1 
2 /*
3  *  linux/drivers/scsi/esas2r/esas2r_flash.c
4  *      For use with ATTO ExpressSAS R6xx SAS/SATA RAID controllers
5  *
6  *  Copyright (c) 2001-2013 ATTO Technology, Inc.
7  *  (mailto:linuxdrivers@attotech.com)
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License
11  * as published by the Free Software Foundation; either version 2
12  * of the License, or (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * NO WARRANTY
20  * THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
21  * CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
22  * LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
23  * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
24  * solely responsible for determining the appropriateness of using and
25  * distributing the Program and assumes all risks associated with its
26  * exercise of rights under this Agreement, including but not limited to
27  * the risks and costs of program errors, damage to or loss of data,
28  * programs or equipment, and unavailability or interruption of operations.
29  *
30  * DISCLAIMER OF LIABILITY
31  * NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
32  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33  * DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
34  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
35  * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
36  * USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
37  * HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
38  *
39  * You should have received a copy of the GNU General Public License
40  * along with this program; if not, write to the Free Software
41  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
42  * USA.
43  */
44 
45 #include "esas2r.h"
46 
47 /* local macro defs */
48 #define esas2r_nvramcalc_cksum(n)     \
49 	(esas2r_calc_byte_cksum((u8 *)(n), sizeof(struct esas2r_sas_nvram), \
50 				SASNVR_CKSUM_SEED))
51 #define esas2r_nvramcalc_xor_cksum(n)  \
52 	(esas2r_calc_byte_xor_cksum((u8 *)(n), \
53 				    sizeof(struct esas2r_sas_nvram), 0))
54 
55 #define ESAS2R_FS_DRVR_VER 2
56 
57 static struct esas2r_sas_nvram default_sas_nvram = {
58 	{ 'E',	'S',  'A',  'S'			     }, /* signature          */
59 	SASNVR_VERSION,                                 /* version            */
60 	0,                                              /* checksum           */
61 	31,                                             /* max_lun_for_target */
62 	SASNVR_PCILAT_MAX,                              /* pci_latency        */
63 	SASNVR1_BOOT_DRVR,                              /* options1           */
64 	SASNVR2_HEARTBEAT   | SASNVR2_SINGLE_BUS        /* options2           */
65 	| SASNVR2_SW_MUX_CTRL,
66 	SASNVR_COAL_DIS,                                /* int_coalescing     */
67 	SASNVR_CMDTHR_NONE,                             /* cmd_throttle       */
68 	3,                                              /* dev_wait_time      */
69 	1,                                              /* dev_wait_count     */
70 	0,                                              /* spin_up_delay      */
71 	0,                                              /* ssp_align_rate     */
72 	{ 0x50, 0x01, 0x08, 0x60,                       /* sas_addr           */
73 	  0x00, 0x00, 0x00, 0x00 },
74 	{ SASNVR_SPEED_AUTO },                          /* phy_speed          */
75 	{ SASNVR_MUX_DISABLED },                        /* SAS multiplexing   */
76 	{ 0 },                                          /* phy_flags          */
77 	SASNVR_SORT_SAS_ADDR,                           /* sort_type          */
78 	3,                                              /* dpm_reqcmd_lmt     */
79 	3,                                              /* dpm_stndby_time    */
80 	0,                                              /* dpm_active_time    */
81 	{ 0 },                                          /* phy_target_id      */
82 	SASNVR_VSMH_DISABLED,                           /* virt_ses_mode      */
83 	SASNVR_RWM_DEFAULT,                             /* read_write_mode    */
84 	0,                                              /* link down timeout  */
85 	{ 0 }                                           /* reserved           */
86 };
87 
88 static u8 cmd_to_fls_func[] = {
89 	0xFF,
90 	VDA_FLASH_READ,
91 	VDA_FLASH_BEGINW,
92 	VDA_FLASH_WRITE,
93 	VDA_FLASH_COMMIT,
94 	VDA_FLASH_CANCEL
95 };
96 
97 static u8 esas2r_calc_byte_xor_cksum(u8 *addr, u32 len, u8 seed)
98 {
99 	u32 cksum = seed;
100 	u8 *p = (u8 *)&cksum;
101 
102 	while (len) {
103 		if (((uintptr_t)addr & 3) == 0)
104 			break;
105 
106 		cksum = cksum ^ *addr;
107 		addr++;
108 		len--;
109 	}
110 	while (len >= sizeof(u32)) {
111 		cksum = cksum ^ *(u32 *)addr;
112 		addr += 4;
113 		len -= 4;
114 	}
115 	while (len--) {
116 		cksum = cksum ^ *addr;
117 		addr++;
118 	}
119 	return p[0] ^ p[1] ^ p[2] ^ p[3];
120 }
121 
122 static u8 esas2r_calc_byte_cksum(void *addr, u32 len, u8 seed)
123 {
124 	u8 *p = (u8 *)addr;
125 	u8 cksum = seed;
126 
127 	while (len--)
128 		cksum = cksum + p[len];
129 	return cksum;
130 }
131 
132 /* Interrupt callback to process FM API write requests. */
133 static void esas2r_fmapi_callback(struct esas2r_adapter *a,
134 				  struct esas2r_request *rq)
135 {
136 	struct atto_vda_flash_req *vrq = &rq->vrq->flash;
137 	struct esas2r_flash_context *fc =
138 		(struct esas2r_flash_context *)rq->interrupt_cx;
139 
140 	if (rq->req_stat == RS_SUCCESS) {
141 		/* Last request was successful.  See what to do now. */
142 		switch (vrq->sub_func) {
143 		case VDA_FLASH_BEGINW:
144 			if (fc->sgc.cur_offset == NULL)
145 				goto commit;
146 
147 			vrq->sub_func = VDA_FLASH_WRITE;
148 			rq->req_stat = RS_PENDING;
149 			break;
150 
151 		case VDA_FLASH_WRITE:
152 commit:
153 			vrq->sub_func = VDA_FLASH_COMMIT;
154 			rq->req_stat = RS_PENDING;
155 			rq->interrupt_cb = fc->interrupt_cb;
156 			break;
157 
158 		default:
159 			break;
160 		}
161 	}
162 
163 	if (rq->req_stat != RS_PENDING)
164 		/*
165 		 * All done. call the real callback to complete the FM API
166 		 * request.  We should only get here if a BEGINW or WRITE
167 		 * operation failed.
168 		 */
169 		(*fc->interrupt_cb)(a, rq);
170 }
171 
172 /*
173  * Build a flash request based on the flash context.  The request status
174  * is filled in on an error.
175  */
176 static void build_flash_msg(struct esas2r_adapter *a,
177 			    struct esas2r_request *rq)
178 {
179 	struct esas2r_flash_context *fc =
180 		(struct esas2r_flash_context *)rq->interrupt_cx;
181 	struct esas2r_sg_context *sgc = &fc->sgc;
182 	u8 cksum = 0;
183 
184 	/* calculate the checksum */
185 	if (fc->func == VDA_FLASH_BEGINW) {
186 		if (sgc->cur_offset)
187 			cksum = esas2r_calc_byte_xor_cksum(sgc->cur_offset,
188 							   sgc->length,
189 							   0);
190 		rq->interrupt_cb = esas2r_fmapi_callback;
191 	} else {
192 		rq->interrupt_cb = fc->interrupt_cb;
193 	}
194 	esas2r_build_flash_req(a,
195 			       rq,
196 			       fc->func,
197 			       cksum,
198 			       fc->flsh_addr,
199 			       sgc->length);
200 
201 	esas2r_rq_free_sg_lists(rq, a);
202 
203 	/*
204 	 * remember the length we asked for.  we have to keep track of
205 	 * the current amount done so we know how much to compare when
206 	 * doing the verification phase.
