1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
4 *
5 */
6
7 #include <linux/delay.h>
8 #include <linux/device.h>
9 #include <linux/dma-direction.h>
10 #include <linux/dma-mapping.h>
11 #include <linux/firmware.h>
12 #include <linux/interrupt.h>
13 #include <linux/list.h>
14 #include <linux/mhi.h>
15 #include <linux/module.h>
16 #include <linux/random.h>
17 #include <linux/slab.h>
18 #include <linux/wait.h>
19 #include "internal.h"
20
21 /* Setup RDDM vector table for RDDM transfer and program RXVEC */
mhi_rddm_prepare(struct mhi_controller * mhi_cntrl,struct image_info * img_info)22 int mhi_rddm_prepare(struct mhi_controller *mhi_cntrl,
23 struct image_info *img_info)
24 {
25 struct mhi_buf *mhi_buf = img_info->mhi_buf;
26 struct bhi_vec_entry *bhi_vec = img_info->bhi_vec;
27 void __iomem *base = mhi_cntrl->bhie;
28 struct device *dev = &mhi_cntrl->mhi_dev->dev;
29 u32 sequence_id;
30 unsigned int i;
31 int ret;
32
33 for (i = 0; i < img_info->entries - 1; i++, mhi_buf++, bhi_vec++) {
34 bhi_vec->dma_addr = cpu_to_le64(mhi_buf->dma_addr);
35 bhi_vec->size = cpu_to_le64(mhi_buf->len);
36 }
37
38 dev_dbg(dev, "BHIe programming for RDDM\n");
39
40 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECADDR_HIGH_OFFS,
41 upper_32_bits(mhi_buf->dma_addr));
42
43 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECADDR_LOW_OFFS,
44 lower_32_bits(mhi_buf->dma_addr));
45
46 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECSIZE_OFFS, mhi_buf->len);
47 sequence_id = MHI_RANDOM_U32_NONZERO(BHIE_RXVECSTATUS_SEQNUM_BMSK);
48
49 ret = mhi_write_reg_field(mhi_cntrl, base, BHIE_RXVECDB_OFFS,
50 BHIE_RXVECDB_SEQNUM_BMSK, sequence_id);
51 if (ret) {
52 dev_err(dev, "Failed to write sequence ID for BHIE_RXVECDB\n");
53 return ret;
54 }
55
56 dev_dbg(dev, "Address: %p and len: 0x%zx sequence: %u\n",
57 &mhi_buf->dma_addr, mhi_buf->len, sequence_id);
58
59 return 0;
60 }
61
62 /* Collect RDDM buffer during kernel panic */
__mhi_download_rddm_in_panic(struct mhi_controller * mhi_cntrl)63 static int __mhi_download_rddm_in_panic(struct mhi_controller *mhi_cntrl)
64 {
65 int ret;
66 u32 rx_status;
67 enum mhi_ee_type ee;
68 const u32 delayus = 2000;
69 u32 retry = (mhi_cntrl->timeout_ms * 1000) / delayus;
70 const u32 rddm_timeout_us = 200000;
71 int rddm_retry = rddm_timeout_us / delayus;
72 void __iomem *base = mhi_cntrl->bhie;
73 struct device *dev = &mhi_cntrl->mhi_dev->dev;
74
75 dev_dbg(dev, "Entered with pm_state:%s dev_state:%s ee:%s\n",
76 to_mhi_pm_state_str(mhi_cntrl->pm_state),
77 mhi_state_str(mhi_cntrl->dev_state),
78 TO_MHI_EXEC_STR(mhi_cntrl->ee));
79
80 /*
81 * This should only be executing during a kernel panic, we expect all
82 * other cores to shutdown while we're collecting RDDM buffer. After
83 * returning from this function, we expect the device to reset.
