1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (c) 2016, Zodiac Inflight Innovations
4 * Copyright (c) 2007-2016, Synaptics Incorporated
5 * Copyright (C) 2012 Alexandra Chin <alexandra.chin@tw.synaptics.com>
6 * Copyright (C) 2012 Scott Lin <scott.lin@tw.synaptics.com>
7 */
8
9 #include <linux/bitops.h>
10 #include <linux/kernel.h>
11 #include <linux/rmi.h>
12 #include <linux/firmware.h>
13 #include <linux/delay.h>
14 #include <linux/slab.h>
15 #include <linux/jiffies.h>
16 #include <asm/unaligned.h>
17
18 #include "rmi_driver.h"
19 #include "rmi_f34.h"
20
rmi_f34v7_read_flash_status(struct f34_data * f34)21 static int rmi_f34v7_read_flash_status(struct f34_data *f34)
22 {
23 u8 status;
24 u8 command;
25 int ret;
26
27 ret = rmi_read_block(f34->fn->rmi_dev,
28 f34->fn->fd.data_base_addr + V7_FLASH_STATUS_OFFSET,
29 &status,
30 sizeof(status));
31 if (ret < 0) {
32 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
33 "%s: Error %d reading flash status\n", __func__, ret);
34 return ret;
35 }
36
37 f34->v7.in_bl_mode = status >> 7;
38 f34->v7.flash_status = status & 0x1f;
39
40 if (f34->v7.flash_status != 0x00) {
41 dev_err(&f34->fn->dev, "%s: status=%d, command=0x%02x\n",
42 __func__, f34->v7.flash_status, f34->v7.command);
43 }
44
45 ret = rmi_read_block(f34->fn->rmi_dev,
46 f34->fn->fd.data_base_addr + V7_COMMAND_OFFSET,
47 &command,
48 sizeof(command));
49 if (ret < 0) {
50 dev_err(&f34->fn->dev, "%s: Failed to read flash command\n",
51 __func__);
52 return ret;
53 }
54
55 f34->v7.command = command;
56
57 return 0;
58 }
59
rmi_f34v7_wait_for_idle(struct f34_data * f34,int timeout_ms)60 static int rmi_f34v7_wait_for_idle(struct f34_data *f34, int timeout_ms)
61 {
62 unsigned long timeout;
63
64 timeout = msecs_to_jiffies(timeout_ms);
65
66 if (!wait_for_completion_timeout(&f34->v7.cmd_done, timeout)) {
67 dev_warn(&f34->fn->dev, "%s: Timed out waiting for idle status\n",
68 __func__);
69 return -ETIMEDOUT;
70 }
71
72 return 0;
73 }
74
rmi_f34v7_check_command_status(struct f34_data * f34,int timeout_ms)75 static int rmi_f34v7_check_command_status(struct f34_data *f34, int timeout_ms)
76 {
77 int ret;
78
79 ret = rmi_f34v7_wait_for_idle(f34, timeout_ms);
80 if (ret < 0)
81 return ret;
82
83 ret = rmi_f34v7_read_flash_status(f34);
84 if (ret < 0)
85 return ret;
86
87 if (f34->v7.flash_status != 0x00)
88 return -EIO;
89
90 return 0;
91 }
92
rmi_f34v7_write_command_single_transaction(struct f34_data * f34,u8 cmd)93 static int rmi_f34v7_write_command_single_transaction(struct f34_data *f34,
94 u8 cmd)
95 {
96 int ret;
97 u8 base;
98 struct f34v7_data_1_5 data_1_5;
99
100 base = f34->fn->fd.data_base_addr;
101
102 memset(&data_1_5, 0, sizeof(data_1_5));
103
104 switch (cmd) {
105 case v7_CMD_ERASE_ALL:
106 data_1_5.partition_id = CORE_CODE_PARTITION;
107 data_1_5.command = CMD_V7_ERASE_AP;
108 break;
109 case v7_CMD_ERASE_UI_FIRMWARE:
110 data_1_5.partition_id = CORE_CODE_PARTITION;
111 data_1_5.command = CMD_V7_ERASE;
112 break;
113 case v7_CMD_ERASE_BL_CONFIG:
114 data_1_5.partition_id = GLOBAL_PARAMETERS_PARTITION;
115 data_1_5.command = CMD_V7_ERASE;
116 break;
117 case v7_CMD_ERASE_UI_CONFIG:
118 data_1_5.partition_id = CORE_CONFIG_PARTITION;
119 data_1_5.command = CMD_V7_ERASE;
120 break;
121 case v7_CMD_ERASE_DISP_CONFIG:
122 data_1_5.partition_id = DISPLAY_CONFIG_PARTITION;
123 data_1_5.command = CMD_V7_ERASE;
124 break;
125 case v7_CMD_ERASE_FLASH_CONFIG:
126 data_1_5.partition_id = FLASH_CONFIG_PARTITION;
127 data_1_5.command = CMD_V7_ERASE;
128 break;
129 case v7_CMD_ERASE_GUEST_CODE:
130 data_1_5.partition_id = GUEST_CODE_PARTITION;
131 data_1_5.command = CMD_V7_ERASE;
132 break;
133 case v7_CMD_ENABLE_FLASH_PROG:
134 data_1_5.partition_id = BOOTLOADER_PARTITION;
135 data_1_5.command = CMD_V7_ENTER_BL;
136 break;
137 }
138
139 data_1_5.payload[0] = f34->bootloader_id[0];
140 data_1_5.payload[1] = f34->bootloader_id[1];
141
142 ret = rmi_write_block(f34->fn->rmi_dev,
143 base + V7_PARTITION_ID_OFFSET,
144 &data_1_5, sizeof(data_1_5));
145 if (ret < 0) {
146 dev_err(&f34->fn->dev,
147 "%s: Failed to write single transaction command\n",
148 __func__);
149 return ret;
150 }
151
152 return 0;
153 }
154
rmi_f34v7_write_command(struct f34_data * f34,u8 cmd)155 static int rmi_f34v7_write_command(struct f34_data *f34, u8 cmd)
156 {
157 int ret;
158 u8 base;
159 u8 command;
160
161 base = f34->fn->fd.data_base_addr;
