drivers/staging/greybus/bootrom.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * BOOTROM Greybus driver.
   4  *
   5  * Copyright 2016 Google Inc.
   6  * Copyright 2016 Linaro Ltd.
   7  */
   8
   9 #include <linux/firmware.h>
  10 #include <linux/jiffies.h>
  11 #include <linux/mutex.h>
  12 #include <linux/workqueue.h>
  13 #include <linux/greybus.h>
  14
  15 #include "firmware.h"
  16
  17 /* Timeout, in jiffies, within which the next request must be received */
  18 #define NEXT_REQ_TIMEOUT_MS     1000
  19
  20 /*
  21  * FIXME: Reduce this timeout once svc core handles parallel processing of
  22  * events from the SVC, which are handled sequentially today.
  23  */
  24 #define MODE_SWITCH_TIMEOUT_MS  10000
  25
  26 enum next_request_type {
  27         NEXT_REQ_FIRMWARE_SIZE,
  28         NEXT_REQ_GET_FIRMWARE,
  29         NEXT_REQ_READY_TO_BOOT,
  30         NEXT_REQ_MODE_SWITCH,
  31 };
  32
  33 struct gb_bootrom {
  34         struct gb_connection    *connection;
  35         const struct firmware   *fw;
  36         u8                      protocol_major;
  37         u8                      protocol_minor;
  38         enum next_request_type  next_request;
  39         struct delayed_work     dwork;
  40         struct mutex            mutex; /* Protects bootrom->fw */
  41 };
  42
  43 static void free_firmware(struct gb_bootrom *bootrom)
  44 {
  45         if (!bootrom->fw)
  46                 return;
  47
  48         release_firmware(bootrom->fw);
  49         bootrom->fw = NULL;
  50 }
  51
  52 static void gb_bootrom_timedout(struct work_struct *work)
  53 {
  54         struct delayed_work *dwork = to_delayed_work(work);
  55         struct gb_bootrom *bootrom = container_of(dwork,
  56                                                   struct gb_bootrom, dwork);
  57         struct device *dev = &bootrom->connection->bundle->dev;
  58         const char *reason;
  59
  60         switch (bootrom->next_request) {
  61         case NEXT_REQ_FIRMWARE_SIZE:
  62                 reason = "Firmware Size Request";
  63                 break;
  64         case NEXT_REQ_GET_FIRMWARE:
  65                 reason = "Get Firmware Request";
  66                 break;
  67         case NEXT_REQ_READY_TO_BOOT:
  68                 reason = "Ready to Boot Request";
  69                 break;
  70         case NEXT_REQ_MODE_SWITCH:
  71                 reason = "Interface Mode Switch";
  72                 break;
  73         default:
  74                 reason = NULL;
  75                 dev_err(dev, "Invalid next-request: %u", bootrom->next_request);
  76                 break;
  77         }
  78
  79         dev_err(dev, "Timed out waiting for %s from the Module\n", reason);
  80
  81         mutex_lock(&bootrom->mutex);
  82         free_firmware(bootrom);
  83         mutex_unlock(&bootrom->mutex);
  84
  85         /* TODO: Power-off Module ? */
  86 }
  87
  88 static void gb_bootrom_set_timeout(struct gb_bootrom *bootrom,
  89                                    enum next_request_type next,
  90                                    unsigned long timeout)
  91 {
  92         bootrom->next_request = next;
  93         schedule_delayed_work(&bootrom->dwork, msecs_to_jiffies(timeout));
  94 }
  95
  96 static void gb_bootrom_cancel_timeout(struct gb_bootrom *bootrom)
  97 {
  98         cancel_delayed_work_sync(&bootrom->dwork);
  99 }
 100
 101 /*
 102  * The es2 chip doesn't have VID/PID programmed into the hardware and we need to
 103  * hack that up to distinguish different modules and their firmware blobs.
 104  *
 105  * This fetches VID/PID (over bootrom protocol) for es2 chip only, when VID/PID
 106  * already sent during hotplug are 0.
