LXR linux/drivers/scsi/esas2r/esas2r

   1
   2/*
   3 *  linux/drivers/scsi/esas2r/esas2r_flash.c
   4 *      For use with ATTO ExpressSAS R6xx SAS/SATA RAID controllers
   5 *
   6 *  Copyright (c) 2001-2013 ATTO Technology, Inc.
   7 *  (mailto:linuxdrivers@attotech.com)
   8 *
   9 * This program is free software; you can redistribute it and/or
  10 * modify it under the terms of the GNU General Public License
  11 * as published by the Free Software Foundation; either version 2
  12 * of the License, or (at your option) any later version.
  13 *
  14 * This program is distributed in the hope that it will be useful,
  15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17 * GNU General Public License for more details.
  18 *
  19 * NO WARRANTY
  20 * THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
  21 * CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
  22 * LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
  23 * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
  24 * solely responsible for determining the appropriateness of using and
  25 * distributing the Program and assumes all risks associated with its
  26 * exercise of rights under this Agreement, including but not limited to
  27 * the risks and costs of program errors, damage to or loss of data,
  28 * programs or equipment, and unavailability or interruption of operations.
  29 *
  30 * DISCLAIMER OF LIABILITY
  31 * NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
  32 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  33 * DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
  34 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
  35 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
  36 * USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
  37 * HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
  38 *
  39 * You should have received a copy of the GNU General Public License
  40 * along with this program; if not, write to the Free Software
  41 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
  42 * USA.
  43 */
  44
  45#include "esas2r.h"
  46
  47/* local macro defs */
  48#define esas2r_nvramcalc_cksum(n)     \
  49        (esas2r_calc_byte_cksum((u8 *)(n), sizeof(struct esas2r_sas_nvram), \
  50                                SASNVR_CKSUM_SEED))
  51#define esas2r_nvramcalc_xor_cksum(n)  \
  52        (esas2r_calc_byte_xor_cksum((u8 *)(n), \
  53                                    sizeof(struct esas2r_sas_nvram), 0))
  54
  55#define ESAS2R_FS_DRVR_VER 2
  56
  57static struct esas2r_sas_nvram default_sas_nvram = {
  58        { 'E',  'S',  'A',  'S'                      }, /* signature          */
  59        SASNVR_VERSION,                                 /* version            */
  60        0,                                              /* checksum           */
  61        31,                                             /* max_lun_for_target */
  62        SASNVR_PCILAT_MAX,                              /* pci_latency        */
  63        SASNVR1_BOOT_DRVR,                              /* options1           */
  64        SASNVR2_HEARTBEAT   | SASNVR2_SINGLE_BUS        /* options2           */
  65        | SASNVR2_SW_MUX_CTRL,
  66        SASNVR_COAL_DIS,                                /* int_coalescing     */
  67        SASNVR_CMDTHR_NONE,                             /* cmd_throttle       */
  68        3,                                              /* dev_wait_time      */
  69        1,                                              /* dev_wait_count     */
  70        0,                                              /* spin_up_delay      */
  71        0,                                              /* ssp_align_rate     */
  72        { 0x50, 0x01, 0x08, 0x60,                       /* sas_addr           */
  73          0x00, 0x00, 0x00, 0x00 },
  74        { SASNVR_SPEED_AUTO },                          /* phy_speed          */
  75        { SASNVR_MUX_DISABLED },                        /* SAS multiplexing   */
  76        { 0 },                                          /* phy_flags          */
  77        SASNVR_SORT_SAS_ADDR,                           /* sort_type          */
  78        3,                                              /* dpm_reqcmd_lmt     */
  79        3,                                              /* dpm_stndby_time    */
  80        0,                                              /* dpm_active_time    */
  81        { 0 },                                          /* phy_target_id      */
  82        SASNVR_VSMH_DISABLED,                           /* virt_ses_mode      */
  83        SASNVR_RWM_DEFAULT,                             /* read_write_mode    */
  84        0,                                              /* link down timeout  */
  85        { 0 }                                           /* reserved           */
  86};
  87
  88static u8 cmd_to_fls_func[] = {
  89        0xFF,
  90        VDA_FLASH_READ,
  91        VDA_FLASH_BEGINW,
  92        VDA_FLASH_WRITE,
  93        VDA_FLASH_COMMIT,
  94        VDA_FLASH_CANCEL
  95};
  96
  97static u8 esas2r_calc_byte_xor_cksum(u8 *addr, u32 len, u8 seed)
  98{
  99        u32 cksum = seed;
 100        u8 *p = (u8 *)&cksum;
 101
 102        while (len) {
 103                if (((uintptr_t)addr & 3) == 0)
 104                        break;
 105
 106                cksum = cksum ^ *addr;
 107                addr++;
 108                len--;
 109        }
 110        while (len >= sizeof(u32)) {
 111                cksum = cksum ^ *(u32 *)addr;
 112                addr += 4;
 113                len -= 4;
 114        }
 115        while (len--) {
 116                cksum = cksum ^ *addr;
 117                addr++;
 118        }
 119        return p[0] ^ p[1] ^ p[2] ^ p[3];
 120}
 121
 122static u8 esas2r_calc_byte_cksum(void *addr, u32 len, u8 seed)
 123{
 124        u8 *p = (u8 *)addr;
 125        u8 cksum = seed;
 126
 127        while (len--)
 128                cksum = cksum + p[len];
 129        return cksum;
 130}
 131
 132/* Interrupt callback to process FM API write requests. */
 133static void esas2r_fmapi_callback(struct esas2r_adapter *a,
 134                                  struct esas2r_request *rq)
 135{
 136        struct atto_vda_flash_req *vrq = &rq->vrq->flash;
 137        struct esas2r_flash_context *fc =
 138                (struct esas2r_flash_context *)rq->interrupt_cx;
 139
 140        if (rq->req_stat == RS_SUCCESS) {
 141                /* Last request was successful.  See what to do now. */
 142                switch (vrq->sub_func) {
 143                case VDA_FLASH_BEGINW:
 144                        if (fc->sgc.cur_offset == NULL)
 145                                goto commit;
 146
 147                        vrq->sub_func = VDA_FLASH_WRITE;
 148                        rq->req_stat = RS_PENDING;
 149                        break;
 150
 151                case VDA_FLASH_WRITE:
 152commit:
 153                        vrq->sub_func = VDA_FLASH_COMMIT;
 154                        rq->req_stat = RS_PENDING;
 155                        rq->interrupt_cb = fc->interrupt_cb;
 156                        break;
 157
 158                default:
 159                        break;
 160                }
 161        }
 162
 163        if (rq->req_stat != RS_PENDING)
 164                /*
 165                 * All done. call the real callback to complete the FM API
 166                 * request.  We should only get here if a BEGINW or WRITE
 167                 * operation failed.
 168                 */
 169                (*fc->interrupt_cb)(a, rq);
 170}
 171
 172/*
 173 * Build a flash request based on the flash context.  The request status
 174 * is filled in on an error.
