xref: /openbmc/linux/drivers/fsi/fsi-sbefifo.c (revision caf83e49)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (C) IBM Corporation 2017
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERGCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  */
14 
15 #include <linux/device.h>
16 #include <linux/errno.h>
17 #include <linux/fs.h>
18 #include <linux/fsi.h>
19 #include <linux/fsi-sbefifo.h>
20 #include <linux/kernel.h>
21 #include <linux/cdev.h>
22 #include <linux/module.h>
23 #include <linux/mutex.h>
24 #include <linux/of.h>
25 #include <linux/of_device.h>
26 #include <linux/of_platform.h>
27 #include <linux/sched.h>
28 #include <linux/slab.h>
29 #include <linux/uaccess.h>
30 #include <linux/delay.h>
31 #include <linux/uio.h>
32 #include <linux/vmalloc.h>
33 #include <linux/mm.h>
34 
35 #include <uapi/linux/fsi.h>
36 
37 /*
38  * The SBEFIFO is a pipe-like FSI device for communicating with
39  * the self boot engine on POWER processors.
40  */
41 
42 #define DEVICE_NAME		"sbefifo"
43 #define FSI_ENGID_SBE		0x22
44 
45 /*
46  * Register layout
47  */
48 
49 /* Register banks */
50 #define SBEFIFO_UP		0x00		/* FSI -> Host */
51 #define SBEFIFO_DOWN		0x40		/* Host -> FSI */
52 
53 /* Per-bank registers */
54 #define SBEFIFO_FIFO		0x00		/* The FIFO itself */
55 #define SBEFIFO_STS		0x04		/* Status register */
56 #define   SBEFIFO_STS_PARITY_ERR	0x20000000
57 #define   SBEFIFO_STS_RESET_REQ		0x02000000
58 #define   SBEFIFO_STS_GOT_EOT		0x00800000
59 #define   SBEFIFO_STS_MAX_XFER_LIMIT	0x00400000
60 #define   SBEFIFO_STS_FULL		0x00200000
61 #define   SBEFIFO_STS_EMPTY		0x00100000
62 #define   SBEFIFO_STS_ECNT_MASK		0x000f0000
63 #define   SBEFIFO_STS_ECNT_SHIFT	16
64 #define   SBEFIFO_STS_VALID_MASK	0x0000ff00
65 #define   SBEFIFO_STS_VALID_SHIFT	8
66 #define   SBEFIFO_STS_EOT_MASK		0x000000ff
67 #define   SBEFIFO_STS_EOT_SHIFT		0
68 #define SBEFIFO_EOT_RAISE	0x08		/* (Up only) Set End Of Transfer */
69 #define SBEFIFO_REQ_RESET	0x0C		/* (Up only) Reset Request */
70 #define SBEFIFO_PERFORM_RESET	0x10		/* (Down only) Perform Reset */
71 #define SBEFIFO_EOT_ACK		0x14		/* (Down only) Acknowledge EOT */
72 #define SBEFIFO_DOWN_MAX	0x18		/* (Down only) Max transfer */
73 
74 /* CFAM GP Mailbox SelfBoot Message register */
75 #define CFAM_GP_MBOX_SBM_ADDR	0x2824	/* Converted 0x2809 */
76 
77 #define CFAM_SBM_SBE_BOOTED		0x80000000
78 #define CFAM_SBM_SBE_ASYNC_FFDC		0x40000000
79 #define CFAM_SBM_SBE_STATE_MASK		0x00f00000
80 #define CFAM_SBM_SBE_STATE_SHIFT	20
81 
82 enum sbe_state
83 {
84 	SBE_STATE_UNKNOWN = 0x0, // Unkown, initial state
85 	SBE_STATE_IPLING  = 0x1, // IPL'ing - autonomous mode (transient)
86 	SBE_STATE_ISTEP   = 0x2, // ISTEP - Running IPL by steps (transient)
87 	SBE_STATE_MPIPL   = 0x3, // MPIPL
88 	SBE_STATE_RUNTIME = 0x4, // SBE Runtime
89 	SBE_STATE_DMT     = 0x5, // Dead Man Timer State (transient)
90 	SBE_STATE_DUMP    = 0x6, // Dumping
91 	SBE_STATE_FAILURE = 0x7, // Internal SBE failure
92 	SBE_STATE_QUIESCE = 0x8, // Final state - needs SBE reset to get out
93 };
94 
95 /* FIFO depth */
96 #define SBEFIFO_FIFO_DEPTH		8
97 
98 /* Helpers */
99 #define sbefifo_empty(sts)	((sts) & SBEFIFO_STS_EMPTY)
100 #define sbefifo_full(sts)	((sts) & SBEFIFO_STS_FULL)
101 #define sbefifo_parity_err(sts)	((sts) & SBEFIFO_STS_PARITY_ERR)
102 #define sbefifo_populated(sts)	(((sts) & SBEFIFO_STS_ECNT_MASK) >> SBEFIFO_STS_ECNT_SHIFT)
103 #define sbefifo_vacant(sts)	(SBEFIFO_FIFO_DEPTH - sbefifo_populated(sts))
104 #define sbefifo_eot_set(sts)	(((sts) & SBEFIFO_STS_EOT_MASK) >> SBEFIFO_STS_EOT_SHIFT)
105 
106 /* Reset request timeout in ms */
107 #define SBEFIFO_RESET_TIMEOUT		10000
108 
109 /* Timeouts for commands in ms */
110 #define SBEFIFO_TIMEOUT_START_CMD	10000
111 #define SBEFIFO_TIMEOUT_IN_CMD		1000
112 #define SBEFIFO_TIMEOUT_START_RSP	10000
113 #define SBEFIFO_TIMEOUT_IN_RSP		1000
114 
115 /* Other constants */
116 #define SBEFIFO_MAX_USER_CMD_LEN	(0x100000 + PAGE_SIZE)
117 #define SBEFIFO_RESET_MAGIC		0x52534554 /* "RSET" */
118 
119 struct sbefifo {
120 	uint32_t		magic;
121 #define SBEFIFO_MAGIC		0x53424546 /* "SBEF" */
122 	struct fsi_device	*fsi_dev;
