1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BOOTROM Greybus driver. 4 * 5 * Copyright 2016 Google Inc. 6 * Copyright 2016 Linaro Ltd. 7 */ 8 9 #include <linux/firmware.h> 10 #include <linux/jiffies.h> 11 #include <linux/mutex.h> 12 #include <linux/workqueue.h> 13 14 #include "greybus.h" 15 #include "firmware.h" 16 17 /* Timeout, in jiffies, within which the next request must be received */ 18 #define NEXT_REQ_TIMEOUT_MS 1000 19 20 /* 21 * FIXME: Reduce this timeout once svc core handles parallel processing of 22 * events from the SVC, which are handled sequentially today. 23 */ 24 #define MODE_SWITCH_TIMEOUT_MS 10000 25 26 enum next_request_type { 27 NEXT_REQ_FIRMWARE_SIZE, 28 NEXT_REQ_GET_FIRMWARE, 29 NEXT_REQ_READY_TO_BOOT, 30 NEXT_REQ_MODE_SWITCH, 31 }; 32 33 struct gb_bootrom { 34 struct gb_connection *connection; 35 const struct firmware *fw; 36 u8 protocol_major; 37 u8 protocol_minor; 38 enum next_request_type next_request; 39 struct delayed_work dwork; 40 struct mutex mutex; /* Protects bootrom->fw */ 41 }; 42 43 static void free_firmware(struct gb_bootrom *bootrom) 44 { 45 if (!bootrom->fw) 46 return; 47 48 release_firmware(bootrom->fw); 49 bootrom->fw = NULL; 50 } 51 52 static void gb_bootrom_timedout(struct work_struct *work) 53 { 54 struct delayed_work *dwork = to_delayed_work(work); 55 struct gb_bootrom *bootrom = container_of(dwork, 56 struct gb_bootrom, dwork); 57 struct device *dev = &bootrom->connection->bundle->dev; 58 const char *reason; 59 60 switch (bootrom->next_request) { 61 case NEXT_REQ_FIRMWARE_SIZE: 62 reason = "Firmware Size Request"; 63 break; 64 case NEXT_REQ_GET_FIRMWARE: 65 reason = "Get Firmware Request"; 66 break; 67 case NEXT_REQ_READY_TO_BOOT: 68 reason = "Ready to Boot Request"; 69 break; 70 case NEXT_REQ_MODE_SWITCH: 71 reason = "Interface Mode Switch"; 72 break; 73 default: 74 reason = NULL; 75 dev_err(dev, "Invalid next-request: %u", bootrom->next_request); 76 break; 77 } 78 79 dev_err(dev, "Timed out waiting for %s from the Module\n", reason); 80 81 mutex_lock(&bootrom->mutex); 82 free_firmware(bootrom); 83 mutex_unlock(&bootrom->mutex); 84 85 /* TODO: Power-off Module ? */ 86 } 87 88 static void gb_bootrom_set_timeout(struct gb_bootrom *bootrom, 89 enum next_request_type next, unsigned long timeout) 90 { 91 bootrom->next_request = next; 92 schedule_delayed_work(&bootrom->dwork, msecs_to_jiffies(timeout)); 93 } 94 95 static void gb_bootrom_cancel_timeout(struct gb_bootrom *bootrom) 96 { 97 cancel_delayed_work_sync(&bootrom->dwork); 98 } 99 100 /* 101 * The es2 chip doesn't have VID/PID programmed into the hardware and we need to 102 * hack that up to distinguish different modules and their firmware blobs. 103 * 104 * This fetches VID/PID (over bootrom protocol) for es2 chip only, when VID/PID 105 * already sent during hotplug are 0. 106 * 107 * Otherwise, we keep intf->vendor_id/product_id same as what's passed 108 * during hotplug. 109 */ 110 static void bootrom_es2_fixup_vid_pid(struct gb_bootrom *bootrom) 111 { 112 struct gb_bootrom_get_vid_pid_response response; 113 struct gb_connection *connection = bootrom->connection; 114 struct gb_interface *intf = connection->bundle->intf; 115 int ret; 116 117 if (!(intf->quirks & GB_INTERFACE_QUIRK_NO_GMP_IDS)) 118 return; 119 120 ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_GET_VID_PID, 121 NULL, 0, &response, sizeof(response)); 122 if (ret) { 123 dev_err(&connection->bundle->dev, 124 "Bootrom get vid/pid operation failed (%d)\n", ret); 125 return; 126 } 127 128 /* 129 * NOTE: This is hacked, so that the same values of VID/PID can be used 130 * by next firmware level as well. The uevent for bootrom will still 131 * have VID/PID as 0, though after this point the sysfs files will start 132 * showing the updated values. But yeah, that's a bit racy as the same 133 * sysfs files would be showing 0 before this point. 