 175 */
 176static void build_flash_msg(struct esas2r_adapter *a,
 177                            struct esas2r_request *rq)
 178{
 179        struct esas2r_flash_context *fc =
 180                (struct esas2r_flash_context *)rq->interrupt_cx;
 181        struct esas2r_sg_context *sgc = &fc->sgc;
 182        u8 cksum = 0;
 183
 184        /* calculate the checksum */
 185        if (fc->func == VDA_FLASH_BEGINW) {
 186                if (sgc->cur_offset)
 187                        cksum = esas2r_calc_byte_xor_cksum(sgc->cur_offset,
 188                                                           sgc->length,
 189                                                           0);
 190                rq->interrupt_cb = esas2r_fmapi_callback;
 191        } else {
 192                rq->interrupt_cb = fc->interrupt_cb;
 193        }
 194        esas2r_build_flash_req(a,
 195                               rq,
 196                               fc->func,
 197                               cksum,
 198                               fc->flsh_addr,
 199                               sgc->length);
 200
 201        esas2r_rq_free_sg_lists(rq, a);
 202
 203        /*
 204         * remember the length we asked for.  we have to keep track of
 205         * the current amount done so we know how much to compare when
 206         * doing the verification phase.
 207         */
 208        fc->curr_len = fc->sgc.length;
 209
 210        if (sgc->cur_offset) {
 211                /* setup the S/G context to build the S/G table  */
 212                esas2r_sgc_init(sgc, a, rq, &rq->vrq->flash.data.sge[0]);
 213
 214                if (!esas2r_build_sg_list(a, rq, sgc)) {
 215                        rq->req_stat = RS_BUSY;
 216                        return;
 217                }
 218        } else {
 219                fc->sgc.length = 0;
 220        }
 221
 222        /* update the flsh_addr to the next one to write to  */
 223        fc->flsh_addr += fc->curr_len;
 224}
 225
 226/* determine the method to process the flash request */
 227static bool load_image(struct esas2r_adapter *a, struct esas2r_request *rq)
 228{
 229        /*
 230         * assume we have more to do.  if we return with the status set to
 231         * RS_PENDING, FM API tasks will continue.
 232         */
 233        rq->req_stat = RS_PENDING;
 234        if (test_bit(AF_DEGRADED_MODE, &a->flags))
 235                /* not suppported for now */;
 236        else
 237                build_flash_msg(a, rq);
 238
 239        return rq->req_stat == RS_PENDING;
 240}
 241
 242/*  boot image fixer uppers called before downloading the image. */
 243static void fix_bios(struct esas2r_adapter *a, struct esas2r_flash_img *fi)
 244{
 245        struct esas2r_component_header *ch = &fi->cmp_hdr[CH_IT_BIOS];
 246        struct esas2r_pc_image *pi;
 247        struct esas2r_boot_header *bh;
 248
 249        pi = (struct esas2r_pc_image *)((u8 *)fi + ch->image_offset);
 250        bh =
 251                (struct esas2r_boot_header *)((u8 *)pi +
 252                                              le16_to_cpu(pi->header_offset));
 253        bh->device_id = cpu_to_le16(a->pcid->device);
 254
 255        /* Recalculate the checksum in the PNP header if there  */
 256        if (pi->pnp_offset) {
 257                u8 *pnp_header_bytes =
 258                        ((u8 *)pi + le16_to_cpu(pi->pnp_offset));
 259
 260                /* Identifier - dword that starts at byte 10 */
 261                *((u32 *)&pnp_header_bytes[10]) =
 262                        cpu_to_le32(MAKEDWORD(a->pcid->subsystem_vendor,
 263                                              a->pcid->subsystem_device));
 264
 265                /* Checksum - byte 9 */
 266                pnp_header_bytes[9] -= esas2r_calc_byte_cksum(pnp_header_bytes,
 267                                                              32, 0);
 268        }
 269
 270        /* Recalculate the checksum needed by the PC */
 271        pi->checksum = pi->checksum -
 272                       esas2r_calc_byte_cksum((u8 *)pi, ch->length, 0);
 273}
 274
 275static void fix_efi(struct esas2r_adapter *a, struct esas2r_flash_img *fi)
 276{
 277        struct esas2r_component_header *ch = &fi->cmp_hdr[CH_IT_EFI];
 278        u32 len = ch->length;
 279        u32 offset = ch->image_offset;
 280        struct esas2r_efi_image *ei;
 281        struct esas2r_boot_header *bh;
 282
 283        while (len) {
 284                u32 thislen;
 285
 286                ei = (struct esas2r_efi_image *)((u8 *)fi + offset);
 287                bh = (struct esas2r_boot_header *)((u8 *)ei +
 288                                                   le16_to_cpu(
 289                                                           ei->header_offset));
 290                bh->device_id = cpu_to_le16(a->pcid->device);
 291                thislen = (u32)le16_to_cpu(bh->image_length) * 512;
 292
 293                if (thislen > len)
 294                        break;
 295
 296                len -= thislen;
 297                offset += thislen;
 298        }
 299}
 300
 301/* Complete a FM API request with the specified status. */
 302static bool complete_fmapi_req(struct esas2r_adapter *a,
 303                               struct esas2r_request *rq, u8 fi_stat)
 304{
 305        struct esas2r_flash_context *fc =
 306                (struct esas2r_flash_context *)rq->interrupt_cx;
 307        struct esas2r_flash_img *fi = fc->fi;
 308
 309        fi->status = fi_stat;
 310        fi->driver_error = rq->req_stat;
 311        rq->interrupt_cb = NULL;
 312        rq->req_stat = RS_SUCCESS;
 313
 314        if (fi_stat != FI_STAT_IMG_VER)
 315                memset(fc->scratch, 0, FM_BUF_SZ);
 316
 317        esas2r_enable_heartbeat(a);
 318        clear_bit(AF_FLASH_LOCK, &a->flags);
 319        return false;
 320}
 321
 322/* Process each phase of the flash download process. */
 323static void fw_download_proc(struct esas2r_adapter *a,
 324                             struct esas2r_request *rq)
 325{
 326        struct esas2r_flash_context *fc =
 327                (struct esas2r_flash_context *)rq->interrupt_cx;
 328        struct esas2r_flash_img *fi = fc->fi;
 329        struct esas2r_component_header *ch;
 330        u32 len;
 331        u8 *p, *q;
 332
 333        /* If the previous operation failed, just return. */
 334        if (rq->req_stat != RS_SUCCESS)
 335                goto error;
 336
 337        /*
 338         * If an upload just completed and the compare length is non-zero,
 339         * then we just read back part of the image we just wrote.  verify the
 340         * section and continue reading until the entire image is verified.
 341         */
 342        if (fc->func == VDA_FLASH_READ
 343            && fc->cmp_len) {
 344                ch = &fi->cmp_hdr[fc->comp_typ];
 345
 346                p = fc->scratch;
 347                q = (u8 *)fi                    /* start of the whole gob     */
 348                    + ch->image_offset          /* start of the current image */
 349                    + ch->length                /* end of the current image   */
 350                    - fc->cmp_len;              /* where we are now           */
 351
 352                /*
 353                 * NOTE - curr_len is the exact count of bytes for the read
 354                 *        even when the end is read and its not a full buffer
 355                 */
 356                for (len = fc->curr_len; len; len--)
 357                        if (*p++ != *q++)
 358                                goto error;
 359
 360                fc->cmp_len -= fc->curr_len; /* # left to compare    */
 361
 362                /* Update fc and determine the length for the next upload */
 363                if (fc->cmp_len > FM_BUF_SZ)
 364                        fc->sgc.length = FM_BUF_SZ;
 365                else
 366                        fc->sgc.length = fc->cmp_len;
 367
 368                fc->sgc.cur_offset = fc->sgc_offset +
 369                                     ((u8 *)fc->scratch - (u8 *)fi);
 370        }
 371
 372        /*
 373         * This code uses a 'while' statement since the next component may
 374         * have a length = zero.  This can happen since some components are
 375         * not required.  At the end of this 'while' we set up the length
 376         * for the next request and therefore sgc.length can be = 0.
