bootrom.c source code [linux/drivers/staging/greybus/bootrom.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* BOOTROM Greybus driver.
4	*
5	* Copyright 2016 Google Inc.
6	* Copyright 2016 Linaro Ltd.
7	*/
8
9	#include <linux/firmware.h>
10	#include <linux/jiffies.h>
11	#include <linux/mutex.h>
12	#include <linux/workqueue.h>
13	#include <linux/greybus.h>
14
15	#include "firmware.h"
16
17	/ Timeout, in jiffies, within which the next request must be received /
18	#define NEXT_REQ_TIMEOUT_MS 1000
19
20	/*
21	* FIXME: Reduce this timeout once svc core handles parallel processing of
22	* events from the SVC, which are handled sequentially today.
23	*/
24	#define MODE_SWITCH_TIMEOUT_MS 10000
25
26	enum next_request_type {
27	NEXT_REQ_FIRMWARE_SIZE,
28	NEXT_REQ_GET_FIRMWARE,
29	NEXT_REQ_READY_TO_BOOT,
30	NEXT_REQ_MODE_SWITCH,
31	};
32
33	struct gb_bootrom {
34	struct gb_connection *connection;
35	const struct firmware *fw;
36	u8 protocol_major;
37	u8 protocol_minor;
38	enum next_request_type next_request;
39	struct delayed_work dwork;
40	struct mutex mutex; / Protects bootrom->fw /
41	};
42
43	static void free_firmware(struct gb_bootrom *bootrom)
44	{
45	if (!bootrom->fw)
46	return;
47
48	release_firmware(fw: bootrom->fw);
49	bootrom->fw = NULL;
50	}
51
52	static void gb_bootrom_timedout(struct work_struct *work)
53	{
54	struct delayed_work *dwork = to_delayed_work(work);
55	struct gb_bootrom *bootrom = container_of(dwork,
56	struct gb_bootrom, dwork);
57	struct device *dev = &bootrom->connection->bundle->dev;
58	const char *reason;
59
60	switch (bootrom->next_request) {
61	case NEXT_REQ_FIRMWARE_SIZE:
62	reason = "Firmware Size Request";
63	break;
64	case NEXT_REQ_GET_FIRMWARE:
65	reason = "Get Firmware Request";
66	break;
67	case NEXT_REQ_READY_TO_BOOT:
68	reason = "Ready to Boot Request";
69	break;
70	case NEXT_REQ_MODE_SWITCH:
71	reason = "Interface Mode Switch";
72	break;
73	default:
74	reason = NULL;
75	dev_err(dev, "Invalid next-request: %u", bootrom->next_request);
76	break;
77	}
78
79	dev_err(dev, "Timed out waiting for %s from the Module\n", reason);
80
81	mutex_lock(&bootrom->mutex);
82	free_firmware(bootrom);
83	mutex_unlock(lock: &bootrom->mutex);
84
85	/ TODO: Power-off Module ? /
86	}
87
88	static void gb_bootrom_set_timeout(struct gb_bootrom *bootrom,
89	enum next_request_type next,
90	unsigned long timeout)
91	{
92	bootrom->next_request = next;
93	schedule_delayed_work(dwork: &bootrom->dwork, delay: msecs_to_jiffies(m: timeout));
94	}
95
96	static void gb_bootrom_cancel_timeout(struct gb_bootrom *bootrom)
97	{
98	cancel_delayed_work_sync(dwork: &bootrom->dwork);
99	}
100
101	/*
102	* The es2 chip doesn't have VID/PID programmed into the hardware and we need to
103	* hack that up to distinguish different modules and their firmware blobs.
104	*
105	* This fetches VID/PID (over bootrom protocol) for es2 chip only, when VID/PID
106	* already sent during hotplug are 0.
107	*
108	* Otherwise, we keep intf->vendor_id/product_id same as what's passed
109	* during hotplug.
110	*/
111	static void bootrom_es2_fixup_vid_pid(struct gb_bootrom *bootrom)
112	{
113	struct gb_bootrom_get_vid_pid_response response;
114	struct gb_connection *connection = bootrom->connection;
115	struct gb_interface *intf = connection->bundle->intf;
116	int ret;
117
118	if (!(intf->quirks & GB_INTERFACE_QUIRK_NO_GMP_IDS))
119	return;
120
121	ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_GET_VID_PID,
122	NULL, request_size: `0`, response: &response, response_size: sizeof(response));
123	if (ret) {
124	dev_err(&connection->bundle->dev,
125	"Bootrom get vid/pid operation failed (%d)\n", ret);
126	return;
127	}
128
129	/*
130	* NOTE: This is hacked, so that the same values of VID/PID can be used
131	* by next firmware level as well. The uevent for bootrom will still
132	* have VID/PID as 0, though after this point the sysfs files will start
133	* showing the updated values. But yeah, that's a bit racy as the same
134	* sysfs files would be showing 0 before this point.