 107  *
 108  * Otherwise, we keep intf->vendor_id/product_id same as what's passed
 109  * during hotplug.
 110  */
 111 static void bootrom_es2_fixup_vid_pid(struct gb_bootrom *bootrom)
 112 {
 113         struct gb_bootrom_get_vid_pid_response response;
 114         struct gb_connection *connection = bootrom->connection;
 115         struct gb_interface *intf = connection->bundle->intf;
 116         int ret;
 117
 118         if (!(intf->quirks & GB_INTERFACE_QUIRK_NO_GMP_IDS))
 119                 return;
 120
 121         ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_GET_VID_PID,
 122                                 NULL, 0, &response, sizeof(response));
 123         if (ret) {
 124                 dev_err(&connection->bundle->dev,
 125                         "Bootrom get vid/pid operation failed (%d)\n", ret);
 126                 return;
 127         }
 128
 129         /*
 130          * NOTE: This is hacked, so that the same values of VID/PID can be used
 131          * by next firmware level as well. The uevent for bootrom will still
 132          * have VID/PID as 0, though after this point the sysfs files will start
 133          * showing the updated values. But yeah, that's a bit racy as the same
 134          * sysfs files would be showing 0 before this point.
 135          */
 136         intf->vendor_id = le32_to_cpu(response.vendor_id);
 137         intf->product_id = le32_to_cpu(response.product_id);
 138
 139         dev_dbg(&connection->bundle->dev, "Bootrom got vid (0x%x)/pid (0x%x)\n",
 140                 intf->vendor_id, intf->product_id);
 141 }
 142
 143 /* This returns path of the firmware blob on the disk */
 144 static int find_firmware(struct gb_bootrom *bootrom, u8 stage)
 145 {
 146         struct gb_connection *connection = bootrom->connection;
 147         struct gb_interface *intf = connection->bundle->intf;
 148         char firmware_name[49];
 149         int rc;
 150
 151         /* Already have a firmware, free it */
 152         free_firmware(bootrom);
 153
 154         /* Bootrom protocol is only supported for loading Stage 2 firmware */
 155         if (stage != 2) {
 156                 dev_err(&connection->bundle->dev, "Invalid boot stage: %u\n",
 157                         stage);
 158                 return -EINVAL;
 159         }
 160
 161         /*
 162          * Create firmware name
 163          *
 164          * XXX Name it properly..
 165          */
 166         snprintf(firmware_name, sizeof(firmware_name),
 167                  FW_NAME_PREFIX "%08x_%08x_%08x_%08x_s2l.tftf",
 168                  intf->ddbl1_manufacturer_id, intf->ddbl1_product_id,
 169                  intf->vendor_id, intf->product_id);
 170
 171         // FIXME:
 172         // Turn to dev_dbg later after everyone has valid bootloaders with good
 173         // ids, but leave this as dev_info for now to make it easier to track
 174         // down "empty" vid/pid modules.