 377         */
 378        while (fc->sgc.length == 0) {
 379                ch = &fi->cmp_hdr[fc->comp_typ];
 380
 381                switch (fc->task) {
 382                case FMTSK_ERASE_BOOT:
 383                        /* the BIOS image is written next */
 384                        ch = &fi->cmp_hdr[CH_IT_BIOS];
 385                        if (ch->length == 0)
 386                                goto no_bios;
 387
 388                        fc->task = FMTSK_WRTBIOS;
 389                        fc->func = VDA_FLASH_BEGINW;
 390                        fc->comp_typ = CH_IT_BIOS;
 391                        fc->flsh_addr = FLS_OFFSET_BOOT;
 392                        fc->sgc.length = ch->length;
 393                        fc->sgc.cur_offset = fc->sgc_offset +
 394                                             ch->image_offset;
 395                        break;
 396
 397                case FMTSK_WRTBIOS:
 398                        /*
 399                         * The BIOS image has been written - read it and
 400                         * verify it
 401                         */
 402                        fc->task = FMTSK_READBIOS;
 403                        fc->func = VDA_FLASH_READ;
 404                        fc->flsh_addr = FLS_OFFSET_BOOT;
 405                        fc->cmp_len = ch->length;
 406                        fc->sgc.length = FM_BUF_SZ;
 407                        fc->sgc.cur_offset = fc->sgc_offset
 408                                             + ((u8 *)fc->scratch -
 409                                                (u8 *)fi);
 410                        break;
 411
 412                case FMTSK_READBIOS:
 413no_bios:
 414                        /*
 415                         * Mark the component header status for the image
 416                         * completed
 417                         */
 418                        ch->status = CH_STAT_SUCCESS;
 419
 420                        /* The MAC image is written next */
 421                        ch = &fi->cmp_hdr[CH_IT_MAC];
 422                        if (ch->length == 0)
 423                                goto no_mac;
 424
 425                        fc->task = FMTSK_WRTMAC;
 426                        fc->func = VDA_FLASH_BEGINW;
 427                        fc->comp_typ = CH_IT_MAC;
 428                        fc->flsh_addr = FLS_OFFSET_BOOT
 429                                        + fi->cmp_hdr[CH_IT_BIOS].length;
 430                        fc->sgc.length = ch->length;
 431                        fc->sgc.cur_offset = fc->sgc_offset +
 432                                             ch->image_offset;
 433                        break;
 434
 435                case FMTSK_WRTMAC:
 436                        /* The MAC image has been written - read and verify */
 437                        fc->task = FMTSK_READMAC;
 438                        fc->func = VDA_FLASH_READ;
 439                        fc->flsh_addr -= ch->length;
 440                        fc->cmp_len = ch->length;
 441                        fc->sgc.length = FM_BUF_SZ;
 442                        fc->sgc.cur_offset = fc->sgc_offset
 443                                             + ((u8 *)fc->scratch -
 444                                                (u8 *)fi);
 445                        break;
 446
 447                case FMTSK_READMAC:
 448no_mac:
 449                        /*
 450                         * Mark the component header status for the image
 451                         * completed
 452                         */
 453                        ch->status = CH_STAT_SUCCESS;
 454
 455                        /* The EFI image is written next */
 456                        ch = &fi->cmp_hdr[CH_IT_EFI];
 457                        if (ch->length == 0)
 458                                goto no_efi;
 459
 460                        fc->task = FMTSK_WRTEFI;
 461                        fc->func = VDA_FLASH_BEGINW;
 462                        fc->comp_typ = CH_IT_EFI;
 463                        fc->flsh_addr = FLS_OFFSET_BOOT
 464                                        + fi->cmp_hdr[CH_IT_BIOS].length
 465                                        + fi->cmp_hdr[CH_IT_MAC].length;
 466                        fc->sgc.length = ch->length;
 467                        fc->sgc.cur_offset = fc->sgc_offset +
 468                                             ch->image_offset;
 469                        break;
 470
 471                case FMTSK_WRTEFI:
 472                        /* The EFI image has been written - read and verify */
 473                        fc->task = FMTSK_READEFI;
 474                        fc->func = VDA_FLASH_READ;
 475                        fc->flsh_addr -= ch->length;
 476                        fc->cmp_len = ch->length;
 477                        fc->sgc.length = FM_BUF_SZ;
 478                        fc->sgc.cur_offset = fc->sgc_offset
 479                                             + ((u8 *)fc->scratch -
 480                                                (u8 *)fi);
 481                        break;
 482
 483                case FMTSK_READEFI:
 484no_efi:
 485                        /*
 486                         * Mark the component header status for the image
 487                         * completed
 488                         */
 489                        ch->status = CH_STAT_SUCCESS;
 490
 491                        /* The CFG image is written next */
 492                        ch = &fi->cmp_hdr[CH_IT_CFG];
 493
 494                        if (ch->length == 0)
 495                                goto no_cfg;
 496                        fc->task = FMTSK_WRTCFG;
 497                        fc->func = VDA_FLASH_BEGINW;
 498                        fc->comp_typ = CH_IT_CFG;
 499                        fc->flsh_addr = FLS_OFFSET_CPYR - ch->length;
 500                        fc->sgc.length = ch->length;
 501                        fc->sgc.cur_offset = fc->sgc_offset +
 502                                             ch->image_offset;
 503                        break;
 504
 505                case FMTSK_WRTCFG:
 506                        /* The CFG image has been written - read and verify */
 507                        fc->task = FMTSK_READCFG;
 508                        fc->func = VDA_FLASH_READ;
 509                        fc->flsh_addr = FLS_OFFSET_CPYR - ch->length;
 510                        fc->cmp_len = ch->length;
 511                        fc->sgc.length = FM_BUF_SZ;
 512                        fc->sgc.cur_offset = fc->sgc_offset
 513                                             + ((u8 *)fc->scratch -
 514                                                (u8 *)fi);
 515                        break;
 516
 517                case FMTSK_READCFG:
 518no_cfg:
 519                        /*
 520                         * Mark the component header status for the image
 521                         * completed
 522                         */
 523                        ch->status = CH_STAT_SUCCESS;
 524
 525                        /*
 526                         * The download is complete.  If in degraded mode,
 527                         * attempt a chip reset.
