LXR linux/drivers/staging/greybus/bootrom.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * BOOTROM Greybus driver.
   4 *
   5 * Copyright 2016 Google Inc.
   6 * Copyright 2016 Linaro Ltd.
   7 */
   8
   9#include <linux/firmware.h>
  10#include <linux/jiffies.h>
  11#include <linux/mutex.h>
  12#include <linux/workqueue.h>
  13
  14#include "greybus.h"
  15#include "firmware.h"
  16
  17/* Timeout, in jiffies, within which the next request must be received */
  18#define NEXT_REQ_TIMEOUT_MS     1000
  19
  20/*
  21 * FIXME: Reduce this timeout once svc core handles parallel processing of
  22 * events from the SVC, which are handled sequentially today.
  23 */
  24#define MODE_SWITCH_TIMEOUT_MS  10000
  25
  26enum next_request_type {
  27        NEXT_REQ_FIRMWARE_SIZE,
  28        NEXT_REQ_GET_FIRMWARE,
  29        NEXT_REQ_READY_TO_BOOT,
  30        NEXT_REQ_MODE_SWITCH,
  31};
  32
  33struct gb_bootrom {
  34        struct gb_connection    *connection;
  35        const struct firmware   *fw;
  36        u8                      protocol_major;
  37        u8                      protocol_minor;
  38        enum next_request_type  next_request;
  39        struct delayed_work     dwork;
  40        struct mutex            mutex; /* Protects bootrom->fw */
  41};
  42
  43static void free_firmware(struct gb_bootrom *bootrom)
  44{
  45        if (!bootrom->fw)
  46                return;
  47
  48        release_firmware(bootrom->fw);
  49        bootrom->fw = NULL;
  50}
  51
  52static void gb_bootrom_timedout(struct work_struct *work)
  53{
  54        struct delayed_work *dwork = to_delayed_work(work);
  55        struct gb_bootrom *bootrom = container_of(dwork,
  56                                                  struct gb_bootrom, dwork);
  57        struct device *dev = &bootrom->connection->bundle->dev;
  58        const char *reason;
  59
  60        switch (bootrom->next_request) {
  61        case NEXT_REQ_FIRMWARE_SIZE:
  62                reason = "Firmware Size Request";
  63                break;
  64        case NEXT_REQ_GET_FIRMWARE:
  65                reason = "Get Firmware Request";
  66                break;
  67        case NEXT_REQ_READY_TO_BOOT:
  68                reason = "Ready to Boot Request";
  69                break;
  70        case NEXT_REQ_MODE_SWITCH:
  71                reason = "Interface Mode Switch";
  72                break;
  73        default:
  74                reason = NULL;
  75                dev_err(dev, "Invalid next-request: %u", bootrom->next_request);
  76                break;
  77        }
  78
  79        dev_err(dev, "Timed out waiting for %s from the Module\n", reason);
  80
  81        mutex_lock(&bootrom->mutex);
  82        free_firmware(bootrom);
  83        mutex_unlock(&bootrom->mutex);
  84
  85        /* TODO: Power-off Module ? */
  86}
  87
  88static void gb_bootrom_set_timeout(struct gb_bootrom *bootrom,
  89                        enum next_request_type next, unsigned long timeout)
  90{
  91        bootrom->next_request = next;
  92        schedule_delayed_work(&bootrom->dwork, msecs_to_jiffies(timeout));
  93}
  94
  95static void gb_bootrom_cancel_timeout(struct gb_bootrom *bootrom)
  96{
  97        cancel_delayed_work_sync(&bootrom->dwork);
  98}
  99
 100/*
 101 * The es2 chip doesn't have VID/PID programmed into the hardware and we need to
 102 * hack that up to distinguish different modules and their firmware blobs.
 103 *
 104 * This fetches VID/PID (over bootrom protocol) for es2 chip only, when VID/PID
 105 * already sent during hotplug are 0.
 106 *
 107 * Otherwise, we keep intf->vendor_id/product_id same as what's passed
 108 * during hotplug.
