1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2018-2020, The Linux Foundation. All rights reserved. 4 * 5 */ 6 7 #include <linux/delay.h> 8 #include <linux/device.h> 9 #include <linux/dma-direction.h> 10 #include <linux/dma-mapping.h> 11 #include <linux/firmware.h> 12 #include <linux/interrupt.h> 13 #include <linux/list.h> 14 #include <linux/mhi.h> 15 #include <linux/module.h> 16 #include <linux/random.h> 17 #include <linux/slab.h> 18 #include <linux/wait.h> 19 #include "internal.h" 20 21 /* Setup RDDM vector table for RDDM transfer and program RXVEC */ 22 int mhi_rddm_prepare(struct mhi_controller *mhi_cntrl, 23 struct image_info *img_info) 24 { 25 struct mhi_buf *mhi_buf = img_info->mhi_buf; 26 struct bhi_vec_entry *bhi_vec = img_info->bhi_vec; 27 void __iomem *base = mhi_cntrl->bhie; 28 struct device *dev = &mhi_cntrl->mhi_dev->dev; 29 u32 sequence_id; 30 unsigned int i; 31 int ret; 32 33 for (i = 0; i < img_info->entries - 1; i++, mhi_buf++, bhi_vec++) { 34 bhi_vec->dma_addr = mhi_buf->dma_addr; 35 bhi_vec->size = mhi_buf->len; 36 } 37 38 dev_dbg(dev, "BHIe programming for RDDM\n"); 39 40 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECADDR_HIGH_OFFS, 41 upper_32_bits(mhi_buf->dma_addr)); 42 43 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECADDR_LOW_OFFS, 44 lower_32_bits(mhi_buf->dma_addr)); 45 46 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECSIZE_OFFS, mhi_buf->len); 47 sequence_id = MHI_RANDOM_U32_NONZERO(BHIE_RXVECSTATUS_SEQNUM_BMSK); 48 49 ret = mhi_write_reg_field(mhi_cntrl, base, BHIE_RXVECDB_OFFS, 50 BHIE_RXVECDB_SEQNUM_BMSK, sequence_id); 51 if (ret) { 52 dev_err(dev, "Failed to write sequence ID for BHIE_RXVECDB\n"); 53 return ret; 54 } 55 56 dev_dbg(dev, "Address: %p and len: 0x%zx sequence: %u\n", 57 &mhi_buf->dma_addr, mhi_buf->len, sequence_id); 58 59 return 0; 60 } 61 62 /* Collect RDDM buffer during kernel panic */ 63 static int __mhi_download_rddm_in_panic(struct mhi_controller *mhi_cntrl) 64 { 65 int ret; 66 u32 rx_status; 67 enum mhi_ee_type ee; 68 const u32 delayus = 2000; 69 u32 retry = (mhi_cntrl->timeout_ms * 1000) / delayus; 70 const u32 rddm_timeout_us = 200000; 71 int rddm_retry = rddm_timeout_us / delayus; 72 void __iomem *base = mhi_cntrl->bhie; 73 struct device *dev = &mhi_cntrl->mhi_dev->dev; 74 75 dev_dbg(dev, "Entered with pm_state:%s dev_state:%s ee:%s\n", 76 to_mhi_pm_state_str(mhi_cntrl->pm_state), 77 mhi_state_str(mhi_cntrl->dev_state), 78 TO_MHI_EXEC_STR(mhi_cntrl->ee)); 79 80 /* 81 * This should only be executing during a kernel panic, we expect all 82 * other cores to shutdown while we're collecting RDDM buffer. After 83 * returning from this function, we expect the device to reset. 84 * 85 * Normaly, we read/write pm_state only after grabbing the 86 * pm_lock, since we're in a panic, skipping it. Also there is no 87 * gurantee that this state change would take effect since 88 * we're setting it w/o grabbing pm_lock 89 */ 90 mhi_cntrl->pm_state = MHI_PM_LD_ERR_FATAL_DETECT; 91 /* update should take the effect immediately */ 92 smp_wmb(); 93 94 /* 95 * Make sure device is not already in RDDM. In case the device asserts 96 * and a kernel panic follows, device will already be in RDDM. 97 * Do not trigger SYS ERR again and proceed with waiting for 98 * image download completion. 