staging/greybus/bootrom.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * BOOTROM Greybus driver.
0004  *
0005  * Copyright 2016 Google Inc.
0006  * Copyright 2016 Linaro Ltd.
0007  */
0008
0009 #include <linux/firmware.h>
0010 #include <linux/jiffies.h>
0011 #include <linux/mutex.h>
0012 #include <linux/workqueue.h>
0013 #include <linux/greybus.h>
0014
0015 #include "firmware.h"
0016
0017 /* Timeout, in jiffies, within which the next request must be received */
0018 #define NEXT_REQ_TIMEOUT_MS 1000
0019
0020 /*
0021  * FIXME: Reduce this timeout once svc core handles parallel processing of
0022  * events from the SVC, which are handled sequentially today.
0023  */
0024 #define MODE_SWITCH_TIMEOUT_MS  10000
0025
0026 enum next_request_type {
0027     NEXT_REQ_FIRMWARE_SIZE,
0028     NEXT_REQ_GET_FIRMWARE,
0029     NEXT_REQ_READY_TO_BOOT,
0030     NEXT_REQ_MODE_SWITCH,
0031 };
0032
0033 struct gb_bootrom {
0034     struct gb_connection    *connection;
0035     const struct firmware   *fw;
0036     u8          protocol_major;
0037     u8          protocol_minor;
0038     enum next_request_type  next_request;
0039     struct delayed_work dwork;
0040     struct mutex        mutex; /* Protects bootrom->fw */
0041 };
0042
0043 static void free_firmware(struct gb_bootrom *bootrom)
0044 {
0045     if (!bootrom->fw)
0046         return;
0047
0048     release_firmware(bootrom->fw);
0049     bootrom->fw = NULL;
0050 }
0051
0052 static void gb_bootrom_timedout(struct work_struct *work)
0053 {
0054     struct delayed_work *dwork = to_delayed_work(work);
0055     struct gb_bootrom *bootrom = container_of(dwork,
0056                           struct gb_bootrom, dwork);
0057     struct device *dev = &bootrom->connection->bundle->dev;
0058     const char *reason;
0059
0060     switch (bootrom->next_request) {
0061     case NEXT_REQ_FIRMWARE_SIZE:
0062         reason = "Firmware Size Request";
0063         break;
0064     case NEXT_REQ_GET_FIRMWARE:
0065         reason = "Get Firmware Request";
0066         break;
0067     case NEXT_REQ_READY_TO_BOOT:
0068         reason = "Ready to Boot Request";
0069         break;
0070     case NEXT_REQ_MODE_SWITCH:
0071         reason = "Interface Mode Switch";
0072         break;
0073     default:
0074         reason = NULL;
0075         dev_err(dev, "Invalid next-request: %u", bootrom->next_request);
0076         break;
0077     }
0078
0079     dev_err(dev, "Timed out waiting for %s from the Module\n", reason);
0080
0081     mutex_lock(&bootrom->mutex);
0082     free_firmware(bootrom);
0083     mutex_unlock(&bootrom->mutex);
0084
0085     /* TODO: Power-off Module ? */
0086 }
0087
0088 static void gb_bootrom_set_timeout(struct gb_bootrom *bootrom,
0089                    enum next_request_type next,
0090                    unsigned long timeout)
0091 {
0092     bootrom->next_request = next;
0093     schedule_delayed_work(&bootrom->dwork, msecs_to_jiffies(timeout));
0094 }
0095
0096 static void gb_bootrom_cancel_timeout(struct gb_bootrom *bootrom)
0097 {
0098     cancel_delayed_work_sync(&bootrom->dwork);
0099 }
0100
0101 /*
0102  * The es2 chip doesn't have VID/PID programmed into the hardware and we need to
0103  * hack that up to distinguish different modules and their firmware blobs.
0104  *
0105  * This fetches VID/PID (over bootrom protocol) for es2 chip only, when VID/PID
0106  * already sent during hotplug are 0.