134 */ 135 intf->vendor_id = le32_to_cpu(response.vendor_id); 136 intf->product_id = le32_to_cpu(response.product_id); 137 138 dev_dbg(&connection->bundle->dev, "Bootrom got vid (0x%x)/pid (0x%x)\n", 139 intf->vendor_id, intf->product_id); 140 } 141 142 /* This returns path of the firmware blob on the disk */ 143 static int find_firmware(struct gb_bootrom *bootrom, u8 stage) 144 { 145 struct gb_connection *connection = bootrom->connection; 146 struct gb_interface *intf = connection->bundle->intf; 147 char firmware_name[49]; 148 int rc; 149 150 /* Already have a firmware, free it */ 151 free_firmware(bootrom); 152 153 /* Bootrom protocol is only supported for loading Stage 2 firmware */ 154 if (stage != 2) { 155 dev_err(&connection->bundle->dev, "Invalid boot stage: %u\n", 156 stage); 157 return -EINVAL; 158 } 159 160 /* 161 * Create firmware name 162 * 163 * XXX Name it properly.. 164 */ 165 snprintf(firmware_name, sizeof(firmware_name), 166 FW_NAME_PREFIX "%08x_%08x_%08x_%08x_s2l.tftf", 167 intf->ddbl1_manufacturer_id, intf->ddbl1_product_id, 168 intf->vendor_id, intf->product_id); 169 170 // FIXME: 171 // Turn to dev_dbg later after everyone has valid bootloaders with good 172 // ids, but leave this as dev_info for now to make it easier to track 173 // down "empty" vid/pid modules. 174 dev_info(&connection->bundle->dev, "Firmware file '%s' requested\n", 175 firmware_name); 176 177 rc = request_firmware(&bootrom->fw, firmware_name, 178 &connection->bundle->dev); 179 if (rc) { 180 dev_err(&connection->bundle->dev, 181 "failed to find %s firmware (%d)\n", firmware_name, rc); 182 } 183 184 return rc; 185 } 186 187 static int gb_bootrom_firmware_size_request(struct gb_operation *op) 188 { 189 struct gb_bootrom *bootrom = gb_connection_get_data(op->connection); 190 struct gb_bootrom_firmware_size_request *size_request = 191 op->request->payload; 192 struct gb_bootrom_firmware_size_response *size_response; 193 struct device *dev = &op->connection->bundle->dev; 194 int ret; 195 196 /* Disable timeouts */ 197 gb_bootrom_cancel_timeout(bootrom); 198 199 if (op->request->payload_size != sizeof(*size_request)) { 200 dev_err(dev, "%s: illegal size of firmware size request (%zu != %zu)\n", 201 __func__, op->request->payload_size, 202 sizeof(*size_request)); 203 ret = -EINVAL; 204 goto queue_work; 205 } 206 207 mutex_lock(&bootrom->mutex); 208 209 ret = find_firmware(bootrom, size_request->stage); 210 if (ret) 211 goto unlock; 212 213 if (!gb_operation_response_alloc(op, sizeof(*size_response), 214 GFP_KERNEL)) { 215 dev_err(dev, "%s: error allocating response\n", __func__); 216 free_firmware(bootrom); 217 ret = -ENOMEM; 218 goto unlock; 219 } 220 221 size_response = op->response->payload; 222 size_response->size = cpu_to_le32(bootrom->fw->size); 223 224 dev_dbg(dev, "%s: firmware size %d bytes\n", 225 __func__, size_response->size); 226 227 unlock: 228 mutex_unlock(&bootrom->mutex); 229 230 queue_work: 231 if (!ret) { 232 /* Refresh timeout */ 233 gb_bootrom_set_timeout(bootrom, NEXT_REQ_GET_FIRMWARE, 234 NEXT_REQ_TIMEOUT_MS); 235 } 236 237 return ret; 238 } 239 240 static int gb_bootrom_get_firmware(struct gb_operation *op) 241 { 242 struct gb_bootrom *bootrom = gb_connection_get_data(op->connection); 243 const struct firmware *fw; 244 struct gb_bootrom_get_firmware_request *firmware_request; 245 struct gb_bootrom_get_firmware_response *firmware_response; 246 struct device *dev = &op->connection->bundle->dev; 247 unsigned int offset, size; 248 enum next_request_type next_request; 249 int ret = 0; 250 251 /* Disable timeouts */ 