Back to home page

OSCL-LXR

 
 

    


0001 
0002 /*
0003  *  linux/drivers/scsi/esas2r/esas2r_flash.c
0004  *      For use with ATTO ExpressSAS R6xx SAS/SATA RAID controllers
0005  *
0006  *  Copyright (c) 2001-2013 ATTO Technology, Inc.
0007  *  (mailto:linuxdrivers@attotech.com)
0008  *
0009  * This program is free software; you can redistribute it and/or
0010  * modify it under the terms of the GNU General Public License
0011  * as published by the Free Software Foundation; either version 2
0012  * of the License, or (at your option) any later version.
0013  *
0014  * This program is distributed in the hope that it will be useful,
0015  * but WITHOUT ANY WARRANTY; without even the implied warranty of
0016  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
0017  * GNU General Public License for more details.
0018  *
0019  * NO WARRANTY
0020  * THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
0021  * CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
0022  * LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
0023  * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
0024  * solely responsible for determining the appropriateness of using and
0025  * distributing the Program and assumes all risks associated with its
0026  * exercise of rights under this Agreement, including but not limited to
0027  * the risks and costs of program errors, damage to or loss of data,
0028  * programs or equipment, and unavailability or interruption of operations.
0029  *
0030  * DISCLAIMER OF LIABILITY
0031  * NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
0032  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
0033  * DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
0034  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
0035  * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
0036  * USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
0037  * HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
0038  *
0039  * You should have received a copy of the GNU General Public License
0040  * along with this program; if not, write to the Free Software
0041  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
0042  * USA.
0043  */
0044 
0045 #include "esas2r.h"
0046 
0047 /* local macro defs */
0048 #define esas2r_nvramcalc_cksum(n)     \
0049     (esas2r_calc_byte_cksum((u8 *)(n), sizeof(struct esas2r_sas_nvram), \
0050                 SASNVR_CKSUM_SEED))
0051 #define esas2r_nvramcalc_xor_cksum(n)  \
0052     (esas2r_calc_byte_xor_cksum((u8 *)(n), \
0053                     sizeof(struct esas2r_sas_nvram), 0))
0054 
0055 #define ESAS2R_FS_DRVR_VER 2
0056 
0057 static struct esas2r_sas_nvram default_sas_nvram = {
0058     { 'E',  'S',  'A',  'S'              }, /* signature          */
0059     SASNVR_VERSION,                                 /* version            */
0060     0,                                              /* checksum           */
0061     31,                                             /* max_lun_for_target */
0062     SASNVR_PCILAT_MAX,                              /* pci_latency        */
0063     SASNVR1_BOOT_DRVR,                              /* options1           */
0064     SASNVR2_HEARTBEAT   | SASNVR2_SINGLE_BUS        /* options2           */
0065     | SASNVR2_SW_MUX_CTRL,
0066     SASNVR_COAL_DIS,                                /* int_coalescing     */
0067     SASNVR_CMDTHR_NONE,                             /* cmd_throttle       */
0068     3,                                              /* dev_wait_time      */
0069     1,                                              /* dev_wait_count     */
0070     0,                                              /* spin_up_delay      */
0071     0,                                              /* ssp_align_rate     */
0072     { 0x50, 0x01, 0x08, 0x60,                       /* sas_addr           */
0073       0x00, 0x00, 0x00, 0x00 },
0074     { SASNVR_SPEED_AUTO },                          /* phy_speed          */
0075     { SASNVR_MUX_DISABLED },                        /* SAS multiplexing   */
0076     { 0 },                                          /* phy_flags          */
0077     SASNVR_SORT_SAS_ADDR,                           /* sort_type          */
0078     3,                                              /* dpm_reqcmd_lmt     */
0079     3,                                              /* dpm_stndby_time    */
0080     0,                                              /* dpm_active_time    */
0081     { 0 },                                          /* phy_target_id      */
0082     SASNVR_VSMH_DISABLED,                           /* virt_ses_mode      */
0083     SASNVR_RWM_DEFAULT,                             /* read_write_mode    */
0084     0,                                              /* link down timeout  */
0085     { 0 }                                           /* reserved           */
0086 };
0087 
0088 static u8 cmd_to_fls_func[] = {
0089     0xFF,
0090     VDA_FLASH_READ,
0091     VDA_FLASH_BEGINW,
0092     VDA_FLASH_WRITE,
0093     VDA_FLASH_COMMIT,
0094     VDA_FLASH_CANCEL
0095 };
0096 
0097 static u8 esas2r_calc_byte_xor_cksum(u8 *addr, u32 len, u8 seed)
0098 {
0099     u32 cksum = seed;
0100     u8 *p = (u8 *)&cksum;
0101 
0102     while (len) {
0103         if (((uintptr_t)addr & 3) == 0)
0104             break;
0105 
0106         cksum = cksum ^ *addr;
0107         addr++;
0108         len--;
0109     }
0110     while (len >= sizeof(u32)) {
0111         cksum = cksum ^ *(u32 *)addr;
0112         addr += 4;
0113         len -= 4;
0114     }
0115     while (len--) {
0116         cksum = cksum ^ *addr;
0117         addr++;
0118     }
0119     return p[0] ^ p[1] ^ p[2] ^ p[3];
0120 }
0121 
0122 static u8 esas2r_calc_byte_cksum(void *addr, u32 len, u8 seed)
0123 {
0124     u8 *p = (u8 *)addr;
0125     u8 cksum = seed;
0126 
0127     while (len--)
0128         cksum = cksum + p[len];
0129     return cksum;
0130 }
0131 
0132 /* Interrupt callback to process FM API write requests. */
0133 static void esas2r_fmapi_callback(struct esas2r_adapter *a,
0134                   struct esas2r_request *rq)
0135 {
0136     struct atto_vda_flash_req *vrq = &rq->vrq->flash;
0137     struct esas2r_flash_context *fc =
0138         (struct esas2r_flash_context *)rq->interrupt_cx;
0139 
0140     if (rq->req_stat == RS_SUCCESS) {
0141         /* Last request was successful.  See what to do now. */
0142         switch (vrq->sub_func) {
0143         case VDA_FLASH_BEGINW:
0144             if (fc->sgc.cur_offset == NULL)
0145                 goto commit;
0146 
0147             vrq->sub_func = VDA_FLASH_WRITE;
0148             rq->req_stat = RS_PENDING;
0149             break;
0150 
0151         case VDA_FLASH_WRITE:
0152 commit:
0153             vrq->sub_func = VDA_FLASH_COMMIT;
0154             rq->req_stat = RS_PENDING;
0155             rq->interrupt_cb = fc->interrupt_cb;
0156             break;
0157 
0158         default:
0159             break;
0160         }
0161     }
0162 
0163     if (rq->req_stat != RS_PENDING)
0164         /*
0165          * All done. call the real callback to complete the FM API
0166          * request.  We should only get here if a BEGINW or WRITE
0167          * operation failed.
0168          */
0169         (*fc->interrupt_cb)(a, rq);
0170 }
0171 
0172 /*
0173  * Build a flash request based on the flash context.  The request status
0174  * is filled in on an error.
