1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Beagleplay Linux Driver for Greybus 4 * 5 * Copyright (c) 2023 Ayush Singh <ayushdevel1325@gmail.com> 6 * Copyright (c) 2023 BeagleBoard.org Foundation 7 */ 8 9 #include <linux/unaligned.h> 10 #include <linux/crc32.h> 11 #include <linux/gpio/consumer.h> 12 #include <linux/firmware.h> 13 #include <linux/greybus.h> 14 #include <linux/serdev.h> 15 #include <linux/crc-ccitt.h> 16 #include <linux/circ_buf.h> 17 18 #define CC1352_FIRMWARE_SIZE (704 * 1024) 19 #define CC1352_BOOTLOADER_TIMEOUT 2000 20 #define CC1352_BOOTLOADER_ACK 0xcc 21 #define CC1352_BOOTLOADER_NACK 0x33 22 23 #define RX_HDLC_PAYLOAD 256 24 #define CRC_LEN 2 25 #define MAX_RX_HDLC (1 + RX_HDLC_PAYLOAD + CRC_LEN) 26 #define TX_CIRC_BUF_SIZE 1024 27 28 #define ADDRESS_GREYBUS 0x01 29 #define ADDRESS_DBG 0x02 30 #define ADDRESS_CONTROL 0x03 31 32 #define HDLC_FRAME 0x7E 33 #define HDLC_ESC 0x7D 34 #define HDLC_XOR 0x20 35 36 #define CONTROL_SVC_START 0x01 37 #define CONTROL_SVC_STOP 0x02 38 39 /* The maximum number of CPorts supported by Greybus Host Device */ 40 #define GB_MAX_CPORTS 32 41 42 /** 43 * struct gb_beagleplay - BeaglePlay Greybus driver 44 * 45 * @sd: underlying serdev device 46 * 47 * @gb_hd: greybus host device 48 * 49 * @tx_work: hdlc transmit work 50 * @tx_producer_lock: hdlc transmit data producer lock. acquired when appending data to buffer. 51 * @tx_consumer_lock: hdlc transmit data consumer lock. acquired when sending data over uart. 52 * @tx_circ_buf: hdlc transmit circular buffer. 53 * @tx_crc: hdlc transmit crc-ccitt fcs 54 * 55 * @rx_buffer_len: length of receive buffer filled. 56 * @rx_buffer: hdlc frame receive buffer 57 * @rx_in_esc: hdlc rx flag to indicate ESC frame 58 * 59 * @fwl: underlying firmware upload device 60 * @bootloader_backdoor_gpio: cc1352p7 boot gpio 61 * @rst_gpio: cc1352p7 reset gpio 62 * @flashing_mode: flag to indicate that flashing is currently in progress 63 * @fwl_ack_com: completion to signal an Ack/Nack 64 * @fwl_ack: Ack/Nack byte received 65 * @fwl_cmd_response_com: completion to signal a bootloader command response 66 * @fwl_cmd_response: bootloader command response data 67 * @fwl_crc32: crc32 of firmware to flash 68 * @fwl_reset_addr: flag to indicate if we need to send COMMAND_DOWNLOAD again 69 */ 70 struct gb_beagleplay { 71 struct serdev_device *sd; 72 73 struct gb_host_device *gb_hd; 74 75 struct work_struct tx_work; 76 spinlock_t tx_producer_lock; 77 spinlock_t tx_consumer_lock; 78 struct circ_buf tx_circ_buf; 79 u16 tx_crc; 80 81 u16 rx_buffer_len; 82 bool rx_in_esc; 83 u8 rx_buffer[MAX_RX_HDLC]; 84 85 struct fw_upload *fwl; 86 struct gpio_desc *bootloader_backdoor_gpio; 87 struct gpio_desc *rst_gpio; 88 bool flashing_mode; 89 struct completion fwl_ack_com; 90 u8 fwl_ack; 91 struct completion fwl_cmd_response_com; 92 u32 fwl_cmd_response; 93 u32 fwl_crc32; 94 bool fwl_reset_addr; 95 }; 96 97 /** 98 * struct hdlc_payload - Structure to represent part of HDCL frame payload data. 99 * 100 * @len: buffer length in bytes 101 * @buf: payload buffer 102 */ 103 struct hdlc_payload { 104 u16 len; 105 void *buf; 106 }; 107 108 /** 109 * struct hdlc_greybus_frame - Structure to represent greybus HDLC frame payload 110 * 111 * @cport: cport id 112 * @hdr: greybus operation header 113 * @payload: greybus message payload 114 * 115 * The HDLC payload sent over UART for greybus address has cport preappended to greybus message 116 */ 117 struct hdlc_greybus_frame { 118 __le16 cport; 119 struct gb_operation_msg_hdr hdr; 120 u8 payload[]; 121 } __packed; 122 123 /** 124 * enum cc1352_bootloader_cmd: CC1352 Bootloader Commands 125 * 126 * @COMMAND_DOWNLOAD: Prepares flash programming 127 * @COMMAND_GET_STATUS: Returns the status of the last command that was issued 128 * @COMMAND_SEND_DATA: Transfers data and programs flash 129 * @COMMAND_RESET: Performs a system reset 130 * @COMMAND_CRC32: Calculates CRC32 over a specified memory area 131 * @COMMAND_BANK_ERASE: Performs an erase of all of the customer-accessible 132 * flash sectors not protected by FCFG1 and CCFG 133 * writeprotect bits. 134 * 135 * CC1352 Bootloader serial bus commands 136 */ 137 enum cc1352_bootloader_cmd { 138 COMMAND_DOWNLOAD = 0x21, 139 COMMAND_GET_STATUS = 0x23, 140 COMMAND_SEND_DATA = 0x24, 141 COMMAND_RESET = 0x25, 142 COMMAND_CRC32 = 0x27, 143 COMMAND_BANK_ERASE = 0x2c, 144 }; 145 146 /** 147 * enum cc1352_bootloader_status: CC1352 Bootloader COMMAND_GET_STATUS response 148 * 149 * @COMMAND_RET_SUCCESS: Status for successful command 150 * @COMMAND_RET_UNKNOWN_CMD: