coreboot-kgpe-d16/src/lib/region_file.c

475 lines
12 KiB
C

/*
* This file is part of the coreboot project.
*
* Copyright 2016 Google Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#include <commonlib/helpers.h>
#include <console/console.h>
#include <region_file.h>
#include <string.h>
/*
* A region file provides generic support for appending new data
* within a storage region. The book keeping is tracked in metadata
* blocks where an offset pointer points to the last byte of a newly
* allocated byte sequence. Thus, by taking 2 block offets one can
* determine start and size of the latest update. The data does not
* have to be the same consistent size, but the data size has be small
* enough to fit a metadata block and one data write within the region.
*
* The granularity of the block offsets are 16 bytes. By using 16-bit
* block offsets a region's total size can be no larger than 1MiB.
* However, the last 32 bytes cannot be used in the 1MiB maximum region
* because one needs to put a block offset indicating last byte written.
* An unused block offset is the value 0xffff or 0xffff0 bytes. The last
* block offset that can be written is 0xfffe or 0xfffe0 byte offset.
*
* The goal of this library is to provide a simple mechanism for
* allocating blocks of data for updates. The metadata is written first
* followed by the data. That means a power event between the block offset
* write and the data write results in blocks being allocated but not
* entirely written. It's up to the user of the library to sanity check
* data stored.
*/
#define REGF_BLOCK_SHIFT 4
#define REGF_BLOCK_GRANULARITY (1 << REGF_BLOCK_SHIFT)
#define REGF_METADATA_BLOCK_SIZE REGF_BLOCK_GRANULARITY
#define REGF_UNALLOCATED_BLOCK 0xffff
#define REGF_UPDATES_PER_METADATA_BLOCK \
(REGF_METADATA_BLOCK_SIZE / sizeof(uint16_t))
enum {
RF_ONLY_METADATA = 0,
RF_EMPTY = -1,
RF_NEED_TO_EMPTY = -2,
RF_FATAL = -3,
};
struct metadata_block {
uint16_t blocks[REGF_UPDATES_PER_METADATA_BLOCK];
};
static size_t block_to_bytes(uint16_t offset)
{
return (size_t)offset << REGF_BLOCK_SHIFT;
}
static size_t bytes_to_block(size_t bytes)
{
return bytes >> REGF_BLOCK_SHIFT;
}
static inline int block_offset_unallocated(uint16_t offset)
{
return offset == REGF_UNALLOCATED_BLOCK;
}
static inline size_t region_file_data_begin(const struct region_file *f)
{
return f->data_blocks[0];
}
static inline size_t region_file_data_end(const struct region_file *f)
{
return f->data_blocks[1];
}
static int all_block_offsets_unallocated(const struct metadata_block *mb)
{
size_t i;
for (i = 0; i < ARRAY_SIZE(mb->blocks); i++) {
if (!block_offset_unallocated(mb->blocks[i]))
return 0;
}
return 1;
}
/* Read metadata block at block i. */
static int read_mb(size_t i, struct metadata_block *mb,
const struct region_file *f)
{
size_t offset = block_to_bytes(i);
if (rdev_readat(&f->metadata, mb, offset, sizeof(*mb)) < 0)
return -1;
return 0;
}
/* Locate metadata block with the latest update */
static int find_latest_mb(struct metadata_block *mb, size_t num_mb_blocks,
struct region_file *f)
{
size_t l = 0;
size_t r = num_mb_blocks;
while (l + 1 < r) {
size_t mid = (l + r) / 2;
if (read_mb(mid, mb, f) < 0)
return -1;
if (all_block_offsets_unallocated(mb))
r = mid;
else
l = mid;
}
/* Set the base block slot. */
f->slot = l * REGF_UPDATES_PER_METADATA_BLOCK;
/* Re-read metadata block with the latest update. */
if (read_mb(l, mb, f) < 0)
return -1;
return 0;
}
static void find_latest_slot(struct metadata_block *mb, struct region_file *f)
{
size_t i;
for (i = REGF_UPDATES_PER_METADATA_BLOCK - 1; i > 0; i--) {
if (!block_offset_unallocated(mb->blocks[i]))
break;
}
f->slot += i;
}
static int fill_data_boundaries(struct region_file *f)
{
struct region_device slots;
size_t offset;
size_t size = sizeof(f->data_blocks);
