Re: pkg/57076: Add efivar port to NetBSD

[Taylor R Campbell <riastradh%NetBSD.org@localhost>]

The following reply was made to PR pkg/57076; it has been noted by GNATS.

From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
To: sergii.dmytruk%3mdeb.com@localhost
Cc: gnats-bugs%NetBSD.org@localhost
Subject: Re: pkg/57076: Add efivar port to NetBSD
Date: Thu, 27 Oct 2022 17:41:25 +0000

 This is a multi-part message in MIME format.
 --=_3GH/d8a4GiEuk6sY511/abKYWvHzDwXu
 
 We have /dev/efi on amd64 and aarch64 (and maybe 32-bit arm? I forget)
 -- it will be in NetBSD 10.
 
 Currently the implementation supports listing, reading, and writing
 EFI variables with EFIIOC_VAR_LIST, EFIIOC_VAR_GET, EFIIOC_VAR_SET.
 
 I have a draft patch for getting EFI tables (EFIIOC_GET_TABLE), but I
 haven't committed it yet -- EFI's table interface is badly designed,
 so we have to encoded knowledge of every possible table by its UUID in
 the kernel to do it safely, and I haven't gotten around to testing it
 because of that.
 
 The patch for EFIIOC_GET_TABLE is attached if you'd like to give it a
 try -- it knows about the EFI system resources table and that's it.
 (Memory is fuzzy now but I think fwupd might require access to that
 table and no others.)
 
 A good start for efivar would be to package it up in pkgsrc, maybe as
 sysutils/efivar.  Would you like to give that a try?
 
 --=_3GH/d8a4GiEuk6sY511/abKYWvHzDwXu
 Content-Type: text/plain; charset="ISO-8859-1"; name="efitab"
 Content-Transfer-Encoding: quoted-printable
 Content-Disposition: attachment; filename="efitab.patch"
 
 From 0c5ceaa01f92b2dc5a9c3f99265fedd6b81734a4 Mon Sep 17 00:00:00 2001
 From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
 Date: Thu, 15 Sep 2022 07:54:19 +0000
 Subject: [PATCH 1/2] efi(4): Implement MI parts of EFIIOC_GET_TABLE.
 
 Intended to be compatible with FreeBSD.
 
 Not yet supported on any architectures.
 ---
  sys/dev/efi.c    | 200 +++++++++++++++++++++++++++++++++++++++++++++++
  sys/dev/efivar.h |   8 +-
  sys/sys/efiio.h  |   8 ++
  3 files changed, 214 insertions(+), 2 deletions(-)
 
