staging/greybus/fw-download.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * Greybus Firmware Download Protocol Driver.
0004  *
0005  * Copyright 2016 Google Inc.
0006  * Copyright 2016 Linaro Ltd.
0007  */
0008
0009 #include <linux/firmware.h>
0010 #include <linux/jiffies.h>
0011 #include <linux/mutex.h>
0012 #include <linux/workqueue.h>
0013 #include <linux/greybus.h>
0014 #include "firmware.h"
0015
0016 /* Estimated minimum buffer size, actual size can be smaller than this */
0017 #define MIN_FETCH_SIZE      512
0018 /* Timeout, in jiffies, within which fetch or release firmware must be called */
0019 #define NEXT_REQ_TIMEOUT_J  msecs_to_jiffies(1000)
0020
0021 struct fw_request {
0022     u8          firmware_id;
0023     bool            disabled;
0024     bool            timedout;
0025     char            name[FW_NAME_SIZE];
0026     const struct firmware   *fw;
0027     struct list_head    node;
0028
0029     struct delayed_work dwork;
0030     /* Timeout, in jiffies, within which the firmware shall download */
0031     unsigned long       release_timeout_j;
0032     struct kref     kref;
0033     struct fw_download  *fw_download;
0034 };
0035
0036 struct fw_download {
0037     struct device       *parent;
0038     struct gb_connection    *connection;
0039     struct list_head    fw_requests;
0040     struct ida      id_map;
0041     struct mutex        mutex;
0042 };
0043
0044 static void fw_req_release(struct kref *kref)
0045 {
0046     struct fw_request *fw_req = container_of(kref, struct fw_request, kref);
0047
0048     dev_dbg(fw_req->fw_download->parent, "firmware %s released\n",
0049         fw_req->name);
0050
0051     release_firmware(fw_req->fw);
0052
0053     /*
0054      * The request timed out and the module may send a fetch-fw or
0055      * release-fw request later. Lets block the id we allocated for this
0056      * request, so that the AP doesn't refer to a later fw-request (with
0057      * same firmware_id) for the old timedout fw-request.
0058      *
0059      * NOTE:
0060      *
0061      * This also means that after 255 timeouts we will fail to service new
0062      * firmware downloads. But what else can we do in that case anyway? Lets
0063      * just hope that it never happens.
0064      */
0065     if (!fw_req->timedout)
0066         ida_simple_remove(&fw_req->fw_download->id_map,
0067                   fw_req->firmware_id);
0068
0069     kfree(fw_req);
0070 }
0071
0072 /*
0073  * Incoming requests are serialized for a connection, and the only race possible
0074  * is between the timeout handler freeing this and an incoming request.
0075  *
0076  * The operations on the fw-request list are protected by the mutex and
0077  * get_fw_req() increments the reference count before returning a fw_req pointer
0078  * to the users.
0079  *
0080  * free_firmware() also takes the mutex while removing an entry from the list,
0081  * it guarantees that every user of fw_req has taken a kref-reference by now and
0082  * we wouldn't have any new users.
0083  *
0084  * Once the last user drops the reference, the fw_req structure is freed.
