1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (c) 2018-2020, The Linux Foundation. All rights reserved. 4 * 5 */ 6 7#include <linux/delay.h> 8#include <linux/device.h> 9#include <linux/dma-direction.h> 10#include <linux/dma-mapping.h> 11#include <linux/firmware.h> 12#include <linux/interrupt.h> 13#include <linux/list.h> 14#include <linux/mhi.h> 15#include <linux/module.h> 16#include <linux/random.h> 17#include <linux/slab.h> 18#include <linux/wait.h> 19#include "internal.h" 20 21/* Setup RDDM vector table for RDDM transfer and program RXVEC */ 22int mhi_rddm_prepare(struct mhi_controller *mhi_cntrl, 23 struct image_info *img_info) 24{ 25 struct mhi_buf *mhi_buf = img_info->mhi_buf; 26 struct bhi_vec_entry *bhi_vec = img_info->bhi_vec; 27 void __iomem *base = mhi_cntrl->bhie; 28 struct device *dev = &mhi_cntrl->mhi_dev->dev; 29 u32 sequence_id; 30 unsigned int i; 31 int ret; 32 33 for (i = 0; i < img_info->entries - 1; i++, mhi_buf++, bhi_vec++) { 34 bhi_vec->dma_addr = mhi_buf->dma_addr; 35 bhi_vec->size = mhi_buf->len; 36 } 37 38 dev_dbg(dev, "BHIe programming for RDDM\n"); 39 40 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECADDR_HIGH_OFFS, 41 upper_32_bits(mhi_buf->dma_addr)); 42 43 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECADDR_LOW_OFFS, 44 lower_32_bits(mhi_buf->dma_addr)); 45 46 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECSIZE_OFFS, mhi_buf->len); 47 sequence_id = MHI_RANDOM_U32_NONZERO(BHIE_RXVECSTATUS_SEQNUM_BMSK); 48 49 ret = mhi_write_reg_field(mhi_cntrl, base, BHIE_RXVECDB_OFFS, 50 BHIE_RXVECDB_SEQNUM_BMSK, sequence_id); 51 if (ret) { 52 dev_err(dev, "Failed to write sequence ID for BHIE_RXVECDB\n"); 53 return ret; 54 } 55 56 dev_dbg(dev, "Address: %p and len: 0x%zx sequence: %u\n", 57 &mhi_buf->dma_addr, mhi_buf->len, sequence_id); 58 59 return 0; 60} 61 62/* Collect RDDM buffer during kernel panic */ 63static int __mhi_download_rddm_in_panic(struct mhi_controller *mhi_cntrl) 64{ 65 int ret; 66 u32 rx_status; 67 enum mhi_ee_type ee; 68 const u32 delayus = 2000; 69 u32 retry = (mhi_cntrl->timeout_ms * 1000) / delayus; 70 const u32 rddm_timeout_us = 200000; 71 int rddm_retry = rddm_timeout_us / delayus; 72 void __iomem *base = mhi_cntrl->bhie; 73 struct device *dev = &mhi_cntrl->mhi_dev->dev; 74 75 dev_dbg(dev, "Entered with pm_state:%s dev_state:%s ee:%s\n", 76 to_mhi_pm_state_str(mhi_cntrl->pm_state), 77 mhi_state_str(mhi_cntrl->dev_state), 78 TO_MHI_EXEC_STR(mhi_cntrl->ee)); 79 80 /* 81 * This should only be executing during a kernel panic, we expect all 82 * other cores to shutdown while we're collecting RDDM buffer. After 83 * returning from this function, we expect the device to reset. 84 * 85 * Normaly, we read/write pm_state only after grabbing the 86 * pm_lock, since we're in a panic, skipping it. Also there is no 87 * gurantee that this state change would take effect since 88 * we're setting it w/o grabbing pm_lock 89 */ 90 mhi_cntrl->pm_state = MHI_PM_LD_ERR_FATAL_DETECT; 91 /* update should take the effect immediately */ 92 smp_wmb(); 93 94 /* 95 * Make sure device is not already in RDDM. In case the device asserts 96 * and a kernel panic follows, device will already be in RDDM. 97 * Do not trigger SYS ERR again and proceed with waiting for 98 * image download completion. 