123 	struct device		dev;
124 	struct cdev		cdev;
125 	struct mutex		lock;
126 	bool			broken;
127 	bool			dead;
128 	bool			async_ffdc;
129 	bool			timed_out;
130 	u32			timeout_start_rsp_ms;
131 };
132 
133 struct sbefifo_user {
134 	struct sbefifo		*sbefifo;
135 	struct mutex		file_lock;
136 	void			*cmd_page;
137 	void			*pending_cmd;
138 	size_t			pending_len;
139 	u32			read_timeout_ms;
140 };
141 
142 static DEFINE_MUTEX(sbefifo_ffdc_mutex);
143 
144 static ssize_t timeout_show(struct device *dev, struct device_attribute *attr,
145 			    char *buf)
146 {
147 	struct sbefifo *sbefifo = container_of(dev, struct sbefifo, dev);
148 
149 	return sysfs_emit(buf, "%d\n", sbefifo->timed_out ? 1 : 0);
150 }
151 static DEVICE_ATTR_RO(timeout);
152 
153 static void __sbefifo_dump_ffdc(struct device *dev, const __be32 *ffdc,
154 				size_t ffdc_sz, bool internal)
155 {
156 	int pack = 0;
157 #define FFDC_LSIZE	60
158 	static char ffdc_line[FFDC_LSIZE];
159 	char *p = ffdc_line;
160 
161 	while (ffdc_sz) {
162 		u32 w0, w1, w2, i;
163 		if (ffdc_sz < 3) {
164 			dev_err(dev, "SBE invalid FFDC package size %zd\n", ffdc_sz);
165 			return;
166 		}
167 		w0 = be32_to_cpu(*(ffdc++));
168 		w1 = be32_to_cpu(*(ffdc++));
169 		w2 = be32_to_cpu(*(ffdc++));
170 		ffdc_sz -= 3;
171 		if ((w0 >> 16) != 0xFFDC) {
172 			dev_err(dev, "SBE invalid FFDC package signature %08x %08x %08x\n",
173 				w0, w1, w2);
174 			break;
175 		}
176 		w0 &= 0xffff;
177 		if (w0 > ffdc_sz) {
178 			dev_err(dev, "SBE FFDC package len %d words but only %zd remaining\n",
179 				w0, ffdc_sz);
180 			w0 = ffdc_sz;
181 			break;
182 		}
183 		if (internal) {
184 			dev_warn(dev, "+---- SBE FFDC package %d for async err -----+\n",
185 				 pack++);
186 		} else {
187 			dev_warn(dev, "+---- SBE FFDC package %d for cmd %02x:%02x -----+\n",
188 				 pack++, (w1 >> 8) & 0xff, w1 & 0xff);
189 		}
190 		dev_warn(dev, "| Response code: %08x                   |\n", w2);
191 		dev_warn(dev, "|-------------------------------------------|\n");
192 		for (i = 0; i < w0; i++) {
193 			if ((i & 3) == 0) {
194 				p = ffdc_line;
195 				p += sprintf(p, "| %04x:", i << 4);
196 			}
197 			p += sprintf(p, " %08x", be32_to_cpu(*(ffdc++)));
198 			ffdc_sz--;
199 			if ((i & 3) == 3 || i == (w0 - 1)) {
200 				while ((i & 3) < 3) {
201 					p += sprintf(p, "         ");
202 					i++;
203 				}
204 				dev_warn(dev, "%s |\n", ffdc_line);
205 			}
206 		}
207 		dev_warn(dev, "+-------------------------------------------+\n");
208 	}
209 }
210 
211 static void sbefifo_dump_ffdc(struct device *dev, const __be32 *ffdc,
212 			      size_t ffdc_sz, bool internal)
213 {
214 	mutex_lock(&sbefifo_ffdc_mutex);
215 	__sbefifo_dump_ffdc(dev, ffdc, ffdc_sz, internal);
216 	mutex_unlock(&sbefifo_ffdc_mutex);
217 }
218 
219 int sbefifo_parse_status(struct device *dev, u16 cmd, __be32 *response,
220 			 size_t resp_len, size_t *data_len)
221 {
222 	u32 dh, s0, s1;
223 	size_t ffdc_sz;
224 
225 	if (resp_len < 3) {
226 		pr_debug("sbefifo: cmd %04x, response too small: %zd\n",
227 			 cmd, resp_len);
228 		return -ENXIO;
229 	}
230 	dh = be32_to_cpu(response[resp_len - 1]);
231 	if (dh > resp_len || dh < 3) {
232 		dev_err(dev, "SBE cmd %02x:%02x status offset out of range: %d/%zd\n",
233 			cmd >> 8, cmd & 0xff, dh, resp_len);
234 		return -ENXIO;
235 	}
236 	s0 = be32_to_cpu(response[resp_len - dh]);
237 	s1 = be32_to_cpu(response[resp_len - dh + 1]);
238 	if (((s0 >> 16) != 0xC0DE) || ((s0 & 0xffff) != cmd)) {
239 		dev_err(dev, "SBE cmd %02x:%02x, status signature invalid: 0x%08x 0x%08x\n",
240 			cmd >> 8, cmd & 0xff, s0, s1);
241 		return -ENXIO;
242 	}
243 	if (s1 != 0) {
244 		ffdc_sz = dh - 3;
245 		dev_warn(dev, "SBE error cmd %02x:%02x status=%04x:%04x\n",
246 			 cmd >> 8, cmd & 0xff, s1 >> 16, s1 & 0xffff);
247 		if (ffdc_sz)
248 			sbefifo_dump_ffdc(dev, &response[resp_len - dh + 2],
249 					  ffdc_sz, false);
250 	}
251 	if (data_len)
252 		*data_len = resp_len - dh;
253 
254 	/*
255 	 * Primary status don't have the top bit set, so can't be confused with
256 	 * Linux negative error codes, so return the status word whole.