162
163 switch (cmd) {
164 case v7_CMD_WRITE_FW:
165 case v7_CMD_WRITE_CONFIG:
166 case v7_CMD_WRITE_GUEST_CODE:
167 command = CMD_V7_WRITE;
168 break;
169 case v7_CMD_READ_CONFIG:
170 command = CMD_V7_READ;
171 break;
172 case v7_CMD_ERASE_ALL:
173 command = CMD_V7_ERASE_AP;
174 break;
175 case v7_CMD_ERASE_UI_FIRMWARE:
176 case v7_CMD_ERASE_BL_CONFIG:
177 case v7_CMD_ERASE_UI_CONFIG:
178 case v7_CMD_ERASE_DISP_CONFIG:
179 case v7_CMD_ERASE_FLASH_CONFIG:
180 case v7_CMD_ERASE_GUEST_CODE:
181 command = CMD_V7_ERASE;
182 break;
183 case v7_CMD_ENABLE_FLASH_PROG:
184 command = CMD_V7_ENTER_BL;
185 break;
186 default:
187 dev_err(&f34->fn->dev, "%s: Invalid command 0x%02x\n",
188 __func__, cmd);
189 return -EINVAL;
190 }
191
192 f34->v7.command = command;
193
194 switch (cmd) {
195 case v7_CMD_ERASE_ALL:
196 case v7_CMD_ERASE_UI_FIRMWARE:
197 case v7_CMD_ERASE_BL_CONFIG:
198 case v7_CMD_ERASE_UI_CONFIG:
199 case v7_CMD_ERASE_DISP_CONFIG:
200 case v7_CMD_ERASE_FLASH_CONFIG:
201 case v7_CMD_ERASE_GUEST_CODE:
202 case v7_CMD_ENABLE_FLASH_PROG:
203 ret = rmi_f34v7_write_command_single_transaction(f34, cmd);
204 if (ret < 0)
205 return ret;
206 else
207 return 0;
208 default:
209 break;
210 }
211
212 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "%s: writing cmd %02X\n",
213 __func__, command);
214
215 ret = rmi_write_block(f34->fn->rmi_dev,
216 base + V7_COMMAND_OFFSET,
217 &command, sizeof(command));
218 if (ret < 0) {
219 dev_err(&f34->fn->dev, "%s: Failed to write flash command\n",
220 __func__);
221 return ret;
222 }
223
224 return 0;
225 }
226
rmi_f34v7_write_partition_id(struct f34_data * f34,u8 cmd)227 static int rmi_f34v7_write_partition_id(struct f34_data *f34, u8 cmd)
228 {
229 int ret;
230 u8 base;
231 u8 partition;
232
233 base = f34->fn->fd.data_base_addr;
234
235 switch (cmd) {
236 case v7_CMD_WRITE_FW:
237 partition = CORE_CODE_PARTITION;
238 break;
239 case v7_CMD_WRITE_CONFIG:
240 case v7_CMD_READ_CONFIG:
241 if (f34->v7.config_area == v7_UI_CONFIG_AREA)
242 partition = CORE_CONFIG_PARTITION;
243 else if (f34->v7.config_area == v7_DP_CONFIG_AREA)
244 partition = DISPLAY_CONFIG_PARTITION;
245 else if (f34->v7.config_area == v7_PM_CONFIG_AREA)
246 partition = GUEST_SERIALIZATION_PARTITION;
247 else if (f34->v7.config_area == v7_BL_CONFIG_AREA)
248 partition = GLOBAL_PARAMETERS_PARTITION;
249 else if (f34->v7.config_area == v7_FLASH_CONFIG_AREA)
250 partition = FLASH_CONFIG_PARTITION;
251 break;
252 case v7_CMD_WRITE_GUEST_CODE:
253 partition = GUEST_CODE_PARTITION;
254 break;
255 case v7_CMD_ERASE_ALL:
256 partition = CORE_CODE_PARTITION;
257 break;
258 case v7_CMD_ERASE_BL_CONFIG:
259 partition = GLOBAL_PARAMETERS_PARTITION;
260 break;
261 case v7_CMD_ERASE_UI_CONFIG:
262 partition = CORE_CONFIG_PARTITION;
263 break;
264 case v7_CMD_ERASE_DISP_CONFIG:
265 partition = DISPLAY_CONFIG_PARTITION;
266 break;
267 case v7_CMD_ERASE_FLASH_CONFIG:
268 partition = FLASH_CONFIG_PARTITION;
269 break;
270 case v7_CMD_ERASE_GUEST_CODE:
271 partition = GUEST_CODE_PARTITION;
272 break;
273 case v7_CMD_ENABLE_FLASH_PROG:
274 partition = BOOTLOADER_PARTITION;
275 break;
276 default:
277 dev_err(&f34->fn->dev, "%s: Invalid command 0x%02x\n",
278 __func__, cmd);
279 return -EINVAL;
280 }
281
282 ret = rmi_write_block(f34->fn->rmi_dev,
283 base + V7_PARTITION_ID_OFFSET,
284 &partition, sizeof(partition));
285 if (ret < 0) {
286 dev_err(&f34->fn->dev, "%s: Failed to write partition ID\n",
287 __func__);
288 return ret;
289 }
290
291 return 0;
292 }
293
rmi_f34v7_read_partition_table(struct f34_data * f34)294 static int rmi_f34v7_read_partition_table(struct f34_data *f34)
295 {
296 int ret;
297 unsigned long timeout;
298 u8 base;
299 __le16 length;
300 u16 block_number = 0;
301
302 base = f34->fn->fd.data_base_addr;
303
304 f34->v7.config_area = v7_FLASH_CONFIG_AREA;
305
306 ret = rmi_f34v7_write_partition_id(f34, v7_CMD_READ_CONFIG);
307 if (ret < 0)
308 return ret;
309
310 ret = rmi_write_block(f34->fn->rmi_dev,
311 base + V7_BLOCK_NUMBER_OFFSET,
312 &block_number, sizeof(block_number));
313 if (ret < 0) {
314 dev_err(&f34->fn->dev, "%s: Failed to write block number\n",
315 __func__);
316 return ret;
317 }
318
319 put_unaligned_le16(f34->v7.flash_config_length, &length);
320
321 ret = rmi_write_block(f34->fn->rmi_dev,
322 base + V7_TRANSFER_LENGTH_OFFSET,
323 &length, sizeof(length));
324 if (ret < 0) {
