2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2021 Beckhoff Automation GmbH & Co. KG
5 * Author: Corvin Köhne <c.koehne@beckhoff.com>
9 #include <sys/endian.h>
10 #include <sys/queue.h>
13 #include <machine/vmm.h>
23 #include "acpi_device.h"
26 #include "amd64/inout.h"
27 #include "amd64/pci_lpc.h"
29 #include "qemu_fwcfg.h"
31 #define QEMU_FWCFG_ACPI_DEVICE_NAME "FWCF"
32 #define QEMU_FWCFG_ACPI_HARDWARE_ID "QEMU0002"
34 #define QEMU_FWCFG_SELECTOR_PORT_NUMBER 0x510
35 #define QEMU_FWCFG_SELECTOR_PORT_SIZE 1
36 #define QEMU_FWCFG_SELECTOR_PORT_FLAGS IOPORT_F_INOUT
37 #define QEMU_FWCFG_DATA_PORT_NUMBER 0x511
38 #define QEMU_FWCFG_DATA_PORT_SIZE 1
39 #define QEMU_FWCFG_DATA_PORT_FLAGS \
40 IOPORT_F_INOUT /* QEMU v2.4+ ignores writes */
42 #define QEMU_FWCFG_ARCHITECTURE_MASK 0x0001
43 #define QEMU_FWCFG_INDEX_MASK 0x3FFF
45 #define QEMU_FWCFG_SELECT_READ 0
46 #define QEMU_FWCFG_SELECT_WRITE 1
48 #define QEMU_FWCFG_ARCHITECTURE_GENERIC 0
49 #define QEMU_FWCFG_ARCHITECTURE_SPECIFIC 1
51 #define QEMU_FWCFG_INDEX_SIGNATURE 0x00
52 #define QEMU_FWCFG_INDEX_ID 0x01
53 #define QEMU_FWCFG_INDEX_NB_CPUS 0x05
54 #define QEMU_FWCFG_INDEX_MAX_CPUS 0x0F
55 #define QEMU_FWCFG_INDEX_FILE_DIR 0x19
57 #define QEMU_FWCFG_FIRST_FILE_INDEX 0x20
59 #define QEMU_FWCFG_MIN_FILES 10
63 union qemu_fwcfg_selector {
66 uint16_t writeable : 1;
67 uint16_t architecture : 1;
72 struct qemu_fwcfg_signature {
76 struct qemu_fwcfg_id {
77 uint32_t interface : 1; /* always set */
79 uint32_t reserved : 30;
82 struct qemu_fwcfg_file {
86 uint8_t name[QEMU_FWCFG_MAX_NAME];
89 struct qemu_fwcfg_directory {
91 struct qemu_fwcfg_file files[0];
96 struct qemu_fwcfg_softc {
97 struct acpi_device *acpi_dev;
100 union qemu_fwcfg_selector selector;
101 struct qemu_fwcfg_item items[QEMU_FWCFG_MAX_ARCHS]
102 [QEMU_FWCFG_MAX_ENTRIES];
103 struct qemu_fwcfg_directory *directory;
106 static struct qemu_fwcfg_softc fwcfg_sc;
108 struct qemu_fwcfg_user_file {
109 STAILQ_ENTRY(qemu_fwcfg_user_file) chain;
110 uint8_t name[QEMU_FWCFG_MAX_NAME];
114 static STAILQ_HEAD(qemu_fwcfg_user_file_list,
115 qemu_fwcfg_user_file) user_files = STAILQ_HEAD_INITIALIZER(user_files);
119 qemu_fwcfg_selector_port_handler(struct vmctx *const ctx __unused, const int in,
120 const int port __unused, const int bytes, uint32_t *const eax,
121 void *const arg __unused)
123 if (bytes != sizeof(uint16_t)) {
124 warnx("%s: invalid size (%d) of IO port access", __func__,
130 *eax = htole16(fwcfg_sc.selector.bits);
134 fwcfg_sc.data_offset = 0;
135 fwcfg_sc.selector.bits = le16toh(*eax);
141 qemu_fwcfg_data_port_handler(struct vmctx *const ctx __unused, const int in,
142 const int port __unused, const int bytes, uint32_t *const eax,
143 void *const arg __unused)
145 if (bytes != sizeof(uint8_t)) {
146 warnx("%s: invalid size (%d) of IO port access", __func__,
152 warnx("%s: Writes to qemu fwcfg data port aren't allowed",