 109 */
 110static void bootrom_es2_fixup_vid_pid(struct gb_bootrom *bootrom)
 111{
 112        struct gb_bootrom_get_vid_pid_response response;
 113        struct gb_connection *connection = bootrom->connection;
 114        struct gb_interface *intf = connection->bundle->intf;
 115        int ret;
 116
 117        if (!(intf->quirks & GB_INTERFACE_QUIRK_NO_GMP_IDS))
 118                return;
 119
 120        ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_GET_VID_PID,
 121                                NULL, 0, &response, sizeof(response));
 122        if (ret) {
 123                dev_err(&connection->bundle->dev,
 124                        "Bootrom get vid/pid operation failed (%d)\n", ret);
 125                return;
 126        }
 127
 128        /*
 129         * NOTE: This is hacked, so that the same values of VID/PID can be used
 130         * by next firmware level as well. The uevent for bootrom will still
 131         * have VID/PID as 0, though after this point the sysfs files will start
 132         * showing the updated values. But yeah, that's a bit racy as the same
 133         * sysfs files would be showing 0 before this point.
 134         */
 135        intf->vendor_id = le32_to_cpu(response.vendor_id);
 136        intf->product_id = le32_to_cpu(response.product_id);
 137
 138        dev_dbg(&connection->bundle->dev, "Bootrom got vid (0x%x)/pid (0x%x)\n",
 139                intf->vendor_id, intf->product_id);
 140}
 141
 142/* This returns path of the firmware blob on the disk */
 143static int find_firmware(struct gb_bootrom *bootrom, u8 stage)
 144{
 145        struct gb_connection *connection = bootrom->connection;
 146        struct gb_interface *intf = connection->bundle->intf;
 147        char firmware_name[49];
 148        int rc;
 149
 150        /* Already have a firmware, free it */
 151        free_firmware(bootrom);
 152
 153        /* Bootrom protocol is only supported for loading Stage 2 firmware */
 154        if (stage != 2) {
 155                dev_err(&connection->bundle->dev, "Invalid boot stage: %u\n",
 156                        stage);
 157                return -EINVAL;
 158        }
 159
 160        /*
 161         * Create firmware name
 162         *
 163         * XXX Name it properly..
 164         */
 165        snprintf(firmware_name, sizeof(firmware_name),
 166                 FW_NAME_PREFIX "%08x_%08x_%08x_%08x_s2l.tftf",
 167                 intf->ddbl1_manufacturer_id, intf->ddbl1_product_id,
 168                 intf->vendor_id, intf->product_id);
 169
 170        // FIXME:
 171        // Turn to dev_dbg later after everyone has valid bootloaders with good
 172        // ids, but leave this as dev_info for now to make it easier to track
 173        // down "empty" vid/pid modules.
