From: "Kweh, Hock Leong" <[email protected]>
Hi Guys,
This patchset is created on top of "efi: Capsule update support" patch:
http://permalink.gmane.org/gmane.linux.kernel.efi/4837
It leverages the request_firmware_nowait() to expose the user helper interface for user to upload the capsule binary and calling the
efi_capsule_update() API to pass the binary to EFI firmware.
Besides build in kernel, the design also cater for build as kernel driver module. This patchset introduce a new API (request_firmware_abort()) at firmware_class so that the driver module could be unloaded by calling the API to properly stop user helper interface and release the device.
Thanks.
---
changelog v2:
[PATCH 1/3]
* use fw_lookup_buf() instead of __fw_lookup_buf() function call
* move the fw_lookup_buf() function out of the CONFIG_PM_SLEEP block
[PATCH 2/3]
* no change
[PATCH 3/3]
* no change
Kweh, Hock Leong (3):
firmware loader: Introduce new API - request_firmware_abort()
firmware loader: fix hung task warning dump
efi: Capsule update with user helper interface
drivers/base/firmware_class.c | 56 ++++--
drivers/firmware/efi/Kconfig | 13 ++
drivers/firmware/efi/Makefile | 1 +
drivers/firmware/efi/efi-capsule-user-helper.c | 246 ++++++++++++++++++++++++
include/linux/firmware.h | 4 +
5 files changed, 306 insertions(+), 14 deletions(-)
create mode 100644 drivers/firmware/efi/efi-capsule-user-helper.c
--
1.7.9.5
From: "Kweh, Hock Leong" <[email protected]>
Introducing a kernel module to expose user helper interface for
user to upload capsule binaries. This module leverage the
request_firmware_nowait() to expose an interface to user.
Example steps to load the capsule binary:
1.) echo 1 > /sys/class/firmware/efi-capsule-file/loading
2.) cat capsule.bin > /sys/class/firmware/efi-capsule-file/data
3.) echo 0 > /sys/class/firmware/efi-capsule-file/loading
Whereas, this module does not allow the capsule binaries to be
obtained from the request_firmware library search path. If any
capsule binary loaded from firmware seach path, the module will
stop functioning.
Besides the request_firmware user helper interface, this module
also expose a 'capsule_loaded' file note for user to verify
the number of successfully uploaded capsule binaries. This
file note has the read only attribute.
Cc: Matt Fleming <[email protected]>
Signed-off-by: Kweh, Hock Leong <[email protected]>
---
drivers/firmware/efi/Kconfig | 13 ++
drivers/firmware/efi/Makefile | 1 +
drivers/firmware/efi/efi-capsule-user-helper.c | 246 ++++++++++++++++++++++++
3 files changed, 260 insertions(+)
create mode 100644 drivers/firmware/efi/efi-capsule-user-helper.c
diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index f712d47..7dc814e 100644
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -60,6 +60,19 @@ config EFI_RUNTIME_WRAPPERS
config EFI_ARMSTUB
bool
+config EFI_CAPSULE_USER_HELPER
+ tristate "EFI capsule user mode helper"
+ depends on EFI
+ select FW_LOADER
+ select FW_LOADER_USER_HELPER
+ help
+ This option exposes the user mode helper interface for user to load
+ EFI capsule binary and update the EFI firmware after system reboot.
+ This feature does not support auto locating capsule binaries at the
+ firmware lib search path.
+
+ If unsure, say N.
+
endmenu
config UEFI_CPER
diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
index 698846e..63f6910 100644
--- a/drivers/firmware/efi/Makefile
+++ b/drivers/firmware/efi/Makefile
@@ -8,3 +8,4 @@ obj-$(CONFIG_UEFI_CPER) += cper.o
obj-$(CONFIG_EFI_RUNTIME_MAP) += runtime-map.o
obj-$(CONFIG_EFI_RUNTIME_WRAPPERS) += runtime-wrappers.o
obj-$(CONFIG_EFI_STUB) += libstub/
+obj-$(CONFIG_EFI_CAPSULE_USER_HELPER) += efi-capsule-user-helper.o
diff --git a/drivers/firmware/efi/efi-capsule-user-helper.c b/drivers/firmware/efi/efi-capsule-user-helper.c
new file mode 100644
index 0000000..84a1628
--- /dev/null
+++ b/drivers/firmware/efi/efi-capsule-user-helper.c
@@ -0,0 +1,246 @@
+/*
+ * EFI capsule user mode helper interface driver.
+ *
+ * Copyright 2014 Intel Corporation
+ *
+ * This file is part of the Linux kernel, and is made available under
+ * the terms of the GNU General Public License version 2.
+ */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/platform_device.h>
+#include <linux/delay.h>
+#include <linux/highmem.h>
+#include <linux/slab.h>
+#include <linux/mutex.h>
+#include <linux/reboot.h>
+#include <linux/efi.h>
+#include <linux/firmware.h>
+
+#define CAPSULE_NAME "efi-capsule-file"
+#define DEV_NAME "efi_capsule_user_helper"
+#define STRING_INTEGER_MAX_LENGTH 13
+
+static DEFINE_MUTEX(user_helper_lock);
+static int capsule_count;
+static int stop_request;
+static struct platform_device *efi_capsule_pdev;
+
+/*
+ * This function will store the capsule binary and pass it to
+ * efi_capsule_update() API in capsule.c
+ */
+static int efi_capsule_store(const struct firmware *fw)
+{
+ int i;
+ int ret;
+ int count = fw->size;
+ int copy_size = (fw->size > PAGE_SIZE) ? PAGE_SIZE : fw->size;
+ int pages_needed = ALIGN(fw->size, PAGE_SIZE) >> PAGE_SHIFT;
+ struct page **pages;
+ void *page_data;
+ efi_capsule_header_t *capsule = NULL;
+
+ pages = kmalloc_array(pages_needed, sizeof(void *), GFP_KERNEL);
+ if (!pages) {
+ pr_err("%s: kmalloc_array() failed\n", __func__);
+ return -ENOMEM;
+ }
+
+ for (i = 0; i < pages_needed; i++) {
+ pages[i] = alloc_page(GFP_KERNEL);
+ if (!pages[i]) {
+ pr_err("%s: alloc_page() failed\n", __func__);
+ --i;
+ ret = -ENOMEM;
+ goto failed;
+ }
+ }
+
+ for (i = 0; i < pages_needed; i++) {
+ page_data = kmap(pages[i]);
+ memcpy(page_data, fw->data + (i * PAGE_SIZE), copy_size);
+
+ if (i == 0)
+ capsule = (efi_capsule_header_t *)page_data;
+ else
+ kunmap(pages[i]);
+
+ count -= copy_size;
+ if (count < PAGE_SIZE)
+ copy_size = count;
+ }
+
+ ret = efi_capsule_update(capsule, pages);
+ if (ret) {
+ pr_err("%s: efi_capsule_update() failed\n", __func__);
+ --i;
+ goto failed;
+ }
+ ++capsule_count;
+ kunmap(pages[0]);
+
+ /*
+ * we cannot free the pages here due to reboot need that data
+ * maintained.