325 dev_err(&f34->fn->dev, "%s: Failed to write transfer length\n",
326 __func__);
327 return ret;
328 }
329
330 init_completion(&f34->v7.cmd_done);
331
332 ret = rmi_f34v7_write_command(f34, v7_CMD_READ_CONFIG);
333 if (ret < 0) {
334 dev_err(&f34->fn->dev, "%s: Failed to write command\n",
335 __func__);
336 return ret;
337 }
338
339 /*
340 * rmi_f34v7_check_command_status() can't be used here, as this
341 * function is called before IRQs are available
342 */
343 timeout = msecs_to_jiffies(F34_WRITE_WAIT_MS);
344 while (time_before(jiffies, timeout)) {
345 usleep_range(5000, 6000);
346 rmi_f34v7_read_flash_status(f34);
347
348 if (f34->v7.command == v7_CMD_IDLE &&
349 f34->v7.flash_status == 0x00) {
350 break;
351 }
352 }
353
354 ret = rmi_read_block(f34->fn->rmi_dev,
355 base + V7_PAYLOAD_OFFSET,
356 f34->v7.read_config_buf,
357 f34->v7.partition_table_bytes);
358 if (ret < 0) {
359 dev_err(&f34->fn->dev, "%s: Failed to read block data\n",
360 __func__);
361 return ret;
362 }
363
364 return 0;
365 }
366
rmi_f34v7_parse_partition_table(struct f34_data * f34,const void * partition_table,struct block_count * blkcount,struct physical_address * phyaddr)367 static void rmi_f34v7_parse_partition_table(struct f34_data *f34,
368 const void *partition_table,
369 struct block_count *blkcount,
370 struct physical_address *phyaddr)
371 {
372 int i;
373 int index;
374 u16 partition_length;
375 u16 physical_address;
376 const struct partition_table *ptable;
377
378 for (i = 0; i < f34->v7.partitions; i++) {
379 index = i * 8 + 2;
380 ptable = partition_table + index;
381 partition_length = le16_to_cpu(ptable->partition_length);
382 physical_address = le16_to_cpu(ptable->start_physical_address);
383 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
384 "%s: Partition entry %d: %*ph\n",
385 __func__, i, sizeof(struct partition_table), ptable);
386 switch (ptable->partition_id & 0x1f) {
387 case CORE_CODE_PARTITION:
388 blkcount->ui_firmware = partition_length;
389 phyaddr->ui_firmware = physical_address;
390 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
391 "%s: Core code block count: %d\n",
392 __func__, blkcount->ui_firmware);
393 break;
394 case CORE_CONFIG_PARTITION:
395 blkcount->ui_config = partition_length;
396 phyaddr->ui_config = physical_address;
397 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
398 "%s: Core config block count: %d\n",
399 __func__, blkcount->ui_config);
400 break;
401 case DISPLAY_CONFIG_PARTITION:
402 blkcount->dp_config = partition_length;
403 phyaddr->dp_config = physical_address;
404 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
405 "%s: Display config block count: %d\n",
406 __func__, blkcount->dp_config);
407 break;
408 case FLASH_CONFIG_PARTITION:
409 blkcount->fl_config = partition_length;
410 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
411 "%s: Flash config block count: %d\n",
412 __func__, blkcount->fl_config);
413 break;
414 case GUEST_CODE_PARTITION:
415 blkcount->guest_code = partition_length;
416 phyaddr->guest_code = physical_address;
417 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
418 "%s: Guest code block count: %d\n",
419 __func__, blkcount->guest_code);
420 break;
421 case GUEST_SERIALIZATION_PARTITION:
422 blkcount->pm_config = partition_length;
423 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
424 "%s: Guest serialization block count: %d\n",
425 __func__, blkcount->pm_config);
426 break;
427 case GLOBAL_PARAMETERS_PARTITION:
428 blkcount->bl_config = partition_length;
429 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
430 "%s: Global parameters block count: %d\n",
431 __func__, blkcount->bl_config);
432 break;
433 case DEVICE_CONFIG_PARTITION:
434 blkcount->lockdown = partition_length;
435 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
436 "%s: Device config block count: %d\n",
437 __func__, blkcount->lockdown);
438 break;
439 }
440 }
441 }
442
rmi_f34v7_read_queries_bl_version(struct f34_data * f34)443 static int rmi_f34v7_read_queries_bl_version(struct f34_data *f34)
444 {
445 int ret;
446 u8 base;
447 int offset;
448 u8 query_0;
449 struct f34v7_query_1_7 query_1_7;
450
451 base = f34->fn->fd.query_base_addr;
452
453 ret = rmi_read_block(f34->fn->rmi_dev,
454 base,
455 &query_0,
456 sizeof(query_0));
457 if (ret < 0) {
458 dev_err(&f34->fn->dev,
459 "%s: Failed to read query 0\n", __func__);
460 return ret;
461 }
462
463 offset = (query_0 & 0x7) + 1;