 528                         */
 529                        if (test_bit(AF_DEGRADED_MODE, &a->flags))
 530                                esas2r_local_reset_adapter(a);
 531
 532                        a->flash_ver = fi->cmp_hdr[CH_IT_BIOS].version;
 533                        esas2r_print_flash_rev(a);
 534
 535                        /* Update the type of boot image on the card */
 536                        memcpy(a->image_type, fi->rel_version,
 537                               sizeof(fi->rel_version));
 538                        complete_fmapi_req(a, rq, FI_STAT_SUCCESS);
 539                        return;
 540                }
 541
 542                /* If verifying, don't try reading more than what's there */
 543                if (fc->func == VDA_FLASH_READ
 544                    && fc->sgc.length > fc->cmp_len)
 545                        fc->sgc.length = fc->cmp_len;
 546        }
 547
 548        /* Build the request to perform the next action */
 549        if (!load_image(a, rq)) {
 550error:
 551                if (fc->comp_typ < fi->num_comps) {
 552                        ch = &fi->cmp_hdr[fc->comp_typ];
 553                        ch->status = CH_STAT_FAILED;
 554                }
 555
 556                complete_fmapi_req(a, rq, FI_STAT_FAILED);
 557        }
 558}
 559
 560/* Determine the flash image adaptyp for this adapter */
 561static u8 get_fi_adap_type(struct esas2r_adapter *a)
 562{
 563        u8 type;
 564
 565        /* use the device ID to get the correct adap_typ for this HBA */
 566        switch (a->pcid->device) {
 567        case ATTO_DID_INTEL_IOP348:
 568                type = FI_AT_SUN_LAKE;
 569                break;
 570
 571        case ATTO_DID_MV_88RC9580:
 572        case ATTO_DID_MV_88RC9580TS:
 573        case ATTO_DID_MV_88RC9580TSE:
 574        case ATTO_DID_MV_88RC9580TL:
 575                type = FI_AT_MV_9580;
 576                break;
 577
 578        default:
 579                type = FI_AT_UNKNWN;
 580                break;
 581        }
 582
 583        return type;
 584}
 585
 586/* Size of config + copyright + flash_ver images, 0 for failure. */
 587static u32 chk_cfg(u8 *cfg, u32 length, u32 *flash_ver)
 588{
 589        u16 *pw = (u16 *)cfg - 1;
 590        u32 sz = 0;
 591        u32 len = length;
 592
 593        if (len == 0)
 594                len = FM_BUF_SZ;
 595
 596        if (flash_ver)
 597                *flash_ver = 0;
 598
 599        while (true) {
 600                u16 type;
 601                u16 size;
 602
 603                type = le16_to_cpu(*pw--);
 604                size = le16_to_cpu(*pw--);
 605
 606                if (type != FBT_CPYR
 607                    && type != FBT_SETUP
 608                    && type != FBT_FLASH_VER)
 609                        break;
 610
 611                if (type == FBT_FLASH_VER
 612                    && flash_ver)
 613                        *flash_ver = le32_to_cpu(*(u32 *)(pw - 1));
 614
 615                sz += size + (2 * sizeof(u16));
 616                pw -= size / sizeof(u16);
 617
 618                if (sz > len - (2 * sizeof(u16)))
 619                        break;
 620        }
 621
 622        /* See if we are comparing the size to the specified length */
 623        if (length && sz != length)
 624                return 0;
 625
 626        return sz;
 627}
 628
 629/* Verify that the boot image is valid */
 630static u8 chk_boot(u8 *boot_img, u32 length)
 631{
 632        struct esas2r_boot_image *bi = (struct esas2r_boot_image *)boot_img;
 633        u16 hdroffset = le16_to_cpu(bi->header_offset);
 634        struct esas2r_boot_header *bh;
 635
 636        if (bi->signature != le16_to_cpu(0xaa55)
 637            || (long)hdroffset >
 638            (long)(65536L - sizeof(struct esas2r_boot_header))
 639            || (hdroffset & 3)
 640            || (hdroffset < sizeof(struct esas2r_boot_image))
 641            || ((u32)hdroffset + sizeof(struct esas2r_boot_header) > length))
 642                return 0xff;
 643
 644        bh = (struct esas2r_boot_header *)((char *)bi + hdroffset);
 645
 646        if (bh->signature[0] != 'P'
 647            || bh->signature[1] != 'C'
 648            || bh->signature[2] != 'I'
 649            || bh->signature[3] != 'R'
 650            || le16_to_cpu(bh->struct_length) <
 651            (u16)sizeof(struct esas2r_boot_header)
 652            || bh->class_code[2] != 0x01
 653            || bh->class_code[1] != 0x04
 654            || bh->class_code[0] != 0x00
 655            || (bh->code_type != CODE_TYPE_PC
 656                && bh->code_type != CODE_TYPE_OPEN
 657                && bh->code_type != CODE_TYPE_EFI))
 658                return 0xff;
 659
 660        return bh->code_type;
 661}
 662
 663/* The sum of all the WORDS of the image */
 664static u16 calc_fi_checksum(struct esas2r_flash_context *fc)
 665{
 666        struct esas2r_flash_img *fi = fc->fi;
 667        u16 cksum;
 668        u32 len;
 669        u16 *pw;
 670
 671        for (len = (fi->length - fc->fi_hdr_len) / 2,
 672             pw = (u16 *)((u8 *)fi + fc->fi_hdr_len),
 673             cksum = 0;
 674             len;
 675             len--, pw++)
 676                cksum = cksum + le16_to_cpu(*pw);
 677
 678        return cksum;
 679}
 680
 681/*
 682 * Verify the flash image structure.  The following verifications will
 683 * be performed:
 684 *              1)  verify the fi_version is correct
 685 *              2)  verify the checksum of the entire image.
 686 *              3)  validate the adap_typ, action and length fields.
 687 *              4)  validate each component header. check the img_type and
 688 *                  length fields
 689 *              5)  validate each component image.  validate signatures and
 690 *                  local checksums
 691 */
 692static bool verify_fi(struct esas2r_adapter *a,
 693                      struct esas2r_flash_context *fc)
 694{
 695        struct esas2r_flash_img *fi = fc->fi;
 696        u8 type;
 697        bool imgerr;
 698        u16 i;
 699        u32 len;
 700        struct esas2r_component_header *ch;
 701
 702        /* Verify the length - length must even since we do a word checksum */
 703        len = fi->length;
 704
 705        if ((len & 1)
 706            || len < fc->fi_hdr_len) {
 707                fi->status = FI_STAT_LENGTH;
 708                return false;
 709        }
 710
 711        /* Get adapter type and verify type in flash image */
 712        type = get_fi_adap_type(a);
 713        if ((type == FI_AT_UNKNWN) || (fi->adap_typ != type)) {
 714                fi->status = FI_STAT_ADAPTYP;
 715                return false;
 716        }
 717
 718        /*
 719         * Loop through each component and verify the img_type and length
 720         * fields.  Keep a running count of the sizes sooze we can verify total
 721         * size to additive size.