Status for unknown command 151 * @COMMAND_RET_INVALID_CMD: Status for invalid command (in other words, 152 * incorrect packet size) 153 * @COMMAND_RET_INVALID_ADR: Status for invalid input address 154 * @COMMAND_RET_FLASH_FAIL: Status for failing flash erase or program operation 155 */ 156 enum cc1352_bootloader_status { 157 COMMAND_RET_SUCCESS = 0x40, 158 COMMAND_RET_UNKNOWN_CMD = 0x41, 159 COMMAND_RET_INVALID_CMD = 0x42, 160 COMMAND_RET_INVALID_ADR = 0x43, 161 COMMAND_RET_FLASH_FAIL = 0x44, 162 }; 163 164 /** 165 * struct cc1352_bootloader_packet: CC1352 Bootloader Request Packet 166 * 167 * @len: length of packet + optional request data 168 * @checksum: 8-bit checksum excluding len 169 * @cmd: bootloader command 170 */ 171 struct cc1352_bootloader_packet { 172 u8 len; 173 u8 checksum; 174 u8 cmd; 175 } __packed; 176 177 #define CC1352_BOOTLOADER_PKT_MAX_SIZE \ 178 (U8_MAX - sizeof(struct cc1352_bootloader_packet)) 179 180 /** 181 * struct cc1352_bootloader_download_cmd_data: CC1352 Bootloader COMMAND_DOWNLOAD request data 182 * 183 * @addr: address to start programming data into 184 * @size: size of data that will be sent 185 */ 186 struct cc1352_bootloader_download_cmd_data { 187 __be32 addr; 188 __be32 size; 189 } __packed; 190 191 /** 192 * struct cc1352_bootloader_crc32_cmd_data: CC1352 Bootloader COMMAND_CRC32 request data 193 * 194 * @addr: address where crc32 calculation starts 195 * @size: number of bytes comprised by crc32 calculation 196 * @read_repeat: number of read repeats for each data location 197 */ 198 struct cc1352_bootloader_crc32_cmd_data { 199 __be32 addr; 200 __be32 size; 201 __be32 read_repeat; 202 } __packed; 203 204 static void hdlc_rx_greybus_frame(struct gb_beagleplay *bg, u8 *buf, u16 len) 205 { 206 struct hdlc_greybus_frame *gb_frame = (struct hdlc_greybus_frame *)buf; 207 u16 cport_id = le16_to_cpu(gb_frame->cport); 208 u16 gb_msg_len = le16_to_cpu(gb_frame->hdr.size); 209 210 dev_dbg(&bg->sd->dev, "Greybus Operation %u type %X cport %u status %u received", 211 gb_frame->hdr.operation_id, gb_frame->hdr.type, cport_id, gb_frame->hdr.result); 212 213 greybus_data_rcvd(bg->gb_hd, cport_id, (u8 *)&gb_frame->hdr, gb_msg_len); 214 } 215 216 static void hdlc_rx_dbg_frame(const struct gb_beagleplay *bg, const char *buf, u16 len) 217 { 218 dev_dbg(&bg->sd->dev, "CC1352 Log: %.*s", (int)len, buf); 219 } 220 221 /** 222 * hdlc_write() - Consume HDLC Buffer. 223 * @bg: beagleplay greybus driver 224 * 225 * Assumes that consumer lock has been acquired. 226 */ 227 static void hdlc_write(struct gb_beagleplay *bg) 228 { 229 int written; 230 /* Start consuming HDLC data */ 231 int head = smp_load_acquire(&bg->tx_circ_buf.head); 232 int tail = bg->tx_circ_buf.tail; 233 int count = CIRC_CNT_TO_END(head, tail, TX_CIRC_BUF_SIZE); 234 const unsigned char *buf = &bg->tx_circ_buf.buf[tail]; 235 236 if (count > 0) { 237 written = serdev_device_write_buf(bg->sd, buf, count); 238 239 /* Finish consuming HDLC data */ 240 smp_store_release(&bg->tx_circ_buf.tail, (tail + written) & (TX_CIRC_BUF_SIZE - 1)); 241 } 242 } 243 244 /** 245 * hdlc_append() - Queue a single HDLC byte for sending. 246 * @bg: beagleplay greybus driver 247 * @value: hdlc byte to transmit 248 * 249 * Caller must hold tx_producer_lock and must have ensured sufficient 250 * space in the circular buffer before calling (see hdlc_tx_frames()). 251 */ 252 static void hdlc_append(struct gb_beagleplay *bg, u8 value) 253 { 254 int head = bg->tx_circ_buf.head; 255 int tail = READ_ONCE(bg->tx_circ_buf.tail); 256 257 lockdep_assert_held(&bg->tx_producer_lock); 258 if (WARN_ON_ONCE(CIRC_SPACE(head, tail, TX_CIRC_BUF_SIZE) < 1)) 259 return; 260 261 bg->tx_circ_buf.buf[head] = value; 262 /* Ensure buffer write is visible before advancing head. */ 263 smp_store_release(&bg->tx_circ_buf.head, 264 (head + 1) & (TX_CIRC_BUF_SIZE - 1)); 265 } 266 267 static void hdlc_append_escaped(struct gb_beagleplay *bg, u8 value) 268 { 269 if (value == HDLC_FRAME || value == HDLC_ESC) { 270 hdlc_append(bg, HDLC_ESC); 271 value ^= HDLC_XOR; 272 } 273 hdlc_append(bg, value); 274 } 275 276 static void hdlc_append_tx_frame(struct gb_beagleplay *bg) 277 { 278 bg->tx_crc = 0xFFFF; 279 hdlc_append(bg, HDLC_FRAME); 280 } 281 282 static void hdlc_append_tx_u8(struct gb_beagleplay *bg, u8 value) 283 { 284 bg->tx_crc = crc_ccitt(bg->tx_crc, &value, 1); 285 hdlc_append_escaped(bg, value); 286 } 287 288 static void hdlc_append_tx_buf(struct gb_beagleplay *bg, const u8 *buf, u16 len) 289 { 290 size_t i; 291 292 for (i = 0; i < len; i++) 293 hdlc_append_tx_u8(bg, buf[i]); 294 } 295 296 static void hdlc_append_tx_crc(struct gb_beagleplay *bg) 297 { 298 bg->tx_crc ^= 0xffff; 299 hdlc_append_escaped(bg, bg->tx_crc & 0xff); 300 hdlc_append_escaped(bg, (bg->tx_crc >> 8) & 0xff); 301 } 302 303 static void hdlc_transmit(struct work_struct *work) 304 { 305 struct gb_beagleplay *bg = container_of(work, struct gb_beagleplay, tx_work); 306 307 spin_lock_bh(&bg->tx_consumer_lock); 308 hdlc_write(bg); 309 spin_unlock_bh(&bg->tx_consumer_lock); 310 } 311 312 /** 313 * hdlc_encoded_length() - Calculate worst-case encoded length of an HDLC frame. 