84 *
85 * Normally, we read/write pm_state only after grabbing the
86 * pm_lock, since we're in a panic, skipping it. Also there is no
87 * guarantee that this state change would take effect since
88 * we're setting it w/o grabbing pm_lock
89 */
90 mhi_cntrl->pm_state = MHI_PM_LD_ERR_FATAL_DETECT;
91 /* update should take the effect immediately */
92 smp_wmb();
93
94 /*
95 * Make sure device is not already in RDDM. In case the device asserts
96 * and a kernel panic follows, device will already be in RDDM.
97 * Do not trigger SYS ERR again and proceed with waiting for
98 * image download completion.
99 */
100 ee = mhi_get_exec_env(mhi_cntrl);
101 if (ee == MHI_EE_MAX)
102 goto error_exit_rddm;
103
104 if (ee != MHI_EE_RDDM) {
105 dev_dbg(dev, "Trigger device into RDDM mode using SYS ERR\n");
106 mhi_set_mhi_state(mhi_cntrl, MHI_STATE_SYS_ERR);
107
108 dev_dbg(dev, "Waiting for device to enter RDDM\n");
109 while (rddm_retry--) {
110 ee = mhi_get_exec_env(mhi_cntrl);
111 if (ee == MHI_EE_RDDM)
112 break;
113
114 udelay(delayus);
115 }
116
117 if (rddm_retry <= 0) {
118 /* Hardware reset so force device to enter RDDM */
119 dev_dbg(dev,
120 "Did not enter RDDM, do a host req reset\n");
121 mhi_soc_reset(mhi_cntrl);
122 udelay(delayus);
123 }
124
125 ee = mhi_get_exec_env(mhi_cntrl);
126 }
127
128 dev_dbg(dev,
129 "Waiting for RDDM image download via BHIe, current EE:%s\n",
130 TO_MHI_EXEC_STR(ee));
131
132 while (retry--) {
133 ret = mhi_read_reg_field(mhi_cntrl, base, BHIE_RXVECSTATUS_OFFS,
134 BHIE_RXVECSTATUS_STATUS_BMSK, &rx_status);
135 if (ret)
136 return -EIO;
137
138 if (rx_status == BHIE_RXVECSTATUS_STATUS_XFER_COMPL)
139 return 0;
140
141 udelay(delayus);
142 }
143
144 ee = mhi_get_exec_env(mhi_cntrl);
145 ret = mhi_read_reg(mhi_cntrl, base, BHIE_RXVECSTATUS_OFFS, &rx_status);
146
147 dev_err(dev, "RXVEC_STATUS: 0x%x\n", rx_status);
148
149 error_exit_rddm:
150 dev_err(dev, "RDDM transfer failed. Current EE: %s\n",
151 TO_MHI_EXEC_STR(ee));
152
153 return -EIO;
154 }
155
156 /* Download RDDM image from device */
mhi_download_rddm_image(struct mhi_controller * mhi_cntrl,bool in_panic)157 int mhi_download_rddm_image(struct mhi_controller *mhi_cntrl, bool in_panic)
158 {
159 void __iomem *base = mhi_cntrl->bhie;
160 struct device *dev = &mhi_cntrl->mhi_dev->dev;
161 u32 rx_status;
162
163 if (in_panic)
164 return __mhi_download_rddm_in_panic(mhi_cntrl);
165
166 dev_dbg(dev, "Waiting for RDDM image download via BHIe\n");
167
168 /* Wait for the image download to complete */
169 wait_event_timeout(mhi_cntrl->state_event,
170 mhi_read_reg_field(mhi_cntrl, base,
171 BHIE_RXVECSTATUS_OFFS,
172 BHIE_RXVECSTATUS_STATUS_BMSK,
173 &rx_status) || rx_status,
174 msecs_to_jiffies(mhi_cntrl->timeout_ms));
175
176 return (rx_status == BHIE_RXVECSTATUS_STATUS_XFER_COMPL) ? 0 : -EIO;
177 }
178 EXPORT_SYMBOL_GPL(mhi_download_rddm_image);
179
mhi_fw_load_error_dump(struct mhi_controller * mhi_cntrl)180 static void mhi_fw_load_error_dump(struct mhi_controller *mhi_cntrl)
181 {
182 struct device *dev = &mhi_cntrl->mhi_dev->dev;
183 rwlock_t *pm_lock = &mhi_cntrl->pm_lock;
184 void __iomem *base = mhi_cntrl->bhi;