257 	 */
258 	return s1;
259 }
260 EXPORT_SYMBOL_GPL(sbefifo_parse_status);
261 
262 static int sbefifo_regr(struct sbefifo *sbefifo, int reg, u32 *word)
263 {
264 	__be32 raw_word;
265 	int rc;
266 
267 	rc = fsi_device_read(sbefifo->fsi_dev, reg, &raw_word,
268 			     sizeof(raw_word));
269 	if (rc)
270 		return rc;
271 
272 	*word = be32_to_cpu(raw_word);
273 
274 	return 0;
275 }
276 
277 static int sbefifo_regw(struct sbefifo *sbefifo, int reg, u32 word)
278 {
279 	__be32 raw_word = cpu_to_be32(word);
280 
281 	return fsi_device_write(sbefifo->fsi_dev, reg, &raw_word,
282 				sizeof(raw_word));
283 }
284 
285 static int sbefifo_check_sbe_state(struct sbefifo *sbefifo)
286 {
287 	__be32 raw_word;
288 	u32 sbm;
289 	int rc;
290 
291 	rc = fsi_slave_read(sbefifo->fsi_dev->slave, CFAM_GP_MBOX_SBM_ADDR,
292 			    &raw_word, sizeof(raw_word));
293 	if (rc)
294 		return rc;
295 	sbm = be32_to_cpu(raw_word);
296 
297 	/* SBE booted at all ? */
298 	if (!(sbm & CFAM_SBM_SBE_BOOTED))
299 		return -ESHUTDOWN;
300 
301 	/* Check its state */
302 	switch ((sbm & CFAM_SBM_SBE_STATE_MASK) >> CFAM_SBM_SBE_STATE_SHIFT) {
303 	case SBE_STATE_UNKNOWN:
304 		return -ESHUTDOWN;
305 	case SBE_STATE_DMT:
306 		return -EBUSY;
307 	case SBE_STATE_IPLING:
308 	case SBE_STATE_ISTEP:
309 	case SBE_STATE_MPIPL:
310 	case SBE_STATE_RUNTIME:
311 	case SBE_STATE_DUMP: /* Not sure about that one */
312 		break;
313 	case SBE_STATE_FAILURE:
314 	case SBE_STATE_QUIESCE:
315 		return -ESHUTDOWN;
316 	}
317 
318 	/* Is there async FFDC available ? Remember it */
319 	if (sbm & CFAM_SBM_SBE_ASYNC_FFDC)
320 		sbefifo->async_ffdc = true;
321 
322 	return 0;
323 }
324 
325 /* Don't flip endianness of data to/from FIFO, just pass through. */
326 static int sbefifo_down_read(struct sbefifo *sbefifo, __be32 *word)
327 {
328 	return fsi_device_read(sbefifo->fsi_dev, SBEFIFO_DOWN, word,
329 			       sizeof(*word));
330 }
331 
332 static int sbefifo_up_write(struct sbefifo *sbefifo, __be32 word)
333 {
334 	return fsi_device_write(sbefifo->fsi_dev, SBEFIFO_UP, &word,
335 				sizeof(word));
336 }
337 
338 static int sbefifo_request_reset(struct sbefifo *sbefifo)
339 {
340 	struct device *dev = &sbefifo->fsi_dev->dev;
341 	unsigned long end_time;
342 	u32 status;
343 	int rc;
344 
345 	dev_dbg(dev, "Requesting FIFO reset\n");
346 
347 	/* Mark broken first, will be cleared if reset succeeds */
348 	sbefifo->broken = true;
349 
350 	/* Send reset request */
351 	rc = sbefifo_regw(sbefifo, SBEFIFO_UP | SBEFIFO_REQ_RESET, 1);
352 	if (rc) {
353 		dev_err(dev, "Sending reset request failed, rc=%d\n", rc);
354 		return rc;
355 	}
356 
357 	/* Wait for it to complete */
358 	end_time = jiffies + msecs_to_jiffies(SBEFIFO_RESET_TIMEOUT);
359 	while (!time_after(jiffies, end_time)) {
360 		rc = sbefifo_regr(sbefifo, SBEFIFO_UP | SBEFIFO_STS, &status);
361 		if (rc) {
362 			dev_err(dev, "Failed to read UP fifo status during reset"
363 				" , rc=%d\n", rc);
364 			return rc;
365 		}
366 
367 		if (!(status & SBEFIFO_STS_RESET_REQ)) {
368 			dev_dbg(dev, "FIFO reset done\n");
369 			sbefifo->broken = false;
370 			return 0;
371 		}
372 
373 		cond_resched();
374 	}
375 	dev_err(dev, "FIFO reset timed out\n");
376 
377 	return -ETIMEDOUT;
378 }
379 
380 static int sbefifo_cleanup_hw(struct sbefifo *sbefifo)
381 {
382 	struct device *dev = &sbefifo->fsi_dev->dev;
383 	u32 up_status, down_status;
384 	bool need_reset = false;
385 	int rc;
386 
387 	rc = sbefifo_check_sbe_state(sbefifo);
388 	if (rc) {
389 		dev_dbg(dev, "SBE state=%d\n", rc);
390 		return rc;
391 	}
392 
393 	/* If broken, we don't need to look at status, go straight to reset */
394 	if (sbefifo->broken)
395 		goto do_reset;
396 
397 	rc = sbefifo_regr(sbefifo, SBEFIFO_UP | SBEFIFO_STS, &up_status);
398 	if (rc) {
399 		dev_err(dev, "Cleanup: Reading UP status failed, rc=%d\n", rc);
400 
401 		/* Will try reset again on next attempt at using it */
402 		sbefifo->broken = true;
403 		return rc;
404 	}
405 
406 	rc = sbefifo_regr(sbefifo, SBEFIFO_DOWN | SBEFIFO_STS, &down_status);
407 	if (rc) {
408 		dev_err(dev, "Cleanup: Reading DOWN status failed, rc=%d\n", rc);
409 
410 		/* Will try reset again on next attempt at using it */
411 		sbefifo->broken = true;
412 		return rc;
413 	}
414 
415 	/* The FIFO already contains a reset request from the SBE ? */