0175  */
0176 static void build_flash_msg(struct esas2r_adapter *a,
0177                 struct esas2r_request *rq)
0178 {
0179     struct esas2r_flash_context *fc =
0180         (struct esas2r_flash_context *)rq->interrupt_cx;
0181     struct esas2r_sg_context *sgc = &fc->sgc;
0182     u8 cksum = 0;
0183 
0184     /* calculate the checksum */
0185     if (fc->func == VDA_FLASH_BEGINW) {
0186         if (sgc->cur_offset)
0187             cksum = esas2r_calc_byte_xor_cksum(sgc->cur_offset,
0188                                sgc->length,
0189                                0);
0190         rq->interrupt_cb = esas2r_fmapi_callback;
0191     } else {
0192         rq->interrupt_cb = fc->interrupt_cb;
0193     }
0194     esas2r_build_flash_req(a,
0195                    rq,
0196                    fc->func,
0197                    cksum,
0198                    fc->flsh_addr,
0199                    sgc->length);
0200 
0201     esas2r_rq_free_sg_lists(rq, a);
0202 
0203     /*
0204      * remember the length we asked for.  we have to keep track of
0205      * the current amount done so we know how much to compare when
0206      * doing the verification phase.
0207      */
0208     fc->curr_len = fc->sgc.length;
0209 
0210     if (sgc->cur_offset) {
0211         /* setup the S/G context to build the S/G table  */
0212         esas2r_sgc_init(sgc, a, rq, &rq->vrq->flash.data.sge[0]);
0213 
0214         if (!esas2r_build_sg_list(a, rq, sgc)) {
0215             rq->req_stat = RS_BUSY;
0216             return;
0217         }
0218     } else {
0219         fc->sgc.length = 0;
0220     }
0221 
0222     /* update the flsh_addr to the next one to write to  */
0223     fc->flsh_addr += fc->curr_len;
0224 }
0225 
0226 /* determine the method to process the flash request */
0227 static bool load_image(struct esas2r_adapter *a, struct esas2r_request *rq)
0228 {
0229     /*
0230      * assume we have more to do.  if we return with the status set to
0231      * RS_PENDING, FM API tasks will continue.
0232      */
0233     rq->req_stat = RS_PENDING;
0234     if (test_bit(AF_DEGRADED_MODE, &a->flags))
0235         /* not supported for now */;
0236     else
0237         build_flash_msg(a, rq);
0238 
0239     return rq->req_stat == RS_PENDING;
0240 }
0241 
0242 /*  boot image fixer uppers called before downloading the image. */
0243 static void fix_bios(struct esas2r_adapter *a, struct esas2r_flash_img *fi)
0244 {
0245     struct esas2r_component_header *ch = &fi->cmp_hdr[CH_IT_BIOS];
0246     struct esas2r_pc_image *pi;
0247     struct esas2r_boot_header *bh;
0248 
0249     pi = (struct esas2r_pc_image *)((u8 *)fi + ch->image_offset);
0250     bh =
0251         (struct esas2r_boot_header *)((u8 *)pi +
0252                           le16_to_cpu(pi->header_offset));
0253     bh->device_id = cpu_to_le16(a->pcid->device);
0254 
0255     /* Recalculate the checksum in the PNP header if there  */
0256     if (pi->pnp_offset) {
0257         u8 *pnp_header_bytes =
0258             ((u8 *)pi + le16_to_cpu(pi->pnp_offset));
0259 
0260         /* Identifier - dword that starts at byte 10 */
0261         *((u32 *)&pnp_header_bytes[10]) =
0262             cpu_to_le32(MAKEDWORD(a->pcid->subsystem_vendor,
0263                           a->pcid->subsystem_device));
0264 
0265         /* Checksum - byte 9 */
0266         pnp_header_bytes[9] -= esas2r_calc_byte_cksum(pnp_header_bytes,
0267                                   32, 0);
0268     }
0269 
0270     /* Recalculate the checksum needed by the PC */
0271     pi->checksum = pi->checksum -
0272                esas2r_calc_byte_cksum((u8 *)pi, ch->length, 0);
0273 }
0274 
0275 static void fix_efi(struct esas2r_adapter *a, struct esas2r_flash_img *fi)
0276 {
0277     struct esas2r_component_header *ch = &fi->cmp_hdr[CH_IT_EFI];
0278     u32 len = ch->length;
0279     u32 offset = ch->image_offset;
0280     struct esas2r_efi_image *ei;
0281     struct esas2r_boot_header *bh;
0282 
0283     while (len) {
0284         u32 thislen;
0285 
0286         ei = (struct esas2r_efi_image *)((u8 *)fi + offset);
0287         bh = (struct esas2r_boot_header *)((u8 *)ei +
0288                            le16_to_cpu(
0289                                ei->header_offset));
0290         bh->device_id = cpu_to_le16(a->pcid->device);
0291         thislen = (u32)le16_to_cpu(bh->image_length) * 512;
0292 
0293         if (thislen > len)
0294             break;
0295 
0296         len -= thislen;
0297         offset += thislen;
0298     }
0299 }
0300 
0301 /* Complete a FM API request with the specified status. */
0302 static bool complete_fmapi_req(struct esas2r_adapter *a,
0303                    struct esas2r_request *rq, u8 fi_stat)
0304 {
0305     struct esas2r_flash_context *fc =
0306         (struct esas2r_flash_context *)rq->interrupt_cx;
0307     struct esas2r_flash_img *fi = fc->fi;
0308 
0309     fi->status = fi_stat;
0310     fi->driver_error = rq->req_stat;
0311     rq->interrupt_cb = NULL;
0312     rq->req_stat = RS_SUCCESS;
0313 
0314     if (fi_stat != FI_STAT_IMG_VER)
0315         memset(fc->scratch, 0, FM_BUF_SZ);
0316 
0317     esas2r_enable_heartbeat(a);
0318     clear_bit(AF_FLASH_LOCK, &a->flags);
0319     return false;
0320 }
0321 
0322 /* Process each phase of the flash download process. */
0323 static void fw_download_proc(struct esas2r_adapter *a,
0324                  struct esas2r_request *rq)
0325 {
0326     struct esas2r_flash_context *fc =
0327         (struct esas2r_flash_context *)rq->interrupt_cx;
0328     struct esas2r_flash_img *fi = fc->fi;
0329     struct esas2r_component_header *ch;
0330     u32 len;
0331     u8 *p, *q;
0332 
0333     /* If the previous operation failed, just return. */
0334     if (rq->req_stat != RS_SUCCESS)
0335         goto error;
0336 
0337     /*
0338      * If an upload just completed and the compare length is non-zero,
0339      * then we just read back part of the image we just wrote.  verify the
0340      * section and continue reading until the entire image is verified.
