]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright (c) 2017 Apple Inc. All rights reserved. | |
3 | * | |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ | |
5 | * | |
6 | * This file contains Original Code and/or Modifications of Original Code | |
7 | * as defined in and that are subject to the Apple Public Source License | |
8 | * Version 2.0 (the 'License'). You may not use this file except in | |
9 | * compliance with the License. The rights granted to you under the License | |
10 | * may not be used to create, or enable the creation or redistribution of, | |
11 | * unlawful or unlicensed copies of an Apple operating system, or to | |
12 | * circumvent, violate, or enable the circumvention or violation of, any | |
13 | * terms of an Apple operating system software license agreement. | |
14 | * | |
15 | * Please obtain a copy of the License at | |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. | |
17 | * | |
18 | * The Original Code and all software distributed under the License are | |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
23 | * Please see the License for the specific language governing rights and | |
24 | * limitations under the License. | |
25 | * | |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ | |
27 | */ | |
28 | /* | |
29 | * ucode.c | |
30 | * | |
31 | * Microcode updater interface sysctl | |
32 | */ | |
33 | ||
34 | #include <kern/locks.h> | |
35 | #include <i386/ucode.h> | |
36 | #include <sys/errno.h> | |
37 | #include <i386/proc_reg.h> | |
38 | #include <i386/cpuid.h> | |
39 | #include <vm/vm_kern.h> | |
40 | #include <i386/mp.h> // mp_broadcast | |
41 | #include <machine/cpu_number.h> // cpu_number | |
42 | #include <pexpert/pexpert.h> // boot-args | |
43 | ||
44 | #define IA32_BIOS_UPDT_TRIG (0x79) /* microcode update trigger MSR */ | |
45 | ||
46 | struct intel_ucupdate *global_update = NULL; | |
47 | ||
48 | /* Exceute the actual update! */ | |
49 | static void | |
50 | update_microcode(void) | |
51 | { | |
52 | /* SDM Example 9-8 code shows that we load the | |
53 | * address of the UpdateData within the microcode blob, | |
54 | * not the address of the header. | |
55 | */ | |
56 | wrmsr64(IA32_BIOS_UPDT_TRIG, (uint64_t)(uintptr_t)&global_update->data); | |
57 | } | |
58 | ||
59 | /* locks */ | |
60 | static lck_grp_attr_t *ucode_slock_grp_attr = NULL; | |
61 | static lck_grp_t *ucode_slock_grp = NULL; | |
62 | static lck_attr_t *ucode_slock_attr = NULL; | |
63 | static lck_spin_t *ucode_slock = NULL; | |
64 | ||
65 | static kern_return_t | |
66 | register_locks(void) | |
67 | { | |
68 | /* already allocated? */ | |
69 | if (ucode_slock_grp_attr && ucode_slock_grp && ucode_slock_attr && ucode_slock) | |
70 | return KERN_SUCCESS; | |
71 | ||
72 | /* allocate lock group attribute and group */ | |
73 | if (!(ucode_slock_grp_attr = lck_grp_attr_alloc_init())) | |
74 | goto nomem_out; | |
75 | ||
76 | lck_grp_attr_setstat(ucode_slock_grp_attr); | |
77 | ||
78 | if (!(ucode_slock_grp = lck_grp_alloc_init("uccode_lock", ucode_slock_grp_attr))) | |
79 | goto nomem_out; | |
80 | ||
81 | /* Allocate lock attribute */ | |
82 | if (!(ucode_slock_attr = lck_attr_alloc_init())) | |
83 | goto nomem_out; | |
84 | ||
85 | /* Allocate the spin lock */ | |
86 | /* We keep one global spin-lock. We could have one per update | |
87 | * request... but srsly, why would you update microcode like that? | |
88 | */ | |
89 | if (!(ucode_slock = lck_spin_alloc_init(ucode_slock_grp, ucode_slock_attr))) | |
90 | goto nomem_out; | |
91 | ||
92 | return KERN_SUCCESS; | |
93 | ||
94 | nomem_out: | |
95 | /* clean up */ | |
96 | if (ucode_slock) | |
97 | lck_spin_free(ucode_slock, ucode_slock_grp); | |
98 | if (ucode_slock_attr) | |
99 | lck_attr_free(ucode_slock_attr); | |
100 | if (ucode_slock_grp) | |
101 | lck_grp_free(ucode_slock_grp); | |