207 	 */
208 	fc->curr_len = fc->sgc.length;
209 
210 	if (sgc->cur_offset) {
211 		/* setup the S/G context to build the S/G table  */
212 		esas2r_sgc_init(sgc, a, rq, &rq->vrq->flash.data.sge[0]);
213 
214 		if (!esas2r_build_sg_list(a, rq, sgc)) {
215 			rq->req_stat = RS_BUSY;
216 			return;
217 		}
218 	} else {
219 		fc->sgc.length = 0;
220 	}
221 
222 	/* update the flsh_addr to the next one to write to  */
223 	fc->flsh_addr += fc->curr_len;
224 }
225 
226 /* determine the method to process the flash request */
227 static bool load_image(struct esas2r_adapter *a, struct esas2r_request *rq)
228 {
229 	/*
230 	 * assume we have more to do.  if we return with the status set to
231 	 * RS_PENDING, FM API tasks will continue.
232 	 */
233 	rq->req_stat = RS_PENDING;
234 	if (test_bit(AF_DEGRADED_MODE, &a->flags))
235 		/* not suppported for now */;
236 	else
237 		build_flash_msg(a, rq);
238 
239 	return rq->req_stat == RS_PENDING;
240 }
241 
242 /*  boot image fixer uppers called before downloading the image. */
243 static void fix_bios(struct esas2r_adapter *a, struct esas2r_flash_img *fi)
244 {
245 	struct esas2r_component_header *ch = &fi->cmp_hdr[CH_IT_BIOS];
246 	struct esas2r_pc_image *pi;
247 	struct esas2r_boot_header *bh;
248 
249 	pi = (struct esas2r_pc_image *)((u8 *)fi + ch->image_offset);
250 	bh =
251 		(struct esas2r_boot_header *)((u8 *)pi +
252 					      le16_to_cpu(pi->header_offset));
253 	bh->device_id = cpu_to_le16(a->pcid->device);
254 
255 	/* Recalculate the checksum in the PNP header if there  */
256 	if (pi->pnp_offset) {
257 		u8 *pnp_header_bytes =
258 			((u8 *)pi + le16_to_cpu(pi->pnp_offset));
259 
260 		/* Identifier - dword that starts at byte 10 */
261 		*((u32 *)&pnp_header_bytes[10]) =
262 			cpu_to_le32(MAKEDWORD(a->pcid->subsystem_vendor,
263 					      a->pcid->subsystem_device));
264 
265 		/* Checksum - byte 9 */
266 		pnp_header_bytes[9] -= esas2r_calc_byte_cksum(pnp_header_bytes,
267 							      32, 0);
268 	}
269 
270 	/* Recalculate the checksum needed by the PC */
271 	pi->checksum = pi->checksum -
272 		       esas2r_calc_byte_cksum((u8 *)pi, ch->length, 0);
273 }
274 
275 static void fix_efi(struct esas2r_adapter *a, struct esas2r_flash_img *fi)
276 {
277 	struct esas2r_component_header *ch = &fi->cmp_hdr[CH_IT_EFI];
278 	u32 len = ch->length;
279 	u32 offset = ch->image_offset;
280 	struct esas2r_efi_image *ei;
281 	struct esas2r_boot_header *bh;
282 
283 	while (len) {
284 		u32 thislen;
285 
286 		ei = (struct esas2r_efi_image *)((u8 *)fi + offset);
287 		bh = (struct esas2r_boot_header *)((u8 *)ei +
288 						   le16_to_cpu(
289 							   ei->header_offset));
290 		bh->device_id = cpu_to_le16(a->pcid->device);
291 		thislen = (u32)le16_to_cpu(bh->image_length) * 512;
292 
293 		if (thislen > len)
294 			break;
295 
296 		len -= thislen;
297 		offset += thislen;
298 	}
299 }
300 
301 /* Complete a FM API request with the specified status. */
302 static bool complete_fmapi_req(struct esas2r_adapter *a,
303 			       struct esas2r_request *rq, u8 fi_stat)
304 {
305 	struct esas2r_flash_context *fc =
306 		(struct esas2r_flash_context *)rq->interrupt_cx;
307 	struct esas2r_flash_img *fi = fc->fi;
308 
309 	fi->status = fi_stat;
310 	fi->driver_error = rq->req_stat;
311 	rq->interrupt_cb = NULL;
312 	rq->req_stat = RS_SUCCESS;
313 
314 	if (fi_stat != FI_STAT_IMG_VER)
315 		memset(fc->scratch, 0, FM_BUF_SZ);
316 
317 	esas2r_enable_heartbeat(a);
318 	clear_bit(AF_FLASH_LOCK, &a->flags);
319 	return false;
320 }
321 
322 /* Process each phase of the flash download process. */
323 static void fw_download_proc(struct esas2r_adapter *a,
324 			     struct esas2r_request *rq)
325 {
326 	struct esas2r_flash_context *fc =
327 		(struct esas2r_flash_context *)rq->interrupt_cx;
328 	struct esas2r_flash_img *fi = fc->fi;
329 	struct esas2r_component_header *ch;
330 	u32 len;
331 	u8 *p, *q;
332 
333 	/* If the previous operation failed, just return. */
334 	if (rq->req_stat != RS_SUCCESS)
335 		goto error;
336 
337 	/*
338 	 * If an upload just completed and the compare length is non-zero,
339 	 * then we just read back part of the image we just wrote.  verify the
340 	 * section and continue reading until the entire image is verified.
341 	 */
342 	if (fc->func == VDA_FLASH_READ
343 	    && fc->cmp_len) {
344 		ch = &fi->cmp_hdr[fc->comp_typ];
345 
346 		p = fc->scratch;
347 		q = (u8 *)fi                    /* start of the whole gob     */
348 		    + ch->image_offset          /* start of the current image */
349 		    + ch->length                /* end of the current image   */
350 		    - fc->cmp_len;              /* where we are now           */
351 
352 		/*
353 		 * NOTE - curr_len is the exact count of bytes for the read
354 		 *        even when the end is read and its not a full buffer
355 		 */
356 		for (len = fc->curr_len; len; len--)
357 			if (*p++ != *q++)
358 				goto error;
359 
360 		fc->cmp_len -= fc->curr_len; /* # left to compare    */
361 
362 		/* Update fc and determine the length for the next upload */
363 		if (fc->cmp_len > FM_BUF_SZ)
364 			fc->sgc.length = FM_BUF_SZ;
365 		else
366 			fc->sgc.length = fc->cmp_len;
367 
368 		fc->sgc.cur_offset = fc->sgc_offset +
369 				     ((u8 *)fc->scratch - (u8 *)fi);
370 	}
371 
372 	/*
373 	 * This code uses a 'while' statement since the next component may
374 	 * have a length = zero.  This can happen since some components are
375 	 * not required.  At the end of this 'while' we set up the length
376 	 * for the next request and therefore sgc.length can be = 0.
