qemu/hw/acpi/erst.c
Christian A. Ehrhardt defb70980f hw/acpi/erst.c: Fix memory handling issues
- Fix memset argument order: The second argument is
  the value, the length goes last.
- Fix an integer overflow reported by Alexander Bulekov.

Both issues allow the guest to overrun the host buffer
allocated for the ERST memory device.

Cc: Eric DeVolder <eric.devolder@oracle.com
Cc: Alexander Bulekov <alxndr@bu.edu>
Cc: qemu-stable@nongnu.org
Fixes: f7e26ffa59 ("ACPI ERST: support for ACPI ERST feature")
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
Message-Id: <20221024154233.1043347-1-lk@c--e.de>
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1268
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Eric DeVolder <eric.devolder@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-11-07 14:08:17 -05:00

1050 lines
34 KiB
C

/*
* ACPI Error Record Serialization Table, ERST, Implementation
*
* ACPI ERST introduced in ACPI 4.0, June 16, 2009.
* ACPI Platform Error Interfaces : Error Serialization
*
* Copyright (c) 2021 Oracle and/or its affiliates.
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "hw/qdev-core.h"
#include "exec/memory.h"
#include "qom/object.h"
#include "hw/pci/pci.h"
#include "qom/object_interfaces.h"
#include "qemu/error-report.h"
#include "migration/vmstate.h"
#include "hw/qdev-properties.h"
#include "hw/acpi/acpi.h"
#include "hw/acpi/acpi-defs.h"
#include "hw/acpi/aml-build.h"
#include "hw/acpi/bios-linker-loader.h"
#include "exec/address-spaces.h"
#include "sysemu/hostmem.h"
#include "hw/acpi/erst.h"
#include "trace.h"
/* ACPI 4.0: Table 17-16 Serialization Actions */
#define ACTION_BEGIN_WRITE_OPERATION 0x0
#define ACTION_BEGIN_READ_OPERATION 0x1
#define ACTION_BEGIN_CLEAR_OPERATION 0x2
#define ACTION_END_OPERATION 0x3
#define ACTION_SET_RECORD_OFFSET 0x4
#define ACTION_EXECUTE_OPERATION 0x5
#define ACTION_CHECK_BUSY_STATUS 0x6
#define ACTION_GET_COMMAND_STATUS 0x7
#define ACTION_GET_RECORD_IDENTIFIER 0x8
#define ACTION_SET_RECORD_IDENTIFIER 0x9
#define ACTION_GET_RECORD_COUNT 0xA
#define ACTION_BEGIN_DUMMY_WRITE_OPERATION 0xB
#define ACTION_RESERVED 0xC
#define ACTION_GET_ERROR_LOG_ADDRESS_RANGE 0xD
#define ACTION_GET_ERROR_LOG_ADDRESS_LENGTH 0xE
#define ACTION_GET_ERROR_LOG_ADDRESS_RANGE_ATTRIBUTES 0xF
#define ACTION_GET_EXECUTE_OPERATION_TIMINGS 0x10 /* ACPI 6.3 */
/* ACPI 4.0: Table 17-17 Command Status Definitions */
#define STATUS_SUCCESS 0x00
#define STATUS_NOT_ENOUGH_SPACE 0x01
#define STATUS_HARDWARE_NOT_AVAILABLE 0x02
#define STATUS_FAILED 0x03
#define STATUS_RECORD_STORE_EMPTY 0x04
#define STATUS_RECORD_NOT_FOUND 0x05
/* ACPI 4.0: Table 17-19 Serialization Instructions */
#define INST_READ_REGISTER 0x00
#define INST_READ_REGISTER_VALUE 0x01
#define INST_WRITE_REGISTER 0x02
#define INST_WRITE_REGISTER_VALUE 0x03
#define INST_NOOP 0x04
#define INST_LOAD_VAR1 0x05
#define INST_LOAD_VAR2 0x06
#define INST_STORE_VAR1 0x07
#define INST_ADD 0x08
#define INST_SUBTRACT 0x09
#define INST_ADD_VALUE 0x0A
#define INST_SUBTRACT_VALUE 0x0B
#define INST_STALL 0x0C
#define INST_STALL_WHILE_TRUE 0x0D
#define INST_SKIP_NEXT_INSTRUCTION_IF_TRUE 0x0E
#define INST_GOTO 0x0F
#define INST_SET_SRC_ADDRESS_BASE 0x10
#define INST_SET_DST_ADDRESS_BASE 0x11
#define INST_MOVE_DATA 0x12
/* UEFI 2.1: Appendix N Common Platform Error Record */
#define UEFI_CPER_RECORD_MIN_SIZE 128U
#define UEFI_CPER_RECORD_LENGTH_OFFSET 20U
#define UEFI_CPER_RECORD_ID_OFFSET 96U
/*
* NOTE that when accessing CPER fields within a record, memcpy()
* is utilized to avoid a possible misaligned access on the host.