0341      */
0342     if (fc->func == VDA_FLASH_READ
0343         && fc->cmp_len) {
0344         ch = &fi->cmp_hdr[fc->comp_typ];
0345 
0346         p = fc->scratch;
0347         q = (u8 *)fi                    /* start of the whole gob     */
0348             + ch->image_offset          /* start of the current image */
0349             + ch->length                /* end of the current image   */
0350             - fc->cmp_len;              /* where we are now           */
0351 
0352         /*
0353          * NOTE - curr_len is the exact count of bytes for the read
0354          *        even when the end is read and its not a full buffer
0355          */
0356         for (len = fc->curr_len; len; len--)
0357             if (*p++ != *q++)
0358                 goto error;
0359 
0360         fc->cmp_len -= fc->curr_len; /* # left to compare    */
0361 
0362         /* Update fc and determine the length for the next upload */
0363         if (fc->cmp_len > FM_BUF_SZ)
0364             fc->sgc.length = FM_BUF_SZ;
0365         else
0366             fc->sgc.length = fc->cmp_len;
0367 
0368         fc->sgc.cur_offset = fc->sgc_offset +
0369                      ((u8 *)fc->scratch - (u8 *)fi);
0370     }
0371 
0372     /*
0373      * This code uses a 'while' statement since the next component may
0374      * have a length = zero.  This can happen since some components are
0375      * not required.  At the end of this 'while' we set up the length
0376      * for the next request and therefore sgc.length can be = 0.
0377      */
0378     while (fc->sgc.length == 0) {
0379         ch = &fi->cmp_hdr[fc->comp_typ];
0380 
0381         switch (fc->task) {
0382         case FMTSK_ERASE_BOOT:
0383             /* the BIOS image is written next */
0384             ch = &fi->cmp_hdr[CH_IT_BIOS];
0385             if (ch->length == 0)
0386                 goto no_bios;
0387 
0388             fc->task = FMTSK_WRTBIOS;
0389             fc->func = VDA_FLASH_BEGINW;
0390             fc->comp_typ = CH_IT_BIOS;
0391             fc->flsh_addr = FLS_OFFSET_BOOT;
0392             fc->sgc.length = ch->length;
0393             fc->sgc.cur_offset = fc->sgc_offset +
0394                          ch->image_offset;
0395             break;
0396 
0397         case FMTSK_WRTBIOS:
0398             /*
0399              * The BIOS image has been written - read it and
0400              * verify it
0401              */
0402             fc->task = FMTSK_READBIOS;
0403             fc->func = VDA_FLASH_READ;
0404             fc->flsh_addr = FLS_OFFSET_BOOT;
0405             fc->cmp_len = ch->length;
0406             fc->sgc.length = FM_BUF_SZ;
0407             fc->sgc.cur_offset = fc->sgc_offset
0408                          + ((u8 *)fc->scratch -
0409                         (u8 *)fi);
0410             break;
0411 
0412         case FMTSK_READBIOS:
0413 no_bios:
0414             /*
0415              * Mark the component header status for the image
0416              * completed
0417              */
0418             ch->status = CH_STAT_SUCCESS;
0419 
0420             /* The MAC image is written next */
0421             ch = &fi->cmp_hdr[CH_IT_MAC];
0422             if (ch->length == 0)
0423                 goto no_mac;
0424 
0425             fc->task = FMTSK_WRTMAC;
0426             fc->func = VDA_FLASH_BEGINW;
0427             fc->comp_typ = CH_IT_MAC;
0428             fc->flsh_addr = FLS_OFFSET_BOOT
0429                     + fi->cmp_hdr[CH_IT_BIOS].length;
0430             fc->sgc.length = ch->length;
0431             fc->sgc.cur_offset = fc->sgc_offset +
0432                          ch->image_offset;
0433             break;
0434 
0435         case FMTSK_WRTMAC:
0436             /* The MAC image has been written - read and verify */
0437             fc->task = FMTSK_READMAC;
0438             fc->func = VDA_FLASH_READ;
0439             fc->flsh_addr -= ch->length;
0440             fc->cmp_len = ch->length;
0441             fc->sgc.length = FM_BUF_SZ;
0442             fc->sgc.cur_offset = fc->sgc_offset
0443                          + ((u8 *)fc->scratch -
0444                         (u8 *)fi);
0445             break;
0446 
0447         case FMTSK_READMAC:
0448 no_mac:
0449             /*
0450              * Mark the component header status for the image
0451              * completed
0452              */
0453             ch->status = CH_STAT_SUCCESS;
0454 
0455             /* The EFI image is written next */
0456             ch = &fi->cmp_hdr[CH_IT_EFI];
0457             if (ch->length == 0)
0458                 goto no_efi;
0459 
0460             fc->task = FMTSK_WRTEFI;
0461             fc->func = VDA_FLASH_BEGINW;
0462             fc->comp_typ = CH_IT_EFI;
0463             fc->flsh_addr = FLS_OFFSET_BOOT
0464                     + fi->cmp_hdr[CH_IT_BIOS].length
0465                     + fi->cmp_hdr[CH_IT_MAC].length;
0466             fc->sgc.length = ch->length;
0467             fc->sgc.cur_offset = fc->sgc_offset +
0468                          ch->image_offset;
0469             break;
0470 
0471         case FMTSK_WRTEFI:
0472             /* The EFI image has been written - read and verify */
0473             fc->task = FMTSK_READEFI;
0474             fc->func = VDA_FLASH_READ;
0475             fc->flsh_addr -= ch->length;
0476             fc->cmp_len = ch->length;
0477             fc->sgc.length = FM_BUF_SZ;
0478             fc->sgc.cur_offset = fc->sgc_offset
0479                          + ((u8 *)fc->scratch -
0480                         (u8 *)fi);
0481             break;
0482 
0483         case FMTSK_READEFI:
0484 no_efi:
0485             /*
0486              * Mark the component header status for the image
0487              * completed
0488              */
0489             ch->status = CH_STAT_SUCCESS;
0490 
0491             /* The CFG image is written next */
0492             ch = &fi->cmp_hdr[CH_IT_CFG];
0493 
0494             if (ch->length == 0)
0495                 goto no_cfg;
0496             fc->task = FMTSK_WRTCFG;
0497             fc->func = VDA_FLASH_BEGINW;
0498             fc->comp_typ = CH_IT_CFG;
0499             fc->flsh_addr = FLS_OFFSET_CPYR - ch->length;
0500             fc->sgc.length = ch->length;
0501             fc->sgc.cur_offset = fc->sgc_offset +
0502                          ch->image_offset;
0503             break;
0504 
0505         case FMTSK_WRTCFG:
0506             /* The CFG image has been written - read and verify */
0507             fc->task = FMTSK_READCFG;
0508             fc->func = VDA_FLASH_READ;
0509             fc->flsh_addr = FLS_OFFSET_CPYR - ch->length;
0510             fc->cmp_len = ch->length;
0511             fc->sgc.length = FM_BUF_SZ;
0512             fc->sgc.cur_offset = fc->sgc_offset
0513                          + ((u8 *)fc->scratch -
0514                         (u8 *)fi);
0515             break;
0516 
0517         case FMTSK_READCFG:
0518 no_cfg:
0519             /*
0520              * Mark the component header status for the image
0521              * completed
0522              */
0523             ch->status = CH_STAT_SUCCESS;
0524 
0525             /*
0526              * The download is complete.  If in degraded mode,
0527              * attempt a chip reset.
