/*
 * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */

FILE_LICENCE ( GPL2_OR_LATER );

/**
 * @file
 *
 * Multiboot image format
 *
 */

#include <stdio.h>
#include <errno.h>
#include <assert.h>
#include <realmode.h>
#include <multiboot.h>
#include <gpxe/uaccess.h>
#include <gpxe/image.h>
#include <gpxe/segment.h>
#include <gpxe/memmap.h>
#include <gpxe/elf.h>
#include <gpxe/init.h>
#include <gpxe/features.h>

FEATURE ( FEATURE_IMAGE, "Multiboot", DHCP_EB_FEATURE_MULTIBOOT, 1 );

struct image_type multiboot_image_type __image_type ( PROBE_MULTIBOOT );

/**
 * Maximum number of modules we will allow for
 *
 * If this has bitten you: sorry.  I did have a perfect scheme with a
 * dynamically allocated list of modules on the protected-mode stack,
 * but it was incompatible with some broken OSes that can only access
 * low memory at boot time (even though we kindly set up 4GB flat
 * physical addressing as per the multiboot specification.
 *
 */
#define MAX_MODULES 8

/**
 * Maximum combined length of command lines
 *
 * Again; sorry.  Some broken OSes zero out any non-base memory that
 * isn't part of the loaded module set, so we can't just use
 * virt_to_phys(cmdline) to point to the command lines, even though
 * this would comply with the Multiboot spec.
 */
#define MB_MAX_CMDLINE 512

/** Multiboot flags that we support */
#define MB_SUPPORTED_FLAGS ( MB_FLAG_PGALIGN | MB_FLAG_MEMMAP | \
			     MB_FLAG_VIDMODE | MB_FLAG_RAW )

/** Compulsory feature multiboot flags */
#define MB_COMPULSORY_FLAGS 0x0000ffff

/** Optional feature multiboot flags */
#define MB_OPTIONAL_FLAGS 0xffff0000

/**
 * Multiboot flags that we don't support
 *
 * We only care about the compulsory feature flags (bits 0-15); we are
 * allowed to ignore the optional feature flags.
 */
#define MB_UNSUPPORTED_FLAGS ( MB_COMPULSORY_FLAGS & ~MB_SUPPORTED_FLAGS )

/** A multiboot header descriptor */
struct multiboot_header_info {
	/** The actual multiboot header */
	struct multiboot_header mb;
	/** Offset of header within the multiboot image */
	size_t offset;
};

/** Multiboot module command lines */
static char __bss16_array ( mb_cmdlines, [MB_MAX_CMDLINE] );
#define mb_cmdlines __use_data16 ( mb_cmdlines )

/** Offset within module command lines */
static unsigned int mb_cmdline_offset;

/**
 * Build multiboot memory map
 *
 * @v image		Multiboot image
 * @v mbinfo		Multiboot information structure
 * @v mbmemmap		Multiboot memory map
 * @v limit		Maxmimum number of memory map entries
 */
static void multiboot_build_memmap ( struct image *image,
				     struct multiboot_info *mbinfo,
				     struct multiboot_memory_map *mbmemmap,
				     unsigned int limit ) {
	struct memory_map memmap;
	unsigned int i;

	/* Get memory map */
	get_memmap ( &memmap );

	/* Translate into multiboot format */
	memset ( mbmemmap, 0, sizeof ( *mbmemmap ) );
	for ( i = 0 ; i < memmap.count ; i++ ) {
		if ( i >= limit ) {
			DBGC ( image, "MULTIBOOT %p limit of %d memmap "
			       "entries reached\n", image, limit );
			break;
		}
		mbmemmap[i].size = ( sizeof ( mbmemmap[i] ) -
				     sizeof ( mbmemmap[i].size ) );
		mbmemmap[i].base_addr = memmap.regions[i].start;
		mbmemmap[i].length = ( memmap.regions[i].end -
				       memmap.regions[i].start );
		mbmemmap[i].type = MBMEM_RAM;
		mbinfo->mmap_length += sizeof ( mbmemmap[i] );
		if ( memmap.regions[i].start == 0 )
			mbinfo->mem_lower = ( memmap.regions[i].end / 1024 );
		if ( memmap.regions[i].start == 0x100000 )
			mbinfo->mem_upper = ( ( memmap.regions[i].end -
						0x100000 ) / 1024 );
	}
}

