1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright 2019 Peter Tribble.
25 */
26
27 /*
28 * Ported from 4.1.1_PSRA: "@(#)openprom.c 1.19 91/02/19 SMI";
29 *
30 * Porting notes:
31 *
32 * OPROMU2P unsupported after SunOS 4.x.
33 *
34 * Only one of these devices per system is allowed.
35 */
36
37 /*
38 * Openprom eeprom options/devinfo driver.
39 */
40
41 #include <sys/types.h>
42 #include <sys/errno.h>
43 #include <sys/file.h>
44 #include <sys/cmn_err.h>
45 #include <sys/kmem.h>
46 #include <sys/openpromio.h>
47 #include <sys/conf.h>
48 #include <sys/stat.h>
49 #include <sys/modctl.h>
50 #include <sys/debug.h>
51 #include <sys/autoconf.h>
52 #include <sys/ddi.h>
53 #include <sys/sunddi.h>
54 #include <sys/promif.h>
55 #include <sys/sysmacros.h> /* offsetof */
56 #include <sys/nvpair.h>
57 #include <sys/zone.h>
58 #include <sys/consplat.h>
59 #include <sys/bootconf.h>
60 #include <sys/systm.h>
61 #include <sys/bootprops.h>
62
63 #define MAX_OPENS 32 /* Up to this many simultaneous opens */
64
65 #define IOC_IDLE 0 /* snapshot ioctl states */
66 #define IOC_SNAP 1 /* snapshot in progress */
67 #define IOC_DONE 2 /* snapshot done, but not copied out */
68 #define IOC_COPY 3 /* copyout in progress */
69
70 /*
71 * XXX Make this dynamic.. or (better still) make the interface stateless
72 */
73 static struct oprom_state {
74 pnode_t current_id; /* node we're fetching props from */
75 int16_t already_open; /* if true, this instance is 'active' */
76 int16_t ioc_state; /* snapshot ioctl state */
77 char *snapshot; /* snapshot of all prom nodes */
78 size_t size; /* size of snapshot */
79 prom_generation_cookie_t tree_gen;
80 } oprom_state[MAX_OPENS];
81
82 static kmutex_t oprom_lock; /* serialize instance assignment */
83
84 static int opromopen(dev_t *, int, int, cred_t *);
85 static int opromioctl(dev_t, int, intptr_t, int, cred_t *, int *);
86 static int opromclose(dev_t, int, int, cred_t *);
87
88 static int opinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg,
89 void **result);
90 static int opattach(dev_info_t *, ddi_attach_cmd_t cmd);
91 static int opdetach(dev_info_t *, ddi_detach_cmd_t cmd);
92
93 /* help functions */
94 static int oprom_checknodeid(pnode_t, pnode_t);
95 static int oprom_copyinstr(intptr_t, char *, size_t, size_t);
96 static int oprom_copynode(pnode_t, uint_t, char **, size_t *);
97 static int oprom_snapshot(struct oprom_state *, intptr_t);
98 static int oprom_copyout(struct oprom_state *, intptr_t);
99 static int oprom_setstate(struct oprom_state *, int16_t);
100
101 static struct cb_ops openeepr_cb_ops = {
102 opromopen, /* open */
103 opromclose, /* close */
104 nodev, /* strategy */
105 nodev, /* print */
106 nodev, /* dump */
107 nodev, /* read */
108 nodev, /* write */
109 opromioctl, /* ioctl */
110 nodev, /* devmap */
111 nodev, /* mmap */
112 nodev, /* segmap */
113 nochpoll, /* poll */
114 ddi_prop_op, /* prop_op */
115 NULL, /* streamtab */
116 D_NEW | D_MP /* Driver compatibility flag */
117 };
118
119 static struct dev_ops openeepr_ops = {
120 DEVO_REV, /* devo_rev, */
121 0, /* refcnt */
122 opinfo, /* info */
123 nulldev, /* identify */
124 nulldev, /* probe */
125 opattach, /* attach */
126 opdetach, /* detach */
127 nodev, /* reset */
128 &openeepr_cb_ops, /* driver operations */
129 NULL, /* bus operations */
130 NULL, /* power */
131 ddi_quiesce_not_needed, /* quiesce */
132 };
133
134 /*
135 * Module linkage information for the kernel.
