1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2018-2020, The Linux Foundation. All rights reserved. 4 * 5 */ 6 7 #include <linux/delay.h> 8 #include <linux/device.h> 9 #include <linux/dma-direction.h> 10 #include <linux/dma-mapping.h> 11 #include <linux/firmware.h> 12 #include <linux/interrupt.h> 13 #include <linux/list.h> 14 #include <linux/mhi.h> 15 #include <linux/module.h> 16 #include <linux/random.h> 17 #include <linux/slab.h> 18 #include <linux/wait.h> 19 #include "internal.h" 20 21 /* Setup RDDM vector table for RDDM transfer and program RXVEC */ 22 int mhi_rddm_prepare(struct mhi_controller *mhi_cntrl, 23 struct image_info *img_info) 24 { 25 struct mhi_buf *mhi_buf = img_info->mhi_buf; 26 struct bhi_vec_entry *bhi_vec = img_info->bhi_vec; 27 void __iomem *base = mhi_cntrl->bhie; 28 struct device *dev = &mhi_cntrl->mhi_dev->dev; 29 u32 sequence_id; 30 unsigned int i; 31 int ret; 32 33 for (i = 0; i < img_info->entries - 1; i++, mhi_buf++, bhi_vec++) { 34 bhi_vec->dma_addr = mhi_buf->dma_addr; 35 bhi_vec->size = mhi_buf->len; 36 } 37 38 dev_dbg(dev, "BHIe programming for RDDM\n"); 39 40 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECADDR_HIGH_OFFS, 41 upper_32_bits(mhi_buf->dma_addr)); 42 43 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECADDR_LOW_OFFS, 44 lower_32_bits(mhi_buf->dma_addr)); 45 46 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECSIZE_OFFS, mhi_buf->len); 47 sequence_id = MHI_RANDOM_U32_NONZERO(BHIE_RXVECSTATUS_SEQNUM_BMSK); 48 49 ret = mhi_write_reg_field(mhi_cntrl, base, BHIE_RXVECDB_OFFS, 50 BHIE_RXVECDB_SEQNUM_BMSK, sequence_id); 51 if (ret) { 52 dev_err(dev, "Failed to write sequence ID for BHIE_RXVECDB\n"); 53 return ret; 54 } 55 56 dev_dbg(dev, "Address: %p and len: 0x%zx sequence: %u\n", 57 &mhi_buf->dma_addr, mhi_buf->len, sequence_id); 58 59 return 0; 60 } 61 62 /* Collect RDDM buffer during kernel panic */ 63 static int __mhi_download_rddm_in_panic(struct mhi_controller *mhi_cntrl) 64 { 65 int ret; 66 u32 rx_status; 67 enum mhi_ee_type ee; 68 const u32 delayus = 2000; 69 u32 retry = (mhi_cntrl->timeout_ms * 1000) / delayus; 70 const u32 rddm_timeout_us = 200000; 71 int rddm_retry = rddm_timeout_us / delayus; 72 void __iomem *base = mhi_cntrl->bhie; 73 struct device *dev = &mhi_cntrl->mhi_dev->dev; 74 75 dev_dbg(dev, "Entered with pm_state:%s dev_state:%s ee:%s\n", 76 to_mhi_pm_state_str(mhi_cntrl->pm_state), 77 mhi_state_str(mhi_cntrl->dev_state), 78 TO_MHI_EXEC_STR(mhi_cntrl->ee)); 79 80 /* 81 * This should only be executing during a kernel panic, we expect all 82 * other cores to shutdown while we're collecting RDDM buffer. After 83 * returning from this function, we expect the device to reset. 84 * 85 * Normaly, we read/write pm_state only after grabbing the 86 * pm_lock, since we're in a panic, skipping it. Also there is no 87 * gurantee that this state change would take effect since 88 * we're setting it w/o grabbing pm_lock 89 */ 90 mhi_cntrl->pm_state = MHI_PM_LD_ERR_FATAL_DETECT; 91 /* update should take the effect immediately */ 92 smp_wmb(); 93 94 /* 95 * Make sure device is not already in RDDM. In case the device asserts 96 * and a kernel panic follows, device will already be in RDDM. 97 * Do not trigger SYS ERR again and proceed with waiting for 98 * image download completion. 