185 int ret, i;
186 u32 val;
187 struct {
188 char *name;
189 u32 offset;
190 } error_reg[] = {
191 { "ERROR_CODE", BHI_ERRCODE },
192 { "ERROR_DBG1", BHI_ERRDBG1 },
193 { "ERROR_DBG2", BHI_ERRDBG2 },
194 { "ERROR_DBG3", BHI_ERRDBG3 },
195 { NULL },
196 };
197
198 read_lock_bh(pm_lock);
199 if (MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) {
200 for (i = 0; error_reg[i].name; i++) {
201 ret = mhi_read_reg(mhi_cntrl, base, error_reg[i].offset, &val);
202 if (ret)
203 break;
204 dev_err(dev, "Reg: %s value: 0x%x\n", error_reg[i].name, val);
205 }
206 }
207 read_unlock_bh(pm_lock);
208 }
209
mhi_fw_load_bhie(struct mhi_controller * mhi_cntrl,const struct mhi_buf * mhi_buf)210 static int mhi_fw_load_bhie(struct mhi_controller *mhi_cntrl,
211 const struct mhi_buf *mhi_buf)
212 {
213 void __iomem *base = mhi_cntrl->bhie;
214 struct device *dev = &mhi_cntrl->mhi_dev->dev;
215 rwlock_t *pm_lock = &mhi_cntrl->pm_lock;
216 u32 tx_status, sequence_id;
217 int ret;
218
219 read_lock_bh(pm_lock);
220 if (!MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) {
221 read_unlock_bh(pm_lock);
222 return -EIO;
223 }
224
225 sequence_id = MHI_RANDOM_U32_NONZERO(BHIE_TXVECSTATUS_SEQNUM_BMSK);
226 dev_dbg(dev, "Starting image download via BHIe. Sequence ID: %u\n",
227 sequence_id);
228 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECADDR_HIGH_OFFS,
229 upper_32_bits(mhi_buf->dma_addr));
230
231 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECADDR_LOW_OFFS,
232 lower_32_bits(mhi_buf->dma_addr));
233
234 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECSIZE_OFFS, mhi_buf->len);
235
236 ret = mhi_write_reg_field(mhi_cntrl, base, BHIE_TXVECDB_OFFS,
237 BHIE_TXVECDB_SEQNUM_BMSK, sequence_id);
238 read_unlock_bh(pm_lock);
239
240 if (ret)
241 return ret;
242
243 /* Wait for the image download to complete */
244 ret = wait_event_timeout(mhi_cntrl->state_event,
245 MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) ||
246 mhi_read_reg_field(mhi_cntrl, base,
247 BHIE_TXVECSTATUS_OFFS,
248 BHIE_TXVECSTATUS_STATUS_BMSK,
249 &tx_status) || tx_status,
250 msecs_to_jiffies(mhi_cntrl->timeout_ms));
251 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) ||
252 tx_status != BHIE_TXVECSTATUS_STATUS_XFER_COMPL)
253 return -EIO;
254
255 return (!ret) ? -ETIMEDOUT : 0;
256 }
257
mhi_fw_load_bhi(struct mhi_controller * mhi_cntrl,const struct mhi_buf * mhi_buf)258 static int mhi_fw_load_bhi(struct mhi_controller *mhi_cntrl,
259 const struct mhi_buf *mhi_buf)
260 {
261 struct device *dev = &mhi_cntrl->mhi_dev->dev;
262 rwlock_t *pm_lock = &mhi_cntrl->pm_lock;
263 void __iomem *base = mhi_cntrl->bhi;
264 u32 tx_status, session_id;
265 int ret;
266
267 read_lock_bh(pm_lock);
268 if (!MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) {
269 read_unlock_bh(pm_lock);
270 goto invalid_pm_state;
271 }
272
273 session_id = MHI_RANDOM_U32_NONZERO(BHI_TXDB_SEQNUM_BMSK);
274 dev_dbg(dev, "Starting image download via BHI. Session ID: %u\n",
275 session_id);
276 mhi_write_reg(mhi_cntrl, base, BHI_STATUS, 0);
277 mhi_write_reg(mhi_cntrl, base, BHI_IMGADDR_HIGH, upper_32_bits(mhi_buf->dma_addr));
