drivers/staging/greybus/bootrom.c

   1 /*
   2  * BOOTROM Greybus driver.
   3  *
   4  * Copyright 2016 Google Inc.
   5  * Copyright 2016 Linaro Ltd.
   6  *
   7  * Released under the GPLv2 only.
   8  */
   9
  10 #include <linux/firmware.h>
  11 #include <linux/jiffies.h>
  12 #include <linux/mutex.h>
  13 #include <linux/workqueue.h>
  14
  15 #include "greybus.h"
  16 #include "firmware.h"
  17
  18 /* Timeout, in jiffies, within which the next request must be received */
  19 #define NEXT_REQ_TIMEOUT_MS     1000
  20
  21 /*
  22  * FIXME: Reduce this timeout once svc core handles parallel processing of
  23  * events from the SVC, which are handled sequentially today.
  24  */
  25 #define MODE_SWITCH_TIMEOUT_MS  10000
  26
  27 enum next_request_type {
  28         NEXT_REQ_FIRMWARE_SIZE,
  29         NEXT_REQ_GET_FIRMWARE,
  30         NEXT_REQ_READY_TO_BOOT,
  31         NEXT_REQ_MODE_SWITCH,
  32 };
  33
  34 struct gb_bootrom {
  35         struct gb_connection    *connection;
  36         const struct firmware   *fw;
  37         u8                      protocol_major;
  38         u8                      protocol_minor;
  39         enum next_request_type  next_request;
  40         struct delayed_work     dwork;
  41         struct mutex            mutex; /* Protects bootrom->fw */
  42 };
  43
  44 static void free_firmware(struct gb_bootrom *bootrom)
  45 {
  46         if (!bootrom->fw)
  47                 return;
  48
  49         release_firmware(bootrom->fw);
  50         bootrom->fw = NULL;
  51 }
  52
  53 static void gb_bootrom_timedout(struct work_struct *work)
  54 {
  55         struct delayed_work *dwork = to_delayed_work(work);
  56         struct gb_bootrom *bootrom = container_of(dwork, struct gb_bootrom, dwork);
  57         struct device *dev = &bootrom->connection->bundle->dev;
  58         const char *reason;
  59
  60         switch (bootrom->next_request) {
  61         case NEXT_REQ_FIRMWARE_SIZE:
  62                 reason = "Firmware Size Request";
  63                 break;
  64         case NEXT_REQ_GET_FIRMWARE:
  65                 reason = "Get Firmware Request";
  66                 break;
  67         case NEXT_REQ_READY_TO_BOOT:
  68                 reason = "Ready to Boot Request";
  69                 break;
  70         case NEXT_REQ_MODE_SWITCH:
  71                 reason = "Interface Mode Switch";
  72                 break;
  73         default:
  74                 reason = NULL;
  75                 dev_err(dev, "Invalid next-request: %u", bootrom->next_request);
  76                 break;
  77         }
  78
  79         dev_err(dev, "Timed out waiting for %s from the Module\n", reason);
  80
  81         mutex_lock(&bootrom->mutex);
  82         free_firmware(bootrom);
  83         mutex_unlock(&bootrom->mutex);
  84
  85         /* TODO: Power-off Module ? */
  86 }
  87
  88 static void gb_bootrom_set_timeout(struct gb_bootrom *bootrom,
  89                         enum next_request_type next, unsigned long timeout)
  90 {
  91         bootrom->next_request = next;
  92         schedule_delayed_work(&bootrom->dwork, msecs_to_jiffies(timeout));
  93 }
  94
  95 static void gb_bootrom_cancel_timeout(struct gb_bootrom *bootrom)
  96 {
  97         cancel_delayed_work_sync(&bootrom->dwork);
  98 }
  99
 100 /*
 101  * The es2 chip doesn't have VID/PID programmed into the hardware and we need to
 102  * hack that up to distinguish different modules and their firmware blobs.
 103  *
 104  * This fetches VID/PID (over bootrom protocol) for es2 chip only, when VID/PID
 105  * already sent during hotplug are 0.