158 struct qemu_fwcfg_item *const item =
159 &fwcfg_sc.items[fwcfg_sc.selector.architecture]
160 [fwcfg_sc.selector.index];
161 if (item->data == NULL) {
163 "%s: qemu fwcfg item doesn't exist (architecture %s index 0x%x)",
165 fwcfg_sc.selector.architecture ? "specific" : "generic",
166 fwcfg_sc.selector.index);
169 } else if (fwcfg_sc.data_offset >= item->size) {
171 "%s: qemu fwcfg item read exceeds size (architecture %s index 0x%x size 0x%x offset 0x%x)",
173 fwcfg_sc.selector.architecture ? "specific" : "generic",
174 fwcfg_sc.selector.index, item->size, fwcfg_sc.data_offset);
179 /* return item data */
180 *eax = item->data[fwcfg_sc.data_offset];
181 fwcfg_sc.data_offset++;
188 qemu_fwcfg_add_item(const uint16_t architecture, const uint16_t index,
189 const uint32_t size, void *const data)
191 /* truncate architecture and index to their desired size */
192 const uint16_t arch = architecture & QEMU_FWCFG_ARCHITECTURE_MASK;
193 const uint16_t idx = index & QEMU_FWCFG_INDEX_MASK;
195 /* get pointer to item specified by selector */
196 struct qemu_fwcfg_item *const fwcfg_item = &fwcfg_sc.items[arch][idx];
198 /* check if item is already used */
199 if (fwcfg_item->data != NULL) {
200 warnx("%s: qemu fwcfg item exists (architecture %s index 0x%x)",
201 __func__, arch ? "specific" : "generic", idx);
205 /* save data of the item */
206 fwcfg_item->size = size;
207 fwcfg_item->data = data;
213 qemu_fwcfg_add_item_file_dir(void)
215 const size_t size = sizeof(struct qemu_fwcfg_directory) +
216 QEMU_FWCFG_MIN_FILES * sizeof(struct qemu_fwcfg_file);
217 struct qemu_fwcfg_directory *const fwcfg_directory = calloc(1, size);
218 if (fwcfg_directory == NULL) {
222 fwcfg_sc.directory = fwcfg_directory;
224 return (qemu_fwcfg_add_item(QEMU_FWCFG_ARCHITECTURE_GENERIC,
225 QEMU_FWCFG_INDEX_FILE_DIR, sizeof(struct qemu_fwcfg_directory),
226 (uint8_t *)fwcfg_sc.directory));
230 qemu_fwcfg_add_item_id(void)
232 struct qemu_fwcfg_id *const fwcfg_id = calloc(1,
233 sizeof(struct qemu_fwcfg_id));
234 if (fwcfg_id == NULL) {
238 fwcfg_id->interface = 1;
241 uint32_t *const le_fwcfg_id_ptr = (uint32_t *)fwcfg_id;
242 *le_fwcfg_id_ptr = htole32(*le_fwcfg_id_ptr);
244 return (qemu_fwcfg_add_item(QEMU_FWCFG_ARCHITECTURE_GENERIC,
245 QEMU_FWCFG_INDEX_ID, sizeof(struct qemu_fwcfg_id),
246 (uint8_t *)fwcfg_id));
250 qemu_fwcfg_add_item_max_cpus(void)
252 uint16_t *fwcfg_max_cpus = calloc(1, sizeof(uint16_t));
253 if (fwcfg_max_cpus == NULL) {
258 * We don't support cpu hotplug yet. For that reason, use guest_ncpus instead
261 *fwcfg_max_cpus = htole16(guest_ncpus);
263 return (qemu_fwcfg_add_item(QEMU_FWCFG_ARCHITECTURE_GENERIC,
264 QEMU_FWCFG_INDEX_MAX_CPUS, sizeof(uint16_t), fwcfg_max_cpus));
268 qemu_fwcfg_add_item_nb_cpus(void)
270 uint16_t *fwcfg_max_cpus = calloc(1, sizeof(uint16_t));
271 if (fwcfg_max_cpus == NULL) {