278 mhi_write_reg(mhi_cntrl, base, BHI_IMGADDR_LOW, lower_32_bits(mhi_buf->dma_addr));
279 mhi_write_reg(mhi_cntrl, base, BHI_IMGSIZE, mhi_buf->len);
280 mhi_write_reg(mhi_cntrl, base, BHI_IMGTXDB, session_id);
281 read_unlock_bh(pm_lock);
282
283 /* Wait for the image download to complete */
284 ret = wait_event_timeout(mhi_cntrl->state_event,
285 MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) ||
286 mhi_read_reg_field(mhi_cntrl, base, BHI_STATUS,
287 BHI_STATUS_MASK, &tx_status) || tx_status,
288 msecs_to_jiffies(mhi_cntrl->timeout_ms));
289 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state))
290 goto invalid_pm_state;
291
292 if (tx_status == BHI_STATUS_ERROR) {
293 dev_err(dev, "Image transfer failed\n");
294 mhi_fw_load_error_dump(mhi_cntrl);
295 goto invalid_pm_state;
296 }
297
298 return (!ret) ? -ETIMEDOUT : 0;
299
300 invalid_pm_state:
301
302 return -EIO;
303 }
304
mhi_free_bhi_buffer(struct mhi_controller * mhi_cntrl,struct image_info * image_info)305 static void mhi_free_bhi_buffer(struct mhi_controller *mhi_cntrl,
306 struct image_info *image_info)
307 {
308 struct mhi_buf *mhi_buf = image_info->mhi_buf;
309
310 dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len, mhi_buf->buf, mhi_buf->dma_addr);
311 kfree(image_info);
312 }
313
mhi_free_bhie_table(struct mhi_controller * mhi_cntrl,struct image_info * image_info)314 void mhi_free_bhie_table(struct mhi_controller *mhi_cntrl,
315 struct image_info *image_info)
316 {
317 int i;
318 struct mhi_buf *mhi_buf = image_info->mhi_buf;
319
320 for (i = 0; i < image_info->entries; i++, mhi_buf++)
321 dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len,
322 mhi_buf->buf, mhi_buf->dma_addr);
323
324 kfree(image_info);
325 }
326
mhi_alloc_bhi_buffer(struct mhi_controller * mhi_cntrl,struct image_info ** image_info,size_t alloc_size)327 static int mhi_alloc_bhi_buffer(struct mhi_controller *mhi_cntrl,
328 struct image_info **image_info,
329 size_t alloc_size)
330 {
331 struct image_info *img_info;
332 struct mhi_buf *mhi_buf;
333
334 img_info = kzalloc_flex(*img_info, mhi_buf, 1);
335 if (!img_info)
336 return -ENOMEM;
337
338 /* Allocate and populate vector table */
339 mhi_buf = img_info->mhi_buf;
340
341 mhi_buf->len = alloc_size;
342 mhi_buf->buf = dma_alloc_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len,
343 &mhi_buf->dma_addr, GFP_KERNEL);
344 if (!mhi_buf->buf)
345 goto error_alloc_segment;
346
347 img_info->bhi_vec = NULL;
348 img_info->entries = 1;
349 *image_info = img_info;
350
351 return 0;
352
353 error_alloc_segment:
354 kfree(img_info);
355
356 return -ENOMEM;
357 }
358
mhi_alloc_bhie_table(struct mhi_controller * mhi_cntrl,struct image_info ** image_info,size_t alloc_size)359 int mhi_alloc_bhie_table(struct mhi_controller *mhi_cntrl,
360 struct image_info **image_info,
361 size_t alloc_size)
362 {
363 size_t seg_size = mhi_cntrl->seg_len;
364 int segments = DIV_ROUND_UP(alloc_size, seg_size) + 1;
365 int i;
366 struct image_info *img_info;
367 struct mhi_buf *mhi_buf;
368
369 img_info = kzalloc_flex(*img_info, mhi_buf, segments);
370 if (!img_info)