+ */
+ return 0;
+
+failed:
+ while (i >= 0)
+ __free_page(pages[i--]);
+ kfree(pages);
+ return ret;
+}
+
+/*
+ * This callback function will be called by request_firmware_nowait() when
+ * user has loaded the capsule binary or aborted user helper interface
+ */
+static void callbackfn_efi_capsule(const struct firmware *fw, void *context)
+{
+ int ret = 0;
+
+ if (fw) {
+ /*
+ * Binary not getting from user helper interface, fw->pages
+ * is equal to NULL
+ */
+ if (!fw->pages) {
+ pr_err("%s: ERROR: Capsule binary '%s' at %s\n",
+ __func__, CAPSULE_NAME,
+ "firmware lib search path are not supported");
+ pr_err("user helper interface disabled\n");
+ stop_request = 1;
+ } else {
+ efi_capsule_store(fw);
+ }
+ release_firmware(fw);
+ }
+
+ mutex_lock(&user_helper_lock);
+ if (!stop_request) {
+ ret = request_firmware_nowait(THIS_MODULE,
+ FW_ACTION_NOHOTPLUG,
+ CAPSULE_NAME,
+ &efi_capsule_pdev->dev,
+ GFP_KERNEL, NULL,
+ callbackfn_efi_capsule);
+ if (ret) {
+ pr_err("%s: request_firmware_nowait() failed\n",
+ __func__);
+ }
+ }
+ mutex_unlock(&user_helper_lock);
+}
+
+static ssize_t capsule_loaded_show(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ return snprintf(buf, STRING_INTEGER_MAX_LENGTH, "%d\n", capsule_count);
+}
+
+static DEVICE_ATTR_RO(capsule_loaded);
+
+/* stop user helper interface for reboot or module unload */
+static void capsule_stop_user_helper(void)
+{
+ mutex_lock(&user_helper_lock);
+ stop_request = 1;
+ mutex_unlock(&user_helper_lock);
+ request_firmware_abort(CAPSULE_NAME);
+}
+
+/* reboot notifier for avoid deadlock with usermode_lock */
+static int capsule_shutdown_notify(struct notifier_block *nb,
+ unsigned long sys_state,
+ void *reboot_cmd)
+{
+ capsule_stop_user_helper();
+ return NOTIFY_DONE;
+}
+
+static struct notifier_block capsule_shutdown_nb = {
+ .notifier_call = capsule_shutdown_notify,
+ /*
+ * In order to reboot properly, it is required to ensure the priority
+ * here is higher than firmware_class fw_shutdown_nb priority
+ */
+ .priority = 1,
+};
+
+/*
+ * Use request_firmware_nowait() exposing an user helper interface to obtain
+ * capsule binary from user space
+ */
+static int __init efi_capsule_user_helper_init(void)
+{
+ int ret;
+
+ register_reboot_notifier(&capsule_shutdown_nb);
+
+ efi_capsule_pdev = platform_device_register_simple(DEV_NAME,
+ PLATFORM_DEVID_NONE,
+ NULL, 0);
+ if (IS_ERR(efi_capsule_pdev)) {
+ pr_err("%s: platform_device_register_simple() failed\n",
+ __func__);
+ return PTR_ERR(efi_capsule_pdev);
+ }
+
+ /*
+ * create this file node for user to check the number of binaries that
+ * are successfully loaded
+ */
+ ret = device_create_file(&efi_capsule_pdev->dev,
+ &dev_attr_capsule_loaded);
+ if (ret) {
+ pr_err("%s: device_create_file() failed\n", __func__);
+ return ret;
+ }
+
+ ret = request_firmware_nowait(THIS_MODULE, FW_ACTION_NOHOTPLUG,
+ CAPSULE_NAME, &efi_capsule_pdev->dev,
+ GFP_KERNEL, NULL, callbackfn_efi_capsule);
+ if (ret) {
+ pr_err("%s: request_firmware_nowait() failed\n", __func__);
+ goto out;
+ }
+
+ return 0;
+
+out:
+ device_remove_file(&efi_capsule_pdev->dev, &dev_attr_capsule_loaded);
+ unregister_reboot_notifier(&capsule_shutdown_nb);
+ return ret;
+}
+module_init(efi_capsule_user_helper_init);
+
+/*
+ * rmmod app itself will stop you to remove the module if the user
+ * helper interface is still exposing. In order to remove this driver,
+ * you are require to do the command as below:
+ * rmmod -f efi_capsule_user_helper.ko
+ */
+static void __exit efi_capsule_user_helper_exit(void)
+{
+ unregister_reboot_notifier(&capsule_shutdown_nb);
+
+ capsule_stop_user_helper();
+ /*
+ * synchronization is needed to make sure request_firmware is fully
+ * aborted
+ */
+ while (efi_capsule_pdev->dev.kobj.kref.refcount.counter > 3)
+ msleep(20); /* avoid busy waiting for cooperative kernel */
+
+ device_remove_file(&efi_capsule_pdev->dev, &dev_attr_capsule_loaded);
+ platform_device_unregister(efi_capsule_pdev);
+}
+module_exit(efi_capsule_user_helper_exit);
+
+MODULE_DESCRIPTION("EFI Capsule user helper binary load utility");
+MODULE_LICENSE("GPL v2");
--
1.7.9.5
From: "Kweh, Hock Leong" <[email protected]>
When using request_firmware_nowait() with FW_ACTION_NOHOTPLUG param to
expose user helper interface, if the user do not react immediately, after
120 seconds there will be a hung task warning message dumped as below:
[ 3000.784235] INFO: task kworker/0:0:8259 blocked for more than 120 seconds.
[ 3000.791281] Tainted: G E 3.16.0-rc1-yocto-standard #41
[ 3000.798082] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3000.806072] kworker/0:0 D cd0075c8 0 8259 2 0x00000000
[ 3000.812765] Workqueue: events request_firmware_work_func
[ 3000.818253] cd375e18 00000046 0000000e cd0075c8 000000f0 cd40ea00 cd375fec 1b883e89
[ 3000.826374] 0000026b cd40ea00 80000000 00000001 cd0075c8 00000000 cd375de4 c119917f
[ 3000.834492] cd563360 cd375df4 c119a0ab cd563360 00000000 cd375e24 c119a1d6 00000000
[ 3000.842616] Call Trace:
[ 3000.845252] [<c119917f>] ? kernfs_next_descendant_post+0x3f/0x50
[ 3000.851543] [<c119a0ab>] ? kernfs_activate+0x6b/0xc0
[ 3000.856790] [<c119a1d6>] ? kernfs_add_one+0xd6/0x130
[ 3000.862047] [<c15fdb02>] schedule+0x22/0x60
[ 3000.866548] [<c15fd195>] schedule_timeout+0x175/0x1d0
[ 3000.871887] [<c119b391>] ? __kernfs_create_file+0x71/0xa0
[ 3000.877574] [<c119bb9a>] ? sysfs_add_file_mode_ns+0xaa/0x180
[ 3000.883533] [<c15fe84f>] wait_for_completion+0x6f/0xb0
[ 3000.888961] [<c1065200>] ? wake_up_process+0x40/0x40
[ 3000.894219] [<c13cb600>] _request_firmware+0x750/0x9f0
[ 3000.899666] [<c1382a7f>] ? n_tty_receive_buf2+0x1f/0x30
[ 3000.905200] [<c13cba02>] request_firmware_work_func+0x22/0x50
[ 3000.911235] [<c10550d2>] process_one_work+0x122/0x380
[ 3000.916571] [<c1055859>] worker_thread+0xf9/0x470
[ 3000.921555] [<c1055760>] ? create_and_start_worker+0x50/0x50
[ 3000.927497] [<c1055760>] ? create_and_start_worker+0x50/0x50
[ 3000.933448] [<c105a5ff>] kthread+0x9f/0xc0
[ 3000.937850] [<c15ffd40>] ret_from_kernel_thread+0x20/0x30
[ 3000.943548] [<c105a560>] ? kthread_worker_fn+0x100/0x100
This patch change the wait_for_completion() function call to
wait_for_completion_interruptible() function call for solving the issue.
Cc: Matt Fleming <[email protected]>
Signed-off-by: Kweh, Hock Leong <[email protected]>
---
drivers/base/firmware_class.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
index a238a46..639eeff 100644
--- a/drivers/base/firmware_class.c
+++ b/drivers/base/firmware_class.c
@@ -908,7 +908,7 @@ static int _request_firmware_load(struct firmware_priv *fw_priv,
kobject_uevent(&fw_priv->dev.kobj, KOBJ_ADD);
}
- wait_for_completion(&buf->completion);
+ retval = wait_for_completion_interruptible(&buf->completion);
cancel_delayed_work_sync(&fw_priv->timeout_work);
if (!buf->data)
@@ -985,7 +985,7 @@ static int sync_cached_firmware_buf(struct firmware_buf *buf)
break;
}
mutex_unlock(&fw_lock);
- wait_for_completion(&buf->completion);
+ ret = wait_for_completion_interruptible(&buf->completion);
mutex_lock(&fw_lock);
}
mutex_unlock(&fw_lock);
--
1.7.9.5
From: "Kweh, Hock Leong" <[email protected]>
Besides aborting through user helper interface, a new API
request_firmware_abort() allows kernel driver module to abort the
request_firmware() / request_firmware_nowait() when they are no
longer needed. It is useful for cancelling an outstanding firmware
load if initiated from inside a module where that module is in the
process of being unloaded, since the unload function may not have
a handle to the struct firmware_buf.
