1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * BOOTROM Greybus driver. |
4 | * |
5 | * Copyright 2016 Google Inc. |
6 | * Copyright 2016 Linaro Ltd. |
7 | */ |
8 | |
9 | #include <linux/firmware.h> |
10 | #include <linux/jiffies.h> |
11 | #include <linux/mutex.h> |
12 | #include <linux/workqueue.h> |
13 | #include <linux/greybus.h> |
14 | |
15 | #include "firmware.h" |
16 | |
17 | /* Timeout, in jiffies, within which the next request must be received */ |
18 | #define NEXT_REQ_TIMEOUT_MS 1000 |
19 | |
20 | /* |
21 | * FIXME: Reduce this timeout once svc core handles parallel processing of |
22 | * events from the SVC, which are handled sequentially today. |
23 | */ |
24 | #define MODE_SWITCH_TIMEOUT_MS 10000 |
25 | |
26 | enum next_request_type { |
27 | NEXT_REQ_FIRMWARE_SIZE, |
28 | NEXT_REQ_GET_FIRMWARE, |
29 | NEXT_REQ_READY_TO_BOOT, |
30 | NEXT_REQ_MODE_SWITCH, |
31 | }; |
32 | |
33 | struct gb_bootrom { |
34 | struct gb_connection *connection; |
35 | const struct firmware *fw; |
36 | u8 protocol_major; |
37 | u8 protocol_minor; |
38 | enum next_request_type next_request; |
39 | struct delayed_work dwork; |
40 | struct mutex mutex; /* Protects bootrom->fw */ |
41 | }; |
42 | |
43 | static void free_firmware(struct gb_bootrom *bootrom) |
44 | { |
45 | if (!bootrom->fw) |
46 | return; |
47 | |
48 | release_firmware(fw: bootrom->fw); |
49 | bootrom->fw = NULL; |
50 | } |
51 | |
52 | static void gb_bootrom_timedout(struct work_struct *work) |
53 | { |
54 | struct delayed_work *dwork = to_delayed_work(work); |
55 | struct gb_bootrom *bootrom = container_of(dwork, |
56 | struct gb_bootrom, dwork); |
57 | struct device *dev = &bootrom->connection->bundle->dev; |
58 | const char *reason; |
59 | |
60 | switch (bootrom->next_request) { |
61 | case NEXT_REQ_FIRMWARE_SIZE: |
62 | reason = "Firmware Size Request" ; |
63 | break; |
64 | case NEXT_REQ_GET_FIRMWARE: |
65 | reason = "Get Firmware Request" ; |
66 | break; |
67 | case NEXT_REQ_READY_TO_BOOT: |
68 | reason = "Ready to Boot Request" ; |
69 | break; |
70 | case NEXT_REQ_MODE_SWITCH: |
71 | reason = "Interface Mode Switch" ; |
72 | break; |
73 | default: |
74 | reason = NULL; |
75 | dev_err(dev, "Invalid next-request: %u" , bootrom->next_request); |
76 | break; |
77 | } |
78 | |
79 | dev_err(dev, "Timed out waiting for %s from the Module\n" , reason); |
80 | |
81 | mutex_lock(&bootrom->mutex); |
82 | free_firmware(bootrom); |
83 | mutex_unlock(lock: &bootrom->mutex); |
84 | |
85 | /* TODO: Power-off Module ? */ |
86 | } |
87 | |
88 | static void gb_bootrom_set_timeout(struct gb_bootrom *bootrom, |
89 | enum next_request_type next, |
90 | unsigned long timeout) |
91 | { |
92 | bootrom->next_request = next; |
93 | schedule_delayed_work(dwork: &bootrom->dwork, delay: msecs_to_jiffies(m: timeout)); |
94 | } |
95 | |
96 | static void gb_bootrom_cancel_timeout(struct gb_bootrom *bootrom) |
97 | { |
98 | cancel_delayed_work_sync(dwork: &bootrom->dwork); |
99 | } |
100 | |
101 | /* |
102 | * The es2 chip doesn't have VID/PID programmed into the hardware and we need to |
103 | * hack that up to distinguish different modules and their firmware blobs. |
104 | * |
105 | * This fetches VID/PID (over bootrom protocol) for es2 chip only, when VID/PID |
106 | * already sent during hotplug are 0. |
107 | * |
108 | * Otherwise, we keep intf->vendor_id/product_id same as what's passed |
109 | * during hotplug. |
110 | */ |
111 | static void bootrom_es2_fixup_vid_pid(struct gb_bootrom *bootrom) |