416 	if (down_status & SBEFIFO_STS_RESET_REQ) {
417 		dev_info(dev, "Cleanup: FIFO reset request set, resetting\n");
418 		rc = sbefifo_regw(sbefifo, SBEFIFO_DOWN, SBEFIFO_PERFORM_RESET);
419 		if (rc) {
420 			sbefifo->broken = true;
421 			dev_err(dev, "Cleanup: Reset reg write failed, rc=%d\n", rc);
422 			return rc;
423 		}
424 		sbefifo->broken = false;
425 		return 0;
426 	}
427 
428 	/* Parity error on either FIFO ? */
429 	if ((up_status | down_status) & SBEFIFO_STS_PARITY_ERR)
430 		need_reset = true;
431 
432 	/* Either FIFO not empty ? */
433 	if (!((up_status & down_status) & SBEFIFO_STS_EMPTY))
434 		need_reset = true;
435 
436 	if (!need_reset)
437 		return 0;
438 
439 	dev_info(dev, "Cleanup: FIFO not clean (up=0x%08x down=0x%08x)\n",
440 		 up_status, down_status);
441 
442  do_reset:
443 
444 	/* Mark broken, will be cleared if/when reset succeeds */
445 	return sbefifo_request_reset(sbefifo);
446 }
447 
448 static int sbefifo_wait(struct sbefifo *sbefifo, bool up,
449 			u32 *status, unsigned long timeout)
450 {
451 	struct device *dev = &sbefifo->fsi_dev->dev;
452 	unsigned long end_time;
453 	bool ready = false;
454 	u32 addr, sts = 0;
455 	int rc;
456 
457 	dev_vdbg(dev, "Wait on %s fifo...\n", up ? "up" : "down");
458 
459 	addr = (up ? SBEFIFO_UP : SBEFIFO_DOWN) | SBEFIFO_STS;
460 
461 	end_time = jiffies + timeout;
462 	while (!time_after(jiffies, end_time)) {
463 		cond_resched();
464 		rc = sbefifo_regr(sbefifo, addr, &sts);
465 		if (rc < 0) {
466 			dev_err(dev, "FSI error %d reading status register\n", rc);
467 			return rc;
468 		}
469 		if (!up && sbefifo_parity_err(sts)) {
470 			dev_err(dev, "Parity error in DOWN FIFO\n");
471 			return -ENXIO;
472 		}
473 		ready = !(up ? sbefifo_full(sts) : sbefifo_empty(sts));
474 		if (ready)
475 			break;
476 	}
477 	if (!ready) {
478 		sysfs_notify(&sbefifo->dev.kobj, NULL, dev_attr_timeout.attr.name);
479 		sbefifo->timed_out = true;
480 		dev_err(dev, "%s FIFO Timeout ! status=%08x\n", up ? "UP" : "DOWN", sts);
481 		return -ETIMEDOUT;
482 	}
483 	dev_vdbg(dev, "End of wait status: %08x\n", sts);
484 
485 	sbefifo->timed_out = false;
486 	*status = sts;
487 
488 	return 0;
489 }
490 
491 static int sbefifo_send_command(struct sbefifo *sbefifo,
492 				const __be32 *command, size_t cmd_len)
493 {
494 	struct device *dev = &sbefifo->fsi_dev->dev;
495 	size_t len, chunk, vacant = 0, remaining = cmd_len;
496 	unsigned long timeout;
497 	u32 status;
498 	int rc;
499 
500 	dev_vdbg(dev, "sending command (%zd words, cmd=%04x)\n",
501 		 cmd_len, be32_to_cpu(command[1]));
502 
503 	/* As long as there's something to send */
504 	timeout = msecs_to_jiffies(SBEFIFO_TIMEOUT_START_CMD);
505 	while (remaining) {
506 		/* Wait for room in the FIFO */
507 		rc = sbefifo_wait(sbefifo, true, &status, timeout);
508 		if (rc < 0)
509 			return rc;
510 		timeout = msecs_to_jiffies(SBEFIFO_TIMEOUT_IN_CMD);
511 
512 		vacant = sbefifo_vacant(status);
513 		len = chunk = min(vacant, remaining);
514 
515 		dev_vdbg(dev, "  status=%08x vacant=%zd chunk=%zd\n",
516 			 status, vacant, chunk);
517 
518 		/* Write as much as we can */
519 		while (len--) {
520 			rc = sbefifo_up_write(sbefifo, *(command++));
521 			if (rc) {
522 				dev_err(dev, "FSI error %d writing UP FIFO\n", rc);
523 				return rc;
524 			}
525 		}
526 		remaining -= chunk;
527 		vacant -= chunk;
528 	}
529 
530 	/* If there's no room left, wait for some to write EOT */
531 	if (!vacant) {
532 		rc = sbefifo_wait(sbefifo, true, &status, timeout);
533 		if (rc)
534 			return rc;
535 	}
536 
537 	/* Send an EOT */
538 	rc = sbefifo_regw(sbefifo, SBEFIFO_UP | SBEFIFO_EOT_RAISE, 0);
539 	if (rc)
540 		dev_err(dev, "FSI error %d writing EOT\n", rc);
541 	return rc;
542 }
543 
544 static int sbefifo_read_response(struct sbefifo *sbefifo, struct iov_iter *response)
545 {
546 	struct device *dev = &sbefifo->fsi_dev->dev;
547 	u32 status, eot_set;
548 	unsigned long timeout;
549 	bool overflow = false;
550 	__be32 data;
551 	size_t len;
552 	int rc;
553 
554 	dev_vdbg(dev, "reading response, buflen = %zd\n", iov_iter_count(response));
555 
556 	timeout = msecs_to_jiffies(sbefifo->timeout_start_rsp_ms);
557 	for (;;) {
558 		/* Grab FIFO status (this will handle parity errors) */
559 		rc = sbefifo_wait(sbefifo, false, &status, timeout);
560 		if (rc < 0)
561 			return rc;