0528              */
0529             if (test_bit(AF_DEGRADED_MODE, &a->flags))
0530                 esas2r_local_reset_adapter(a);
0531 
0532             a->flash_ver = fi->cmp_hdr[CH_IT_BIOS].version;
0533             esas2r_print_flash_rev(a);
0534 
0535             /* Update the type of boot image on the card */
0536             memcpy(a->image_type, fi->rel_version,
0537                    sizeof(fi->rel_version));
0538             complete_fmapi_req(a, rq, FI_STAT_SUCCESS);
0539             return;
0540         }
0541 
0542         /* If verifying, don't try reading more than what's there */
0543         if (fc->func == VDA_FLASH_READ
0544             && fc->sgc.length > fc->cmp_len)
0545             fc->sgc.length = fc->cmp_len;
0546     }
0547 
0548     /* Build the request to perform the next action */
0549     if (!load_image(a, rq)) {
0550 error:
0551         if (fc->comp_typ < fi->num_comps) {
0552             ch = &fi->cmp_hdr[fc->comp_typ];
0553             ch->status = CH_STAT_FAILED;
0554         }
0555 
0556         complete_fmapi_req(a, rq, FI_STAT_FAILED);
0557     }
0558 }
0559 
0560 /* Determine the flash image adaptyp for this adapter */
0561 static u8 get_fi_adap_type(struct esas2r_adapter *a)
0562 {
0563     u8 type;
0564 
0565     /* use the device ID to get the correct adap_typ for this HBA */
0566     switch (a->pcid->device) {
0567     case ATTO_DID_INTEL_IOP348:
0568         type = FI_AT_SUN_LAKE;
0569         break;
0570 
0571     case ATTO_DID_MV_88RC9580:
0572     case ATTO_DID_MV_88RC9580TS:
0573     case ATTO_DID_MV_88RC9580TSE:
0574     case ATTO_DID_MV_88RC9580TL:
0575         type = FI_AT_MV_9580;
0576         break;
0577 
0578     default:
0579         type = FI_AT_UNKNWN;
0580         break;
0581     }
0582 
0583     return type;
0584 }
0585 
0586 /* Size of config + copyright + flash_ver images, 0 for failure. */
0587 static u32 chk_cfg(u8 *cfg, u32 length, u32 *flash_ver)
0588 {
0589     u16 *pw = (u16 *)cfg - 1;
0590     u32 sz = 0;
0591     u32 len = length;
0592 
0593     if (len == 0)
0594         len = FM_BUF_SZ;
0595 
0596     if (flash_ver)
0597         *flash_ver = 0;
0598 
0599     while (true) {
0600         u16 type;
0601         u16 size;
0602 
0603         type = le16_to_cpu(*pw--);
0604         size = le16_to_cpu(*pw--);
0605 
0606         if (type != FBT_CPYR
0607             && type != FBT_SETUP
0608             && type != FBT_FLASH_VER)
0609             break;
0610 
0611         if (type == FBT_FLASH_VER
0612             && flash_ver)
0613             *flash_ver = le32_to_cpu(*(u32 *)(pw - 1));
0614 
0615         sz += size + (2 * sizeof(u16));
0616         pw -= size / sizeof(u16);
0617 
0618         if (sz > len - (2 * sizeof(u16)))
0619             break;
0620     }
0621 
0622     /* See if we are comparing the size to the specified length */
0623     if (length && sz != length)
0624         return 0;
0625 
0626     return sz;
0627 }
0628 
0629 /* Verify that the boot image is valid */
0630 static u8 chk_boot(u8 *boot_img, u32 length)
0631 {
0632     struct esas2r_boot_image *bi = (struct esas2r_boot_image *)boot_img;
0633     u16 hdroffset = le16_to_cpu(bi->header_offset);
0634     struct esas2r_boot_header *bh;
0635 
0636     if (bi->signature != le16_to_cpu(0xaa55)
0637         || (long)hdroffset >
0638         (long)(65536L - sizeof(struct esas2r_boot_header))
0639         || (hdroffset & 3)
0640         || (hdroffset < sizeof(struct esas2r_boot_image))
0641         || ((u32)hdroffset + sizeof(struct esas2r_boot_header) > length))
0642         return 0xff;
0643 
0644     bh = (struct esas2r_boot_header *)((char *)bi + hdroffset);
0645 
0646     if (bh->signature[0] != 'P'
0647         || bh->signature[1] != 'C'
0648         || bh->signature[2] != 'I'
0649         || bh->signature[3] != 'R'
0650         || le16_to_cpu(bh->struct_length) <
0651         (u16)sizeof(struct esas2r_boot_header)
0652         || bh->class_code[2] != 0x01
0653         || bh->class_code[1] != 0x04
0654         || bh->class_code[0] != 0x00
0655         || (bh->code_type != CODE_TYPE_PC
0656         && bh->code_type != CODE_TYPE_OPEN
0657         && bh->code_type != CODE_TYPE_EFI))
0658         return 0xff;
0659 
0660     return bh->code_type;
0661 }
0662 
0663 /* The sum of all the WORDS of the image */
0664 static u16 calc_fi_checksum(struct esas2r_flash_context *fc)
0665 {
0666     struct esas2r_flash_img *fi = fc->fi;
0667     u16 cksum;
0668     u32 len;
0669     u16 *pw;
0670 
0671     for (len = (fi->length - fc->fi_hdr_len) / 2,
0672          pw = (u16 *)((u8 *)fi + fc->fi_hdr_len),
0673          cksum = 0;
0674          len;
0675          len--, pw++)
0676         cksum = cksum + le16_to_cpu(*pw);
0677 
0678     return cksum;
0679 }
0680 
0681 /*
0682  * Verify the flash image structure.  The following verifications will
0683  * be performed:
0684  *              1)  verify the fi_version is correct
0685  *              2)  verify the checksum of the entire image.
0686  *              3)  validate the adap_typ, action and length fields.
0687  *              4)  validate each component header. check the img_type and
0688  *                  length fields
0689  *              5)  validate each component image.  validate signatures and
0690  *                  local checksums
0691  */
0692 static bool verify_fi(struct esas2r_adapter *a,
0693               struct esas2r_flash_context *fc)
0694 {
0695     struct esas2r_flash_img *fi = fc->fi;
0696     u8 type;
0697     bool imgerr;
0698     u16 i;
0699     u32 len;
0700     struct esas2r_component_header *ch;
0701 
0702     /* Verify the length - length must even since we do a word checksum */
0703     len = fi->length;
0704 
0705     if ((len & 1)
0706         || len < fc->fi_hdr_len) {
0707         fi->status = FI_STAT_LENGTH;
0708         return false;
0709     }
0710 
0711     /* Get adapter type and verify type in flash image */
0712     type = get_fi_adap_type(a);
0713     if ((type == FI_AT_UNKNWN) || (fi->adap_typ != type)) {
0714         fi->status = FI_STAT_ADAPTYP;
0715         return false;
0716     }
0717 
0718     /*
0719      * Loop through each component and verify the img_type and length
0720      * fields.  Keep a running count of the sizes sooze we can verify total
0721      * size to additive size.