0085  */
0086 static void put_fw_req(struct fw_request *fw_req)
0087 {
0088     kref_put(&fw_req->kref, fw_req_release);
0089 }
0090
0091 /* Caller must call put_fw_req() after using struct fw_request */
0092 static struct fw_request *get_fw_req(struct fw_download *fw_download,
0093                      u8 firmware_id)
0094 {
0095     struct fw_request *fw_req;
0096
0097     mutex_lock(&fw_download->mutex);
0098
0099     list_for_each_entry(fw_req, &fw_download->fw_requests, node) {
0100         if (fw_req->firmware_id == firmware_id) {
0101             kref_get(&fw_req->kref);
0102             goto unlock;
0103         }
0104     }
0105
0106     fw_req = NULL;
0107
0108 unlock:
0109     mutex_unlock(&fw_download->mutex);
0110
0111     return fw_req;
0112 }
0113
0114 static void free_firmware(struct fw_download *fw_download,
0115               struct fw_request *fw_req)
0116 {
0117     /* Already disabled from timeout handlers */
0118     if (fw_req->disabled)
0119         return;
0120
0121     mutex_lock(&fw_download->mutex);
0122     list_del(&fw_req->node);
0123     mutex_unlock(&fw_download->mutex);
0124
0125     fw_req->disabled = true;
0126     put_fw_req(fw_req);
0127 }
0128
0129 static void fw_request_timedout(struct work_struct *work)
0130 {
0131     struct delayed_work *dwork = to_delayed_work(work);
0132     struct fw_request *fw_req = container_of(dwork,
0133                          struct fw_request, dwork);
0134     struct fw_download *fw_download = fw_req->fw_download;
0135
0136     dev_err(fw_download->parent,
0137         "Timed out waiting for fetch / release firmware requests: %u\n",
0138         fw_req->firmware_id);
0139
0140     fw_req->timedout = true;
0141     free_firmware(fw_download, fw_req);
0142 }
0143
0144 static int exceeds_release_timeout(struct fw_request *fw_req)
0145 {
0146     struct fw_download *fw_download = fw_req->fw_download;
0147
0148     if (time_before(jiffies, fw_req->release_timeout_j))
0149         return 0;
0150
0151     dev_err(fw_download->parent,
0152         "Firmware download didn't finish in time, abort: %d\n",
0153         fw_req->firmware_id);
0154
0155     fw_req->timedout = true;
0156     free_firmware(fw_download, fw_req);
0157
0158     return -ETIMEDOUT;
0159 }
0160
0161 /* This returns path of the firmware blob on the disk */
0162 static struct fw_request *find_firmware(struct fw_download *fw_download,
0163                     const char *tag)
0164 {
0165     struct gb_interface *intf = fw_download->connection->bundle->intf;
0166     struct fw_request *fw_req;
0167     int ret, req_count;
0168
0169     fw_req = kzalloc(sizeof(*fw_req), GFP_KERNEL);
0170     if (!fw_req)
0171         return ERR_PTR(-ENOMEM);
0172
0173     /* Allocate ids from 1 to 255 (u8-max), 0 is an invalid id */
0174     ret = ida_simple_get(&fw_download->id_map, 1, 256, GFP_KERNEL);
0175     if (ret < 0) {
0176         dev_err(fw_download->parent,
0177             "failed to allocate firmware id (%d)\n", ret);
0178         goto err_free_req;
0179     }
0180     fw_req->firmware_id = ret;
0181
0182     snprintf(fw_req->name, sizeof(fw_req->name),
0183          FW_NAME_PREFIX "%08x_%08x_%08x_%08x_%s.tftf",
0184          intf->ddbl1_manufacturer_id, intf->ddbl1_product_id,
0185          intf->vendor_id, intf->product_id, tag);
0186
0187     dev_info(fw_download->parent, "Requested firmware package '%s'\n",
0188          fw_req->name);
0189
0190     ret = request_firmware(&fw_req->fw, fw_req->name, fw_download->parent);
0191     if (ret) {
0192         dev_err(fw_download->parent,
0193             "firmware request failed for %s (%d)\n", fw_req->name,
0194             ret);
0195         goto err_free_id;
0196     }
0197
0198     fw_req->fw_download = fw_download;
0199     kref_init(&fw_req->kref);
0200
0201     mutex_lock(&fw_download->mutex);
0202     list_add(&fw_req->node, &fw_download->fw_requests);
0203     mutex_unlock(&fw_download->mutex);
0204