377 	 */
378 	while (fc->sgc.length == 0) {
379 		ch = &fi->cmp_hdr[fc->comp_typ];
380 
381 		switch (fc->task) {
382 		case FMTSK_ERASE_BOOT:
383 			/* the BIOS image is written next */
384 			ch = &fi->cmp_hdr[CH_IT_BIOS];
385 			if (ch->length == 0)
386 				goto no_bios;
387 
388 			fc->task = FMTSK_WRTBIOS;
389 			fc->func = VDA_FLASH_BEGINW;
390 			fc->comp_typ = CH_IT_BIOS;
391 			fc->flsh_addr = FLS_OFFSET_BOOT;
392 			fc->sgc.length = ch->length;
393 			fc->sgc.cur_offset = fc->sgc_offset +
394 					     ch->image_offset;
395 			break;
396 
397 		case FMTSK_WRTBIOS:
398 			/*
399 			 * The BIOS image has been written - read it and
400 			 * verify it
401 			 */
402 			fc->task = FMTSK_READBIOS;
403 			fc->func = VDA_FLASH_READ;
404 			fc->flsh_addr = FLS_OFFSET_BOOT;
405 			fc->cmp_len = ch->length;
406 			fc->sgc.length = FM_BUF_SZ;
407 			fc->sgc.cur_offset = fc->sgc_offset
408 					     + ((u8 *)fc->scratch -
409 						(u8 *)fi);
410 			break;
411 
412 		case FMTSK_READBIOS:
413 no_bios:
414 			/*
415 			 * Mark the component header status for the image
416 			 * completed
417 			 */
418 			ch->status = CH_STAT_SUCCESS;
419 
420 			/* The MAC image is written next */
421 			ch = &fi->cmp_hdr[CH_IT_MAC];
422 			if (ch->length == 0)
423 				goto no_mac;
424 
425 			fc->task = FMTSK_WRTMAC;
426 			fc->func = VDA_FLASH_BEGINW;
427 			fc->comp_typ = CH_IT_MAC;
428 			fc->flsh_addr = FLS_OFFSET_BOOT
429 					+ fi->cmp_hdr[CH_IT_BIOS].length;
430 			fc->sgc.length = ch->length;
431 			fc->sgc.cur_offset = fc->sgc_offset +
432 					     ch->image_offset;
433 			break;
434 
435 		case FMTSK_WRTMAC:
436 			/* The MAC image has been written - read and verify */
437 			fc->task = FMTSK_READMAC;
438 			fc->func = VDA_FLASH_READ;
439 			fc->flsh_addr -= ch->length;
440 			fc->cmp_len = ch->length;
441 			fc->sgc.length = FM_BUF_SZ;
442 			fc->sgc.cur_offset = fc->sgc_offset
443 					     + ((u8 *)fc->scratch -
444 						(u8 *)fi);
445 			break;
446 
447 		case FMTSK_READMAC:
448 no_mac:
449 			/*
450 			 * Mark the component header status for the image
451 			 * completed
452 			 */
453 			ch->status = CH_STAT_SUCCESS;
454 
455 			/* The EFI image is written next */
456 			ch = &fi->cmp_hdr[CH_IT_EFI];
457 			if (ch->length == 0)
458 				goto no_efi;
459 
460 			fc->task = FMTSK_WRTEFI;
461 			fc->func = VDA_FLASH_BEGINW;
462 			fc->comp_typ = CH_IT_EFI;
463 			fc->flsh_addr = FLS_OFFSET_BOOT
464 					+ fi->cmp_hdr[CH_IT_BIOS].length
465 					+ fi->cmp_hdr[CH_IT_MAC].length;
466 			fc->sgc.length = ch->length;
467 			fc->sgc.cur_offset = fc->sgc_offset +
468 					     ch->image_offset;
469 			break;
470 
471 		case FMTSK_WRTEFI:
472 			/* The EFI image has been written - read and verify */
473 			fc->task = FMTSK_READEFI;
474 			fc->func = VDA_FLASH_READ;
475 			fc->flsh_addr -= ch->length;
476 			fc->cmp_len = ch->length;
477 			fc->sgc.length = FM_BUF_SZ;
478 			fc->sgc.cur_offset = fc->sgc_offset
479 					     + ((u8 *)fc->scratch -
480 						(u8 *)fi);
481 			break;
482 
483 		case FMTSK_READEFI:
484 no_efi:
485 			/*
486 			 * Mark the component header status for the image
487 			 * completed
488 			 */
489 			ch->status = CH_STAT_SUCCESS;
490 
491 			/* The CFG image is written next */
492 			ch = &fi->cmp_hdr[CH_IT_CFG];
493 
494 			if (ch->length == 0)
495 				goto no_cfg;
496 			fc->task = FMTSK_WRTCFG;
497 			fc->func = VDA_FLASH_BEGINW;
498 			fc->comp_typ = CH_IT_CFG;
499 			fc->flsh_addr = FLS_OFFSET_CPYR - ch->length;
500 			fc->sgc.length = ch->length;
501 			fc->sgc.cur_offset = fc->sgc_offset +
502 					     ch->image_offset;
503 			break;
504 
505 		case FMTSK_WRTCFG:
506 			/* The CFG image has been written - read and verify */
507 			fc->task = FMTSK_READCFG;
508 			fc->func = VDA_FLASH_READ;
509 			fc->flsh_addr = FLS_OFFSET_CPYR - ch->length;
510 			fc->cmp_len = ch->length;
511 			fc->sgc.length = FM_BUF_SZ;
512 			fc->sgc.cur_offset = fc->sgc_offset
513 					     + ((u8 *)fc->scratch -
514 						(u8 *)fi);
515 			break;
516 
517 		case FMTSK_READCFG:
518 no_cfg:
519 			/*
520 			 * Mark the component header status for the image
521 			 * completed
522 			 */
523 			ch->status = CH_STAT_SUCCESS;
524 
525 			/*
526 			 * The download is complete.  If in degraded mode,
527 			 * attempt a chip reset.
