drivers/fsi/fsi-sbefifo.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * Copyright (C) IBM Corporation 2017
0004  *
0005  * This program is free software; you can redistribute it and/or modify
0006  * it under the terms of the GNU General Public License version 2 as
0007  * published by the Free Software Foundation.
0008  *
0009  * This program is distributed in the hope that it will be useful,
0010  * but WITHOUT ANY WARRANTY; without even the implied warranty of
0011  * MERGCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
0012  * GNU General Public License for more details.
0013  */
0014
0015 #include <linux/device.h>
0016 #include <linux/errno.h>
0017 #include <linux/fs.h>
0018 #include <linux/fsi.h>
0019 #include <linux/fsi-sbefifo.h>
0020 #include <linux/kernel.h>
0021 #include <linux/cdev.h>
0022 #include <linux/module.h>
0023 #include <linux/mutex.h>
0024 #include <linux/of.h>
0025 #include <linux/of_device.h>
0026 #include <linux/of_platform.h>
0027 #include <linux/sched.h>
0028 #include <linux/slab.h>
0029 #include <linux/uaccess.h>
0030 #include <linux/delay.h>
0031 #include <linux/uio.h>
0032 #include <linux/vmalloc.h>
0033 #include <linux/mm.h>
0034
0035 #include <uapi/linux/fsi.h>
0036
0037 /*
0038  * The SBEFIFO is a pipe-like FSI device for communicating with
0039  * the self boot engine on POWER processors.
0040  */
0041
0042 #define DEVICE_NAME     "sbefifo"
0043 #define FSI_ENGID_SBE       0x22
0044
0045 /*
0046  * Register layout
0047  */
0048
0049 /* Register banks */
0050 #define SBEFIFO_UP      0x00        /* FSI -> Host */
0051 #define SBEFIFO_DOWN        0x40        /* Host -> FSI */
0052
0053 /* Per-bank registers */
0054 #define SBEFIFO_FIFO        0x00        /* The FIFO itself */
0055 #define SBEFIFO_STS     0x04        /* Status register */
0056 #define   SBEFIFO_STS_PARITY_ERR    0x20000000
0057 #define   SBEFIFO_STS_RESET_REQ     0x02000000
0058 #define   SBEFIFO_STS_GOT_EOT       0x00800000
0059 #define   SBEFIFO_STS_MAX_XFER_LIMIT    0x00400000
0060 #define   SBEFIFO_STS_FULL      0x00200000
0061 #define   SBEFIFO_STS_EMPTY     0x00100000
0062 #define   SBEFIFO_STS_ECNT_MASK     0x000f0000
0063 #define   SBEFIFO_STS_ECNT_SHIFT    16
0064 #define   SBEFIFO_STS_VALID_MASK    0x0000ff00
0065 #define   SBEFIFO_STS_VALID_SHIFT   8
0066 #define   SBEFIFO_STS_EOT_MASK      0x000000ff
0067 #define   SBEFIFO_STS_EOT_SHIFT     0
0068 #define SBEFIFO_EOT_RAISE   0x08        /* (Up only) Set End Of Transfer */
0069 #define SBEFIFO_REQ_RESET   0x0C        /* (Up only) Reset Request */
0070 #define SBEFIFO_PERFORM_RESET   0x10        /* (Down only) Perform Reset */
0071 #define SBEFIFO_EOT_ACK     0x14        /* (Down only) Acknowledge EOT */
0072 #define SBEFIFO_DOWN_MAX    0x18        /* (Down only) Max transfer */
0073
0074 /* CFAM GP Mailbox SelfBoot Message register */
0075 #define CFAM_GP_MBOX_SBM_ADDR   0x2824  /* Converted 0x2809 */
0076
0077 #define CFAM_SBM_SBE_BOOTED     0x80000000
0078 #define CFAM_SBM_SBE_ASYNC_FFDC     0x40000000
0079 #define CFAM_SBM_SBE_STATE_MASK     0x00f00000
0080 #define CFAM_SBM_SBE_STATE_SHIFT    20
0081
0082 enum sbe_state
0083 {
0084     SBE_STATE_UNKNOWN = 0x0, // Unkown, initial state
0085     SBE_STATE_IPLING  = 0x1, // IPL'ing - autonomous mode (transient)
0086     SBE_STATE_ISTEP   = 0x2, // ISTEP - Running IPL by steps (transient)
0087     SBE_STATE_MPIPL   = 0x3, // MPIPL
0088     SBE_STATE_RUNTIME = 0x4, // SBE Runtime
0089     SBE_STATE_DMT     = 0x5, // Dead Man Timer State (transient)
0090     SBE_STATE_DUMP    = 0x6, // Dumping
0091     SBE_STATE_FAILURE = 0x7, // Internal SBE failure
0092     SBE_STATE_QUIESCE = 0x8, // Final state - needs SBE reset to get out
0093 };
0094
0095 /* FIFO depth */
0096 #define SBEFIFO_FIFO_DEPTH      8
0097
0098 /* Helpers */
0099 #define sbefifo_empty(sts)  ((sts) & SBEFIFO_STS_EMPTY)
0100 #define sbefifo_full(sts)   ((sts) & SBEFIFO_STS_FULL)
0101 #define sbefifo_parity_err(sts) ((sts) & SBEFIFO_STS_PARITY_ERR)
0102 #define sbefifo_populated(sts)  (((sts) & SBEFIFO_STS_ECNT_MASK) >> SBEFIFO_STS_ECNT_SHIFT)
0103 #define sbefifo_vacant(sts) (SBEFIFO_FIFO_DEPTH - sbefifo_populated(sts))
0104 #define sbefifo_eot_set(sts)    (((sts) & SBEFIFO_STS_EOT_MASK) >> SBEFIFO_STS_EOT_SHIFT)
0105
0106 /* Reset request timeout in ms */
0107 #define SBEFIFO_RESET_TIMEOUT       10000
0108
0109 /* Timeouts for commands in ms */
0110 #define SBEFIFO_TIMEOUT_START_CMD   10000
0111 #define SBEFIFO_TIMEOUT_IN_CMD      1000
0112 #define SBEFIFO_TIMEOUT_START_RSP   10000
0113 #define SBEFIFO_TIMEOUT_IN_RSP      1000
0114
0115 /* Other constants */
0116 #define SBEFIFO_MAX_USER_CMD_LEN    (0x100000 + PAGE_SIZE)
0117 #define SBEFIFO_RESET_MAGIC     0x52534554 /* "RSET" */
0118
0119 struct sbefifo {
0120     uint32_t        magic;
0121 #define SBEFIFO_MAGIC       0x53424546 /* "SBEF" */
0122     struct fsi_device   *fsi_dev;
0123     struct device       dev;
0124     struct cdev     cdev;