314 * @payloads: array of payload buffers 315 * @count: number of payloads 316 * 317 * Every data byte may need HDLC escaping (doubling its size). 318 * Frame layout: flag(1) + address(1-2) + control(1-2) + payload + CRC(2-4) + flag(1). 319 * 320 * Returns the maximum number of bytes needed in the circular buffer. 321 */ 322 static size_t hdlc_encoded_length(const struct hdlc_payload payloads[], 323 size_t count) 324 { 325 size_t i, payload_len = 0; 326 327 for (i = 0; i < count; i++) 328 payload_len += payloads[i].len; 329 330 /* 331 * Worst case: every data byte needs escaping (doubles in size). 332 * data bytes = address(1) + control(1) + payload + crc(2) 333 * framing = opening flag(1) + closing flag(1) 334 */ 335 return 2 + (1 + 1 + payload_len + 2) * 2; 336 } 337 338 #define HDLC_TX_BUF_WAIT_RETRIES 500 339 #define HDLC_TX_BUF_WAIT_US_MIN 3000 340 #define HDLC_TX_BUF_WAIT_US_MAX 5000 341 342 /** 343 * hdlc_tx_frames() - Encode and queue an HDLC frame for transmission. 344 * @bg: beagleplay greybus driver 345 * @address: HDLC address field 346 * @control: HDLC control field 347 * @payloads: array of payload buffers 348 * @count: number of payloads 349 * 350 * Sleeps outside the spinlock until enough circular-buffer space is 351 * available, then verifies space under the lock and writes the entire 352 * frame atomically. Either a complete frame is enqueued or nothing is 353 * written, avoiding both sleeping in atomic context and partial frames. 354 * 355 * Returns 0 on success, -EAGAIN if the buffer remains full after retries. 356 */ 357 static int hdlc_tx_frames(struct gb_beagleplay *bg, u8 address, u8 control, 358 const struct hdlc_payload payloads[], size_t count) 359 { 360 size_t needed = hdlc_encoded_length(payloads, count); 361 int retries = HDLC_TX_BUF_WAIT_RETRIES; 362 size_t i; 363 int head, tail; 364 365 /* Wait outside the lock for sufficient buffer space. */ 366 while (retries--) { 367 /* Pairs with smp_store_release() in hdlc_append(). */ 368 head = smp_load_acquire(&bg->tx_circ_buf.head); 369 tail = READ_ONCE(bg->tx_circ_buf.tail); 370 371 if (CIRC_SPACE(head, tail, TX_CIRC_BUF_SIZE) >= needed) 372 break; 373 374 /* Kick the consumer and sleep — no lock held. */ 375 schedule_work(&bg->tx_work); 376 usleep_range(HDLC_TX_BUF_WAIT_US_MIN, HDLC_TX_BUF_WAIT_US_MAX); 377 } 378 379 if (retries < 0) { 380 dev_warn_ratelimited(&bg->sd->dev, "Tx circ buf full, dropping frame\n"); 381 return -EAGAIN; 382 } 383 384 spin_lock(&bg->tx_producer_lock); 385 386 /* 387 * Re-check space under the lock to close the TOCTOU window. 388 * This should be rare since tx_producer_lock serialises all 389 * producers and the consumer only frees space. If it fires, 390 * the caller is expected to handle -EAGAIN (retry or report). 391 */ 392 head = bg->tx_circ_buf.head; 393 tail = READ_ONCE(bg->tx_circ_buf.tail); 394 if (unlikely(CIRC_SPACE(head, tail, TX_CIRC_BUF_SIZE) < needed)) { 395 spin_unlock(&bg->tx_producer_lock); 396 dev_warn_ratelimited(&bg->sd->dev, "Tx circ buf space lost, dropping frame\n"); 397 return -EAGAIN; 398 } 399 400 hdlc_append_tx_frame(bg); 401 hdlc_append_tx_u8(bg, address); 402 hdlc_append_tx_u8(bg, control); 403 404 for (i = 0; i < count; ++i) 405 hdlc_append_tx_buf(bg, payloads[i].buf, payloads[i].len); 406 407 hdlc_append_tx_crc(bg); 408 hdlc_append_tx_frame(bg); 409 410 spin_unlock(&bg->tx_producer_lock); 411 412 schedule_work(&bg->tx_work); 413 return 0; 414 } 415 416 static void hdlc_tx_s_frame_ack(struct gb_beagleplay *bg) 417 { 418 int ret; 419 420 ret = hdlc_tx_frames(bg, bg->rx_buffer[0], (bg->rx_buffer[1] >> 1) & 0x7, NULL, 0); 421 if (ret) 422 dev_warn_ratelimited(&bg->sd->dev, "Failed to send HDLC ACK: %d\n", ret); 423 } 424 425 static void hdlc_rx_frame(struct gb_beagleplay *bg) 426 { 427 u16 crc, len; 428 u8 ctrl, *buf; 429 u8 address = bg->rx_buffer[0]; 430 431 crc = crc_ccitt(0xffff, bg->rx_buffer, bg->rx_buffer_len); 432 if (crc != 0xf0b8) { 433 dev_warn_ratelimited(&bg->sd->dev, "CRC failed from %02x: 0x%04x", address, crc); 434 return; 435 } 436 437 ctrl = bg->rx_buffer[1]; 438 buf = &bg->rx_buffer[2]; 439 len = bg->rx_buffer_len - 4; 440 441 /* I-Frame, send S-Frame ACK */ 442 if ((ctrl & 1) == 0) 443 hdlc_tx_s_frame_ack(bg); 444 445 switch (address) { 446 case ADDRESS_DBG: 447 hdlc_rx_dbg_frame(bg, buf, len); 448 break; 449 case ADDRESS_GREYBUS: 450 hdlc_rx_greybus_frame(bg, buf, len); 451 break; 452 default: 453 dev_warn_ratelimited(&bg->sd->dev, "unknown frame %u", address); 454 } 455 } 456 457 static size_t hdlc_rx(struct gb_beagleplay *bg, const u8 *data, size_t count) 458 { 459 size_t i; 460 u8 c; 461 462 for (i = 0; i < count; ++i) { 463 c = data[i]; 464 465 switch (c) { 466 case HDLC_FRAME: 467 if (bg->rx_buffer_len) 468 hdlc_rx_frame(bg); 469 470 bg->rx_buffer_len = 0; 471 break; 472 case HDLC_ESC: 473 bg->rx_in_esc = true; 474 break; 475 default: 476 if (bg->rx_in_esc) { 477 c ^= 0x20; 478 bg->rx_in_esc = false; 479 } 480 481 if (bg->rx_buffer_len < MAX_RX_HDLC) { 482 bg->rx_buffer[bg->rx_buffer_len] = c; 483 bg->rx_buffer_len++; 484 } else { 485 dev_err_ratelimited(&bg->sd->dev, "RX Buffer Overflow"); 486 bg->rx_buffer_len = 0; 487 } 488 } 489 } 490 491 return count; 492 } 493 494 static int hdlc_init(struct gb_beagleplay *bg) 495 { 496 INIT_WORK(&bg->tx_work, hdlc_transmit); 497 spin_lock_init(&bg->tx_producer_lock); 498 spin_lock_init(&bg->tx_consumer_lock); 499 bg->tx_circ_buf.head = 0; 500 bg->tx_circ_buf.tail = 0; 501 502 bg->tx_circ_buf.buf = devm_kmalloc(&bg->sd->dev, TX_CIRC_BUF_SIZE, GFP_KERNEL); 503 if (!bg->tx_circ_buf.buf) 504 return -ENOMEM; 505 506 bg->rx_buffer_len = 0; 507 bg->rx_in_esc = false; 508 509 return 0; 510 } 511 512 static void hdlc_deinit(struct gb_beagleplay *bg) 513 { 514 flush_work(&bg->tx_work); 515 } 516 517 /** 518 * csum8: Calculate 8-bit checksum on data 519 * 520 * @data: bytes to calculate 8-bit checksum of 521 * @size: number of bytes 522 * @base: starting value for checksum 523 */ 524 static u8 csum8(const u8 *data, size_t size, u8 base) 525 { 526 size_t i; 527 u8 sum = base; 528 529 for (i = 0; i < size; ++i) 530 sum += data[i]; 531 532 return sum; 533 } 534 535 static void cc1352_bootloader_send_ack(struct gb_beagleplay *bg) 536 { 537 static const u8 ack[] = { 0x00, CC1352_BOOTLOADER_ACK }; 538 539 serdev_device_write_buf(bg->sd, ack, sizeof(ack)); 540 } 541 542 static void cc1352_bootloader_send_nack(struct gb_beagleplay *bg) 543 { 544 static const u8 nack[] = { 0x00, CC1352_BOOTLOADER_NACK }; 545 546 serdev_device_write_buf(bg->sd, nack, sizeof(nack)); 547 } 548 549 /** 550 * cc1352_bootloader_pkt_rx: Process a CC1352 Bootloader Packet 551 * 552 * @bg: beagleplay greybus driver 553 * @data: packet buffer 554 * @count: packet buffer size 555 * 556 * @return: number of bytes processed 557 * 558 * Here are the steps to successfully receive a packet from cc1352 bootloader 559 * according to the docs: 560 * 1. Wait for nonzero data to be returned from the device. This is important 561 * as the device may send zero bytes between a sent and a received data 562 * packet. The first nonzero byte received is the size of the packet that is 563 * being received. 564 * 2. Read the next byte, which is the checksum for the packet. 565 * 3. Read the data bytes from the device. During the data phase, packet size 566 * minus 2 bytes is sent. 567 * 4. Calculate the checksum of the data bytes and verify it matches the 568 * checksum received in the packet. 569 * 5. Send an acknowledge byte or a not-acknowledge byte to the device to 570 * indicate the successful or unsuccessful reception of the packet. 571 */ 572 static int cc1352_bootloader_pkt_rx(struct gb_beagleplay *bg, const u8 *data, 573 size_t count) 574 { 575 bool is_valid = false; 576 577 switch (data[0]) { 578 /* Skip 0x00 bytes. */ 579 case 0x00: 580 return 1; 581 case CC1352_BOOTLOADER_ACK: 582 case CC1352_BOOTLOADER_NACK: 583 WRITE_ONCE(bg->fwl_ack, data[0]); 584 complete(&bg->fwl_ack_com); 585 return 1; 586 case 3: 587 if (count < 3) 588 return 0; 589 is_valid = data[1] == data[2]; 590 WRITE_ONCE(bg->fwl_cmd_response, (u32)data[2]); 591 break; 592 case 6: 593 if (count < 6) 594 return 0; 595 is_valid = csum8(&data[2], sizeof(__be32), 0) == data[1]; 596 WRITE_ONCE(bg->fwl_cmd_response, get_unaligned_be32(&data[2])); 597 break; 598 default: 599 return -EINVAL; 600 } 601 602 if (is_valid) { 603 cc1352_bootloader_send_ack(bg); 604 complete(&bg->fwl_cmd_response_com); 605 } else { 606 dev_warn(&bg->sd->dev, 607 "Dropping bootloader packet with invalid checksum"); 608 cc1352_bootloader_send_nack(bg); 