0722      */
0723     imgerr = false;
0724 
0725     for (i = 0, len = 0, ch = fi->cmp_hdr;
0726          i < fi->num_comps;
0727          i++, ch++) {
0728         bool cmperr = false;
0729 
0730         /*
0731          * Verify that the component header has the same index as the
0732          * image type.  The headers must be ordered correctly
0733          */
0734         if (i != ch->img_type) {
0735             imgerr = true;
0736             ch->status = CH_STAT_INVALID;
0737             continue;
0738         }
0739 
0740         switch (ch->img_type) {
0741         case CH_IT_BIOS:
0742             type = CODE_TYPE_PC;
0743             break;
0744 
0745         case CH_IT_MAC:
0746             type = CODE_TYPE_OPEN;
0747             break;
0748 
0749         case CH_IT_EFI:
0750             type = CODE_TYPE_EFI;
0751             break;
0752         }
0753 
0754         switch (ch->img_type) {
0755         case CH_IT_FW:
0756         case CH_IT_NVR:
0757             break;
0758 
0759         case CH_IT_BIOS:
0760         case CH_IT_MAC:
0761         case CH_IT_EFI:
0762             if (ch->length & 0x1ff)
0763                 cmperr = true;
0764 
0765             /* Test if component image is present  */
0766             if (ch->length == 0)
0767                 break;
0768 
0769             /* Image is present - verify the image */
0770             if (chk_boot((u8 *)fi + ch->image_offset, ch->length)
0771                 != type)
0772                 cmperr = true;
0773 
0774             break;
0775 
0776         case CH_IT_CFG:
0777 
0778             /* Test if component image is present */
0779             if (ch->length == 0) {
0780                 cmperr = true;
0781                 break;
0782             }
0783 
0784             /* Image is present - verify the image */
0785             if (!chk_cfg((u8 *)fi + ch->image_offset + ch->length,
0786                      ch->length, NULL))
0787                 cmperr = true;
0788 
0789             break;
0790 
0791         default:
0792 
0793             fi->status = FI_STAT_UNKNOWN;
0794             return false;
0795         }
0796 
0797         if (cmperr) {
0798             imgerr = true;
0799             ch->status = CH_STAT_INVALID;
0800         } else {
0801             ch->status = CH_STAT_PENDING;
0802             len += ch->length;
0803         }
0804     }
0805 
0806     if (imgerr) {
0807         fi->status = FI_STAT_MISSING;
0808         return false;
0809     }
0810 
0811     /* Compare fi->length to the sum of ch->length fields */
0812     if (len != fi->length - fc->fi_hdr_len) {
0813         fi->status = FI_STAT_LENGTH;
0814         return false;
0815     }
0816 
0817     /* Compute the checksum - it should come out zero */
0818     if (fi->checksum != calc_fi_checksum(fc)) {
0819         fi->status = FI_STAT_CHKSUM;
0820         return false;
0821     }
0822 
0823     return true;
0824 }
0825 
0826 /* Fill in the FS IOCTL response data from a completed request. */
0827 static void esas2r_complete_fs_ioctl(struct esas2r_adapter *a,
0828                      struct esas2r_request *rq)
0829 {
0830     struct esas2r_ioctl_fs *fs =
0831         (struct esas2r_ioctl_fs *)rq->interrupt_cx;
0832 
0833     if (rq->vrq->flash.sub_func == VDA_FLASH_COMMIT)
0834         esas2r_enable_heartbeat(a);
0835 
0836     fs->driver_error = rq->req_stat;
0837 
0838     if (fs->driver_error == RS_SUCCESS)
0839         fs->status = ATTO_STS_SUCCESS;
0840     else
0841         fs->status = ATTO_STS_FAILED;
0842 }
0843 
0844 /* Prepare an FS IOCTL request to be sent to the firmware. */
0845 bool esas2r_process_fs_ioctl(struct esas2r_adapter *a,
0846                  struct esas2r_ioctl_fs *fs,
0847                  struct esas2r_request *rq,
0848                  struct esas2r_sg_context *sgc)
0849 {
0850     u8 cmdcnt = (u8)ARRAY_SIZE(cmd_to_fls_func);
0851     struct esas2r_ioctlfs_command *fsc = &fs->command;
0852     u8 func = 0;
0853     u32 datalen;
0854 
0855     fs->status = ATTO_STS_FAILED;
0856     fs->driver_error = RS_PENDING;
0857 
0858     if (fs->version > ESAS2R_FS_VER) {
0859         fs->status = ATTO_STS_INV_VERSION;
0860         return false;
0861     }
0862 
0863     if (fsc->command >= cmdcnt) {
0864         fs->status = ATTO_STS_INV_FUNC;
0865         return false;
0866     }
0867 
0868     func = cmd_to_fls_func[fsc->command];
0869     if (func == 0xFF) {
0870         fs->status = ATTO_STS_INV_FUNC;
0871         return false;
0872     }
0873 
0874     if (fsc->command != ESAS2R_FS_CMD_CANCEL) {
0875         if ((a->pcid->device != ATTO_DID_MV_88RC9580
0876              || fs->adap_type != ESAS2R_FS_AT_ESASRAID2)
0877             && (a->pcid->device != ATTO_DID_MV_88RC9580TS
0878             || fs->adap_type != ESAS2R_FS_AT_TSSASRAID2)
0879             && (a->pcid->device != ATTO_DID_MV_88RC9580TSE
0880             || fs->adap_type != ESAS2R_FS_AT_TSSASRAID2E)
0881             && (a->pcid->device != ATTO_DID_MV_88RC9580TL
0882             || fs->adap_type != ESAS2R_FS_AT_TLSASHBA)) {
0883             fs->status = ATTO_STS_INV_ADAPTER;
0884             return false;
0885         }
0886 
0887         if (fs->driver_ver > ESAS2R_FS_DRVR_VER) {
0888             fs->status = ATTO_STS_INV_DRVR_VER;
0889             return false;
0890         }
0891     }
0892 
0893     if (test_bit(AF_DEGRADED_MODE, &a->flags)) {
0894         fs->status = ATTO_STS_DEGRADED;
0895         return false;
0896     }
0897 
0898     rq->interrupt_cb = esas2r_complete_fs_ioctl;
0899     rq->interrupt_cx = fs;
0900     datalen = le32_to_cpu(fsc->length);
0901     esas2r_build_flash_req(a,
0902                    rq,
0903                    func,
0904                    fsc->checksum,
0905                    le32_to_cpu(fsc->flash_addr),
0906                    datalen);
0907 
0908     if (func == VDA_FLASH_WRITE
0909         || func == VDA_FLASH_READ) {
0910         if (datalen == 0) {
0911             fs->status = ATTO_STS_INV_FUNC;
0912             return false;
0913         }
0914 
0915         esas2r_sgc_init(sgc, a, rq, rq->vrq->flash.data.sge);
0916         sgc->length = datalen;
0917 
0918         if (!esas2r_build_sg_list(a, rq, sgc)) {
0919             fs->status = ATTO_STS_OUT_OF_RSRC;
0920             return false;
0921         }
0922     }
0923 
0924     if (func == VDA_FLASH_COMMIT)
0925         esas2r_disable_heartbeat(a);
0926 
0927     esas2r_start_request(a, rq);
0928 
0929     return true;
0930 }
0931 
0932 static bool esas2r_flash_access(struct esas2r_adapter *a, u32 function)
0933 {
0934     u32 starttime;
0935     u32 timeout;
0936     u32 intstat;
0937     u32 doorbell;
0938 
0939     /* Disable chip interrupts awhile */
0940     if (function == DRBL_FLASH_REQ)
0941         esas2r_disable_chip_interrupts(a);
0942 
0943     /* Issue the request to the firmware */
0944     esas2r_write_register_dword(a, MU_DOORBELL_IN, function);
0945 
0946     /* Now wait for the firmware to process it */
0947     starttime = jiffies_to_msecs(jiffies);
0948 
0949     if (test_bit(AF_CHPRST_PENDING, &a->flags) ||
0950         test_bit(AF_DISC_PENDING, &a->flags))
0951         timeout = 40000;
0952     else
0953         timeout = 5000;
0954 
0955     while (true) {
0956         intstat = esas2r_read_register_dword(a, MU_INT_STATUS_OUT);
0957 
0958         if (intstat & MU_INTSTAT_DRBL) {
0959             /* Got a doorbell interrupt.  Check for the function */
0960             doorbell =
0961                 esas2r_read_register_dword(a, MU_DOORBELL_OUT);
0962             esas2r_write_register_dword(a, MU_DOORBELL_OUT,
0963                             doorbell);
0964             if (doorbell & function)
0965                 break;
0966         }
0967 
0968         schedule_timeout_interruptible(msecs_to_jiffies(100));
0969 
0970         if ((jiffies_to_msecs(jiffies) - starttime) > timeout) {
0971             /*
0972              * Iimeout.  If we were requesting flash access,
0973              * indicate we are done so the firmware knows we gave
0974              * up.  If this was a REQ, we also need to re-enable
0975              * chip interrupts.