0107  *
0108  * Otherwise, we keep intf->vendor_id/product_id same as what's passed
0109  * during hotplug.
0110  */
0111 static void bootrom_es2_fixup_vid_pid(struct gb_bootrom *bootrom)
0112 {
0113     struct gb_bootrom_get_vid_pid_response response;
0114     struct gb_connection *connection = bootrom->connection;
0115     struct gb_interface *intf = connection->bundle->intf;
0116     int ret;
0117
0118     if (!(intf->quirks & GB_INTERFACE_QUIRK_NO_GMP_IDS))
0119         return;
0120
0121     ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_GET_VID_PID,
0122                 NULL, 0, &response, sizeof(response));
0123     if (ret) {
0124         dev_err(&connection->bundle->dev,
0125             "Bootrom get vid/pid operation failed (%d)\n", ret);
0126         return;
0127     }
0128
0129     /*
0130      * NOTE: This is hacked, so that the same values of VID/PID can be used
0131      * by next firmware level as well. The uevent for bootrom will still
0132      * have VID/PID as 0, though after this point the sysfs files will start
0133      * showing the updated values. But yeah, that's a bit racy as the same
0134      * sysfs files would be showing 0 before this point.
0135      */
0136     intf->vendor_id = le32_to_cpu(response.vendor_id);
0137     intf->product_id = le32_to_cpu(response.product_id);
0138
0139     dev_dbg(&connection->bundle->dev, "Bootrom got vid (0x%x)/pid (0x%x)\n",
0140         intf->vendor_id, intf->product_id);
0141 }
0142
0143 /* This returns path of the firmware blob on the disk */
0144 static int find_firmware(struct gb_bootrom *bootrom, u8 stage)
0145 {
0146     struct gb_connection *connection = bootrom->connection;
0147     struct gb_interface *intf = connection->bundle->intf;
0148     char firmware_name[49];
0149     int rc;
0150
0151     /* Already have a firmware, free it */
0152     free_firmware(bootrom);
0153
0154     /* Bootrom protocol is only supported for loading Stage 2 firmware */
0155     if (stage != 2) {
0156         dev_err(&connection->bundle->dev, "Invalid boot stage: %u\n",
0157             stage);
0158         return -EINVAL;
0159     }
0160
0161     /*
0162      * Create firmware name
0163      *
0164      * XXX Name it properly..
0165      */
0166     snprintf(firmware_name, sizeof(firmware_name),
0167          FW_NAME_PREFIX "%08x_%08x_%08x_%08x_s2l.tftf",
0168          intf->ddbl1_manufacturer_id, intf->ddbl1_product_id,
0169          intf->vendor_id, intf->product_id);
0170
0171     // FIXME:
0172     // Turn to dev_dbg later after everyone has valid bootloaders with good
0173     // ids, but leave this as dev_info for now to make it easier to track
0174     // down "empty" vid/pid modules.