136 */
137 static struct modldrv modldrv = {
138 &mod_driverops,
139 "OPENPROM/NVRAM Driver",
140 &openeepr_ops
141 };
142
143 static struct modlinkage modlinkage = {
144 MODREV_1,
145 &modldrv,
146 NULL
147 };
148
149 int
150 _init(void)
151 {
152 int error;
153
154 mutex_init(&oprom_lock, NULL, MUTEX_DRIVER, NULL);
155
156 error = mod_install(&modlinkage);
157 if (error != 0) {
158 mutex_destroy(&oprom_lock);
159 return (error);
160 }
161
162 return (0);
163 }
164
165 int
166 _info(struct modinfo *modinfop)
167 {
168 return (mod_info(&modlinkage, modinfop));
169 }
170
171 int
172 _fini(void)
173 {
174 int error;
175
176 error = mod_remove(&modlinkage);
177 if (error != 0)
178 return (error);
179
180 mutex_destroy(&oprom_lock);
181 return (0);
182 }
183
184 static dev_info_t *opdip;
185 static pnode_t options_nodeid;
186
187 /*ARGSUSED*/
188 static int
189 opinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
190 {
191 int error = DDI_FAILURE;
192
193 switch (infocmd) {
194 case DDI_INFO_DEVT2DEVINFO:
195 *result = (void *)opdip;
196 error = DDI_SUCCESS;
197 break;
198 case DDI_INFO_DEVT2INSTANCE:
199 /* All dev_t's map to the same, single instance */
200 *result = (void *)0;
201 error = DDI_SUCCESS;
202 break;
203 default:
204 break;
205 }
206
207 return (error);
208 }
209
210 static int
211 opattach(dev_info_t *dip, ddi_attach_cmd_t cmd)
212 {
213 switch (cmd) {
214
215 case DDI_ATTACH:
216 if (prom_is_openprom()) {
217 options_nodeid = prom_optionsnode();
218 } else {
219 options_nodeid = OBP_BADNODE;
220 }
221
222 opdip = dip;
223
224 if (ddi_create_minor_node(dip, "openprom", S_IFCHR,
225 0, DDI_PSEUDO, 0) == DDI_FAILURE) {
226 return (DDI_FAILURE);
227 }
228
229 return (DDI_SUCCESS);
230
231 default:
232 return (DDI_FAILURE);
233 }
234 }
235
236 static int
237 opdetach(dev_info_t *dip, ddi_detach_cmd_t cmd)
238 {
239 if (cmd != DDI_DETACH)
240 return (DDI_FAILURE);
241
242 ddi_remove_minor_node(dip, NULL);
243 opdip = NULL;
244
245 return (DDI_SUCCESS);
246 }
247
248 /*
249 * Allow multiple opens by tweaking the dev_t such that it looks like each
250 * open is getting a different minor device. Each minor gets a separate
251 * entry in the oprom_state[] table.
252 */
253 /*ARGSUSED*/
254 static int
255 opromopen(dev_t *devp, int flag, int otyp, cred_t *credp)
256 {
257 int m;
258 struct oprom_state *st = oprom_state;
259
260 if (getminor(*devp) != 0)
261 return (ENXIO);
262
263 mutex_enter(&oprom_lock);
264 for (m = 0; m < MAX_OPENS; m++)
265 if (st->already_open)
266 st++;
267 else {
268 st->already_open = 1;
269 /*
270 * It's ours.
271 */
272 st->current_id = (pnode_t)0;
273 ASSERT(st->snapshot == NULL && st->size == 0);
274 ASSERT(st->ioc_state == IOC_IDLE);
275 break;
276 }
277 mutex_exit(&oprom_lock);
278
279 if (m == MAX_OPENS) {
280 /*
281 * "Thank you for calling, but all our lines are
282 * busy at the moment.."
283 *
284 * We could get sophisticated here, and go into a
285 * sleep-retry loop .. but hey, I just can't see
286 * that many processes sitting in this driver.
287 *
288 * (And if it does become possible, then we should
289 * change the interface so that the 'state' is held
290 * external to the driver)
291 */
292 return (EAGAIN);
293 }
294
295 *devp = makedevice(getmajor(*devp), (minor_t)m);
296
297 return (0);
298 }
299
300 /*ARGSUSED*/
301 static int
302 opromclose(dev_t dev, int flag, int otype, cred_t *cred_p)
303 {
304 struct oprom_state *st;
305
306 st = &oprom_state[getminor(dev)];
307 ASSERT(getminor(dev) < MAX_OPENS && st->already_open != 0);
308 if (st->snapshot) {
309 kmem_free(st->snapshot, st->size);
310 st->snapshot = NULL;
311 st->size = 0;
312 st->ioc_state = IOC_IDLE;
313 }
314 mutex_enter(&oprom_lock);
315 st->already_open = 0;
316 mutex_exit(&oprom_lock);
317
318 return (0);
319 }
320
321 #ifdef __sparc
322 static int
323 get_bootpath_prop(char *bootpath)
324 {
325 if (root_is_ramdisk) {
326 if (BOP_GETPROP(bootops, "bootarchive", bootpath) == -1)
327 return (-1);
328 (void) strlcat(bootpath, ":a", BO_MAXOBJNAME);
329 } else {
330 if ((BOP_GETPROP(bootops, "bootpath", bootpath) == -1) ||
331 strlen(bootpath) == 0) {
332 if (BOP_GETPROP(bootops,
333 "boot-path", bootpath) == -1)
334 return (-1);
335 }
336 if (memcmp(bootpath, BP_ISCSI_DISK,
337 strlen(BP_ISCSI_DISK)) == 0) {
338 get_iscsi_bootpath_vhci(bootpath);
339 }
340 }
341 return (0);
342 }
343 #endif
344
345 struct opromioctl_args {
346 struct oprom_state *st;
347 int cmd;
348 intptr_t arg;
349 int mode;
350 };
351
352 /*ARGSUSED*/
353 static int
354 opromioctl_cb(void *avp, int has_changed)
355 {
356 struct opromioctl_args *argp = avp;
357 int cmd;
358 intptr_t arg;
359 int mode;
360 struct oprom_state *st;
361 struct openpromio *opp;
362 int valsize;
363 char *valbuf;
364 int error = 0;
365 uint_t userbufsize;
366 pnode_t node_id;
367 char propname[OBP_MAXPROPNAME];
368
369 st = argp->st;
370 cmd = argp->cmd;
371 arg = argp->arg;
372 mode = argp->mode;
373
374 if (has_changed) {
375 /*
376 * The prom tree has changed since we last used current_id,
377 * so we need to check it.