0976              */
0977             if (function == DRBL_FLASH_REQ) {
0978                 esas2r_hdebug("flash access timeout");
0979                 esas2r_write_register_dword(a, MU_DOORBELL_IN,
0980                                 DRBL_FLASH_DONE);
0981                 esas2r_enable_chip_interrupts(a);
0982             } else {
0983                 esas2r_hdebug("flash release timeout");
0984             }
0985 
0986             return false;
0987         }
0988     }
0989 
0990     /* if we're done, re-enable chip interrupts */
0991     if (function == DRBL_FLASH_DONE)
0992         esas2r_enable_chip_interrupts(a);
0993 
0994     return true;
0995 }
0996 
0997 #define WINDOW_SIZE ((signed int)MW_DATA_WINDOW_SIZE)
0998 
0999 bool esas2r_read_flash_block(struct esas2r_adapter *a,
1000                  void *to,
1001                  u32 from,
1002                  u32 size)
1003 {
1004     u8 *end = (u8 *)to;
1005 
1006     /* Try to acquire access to the flash */
1007     if (!esas2r_flash_access(a, DRBL_FLASH_REQ))
1008         return false;
1009 
1010     while (size) {
1011         u32 len;
1012         u32 offset;
1013         u32 iatvr;
1014 
1015         if (test_bit(AF2_SERIAL_FLASH, &a->flags2))
1016             iatvr = MW_DATA_ADDR_SER_FLASH + (from & -WINDOW_SIZE);
1017         else
1018             iatvr = MW_DATA_ADDR_PAR_FLASH + (from & -WINDOW_SIZE);
1019 
1020         esas2r_map_data_window(a, iatvr);
1021         offset = from & (WINDOW_SIZE - 1);
1022         len = size;
1023 
1024         if (len > WINDOW_SIZE - offset)
1025             len = WINDOW_SIZE - offset;
1026 
1027         from += len;
1028         size -= len;
1029 
1030         while (len--) {
1031             *end++ = esas2r_read_data_byte(a, offset);
1032             offset++;
1033         }
1034     }
1035 
1036     /* Release flash access */
1037     esas2r_flash_access(a, DRBL_FLASH_DONE);
1038     return true;
1039 }
1040 
1041 bool esas2r_read_flash_rev(struct esas2r_adapter *a)
1042 {
1043     u8 bytes[256];
1044     u16 *pw;
1045     u16 *pwstart;
1046     u16 type;
1047     u16 size;
1048     u32 sz;
1049 
1050     sz = sizeof(bytes);
1051     pw = (u16 *)(bytes + sz);
1052     pwstart = (u16 *)bytes + 2;
1053 
1054     if (!esas2r_read_flash_block(a, bytes, FLS_OFFSET_CPYR - sz, sz))
1055         goto invalid_rev;
1056 
1057     while (pw >= pwstart) {
1058         pw--;
1059         type = le16_to_cpu(*pw);
1060         pw--;
1061         size = le16_to_cpu(*pw);
1062         pw -= size / 2;
1063 
1064         if (type == FBT_CPYR
1065             || type == FBT_SETUP
1066             || pw < pwstart)
1067             continue;
1068 
1069         if (type == FBT_FLASH_VER)
1070             a->flash_ver = le32_to_cpu(*(u32 *)pw);
1071 
1072         break;
1073     }
1074 
1075 invalid_rev:
1076     return esas2r_print_flash_rev(a);
1077 }
1078 
1079 bool esas2r_print_flash_rev(struct esas2r_adapter *a)
1080 {
1081     u16 year = LOWORD(a->flash_ver);
1082     u8 day = LOBYTE(HIWORD(a->flash_ver));
1083     u8 month = HIBYTE(HIWORD(a->flash_ver));
1084 
1085     if (day == 0
1086         || month == 0
1087         || day > 31
1088         || month > 12
1089         || year < 2006
1090         || year > 9999) {
1091         strcpy(a->flash_rev, "not found");
1092         a->flash_ver = 0;
1093         return false;
1094     }
1095 
1096     sprintf(a->flash_rev, "%02d/%02d/%04d", month, day, year);
1097     esas2r_hdebug("flash version: %s", a->flash_rev);
1098     return true;
1099 }
1100 
1101 /*
1102  * Find the type of boot image type that is currently in the flash.
1103  * The chip only has a 64 KB PCI-e expansion ROM
1104  * size so only one image can be flashed at a time.
1105  */
1106 bool esas2r_read_image_type(struct esas2r_adapter *a)
1107 {
1108     u8 bytes[256];
1109     struct esas2r_boot_image *bi;
1110     struct esas2r_boot_header *bh;
1111     u32 sz;
1112     u32 len;
1113     u32 offset;
1114 
1115     /* Start at the base of the boot images and look for a valid image */
1116     sz = sizeof(bytes);
1117     len = FLS_LENGTH_BOOT;
1118     offset = 0;
1119 
1120     while (true) {
1121         if (!esas2r_read_flash_block(a, bytes, FLS_OFFSET_BOOT +
1122                          offset,
1123                          sz))
1124             goto invalid_rev;
1125 
1126         bi = (struct esas2r_boot_image *)bytes;
1127         bh = (struct esas2r_boot_header *)((u8 *)bi +
1128                            le16_to_cpu(
1129                                bi->header_offset));
1130         if (bi->signature != cpu_to_le16(0xAA55))
1131             goto invalid_rev;
1132 
1133         if (bh->code_type == CODE_TYPE_PC) {
1134             strcpy(a->image_type, "BIOS");
1135 
1136             return true;
1137         } else if (bh->code_type == CODE_TYPE_EFI) {
1138             struct esas2r_efi_image *ei;
1139 
1140             /*
1141              * So we have an EFI image.  There are several types
1142              * so see which architecture we have.