 175         dev_info(&connection->bundle->dev, "Firmware file '%s' requested\n",
 176                  firmware_name);
 177
 178         rc = request_firmware(&bootrom->fw, firmware_name,
 179                               &connection->bundle->dev);
 180         if (rc) {
 181                 dev_err(&connection->bundle->dev,
 182                         "failed to find %s firmware (%d)\n", firmware_name, rc);
 183         }
 184
 185         return rc;
 186 }
 187
 188 static int gb_bootrom_firmware_size_request(struct gb_operation *op)
 189 {
 190         struct gb_bootrom *bootrom = gb_connection_get_data(op->connection);
 191         struct gb_bootrom_firmware_size_request *size_request =
 192                 op->request->payload;
 193         struct gb_bootrom_firmware_size_response *size_response;
 194         struct device *dev = &op->connection->bundle->dev;
 195         int ret;
 196
 197         /* Disable timeouts */
 198         gb_bootrom_cancel_timeout(bootrom);
 199
 200         if (op->request->payload_size != sizeof(*size_request)) {
 201                 dev_err(dev, "%s: illegal size of firmware size request (%zu != %zu)\n",
 202                         __func__, op->request->payload_size,
 203                         sizeof(*size_request));
 204                 ret = -EINVAL;
 205                 goto queue_work;
 206         }
 207
 208         mutex_lock(&bootrom->mutex);
 209
 210         ret = find_firmware(bootrom, size_request->stage);
 211         if (ret)
 212                 goto unlock;
 213
 214         if (!gb_operation_response_alloc(op, sizeof(*size_response),
 215                                          GFP_KERNEL)) {
 216                 dev_err(dev, "%s: error allocating response\n", __func__);
 217                 free_firmware(bootrom);
 218                 ret = -ENOMEM;
 219                 goto unlock;
 220         }
 221
 222         size_response = op->response->payload;
 223         size_response->size = cpu_to_le32(bootrom->fw->size);
 224
 225         dev_dbg(dev, "%s: firmware size %d bytes\n",
 226                 __func__, size_response->size);
 227
 228 unlock:
 229         mutex_unlock(&bootrom->mutex);
 230
 231 queue_work:
 232         if (!ret) {
 233                 /* Refresh timeout */
 234                 gb_bootrom_set_timeout(bootrom, NEXT_REQ_GET_FIRMWARE,
 235                                        NEXT_REQ_TIMEOUT_MS);
 236         }
 237
 238         return ret;
 239 }
 240
 241 static int gb_bootrom_get_firmware(struct gb_operation *op)
 242 {
 243         struct gb_bootrom *bootrom = gb_connection_get_data(op->connection);
 244         const struct firmware *fw;
 245         struct gb_bootrom_get_firmware_request *firmware_request;
 246         struct device *dev = &op->connection->bundle->dev;
 247         unsigned int offset, size;
 248         enum next_request_type next_request;
 249         u8 *firmware_response;
 250         int ret = 0;
 251
 252         /* Disable timeouts */
 253         gb_bootrom_cancel_timeout(bootrom);
 254
 255         if (op->request->payload_size != sizeof(*firmware_request)) {
 256                 dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n",
 257                         __func__, op->request->payload_size,
 258                         sizeof(*firmware_request));
 259                 ret = -EINVAL;
 260                 goto queue_work;
 261         }
 262
 263         mutex_lock(&bootrom->mutex);
 264
 265         fw = bootrom->fw;
 266         if (!fw) {
 267                 dev_err(dev, "%s: firmware not available\n", __func__);
 268                 ret = -EINVAL;
 269                 goto unlock;
 270         }
 271
 272         firmware_request = op->request->payload;
 273         offset = le32_to_cpu(firmware_request->offset);
 274         size = le32_to_cpu(firmware_request->size);
 275
 276         if (offset >= fw->size || size > fw->size - offset) {
 277                 dev_warn(dev, "bad firmware request (offs = %u, size = %u)\n",
 278                          offset, size);
 279                 ret = -EINVAL;
 280                 goto unlock;
 281         }
 282
 283         /* gb_bootrom_get_firmware_response contains only a byte array */
 284         if (!gb_operation_response_alloc(op, size, GFP_KERNEL)) {