Note for people who use request_firmware_nowait():
You are required to do your own synchronization after you call
request_firmware_abort() in order to continue unloading the
module. The example synchronization code shows below:
while (THIS_MODULE && module_refcount(THIS_MODULE))
msleep(20);
Cc: Matt Fleming <[email protected]>
Signed-off-by: Kweh, Hock Leong <[email protected]>
---
drivers/base/firmware_class.c | 52 +++++++++++++++++++++++++++++++----------
include/linux/firmware.h | 4 ++++
2 files changed, 44 insertions(+), 12 deletions(-)
diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
index d276e33..a238a46 100644
--- a/drivers/base/firmware_class.c
+++ b/drivers/base/firmware_class.c
@@ -1291,6 +1291,46 @@ request_firmware_nowait(
}
EXPORT_SYMBOL(request_firmware_nowait);
+static struct firmware_buf *fw_lookup_buf(const char *fw_name)
+{
+ struct firmware_buf *tmp;
+ struct firmware_cache *fwc = &fw_cache;
+
+ spin_lock(&fwc->lock);
+ tmp = __fw_lookup_buf(fw_name);
+ spin_unlock(&fwc->lock);
+
+ return tmp;
+}
+
+/**
+ * request_firmware_abort - abort the waiting of firmware request
+ * @fw_name: name of firmware file
+ *
+ * @fw_name is the same name string while calling to request_firmware()
+ * or request_firmware_nowait().
+ **/
+int request_firmware_abort(const char *fw_name)
+{
+ struct firmware_buf *buf;
+ struct firmware_buf *entry;
+
+ buf = fw_lookup_buf(fw_name);
+ if (!buf)
+ return -ENOENT;
+
+ mutex_lock(&fw_lock);
+ list_for_each_entry(entry, &pending_fw_head, pending_list) {
+ if (entry == buf) {
+ __fw_load_abort(buf);
+ break;
+ }
+ }
+ mutex_unlock(&fw_lock);
+ return 0;
+}
+EXPORT_SYMBOL(request_firmware_abort);
+
#ifdef CONFIG_PM_SLEEP
static ASYNC_DOMAIN_EXCLUSIVE(fw_cache_domain);
@@ -1324,18 +1364,6 @@ static int cache_firmware(const char *fw_name)
return ret;
}
-static struct firmware_buf *fw_lookup_buf(const char *fw_name)
-{
- struct firmware_buf *tmp;
- struct firmware_cache *fwc = &fw_cache;
-
- spin_lock(&fwc->lock);
- tmp = __fw_lookup_buf(fw_name);
- spin_unlock(&fwc->lock);
-
- return tmp;
-}
-
/**
* uncache_firmware - remove one cached firmware image
* @fw_name: the firmware image name
diff --git a/include/linux/firmware.h b/include/linux/firmware.h
index 5952933..ed90c8b 100644
--- a/include/linux/firmware.h
+++ b/include/linux/firmware.h
@@ -47,6 +47,7 @@ int request_firmware_nowait(
void (*cont)(const struct firmware *fw, void *context));
void release_firmware(const struct firmware *fw);
+int request_firmware_abort(const char *fw_name);
#else
static inline int request_firmware(const struct firmware **fw,
const char *name,
@@ -66,6 +67,9 @@ static inline void release_firmware(const struct firmware *fw)
{
}
+static inline int request_firmware_abort(const char *fw_name)
+{
+}
#endif
#ifdef CONFIG_FW_LOADER_USER_HELPER
--
1.7.9.5
On Mon, 03 Nov 2014, Kweh Hock Leong wrote:
> Note for people who use request_firmware_nowait():
> You are required to do your own synchronization after you call
> request_firmware_abort() in order to continue unloading the
> module. The example synchronization code shows below:
>
> while (THIS_MODULE && module_refcount(THIS_MODULE))
> msleep(20);
This is _so_ asking for people to get it wrong, it is not funny :-(
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
On Mon, 2014-11-03 at 08:15 -0200, Henrique de Moraes Holschuh wrote:
> On Mon, 03 Nov 2014, Kweh Hock Leong wrote:
> > Note for people who use request_firmware_nowait():
> > You are required to do your own synchronization after you call
> > request_firmware_abort() in order to continue unloading the
> > module. The example synchronization code shows below:
> >
> > while (THIS_MODULE && module_refcount(THIS_MODULE))
> > msleep(20);
>
> This is _so_ asking for people to get it wrong, it is not funny :-(
Yeah. How about we make request_firmware_abort() synchronous so that
drivers don't have to perform these reference counting games?
On 11/02/2014 07:07 PM, Kweh Hock Leong wrote:
> From: "Kweh, Hock Leong" <[email protected]>
>
> Hi Guys,
>
> This patchset is created on top of "efi: Capsule update support" patch:
> http://permalink.gmane.org/gmane.linux.kernel.efi/4837
>
> It leverages the request_firmware_nowait() to expose the user helper interface for user to upload the capsule binary and calling the
> efi_capsule_update() API to pass the binary to EFI firmware.
I don't get it. Why is the firmware interface at all reasonable for
uploading capsules?
The firmware interface makes sense for nonvolatile firmware where
hotplugging something or otherwise loading a driver needs a blob. But
uploading an EFI capsule is an *action*, not something that should
happen transparently. If there's an EFI firmware update available and
the user wants to install it, then the userspace tool should install it,
and it shouldn't hang around in /lib/firmware. In fact, you shouldn't
even need /lib to be on writable media to use this.
And you most certainly don't want the EFI capsule hanging around so that
it might be accidentally installed again if the hard disk is moved.
ISTM there should be some file in sysfs to which you can write a
capsule, or perhaps a chardev and an ioctl.
--Andy
>
> Besides build in kernel, the design also cater for build as kernel driver module. This patchset introduce a new API (request_firmware_abort()) at firmware_class so that the driver module could be unloaded by calling the API to properly stop user helper interface and release the device.
>
> Thanks.
>
> ---
> changelog v2:
> [PATCH 1/3]
> * use fw_lookup_buf() instead of __fw_lookup_buf() function call
> * move the fw_lookup_buf() function out of the CONFIG_PM_SLEEP block
>
> [PATCH 2/3]
> * no change
>
> [PATCH 3/3]
> * no change
>
>
> Kweh, Hock Leong (3):
> firmware loader: Introduce new API - request_firmware_abort()
> firmware loader: fix hung task warning dump
> efi: Capsule update with user helper interface
>
> drivers/base/firmware_class.c | 56 ++++--
> drivers/firmware/efi/Kconfig | 13 ++
> drivers/firmware/efi/Makefile | 1 +
> drivers/firmware/efi/efi-capsule-user-helper.c | 246 ++++++++++++++++++++++++
> include/linux/firmware.h | 4 +
> 5 files changed, 306 insertions(+), 14 deletions(-)
> create mode 100644 drivers/firmware/efi/efi-capsule-user-helper.c
>
On Mon, Nov 03, 2014 at 11:33:23AM -0800, Andy Lutomirski wrote:
> On 11/02/2014 07:07 PM, Kweh Hock Leong wrote:
> > From: "Kweh, Hock Leong" <[email protected]>
> >
> > Hi Guys,
> >
> > This patchset is created on top of "efi: Capsule update support" patch:
> > http://permalink.gmane.org/gmane.linux.kernel.efi/4837
> >
> > It leverages the request_firmware_nowait() to expose the user helper interface for user to upload the capsule binary and calling the
> > efi_capsule_update() API to pass the binary to EFI firmware.
>
> I don't get it. Why is the firmware interface at all reasonable for
> uploading capsules?
Tradition dictates that BIOS updates go through the firmware interface,
that way you don't have to write a new userspace tool, which is a good
thing.
> The firmware interface makes sense for nonvolatile firmware where
> hotplugging something or otherwise loading a driver needs a blob.
Or BIOS data. We've been doing it this way for a long time now.
> But uploading an EFI capsule is an *action*, not something that should
> happen transparently. If there's an EFI firmware update available and
> the user wants to install it, then the userspace tool should install it,
> and it shouldn't hang around in /lib/firmware. In fact, you shouldn't
> even need /lib to be on writable media to use this.
What does /lib have to do with this?
> And you most certainly don't want the EFI capsule hanging around so that
> it might be accidentally installed again if the hard disk is moved.