0175     dev_info(&connection->bundle->dev, "Firmware file '%s' requested\n",
0176          firmware_name);
0177
0178     rc = request_firmware(&bootrom->fw, firmware_name,
0179                   &connection->bundle->dev);
0180     if (rc) {
0181         dev_err(&connection->bundle->dev,
0182             "failed to find %s firmware (%d)\n", firmware_name, rc);
0183     }
0184
0185     return rc;
0186 }
0187
0188 static int gb_bootrom_firmware_size_request(struct gb_operation *op)
0189 {
0190     struct gb_bootrom *bootrom = gb_connection_get_data(op->connection);
0191     struct gb_bootrom_firmware_size_request *size_request =
0192         op->request->payload;
0193     struct gb_bootrom_firmware_size_response *size_response;
0194     struct device *dev = &op->connection->bundle->dev;
0195     int ret;
0196
0197     /* Disable timeouts */
0198     gb_bootrom_cancel_timeout(bootrom);
0199
0200     if (op->request->payload_size != sizeof(*size_request)) {
0201         dev_err(dev, "%s: illegal size of firmware size request (%zu != %zu)\n",
0202             __func__, op->request->payload_size,
0203             sizeof(*size_request));
0204         ret = -EINVAL;
0205         goto queue_work;
0206     }
0207
0208     mutex_lock(&bootrom->mutex);
0209
0210     ret = find_firmware(bootrom, size_request->stage);
0211     if (ret)
0212         goto unlock;
0213
0214     if (!gb_operation_response_alloc(op, sizeof(*size_response),
0215                      GFP_KERNEL)) {
0216         dev_err(dev, "%s: error allocating response\n", __func__);
0217         free_firmware(bootrom);
0218         ret = -ENOMEM;
0219         goto unlock;
0220     }
0221
0222     size_response = op->response->payload;
0223     size_response->size = cpu_to_le32(bootrom->fw->size);
0224
0225     dev_dbg(dev, "%s: firmware size %d bytes\n",
0226         __func__, size_response->size);
0227
0228 unlock:
0229     mutex_unlock(&bootrom->mutex);
0230
0231 queue_work:
0232     if (!ret) {
0233         /* Refresh timeout */
0234         gb_bootrom_set_timeout(bootrom, NEXT_REQ_GET_FIRMWARE,
0235                        NEXT_REQ_TIMEOUT_MS);
0236     }
0237
0238     return ret;
0239 }
0240
0241 static int gb_bootrom_get_firmware(struct gb_operation *op)
0242 {
0243     struct gb_bootrom *bootrom = gb_connection_get_data(op->connection);
0244     const struct firmware *fw;
0245     struct gb_bootrom_get_firmware_request *firmware_request;
0246     struct gb_bootrom_get_firmware_response *firmware_response;
0247     struct device *dev = &op->connection->bundle->dev;
0248     unsigned int offset, size;
0249     enum next_request_type next_request;
0250     int ret = 0;
0251
0252     /* Disable timeouts */
0253     gb_bootrom_cancel_timeout(bootrom);
0254
0255     if (op->request->payload_size != sizeof(*firmware_request)) {
0256         dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n",
0257             __func__, op->request->payload_size,
0258             sizeof(*firmware_request));
0259         ret = -EINVAL;
0260         goto queue_work;
0261     }
0262
0263     mutex_lock(&bootrom->mutex);
0264
0265     fw = bootrom->fw;
0266     if (!fw) {
0267         dev_err(dev, "%s: firmware not available\n", __func__);
0268         ret = -EINVAL;
0269         goto unlock;
0270     }
0271
0272     firmware_request = op->request->payload;
0273     offset = le32_to_cpu(firmware_request->offset);
0274     size = le32_to_cpu(firmware_request->size);
0275
0276     if (offset >= fw->size || size > fw->size - offset) {
0277         dev_warn(dev, "bad firmware request (offs = %u, size = %u)\n",
0278              offset, size);
0279         ret = -EINVAL;
0280         goto unlock;
0281     }
0282
0283     if (!gb_operation_response_alloc(op, sizeof(*firmware_response) + size,
0284                      GFP_KERNEL)) {
0285         dev_err(dev, "%s: error allocating response\n", __func__);
0286         ret = -ENOMEM;
0287         goto unlock;
0288     }
0289
0290     firmware_response = op->response->payload;
0291     memcpy(firmware_response->data, fw->data + offset, size);
0292
0293     dev_dbg(dev, "responding with firmware (offs = %u, size = %u)\n",
0294         offset, size);
0295
0296 unlock:
0297     mutex_unlock(&bootrom->mutex);
0298
0299 queue_work:
0300     /* Refresh timeout */
0301     if (!ret && (offset + size == fw->size))
0302         next_request = NEXT_REQ_READY_TO_BOOT;
0303     else
0304         next_request = NEXT_REQ_GET_FIRMWARE;
0305
0306     gb_bootrom_set_timeout(bootrom, next_request, NEXT_REQ_TIMEOUT_MS);
0307
0308     return ret;
0309 }
0310
0311 static int gb_bootrom_ready_to_boot(struct gb_operation *op)
0312 {
0313     struct gb_connection *connection = op->connection;
0314     struct gb_bootrom *bootrom = gb_connection_get_data(connection);
0315     struct gb_bootrom_ready_to_boot_request *rtb_request;
0316     struct device *dev = &connection->bundle->dev;
0317     u8 status;
0318     int ret = 0;
0319
0320     /* Disable timeouts */
0321     gb_bootrom_cancel_timeout(bootrom);
0322
0323     if (op->request->payload_size != sizeof(*rtb_request)) {
0324         dev_err(dev, "%s: Illegal size of ready to boot request (%zu %zu)\n",
0325             __func__, op->request->payload_size,
0326             sizeof(*rtb_request));
0327         ret = -EINVAL;
0328         goto queue_work;
0329     }
0330
0331     rtb_request = op->request->payload;
0332     status = rtb_request->status;
0333
0334     /* Return error if the blob was invalid */
0335     if (status == GB_BOOTROM_BOOT_STATUS_INVALID) {
0336         ret = -EINVAL;
0337         goto queue_work;
0338     }
0339
0340     /*
0341      * XXX Should we return error for insecure firmware?