378 */
379 if ((st->current_id != OBP_NONODE) &&
380 (st->current_id != OBP_BADNODE)) {
381 if (oprom_checknodeid(st->current_id, OBP_NONODE) == 0)
382 st->current_id = OBP_BADNODE;
383 }
384 }
385
386 /*
387 * Check permissions
388 * and weed out unsupported commands on x86 platform
389 */
390 switch (cmd) {
391 #if !defined(__i386) && !defined(__amd64)
392 case OPROMLISTKEYSLEN:
393 valsize = prom_asr_list_keys_len();
394 opp = (struct openpromio *)kmem_zalloc(
395 sizeof (uint_t) + 1, KM_SLEEP);
396 opp->oprom_size = valsize;
397 if (copyout(opp, (void *)arg, (sizeof (uint_t))) != 0)
398 error = EFAULT;
399 kmem_free(opp, sizeof (uint_t) + 1);
400 break;
401 case OPROMLISTKEYS:
402 valsize = prom_asr_list_keys_len();
403 if (copyin((void *)arg, &userbufsize, sizeof (uint_t)) != 0)
404 return (EFAULT);
405 if (valsize > userbufsize)
406 return (EINVAL);
407 valbuf = (char *)kmem_zalloc(valsize + 1, KM_SLEEP);
408 if (prom_asr_list_keys((caddr_t)valbuf) == -1) {
409 kmem_free(valbuf, valsize + 1);
410 return (EFAULT);
411 }
412 opp = (struct openpromio *)kmem_zalloc(
413 valsize + sizeof (uint_t) + 1, KM_SLEEP);
414 opp->oprom_size = valsize;
415 bcopy(valbuf, opp->oprom_array, valsize);
416 if (copyout(opp, (void *)arg, (valsize + sizeof (uint_t))) != 0)
417 error = EFAULT;
418 kmem_free(valbuf, valsize + 1);
419 kmem_free(opp, valsize + sizeof (uint_t) + 1);
420 break;
421 case OPROMEXPORT:
422 valsize = prom_asr_export_len();
423 if (copyin((void *)arg, &userbufsize, sizeof (uint_t)) != 0)
424 return (EFAULT);
425 if (valsize > userbufsize)
426 return (EINVAL);
427 valbuf = (char *)kmem_zalloc(valsize + 1, KM_SLEEP);
428 if (prom_asr_export((caddr_t)valbuf) == -1) {
429 kmem_free(valbuf, valsize + 1);
430 return (EFAULT);
431 }
432 opp = (struct openpromio *)kmem_zalloc(
433 valsize + sizeof (uint_t) + 1, KM_SLEEP);
434 opp->oprom_size = valsize;
435 bcopy(valbuf, opp->oprom_array, valsize);
436 if (copyout(opp, (void *)arg, (valsize + sizeof (uint_t))) != 0)
437 error = EFAULT;
438 kmem_free(valbuf, valsize + 1);
439 kmem_free(opp, valsize + sizeof (uint_t) + 1);
440 break;
441 case OPROMEXPORTLEN:
442 valsize = prom_asr_export_len();
443 opp = (struct openpromio *)kmem_zalloc(
444 sizeof (uint_t) + 1, KM_SLEEP);
445 opp->oprom_size = valsize;
446 if (copyout(opp, (void *)arg, (sizeof (uint_t))) != 0)
447 error = EFAULT;
448 kmem_free(opp, sizeof (uint_t) + 1);
449 break;
450 #endif
451 case OPROMGETOPT:
452 case OPROMNXTOPT:
453 if ((mode & FREAD) == 0) {
454 return (EPERM);
455 }
456 node_id = options_nodeid;
457 break;
458
459 case OPROMSETOPT:
460 case OPROMSETOPT2:
461 #if !defined(__i386) && !defined(__amd64)
462 if (mode & FWRITE) {
463 node_id = options_nodeid;
464 break;
465 }
466 #endif /* !__i386 && !__amd64 */
467 return (EPERM);
468
469 case OPROMNEXT:
470 case OPROMCHILD:
471 case OPROMGETPROP:
472 case OPROMGETPROPLEN:
473 case OPROMNXTPROP:
474 case OPROMSETNODEID:
475 if ((mode & FREAD) == 0) {
476 return (EPERM);
477 }
478 node_id = st->current_id;
479 break;
480 case OPROMCOPYOUT:
481 if (st->snapshot == NULL)
482 return (EINVAL);
483 /*FALLTHROUGH*/
484 case OPROMSNAPSHOT:
485 case OPROMGETCONS:
486 case OPROMGETBOOTARGS:
487 case OPROMGETBOOTPATH:
488 case OPROMGETVERSION:
489 case OPROMPATH2DRV:
490 case OPROMPROM2DEVNAME:
491 #if !defined(__i386) && !defined(__amd64)
492 case OPROMGETFBNAME:
493 case OPROMDEV2PROMNAME:
494 #endif /* !__i386 && !__amd64 */
495 if ((mode & FREAD) == 0) {
496 return (EPERM);
497 }
498 break;
499
500 default:
501 return (EINVAL);
502 }
503
504 /*
505 * Deal with SNAPSHOT and COPYOUT ioctls first
506 */
507 switch (cmd) {
508 case OPROMCOPYOUT:
509 return (oprom_copyout(st, arg));
510
511 case OPROMSNAPSHOT:
512 return (oprom_snapshot(st, arg));
513 }
514
515 /*
516 * Copy in user argument length and allocation memory
517 *
518 * NB do not copyin the entire buffer we may not need
519 * to. userbufsize can be as big as 32 K.