371 return -ENOMEM;
372
373 img_info->entries = segments;
374
375 /* Allocate and populate vector table */
376 mhi_buf = img_info->mhi_buf;
377 for (i = 0; i < segments; i++, mhi_buf++) {
378 size_t vec_size = seg_size;
379
380 /* Vector table is the last entry */
381 if (i == segments - 1)
382 vec_size = sizeof(struct bhi_vec_entry) * i;
383
384 mhi_buf->len = vec_size;
385 mhi_buf->buf = dma_alloc_coherent(mhi_cntrl->cntrl_dev,
386 vec_size, &mhi_buf->dma_addr,
387 GFP_KERNEL);
388 if (!mhi_buf->buf)
389 goto error_alloc_segment;
390 }
391
392 img_info->bhi_vec = img_info->mhi_buf[segments - 1].buf;
393 *image_info = img_info;
394
395 return 0;
396
397 error_alloc_segment:
398 for (--i, --mhi_buf; i >= 0; i--, mhi_buf--)
399 dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len,
400 mhi_buf->buf, mhi_buf->dma_addr);
401 kfree(img_info);
402
403 return -ENOMEM;
404 }
405
mhi_firmware_copy_bhie(struct mhi_controller * mhi_cntrl,const u8 * buf,size_t remainder,struct image_info * img_info)406 static void mhi_firmware_copy_bhie(struct mhi_controller *mhi_cntrl,
407 const u8 *buf, size_t remainder,
408 struct image_info *img_info)
409 {
410 size_t to_cpy;
411 struct mhi_buf *mhi_buf = img_info->mhi_buf;
412 struct bhi_vec_entry *bhi_vec = img_info->bhi_vec;
413
414 while (remainder) {
415 to_cpy = min(remainder, mhi_buf->len);
416 memcpy(mhi_buf->buf, buf, to_cpy);
417 bhi_vec->dma_addr = cpu_to_le64(mhi_buf->dma_addr);
418 bhi_vec->size = cpu_to_le64(to_cpy);
419
420 buf += to_cpy;
421 remainder -= to_cpy;
422 bhi_vec++;
423 mhi_buf++;
424 }
425 }
426
mhi_fw_load_type_get(const struct mhi_controller * mhi_cntrl)427 static enum mhi_fw_load_type mhi_fw_load_type_get(const struct mhi_controller *mhi_cntrl)
428 {
429 if (mhi_cntrl->fbc_download) {
430 return MHI_FW_LOAD_FBC;
431 } else {
432 if (mhi_cntrl->seg_len)
433 return MHI_FW_LOAD_BHIE;
434 else
435 return MHI_FW_LOAD_BHI;
436 }
437 }
438
mhi_load_image_bhi(struct mhi_controller * mhi_cntrl,const u8 * fw_data,size_t size)439 static int mhi_load_image_bhi(struct mhi_controller *mhi_cntrl, const u8 *fw_data, size_t size)
440 {
441 struct image_info *image;
442 int ret;
443
444 ret = mhi_alloc_bhi_buffer(mhi_cntrl, &image, size);
445 if (ret)
446 return ret;
447
448 /* Load the firmware into BHI vec table */
449 memcpy(image->mhi_buf->buf, fw_data, size);
450
451 ret = mhi_fw_load_bhi(mhi_cntrl, &image->mhi_buf[image->entries - 1]);
452 mhi_free_bhi_buffer(mhi_cntrl, image);
453
454 return ret;
455 }
456
mhi_load_image_bhie(struct mhi_controller * mhi_cntrl,const u8 * fw_data,size_t size)457 static int mhi_load_image_bhie(struct mhi_controller *mhi_cntrl, const u8 *fw_data, size_t size)
458 {
459 struct image_info *image;
460 int ret;
461
462 ret = mhi_alloc_bhie_table(mhi_cntrl, &image, size);
463 if (ret)
464 return ret;
465
466 mhi_firmware_copy_bhie(mhi_cntrl, fw_data, size, image);
467
468 ret = mhi_fw_load_bhie(mhi_cntrl, &image->mhi_buf[image->entries - 1]);
469 mhi_free_bhie_table(mhi_cntrl, image);
470
471 return ret;
472 }
473
mhi_fw_load_handler(struct mhi_controller * mhi_cntrl)474 void mhi_fw_load_handler(struct mhi_controller *mhi_cntrl)
