remoteproc_elf_loader.c source code [linux/drivers/remoteproc/remoteproc_elf_loader.c]

1	// SPDX-License-Identifier: GPL-2.0-only
2	/*
3	* Remote Processor Framework ELF loader
4	*
5	* Copyright (C) 2011 Texas Instruments, Inc.
6	* Copyright (C) 2011 Google, Inc.
7	*
8	* Ohad Ben-Cohen <ohad@wizery.com>
9	* Brian Swetland <swetland@google.com>
10	* Mark Grosen <mgrosen@ti.com>
11	* Fernando Guzman Lugo <fernando.lugo@ti.com>
12	* Suman Anna <s-anna@ti.com>
13	* Robert Tivy <rtivy@ti.com>
14	* Armando Uribe De Leon <x0095078@ti.com>
15	* Sjur Brændeland <sjur.brandeland@stericsson.com>
16	*/
17
18	#define pr_fmt(fmt) "%s: " fmt, __func__
19
20	#include <linux/module.h>
21	#include <linux/firmware.h>
22	#include <linux/remoteproc.h>
23	#include <linux/elf.h>
24
25	#include "remoteproc_internal.h"
26	#include "remoteproc_elf_helpers.h"
27
28	/**
29	* rproc_elf_sanity_check() - Sanity Check for ELF32/ELF64 firmware image
30	* @rproc: the remote processor handle
31	* @fw: the ELF firmware image
32	*
33	* Make sure this fw image is sane (ie a correct ELF32/ELF64 file).
34	*
35	* Return: 0 on success and -EINVAL upon any failure
36	*/
37	int rproc_elf_sanity_check(struct rproc rproc, const* struct firmware *fw)
38	{
39	const char *name = rproc->firmware;
40	struct device *dev = &rproc->dev;
41	/*
42	* ELF files are beginning with the same structure. Thus, to simplify
43	* header parsing, we can use the elf32_hdr one for both elf64 and
44	* elf32.
45	*/
46	struct elf32_hdr *ehdr;
47	u32 elf_shdr_get_size;
48	u64 phoff, shoff;
49	char class;
50	u16 phnum;
51
52	if (!fw) {
53	dev_err(dev, "failed to load %s\n", name);
54	return -EINVAL;
55	}
56
57	if (fw->size < sizeof(struct elf32_hdr)) {
58	dev_err(dev, "Image is too small\n");
59	return -EINVAL;
60	}
61
62	ehdr = (struct elf32_hdr *)fw->data;
63
64	if (memcmp(p: ehdr->e_ident, ELFMAG, SELFMAG)) {
65	dev_err(dev, "Image is corrupted (bad magic)\n");
66	return -EINVAL;
67	}
68
69	class = ehdr->e_ident[EI_CLASS];
70	if (class != ELFCLASS32 && class != ELFCLASS64) {
71	dev_err(dev, "Unsupported class: %d\n", class);
72	return -EINVAL;
73	}
74
75	if (class == ELFCLASS64 && fw->size < sizeof(struct elf64_hdr)) {
76	dev_err(dev, "elf64 header is too small\n");
77	return -EINVAL;
78	}
79
80	/ We assume the firmware has the same endianness as the host /
81	# ifdef __LITTLE_ENDIAN
82	if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB) {
83	# else /* BIG ENDIAN */
84	if (ehdr->e_ident[EI_DATA] != ELFDATA2MSB) {
85	# endif
86	dev_err(dev, "Unsupported firmware endianness\n");
87	return -EINVAL;
88	}
89
90	phoff = elf_hdr_get_e_phoff(class, arg: fw->data);
91	shoff = elf_hdr_get_e_shoff(class, arg: fw->data);
92	phnum = elf_hdr_get_e_phnum(class, arg: fw->data);
93	elf_shdr_get_size = elf_size_of_shdr(class);
94
95	if (fw->size < shoff + elf_shdr_get_size) {
96	dev_err(dev, "Image is too small\n");
97	return -EINVAL;
98	}
99
100	if (phnum == `0`) {
101	dev_err(dev, "No loadable segments\n");
102	return -EINVAL;
103	}
104
105	if (phoff > fw->size) {
106	dev_err(dev, "Firmware size is too small\n");
107	return -EINVAL;
108	}
109
110	dev_dbg(dev, "Firmware is an elf%d file\n",
111	class == ELFCLASS32 ? `32` : `64`);
112
113	return `0`;
114	}
115	EXPORT_SYMBOL(rproc_elf_sanity_check);
116
117	/**
118	* rproc_elf_get_boot_addr() - Get rproc's boot address.