520 */
521 if (copyin((void *)arg, &userbufsize, sizeof (uint_t)) != 0)
522 return (EFAULT);
523
524 if (userbufsize == 0 || userbufsize > OPROMMAXPARAM)
525 return (EINVAL);
526
527 opp = (struct openpromio *)kmem_zalloc(
528 userbufsize + sizeof (uint_t) + 1, KM_SLEEP);
529
530 /*
531 * Execute command
532 */
533 switch (cmd) {
534
535 case OPROMGETOPT:
536 case OPROMGETPROP:
537 case OPROMGETPROPLEN:
538
539 if ((prom_is_openprom() == 0) ||
540 (node_id == OBP_NONODE) || (node_id == OBP_BADNODE)) {
541 error = EINVAL;
542 break;
543 }
544
545 /*
546 * The argument, a NULL terminated string, is a prop name.
547 */
548 if ((error = oprom_copyinstr(arg, opp->oprom_array,
549 (size_t)userbufsize, OBP_MAXPROPNAME)) != 0) {
550 break;
551 }
552 (void) strcpy(propname, opp->oprom_array);
553 valsize = prom_getproplen(node_id, propname);
554
555 /*
556 * 4010173: 'name' is a property, but not an option.
557 */
558 if ((cmd == OPROMGETOPT) && (strcmp("name", propname) == 0))
559 valsize = -1;
560
561 if (cmd == OPROMGETPROPLEN) {
562 int proplen = valsize;
563
564 if (userbufsize < sizeof (int)) {
565 error = EINVAL;
566 break;
567 }
568 opp->oprom_size = valsize = sizeof (int);
569 bcopy(&proplen, opp->oprom_array, valsize);
570 } else if (valsize > 0 && valsize <= userbufsize) {
571 bzero(opp->oprom_array, valsize + 1);
572 (void) prom_getprop(node_id, propname,
573 opp->oprom_array);
574 opp->oprom_size = valsize;
575 if (valsize < userbufsize)
576 ++valsize; /* Forces NULL termination */
577 /* If space permits */
578 } else {
579 /*
580 * XXX: There is no error code if the buf is too small.
581 * which is consistent with the current behavior.
582 *
583 * NB: This clause also handles the non-error
584 * zero length (boolean) property value case.
585 */
586 opp->oprom_size = 0;
587 (void) strcpy(opp->oprom_array, "");
588 valsize = 1;
589 }
590 if (copyout(opp, (void *)arg, (valsize + sizeof (uint_t))) != 0)
591 error = EFAULT;
592 break;
593
594 case OPROMNXTOPT:
595 case OPROMNXTPROP:
596 if ((prom_is_openprom() == 0) ||
597 (node_id == OBP_NONODE) || (node_id == OBP_BADNODE)) {
598 error = EINVAL;
599 break;
600 }
601
602 /*
603 * The argument, a NULL terminated string, is a prop name.
604 */
605 if ((error = oprom_copyinstr(arg, opp->oprom_array,
606 (size_t)userbufsize, OBP_MAXPROPNAME)) != 0) {
607 break;
608 }
609 valbuf = (char *)prom_nextprop(node_id, opp->oprom_array,
610 propname);
611 valsize = strlen(valbuf);
612
613 /*
614 * 4010173: 'name' is a property, but it's not an option.
615 */
616 if ((cmd == OPROMNXTOPT) && valsize &&
617 (strcmp(valbuf, "name") == 0)) {
618 valbuf = (char *)prom_nextprop(node_id, "name",
619 propname);
620 valsize = strlen(valbuf);
621 }
622
623 if (valsize == 0) {
624 opp->oprom_size = 0;
625 } else if (++valsize <= userbufsize) {
626 opp->oprom_size = valsize;
627 bzero((caddr_t)opp->oprom_array, (size_t)valsize);
628 bcopy((caddr_t)valbuf, (caddr_t)opp->oprom_array,
629 (size_t)valsize);
630 }
631
632 if (copyout(opp, (void *)arg, valsize + sizeof (uint_t)) != 0)
633 error = EFAULT;
634 break;
635
636 case OPROMNEXT:
637 case OPROMCHILD:
638 case OPROMSETNODEID:
639
640 if (prom_is_openprom() == 0 ||
641 userbufsize < sizeof (pnode_t)) {
642 error = EINVAL;
643 break;
644 }
645
646 /*
647 * The argument is a phandle. (aka pnode_t)
648 */
649 if (copyin(((caddr_t)arg + sizeof (uint_t)),
650 opp->oprom_array, sizeof (pnode_t)) != 0) {
651 error = EFAULT;
652 break;
653 }
654
655 /*
656 * If pnode_t from userland is garbage, we
657 * could confuse the PROM.
658 */
659 node_id = *(pnode_t *)opp->oprom_array;
660 if (oprom_checknodeid(node_id, st->current_id) == 0) {
661 cmn_err(CE_NOTE, "!nodeid 0x%x not found",
662 (int)node_id);
663 error = EINVAL;
664 break;
665 }
666
667 if (cmd == OPROMNEXT)
668 st->current_id = prom_nextnode(node_id);
669 else if (cmd == OPROMCHILD)
670 st->current_id = prom_childnode(node_id);
671 else {
672 /* OPROMSETNODEID */
673 st->current_id = node_id;
674 break;
675 }
676
677 opp->oprom_size = sizeof (pnode_t);
678 *(pnode_t *)opp->oprom_array = st->current_id;
679
680 if (copyout(opp, (void *)arg,
681 sizeof (pnode_t) + sizeof (uint_t)) != 0)
682 error = EFAULT;
683 break;
684
685 case OPROMGETCONS:
686 /*
687 * Is openboot supported on this machine?