0125     struct mutex        lock;
0126     bool            broken;
0127     bool            dead;
0128     bool            async_ffdc;
0129     bool            timed_out;
0130     u32         timeout_start_rsp_ms;
0131 };
0132
0133 struct sbefifo_user {
0134     struct sbefifo      *sbefifo;
0135     struct mutex        file_lock;
0136     void            *cmd_page;
0137     void            *pending_cmd;
0138     size_t          pending_len;
0139     u32         read_timeout_ms;
0140 };
0141
0142 static DEFINE_MUTEX(sbefifo_ffdc_mutex);
0143
0144 static ssize_t timeout_show(struct device *dev, struct device_attribute *attr,
0145                 char *buf)
0146 {
0147     struct sbefifo *sbefifo = container_of(dev, struct sbefifo, dev);
0148
0149     return sysfs_emit(buf, "%d\n", sbefifo->timed_out ? 1 : 0);
0150 }
0151 static DEVICE_ATTR_RO(timeout);
0152
0153 static void __sbefifo_dump_ffdc(struct device *dev, const __be32 *ffdc,
0154                 size_t ffdc_sz, bool internal)
0155 {
0156     int pack = 0;
0157 #define FFDC_LSIZE  60
0158     static char ffdc_line[FFDC_LSIZE];
0159     char *p = ffdc_line;
0160
0161     while (ffdc_sz) {
0162         u32 w0, w1, w2, i;
0163         if (ffdc_sz < 3) {
0164             dev_err(dev, "SBE invalid FFDC package size %zd\n", ffdc_sz);
0165             return;
0166         }
0167         w0 = be32_to_cpu(*(ffdc++));
0168         w1 = be32_to_cpu(*(ffdc++));
0169         w2 = be32_to_cpu(*(ffdc++));
0170         ffdc_sz -= 3;
0171         if ((w0 >> 16) != 0xFFDC) {
0172             dev_err(dev, "SBE invalid FFDC package signature %08x %08x %08x\n",
0173                 w0, w1, w2);
0174             break;
0175         }
0176         w0 &= 0xffff;
0177         if (w0 > ffdc_sz) {
0178             dev_err(dev, "SBE FFDC package len %d words but only %zd remaining\n",
0179                 w0, ffdc_sz);
0180             w0 = ffdc_sz;
0181             break;
0182         }
0183         if (internal) {
0184             dev_warn(dev, "+---- SBE FFDC package %d for async err -----+\n",
0185                  pack++);
0186         } else {
0187             dev_warn(dev, "+---- SBE FFDC package %d for cmd %02x:%02x -----+\n",
0188                  pack++, (w1 >> 8) & 0xff, w1 & 0xff);
0189         }
0190         dev_warn(dev, "| Response code: %08x                   |\n", w2);
0191         dev_warn(dev, "|-------------------------------------------|\n");
0192         for (i = 0; i < w0; i++) {
0193             if ((i & 3) == 0) {
0194                 p = ffdc_line;
0195                 p += sprintf(p, "| %04x:", i << 4);
0196             }
0197             p += sprintf(p, " %08x", be32_to_cpu(*(ffdc++)));
0198             ffdc_sz--;
0199             if ((i & 3) == 3 || i == (w0 - 1)) {
0200                 while ((i & 3) < 3) {
0201                     p += sprintf(p, "         ");
0202                     i++;
0203                 }
0204                 dev_warn(dev, "%s |\n", ffdc_line);
0205             }
0206         }
0207         dev_warn(dev, "+-------------------------------------------+\n");
0208     }
0209 }
0210
0211 static void sbefifo_dump_ffdc(struct device *dev, const __be32 *ffdc,
0212                   size_t ffdc_sz, bool internal)
0213 {
0214     mutex_lock(&sbefifo_ffdc_mutex);
0215     __sbefifo_dump_ffdc(dev, ffdc, ffdc_sz, internal);
0216     mutex_unlock(&sbefifo_ffdc_mutex);
0217 }
0218
0219 int sbefifo_parse_status(struct device *dev, u16 cmd, __be32 *response,
0220              size_t resp_len, size_t *data_len)
0221 {
0222     u32 dh, s0, s1;
0223     size_t ffdc_sz;
0224
0225     if (resp_len < 3) {
0226         pr_debug("sbefifo: cmd %04x, response too small: %zd\n",
0227              cmd, resp_len);
0228         return -ENXIO;
0229     }
0230     dh = be32_to_cpu(response[resp_len - 1]);
0231     if (dh > resp_len || dh < 3) {
0232         dev_err(dev, "SBE cmd %02x:%02x status offset out of range: %d/%zd\n",
0233             cmd >> 8, cmd & 0xff, dh, resp_len);
0234         return -ENXIO;
0235     }
0236     s0 = be32_to_cpu(response[resp_len - dh]);
0237     s1 = be32_to_cpu(response[resp_len - dh + 1]);
0238     if (((s0 >> 16) != 0xC0DE) || ((s0 & 0xffff) != cmd)) {
0239         dev_err(dev, "SBE cmd %02x:%02x, status signature invalid: 0x%08x 0x%08x\n",
0240             cmd >> 8, cmd & 0xff, s0, s1);
0241         return -ENXIO;
0242     }
0243     if (s1 != 0) {
0244         ffdc_sz = dh - 3;
0245         dev_warn(dev, "SBE error cmd %02x:%02x status=%04x:%04x\n",
0246              cmd >> 8, cmd & 0xff, s1 >> 16, s1 & 0xffff);
0247         if (ffdc_sz)
0248             sbefifo_dump_ffdc(dev, &response[resp_len - dh + 2],
0249                       ffdc_sz, false);
0250     }
0251     if (data_len)
0252         *data_len = resp_len - dh;
0253
0254     /*
0255      * Primary status don't have the top bit set, so can't be confused with
0256      * Linux negative error codes, so return the status word whole.