 106  *
 107  * Otherwise, we keep intf->vendor_id/product_id same as what's passed
 108  * during hotplug.
 109  */
 110 static void bootrom_es2_fixup_vid_pid(struct gb_bootrom *bootrom)
 111 {
 112         struct gb_bootrom_get_vid_pid_response response;
 113         struct gb_connection *connection = bootrom->connection;
 114         struct gb_interface *intf = connection->bundle->intf;
 115         int ret;
 116
 117         if (!(intf->quirks & GB_INTERFACE_QUIRK_NO_ARA_IDS))
 118                 return;
 119
 120         ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_GET_VID_PID,
 121                                 NULL, 0, &response, sizeof(response));
 122         if (ret) {
 123                 dev_err(&connection->bundle->dev,
 124                         "Bootrom get vid/pid operation failed (%d)\n", ret);
 125                 return;
 126         }
 127
 128         /*
 129          * NOTE: This is hacked, so that the same values of VID/PID can be used
 130          * by next firmware level as well. The uevent for bootrom will still
 131          * have VID/PID as 0, though after this point the sysfs files will start
 132          * showing the updated values. But yeah, that's a bit racy as the same
 133          * sysfs files would be showing 0 before this point.
 134          */
 135         intf->vendor_id = le32_to_cpu(response.vendor_id);
 136         intf->product_id = le32_to_cpu(response.product_id);
 137
 138         dev_dbg(&connection->bundle->dev, "Bootrom got vid (0x%x)/pid (0x%x)\n",
 139                 intf->vendor_id, intf->product_id);
 140 }
 141
 142 /* This returns path of the firmware blob on the disk */
 143 static int find_firmware(struct gb_bootrom *bootrom, u8 stage)
 144 {
 145         struct gb_connection *connection = bootrom->connection;
 146         struct gb_interface *intf = connection->bundle->intf;
 147         char firmware_name[49];
 148         int rc;
 149
 150         /* Already have a firmware, free it */
 151         free_firmware(bootrom);
 152
 153         /* Bootrom protocol is only supported for loading Stage 2 firmware */
 154         if (stage != 2) {
 155                 dev_err(&connection->bundle->dev, "Invalid boot stage: %u\n",
 156                         stage);
 157                 return -EINVAL;
 158         }
 159
 160         /*
 161          * Create firmware name
 162          *
 163          * XXX Name it properly..
 164          */
 165         snprintf(firmware_name, sizeof(firmware_name),
 166                  FW_NAME_PREFIX "%08x_%08x_%08x_%08x_s2l.tftf",
 167                  intf->ddbl1_manufacturer_id, intf->ddbl1_product_id,
 168                  intf->vendor_id, intf->product_id);
 169
 170         // FIXME:
 171         // Turn to dev_dbg later after everyone has valid bootloaders with good
 172         // ids, but leave this as dev_info for now to make it easier to track
 173         // down "empty" vid/pid modules.