135	*/
136	intf->vendor_id = le32_to_cpu(response.vendor_id);
137	intf->product_id = le32_to_cpu(response.product_id);
138
139	dev_dbg(&connection->bundle->dev, "Bootrom got vid (0x%x)/pid (0x%x)\n",
140	intf->vendor_id, intf->product_id);
141	}
142
143	/ This returns path of the firmware blob on the disk /
144	static int find_firmware(struct gb_bootrom *bootrom, u8 stage)
145	{
146	struct gb_connection *connection = bootrom->connection;
147	struct gb_interface *intf = connection->bundle->intf;
148	char firmware_name[`49`];
149	int rc;
150
151	/ Already have a firmware, free it /
152	free_firmware(bootrom);
153
154	/ Bootrom protocol is only supported for loading Stage 2 firmware /
155	if (stage != `2`) {
156	dev_err(&connection->bundle->dev, "Invalid boot stage: %u\n",
157	stage);
158	return -EINVAL;
159	}
160
161	/*
162	* Create firmware name
163	*
164	* XXX Name it properly..
165	*/
166	snprintf(buf: firmware_name, size: sizeof(firmware_name),
167	FW_NAME_PREFIX "%08x_%08x_%08x_%08x_s2l.tftf",
168	intf->ddbl1_manufacturer_id, intf->ddbl1_product_id,
169	intf->vendor_id, intf->product_id);
170
171	// FIXME:
172	// Turn to dev_dbg later after everyone has valid bootloaders with good
173	// ids, but leave this as dev_info for now to make it easier to track
174	// down "empty" vid/pid modules.
175	dev_info(&connection->bundle->dev, "Firmware file '%s' requested\n",
176	firmware_name);
177
178	rc = request_firmware(fw: &bootrom->fw, name: firmware_name,
179	device: &connection->bundle->dev);
180	if (rc) {
181	dev_err(&connection->bundle->dev,
182	"failed to find %s firmware (%d)\n", firmware_name, rc);
183	}
184
185	return rc;
186	}
187
188	static int gb_bootrom_firmware_size_request(struct gb_operation *op)
189	{
190	struct gb_bootrom *bootrom = gb_connection_get_data(connection: op->connection);
191	struct gb_bootrom_firmware_size_request *size_request =
192	op->request->payload;
193	struct gb_bootrom_firmware_size_response *size_response;
194	struct device *dev = &op->connection->bundle->dev;
195	int ret;
196
197	/ Disable timeouts /
198	gb_bootrom_cancel_timeout(bootrom);
199
200	if (op->request->payload_size != sizeof(*size_request)) {
201	dev_err(dev, "%s: illegal size of firmware size request (%zu != %zu)\n",
202	__func__, op->request->payload_size,
203	sizeof(*size_request));
204	ret = -EINVAL;
205	goto queue_work;
206	}
207
208	mutex_lock(&bootrom->mutex);
209
210	ret = find_firmware(bootrom, stage: size_request->stage);
211	if (ret)
212	goto unlock;
213
214	if (!gb_operation_response_alloc(operation: op, response_size: sizeof(*size_response),
215	GFP_KERNEL)) {
216	dev_err(dev, "%s: error allocating response\n", __func__);
217	free_firmware(bootrom);
218	ret = -ENOMEM;
219	goto unlock;
220	}
221
222	size_response = op->response->payload;
223	size_response->size = cpu_to_le32(bootrom->fw->size);
224
225	dev_dbg(dev, "%s: firmware size %d bytes\n",
226	__func__, size_response->size);
227
228	unlock:
229	mutex_unlock(lock: &bootrom->mutex);
230
231	queue_work:
232	if (!ret) {
233	/ Refresh timeout /
234	gb_bootrom_set_timeout(bootrom, next: NEXT_REQ_GET_FIRMWARE,
235	NEXT_REQ_TIMEOUT_MS);
236	}
237
238	return ret;
239	}
240
241	static int gb_bootrom_get_firmware(struct gb_operation *op)
242	{
243	struct gb_bootrom *bootrom = gb_connection_get_data(connection: op->connection);
244	const struct firmware *fw;
245	struct gb_bootrom_get_firmware_request *firmware_request;
246	struct device *dev = &op->connection->bundle->dev;
247	unsigned int offset, size;
248	enum next_request_type next_request;
249	u8 *firmware_response;
250	int ret = `0`;
251
252	/ Disable timeouts /
253	gb_bootrom_cancel_timeout(bootrom);
254
255	if (op->request->payload_size != sizeof(*firmware_request)) {
256	dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n",