99 */ 100 ee = mhi_get_exec_env(mhi_cntrl); 101 if (ee == MHI_EE_MAX) 102 goto error_exit_rddm; 103 104 if (ee != MHI_EE_RDDM) { 105 dev_dbg(dev, "Trigger device into RDDM mode using SYS ERR\n"); 106 mhi_set_mhi_state(mhi_cntrl, MHI_STATE_SYS_ERR); 107 108 dev_dbg(dev, "Waiting for device to enter RDDM\n"); 109 while (rddm_retry--) { 110 ee = mhi_get_exec_env(mhi_cntrl); 111 if (ee == MHI_EE_RDDM) 112 break; 113 114 udelay(delayus); 115 } 116 117 if (rddm_retry <= 0) { 118 /* Hardware reset so force device to enter RDDM */ 119 dev_dbg(dev, 120 "Did not enter RDDM, do a host req reset\n"); 121 mhi_write_reg(mhi_cntrl, mhi_cntrl->regs, 122 MHI_SOC_RESET_REQ_OFFSET, 123 MHI_SOC_RESET_REQ); 124 udelay(delayus); 125 } 126 127 ee = mhi_get_exec_env(mhi_cntrl); 128 } 129 130 dev_dbg(dev, 131 "Waiting for RDDM image download via BHIe, current EE:%s\n", 132 TO_MHI_EXEC_STR(ee)); 133 134 while (retry--) { 135 ret = mhi_read_reg_field(mhi_cntrl, base, BHIE_RXVECSTATUS_OFFS, 136 BHIE_RXVECSTATUS_STATUS_BMSK, &rx_status); 137 if (ret) 138 return -EIO; 139 140 if (rx_status == BHIE_RXVECSTATUS_STATUS_XFER_COMPL) 141 return 0; 142 143 udelay(delayus); 144 } 145 146 ee = mhi_get_exec_env(mhi_cntrl); 147 ret = mhi_read_reg(mhi_cntrl, base, BHIE_RXVECSTATUS_OFFS, &rx_status); 148 149 dev_err(dev, "RXVEC_STATUS: 0x%x\n", rx_status); 150 151 error_exit_rddm: 152 dev_err(dev, "RDDM transfer failed. Current EE: %s\n", 153 TO_MHI_EXEC_STR(ee)); 154 155 return -EIO; 156 } 157 158 /* Download RDDM image from device */ 159 int mhi_download_rddm_image(struct mhi_controller *mhi_cntrl, bool in_panic) 160 { 161 void __iomem *base = mhi_cntrl->bhie; 162 struct device *dev = &mhi_cntrl->mhi_dev->dev; 163 u32 rx_status; 164 165 if (in_panic) 166 return __mhi_download_rddm_in_panic(mhi_cntrl); 167 168 dev_dbg(dev, "Waiting for RDDM image download via BHIe\n"); 169 170 /* Wait for the image download to complete */ 171 wait_event_timeout(mhi_cntrl->state_event, 172 mhi_read_reg_field(mhi_cntrl, base, 173 BHIE_RXVECSTATUS_OFFS, 174 BHIE_RXVECSTATUS_STATUS_BMSK, 175 &rx_status) || rx_status, 176 msecs_to_jiffies(mhi_cntrl->timeout_ms)); 177 178 return (rx_status == BHIE_RXVECSTATUS_STATUS_XFER_COMPL) ? 0 : -EIO; 179 } 180 EXPORT_SYMBOL_GPL(mhi_download_rddm_image); 181 182 static int mhi_fw_load_bhie(struct mhi_controller *mhi_cntrl, 183 const struct mhi_buf *mhi_buf) 184 { 185 void __iomem *base = mhi_cntrl->bhie; 186 struct device *dev = &mhi_cntrl->mhi_dev->dev; 187 rwlock_t *pm_lock = &mhi_cntrl->pm_lock; 188 u32 tx_status, sequence_id; 189 int ret; 190 191 read_lock_bh(pm_lock); 192 if (!MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) { 193 read_unlock_bh(pm_lock); 194 return -EIO; 195 } 196 197 sequence_id = MHI_RANDOM_U32_NONZERO(BHIE_TXVECSTATUS_SEQNUM_BMSK); 198 dev_dbg(dev, "Starting image download via BHIe. Sequence ID: %u\n", 199 sequence_id); 200 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECADDR_HIGH_OFFS, 201 upper_32_bits(mhi_buf->dma_addr)); 202 203 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECADDR_LOW_OFFS, 204 lower_32_bits(mhi_buf->dma_addr)); 205 206 