688 * This ioctl used to return the console device,
689 * information; this is now done via modctl()
690 * in libdevinfo.
691 */
692 opp->oprom_size = sizeof (char);
693
694 opp->oprom_array[0] |= prom_is_openprom() ?
695 OPROMCONS_OPENPROM : 0;
696
697 /*
698 * The rest of the info is needed by Install to
699 * decide if graphics should be started.
700 */
701 if ((getzoneid() == GLOBAL_ZONEID) &&
702 plat_stdin_is_keyboard()) {
703 opp->oprom_array[0] |= OPROMCONS_STDIN_IS_KBD;
704 }
705
706 if ((getzoneid() == GLOBAL_ZONEID) &&
707 plat_stdout_is_framebuffer()) {
708 opp->oprom_array[0] |= OPROMCONS_STDOUT_IS_FB;
709 }
710
711 if (copyout(opp, (void *)arg,
712 sizeof (char) + sizeof (uint_t)) != 0)
713 error = EFAULT;
714 break;
715
716 case OPROMGETBOOTARGS: {
717 extern char kern_bootargs[];
718
719 valsize = strlen(kern_bootargs) + 1;
720 if (valsize > userbufsize) {
721 error = EINVAL;
722 break;
723 }
724 (void) strcpy(opp->oprom_array, kern_bootargs);
725 opp->oprom_size = valsize - 1;
726
727 if (copyout(opp, (void *)arg, valsize + sizeof (uint_t)) != 0)
728 error = EFAULT;
729 break;
730 }
731
732 case OPROMGETBOOTPATH: {
733 #if defined(__sparc) && defined(_OBP)
734
735 char bpath[OBP_MAXPATHLEN];
736 if (get_bootpath_prop(bpath) != 0) {
737 error = EINVAL;
738 break;
739 }
740 valsize = strlen(bpath) + 1;
741 if (valsize > userbufsize) {
742 error = EINVAL;
743 break;
744 }
745 (void) strcpy(opp->oprom_array, bpath);
746
747 #elif defined(__i386) || defined(__amd64)
748
749 extern char saved_cmdline[];
750 valsize = strlen(saved_cmdline) + 1;
751 if (valsize > userbufsize) {
752 error = EINVAL;
753 break;
754 }
755 (void) strcpy(opp->oprom_array, saved_cmdline);
756 #endif
757 opp->oprom_size = valsize - 1;
758 if (copyout(opp, (void *)arg, valsize + sizeof (uint_t)) != 0)
759 error = EFAULT;
760 break;
761 }
762
763 /*
764 * convert a prom device path to an equivalent devfs path
765 */
766 case OPROMPROM2DEVNAME: {
767 char *dev_name;
768
769 /*
770 * The input argument, a pathname, is a NULL terminated string.
771 */
772 if ((error = oprom_copyinstr(arg, opp->oprom_array,
773 (size_t)userbufsize, MAXPATHLEN)) != 0) {
774 break;
775 }
776
777 dev_name = kmem_alloc(MAXPATHLEN, KM_SLEEP);
778
779 error = i_promname_to_devname(opp->oprom_array, dev_name);
780 if (error != 0) {
781 kmem_free(dev_name, MAXPATHLEN);
782 break;
783 }
784 valsize = opp->oprom_size = strlen(dev_name);
785 if (++valsize > userbufsize) {
786 kmem_free(dev_name, MAXPATHLEN);
787 error = EINVAL;
788 break;
789 }
790 (void) strcpy(opp->oprom_array, dev_name);
791 if (copyout(opp, (void *)arg, sizeof (uint_t) + valsize) != 0)
792 error = EFAULT;
793
794 kmem_free(dev_name, MAXPATHLEN);
795 break;
796 }
797
798 /*
799 * Convert a prom device path name to a driver name
800 */
801 case OPROMPATH2DRV: {
802 char *drv_name;
803 major_t maj;
804
805 /*
806 * The input argument, a pathname, is a NULL terminated string.
807 */
808 if ((error = oprom_copyinstr(arg, opp->oprom_array,
809 (size_t)userbufsize, MAXPATHLEN)) != 0) {
810 break;
811 }
812
813 /*
814 * convert path to a driver binding name
815 */
816 maj = path_to_major((char *)opp->oprom_array);
817 if (maj == DDI_MAJOR_T_NONE) {
818 error = EINVAL;
819 break;
820 }
821
822 /*
823 * resolve any aliases
824 */
825 if ((drv_name = ddi_major_to_name(maj)) == NULL) {
826 error = EINVAL;
827 break;
828 }
829
830 (void) strcpy(opp->oprom_array, drv_name);
831 opp->oprom_size = strlen(drv_name);
832 if (copyout(opp, (void *)arg,
833 sizeof (uint_t) + opp->oprom_size + 1) != 0)
834 error = EFAULT;
835 break;
836 }
837
838 case OPROMGETVERSION:
839 /*
840 * Get a string representing the running version of the
841 * prom. How to create such a string is platform dependent,
842 * so we just defer to a promif function. If no such
843 * association exists, the promif implementation
844 * may copy the string "unknown" into the given buffer,
845 * and return its length (incl. NULL terminator).