252 gb_bootrom_cancel_timeout(bootrom); 253 254 if (op->request->payload_size != sizeof(*firmware_request)) { 255 dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n", 256 __func__, op->request->payload_size, 257 sizeof(*firmware_request)); 258 ret = -EINVAL; 259 goto queue_work; 260 } 261 262 mutex_lock(&bootrom->mutex); 263 264 fw = bootrom->fw; 265 if (!fw) { 266 dev_err(dev, "%s: firmware not available\n", __func__); 267 ret = -EINVAL; 268 goto unlock; 269 } 270 271 firmware_request = op->request->payload; 272 offset = le32_to_cpu(firmware_request->offset); 273 size = le32_to_cpu(firmware_request->size); 274 275 if (offset >= fw->size || size > fw->size - offset) { 276 dev_warn(dev, "bad firmware request (offs = %u, size = %u)\n", 277 offset, size); 278 ret = -EINVAL; 279 goto unlock; 280 } 281 282 if (!gb_operation_response_alloc(op, sizeof(*firmware_response) + size, 283 GFP_KERNEL)) { 284 dev_err(dev, "%s: error allocating response\n", __func__); 285 ret = -ENOMEM; 286 goto unlock; 287 } 288 289 firmware_response = op->response->payload; 290 memcpy(firmware_response->data, fw->data + offset, size); 291 292 dev_dbg(dev, "responding with firmware (offs = %u, size = %u)\n", 293 offset, size); 294 295 unlock: 296 mutex_unlock(&bootrom->mutex); 297 298 queue_work: 299 /* Refresh timeout */ 300 if (!ret && (offset + size == fw->size)) 301 next_request = NEXT_REQ_READY_TO_BOOT; 302 else 303 next_request = NEXT_REQ_GET_FIRMWARE; 304 305 gb_bootrom_set_timeout(bootrom, next_request, NEXT_REQ_TIMEOUT_MS); 306 307 return ret; 308 } 309 310 static int gb_bootrom_ready_to_boot(struct gb_operation *op) 311 { 312 struct gb_connection *connection = op->connection; 313 struct gb_bootrom *bootrom = gb_connection_get_data(connection); 314 struct gb_bootrom_ready_to_boot_request *rtb_request; 315 struct device *dev = &connection->bundle->dev; 316 u8 status; 317 int ret = 0; 318 319 /* Disable timeouts */ 320 gb_bootrom_cancel_timeout(bootrom); 321 322 if (op->request->payload_size != sizeof(*rtb_request)) { 323 dev_err(dev, "%s: Illegal size of ready to boot request (%zu %zu)\n", 324 __func__, op->request->payload_size, 325 sizeof(*rtb_request)); 326 ret = -EINVAL; 327 goto queue_work; 328 } 329 330 rtb_request = op->request->payload; 331 status = rtb_request->status; 332 333 /* Return error if the blob was invalid */ 334 if (status == GB_BOOTROM_BOOT_STATUS_INVALID) { 335 ret = -EINVAL; 336 goto queue_work; 337 } 338 339 /* 340 * XXX Should we return error for insecure firmware? 341 */ 342 dev_dbg(dev, "ready to boot: 0x%x, 0\n", status); 343 344 queue_work: 345 /* 346 * Refresh timeout, the Interface shall load the new personality and 347 * send a new hotplug request, which shall get rid of the bootrom 348 * connection. As that can take some time, increase the timeout a bit. 349 */ 350 gb_bootrom_set_timeout(bootrom, NEXT_REQ_MODE_SWITCH, 351 MODE_SWITCH_TIMEOUT_MS); 352 353 return ret; 354 } 355 356 static int gb_bootrom_request_handler(struct gb_operation *op) 357 { 358 u8 type = op->type; 359 360 switch (type) { 361 case GB_BOOTROM_TYPE_FIRMWARE_SIZE: 362 return gb_bootrom_firmware_size_request(op); 363 case GB_BOOTROM_TYPE_GET_FIRMWARE: 364 return gb_bootrom_get_firmware(op); 365 case GB_BOOTROM_TYPE_READY_TO_BOOT: 366 return gb_bootrom_ready_to_boot(op); 367 default: 368 dev_err(&op->connection->bundle->dev, 369 "unsupported request: %u\n", type); 370 return -EINVAL; 371 } 372 } 373 374 static int gb_bootrom_get_version(struct gb_bootrom *bootrom) 375 { 376 struct gb_bundle *bundle = bootrom->connection->bundle; 377 struct gb_bootrom_version_request request; 378 struct gb_bootrom_version_response response; 379 int ret; 380 381 request.major = GB_BOOTROM_VERSION_MAJOR; 