 174         dev_info(&connection->bundle->dev, "Firmware file '%s' requested\n",
 175                  firmware_name);
 176
 177         rc = request_firmware(&bootrom->fw, firmware_name,
 178                 &connection->bundle->dev);
 179         if (rc) {
 180                 dev_err(&connection->bundle->dev,
 181                         "failed to find %s firmware (%d)\n", firmware_name, rc);
 182         }
 183
 184         return rc;
 185 }
 186
 187 static int gb_bootrom_firmware_size_request(struct gb_operation *op)
 188 {
 189         struct gb_bootrom *bootrom = gb_connection_get_data(op->connection);
 190         struct gb_bootrom_firmware_size_request *size_request = op->request->payload;
 191         struct gb_bootrom_firmware_size_response *size_response;
 192         struct device *dev = &op->connection->bundle->dev;
 193         int ret;
 194
 195         /* Disable timeouts */
 196         gb_bootrom_cancel_timeout(bootrom);
 197
 198         if (op->request->payload_size != sizeof(*size_request)) {
 199                 dev_err(dev, "%s: illegal size of firmware size request (%zu != %zu)\n",
 200                         __func__, op->request->payload_size,
 201                         sizeof(*size_request));
 202                 ret = -EINVAL;
 203                 goto queue_work;
 204         }
 205
 206         mutex_lock(&bootrom->mutex);
 207
 208         ret = find_firmware(bootrom, size_request->stage);
 209         if (ret)
 210                 goto unlock;
 211
 212         if (!gb_operation_response_alloc(op, sizeof(*size_response),
 213                                          GFP_KERNEL)) {
 214                 dev_err(dev, "%s: error allocating response\n", __func__);
 215                 free_firmware(bootrom);
 216                 ret = -ENOMEM;
 217                 goto unlock;
 218         }
 219
 220         size_response = op->response->payload;
 221         size_response->size = cpu_to_le32(bootrom->fw->size);
 222
 223         dev_dbg(dev, "%s: firmware size %d bytes\n", __func__, size_response->size);
 224
 225 unlock:
 226         mutex_unlock(&bootrom->mutex);
 227
 228 queue_work:
 229         if (!ret) {
 230                 /* Refresh timeout */
 231                 gb_bootrom_set_timeout(bootrom, NEXT_REQ_GET_FIRMWARE,
 232                                        NEXT_REQ_TIMEOUT_MS);
 233         }
 234
 235         return ret;
 236 }
 237
 238 static int gb_bootrom_get_firmware(struct gb_operation *op)
 239 {
 240         struct gb_bootrom *bootrom = gb_connection_get_data(op->connection);
 241         const struct firmware *fw;
 242         struct gb_bootrom_get_firmware_request *firmware_request;
 243         struct gb_bootrom_get_firmware_response *firmware_response;
 244         struct device *dev = &op->connection->bundle->dev;
 245         unsigned int offset, size;
 246         enum next_request_type next_request;
 247         int ret = 0;
 248
 249         /* Disable timeouts */
 250         gb_bootrom_cancel_timeout(bootrom);
 251
 252         if (op->request->payload_size != sizeof(*firmware_request)) {
 253                 dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n",
 254                         __func__, op->request->payload_size,
 255                         sizeof(*firmware_request));
 256                 ret = -EINVAL;
 257                 goto queue_work;
 258         }
 259
 260         mutex_lock(&bootrom->mutex);
 261
 262         fw = bootrom->fw;
 263         if (!fw) {
 264                 dev_err(dev, "%s: firmware not available\n", __func__);
 265                 ret = -EINVAL;
 266                 goto unlock;
 267         }
 268
 269         firmware_request = op->request->payload;
 270         offset = le32_to_cpu(firmware_request->offset);
 271         size = le32_to_cpu(firmware_request->size);
 272
 273         if (offset >= fw->size || size > fw->size - offset) {
 274                 dev_warn(dev, "bad firmware request (offs = %u, size = %u)\n",
 275                                 offset, size);
 276                 ret = -EINVAL;
 277                 goto unlock;
 278         }
 279
 280         if (!gb_operation_response_alloc(op, sizeof(*firmware_response) + size,
 281                                          GFP_KERNEL)) {
 282                 dev_err(dev, "%s: error allocating response\n", __func__);
 283                 ret = -ENOMEM;
 284                 goto unlock;
 285         }
 286
 287         firmware_response = op->response->payload;
 288         memcpy(firmware_response->data, fw->data + offset, size);
 289
 290         dev_dbg(dev, "responding with firmware (offs = %u, size = %u)\n", offset,
 291                 size);
 292
 293 unlock:
 294         mutex_unlock(&bootrom->mutex);
 295
 296 queue_work:
 297         /* Refresh timeout */
 298         if (!ret && (offset + size == fw->size))
 299                 next_request = NEXT_REQ_READY_TO_BOOT;
 300         else
 301                 next_request = NEXT_REQ_GET_FIRMWARE;
 302
 303         gb_bootrom_set_timeout(bootrom, next_request, NEXT_REQ_TIMEOUT_MS);
 304
 305         return ret;
 306 }
 307
 308 static int gb_bootrom_ready_to_boot(struct gb_operation *op)
 309 {
 310         struct gb_connection *connection = op->connection;
 311         struct gb_bootrom *bootrom = gb_connection_get_data(connection);
 312         struct gb_bootrom_ready_to_boot_request *rtb_request;
 313         struct device *dev = &connection->bundle->dev;
 314         u8 status;
 315         int ret = 0;
 316
 317         /* Disable timeouts */
 318         gb_bootrom_cancel_timeout(bootrom);
 319
 320         if (op->request->payload_size != sizeof(*rtb_request)) {
 321                 dev_err(dev, "%s: Illegal size of ready to boot request (%zu %zu)\n",
 322                         __func__, op->request->payload_size,
 323                         sizeof(*rtb_request));
 324                 ret = -EINVAL;
 325                 goto queue_work;
 326         }
 327
 328         rtb_request = op->request->payload;
 329         status = rtb_request->status;
 330
 331         /* Return error if the blob was invalid */
 332         if (status == GB_BOOTROM_BOOT_STATUS_INVALID) {
 333                 ret = -EINVAL;
 334                 goto queue_work;
 335         }
 336
 337         /*
 338          * XXX Should we return error for insecure firmware?