275 *fwcfg_max_cpus = htole16(guest_ncpus);
277 return (qemu_fwcfg_add_item(QEMU_FWCFG_ARCHITECTURE_GENERIC,
278 QEMU_FWCFG_INDEX_NB_CPUS, sizeof(uint16_t), fwcfg_max_cpus));
282 qemu_fwcfg_add_item_signature(void)
284 struct qemu_fwcfg_signature *const fwcfg_signature = calloc(1,
285 sizeof(struct qemu_fwcfg_signature));
286 if (fwcfg_signature == NULL) {
290 fwcfg_signature->signature[0] = 'Q';
291 fwcfg_signature->signature[1] = 'E';
292 fwcfg_signature->signature[2] = 'M';
293 fwcfg_signature->signature[3] = 'U';
295 return (qemu_fwcfg_add_item(QEMU_FWCFG_ARCHITECTURE_GENERIC,
296 QEMU_FWCFG_INDEX_SIGNATURE, sizeof(struct qemu_fwcfg_signature),
297 (uint8_t *)fwcfg_signature));
302 qemu_fwcfg_register_port(const char *const name, const int port, const int size,
303 const int flags, const inout_func_t handler)
305 struct inout_port iop;
307 bzero(&iop, sizeof(iop));
312 iop.handler = handler;
314 return (register_inout(&iop));
319 qemu_fwcfg_add_file(const char *name, const uint32_t size, void *const data)
321 if (strlen(name) >= QEMU_FWCFG_MAX_NAME)
325 * QEMU specifies count as big endian.
326 * Convert it to host endian to work with it.
328 const uint32_t count = be32toh(fwcfg_sc.directory->be_count) + 1;
330 /* add file to items list */
331 const uint32_t index = QEMU_FWCFG_FIRST_FILE_INDEX + count - 1;
332 const int error = qemu_fwcfg_add_item(QEMU_FWCFG_ARCHITECTURE_GENERIC,
339 * files should be sorted alphabetical, get index for new file
342 for (file_index = 0; file_index < count - 1; ++file_index) {
343 if (strcmp(name, fwcfg_sc.directory->files[file_index].name) <
348 if (count > QEMU_FWCFG_MIN_FILES) {
349 /* alloc new file directory */
350 const uint64_t new_size = sizeof(struct qemu_fwcfg_directory) +
351 count * sizeof(struct qemu_fwcfg_file);
352 struct qemu_fwcfg_directory *const new_directory = calloc(1,
354 if (new_directory == NULL) {
356 "%s: Unable to allocate a new qemu fwcfg files directory (count %d)",
361 /* copy files below file_index to new directory */
362 memcpy(new_directory->files, fwcfg_sc.directory->files,
363 file_index * sizeof(struct qemu_fwcfg_file));
365 /* copy files above file_index to directory */
366 memcpy(&new_directory->files[file_index + 1],
367 &fwcfg_sc.directory->files[file_index],
368 (count - file_index - 1) * sizeof(struct qemu_fwcfg_file));
370 /* free old directory */
371 free(fwcfg_sc.directory);
373 /* set directory pointer to new directory */
374 fwcfg_sc.directory = new_directory;
376 /* adjust directory pointer */
377 fwcfg_sc.items[0][QEMU_FWCFG_INDEX_FILE_DIR].data =
378 (uint8_t *)fwcfg_sc.directory;
380 /* shift files behind file_index */
381 for (uint32_t i = QEMU_FWCFG_MIN_FILES - 1; i > file_index;
383 memcpy(&fwcfg_sc.directory->files[i],
384 &fwcfg_sc.directory->files[i - 1],
385 sizeof(struct qemu_fwcfg_file));
390 * QEMU specifies count, size and index as big endian.