*/
/*
* This implementation is an ACTION (cmd) and VALUE (data)
* interface consisting of just two 64-bit registers.
*/
#define ERST_REG_SIZE (16UL)
#define ERST_ACTION_OFFSET (0UL) /* action (cmd) */
#define ERST_VALUE_OFFSET (8UL) /* argument/value (data) */
/*
* ERST_RECORD_SIZE is the buffer size for exchanging ERST
* record contents. Thus, it defines the maximum record size.
* As this is mapped through a PCI BAR, it must be a power of
* two and larger than UEFI_CPER_RECORD_MIN_SIZE.
* The backing storage is divided into fixed size "slots",
* each ERST_RECORD_SIZE in length, and each "slot"
* storing a single record. No attempt at optimizing storage
* through compression, compaction, etc is attempted.
* NOTE that slot 0 is reserved for the backing storage header.
* Depending upon the size of the backing storage, additional
* slots will be part of the slot 0 header in order to account
* for a record_id for each available remaining slot.
*/
/* 8KiB records, not too small, not too big */
#define ERST_RECORD_SIZE (8192UL)
#define ACPI_ERST_MEMDEV_PROP "memdev"
#define ACPI_ERST_RECORD_SIZE_PROP "record_size"
/*
* From the ACPI ERST spec sections:
* A record id of all 0s is used to indicate 'unspecified' record id.
* A record id of all 1s is used to indicate empty or end.
*/
#define ERST_UNSPECIFIED_RECORD_ID (0UL)
#define ERST_EMPTY_END_RECORD_ID (~0UL)
#define ERST_IS_VALID_RECORD_ID(rid) \
((rid != ERST_UNSPECIFIED_RECORD_ID) && \
(rid != ERST_EMPTY_END_RECORD_ID))
/*
* Implementation-specific definitions and types.
* Values are arbitrary and chosen for this implementation.
* See erst.rst documentation for details.
*/
#define ERST_EXECUTE_OPERATION_MAGIC 0x9CUL
#define ERST_STORE_MAGIC 0x524F545354535245UL /* ERSTSTOR */
typedef struct {
uint64_t magic;
uint32_t record_size;
uint32_t storage_offset; /* offset to record storage beyond header */
uint16_t version;
uint16_t reserved;
uint32_t record_count;
uint64_t map[]; /* contains record_ids, and position indicates index */
} __attribute__((packed)) ERSTStorageHeader;
/*
* Object cast macro
*/
#define ACPIERST(obj) \
OBJECT_CHECK(ERSTDeviceState, (obj), TYPE_ACPI_ERST)
/*
* Main ERST device state structure
*/
typedef struct {
PCIDevice parent_obj;
/* Backend storage */
HostMemoryBackend *hostmem;
MemoryRegion *hostmem_mr;
uint32_t storage_size;
uint32_t default_record_size;
/* Programming registers */
MemoryRegion iomem_mr;
/* Exchange buffer */
MemoryRegion exchange_mr;
/* Interface state */
uint8_t operation;
uint8_t busy_status;
uint8_t command_status;
uint32_t record_offset;
uint64_t reg_action;
uint64_t reg_value;
uint64_t record_identifier;
ERSTStorageHeader *header;
unsigned first_record_index;
unsigned last_record_index;
unsigned next_record_index;
} ERSTDeviceState;
/*******************************************************************/
/*******************************************************************/
typedef struct {
GArray *table_data;
pcibus_t bar;
uint8_t instruction;
uint8_t flags;
uint8_t register_bit_width;
pcibus_t register_offset;
} BuildSerializationInstructionEntry;
/* ACPI 4.0: 17.4.1.2 Serialization Instruction Entries */
static void build_serialization_instruction(
BuildSerializationInstructionEntry *e,
uint8_t serialization_action,
uint64_t value)
{
/* ACPI 4.0: Table 17-18 Serialization Instruction Entry */
struct AcpiGenericAddress gas;
uint64_t mask;
/* Serialization Action */
build_append_int_noprefix(e->table_data, serialization_action, 1);
/* Instruction */
build_append_int_noprefix(e->table_data, e->instruction, 1);
/* Flags */
build_append_int_noprefix(e->table_data, e->flags, 1);
/* Reserved */
build_append_int_noprefix(e->table_data, 0, 1);
/* Register Region */
gas.space_id = AML_SYSTEM_MEMORY;
gas.bit_width = e->register_bit_width;
gas.bit_offset = 0;
gas.access_width = (uint8_t)ctz32(e->register_bit_width) - 2;
gas.address = (uint64_t)(e->bar + e->register_offset);
build_append_gas_from_struct(e->table_data, &gas);
/* Value */
build_append_int_noprefix(e->table_data, value, 8);
/* Mask */
mask = (1ULL << (e->register_bit_width - 1) << 1) - 1;
build_append_int_noprefix(e->table_data, mask, 8);
}
/* ACPI 4.0: 17.4.1 Serialization Action Table */
void build_erst(GArray *table_data, BIOSLinker *linker, Object *erst_dev,
const char *oem_id, const char *oem_table_id)
{
/*
* Serialization Action Table
* The serialization action table must be generated first
* so that its size can be known in order to populate the
* Instruction Entry Count field.