846 *
847 * We expect prom_version_name to return the actual
848 * length of the string, but copy at most userbufsize
849 * bytes into the given buffer, including NULL termination.
850 */
851
852 valsize = prom_version_name(opp->oprom_array, userbufsize);
853 if (valsize < 0) {
854 error = EINVAL;
855 break;
856 }
857
858 /*
859 * copyout only the part of the user buffer we need to.
860 */
861 if (copyout(opp, (void *)arg,
862 (size_t)(min((uint_t)valsize, userbufsize) +
863 sizeof (uint_t))) != 0)
864 error = EFAULT;
865 break;
866
867 #if !defined(__i386) && !defined(__amd64)
868 case OPROMGETFBNAME:
869 /*
870 * Return stdoutpath, if it's a frame buffer.
871 * Yes, we are comparing a possibly longer string against
872 * the size we're really going to copy, but so what?
873 */
874 if ((getzoneid() == GLOBAL_ZONEID) &&
875 (prom_stdout_is_framebuffer() != 0) &&
876 (userbufsize > strlen(prom_stdoutpath()))) {
877 prom_strip_options(prom_stdoutpath(),
878 opp->oprom_array); /* strip options and copy */
879 valsize = opp->oprom_size = strlen(opp->oprom_array);
880 if (copyout(opp, (void *)arg,
881 valsize + 1 + sizeof (uint_t)) != 0)
882 error = EFAULT;
883 } else
884 error = EINVAL;
885 break;
886
887 /*
888 * Convert a logical or physical device path to prom device path
889 */
890 case OPROMDEV2PROMNAME: {
891 char *prom_name;
892
893 /*
894 * The input argument, a pathname, is a NULL terminated string.
895 */
896 if ((error = oprom_copyinstr(arg, opp->oprom_array,
897 (size_t)userbufsize, MAXPATHLEN)) != 0) {
898 break;
899 }
900
901 prom_name = kmem_alloc(userbufsize, KM_SLEEP);
902
903 /*
904 * convert the devfs path to an equivalent prom path
905 */
906 error = i_devname_to_promname(opp->oprom_array, prom_name,
907 userbufsize);
908
909 if (error != 0) {
910 kmem_free(prom_name, userbufsize);
911 break;
912 }
913
914 for (valsize = 0; valsize < userbufsize; valsize++) {
915 opp->oprom_array[valsize] = prom_name[valsize];
916
917 if ((valsize > 0) && (prom_name[valsize] == '\0') &&
918 (prom_name[valsize-1] == '\0')) {
919 break;
920 }
921 }
922 opp->oprom_size = valsize;
923
924 kmem_free(prom_name, userbufsize);
925 if (copyout(opp, (void *)arg, sizeof (uint_t) + valsize) != 0)
926 error = EFAULT;
927
928 break;
929 }
930
931 case OPROMSETOPT:
932 case OPROMSETOPT2: {
933 int namebuflen;
934 int valbuflen;
935
936 if ((prom_is_openprom() == 0) ||
937 (node_id == OBP_NONODE) || (node_id == OBP_BADNODE)) {
938 error = EINVAL;
939 break;
940 }
941
942 /*
943 * The arguments are a property name and a value.
944 * Copy in the entire user buffer.
945 */
946 if (copyin(((caddr_t)arg + sizeof (uint_t)),
947 opp->oprom_array, userbufsize) != 0) {
948 error = EFAULT;
949 break;
950 }
951
952 /*
953 * The property name is the first string, value second
954 */
955 namebuflen = strlen(opp->oprom_array);
956 valbuf = opp->oprom_array + namebuflen + 1;
957 valbuflen = strlen(valbuf);
958
959 if (cmd == OPROMSETOPT) {
960 valsize = valbuflen + 1; /* +1 for the '\0' */
961 } else {
962 if ((namebuflen + 1 + valbuflen + 1) > userbufsize) {
963 error = EINVAL;
964 break;
965 }
966 valsize = (opp->oprom_array + userbufsize) - valbuf;
967 }
968
969 /*
970 * 4010173: 'name' is not an option, but it is a property.
971 */
972 if (strcmp(opp->oprom_array, "name") == 0)
973 error = EINVAL;
974 else if (prom_setprop(node_id, opp->oprom_array,
975 valbuf, valsize) < 0)
976 error = EINVAL;
977
978 break;
979 }
980 #endif /* !__i386 && !__amd64 */
981 } /* switch (cmd) */
982
983 kmem_free(opp, userbufsize + sizeof (uint_t) + 1);
984 return (error);
985 }
986
987 /*ARGSUSED*/
988 static int
989 opromioctl(dev_t dev, int cmd, intptr_t arg, int mode,
990 cred_t *credp, int *rvalp)
991 {
992 struct oprom_state *st;
993 struct opromioctl_args arg_block;
994
995 if (getminor(dev) >= MAX_OPENS)
996 return (ENXIO);
997
998 st = &oprom_state[getminor(dev)];
999 ASSERT(st->already_open);
1000 arg_block.st = st;
1001 arg_block.cmd = cmd;
1002 arg_block.arg = arg;
1003 arg_block.mode = mode;
1004 return (prom_tree_access(opromioctl_cb, &arg_block, &st->tree_gen));
1005 }
1006
1007 /*
1008 * Copyin string and verify the actual string length is less than maxsize
1009 * specified by the caller.
1010 *
1011 * Currently, maxsize is either OBP_MAXPROPNAME for property names
1012 * or MAXPATHLEN for device path names. userbufsize is specified
1013 * by the userland caller.