391 * Save these values in big endian to simplify guest reads of these
394 fwcfg_sc.directory->be_count = htobe32(count);
395 fwcfg_sc.directory->files[file_index].be_size = htobe32(size);
396 fwcfg_sc.directory->files[file_index].be_selector = htobe16(index);
397 strcpy(fwcfg_sc.directory->files[file_index].name, name);
399 /* set new size for the fwcfg_file_directory */
400 fwcfg_sc.items[0][QEMU_FWCFG_INDEX_FILE_DIR].size =
401 sizeof(struct qemu_fwcfg_directory) +
402 count * sizeof(struct qemu_fwcfg_file);
408 qemu_fwcfg_add_user_files(void)
410 const struct qemu_fwcfg_user_file *fwcfg_file;
413 STAILQ_FOREACH(fwcfg_file, &user_files, chain) {
414 error = qemu_fwcfg_add_file(fwcfg_file->name, fwcfg_file->size,
423 static const struct acpi_device_emul qemu_fwcfg_acpi_device_emul = {
424 .name = QEMU_FWCFG_ACPI_DEVICE_NAME,
425 .hid = QEMU_FWCFG_ACPI_HARDWARE_ID,
429 qemu_fwcfg_init(struct vmctx *const ctx)
435 * The fwcfg implementation currently only provides an I/O port
436 * interface and thus is amd64-specific for now. An MMIO interface is
437 * required for other platforms.
440 fwcfg_enabled = strcmp(lpc_fwcfg(), "qemu") == 0;
442 fwcfg_enabled = false;
446 * Bhyve supports fwctl (bhyve) and fwcfg (qemu) as firmware interfaces.
447 * Both are using the same ports. So, it's not possible to provide both
448 * interfaces at the same time to the guest. Therefore, only create acpi
449 * tables and register io ports for fwcfg, if it's used.
452 error = acpi_device_create(&fwcfg_sc.acpi_dev, &fwcfg_sc, ctx,
453 &qemu_fwcfg_acpi_device_emul);
455 warnx("%s: failed to create ACPI device for QEMU FwCfg",
460 error = acpi_device_add_res_fixed_ioport(fwcfg_sc.acpi_dev,
461 QEMU_FWCFG_SELECTOR_PORT_NUMBER, 2);
463 warnx("%s: failed to add fixed IO port for QEMU FwCfg",
469 if ((error = qemu_fwcfg_register_port("qemu_fwcfg_selector",
470 QEMU_FWCFG_SELECTOR_PORT_NUMBER,
471 QEMU_FWCFG_SELECTOR_PORT_SIZE,
472 QEMU_FWCFG_SELECTOR_PORT_FLAGS,
473 qemu_fwcfg_selector_port_handler)) != 0) {
475 "%s: Unable to register qemu fwcfg selector port 0x%x",
476 __func__, QEMU_FWCFG_SELECTOR_PORT_NUMBER);
479 if ((error = qemu_fwcfg_register_port("qemu_fwcfg_data",
480 QEMU_FWCFG_DATA_PORT_NUMBER, QEMU_FWCFG_DATA_PORT_SIZE,
481 QEMU_FWCFG_DATA_PORT_FLAGS,
482 qemu_fwcfg_data_port_handler)) != 0) {
484 "%s: Unable to register qemu fwcfg data port 0x%x",
485 __func__, QEMU_FWCFG_DATA_PORT_NUMBER);
491 /* add common fwcfg items */
492 if ((error = qemu_fwcfg_add_item_signature()) != 0) {
493 warnx("%s: Unable to add signature item", __func__);
496 if ((error = qemu_fwcfg_add_item_id()) != 0) {
497 warnx("%s: Unable to add id item", __func__);
500 if ((error = qemu_fwcfg_add_item_nb_cpus()) != 0) {