119	* @rproc: the remote processor handle
120	* @fw: the ELF firmware image
121	*
122	* Note that the boot address is not a configurable property of all remote
123	* processors. Some will always boot at a specific hard-coded address.
124	*
125	* Return: entry point address of the ELF image
126	*
127	*/
128	u64 rproc_elf_get_boot_addr(struct rproc rproc, const* struct firmware *fw)
129	{
130	return elf_hdr_get_e_entry(class: fw_elf_get_class(fw), arg: fw->data);
131	}
132	EXPORT_SYMBOL(rproc_elf_get_boot_addr);
133
134	/**
135	* rproc_elf_load_segments() - load firmware segments to memory
136	* @rproc: remote processor which will be booted using these fw segments
137	* @fw: the ELF firmware image
138	*
139	* This function loads the firmware segments to memory, where the remote
140	* processor expects them.
141	*
142	* Some remote processors will expect their code and data to be placed
143	* in specific device addresses, and can't have them dynamically assigned.
144	*
145	* We currently support only those kind of remote processors, and expect
146	* the program header's paddr member to contain those addresses. We then go
147	* through the physically contiguous "carveout" memory regions which we
148	* allocated (and mapped) earlier on behalf of the remote processor,
149	* and "translate" device address to kernel addresses, so we can copy the
150	* segments where they are expected.
151	*
152	* Currently we only support remote processors that required carveout
153	* allocations and got them mapped onto their iommus. Some processors
154	* might be different: they might not have iommus, and would prefer to
155	* directly allocate memory for every segment/resource. This is not yet
156	* supported, though.
157	*
158	* Return: 0 on success and an appropriate error code otherwise
159	*/
160	int rproc_elf_load_segments(struct rproc rproc, const* struct firmware *fw)
161	{
162	struct device *dev = &rproc->dev;
163	const void ehdr, phdr;
164	int i, ret = `0`;
165	u16 phnum;
166	const u8 *elf_data = fw->data;
167	u8 class = fw_elf_get_class(fw);
168	u32 elf_phdr_get_size = elf_size_of_phdr(class);
169
170	ehdr = elf_data;
171	phnum = elf_hdr_get_e_phnum(class, arg: ehdr);
172	phdr = elf_data + elf_hdr_get_e_phoff(class, arg: ehdr);
173
174	/ go through the available ELF segments /
175	for (i = `0`; i < phnum; i++, phdr += elf_phdr_get_size) {
176	u64 da = elf_phdr_get_p_paddr(class, arg: phdr);
177	u64 memsz = elf_phdr_get_p_memsz(class, arg: phdr);
178	u64 filesz = elf_phdr_get_p_filesz(class, arg: phdr);
179	u64 offset = elf_phdr_get_p_offset(class, arg: phdr);
180	u32 type = elf_phdr_get_p_type(class, arg: phdr);
181	bool is_iomem = false;
182	void *ptr;
183
184	if (type != PT_LOAD \|\| !memsz)
185	continue;
186
187	dev_dbg(dev, "phdr: type %d da 0x%llx memsz 0x%llx filesz 0x%llx\n",
188	type, da, memsz, filesz);
189
190	if (filesz > memsz) {
191	dev_err(dev, "bad phdr filesz 0x%llx memsz 0x%llx\n",
192	filesz, memsz);
193	ret = -EINVAL;
194	break;
195	}
196
197	if (offset + filesz > fw->size) {
198	dev_err(dev, "truncated fw: need 0x%llx avail 0x%zx\n",
199	offset + filesz, fw->size);
200	ret = -EINVAL;
201	break;
202	}
203
204	if (!rproc_u64_fit_in_size_t(val: memsz)) {
205	dev_err(dev, "size (%llx) does not fit in size_t type\n",
206	memsz);
207	ret = -EOVERFLOW;
208	break;
209	}
210
211	/ grab the kernel address for this device address /