0342      */
0343     dev_dbg(dev, "ready to boot: 0x%x, 0\n", status);
0344
0345 queue_work:
0346     /*
0347      * Refresh timeout, the Interface shall load the new personality and
0348      * send a new hotplug request, which shall get rid of the bootrom
0349      * connection. As that can take some time, increase the timeout a bit.
0350      */
0351     gb_bootrom_set_timeout(bootrom, NEXT_REQ_MODE_SWITCH,
0352                    MODE_SWITCH_TIMEOUT_MS);
0353
0354     return ret;
0355 }
0356
0357 static int gb_bootrom_request_handler(struct gb_operation *op)
0358 {
0359     u8 type = op->type;
0360
0361     switch (type) {
0362     case GB_BOOTROM_TYPE_FIRMWARE_SIZE:
0363         return gb_bootrom_firmware_size_request(op);
0364     case GB_BOOTROM_TYPE_GET_FIRMWARE:
0365         return gb_bootrom_get_firmware(op);
0366     case GB_BOOTROM_TYPE_READY_TO_BOOT:
0367         return gb_bootrom_ready_to_boot(op);
0368     default:
0369         dev_err(&op->connection->bundle->dev,
0370             "unsupported request: %u\n", type);
0371         return -EINVAL;
0372     }
0373 }
0374
0375 static int gb_bootrom_get_version(struct gb_bootrom *bootrom)
0376 {
0377     struct gb_bundle *bundle = bootrom->connection->bundle;
0378     struct gb_bootrom_version_request request;
0379     struct gb_bootrom_version_response response;
0380     int ret;
0381
0382     request.major = GB_BOOTROM_VERSION_MAJOR;
0383     request.minor = GB_BOOTROM_VERSION_MINOR;
0384
0385     ret = gb_operation_sync(bootrom->connection,
0386                 GB_BOOTROM_TYPE_VERSION,
0387                 &request, sizeof(request), &response,
0388                 sizeof(response));
0389     if (ret) {
0390         dev_err(&bundle->dev,
0391             "failed to get protocol version: %d\n",
0392             ret);
0393         return ret;
0394     }
0395
0396     if (response.major > request.major) {
0397         dev_err(&bundle->dev,
0398             "unsupported major protocol version (%u > %u)\n",
0399             response.major, request.major);
0400         return -ENOTSUPP;
0401     }
0402
0403     bootrom->protocol_major = response.major;
0404     bootrom->protocol_minor = response.minor;
0405
0406     dev_dbg(&bundle->dev, "%s - %u.%u\n", __func__, response.major,
0407         response.minor);
0408
0409     return 0;
0410 }
0411
0412 static int gb_bootrom_probe(struct gb_bundle *bundle,
0413                 const struct greybus_bundle_id *id)
0414 {
0415     struct greybus_descriptor_cport *cport_desc;
0416     struct gb_connection *connection;
0417     struct gb_bootrom *bootrom;
0418     int ret;
0419
0420     if (bundle->num_cports != 1)
0421         return -ENODEV;
0422
0423     cport_desc = &bundle->cport_desc[0];
0424     if (cport_desc->protocol_id != GREYBUS_PROTOCOL_BOOTROM)
0425         return -ENODEV;
0426
0427     bootrom = kzalloc(sizeof(*bootrom), GFP_KERNEL);
0428     if (!bootrom)
0429         return -ENOMEM;