528 			 */
529 			if (test_bit(AF_DEGRADED_MODE, &a->flags))
530 				esas2r_local_reset_adapter(a);
531 
532 			a->flash_ver = fi->cmp_hdr[CH_IT_BIOS].version;
533 			esas2r_print_flash_rev(a);
534 
535 			/* Update the type of boot image on the card */
536 			memcpy(a->image_type, fi->rel_version,
537 			       sizeof(fi->rel_version));
538 			complete_fmapi_req(a, rq, FI_STAT_SUCCESS);
539 			return;
540 		}
541 
542 		/* If verifying, don't try reading more than what's there */
543 		if (fc->func == VDA_FLASH_READ
544 		    && fc->sgc.length > fc->cmp_len)
545 			fc->sgc.length = fc->cmp_len;
546 	}
547 
548 	/* Build the request to perform the next action */
549 	if (!load_image(a, rq)) {
550 error:
551 		if (fc->comp_typ < fi->num_comps) {
552 			ch = &fi->cmp_hdr[fc->comp_typ];
553 			ch->status = CH_STAT_FAILED;
554 		}
555 
556 		complete_fmapi_req(a, rq, FI_STAT_FAILED);
557 	}
558 }
559 
560 /* Determine the flash image adaptyp for this adapter */
561 static u8 get_fi_adap_type(struct esas2r_adapter *a)
562 {
563 	u8 type;
564 
565 	/* use the device ID to get the correct adap_typ for this HBA */
566 	switch (a->pcid->device) {
567 	case ATTO_DID_INTEL_IOP348:
568 		type = FI_AT_SUN_LAKE;
569 		break;
570 
571 	case ATTO_DID_MV_88RC9580:
572 	case ATTO_DID_MV_88RC9580TS:
573 	case ATTO_DID_MV_88RC9580TSE:
574 	case ATTO_DID_MV_88RC9580TL:
575 		type = FI_AT_MV_9580;
576 		break;
577 
578 	default:
579 		type = FI_AT_UNKNWN;
580 		break;
581 	}
582 
583 	return type;
584 }
585 
586 /* Size of config + copyright + flash_ver images, 0 for failure. */
587 static u32 chk_cfg(u8 *cfg, u32 length, u32 *flash_ver)
588 {
589 	u16 *pw = (u16 *)cfg - 1;
590 	u32 sz = 0;
591 	u32 len = length;
592 
593 	if (len == 0)
594 		len = FM_BUF_SZ;
595 
596 	if (flash_ver)
597 		*flash_ver = 0;
598 
599 	while (true) {
600 		u16 type;
601 		u16 size;
602 
603 		type = le16_to_cpu(*pw--);
604 		size = le16_to_cpu(*pw--);
605 
606 		if (type != FBT_CPYR
607 		    && type != FBT_SETUP
608 		    && type != FBT_FLASH_VER)
609 			break;
610 
611 		if (type == FBT_FLASH_VER
612 		    && flash_ver)
613 			*flash_ver = le32_to_cpu(*(u32 *)(pw - 1));
614 
615 		sz += size + (2 * sizeof(u16));
616 		pw -= size / sizeof(u16);
617 
618 		if (sz > len - (2 * sizeof(u16)))
619 			break;
620 	}
621 
622 	/* See if we are comparing the size to the specified length */
623 	if (length && sz != length)
624 		return 0;
625 
626 	return sz;
627 }
628 
629 /* Verify that the boot image is valid */
630 static u8 chk_boot(u8 *boot_img, u32 length)
631 {
632 	struct esas2r_boot_image *bi = (struct esas2r_boot_image *)boot_img;
633 	u16 hdroffset = le16_to_cpu(bi->header_offset);
634 	struct esas2r_boot_header *bh;
635 
636 	if (bi->signature != le16_to_cpu(0xaa55)
637 	    || (long)hdroffset >
638 	    (long)(65536L - sizeof(struct esas2r_boot_header))
639 	    || (hdroffset & 3)
640 	    || (hdroffset < sizeof(struct esas2r_boot_image))
641 	    || ((u32)hdroffset + sizeof(struct esas2r_boot_header) > length))
642 		return 0xff;
643 
644 	bh = (struct esas2r_boot_header *)((char *)bi + hdroffset);
645 
646 	if (bh->signature[0] != 'P'
647 	    || bh->signature[1] != 'C'
648 	    || bh->signature[2] != 'I'
649 	    || bh->signature[3] != 'R'
650 	    || le16_to_cpu(bh->struct_length) <
651 	    (u16)sizeof(struct esas2r_boot_header)
652 	    || bh->class_code[2] != 0x01
653 	    || bh->class_code[1] != 0x04
654 	    || bh->class_code[0] != 0x00
655 	    || (bh->code_type != CODE_TYPE_PC
656 		&& bh->code_type != CODE_TYPE_OPEN
657 		&& bh->code_type != CODE_TYPE_EFI))
658 		return 0xff;
659 
660 	return bh->code_type;
661 }
662 
663 /* The sum of all the WORDS of the image */
664 static u16 calc_fi_checksum(struct esas2r_flash_context *fc)
665 {
666 	struct esas2r_flash_img *fi = fc->fi;
667 	u16 cksum;
668 	u32 len;
669 	u16 *pw;
670 
671 	for (len = (fi->length - fc->fi_hdr_len) / 2,
672 	     pw = (u16 *)((u8 *)fi + fc->fi_hdr_len),
673 	     cksum = 0;
674 	     len;
675 	     len--, pw++)
676 		cksum = cksum + le16_to_cpu(*pw);
677 
678 	return cksum;
679 }
680 
681 /*
682  * Verify the flash image structure.  The following verifications will
683  * be performed:
684  *              1)  verify the fi_version is correct
685  *              2)  verify the checksum of the entire image.
686  *              3)  validate the adap_typ, action and length fields.
687  *              4)  validate each component header. check the img_type and
688  *                  length fields
689  *              5)  validate each component image.  validate signatures and
690  *                  local checksums
691  */
692 static bool verify_fi(struct esas2r_adapter *a,
693 		      struct esas2r_flash_context *fc)
694 {
695 	struct esas2r_flash_img *fi = fc->fi;
696 	u8 type;
697 	bool imgerr;
698 	u16 i;
699 	u32 len;
700 	struct esas2r_component_header *ch;
701 
702 	/* Verify the length - length must even since we do a word checksum */
703 	len = fi->length;
704 
705 	if ((len & 1)
706 	    || len < fc->fi_hdr_len) {
707 		fi->status = FI_STAT_LENGTH;
708 		return false;
709 	}
710 
711 	/* Get adapter type and verify type in flash image */
712 	type = get_fi_adap_type(a);
713 	if ((type == FI_AT_UNKNWN) || (fi->adap_typ != type)) {
714 		fi->status = FI_STAT_ADAPTYP;
715 		return false;
716 	}
717 
718 	/*
719 	 * Loop through each component and verify the img_type and length
720 	 * fields.  Keep a running count of the sizes sooze we can verify total
721 	 * size to additive size.