 174        dev_info(&connection->bundle->dev, "Firmware file '%s' requested\n",
 175                 firmware_name);
 176
 177        rc = request_firmware(&bootrom->fw, firmware_name,
 178                &connection->bundle->dev);
 179        if (rc) {
 180                dev_err(&connection->bundle->dev,
 181                        "failed to find %s firmware (%d)\n", firmware_name, rc);
 182        }
 183
 184        return rc;
 185}
 186
 187static int gb_bootrom_firmware_size_request(struct gb_operation *op)
 188{
 189        struct gb_bootrom *bootrom = gb_connection_get_data(op->connection);
 190        struct gb_bootrom_firmware_size_request *size_request =
 191                op->request->payload;
 192        struct gb_bootrom_firmware_size_response *size_response;
 193        struct device *dev = &op->connection->bundle->dev;
 194        int ret;
 195
 196        /* Disable timeouts */
 197        gb_bootrom_cancel_timeout(bootrom);
 198
 199        if (op->request->payload_size != sizeof(*size_request)) {
 200                dev_err(dev, "%s: illegal size of firmware size request (%zu != %zu)\n",
 201                        __func__, op->request->payload_size,
 202                        sizeof(*size_request));
 203                ret = -EINVAL;
 204                goto queue_work;
 205        }
 206
 207        mutex_lock(&bootrom->mutex);
 208
 209        ret = find_firmware(bootrom, size_request->stage);
 210        if (ret)
 211                goto unlock;
 212
 213        if (!gb_operation_response_alloc(op, sizeof(*size_response),
 214                                         GFP_KERNEL)) {
 215                dev_err(dev, "%s: error allocating response\n", __func__);
 216                free_firmware(bootrom);
 217                ret = -ENOMEM;
 218                goto unlock;
 219        }
 220
 221        size_response = op->response->payload;
 222        size_response->size = cpu_to_le32(bootrom->fw->size);
 223
 224        dev_dbg(dev, "%s: firmware size %d bytes\n",
 225                __func__, size_response->size);
 226
 227unlock:
 228        mutex_unlock(&bootrom->mutex);
 229
 230queue_work:
 231        if (!ret) {
 232                /* Refresh timeout */
 233                gb_bootrom_set_timeout(bootrom, NEXT_REQ_GET_FIRMWARE,
 234                                       NEXT_REQ_TIMEOUT_MS);
 235        }
 236
 237        return ret;
 238}
 239
 240static int gb_bootrom_get_firmware(struct gb_operation *op)
 241{
 242        struct gb_bootrom *bootrom = gb_connection_get_data(op->connection);
 243        const struct firmware *fw;
 244        struct gb_bootrom_get_firmware_request *firmware_request;
 245        struct gb_bootrom_get_firmware_response *firmware_response;
 246        struct device *dev = &op->connection->bundle->dev;
 247        unsigned int offset, size;
 248        enum next_request_type next_request;
 249        int ret = 0;
 250
 251        /* Disable timeouts */
 252        gb_bootrom_cancel_timeout(bootrom);
 253
 254        if (op->request->payload_size != sizeof(*firmware_request)) {
 255                dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n",
 256                        __func__, op->request->payload_size,
 257                        sizeof(*firmware_request));
 258                ret = -EINVAL;
 259                goto queue_work;
 260        }
 261
 262        mutex_lock(&bootrom->mutex);
 263
 264        fw = bootrom->fw;
 265        if (!fw) {
 266                dev_err(dev, "%s: firmware not available\n", __func__);
 267                ret = -EINVAL;
 268                goto unlock;
 269        }
 270
 271        firmware_request = op->request->payload;
 272        offset = le32_to_cpu(firmware_request->offset);
 273        size = le32_to_cpu(firmware_request->size);
 274
 275        if (offset >= fw->size || size > fw->size - offset) {
 276                dev_warn(dev, "bad firmware request (offs = %u, size = %u)\n",
 277                                offset, size);
 278                ret = -EINVAL;
 279                goto unlock;
 280        }
 281
 282        if (!gb_operation_response_alloc(op, sizeof(*firmware_response) + size,
 283                                         GFP_KERNEL)) {
 284                dev_err(dev, "%s: error allocating response\n", __func__);
 285                ret = -ENOMEM;
 286                goto unlock;
 287        }
 288
 289        firmware_response = op->response->payload;
 290        memcpy(firmware_response->data, fw->data + offset, size);
 291
 292        dev_dbg(dev, "responding with firmware (offs = %u, size = %u)\n",
 293                offset, size);
 294
 295unlock:
 296        mutex_unlock(&bootrom->mutex);
 297
 298queue_work:
 299        /* Refresh timeout */
 300        if (!ret && (offset + size == fw->size))
 301                next_request = NEXT_REQ_READY_TO_BOOT;
 302        else
 303                next_request = NEXT_REQ_GET_FIRMWARE;
 304
 305        gb_bootrom_set_timeout(bootrom, next_request, NEXT_REQ_TIMEOUT_MS);
 306
 307        return ret;
 308}
 309
 310static int gb_bootrom_ready_to_boot(struct gb_operation *op)
 311{
 312        struct gb_connection *connection = op->connection;
 313        struct gb_bootrom *bootrom = gb_connection_get_data(connection);
 314        struct gb_bootrom_ready_to_boot_request *rtb_request;
 315        struct device *dev = &connection->bundle->dev;
 316        u8 status;
 317        int ret = 0;
 318
 319        /* Disable timeouts */
 320        gb_bootrom_cancel_timeout(bootrom);
 321
 322        if (op->request->payload_size != sizeof(*rtb_request)) {
 323                dev_err(dev, "%s: Illegal size of ready to boot request (%zu %zu)\n",
 324                        __func__, op->request->payload_size,
 325                        sizeof(*rtb_request));
 326                ret = -EINVAL;
 327                goto queue_work;
 328        }
 329
 330        rtb_request = op->request->payload;
 331        status = rtb_request->status;
 332
 333        /* Return error if the blob was invalid */
 334        if (status == GB_BOOTROM_BOOT_STATUS_INVALID) {
 335                ret = -EINVAL;
 336                goto queue_work;
 337        }
 338
 339        /*
 340         * XXX Should we return error for insecure firmware?
