forked from fail0verflow/ps4-kexec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathacpi.c
296 lines (250 loc) · 7.93 KB
/
acpi.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
/*
* ps4-kexec - a kexec() implementation for Orbis OS / FreeBSD
*
* Copyright (C) 2015-2016 shuffle2 <[email protected]>
* Copyright (C) 2015-2016 Hector Martin "marcan" <[email protected]>
*
* This code is licensed to you under the 2-clause BSD license. See the LICENSE
* file for more information.
*/
#include "types.h"
#ifdef TESTING
# include <stdio.h>
# include <sys/mman.h>
# include <sys/types.h>
# include <sys/stat.h>
# include <fcntl.h>
# include <string.h>
#else
# include "kernel.h"
# include "string.h"
# define printf kern.printf
#endif
#define SIG32(s0, s1, s2, s3) (s0 | (s1 << 8) | (s2 << 16) | (s3 << 24))
#define PSIG32(s) (u8)s, (u8)(s >> 8), (u8)(s >> 16), (u8)(s >> 24)
#define PACKED __attribute__((packed))
#define PCI_DEVFN(slot, func) ((((slot) & 0x1f) << 3) | ((func) & 0x07))
struct RSDP {
u64 sig;
u8 checksum;
u8 oemid[6];
u8 rev;
u32 rsdt_addr;
u32 length;
u64 xsdt_addr;
u8 ext_checksum;
u8 rsvd[3];
} PACKED;
struct SDTH {
u32 sig;
u32 length;
u8 rev;
u8 checksum;
u8 oem_id[6];
u8 oem_tid[8];
u32 oem_rev;
u8 creator_id[4];
u32 creator_rev;
} PACKED;
struct RSDT {
struct SDTH hdr;
u32 table_addr[];
} PACKED;
struct XSDT {
struct SDTH hdr;
u64 table_addr[];
} PACKED;
struct FADT {
struct SDTH hdr;
u32 facs;
u32 dsdt;
// more stuff...
} PACKED;
struct ivhd_entry4 {
u8 type;
u16 devid;
u8 flags;
} PACKED;
struct ivhd_header {
u8 type;
u8 flags;
u16 length;
u16 devid;
u16 cap_ptr;
u64 mmio_phys;
u16 pci_seg;
u16 info;
u32 efr_attr;
} PACKED;
struct IVRS {
struct SDTH hdr;
u32 IVinfo;
u8 reserved[8];
struct ivhd_header hd_hdr;
struct ivhd_entry4 hd_entries[3];
} PACKED;
// We have enough space to use the second half of the 64KB table area
// as scratch space for building the tables
#define BUFFER_OFF 0x8000
#define P2M(p) (((u64)(p)) - phys_base + map_base)
#define M2P(p) ((((void*)(p)) - map_base) + phys_base)
#define B2P(p) ((((void*)(p)) - buf_base) + phys_base)
#define ALIGN(s) p = (void*)((u64)(p + s - 1) & (-s))
#define PADB(s) p += (s)
#define ALLOCB(s) ({void *tmp=p; PADB(s); tmp;})
#define ALLOC(t) (t)ALLOCB(sizeof(t))
#define COPYB(sz, s) ({void *tmp=p; memcpy(p, s, (sz)); p += (sz); tmp;})
#define COPYT(s) COPYB(((struct SDTH*)s)->length, s)
#define COPYTP(s) COPYT(P2M(s))
#define COPY(t, s) ({void *tmp=p; *(t*)p = *(t*)s; p += sizeof(t); (t*)tmp;})
#define COPYP(t, s) COPY(t, P2M(s))
static void rsdp_checksum(struct RSDP *rsdp) {
rsdp->checksum = rsdp->ext_checksum = 0;
u8 sum = 0;
for (int i = 0; i < 20; i++)
sum += ((u8*)rsdp)[i];
rsdp->checksum = -sum;
sum = 0;
for (int i = 0; i < sizeof(*rsdp); i++)
sum += ((u8*)rsdp)[i];
rsdp->ext_checksum = -sum;
}
static void table_checksum(void *table) {
struct SDTH *hdr = table;
hdr->checksum = 0;
u8 sum = 0;
for (int i = 0; i < hdr->length; i++)
sum += ((u8*)table)[i];
hdr->checksum = -sum;
}
#define IVHD_FLAG_ISOC_EN_MASK 0x08
#define IVHD_DEV_ALL 0x01
#define IVHD_DEV_SELECT 0x02
#define IVHD_DEV_SELECT_RANGE_START 0x03
#define IVHD_DEV_RANGE_END 0x04
#define ACPI_DEVFLAG_SYSMGT1 0x10
#define ACPI_DEVFLAG_SYSMGT2 0x20
static void *build_ivrs(struct IVRS *ivrs) {
memset(ivrs, 0, sizeof(*ivrs));
ivrs->hdr.sig = SIG32('I', 'V', 'R', 'S');
ivrs->hdr.length = sizeof(*ivrs);
ivrs->hdr.rev = 1;
memcpy(ivrs->hdr.oem_id, "F0F ", 6);
memcpy(ivrs->hdr.oem_tid, "PS4KEXEC", 8);
ivrs->hdr.oem_rev = 0x20161225;
memcpy(ivrs->hdr.creator_id, "KEXC", 4);
ivrs->hdr.creator_rev = 0x20161225;
ivrs->IVinfo = 0x00203040;
struct ivhd_header *hdr = &ivrs->hd_hdr;
hdr->type = 0x10;
hdr->flags = /*coherent | */(1 << 5) | IVHD_FLAG_ISOC_EN_MASK;
hdr->length = sizeof(ivrs->hd_hdr) + sizeof(ivrs->hd_entries);
hdr->devid = PCI_DEVFN(0, 2);
hdr->cap_ptr = 0x40; // from config space + 0x34
hdr->mmio_phys = 0xfc000000;
hdr->pci_seg = 0;
hdr->info = 0; // msi msg num? (the pci cap should be written by software)
// HATS = 0b10, PNBanks = 2, PNCounters = 4, IASup = 1
hdr->efr_attr = (2 << 30) | (2 << 17) | (4 << 13) | (1 << 5);
struct ivhd_entry4 *entries = &ivrs->hd_entries[0];
// on fbsd, all aeolia devfns have active entries except memories (func 6)
// not sure if this is just because it wasn't in use when i dumped it?