562 		timeout = msecs_to_jiffies(SBEFIFO_TIMEOUT_IN_RSP);
563 
564 		/* Decode status */
565 		len = sbefifo_populated(status);
566 		eot_set = sbefifo_eot_set(status);
567 
568 		dev_vdbg(dev, "  chunk size %zd eot_set=0x%x\n", len, eot_set);
569 
570 		/* Go through the chunk */
571 		while(len--) {
572 			/* Read the data */
573 			rc = sbefifo_down_read(sbefifo, &data);
574 			if (rc < 0)
575 				return rc;
576 
577 			/* Was it an EOT ? */
578 			if (eot_set & 0x80) {
579 				/*
580 				 * There should be nothing else in the FIFO,
581 				 * if there is, mark broken, this will force
582 				 * a reset on next use, but don't fail the
583 				 * command.
584 				 */
585 				if (len) {
586 					dev_warn(dev, "FIFO read hit"
587 						 " EOT with still %zd data\n",
588 						 len);
589 					sbefifo->broken = true;
590 				}
591 
592 				/* We are done */
593 				rc = sbefifo_regw(sbefifo,
594 						  SBEFIFO_DOWN | SBEFIFO_EOT_ACK, 0);
595 
596 				/*
597 				 * If that write fail, still complete the request but mark
598 				 * the fifo as broken for subsequent reset (not much else
599 				 * we can do here).
600 				 */
601 				if (rc) {
602 					dev_err(dev, "FSI error %d ack'ing EOT\n", rc);
603 					sbefifo->broken = true;
604 				}
605 
606 				/* Tell whether we overflowed */
607 				return overflow ? -EOVERFLOW : 0;
608 			}
609 
610 			/* Store it if there is room */
611 			if (iov_iter_count(response) >= sizeof(__be32)) {
612 				if (copy_to_iter(&data, sizeof(__be32), response) < sizeof(__be32))
613 					return -EFAULT;
614 			} else {
615 				dev_vdbg(dev, "Response overflowed !\n");
616 
617 				overflow = true;
618 			}
619 
620 			/* Next EOT bit */
621 			eot_set <<= 1;
622 		}
623 	}
624 	/* Shouldn't happen */
625 	return -EIO;
626 }
627 
628 static int sbefifo_do_command(struct sbefifo *sbefifo,
629 			      const __be32 *command, size_t cmd_len,
630 			      struct iov_iter *response)
631 {
632 	/* Try sending the command */
633 	int rc = sbefifo_send_command(sbefifo, command, cmd_len);
634 	if (rc)
635 		return rc;
636 
637 	/* Now, get the response */
638 	return sbefifo_read_response(sbefifo, response);
639 }
640 
641 static void sbefifo_collect_async_ffdc(struct sbefifo *sbefifo)
642 {
643 	struct device *dev = &sbefifo->fsi_dev->dev;
644         struct iov_iter ffdc_iter;
645         struct kvec ffdc_iov;
646 	__be32 *ffdc;
647 	size_t ffdc_sz;
648 	__be32 cmd[2];
649 	int rc;
650 
651 	sbefifo->async_ffdc = false;
652 	ffdc = vmalloc(SBEFIFO_MAX_FFDC_SIZE);
653 	if (!ffdc) {
654 		dev_err(dev, "Failed to allocate SBE FFDC buffer\n");
655 		return;
656 	}
657         ffdc_iov.iov_base = ffdc;
658 	ffdc_iov.iov_len = SBEFIFO_MAX_FFDC_SIZE;
659         iov_iter_kvec(&ffdc_iter, WRITE, &ffdc_iov, 1, SBEFIFO_MAX_FFDC_SIZE);
660 	cmd[0] = cpu_to_be32(2);
661 	cmd[1] = cpu_to_be32(SBEFIFO_CMD_GET_SBE_FFDC);
662 	rc = sbefifo_do_command(sbefifo, cmd, 2, &ffdc_iter);
663 	if (rc != 0) {
664 		dev_err(dev, "Error %d retrieving SBE FFDC\n", rc);
665 		goto bail;
666 	}
667 	ffdc_sz = SBEFIFO_MAX_FFDC_SIZE - iov_iter_count(&ffdc_iter);
668 	ffdc_sz /= sizeof(__be32);
669 	rc = sbefifo_parse_status(dev, SBEFIFO_CMD_GET_SBE_FFDC, ffdc,
670 				  ffdc_sz, &ffdc_sz);
671 	if (rc != 0) {
672 		dev_err(dev, "Error %d decoding SBE FFDC\n", rc);
673 		goto bail;
674 	}
675 	if (ffdc_sz > 0)
676 		sbefifo_dump_ffdc(dev, ffdc, ffdc_sz, true);
677  bail:
678 	vfree(ffdc);
679 
680 }
681 
682 static int __sbefifo_submit(struct sbefifo *sbefifo,
683 			    const __be32 *command, size_t cmd_len,
684 			    struct iov_iter *response)
685 {
686 	struct device *dev = &sbefifo->fsi_dev->dev;
687 	int rc;
688 
689 	if (sbefifo->dead)
690 		return -ENODEV;
691 
692 	if (cmd_len < 2 || be32_to_cpu(command[0]) != cmd_len) {
693 		dev_vdbg(dev, "Invalid command len %zd (header: %d)\n",
694 			 cmd_len, be32_to_cpu(command[0]));
695 		return -EINVAL;
696 	}
697 
698 	/* First ensure the HW is in a clean state */
699 	rc = sbefifo_cleanup_hw(sbefifo);
700 	if (rc)
701 		return rc;
702 
703 	/* Look for async FFDC first if any */
704 	if (sbefifo->async_ffdc)
705 		sbefifo_collect_async_ffdc(sbefifo);
706 
707 	rc = sbefifo_do_command(sbefifo, command, cmd_len, response);
708 	if (rc != 0 && rc != -EOVERFLOW)
709 		goto fail;
710 	return rc;
711  fail:
712 	/*