112 | { |
113 | struct gb_bootrom_get_vid_pid_response response; |
114 | struct gb_connection *connection = bootrom->connection; |
115 | struct gb_interface *intf = connection->bundle->intf; |
116 | int ret; |
117 | |
118 | if (!(intf->quirks & GB_INTERFACE_QUIRK_NO_GMP_IDS)) |
119 | return; |
120 | |
121 | ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_GET_VID_PID, |
122 | NULL, request_size: 0, response: &response, response_size: sizeof(response)); |
123 | if (ret) { |
124 | dev_err(&connection->bundle->dev, |
125 | "Bootrom get vid/pid operation failed (%d)\n" , ret); |
126 | return; |
127 | } |
128 | |
129 | /* |
130 | * NOTE: This is hacked, so that the same values of VID/PID can be used |
131 | * by next firmware level as well. The uevent for bootrom will still |
132 | * have VID/PID as 0, though after this point the sysfs files will start |
133 | * showing the updated values. But yeah, that's a bit racy as the same |
134 | * sysfs files would be showing 0 before this point. |
135 | */ |
136 | intf->vendor_id = le32_to_cpu(response.vendor_id); |
137 | intf->product_id = le32_to_cpu(response.product_id); |
138 | |
139 | dev_dbg(&connection->bundle->dev, "Bootrom got vid (0x%x)/pid (0x%x)\n" , |
140 | intf->vendor_id, intf->product_id); |
141 | } |
142 | |
143 | /* This returns path of the firmware blob on the disk */ |
144 | static int find_firmware(struct gb_bootrom *bootrom, u8 stage) |
145 | { |
146 | struct gb_connection *connection = bootrom->connection; |
147 | struct gb_interface *intf = connection->bundle->intf; |
148 | char firmware_name[49]; |
149 | int rc; |
150 | |
151 | /* Already have a firmware, free it */ |
152 | free_firmware(bootrom); |
153 | |
154 | /* Bootrom protocol is only supported for loading Stage 2 firmware */ |
155 | if (stage != 2) { |
156 | dev_err(&connection->bundle->dev, "Invalid boot stage: %u\n" , |
157 | stage); |
158 | return -EINVAL; |
159 | } |
160 | |
161 | /* |
162 | * Create firmware name |
163 | * |
164 | * XXX Name it properly.. |
165 | */ |
166 | snprintf(buf: firmware_name, size: sizeof(firmware_name), |
167 | FW_NAME_PREFIX "%08x_%08x_%08x_%08x_s2l.tftf" , |
168 | intf->ddbl1_manufacturer_id, intf->ddbl1_product_id, |
169 | intf->vendor_id, intf->product_id); |
170 | |
171 | // FIXME: |
172 | // Turn to dev_dbg later after everyone has valid bootloaders with good |
173 | // ids, but leave this as dev_info for now to make it easier to track |
174 | // down "empty" vid/pid modules. |
175 | dev_info(&connection->bundle->dev, "Firmware file '%s' requested\n" , |
176 | firmware_name); |
177 | |
178 | rc = request_firmware(fw: &bootrom->fw, name: firmware_name, |
179 | device: &connection->bundle->dev); |
180 | if (rc) { |
181 | dev_err(&connection->bundle->dev, |
182 | "failed to find %s firmware (%d)\n" , firmware_name, rc); |
183 | } |
184 | |
185 | return rc; |
186 | } |
187 | |
188 | static int gb_bootrom_firmware_size_request(struct gb_operation *op) |
189 | { |
190 | struct gb_bootrom *bootrom = gb_connection_get_data(connection: op->connection); |
191 | struct gb_bootrom_firmware_size_request *size_request = |
192 | op->request->payload; |
193 | struct gb_bootrom_firmware_size_response *size_response; |
194 | struct device *dev = &op->connection->bundle->dev; |
195 | int ret; |
196 | |
197 | /* Disable timeouts */ |
198 | gb_bootrom_cancel_timeout(bootrom); |
199 | |
200 | if (op->request->payload_size != sizeof(*size_request)) { |