 722         */
 723        imgerr = false;
 724
 725        for (i = 0, len = 0, ch = fi->cmp_hdr;
 726             i < fi->num_comps;
 727             i++, ch++) {
 728                bool cmperr = false;
 729
 730                /*
 731                 * Verify that the component header has the same index as the
 732                 * image type.  The headers must be ordered correctly
 733                 */
 734                if (i != ch->img_type) {
 735                        imgerr = true;
 736                        ch->status = CH_STAT_INVALID;
 737                        continue;
 738                }
 739
 740                switch (ch->img_type) {
 741                case CH_IT_BIOS:
 742                        type = CODE_TYPE_PC;
 743                        break;
 744
 745                case CH_IT_MAC:
 746                        type = CODE_TYPE_OPEN;
 747                        break;
 748
 749                case CH_IT_EFI:
 750                        type = CODE_TYPE_EFI;
 751                        break;
 752                }
 753
 754                switch (ch->img_type) {
 755                case CH_IT_FW:
 756                case CH_IT_NVR:
 757                        break;
 758
 759                case CH_IT_BIOS:
 760                case CH_IT_MAC:
 761                case CH_IT_EFI:
 762                        if (ch->length & 0x1ff)
 763                                cmperr = true;
 764
 765                        /* Test if component image is present  */
 766                        if (ch->length == 0)
 767                                break;
 768
 769                        /* Image is present - verify the image */
 770                        if (chk_boot((u8 *)fi + ch->image_offset, ch->length)
 771                            != type)
 772                                cmperr = true;
 773
 774                        break;
 775
 776                case CH_IT_CFG:
 777
 778                        /* Test if component image is present */
 779                        if (ch->length == 0) {
 780                                cmperr = true;
 781                                break;
 782                        }
 783
 784                        /* Image is present - verify the image */
 785                        if (!chk_cfg((u8 *)fi + ch->image_offset + ch->length,
 786                                     ch->length, NULL))
 787                                cmperr = true;
 788
 789                        break;
 790
 791                default:
 792
 793                        fi->status = FI_STAT_UNKNOWN;
 794                        return false;
 795                }
 796
 797                if (cmperr) {
 798                        imgerr = true;
 799                        ch->status = CH_STAT_INVALID;
 800                } else {
 801                        ch->status = CH_STAT_PENDING;
 802                        len += ch->length;
 803                }
 804        }
 805
 806        if (imgerr) {
 807                fi->status = FI_STAT_MISSING;
 808                return false;
 809        }
 810
 811        /* Compare fi->length to the sum of ch->length fields */
 812        if (len != fi->length - fc->fi_hdr_len) {
 813                fi->status = FI_STAT_LENGTH;
 814                return false;
 815        }
 816
 817        /* Compute the checksum - it should come out zero */
 818        if (fi->checksum != calc_fi_checksum(fc)) {
 819                fi->status = FI_STAT_CHKSUM;
 820                return false;
 821        }
 822
 823        return true;
 824}
 825
 826/* Fill in the FS IOCTL response data from a completed request. */
 827static void esas2r_complete_fs_ioctl(struct esas2r_adapter *a,
 828                                     struct esas2r_request *rq)
 829{
 830        struct esas2r_ioctl_fs *fs =
 831                (struct esas2r_ioctl_fs *)rq->interrupt_cx;
 832
 833        if (rq->vrq->flash.sub_func == VDA_FLASH_COMMIT)
 834                esas2r_enable_heartbeat(a);
 835
 836        fs->driver_error = rq->req_stat;
 837
 838        if (fs->driver_error == RS_SUCCESS)
 839                fs->status = ATTO_STS_SUCCESS;
 840        else
 841                fs->status = ATTO_STS_FAILED;
 842}
 843
 844/* Prepare an FS IOCTL request to be sent to the firmware. */
 845bool esas2r_process_fs_ioctl(struct esas2r_adapter *a,
 846                             struct esas2r_ioctl_fs *fs,
 847                             struct esas2r_request *rq,
 848                             struct esas2r_sg_context *sgc)
 849{
 850        u8 cmdcnt = (u8)ARRAY_SIZE(cmd_to_fls_func);
 851        struct esas2r_ioctlfs_command *fsc = &fs->command;
 852        u8 func = 0;
 853        u32 datalen;
 854
 855        fs->status = ATTO_STS_FAILED;
 856        fs->driver_error = RS_PENDING;
 857
 858        if (fs->version > ESAS2R_FS_VER) {
 859                fs->status = ATTO_STS_INV_VERSION;
 860                return false;
 861        }
 862
 863        if (fsc->command >= cmdcnt) {
 864                fs->status = ATTO_STS_INV_FUNC;
 865                return false;
 866        }
 867
 868        func = cmd_to_fls_func[fsc->command];
 869        if (func == 0xFF) {
 870                fs->status = ATTO_STS_INV_FUNC;
 871                return false;
 872        }
 873
 874        if (fsc->command != ESAS2R_FS_CMD_CANCEL) {
 875                if ((a->pcid->device != ATTO_DID_MV_88RC9580
 876                     || fs->adap_type != ESAS2R_FS_AT_ESASRAID2)
 877                    && (a->pcid->device != ATTO_DID_MV_88RC9580TS
 878                        || fs->adap_type != ESAS2R_FS_AT_TSSASRAID2)
 879                    && (a->pcid->device != ATTO_DID_MV_88RC9580TSE
 880                        || fs->adap_type != ESAS2R_FS_AT_TSSASRAID2E)
 881                    && (a->pcid->device != ATTO_DID_MV_88RC9580TL
 882                        || fs->adap_type != ESAS2R_FS_AT_TLSASHBA)) {
 883                        fs->status = ATTO_STS_INV_ADAPTER;
 884                        return false;
 885                }
 886
 887                if (fs->driver_ver > ESAS2R_FS_DRVR_VER) {
 888                        fs->status = ATTO_STS_INV_DRVR_VER;
 889                        return false;
 890                }
 891        }
 892
 893        if (test_bit(AF_DEGRADED_MODE, &a->flags)) {
 894                fs->status = ATTO_STS_DEGRADED;
 895                return false;
 896        }
 897
 898        rq->interrupt_cb = esas2r_complete_fs_ioctl;
 899        rq->interrupt_cx = fs;
 900        datalen = le32_to_cpu(fsc->length);
 901        esas2r_build_flash_req(a,
 902                               rq,
 903                               func,
 904                               fsc->checksum,
 905                               le32_to_cpu(fsc->flash_addr),
 906                               datalen);
 907
 908        if (func == VDA_FLASH_WRITE
 909            || func == VDA_FLASH_READ) {
 910                if (datalen == 0) {
 911                        fs->status = ATTO_STS_INV_FUNC;
 912                        return false;
 913                }
 914
 915                esas2r_sgc_init(sgc, a, rq, rq->vrq->flash.data.sge);
 916                sgc->length = datalen;
 917
 918                if (!esas2r_build_sg_list(a, rq, sgc)) {
 919                        fs->status = ATTO_STS_OUT_OF_RSRC;
 920                        return false;
 921                }
 922        }
 923
 924        if (func == VDA_FLASH_COMMIT)
 925                esas2r_disable_heartbeat(a);
 926
 927        esas2r_start_request(a, rq);
 928
 929        return true;
 930}
 931
 932static bool esas2r_flash_access(struct esas2r_adapter *a, u32 function)
 933{
 934        u32 starttime;
 935        u32 timeout;
 936        u32 intstat;
 937        u32 doorbell;
 938
 939        /* Disable chip interrupts awhile */
 940        if (function == DRBL_FLASH_REQ)
 941                esas2r_disable_chip_interrupts(a);
 942
 943        /* Issue the request to the firmware */
 944        esas2r_write_register_dword(a, MU_DOORBELL_IN, function);
 945
 946        /* Now wait for the firmware to process it */
 947        starttime = jiffies_to_msecs(jiffies);
 948
 949        if (test_bit(AF_CHPRST_PENDING, &a->flags) ||
 950            test_bit(AF_DISC_PENDING, &a->flags))
 951                timeout = 40000;
 952        else
 953                timeout = 5000;
 954
 955        while (true) {
 956                intstat = esas2r_read_register_dword(a, MU_INT_STATUS_OUT);
 957
 958                if (intstat & MU_INTSTAT_DRBL) {
 959                        /* Got a doorbell interrupt.  Check for the function */
 960                        doorbell =
 961                                esas2r_read_register_dword(a, MU_DOORBELL_OUT);
 962                        esas2r_write_register_dword(a, MU_DOORBELL_OUT,
 963                                                    doorbell);
 964                        if (doorbell & function)
 965                                break;
 966                }
 967
 968                schedule_timeout_interruptible(msecs_to_jiffies(100));
 969
 970                if ((jiffies_to_msecs(jiffies) - starttime) > timeout) {
 971                        /*
 972                         * Iimeout.  If we were requesting flash access,
 973                         * indicate we are done so the firmware knows we gave
 974                         * up.  If this was a REQ, we also need to re-enable
 975                         * chip interrupts.