 diff --git a/sys/dev/efi.c b/sys/dev/efi.c
 index 91f0e1365d7e..f29a89d0a35f 100644
 --- a/sys/dev/efi.c
 +++ b/sys/dev/efi.c
 @@ -40,7 +40,10 @@ __KERNEL_RCSID(0, "$NetBSD: efi.c,v 1.4 2022/09/24 11:06=
 :03 riastradh Exp $");
  #include <sys/atomic.h>
  #include <sys/efiio.h>
 =20
 +#include <uvm/uvm_extern.h>
 +
  #include <dev/efivar.h>
 +#include <dev/mm.h>
 =20
  #ifdef _LP64
  #define	EFIERR(x)		(0x8000000000000000 | x)
 @@ -149,6 +152,201 @@ efi_status_to_error(efi_status status)
  	}
  }
 =20
 +/* XXX move to efi.h */
 +#define	EFI_SYSTEM_RESOURCE_TABLE_GUID					      \
 +	{0xb122a263,0x3661,0x4f68,0x99,0x29,{0x78,0xf8,0xb0,0xd6,0x21,0x80}}
 +#define	EFI_PROPERTIES_TABLE						      \
 +	{0x880aaca3,0x4adc,0x4a04,0x90,0x79,{0xb7,0x47,0x34,0x08,0x25,0xe5}}
 +
 +#define	EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION	1
 +
 +struct EFI_SYSTEM_RESOURCE_ENTRY {
 +	struct uuid	FwClass;
 +	uint32_t	FwType;
 +	uint32_t	FwVersion;
 +	uint32_t	LowestSupportedFwVersion;
 +	uint32_t	CapsuleFlags;
 +	uint32_t	LastAttemptVersion;
 +	uint32_t	LastAttemptStatus;
 +};
 +
 +struct EFI_SYSTEM_RESOURCE_TABLE {
 +	uint32_t	FwResourceCount;
 +	uint32_t	FwResourceCountMax;
 +	uint64_t	FwResourceVersion;
 +	struct EFI_SYSTEM_RESOURCE_ENTRY	Entries[];
 +};
 +
 +static void *
 +efi_map_pa(uint64_t addr, bool *directp)
 +{
 +	paddr_t pa =3D addr;
 +	vaddr_t va;
 +
 +	/*
 +	 * Verify the address is not truncated by conversion to
 +	 * paddr_t.  This might happen with a 64-bit EFI booting a
 +	 * 32-bit OS.
 +	 */
 +	if (pa !=3D addr)
 +		return NULL;
 +
 +	/*
 +	 * Try direct-map if we have it.  If it works, note that it was
 +	 * direct-mapped for efi_unmap.
 +	 */
 +#ifdef __HAVE_MM_MD_DIRECT_MAPPED_PHYS
 +	if (mm_md_direct_mapped_phys(pa, &va)) {
 +		*directp =3D true;
 +		return (void *)va;
 +	}
 +#endif
 +
 +	/*
 +	 * No direct map.  Reserve a page of kernel virtual address
 +	 * space, with no backing, to map to the physical address.
 +	 */
 +	va =3D uvm_km_alloc(kernel_map, PAGE_SIZE, 0,
 +	    UVM_KMF_VAONLY|UVM_KMF_WAITVA);
 +	KASSERT(va !=3D 0);
 +
 +	/*
 +	 * Map the kva page to the physical address and update the
 +	 * kernel pmap so we can use it.
 +	 */
 +	pmap_kenter_pa(va, pa, VM_PROT_READ, 0);
 +	pmap_update(pmap_kernel());
 +
 +	/*
 +	 * Success!  Return the VA and note that it was not
 +	 * direct-mapped for efi_unmap.
 +	 */
 +	*directp =3D false;
 +	return (void *)va;
 +}
 +
 +static void
 +efi_unmap(void *ptr, bool direct)
 +{
 +	vaddr_t va =3D (vaddr_t)ptr;
 +
 +	/*
 +	 * If it was direct-mapped, nothing to do here.
 +	 */
 +	if (direct)
 +		return;
 +
 +	/*
 +	 * First remove the mapping from the kernel pmap so that it can
 +	 * be reused, before we free the kva and let anyone else reuse
 +	 * it.
 +	 */
 +	pmap_kremove(va, PAGE_SIZE);
 +	pmap_update(pmap_kernel());
 +
 +	/*
 +	 * Next free the kva so it can be reused by someone else.
 +	 */
 +	uvm_km_free(kernel_map, va, PAGE_SIZE, UVM_KMF_VAONLY);
 +}
 +
 +static int
 +efi_ioctl_got_table(struct efi_get_table_ioc *ioc, void *ptr, size_t len)
 +{
 +
 +	/*
 +	 * Return the actual table length.
 +	 */
 +	ioc->table_len =3D len;
 +
 +	/*
 +	 * Copy out as much as we can into the user's allocated buffer.
 +	 */
 +	return copyout(ioc->buf, ptr, MIN(ioc->buf_len, len));
 +}
 +
 +static int
 +efi_ioctl_get_esrt(struct efi_get_table_ioc *ioc,
 +    struct EFI_SYSTEM_RESOURCE_TABLE *tab)
 +{
 +
 +	/*
 +	 * Verify the firmware resource version is one we understand.
 +	 */
 +	if (tab->FwResourceVersion !=3D
 +	    EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION)
 +		return ENOENT;
 +
 +	/*
 +	 * Verify the resource count fits within the single page we
 +	 * have mapped.
 +	 *
 +	 * XXX What happens if it doesn't?  Are we expected to map more
 +	 * than one page, according to the table header?  The UEFI spec
 +	 * is unclear on this.
 +	 */
 +	const size_t entry_space =3D PAGE_SIZE -