713 	 * On failure, attempt a reset. Ignore the result, it will mark
714 	 * the fifo broken if the reset fails
715 	 */
716         sbefifo_request_reset(sbefifo);
717 
718 	/* Return original error */
719 	return rc;
720 }
721 
722 /**
723  * sbefifo_submit() - Submit and SBE fifo command and receive response
724  * @dev: The sbefifo device
725  * @command: The raw command data
726  * @cmd_len: The command size (in 32-bit words)
727  * @response: The output response buffer
728  * @resp_len: In: Response buffer size, Out: Response size
729  *
730  * This will perform the entire operation. If the reponse buffer
731  * overflows, returns -EOVERFLOW
732  */
733 int sbefifo_submit(struct device *dev, const __be32 *command, size_t cmd_len,
734 		   __be32 *response, size_t *resp_len)
735 {
736 	struct sbefifo *sbefifo;
737         struct iov_iter resp_iter;
738         struct kvec resp_iov;
739 	size_t rbytes;
740 	int rc;
741 
742 	if (!dev)
743 		return -ENODEV;
744 	sbefifo = dev_get_drvdata(dev);
745 	if (!sbefifo)
746 		return -ENODEV;
747 	if (WARN_ON_ONCE(sbefifo->magic != SBEFIFO_MAGIC))
748 		return -ENODEV;
749 	if (!resp_len || !command || !response)
750 		return -EINVAL;
751 
752 	/* Prepare iov iterator */
753 	rbytes = (*resp_len) * sizeof(__be32);
754 	resp_iov.iov_base = response;
755 	resp_iov.iov_len = rbytes;
756         iov_iter_kvec(&resp_iter, WRITE, &resp_iov, 1, rbytes);
757 
758 	/* Perform the command */
759 	rc = mutex_lock_interruptible(&sbefifo->lock);
760 	if (rc)
761 		return rc;
762 	rc = __sbefifo_submit(sbefifo, command, cmd_len, &resp_iter);
763 	mutex_unlock(&sbefifo->lock);
764 
765 	/* Extract the response length */
766 	rbytes -= iov_iter_count(&resp_iter);
767 	*resp_len = rbytes / sizeof(__be32);
768 
769 	return rc;
770 }
771 EXPORT_SYMBOL_GPL(sbefifo_submit);
772 
773 /*
774  * Char device interface
775  */
776 
777 static void sbefifo_release_command(struct sbefifo_user *user)
778 {
779 	if (is_vmalloc_addr(user->pending_cmd))
780 		vfree(user->pending_cmd);
781 	user->pending_cmd = NULL;
782 	user->pending_len = 0;
783 }
784 
785 static int sbefifo_user_open(struct inode *inode, struct file *file)
786 {
787 	struct sbefifo *sbefifo = container_of(inode->i_cdev, struct sbefifo, cdev);
788 	struct sbefifo_user *user;
789 
790 	user = kzalloc(sizeof(struct sbefifo_user), GFP_KERNEL);
791 	if (!user)
792 		return -ENOMEM;
793 
794 	file->private_data = user;
795 	user->sbefifo = sbefifo;
796 	user->cmd_page = (void *)__get_free_page(GFP_KERNEL);
797 	if (!user->cmd_page) {
798 		kfree(user);
799 		return -ENOMEM;
800 	}
801 	mutex_init(&user->file_lock);
802 	user->read_timeout_ms = SBEFIFO_TIMEOUT_START_RSP;
803 
804 	return 0;
805 }
806 
807 static ssize_t sbefifo_user_read(struct file *file, char __user *buf,
808 				 size_t len, loff_t *offset)
809 {
810 	struct sbefifo_user *user = file->private_data;
811 	struct sbefifo *sbefifo;
812 	struct iov_iter resp_iter;
813         struct iovec resp_iov;
814 	size_t cmd_len;
815 	int rc;
816 
817 	if (!user)
818 		return -EINVAL;
819 	sbefifo = user->sbefifo;
820 	if (len & 3)
821 		return -EINVAL;
822 
823 	mutex_lock(&user->file_lock);
824 
825 	/* Cronus relies on -EAGAIN after a short read */
826 	if (user->pending_len == 0) {
827 		rc = -EAGAIN;
828 		goto bail;
829 	}
830 	if (user->pending_len < 8) {
831 		rc = -EINVAL;
832 		goto bail;
833 	}
834 	cmd_len = user->pending_len >> 2;
835 
836 	/* Prepare iov iterator */
837 	resp_iov.iov_base = buf;
838 	resp_iov.iov_len = len;
839 	iov_iter_init(&resp_iter, WRITE, &resp_iov, 1, len);
840 
841 	/* Perform the command */
842 	rc = mutex_lock_interruptible(&sbefifo->lock);
843 	if (rc)
844 		goto bail;
845 	sbefifo->timeout_start_rsp_ms = user->read_timeout_ms;
846 	rc = __sbefifo_submit(sbefifo, user->pending_cmd, cmd_len, &resp_iter);
847 	sbefifo->timeout_start_rsp_ms = SBEFIFO_TIMEOUT_START_RSP;
848 	mutex_unlock(&sbefifo->lock);
849 	if (rc < 0)
850 		goto bail;
851 
852 	/* Extract the response length */
853 	rc = len - iov_iter_count(&resp_iter);
854  bail:
855 	sbefifo_release_command(user);
856 	mutex_unlock(&user->file_lock);
857 	return rc;
858 }
859 
860 static ssize_t sbefifo_user_write(struct file *file, const char __user *buf,
861 				  size_t len, loff_t *offset)
862 {
863 	struct sbefifo_user *user = file->private_data;
864 	struct sbefifo *sbefifo;