 976                         */
 977                        if (function == DRBL_FLASH_REQ) {
 978                                esas2r_hdebug("flash access timeout");
 979                                esas2r_write_register_dword(a, MU_DOORBELL_IN,
 980                                                            DRBL_FLASH_DONE);
 981                                esas2r_enable_chip_interrupts(a);
 982                        } else {
 983                                esas2r_hdebug("flash release timeout");
 984                        }
 985
 986                        return false;
 987                }
 988        }
 989
 990        /* if we're done, re-enable chip interrupts */
 991        if (function == DRBL_FLASH_DONE)
 992                esas2r_enable_chip_interrupts(a);
 993
 994        return true;
 995}
 996
 997#define WINDOW_SIZE ((signed int)MW_DATA_WINDOW_SIZE)
 998
 999bool esas2r_read_flash_block(struct esas2r_adapter *a,
1000                             void *to,

1001                             u32 from,
1002                             u32 size)
1003{
1004        u8 *end = (u8 *)to;
1005
1006        /* Try to acquire access to the flash */
1007        if (!esas2r_flash_access(a, DRBL_FLASH_REQ))
1008                return false;
1009
1010        while (size) {
1011                u32 len;
1012                u32 offset;
1013                u32 iatvr;
1014
1015                if (test_bit(AF2_SERIAL_FLASH, &a->flags2))
1016                        iatvr = MW_DATA_ADDR_SER_FLASH + (from & -WINDOW_SIZE);
1017                else
1018                        iatvr = MW_DATA_ADDR_PAR_FLASH + (from & -WINDOW_SIZE);
1019
1020                esas2r_map_data_window(a, iatvr);
1021                offset = from & (WINDOW_SIZE - 1);
1022                len = size;
1023
1024                if (len > WINDOW_SIZE - offset)
1025                        len = WINDOW_SIZE - offset;
1026
1027                from += len;
1028                size -= len;
1029
1030                while (len--) {
1031                        *end++ = esas2r_read_data_byte(a, offset);
1032                        offset++;
1033                }
1034        }
1035
1036        /* Release flash access */
1037        esas2r_flash_access(a, DRBL_FLASH_DONE);
1038        return true;
1039}
1040
1041bool esas2r_read_flash_rev(struct esas2r_adapter *a)
1042{
1043        u8 bytes[256];
1044        u16 *pw;
1045        u16 *pwstart;
1046        u16 type;
1047        u16 size;
1048        u32 sz;
1049
1050        sz = sizeof(bytes);
1051        pw = (u16 *)(bytes + sz);
1052        pwstart = (u16 *)bytes + 2;
1053
1054        if (!esas2r_read_flash_block(a, bytes, FLS_OFFSET_CPYR - sz, sz))
1055                goto invalid_rev;
1056
1057        while (pw >= pwstart) {
1058                pw--;
1059                type = le16_to_cpu(*pw);
1060                pw--;
1061                size = le16_to_cpu(*pw);
1062                pw -= size / 2;
1063
1064                if (type == FBT_CPYR
1065                    || type == FBT_SETUP
1066                    || pw < pwstart)
1067                        continue;
1068
1069                if (type == FBT_FLASH_VER)
1070                        a->flash_ver = le32_to_cpu(*(u32 *)pw);
1071
1072                break;
1073        }
1074
1075invalid_rev:
1076        return esas2r_print_flash_rev(a);
1077}
1078
1079bool esas2r_print_flash_rev(struct esas2r_adapter *a)
1080{
1081        u16 year = LOWORD(a->flash_ver);
1082        u8 day = LOBYTE(HIWORD(a->flash_ver));
1083        u8 month = HIBYTE(HIWORD(a->flash_ver));
1084
1085        if (day == 0
1086            || month == 0
1087            || day > 31
1088            || month > 12
1089            || year < 2006
1090            || year > 9999) {
1091                strcpy(a->flash_rev, "not found");
1092                a->flash_ver = 0;
1093                return false;
1094        }
1095
1096        sprintf(a->flash_rev, "%02d/%02d/%04d", month, day, year);
1097        esas2r_hdebug("flash version: %s", a->flash_rev);
1098        return true;
1099}
1100
1101/*
1102 * Find the type of boot image type that is currently in the flash.
1103 * The chip only has a 64 KB PCI-e expansion ROM
1104 * size so only one image can be flashed at a time.
1105 */
1106bool esas2r_read_image_type(struct esas2r_adapter *a)
1107{
1108        u8 bytes[256];
1109        struct esas2r_boot_image *bi;
1110        struct esas2r_boot_header *bh;
1111        u32 sz;
1112        u32 len;
1113        u32 offset;
1114
1115        /* Start at the base of the boot images and look for a valid image */
1116        sz = sizeof(bytes);
1117        len = FLS_LENGTH_BOOT;
1118        offset = 0;
1119
1120        while (true) {
1121                if (!esas2r_read_flash_block(a, bytes, FLS_OFFSET_BOOT +
1122                                             offset,
1123                                             sz))
1124                        goto invalid_rev;
1125
1126                bi = (struct esas2r_boot_image *)bytes;
1127                bh = (struct esas2r_boot_header *)((u8 *)bi +
1128                                                   le16_to_cpu(
1129                                                           bi->header_offset));
1130                if (bi->signature != cpu_to_le16(0xAA55))
1131                        goto invalid_rev;
1132
1133                if (bh->code_type == CODE_TYPE_PC) {
1134                        strcpy(a->image_type, "BIOS");
1135
1136                        return true;
1137                } else if (bh->code_type == CODE_TYPE_EFI) {
1138                        struct esas2r_efi_image *ei;
1139
1140                        /*
1141                         * So we have an EFI image.  There are several types
1142                         * so see which architecture we have.