// all entries are r/w
// IntCtl = 0b01 and IV = 1 are set for all entries (irqs are forwarded)
// apcie has SysMgt = 0b11 (others are 0b00). (device-initiated dmas are translated)
// Modes:
// 4 level:
// apcie
// 3 level:
// all others
// the way to encode this info into the IVHD entries is fairly arbitrary...
entries[0].type = IVHD_DEV_SELECT;
entries[0].devid = PCI_DEVFN(20, 0);
entries[0].flags = ACPI_DEVFLAG_SYSMGT1 | ACPI_DEVFLAG_SYSMGT2;
entries[1].type = IVHD_DEV_SELECT_RANGE_START;
entries[1].devid = PCI_DEVFN(20, 1);
entries[1].flags = 0;
entries[2].type = IVHD_DEV_RANGE_END;
entries[2].devid = PCI_DEVFN(20, 7);
entries[2].flags = 0;
table_checksum(ivrs);
return ivrs + 1;
}
void fix_acpi_tables(void *map_base, u64 phys_base)
{
void *buf_base = map_base + 0x8000;
void *p = buf_base;
memset(buf_base, 0, 0x8000);
printf("Fixing ACPI tables at 0x%llx (%p)\n", phys_base, map_base);
struct RSDP *rsdp = COPYP(struct RSDP, phys_base);
printf("RSDT at 0x%x\n", rsdp->rsdt_addr);
printf("XSDT at 0x%llx\n", rsdp->xsdt_addr);
struct RSDT *rsdt_src = P2M(rsdp->rsdt_addr);
struct RSDT *rsdt = COPYTP(rsdp->rsdt_addr);
rsdp->rsdt_addr = B2P(rsdt);
PADB(0x30); // this gives us space for new tables
struct XSDT *xsdt = COPYTP(rsdp->xsdt_addr);
rsdp->xsdt_addr = B2P(xsdt);
PADB(0x60);
struct FADT *fadt = NULL;
int cnt = (rsdt_src->hdr.length - sizeof(*rsdt)) / 4;
int i;
for (i = 0; i < cnt; i++) {
struct SDTH *hdr = P2M(rsdt_src->table_addr[i]);
printf("%c%c%c%c at 0x%x\n", PSIG32(hdr->sig), rsdt_src->table_addr[i]);
switch (hdr->sig) {
case SIG32('F', 'A', 'C', 'P'):
{
fadt = (void*)hdr;
printf("FACS at 0x%x\n", fadt->facs);
printf("DSDT at 0x%x\n", fadt->dsdt);
// Sony puts the FACS before the FADT, unaligned, which is
// noncompliant, but let's keep it there
u8 *facs = COPYB(64, P2M(fadt->facs));
fadt = (void*)(hdr = COPYT(hdr));
fadt->facs = B2P(facs);
PADB(0x38);
break;
}
case SIG32('S', 'S', 'D', 'T'):
{
// Put the DSDT before the SSDT
if (fadt) {
PADB(0xf0);
u8 *dsdt = COPYTP(fadt->dsdt);
fadt->dsdt = B2P(dsdt);
PADB(0x174);
table_checksum(fadt);
} else {
printf("ERROR: no FADT yet?\n");
}
hdr = COPYT(hdr);
break;
}
default:
hdr = COPYT(hdr);
}
table_checksum(hdr);
xsdt->table_addr[i] = rsdt->table_addr[i] = B2P(hdr);
}
xsdt->table_addr[i] = rsdt->table_addr[i] = B2P(p);
i++;
p = build_ivrs(p);
rsdt->hdr.length = sizeof(*rsdt) + 4 * i;
xsdt->hdr.length = sizeof(*xsdt) + 8 * i;
rsdp_checksum(rsdp);
table_checksum(rsdt);
table_checksum(xsdt);
memcpy(map_base, buf_base, p - buf_base);
}
#ifdef TESTING
int main(int argc, char **argv)
{
int fd;
void *base;
fd = open(argv[1], O_RDWR);
base = mmap(NULL, 0x10000, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
fix_acpi_tables(base, 0xe0000);
return 0;
}
#endif