0257      */
0258     return s1;
0259 }
0260 EXPORT_SYMBOL_GPL(sbefifo_parse_status);
0261
0262 static int sbefifo_regr(struct sbefifo *sbefifo, int reg, u32 *word)
0263 {
0264     __be32 raw_word;
0265     int rc;
0266
0267     rc = fsi_device_read(sbefifo->fsi_dev, reg, &raw_word,
0268                  sizeof(raw_word));
0269     if (rc)
0270         return rc;
0271
0272     *word = be32_to_cpu(raw_word);
0273
0274     return 0;
0275 }
0276
0277 static int sbefifo_regw(struct sbefifo *sbefifo, int reg, u32 word)
0278 {
0279     __be32 raw_word = cpu_to_be32(word);
0280
0281     return fsi_device_write(sbefifo->fsi_dev, reg, &raw_word,
0282                 sizeof(raw_word));
0283 }
0284
0285 static int sbefifo_check_sbe_state(struct sbefifo *sbefifo)
0286 {
0287     __be32 raw_word;
0288     u32 sbm;
0289     int rc;
0290
0291     rc = fsi_slave_read(sbefifo->fsi_dev->slave, CFAM_GP_MBOX_SBM_ADDR,
0292                 &raw_word, sizeof(raw_word));
0293     if (rc)
0294         return rc;
0295     sbm = be32_to_cpu(raw_word);
0296
0297     /* SBE booted at all ? */
0298     if (!(sbm & CFAM_SBM_SBE_BOOTED))
0299         return -ESHUTDOWN;
0300
0301     /* Check its state */
0302     switch ((sbm & CFAM_SBM_SBE_STATE_MASK) >> CFAM_SBM_SBE_STATE_SHIFT) {
0303     case SBE_STATE_UNKNOWN:
0304         return -ESHUTDOWN;
0305     case SBE_STATE_DMT:
0306         return -EBUSY;
0307     case SBE_STATE_IPLING:
0308     case SBE_STATE_ISTEP:
0309     case SBE_STATE_MPIPL:
0310     case SBE_STATE_RUNTIME:
0311     case SBE_STATE_DUMP: /* Not sure about that one */
0312         break;
0313     case SBE_STATE_FAILURE:
0314     case SBE_STATE_QUIESCE:
0315         return -ESHUTDOWN;
0316     }
0317
0318     /* Is there async FFDC available ? Remember it */
0319     if (sbm & CFAM_SBM_SBE_ASYNC_FFDC)
0320         sbefifo->async_ffdc = true;
0321
0322     return 0;
0323 }
0324
0325 /* Don't flip endianness of data to/from FIFO, just pass through. */
0326 static int sbefifo_down_read(struct sbefifo *sbefifo, __be32 *word)
0327 {
0328     return fsi_device_read(sbefifo->fsi_dev, SBEFIFO_DOWN, word,
0329                    sizeof(*word));
0330 }
0331
0332 static int sbefifo_up_write(struct sbefifo *sbefifo, __be32 word)
0333 {
0334     return fsi_device_write(sbefifo->fsi_dev, SBEFIFO_UP, &word,
0335                 sizeof(word));
0336 }
0337
0338 static int sbefifo_request_reset(struct sbefifo *sbefifo)
0339 {
0340     struct device *dev = &sbefifo->fsi_dev->dev;
0341     unsigned long end_time;
0342     u32 status;
0343     int rc;
0344
0345     dev_dbg(dev, "Requesting FIFO reset\n");
0346
0347     /* Mark broken first, will be cleared if reset succeeds */
0348     sbefifo->broken = true;
0349
0350     /* Send reset request */
0351     rc = sbefifo_regw(sbefifo, SBEFIFO_UP | SBEFIFO_REQ_RESET, 1);
0352     if (rc) {
0353         dev_err(dev, "Sending reset request failed, rc=%d\n", rc);
0354         return rc;
0355     }
0356
0357     /* Wait for it to complete */
0358     end_time = jiffies + msecs_to_jiffies(SBEFIFO_RESET_TIMEOUT);
0359     while (!time_after(jiffies, end_time)) {
0360         rc = sbefifo_regr(sbefifo, SBEFIFO_UP | SBEFIFO_STS, &status);
0361         if (rc) {
0362             dev_err(dev, "Failed to read UP fifo status during reset"
0363                 " , rc=%d\n", rc);
0364             return rc;
0365         }
0366
0367         if (!(status & SBEFIFO_STS_RESET_REQ)) {
0368             dev_dbg(dev, "FIFO reset done\n");
0369             sbefifo->broken = false;
0370             return 0;
0371         }
0372
0373         cond_resched();
0374     }
0375     dev_err(dev, "FIFO reset timed out\n");
0376
0377     return -ETIMEDOUT;
0378 }
0379
0380 static int sbefifo_cleanup_hw(struct sbefifo *sbefifo)
0381 {
0382     struct device *dev = &sbefifo->fsi_dev->dev;
0383     u32 up_status, down_status;
0384     bool need_reset = false;
0385     int rc;
0386
0387     rc = sbefifo_check_sbe_state(sbefifo);
0388     if (rc) {
0389         dev_dbg(dev, "SBE state=%d\n", rc);
0390         return rc;
0391     }
0392
0393     /* If broken, we don't need to look at status, go straight to reset */
0394     if (sbefifo->broken)
0395         goto do_reset;
0396
0397     rc = sbefifo_regr(sbefifo, SBEFIFO_UP | SBEFIFO_STS, &up_status);
0398     if (rc) {
0399         dev_err(dev, "Cleanup: Reading UP status failed, rc=%d\n", rc);
0400
0401         /* Will try reset again on next attempt at using it */
0402         sbefifo->broken = true;
0403         return rc;
0404     }
0405
0406     rc = sbefifo_regr(sbefifo, SBEFIFO_DOWN | SBEFIFO_STS, &down_status);
0407     if (rc) {
0408         dev_err(dev, "Cleanup: Reading DOWN status failed, rc=%d\n", rc);
0409
0410         /* Will try reset again on next attempt at using it */
0411         sbefifo->broken = true;
0412         return rc;
0413     }
0414
0415     /* The FIFO already contains a reset request from the SBE ? */
0416     if (down_status & SBEFIFO_STS_RESET_REQ) {