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECSIZE_OFFS, mhi_buf->len); 207 208 ret = mhi_write_reg_field(mhi_cntrl, base, BHIE_TXVECDB_OFFS, 209 BHIE_TXVECDB_SEQNUM_BMSK, sequence_id); 210 read_unlock_bh(pm_lock); 211 212 if (ret) 213 return ret; 214 215 /* Wait for the image download to complete */ 216 ret = wait_event_timeout(mhi_cntrl->state_event, 217 MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) || 218 mhi_read_reg_field(mhi_cntrl, base, 219 BHIE_TXVECSTATUS_OFFS, 220 BHIE_TXVECSTATUS_STATUS_BMSK, 221 &tx_status) || tx_status, 222 msecs_to_jiffies(mhi_cntrl->timeout_ms)); 223 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) || 224 tx_status != BHIE_TXVECSTATUS_STATUS_XFER_COMPL) 225 return -EIO; 226 227 return (!ret) ? -ETIMEDOUT : 0; 228 } 229 230 static int mhi_fw_load_bhi(struct mhi_controller *mhi_cntrl, 231 dma_addr_t dma_addr, 232 size_t size) 233 { 234 u32 tx_status, val, session_id; 235 int i, ret; 236 void __iomem *base = mhi_cntrl->bhi; 237 rwlock_t *pm_lock = &mhi_cntrl->pm_lock; 238 struct device *dev = &mhi_cntrl->mhi_dev->dev; 239 struct { 240 char *name; 241 u32 offset; 242 } error_reg[] = { 243 { "ERROR_CODE", BHI_ERRCODE }, 244 { "ERROR_DBG1", BHI_ERRDBG1 }, 245 { "ERROR_DBG2", BHI_ERRDBG2 }, 246 { "ERROR_DBG3", BHI_ERRDBG3 }, 247 { NULL }, 248 }; 249 250 read_lock_bh(pm_lock); 251 if (!MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) { 252 read_unlock_bh(pm_lock); 253 goto invalid_pm_state; 254 } 255 256 session_id = MHI_RANDOM_U32_NONZERO(BHI_TXDB_SEQNUM_BMSK); 257 dev_dbg(dev, "Starting image download via BHI. Session ID: %u\n", 258 session_id); 259 mhi_write_reg(mhi_cntrl, base, BHI_STATUS, 0); 260 mhi_write_reg(mhi_cntrl, base, BHI_IMGADDR_HIGH, 261 upper_32_bits(dma_addr)); 262 mhi_write_reg(mhi_cntrl, base, BHI_IMGADDR_LOW, 263 lower_32_bits(dma_addr)); 264 mhi_write_reg(mhi_cntrl, base, BHI_IMGSIZE, size); 265 mhi_write_reg(mhi_cntrl, base, BHI_IMGTXDB, session_id); 266 read_unlock_bh(pm_lock); 267 268 /* Wait for the image download to complete */ 269 ret = wait_event_timeout(mhi_cntrl->state_event, 270 MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) || 271 mhi_read_reg_field(mhi_cntrl, base, BHI_STATUS, 272 BHI_STATUS_MASK, &tx_status) || tx_status, 273 msecs_to_jiffies(mhi_cntrl->timeout_ms)); 274 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state)) 275 goto invalid_pm_state; 276 277 if (tx_status == BHI_STATUS_ERROR) { 278 dev_err(dev, "Image transfer failed\n"); 279 read_lock_bh(pm_lock); 280 if (MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) { 281 for (i = 0; error_reg[i].name; i++) { 282 ret = mhi_read_reg(mhi_cntrl, base, 283 error_reg[i].offset, &val); 284 if (ret) 285 break; 286 dev_err(dev, "Reg: %s value: 0x%x\n", 287 error_reg[i].name, val); 288 } 289 } 290 read_unlock_bh(pm_lock); 291 goto invalid_pm_state; 292 } 293 294 return (!ret) ? -ETIMEDOUT : 0; 295 296 invalid_pm_state: 297 298 return -EIO; 299 } 300 301 void mhi_free_bhie_table(struct mhi_controller *mhi_cntrl, 302 struct image_info *image_info) 303 { 304 int i; 305 struct mhi_buf *mhi_buf = image_info->mhi_buf; 306 307 for (i = 0; i < image_info->entries; i++, mhi_buf++) 308 dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len, 309 