 285                 dev_err(dev, "%s: error allocating response\n", __func__);
 286                 ret = -ENOMEM;
 287                 goto unlock;
 288         }
 289
 290         firmware_response = op->response->payload;
 291         memcpy(firmware_response, fw->data + offset, size);
 292
 293         dev_dbg(dev, "responding with firmware (offs = %u, size = %u)\n",
 294                 offset, size);
 295
 296 unlock:
 297         mutex_unlock(&bootrom->mutex);
 298
 299 queue_work:
 300         /* Refresh timeout */
 301         if (!ret && (offset + size == fw->size))
 302                 next_request = NEXT_REQ_READY_TO_BOOT;
 303         else
 304                 next_request = NEXT_REQ_GET_FIRMWARE;
 305
 306         gb_bootrom_set_timeout(bootrom, next_request, NEXT_REQ_TIMEOUT_MS);
 307
 308         return ret;
 309 }
 310
 311 static int gb_bootrom_ready_to_boot(struct gb_operation *op)
 312 {
 313         struct gb_connection *connection = op->connection;
 314         struct gb_bootrom *bootrom = gb_connection_get_data(connection);
 315         struct gb_bootrom_ready_to_boot_request *rtb_request;
 316         struct device *dev = &connection->bundle->dev;
 317         u8 status;
 318         int ret = 0;
 319
 320         /* Disable timeouts */
 321         gb_bootrom_cancel_timeout(bootrom);
 322
 323         if (op->request->payload_size != sizeof(*rtb_request)) {
 324                 dev_err(dev, "%s: Illegal size of ready to boot request (%zu %zu)\n",
 325                         __func__, op->request->payload_size,
 326                         sizeof(*rtb_request));
 327                 ret = -EINVAL;
 328                 goto queue_work;
 329         }
 330
 331         rtb_request = op->request->payload;
 332         status = rtb_request->status;
 333
 334         /* Return error if the blob was invalid */
 335         if (status == GB_BOOTROM_BOOT_STATUS_INVALID) {
 336                 ret = -EINVAL;
 337                 goto queue_work;
 338         }
 339
 340         /*
 341          * XXX Should we return error for insecure firmware?
 342          */
 343         dev_dbg(dev, "ready to boot: 0x%x, 0\n", status);
 344
 345 queue_work:
 346         /*
 347          * Refresh timeout, the Interface shall load the new personality and
 348          * send a new hotplug request, which shall get rid of the bootrom
 349          * connection. As that can take some time, increase the timeout a bit.
 350          */
 351         gb_bootrom_set_timeout(bootrom, NEXT_REQ_MODE_SWITCH,
 352                                MODE_SWITCH_TIMEOUT_MS);
 353
 354         return ret;
 355 }
 356
 357 static int gb_bootrom_request_handler(struct gb_operation *op)
 358 {
 359         u8 type = op->type;
 360
 361         switch (type) {
 362         case GB_BOOTROM_TYPE_FIRMWARE_SIZE:
 363                 return gb_bootrom_firmware_size_request(op);
 364         case GB_BOOTROM_TYPE_GET_FIRMWARE:
 365                 return gb_bootrom_get_firmware(op);
 366         case GB_BOOTROM_TYPE_READY_TO_BOOT:
 367                 return gb_bootrom_ready_to_boot(op);
 368         default:
 369                 dev_err(&op->connection->bundle->dev,
 370                         "unsupported request: %u\n", type);
 371                 return -EINVAL;
 372         }
 373 }
 374
 375 static int gb_bootrom_get_version(struct gb_bootrom *bootrom)
 376 {
 377         struct gb_bundle *bundle = bootrom->connection->bundle;
 378         struct gb_bootrom_version_request request;
 379         struct gb_bootrom_version_response response;
 380         int ret;
 381
 382         request.major = GB_BOOTROM_VERSION_MAJOR;
 383         request.minor = GB_BOOTROM_VERSION_MINOR;
 384
 385         ret = gb_operation_sync(bootrom->connection,
 386                                 GB_BOOTROM_TYPE_VERSION,
 387                                 &request, sizeof(request), &response,
 388                                 sizeof(response));
 389         if (ret) {
 390                 dev_err(&bundle->dev,
 391                         "failed to get protocol version: %d\n",
 392                         ret);
 393                 return ret;
 394         }
 395
 396         if (response.major > request.major) {
 397                 dev_err(&bundle->dev,
 398                         "unsupported major protocol version (%u > %u)\n",