0205     /* Timeout, in jiffies, within which firmware should get loaded */
0206     req_count = DIV_ROUND_UP(fw_req->fw->size, MIN_FETCH_SIZE);
0207     fw_req->release_timeout_j = jiffies + req_count * NEXT_REQ_TIMEOUT_J;
0208
0209     INIT_DELAYED_WORK(&fw_req->dwork, fw_request_timedout);
0210     schedule_delayed_work(&fw_req->dwork, NEXT_REQ_TIMEOUT_J);
0211
0212     return fw_req;
0213
0214 err_free_id:
0215     ida_simple_remove(&fw_download->id_map, fw_req->firmware_id);
0216 err_free_req:
0217     kfree(fw_req);
0218
0219     return ERR_PTR(ret);
0220 }
0221
0222 static int fw_download_find_firmware(struct gb_operation *op)
0223 {
0224     struct gb_connection *connection = op->connection;
0225     struct fw_download *fw_download = gb_connection_get_data(connection);
0226     struct gb_fw_download_find_firmware_request *request;
0227     struct gb_fw_download_find_firmware_response *response;
0228     struct fw_request *fw_req;
0229     const char *tag;
0230
0231     if (op->request->payload_size != sizeof(*request)) {
0232         dev_err(fw_download->parent,
0233             "illegal size of find firmware request (%zu != %zu)\n",
0234             op->request->payload_size, sizeof(*request));
0235         return -EINVAL;
0236     }
0237
0238     request = op->request->payload;
0239     tag = (const char *)request->firmware_tag;
0240
0241     /* firmware_tag must be null-terminated */
0242     if (strnlen(tag, GB_FIRMWARE_TAG_MAX_SIZE) ==
0243         GB_FIRMWARE_TAG_MAX_SIZE) {
0244         dev_err(fw_download->parent,
0245             "firmware-tag is not null-terminated\n");
0246         return -EINVAL;
0247     }
0248
0249     fw_req = find_firmware(fw_download, tag);
0250     if (IS_ERR(fw_req))
0251         return PTR_ERR(fw_req);
0252
0253     if (!gb_operation_response_alloc(op, sizeof(*response), GFP_KERNEL)) {
0254         dev_err(fw_download->parent, "error allocating response\n");
0255         free_firmware(fw_download, fw_req);
0256         return -ENOMEM;
0257     }
0258
0259     response = op->response->payload;
0260     response->firmware_id = fw_req->firmware_id;
0261     response->size = cpu_to_le32(fw_req->fw->size);
0262
0263     dev_dbg(fw_download->parent,
0264         "firmware size is %zu bytes\n", fw_req->fw->size);
0265
0266     return 0;
0267 }
0268
0269 static int fw_download_fetch_firmware(struct gb_operation *op)
0270 {
0271     struct gb_connection *connection = op->connection;
0272     struct fw_download *fw_download = gb_connection_get_data(connection);
0273     struct gb_fw_download_fetch_firmware_request *request;
0274     struct gb_fw_download_fetch_firmware_response *response;
0275     struct fw_request *fw_req;
0276     const struct firmware *fw;
0277     unsigned int offset, size;
0278     u8 firmware_id;
0279     int ret = 0;
0280
0281     if (op->request->payload_size != sizeof(*request)) {
0282         dev_err(fw_download->parent,
0283             "Illegal size of fetch firmware request (%zu %zu)\n",
0284             op->request->payload_size, sizeof(*request));
0285         return -EINVAL;
0286     }
0287
0288     request = op->request->payload;
0289     offset = le32_to_cpu(request->offset);
0290     size = le32_to_cpu(request->size);
0291     firmware_id = request->firmware_id;
0292
0293     fw_req = get_fw_req(fw_download, firmware_id);
0294     if (!fw_req) {
0295         dev_err(fw_download->parent,
0296             "firmware not available for id: %02u\n", firmware_id);
0297         return -EINVAL;
0298     }
0299
0300     /* Make sure work handler isn't running in parallel */
0301     cancel_delayed_work_sync(&fw_req->dwork);
0302
0303     /* We timed-out before reaching here ? */
0304     if (fw_req->disabled) {
0305         ret = -ETIMEDOUT;
0306         goto put_fw;
0307     }
0308
0309     /*
0310      * Firmware download must finish within a limited time interval. If it
0311      * doesn't, then we might have a buggy Module on the other side. Abort
0312      * download.