0417         dev_info(dev, "Cleanup: FIFO reset request set, resetting\n");
0418         rc = sbefifo_regw(sbefifo, SBEFIFO_DOWN, SBEFIFO_PERFORM_RESET);
0419         if (rc) {
0420             sbefifo->broken = true;
0421             dev_err(dev, "Cleanup: Reset reg write failed, rc=%d\n", rc);
0422             return rc;
0423         }
0424         sbefifo->broken = false;
0425         return 0;
0426     }
0427
0428     /* Parity error on either FIFO ? */
0429     if ((up_status | down_status) & SBEFIFO_STS_PARITY_ERR)
0430         need_reset = true;
0431
0432     /* Either FIFO not empty ? */
0433     if (!((up_status & down_status) & SBEFIFO_STS_EMPTY))
0434         need_reset = true;
0435
0436     if (!need_reset)
0437         return 0;
0438
0439     dev_info(dev, "Cleanup: FIFO not clean (up=0x%08x down=0x%08x)\n",
0440          up_status, down_status);
0441
0442  do_reset:
0443
0444     /* Mark broken, will be cleared if/when reset succeeds */
0445     return sbefifo_request_reset(sbefifo);
0446 }
0447
0448 static int sbefifo_wait(struct sbefifo *sbefifo, bool up,
0449             u32 *status, unsigned long timeout)
0450 {
0451     struct device *dev = &sbefifo->fsi_dev->dev;
0452     unsigned long end_time;
0453     bool ready = false;
0454     u32 addr, sts = 0;
0455     int rc;
0456
0457     dev_vdbg(dev, "Wait on %s fifo...\n", up ? "up" : "down");
0458
0459     addr = (up ? SBEFIFO_UP : SBEFIFO_DOWN) | SBEFIFO_STS;
0460
0461     end_time = jiffies + timeout;
0462     while (!time_after(jiffies, end_time)) {
0463         cond_resched();
0464         rc = sbefifo_regr(sbefifo, addr, &sts);
0465         if (rc < 0) {
0466             dev_err(dev, "FSI error %d reading status register\n", rc);
0467             return rc;
0468         }
0469         if (!up && sbefifo_parity_err(sts)) {
0470             dev_err(dev, "Parity error in DOWN FIFO\n");
0471             return -ENXIO;
0472         }
0473         ready = !(up ? sbefifo_full(sts) : sbefifo_empty(sts));
0474         if (ready)
0475             break;
0476     }
0477     if (!ready) {
0478         sysfs_notify(&sbefifo->dev.kobj, NULL, dev_attr_timeout.attr.name);
0479         sbefifo->timed_out = true;
0480         dev_err(dev, "%s FIFO Timeout ! status=%08x\n", up ? "UP" : "DOWN", sts);
0481         return -ETIMEDOUT;
0482     }
0483     dev_vdbg(dev, "End of wait status: %08x\n", sts);
0484
0485     sbefifo->timed_out = false;
0486     *status = sts;
0487
0488     return 0;
0489 }
0490
0491 static int sbefifo_send_command(struct sbefifo *sbefifo,
0492                 const __be32 *command, size_t cmd_len)
0493 {
0494     struct device *dev = &sbefifo->fsi_dev->dev;
0495     size_t len, chunk, vacant = 0, remaining = cmd_len;
0496     unsigned long timeout;
0497     u32 status;
0498     int rc;
0499
0500     dev_vdbg(dev, "sending command (%zd words, cmd=%04x)\n",
0501          cmd_len, be32_to_cpu(command[1]));
0502
0503     /* As long as there's something to send */
0504     timeout = msecs_to_jiffies(SBEFIFO_TIMEOUT_START_CMD);
0505     while (remaining) {
0506         /* Wait for room in the FIFO */
0507         rc = sbefifo_wait(sbefifo, true, &status, timeout);
0508         if (rc < 0)
0509             return rc;
0510         timeout = msecs_to_jiffies(SBEFIFO_TIMEOUT_IN_CMD);
0511
0512         vacant = sbefifo_vacant(status);
0513         len = chunk = min(vacant, remaining);
0514
0515         dev_vdbg(dev, "  status=%08x vacant=%zd chunk=%zd\n",
0516              status, vacant, chunk);
0517
0518         /* Write as much as we can */
0519         while (len--) {
0520             rc = sbefifo_up_write(sbefifo, *(command++));
0521             if (rc) {
0522                 dev_err(dev, "FSI error %d writing UP FIFO\n", rc);
0523                 return rc;
0524             }
0525         }
0526         remaining -= chunk;
0527         vacant -= chunk;
0528     }
0529
0530     /* If there's no room left, wait for some to write EOT */
0531     if (!vacant) {
0532         rc = sbefifo_wait(sbefifo, true, &status, timeout);
0533         if (rc)
0534             return rc;
0535     }
0536
0537     /* Send an EOT */
0538     rc = sbefifo_regw(sbefifo, SBEFIFO_UP | SBEFIFO_EOT_RAISE, 0);
0539     if (rc)
0540         dev_err(dev, "FSI error %d writing EOT\n", rc);
0541     return rc;
0542 }
0543
0544 static int sbefifo_read_response(struct sbefifo *sbefifo, struct iov_iter *response)
0545 {
0546     struct device *dev = &sbefifo->fsi_dev->dev;
0547     u32 status, eot_set;
0548     unsigned long timeout;
0549     bool overflow = false;
0550     __be32 data;
0551     size_t len;
0552     int rc;
0553
0554     dev_vdbg(dev, "reading response, buflen = %zd\n", iov_iter_count(response));
0555
0556     timeout = msecs_to_jiffies(sbefifo->timeout_start_rsp_ms);
0557     for (;;) {
0558         /* Grab FIFO status (this will handle parity errors) */
0559         rc = sbefifo_wait(sbefifo, false, &status, timeout);
0560         if (rc < 0)
0561             return rc;