475 {
476 const struct firmware *firmware = NULL;
477 struct device *dev = &mhi_cntrl->mhi_dev->dev;
478 enum mhi_fw_load_type fw_load_type;
479 enum mhi_pm_state new_state;
480 const char *fw_name;
481 const u8 *fw_data;
482 size_t size, fw_sz;
483 int ret;
484
485 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state)) {
486 dev_err(dev, "Device MHI is not in valid state\n");
487 return;
488 }
489
490 /* save hardware info from BHI */
491 ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->bhi, BHI_SERIALNU,
492 &mhi_cntrl->serial_number);
493 if (ret)
494 dev_err(dev, "Could not capture serial number via BHI\n");
495
496 /* wait for ready on pass through or any other execution environment */
497 if (!MHI_FW_LOAD_CAPABLE(mhi_cntrl->ee))
498 goto fw_load_ready_state;
499
500 fw_name = (mhi_cntrl->ee == MHI_EE_EDL) ?
501 mhi_cntrl->edl_image : mhi_cntrl->fw_image;
502
503 /* check if the driver has already provided the firmware data */
504 if (!fw_name && mhi_cntrl->fbc_download &&
505 mhi_cntrl->fw_data && mhi_cntrl->fw_sz) {
506 if (!mhi_cntrl->sbl_size) {
507 dev_err(dev, "fw_data provided but no sbl_size\n");
508 goto error_fw_load;
509 }
510
511 size = mhi_cntrl->sbl_size;
512 fw_data = mhi_cntrl->fw_data;
513 fw_sz = mhi_cntrl->fw_sz;
514 goto skip_req_fw;
515 }
516
517 if (!fw_name || (mhi_cntrl->fbc_download && (!mhi_cntrl->sbl_size ||
518 !mhi_cntrl->seg_len))) {
519 dev_err(dev,
520 "No firmware image defined or !sbl_size || !seg_len\n");
521 goto error_fw_load;
522 }
523
524 ret = request_firmware(&firmware, fw_name, dev);
525 if (ret) {
526 dev_err(dev, "Error loading firmware: %d\n", ret);
527 goto error_fw_load;
528 }
529
530 size = (mhi_cntrl->fbc_download) ? mhi_cntrl->sbl_size : firmware->size;
531
532 /* SBL size provided is maximum size, not necessarily the image size */
533 if (size > firmware->size)
534 size = firmware->size;
535
536 fw_data = firmware->data;
537 fw_sz = firmware->size;
538
539 skip_req_fw:
540 fw_load_type = mhi_fw_load_type_get(mhi_cntrl);
541 if (fw_load_type == MHI_FW_LOAD_BHIE)
542 ret = mhi_load_image_bhie(mhi_cntrl, fw_data, size);
543 else
544 ret = mhi_load_image_bhi(mhi_cntrl, fw_data, size);
545
546 /* Error or in EDL mode, we're done */
547 if (ret) {
548 dev_err(dev, "MHI did not load image over BHI%s, ret: %d\n",
549 fw_load_type == MHI_FW_LOAD_BHIE ? "e" : "",
550 ret);
551 release_firmware(firmware);
552 goto error_fw_load;
553 }
554
555 /* Wait for ready since EDL image was loaded */
556 if (fw_name && fw_name == mhi_cntrl->edl_image) {
557 release_firmware(firmware);
558 goto fw_load_ready_state;
559 }
560
561 write_lock_irq(&mhi_cntrl->pm_lock);
562 mhi_cntrl->dev_state = MHI_STATE_RESET;
563 write_unlock_irq(&mhi_cntrl->pm_lock);
564
565 /*
566 * If we're doing fbc, populate vector tables while
567 * device transitioning into MHI READY state
568 */
569 if (fw_load_type == MHI_FW_LOAD_FBC) {
570 /*
571 * Some FW combine two separate ELF images (SBL + WLAN FW) in a single
572 * file. Hence, check for the existence of the second ELF header after
573 * SBL. If present, load the second image separately.