 +	    offsetof(struct EFI_SYSTEM_RESOURCE_TABLE, Entries);
 +	if (tab->FwResourceCount > entry_space/sizeof(tab->Entries[0]))
 +		return ENOENT;
 +
 +	/*
 +	 * Success!  Return everything through the last table entry.
 +	 */
 +	const size_t len =3D offsetof(struct EFI_SYSTEM_RESOURCE_TABLE,
 +	    Entries[tab->FwResourceCount]);
 +	return efi_ioctl_got_table(ioc, tab, len);
 +}
 +
 +static int
 +efi_ioctl_get_table(struct efi_get_table_ioc *ioc)
 +{
 +	uint64_t addr;
 +	bool direct;
 +	efi_status status;
 +	int error;
 +
 +	/*
 +	 * If the platform doesn't support it yet, fail now.
 +	 */
 +	if (efi_ops->efi_gettab =3D=3D NULL)
 +		return ENODEV;
 +
 +	/*
 +	 * Get the address of the requested table out of the EFI
 +	 * configuration table.
 +	 */
 +	status =3D efi_ops->efi_gettab(&ioc->uuid, &addr);
 +	if (status !=3D EFI_SUCCESS)
 +		return efi_status_to_error(status);
 +
 +	/*
 +	 * UEFI provides no generic way to identify the size of the
 +	 * table, so we have to bake knowledge of every vendor GUID
 +	 * into this code to safely expose the right amount of data to
 +	 * userland.
 +	 *
 +	 * We even have to bake knowledge of which ones are physically
 +	 * addressed and which ones might be virtually addressed
 +	 * according to the vendor GUID into this code, although for
 +	 * the moment we never use RT->SetVirtualAddressMap so we only
 +	 * ever have to deal with physical addressing.
 +	 */
 +	if (memcmp(&ioc->uuid, &(struct uuid)EFI_SYSTEM_RESOURCE_TABLE_GUID,
 +		sizeof(ioc->uuid)) =3D=3D 0) {
 +		struct EFI_SYSTEM_RESOURCE_TABLE *tab;
 +
 +		if ((tab =3D efi_map_pa(addr, &direct)) =3D=3D NULL)
 +			return ENOENT;
 +		error =3D efi_ioctl_get_esrt(ioc, tab);
 +		efi_unmap(tab, direct);
 +	} else {
 +		error =3D ENOENT;
 +	}
 +
 +	return error;
 +}
 +
  static int
  efi_ioctl_var_get(struct efi_var_ioc *var)
  {
 @@ -289,6 +487,8 @@ efi_ioctl(dev_t dev, u_long cmd, void *data, int flags,=
  struct lwp *l)
  	KASSERT(efi_ops !=3D NULL);
 =20
  	switch (cmd) {
 +	case EFIIOC_GET_TABLE:
 +		return efi_ioctl_get_table(data);
  	case EFIIOC_VAR_GET:
  		return efi_ioctl_var_get(data);
  	case EFIIOC_VAR_NEXT:
 diff --git a/sys/dev/efivar.h b/sys/dev/efivar.h
 index 21d6d61fd26a..72aeb8c6fbae 100644
 --- a/sys/dev/efivar.h
 +++ b/sys/dev/efivar.h
 @@ -29,16 +29,20 @@
  #ifndef _DEV_EFIVAR_H
  #define _DEV_EFIVAR_H
 =20
 +#include <sys/uuid.h>
 +#include <sys/types.h>
 +
  #include <machine/efi.h>
 =20
  struct efi_ops {
  	efi_status	(*efi_gettime)(struct efi_tm *, struct efi_tmcap *);
  	efi_status	(*efi_settime)(struct efi_tm *);
  	efi_status	(*efi_getvar)(uint16_t *, struct uuid *, uint32_t *,
 -				      u_long *, void *);
 +			    u_long *, void *);
  	efi_status	(*efi_setvar)(uint16_t *, struct uuid *, uint32_t,
 -				      u_long, void *);
 +			    u_long, void *);
  	efi_status	(*efi_nextvar)(u_long *, uint16_t *, struct uuid *);
 +	efi_status	(*efi_gettab)(const struct uuid *, uint64_t *);
  };
 =20
  void	efi_register_ops(const struct efi_ops *);
 diff --git a/sys/sys/efiio.h b/sys/sys/efiio.h
 index 8f3a9a2d54e9..c50c2c416fa9 100644
 --- a/sys/sys/efiio.h
 +++ b/sys/sys/efiio.h
 @@ -48,6 +48,13 @@
  #define	EFI_VARIABLE_APPEND_WRITE				0x00000040
  #define	EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS		0x00000080
 =20
 +struct efi_get_table_ioc {
 +	void *		buf;
 +	struct uuid	uuid;
 +	size_t		table_len;
 +	size_t		buf_len;
 +};
 +
  struct efi_var_ioc {
  	uint16_t *	name;		/* vendor's variable name */
  	size_t		namesize;	/* size in bytes of the name buffer */
 @@ -57,6 +64,7 @@ struct efi_var_ioc {
  	size_t		datasize;	/* size in bytes of the data buffer */
  };
 =20
 +#define	EFIIOC_GET_TABLE	_IOWR('e', 1, struct efi_get_table_ioc)
  #define	EFIIOC_VAR_GET		_IOWR('e', 4, struct efi_var_ioc)
  #define	EFIIOC_VAR_NEXT		_IOWR('e', 5, struct efi_var_ioc)
  #define	EFIIOC_VAR_SET		_IOWR('e', 7, struct efi_var_ioc)
 