0562         timeout = msecs_to_jiffies(SBEFIFO_TIMEOUT_IN_RSP);
0563
0564         /* Decode status */
0565         len = sbefifo_populated(status);
0566         eot_set = sbefifo_eot_set(status);
0567
0568         dev_vdbg(dev, "  chunk size %zd eot_set=0x%x\n", len, eot_set);
0569
0570         /* Go through the chunk */
0571         while(len--) {
0572             /* Read the data */
0573             rc = sbefifo_down_read(sbefifo, &data);
0574             if (rc < 0)
0575                 return rc;
0576
0577             /* Was it an EOT ? */
0578             if (eot_set & 0x80) {
0579                 /*
0580                  * There should be nothing else in the FIFO,
0581                  * if there is, mark broken, this will force
0582                  * a reset on next use, but don't fail the
0583                  * command.
0584                  */
0585                 if (len) {
0586                     dev_warn(dev, "FIFO read hit"
0587                          " EOT with still %zd data\n",
0588                          len);
0589                     sbefifo->broken = true;
0590                 }
0591
0592                 /* We are done */
0593                 rc = sbefifo_regw(sbefifo,
0594                           SBEFIFO_DOWN | SBEFIFO_EOT_ACK, 0);
0595
0596                 /*
0597                  * If that write fail, still complete the request but mark
0598                  * the fifo as broken for subsequent reset (not much else
0599                  * we can do here).
0600                  */
0601                 if (rc) {
0602                     dev_err(dev, "FSI error %d ack'ing EOT\n", rc);
0603                     sbefifo->broken = true;
0604                 }
0605
0606                 /* Tell whether we overflowed */
0607                 return overflow ? -EOVERFLOW : 0;
0608             }
0609
0610             /* Store it if there is room */
0611             if (iov_iter_count(response) >= sizeof(__be32)) {
0612                 if (copy_to_iter(&data, sizeof(__be32), response) < sizeof(__be32))
0613                     return -EFAULT;
0614             } else {
0615                 dev_vdbg(dev, "Response overflowed !\n");
0616
0617                 overflow = true;
0618             }
0619
0620             /* Next EOT bit */
0621             eot_set <<= 1;
0622         }
0623     }
0624     /* Shouldn't happen */
0625     return -EIO;
0626 }
0627
0628 static int sbefifo_do_command(struct sbefifo *sbefifo,
0629                   const __be32 *command, size_t cmd_len,
0630                   struct iov_iter *response)
0631 {
0632     /* Try sending the command */
0633     int rc = sbefifo_send_command(sbefifo, command, cmd_len);
0634     if (rc)
0635         return rc;
0636
0637     /* Now, get the response */
0638     return sbefifo_read_response(sbefifo, response);
0639 }
0640
0641 static void sbefifo_collect_async_ffdc(struct sbefifo *sbefifo)
0642 {
0643     struct device *dev = &sbefifo->fsi_dev->dev;
0644         struct iov_iter ffdc_iter;
0645         struct kvec ffdc_iov;
0646     __be32 *ffdc;
0647     size_t ffdc_sz;
0648     __be32 cmd[2];
0649     int rc;
0650
0651     sbefifo->async_ffdc = false;
0652     ffdc = vmalloc(SBEFIFO_MAX_FFDC_SIZE);
0653     if (!ffdc) {
0654         dev_err(dev, "Failed to allocate SBE FFDC buffer\n");
0655         return;
0656     }
0657         ffdc_iov.iov_base = ffdc;
0658     ffdc_iov.iov_len = SBEFIFO_MAX_FFDC_SIZE;
0659         iov_iter_kvec(&ffdc_iter, WRITE, &ffdc_iov, 1, SBEFIFO_MAX_FFDC_SIZE);
0660     cmd[0] = cpu_to_be32(2);
0661     cmd[1] = cpu_to_be32(SBEFIFO_CMD_GET_SBE_FFDC);
0662     rc = sbefifo_do_command(sbefifo, cmd, 2, &ffdc_iter);
0663     if (rc != 0) {
0664         dev_err(dev, "Error %d retrieving SBE FFDC\n", rc);
0665         goto bail;
0666     }
0667     ffdc_sz = SBEFIFO_MAX_FFDC_SIZE - iov_iter_count(&ffdc_iter);
0668     ffdc_sz /= sizeof(__be32);
0669     rc = sbefifo_parse_status(dev, SBEFIFO_CMD_GET_SBE_FFDC, ffdc,
0670                   ffdc_sz, &ffdc_sz);
0671     if (rc != 0) {
0672         dev_err(dev, "Error %d decoding SBE FFDC\n", rc);
0673         goto bail;
0674     }
0675     if (ffdc_sz > 0)
0676         sbefifo_dump_ffdc(dev, ffdc, ffdc_sz, true);
0677  bail:
0678     vfree(ffdc);
0679
0680 }
0681
0682 static int __sbefifo_submit(struct sbefifo *sbefifo,
0683                 const __be32 *command, size_t cmd_len,
0684                 struct iov_iter *response)
0685 {
0686     struct device *dev = &sbefifo->fsi_dev->dev;
0687     int rc;
0688
0689     if (sbefifo->dead)
0690         return -ENODEV;
0691
0692     if (cmd_len < 2 || be32_to_cpu(command[0]) != cmd_len) {
0693         dev_vdbg(dev, "Invalid command len %zd (header: %d)\n",
0694              cmd_len, be32_to_cpu(command[0]));
0695         return -EINVAL;
0696     }
0697
0698     /* First ensure the HW is in a clean state */
0699     rc = sbefifo_cleanup_hw(sbefifo);
0700     if (rc)
0701         return rc;
0702
0703     /* Look for async FFDC first if any */
0704     if (sbefifo->async_ffdc)