501 warnx("%s: Unable to add nb_cpus item", __func__);
504 if ((error = qemu_fwcfg_add_item_max_cpus()) != 0) {
505 warnx("%s: Unable to add max_cpus item", __func__);
508 if ((error = qemu_fwcfg_add_item_file_dir()) != 0) {
509 warnx("%s: Unable to add file_dir item", __func__);
512 /* add user defined fwcfg files */
513 if ((error = qemu_fwcfg_add_user_files()) != 0) {
514 warnx("%s: Unable to add user files", __func__);
520 acpi_device_destroy(fwcfg_sc.acpi_dev);
527 qemu_fwcfg_usage(const char *opt)
529 warnx("Invalid fw_cfg option \"%s\"", opt);
530 warnx("-f [name=]<name>,(string|file)=<value>");
534 * Parses the cmdline argument for user defined fw_cfg items. The cmdline
535 * argument has the format:
536 * "-f [name=]<name>,(string|file)=<value>"
538 * E.g.: "-f opt/com.page/example,string=Hello"
541 qemu_fwcfg_parse_cmdline_arg(const char *opt)
543 struct qemu_fwcfg_user_file *fwcfg_file;
545 const char *opt_ptr, *opt_end;
549 fwcfg_file = malloc(sizeof(*fwcfg_file));
550 if (fwcfg_file == NULL) {
551 warnx("Unable to allocate fw_cfg_user_file");
555 /* get pointer to <name> */
557 /* If [name=] is specified, skip it */
558 if (strncmp(opt_ptr, "name=", sizeof("name=") - 1) == 0) {
559 opt_ptr += sizeof("name=") - 1;
562 /* get the end of <name> */
563 opt_end = strchr(opt_ptr, ',');
564 if (opt_end == NULL) {
565 qemu_fwcfg_usage(opt);
569 /* check if <name> is too long */
570 if (opt_end - opt_ptr >= QEMU_FWCFG_MAX_NAME) {
571 warnx("fw_cfg name too long: \"%s\"", opt);
576 strncpy(fwcfg_file->name, opt_ptr, opt_end - opt_ptr);
577 fwcfg_file->name[opt_end - opt_ptr] = '\0';
579 /* set opt_ptr and opt_end to <value> */
580 opt_ptr = opt_end + 1;
581 opt_end = opt_ptr + strlen(opt_ptr);
583 if (strncmp(opt_ptr, "string=", sizeof("string=") - 1) == 0) {
584 opt_ptr += sizeof("string=") - 1;
585 fwcfg_file->data = strdup(opt_ptr);
586 if (fwcfg_file->data == NULL) {
587 warnx("Can't duplicate fw_cfg_user_file string \"%s\"",
591 fwcfg_file->size = strlen(opt_ptr) + 1;
592 } else if (strncmp(opt_ptr, "file=", sizeof("file=") - 1) == 0) {
593 opt_ptr += sizeof("file=") - 1;
595 fd = open(opt_ptr, O_RDONLY);
597 warn("Can't open fw_cfg_user_file file \"%s\"",
602 if (fstat(fd, &sb) < 0) {
603 warn("Unable to get size of file \"%s\"", opt_ptr);
608 fwcfg_file->data = malloc(sb.st_size);
609 if (fwcfg_file->data == NULL) {
611 "Can't allocate fw_cfg_user_file file \"%s\" (size: 0x%16lx)",
612 opt_ptr, sb.st_size);
616 bytes_read = read(fd, fwcfg_file->data, sb.st_size);
617 if (bytes_read < 0 || bytes_read != sb.st_size) {
618 warn("Unable to read file \"%s\"", opt_ptr);
619 free(fwcfg_file->data);
623 fwcfg_file->size = bytes_read;
627 qemu_fwcfg_usage(opt);
631 STAILQ_INSERT_TAIL(&user_files, fwcfg_file, chain);