201 | dev_err(dev, "%s: illegal size of firmware size request (%zu != %zu)\n" , |
202 | __func__, op->request->payload_size, |
203 | sizeof(*size_request)); |
204 | ret = -EINVAL; |
205 | goto queue_work; |
206 | } |
207 | |
208 | mutex_lock(&bootrom->mutex); |
209 | |
210 | ret = find_firmware(bootrom, stage: size_request->stage); |
211 | if (ret) |
212 | goto unlock; |
213 | |
214 | if (!gb_operation_response_alloc(operation: op, response_size: sizeof(*size_response), |
215 | GFP_KERNEL)) { |
216 | dev_err(dev, "%s: error allocating response\n" , __func__); |
217 | free_firmware(bootrom); |
218 | ret = -ENOMEM; |
219 | goto unlock; |
220 | } |
221 | |
222 | size_response = op->response->payload; |
223 | size_response->size = cpu_to_le32(bootrom->fw->size); |
224 | |
225 | dev_dbg(dev, "%s: firmware size %d bytes\n" , |
226 | __func__, size_response->size); |
227 | |
228 | unlock: |
229 | mutex_unlock(lock: &bootrom->mutex); |
230 | |
231 | queue_work: |
232 | if (!ret) { |
233 | /* Refresh timeout */ |
234 | gb_bootrom_set_timeout(bootrom, next: NEXT_REQ_GET_FIRMWARE, |
235 | NEXT_REQ_TIMEOUT_MS); |
236 | } |
237 | |
238 | return ret; |
239 | } |
240 | |
241 | static int gb_bootrom_get_firmware(struct gb_operation *op) |
242 | { |
243 | struct gb_bootrom *bootrom = gb_connection_get_data(connection: op->connection); |
244 | const struct firmware *fw; |
245 | struct gb_bootrom_get_firmware_request *firmware_request; |
246 | struct device *dev = &op->connection->bundle->dev; |
247 | unsigned int offset, size; |
248 | enum next_request_type next_request; |
249 | u8 *firmware_response; |
250 | int ret = 0; |
251 | |
252 | /* Disable timeouts */ |
253 | gb_bootrom_cancel_timeout(bootrom); |
254 | |
255 | if (op->request->payload_size != sizeof(*firmware_request)) { |
256 | dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n" , |
257 | __func__, op->request->payload_size, |
258 | sizeof(*firmware_request)); |
259 | ret = -EINVAL; |
260 | goto queue_work; |
261 | } |
262 | |
263 | mutex_lock(&bootrom->mutex); |
264 | |
265 | fw = bootrom->fw; |
266 | if (!fw) { |
267 | dev_err(dev, "%s: firmware not available\n" , __func__); |
268 | ret = -EINVAL; |
269 | goto unlock; |
270 | } |
271 | |
272 | firmware_request = op->request->payload; |
273 | offset = le32_to_cpu(firmware_request->offset); |
274 | size = le32_to_cpu(firmware_request->size); |
275 | |
276 | if (offset >= fw->size || size > fw->size - offset) { |
277 | dev_warn(dev, "bad firmware request (offs = %u, size = %u)\n" , |
278 | offset, size); |
279 | ret = -EINVAL; |
280 | goto unlock; |
281 | } |
282 | |
283 | /* gb_bootrom_get_firmware_response contains only a byte array */ |
284 | if (!gb_operation_response_alloc(operation: op, response_size: size, GFP_KERNEL)) { |
285 | dev_err(dev, "%s: error allocating response\n" , __func__); |
286 | ret = -ENOMEM; |
287 | goto unlock; |
288 | } |
289 | |
290 | firmware_response = op->response->payload; |
291 | memcpy(firmware_response, fw->data + offset, size); |
292 | |
293 | dev_dbg(dev, "responding with firmware (offs = %u, size = %u)\n" , |
294 | offset, size); |
295 | |
296 | unlock: |
297 | mutex_unlock(lock: &bootrom->mutex); |
298 | |
299 | queue_work: |
300 | /* Refresh timeout */ |
301 | if (!ret && (offset + size == fw->size)) |
302 | next_request = NEXT_REQ_READY_TO_BOOT; |
303 | else |
304 | next_request = NEXT_REQ_GET_FIRMWARE; |
305 | |
306 | gb_bootrom_set_timeout(bootrom, next: next_request, NEXT_REQ_TIMEOUT_MS); |