>
> ISTM there should be some file in sysfs to which you can write a
> capsule, or perhaps a chardev and an ioctl.
No, just use the firmware interface please.
thanks,
greg k-h
On Mon, Nov 3, 2014 at 1:27 PM, Greg Kroah-Hartman
<[email protected]> wrote:
> On Mon, Nov 03, 2014 at 11:33:23AM -0800, Andy Lutomirski wrote:
>> On 11/02/2014 07:07 PM, Kweh Hock Leong wrote:
>> > From: "Kweh, Hock Leong" <[email protected]>
>> >
>> > Hi Guys,
>> >
>> > This patchset is created on top of "efi: Capsule update support" patch:
>> > http://permalink.gmane.org/gmane.linux.kernel.efi/4837
>> >
>> > It leverages the request_firmware_nowait() to expose the user helper interface for user to upload the capsule binary and calling the
>> > efi_capsule_update() API to pass the binary to EFI firmware.
>>
>> I don't get it. Why is the firmware interface at all reasonable for
>> uploading capsules?
>
> Tradition dictates that BIOS updates go through the firmware interface,
> that way you don't have to write a new userspace tool, which is a good
> thing.
>
>> The firmware interface makes sense for nonvolatile firmware where
>> hotplugging something or otherwise loading a driver needs a blob.
>
> Or BIOS data. We've been doing it this way for a long time now.
On what system? Dell?
IMO this sucks from a UI point of view. When I install wifi firmware,
I expect to stick it somewhere and have the driver find it, because
the driver knows exactly when it needs the firmware. When I update my
BIOS, I want to click a button or type a command and update my bios.
>
>> But uploading an EFI capsule is an *action*, not something that should
>> happen transparently. If there's an EFI firmware update available and
>> the user wants to install it, then the userspace tool should install it,
>> and it shouldn't hang around in /lib/firmware. In fact, you shouldn't
>> even need /lib to be on writable media to use this.
>
> What does /lib have to do with this?
Where else does the file come from, given that udev no longer supports
userspace firmware loading? Is there really some pre-existing tool
that pokes it into the sysfs firmware class thing?
Since EFI capsules are apparently on their way to becoming a
ubiquitous mechanism, I think it might be time to rethink
request_firmware for this.
--Andy
On Mon, Nov 03, 2014 at 01:32:46PM -0800, Andy Lutomirski wrote:
> On Mon, Nov 3, 2014 at 1:27 PM, Greg Kroah-Hartman
> <[email protected]> wrote:
> > On Mon, Nov 03, 2014 at 11:33:23AM -0800, Andy Lutomirski wrote:
> >> On 11/02/2014 07:07 PM, Kweh Hock Leong wrote:
> >> > From: "Kweh, Hock Leong" <[email protected]>
> >> >
> >> > Hi Guys,
> >> >
> >> > This patchset is created on top of "efi: Capsule update support" patch:
> >> > http://permalink.gmane.org/gmane.linux.kernel.efi/4837
> >> >
> >> > It leverages the request_firmware_nowait() to expose the user helper interface for user to upload the capsule binary and calling the
> >> > efi_capsule_update() API to pass the binary to EFI firmware.
> >>
> >> I don't get it. Why is the firmware interface at all reasonable for
> >> uploading capsules?
> >
> > Tradition dictates that BIOS updates go through the firmware interface,
> > that way you don't have to write a new userspace tool, which is a good
> > thing.
> >
> >> The firmware interface makes sense for nonvolatile firmware where
> >> hotplugging something or otherwise loading a driver needs a blob.
> >
> > Or BIOS data. We've been doing it this way for a long time now.
>
> On what system? Dell?
Yes.
> IMO this sucks from a UI point of view. When I install wifi firmware,
> I expect to stick it somewhere and have the driver find it, because
> the driver knows exactly when it needs the firmware. When I update my
> BIOS, I want to click a button or type a command and update my bios.
I agree, it should be "triggered" by something, not just automagically
loaded whenever the kernel randomly looks for it.
> >> But uploading an EFI capsule is an *action*, not something that should
> >> happen transparently. If there's an EFI firmware update available and
> >> the user wants to install it, then the userspace tool should install it,
> >> and it shouldn't hang around in /lib/firmware. In fact, you shouldn't
> >> even need /lib to be on writable media to use this.
> >
> > What does /lib have to do with this?
>
> Where else does the file come from, given that udev no longer supports
> userspace firmware loading? Is there really some pre-existing tool
> that pokes it into the sysfs firmware class thing?
Well, you can specify other locations than /lib/firmware/ for firmware
updates, but yes, you are right, it should be in /lib somewhere. But
/lib doesn't need to be writable, it's a read-only file.
> Since EFI capsules are apparently on their way to becoming a
> ubiquitous mechanism, I think it might be time to rethink
> request_firmware for this.
What do you suggest instead? A "custom" sysfs file? What is going to
trigger it to be loaded? A userspace script that someone else has to
write? :)
thanks,
greg k-h
On Mon, Nov 3, 2014 at 3:02 PM, Greg Kroah-Hartman
<[email protected]> wrote:
> On Mon, Nov 03, 2014 at 01:32:46PM -0800, Andy Lutomirski wrote:
>> On Mon, Nov 3, 2014 at 1:27 PM, Greg Kroah-Hartman
>> <[email protected]> wrote:
>> > On Mon, Nov 03, 2014 at 11:33:23AM -0800, Andy Lutomirski wrote:
>> >> On 11/02/2014 07:07 PM, Kweh Hock Leong wrote:
>> >> > From: "Kweh, Hock Leong" <[email protected]>
>> >> >
>> >> > Hi Guys,
>> >> >
>> >> > This patchset is created on top of "efi: Capsule update support" patch:
>> >> > http://permalink.gmane.org/gmane.linux.kernel.efi/4837
>> >> >
>> >> > It leverages the request_firmware_nowait() to expose the user helper interface for user to upload the capsule binary and calling the
>> >> > efi_capsule_update() API to pass the binary to EFI firmware.
>> >>
>> >> I don't get it. Why is the firmware interface at all reasonable for
>> >> uploading capsules?
>> >
>> > Tradition dictates that BIOS updates go through the firmware interface,
>> > that way you don't have to write a new userspace tool, which is a good
>> > thing.
>> >
>> >> The firmware interface makes sense for nonvolatile firmware where
>> >> hotplugging something or otherwise loading a driver needs a blob.
>> >
>> > Or BIOS data. We've been doing it this way for a long time now.
>>
>> On what system? Dell?
>
> Yes.
>
>> IMO this sucks from a UI point of view. When I install wifi firmware,
>> I expect to stick it somewhere and have the driver find it, because
>> the driver knows exactly when it needs the firmware. When I update my
>> BIOS, I want to click a button or type a command and update my bios.
>
> I agree, it should be "triggered" by something, not just automagically
> loaded whenever the kernel randomly looks for it.
>
>> >> But uploading an EFI capsule is an *action*, not something that should
>> >> happen transparently. If there's an EFI firmware update available and
>> >> the user wants to install it, then the userspace tool should install it,
>> >> and it shouldn't hang around in /lib/firmware. In fact, you shouldn't
>> >> even need /lib to be on writable media to use this.
>> >
>> > What does /lib have to do with this?
>>
>> Where else does the file come from, given that udev no longer supports
>> userspace firmware loading? Is there really some pre-existing tool
>> that pokes it into the sysfs firmware class thing?
>
> Well, you can specify other locations than /lib/firmware/ for firmware
> updates, but yes, you are right, it should be in /lib somewhere. But
> /lib doesn't need to be writable, it's a read-only file.
>
I assume that whoever downloaded the firmware update will want to
install it, right? I don't really expect distros to ship EFI capsules
in packages that install to /lib/firmware. Won't there be userspace
code that either installs a capsule from some URL or uses some future
magical find-my-firmware service?
>> Since EFI capsules are apparently on their way to becoming a
>> ubiquitous mechanism, I think it might be time to rethink
>> request_firmware for this.
>
> What do you suggest instead? A "custom" sysfs file? What is going to
> trigger it to be loaded? A userspace script that someone else has to
> write? :)
Some ioctl on /dev/efi_capsule seems reasonable to me, or a new script
that uses a custom sysfs file. Isn't the Dell thing already a rather
custom script? You write to a custom sysfs file ("rbu_image_type", I
think) and then the handler for that file calls request_firmware.