102 | if (ucode_slock_grp_attr) | |
103 | lck_grp_attr_free(ucode_slock_grp_attr); | |
104 | ||
105 | return KERN_NO_SPACE; | |
106 | } | |
107 | ||
108 | /* Copy in an update */ | |
109 | static int | |
110 | copyin_update(uint64_t inaddr) | |
111 | { | |
112 | struct intel_ucupdate update_header; | |
113 | struct intel_ucupdate *update; | |
114 | vm_size_t size; | |
115 | kern_return_t ret; | |
116 | int error; | |
117 | ||
118 | /* Copy in enough header to peek at the size */ | |
119 | error = copyin((user_addr_t)inaddr, (void *)&update_header, sizeof(update_header)); | |
120 | if (error) | |
121 | return error; | |
122 | ||
123 | /* Get the actual, alleged size */ | |
124 | size = update_header.total_size; | |
125 | ||
126 | /* huge bogus piece of data that somehow made it through? */ | |
127 | if (size >= 1024 * 1024) | |
128 | return ENOMEM; | |
129 | ||
130 | /* Old microcodes? */ | |
131 | if (size == 0) | |
132 | size = 2048; /* default update size; see SDM */ | |
133 | ||
134 | /* | |
135 | * create the buffer for the update | |
136 | * It need only be aligned to 16-bytes, according to the SDM. | |
137 | * This also wires it down | |
138 | */ | |
139 | ret = kmem_alloc_kobject(kernel_map, (vm_offset_t *)&update, size, VM_KERN_MEMORY_OSFMK); | |
140 | if (ret != KERN_SUCCESS) | |
141 | return ENOMEM; | |
142 | ||
143 | /* Copy it in */ | |
144 | error = copyin((user_addr_t)inaddr, (void*)update, size); | |
145 | if (error) { | |
146 | kmem_free(kernel_map, (vm_offset_t)update, size); | |
147 | return error; | |
148 | } | |
149 | ||
150 | global_update = update; | |
151 | return 0; | |
152 | } | |
153 | ||
154 | /* | |
155 | * This is called once by every CPU on a wake from sleep/hibernate | |
156 | * and is meant to re-apply a microcode update that got lost | |
157 | * by sleeping. | |
158 | */ | |
159 | void | |
160 | ucode_update_wake() | |
161 | { | |
162 | if (global_update) { | |
163 | kprintf("ucode: Re-applying update after wake (CPU #%d)\n", cpu_number()); | |
164 | update_microcode(); | |
165 | #if DEBUG | |
166 | } else { | |
167 | kprintf("ucode: No update to apply (CPU #%d)\n", cpu_number()); | |
168 | #endif | |
169 | } | |
170 | } | |
171 | ||
172 | static void | |
173 | cpu_update(__unused void *arg) | |
174 | { | |
175 | /* grab the lock */ | |
176 | lck_spin_lock(ucode_slock); | |
177 | ||
178 | /* execute the update */ | |
179 | update_microcode(); | |
180 | ||
181 | /* release the lock */ | |
182 | lck_spin_unlock(ucode_slock); | |
183 | } | |
184 | ||
185 | /* Farm an update out to all CPUs */ | |
186 | static void | |
187 | xcpu_update(void) | |
188 | { | |
189 | if (register_locks() != KERN_SUCCESS) | |
190 | return; | |
191 | ||
192 | /* Get all CPUs to perform the update */ | |
193 | mp_broadcast(cpu_update, NULL); | |
194 | ||
195 | /* Update the cpuid info */ | |
196 | cpuid_set_info(); | |
197 | ||
198 | } | |
199 | ||
200 | /* | |
201 | * sysctl function | |
202 | * | |
203 | */ | |
204 | int | |
205 | ucode_interface(uint64_t addr) | |
206 | { | |
207 | int error; | |
208 | char arg[16]; | |
209 | ||
210 | if (PE_parse_boot_argn("-x", arg, sizeof (arg))) { | |
211 | printf("ucode: no updates in safe mode\n"); | |
212 | return EPERM; | |
213 | } | |
214 | ||
215 | #if !DEBUG | |
216 | /* | |
217 | * Userland may only call this once per boot. Anything else | |
218 | * would not make sense (all updates are cumulative), and also | |
219 | * leak memory, because we don't free previous updates. | |
220 | */ | |
221 | if (global_update) | |
222 | return EPERM; | |
223 | #endif | |
224 | ||
225 | /* Get the whole microcode */ | |
226 | error = copyin_update(addr); | |
227 | ||
228 | if (error) | |
229 | return error; | |
230 | ||
231 | /* Farm out the updates */ | |
232 | xcpu_update(); | |
233 | ||
234 | return 0; | |
235 | } |