 399                         response.major, request.major);
 400                 return -ENOTSUPP;
 401         }
 402
 403         bootrom->protocol_major = response.major;
 404         bootrom->protocol_minor = response.minor;
 405
 406         dev_dbg(&bundle->dev, "%s - %u.%u\n", __func__, response.major,
 407                 response.minor);
 408
 409         return 0;
 410 }
 411
 412 static int gb_bootrom_probe(struct gb_bundle *bundle,
 413                             const struct greybus_bundle_id *id)
 414 {
 415         struct greybus_descriptor_cport *cport_desc;
 416         struct gb_connection *connection;
 417         struct gb_bootrom *bootrom;
 418         int ret;
 419
 420         if (bundle->num_cports != 1)
 421                 return -ENODEV;
 422
 423         cport_desc = &bundle->cport_desc[0];
 424         if (cport_desc->protocol_id != GREYBUS_PROTOCOL_BOOTROM)
 425                 return -ENODEV;
 426
 427         bootrom = kzalloc(sizeof(*bootrom), GFP_KERNEL);
 428         if (!bootrom)
 429                 return -ENOMEM;
 430
 431         connection = gb_connection_create(bundle,
 432                                           le16_to_cpu(cport_desc->id),
 433                                           gb_bootrom_request_handler);
 434         if (IS_ERR(connection)) {
 435                 ret = PTR_ERR(connection);
 436                 goto err_free_bootrom;
 437         }
 438
 439         gb_connection_set_data(connection, bootrom);
 440
 441         bootrom->connection = connection;
 442
 443         mutex_init(&bootrom->mutex);
 444         INIT_DELAYED_WORK(&bootrom->dwork, gb_bootrom_timedout);
 445         greybus_set_drvdata(bundle, bootrom);
 446
 447         ret = gb_connection_enable_tx(connection);
 448         if (ret)
 449                 goto err_connection_destroy;
 450
 451         ret = gb_bootrom_get_version(bootrom);
 452         if (ret)
 453                 goto err_connection_disable;
 454
 455         bootrom_es2_fixup_vid_pid(bootrom);
 456
 457         ret = gb_connection_enable(connection);
 458         if (ret)
 459                 goto err_connection_disable;
 460
 461         /* Refresh timeout */
 462         gb_bootrom_set_timeout(bootrom, NEXT_REQ_FIRMWARE_SIZE,
 463                                NEXT_REQ_TIMEOUT_MS);
 464
 465         /* Tell bootrom we're ready. */
 466         ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_AP_READY, NULL, 0,
 467                                 NULL, 0);
 468         if (ret) {
 469                 dev_err(&connection->bundle->dev,
 470                         "failed to send AP READY: %d\n", ret);
 471                 goto err_cancel_timeout;
 472         }
 473
 474         dev_dbg(&bundle->dev, "AP_READY sent\n");
 475
 476         return 0;
 477
 478 err_cancel_timeout:
 479         gb_bootrom_cancel_timeout(bootrom);
 480 err_connection_disable:
 481         gb_connection_disable(connection);
 482 err_connection_destroy:
 483         gb_connection_destroy(connection);
 484 err_free_bootrom:
 485         kfree(bootrom);
 486
 487         return ret;
 488 }
 489
 490 static void gb_bootrom_disconnect(struct gb_bundle *bundle)
 491 {
 492         struct gb_bootrom *bootrom = greybus_get_drvdata(bundle);
 493
 494         gb_connection_disable(bootrom->connection);
 495
 496         /* Disable timeouts */
 497         gb_bootrom_cancel_timeout(bootrom);
 498
 499         /*
 500          * Release firmware:
 501          *
 502          * As the connection and the delayed work are already disabled, we don't
 503          * need to lock access to bootrom->fw here.
 504          */
 505         free_firmware(bootrom);
 506
 507         gb_connection_destroy(bootrom->connection);
 508         kfree(bootrom);
 509 }
 510
 511 static const struct greybus_bundle_id gb_bootrom_id_table[] = {
 512         { GREYBUS_DEVICE_CLASS(GREYBUS_CLASS_BOOTROM) },
 513         { }
 514 };
 515
 516 static struct greybus_driver gb_bootrom_driver = {
 517         .name           = "bootrom",
 518         .probe          = gb_bootrom_probe,
 519         .disconnect     = gb_bootrom_disconnect,
 520         .id_table       = gb_bootrom_id_table,
 521 };
 522
 523 module_greybus_driver(gb_bootrom_driver);
 524
 525 MODULE_LICENSE("GPL v2");