722 	 */
723 	imgerr = false;
724 
725 	for (i = 0, len = 0, ch = fi->cmp_hdr;
726 	     i < fi->num_comps;
727 	     i++, ch++) {
728 		bool cmperr = false;
729 
730 		/*
731 		 * Verify that the component header has the same index as the
732 		 * image type.  The headers must be ordered correctly
733 		 */
734 		if (i != ch->img_type) {
735 			imgerr = true;
736 			ch->status = CH_STAT_INVALID;
737 			continue;
738 		}
739 
740 		switch (ch->img_type) {
741 		case CH_IT_BIOS:
742 			type = CODE_TYPE_PC;
743 			break;
744 
745 		case CH_IT_MAC:
746 			type = CODE_TYPE_OPEN;
747 			break;
748 
749 		case CH_IT_EFI:
750 			type = CODE_TYPE_EFI;
751 			break;
752 		}
753 
754 		switch (ch->img_type) {
755 		case CH_IT_FW:
756 		case CH_IT_NVR:
757 			break;
758 
759 		case CH_IT_BIOS:
760 		case CH_IT_MAC:
761 		case CH_IT_EFI:
762 			if (ch->length & 0x1ff)
763 				cmperr = true;
764 
765 			/* Test if component image is present  */
766 			if (ch->length == 0)
767 				break;
768 
769 			/* Image is present - verify the image */
770 			if (chk_boot((u8 *)fi + ch->image_offset, ch->length)
771 			    != type)
772 				cmperr = true;
773 
774 			break;
775 
776 		case CH_IT_CFG:
777 
778 			/* Test if component image is present */
779 			if (ch->length == 0) {
780 				cmperr = true;
781 				break;
782 			}
783 
784 			/* Image is present - verify the image */
785 			if (!chk_cfg((u8 *)fi + ch->image_offset + ch->length,
786 				     ch->length, NULL))
787 				cmperr = true;
788 
789 			break;
790 
791 		default:
792 
793 			fi->status = FI_STAT_UNKNOWN;
794 			return false;
795 		}
796 
797 		if (cmperr) {
798 			imgerr = true;
799 			ch->status = CH_STAT_INVALID;
800 		} else {
801 			ch->status = CH_STAT_PENDING;
802 			len += ch->length;
803 		}
804 	}
805 
806 	if (imgerr) {
807 		fi->status = FI_STAT_MISSING;
808 		return false;
809 	}
810 
811 	/* Compare fi->length to the sum of ch->length fields */
812 	if (len != fi->length - fc->fi_hdr_len) {
813 		fi->status = FI_STAT_LENGTH;
814 		return false;
815 	}
816 
817 	/* Compute the checksum - it should come out zero */
818 	if (fi->checksum != calc_fi_checksum(fc)) {
819 		fi->status = FI_STAT_CHKSUM;
820 		return false;
821 	}
822 
823 	return true;
824 }
825 
826 /* Fill in the FS IOCTL response data from a completed request. */
827 static void esas2r_complete_fs_ioctl(struct esas2r_adapter *a,
828 				     struct esas2r_request *rq)
829 {
830 	struct esas2r_ioctl_fs *fs =
831 		(struct esas2r_ioctl_fs *)rq->interrupt_cx;
832 
833 	if (rq->vrq->flash.sub_func == VDA_FLASH_COMMIT)
834 		esas2r_enable_heartbeat(a);
835 
836 	fs->driver_error = rq->req_stat;
837 
838 	if (fs->driver_error == RS_SUCCESS)
839 		fs->status = ATTO_STS_SUCCESS;
840 	else
841 		fs->status = ATTO_STS_FAILED;
842 }
843 
844 /* Prepare an FS IOCTL request to be sent to the firmware. */
845 bool esas2r_process_fs_ioctl(struct esas2r_adapter *a,
846 			     struct esas2r_ioctl_fs *fs,
847 			     struct esas2r_request *rq,
848 			     struct esas2r_sg_context *sgc)
849 {
850 	u8 cmdcnt = (u8)ARRAY_SIZE(cmd_to_fls_func);
851 	struct esas2r_ioctlfs_command *fsc = &fs->command;
852 	u8 func = 0;
853 	u32 datalen;
854 
855 	fs->status = ATTO_STS_FAILED;
856 	fs->driver_error = RS_PENDING;
857 
858 	if (fs->version > ESAS2R_FS_VER) {
859 		fs->status = ATTO_STS_INV_VERSION;
860 		return false;
861 	}
862 
863 	if (fsc->command >= cmdcnt) {
864 		fs->status = ATTO_STS_INV_FUNC;
865 		return false;
866 	}
867 
868 	func = cmd_to_fls_func[fsc->command];
869 	if (func == 0xFF) {
870 		fs->status = ATTO_STS_INV_FUNC;
871 		return false;
872 	}
873 
874 	if (fsc->command != ESAS2R_FS_CMD_CANCEL) {
875 		if ((a->pcid->device != ATTO_DID_MV_88RC9580
876 		     || fs->adap_type != ESAS2R_FS_AT_ESASRAID2)
877 		    && (a->pcid->device != ATTO_DID_MV_88RC9580TS
878 			|| fs->adap_type != ESAS2R_FS_AT_TSSASRAID2)
879 		    && (a->pcid->device != ATTO_DID_MV_88RC9580TSE
880 			|| fs->adap_type != ESAS2R_FS_AT_TSSASRAID2E)
881 		    && (a->pcid->device != ATTO_DID_MV_88RC9580TL
882 			|| fs->adap_type != ESAS2R_FS_AT_TLSASHBA)) {
883 			fs->status = ATTO_STS_INV_ADAPTER;
884 			return false;
885 		}
886 
887 		if (fs->driver_ver > ESAS2R_FS_DRVR_VER) {
888 			fs->status = ATTO_STS_INV_DRVR_VER;
889 			return false;
890 		}
891 	}
892 
893 	if (test_bit(AF_DEGRADED_MODE, &a->flags)) {
894 		fs->status = ATTO_STS_DEGRADED;
895 		return false;
896 	}
897 
898 	rq->interrupt_cb = esas2r_complete_fs_ioctl;
899 	rq->interrupt_cx = fs;
900 	datalen = le32_to_cpu(fsc->length);
901 	esas2r_build_flash_req(a,
902 			       rq,
903 			       func,
904 			       fsc->checksum,
905 			       le32_to_cpu(fsc->flash_addr),
906 			       datalen);
907 
908 	if (func == VDA_FLASH_WRITE
909 	    || func == VDA_FLASH_READ) {
910 		if (datalen == 0) {
911 			fs->status = ATTO_STS_INV_FUNC;
912 			return false;
913 		}
914 
915 		esas2r_sgc_init(sgc, a, rq, rq->vrq->flash.data.sge);
916 		sgc->length = datalen;
917 
918 		if (!esas2r_build_sg_list(a, rq, sgc)) {
919 			fs->status = ATTO_STS_OUT_OF_RSRC;
920 			return false;
921 		}
922 	}
923 
924 	if (func == VDA_FLASH_COMMIT)
925 		esas2r_disable_heartbeat(a);
926 
927 	esas2r_start_request(a, rq);
928 
929 	return true;
930 }
931 
932 static bool esas2r_flash_access(struct esas2r_adapter *a, u32 function)
933 {
934 	u32 starttime;
935 	u32 timeout;
936 	u32 intstat;
937 	u32 doorbell;
938 
939 	/* Disable chip interrupts awhile */
940 	if (function == DRBL_FLASH_REQ)
941 		esas2r_disable_chip_interrupts(a);
942 
943 	/* Issue the request to the firmware */
944 	esas2r_write_register_dword(a, MU_DOORBELL_IN, function);
945 
946 	/* Now wait for the firmware to process it */
947 	starttime = jiffies_to_msecs(jiffies);
948 
949 	if (test_bit(AF_CHPRST_PENDING, &a->flags) ||
950 	    test_bit(AF_DISC_PENDING, &a->flags))
951 		timeout = 40000;
952 	else
953 		timeout = 5000;
954 
955 	while (true) {
956 		intstat = esas2r_read_register_dword(a, MU_INT_STATUS_OUT);
957 
958 		if (intstat & MU_INTSTAT_DRBL) {
959 			/* Got a doorbell interrupt.  Check for the function */
960 			doorbell =
961 				esas2r_read_register_dword(a, MU_DOORBELL_OUT);
962 			esas2r_write_register_dword(a, MU_DOORBELL_OUT,
963 						    doorbell);
964 			if (doorbell & function)
965 				break;
966 		}
967 
968 		schedule_timeout_interruptible(msecs_to_jiffies(100));
969 
970 		if ((jiffies_to_msecs(jiffies) - starttime) > timeout) {
971 			/*
972 			 * Iimeout.  If we were requesting flash access,
973 			 * indicate we are done so the firmware knows we gave
974 			 * up.  If this was a REQ, we also need to re-enable
975 			 * chip interrupts.