*/
unsigned action;
GArray *table_instruction_data = g_array_new(FALSE, FALSE, sizeof(char));
pcibus_t bar0 = pci_get_bar_addr(PCI_DEVICE(erst_dev), 0);
AcpiTable table = { .sig = "ERST", .rev = 1, .oem_id = oem_id,
.oem_table_id = oem_table_id };
/* Contexts for the different ways ACTION and VALUE are accessed */
BuildSerializationInstructionEntry rd_value_32_val = {
.table_data = table_instruction_data, .bar = bar0, .flags = 0,
.instruction = INST_READ_REGISTER_VALUE,
.register_bit_width = 32,
.register_offset = ERST_VALUE_OFFSET,
};
BuildSerializationInstructionEntry rd_value_32 = {
.table_data = table_instruction_data, .bar = bar0, .flags = 0,
.instruction = INST_READ_REGISTER,
.register_bit_width = 32,
.register_offset = ERST_VALUE_OFFSET,
};
BuildSerializationInstructionEntry rd_value_64 = {
.table_data = table_instruction_data, .bar = bar0, .flags = 0,
.instruction = INST_READ_REGISTER,
.register_bit_width = 64,
.register_offset = ERST_VALUE_OFFSET,
};
BuildSerializationInstructionEntry wr_value_32_val = {
.table_data = table_instruction_data, .bar = bar0, .flags = 0,
.instruction = INST_WRITE_REGISTER_VALUE,
.register_bit_width = 32,
.register_offset = ERST_VALUE_OFFSET,
};
BuildSerializationInstructionEntry wr_value_32 = {
.table_data = table_instruction_data, .bar = bar0, .flags = 0,
.instruction = INST_WRITE_REGISTER,
.register_bit_width = 32,
.register_offset = ERST_VALUE_OFFSET,
};
BuildSerializationInstructionEntry wr_value_64 = {
.table_data = table_instruction_data, .bar = bar0, .flags = 0,
.instruction = INST_WRITE_REGISTER,
.register_bit_width = 64,
.register_offset = ERST_VALUE_OFFSET,
};
BuildSerializationInstructionEntry wr_action = {
.table_data = table_instruction_data, .bar = bar0, .flags = 0,
.instruction = INST_WRITE_REGISTER_VALUE,
.register_bit_width = 32,
.register_offset = ERST_ACTION_OFFSET,
};
trace_acpi_erst_pci_bar_0(bar0);
/* Serialization Instruction Entries */
action = ACTION_BEGIN_WRITE_OPERATION;
build_serialization_instruction(&wr_action, action, action);
action = ACTION_BEGIN_READ_OPERATION;
build_serialization_instruction(&wr_action, action, action);
action = ACTION_BEGIN_CLEAR_OPERATION;
build_serialization_instruction(&wr_action, action, action);
action = ACTION_END_OPERATION;
build_serialization_instruction(&wr_action, action, action);
action = ACTION_SET_RECORD_OFFSET;
build_serialization_instruction(&wr_value_32, action, 0);
build_serialization_instruction(&wr_action, action, action);
action = ACTION_EXECUTE_OPERATION;
build_serialization_instruction(&wr_value_32_val, action,
ERST_EXECUTE_OPERATION_MAGIC);
build_serialization_instruction(&wr_action, action, action);
action = ACTION_CHECK_BUSY_STATUS;
build_serialization_instruction(&wr_action, action, action);
build_serialization_instruction(&rd_value_32_val, action, 0x01);
action = ACTION_GET_COMMAND_STATUS;
build_serialization_instruction(&wr_action, action, action);
build_serialization_instruction(&rd_value_32, action, 0);
action = ACTION_GET_RECORD_IDENTIFIER;
build_serialization_instruction(&wr_action, action, action);
build_serialization_instruction(&rd_value_64, action, 0);
action = ACTION_SET_RECORD_IDENTIFIER;
build_serialization_instruction(&wr_value_64, action, 0);
build_serialization_instruction(&wr_action, action, action);
action = ACTION_GET_RECORD_COUNT;
build_serialization_instruction(&wr_action, action, action);
build_serialization_instruction(&rd_value_32, action, 0);
action = ACTION_BEGIN_DUMMY_WRITE_OPERATION;
build_serialization_instruction(&wr_action, action, action);
action = ACTION_GET_ERROR_LOG_ADDRESS_RANGE;
build_serialization_instruction(&wr_action, action, action);
build_serialization_instruction(&rd_value_64, action, 0);
action = ACTION_GET_ERROR_LOG_ADDRESS_LENGTH;
build_serialization_instruction(&wr_action, action, action);
build_serialization_instruction(&rd_value_64, action, 0);