464
465 ret = rmi_read_block(f34->fn->rmi_dev,
466 base + offset,
467 &query_1_7,
468 sizeof(query_1_7));
469 if (ret < 0) {
470 dev_err(&f34->fn->dev, "%s: Failed to read queries 1 to 7\n",
471 __func__);
472 return ret;
473 }
474
475 f34->bootloader_id[0] = query_1_7.bl_minor_revision;
476 f34->bootloader_id[1] = query_1_7.bl_major_revision;
477
478 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "Bootloader V%d.%d\n",
479 f34->bootloader_id[1], f34->bootloader_id[0]);
480
481 return 0;
482 }
483
rmi_f34v7_read_queries(struct f34_data * f34)484 static int rmi_f34v7_read_queries(struct f34_data *f34)
485 {
486 int ret;
487 int i;
488 u8 base;
489 int offset;
490 u8 *ptable;
491 u8 query_0;
492 struct f34v7_query_1_7 query_1_7;
493
494 base = f34->fn->fd.query_base_addr;
495
496 ret = rmi_read_block(f34->fn->rmi_dev,
497 base,
498 &query_0,
499 sizeof(query_0));
500 if (ret < 0) {
501 dev_err(&f34->fn->dev,
502 "%s: Failed to read query 0\n", __func__);
503 return ret;
504 }
505
506 offset = (query_0 & 0x07) + 1;
507
508 ret = rmi_read_block(f34->fn->rmi_dev,
509 base + offset,
510 &query_1_7,
511 sizeof(query_1_7));
512 if (ret < 0) {
513 dev_err(&f34->fn->dev, "%s: Failed to read queries 1 to 7\n",
514 __func__);
515 return ret;
516 }
517
518 f34->bootloader_id[0] = query_1_7.bl_minor_revision;
519 f34->bootloader_id[1] = query_1_7.bl_major_revision;
520
521 f34->v7.block_size = le16_to_cpu(query_1_7.block_size);
522 f34->v7.flash_config_length =
523 le16_to_cpu(query_1_7.flash_config_length);
524 f34->v7.payload_length = le16_to_cpu(query_1_7.payload_length);
525
526 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "%s: f34->v7.block_size = %d\n",
527 __func__, f34->v7.block_size);
528
529 f34->v7.has_display_cfg = query_1_7.partition_support[1] & HAS_DISP_CFG;
530 f34->v7.has_guest_code =
531 query_1_7.partition_support[1] & HAS_GUEST_CODE;
532
533 if (query_0 & HAS_CONFIG_ID) {
534 u8 f34_ctrl[CONFIG_ID_SIZE];
535
536 ret = rmi_read_block(f34->fn->rmi_dev,
537 f34->fn->fd.control_base_addr,
538 f34_ctrl,
539 sizeof(f34_ctrl));
540 if (ret)
541 return ret;
542
543 /* Eat leading zeros */
544 for (i = 0; i < sizeof(f34_ctrl) - 1 && !f34_ctrl[i]; i++)
545 /* Empty */;
546
547 snprintf(f34->configuration_id, sizeof(f34->configuration_id),
548 "%*phN", (int)sizeof(f34_ctrl) - i, f34_ctrl + i);
549
550 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "Configuration ID: %s\n",
551 f34->configuration_id);
552 }
553
554 f34->v7.partitions = 0;
555 for (i = 0; i < sizeof(query_1_7.partition_support); i++)
556 f34->v7.partitions += hweight8(query_1_7.partition_support[i]);
557
558 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "%s: Supported partitions: %*ph\n",
559 __func__, sizeof(query_1_7.partition_support),
560 query_1_7.partition_support);
561
562
563 f34->v7.partition_table_bytes = f34->v7.partitions * 8 + 2;
564
565 f34->v7.read_config_buf = devm_kzalloc(&f34->fn->dev,
566 f34->v7.partition_table_bytes,
567 GFP_KERNEL);
568 if (!f34->v7.read_config_buf) {
569 f34->v7.read_config_buf_size = 0;
570 return -ENOMEM;
571 }
572
573 f34->v7.read_config_buf_size = f34->v7.partition_table_bytes;
574 ptable = f34->v7.read_config_buf;
575
576 ret = rmi_f34v7_read_partition_table(f34);
577 if (ret < 0) {
578 dev_err(&f34->fn->dev, "%s: Failed to read partition table\n",
579 __func__);
580 return ret;
581 }
582
583 rmi_f34v7_parse_partition_table(f34, ptable,
584 &f34->v7.blkcount, &f34->v7.phyaddr);
585
586 return 0;
587 }
588
rmi_f34v7_check_bl_config_size(struct f34_data * f34)589 static int rmi_f34v7_check_bl_config_size(struct f34_data *f34)
590 {
591 u16 block_count;
592
593 block_count = f34->v7.img.bl_config.size / f34->v7.block_size;
594 f34->update_size += block_count;
595
596 if (block_count != f34->v7.blkcount.bl_config) {
597 dev_err(&f34->fn->dev, "Bootloader config size mismatch\n");
598 return -EINVAL;
599 }
600
601 return 0;
602 }
603
rmi_f34v7_erase_all(struct f34_data * f34)604 static int rmi_f34v7_erase_all(struct f34_data *f34)
605 {
606 int ret;
607
608 dev_info(&f34->fn->dev, "Erasing firmware...\n");
609
610 init_completion(&f34->v7.cmd_done);
611
612 ret = rmi_f34v7_write_command(f34, v7_CMD_ERASE_ALL);
613 if (ret < 0)
614 return ret;
615
616 ret = rmi_f34v7_check_command_status(f34, F34_ERASE_WAIT_MS);
617 if (ret < 0)
618 return ret;
619
620 return 0;
621 }
622