976 			 */
977 			if (function == DRBL_FLASH_REQ) {
978 				esas2r_hdebug("flash access timeout");
979 				esas2r_write_register_dword(a, MU_DOORBELL_IN,
980 							    DRBL_FLASH_DONE);
981 				esas2r_enable_chip_interrupts(a);
982 			} else {
983 				esas2r_hdebug("flash release timeout");
984 			}
985 
986 			return false;
987 		}
988 	}
989 
990 	/* if we're done, re-enable chip interrupts */
991 	if (function == DRBL_FLASH_DONE)
992 		esas2r_enable_chip_interrupts(a);
993 
994 	return true;
995 }
996 
997 #define WINDOW_SIZE ((signed int)MW_DATA_WINDOW_SIZE)
998 
999 bool esas2r_read_flash_block(struct esas2r_adapter *a,
1000 			     void *to,
1001 			     u32 from,
1002 			     u32 size)
1003 {
1004 	u8 *end = (u8 *)to;
1005 
1006 	/* Try to acquire access to the flash */
1007 	if (!esas2r_flash_access(a, DRBL_FLASH_REQ))
1008 		return false;
1009 
1010 	while (size) {
1011 		u32 len;
1012 		u32 offset;
1013 		u32 iatvr;
1014 
1015 		if (test_bit(AF2_SERIAL_FLASH, &a->flags2))
1016 			iatvr = MW_DATA_ADDR_SER_FLASH + (from & -WINDOW_SIZE);
1017 		else
1018 			iatvr = MW_DATA_ADDR_PAR_FLASH + (from & -WINDOW_SIZE);
1019 
1020 		esas2r_map_data_window(a, iatvr);
1021 		offset = from & (WINDOW_SIZE - 1);
1022 		len = size;
1023 
1024 		if (len > WINDOW_SIZE - offset)
1025 			len = WINDOW_SIZE - offset;
1026 
1027 		from += len;
1028 		size -= len;
1029 
1030 		while (len--) {
1031 			*end++ = esas2r_read_data_byte(a, offset);
1032 			offset++;
1033 		}
1034 	}
1035 
1036 	/* Release flash access */
1037 	esas2r_flash_access(a, DRBL_FLASH_DONE);
1038 	return true;
1039 }
1040 
1041 bool esas2r_read_flash_rev(struct esas2r_adapter *a)
1042 {
1043 	u8 bytes[256];
1044 	u16 *pw;
1045 	u16 *pwstart;
1046 	u16 type;
1047 	u16 size;
1048 	u32 sz;
1049 
1050 	sz = sizeof(bytes);
1051 	pw = (u16 *)(bytes + sz);
1052 	pwstart = (u16 *)bytes + 2;
1053 
1054 	if (!esas2r_read_flash_block(a, bytes, FLS_OFFSET_CPYR - sz, sz))
1055 		goto invalid_rev;
1056 
1057 	while (pw >= pwstart) {
1058 		pw--;
1059 		type = le16_to_cpu(*pw);
1060 		pw--;
1061 		size = le16_to_cpu(*pw);
1062 		pw -= size / 2;
1063 
1064 		if (type == FBT_CPYR
1065 		    || type == FBT_SETUP
1066 		    || pw < pwstart)
1067 			continue;
1068 
1069 		if (type == FBT_FLASH_VER)
1070 			a->flash_ver = le32_to_cpu(*(u32 *)pw);
1071 
1072 		break;
1073 	}
1074 
1075 invalid_rev:
1076 	return esas2r_print_flash_rev(a);
1077 }
1078 
1079 bool esas2r_print_flash_rev(struct esas2r_adapter *a)
1080 {
1081 	u16 year = LOWORD(a->flash_ver);
1082 	u8 day = LOBYTE(HIWORD(a->flash_ver));
1083 	u8 month = HIBYTE(HIWORD(a->flash_ver));
1084 
1085 	if (day == 0
1086 	    || month == 0
1087 	    || day > 31
1088 	    || month > 12
1089 	    || year < 2006
1090 	    || year > 9999) {
1091 		strcpy(a->flash_rev, "not found");
1092 		a->flash_ver = 0;
1093 		return false;
1094 	}
1095 
1096 	sprintf(a->flash_rev, "%02d/%02d/%04d", month, day, year);
1097 	esas2r_hdebug("flash version: %s", a->flash_rev);
1098 	return true;
1099 }
1100 
1101 /*
1102  * Find the type of boot image type that is currently in the flash.
1103  * The chip only has a 64 KB PCI-e expansion ROM
1104  * size so only one image can be flashed at a time.
1105  */
1106 bool esas2r_read_image_type(struct esas2r_adapter *a)
1107 {
1108 	u8 bytes[256];
1109 	struct esas2r_boot_image *bi;
1110 	struct esas2r_boot_header *bh;
1111 	u32 sz;
1112 	u32 len;
1113 	u32 offset;
1114 
1115 	/* Start at the base of the boot images and look for a valid image */
1116 	sz = sizeof(bytes);
1117 	len = FLS_LENGTH_BOOT;
1118 	offset = 0;
1119 
1120 	while (true) {
1121 		if (!esas2r_read_flash_block(a, bytes, FLS_OFFSET_BOOT +
1122 					     offset,
1123 					     sz))
1124 			goto invalid_rev;
1125 
1126 		bi = (struct esas2r_boot_image *)bytes;
1127 		bh = (struct esas2r_boot_header *)((u8 *)bi +
1128 						   le16_to_cpu(
1129 							   bi->header_offset));
1130 		if (bi->signature != cpu_to_le16(0xAA55))
1131 			goto invalid_rev;
1132 
1133 		if (bh->code_type == CODE_TYPE_PC) {
1134 			strcpy(a->image_type, "BIOS");
1135 
1136 			return true;
1137 		} else if (bh->code_type == CODE_TYPE_EFI) {
1138 			struct esas2r_efi_image *ei;
1139 
1140 			/*
1141 			 * So we have an EFI image.  There are several types
1142 			 * so see which architecture we have.
1143 			 */
1144 			ei = (struct esas2r_efi_image *)bytes;
1145 
1146 			switch (le16_to_cpu(ei->machine_type)) {
1147 			case EFI_MACHINE_IA32:
1148 				strcpy(a->image_type, "EFI 32-bit");
1149 				return true;
1150 
1151 			case EFI_MACHINE_IA64:
1152 				strcpy(a->image_type, "EFI itanium");
1153 				return true;
1154 
1155 			case EFI_MACHINE_X64:
1156 				strcpy(a->image_type, "EFI 64-bit");
1157 				return true;
1158 
1159 			case EFI_MACHINE_EBC:
1160 				strcpy(a->image_type, "EFI EBC");
1161 				return true;
1162 
1163 			default:
1164 				goto invalid_rev;
1165 			}
1166 		} else {
1167 			u32 thislen;
1168 
1169 			/* jump to the next image */
1170 			thislen = (u32)le16_to_cpu(bh->image_length) * 512;
1171 			if (thislen == 0
1172 			    || thislen + offset > len
1173 			    || bh->indicator == INDICATOR_LAST)
1174 				break;
1175 
1176 			offset += thislen;
1177 		}
1178 	}
1179 
1180 invalid_rev:
1181 	strcpy(a->image_type, "no boot images");
1182 	return false;
1183 }
1184 
1185 /*
1186  *  Read and validate current NVRAM parameters by accessing
1187  *  physical NVRAM directly.  if currently stored parameters are
1188  *  invalid, use the defaults.