action = ACTION_GET_ERROR_LOG_ADDRESS_RANGE_ATTRIBUTES;
build_serialization_instruction(&wr_action, action, action);
build_serialization_instruction(&rd_value_32, action, 0);
action = ACTION_GET_EXECUTE_OPERATION_TIMINGS;
build_serialization_instruction(&wr_action, action, action);
build_serialization_instruction(&rd_value_64, action, 0);
/* Serialization Header */
acpi_table_begin(&table, table_data);
/* Serialization Header Size */
build_append_int_noprefix(table_data, 48, 4);
/* Reserved */
build_append_int_noprefix(table_data, 0, 4);
/*
* Instruction Entry Count
* Each instruction entry is 32 bytes
*/
g_assert((table_instruction_data->len) % 32 == 0);
build_append_int_noprefix(table_data,
(table_instruction_data->len / 32), 4);
/* Serialization Instruction Entries */
g_array_append_vals(table_data, table_instruction_data->data,
table_instruction_data->len);
g_array_free(table_instruction_data, TRUE);
acpi_table_end(linker, &table);
}
/*******************************************************************/
/*******************************************************************/
static uint8_t *get_nvram_ptr_by_index(ERSTDeviceState *s, unsigned index)
{
uint8_t *rc = NULL;
off_t offset = (index * le32_to_cpu(s->header->record_size));
g_assert(offset < s->storage_size);
rc = memory_region_get_ram_ptr(s->hostmem_mr);
rc += offset;
return rc;
}
static void make_erst_storage_header(ERSTDeviceState *s)
{
ERSTStorageHeader *header = s->header;
unsigned mapsz, headersz;
header->magic = cpu_to_le64(ERST_STORE_MAGIC);
header->record_size = cpu_to_le32(s->default_record_size);
header->version = cpu_to_le16(0x0100);
header->reserved = cpu_to_le16(0x0000);
/* Compute mapsize */
mapsz = s->storage_size / s->default_record_size;
mapsz *= sizeof(uint64_t);
/* Compute header+map size */
headersz = sizeof(ERSTStorageHeader) + mapsz;
/* Round up to nearest integer multiple of ERST_RECORD_SIZE */
headersz = QEMU_ALIGN_UP(headersz, s->default_record_size);
header->storage_offset = cpu_to_le32(headersz);
/*
* The HostMemoryBackend initializes contents to zero,
* so all record_ids stashed in the map are zero'd.
* As well the record_count is zero. Properly initialized.
*/
}
static void check_erst_backend_storage(ERSTDeviceState *s, Error **errp)
{
ERSTStorageHeader *header;
uint32_t record_size;
header = memory_region_get_ram_ptr(s->hostmem_mr);
s->header = header;
/* Ensure pointer to header is 64-bit aligned */
g_assert(QEMU_PTR_IS_ALIGNED(header, sizeof(uint64_t)));
/*
* Check if header is uninitialized; HostMemoryBackend inits to 0
*/
if (le64_to_cpu(header->magic) == 0UL) {
make_erst_storage_header(s);
}
/* Validity check record_size */
record_size = le32_to_cpu(header->record_size);
if (!(
(record_size) && /* non zero */
(record_size >= UEFI_CPER_RECORD_MIN_SIZE) &&
(((record_size - 1) & record_size) == 0) && /* is power of 2 */
(record_size >= 4096) /* PAGE_SIZE */
)) {
error_setg(errp, "ERST record_size %u is invalid", record_size);
return;
}
/* Validity check header */
if (!(
(le64_to_cpu(header->magic) == ERST_STORE_MAGIC) &&
((le32_to_cpu(header->storage_offset) % record_size) == 0) &&
(le16_to_cpu(header->version) == 0x0100) &&
(le16_to_cpu(header->reserved) == 0)
)) {
error_setg(errp, "ERST backend storage header is invalid");
return;
}
/* Check storage_size against record_size */
if (((s->storage_size % record_size) != 0) ||
(record_size > s->storage_size)) {
error_setg(errp, "ACPI ERST requires storage size be multiple of "
"record size (%uKiB)", record_size);
return;
}
/* Compute offset of first and last record storage slot */
s->first_record_index = le32_to_cpu(header->storage_offset)
/ record_size;
s->last_record_index = (s->storage_size / record_size);
}
static void update_map_entry(ERSTDeviceState *s, unsigned index,
uint64_t record_id)
{
if (index < s->last_record_index) {
s->header->map[index] = cpu_to_le64(record_id);