I think that we can handle a very small C program or script that
uploads the EFI capsule.
Also, FWIW, I think that there are EFI capsules that aren't firmware
updates. For example, IIRC there's some mechansim that allows you to
pass data to the next OS that boots via a capsule. It's probably
buggy on every motherboard in existence, but if it ever worked, using
it through /lib/firmware would make no sense.
--Andy
On Mon, Nov 03, 2014 at 03:08:08PM -0800, Andy Lutomirski wrote:
> On Mon, Nov 3, 2014 at 3:02 PM, Greg Kroah-Hartman
> <[email protected]> wrote:
> > On Mon, Nov 03, 2014 at 01:32:46PM -0800, Andy Lutomirski wrote:
> >> On Mon, Nov 3, 2014 at 1:27 PM, Greg Kroah-Hartman
> >> <[email protected]> wrote:
> >> > On Mon, Nov 03, 2014 at 11:33:23AM -0800, Andy Lutomirski wrote:
> >> >> On 11/02/2014 07:07 PM, Kweh Hock Leong wrote:
> >> >> > From: "Kweh, Hock Leong" <[email protected]>
> >> >> >
> >> >> > Hi Guys,
> >> >> >
> >> >> > This patchset is created on top of "efi: Capsule update support" patch:
> >> >> > http://permalink.gmane.org/gmane.linux.kernel.efi/4837
> >> >> >
> >> >> > It leverages the request_firmware_nowait() to expose the user helper interface for user to upload the capsule binary and calling the
> >> >> > efi_capsule_update() API to pass the binary to EFI firmware.
> >> >>
> >> >> I don't get it. Why is the firmware interface at all reasonable for
> >> >> uploading capsules?
> >> >
> >> > Tradition dictates that BIOS updates go through the firmware interface,
> >> > that way you don't have to write a new userspace tool, which is a good
> >> > thing.
> >> >
> >> >> The firmware interface makes sense for nonvolatile firmware where
> >> >> hotplugging something or otherwise loading a driver needs a blob.
> >> >
> >> > Or BIOS data. We've been doing it this way for a long time now.
> >>
> >> On what system? Dell?
> >
> > Yes.
> >
> >> IMO this sucks from a UI point of view. When I install wifi firmware,
> >> I expect to stick it somewhere and have the driver find it, because
> >> the driver knows exactly when it needs the firmware. When I update my
> >> BIOS, I want to click a button or type a command and update my bios.
> >
> > I agree, it should be "triggered" by something, not just automagically
> > loaded whenever the kernel randomly looks for it.
> >
> >> >> But uploading an EFI capsule is an *action*, not something that should
> >> >> happen transparently. If there's an EFI firmware update available and
> >> >> the user wants to install it, then the userspace tool should install it,
> >> >> and it shouldn't hang around in /lib/firmware. In fact, you shouldn't
> >> >> even need /lib to be on writable media to use this.
> >> >
> >> > What does /lib have to do with this?
> >>
> >> Where else does the file come from, given that udev no longer supports
> >> userspace firmware loading? Is there really some pre-existing tool
> >> that pokes it into the sysfs firmware class thing?
> >
> > Well, you can specify other locations than /lib/firmware/ for firmware
> > updates, but yes, you are right, it should be in /lib somewhere. But
> > /lib doesn't need to be writable, it's a read-only file.
> >
>
> I assume that whoever downloaded the firmware update will want to
> install it, right? I don't really expect distros to ship EFI capsules
> in packages that install to /lib/firmware. Won't there be userspace
> code that either installs a capsule from some URL or uses some future
> magical find-my-firmware service?
Good point, I don't know.
Who ever wrote this code should know this, can someone please provide a
use-case for how this is all supposed to work?
thanks,
greg k-h
On Mon, Nov 3, 2014 at 4:38 PM, Greg Kroah-Hartman
<[email protected]> wrote:
> On Mon, Nov 03, 2014 at 03:08:08PM -0800, Andy Lutomirski wrote:
>> On Mon, Nov 3, 2014 at 3:02 PM, Greg Kroah-Hartman
>> <[email protected]> wrote:
>> > On Mon, Nov 03, 2014 at 01:32:46PM -0800, Andy Lutomirski wrote:
>> >> On Mon, Nov 3, 2014 at 1:27 PM, Greg Kroah-Hartman
>> >> <[email protected]> wrote:
>> >> > On Mon, Nov 03, 2014 at 11:33:23AM -0800, Andy Lutomirski wrote:
>> >> >> On 11/02/2014 07:07 PM, Kweh Hock Leong wrote:
>> >> >> > From: "Kweh, Hock Leong" <[email protected]>
>> >> >> >
>> >> >> > Hi Guys,
>> >> >> >
>> >> >> > This patchset is created on top of "efi: Capsule update support" patch:
>> >> >> > http://permalink.gmane.org/gmane.linux.kernel.efi/4837
>> >> >> >
>> >> >> > It leverages the request_firmware_nowait() to expose the user helper interface for user to upload the capsule binary and calling the
>> >> >> > efi_capsule_update() API to pass the binary to EFI firmware.
>> >> >>
>> >> >> I don't get it. Why is the firmware interface at all reasonable for
>> >> >> uploading capsules?
>> >> >
>> >> > Tradition dictates that BIOS updates go through the firmware interface,
>> >> > that way you don't have to write a new userspace tool, which is a good
>> >> > thing.
>> >> >
>> >> >> The firmware interface makes sense for nonvolatile firmware where
>> >> >> hotplugging something or otherwise loading a driver needs a blob.
>> >> >
>> >> > Or BIOS data. We've been doing it this way for a long time now.
>> >>
>> >> On what system? Dell?
>> >
>> > Yes.
>> >
>> >> IMO this sucks from a UI point of view. When I install wifi firmware,
>> >> I expect to stick it somewhere and have the driver find it, because
>> >> the driver knows exactly when it needs the firmware. When I update my
>> >> BIOS, I want to click a button or type a command and update my bios.
>> >
>> > I agree, it should be "triggered" by something, not just automagically
>> > loaded whenever the kernel randomly looks for it.
>> >
>> >> >> But uploading an EFI capsule is an *action*, not something that should
>> >> >> happen transparently. If there's an EFI firmware update available and
>> >> >> the user wants to install it, then the userspace tool should install it,
>> >> >> and it shouldn't hang around in /lib/firmware. In fact, you shouldn't
>> >> >> even need /lib to be on writable media to use this.
>> >> >
>> >> > What does /lib have to do with this?
>> >>
>> >> Where else does the file come from, given that udev no longer supports
>> >> userspace firmware loading? Is there really some pre-existing tool
>> >> that pokes it into the sysfs firmware class thing?
>> >
>> > Well, you can specify other locations than /lib/firmware/ for firmware
>> > updates, but yes, you are right, it should be in /lib somewhere. But
>> > /lib doesn't need to be writable, it's a read-only file.
>> >
>>
>> I assume that whoever downloaded the firmware update will want to
>> install it, right? I don't really expect distros to ship EFI capsules
>> in packages that install to /lib/firmware. Won't there be userspace
>> code that either installs a capsule from some URL or uses some future
>> magical find-my-firmware service?
>
> Good point, I don't know.
>
> Who ever wrote this code should know this, can someone please provide a
> use-case for how this is all supposed to work?
There's a partial description here:
http://download.microsoft.com/download/5/f/5/5f5d16cd-2530-4289-8019-94c6a20bed3c/windows-uefi-firmware-update-platform.docx
It looks like there may need to be a way to atomically load several
capsules in the same UpdateCapsule call so that userspace can do fancy
things like ask for an image to be displayed while the update is
applied.
--Andy
On Mon, Nov 03, 2014 at 11:07:10AM +0800, Kweh Hock Leong wrote:
> From: "Kweh, Hock Leong" <[email protected]>
>
> Introducing a kernel module to expose user helper interface for
> user to upload capsule binaries. This module leverage the
> request_firmware_nowait() to expose an interface to user.
>
> Example steps to load the capsule binary:
> 1.) echo 1 > /sys/class/firmware/efi-capsule-file/loading
> 2.) cat capsule.bin > /sys/class/firmware/efi-capsule-file/data
> 3.) echo 0 > /sys/class/firmware/efi-capsule-file/loading
>
> Whereas, this module does not allow the capsule binaries to be
> obtained from the request_firmware library search path. If any
> capsule binary loaded from firmware seach path, the module will
> stop functioning.