/**
 * Add command line in base memory
 *
 * @v imgname		Image name
 * @v cmdline		Command line
 * @ret physaddr	Physical address of command line
 */
physaddr_t multiboot_add_cmdline ( const char *imgname, const char *cmdline ) {
	char *mb_cmdline;

	if ( ! cmdline )
		cmdline = "";

	/* Copy command line to base memory buffer */
	mb_cmdline = ( mb_cmdlines + mb_cmdline_offset );
	mb_cmdline_offset +=
		( snprintf ( mb_cmdline,
			     ( sizeof ( mb_cmdlines ) - mb_cmdline_offset ),
			     "%s %s", imgname, cmdline ) + 1 );

	/* Truncate to terminating NUL in buffer if necessary */
	if ( mb_cmdline_offset > sizeof ( mb_cmdlines ) )
		mb_cmdline_offset = ( sizeof ( mb_cmdlines ) - 1 );

	return virt_to_phys ( mb_cmdline );
}

/**
 * Build multiboot module list
 *
 * @v image		Multiboot image
 * @v modules		Module list to fill, or NULL
 * @ret count		Number of modules
 */
static unsigned int
multiboot_build_module_list ( struct image *image,
			      struct multiboot_module *modules,
			      unsigned int limit ) {
	struct image *module_image;
	struct multiboot_module *module;
	unsigned int count = 0;
	unsigned int insert;
	physaddr_t start;
	physaddr_t end;
	unsigned int i;

	/* Add each image as a multiboot module */
	for_each_image ( module_image ) {

		if ( count >= limit ) {
			DBGC ( image, "MULTIBOOT %p limit of %d modules "
			       "reached\n", image, limit );
			break;
		}

		/* Do not include kernel image itself as a module */
		if ( module_image == image )
			continue;

		/* At least some OSes expect the multiboot modules to
		 * be in ascending order, so we have to support it.
		 */
		start = user_to_phys ( module_image->data, 0 );
		end = user_to_phys ( module_image->data, module_image->len );
		for ( insert = 0 ; insert < count ; insert++ ) {
			if ( start < modules[insert].mod_start )
				break;
		}
		module = &modules[insert];
		memmove ( ( module + 1 ), module,
			  ( ( count - insert ) * sizeof ( *module ) ) );
		module->mod_start = start;
		module->mod_end = end;
		module->string = multiboot_add_cmdline ( module_image->name,
						       module_image->cmdline );
		module->reserved = 0;
		
		/* We promise to page-align modules */
		assert ( ( module->mod_start & 0xfff ) == 0 );

		count++;
	}

	/* Dump module configuration */
	for ( i = 0 ; i < count ; i++ ) {
		DBGC ( image, "MULTIBOOT %p module %d is [%x,%x)\n",
		       image, i, modules[i].mod_start,
		       modules[i].mod_end );
	}

	return count;
}

/**
 * The multiboot information structure
 *
 * Kept in base memory because some OSes won't find it elsewhere,
 * along with the other structures belonging to the Multiboot
 * information table.
 */
static struct multiboot_info __bss16 ( mbinfo );
#define mbinfo __use_data16 ( mbinfo )

/** The multiboot bootloader name */
static char __data16_array ( mb_bootloader_name, [] ) = "gPXE " VERSION;
#define mb_bootloader_name __use_data16 ( mb_bootloader_name )

/** The multiboot memory map */
static struct multiboot_memory_map
	__bss16_array ( mbmemmap, [MAX_MEMORY_REGIONS] );
#define mbmemmap __use_data16 ( mbmemmap )