}
}
static unsigned find_next_empty_record_index(ERSTDeviceState *s)
{
unsigned rc = 0; /* 0 not a valid index */
unsigned index = s->first_record_index;
for (; index < s->last_record_index; ++index) {
if (le64_to_cpu(s->header->map[index]) == ERST_UNSPECIFIED_RECORD_ID) {
rc = index;
break;
}
}
return rc;
}
static unsigned lookup_erst_record(ERSTDeviceState *s,
uint64_t record_identifier)
{
unsigned rc = 0; /* 0 not a valid index */
/* Find the record_identifier in the map */
if (record_identifier != ERST_UNSPECIFIED_RECORD_ID) {
/*
* Count number of valid records encountered, and
* short-circuit the loop if identifier not found
*/
uint32_t record_count = le32_to_cpu(s->header->record_count);
unsigned count = 0;
unsigned index;
for (index = s->first_record_index; index < s->last_record_index &&
count < record_count; ++index) {
if (le64_to_cpu(s->header->map[index]) == record_identifier) {
rc = index;
break;
}
if (le64_to_cpu(s->header->map[index]) !=
ERST_UNSPECIFIED_RECORD_ID) {
++count;
}
}
}
return rc;
}
/*
* ACPI 4.0: 17.4.1.1 Serialization Actions, also see
* ACPI 4.0: 17.4.2.2 Operations - Reading 6.c and 2.c
*/
static unsigned get_next_record_identifier(ERSTDeviceState *s,
uint64_t *record_identifier, bool first)
{
unsigned found = 0;
unsigned index;
/* For operations needing to return 'first' record identifier */
if (first) {
/* Reset initial index to beginning */
s->next_record_index = s->first_record_index;
}
index = s->next_record_index;
*record_identifier = ERST_EMPTY_END_RECORD_ID;
if (le32_to_cpu(s->header->record_count)) {
for (; index < s->last_record_index; ++index) {
if (le64_to_cpu(s->header->map[index]) !=
ERST_UNSPECIFIED_RECORD_ID) {
/* where to start next time */
s->next_record_index = index + 1;
*record_identifier = le64_to_cpu(s->header->map[index]);
found = 1;
break;
}
}
}
if (!found) {
/* at end (ie scan complete), reset */
s->next_record_index = s->first_record_index;
}
return STATUS_SUCCESS;
}
/* ACPI 4.0: 17.4.2.3 Operations - Clearing */
static unsigned clear_erst_record(ERSTDeviceState *s)
{
unsigned rc = STATUS_RECORD_NOT_FOUND;
unsigned index;
/* Check for valid record identifier */
if (!ERST_IS_VALID_RECORD_ID(s->record_identifier)) {
return STATUS_FAILED;
}
index = lookup_erst_record(s, s->record_identifier);
if (index) {
/* No need to wipe record, just invalidate its map entry */
uint32_t record_count;
update_map_entry(s, index, ERST_UNSPECIFIED_RECORD_ID);
record_count = le32_to_cpu(s->header->record_count);
record_count -= 1;
s->header->record_count = cpu_to_le32(record_count);
rc = STATUS_SUCCESS;
}
return rc;
}
/* ACPI 4.0: 17.4.2.2 Operations - Reading */
static unsigned read_erst_record(ERSTDeviceState *s)
{
unsigned rc = STATUS_RECORD_NOT_FOUND;
unsigned exchange_length;
unsigned index;
/* Check if backend storage is empty */
if (le32_to_cpu(s->header->record_count) == 0) {
return STATUS_RECORD_STORE_EMPTY;
}
exchange_length = memory_region_size(&s->exchange_mr);
/* Check for record identifier of all 0s */
if (s->record_identifier == ERST_UNSPECIFIED_RECORD_ID) {
/* Set to 'first' record in storage */
get_next_record_identifier(s, &s->record_identifier, true);
/* record_identifier is now a valid id, or all 1s */
}
/* Check for record identifier of all 1s */
if (s->record_identifier == ERST_EMPTY_END_RECORD_ID) {
return STATUS_FAILED;
}
/* Validate record_offset */
if (s->record_offset > (exchange_length - UEFI_CPER_RECORD_MIN_SIZE)) {
return STATUS_FAILED;
}
index = lookup_erst_record(s, s->record_identifier);
if (index) {
uint8_t *nvram;
uint8_t *exchange;
uint32_t record_length;
/* Obtain pointer to the exchange buffer */
exchange = memory_region_get_ram_ptr(&s->exchange_mr);
exchange += s->record_offset;
/* Obtain pointer to slot in storage */
nvram = get_nvram_ptr_by_index(s, index);
/* Validate CPER record_length */
memcpy((uint8_t *)&record_length,
