat misleading error message.
The code afterward is safe to execute in any case, so there's no need to
return either. Remove the check entirely.
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
gard tool is not supported on FSP based system. But we can still
run gard tests on FSP based system.
Acked-by: Stewart Smith <stewart@flamingspork.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Previous commit d75e82dbf introduced unnecessary variable/check.
Remove that and add barrier after setting sync_msg to NULL.
Cc: Oliver O'Halloran <oohall@gmail.com>
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Fixes: d75e82dbf (core/ipmi: Fix use-after-free)
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Recent work on Qemu adds support to emulate homer memory region and occ
common area region with respective device models, so remove `QUIRK_NO_PBA`
to enable HOMER/OCC common area region for Qemu emulated PowerNV host.
Introduce `QUIRK_QEMU` in enum proc_chip_quirks that will be used for
future work.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Balamuruhan S <bala24@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|