>
> Besides the request_firmware user helper interface, this module
> also expose a 'capsule_loaded' file note for user to verify
> the number of successfully uploaded capsule binaries. This
> file note has the read only attribute.
Andy, here's the steps to load a capsule. I don't have a problem with
this, it's userspace driven, no "autoloading" of files in /lib/, and
works with sysfs.
Have any objection to it, I don't.
Full patch left below...
>
> Cc: Matt Fleming <[email protected]>
> Signed-off-by: Kweh, Hock Leong <[email protected]>
> ---
> drivers/firmware/efi/Kconfig | 13 ++
> drivers/firmware/efi/Makefile | 1 +
> drivers/firmware/efi/efi-capsule-user-helper.c | 246 ++++++++++++++++++++++++
> 3 files changed, 260 insertions(+)
> create mode 100644 drivers/firmware/efi/efi-capsule-user-helper.c
>
> diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
> index f712d47..7dc814e 100644
> --- a/drivers/firmware/efi/Kconfig
> +++ b/drivers/firmware/efi/Kconfig
> @@ -60,6 +60,19 @@ config EFI_RUNTIME_WRAPPERS
> config EFI_ARMSTUB
> bool
>
> +config EFI_CAPSULE_USER_HELPER
> + tristate "EFI capsule user mode helper"
> + depends on EFI
> + select FW_LOADER
> + select FW_LOADER_USER_HELPER
> + help
> + This option exposes the user mode helper interface for user to load
> + EFI capsule binary and update the EFI firmware after system reboot.
> + This feature does not support auto locating capsule binaries at the
> + firmware lib search path.
> +
> + If unsure, say N.
> +
> endmenu
>
> config UEFI_CPER
> diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
> index 698846e..63f6910 100644
> --- a/drivers/firmware/efi/Makefile
> +++ b/drivers/firmware/efi/Makefile
> @@ -8,3 +8,4 @@ obj-$(CONFIG_UEFI_CPER) += cper.o
> obj-$(CONFIG_EFI_RUNTIME_MAP) += runtime-map.o
> obj-$(CONFIG_EFI_RUNTIME_WRAPPERS) += runtime-wrappers.o
> obj-$(CONFIG_EFI_STUB) += libstub/
> +obj-$(CONFIG_EFI_CAPSULE_USER_HELPER) += efi-capsule-user-helper.o
> diff --git a/drivers/firmware/efi/efi-capsule-user-helper.c b/drivers/firmware/efi/efi-capsule-user-helper.c
> new file mode 100644
> index 0000000..84a1628
> --- /dev/null
> +++ b/drivers/firmware/efi/efi-capsule-user-helper.c
> @@ -0,0 +1,246 @@
> +/*
> + * EFI capsule user mode helper interface driver.
> + *
> + * Copyright 2014 Intel Corporation
> + *
> + * This file is part of the Linux kernel, and is made available under
> + * the terms of the GNU General Public License version 2.
> + */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +#include <linux/kernel.h>
> +#include <linux/module.h>
> +#include <linux/platform_device.h>
> +#include <linux/delay.h>
> +#include <linux/highmem.h>
> +#include <linux/slab.h>
> +#include <linux/mutex.h>
> +#include <linux/reboot.h>
> +#include <linux/efi.h>
> +#include <linux/firmware.h>
> +
> +#define CAPSULE_NAME "efi-capsule-file"
> +#define DEV_NAME "efi_capsule_user_helper"
> +#define STRING_INTEGER_MAX_LENGTH 13
> +
> +static DEFINE_MUTEX(user_helper_lock);
> +static int capsule_count;
> +static int stop_request;
> +static struct platform_device *efi_capsule_pdev;
> +
> +/*
> + * This function will store the capsule binary and pass it to
> + * efi_capsule_update() API in capsule.c
> + */
> +static int efi_capsule_store(const struct firmware *fw)
> +{
> + int i;
> + int ret;
> + int count = fw->size;
> + int copy_size = (fw->size > PAGE_SIZE) ? PAGE_SIZE : fw->size;
> + int pages_needed = ALIGN(fw->size, PAGE_SIZE) >> PAGE_SHIFT;
> + struct page **pages;
> + void *page_data;
> + efi_capsule_header_t *capsule = NULL;
> +
> + pages = kmalloc_array(pages_needed, sizeof(void *), GFP_KERNEL);
> + if (!pages) {
> + pr_err("%s: kmalloc_array() failed\n", __func__);
> + return -ENOMEM;
> + }
> +
> + for (i = 0; i < pages_needed; i++) {
> + pages[i] = alloc_page(GFP_KERNEL);
> + if (!pages[i]) {
> + pr_err("%s: alloc_page() failed\n", __func__);
> + --i;
> + ret = -ENOMEM;
> + goto failed;
> + }
> + }
> +
> + for (i = 0; i < pages_needed; i++) {
> + page_data = kmap(pages[i]);
> + memcpy(page_data, fw->data + (i * PAGE_SIZE), copy_size);
> +
> + if (i == 0)
> + capsule = (efi_capsule_header_t *)page_data;
> + else
> + kunmap(pages[i]);
> +
> + count -= copy_size;
> + if (count < PAGE_SIZE)
> + copy_size = count;
> + }
> +
> + ret = efi_capsule_update(capsule, pages);
> + if (ret) {
> + pr_err("%s: efi_capsule_update() failed\n", __func__);
> + --i;
> + goto failed;
> + }
> + ++capsule_count;
> + kunmap(pages[0]);
> +
> + /*
> + * we cannot free the pages here due to reboot need that data
> + * maintained.
> + */
> + return 0;
> +
> +failed:
> + while (i >= 0)
> + __free_page(pages[i--]);
> + kfree(pages);
> + return ret;
> +}
> +
> +/*
> + * This callback function will be called by request_firmware_nowait() when
> + * user has loaded the capsule binary or aborted user helper interface
> + */
> +static void callbackfn_efi_capsule(const struct firmware *fw, void *context)
> +{
> + int ret = 0;
> +
> + if (fw) {
> + /*
> + * Binary not getting from user helper interface, fw->pages
> + * is equal to NULL
> + */
> + if (!fw->pages) {
> + pr_err("%s: ERROR: Capsule binary '%s' at %s\n",
> + __func__, CAPSULE_NAME,
> + "firmware lib search path are not supported");
> + pr_err("user helper interface disabled\n");
> + stop_request = 1;
> + } else {
> + efi_capsule_store(fw);
> + }
> + release_firmware(fw);
> + }
> +
> + mutex_lock(&user_helper_lock);
> + if (!stop_request) {
> + ret = request_firmware_nowait(THIS_MODULE,
> + FW_ACTION_NOHOTPLUG,
> + CAPSULE_NAME,
> + &efi_capsule_pdev->dev,
> + GFP_KERNEL, NULL,
> + callbackfn_efi_capsule);
> + if (ret) {
> + pr_err("%s: request_firmware_nowait() failed\n",
> + __func__);
> + }
> + }
> + mutex_unlock(&user_helper_lock);
> +}
> +
> +static ssize_t capsule_loaded_show(struct device *dev,
> + struct device_attribute *attr, char *buf)
> +{
> + return snprintf(buf, STRING_INTEGER_MAX_LENGTH, "%d\n", capsule_count);
> +}
> +
> +static DEVICE_ATTR_RO(capsule_loaded);
> +
> +/* stop user helper interface for reboot or module unload */
> +static void capsule_stop_user_helper(void)
> +{
> + mutex_lock(&user_helper_lock);
> + stop_request = 1;
> + mutex_unlock(&user_helper_lock);
> + request_firmware_abort(CAPSULE_NAME);
> +}
> +
> +/* reboot notifier for avoid deadlock with usermode_lock */
> +static int capsule_shutdown_notify(struct notifier_block *nb,
> + unsigned long sys_state,
> + void *reboot_cmd)
> +{
> + capsule_stop_user_helper();
> + return NOTIFY_DONE;
> +}
> +
> +static struct notifier_block capsule_shutdown_nb = {
> + .notifier_call = capsule_shutdown_notify,
> + /*
> + * In order to reboot properly, it is required to ensure the priority
> + * here is higher than firmware_class fw_shutdown_nb priority
> + */
> + .priority = 1,
> +};
> +
> +/*