if (f->slot == RF_ONLY_METADATA) {
size_t start = bytes_to_block(region_device_sz(&f->metadata));
f->data_blocks[0] = start;
f->data_blocks[1] = start;
return 0;
}
/* Sanity check the 2 slot sequence to read. If it's out of the
* metadata blocks' bounds then one needs to empty it. This is done
* to uniquely identify I/O vs data errors in the readat() below. */
offset = (f->slot - 1) * sizeof(f->data_blocks[0]);
if (rdev_chain(&slots, &f->metadata, offset, size)) {
f->slot = RF_NEED_TO_EMPTY;
return 0;
}
if (rdev_readat(&slots, &f->data_blocks, 0, size) < 0) {
printk(BIOS_ERR, "REGF failed to read data boundaries.\n");
return -1;
}
/* All used blocks should be incrementing from previous write. */
if (region_file_data_begin(f) >= region_file_data_end(f)) {
printk(BIOS_ERR, "REGF data boundaries wrong. [%zd,%zd) Need to empty.\n",
region_file_data_begin(f), region_file_data_end(f));
f->slot = RF_NEED_TO_EMPTY;
return 0;
}
/* Ensure data doesn't exceed the region. */
if (region_file_data_end(f) >
bytes_to_block(region_device_sz(&f->rdev))) {
printk(BIOS_ERR, "REGF data exceeds region %zd > %zd\n",
region_file_data_end(f),
bytes_to_block(region_device_sz(&f->rdev)));
f->slot = RF_NEED_TO_EMPTY;
}
return 0;
}
int region_file_init(struct region_file *f, const struct region_device *p)
{
struct metadata_block mb;
/* Total number of metadata blocks is found by reading the first
* block offset as the metadata is allocated first. At least one
* metadata block is available. */
memset(f, 0, sizeof(*f));
f->slot = RF_FATAL;
/* Keep parent around for accessing data later. */
if (rdev_chain(&f->rdev, p, 0, region_device_sz(p)))
return -1;
if (rdev_readat(p, &mb, 0, sizeof(mb)) < 0) {
printk(BIOS_ERR, "REGF fail reading first metadata block.\n");
return -1;
}
/* No metadata has been allocated. Assume region is empty. */
if (block_offset_unallocated(mb.blocks[0])) {
f->slot = RF_EMPTY;
return 0;
}
/* If metadata block is 0 in size then need to empty. */
if (mb.blocks[0] == 0) {
f->slot = RF_NEED_TO_EMPTY;
return 0;
}
/* The region needs to be emptied as the metadata is broken. */
if (rdev_chain(&f->metadata, p, 0, block_to_bytes(mb.blocks[0]))) {
f->slot = RF_NEED_TO_EMPTY;
return 0;
}
/* Locate latest metadata block with latest update. */
if (find_latest_mb(&mb, mb.blocks[0], f)) {
printk(BIOS_ERR, "REGF fail locating latest metadata block.\n");
f->slot = RF_FATAL;
return -1;
}
find_latest_slot(&mb, f);
/* Fill in the data blocks marking the latest update. */
if (fill_data_boundaries(f)) {
printk(BIOS_ERR, "REGF fail locating data boundaries.\n");
f->slot = RF_FATAL;
return -1;
}
return 0;
}
int region_file_data(const struct region_file *f, struct region_device *rdev)
{
size_t offset;
size_t size;
/* Slot indicates if any data is available. */
if (f->slot <= RF_ONLY_METADATA)
return -1;
offset = block_to_bytes(region_file_data_begin(f));
size = block_to_bytes(region_file_data_end(f)) - offset;
return rdev_chain(rdev, &f->rdev, offset, size);
}
/*
* Allocate enough metadata blocks to maximize data updates. Do this in
* terms of blocks. To solve the balance of metadata vs data, 2 linear
* equations are solved in terms of blocks where 'x' is number of
* data updates and 'y' is number of metadata blocks:
*
* x = number of data updates
* y = number of metadata blocks
* T = total blocks in region
* D = data size in blocks
* M = metadata size in blocks
* A = updates accounted for in each metadata block
*
* T = D * x + M * y
* y = x / A
* -----------------
* T = D * x + M * x / A = x * (D + M / A)
* T * A = x * (D * A + M)
* x = T * A / (D * A + M)
*/
static int allocate_metadata(struct region_file *f, size_t data_blks)
{
size_t t, m;
size_t x, y;
uint16_t tot_metadata;
const size_t a = REGF_UPDATES_PER_METADATA_BLOCK;
const size_t d = data_blks;