382 request.minor = GB_BOOTROM_VERSION_MINOR; 383 384 ret = gb_operation_sync(bootrom->connection, 385 GB_BOOTROM_TYPE_VERSION, 386 &request, sizeof(request), &response, 387 sizeof(response)); 388 if (ret) { 389 dev_err(&bundle->dev, 390 "failed to get protocol version: %d\n", 391 ret); 392 return ret; 393 } 394 395 if (response.major > request.major) { 396 dev_err(&bundle->dev, 397 "unsupported major protocol version (%u > %u)\n", 398 response.major, request.major); 399 return -ENOTSUPP; 400 } 401 402 bootrom->protocol_major = response.major; 403 bootrom->protocol_minor = response.minor; 404 405 dev_dbg(&bundle->dev, "%s - %u.%u\n", __func__, response.major, 406 response.minor); 407 408 return 0; 409 } 410 411 static int gb_bootrom_probe(struct gb_bundle *bundle, 412 const struct greybus_bundle_id *id) 413 { 414 struct greybus_descriptor_cport *cport_desc; 415 struct gb_connection *connection; 416 struct gb_bootrom *bootrom; 417 int ret; 418 419 if (bundle->num_cports != 1) 420 return -ENODEV; 421 422 cport_desc = &bundle->cport_desc[0]; 423 if (cport_desc->protocol_id != GREYBUS_PROTOCOL_BOOTROM) 424 return -ENODEV; 425 426 bootrom = kzalloc(sizeof(*bootrom), GFP_KERNEL); 427 if (!bootrom) 428 return -ENOMEM; 429 430 connection = gb_connection_create(bundle, 431 le16_to_cpu(cport_desc->id), 432 gb_bootrom_request_handler); 433 if (IS_ERR(connection)) { 434 ret = PTR_ERR(connection); 435 goto err_free_bootrom; 436 } 437 438 gb_connection_set_data(connection, bootrom); 439 440 bootrom->connection = connection; 441 442 mutex_init(&bootrom->mutex); 443 INIT_DELAYED_WORK(&bootrom->dwork, gb_bootrom_timedout); 444 greybus_set_drvdata(bundle, bootrom); 445 446 ret = gb_connection_enable_tx(connection); 447 if (ret) 448 goto err_connection_destroy; 449 450 ret = gb_bootrom_get_version(bootrom); 451 if (ret) 452 goto err_connection_disable; 453 454 bootrom_es2_fixup_vid_pid(bootrom); 455 456 ret = gb_connection_enable(connection); 457 if (ret) 458 goto err_connection_disable; 459 460 /* Refresh timeout */ 461 gb_bootrom_set_timeout(bootrom, NEXT_REQ_FIRMWARE_SIZE, 462 NEXT_REQ_TIMEOUT_MS); 463 464 /* Tell bootrom we're ready. */ 465 ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_AP_READY, NULL, 0, 466 NULL, 0); 467 if (ret) { 468 dev_err(&connection->bundle->dev, 469 "failed to send AP READY: %d\n", ret); 470 goto err_cancel_timeout; 471 } 472 473 dev_dbg(&bundle->dev, "AP_READY sent\n"); 474 475 return 0; 476 477 err_cancel_timeout: 478 gb_bootrom_cancel_timeout(bootrom); 479 err_connection_disable: 480 gb_connection_disable(connection); 481 err_connection_destroy: 482 gb_connection_destroy(connection); 483 err_free_bootrom: 484 kfree(bootrom); 485 486 return ret; 487 } 488 489 static void gb_bootrom_disconnect(struct gb_bundle *bundle) 490 { 491 struct gb_bootrom *bootrom = greybus_get_drvdata(bundle); 492 493 dev_dbg(&bundle->dev, "%s\n", __func__); 494 495 gb_connection_disable(bootrom->connection); 496 497 /* Disable timeouts */ 498 gb_bootrom_cancel_timeout(bootrom); 499 500 /* 501 * Release firmware: 502 * 503 * As the connection and the delayed work are already disabled, we don't 504 * need to lock access to bootrom->fw here. 505 */ 506 free_firmware(bootrom); 507 508 gb_connection_destroy(bootrom->connection); 509 kfree(bootrom); 510 } 511 512 static const struct greybus_bundle_id gb_bootrom_id_table[] = { 513 { GREYBUS_DEVICE_CLASS(GREYBUS_CLASS_BOOTROM) }, 514 { } 515 }; 516 517 static struct greybus_driver gb_bootrom_driver = { 518 .name = "bootrom", 519 .probe = gb_bootrom_probe, 520 .disconnect = gb_bootrom_disconnect, 521 .id_table = gb_bootrom_id_table, 522 }; 523 524 module_greybus_driver(gb_bootrom_driver); 525 526 MODULE_LICENSE("GPL v2"); 527