307 | |
308 | return ret; |
309 | } |
310 | |
311 | static int gb_bootrom_ready_to_boot(struct gb_operation *op) |
312 | { |
313 | struct gb_connection *connection = op->connection; |
314 | struct gb_bootrom *bootrom = gb_connection_get_data(connection); |
315 | struct gb_bootrom_ready_to_boot_request *rtb_request; |
316 | struct device *dev = &connection->bundle->dev; |
317 | u8 status; |
318 | int ret = 0; |
319 | |
320 | /* Disable timeouts */ |
321 | gb_bootrom_cancel_timeout(bootrom); |
322 | |
323 | if (op->request->payload_size != sizeof(*rtb_request)) { |
324 | dev_err(dev, "%s: Illegal size of ready to boot request (%zu %zu)\n" , |
325 | __func__, op->request->payload_size, |
326 | sizeof(*rtb_request)); |
327 | ret = -EINVAL; |
328 | goto queue_work; |
329 | } |
330 | |
331 | rtb_request = op->request->payload; |
332 | status = rtb_request->status; |
333 | |
334 | /* Return error if the blob was invalid */ |
335 | if (status == GB_BOOTROM_BOOT_STATUS_INVALID) { |
336 | ret = -EINVAL; |
337 | goto queue_work; |
338 | } |
339 | |
340 | /* |
341 | * XXX Should we return error for insecure firmware? |
342 | */ |
343 | dev_dbg(dev, "ready to boot: 0x%x, 0\n" , status); |
344 | |
345 | queue_work: |
346 | /* |
347 | * Refresh timeout, the Interface shall load the new personality and |
348 | * send a new hotplug request, which shall get rid of the bootrom |
349 | * connection. As that can take some time, increase the timeout a bit. |
350 | */ |
351 | gb_bootrom_set_timeout(bootrom, next: NEXT_REQ_MODE_SWITCH, |
352 | MODE_SWITCH_TIMEOUT_MS); |
353 | |
354 | return ret; |
355 | } |
356 | |
357 | static int gb_bootrom_request_handler(struct gb_operation *op) |
358 | { |
359 | u8 type = op->type; |
360 | |
361 | switch (type) { |
362 | case GB_BOOTROM_TYPE_FIRMWARE_SIZE: |
363 | return gb_bootrom_firmware_size_request(op); |
364 | case GB_BOOTROM_TYPE_GET_FIRMWARE: |
365 | return gb_bootrom_get_firmware(op); |
366 | case GB_BOOTROM_TYPE_READY_TO_BOOT: |
367 | return gb_bootrom_ready_to_boot(op); |
368 | default: |
369 | dev_err(&op->connection->bundle->dev, |
370 | "unsupported request: %u\n" , type); |
371 | return -EINVAL; |
372 | } |
373 | } |
374 | |
375 | static int gb_bootrom_get_version(struct gb_bootrom *bootrom) |
376 | { |
377 | struct gb_bundle *bundle = bootrom->connection->bundle; |
378 | struct gb_bootrom_version_request request; |
379 | struct gb_bootrom_version_response response; |
380 | int ret; |
381 | |
382 | request.major = GB_BOOTROM_VERSION_MAJOR; |
383 | request.minor = GB_BOOTROM_VERSION_MINOR; |
384 | |
385 | ret = gb_operation_sync(connection: bootrom->connection, |
386 | GB_BOOTROM_TYPE_VERSION, |
387 | request: &request, request_size: sizeof(request), response: &response, |
388 | response_size: sizeof(response)); |
389 | if (ret) { |
390 | dev_err(&bundle->dev, |
391 | "failed to get protocol version: %d\n" , |
392 | ret); |
393 | return ret; |
394 | } |
395 | |
396 | if (response.major > request.major) { |
397 | dev_err(&bundle->dev, |
398 | "unsupported major protocol version (%u > %u)\n" , |
399 | response.major, request.major); |
400 | return -ENOTSUPP; |
401 | } |
402 | |
403 | bootrom->protocol_major = response.major; |
404 | bootrom->protocol_minor = response.minor; |
405 | |
406 | dev_dbg(&bundle->dev, "%s - %u.%u\n" , __func__, response.major, |
407 | response.minor); |
408 | |
409 | return 0; |
410 | } |
411 | |
412 | static int gb_bootrom_probe(struct gb_bundle *bundle, |