/** The multiboot module list */
static struct multiboot_module __bss16_array ( mbmodules, [MAX_MODULES] );
#define mbmodules __use_data16 ( mbmodules )

/**
 * Execute multiboot image
 *
 * @v image		Multiboot image
 * @ret rc		Return status code
 */
static int multiboot_exec ( struct image *image ) {
	physaddr_t entry = image->priv.phys;

	/* Populate multiboot information structure */
	memset ( &mbinfo, 0, sizeof ( mbinfo ) );
	mbinfo.flags = ( MBI_FLAG_LOADER | MBI_FLAG_MEM | MBI_FLAG_MMAP |
			 MBI_FLAG_CMDLINE | MBI_FLAG_MODS );
	mb_cmdline_offset = 0;
	mbinfo.cmdline = multiboot_add_cmdline ( image->name, image->cmdline );
	mbinfo.mods_count = multiboot_build_module_list ( image, mbmodules,
				( sizeof(mbmodules) / sizeof(mbmodules[0]) ) );
	mbinfo.mods_addr = virt_to_phys ( mbmodules );
	mbinfo.mmap_addr = virt_to_phys ( mbmemmap );
	mbinfo.boot_loader_name = virt_to_phys ( mb_bootloader_name );

	/* Multiboot images may not return and have no callback
	 * interface, so shut everything down prior to booting the OS.
	 */
	shutdown ( SHUTDOWN_BOOT );

	/* Build memory map after unhiding bootloader memory regions as part of
	 * shutting everything down.
	 */
	multiboot_build_memmap ( image, &mbinfo, mbmemmap,
				 ( sizeof(mbmemmap) / sizeof(mbmemmap[0]) ) );

	/* Jump to OS with flat physical addressing */
	DBGC ( image, "MULTIBOOT %p starting execution at %lx\n",
	       image, entry );
	__asm__ __volatile__ ( PHYS_CODE ( "pushl %%ebp\n\t"
					   "call *%%edi\n\t"
					   "popl %%ebp\n\t" )
			       : : "a" ( MULTIBOOT_BOOTLOADER_MAGIC ),
			           "b" ( virt_to_phys ( &mbinfo ) ),
			           "D" ( entry )
			       : "ecx", "edx", "esi", "memory" );

	DBGC ( image, "MULTIBOOT %p returned\n", image );

	/* It isn't safe to continue after calling shutdown() */
	while ( 1 ) {}

	return -ECANCELED;  /* -EIMPOSSIBLE, anyone? */
}

/**
 * Find multiboot header
 *
 * @v image		Multiboot file
 * @v hdr		Multiboot header descriptor to fill in
 * @ret rc		Return status code
 */
static int multiboot_find_header ( struct image *image,
				   struct multiboot_header_info *hdr ) {
	uint32_t buf[64];
	size_t offset;
	unsigned int buf_idx;
	uint32_t checksum;

	/* Scan through first 8kB of image file 256 bytes at a time.
	 * (Use the buffering to avoid the overhead of a
	 * copy_from_user() for every dword.)
	 */
	for ( offset = 0 ; offset < 8192 ; offset += sizeof ( buf[0] ) ) {
		/* Check for end of image */
		if ( offset > image->len )
			break;
		/* Refill buffer if applicable */
		buf_idx = ( ( offset % sizeof ( buf ) ) / sizeof ( buf[0] ) );
		if ( buf_idx == 0 ) {
			copy_from_user ( buf, image->data, offset,
					 sizeof ( buf ) );
		}
		/* Check signature */
		if ( buf[buf_idx] != MULTIBOOT_HEADER_MAGIC )
			continue;
		/* Copy header and verify checksum */
		copy_from_user ( &hdr->mb, image->data, offset,
				 sizeof ( hdr->mb ) );
		checksum = ( hdr->mb.magic + hdr->mb.flags +
			     hdr->mb.checksum );
		if ( checksum != 0 )
			continue;
		/* Record offset of multiboot header and return */
		hdr->offset = offset;
		return 0;
	}