1143                         */
1144                        ei = (struct esas2r_efi_image *)bytes;
1145
1146                        switch (le16_to_cpu(ei->machine_type)) {
1147                        case EFI_MACHINE_IA32:
1148                                strcpy(a->image_type, "EFI 32-bit");
1149                                return true;
1150
1151                        case EFI_MACHINE_IA64:
1152                                strcpy(a->image_type, "EFI itanium");
1153                                return true;
1154
1155                        case EFI_MACHINE_X64:
1156                                strcpy(a->image_type, "EFI 64-bit");
1157                                return true;
1158
1159                        case EFI_MACHINE_EBC:
1160                                strcpy(a->image_type, "EFI EBC");
1161                                return true;
1162
1163                        default:
1164                                goto invalid_rev;
1165                        }
1166                } else {
1167                        u32 thislen;
1168
1169                        /* jump to the next image */
1170                        thislen = (u32)le16_to_cpu(bh->image_length) * 512;
1171                        if (thislen == 0
1172                            || thislen + offset > len
1173                            || bh->indicator == INDICATOR_LAST)
1174                                break;
1175
1176                        offset += thislen;
1177                }
1178        }
1179
1180invalid_rev:
1181        strcpy(a->image_type, "no boot images");
1182        return false;
1183}
1184
1185/*
1186 *  Read and validate current NVRAM parameters by accessing
1187 *  physical NVRAM directly.  if currently stored parameters are
1188 *  invalid, use the defaults.
1189 */
1190bool esas2r_nvram_read_direct(struct esas2r_adapter *a)
1191{
1192        bool result;
1193
1194        if (down_interruptible(&a->nvram_semaphore))
1195                return false;
1196
1197        if (!esas2r_read_flash_block(a, a->nvram, FLS_OFFSET_NVR,
1198                                     sizeof(struct esas2r_sas_nvram))) {
1199                esas2r_hdebug("NVRAM read failed, using defaults");
1200                return false;
1201        }
1202
1203        result = esas2r_nvram_validate(a);
1204
1205        up(&a->nvram_semaphore);
1206
1207        return result;
1208}
1209
1210/* Interrupt callback to process NVRAM completions. */
1211static void esas2r_nvram_callback(struct esas2r_adapter *a,
1212                                  struct esas2r_request *rq)
1213{
1214        struct atto_vda_flash_req *vrq = &rq->vrq->flash;
1215
1216        if (rq->req_stat == RS_SUCCESS) {
1217                /* last request was successful.  see what to do now. */
1218
1219                switch (vrq->sub_func) {
1220                case VDA_FLASH_BEGINW:
1221                        vrq->sub_func = VDA_FLASH_WRITE;
1222                        rq->req_stat = RS_PENDING;
1223                        break;
1224
1225                case VDA_FLASH_WRITE:
1226                        vrq->sub_func = VDA_FLASH_COMMIT;
1227                        rq->req_stat = RS_PENDING;
1228                        break;
1229
1230                case VDA_FLASH_READ:
1231                        esas2r_nvram_validate(a);
1232                        break;
1233
1234                case VDA_FLASH_COMMIT:
1235                default:
1236                        break;
1237                }
1238        }
1239
1240        if (rq->req_stat != RS_PENDING) {
1241                /* update the NVRAM state */
1242                if (rq->req_stat == RS_SUCCESS)
1243                        set_bit(AF_NVR_VALID, &a->flags);
1244                else
1245                        clear_bit(AF_NVR_VALID, &a->flags);
1246
1247                esas2r_enable_heartbeat(a);
1248
1249                up(&a->nvram_semaphore);
1250        }
1251}
1252
1253/*
1254 * Write the contents of nvram to the adapter's physical NVRAM.
1255 * The cached copy of the NVRAM is also updated.
1256 */
1257bool esas2r_nvram_write(struct esas2r_adapter *a, struct esas2r_request *rq,
1258                        struct esas2r_sas_nvram *nvram)
1259{
1260        struct esas2r_sas_nvram *n = nvram;
1261        u8 sas_address_bytes[8];
1262        u32 *sas_address_dwords = (u32 *)&sas_address_bytes[0];
1263        struct atto_vda_flash_req *vrq = &rq->vrq->flash;
1264
1265        if (test_bit(AF_DEGRADED_MODE, &a->flags))
1266                return false;
1267
1268        if (down_interruptible(&a->nvram_semaphore))
1269                return false;
1270
1271        if (n == NULL)
1272                n = a->nvram;
1273
1274        /* check the validity of the settings */
1275        if (n->version > SASNVR_VERSION) {
1276                up(&a->nvram_semaphore);
1277                return false;
1278        }
1279
1280        memcpy(&sas_address_bytes[0], n->sas_addr, 8);
1281
1282        if (sas_address_bytes[0] != 0x50
1283            || sas_address_bytes[1] != 0x01
1284            || sas_address_bytes[2] != 0x08
1285            || (sas_address_bytes[3] & 0xF0) != 0x60
1286            || ((sas_address_bytes[3] & 0x0F) | sas_address_dwords[1]) == 0) {
1287                up(&a->nvram_semaphore);
1288                return false;
1289        }
1290
1291        if (n->spin_up_delay > SASNVR_SPINUP_MAX)
1292                n->spin_up_delay = SASNVR_SPINUP_MAX;
1293
1294        n->version = SASNVR_VERSION;
1295        n->checksum = n->checksum - esas2r_nvramcalc_cksum(n);
1296        memcpy(a->nvram, n, sizeof(struct esas2r_sas_nvram));
1297
1298        /* write the NVRAM */
1299        n = a->nvram;
1300        esas2r_disable_heartbeat(a);
1301
1302        esas2r_build_flash_req(a,
1303                               rq,
1304                               VDA_FLASH_BEGINW,
1305                               esas2r_nvramcalc_xor_cksum(n),
1306                               FLS_OFFSET_NVR,
1307                               sizeof(struct esas2r_sas_nvram));
1308
1309        if (test_bit(AF_LEGACY_SGE_MODE, &a->flags)) {
1310
1311                vrq->data.sge[0].length =
1312                        cpu_to_le32(SGE_LAST |
1313                                    sizeof(struct esas2r_sas_nvram));
1314                vrq->data.sge[0].address = cpu_to_le64(
1315                        a->uncached_phys + (u64)((u8 *)n - a->uncached));
1316        } else {
1317                vrq->data.prde[0].ctl_len =
1318                        cpu_to_le32(sizeof(struct esas2r_sas_nvram));
1319                vrq->data.prde[0].address = cpu_to_le64(
1320                        a->uncached_phys
1321                        + (u64)((u8 *)n - a->uncached));
1322        }
1323        rq->interrupt_cb = esas2r_nvram_callback;
1324        esas2r_start_request(a, rq);
1325        return true;
1326}
1327
1328/* Validate the cached NVRAM.  if the NVRAM is invalid, load the defaults. */
1329bool esas2r_nvram_validate(struct esas2r_adapter *a)
1330{
1331        struct esas2r_sas_nvram *n = a->nvram;
1332        bool rslt = false;
1333
1334        if (n->signature[0] != 'E'
1335            || n->signature[1] != 'S'
1336            || n->signature[2] != 'A'
1337            || n->signature[3] != 'S') {
1338                esas2r_hdebug("invalid NVRAM signature");
1339        } else if (esas2r_nvramcalc_cksum(n)) {
1340                esas2r_hdebug("invalid NVRAM checksum");
1341        } else if (n->version > SASNVR_VERSION) {
1342                esas2r_hdebug("invalid NVRAM version");
1343        } else {
1344                set_bit(AF_NVR_VALID, &a->flags);
1345                rslt = true;
1346        }
1347
1348        if (rslt == false) {
1349                esas2r_hdebug("using defaults");
1350                esas2r_nvram_set_defaults(a);
1351        }
1352
1353        return rslt;
1354}
1355
1356/*
1357 * Set the cached NVRAM to defaults.  note that this function sets the default
1358 * NVRAM when it has been determined that the physical NVRAM is invalid.