0705         sbefifo_collect_async_ffdc(sbefifo);
0706
0707     rc = sbefifo_do_command(sbefifo, command, cmd_len, response);
0708     if (rc != 0 && rc != -EOVERFLOW)
0709         goto fail;
0710     return rc;
0711  fail:
0712     /*
0713      * On failure, attempt a reset. Ignore the result, it will mark
0714      * the fifo broken if the reset fails
0715      */
0716         sbefifo_request_reset(sbefifo);
0717
0718     /* Return original error */
0719     return rc;
0720 }
0721
0722 /**
0723  * sbefifo_submit() - Submit and SBE fifo command and receive response
0724  * @dev: The sbefifo device
0725  * @command: The raw command data
0726  * @cmd_len: The command size (in 32-bit words)
0727  * @response: The output response buffer
0728  * @resp_len: In: Response buffer size, Out: Response size
0729  *
0730  * This will perform the entire operation. If the reponse buffer
0731  * overflows, returns -EOVERFLOW
0732  */
0733 int sbefifo_submit(struct device *dev, const __be32 *command, size_t cmd_len,
0734            __be32 *response, size_t *resp_len)
0735 {
0736     struct sbefifo *sbefifo;
0737         struct iov_iter resp_iter;
0738         struct kvec resp_iov;
0739     size_t rbytes;
0740     int rc;
0741
0742     if (!dev)
0743         return -ENODEV;
0744     sbefifo = dev_get_drvdata(dev);
0745     if (!sbefifo)
0746         return -ENODEV;
0747     if (WARN_ON_ONCE(sbefifo->magic != SBEFIFO_MAGIC))
0748         return -ENODEV;
0749     if (!resp_len || !command || !response)
0750         return -EINVAL;
0751
0752     /* Prepare iov iterator */
0753     rbytes = (*resp_len) * sizeof(__be32);
0754     resp_iov.iov_base = response;
0755     resp_iov.iov_len = rbytes;
0756         iov_iter_kvec(&resp_iter, WRITE, &resp_iov, 1, rbytes);
0757
0758     /* Perform the command */
0759     rc = mutex_lock_interruptible(&sbefifo->lock);
0760     if (rc)
0761         return rc;
0762     rc = __sbefifo_submit(sbefifo, command, cmd_len, &resp_iter);
0763     mutex_unlock(&sbefifo->lock);
0764
0765     /* Extract the response length */
0766     rbytes -= iov_iter_count(&resp_iter);
0767     *resp_len = rbytes / sizeof(__be32);
0768
0769     return rc;
0770 }
0771 EXPORT_SYMBOL_GPL(sbefifo_submit);
0772
0773 /*
0774  * Char device interface
0775  */
0776
0777 static void sbefifo_release_command(struct sbefifo_user *user)
0778 {
0779     if (is_vmalloc_addr(user->pending_cmd))
0780         vfree(user->pending_cmd);
0781     user->pending_cmd = NULL;
0782     user->pending_len = 0;
0783 }
0784
0785 static int sbefifo_user_open(struct inode *inode, struct file *file)
0786 {
0787     struct sbefifo *sbefifo = container_of(inode->i_cdev, struct sbefifo, cdev);
0788     struct sbefifo_user *user;
0789
0790     user = kzalloc(sizeof(struct sbefifo_user), GFP_KERNEL);
0791     if (!user)
0792         return -ENOMEM;
0793
0794     file->private_data = user;
0795     user->sbefifo = sbefifo;
0796     user->cmd_page = (void *)__get_free_page(GFP_KERNEL);
0797     if (!user->cmd_page) {
0798         kfree(user);
0799         return -ENOMEM;
0800     }
0801     mutex_init(&user->file_lock);
0802     user->read_timeout_ms = SBEFIFO_TIMEOUT_START_RSP;
0803
0804     return 0;
0805 }
0806
0807 static ssize_t sbefifo_user_read(struct file *file, char __user *buf,
0808                  size_t len, loff_t *offset)
0809 {
0810     struct sbefifo_user *user = file->private_data;
0811     struct sbefifo *sbefifo;
0812     struct iov_iter resp_iter;
0813         struct iovec resp_iov;
0814     size_t cmd_len;
0815     int rc;
0816
0817     if (!user)
0818         return -EINVAL;
0819     sbefifo = user->sbefifo;
0820     if (len & 3)
0821         return -EINVAL;
0822
0823     mutex_lock(&user->file_lock);
0824
0825     /* Cronus relies on -EAGAIN after a short read */
0826     if (user->pending_len == 0) {
0827         rc = -EAGAIN;
0828         goto bail;
0829     }
0830     if (user->pending_len < 8) {
0831         rc = -EINVAL;
0832         goto bail;
0833     }
0834     cmd_len = user->pending_len >> 2;
0835
0836     /* Prepare iov iterator */
0837     resp_iov.iov_base = buf;
0838     resp_iov.iov_len = len;
0839     iov_iter_init(&resp_iter, WRITE, &resp_iov, 1, len);
0840
0841     /* Perform the command */
0842     rc = mutex_lock_interruptible(&sbefifo->lock);
0843     if (rc)
0844         goto bail;
0845     sbefifo->timeout_start_rsp_ms = user->read_timeout_ms;
0846     rc = __sbefifo_submit(sbefifo, user->pending_cmd, cmd_len, &resp_iter);
0847     sbefifo->timeout_start_rsp_ms = SBEFIFO_TIMEOUT_START_RSP;
0848     mutex_unlock(&sbefifo->lock);
0849     if (rc < 0)
0850         goto bail;
0851
0852     /* Extract the response length */
0853     rc = len - iov_iter_count(&resp_iter);
0854  bail:
0855     sbefifo_release_command(user);
0856     mutex_unlock(&user->file_lock);
0857     return rc;
0858 }
0859
0860 static ssize_t sbefifo_user_write(struct file *file, const char __user *buf,
0861                   size_t len, loff_t *offset)