t = bytes_to_block(ALIGN_DOWN(region_device_sz(&f->rdev),
REGF_BLOCK_GRANULARITY));
m = bytes_to_block(ALIGN_UP(REGF_METADATA_BLOCK_SIZE,
REGF_BLOCK_GRANULARITY));
/* Ensure at least one data update can fit with 1 metadata block
* within the region. */
if (d > t - m)
return -1;
/* Maximize number of updates by aligning up to the number updates in
* a metadata block. May not really be able to achieve the number of
* updates in practice, but it ensures enough metadata blocks are
* allocated. */
x = ALIGN_UP(t * a / (d * a + m), a);
/* One data block has to fit. */
if (x == 0)
x = 1;
/* Now calculate how many metadata blocks are needed. */
y = ALIGN_UP(x, a) / a;
/* Need to commit the metadata allocation. */
tot_metadata = m * y;
if (rdev_writeat(&f->rdev, &tot_metadata, 0, sizeof(tot_metadata)) < 0)
return -1;
if (rdev_chain(&f->metadata, &f->rdev, 0,
block_to_bytes(tot_metadata)))
return -1;
/* Initialize a 0 data block to start appending from. */
f->data_blocks[0] = tot_metadata;
f->data_blocks[1] = tot_metadata;
return 0;
}
static int update_can_fit(const struct region_file *f, size_t data_blks)
{
size_t metadata_slots;
size_t end_blk;
metadata_slots = region_device_sz(&f->metadata) / sizeof(uint16_t);
/* No more slots. */
if ((size_t)f->slot + 1 >= metadata_slots)
return 0;
/* See where the last block lies from the current one. */
end_blk = data_blks + region_file_data_end(f);
/* Update would have exceeded block addressing. */
if (end_blk >= REGF_UNALLOCATED_BLOCK)
return 0;
/* End block exceeds size of region. */
if (end_blk > bytes_to_block(region_device_sz(&f->rdev)))
return 0;
return 1;
}
static int commit_data_allocation(struct region_file *f, size_t data_blks)
{
size_t offset;
f->slot++;
offset = f->slot * sizeof(uint16_t);
f->data_blocks[0] = region_file_data_end(f);
f->data_blocks[1] = region_file_data_begin(f) + data_blks;
if (rdev_writeat(&f->metadata, &f->data_blocks[1], offset,
sizeof(f->data_blocks[1])) < 0)
return -1;
return 0;
}
static int commit_data(const struct region_file *f, const void *buf,
size_t size)
{
size_t offset = block_to_bytes(region_file_data_begin(f));
if (rdev_writeat(&f->rdev, buf, offset, size) < 0)
return -1;
return 0;
}
static int handle_empty(struct region_file *f, size_t data_blks)
{
if (allocate_metadata(f, data_blks)) {
printk(BIOS_ERR, "REGF metadata allocation failed: %zd data blocks %zd total blocks\n",
data_blks, bytes_to_block(region_device_sz(&f->rdev)));
return -1;
}
f->slot = RF_ONLY_METADATA;
return 0;
}
static int handle_need_to_empty(struct region_file *f)
{
if (rdev_eraseat(&f->rdev, 0, region_device_sz(&f->rdev)) < 0) {
printk(BIOS_ERR, "REGF empty failed.\n");
return -1;
}
f->slot = RF_EMPTY;
return 0;
}
static int handle_update(struct region_file *f, size_t blocks, const void *buf,
size_t size)
{
if (!update_can_fit(f, blocks)) {
printk(BIOS_INFO, "REGF update can't fit. Will empty.\n");
f->slot = RF_NEED_TO_EMPTY;
return 0;
}
if (commit_data_allocation(f, blocks)) {
printk(BIOS_ERR, "REGF failed to commit data allocation.\n");
return -1;
}
if (commit_data(f, buf, size)) {
printk(BIOS_ERR, "REGF failed to commit data.\n");
return -1;
}
return 0;
}
int region_file_update_data(struct region_file *f, const void *buf, size_t size)
{
int ret;
size_t blocks;
blocks = bytes_to_block(ALIGN_UP(size, REGF_BLOCK_GRANULARITY));
while (1) {
int prev_slot = f->slot;
switch (f->slot) {
case RF_EMPTY:
ret = handle_empty(f, blocks);
break;
case RF_NEED_TO_EMPTY:
ret = handle_need_to_empty(f);
break;
case RF_FATAL:
ret = -1;
break;
default:
ret = handle_update(f, blocks, buf, size);
break;
}
/* Failing case. No more updates allowed to be attempted. */
if (ret) {
f->slot = RF_FATAL;
break;
}
/* No more state changes and data committed. */
if (f->slot > RF_ONLY_METADATA && prev_slot != f->slot)
break;
}
return ret;
}