 339          */
 340         dev_dbg(dev, "ready to boot: 0x%x, 0\n", status);
 341
 342 queue_work:
 343         /*
 344          * Refresh timeout, the Interface shall load the new personality and
 345          * send a new hotplug request, which shall get rid of the bootrom
 346          * connection. As that can take some time, increase the timeout a bit.
 347          */
 348         gb_bootrom_set_timeout(bootrom, NEXT_REQ_MODE_SWITCH,
 349                                MODE_SWITCH_TIMEOUT_MS);
 350
 351         return ret;
 352 }
 353
 354 static int gb_bootrom_request_handler(struct gb_operation *op)
 355 {
 356         u8 type = op->type;
 357
 358         switch (type) {
 359         case GB_BOOTROM_TYPE_FIRMWARE_SIZE:
 360                 return gb_bootrom_firmware_size_request(op);
 361         case GB_BOOTROM_TYPE_GET_FIRMWARE:
 362                 return gb_bootrom_get_firmware(op);
 363         case GB_BOOTROM_TYPE_READY_TO_BOOT:
 364                 return gb_bootrom_ready_to_boot(op);
 365         default:
 366                 dev_err(&op->connection->bundle->dev,
 367                         "unsupported request: %u\n", type);
 368                 return -EINVAL;
 369         }
 370 }
 371
 372 static int gb_bootrom_get_version(struct gb_bootrom *bootrom)
 373 {
 374         struct gb_bundle *bundle = bootrom->connection->bundle;
 375         struct gb_bootrom_version_request request;
 376         struct gb_bootrom_version_response response;
 377         int ret;
 378
 379         request.major = GB_BOOTROM_VERSION_MAJOR;
 380         request.minor = GB_BOOTROM_VERSION_MINOR;
 381
 382         ret = gb_operation_sync(bootrom->connection,
 383                                 GB_BOOTROM_TYPE_VERSION,
 384                                 &request, sizeof(request), &response,
 385                                 sizeof(response));
 386         if (ret) {
 387                 dev_err(&bundle->dev,
 388                                 "failed to get protocol version: %d\n",
 389                                 ret);
 390                 return ret;
 391         }
 392
 393         if (response.major > request.major) {
 394                 dev_err(&bundle->dev,
 395                                 "unsupported major protocol version (%u > %u)\n",
 396                                 response.major, request.major);
 397                 return -ENOTSUPP;
 398         }
 399
 400         bootrom->protocol_major = response.major;
 401         bootrom->protocol_minor = response.minor;
 402
 403         dev_dbg(&bundle->dev, "%s - %u.%u\n", __func__, response.major,
 404                         response.minor);
 405
 406         return 0;
 407 }
 408
 409 static int gb_bootrom_probe(struct gb_bundle *bundle,
 410                                         const struct greybus_bundle_id *id)
 411 {
 412         struct greybus_descriptor_cport *cport_desc;
 413         struct gb_connection *connection;
 414         struct gb_bootrom *bootrom;
 415         int ret;
 416
 417         if (bundle->num_cports != 1)
 418                 return -ENODEV;
 419
 420         cport_desc = &bundle->cport_desc[0];
 421         if (cport_desc->protocol_id != GREYBUS_PROTOCOL_BOOTROM)
 422                 return -ENODEV;
 423
 424         bootrom = kzalloc(sizeof(*bootrom), GFP_KERNEL);
 425         if (!bootrom)