1143              */
1144             ei = (struct esas2r_efi_image *)bytes;
1145 
1146             switch (le16_to_cpu(ei->machine_type)) {
1147             case EFI_MACHINE_IA32:
1148                 strcpy(a->image_type, "EFI 32-bit");
1149                 return true;
1150 
1151             case EFI_MACHINE_IA64:
1152                 strcpy(a->image_type, "EFI itanium");
1153                 return true;
1154 
1155             case EFI_MACHINE_X64:
1156                 strcpy(a->image_type, "EFI 64-bit");
1157                 return true;
1158 
1159             case EFI_MACHINE_EBC:
1160                 strcpy(a->image_type, "EFI EBC");
1161                 return true;
1162 
1163             default:
1164                 goto invalid_rev;
1165             }
1166         } else {
1167             u32 thislen;
1168 
1169             /* jump to the next image */
1170             thislen = (u32)le16_to_cpu(bh->image_length) * 512;
1171             if (thislen == 0
1172                 || thislen + offset > len
1173                 || bh->indicator == INDICATOR_LAST)
1174                 break;
1175 
1176             offset += thislen;
1177         }
1178     }
1179 
1180 invalid_rev:
1181     strcpy(a->image_type, "no boot images");
1182     return false;
1183 }
1184 
1185 /*
1186  *  Read and validate current NVRAM parameters by accessing
1187  *  physical NVRAM directly.  if currently stored parameters are
1188  *  invalid, use the defaults.
1189  */
1190 bool esas2r_nvram_read_direct(struct esas2r_adapter *a)
1191 {
1192     bool result;
1193 
1194     if (down_interruptible(&a->nvram_semaphore))
1195         return false;
1196 
1197     if (!esas2r_read_flash_block(a, a->nvram, FLS_OFFSET_NVR,
1198                      sizeof(struct esas2r_sas_nvram))) {
1199         esas2r_hdebug("NVRAM read failed, using defaults");
1200         up(&a->nvram_semaphore);
1201         return false;
1202     }
1203 
1204     result = esas2r_nvram_validate(a);
1205 
1206     up(&a->nvram_semaphore);
1207 
1208     return result;
1209 }
1210 
1211 /* Interrupt callback to process NVRAM completions. */
1212 static void esas2r_nvram_callback(struct esas2r_adapter *a,
1213                   struct esas2r_request *rq)
1214 {
1215     struct atto_vda_flash_req *vrq = &rq->vrq->flash;
1216 
1217     if (rq->req_stat == RS_SUCCESS) {
1218         /* last request was successful.  see what to do now. */
1219 
1220         switch (vrq->sub_func) {
1221         case VDA_FLASH_BEGINW:
1222             vrq->sub_func = VDA_FLASH_WRITE;
1223             rq->req_stat = RS_PENDING;
1224             break;
1225 
1226         case VDA_FLASH_WRITE:
1227             vrq->sub_func = VDA_FLASH_COMMIT;
1228             rq->req_stat = RS_PENDING;
1229             break;
1230 
1231         case VDA_FLASH_READ:
1232             esas2r_nvram_validate(a);
1233             break;
1234 
1235         case VDA_FLASH_COMMIT:
1236         default:
1237             break;
1238         }
1239     }
1240 
1241     if (rq->req_stat != RS_PENDING) {
1242         /* update the NVRAM state */
1243         if (rq->req_stat == RS_SUCCESS)
1244             set_bit(AF_NVR_VALID, &a->flags);
1245         else
1246             clear_bit(AF_NVR_VALID, &a->flags);
1247 
1248         esas2r_enable_heartbeat(a);
1249 
1250         up(&a->nvram_semaphore);
1251     }
1252 }
1253 
1254 /*
1255  * Write the contents of nvram to the adapter's physical NVRAM.
1256  * The cached copy of the NVRAM is also updated.
1257  */
1258 bool esas2r_nvram_write(struct esas2r_adapter *a, struct esas2r_request *rq,
1259             struct esas2r_sas_nvram *nvram)
1260 {
1261     struct esas2r_sas_nvram *n = nvram;
1262     u8 sas_address_bytes[8];
1263     u32 *sas_address_dwords = (u32 *)&sas_address_bytes[0];
1264     struct atto_vda_flash_req *vrq = &rq->vrq->flash;
1265 
1266     if (test_bit(AF_DEGRADED_MODE, &a->flags))
1267         return false;
1268 
1269     if (down_interruptible(&a->nvram_semaphore))
1270         return false;
1271 
1272     if (n == NULL)
1273         n = a->nvram;
1274 
1275     /* check the validity of the settings */
1276     if (n->version > SASNVR_VERSION) {
1277         up(&a->nvram_semaphore);
1278         return false;
1279     }
1280 
1281     memcpy(&sas_address_bytes[0], n->sas_addr, 8);
1282 
1283     if (sas_address_bytes[0] != 0x50
1284         || sas_address_bytes[1] != 0x01
1285         || sas_address_bytes[2] != 0x08
1286         || (sas_address_bytes[3] & 0xF0) != 0x60
1287         || ((sas_address_bytes[3] & 0x0F) | sas_address_dwords[1]) == 0) {
1288         up(&a->nvram_semaphore);
1289         return false;
1290     }
1291 
1292     if (n->spin_up_delay > SASNVR_SPINUP_MAX)
1293         n->spin_up_delay = SASNVR_SPINUP_MAX;
1294 
1295     n->version = SASNVR_VERSION;
1296     n->checksum = n->checksum - esas2r_nvramcalc_cksum(n);
1297     memcpy(a->nvram, n, sizeof(struct esas2r_sas_nvram));
1298 
1299     /* write the NVRAM */
1300     n = a->nvram;
1301     esas2r_disable_heartbeat(a);
1302 
1303     esas2r_build_flash_req(a,
1304                    rq,
1305                    VDA_FLASH_BEGINW,
1306                    esas2r_nvramcalc_xor_cksum(n),
1307                    FLS_OFFSET_NVR,
1308                    sizeof(struct esas2r_sas_nvram));
1309 
1310     if (test_bit(AF_LEGACY_SGE_MODE, &a->flags)) {
1311 
1312         vrq->data.sge[0].length =
1313             cpu_to_le32(SGE_LAST |
1314                     sizeof(struct esas2r_sas_nvram));
1315         vrq->data.sge[0].address = cpu_to_le64(
1316             a->uncached_phys + (u64)((u8 *)n - a->uncached));
1317     } else {
1318         vrq->data.prde[0].ctl_len =
1319             cpu_to_le32(sizeof(struct esas2r_sas_nvram));
1320         vrq->data.prde[0].address = cpu_to_le64(
1321             a->uncached_phys
1322             + (u64)((u8 *)n - a->uncached));
1323     }
1324     rq->interrupt_cb = esas2r_nvram_callback;
1325     esas2r_start_request(a, rq);
1326     return true;
1327 }
1328 
1329 /* Validate the cached NVRAM.  if the NVRAM is invalid, load the defaults. */
1330 bool esas2r_nvram_validate(struct esas2r_adapter *a)
1331 {
1332     struct esas2r_sas_nvram *n = a->nvram;
1333     bool rslt = false;
1334 
1335     if (n->signature[0] != 'E'
1336         || n->signature[1] != 'S'
1337         || n->signature[2] != 'A'
1338         || n->signature[3] != 'S') {
1339         esas2r_hdebug("invalid NVRAM signature");
1340     } else if (esas2r_nvramcalc_cksum(n)) {
1341         esas2r_hdebug("invalid NVRAM checksum");
1342     } else if (n->version > SASNVR_VERSION) {
1343         esas2r_hdebug("invalid NVRAM version");
1344     } else {
1345         set_bit(AF_NVR_VALID, &a->flags);
1346         rslt = true;
1347     }
1348 
1349     if (rslt == false) {
1350         esas2r_hdebug("using defaults");
1351         esas2r_nvram_set_defaults(a);
1352     }
1353 
1354     return rslt;
1355 }
1356 
1357 /*
1358  * Set the cached NVRAM to defaults.  note that this function sets the default
1359  * NVRAM when it has been determined that the physical NVRAM is invalid.