> + * Use request_firmware_nowait() exposing an user helper interface to obtain
> + * capsule binary from user space
> + */
> +static int __init efi_capsule_user_helper_init(void)
> +{
> + int ret;
> +
> + register_reboot_notifier(&capsule_shutdown_nb);
> +
> + efi_capsule_pdev = platform_device_register_simple(DEV_NAME,
> + PLATFORM_DEVID_NONE,
> + NULL, 0);
> + if (IS_ERR(efi_capsule_pdev)) {
> + pr_err("%s: platform_device_register_simple() failed\n",
> + __func__);
> + return PTR_ERR(efi_capsule_pdev);
> + }
> +
> + /*
> + * create this file node for user to check the number of binaries that
> + * are successfully loaded
> + */
> + ret = device_create_file(&efi_capsule_pdev->dev,
> + &dev_attr_capsule_loaded);
> + if (ret) {
> + pr_err("%s: device_create_file() failed\n", __func__);
> + return ret;
> + }
> +
> + ret = request_firmware_nowait(THIS_MODULE, FW_ACTION_NOHOTPLUG,
> + CAPSULE_NAME, &efi_capsule_pdev->dev,
> + GFP_KERNEL, NULL, callbackfn_efi_capsule);
> + if (ret) {
> + pr_err("%s: request_firmware_nowait() failed\n", __func__);
> + goto out;
> + }
> +
> + return 0;
> +
> +out:
> + device_remove_file(&efi_capsule_pdev->dev, &dev_attr_capsule_loaded);
> + unregister_reboot_notifier(&capsule_shutdown_nb);
> + return ret;
> +}
> +module_init(efi_capsule_user_helper_init);
> +
> +/*
> + * rmmod app itself will stop you to remove the module if the user
> + * helper interface is still exposing. In order to remove this driver,
> + * you are require to do the command as below:
> + * rmmod -f efi_capsule_user_helper.ko
> + */
> +static void __exit efi_capsule_user_helper_exit(void)
> +{
> + unregister_reboot_notifier(&capsule_shutdown_nb);
> +
> + capsule_stop_user_helper();
> + /*
> + * synchronization is needed to make sure request_firmware is fully
> + * aborted
> + */
> + while (efi_capsule_pdev->dev.kobj.kref.refcount.counter > 3)
> + msleep(20); /* avoid busy waiting for cooperative kernel */
> +
> + device_remove_file(&efi_capsule_pdev->dev, &dev_attr_capsule_loaded);
> + platform_device_unregister(efi_capsule_pdev);
> +}
> +module_exit(efi_capsule_user_helper_exit);
> +
> +MODULE_DESCRIPTION("EFI Capsule user helper binary load utility");
> +MODULE_LICENSE("GPL v2");
> --
> 1.7.9.5
On Mon, Nov 3, 2014 at 8:32 PM, Greg Kroah-Hartman
<[email protected]> wrote:
> On Mon, Nov 03, 2014 at 11:07:10AM +0800, Kweh Hock Leong wrote:
>> From: "Kweh, Hock Leong" <[email protected]>
>>
>> Introducing a kernel module to expose user helper interface for
>> user to upload capsule binaries. This module leverage the
>> request_firmware_nowait() to expose an interface to user.
>>
>> Example steps to load the capsule binary:
>> 1.) echo 1 > /sys/class/firmware/efi-capsule-file/loading
>> 2.) cat capsule.bin > /sys/class/firmware/efi-capsule-file/data
>> 3.) echo 0 > /sys/class/firmware/efi-capsule-file/loading
>>
>> Whereas, this module does not allow the capsule binaries to be
>> obtained from the request_firmware library search path. If any
>> capsule binary loaded from firmware seach path, the module will
>> stop functioning.
>>
>> Besides the request_firmware user helper interface, this module
>> also expose a 'capsule_loaded' file note for user to verify
>> the number of successfully uploaded capsule binaries. This
>> file note has the read only attribute.
>
> Andy, here's the steps to load a capsule. I don't have a problem with
> this, it's userspace driven, no "autoloading" of files in /lib/, and
> works with sysfs.
>
> Have any objection to it, I don't.
After reading the code, I still have objections.
The full workflow seems to be, from the user's POV:
1. load the module
2. hope that there isn't a file called /lib/firmware/efi-capsule-file
3. echo 1 >.../loading
4. cat firmware >.../data
5. echo 0 >.../loading
6. efi_update_capsule gets called. The return value ends up in the
kernel logs somewhere but doesn't seem to make it to userspace.
7. reboot(), but only if the capsule you loaded requires a reboot,
which may or may not be detectable without the kernel's help (I'm not
sure about this point).
If you want to load a second capsule (which seems like a reasonable
thing to do if the first capsule was the kind that is processed
immediately), then rmmod -f the module and start over?
This seems like an unpleasant interface. I think that ioctl or a
dedicated custom sysfs file would be considerably nicer. It would
allow you to upload a capsule and get an indication of success or
failure all at once, and it lets you load more than one capsule.
Also, it gets rid of some of the really weird module refcounting stuff
that's going on -- the only unusual thing the module would do would be
to pin itself once a reboot-requiring capsule is loaded.
--Andy
>
> Full patch left below...
>
>>
>> Cc: Matt Fleming <[email protected]>
>> Signed-off-by: Kweh, Hock Leong <[email protected]>
>> ---
>> drivers/firmware/efi/Kconfig | 13 ++
>> drivers/firmware/efi/Makefile | 1 +
>> drivers/firmware/efi/efi-capsule-user-helper.c | 246 ++++++++++++++++++++++++
>> 3 files changed, 260 insertions(+)
>> create mode 100644 drivers/firmware/efi/efi-capsule-user-helper.c
>>
>> diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
>> index f712d47..7dc814e 100644
>> --- a/drivers/firmware/efi/Kconfig
>> +++ b/drivers/firmware/efi/Kconfig
>> @@ -60,6 +60,19 @@ config EFI_RUNTIME_WRAPPERS
>> config EFI_ARMSTUB
>> bool
>>
>> +config EFI_CAPSULE_USER_HELPER
>> + tristate "EFI capsule user mode helper"
>> + depends on EFI
>> + select FW_LOADER
>> + select FW_LOADER_USER_HELPER
>> + help
>> + This option exposes the user mode helper interface for user to load
>> + EFI capsule binary and update the EFI firmware after system reboot.
>> + This feature does not support auto locating capsule binaries at the
>> + firmware lib search path.
>> +
>> + If unsure, say N.
>> +
>> endmenu
>>
>> config UEFI_CPER
>> diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
>> index 698846e..63f6910 100644
>> --- a/drivers/firmware/efi/Makefile
>> +++ b/drivers/firmware/efi/Makefile
>> @@ -8,3 +8,4 @@ obj-$(CONFIG_UEFI_CPER) += cper.o
>> obj-$(CONFIG_EFI_RUNTIME_MAP) += runtime-map.o
>> obj-$(CONFIG_EFI_RUNTIME_WRAPPERS) += runtime-wrappers.o
>> obj-$(CONFIG_EFI_STUB) += libstub/
>> +obj-$(CONFIG_EFI_CAPSULE_USER_HELPER) += efi-capsule-user-helper.o
>> diff --git a/drivers/firmware/efi/efi-capsule-user-helper.c b/drivers/firmware/efi/efi-capsule-user-helper.c
>> new file mode 100644
>> index 0000000..84a1628
>> --- /dev/null
>> +++ b/drivers/firmware/efi/efi-capsule-user-helper.c
>> @@ -0,0 +1,246 @@
>> +/*
>> + * EFI capsule user mode helper interface driver.
>> + *
>> + * Copyright 2014 Intel Corporation
>> + *
>> + * This file is part of the Linux kernel, and is made available under
>> + * the terms of the GNU General Public License version 2.