609 } 610 611 return data[0]; 612 } 613 614 static size_t cc1352_bootloader_rx(struct gb_beagleplay *bg, const u8 *data, 615 size_t count) 616 { 617 int ret; 618 size_t off = 0; 619 620 if (count > sizeof(bg->rx_buffer) - bg->rx_buffer_len) { 621 dev_err_ratelimited(&bg->sd->dev, "Bootloader RX buffer overflow"); 622 bg->rx_buffer_len = 0; 623 return count; 624 } 625 626 if (count > sizeof(bg->rx_buffer) - bg->rx_buffer_len) { 627 dev_warn(&bg->sd->dev, 628 "dropping oversized bootloader receive chunk"); 629 bg->rx_buffer_len = 0; 630 return count; 631 } 632 633 memcpy(bg->rx_buffer + bg->rx_buffer_len, data, count); 634 bg->rx_buffer_len += count; 635 636 do { 637 ret = cc1352_bootloader_pkt_rx(bg, bg->rx_buffer + off, 638 bg->rx_buffer_len - off); 639 if (ret < 0) 640 return dev_err_probe(&bg->sd->dev, ret, 641 "Invalid Packet"); 642 off += ret; 643 } while (ret > 0 && off < count); 644 645 bg->rx_buffer_len -= off; 646 memmove(bg->rx_buffer, bg->rx_buffer + off, bg->rx_buffer_len); 647 648 return count; 649 } 650 651 static size_t gb_tty_receive(struct serdev_device *sd, const u8 *data, 652 size_t count) 653 { 654 struct gb_beagleplay *bg = serdev_device_get_drvdata(sd); 655 656 if (READ_ONCE(bg->flashing_mode)) 657 return cc1352_bootloader_rx(bg, data, count); 658 659 return hdlc_rx(bg, data, count); 660 } 661 662 static void gb_tty_wakeup(struct serdev_device *serdev) 663 { 664 struct gb_beagleplay *bg = serdev_device_get_drvdata(serdev); 665 666 if (!READ_ONCE(bg->flashing_mode)) 667 schedule_work(&bg->tx_work); 668 } 669 670 static struct serdev_device_ops gb_beagleplay_ops = { 671 .receive_buf = gb_tty_receive, 672 .write_wakeup = gb_tty_wakeup, 673 }; 674 675 /** 676 * gb_message_send() - Send greybus message using HDLC over UART 677 * 678 * @hd: pointer to greybus host device 679 * @cport: AP cport where message originates 680 * @msg: greybus message to send 681 * @mask: gfp mask 682 * 683 * Greybus HDLC frame has the following payload: 684 * 1. le16 cport 685 * 2. gb_operation_msg_hdr msg_header 686 * 3. u8 *msg_payload 687 */ 688 static int gb_message_send(struct gb_host_device *hd, u16 cport, struct gb_message *msg, gfp_t mask) 689 { 690 struct gb_beagleplay *bg = dev_get_drvdata(&hd->dev); 691 struct hdlc_payload payloads[3]; 692 __le16 cport_id = cpu_to_le16(cport); 693 int ret; 694 695 dev_dbg(&hd->dev, "Sending greybus message with Operation %u, Type: %X on Cport %u", 696 msg->header->operation_id, msg->header->type, cport); 697 698 if (le16_to_cpu(msg->header->size) > RX_HDLC_PAYLOAD) 699 return dev_err_probe(&hd->dev, -E2BIG, "Greybus message too big"); 700 701 payloads[0].buf = &cport_id; 702 payloads[0].len = sizeof(cport_id); 703 payloads[1].buf = msg->header; 704 payloads[1].len = sizeof(*msg->header); 705 payloads[2].buf = msg->payload; 706 payloads[2].len = msg->payload_size; 707 708 ret = hdlc_tx_frames(bg, ADDRESS_GREYBUS, 0x03, payloads, 3); 709 if (ret) 710 return ret; 711 712 greybus_message_sent(bg->gb_hd, msg, 0); 713 714 return 0; 715 } 716 717 static void gb_message_cancel(struct gb_message *message) 718 { 719 } 720 721 static struct gb_hd_driver gb_hdlc_driver = { .message_send = gb_message_send, 722 .message_cancel = gb_message_cancel }; 723 724 static int gb_beagleplay_start_svc(struct gb_beagleplay *bg) 725 { 726 const u8 command = CONTROL_SVC_START; 727 const struct hdlc_payload payload = { .len = 1, .buf = (void *)&command }; 728 729 return hdlc_tx_frames(bg, ADDRESS_CONTROL, 0x03, &payload, 1); 730 } 731 732 static int gb_beagleplay_stop_svc(struct gb_beagleplay *bg) 733 { 734 const u8 command = CONTROL_SVC_STOP; 735 const struct hdlc_payload payload = { .len = 1, .buf = (void *)&command }; 736 737 return hdlc_tx_frames(bg, ADDRESS_CONTROL, 0x03, &payload, 1); 738 } 739 740 static int cc1352_bootloader_wait_for_ack(struct gb_beagleplay *bg) 741 { 742 int ret; 743 744 ret = wait_for_completion_timeout( 745 &bg->fwl_ack_com, msecs_to_jiffies(CC1352_BOOTLOADER_TIMEOUT)); 746 if (!ret) 747 return dev_err_probe(&bg->sd->dev, -ETIMEDOUT, 748 "Failed to acquire ack semaphore"); 749 750 switch (READ_ONCE(bg->fwl_ack)) { 751 case CC1352_BOOTLOADER_ACK: 752 return 0; 753 case CC1352_BOOTLOADER_NACK: 754 return -EAGAIN; 755 default: 756 return -EINVAL; 757 } 758 } 759 760 static int cc1352_bootloader_sync(struct gb_beagleplay *bg) 761 { 762 static const u8 sync_bytes[] = { 0x55, 0x55 }; 763 764 serdev_device_write_buf(bg->sd, sync_bytes, sizeof(sync_bytes)); 765 return cc1352_bootloader_wait_for_ack(bg); 766 } 767 768 static int cc1352_bootloader_get_status(struct