0862 {
0863     struct sbefifo_user *user = file->private_data;
0864     struct sbefifo *sbefifo;
0865     int rc = len;
0866
0867     if (!user)
0868         return -EINVAL;
0869     sbefifo = user->sbefifo;
0870     if (len > SBEFIFO_MAX_USER_CMD_LEN)
0871         return -EINVAL;
0872     if (len & 3)
0873         return -EINVAL;
0874
0875     mutex_lock(&user->file_lock);
0876
0877     /* Can we use the pre-allocate buffer ? If not, allocate */
0878     if (len <= PAGE_SIZE)
0879         user->pending_cmd = user->cmd_page;
0880     else
0881         user->pending_cmd = vmalloc(len);
0882     if (!user->pending_cmd) {
0883         rc = -ENOMEM;
0884         goto bail;
0885     }
0886
0887     /* Copy the command into the staging buffer */
0888     if (copy_from_user(user->pending_cmd, buf, len)) {
0889         rc = -EFAULT;
0890         goto bail;
0891     }
0892
0893     /* Check for the magic reset command */
0894     if (len == 4 && be32_to_cpu(*(__be32 *)user->pending_cmd) ==
0895         SBEFIFO_RESET_MAGIC)  {
0896
0897         /* Clear out any pending command */
0898         user->pending_len = 0;
0899
0900         /* Trigger reset request */
0901         rc = mutex_lock_interruptible(&sbefifo->lock);
0902         if (rc)
0903             goto bail;
0904         rc = sbefifo_request_reset(user->sbefifo);
0905         mutex_unlock(&sbefifo->lock);
0906         if (rc == 0)
0907             rc = 4;
0908         goto bail;
0909     }
0910
0911     /* Update the staging buffer size */
0912     user->pending_len = len;
0913  bail:
0914     if (!user->pending_len)
0915         sbefifo_release_command(user);
0916
0917     mutex_unlock(&user->file_lock);
0918
0919     /* And that's it, we'll issue the command on a read */
0920     return rc;
0921 }
0922
0923 static int sbefifo_user_release(struct inode *inode, struct file *file)
0924 {
0925     struct sbefifo_user *user = file->private_data;
0926
0927     if (!user)
0928         return -EINVAL;
0929
0930     sbefifo_release_command(user);
0931     free_page((unsigned long)user->cmd_page);
0932     kfree(user);
0933
0934     return 0;
0935 }
0936
0937 static int sbefifo_read_timeout(struct sbefifo_user *user, void __user *argp)
0938 {
0939     struct device *dev = &user->sbefifo->dev;
0940     u32 timeout;
0941
0942     if (get_user(timeout, (__u32 __user *)argp))
0943         return -EFAULT;
0944
0945     if (timeout == 0) {
0946         user->read_timeout_ms = SBEFIFO_TIMEOUT_START_RSP;
0947         dev_dbg(dev, "Timeout reset to %d\n", user->read_timeout_ms);
0948         return 0;
0949     }
0950
0951     if (timeout < 10 || timeout > 120)
0952         return -EINVAL;
0953
0954     user->read_timeout_ms = timeout * 1000; /* user timeout is in sec */
0955
0956     dev_dbg(dev, "Timeout set to %d\n", user->read_timeout_ms);
0957
0958     return 0;
0959 }
0960
0961 static long sbefifo_user_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
0962 {
0963     struct sbefifo_user *user = file->private_data;
0964     int rc = -ENOTTY;
0965
0966     if (!user)
0967         return -EINVAL;
0968
0969     mutex_lock(&user->file_lock);
0970     switch (cmd) {
0971     case FSI_SBEFIFO_READ_TIMEOUT_SECONDS:
0972         rc = sbefifo_read_timeout(user, (void __user *)arg);
0973         break;
0974     }
0975     mutex_unlock(&user->file_lock);
0976     return rc;
0977 }
0978
0979 static const struct file_operations sbefifo_fops = {
0980     .owner      = THIS_MODULE,
0981     .open       = sbefifo_user_open,
0982     .read       = sbefifo_user_read,
0983     .write      = sbefifo_user_write,
0984     .release    = sbefifo_user_release,
0985     .unlocked_ioctl = sbefifo_user_ioctl,
0986 };
0987
0988 static void sbefifo_free(struct device *dev)
0989 {
0990     struct sbefifo *sbefifo = container_of(dev, struct sbefifo, dev);
0991
0992     put_device(&sbefifo->fsi_dev->dev);
0993     kfree(sbefifo);
0994 }
0995
0996 /*
0997  * Probe/remove
0998  */
0999
1000 static int sbefifo_probe(struct device *dev)
1001 {
1002     struct fsi_device *fsi_dev = to_fsi_dev(dev);
1003     struct sbefifo *sbefifo;
1004     struct device_node *np;
1005     struct platform_device *child;
1006     char child_name[32];
1007     int rc, didx, child_idx = 0;
1008
1009     dev_dbg(dev, "Found sbefifo device\n");
1010
1011     sbefifo = kzalloc(sizeof(*sbefifo), GFP_KERNEL);
1012     if (!sbefifo)
1013         return -ENOMEM;
1014
1015     /* Grab a reference to the device (parent of our cdev), we'll drop it later */
1016     if (!get_device(dev)) {
1017         kfree(sbefifo);
1018         return -ENODEV;
1019     }
1020
1021     sbefifo->magic = SBEFIFO_MAGIC;
1022     sbefifo->fsi_dev = fsi_dev;
1023     dev_set_drvdata(dev, sbefifo);
1024     mutex_init(&sbefifo->lock);
1025     sbefifo->timeout_start_rsp_ms = SBEFIFO_TIMEOUT_START_RSP;
1026
1027     /*
1028      * Try cleaning up the FIFO. If this fails, we still register the
1029      * driver and will try cleaning things up again on the next access.