0430
0431     connection = gb_connection_create(bundle,
0432                       le16_to_cpu(cport_desc->id),
0433                       gb_bootrom_request_handler);
0434     if (IS_ERR(connection)) {
0435         ret = PTR_ERR(connection);
0436         goto err_free_bootrom;
0437     }
0438
0439     gb_connection_set_data(connection, bootrom);
0440
0441     bootrom->connection = connection;
0442
0443     mutex_init(&bootrom->mutex);
0444     INIT_DELAYED_WORK(&bootrom->dwork, gb_bootrom_timedout);
0445     greybus_set_drvdata(bundle, bootrom);
0446
0447     ret = gb_connection_enable_tx(connection);
0448     if (ret)
0449         goto err_connection_destroy;
0450
0451     ret = gb_bootrom_get_version(bootrom);
0452     if (ret)
0453         goto err_connection_disable;
0454
0455     bootrom_es2_fixup_vid_pid(bootrom);
0456
0457     ret = gb_connection_enable(connection);
0458     if (ret)
0459         goto err_connection_disable;
0460
0461     /* Refresh timeout */
0462     gb_bootrom_set_timeout(bootrom, NEXT_REQ_FIRMWARE_SIZE,
0463                    NEXT_REQ_TIMEOUT_MS);
0464
0465     /* Tell bootrom we're ready. */
0466     ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_AP_READY, NULL, 0,
0467                 NULL, 0);
0468     if (ret) {
0469         dev_err(&connection->bundle->dev,
0470             "failed to send AP READY: %d\n", ret);
0471         goto err_cancel_timeout;
0472     }
0473
0474     dev_dbg(&bundle->dev, "AP_READY sent\n");
0475
0476     return 0;
0477
0478 err_cancel_timeout:
0479     gb_bootrom_cancel_timeout(bootrom);
0480 err_connection_disable:
0481     gb_connection_disable(connection);
0482 err_connection_destroy:
0483     gb_connection_destroy(connection);
0484 err_free_bootrom:
0485     kfree(bootrom);
0486
0487     return ret;
0488 }
0489
0490 static void gb_bootrom_disconnect(struct gb_bundle *bundle)
0491 {
0492     struct gb_bootrom *bootrom = greybus_get_drvdata(bundle);
0493
0494     dev_dbg(&bundle->dev, "%s\n", __func__);
0495
0496     gb_connection_disable(bootrom->connection);
0497
0498     /* Disable timeouts */
0499     gb_bootrom_cancel_timeout(bootrom);
0500
0501     /*
0502      * Release firmware:
0503      *
0504      * As the connection and the delayed work are already disabled, we don't
0505      * need to lock access to bootrom->fw here.
0506      */
0507     free_firmware(bootrom);
0508
0509     gb_connection_destroy(bootrom->connection);
0510     kfree(bootrom);
0511 }
0512
0513 static const struct greybus_bundle_id gb_bootrom_id_table[] = {
0514     { GREYBUS_DEVICE_CLASS(GREYBUS_CLASS_BOOTROM) },
0515     { }
0516 };
0517
0518 static struct greybus_driver gb_bootrom_driver = {
0519     .name       = "bootrom",
0520     .probe      = gb_bootrom_probe,
0521     .disconnect = gb_bootrom_disconnect,
0522     .id_table   = gb_bootrom_id_table,
0523 };
0524
0525 module_greybus_driver(gb_bootrom_driver);
0526
0527 MODULE_LICENSE("GPL v2");