gb_beagleplay *bg) 769 { 770 int ret; 771 static const struct cc1352_bootloader_packet pkt = { 772 .len = sizeof(pkt), 773 .checksum = COMMAND_GET_STATUS, 774 .cmd = COMMAND_GET_STATUS 775 }; 776 777 serdev_device_write_buf(bg->sd, (const u8 *)&pkt, sizeof(pkt)); 778 ret = cc1352_bootloader_wait_for_ack(bg); 779 if (ret < 0) 780 return ret; 781 782 ret = wait_for_completion_timeout( 783 &bg->fwl_cmd_response_com, 784 msecs_to_jiffies(CC1352_BOOTLOADER_TIMEOUT)); 785 if (!ret) 786 return dev_err_probe(&bg->sd->dev, -ETIMEDOUT, 787 "Failed to acquire last status semaphore"); 788 789 switch (READ_ONCE(bg->fwl_cmd_response)) { 790 case COMMAND_RET_SUCCESS: 791 return 0; 792 default: 793 return -EINVAL; 794 } 795 796 return 0; 797 } 798 799 static int cc1352_bootloader_erase(struct gb_beagleplay *bg) 800 { 801 int ret; 802 static const struct cc1352_bootloader_packet pkt = { 803 .len = sizeof(pkt), 804 .checksum = COMMAND_BANK_ERASE, 805 .cmd = COMMAND_BANK_ERASE 806 }; 807 808 serdev_device_write_buf(bg->sd, (const u8 *)&pkt, sizeof(pkt)); 809 810 ret = cc1352_bootloader_wait_for_ack(bg); 811 if (ret < 0) 812 return ret; 813 814 return cc1352_bootloader_get_status(bg); 815 } 816 817 static int cc1352_bootloader_reset(struct gb_beagleplay *bg) 818 { 819 static const struct cc1352_bootloader_packet pkt = { 820 .len = sizeof(pkt), 821 .checksum = COMMAND_RESET, 822 .cmd = COMMAND_RESET 823 }; 824 825 serdev_device_write_buf(bg->sd, (const u8 *)&pkt, sizeof(pkt)); 826 827 return cc1352_bootloader_wait_for_ack(bg); 828 } 829 830 /** 831 * cc1352_bootloader_empty_pkt: Calculate the number of empty bytes in the current packet 832 * 833 * @data: packet bytes array to check 834 * @size: number of bytes in array 835 */ 836 static size_t cc1352_bootloader_empty_pkt(const u8 *data, size_t size) 837 { 838 size_t i; 839 840 for (i = 0; i < size && data[i] == 0xff; ++i) 841 continue; 842 843 return i; 844 } 845 846 static int cc1352_bootloader_crc32(struct gb_beagleplay *bg, u32 *crc32) 847 { 848 int ret; 849 static const struct cc1352_bootloader_crc32_cmd_data cmd_data = { 850 .addr = 0, .size = cpu_to_be32(704 * 1024), .read_repeat = 0 851 }; 852 const struct cc1352_bootloader_packet pkt = { 853 .len = sizeof(pkt) + sizeof(cmd_data), 854 .checksum = csum8((const void *)&cmd_data, sizeof(cmd_data), 855 COMMAND_CRC32), 856 .cmd = COMMAND_CRC32 857 }; 858 859 serdev_device_write_buf(bg->sd, (const u8 *)&pkt, sizeof(pkt)); 860 serdev_device_write_buf(bg->sd, (const u8 *)&cmd_data, 861 sizeof(cmd_data)); 862 863 ret = cc1352_bootloader_wait_for_ack(bg); 864 if (ret < 0) 865 return ret; 866 867 ret = wait_for_completion_timeout( 868 &bg->fwl_cmd_response_com, 869 msecs_to_jiffies(CC1352_BOOTLOADER_TIMEOUT)); 870 if (!ret) 871 return dev_err_probe(&bg->sd->dev, -ETIMEDOUT, 872 "Failed to acquire last status semaphore"); 873 874 *crc32 = READ_ONCE(bg->fwl_cmd_response); 875 876 return 0; 877 } 878 879 static int cc1352_bootloader_download(struct gb_beagleplay *bg, u32 size, 880 u32 addr) 881 { 882 int ret; 883 const struct cc1352_bootloader_download_cmd_data cmd_data = { 884 .addr = cpu_to_be32(addr), 885 .size = cpu_to_be32(size), 886 }; 887 const struct cc1352_bootloader_packet pkt = { 888 .len = sizeof(pkt) + sizeof(cmd_data), 889 .checksum = csum8((const void *)&cmd_data, sizeof(cmd_data), 890 COMMAND_DOWNLOAD), 891 .cmd = COMMAND_DOWNLOAD 892 }; 893 894 serdev_device_write_buf(bg->sd, (const u8 *)&pkt, sizeof(pkt)); 895 serdev_device_write_buf(bg->sd, (const u8 *)&cmd_data, 896 sizeof(cmd_data)); 897 898 ret = cc1352_bootloader_wait_for_ack(bg); 899 if (ret < 0) 900 return ret; 901 902 return cc1352_bootloader_get_status(bg); 903 } 904 905 static int cc1352_bootloader_send_data(struct gb_beagleplay *bg, const u8 *data, 906 size_t size) 907 { 908 int ret, rem = min(size, CC1352_BOOTLOADER_PKT_MAX_SIZE); 909 const struct cc1352_bootloader_packet pkt = { 910 .len = sizeof(pkt) + rem, 911 .checksum = csum8(data, rem, COMMAND_SEND_DATA), 912 .cmd = COMMAND_SEND_DATA 913 }; 914 915 serdev_device_write_buf(bg->sd, (const u8 *)&pkt, sizeof(pkt)); 916 serdev_device_write_buf(bg->sd, data, rem); 917 918 ret = cc1352_bootloader_wait_for_ack(bg); 919 if (ret < 0) 920 return ret; 921 922 ret = cc1352_bootloader_get_status(bg); 923 if (ret < 0) 924 return ret; 925 926 return rem; 927 } 928 929 static void gb_greybus_deinit(struct gb_beagleplay *bg) 930 { 931 gb_hd_del(bg->gb_hd); 932 gb_hd_put(bg->gb_hd); 933 } 934 935 static int gb_greybus_init(struct gb_beagleplay *bg) 936 { 937 int ret; 938 939 bg->gb_hd = gb_hd_create(&gb_hdlc_driver, &bg->sd->dev, TX_CIRC_BUF_SIZE, GB_MAX_CPORTS); 940 if (IS_ERR(bg->gb_hd)) { 941 dev_err(&bg->sd->dev, "Failed to create greybus host device"); 942 return PTR_ERR(bg->gb_hd); 943 } 944 945 ret = gb_hd_add(bg->gb_hd); 946 if (ret) { 947 dev_err(&bg->sd->dev, "Failed to add greybus host device"); 948 goto free_gb_hd; 949 } 950 dev_set_drvdata(&bg->gb_hd->dev, bg); 951 952 return 0; 953 954 free_gb_hd: 955 gb_greybus_deinit(bg); 956 return ret; 957 } 958 959 static enum fw_upload_err cc1352_prepare(struct fw_upload *fw_upload, 960 const u8 *data, u32 size) 961 { 962 int ret; 963 u32 curr_crc32; 964 struct gb_beagleplay *bg = fw_upload->dd_handle; 965 966 dev_info(&bg->sd->dev, "CC1352 Start Flashing..."); 967 968 if (size != CC1352_FIRMWARE_SIZE) 969 return FW_UPLOAD_ERR_INVALID_SIZE; 970 971 /* Might involve network calls */ 972 gb_greybus_deinit(bg); 973 msleep(5 * MSEC_PER_SEC); 974 975 /* Best effort — device is entering bootloader mode regardless. */ 976 if (gb_beagleplay_stop_svc(bg)) 977 dev_warn(&bg->sd->dev, "Failed to send SVC stop before flashing\n"); 978 msleep(200); 979 flush_work(&bg->tx_work); 980 981 serdev_device_wait_until_sent(bg->sd, CC1352_BOOTLOADER_TIMEOUT); 982 983 WRITE_ONCE(bg->flashing_mode, true); 984 985 gpiod_direction_output(bg->bootloader_backdoor_gpio, 0); 986 gpiod_direction_output(bg->rst_gpio, 0); 987 msleep(200); 988 989 gpiod_set_value(bg->rst_gpio, 1); 990 msleep(200); 991 992 gpiod_set_value(bg->bootloader_backdoor_gpio, 1); 993 msleep(200); 994 995 gpiod_direction_input(bg->bootloader_backdoor_gpio); 996 gpiod_direction_input(bg->rst_gpio); 997 998 ret = cc1352_bootloader_sync(bg); 999 if (ret < 0) 1000 return dev_err_probe(&bg->sd->dev, FW_UPLOAD_ERR_HW_ERROR, 1001 "Failed to sync"); 1002 1003 ret = cc1352_bootloader_crc32(bg, &curr_crc32); 1004 if (ret < 0) 1005 return dev_err_probe(&bg->sd->dev, FW_UPLOAD_ERR_HW_ERROR, 1006 "Failed to fetch crc32"); 1007 1008 bg->fwl_crc32 = crc32(0xffffffff, data, size) ^ 0xffffffff; 1009 1010 /* Check if attempting to reflash same firmware */ 1011 if (bg->fwl_crc32 == curr_crc32) { 1012 dev_warn(&bg->sd->dev, "Skipping reflashing same image"); 1013 cc1352_bootloader_reset(bg); 1014 WRITE_ONCE(bg->flashing_mode, false); 1015 msleep(200); 1016 if (gb_greybus_init(bg) < 0) 1017 return dev_err_probe(&bg->sd->dev, FW_UPLOAD_ERR_RW_ERROR, 1018 "Failed to initialize greybus"); 1019 if (gb_beagleplay_start_svc(bg)) 1020 return dev_err_probe(&bg->sd->dev, FW_UPLOAD_ERR_RW_ERROR, 1021 "Failed to restart SVC after skip"); 1022 return FW_UPLOAD_ERR_FW_INVALID; 1023 } 1024 1025 ret = cc1352_bootloader_erase(bg); 1026 if (ret < 0) 1027 return dev_err_probe(&bg->sd->dev, FW_UPLOAD_ERR_HW_ERROR, 1028 "Failed to erase"); 1029 1030 bg->fwl_reset_addr = true; 1031 1032 return FW_UPLOAD_ERR_NONE; 1033 } 1034 1035 static void cc1352_cleanup(struct fw_upload *fw_upload) 1036 { 1037 struct gb_beagleplay *bg = fw_upload->dd_handle; 1038 1039 WRITE_ONCE(bg->flashing_mode, false); 1040 } 1041 1042 static enum fw_upload_err cc1352_write(struct fw_upload *fw_upload, 1043 const u8 *data, u32 offset, u32 size, 1044 u32 *written) 1045 { 1046 int ret; 1047 size_t empty_bytes; 1048 struct gb_beagleplay *bg = fw_upload->dd_handle; 1049 1050 /* Skip 0xff packets. Significant performance improvement */ 1051 empty_bytes = cc1352_bootloader_empty_pkt(data + offset, size); 1052 if (empty_bytes >= CC1352_BOOTLOADER_PKT_MAX_SIZE) { 1053 bg->fwl_reset_addr = true; 1054 *written = empty_bytes; 1055 return FW_UPLOAD_ERR_NONE; 1056 } 1057 1058 if (bg->fwl_reset_addr) { 1059 ret = cc1352_bootloader_download(bg, size, offset); 1060 if (ret < 0) 1061 return dev_err_probe(&bg->sd->dev, 1062 FW_UPLOAD_ERR_HW_ERROR, 1063 "Failed to send download cmd"); 1064 1065 bg->fwl_reset_addr = false; 1066 } 1067 1068 ret = cc1352_bootloader_send_data(bg, data + offset, size); 1069 if (ret < 0) 1070 return dev_err_probe(&bg->sd->dev, FW_UPLOAD_ERR_HW_ERROR, 1071 "Failed to flash firmware"); 1072 *written = ret; 1073 1074 return FW_UPLOAD_ERR_NONE; 1075 } 1076 1077 static enum fw_upload_err cc1352_poll_complete(struct fw_upload *fw_upload) 1078 { 1079 u32 curr_crc32; 1080 struct gb_beagleplay *bg = fw_upload->dd_handle; 1081 1082 if (cc1352_bootloader_crc32(bg, &curr_crc32) < 0) 1083 return dev_err_probe(&bg->sd->dev, FW_UPLOAD_ERR_HW_ERROR, 1084 "Failed to fetch crc32"); 1085 1086 if (bg->fwl_crc32 != curr_crc32) 1087 return dev_err_probe(&bg->sd->dev, FW_UPLOAD_ERR_FW_INVALID, 1088 "Invalid CRC32"); 1089 1090 if (cc1352_bootloader_reset(bg) < 0) 1091 return