1189  */
1190 bool esas2r_nvram_read_direct(struct esas2r_adapter *a)
1191 {
1192 	bool result;
1193 
1194 	if (down_interruptible(&a->nvram_semaphore))
1195 		return false;
1196 
1197 	if (!esas2r_read_flash_block(a, a->nvram, FLS_OFFSET_NVR,
1198 				     sizeof(struct esas2r_sas_nvram))) {
1199 		esas2r_hdebug("NVRAM read failed, using defaults");
1200 		return false;
1201 	}
1202 
1203 	result = esas2r_nvram_validate(a);
1204 
1205 	up(&a->nvram_semaphore);
1206 
1207 	return result;
1208 }
1209 
1210 /* Interrupt callback to process NVRAM completions. */
1211 static void esas2r_nvram_callback(struct esas2r_adapter *a,
1212 				  struct esas2r_request *rq)
1213 {
1214 	struct atto_vda_flash_req *vrq = &rq->vrq->flash;
1215 
1216 	if (rq->req_stat == RS_SUCCESS) {
1217 		/* last request was successful.  see what to do now. */
1218 
1219 		switch (vrq->sub_func) {
1220 		case VDA_FLASH_BEGINW:
1221 			vrq->sub_func = VDA_FLASH_WRITE;
1222 			rq->req_stat = RS_PENDING;
1223 			break;
1224 
1225 		case VDA_FLASH_WRITE:
1226 			vrq->sub_func = VDA_FLASH_COMMIT;
1227 			rq->req_stat = RS_PENDING;
1228 			break;
1229 
1230 		case VDA_FLASH_READ:
1231 			esas2r_nvram_validate(a);
1232 			break;
1233 
1234 		case VDA_FLASH_COMMIT:
1235 		default:
1236 			break;
1237 		}
1238 	}
1239 
1240 	if (rq->req_stat != RS_PENDING) {
1241 		/* update the NVRAM state */
1242 		if (rq->req_stat == RS_SUCCESS)
1243 			set_bit(AF_NVR_VALID, &a->flags);
1244 		else
1245 			clear_bit(AF_NVR_VALID, &a->flags);
1246 
1247 		esas2r_enable_heartbeat(a);
1248 
1249 		up(&a->nvram_semaphore);
1250 	}
1251 }
1252 
1253 /*
1254  * Write the contents of nvram to the adapter's physical NVRAM.
1255  * The cached copy of the NVRAM is also updated.
1256  */
1257 bool esas2r_nvram_write(struct esas2r_adapter *a, struct esas2r_request *rq,
1258 			struct esas2r_sas_nvram *nvram)
1259 {
1260 	struct esas2r_sas_nvram *n = nvram;
1261 	u8 sas_address_bytes[8];
1262 	u32 *sas_address_dwords = (u32 *)&sas_address_bytes[0];
1263 	struct atto_vda_flash_req *vrq = &rq->vrq->flash;
1264 
1265 	if (test_bit(AF_DEGRADED_MODE, &a->flags))
1266 		return false;
1267 
1268 	if (down_interruptible(&a->nvram_semaphore))
1269 		return false;
1270 
1271 	if (n == NULL)
1272 		n = a->nvram;
1273 
1274 	/* check the validity of the settings */
1275 	if (n->version > SASNVR_VERSION) {
1276 		up(&a->nvram_semaphore);
1277 		return false;
1278 	}
1279 
1280 	memcpy(&sas_address_bytes[0], n->sas_addr, 8);
1281 
1282 	if (sas_address_bytes[0] != 0x50
1283 	    || sas_address_bytes[1] != 0x01
1284 	    || sas_address_bytes[2] != 0x08
1285 	    || (sas_address_bytes[3] & 0xF0) != 0x60
1286 	    || ((sas_address_bytes[3] & 0x0F) | sas_address_dwords[1]) == 0) {
1287 		up(&a->nvram_semaphore);
1288 		return false;
1289 	}
1290 
1291 	if (n->spin_up_delay > SASNVR_SPINUP_MAX)
1292 		n->spin_up_delay = SASNVR_SPINUP_MAX;
1293 
1294 	n->version = SASNVR_VERSION;
1295 	n->checksum = n->checksum - esas2r_nvramcalc_cksum(n);
1296 	memcpy(a->nvram, n, sizeof(struct esas2r_sas_nvram));
1297 
1298 	/* write the NVRAM */
1299 	n = a->nvram;
1300 	esas2r_disable_heartbeat(a);
1301 
1302 	esas2r_build_flash_req(a,
1303 			       rq,
1304 			       VDA_FLASH_BEGINW,
1305 			       esas2r_nvramcalc_xor_cksum(n),
1306 			       FLS_OFFSET_NVR,
1307 			       sizeof(struct esas2r_sas_nvram));
1308 
1309 	if (test_bit(AF_LEGACY_SGE_MODE, &a->flags)) {
1310 
1311 		vrq->data.sge[0].length =
1312 			cpu_to_le32(SGE_LAST |
1313 				    sizeof(struct esas2r_sas_nvram));
1314 		vrq->data.sge[0].address = cpu_to_le64(
1315 			a->uncached_phys + (u64)((u8 *)n - a->uncached));
1316 	} else {
1317 		vrq->data.prde[0].ctl_len =
1318 			cpu_to_le32(sizeof(struct esas2r_sas_nvram));
1319 		vrq->data.prde[0].address = cpu_to_le64(
1320 			a->uncached_phys
1321 			+ (u64)((u8 *)n - a->uncached));
1322 	}
1323 	rq->interrupt_cb = esas2r_nvram_callback;
1324 	esas2r_start_request(a, rq);
1325 	return true;
1326 }
1327 
1328 /* Validate the cached NVRAM.  if the NVRAM is invalid, load the defaults. */
1329 bool esas2r_nvram_validate(struct esas2r_adapter *a)
1330 {
1331 	struct esas2r_sas_nvram *n = a->nvram;
1332 	bool rslt = false;
1333 
1334 	if (n->signature[0] != 'E'
1335 	    || n->signature[1] != 'S'
1336 	    || n->signature[2] != 'A'
1337 	    || n->signature[3] != 'S') {
1338 		esas2r_hdebug("invalid NVRAM signature");
1339 	} else if (esas2r_nvramcalc_cksum(n)) {
1340 		esas2r_hdebug("invalid NVRAM checksum");
1341 	} else if (n->version > SASNVR_VERSION) {
1342 		esas2r_hdebug("invalid NVRAM version");
1343 	} else {
1344 		set_bit(AF_NVR_VALID, &a->flags);
1345 		rslt = true;
1346 	}
1347 
1348 	if (rslt == false) {
1349 		esas2r_hdebug("using defaults");
1350 		esas2r_nvram_set_defaults(a);
1351 	}
1352 
1353 	return rslt;
1354 }
1355 
1356 /*
1357  * Set the cached NVRAM to defaults.  note that this function sets the default
1358  * NVRAM when it has been determined that the physical NVRAM is invalid.