rmi_f34v7_read_blocks(struct f34_data * f34,u16 block_cnt,u8 command)623 static int rmi_f34v7_read_blocks(struct f34_data *f34,
624 u16 block_cnt, u8 command)
625 {
626 int ret;
627 u8 base;
628 __le16 length;
629 u16 transfer;
630 u16 max_transfer;
631 u16 remaining = block_cnt;
632 u16 block_number = 0;
633 u16 index = 0;
634
635 base = f34->fn->fd.data_base_addr;
636
637 ret = rmi_f34v7_write_partition_id(f34, command);
638 if (ret < 0)
639 return ret;
640
641 ret = rmi_write_block(f34->fn->rmi_dev,
642 base + V7_BLOCK_NUMBER_OFFSET,
643 &block_number, sizeof(block_number));
644 if (ret < 0) {
645 dev_err(&f34->fn->dev, "%s: Failed to write block number\n",
646 __func__);
647 return ret;
648 }
649
650 max_transfer = min(f34->v7.payload_length,
651 (u16)(PAGE_SIZE / f34->v7.block_size));
652
653 do {
654 transfer = min(remaining, max_transfer);
655 put_unaligned_le16(transfer, &length);
656
657 ret = rmi_write_block(f34->fn->rmi_dev,
658 base + V7_TRANSFER_LENGTH_OFFSET,
659 &length, sizeof(length));
660 if (ret < 0) {
661 dev_err(&f34->fn->dev,
662 "%s: Write transfer length fail (%d remaining)\n",
663 __func__, remaining);
664 return ret;
665 }
666
667 init_completion(&f34->v7.cmd_done);
668
669 ret = rmi_f34v7_write_command(f34, command);
670 if (ret < 0)
671 return ret;
672
673 ret = rmi_f34v7_check_command_status(f34, F34_ENABLE_WAIT_MS);
674 if (ret < 0)
675 return ret;
676
677 ret = rmi_read_block(f34->fn->rmi_dev,
678 base + V7_PAYLOAD_OFFSET,
679 &f34->v7.read_config_buf[index],
680 transfer * f34->v7.block_size);
681 if (ret < 0) {
682 dev_err(&f34->fn->dev,
683 "%s: Read block failed (%d blks remaining)\n",
684 __func__, remaining);
685 return ret;
686 }
687
688 index += (transfer * f34->v7.block_size);
689 remaining -= transfer;
690 } while (remaining);
691
692 return 0;
693 }
694
rmi_f34v7_write_f34v7_blocks(struct f34_data * f34,const void * block_ptr,u16 block_cnt,u8 command)695 static int rmi_f34v7_write_f34v7_blocks(struct f34_data *f34,
696 const void *block_ptr, u16 block_cnt,
697 u8 command)
698 {
699 int ret;
700 u8 base;
701 __le16 length;
702 u16 transfer;
703 u16 max_transfer;
704 u16 remaining = block_cnt;
705 u16 block_number = 0;
706
707 base = f34->fn->fd.data_base_addr;
708
709 ret = rmi_f34v7_write_partition_id(f34, command);
710 if (ret < 0)
711 return ret;
712
713 ret = rmi_write_block(f34->fn->rmi_dev,
714 base + V7_BLOCK_NUMBER_OFFSET,
715 &block_number, sizeof(block_number));
716 if (ret < 0) {
717 dev_err(&f34->fn->dev, "%s: Failed to write block number\n",
718 __func__);
719 return ret;
720 }
721
722 if (f34->v7.payload_length > (PAGE_SIZE / f34->v7.block_size))
723 max_transfer = PAGE_SIZE / f34->v7.block_size;
724 else
725 max_transfer = f34->v7.payload_length;
726
727 do {
728 transfer = min(remaining, max_transfer);
729 put_unaligned_le16(transfer, &length);
730
731 init_completion(&f34->v7.cmd_done);
732
733 ret = rmi_write_block(f34->fn->rmi_dev,
734 base + V7_TRANSFER_LENGTH_OFFSET,
735 &length, sizeof(length));
736 if (ret < 0) {
737 dev_err(&f34->fn->dev,
738 "%s: Write transfer length fail (%d remaining)\n",
739 __func__, remaining);
740 return ret;
741 }
742
743 ret = rmi_f34v7_write_command(f34, command);
744 if (ret < 0)
745 return ret;
746
747 ret = rmi_write_block(f34->fn->rmi_dev,
748 base + V7_PAYLOAD_OFFSET,
749 block_ptr, transfer * f34->v7.block_size);
750 if (ret < 0) {
751 dev_err(&f34->fn->dev,
752 "%s: Failed writing data (%d blks remaining)\n",
753 __func__, remaining);
754 return ret;
755 }
756
757 ret = rmi_f34v7_check_command_status(f34, F34_ENABLE_WAIT_MS);
758 if (ret < 0)
759 return ret;
760
761 block_ptr += (transfer * f34->v7.block_size);
762 remaining -= transfer;
763 f34->update_progress += transfer;
764 f34->update_status = (f34->update_progress * 100) /
765 f34->update_size;
766 } while (remaining);
767
768 return 0;
769 }
770
rmi_f34v7_write_config(struct f34_data * f34)771 static int rmi_f34v7_write_config(struct f34_data *f34)
772 {
773 return rmi_f34v7_write_f34v7_blocks(f34, f34->v7.config_data,
774 f34->v7.config_block_count,
775 v7_CMD_WRITE_CONFIG);
776 }
777
rmi_f34v7_write_ui_config(struct f34_data * f34)778 static int rmi_f34v7_write_ui_config(struct f34_data *f34)
779 {
780 f34->v7.config_area = v7_UI_CONFIG_AREA;
781 f34->v7.config_data = f34->v7.img.ui_config.data;
782 f34->v7.config_size = f34->v7.img.ui_config.size;