99 */ 100 ee = mhi_get_exec_env(mhi_cntrl); 101 if (ee == MHI_EE_MAX) 102 goto error_exit_rddm; 103 104 if (ee != MHI_EE_RDDM) { 105 dev_dbg(dev, "Trigger device into RDDM mode using SYS ERR\n"); 106 mhi_set_mhi_state(mhi_cntrl, MHI_STATE_SYS_ERR); 107 108 dev_dbg(dev, "Waiting for device to enter RDDM\n"); 109 while (rddm_retry--) { 110 ee = mhi_get_exec_env(mhi_cntrl); 111 if (ee == MHI_EE_RDDM) 112 break; 113 114 udelay(delayus); 115 } 116 117 if (rddm_retry <= 0) { 118 /* Hardware reset so force device to enter RDDM */ 119 dev_dbg(dev, 120 "Did not enter RDDM, do a host req reset\n"); 121 mhi_soc_reset(mhi_cntrl); 122 udelay(delayus); 123 } 124 125 ee = mhi_get_exec_env(mhi_cntrl); 126 } 127 128 dev_dbg(dev, 129 "Waiting for RDDM image download via BHIe, current EE:%s\n", 130 TO_MHI_EXEC_STR(ee)); 131 132 while (retry--) { 133 ret = mhi_read_reg_field(mhi_cntrl, base, BHIE_RXVECSTATUS_OFFS, 134 BHIE_RXVECSTATUS_STATUS_BMSK, &rx_status); 135 if (ret) 136 return -EIO; 137 138 if (rx_status == BHIE_RXVECSTATUS_STATUS_XFER_COMPL) 139 return 0; 140 141 udelay(delayus); 142 } 143 144 ee = mhi_get_exec_env(mhi_cntrl); 145 ret = mhi_read_reg(mhi_cntrl, base, BHIE_RXVECSTATUS_OFFS, &rx_status); 146 147 dev_err(dev, "RXVEC_STATUS: 0x%x\n", rx_status); 148 149error_exit_rddm: 150 dev_err(dev, "RDDM transfer failed. Current EE: %s\n", 151 TO_MHI_EXEC_STR(ee)); 152 153 return -EIO; 154} 155 156/* Download RDDM image from device */ 157int mhi_download_rddm_image(struct mhi_controller *mhi_cntrl, bool in_panic) 158{ 159 void __iomem *base = mhi_cntrl->bhie; 160 struct device *dev = &mhi_cntrl->mhi_dev->dev; 161 u32 rx_status; 162 163 if (in_panic) 164 return __mhi_download_rddm_in_panic(mhi_cntrl); 165 166 dev_dbg(dev, "Waiting for RDDM image download via BHIe\n"); 167 168 /* Wait for the image download to complete */ 169 wait_event_timeout(mhi_cntrl->state_event, 170 mhi_read_reg_field(mhi_cntrl, base, 171 BHIE_RXVECSTATUS_OFFS, 172 BHIE_RXVECSTATUS_STATUS_BMSK, 173 &rx_status) || rx_status, 174 msecs_to_jiffies(mhi_cntrl->timeout_ms)); 175 176 return (rx_status == BHIE_RXVECSTATUS_STATUS_XFER_COMPL) ? 0 : -EIO; 177} 178EXPORT_SYMBOL_GPL(mhi_download_rddm_image); 179 180static int mhi_fw_load_bhie(struct mhi_controller *mhi_cntrl, 181 const struct mhi_buf *mhi_buf) 182{ 183 void __iomem *base = mhi_cntrl->bhie; 184 struct device *dev = &mhi_cntrl->mhi_dev->dev; 185 rwlock_t *pm_lock = &mhi_cntrl->pm_lock; 186 u32 tx_status, sequence_id; 187 int ret; 188 189 read_lock_bh(pm_lock); 190 if (!MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) { 191 read_unlock_bh(pm_lock); 192 return -EIO; 193 } 194 195 sequence_id = MHI_RANDOM_U32_NONZERO(BHIE_TXVECSTATUS_SEQNUM_BMSK); 196 dev_dbg(dev, "Starting image download via BHIe. Sequence ID: %u\n", 197 sequence_id); 198 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECADDR_HIGH_OFFS, 