865 	int rc = len;
866 
867 	if (!user)
868 		return -EINVAL;
869 	sbefifo = user->sbefifo;
870 	if (len > SBEFIFO_MAX_USER_CMD_LEN)
871 		return -EINVAL;
872 	if (len & 3)
873 		return -EINVAL;
874 
875 	mutex_lock(&user->file_lock);
876 
877 	/* Can we use the pre-allocate buffer ? If not, allocate */
878 	if (len <= PAGE_SIZE)
879 		user->pending_cmd = user->cmd_page;
880 	else
881 		user->pending_cmd = vmalloc(len);
882 	if (!user->pending_cmd) {
883 		rc = -ENOMEM;
884 		goto bail;
885 	}
886 
887 	/* Copy the command into the staging buffer */
888 	if (copy_from_user(user->pending_cmd, buf, len)) {
889 		rc = -EFAULT;
890 		goto bail;
891 	}
892 
893 	/* Check for the magic reset command */
894 	if (len == 4 && be32_to_cpu(*(__be32 *)user->pending_cmd) ==
895 	    SBEFIFO_RESET_MAGIC)  {
896 
897 		/* Clear out any pending command */
898 		user->pending_len = 0;
899 
900 		/* Trigger reset request */
901 		rc = mutex_lock_interruptible(&sbefifo->lock);
902 		if (rc)
903 			goto bail;
904 		rc = sbefifo_request_reset(user->sbefifo);
905 		mutex_unlock(&sbefifo->lock);
906 		if (rc == 0)
907 			rc = 4;
908 		goto bail;
909 	}
910 
911 	/* Update the staging buffer size */
912 	user->pending_len = len;
913  bail:
914 	if (!user->pending_len)
915 		sbefifo_release_command(user);
916 
917 	mutex_unlock(&user->file_lock);
918 
919 	/* And that's it, we'll issue the command on a read */
920 	return rc;
921 }
922 
923 static int sbefifo_user_release(struct inode *inode, struct file *file)
924 {
925 	struct sbefifo_user *user = file->private_data;
926 
927 	if (!user)
928 		return -EINVAL;
929 
930 	sbefifo_release_command(user);
931 	free_page((unsigned long)user->cmd_page);
932 	kfree(user);
933 
934 	return 0;
935 }
936 
937 static int sbefifo_read_timeout(struct sbefifo_user *user, void __user *argp)
938 {
939 	struct device *dev = &user->sbefifo->dev;
940 	u32 timeout;
941 
942 	if (get_user(timeout, (__u32 __user *)argp))
943 		return -EFAULT;
944 
945 	if (timeout == 0) {
946 		user->read_timeout_ms = SBEFIFO_TIMEOUT_START_RSP;
947 		dev_dbg(dev, "Timeout reset to %d\n", user->read_timeout_ms);
948 		return 0;
949 	}
950 
951 	if (timeout < 10 || timeout > 120)
952 		return -EINVAL;
953 
954 	user->read_timeout_ms = timeout * 1000; /* user timeout is in sec */
955 
956 	dev_dbg(dev, "Timeout set to %d\n", user->read_timeout_ms);
957 
958 	return 0;
959 }
960 
961 static long sbefifo_user_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
962 {
963 	struct sbefifo_user *user = file->private_data;
964 	int rc = -ENOTTY;
965 
966 	if (!user)
967 		return -EINVAL;
968 
969 	mutex_lock(&user->file_lock);
970 	switch (cmd) {
971 	case FSI_SBEFIFO_READ_TIMEOUT_SECONDS:
972 		rc = sbefifo_read_timeout(user, (void __user *)arg);
973 		break;
974 	}
975 	mutex_unlock(&user->file_lock);
976 	return rc;
977 }
978 
979 static const struct file_operations sbefifo_fops = {
980 	.owner		= THIS_MODULE,
981 	.open		= sbefifo_user_open,
982 	.read		= sbefifo_user_read,
983 	.write		= sbefifo_user_write,
984 	.release	= sbefifo_user_release,
985 	.unlocked_ioctl = sbefifo_user_ioctl,
986 };
987 
988 static void sbefifo_free(struct device *dev)
989 {
990 	struct sbefifo *sbefifo = container_of(dev, struct sbefifo, dev);
991 
992 	put_device(&sbefifo->fsi_dev->dev);
993 	kfree(sbefifo);
994 }
995 
996 /*
997  * Probe/remove
998  */
999 
1000 static int sbefifo_probe(struct device *dev)
1001 {
1002 	struct fsi_device *fsi_dev = to_fsi_dev(dev);
1003 	struct sbefifo *sbefifo;
1004 	struct device_node *np;
1005 	struct platform_device *child;
1006 	char child_name[32];
1007 	int rc, didx, child_idx = 0;
1008 
1009 	dev_dbg(dev, "Found sbefifo device\n");
1010 
1011 	sbefifo = kzalloc(sizeof(*sbefifo), GFP_KERNEL);
1012 	if (!sbefifo)
1013 		return -ENOMEM;
1014 
1015 	/* Grab a reference to the device (parent of our cdev), we'll drop it later */
1016 	if (!get_device(dev)) {
1017 		kfree(sbefifo);
1018 		return -ENODEV;
1019 	}
1020 
1021 	sbefifo->magic = SBEFIFO_MAGIC;
1022 	sbefifo->fsi_dev = fsi_dev;
1023 	dev_set_drvdata(dev, sbefifo);
1024 	mutex_init(&sbefifo->lock);
1025 	sbefifo->timeout_start_rsp_ms = SBEFIFO_TIMEOUT_START_RSP;
1026 
1027 	/*
1028 	 * Try cleaning up the FIFO. If this fails, we still register the
1029 	 * driver and will try cleaning things up again on the next access.