99 */ 100 ee = mhi_get_exec_env(mhi_cntrl); 101 if (ee == MHI_EE_MAX) 102 goto error_exit_rddm; 103 104 if (ee != MHI_EE_RDDM) { 105 dev_dbg(dev, "Trigger device into RDDM mode using SYS ERR\n"); 106 mhi_set_mhi_state(mhi_cntrl, MHI_STATE_SYS_ERR); 107 108 dev_dbg(dev, "Waiting for device to enter RDDM\n"); 109 while (rddm_retry--) { 110 ee = mhi_get_exec_env(mhi_cntrl); 111 if (ee == MHI_EE_RDDM) 112 break; 113 114 udelay(delayus); 115 } 116 117 if (rddm_retry <= 0) { 118 /* Hardware reset so force device to enter RDDM */ 119 dev_dbg(dev, 120 "Did not enter RDDM, do a host req reset\n"); 121 mhi_soc_reset(mhi_cntrl); 122 udelay(delayus); 123 } 124 125 ee = mhi_get_exec_env(mhi_cntrl); 126 } 127 128 dev_dbg(dev, 129 "Waiting for RDDM image download via BHIe, current EE:%s\n", 130 TO_MHI_EXEC_STR(ee)); 131 132 while (retry--) { 133 ret = mhi_read_reg_field(mhi_cntrl, base, BHIE_RXVECSTATUS_OFFS, 134 BHIE_RXVECSTATUS_STATUS_BMSK, &rx_status); 135 if (ret) 136 return -EIO; 137 138 if (rx_status == BHIE_RXVECSTATUS_STATUS_XFER_COMPL) 139 return 0; 140 141 udelay(delayus); 142 } 143 144 ee = mhi_get_exec_env(mhi_cntrl); 145 ret = mhi_read_reg(mhi_cntrl, base, BHIE_RXVECSTATUS_OFFS, &rx_status); 146 147 dev_err(dev, "RXVEC_STATUS: 0x%x\n", rx_status); 148 149 error_exit_rddm: 150 dev_err(dev, "RDDM transfer failed. Current EE: %s\n", 151 TO_MHI_EXEC_STR(ee)); 152 153 return -EIO; 154 } 155 156 /* Download RDDM image from device */ 157 int mhi_download_rddm_image(struct mhi_controller *mhi_cntrl, bool in_panic) 158 { 159 void __iomem *base = mhi_cntrl->bhie; 160 struct device *dev = &mhi_cntrl->mhi_dev->dev; 161 u32 rx_status; 162 163 if (in_panic) 164 return __mhi_download_rddm_in_panic(mhi_cntrl); 165 166 dev_dbg(dev, "Waiting for RDDM image download via BHIe\n"); 167 168 /* Wait for the image download to complete */ 169 wait_event_timeout(mhi_cntrl->state_event, 170 mhi_read_reg_field(mhi_cntrl, base, 171 BHIE_RXVECSTATUS_OFFS, 172 BHIE_RXVECSTATUS_STATUS_BMSK, 173 &rx_status) || rx_status, 174 msecs_to_jiffies(mhi_cntrl->timeout_ms)); 175 176 return (rx_status == BHIE_RXVECSTATUS_STATUS_XFER_COMPL) ? 0 : -EIO; 177 } 178 EXPORT_SYMBOL_GPL(mhi_download_rddm_image); 179 180 static int mhi_fw_load_bhie(struct mhi_controller *mhi_cntrl, 181 const struct mhi_buf *mhi_buf) 182 { 183 void __iomem *base = mhi_cntrl->bhie; 184 struct device *dev = &mhi_cntrl->mhi_dev->dev; 185 rwlock_t *pm_lock = &mhi_cntrl->pm_lock; 186 u32 tx_status, sequence_id; 187 int ret; 188 189 read_lock_bh(pm_lock); 190 if (!MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) { 191 read_unlock_bh(pm_lock); 192 return -EIO; 193 } 194 195 sequence_id = MHI_RANDOM_U32_NONZERO(BHIE_TXVECSTATUS_SEQNUM_BMSK); 196 dev_dbg(dev, "Starting image download via BHIe. Sequence ID: %u\n", 197 sequence_id); 198 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECADDR_HIGH_OFFS, 199 upper_32_bits(mhi_buf->dma_addr)); 200 201 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECADDR_LOW_OFFS, 202 lower_32_bits(mhi_buf->dma_addr)); 203 204 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECSIZE_OFFS, mhi_buf->len); 205 206 ret = mhi_write_reg_field(mhi_cntrl, base, BHIE_TXVECDB_OFFS, 207 BHIE_TXVECDB_SEQNUM_BMSK, sequence_id); 208 read_unlock_bh(pm_lock); 