257	__func__, op->request->payload_size,
258	sizeof(*firmware_request));
259	ret = -EINVAL;
260	goto queue_work;
261	}
262
263	mutex_lock(&bootrom->mutex);
264
265	fw = bootrom->fw;
266	if (!fw) {
267	dev_err(dev, "%s: firmware not available\n", __func__);
268	ret = -EINVAL;
269	goto unlock;
270	}
271
272	firmware_request = op->request->payload;
273	offset = le32_to_cpu(firmware_request->offset);
274	size = le32_to_cpu(firmware_request->size);
275
276	if (offset >= fw->size \|\| size > fw->size - offset) {
277	dev_warn(dev, "bad firmware request (offs = %u, size = %u)\n",
278	offset, size);
279	ret = -EINVAL;
280	goto unlock;
281	}
282
283	/ gb_bootrom_get_firmware_response contains only a byte array /
284	if (!gb_operation_response_alloc(operation: op, response_size: size, GFP_KERNEL)) {
285	dev_err(dev, "%s: error allocating response\n", __func__);
286	ret = -ENOMEM;
287	goto unlock;
288	}
289
290	firmware_response = op->response->payload;
291	memcpy(firmware_response, fw->data + offset, size);
292
293	dev_dbg(dev, "responding with firmware (offs = %u, size = %u)\n",
294	offset, size);
295
296	unlock:
297	mutex_unlock(lock: &bootrom->mutex);
298
299	queue_work:
300	/ Refresh timeout /
301	if (!ret && (offset + size == fw->size))
302	next_request = NEXT_REQ_READY_TO_BOOT;
303	else
304	next_request = NEXT_REQ_GET_FIRMWARE;
305
306	gb_bootrom_set_timeout(bootrom, next: next_request, NEXT_REQ_TIMEOUT_MS);
307
308	return ret;
309	}
310
311	static int gb_bootrom_ready_to_boot(struct gb_operation *op)
312	{
313	struct gb_connection *connection = op->connection;
314	struct gb_bootrom *bootrom = gb_connection_get_data(connection);
315	struct gb_bootrom_ready_to_boot_request *rtb_request;
316	struct device *dev = &connection->bundle->dev;
317	u8 status;
318	int ret = `0`;
319
320	/ Disable timeouts /
321	gb_bootrom_cancel_timeout(bootrom);
322
323	if (op->request->payload_size != sizeof(*rtb_request)) {
324	dev_err(dev, "%s: Illegal size of ready to boot request (%zu %zu)\n",
325	__func__, op->request->payload_size,
326	sizeof(*rtb_request));
327	ret = -EINVAL;
328	goto queue_work;
329	}
330
331	rtb_request = op->request->payload;
332	status = rtb_request->status;
333
334	/ Return error if the blob was invalid /
335	if (status == GB_BOOTROM_BOOT_STATUS_INVALID) {
336	ret = -EINVAL;
337	goto queue_work;
338	}
339
340	/*
341	* XXX Should we return error for insecure firmware?
342	*/
343	dev_dbg(dev, "ready to boot: 0x%x, 0\n", status);
344
345	queue_work:
346	/*
347	* Refresh timeout, the Interface shall load the new personality and
348	* send a new hotplug request, which shall get rid of the bootrom
349	* connection. As that can take some time, increase the timeout a bit.
350	*/
351	gb_bootrom_set_timeout(bootrom, next: NEXT_REQ_MODE_SWITCH,
352	MODE_SWITCH_TIMEOUT_MS);
353
354	return ret;
355	}
356
357	static int gb_bootrom_request_handler(struct gb_operation *op)
358	{
359	u8 type = op->type;
360
361	switch (type) {
362	case GB_BOOTROM_TYPE_FIRMWARE_SIZE:
363	return gb_bootrom_firmware_size_request(op);
364	case GB_BOOTROM_TYPE_GET_FIRMWARE:
365	return gb_bootrom_get_firmware(op);
366	case GB_BOOTROM_TYPE_READY_TO_BOOT:
367	return gb_bootrom_ready_to_boot(op);
368	default:
369	dev_err(&op->connection->bundle->dev,
370	"unsupported request: %u\n", type);
371	return -EINVAL;
372	}
373	}
374
375	static int gb_bootrom_get_version(struct gb_bootrom *bootrom)
376	{
377	struct gb_bundle *bundle = bootrom->connection->bundle;
378	struct gb_bootrom_version_request request;
379	struct gb_bootrom_version_response response;
380	int ret;
381
382	request.major = GB_BOOTROM_VERSION_MAJOR;
383	request.minor = GB_BOOTROM_VERSION_MINOR;
384
385	ret = gb_operation_sync(connection: bootrom->connection,
386	GB_BOOTROM_TYPE_VERSION,