mhi_buf->buf, mhi_buf->dma_addr); 310 311 kfree(image_info->mhi_buf); 312 kfree(image_info); 313 } 314 315 int mhi_alloc_bhie_table(struct mhi_controller *mhi_cntrl, 316 struct image_info **image_info, 317 size_t alloc_size) 318 { 319 size_t seg_size = mhi_cntrl->seg_len; 320 int segments = DIV_ROUND_UP(alloc_size, seg_size) + 1; 321 int i; 322 struct image_info *img_info; 323 struct mhi_buf *mhi_buf; 324 325 img_info = kzalloc(sizeof(*img_info), GFP_KERNEL); 326 if (!img_info) 327 return -ENOMEM; 328 329 /* Allocate memory for entries */ 330 img_info->mhi_buf = kcalloc(segments, sizeof(*img_info->mhi_buf), 331 GFP_KERNEL); 332 if (!img_info->mhi_buf) 333 goto error_alloc_mhi_buf; 334 335 /* Allocate and populate vector table */ 336 mhi_buf = img_info->mhi_buf; 337 for (i = 0; i < segments; i++, mhi_buf++) { 338 size_t vec_size = seg_size; 339 340 /* Vector table is the last entry */ 341 if (i == segments - 1) 342 vec_size = sizeof(struct bhi_vec_entry) * i; 343 344 mhi_buf->len = vec_size; 345 mhi_buf->buf = dma_alloc_coherent(mhi_cntrl->cntrl_dev, 346 vec_size, &mhi_buf->dma_addr, 347 GFP_KERNEL); 348 if (!mhi_buf->buf) 349 goto error_alloc_segment; 350 } 351 352 img_info->bhi_vec = img_info->mhi_buf[segments - 1].buf; 353 img_info->entries = segments; 354 *image_info = img_info; 355 356 return 0; 357 358 error_alloc_segment: 359 for (--i, --mhi_buf; i >= 0; i--, mhi_buf--) 360 dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len, 361 mhi_buf->buf, mhi_buf->dma_addr); 362 363 error_alloc_mhi_buf: 364 kfree(img_info); 365 366 return -ENOMEM; 367 } 368 369 static void mhi_firmware_copy(struct mhi_controller *mhi_cntrl, 370 const struct firmware *firmware, 371 struct image_info *img_info) 372 { 373 size_t remainder = firmware->size; 374 size_t to_cpy; 375 const u8 *buf = firmware->data; 376 struct mhi_buf *mhi_buf = img_info->mhi_buf; 377 struct bhi_vec_entry *bhi_vec = img_info->bhi_vec; 378 379 while (remainder) { 380 to_cpy = min(remainder, mhi_buf->len); 381 memcpy(mhi_buf->buf, buf, to_cpy); 382 bhi_vec->dma_addr = mhi_buf->dma_addr; 383 bhi_vec->size = to_cpy; 384 385 buf += to_cpy; 386 remainder -= to_cpy; 387 bhi_vec++; 388 mhi_buf++; 389 } 390 } 391 392 void mhi_fw_load_handler(struct mhi_controller *mhi_cntrl) 393 { 394 const struct firmware *firmware = NULL; 395 struct device *dev = &mhi_cntrl->mhi_dev->dev; 396 const char *fw_name; 397 void *buf; 398 dma_addr_t dma_addr; 399 size_t size; 400 int i, ret; 401 402 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state)) { 403 dev_err(dev, "Device MHI is not in valid state\n"); 404 return; 405 } 406 407 /* save hardware info from BHI */ 408 ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->bhi, BHI_SERIALNU, 409 &mhi_cntrl->serial_number); 410 if (ret) 411 dev_err(dev, "Could not capture serial number via BHI\n"); 412 413 for (i = 0; i < ARRAY_SIZE(mhi_cntrl->oem_pk_hash); i++) { 414 ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->bhi, BHI_OEMPKHASH(i), 415 &mhi_cntrl->oem_pk_hash[i]); 416 if (ret) { 417 dev_err(dev, "Could not capture OEM PK HASH via BHI\n"); 418 break; 419 } 420 } 421 422 /* wait for ready on pass through or any other execution environment */ 423 if (!MHI_FW_LOAD_CAPABLE(mhi_cntrl->ee)) 424 goto fw_load_ready_state; 425 426 fw_name = (mhi_cntrl->ee == MHI_EE_EDL) ? 