1030 	 */
1031 	rc = sbefifo_cleanup_hw(sbefifo);
1032 	if (rc && rc != -ESHUTDOWN)
1033 		dev_err(dev, "Initial HW cleanup failed, will retry later\n");
1034 
1035 	/* Create chardev for userspace access */
1036 	sbefifo->dev.type = &fsi_cdev_type;
1037 	sbefifo->dev.parent = dev;
1038 	sbefifo->dev.release = sbefifo_free;
1039 	device_initialize(&sbefifo->dev);
1040 
1041 	/* Allocate a minor in the FSI space */
1042 	rc = fsi_get_new_minor(fsi_dev, fsi_dev_sbefifo, &sbefifo->dev.devt, &didx);
1043 	if (rc)
1044 		goto err;
1045 
1046 	dev_set_name(&sbefifo->dev, "sbefifo%d", didx);
1047 	cdev_init(&sbefifo->cdev, &sbefifo_fops);
1048 	rc = cdev_device_add(&sbefifo->cdev, &sbefifo->dev);
1049 	if (rc) {
1050 		dev_err(dev, "Error %d creating char device %s\n",
1051 			rc, dev_name(&sbefifo->dev));
1052 		goto err_free_minor;
1053 	}
1054 
1055 	/* Create platform devs for dts child nodes (occ, etc) */
1056 	for_each_available_child_of_node(dev->of_node, np) {
1057 		snprintf(child_name, sizeof(child_name), "%s-dev%d",
1058 			 dev_name(&sbefifo->dev), child_idx++);
1059 		child = of_platform_device_create(np, child_name, dev);
1060 		if (!child)
1061 			dev_warn(dev, "failed to create child %s dev\n",
1062 				 child_name);
1063 	}
1064 
1065 	device_create_file(&sbefifo->dev, &dev_attr_timeout);
1066 
1067 	return 0;
1068  err_free_minor:
1069 	fsi_free_minor(sbefifo->dev.devt);
1070  err:
1071 	put_device(&sbefifo->dev);
1072 	return rc;
1073 }
1074 
1075 static int sbefifo_unregister_child(struct device *dev, void *data)
1076 {
1077 	struct platform_device *child = to_platform_device(dev);
1078 
1079 	of_device_unregister(child);
1080 	if (dev->of_node)
1081 		of_node_clear_flag(dev->of_node, OF_POPULATED);
1082 
1083 	return 0;
1084 }
1085 
1086 static int sbefifo_remove(struct device *dev)
1087 {
1088 	struct sbefifo *sbefifo = dev_get_drvdata(dev);
1089 
1090 	dev_dbg(dev, "Removing sbefifo device...\n");
1091 
1092 	device_remove_file(&sbefifo->dev, &dev_attr_timeout);
1093 
1094 	mutex_lock(&sbefifo->lock);
1095 	sbefifo->dead = true;
1096 	mutex_unlock(&sbefifo->lock);
1097 
1098 	cdev_device_del(&sbefifo->cdev, &sbefifo->dev);
1099 	fsi_free_minor(sbefifo->dev.devt);
1100 	device_for_each_child(dev, NULL, sbefifo_unregister_child);
1101 	put_device(&sbefifo->dev);
1102 
1103 	return 0;
1104 }
1105 
1106 static const struct fsi_device_id sbefifo_ids[] = {
1107 	{
1108 		.engine_type = FSI_ENGID_SBE,
1109 		.version = FSI_VERSION_ANY,
1110 	},
1111 	{ 0 }
1112 };
1113 
1114 static struct fsi_driver sbefifo_drv = {
1115 	.id_table = sbefifo_ids,
1116 	.drv = {
1117 		.name = DEVICE_NAME,
1118 		.bus = &fsi_bus_type,
1119 		.probe = sbefifo_probe,
1120 		.remove = sbefifo_remove,
1121 	}
1122 };
1123 
1124 static int sbefifo_init(void)
1125 {
1126 	return fsi_driver_register(&sbefifo_drv);
1127 }
1128 
1129 static void sbefifo_exit(void)
1130 {
1131 	fsi_driver_unregister(&sbefifo_drv);
1132 }
1133 
1134 module_init(sbefifo_init);
1135 module_exit(sbefifo_exit);
1136 MODULE_LICENSE("GPL");
1137 MODULE_AUTHOR("Brad Bishop <bradleyb@fuzziesquirrel.com>");
1138 MODULE_AUTHOR("Eddie James <eajames@linux.vnet.ibm.com>");
1139 MODULE_AUTHOR("Andrew Jeffery <andrew@aj.id.au>");
1140 MODULE_AUTHOR("Benjamin Herrenschmidt <benh@kernel.crashing.org>");
1141 MODULE_DESCRIPTION("Linux device interface to the POWER Self Boot Engine");
1142