209 210 if (ret) 211 return ret; 212 213 /* Wait for the image download to complete */ 214 ret = wait_event_timeout(mhi_cntrl->state_event, 215 MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) || 216 mhi_read_reg_field(mhi_cntrl, base, 217 BHIE_TXVECSTATUS_OFFS, 218 BHIE_TXVECSTATUS_STATUS_BMSK, 219 &tx_status) || tx_status, 220 msecs_to_jiffies(mhi_cntrl->timeout_ms)); 221 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) || 222 tx_status != BHIE_TXVECSTATUS_STATUS_XFER_COMPL) 223 return -EIO; 224 225 return (!ret) ? -ETIMEDOUT : 0; 226 } 227 228 static int mhi_fw_load_bhi(struct mhi_controller *mhi_cntrl, 229 dma_addr_t dma_addr, 230 size_t size) 231 { 232 u32 tx_status, val, session_id; 233 int i, ret; 234 void __iomem *base = mhi_cntrl->bhi; 235 rwlock_t *pm_lock = &mhi_cntrl->pm_lock; 236 struct device *dev = &mhi_cntrl->mhi_dev->dev; 237 struct { 238 char *name; 239 u32 offset; 240 } error_reg[] = { 241 { "ERROR_CODE", BHI_ERRCODE }, 242 { "ERROR_DBG1", BHI_ERRDBG1 }, 243 { "ERROR_DBG2", BHI_ERRDBG2 }, 244 { "ERROR_DBG3", BHI_ERRDBG3 }, 245 { NULL }, 246 }; 247 248 read_lock_bh(pm_lock); 249 if (!MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) { 250 read_unlock_bh(pm_lock); 251 goto invalid_pm_state; 252 } 253 254 session_id = MHI_RANDOM_U32_NONZERO(BHI_TXDB_SEQNUM_BMSK); 255 dev_dbg(dev, "Starting image download via BHI. Session ID: %u\n", 256 session_id); 257 mhi_write_reg(mhi_cntrl, base, BHI_STATUS, 0); 258 mhi_write_reg(mhi_cntrl, base, BHI_IMGADDR_HIGH, 259 upper_32_bits(dma_addr)); 260 mhi_write_reg(mhi_cntrl, base, BHI_IMGADDR_LOW, 261 lower_32_bits(dma_addr)); 262 mhi_write_reg(mhi_cntrl, base, BHI_IMGSIZE, size); 263 mhi_write_reg(mhi_cntrl, base, BHI_IMGTXDB, session_id); 264 read_unlock_bh(pm_lock); 265 266 /* Wait for the image download to complete */ 267 ret = wait_event_timeout(mhi_cntrl->state_event, 268 MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) || 269 mhi_read_reg_field(mhi_cntrl, base, BHI_STATUS, 270 BHI_STATUS_MASK, &tx_status) || tx_status, 271 msecs_to_jiffies(mhi_cntrl->timeout_ms)); 272 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state)) 273 goto invalid_pm_state; 274 275 if (tx_status == BHI_STATUS_ERROR) { 276 dev_err(dev, "Image transfer failed\n"); 277 read_lock_bh(pm_lock); 278 if (MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) { 279 for (i = 0; error_reg[i].name; i++) { 280 ret = mhi_read_reg(mhi_cntrl, base, 281 error_reg[i].offset, &val); 282 if (ret) 283 break; 284 dev_err(dev, "Reg: %s value: 0x%x\n", 285 error_reg[i].name, val); 286 } 287 } 288 read_unlock_bh(pm_lock); 289 goto invalid_pm_state; 290 } 291 292 return (!ret) ? -ETIMEDOUT : 0; 293 294 invalid_pm_state: 295 296 return -EIO; 297 } 298 299 void mhi_free_bhie_table(struct mhi_controller *mhi_cntrl, 300 struct image_info *image_info) 301 { 302 int i; 303 struct mhi_buf *mhi_buf = image_info->mhi_buf; 304 305 for (i = 0; i < image_info->entries; i++, mhi_buf++) 306 dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len, 307 mhi_buf->buf, mhi_buf->dma_addr); 308 309 kfree(image_info->mhi_buf); 310 kfree(image_info); 311 } 312 313 int mhi_alloc_bhie_table(struct mhi_controller *mhi_cntrl, 314 struct image_info **image_info, 315 size_t alloc_size) 316 { 317 size_t seg_size = mhi_cntrl->seg_len; 318 int segments = DIV_ROUND_UP(alloc_size, seg_size) + 1; 319 int i; 320 struct image_info *img_info; 321 struct mhi_buf *mhi_buf; 322 323 img_info = kzalloc(sizeof(*img_info), GFP_KERNEL); 324 if (!img_info) 325 return -ENOMEM; 326 327 /* Allocate memory for entries */ 328 img_info->mhi_buf = kcalloc(segments, sizeof(*img_info->mhi_buf), 329 GFP_KERNEL); 330 if (!img_info->mhi_buf) 331 goto error_alloc_mhi_buf; 332 333 /* Allocate and populate vector table */ 334 mhi_buf = img_info->mhi_buf; 335 for (i = 0; i < segments; i++, mhi_buf++) { 336 size_t vec_size = seg_size; 337 338 /* Vector table is the last entry */ 339 if (i == segments - 1) 340 vec_size = sizeof(struct bhi_vec_entry) * i; 341 342 mhi_buf->len = vec_size; 343 mhi_buf->buf = dma_alloc_coherent(mhi_cntrl->cntrl_dev, 344 vec_size, &mhi_buf->dma_addr, 345 GFP_KERNEL); 346 if (!mhi_buf->buf) 347 goto error_alloc_segment; 348 } 349 350 img_info->bhi_vec = img_info->mhi_buf[segments - 1].buf; 351 img_info->entries = segments; 352 *image_info = img_info; 353 354 return 0; 355 356 error_alloc_segment: 357 for (--i, --mhi_buf; i >= 0; i--, mhi_buf--) 358 dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len, 359 mhi_buf->buf, mhi_buf->dma_addr); 360 361 error_alloc_mhi_buf: 362 kfree(img_info); 363 364 return -ENOMEM; 365 } 366 367 static void mhi_firmware_copy(struct mhi_controller *mhi_cntrl, 368 const struct firmware *firmware, 369 struct image_info *img_info) 370 { 371 size_t remainder = firmware->size; 372 size_t to_cpy; 373 const u8 *buf = firmware->data; 374 struct mhi_buf *mhi_buf = img_info->mhi_buf; 375 struct bhi_vec_entry *bhi_vec = img_info->bhi_vec; 376 377 while (remainder) { 378 to_cpy = min(remainder, mhi_buf->len); 379 memcpy(mhi_buf->buf, buf, to_cpy); 380 bhi_vec->dma_addr = mhi_buf->dma_addr; 381 bhi_vec->size = to_cpy; 382 383 buf += to_cpy; 384 remainder -= to_cpy; 385 bhi_vec++; 386 mhi_buf++; 387 } 388 } 389 390 void mhi_fw_load_handler(struct mhi_controller *mhi_cntrl) 391 { 392 const struct firmware *firmware = NULL; 393 struct device *dev = &mhi_cntrl->mhi_dev->dev; 394 enum mhi_pm_state new_state; 395 const char *fw_name; 396 void *buf; 397 dma_addr_t dma_addr; 398 size_t size; 399 int i, ret; 400 401 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state)) { 402 dev_err(dev, "Device MHI is not in valid state\n"); 403 return; 404 } 405 406 /* save hardware info from BHI */ 407 ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->bhi, BHI_SERIALNU, 408 &mhi_cntrl->serial_number); 409 if (ret) 410 dev_err(dev, "Could not capture serial number via BHI\n"); 411 412 for (i = 0; i < ARRAY_SIZE(mhi_cntrl->oem_pk_hash); i++) { 413 ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->bhi, BHI_OEMPKHASH(i), 414 &mhi_cntrl->oem_pk_hash[i]); 415 if (ret) { 416 dev_err(dev, "Could not capture OEM PK HASH via BHI\n"); 417 break; 418 } 419 } 420 421 /* wait for ready on pass through or any other execution environment */ 422 if (!MHI_FW_LOAD_CAPABLE(mhi_cntrl->ee)) 423 goto fw_load_ready_state; 424 425 fw_name = (mhi_cntrl->ee == MHI_EE_EDL) ? 