&nvram[UEFI_CPER_RECORD_LENGTH_OFFSET],
sizeof(uint32_t));
record_length = le32_to_cpu(record_length);
if (record_length < UEFI_CPER_RECORD_MIN_SIZE) {
rc = STATUS_FAILED;
}
if (record_length > exchange_length - s->record_offset) {
rc = STATUS_FAILED;
}
/* If all is ok, copy the record to the exchange buffer */
if (rc != STATUS_FAILED) {
memcpy(exchange, nvram, record_length);
rc = STATUS_SUCCESS;
}
} else {
/*
* See "Reading : 'The steps performed by the platform ...' 2.c"
* Set to 'first' record in storage
*/
get_next_record_identifier(s, &s->record_identifier, true);
}
return rc;
}
/* ACPI 4.0: 17.4.2.1 Operations - Writing */
static unsigned write_erst_record(ERSTDeviceState *s)
{
unsigned rc = STATUS_FAILED;
unsigned exchange_length;
unsigned index;
uint64_t record_identifier;
uint32_t record_length;
uint8_t *exchange;
uint8_t *nvram = NULL;
bool record_found = false;
exchange_length = memory_region_size(&s->exchange_mr);
/* Validate record_offset */
if (s->record_offset > (exchange_length - UEFI_CPER_RECORD_MIN_SIZE)) {
return STATUS_FAILED;
}
/* Obtain pointer to record in the exchange buffer */
exchange = memory_region_get_ram_ptr(&s->exchange_mr);
exchange += s->record_offset;
/* Validate CPER record_length */
memcpy((uint8_t *)&record_length, &exchange[UEFI_CPER_RECORD_LENGTH_OFFSET],
sizeof(uint32_t));
record_length = le32_to_cpu(record_length);
if (record_length < UEFI_CPER_RECORD_MIN_SIZE) {
return STATUS_FAILED;
}
if (record_length > exchange_length - s->record_offset) {
return STATUS_FAILED;
}
/* Extract record identifier */
memcpy((uint8_t *)&record_identifier, &exchange[UEFI_CPER_RECORD_ID_OFFSET],
sizeof(uint64_t));
record_identifier = le64_to_cpu(record_identifier);
/* Check for valid record identifier */
if (!ERST_IS_VALID_RECORD_ID(record_identifier)) {
return STATUS_FAILED;
}
index = lookup_erst_record(s, record_identifier);
if (index) {
/* Record found, overwrite existing record */
nvram = get_nvram_ptr_by_index(s, index);
record_found = true;
} else {
/* Record not found, not an overwrite, allocate for write */
index = find_next_empty_record_index(s);
if (index) {
nvram = get_nvram_ptr_by_index(s, index);
} else {
/* All slots are occupied */
rc = STATUS_NOT_ENOUGH_SPACE;
}
}
if (nvram) {
/* Write the record into the slot */
memcpy(nvram, exchange, record_length);
memset(nvram + record_length, 0xFF, exchange_length - record_length);
/* If a new record, increment the record_count */
if (!record_found) {
uint32_t record_count;
record_count = le32_to_cpu(s->header->record_count);
record_count += 1; /* writing new record */
s->header->record_count = cpu_to_le32(record_count);
}
update_map_entry(s, index, record_identifier);
rc = STATUS_SUCCESS;
}
return rc;
}
/*******************************************************************/
static uint64_t erst_rd_reg64(hwaddr addr,
uint64_t reg, unsigned size)
{
uint64_t rdval;
uint64_t mask;
unsigned shift;
if (size == sizeof(uint64_t)) {
/* 64b access */
mask = 0xFFFFFFFFFFFFFFFFUL;
shift = 0;
} else {
/* 32b access */
mask = 0x00000000FFFFFFFFUL;
shift = ((addr & 0x4) == 0x4) ? 32 : 0;
}
rdval = reg;
rdval >>= shift;
rdval &= mask;
return rdval;
}
static uint64_t erst_wr_reg64(hwaddr addr,
uint64_t reg, uint64_t val, unsigned size)
{
uint64_t wrval;
uint64_t mask;
unsigned shift;
if (size == sizeof(uint64_t)) {
/* 64b access */
mask = 0xFFFFFFFFFFFFFFFFUL;
shift = 0;
} else {
/* 32b access */
mask = 0x00000000FFFFFFFFUL;
shift = ((addr & 0x4) == 0x4) ? 32 : 0;
}
val &= mask;
val <<= shift;
mask <<= shift;
wrval = reg;
wrval &= ~mask;
wrval |= val;
return wrval;
}
static void erst_reg_write(void *opaque, hwaddr addr,
uint64_t val, unsigned size)
{
ERSTDeviceState *s = (ERSTDeviceState *)opaque;
/*
* NOTE: All actions/operations/side effects happen on the WRITE,
* by this implementation's design. The READs simply return the
* reg_value contents.