783 f34->v7.config_block_count = f34->v7.config_size / f34->v7.block_size;
784
785 return rmi_f34v7_write_config(f34);
786 }
787
rmi_f34v7_write_dp_config(struct f34_data * f34)788 static int rmi_f34v7_write_dp_config(struct f34_data *f34)
789 {
790 f34->v7.config_area = v7_DP_CONFIG_AREA;
791 f34->v7.config_data = f34->v7.img.dp_config.data;
792 f34->v7.config_size = f34->v7.img.dp_config.size;
793 f34->v7.config_block_count = f34->v7.config_size / f34->v7.block_size;
794
795 return rmi_f34v7_write_config(f34);
796 }
797
rmi_f34v7_write_guest_code(struct f34_data * f34)798 static int rmi_f34v7_write_guest_code(struct f34_data *f34)
799 {
800 return rmi_f34v7_write_f34v7_blocks(f34, f34->v7.img.guest_code.data,
801 f34->v7.img.guest_code.size /
802 f34->v7.block_size,
803 v7_CMD_WRITE_GUEST_CODE);
804 }
805
rmi_f34v7_write_flash_config(struct f34_data * f34)806 static int rmi_f34v7_write_flash_config(struct f34_data *f34)
807 {
808 int ret;
809
810 f34->v7.config_area = v7_FLASH_CONFIG_AREA;
811 f34->v7.config_data = f34->v7.img.fl_config.data;
812 f34->v7.config_size = f34->v7.img.fl_config.size;
813 f34->v7.config_block_count = f34->v7.config_size / f34->v7.block_size;
814
815 if (f34->v7.config_block_count != f34->v7.blkcount.fl_config) {
816 dev_err(&f34->fn->dev, "%s: Flash config size mismatch\n",
817 __func__);
818 return -EINVAL;
819 }
820
821 init_completion(&f34->v7.cmd_done);
822
823 ret = rmi_f34v7_write_config(f34);
824 if (ret < 0)
825 return ret;
826
827 return 0;
828 }
829
rmi_f34v7_write_partition_table(struct f34_data * f34)830 static int rmi_f34v7_write_partition_table(struct f34_data *f34)
831 {
832 u16 block_count;
833 int ret;
834
835 block_count = f34->v7.blkcount.bl_config;
836 f34->v7.config_area = v7_BL_CONFIG_AREA;
837 f34->v7.config_size = f34->v7.block_size * block_count;
838 devm_kfree(&f34->fn->dev, f34->v7.read_config_buf);
839 f34->v7.read_config_buf = devm_kzalloc(&f34->fn->dev,
840 f34->v7.config_size, GFP_KERNEL);
841 if (!f34->v7.read_config_buf) {
842 f34->v7.read_config_buf_size = 0;
843 return -ENOMEM;
844 }
845
846 f34->v7.read_config_buf_size = f34->v7.config_size;
847
848 ret = rmi_f34v7_read_blocks(f34, block_count, v7_CMD_READ_CONFIG);
849 if (ret < 0)
850 return ret;
851
852 ret = rmi_f34v7_write_flash_config(f34);
853 if (ret < 0)
854 return ret;
855
856 f34->v7.config_area = v7_BL_CONFIG_AREA;
857 f34->v7.config_data = f34->v7.read_config_buf;
858 f34->v7.config_size = f34->v7.img.bl_config.size;
859 f34->v7.config_block_count = f34->v7.config_size / f34->v7.block_size;
860
861 ret = rmi_f34v7_write_config(f34);
862 if (ret < 0)
863 return ret;
864
865 return 0;
866 }
867
rmi_f34v7_write_firmware(struct f34_data * f34)868 static int rmi_f34v7_write_firmware(struct f34_data *f34)
869 {
870 u16 blk_count;
871
872 blk_count = f34->v7.img.ui_firmware.size / f34->v7.block_size;
873
874 return rmi_f34v7_write_f34v7_blocks(f34, f34->v7.img.ui_firmware.data,
875 blk_count, v7_CMD_WRITE_FW);
876 }
877
rmi_f34v7_parse_img_header_10_bl_container(struct f34_data * f34,const void * image)878 static void rmi_f34v7_parse_img_header_10_bl_container(struct f34_data *f34,
879 const void *image)
880 {
881 int i;
882 int num_of_containers;
883 unsigned int addr;
884 unsigned int container_id;
885 unsigned int length;
886 const void *content;
887 const struct container_descriptor *descriptor;
888
889 num_of_containers = f34->v7.img.bootloader.size / 4 - 1;
890
891 for (i = 1; i <= num_of_containers; i++) {
892 addr = get_unaligned_le32(f34->v7.img.bootloader.data + i * 4);
893 descriptor = image + addr;
894 container_id = le16_to_cpu(descriptor->container_id);
895 content = image + le32_to_cpu(descriptor->content_address);
896 length = le32_to_cpu(descriptor->content_length);
897 switch (container_id) {
898 case BL_CONFIG_CONTAINER:
899 case GLOBAL_PARAMETERS_CONTAINER:
900 f34->v7.img.bl_config.data = content;
901 f34->v7.img.bl_config.size = length;
902 break;
903 case BL_LOCKDOWN_INFO_CONTAINER:
904 case DEVICE_CONFIG_CONTAINER:
905 f34->v7.img.lockdown.data = content;
906 f34->v7.img.lockdown.size = length;
907 break;
908 default:
909 break;
910 }
911 }
912 }
913
rmi_f34v7_parse_image_header_10(struct f34_data * f34)914 static void rmi_f34v7_parse_image_header_10(struct f34_data *f34)
915 {
916 unsigned int i;
917 unsigned int num_of_containers;
918 unsigned int addr;
919 unsigned int offset;
920 unsigned int container_id;