387	request: &request, request_size: sizeof(request), response: &response,
388	response_size: sizeof(response));
389	if (ret) {
390	dev_err(&bundle->dev,
391	"failed to get protocol version: %d\n",
392	ret);
393	return ret;
394	}
395
396	if (response.major > request.major) {
397	dev_err(&bundle->dev,
398	"unsupported major protocol version (%u > %u)\n",
399	response.major, request.major);
400	return -ENOTSUPP;
401	}
402
403	bootrom->protocol_major = response.major;
404	bootrom->protocol_minor = response.minor;
405
406	dev_dbg(&bundle->dev, "%s - %u.%u\n", __func__, response.major,
407	response.minor);
408
409	return `0`;
410	}
411
412	static int gb_bootrom_probe(struct gb_bundle *bundle,
413	const struct greybus_bundle_id *id)
414	{
415	struct greybus_descriptor_cport *cport_desc;
416	struct gb_connection *connection;
417	struct gb_bootrom *bootrom;
418	int ret;
419
420	if (bundle->num_cports != `1`)
421	return -ENODEV;
422
423	cport_desc = &bundle->cport_desc[`0`];
424	if (cport_desc->protocol_id != GREYBUS_PROTOCOL_BOOTROM)
425	return -ENODEV;
426
427	bootrom = kzalloc(size: sizeof(*bootrom), GFP_KERNEL);
428	if (!bootrom)
429	return -ENOMEM;
430
431	connection = gb_connection_create(bundle,
432	le16_to_cpu(cport_desc->id),
433	handler: gb_bootrom_request_handler);
434	if (IS_ERR(ptr: connection)) {
435	ret = PTR_ERR(ptr: connection);
436	goto err_free_bootrom;
437	}
438
439	gb_connection_set_data(connection, data: bootrom);
440
441	bootrom->connection = connection;
442
443	mutex_init(&bootrom->mutex);
444	INIT_DELAYED_WORK(&bootrom->dwork, gb_bootrom_timedout);
445	greybus_set_drvdata(bundle, data: bootrom);
446
447	ret = gb_connection_enable_tx(connection);
448	if (ret)
449	goto err_connection_destroy;
450
451	ret = gb_bootrom_get_version(bootrom);
452	if (ret)
453	goto err_connection_disable;
454
455	bootrom_es2_fixup_vid_pid(bootrom);
456
457	ret = gb_connection_enable(connection);
458	if (ret)
459	goto err_connection_disable;
460
461	/ Refresh timeout /
462	gb_bootrom_set_timeout(bootrom, next: NEXT_REQ_FIRMWARE_SIZE,
463	NEXT_REQ_TIMEOUT_MS);
464
465	/ Tell bootrom we're ready. /
466	ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_AP_READY, NULL, request_size: `0`,
467	NULL, response_size: `0`);
468	if (ret) {
469	dev_err(&connection->bundle->dev,
470	"failed to send AP READY: %d\n", ret);
471	goto err_cancel_timeout;
472	}
473
474	dev_dbg(&bundle->dev, "AP_READY sent\n");
475
476	return `0`;
477
478	err_cancel_timeout:
479	gb_bootrom_cancel_timeout(bootrom);
480	err_connection_disable:
481	gb_connection_disable(connection);
482	err_connection_destroy:
483	gb_connection_destroy(connection);
484	err_free_bootrom:
485	kfree(objp: bootrom);
486
487	return ret;
488	}
489
490	static void gb_bootrom_disconnect(struct gb_bundle *bundle)
491	{
492	struct gb_bootrom *bootrom = greybus_get_drvdata(bundle);
493
494	gb_connection_disable(connection: bootrom->connection);
495
496	/ Disable timeouts /
497	gb_bootrom_cancel_timeout(bootrom);
498
499	/*
500	* Release firmware:
501	*
502	* As the connection and the delayed work are already disabled, we don't
503	* need to lock access to bootrom->fw here.
504	*/
505	free_firmware(bootrom);
506
507	gb_connection_destroy(connection: bootrom->connection);
508	kfree(objp: bootrom);
509	}
510
511	static const struct greybus_bundle_id gb_bootrom_id_table[] = {
512	{ GREYBUS_DEVICE_CLASS(GREYBUS_CLASS_BOOTROM) },
513	{ }
514	};
515
516	static struct greybus_driver gb_bootrom_driver = {
517	.name = "bootrom",
518	.probe = gb_bootrom_probe,
519	.disconnect = gb_bootrom_disconnect,
520	.id_table = gb_bootrom_id_table,
521	};
522
523	module_greybus_driver(gb_bootrom_driver);
524
525	MODULE_LICENSE("GPL v2");
526

source code of linux/drivers/staging/greybus/bootrom.c