*/
trace_acpi_erst_reg_write(addr, val, size);
switch (addr) {
case ERST_VALUE_OFFSET + 0:
case ERST_VALUE_OFFSET + 4:
s->reg_value = erst_wr_reg64(addr, s->reg_value, val, size);
break;
case ERST_ACTION_OFFSET + 0:
/*
* NOTE: all valid values written to this register are of the
* ACTION_* variety. Thus there is no need to make this a 64-bit
* register, 32-bits is appropriate. As such ERST_ACTION_OFFSET+4
* is not needed.
*/
switch (val) {
case ACTION_BEGIN_WRITE_OPERATION:
case ACTION_BEGIN_READ_OPERATION:
case ACTION_BEGIN_CLEAR_OPERATION:
case ACTION_BEGIN_DUMMY_WRITE_OPERATION:
case ACTION_END_OPERATION:
s->operation = val;
break;
case ACTION_SET_RECORD_OFFSET:
s->record_offset = s->reg_value;
break;
case ACTION_EXECUTE_OPERATION:
if ((uint8_t)s->reg_value == ERST_EXECUTE_OPERATION_MAGIC) {
s->busy_status = 1;
switch (s->operation) {
case ACTION_BEGIN_WRITE_OPERATION:
s->command_status = write_erst_record(s);
break;
case ACTION_BEGIN_READ_OPERATION:
s->command_status = read_erst_record(s);
break;
case ACTION_BEGIN_CLEAR_OPERATION:
s->command_status = clear_erst_record(s);
break;
case ACTION_BEGIN_DUMMY_WRITE_OPERATION:
s->command_status = STATUS_SUCCESS;
break;
case ACTION_END_OPERATION:
s->command_status = STATUS_SUCCESS;
break;
default:
s->command_status = STATUS_FAILED;
break;
}
s->busy_status = 0;
}
break;
case ACTION_CHECK_BUSY_STATUS:
s->reg_value = s->busy_status;
break;
case ACTION_GET_COMMAND_STATUS:
s->reg_value = s->command_status;
break;
case ACTION_GET_RECORD_IDENTIFIER:
s->command_status = get_next_record_identifier(s,
&s->reg_value, false);
break;
case ACTION_SET_RECORD_IDENTIFIER:
s->record_identifier = s->reg_value;
break;
case ACTION_GET_RECORD_COUNT:
s->reg_value = le32_to_cpu(s->header->record_count);
break;
case ACTION_GET_ERROR_LOG_ADDRESS_RANGE:
s->reg_value = (hwaddr)pci_get_bar_addr(PCI_DEVICE(s), 1);
break;
case ACTION_GET_ERROR_LOG_ADDRESS_LENGTH:
s->reg_value = le32_to_cpu(s->header->record_size);
break;
case ACTION_GET_ERROR_LOG_ADDRESS_RANGE_ATTRIBUTES:
s->reg_value = 0x0; /* intentional, not NVRAM mode */
break;
case ACTION_GET_EXECUTE_OPERATION_TIMINGS:
s->reg_value =
(100ULL << 32) | /* 100us max time */
(10ULL << 0) ; /* 10us min time */
break;
default:
/* Unknown action/command, NOP */
break;
}
break;
default:
/* This should not happen, but if it does, NOP */
break;
}
}
static uint64_t erst_reg_read(void *opaque, hwaddr addr,
unsigned size)
{
ERSTDeviceState *s = (ERSTDeviceState *)opaque;
uint64_t val = 0;
switch (addr) {
case ERST_ACTION_OFFSET + 0:
case ERST_ACTION_OFFSET + 4:
val = erst_rd_reg64(addr, s->reg_action, size);
break;
case ERST_VALUE_OFFSET + 0:
case ERST_VALUE_OFFSET + 4:
val = erst_rd_reg64(addr, s->reg_value, size);
break;
default:
break;
}
trace_acpi_erst_reg_read(addr, val, size);
return val;
}
static const MemoryRegionOps erst_reg_ops = {
.read = erst_reg_read,
.write = erst_reg_write,
.endianness = DEVICE_NATIVE_ENDIAN,
};
/*******************************************************************/
/*******************************************************************/
static int erst_post_load(void *opaque, int version_id)
{
ERSTDeviceState *s = opaque;
/* Recompute pointer to header */
s->header = (ERSTStorageHeader *)get_nvram_ptr_by_index(s, 0);
trace_acpi_erst_post_load(s->header, le32_to_cpu(s->header->record_size));
return 0;
}
static const VMStateDescription erst_vmstate = {
.name = "acpi-erst",
.version_id = 1,