0313      */
0314     ret = exceeds_release_timeout(fw_req);
0315     if (ret)
0316         goto put_fw;
0317
0318     fw = fw_req->fw;
0319
0320     if (offset >= fw->size || size > fw->size - offset) {
0321         dev_err(fw_download->parent,
0322             "bad fetch firmware request (offs = %u, size = %u)\n",
0323             offset, size);
0324         ret = -EINVAL;
0325         goto put_fw;
0326     }
0327
0328     if (!gb_operation_response_alloc(op, sizeof(*response) + size,
0329                      GFP_KERNEL)) {
0330         dev_err(fw_download->parent,
0331             "error allocating fetch firmware response\n");
0332         ret = -ENOMEM;
0333         goto put_fw;
0334     }
0335
0336     response = op->response->payload;
0337     memcpy(response->data, fw->data + offset, size);
0338
0339     dev_dbg(fw_download->parent,
0340         "responding with firmware (offs = %u, size = %u)\n", offset,
0341         size);
0342
0343     /* Refresh timeout */
0344     schedule_delayed_work(&fw_req->dwork, NEXT_REQ_TIMEOUT_J);
0345
0346 put_fw:
0347     put_fw_req(fw_req);
0348
0349     return ret;
0350 }
0351
0352 static int fw_download_release_firmware(struct gb_operation *op)
0353 {
0354     struct gb_connection *connection = op->connection;
0355     struct fw_download *fw_download = gb_connection_get_data(connection);
0356     struct gb_fw_download_release_firmware_request *request;
0357     struct fw_request *fw_req;
0358     u8 firmware_id;
0359
0360     if (op->request->payload_size != sizeof(*request)) {
0361         dev_err(fw_download->parent,
0362             "Illegal size of release firmware request (%zu %zu)\n",
0363             op->request->payload_size, sizeof(*request));
0364         return -EINVAL;
0365     }
0366
0367     request = op->request->payload;
0368     firmware_id = request->firmware_id;
0369
0370     fw_req = get_fw_req(fw_download, firmware_id);
0371     if (!fw_req) {
0372         dev_err(fw_download->parent,
0373             "firmware not available for id: %02u\n", firmware_id);
0374         return -EINVAL;
0375     }
0376
0377     cancel_delayed_work_sync(&fw_req->dwork);
0378
0379     free_firmware(fw_download, fw_req);
0380     put_fw_req(fw_req);
0381
0382     dev_dbg(fw_download->parent, "release firmware\n");
0383
0384     return 0;
0385 }
0386
0387 int gb_fw_download_request_handler(struct gb_operation *op)
0388 {
0389     u8 type = op->type;
0390
0391     switch (type) {
0392     case GB_FW_DOWNLOAD_TYPE_FIND_FIRMWARE:
0393         return fw_download_find_firmware(op);
0394     case GB_FW_DOWNLOAD_TYPE_FETCH_FIRMWARE:
0395         return fw_download_fetch_firmware(op);
0396     case GB_FW_DOWNLOAD_TYPE_RELEASE_FIRMWARE:
0397         return fw_download_release_firmware(op);
0398     default:
0399         dev_err(&op->connection->bundle->dev,
0400             "unsupported request: %u\n", type);
0401         return -EINVAL;
0402     }
0403 }
0404
0405 int gb_fw_download_connection_init(struct gb_connection *connection)
0406 {
0407     struct fw_download *fw_download;
0408     int ret;
0409
0410     if (!connection)
0411         return 0;
0412
0413     fw_download = kzalloc(sizeof(*fw_download), GFP_KERNEL);
0414     if (!fw_download)
0415         return -ENOMEM;
0416
0417     fw_download->parent = &connection->bundle->dev;
0418     INIT_LIST_HEAD(&fw_download->fw_requests);
0419     ida_init(&fw_download->id_map);
0420     gb_connection_set_data(connection, fw_download);
0421     fw_download->connection = connection;
0422     mutex_init(&fw_download->mutex);
0423
0424     ret = gb_connection_enable(connection);
0425     if (ret)
0426         goto err_destroy_id_map;
0427
0428     return 0;
0429
0430 err_destroy_id_map:
0431     ida_destroy(&fw_download->id_map);
0432     kfree(fw_download);
0433
0434     return ret;
0435 }
0436
0437 void gb_fw_download_connection_exit(struct gb_connection *connection)
0438 {
0439     struct fw_download *fw_download;
0440     struct fw_request *fw_req, *tmp;
0441
0442     if (!connection)
0443         return;
0444
0445     fw_download = gb_connection_get_data(connection);
0446     gb_connection_disable(fw_download->connection);
0447
0448     /*
0449      * Make sure we have a reference to the pending requests, before they
0450      * are freed from the timeout handler.
0451      */
0452     mutex_lock(&fw_download->mutex);
0453     list_for_each_entry(fw_req, &fw_download->fw_requests, node)
0454         kref_get(&fw_req->kref);
0455     mutex_unlock(&fw_download->mutex);
0456
0457     /* Release pending firmware packages */
0458     list_for_each_entry_safe(fw_req, tmp, &fw_download->fw_requests, node) {
0459         cancel_delayed_work_sync(&fw_req->dwork);
0460         free_firmware(fw_download, fw_req);
0461         put_fw_req(fw_req);
0462     }
0463
0464     ida_destroy(&fw_download->id_map);
0465     kfree(fw_download);
0466 }