 341         */
 342        dev_dbg(dev, "ready to boot: 0x%x, 0\n", status);
 343
 344queue_work:
 345        /*
 346         * Refresh timeout, the Interface shall load the new personality and
 347         * send a new hotplug request, which shall get rid of the bootrom
 348         * connection. As that can take some time, increase the timeout a bit.
 349         */
 350        gb_bootrom_set_timeout(bootrom, NEXT_REQ_MODE_SWITCH,
 351                               MODE_SWITCH_TIMEOUT_MS);
 352
 353        return ret;
 354}
 355
 356static int gb_bootrom_request_handler(struct gb_operation *op)
 357{
 358        u8 type = op->type;
 359
 360        switch (type) {
 361        case GB_BOOTROM_TYPE_FIRMWARE_SIZE:
 362                return gb_bootrom_firmware_size_request(op);
 363        case GB_BOOTROM_TYPE_GET_FIRMWARE:
 364                return gb_bootrom_get_firmware(op);
 365        case GB_BOOTROM_TYPE_READY_TO_BOOT:
 366                return gb_bootrom_ready_to_boot(op);
 367        default:
 368                dev_err(&op->connection->bundle->dev,
 369                        "unsupported request: %u\n", type);
 370                return -EINVAL;
 371        }
 372}
 373
 374static int gb_bootrom_get_version(struct gb_bootrom *bootrom)
 375{
 376        struct gb_bundle *bundle = bootrom->connection->bundle;
 377        struct gb_bootrom_version_request request;
 378        struct gb_bootrom_version_response response;
 379        int ret;
 380
 381        request.major = GB_BOOTROM_VERSION_MAJOR;
 382        request.minor = GB_BOOTROM_VERSION_MINOR;
 383
 384        ret = gb_operation_sync(bootrom->connection,
 385                                GB_BOOTROM_TYPE_VERSION,
 386                                &request, sizeof(request), &response,
 387                                sizeof(response));
 388        if (ret) {
 389                dev_err(&bundle->dev,
 390                                "failed to get protocol version: %d\n",
 391                                ret);
 392                return ret;
 393        }
 394
 395        if (response.major > request.major) {
 396                dev_err(&bundle->dev,
 397                                "unsupported major protocol version (%u > %u)\n",
 398                                response.major, request.major);
 399                return -ENOTSUPP;
 400        }
 401
 402        bootrom->protocol_major = response.major;
 403        bootrom->protocol_minor = response.minor;
 404
 405        dev_dbg(&bundle->dev, "%s - %u.%u\n", __func__, response.major,
 406                        response.minor);
 407
 408        return 0;
 409}
 410
 411static int gb_bootrom_probe(struct gb_bundle *bundle,
 412                                        const struct greybus_bundle_id *id)
 413{
 414        struct greybus_descriptor_cport *cport_desc;
 415        struct gb_connection *connection;
 416        struct gb_bootrom *bootrom;
 417        int ret;
 418
 419        if (bundle->num_cports != 1)
 420                return -ENODEV;
 421
 422        cport_desc = &bundle->cport_desc[0];
 423        if (cport_desc->protocol_id != GREYBUS_PROTOCOL_BOOTROM)
 424                return -ENODEV;
 425
 426        bootrom = kzalloc(sizeof(*bootrom), GFP_KERNEL);
 427        if (!bootrom)