.minimum_version_id = 1,
.post_load = erst_post_load,
.fields = (VMStateField[]) {
VMSTATE_UINT8(operation, ERSTDeviceState),
VMSTATE_UINT8(busy_status, ERSTDeviceState),
VMSTATE_UINT8(command_status, ERSTDeviceState),
VMSTATE_UINT32(record_offset, ERSTDeviceState),
VMSTATE_UINT64(reg_action, ERSTDeviceState),
VMSTATE_UINT64(reg_value, ERSTDeviceState),
VMSTATE_UINT64(record_identifier, ERSTDeviceState),
VMSTATE_UINT32(next_record_index, ERSTDeviceState),
VMSTATE_END_OF_LIST()
}
};
static void erst_realizefn(PCIDevice *pci_dev, Error **errp)
{
ERSTDeviceState *s = ACPIERST(pci_dev);
trace_acpi_erst_realizefn_in();
if (!s->hostmem) {
error_setg(errp, "'" ACPI_ERST_MEMDEV_PROP "' property is not set");
return;
} else if (host_memory_backend_is_mapped(s->hostmem)) {
error_setg(errp, "can't use already busy memdev: %s",
object_get_canonical_path_component(OBJECT(s->hostmem)));
return;
}
s->hostmem_mr = host_memory_backend_get_memory(s->hostmem);
/* HostMemoryBackend size will be multiple of PAGE_SIZE */
s->storage_size = object_property_get_int(OBJECT(s->hostmem), "size", errp);
/* Initialize backend storage and record_count */
check_erst_backend_storage(s, errp);
/* BAR 0: Programming registers */
memory_region_init_io(&s->iomem_mr, OBJECT(pci_dev), &erst_reg_ops, s,
TYPE_ACPI_ERST, ERST_REG_SIZE);
pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->iomem_mr);
/* BAR 1: Exchange buffer memory */
memory_region_init_ram(&s->exchange_mr, OBJECT(pci_dev),
"erst.exchange",
le32_to_cpu(s->header->record_size), errp);
pci_register_bar(pci_dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY,
&s->exchange_mr);
/* Include the backend storage in the migration stream */
vmstate_register_ram_global(s->hostmem_mr);
trace_acpi_erst_realizefn_out(s->storage_size);
}
static void erst_reset(DeviceState *dev)
{
ERSTDeviceState *s = ACPIERST(dev);
trace_acpi_erst_reset_in(le32_to_cpu(s->header->record_count));
s->operation = 0;
s->busy_status = 0;
s->command_status = STATUS_SUCCESS;
s->record_identifier = ERST_UNSPECIFIED_RECORD_ID;
s->record_offset = 0;
s->next_record_index = s->first_record_index;
/* NOTE: first/last_record_index are computed only once */
trace_acpi_erst_reset_out(le32_to_cpu(s->header->record_count));
}
static Property erst_properties[] = {
DEFINE_PROP_LINK(ACPI_ERST_MEMDEV_PROP, ERSTDeviceState, hostmem,
TYPE_MEMORY_BACKEND, HostMemoryBackend *),
DEFINE_PROP_UINT32(ACPI_ERST_RECORD_SIZE_PROP, ERSTDeviceState,
default_record_size, ERST_RECORD_SIZE),
DEFINE_PROP_END_OF_LIST(),
};
static void erst_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
trace_acpi_erst_class_init_in();
k->realize = erst_realizefn;
k->vendor_id = PCI_VENDOR_ID_REDHAT;
k->device_id = PCI_DEVICE_ID_REDHAT_ACPI_ERST;
k->revision = 0x00;
k->class_id = PCI_CLASS_OTHERS;
dc->reset = erst_reset;
dc->vmsd = &erst_vmstate;
dc->user_creatable = true;
dc->hotpluggable = false;
device_class_set_props(dc, erst_properties);
dc->desc = "ACPI Error Record Serialization Table (ERST) device";
set_bit(DEVICE_CATEGORY_MISC, dc->categories);
trace_acpi_erst_class_init_out();
}
static const TypeInfo erst_type_info = {
.name = TYPE_ACPI_ERST,
.parent = TYPE_PCI_DEVICE,
.class_init = erst_class_init,
.instance_size = sizeof(ERSTDeviceState),
.interfaces = (InterfaceInfo[]) {
{ INTERFACE_CONVENTIONAL_PCI_DEVICE },
{ }
}
};
static void erst_register_types(void)
{
type_register_static(&erst_type_info);
}
type_init(erst_register_types)