1359 * In this case, the SAS address is fabricated.
1360 */
1361void esas2r_nvram_set_defaults(struct esas2r_adapter *a)
1362{
1363        struct esas2r_sas_nvram *n = a->nvram;
1364        u32 time = jiffies_to_msecs(jiffies);
1365
1366        clear_bit(AF_NVR_VALID, &a->flags);
1367        *n = default_sas_nvram;
1368        n->sas_addr[3] |= 0x0F;
1369        n->sas_addr[4] = HIBYTE(LOWORD(time));
1370        n->sas_addr[5] = LOBYTE(LOWORD(time));
1371        n->sas_addr[6] = a->pcid->bus->number;
1372        n->sas_addr[7] = a->pcid->devfn;
1373}
1374
1375void esas2r_nvram_get_defaults(struct esas2r_adapter *a,
1376                               struct esas2r_sas_nvram *nvram)
1377{
1378        u8 sas_addr[8];
1379
1380        /*
1381         * in case we are copying the defaults into the adapter, copy the SAS
1382         * address out first.
1383         */
1384        memcpy(&sas_addr[0], a->nvram->sas_addr, 8);
1385        *nvram = default_sas_nvram;
1386        memcpy(&nvram->sas_addr[0], &sas_addr[0], 8);
1387}
1388
1389bool esas2r_fm_api(struct esas2r_adapter *a, struct esas2r_flash_img *fi,
1390                   struct esas2r_request *rq, struct esas2r_sg_context *sgc)
1391{
1392        struct esas2r_flash_context *fc = &a->flash_context;
1393        u8 j;
1394        struct esas2r_component_header *ch;
1395
1396        if (test_and_set_bit(AF_FLASH_LOCK, &a->flags)) {
1397                /* flag was already set */
1398                fi->status = FI_STAT_BUSY;
1399                return false;
1400        }
1401
1402        memcpy(&fc->sgc, sgc, sizeof(struct esas2r_sg_context));
1403        sgc = &fc->sgc;
1404        fc->fi = fi;
1405        fc->sgc_offset = sgc->cur_offset;
1406        rq->req_stat = RS_SUCCESS;
1407        rq->interrupt_cx = fc;
1408
1409        switch (fi->fi_version) {
1410        case FI_VERSION_1:
1411                fc->scratch = ((struct esas2r_flash_img *)fi)->scratch_buf;
1412                fc->num_comps = FI_NUM_COMPS_V1;
1413                fc->fi_hdr_len = sizeof(struct esas2r_flash_img);
1414                break;
1415
1416        default:
1417                return complete_fmapi_req(a, rq, FI_STAT_IMG_VER);
1418        }
1419
1420        if (test_bit(AF_DEGRADED_MODE, &a->flags))
1421                return complete_fmapi_req(a, rq, FI_STAT_DEGRADED);
1422
1423        switch (fi->action) {
1424        case FI_ACT_DOWN: /* Download the components */
1425                /* Verify the format of the flash image */
1426                if (!verify_fi(a, fc))
1427                        return complete_fmapi_req(a, rq, fi->status);
1428
1429                /* Adjust the BIOS fields that are dependent on the HBA */
1430                ch = &fi->cmp_hdr[CH_IT_BIOS];
1431
1432                if (ch->length)
1433                        fix_bios(a, fi);
1434
1435                /* Adjust the EFI fields that are dependent on the HBA */
1436                ch = &fi->cmp_hdr[CH_IT_EFI];
1437
1438                if (ch->length)
1439                        fix_efi(a, fi);
1440
1441                /*
1442                 * Since the image was just modified, compute the checksum on
1443                 * the modified image.  First update the CRC for the composite
1444                 * expansion ROM image.
1445                 */
1446                fi->checksum = calc_fi_checksum(fc);
1447
1448                /* Disable the heartbeat */
1449                esas2r_disable_heartbeat(a);
1450
1451                /* Now start up the download sequence */
1452                fc->task = FMTSK_ERASE_BOOT;
1453                fc->func = VDA_FLASH_BEGINW;
1454                fc->comp_typ = CH_IT_CFG;
1455                fc->flsh_addr = FLS_OFFSET_BOOT;
1456                fc->sgc.length = FLS_LENGTH_BOOT;
1457                fc->sgc.cur_offset = NULL;
1458
1459                /* Setup the callback address */
1460                fc->interrupt_cb = fw_download_proc;
1461                break;
1462
1463        case FI_ACT_UPSZ: /* Get upload sizes */
1464                fi->adap_typ = get_fi_adap_type(a);
1465                fi->flags = 0;
1466                fi->num_comps = fc->num_comps;
1467                fi->length = fc->fi_hdr_len;
1468
1469                /* Report the type of boot image in the rel_version string */
1470                memcpy(fi->rel_version, a->image_type,
1471                       sizeof(fi->rel_version));
1472
1473                /* Build the component headers */
1474                for (j = 0, ch = fi->cmp_hdr;
1475                     j < fi->num_comps;
1476                     j++, ch++) {
1477                        ch->img_type = j;
1478                        ch->status = CH_STAT_PENDING;
1479                        ch->length = 0;
1480                        ch->version = 0xffffffff;
1481                        ch->image_offset = 0;
1482                        ch->pad[0] = 0;
1483                        ch->pad[1] = 0;
1484                }
1485
1486                if (a->flash_ver != 0) {
1487                        fi->cmp_hdr[CH_IT_BIOS].version =
1488                                fi->cmp_hdr[CH_IT_MAC].version =
1489                                        fi->cmp_hdr[CH_IT_EFI].version =
1490                                                fi->cmp_hdr[CH_IT_CFG].version
1491                                                        = a->flash_ver;
1492
1493                        fi->cmp_hdr[CH_IT_BIOS].status =
1494                                fi->cmp_hdr[CH_IT_MAC].status =
1495                                        fi->cmp_hdr[CH_IT_EFI].status =
1496                                                fi->cmp_hdr[CH_IT_CFG].status =
1497                                                        CH_STAT_SUCCESS;
1498
1499                        return complete_fmapi_req(a, rq, FI_STAT_SUCCESS);
1500                }
1501
1502        /* fall through */
1503
1504        case FI_ACT_UP: /* Upload the components */
1505        default:
1506                return complete_fmapi_req(a, rq, FI_STAT_INVALID);
1507        }
1508
1509        /*
1510         * If we make it here, fc has been setup to do the first task.  Call
1511         * load_image to format the request, start it, and get out.  The
1512         * interrupt code will call the callback when the first message is
1513         * complete.
1514         */
1515        if (!load_image(a, rq))
1516                return complete_fmapi_req(a, rq, FI_STAT_FAILED);
1517
1518        esas2r_start_request(a, rq);
1519
1520        return true;
1521}
1522