	/* No multiboot header found */
	return -ENOEXEC;
}

/**
 * Load raw multiboot image into memory
 *
 * @v image		Multiboot file
 * @v hdr		Multiboot header descriptor
 * @ret rc		Return status code
 */
static int multiboot_load_raw ( struct image *image,
				struct multiboot_header_info *hdr ) {
	size_t offset;
	size_t filesz;
	size_t memsz;
	userptr_t buffer;
	int rc;

	/* Sanity check */
	if ( ! ( hdr->mb.flags & MB_FLAG_RAW ) ) {
		DBGC ( image, "MULTIBOOT %p is not flagged as a raw image\n",
		       image );
		return -EINVAL;
	}

	/* Verify and prepare segment */
	offset = ( hdr->offset - hdr->mb.header_addr + hdr->mb.load_addr );
	filesz = ( hdr->mb.load_end_addr ?
		   ( hdr->mb.load_end_addr - hdr->mb.load_addr ) :
		   ( image->len - offset ) );
	memsz = ( hdr->mb.bss_end_addr ?
		  ( hdr->mb.bss_end_addr - hdr->mb.load_addr ) : filesz );
	buffer = phys_to_user ( hdr->mb.load_addr );
	if ( ( rc = prep_segment ( buffer, filesz, memsz ) ) != 0 ) {
		DBGC ( image, "MULTIBOOT %p could not prepare segment: %s\n",
		       image, strerror ( rc ) );
		return rc;
	}

	/* Copy image to segment */
	memcpy_user ( buffer, 0, image->data, offset, filesz );

	/* Record execution entry point in image private data field */
	image->priv.phys = hdr->mb.entry_addr;

	return 0;
}

/**
 * Load ELF multiboot image into memory
 *
 * @v image		Multiboot file
 * @ret rc		Return status code
 */
static int multiboot_load_elf ( struct image *image ) {
	int rc;

	/* Load ELF image*/
	if ( ( rc = elf_load ( image ) ) != 0 ) {
		DBGC ( image, "MULTIBOOT %p ELF image failed to load: %s\n",
		       image, strerror ( rc ) );
		return rc;
	}

	return 0;
}

/**
 * Load multiboot image into memory
 *
 * @v image		Multiboot file
 * @ret rc		Return status code
 */
static int multiboot_load ( struct image *image ) {
	struct multiboot_header_info hdr;
	int rc;

	/* Locate multiboot header, if present */
	if ( ( rc = multiboot_find_header ( image, &hdr ) ) != 0 ) {
		DBGC ( image, "MULTIBOOT %p has no multiboot header\n",
		       image );
		return rc;
	}
	DBGC ( image, "MULTIBOOT %p found header with flags %08x\n",
	       image, hdr.mb.flags );

	/* This is a multiboot image, valid or otherwise */
	if ( ! image->type )
		image->type = &multiboot_image_type;

	/* Abort if we detect flags that we cannot support */
	if ( hdr.mb.flags & MB_UNSUPPORTED_FLAGS ) {
		DBGC ( image, "MULTIBOOT %p flags %08x not supported\n",
		       image, ( hdr.mb.flags & MB_UNSUPPORTED_FLAGS ) );
		return -ENOTSUP;
	}

	/* There is technically a bit MB_FLAG_RAW to indicate whether
	 * this is an ELF or a raw image.  In practice, grub will use
	 * the ELF header if present, and Solaris relies on this
	 * behaviour.
	 */
	if ( ( ( rc = multiboot_load_elf ( image ) ) != 0 ) &&
	     ( ( rc = multiboot_load_raw ( image, &hdr ) ) != 0 ) )
		return rc;

	return 0;
}

/** Multiboot image type */
struct image_type multiboot_image_type __image_type ( PROBE_MULTIBOOT ) = {
	.name = "Multiboot",
	.load = multiboot_load,
	.exec = multiboot_exec,
};