>> + */
>> +
>> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>> +
>> +#include <linux/kernel.h>
>> +#include <linux/module.h>
>> +#include <linux/platform_device.h>
>> +#include <linux/delay.h>
>> +#include <linux/highmem.h>
>> +#include <linux/slab.h>
>> +#include <linux/mutex.h>
>> +#include <linux/reboot.h>
>> +#include <linux/efi.h>
>> +#include <linux/firmware.h>
>> +
>> +#define CAPSULE_NAME "efi-capsule-file"
>> +#define DEV_NAME "efi_capsule_user_helper"
>> +#define STRING_INTEGER_MAX_LENGTH 13
>> +
>> +static DEFINE_MUTEX(user_helper_lock);
>> +static int capsule_count;
>> +static int stop_request;
>> +static struct platform_device *efi_capsule_pdev;
>> +
>> +/*
>> + * This function will store the capsule binary and pass it to
>> + * efi_capsule_update() API in capsule.c
>> + */
>> +static int efi_capsule_store(const struct firmware *fw)
>> +{
>> + int i;
>> + int ret;
>> + int count = fw->size;
>> + int copy_size = (fw->size > PAGE_SIZE) ? PAGE_SIZE : fw->size;
>> + int pages_needed = ALIGN(fw->size, PAGE_SIZE) >> PAGE_SHIFT;
>> + struct page **pages;
>> + void *page_data;
>> + efi_capsule_header_t *capsule = NULL;
>> +
>> + pages = kmalloc_array(pages_needed, sizeof(void *), GFP_KERNEL);
>> + if (!pages) {
>> + pr_err("%s: kmalloc_array() failed\n", __func__);
>> + return -ENOMEM;
>> + }
>> +
>> + for (i = 0; i < pages_needed; i++) {
>> + pages[i] = alloc_page(GFP_KERNEL);
>> + if (!pages[i]) {
>> + pr_err("%s: alloc_page() failed\n", __func__);
>> + --i;
>> + ret = -ENOMEM;
>> + goto failed;
>> + }
>> + }
>> +
>> + for (i = 0; i < pages_needed; i++) {
>> + page_data = kmap(pages[i]);
>> + memcpy(page_data, fw->data + (i * PAGE_SIZE), copy_size);
>> +
>> + if (i == 0)
>> + capsule = (efi_capsule_header_t *)page_data;
>> + else
>> + kunmap(pages[i]);
>> +
>> + count -= copy_size;
>> + if (count < PAGE_SIZE)
>> + copy_size = count;
>> + }
>> +
>> + ret = efi_capsule_update(capsule, pages);
>> + if (ret) {
>> + pr_err("%s: efi_capsule_update() failed\n", __func__);
>> + --i;
>> + goto failed;
>> + }
>> + ++capsule_count;
>> + kunmap(pages[0]);
>> +
>> + /*
>> + * we cannot free the pages here due to reboot need that data
>> + * maintained.
>> + */
>> + return 0;
>> +
>> +failed:
>> + while (i >= 0)
>> + __free_page(pages[i--]);
>> + kfree(pages);
>> + return ret;
>> +}
>> +
>> +/*
>> + * This callback function will be called by request_firmware_nowait() when
>> + * user has loaded the capsule binary or aborted user helper interface
>> + */
>> +static void callbackfn_efi_capsule(const struct firmware *fw, void *context)
>> +{
>> + int ret = 0;
>> +
>> + if (fw) {
>> + /*
>> + * Binary not getting from user helper interface, fw->pages
>> + * is equal to NULL
>> + */
>> + if (!fw->pages) {
>> + pr_err("%s: ERROR: Capsule binary '%s' at %s\n",
>> + __func__, CAPSULE_NAME,
>> + "firmware lib search path are not supported");
>> + pr_err("user helper interface disabled\n");
>> + stop_request = 1;
>> + } else {
>> + efi_capsule_store(fw);
>> + }
>> + release_firmware(fw);
>> + }
>> +
>> + mutex_lock(&user_helper_lock);
>> + if (!stop_request) {
>> + ret = request_firmware_nowait(THIS_MODULE,
>> + FW_ACTION_NOHOTPLUG,
>> + CAPSULE_NAME,
>> + &efi_capsule_pdev->dev,
>> + GFP_KERNEL, NULL,
>> + callbackfn_efi_capsule);
>> + if (ret) {
>> + pr_err("%s: request_firmware_nowait() failed\n",
>> + __func__);
>> + }
>> + }
>> + mutex_unlock(&user_helper_lock);
>> +}
>> +
>> +static ssize_t capsule_loaded_show(struct device *dev,
>> + struct device_attribute *attr, char *buf)
>> +{
>> + return snprintf(buf, STRING_INTEGER_MAX_LENGTH, "%d\n", capsule_count);
>> +}
>> +
>> +static DEVICE_ATTR_RO(capsule_loaded);
>> +
>> +/* stop user helper interface for reboot or module unload */
>> +static void capsule_stop_user_helper(void)
>> +{
>> + mutex_lock(&user_helper_lock);
>> + stop_request = 1;
>> + mutex_unlock(&user_helper_lock);
>> + request_firmware_abort(CAPSULE_NAME);
>> +}
>> +
>> +/* reboot notifier for avoid deadlock with usermode_lock */
>> +static int capsule_shutdown_notify(struct notifier_block *nb,
>> + unsigned long sys_state,
>> + void *reboot_cmd)
>> +{
>> + capsule_stop_user_helper();
>> + return NOTIFY_DONE;
>> +}
>> +
>> +static struct notifier_block capsule_shutdown_nb = {
>> + .notifier_call = capsule_shutdown_notify,
>> + /*
>> + * In order to reboot properly, it is required to ensure the priority
>> + * here is higher than firmware_class fw_shutdown_nb priority
>> + */
>> + .priority = 1,
>> +};
>> +
>> +/*
>> + * Use request_firmware_nowait() exposing an user helper interface to obtain
>> + * capsule binary from user space
>> + */
>> +static int __init efi_capsule_user_helper_init(void)
>> +{
>> + int ret;
>> +
>> + register_reboot_notifier(&capsule_shutdown_nb);
>> +
>> + efi_capsule_pdev = platform_device_register_simple(DEV_NAME,
>> + PLATFORM_DEVID_NONE,
>> + NULL, 0);
>> + if (IS_ERR(efi_capsule_pdev)) {
>> + pr_err("%s: platform_device_register_simple() failed\n",
>> + __func__);
>> + return PTR_ERR(efi_capsule_pdev);
>> + }
>> +
>> + /*
>> + * create this file node for user to check the number of binaries that
>> + * are successfully loaded
>> + */
>> + ret = device_create_file(&efi_capsule_pdev->dev,
>> + &dev_attr_capsule_loaded);
>> + if (ret) {
>> + pr_err("%s: device_create_file() failed\n", __func__);
>> + return ret;
>> + }
>> +
>> + ret = request_firmware_nowait(THIS_MODULE, FW_ACTION_NOHOTPLUG,
>> + CAPSULE_NAME, &efi_capsule_pdev->dev,
>> + GFP_KERNEL, NULL, callbackfn_efi_capsule);
>> + if (ret) {
>> + pr_err("%s: request_firmware_nowait() failed\n", __func__);
>> + goto out;
>> + }
>> +
>> + return 0;
>> +
>> +out:
>> + device_remove_file(&efi_capsule_pdev->dev, &dev_attr_capsule_loaded);
>> + unregister_reboot_notifier(&capsule_shutdown_nb);
>> + return ret;
>> +}
>> +module_init(efi_capsule_user_helper_init);
>> +
>> +/*
>> + * rmmod app itself will stop you to remove the module if the user
>> + * helper interface is still exposing. In order to remove this driver,
>> + * you are require to do the command as below:
>> + * rmmod -f efi_capsule_user_helper.ko
>> + */
>> +static void __exit efi_capsule_user_helper_exit(void)
>> +{
>> + unregister_reboot_notifier(&capsule_shutdown_nb);
>> +
>> + capsule_stop_user_helper();
>> + /*
>> + * synchronization is needed to make sure request_firmware is fully
>> + * aborted
>> + */
>> + while (efi_capsule_pdev->dev.kobj.kref.refcount.counter > 3)
>> + msleep(20); /* avoid busy waiting for cooperative kernel */
>> +
>> + device_remove_file(&efi_capsule_pdev->dev, &dev_attr_capsule_loaded);
>> + platform_device_unregister(efi_capsule_pdev);
>> +}
>> +module_exit(efi_capsule_user_helper_exit);
>> +
>> +MODULE_DESCRIPTION("EFI Capsule user helper binary load utility");
>> +MODULE_LICENSE("GPL v2");
>> --
>> 1.7.9.5
--
Andy Lutomirski
AMA Capital Management, LLC