1359  * In this case, the SAS address is fabricated.
1360  */
1361 void esas2r_nvram_set_defaults(struct esas2r_adapter *a)
1362 {
1363 	struct esas2r_sas_nvram *n = a->nvram;
1364 	u32 time = jiffies_to_msecs(jiffies);
1365 
1366 	clear_bit(AF_NVR_VALID, &a->flags);
1367 	*n = default_sas_nvram;
1368 	n->sas_addr[3] |= 0x0F;
1369 	n->sas_addr[4] = HIBYTE(LOWORD(time));
1370 	n->sas_addr[5] = LOBYTE(LOWORD(time));
1371 	n->sas_addr[6] = a->pcid->bus->number;
1372 	n->sas_addr[7] = a->pcid->devfn;
1373 }
1374 
1375 void esas2r_nvram_get_defaults(struct esas2r_adapter *a,
1376 			       struct esas2r_sas_nvram *nvram)
1377 {
1378 	u8 sas_addr[8];
1379 
1380 	/*
1381 	 * in case we are copying the defaults into the adapter, copy the SAS
1382 	 * address out first.
1383 	 */
1384 	memcpy(&sas_addr[0], a->nvram->sas_addr, 8);
1385 	*nvram = default_sas_nvram;
1386 	memcpy(&nvram->sas_addr[0], &sas_addr[0], 8);
1387 }
1388 
1389 bool esas2r_fm_api(struct esas2r_adapter *a, struct esas2r_flash_img *fi,
1390 		   struct esas2r_request *rq, struct esas2r_sg_context *sgc)
1391 {
1392 	struct esas2r_flash_context *fc = &a->flash_context;
1393 	u8 j;
1394 	struct esas2r_component_header *ch;
1395 
1396 	if (test_and_set_bit(AF_FLASH_LOCK, &a->flags)) {
1397 		/* flag was already set */
1398 		fi->status = FI_STAT_BUSY;
1399 		return false;
1400 	}
1401 
1402 	memcpy(&fc->sgc, sgc, sizeof(struct esas2r_sg_context));
1403 	sgc = &fc->sgc;
1404 	fc->fi = fi;
1405 	fc->sgc_offset = sgc->cur_offset;
1406 	rq->req_stat = RS_SUCCESS;
1407 	rq->interrupt_cx = fc;
1408 
1409 	switch (fi->fi_version) {
1410 	case FI_VERSION_1:
1411 		fc->scratch = ((struct esas2r_flash_img *)fi)->scratch_buf;
1412 		fc->num_comps = FI_NUM_COMPS_V1;
1413 		fc->fi_hdr_len = sizeof(struct esas2r_flash_img);
1414 		break;
1415 
1416 	default:
1417 		return complete_fmapi_req(a, rq, FI_STAT_IMG_VER);
1418 	}
1419 
1420 	if (test_bit(AF_DEGRADED_MODE, &a->flags))
1421 		return complete_fmapi_req(a, rq, FI_STAT_DEGRADED);
1422 
1423 	switch (fi->action) {
1424 	case FI_ACT_DOWN: /* Download the components */
1425 		/* Verify the format of the flash image */
1426 		if (!verify_fi(a, fc))
1427 			return complete_fmapi_req(a, rq, fi->status);
1428 
1429 		/* Adjust the BIOS fields that are dependent on the HBA */
1430 		ch = &fi->cmp_hdr[CH_IT_BIOS];
1431 
1432 		if (ch->length)
1433 			fix_bios(a, fi);
1434 
1435 		/* Adjust the EFI fields that are dependent on the HBA */
1436 		ch = &fi->cmp_hdr[CH_IT_EFI];
1437 
1438 		if (ch->length)
1439 			fix_efi(a, fi);
1440 
1441 		/*
1442 		 * Since the image was just modified, compute the checksum on
1443 		 * the modified image.  First update the CRC for the composite
1444 		 * expansion ROM image.
1445 		 */
1446 		fi->checksum = calc_fi_checksum(fc);
1447 
1448 		/* Disable the heartbeat */
1449 		esas2r_disable_heartbeat(a);
1450 
1451 		/* Now start up the download sequence */
1452 		fc->task = FMTSK_ERASE_BOOT;
1453 		fc->func = VDA_FLASH_BEGINW;
1454 		fc->comp_typ = CH_IT_CFG;
1455 		fc->flsh_addr = FLS_OFFSET_BOOT;
1456 		fc->sgc.length = FLS_LENGTH_BOOT;
1457 		fc->sgc.cur_offset = NULL;
1458 
1459 		/* Setup the callback address */
1460 		fc->interrupt_cb = fw_download_proc;
1461 		break;
1462 
1463 	case FI_ACT_UPSZ: /* Get upload sizes */
1464 		fi->adap_typ = get_fi_adap_type(a);
1465 		fi->flags = 0;
1466 		fi->num_comps = fc->num_comps;
1467 		fi->length = fc->fi_hdr_len;
1468 
1469 		/* Report the type of boot image in the rel_version string */
1470 		memcpy(fi->rel_version, a->image_type,
1471 		       sizeof(fi->rel_version));
1472 
1473 		/* Build the component headers */
1474 		for (j = 0, ch = fi->cmp_hdr;
1475 		     j < fi->num_comps;
1476 		     j++, ch++) {
1477 			ch->img_type = j;
1478 			ch->status = CH_STAT_PENDING;
1479 			ch->length = 0;
1480 			ch->version = 0xffffffff;
1481 			ch->image_offset = 0;
1482 			ch->pad[0] = 0;
1483 			ch->pad[1] = 0;
1484 		}
1485 
1486 		if (a->flash_ver != 0) {
1487 			fi->cmp_hdr[CH_IT_BIOS].version =
1488 				fi->cmp_hdr[CH_IT_MAC].version =
1489 					fi->cmp_hdr[CH_IT_EFI].version =
1490 						fi->cmp_hdr[CH_IT_CFG].version
1491 							= a->flash_ver;
1492 
1493 			fi->cmp_hdr[CH_IT_BIOS].status =
1494 				fi->cmp_hdr[CH_IT_MAC].status =
1495 					fi->cmp_hdr[CH_IT_EFI].status =
1496 						fi->cmp_hdr[CH_IT_CFG].status =
1497 							CH_STAT_SUCCESS;
1498 
1499 			return complete_fmapi_req(a, rq, FI_STAT_SUCCESS);
1500 		}
1501 
1502 	/* fall through */
1503 
1504 	case FI_ACT_UP: /* Upload the components */
1505 	default:
1506 		return complete_fmapi_req(a, rq, FI_STAT_INVALID);
1507 	}
1508 
1509 	/*
1510 	 * If we make it here, fc has been setup to do the first task.  Call
1511 	 * load_image to format the request, start it, and get out.  The
1512 	 * interrupt code will call the callback when the first message is
1513 	 * complete.
1514 	 */
1515 	if (!load_image(a, rq))
1516 		return complete_fmapi_req(a, rq, FI_STAT_FAILED);
1517 
1518 	esas2r_start_request(a, rq);
1519 
1520 	return true;
1521 }
1522