212	ptr = rproc_da_to_va(rproc, da, len: memsz, is_iomem: &is_iomem);
213	if (!ptr) {
214	dev_err(dev, "bad phdr da 0x%llx mem 0x%llx\n", da,
215	memsz);
216	ret = -EINVAL;
217	break;
218	}
219
220	/ put the segment where the remote processor expects it /
221	if (filesz) {
222	if (is_iomem)
223	memcpy_toio((void __iomem *)ptr, elf_data + offset, filesz);
224	else
225	memcpy(ptr, elf_data + offset, filesz);
226	}
227
228	/*
229	* Zero out remaining memory for this segment.
230	*
231	* This isn't strictly required since dma_alloc_coherent already
232	* did this for us. albeit harmless, we may consider removing
233	* this.
234	*/
235	if (memsz > filesz) {
236	if (is_iomem)
237	memset_io((void __iomem *)(ptr + filesz), `0`, memsz - filesz);
238	else
239	memset(ptr + filesz, `0`, memsz - filesz);
240	}
241	}
242
243	return ret;
244	}
245	EXPORT_SYMBOL(rproc_elf_load_segments);
246
247	static const void *
248	find_table(struct device dev, const* struct firmware *fw)
249	{
250	const void shdr, name_table_shdr;
251	int i;
252	const char *name_table;
253	struct resource_table *table = NULL;
254	const u8 elf_data = (void* *)fw->data;
255	u8 class = fw_elf_get_class(fw);
256	size_t fw_size = fw->size;
257	const void *ehdr = elf_data;
258	u16 shnum = elf_hdr_get_e_shnum(class, arg: ehdr);
259	u32 elf_shdr_get_size = elf_size_of_shdr(class);
260	u16 shstrndx = elf_hdr_get_e_shstrndx(class, arg: ehdr);
261
262	/ look for the resource table and handle it /
263	/ First, get the section header according to the elf class /
264	shdr = elf_data + elf_hdr_get_e_shoff(class, arg: ehdr);
265	/ Compute name table section header entry in shdr array /
266	name_table_shdr = shdr + (shstrndx * elf_shdr_get_size);
267	/ Finally, compute the name table section address in elf /
268	name_table = elf_data + elf_shdr_get_sh_offset(class, arg: name_table_shdr);
269
270	for (i = `0`; i < shnum; i++, shdr += elf_shdr_get_size) {
271	u64 size = elf_shdr_get_sh_size(class, arg: shdr);
272	u64 offset = elf_shdr_get_sh_offset(class, arg: shdr);
273	u32 name = elf_shdr_get_sh_name(class, arg: shdr);
274
275	if (strcmp(name_table + name, ".resource_table"))
276	continue;
277
278	table = (struct resource_table *)(elf_data + offset);
279
280	/ make sure we have the entire table /
281	if (offset + size > fw_size \|\| offset + size < size) {
282	dev_err(dev, "resource table truncated\n");
283	return NULL;
284	}
285
286	/ make sure table has at least the header /
287	if (sizeof(struct resource_table) > size) {
288	dev_err(dev, "header-less resource table\n");
289	return NULL;
290	}
291
292	/ we don't support any version beyond the first /
293	if (table->ver != `1`) {
294	dev_err(dev, "unsupported fw ver: %d\n", table->ver);
295	return NULL;
296	}
297
298	/ make sure reserved bytes are zeroes /
299	if (table->reserved[`0`] \|\| table->reserved[`1`]) {
300	dev_err(dev, "non zero reserved bytes\n");
301	return NULL;
302	}
303
304	/ make sure the offsets array isn't truncated /
305	if (struct_size(table, offset, table->num) > size) {
306	dev_err(dev, "resource table incomplete\n");
307	return NULL;
308	}
309
310	return shdr;
311	}
312
313	return NULL;
314	}
315
316	/**
317	* rproc_elf_load_rsc_table() - load the resource table
318	* @rproc: the rproc handle
319	* @fw: the ELF firmware image
320	*
321	* This function finds the resource table inside the remote processor's
322	* firmware, load it into the @cached_table and update @table_ptr.