413 | const struct greybus_bundle_id *id) |
414 | { |
415 | struct greybus_descriptor_cport *cport_desc; |
416 | struct gb_connection *connection; |
417 | struct gb_bootrom *bootrom; |
418 | int ret; |
419 | |
420 | if (bundle->num_cports != 1) |
421 | return -ENODEV; |
422 | |
423 | cport_desc = &bundle->cport_desc[0]; |
424 | if (cport_desc->protocol_id != GREYBUS_PROTOCOL_BOOTROM) |
425 | return -ENODEV; |
426 | |
427 | bootrom = kzalloc(size: sizeof(*bootrom), GFP_KERNEL); |
428 | if (!bootrom) |
429 | return -ENOMEM; |
430 | |
431 | connection = gb_connection_create(bundle, |
432 | le16_to_cpu(cport_desc->id), |
433 | handler: gb_bootrom_request_handler); |
434 | if (IS_ERR(ptr: connection)) { |
435 | ret = PTR_ERR(ptr: connection); |
436 | goto err_free_bootrom; |
437 | } |
438 | |
439 | gb_connection_set_data(connection, data: bootrom); |
440 | |
441 | bootrom->connection = connection; |
442 | |
443 | mutex_init(&bootrom->mutex); |
444 | INIT_DELAYED_WORK(&bootrom->dwork, gb_bootrom_timedout); |
445 | greybus_set_drvdata(bundle, data: bootrom); |
446 | |
447 | ret = gb_connection_enable_tx(connection); |
448 | if (ret) |
449 | goto err_connection_destroy; |
450 | |
451 | ret = gb_bootrom_get_version(bootrom); |
452 | if (ret) |
453 | goto err_connection_disable; |
454 | |
455 | bootrom_es2_fixup_vid_pid(bootrom); |
456 | |
457 | ret = gb_connection_enable(connection); |
458 | if (ret) |
459 | goto err_connection_disable; |
460 | |
461 | /* Refresh timeout */ |
462 | gb_bootrom_set_timeout(bootrom, next: NEXT_REQ_FIRMWARE_SIZE, |
463 | NEXT_REQ_TIMEOUT_MS); |
464 | |
465 | /* Tell bootrom we're ready. */ |
466 | ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_AP_READY, NULL, request_size: 0, |
467 | NULL, response_size: 0); |
468 | if (ret) { |
469 | dev_err(&connection->bundle->dev, |
470 | "failed to send AP READY: %d\n" , ret); |
471 | goto err_cancel_timeout; |
472 | } |
473 | |
474 | dev_dbg(&bundle->dev, "AP_READY sent\n" ); |
475 | |
476 | return 0; |
477 | |
478 | err_cancel_timeout: |
479 | gb_bootrom_cancel_timeout(bootrom); |
480 | err_connection_disable: |
481 | gb_connection_disable(connection); |
482 | err_connection_destroy: |
483 | gb_connection_destroy(connection); |
484 | err_free_bootrom: |
485 | kfree(objp: bootrom); |
486 | |
487 | return ret; |
488 | } |
489 | |
490 | static void gb_bootrom_disconnect(struct gb_bundle *bundle) |
491 | { |
492 | struct gb_bootrom *bootrom = greybus_get_drvdata(bundle); |
493 | |
494 | gb_connection_disable(connection: bootrom->connection); |
495 | |
496 | /* Disable timeouts */ |
497 | gb_bootrom_cancel_timeout(bootrom); |
498 | |
499 | /* |
500 | * Release firmware: |
501 | * |
502 | * As the connection and the delayed work are already disabled, we don't |
503 | * need to lock access to bootrom->fw here. |
504 | */ |
505 | free_firmware(bootrom); |
506 | |
507 | gb_connection_destroy(connection: bootrom->connection); |
508 | kfree(objp: bootrom); |
509 | } |
510 | |
511 | static const struct greybus_bundle_id gb_bootrom_id_table[] = { |
512 | { GREYBUS_DEVICE_CLASS(GREYBUS_CLASS_BOOTROM) }, |
513 | { } |
514 | }; |
515 | |
516 | static struct greybus_driver gb_bootrom_driver = { |
517 | .name = "bootrom" , |
518 | .probe = gb_bootrom_probe, |
519 | .disconnect = gb_bootrom_disconnect, |
520 | .id_table = gb_bootrom_id_table, |
521 | }; |
522 | |
523 | module_greybus_driver(gb_bootrom_driver); |
524 | |
525 | MODULE_LICENSE("GPL v2" ); |
526 | |