1014 */
1015 static int
1016 oprom_copyinstr(intptr_t arg, char *buf, size_t bufsize, size_t maxsize)
1017 {
1018 int error;
1019 size_t actual_len;
1020
1021 if ((error = copyinstr(((caddr_t)arg + sizeof (uint_t)),
1022 buf, bufsize, &actual_len)) != 0) {
1023 return (error);
1024 }
1025 if ((actual_len == 0) || (actual_len > maxsize)) {
1026 return (EINVAL);
1027 }
1028
1029 return (0);
1030 }
1031
1032 /*
1033 * Check pnode_t passed in from userland
1034 */
1035 static int
1036 oprom_checknodeid(pnode_t node_id, pnode_t current_id)
1037 {
1038 int depth;
1039 pnode_t id[OBP_STACKDEPTH];
1040
1041 /*
1042 * optimized path
1043 */
1044 if (node_id == 0) {
1045 return (1);
1046 }
1047 if (node_id == OBP_BADNODE) {
1048 return (0);
1049 }
1050 if ((current_id != OBP_BADNODE) && ((node_id == current_id) ||
1051 (node_id == prom_nextnode(current_id)) ||
1052 (node_id == prom_childnode(current_id)))) {
1053 return (1);
1054 }
1055
1056 /*
1057 * long path: walk from root till we find node_id
1058 */
1059 depth = 1;
1060 id[0] = prom_nextnode((pnode_t)0);
1061
1062 while (depth) {
1063 if (id[depth - 1] == node_id)
1064 return (1); /* node_id found */
1065
1066 if (id[depth] = prom_childnode(id[depth - 1])) {
1067 depth++;
1068 continue;
1069 }
1070
1071 while (depth &&
1072 ((id[depth - 1] = prom_nextnode(id[depth - 1])) == 0))
1073 depth--;
1074 }
1075 return (0); /* node_id not found */
1076 }
1077
1078 static int
1079 oprom_copytree(struct oprom_state *st, uint_t flag)
1080 {
1081 ASSERT(st->snapshot == NULL && st->size == 0);
1082 return (oprom_copynode(
1083 prom_nextnode(0), flag, &st->snapshot, &st->size));
1084 }
1085
1086 static int
1087 oprom_snapshot(struct oprom_state *st, intptr_t arg)
1088 {
1089 uint_t flag;
1090
1091 if (oprom_setstate(st, IOC_SNAP) == -1)
1092 return (EBUSY);
1093
1094 /* copyin flag and create snapshot */
1095 if ((copyin((void *)arg, &flag, sizeof (uint_t)) != 0) ||
1096 (oprom_copytree(st, flag) != 0)) {
1097 (void) oprom_setstate(st, IOC_IDLE);
1098 return (EFAULT);
1099 }
1100
1101
1102 /* copyout the size of the snapshot */
1103 flag = (uint_t)st->size;
1104 if (copyout(&flag, (void *)arg, sizeof (uint_t)) != 0) {
1105 kmem_free(st->snapshot, st->size);
1106 st->snapshot = NULL;
1107 st->size = 0;
1108 (void) oprom_setstate(st, IOC_IDLE);
1109 return (EFAULT);
1110 }
1111
1112 (void) oprom_setstate(st, IOC_DONE);
1113 return (0);
1114 }
1115
1116 static int
1117 oprom_copyout(struct oprom_state *st, intptr_t arg)
1118 {
1119 int error = 0;
1120 uint_t size;
1121
1122 if (oprom_setstate(st, IOC_COPY) == -1)
1123 return (EBUSY);
1124
1125 /* copyin size and copyout snapshot */
1126 if (copyin((void *)arg, &size, sizeof (uint_t)) != 0)
1127 error = EFAULT;
1128 else if (size < st->size)
1129 error = EINVAL;
1130 else if (copyout(st->snapshot, (void *)arg, st->size) != 0)
1131 error = EFAULT;
1132
1133 if (error) {
1134 /*
1135 * on error keep the snapshot until a successful
1136 * copyout or when the driver is closed.