1030      */
1031     rc = sbefifo_cleanup_hw(sbefifo);
1032     if (rc && rc != -ESHUTDOWN)
1033         dev_err(dev, "Initial HW cleanup failed, will retry later\n");
1034
1035     /* Create chardev for userspace access */
1036     sbefifo->dev.type = &fsi_cdev_type;
1037     sbefifo->dev.parent = dev;
1038     sbefifo->dev.release = sbefifo_free;
1039     device_initialize(&sbefifo->dev);
1040
1041     /* Allocate a minor in the FSI space */
1042     rc = fsi_get_new_minor(fsi_dev, fsi_dev_sbefifo, &sbefifo->dev.devt, &didx);
1043     if (rc)
1044         goto err;
1045
1046     dev_set_name(&sbefifo->dev, "sbefifo%d", didx);
1047     cdev_init(&sbefifo->cdev, &sbefifo_fops);
1048     rc = cdev_device_add(&sbefifo->cdev, &sbefifo->dev);
1049     if (rc) {
1050         dev_err(dev, "Error %d creating char device %s\n",
1051             rc, dev_name(&sbefifo->dev));
1052         goto err_free_minor;
1053     }
1054
1055     /* Create platform devs for dts child nodes (occ, etc) */
1056     for_each_available_child_of_node(dev->of_node, np) {
1057         snprintf(child_name, sizeof(child_name), "%s-dev%d",
1058              dev_name(&sbefifo->dev), child_idx++);
1059         child = of_platform_device_create(np, child_name, dev);
1060         if (!child)
1061             dev_warn(dev, "failed to create child %s dev\n",
1062                  child_name);
1063     }
1064
1065     device_create_file(&sbefifo->dev, &dev_attr_timeout);
1066
1067     return 0;
1068  err_free_minor:
1069     fsi_free_minor(sbefifo->dev.devt);
1070  err:
1071     put_device(&sbefifo->dev);
1072     return rc;
1073 }
1074
1075 static int sbefifo_unregister_child(struct device *dev, void *data)
1076 {
1077     struct platform_device *child = to_platform_device(dev);
1078
1079     of_device_unregister(child);
1080     if (dev->of_node)
1081         of_node_clear_flag(dev->of_node, OF_POPULATED);
1082
1083     return 0;
1084 }
1085
1086 static int sbefifo_remove(struct device *dev)
1087 {
1088     struct sbefifo *sbefifo = dev_get_drvdata(dev);
1089
1090     dev_dbg(dev, "Removing sbefifo device...\n");
1091
1092     device_remove_file(&sbefifo->dev, &dev_attr_timeout);
1093
1094     mutex_lock(&sbefifo->lock);
1095     sbefifo->dead = true;
1096     mutex_unlock(&sbefifo->lock);
1097
1098     cdev_device_del(&sbefifo->cdev, &sbefifo->dev);
1099     fsi_free_minor(sbefifo->dev.devt);
1100     device_for_each_child(dev, NULL, sbefifo_unregister_child);
1101     put_device(&sbefifo->dev);
1102
1103     return 0;
1104 }
1105
1106 static const struct fsi_device_id sbefifo_ids[] = {
1107     {
1108         .engine_type = FSI_ENGID_SBE,
1109         .version = FSI_VERSION_ANY,
1110     },
1111     { 0 }
1112 };
1113
1114 static struct fsi_driver sbefifo_drv = {
1115     .id_table = sbefifo_ids,
1116     .drv = {
1117         .name = DEVICE_NAME,
1118         .bus = &fsi_bus_type,
1119         .probe = sbefifo_probe,
1120         .remove = sbefifo_remove,
1121     }
1122 };
1123
1124 static int sbefifo_init(void)
1125 {
1126     return fsi_driver_register(&sbefifo_drv);
1127 }
1128
1129 static void sbefifo_exit(void)
1130 {
1131     fsi_driver_unregister(&sbefifo_drv);
1132 }
1133
1134 module_init(sbefifo_init);
1135 module_exit(sbefifo_exit);
1136 MODULE_LICENSE("GPL");
1137 MODULE_AUTHOR("Brad Bishop <bradleyb@fuzziesquirrel.com>");
1138 MODULE_AUTHOR("Eddie James <eajames@linux.vnet.ibm.com>");
1139 MODULE_AUTHOR("Andrew Jeffery <andrew@aj.id.au>");
1140 MODULE_AUTHOR("Benjamin Herrenschmidt <benh@kernel.crashing.org>");
1141 MODULE_DESCRIPTION("Linux device interface to the POWER Self Boot Engine");