dev_err_probe(&bg->sd->dev, FW_UPLOAD_ERR_HW_ERROR, 1092 "Failed to reset"); 1093 1094 dev_info(&bg->sd->dev, "CC1352 Flashing Successful"); 1095 WRITE_ONCE(bg->flashing_mode, false); 1096 msleep(200); 1097 1098 if (gb_greybus_init(bg) < 0) 1099 return dev_err_probe(&bg->sd->dev, FW_UPLOAD_ERR_RW_ERROR, 1100 "Failed to initialize greybus"); 1101 1102 if (gb_beagleplay_start_svc(bg) < 0) 1103 return dev_err_probe(&bg->sd->dev, FW_UPLOAD_ERR_RW_ERROR, 1104 "Failed to start SVC"); 1105 1106 return FW_UPLOAD_ERR_NONE; 1107 } 1108 1109 static void cc1352_cancel(struct fw_upload *fw_upload) 1110 { 1111 struct gb_beagleplay *bg = fw_upload->dd_handle; 1112 1113 dev_info(&bg->sd->dev, "CC1352 Bootloader Cancel"); 1114 1115 cc1352_bootloader_reset(bg); 1116 } 1117 1118 static void gb_serdev_deinit(struct gb_beagleplay *bg) 1119 { 1120 serdev_device_close(bg->sd); 1121 } 1122 1123 static int gb_serdev_init(struct gb_beagleplay *bg) 1124 { 1125 int ret; 1126 1127 serdev_device_set_drvdata(bg->sd, bg); 1128 serdev_device_set_client_ops(bg->sd, &gb_beagleplay_ops); 1129 ret = serdev_device_open(bg->sd); 1130 if (ret) 1131 return dev_err_probe(&bg->sd->dev, ret, "Unable to open serial device"); 1132 1133 serdev_device_set_baudrate(bg->sd, 115200); 1134 serdev_device_set_flow_control(bg->sd, false); 1135 1136 return 0; 1137 } 1138 1139 static const struct fw_upload_ops cc1352_bootloader_ops = { 1140 .prepare = cc1352_prepare, 1141 .write = cc1352_write, 1142 .poll_complete = cc1352_poll_complete, 1143 .cancel = cc1352_cancel, 1144 .cleanup = cc1352_cleanup 1145 }; 1146 1147 /* 1148 * Must only be called from probe() as the devres resources allocated here 1149 * will only be released on driver detach. 1150 */ 1151 static int gb_fw_init(struct gb_beagleplay *bg) 1152 { 1153 struct fw_upload *fwl; 1154 struct gpio_desc *desc; 1155 1156 bg->fwl = NULL; 1157 bg->bootloader_backdoor_gpio = NULL; 1158 bg->rst_gpio = NULL; 1159 bg->flashing_mode = false; 1160 bg->fwl_cmd_response = 0; 1161 bg->fwl_ack = 0; 1162 init_completion(&bg->fwl_ack_com); 1163 init_completion(&bg->fwl_cmd_response_com); 1164 1165 desc = devm_gpiod_get(&bg->sd->dev, "bootloader-backdoor", GPIOD_IN); 1166 if (IS_ERR(desc)) 1167 return PTR_ERR(desc); 1168 bg->bootloader_backdoor_gpio = desc; 1169 1170 desc = devm_gpiod_get(&bg->sd->dev, "reset", GPIOD_IN); 1171 if (IS_ERR(desc)) 1172 return PTR_ERR(desc); 1173 bg->rst_gpio = desc; 1174 1175 fwl = firmware_upload_register(THIS_MODULE, &bg->sd->dev, "cc1352p7", 1176 &cc1352_bootloader_ops, bg); 1177 if (IS_ERR(fwl)) 1178 return PTR_ERR(fwl); 1179 bg->fwl = fwl; 1180 1181 return 0; 1182 } 1183 1184 static void gb_fw_deinit(struct gb_beagleplay *bg) 1185 { 1186 firmware_upload_unregister(bg->fwl); 1187 } 1188 1189 static int gb_beagleplay_probe(struct serdev_device *serdev) 1190 { 1191 int ret = 0; 1192 struct gb_beagleplay *bg; 1193 1194 bg = devm_kmalloc(&serdev->dev, sizeof(*bg), GFP_KERNEL); 1195 if (!bg) 1196 return -ENOMEM; 1197 1198 bg->sd = serdev; 1199 ret = gb_serdev_init(bg); 1200 if (ret) 1201 return ret; 1202 1203 ret = hdlc_init(bg); 1204 if (ret) 1205 goto free_serdev; 1206 1207 ret = gb_fw_init(bg); 1208 if (ret) 1209 goto free_hdlc; 1210 1211 ret = gb_greybus_init(bg); 1212 if (ret) 1213 goto free_fw; 1214 1215 ret = gb_beagleplay_start_svc(bg); 1216 if (ret) 1217 goto free_greybus; 1218 1219 return 0; 1220 1221 free_greybus: 1222 gb_greybus_deinit(bg); 1223 free_fw: 1224 gb_fw_deinit(bg); 1225 free_hdlc: 1226 hdlc_deinit(bg); 1227 free_serdev: 1228 gb_serdev_deinit(bg); 1229 return ret; 1230 } 1231 1232 static void gb_beagleplay_remove(struct serdev_device *serdev) 1233 { 1234 struct gb_beagleplay *bg = serdev_device_get_drvdata(serdev); 1235 1236 gb_fw_deinit(bg); 1237 gb_greybus_deinit(bg); 1238 /* Best effort — device is being removed. */ 1239 gb_beagleplay_stop_svc(bg); 1240 hdlc_deinit(bg); 1241 gb_serdev_deinit(bg); 1242 } 1243 1244 static const struct of_device_id gb_beagleplay_of_match[] = { 1245 { 1246 .compatible = "ti,cc1352p7", 1247 }, 1248 {}, 1249 }; 1250 MODULE_DEVICE_TABLE(of, gb_beagleplay_of_match); 1251 1252 static struct serdev_device_driver gb_beagleplay_driver = { 1253 .probe = gb_beagleplay_probe, 1254 .remove = gb_beagleplay_remove, 1255 .driver = { 1256 .name = "gb_beagleplay", 1257 .of_match_table = gb_beagleplay_of_match, 1258 }, 1259 }; 1260 1261 module_serdev_device_driver(gb_beagleplay_driver); 1262 1263 MODULE_LICENSE("GPL"); 1264 MODULE_AUTHOR("Ayush Singh <ayushdevel1325@gmail.com>"); 1265 MODULE_DESCRIPTION("A Greybus driver for BeaglePlay"); 1266