 From 6a19066c80d0518b48625bc5e24102512d5914a0 Mon Sep 17 00:00:00 2001
 From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
 Date: Thu, 15 Sep 2022 07:55:02 +0000
 Subject: [PATCH 2/2] efi(4): Implement EFIIOC_GET_TABLE on x86.
 
 ---
  sys/arch/x86/x86/efi_machdep.c | 19 +++++++++++++++++++
  1 file changed, 19 insertions(+)
 
 diff --git a/sys/arch/x86/x86/efi_machdep.c b/sys/arch/x86/x86/efi_machdep.c
 index 3a40a8eee043..a025b2a39a52 100644
 --- a/sys/arch/x86/x86/efi_machdep.c
 +++ b/sys/arch/x86/x86/efi_machdep.c
 @@ -590,8 +590,10 @@ efi_get_e820memmap(void)
  #define	EFIERR(x)	(0x80000000ul | (x))
  #endif
 =20
 +#define	EFI_SUCCESS		EFIERR(0)
  #define	EFI_UNSUPPORTED		EFIERR(3)
  #define	EFI_DEVICE_ERROR	EFIERR(7)
 +#define	EFI_NOT_FOUND		EFIERR(14)
 =20
  /*
   * efi_runtime_init()
 @@ -985,12 +987,29 @@ efi_runtime_setvar(efi_char *name, struct uuid *vendo=
 r, uint32_t attrib,
  	return status;
  }
 =20
 +static efi_status
 +efi_runtime_gettab(const struct uuid *vendor, uint64_t *addrp)
 +{
 +	struct efi_cfgtbl *cfgtbl =3D efi_getcfgtblhead();
 +	paddr_t pa;
 +
 +	if (cfgtbl =3D=3D NULL)
 +		return EFI_UNSUPPORTED;
 +
 +	pa =3D efi_getcfgtblpa(vendor);
 +	if (pa =3D=3D 0)
 +		return EFI_NOT_FOUND;
 +	*addrp =3D pa;
 +	return EFI_SUCCESS;
 +}
 +
  static struct efi_ops efi_runtime_ops =3D {
  	.efi_gettime =3D efi_runtime_gettime,
  	.efi_settime =3D efi_runtime_settime,
  	.efi_getvar =3D efi_runtime_getvar,
  	.efi_setvar =3D efi_runtime_setvar,
  	.efi_nextvar =3D efi_runtime_nextvar,
 +	.efi_gettab =3D efi_runtime_gettab,
  };
 =20
  #endif	/* EFI_RUNTIME */
 
 --=_3GH/d8a4GiEuk6sY511/abKYWvHzDwXu--