323	*
324	* Return: 0 on success, negative errno on failure.
325	*/
326	int rproc_elf_load_rsc_table(struct rproc rproc, const* struct firmware *fw)
327	{
328	const void *shdr;
329	struct device *dev = &rproc->dev;
330	struct resource_table *table = NULL;
331	const u8 *elf_data = fw->data;
332	size_t tablesz;
333	u8 class = fw_elf_get_class(fw);
334	u64 sh_offset;
335
336	shdr = find_table(dev, fw);
337	if (!shdr)
338	return -EINVAL;
339
340	sh_offset = elf_shdr_get_sh_offset(class, arg: shdr);
341	table = (struct resource_table *)(elf_data + sh_offset);
342	tablesz = elf_shdr_get_sh_size(class, arg: shdr);
343
344	/*
345	* Create a copy of the resource table. When a virtio device starts
346	* and calls vring_new_virtqueue() the address of the allocated vring
347	* will be stored in the cached_table. Before the device is started,
348	* cached_table will be copied into device memory.
349	*/
350	rproc->cached_table = kmemdup(p: table, size: tablesz, GFP_KERNEL);
351	if (!rproc->cached_table)
352	return -ENOMEM;
353
354	rproc->table_ptr = rproc->cached_table;
355	rproc->table_sz = tablesz;
356
357	return `0`;
358	}
359	EXPORT_SYMBOL(rproc_elf_load_rsc_table);
360
361	/**
362	* rproc_elf_find_loaded_rsc_table() - find the loaded resource table
363	* @rproc: the rproc handle
364	* @fw: the ELF firmware image
365	*
366	* This function finds the location of the loaded resource table. Don't
367	* call this function if the table wasn't loaded yet - it's a bug if you do.
368	*
369	* Return: pointer to the resource table if it is found or NULL otherwise.
370	* If the table wasn't loaded yet the result is unspecified.
371	*/
372	struct resource_table rproc_elf_find_loaded_rsc_table(struct* rproc *rproc,
373	const struct firmware *fw)
374	{
375	const void *shdr;
376	u64 sh_addr, sh_size;
377	u8 class = fw_elf_get_class(fw);
378	struct device *dev = &rproc->dev;
379
380	shdr = find_table(dev: &rproc->dev, fw);
381	if (!shdr)
382	return NULL;
383
384	sh_addr = elf_shdr_get_sh_addr(class, arg: shdr);
385	sh_size = elf_shdr_get_sh_size(class, arg: shdr);
386
387	if (!rproc_u64_fit_in_size_t(val: sh_size)) {
388	dev_err(dev, "size (%llx) does not fit in size_t type\n",
389	sh_size);
390	return NULL;
391	}
392
393	return rproc_da_to_va(rproc, da: sh_addr, len: sh_size, NULL);
394	}
395	EXPORT_SYMBOL(rproc_elf_find_loaded_rsc_table);
396

source code of linux/drivers/remoteproc/remoteproc_elf_loader.c