426 mhi_cntrl->edl_image : mhi_cntrl->fw_image; 427 428 if (!fw_name || (mhi_cntrl->fbc_download && (!mhi_cntrl->sbl_size || 429 !mhi_cntrl->seg_len))) { 430 dev_err(dev, 431 "No firmware image defined or !sbl_size || !seg_len\n"); 432 goto error_fw_load; 433 } 434 435 ret = request_firmware(&firmware, fw_name, dev); 436 if (ret) { 437 dev_err(dev, "Error loading firmware: %d\n", ret); 438 goto error_fw_load; 439 } 440 441 size = (mhi_cntrl->fbc_download) ? mhi_cntrl->sbl_size : firmware->size; 442 443 /* SBL size provided is maximum size, not necessarily the image size */ 444 if (size > firmware->size) 445 size = firmware->size; 446 447 buf = dma_alloc_coherent(mhi_cntrl->cntrl_dev, size, &dma_addr, 448 GFP_KERNEL); 449 if (!buf) { 450 release_firmware(firmware); 451 goto error_fw_load; 452 } 453 454 /* Download image using BHI */ 455 memcpy(buf, firmware->data, size); 456 ret = mhi_fw_load_bhi(mhi_cntrl, dma_addr, size); 457 dma_free_coherent(mhi_cntrl->cntrl_dev, size, buf, dma_addr); 458 459 /* Error or in EDL mode, we're done */ 460 if (ret) { 461 dev_err(dev, "MHI did not load image over BHI, ret: %d\n", ret); 462 release_firmware(firmware); 463 goto error_fw_load; 464 } 465 466 /* Wait for ready since EDL image was loaded */ 467 if (fw_name == mhi_cntrl->edl_image) { 468 release_firmware(firmware); 469 goto fw_load_ready_state; 470 } 471 472 write_lock_irq(&mhi_cntrl->pm_lock); 473 mhi_cntrl->dev_state = MHI_STATE_RESET; 474 write_unlock_irq(&mhi_cntrl->pm_lock); 475 476 /* 477 * If we're doing fbc, populate vector tables while 478 * device transitioning into MHI READY state 479 */ 480 if (mhi_cntrl->fbc_download) { 481 ret = mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->fbc_image, 482 firmware->size); 483 if (ret) { 484 release_firmware(firmware); 485 goto error_fw_load; 486 } 487 488 /* Load the firmware into BHIE vec table */ 489 mhi_firmware_copy(mhi_cntrl, firmware, mhi_cntrl->fbc_image); 490 } 491 492 release_firmware(firmware); 493 494 fw_load_ready_state: 495 /* Transitioning into MHI RESET->READY state */ 496 ret = mhi_ready_state_transition(mhi_cntrl); 497 if (ret) { 498 dev_err(dev, "MHI did not enter READY state\n"); 499 goto error_ready_state; 500 } 501 502 dev_info(dev, "Wait for device to enter SBL or Mission mode\n"); 503 return; 504 505 error_ready_state: 506 if (mhi_cntrl->fbc_download) { 507 mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image); 508 mhi_cntrl->fbc_image = NULL; 509 } 510 511 error_fw_load: 512 write_lock_irq(&mhi_cntrl->pm_lock); 513 new_state = mhi_tryset_pm_state(mhi_cntrl, MHI_PM_FW_DL_ERR); 514 write_unlock_irq(&mhi_cntrl->pm_lock); 515 if (new_state == MHI_PM_FW_DL_ERR) 516 wake_up_all(&mhi_cntrl->state_event); 517 } 518 519 int mhi_download_amss_image(struct mhi_controller *mhi_cntrl) 520 { 521 struct image_info *image_info = mhi_cntrl->fbc_image; 522 struct device *dev = &mhi_cntrl->mhi_dev->dev; 523 enum mhi_pm_state new_state; 524 int ret; 525 526 if (!image_info) 527 return -EIO; 528 529 ret = mhi_fw_load_bhie(mhi_cntrl, 530 /* Vector table is the last entry */ 531 &image_info->mhi_buf[image_info->entries - 1]); 532 if (ret) { 533 dev_err(dev, "MHI did not load AMSS, ret:%d\n", ret); 534 write_lock_irq(&mhi_cntrl->pm_lock); 535 new_state = mhi_tryset_pm_state(mhi_cntrl, MHI_PM_FW_DL_ERR); 536 write_unlock_irq(&mhi_cntrl->pm_lock); 537 if (new_state == MHI_PM_FW_DL_ERR) 538 wake_up_all(&mhi_cntrl->state_event); 539 } 540 541 return ret; 542 } 543