574 */
575 if (!memcmp(fw_data + mhi_cntrl->sbl_size, ELFMAG, SELFMAG)) {
576 fw_data += mhi_cntrl->sbl_size;
577 fw_sz -= mhi_cntrl->sbl_size;
578 }
579
580 ret = mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->fbc_image, fw_sz);
581 if (ret) {
582 release_firmware(firmware);
583 goto error_fw_load;
584 }
585
586 /* Load the firmware into BHIE vec table */
587 mhi_firmware_copy_bhie(mhi_cntrl, fw_data, fw_sz, mhi_cntrl->fbc_image);
588 }
589
590 release_firmware(firmware);
591
592 fw_load_ready_state:
593 /* Transitioning into MHI RESET->READY state */
594 ret = mhi_ready_state_transition(mhi_cntrl);
595 if (ret) {
596 dev_err(dev, "MHI did not enter READY state\n");
597 goto error_ready_state;
598 }
599
600 dev_info(dev, "Wait for device to enter SBL or Mission mode\n");
601 return;
602
603 error_ready_state:
604 if (mhi_cntrl->fbc_image) {
605 mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image);
606 mhi_cntrl->fbc_image = NULL;
607 }
608
609 error_fw_load:
610 write_lock_irq(&mhi_cntrl->pm_lock);
611 new_state = mhi_tryset_pm_state(mhi_cntrl, MHI_PM_FW_DL_ERR);
612 write_unlock_irq(&mhi_cntrl->pm_lock);
613 if (new_state == MHI_PM_FW_DL_ERR)
614 wake_up_all(&mhi_cntrl->state_event);
615 }
616
mhi_download_amss_image(struct mhi_controller * mhi_cntrl)617 int mhi_download_amss_image(struct mhi_controller *mhi_cntrl)
618 {
619 struct image_info *image_info = mhi_cntrl->fbc_image;
620 struct device *dev = &mhi_cntrl->mhi_dev->dev;
621 enum mhi_pm_state new_state;
622 int ret;
623
624 if (!image_info)
625 return -EIO;
626
627 ret = mhi_fw_load_bhie(mhi_cntrl,
628 /* Vector table is the last entry */
629 &image_info->mhi_buf[image_info->entries - 1]);
630 if (ret) {
631 dev_err(dev, "MHI did not load AMSS, ret:%d\n", ret);
632 write_lock_irq(&mhi_cntrl->pm_lock);
633 new_state = mhi_tryset_pm_state(mhi_cntrl, MHI_PM_FW_DL_ERR);
634 write_unlock_irq(&mhi_cntrl->pm_lock);
635 if (new_state == MHI_PM_FW_DL_ERR)
636 wake_up_all(&mhi_cntrl->state_event);
637 }
638
639 return ret;
640 }
641