921 unsigned int length;
922 const void *image = f34->v7.image;
923 const u8 *content;
924 const struct container_descriptor *descriptor;
925 const struct image_header_10 *header = image;
926
927 f34->v7.img.checksum = le32_to_cpu(header->checksum);
928
929 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "%s: f34->v7.img.checksum=%X\n",
930 __func__, f34->v7.img.checksum);
931
932 /* address of top level container */
933 offset = le32_to_cpu(header->top_level_container_start_addr);
934 descriptor = image + offset;
935
936 /* address of top level container content */
937 offset = le32_to_cpu(descriptor->content_address);
938 num_of_containers = le32_to_cpu(descriptor->content_length) / 4;
939
940 for (i = 0; i < num_of_containers; i++) {
941 addr = get_unaligned_le32(image + offset);
942 offset += 4;
943 descriptor = image + addr;
944 container_id = le16_to_cpu(descriptor->container_id);
945 content = image + le32_to_cpu(descriptor->content_address);
946 length = le32_to_cpu(descriptor->content_length);
947
948 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
949 "%s: container_id=%d, length=%d\n", __func__,
950 container_id, length);
951
952 switch (container_id) {
953 case UI_CONTAINER:
954 case CORE_CODE_CONTAINER:
955 f34->v7.img.ui_firmware.data = content;
956 f34->v7.img.ui_firmware.size = length;
957 break;
958 case UI_CONFIG_CONTAINER:
959 case CORE_CONFIG_CONTAINER:
960 f34->v7.img.ui_config.data = content;
961 f34->v7.img.ui_config.size = length;
962 break;
963 case BL_CONTAINER:
964 f34->v7.img.bl_version = *content;
965 f34->v7.img.bootloader.data = content;
966 f34->v7.img.bootloader.size = length;
967 rmi_f34v7_parse_img_header_10_bl_container(f34, image);
968 break;
969 case GUEST_CODE_CONTAINER:
970 f34->v7.img.contains_guest_code = true;
971 f34->v7.img.guest_code.data = content;
972 f34->v7.img.guest_code.size = length;
973 break;
974 case DISPLAY_CONFIG_CONTAINER:
975 f34->v7.img.contains_display_cfg = true;
976 f34->v7.img.dp_config.data = content;
977 f34->v7.img.dp_config.size = length;
978 break;
979 case FLASH_CONFIG_CONTAINER:
980 f34->v7.img.contains_flash_config = true;
981 f34->v7.img.fl_config.data = content;
982 f34->v7.img.fl_config.size = length;
983 break;
984 case GENERAL_INFORMATION_CONTAINER:
985 f34->v7.img.contains_firmware_id = true;
986 f34->v7.img.firmware_id =
987 get_unaligned_le32(content + 4);
988 break;
989 default:
990 break;
991 }
992 }
993 }
994
rmi_f34v7_parse_image_info(struct f34_data * f34)995 static int rmi_f34v7_parse_image_info(struct f34_data *f34)
996 {
997 const struct image_header_10 *header = f34->v7.image;
998
999 memset(&f34->v7.img, 0x00, sizeof(f34->v7.img));
1000
1001 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev,
1002 "%s: header->major_header_version = %d\n",
1003 __func__, header->major_header_version);
1004
1005 switch (header->major_header_version) {
1006 case IMAGE_HEADER_VERSION_10:
1007 rmi_f34v7_parse_image_header_10(f34);
1008 break;
1009 default:
1010 dev_err(&f34->fn->dev, "Unsupported image file format %02X\n",
1011 header->major_header_version);
1012 return -EINVAL;
1013 }
1014
1015 if (!f34->v7.img.contains_flash_config) {
1016 dev_err(&f34->fn->dev, "%s: No flash config in fw image\n",
1017 __func__);
1018 return -EINVAL;
1019 }
1020
1021 rmi_f34v7_parse_partition_table(f34, f34->v7.img.fl_config.data,
1022 &f34->v7.img.blkcount, &f34->v7.img.phyaddr);
1023
1024 return 0;
1025 }
1026
rmi_f34v7_do_reflash(struct f34_data * f34,const struct firmware * fw)1027 int rmi_f34v7_do_reflash(struct f34_data *f34, const struct firmware *fw)
1028 {
1029 int ret;
1030
1031 f34->fn->rmi_dev->driver->set_irq_bits(f34->fn->rmi_dev,
1032 f34->fn->irq_mask);
1033
1034 rmi_f34v7_read_queries_bl_version(f34);
1035
1036 f34->v7.image = fw->data;
1037 f34->update_progress = 0;
1038 f34->update_size = 0;
1039
1040 ret = rmi_f34v7_parse_image_info(f34);
1041 if (ret < 0)
1042 return ret;
1043
1044 ret = rmi_f34v7_check_bl_config_size(f34);
1045 if (ret < 0)
1046 return ret;
1047
1048 ret = rmi_f34v7_erase_all(f34);
1049 if (ret < 0)
1050 return ret;
1051
1052 ret = rmi_f34v7_write_partition_table(f34);
1053 if (ret < 0)
1054 return ret;
1055 dev_info(&f34->fn->dev, "%s: Partition table programmed\n", __func__);
1056
1057 /*
1058 * Reset to reload partition table - as the previous firmware has been
1059 * erased, we remain in bootloader mode.