1360  * In this case, the SAS address is fabricated.
1361  */
1362 void esas2r_nvram_set_defaults(struct esas2r_adapter *a)
1363 {
1364     struct esas2r_sas_nvram *n = a->nvram;
1365     u32 time = jiffies_to_msecs(jiffies);
1366 
1367     clear_bit(AF_NVR_VALID, &a->flags);
1368     *n = default_sas_nvram;
1369     n->sas_addr[3] |= 0x0F;
1370     n->sas_addr[4] = HIBYTE(LOWORD(time));
1371     n->sas_addr[5] = LOBYTE(LOWORD(time));
1372     n->sas_addr[6] = a->pcid->bus->number;
1373     n->sas_addr[7] = a->pcid->devfn;
1374 }
1375 
1376 void esas2r_nvram_get_defaults(struct esas2r_adapter *a,
1377                    struct esas2r_sas_nvram *nvram)
1378 {
1379     u8 sas_addr[8];
1380 
1381     /*
1382      * in case we are copying the defaults into the adapter, copy the SAS
1383      * address out first.
1384      */
1385     memcpy(&sas_addr[0], a->nvram->sas_addr, 8);
1386     *nvram = default_sas_nvram;
1387     memcpy(&nvram->sas_addr[0], &sas_addr[0], 8);
1388 }
1389 
1390 bool esas2r_fm_api(struct esas2r_adapter *a, struct esas2r_flash_img *fi,
1391            struct esas2r_request *rq, struct esas2r_sg_context *sgc)
1392 {
1393     struct esas2r_flash_context *fc = &a->flash_context;
1394     u8 j;
1395     struct esas2r_component_header *ch;
1396 
1397     if (test_and_set_bit(AF_FLASH_LOCK, &a->flags)) {
1398         /* flag was already set */
1399         fi->status = FI_STAT_BUSY;
1400         return false;
1401     }
1402 
1403     memcpy(&fc->sgc, sgc, sizeof(struct esas2r_sg_context));
1404     sgc = &fc->sgc;
1405     fc->fi = fi;
1406     fc->sgc_offset = sgc->cur_offset;
1407     rq->req_stat = RS_SUCCESS;
1408     rq->interrupt_cx = fc;
1409 
1410     switch (fi->fi_version) {
1411     case FI_VERSION_1:
1412         fc->scratch = ((struct esas2r_flash_img *)fi)->scratch_buf;
1413         fc->num_comps = FI_NUM_COMPS_V1;
1414         fc->fi_hdr_len = sizeof(struct esas2r_flash_img);
1415         break;
1416 
1417     default:
1418         return complete_fmapi_req(a, rq, FI_STAT_IMG_VER);
1419     }
1420 
1421     if (test_bit(AF_DEGRADED_MODE, &a->flags))
1422         return complete_fmapi_req(a, rq, FI_STAT_DEGRADED);
1423 
1424     switch (fi->action) {
1425     case FI_ACT_DOWN: /* Download the components */
1426         /* Verify the format of the flash image */
1427         if (!verify_fi(a, fc))
1428             return complete_fmapi_req(a, rq, fi->status);
1429 
1430         /* Adjust the BIOS fields that are dependent on the HBA */
1431         ch = &fi->cmp_hdr[CH_IT_BIOS];
1432 
1433         if (ch->length)
1434             fix_bios(a, fi);
1435 
1436         /* Adjust the EFI fields that are dependent on the HBA */
1437         ch = &fi->cmp_hdr[CH_IT_EFI];
1438 
1439         if (ch->length)
1440             fix_efi(a, fi);
1441 
1442         /*
1443          * Since the image was just modified, compute the checksum on
1444          * the modified image.  First update the CRC for the composite
1445          * expansion ROM image.
1446          */
1447         fi->checksum = calc_fi_checksum(fc);
1448 
1449         /* Disable the heartbeat */
1450         esas2r_disable_heartbeat(a);
1451 
1452         /* Now start up the download sequence */
1453         fc->task = FMTSK_ERASE_BOOT;
1454         fc->func = VDA_FLASH_BEGINW;
1455         fc->comp_typ = CH_IT_CFG;
1456         fc->flsh_addr = FLS_OFFSET_BOOT;
1457         fc->sgc.length = FLS_LENGTH_BOOT;
1458         fc->sgc.cur_offset = NULL;
1459 
1460         /* Setup the callback address */
1461         fc->interrupt_cb = fw_download_proc;
1462         break;
1463 
1464     case FI_ACT_UPSZ: /* Get upload sizes */
1465         fi->adap_typ = get_fi_adap_type(a);
1466         fi->flags = 0;
1467         fi->num_comps = fc->num_comps;
1468         fi->length = fc->fi_hdr_len;
1469 
1470         /* Report the type of boot image in the rel_version string */
1471         memcpy(fi->rel_version, a->image_type,
1472                sizeof(fi->rel_version));
1473 
1474         /* Build the component headers */
1475         for (j = 0, ch = fi->cmp_hdr;
1476              j < fi->num_comps;
1477              j++, ch++) {
1478             ch->img_type = j;
1479             ch->status = CH_STAT_PENDING;
1480             ch->length = 0;
1481             ch->version = 0xffffffff;
1482             ch->image_offset = 0;
1483             ch->pad[0] = 0;
1484             ch->pad[1] = 0;
1485         }
1486 
1487         if (a->flash_ver != 0) {
1488             fi->cmp_hdr[CH_IT_BIOS].version =
1489                 fi->cmp_hdr[CH_IT_MAC].version =
1490                     fi->cmp_hdr[CH_IT_EFI].version =
1491                         fi->cmp_hdr[CH_IT_CFG].version
1492                             = a->flash_ver;
1493 
1494             fi->cmp_hdr[CH_IT_BIOS].status =
1495                 fi->cmp_hdr[CH_IT_MAC].status =
1496                     fi->cmp_hdr[CH_IT_EFI].status =
1497                         fi->cmp_hdr[CH_IT_CFG].status =
1498                             CH_STAT_SUCCESS;
1499 
1500             return complete_fmapi_req(a, rq, FI_STAT_SUCCESS);
1501         }
1502 
1503         fallthrough;
1504 
1505     case FI_ACT_UP: /* Upload the components */
1506     default:
1507         return complete_fmapi_req(a, rq, FI_STAT_INVALID);
1508     }
1509 
1510     /*
1511      * If we make it here, fc has been setup to do the first task.  Call
1512      * load_image to format the request, start it, and get out.  The
1513      * interrupt code will call the callback when the first message is
1514      * complete.
1515      */
1516     if (!load_image(a, rq))
1517         return complete_fmapi_req(a, rq, FI_STAT_FAILED);
1518 
1519     esas2r_start_request(a, rq);
1520 
1521     return true;
1522 }