 428                return -ENOMEM;
 429
 430        connection = gb_connection_create(bundle,
 431                                                le16_to_cpu(cport_desc->id),
 432                                                gb_bootrom_request_handler);
 433        if (IS_ERR(connection)) {
 434                ret = PTR_ERR(connection);
 435                goto err_free_bootrom;
 436        }
 437
 438        gb_connection_set_data(connection, bootrom);
 439
 440        bootrom->connection = connection;
 441
 442        mutex_init(&bootrom->mutex);
 443        INIT_DELAYED_WORK(&bootrom->dwork, gb_bootrom_timedout);
 444        greybus_set_drvdata(bundle, bootrom);
 445
 446        ret = gb_connection_enable_tx(connection);
 447        if (ret)
 448                goto err_connection_destroy;
 449
 450        ret = gb_bootrom_get_version(bootrom);
 451        if (ret)
 452                goto err_connection_disable;
 453
 454        bootrom_es2_fixup_vid_pid(bootrom);
 455
 456        ret = gb_connection_enable(connection);
 457        if (ret)
 458                goto err_connection_disable;
 459
 460        /* Refresh timeout */
 461        gb_bootrom_set_timeout(bootrom, NEXT_REQ_FIRMWARE_SIZE,
 462                               NEXT_REQ_TIMEOUT_MS);
 463
 464        /* Tell bootrom we're ready. */
 465        ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_AP_READY, NULL, 0,
 466                                NULL, 0);
 467        if (ret) {
 468                dev_err(&connection->bundle->dev,
 469                                "failed to send AP READY: %d\n", ret);
 470                goto err_cancel_timeout;
 471        }
 472
 473        dev_dbg(&bundle->dev, "AP_READY sent\n");
 474
 475        return 0;
 476
 477err_cancel_timeout:
 478        gb_bootrom_cancel_timeout(bootrom);
 479err_connection_disable:
 480        gb_connection_disable(connection);
 481err_connection_destroy:
 482        gb_connection_destroy(connection);
 483err_free_bootrom:
 484        kfree(bootrom);
 485
 486        return ret;
 487}
 488
 489static void gb_bootrom_disconnect(struct gb_bundle *bundle)
 490{
 491        struct gb_bootrom *bootrom = greybus_get_drvdata(bundle);
 492
 493        dev_dbg(&bundle->dev, "%s\n", __func__);
 494
 495        gb_connection_disable(bootrom->connection);
 496
 497        /* Disable timeouts */
 498        gb_bootrom_cancel_timeout(bootrom);
 499
 500        /*
 501         * Release firmware:
 502         *
 503         * As the connection and the delayed work are already disabled, we don't
 504         * need to lock access to bootrom->fw here.
 505         */
 506        free_firmware(bootrom);
 507
 508        gb_connection_destroy(bootrom->connection);
 509        kfree(bootrom);
 510}
 511
 512static const struct greybus_bundle_id gb_bootrom_id_table[] = {
 513        { GREYBUS_DEVICE_CLASS(GREYBUS_CLASS_BOOTROM) },
 514        { }
 515};
 516
 517static struct greybus_driver gb_bootrom_driver = {
 518        .name           = "bootrom",
 519        .probe          = gb_bootrom_probe,
 520        .disconnect     = gb_bootrom_disconnect,
 521        .id_table       = gb_bootrom_id_table,
 522};
 523
 524module_greybus_driver(gb_bootrom_driver);
 525
 526MODULE_LICENSE("GPL v2");
 527