427 mhi_cntrl->edl_image : mhi_cntrl->fw_image; 428 429 if (!fw_name || (mhi_cntrl->fbc_download && (!mhi_cntrl->sbl_size || 430 !mhi_cntrl->seg_len))) { 431 dev_err(dev, 432 "No firmware image defined or !sbl_size || !seg_len\n"); 433 goto error_fw_load; 434 } 435 436 ret = request_firmware(&firmware, fw_name, dev); 437 if (ret) { 438 dev_err(dev, "Error loading firmware: %d\n", ret); 439 goto error_fw_load; 440 } 441 442 size = (mhi_cntrl->fbc_download) ? mhi_cntrl->sbl_size : firmware->size; 443 444 /* SBL size provided is maximum size, not necessarily the image size */ 445 if (size > firmware->size) 446 size = firmware->size; 447 448 buf = dma_alloc_coherent(mhi_cntrl->cntrl_dev, size, &dma_addr, 449 GFP_KERNEL); 450 if (!buf) { 451 release_firmware(firmware); 452 goto error_fw_load; 453 } 454 455 /* Download image using BHI */ 456 memcpy(buf, firmware->data, size); 457 ret = mhi_fw_load_bhi(mhi_cntrl, dma_addr, size); 458 dma_free_coherent(mhi_cntrl->cntrl_dev, size, buf, dma_addr); 459 460 /* Error or in EDL mode, we're done */ 461 if (ret) { 462 dev_err(dev, "MHI did not load image over BHI, ret: %d\n", ret); 463 release_firmware(firmware); 464 goto error_fw_load; 465 } 466 467 /* Wait for ready since EDL image was loaded */ 468 if (fw_name == mhi_cntrl->edl_image) { 469 release_firmware(firmware); 470 goto fw_load_ready_state; 471 } 472 473 write_lock_irq(&mhi_cntrl->pm_lock); 474 mhi_cntrl->dev_state = MHI_STATE_RESET; 475 write_unlock_irq(&mhi_cntrl->pm_lock); 476 477 /* 478 * If we're doing fbc, populate vector tables while 479 * device transitioning into MHI READY state 480 */ 481 if (mhi_cntrl->fbc_download) { 482 ret = mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->fbc_image, 483 firmware->size); 484 if (ret) { 485 release_firmware(firmware); 486 goto error_fw_load; 487 } 488 489 /* Load the firmware into BHIE vec table */ 490 mhi_firmware_copy(mhi_cntrl, firmware, mhi_cntrl->fbc_image); 491 } 492 493 release_firmware(firmware); 494 495 fw_load_ready_state: 496 /* Transitioning into MHI RESET->READY state */ 497 ret = mhi_ready_state_transition(mhi_cntrl); 498 if (ret) { 499 dev_err(dev, "MHI did not enter READY state\n"); 500 goto error_ready_state; 501 } 502 503 dev_info(dev, "Wait for device to enter SBL or Mission mode\n"); 504 return; 505 506 error_ready_state: 507 if (mhi_cntrl->fbc_download) { 508 mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image); 509 mhi_cntrl->fbc_image = NULL; 510 } 511 512 error_fw_load: 513 mhi_cntrl->pm_state = MHI_PM_FW_DL_ERR; 514 wake_up_all(&mhi_cntrl->state_event); 515 } 516 517 int mhi_download_amss_image(struct mhi_controller *mhi_cntrl) 518 { 519 struct image_info *image_info = mhi_cntrl->fbc_image; 520 struct device *dev = &mhi_cntrl->mhi_dev->dev; 521 int ret; 522 523 if (!image_info) 524 return -EIO; 525 526 ret = mhi_fw_load_bhie(mhi_cntrl, 527 /* Vector table is the last entry */ 528 &image_info->mhi_buf[image_info->entries - 1]); 529 if (ret) { 530 dev_err(dev, "MHI did not load AMSS, ret:%d\n", ret); 531 mhi_cntrl->pm_state = MHI_PM_FW_DL_ERR; 532 wake_up_all(&mhi_cntrl->state_event); 533 } 534 535 return ret; 536 } 537