1060 */
1061 ret = rmi_scan_pdt(f34->fn->rmi_dev, NULL, rmi_initial_reset);
1062 if (ret < 0)
1063 dev_warn(&f34->fn->dev, "RMI reset failed!\n");
1064
1065 dev_info(&f34->fn->dev, "Writing firmware (%d bytes)...\n",
1066 f34->v7.img.ui_firmware.size);
1067
1068 ret = rmi_f34v7_write_firmware(f34);
1069 if (ret < 0)
1070 return ret;
1071
1072 dev_info(&f34->fn->dev, "Writing config (%d bytes)...\n",
1073 f34->v7.img.ui_config.size);
1074
1075 f34->v7.config_area = v7_UI_CONFIG_AREA;
1076 ret = rmi_f34v7_write_ui_config(f34);
1077 if (ret < 0)
1078 return ret;
1079
1080 if (f34->v7.has_display_cfg && f34->v7.img.contains_display_cfg) {
1081 dev_info(&f34->fn->dev, "Writing display config...\n");
1082
1083 ret = rmi_f34v7_write_dp_config(f34);
1084 if (ret < 0)
1085 return ret;
1086 }
1087
1088 if (f34->v7.has_guest_code && f34->v7.img.contains_guest_code) {
1089 dev_info(&f34->fn->dev, "Writing guest code...\n");
1090
1091 ret = rmi_f34v7_write_guest_code(f34);
1092 if (ret < 0)
1093 return ret;
1094 }
1095
1096 return 0;
1097 }
1098
rmi_f34v7_enter_flash_prog(struct f34_data * f34)1099 static int rmi_f34v7_enter_flash_prog(struct f34_data *f34)
1100 {
1101 int ret;
1102
1103 f34->fn->rmi_dev->driver->set_irq_bits(f34->fn->rmi_dev, f34->fn->irq_mask);
1104
1105 ret = rmi_f34v7_read_flash_status(f34);
1106 if (ret < 0)
1107 return ret;
1108
1109 if (f34->v7.in_bl_mode) {
1110 dev_info(&f34->fn->dev, "%s: Device in bootloader mode\n",
1111 __func__);
1112 return 0;
1113 }
1114
1115 init_completion(&f34->v7.cmd_done);
1116
1117 ret = rmi_f34v7_write_command(f34, v7_CMD_ENABLE_FLASH_PROG);
1118 if (ret < 0)
1119 return ret;
1120
1121 ret = rmi_f34v7_check_command_status(f34, F34_ENABLE_WAIT_MS);
1122 if (ret < 0)
1123 return ret;
1124
1125 return 0;
1126 }
1127
rmi_f34v7_start_reflash(struct f34_data * f34,const struct firmware * fw)1128 int rmi_f34v7_start_reflash(struct f34_data *f34, const struct firmware *fw)
1129 {
1130 int ret = 0;
1131
1132 f34->v7.config_area = v7_UI_CONFIG_AREA;
1133 f34->v7.image = fw->data;
1134
1135 ret = rmi_f34v7_parse_image_info(f34);
1136 if (ret < 0)
1137 return ret;
1138
1139 dev_info(&f34->fn->dev, "Firmware image OK\n");
1140
1141 return rmi_f34v7_enter_flash_prog(f34);
1142 }
1143
rmi_f34v7_probe(struct f34_data * f34)1144 int rmi_f34v7_probe(struct f34_data *f34)
1145 {
1146 int ret;
1147
1148 /* Read bootloader version */
1149 ret = rmi_read_block(f34->fn->rmi_dev,
1150 f34->fn->fd.query_base_addr + V7_BOOTLOADER_ID_OFFSET,
1151 f34->bootloader_id,
1152 sizeof(f34->bootloader_id));
1153 if (ret < 0) {
1154 dev_err(&f34->fn->dev, "%s: Failed to read bootloader ID\n",
1155 __func__);
1156 return ret;
1157 }
1158
1159 if (f34->bootloader_id[1] == '5') {
1160 f34->bl_version = 5;
1161 } else if (f34->bootloader_id[1] == '6') {
1162 f34->bl_version = 6;
1163 } else if (f34->bootloader_id[1] == 7) {
1164 f34->bl_version = 7;
1165 } else if (f34->bootloader_id[1] == 8) {
1166 f34->bl_version = 8;
1167 } else {
1168 dev_err(&f34->fn->dev,
1169 "%s: Unrecognized bootloader version: %d (%c) %d (%c)\n",
1170 __func__,
1171 f34->bootloader_id[0], f34->bootloader_id[0],
1172 f34->bootloader_id[1], f34->bootloader_id[1]);
1173 return -EINVAL;
1174 }
1175
1176 memset(&f34->v7.blkcount, 0x00, sizeof(f34->v7.blkcount));
1177 memset(&f34->v7.phyaddr, 0x00, sizeof(f34->v7.phyaddr));
1178
1179 init_completion(&f34->v7.cmd_done);
1180
1181 ret = rmi_f34v7_read_queries(f34);
1182 if (ret < 0)
1183 return ret;
1184
1185 return 0;
1186 }
1187