1137 */
1138 (void) oprom_setstate(st, IOC_DONE);
1139 return (error);
1140 }
1141
1142 kmem_free(st->snapshot, st->size);
1143 st->snapshot = NULL;
1144 st->size = 0;
1145 (void) oprom_setstate(st, IOC_IDLE);
1146 return (0);
1147 }
1148
1149 /*
1150 * Copy all properties of nodeid into a single packed nvlist
1151 */
1152 static int
1153 oprom_copyprop(pnode_t nodeid, uint_t flag, nvlist_t *nvl)
1154 {
1155 int proplen;
1156 char *propname, *propval, *buf1, *buf2;
1157
1158 ASSERT(nvl != NULL);
1159
1160 /*
1161 * non verbose mode, get the "name" property only
1162 */
1163 if (flag == 0) {
1164 proplen = prom_getproplen(nodeid, "name");
1165 if (proplen <= 0) {
1166 cmn_err(CE_WARN,
1167 "failed to get the name of openprom node 0x%x",
1168 nodeid);
1169 (void) nvlist_add_string(nvl, "name", "");
1170 return (0);
1171 }
1172 propval = kmem_zalloc(proplen + 1, KM_SLEEP);
1173 (void) prom_getprop(nodeid, "name", propval);
1174 (void) nvlist_add_string(nvl, "name", propval);
1175 kmem_free(propval, proplen + 1);
1176 return (0);
1177 }
1178
1179 /*
1180 * Ask for first property by passing a NULL string
1181 */
1182 buf1 = kmem_alloc(OBP_MAXPROPNAME, KM_SLEEP);
1183 buf2 = kmem_zalloc(OBP_MAXPROPNAME, KM_SLEEP);
1184 buf1[0] = '\0';
1185 while (propname = (char *)prom_nextprop(nodeid, buf1, buf2)) {
1186 if (strlen(propname) == 0)
1187 break; /* end of prop list */
1188 (void) strcpy(buf1, propname);
1189
1190 proplen = prom_getproplen(nodeid, propname);
1191 if (proplen == 0) {
1192 /* boolean property */
1193 (void) nvlist_add_boolean(nvl, propname);
1194 continue;
1195 }
1196 /* add 1 for null termination in case of a string */
1197 propval = kmem_zalloc(proplen + 1, KM_SLEEP);
1198 (void) prom_getprop(nodeid, propname, propval);
1199 (void) nvlist_add_byte_array(nvl, propname,
1200 (uchar_t *)propval, proplen + 1);
1201 kmem_free(propval, proplen + 1);
1202 bzero(buf2, OBP_MAXPROPNAME);
1203 }
1204
1205 kmem_free(buf1, OBP_MAXPROPNAME);
1206 kmem_free(buf2, OBP_MAXPROPNAME);
1207
1208 return (0);
1209 }
1210
1211 /*
1212 * Copy all children and descendents into a a packed nvlist
1213 */
1214 static int
1215 oprom_copychild(pnode_t nodeid, uint_t flag, char **buf, size_t *size)
1216 {
1217 nvlist_t *nvl;
1218 pnode_t child = prom_childnode(nodeid);
1219
1220 if (child == 0)
1221 return (0);
1222
1223 (void) nvlist_alloc(&nvl, 0, KM_SLEEP);
1224 while (child != 0) {
1225 char *nodebuf = NULL;
1226 size_t nodesize = 0;
1227 if (oprom_copynode(child, flag, &nodebuf, &nodesize)) {
1228 nvlist_free(nvl);
1229 cmn_err(CE_WARN, "failed to copy nodeid 0x%x", child);
1230 return (-1);
1231 }
1232 (void) nvlist_add_byte_array(nvl, "node",
1233 (uchar_t *)nodebuf, nodesize);
1234 kmem_free(nodebuf, nodesize);
1235 child = prom_nextnode(child);
1236 }
1237
1238 (void) nvlist_pack(nvl, buf, size, NV_ENCODE_NATIVE, KM_SLEEP);
1239 nvlist_free(nvl);
1240 return (0);
1241 }
1242
1243 /*
1244 * Copy a node into a packed nvlist
1245 */
1246 static int
1247 oprom_copynode(pnode_t nodeid, uint_t flag, char **buf, size_t *size)
1248 {
1249 int error = 0;
1250 nvlist_t *nvl;
1251 char *childlist = NULL;
1252 size_t childsize = 0;
1253
1254 (void) nvlist_alloc(&nvl, NV_UNIQUE_NAME, KM_SLEEP);
1255 ASSERT(nvl != NULL);
1256
1257 /* @nodeid -- @ is not a legal char in a 1275 property name */
1258 (void) nvlist_add_int32(nvl, "@nodeid", (int32_t)nodeid);
1259
1260 /* properties */
1261 if (error = oprom_copyprop(nodeid, flag, nvl))
1262 goto fail;
1263
1264 /* children */
1265 error = oprom_copychild(nodeid, flag, &childlist, &childsize);
1266 if (error != 0)
1267 goto fail;
1268 if (childlist != NULL) {
1269 (void) nvlist_add_byte_array(nvl, "@child",
1270 (uchar_t *)childlist, (uint_t)childsize);
1271 kmem_free(childlist, childsize);
1272 }
1273
1274 /* pack into contiguous buffer */
1275 error = nvlist_pack(nvl, buf, size, NV_ENCODE_NATIVE, KM_SLEEP);
1276
1277 fail:
1278 nvlist_free(nvl);
1279 return (error);
1280 }
1281
1282 /*
1283 * The driver is stateful across OPROMSNAPSHOT and OPROMCOPYOUT.
1284 * This function encapsulates the state machine:
1285 *
1286 * -> IOC_IDLE -> IOC_SNAP -> IOC_DONE -> IOC_COPY ->
1287 * | SNAPSHOT COPYOUT |
1288 * --------------------------------------------------
1289 *
1290 * Returns 0 on success and -1 on failure
1291 */
1292 static int
1293 oprom_setstate(struct oprom_state *st, int16_t new_state)
1294 {
1295 int ret = 0;
1296
1297 mutex_enter(&oprom_lock);
1298 switch (new_state) {
1299 case IOC_IDLE:
1300 case IOC_DONE:
1301 break;
1302 case IOC_SNAP:
1303 if (st->ioc_state != IOC_IDLE)
1304 ret = -1;
1305 break;
1306 case IOC_COPY:
1307 if (st->ioc_state != IOC_DONE)
1308 ret = -1;
1309 break;
1310 default:
1311 ret = -1;
1312 }
1313
1314 if (ret == 0)
1315 st->ioc_state = new_state;
1316 else
1317 cmn_err(CE_NOTE, "incorrect state transition from %d to %d",
1318 st->ioc_state, new_state);
1319 mutex_exit(&oprom_lock);
1320 return (ret);
1321 }