 426                 return -ENOMEM;
 427
 428         connection = gb_connection_create(bundle,
 429                                                 le16_to_cpu(cport_desc->id),
 430                                                 gb_bootrom_request_handler);
 431         if (IS_ERR(connection)) {
 432                 ret = PTR_ERR(connection);
 433                 goto err_free_bootrom;
 434         }
 435
 436         gb_connection_set_data(connection, bootrom);
 437
 438         bootrom->connection = connection;
 439
 440         mutex_init(&bootrom->mutex);
 441         INIT_DELAYED_WORK(&bootrom->dwork, gb_bootrom_timedout);
 442         greybus_set_drvdata(bundle, bootrom);
 443
 444         ret = gb_connection_enable_tx(connection);
 445         if (ret)
 446                 goto err_connection_destroy;
 447
 448         ret = gb_bootrom_get_version(bootrom);
 449         if (ret)
 450                 goto err_connection_disable;
 451
 452         bootrom_es2_fixup_vid_pid(bootrom);
 453
 454         ret = gb_connection_enable(connection);
 455         if (ret)
 456                 goto err_connection_disable;
 457
 458         /* Refresh timeout */
 459         gb_bootrom_set_timeout(bootrom, NEXT_REQ_FIRMWARE_SIZE,
 460                                NEXT_REQ_TIMEOUT_MS);
 461
 462         /* Tell bootrom we're ready. */
 463         ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_AP_READY, NULL, 0,
 464                                 NULL, 0);
 465         if (ret) {
 466                 dev_err(&connection->bundle->dev,
 467                                 "failed to send AP READY: %d\n", ret);
 468                 goto err_cancel_timeout;
 469         }
 470
 471         dev_dbg(&bundle->dev, "AP_READY sent\n");
 472
 473         return 0;
 474
 475 err_cancel_timeout:
 476         gb_bootrom_cancel_timeout(bootrom);
 477 err_connection_disable:
 478         gb_connection_disable(connection);
 479 err_connection_destroy:
 480         gb_connection_destroy(connection);
 481 err_free_bootrom:
 482         kfree(bootrom);
 483
 484         return ret;
 485 }
 486
 487 static void gb_bootrom_disconnect(struct gb_bundle *bundle)
 488 {
 489         struct gb_bootrom *bootrom = greybus_get_drvdata(bundle);
 490
 491         dev_dbg(&bundle->dev, "%s\n", __func__);
 492
 493         gb_connection_disable(bootrom->connection);
 494
 495         /* Disable timeouts */
 496         gb_bootrom_cancel_timeout(bootrom);
 497
 498         /*
 499          * Release firmware:
 500          *
 501          * As the connection and the delayed work are already disabled, we don't
 502          * need to lock access to bootrom->fw here.
 503          */
 504         free_firmware(bootrom);
 505
 506         gb_connection_destroy(bootrom->connection);
 507         kfree(bootrom);
 508 }
 509
 510 static const struct greybus_bundle_id gb_bootrom_id_table[] = {
 511         { GREYBUS_DEVICE_CLASS(GREYBUS_CLASS_BOOTROM) },
 512         { }
 513 };
 514
 515 static struct greybus_driver gb_bootrom_driver = {
 516         .name           = "bootrom",
 517         .probe          = gb_bootrom_probe,
 518         .disconnect     = gb_bootrom_disconnect,
 519         .id_table       = gb_bootrom_id_table,
 520 };
 521
 522 module_greybus_driver(gb_bootrom_driver);
 523
 524 MODULE_LICENSE("GPL v2");