199 upper_32_bits(mhi_buf->dma_addr)); 200 201 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECADDR_LOW_OFFS, 202 lower_32_bits(mhi_buf->dma_addr)); 203 204 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECSIZE_OFFS, mhi_buf->len); 205 206 ret = mhi_write_reg_field(mhi_cntrl, base, BHIE_TXVECDB_OFFS, 207 BHIE_TXVECDB_SEQNUM_BMSK, sequence_id); 208 read_unlock_bh(pm_lock); 209 210 if (ret) 211 return ret; 212 213 /* Wait for the image download to complete */ 214 ret = wait_event_timeout(mhi_cntrl->state_event, 215 MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) || 216 mhi_read_reg_field(mhi_cntrl, base, 217 BHIE_TXVECSTATUS_OFFS, 218 BHIE_TXVECSTATUS_STATUS_BMSK, 219 &tx_status) || tx_status, 220 msecs_to_jiffies(mhi_cntrl->timeout_ms)); 221 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) || 222 tx_status != BHIE_TXVECSTATUS_STATUS_XFER_COMPL) 223 return -EIO; 224 225 return (!ret) ? -ETIMEDOUT : 0; 226} 227 228static int mhi_fw_load_bhi(struct mhi_controller *mhi_cntrl, 229 dma_addr_t dma_addr, 230 size_t size) 231{ 232 u32 tx_status, val, session_id; 233 int i, ret; 234 void __iomem *base = mhi_cntrl->bhi; 235 rwlock_t *pm_lock = &mhi_cntrl->pm_lock; 236 struct device *dev = &mhi_cntrl->mhi_dev->dev; 237 struct { 238 char *name; 239 u32 offset; 240 } error_reg[] = { 241 { "ERROR_CODE", BHI_ERRCODE }, 242 { "ERROR_DBG1", BHI_ERRDBG1 }, 243 { "ERROR_DBG2", BHI_ERRDBG2 }, 244 { "ERROR_DBG3", BHI_ERRDBG3 }, 245 { NULL }, 246 }; 247 248 read_lock_bh(pm_lock); 249 if (!MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) { 250 read_unlock_bh(pm_lock); 251 goto invalid_pm_state; 252 } 253 254 session_id = MHI_RANDOM_U32_NONZERO(BHI_TXDB_SEQNUM_BMSK); 255 dev_dbg(dev, "Starting image download via BHI. Session ID: %u\n", 256 session_id); 257 mhi_write_reg(mhi_cntrl, base, BHI_STATUS, 0); 258 mhi_write_reg(mhi_cntrl, base, BHI_IMGADDR_HIGH, 259 upper_32_bits(dma_addr)); 260 mhi_write_reg(mhi_cntrl, base, BHI_IMGADDR_LOW, 261 lower_32_bits(dma_addr)); 262 mhi_write_reg(mhi_cntrl, base, BHI_IMGSIZE, size); 263 mhi_write_reg(mhi_cntrl, base, BHI_IMGTXDB, session_id); 264 read_unlock_bh(pm_lock); 265 266 /* Wait for the image download to complete */ 267 ret = wait_event_timeout(mhi_cntrl->state_event, 268 MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) || 269 mhi_read_reg_field(mhi_cntrl, base, BHI_STATUS, 270 BHI_STATUS_MASK, &tx_status) || tx_status, 271 msecs_to_jiffies(mhi_cntrl->timeout_ms)); 272 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state)) 273 goto invalid_pm_state; 274 275 if (tx_status == BHI_STATUS_ERROR) { 276 dev_err(dev, "Image transfer failed\n"); 277 read_lock_bh(pm_lock); 278 if (MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) { 279 for (i = 0; error_reg[i].name; i++) { 280 ret = mhi_read_reg(mhi_cntrl, base, 281 error_reg[i].offset, &val); 282 if (ret) 283 break; 284 dev_err(dev, "Reg: %s value: 0x%x\n", 285 error_reg[i].name, val); 286 } 287 } 288 read_unlock_bh(pm_lock); 289 goto invalid_pm_state; 290 } 291 292 return (!ret) ? -ETIMEDOUT : 0; 293 294invalid_pm_state: 295 296 return -EIO; 297} 298 299void mhi_free_bhie_table(struct mhi_controller *mhi_cntrl, 300 struct image_info *image_info) 301{ 302 int i; 303 struct mhi_buf *mhi_buf = image_info->mhi_buf; 304 305 for (i = 0; i < image_info->entries; i++, mhi_buf++) 306 dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len, 307 mhi_buf->buf, mhi_buf->dma_addr); 308 309 kfree(image_info->mhi_buf); 310 kfree(image_info); 311} 312 313int mhi_alloc_bhie_table(struct mhi_controller *mhi_cntrl, 314 struct image_info **image_info, 315 size_t alloc_size) 316{ 317 size_t seg_size = mhi_cntrl->seg_len; 318 int segments = DIV_ROUND_UP(alloc_size, seg_size) + 1; 319 int i; 320 struct image_info *img_info; 321 struct mhi_buf *mhi_buf; 322 323 img_info = kzalloc(sizeof(*img_info), GFP_KERNEL); 324 if (!img_info) 325 return -ENOMEM; 326 327 /* Allocate memory for entries */ 328 img_info->mhi_buf = kcalloc(segments, sizeof(*img_info->mhi_buf), 329 GFP_KERNEL); 330 if (!img_info->mhi_buf) 331 goto error_alloc_mhi_buf; 332 333 /* Allocate and populate vector table */ 334 mhi_buf = img_info->mhi_buf; 335 for (i = 0; i < segments; i++, mhi_buf++) { 336 size_t vec_size = seg_size; 337 338 /* Vector table is the last entry */ 339 if (i == segments - 1) 340 vec_size = sizeof(struct bhi_vec_entry) * i; 341 342 mhi_buf->len = vec_size; 343 mhi_buf->buf = dma_alloc_coherent(mhi_cntrl->cntrl_dev, 344 vec_size, &mhi_buf->dma_addr, 345 GFP_KERNEL); 346 if (!mhi_buf->buf) 347 goto error_alloc_segment; 348 } 349 350 img_info->bhi_vec = img_info->mhi_buf[segments - 1].buf; 351 img_info->entries = segments; 352 *image_info = img_info; 353 354 return 0; 355 356error_alloc_segment: 357 for (--i, --mhi_buf; i >= 0; i--, mhi_buf--) 358 dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len, 359 mhi_buf->buf, mhi_buf->dma_addr); 360 361error_alloc_mhi_buf: 362 kfree(img_info); 363 364 return -ENOMEM; 365} 366 367static void mhi_firmware_copy(struct mhi_controller *mhi_cntrl, 368 const u8 *buf, size_t remainder, 369 struct image_info *img_info) 370{ 371 size_t to_cpy; 372 struct mhi_buf *mhi_buf = img_info->mhi_buf; 373 struct bhi_vec_entry *bhi_vec = img_info->bhi_vec; 374 375 while (remainder) { 376 to_cpy = min(remainder, mhi_buf->len); 377 memcpy(mhi_buf->buf, buf, to_cpy); 378 bhi_vec->dma_addr = mhi_buf->dma_addr; 379 bhi_vec->size = to_cpy; 380 381 buf += to_cpy; 382 remainder -= to_cpy; 383 bhi_vec++; 384 mhi_buf++; 385 } 386} 387 388void mhi_fw_load_handler(struct mhi_controller *mhi_cntrl) 389{ 390 const struct firmware *firmware = NULL; 391 struct device *dev = &mhi_cntrl->mhi_dev->dev; 392 enum mhi_pm_state new_state; 393 const char *fw_name; 394 const u8 *fw_data; 395 void *buf; 396 dma_addr_t dma_addr; 397 size_t size, fw_sz; 398 int ret; 399 400 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state)) { 401 dev_err(dev, "Device MHI is not in valid state\n"); 402 return; 403 } 404 405 /* save hardware info from BHI */ 406 ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->bhi, BHI_SERIALNU, 407 &mhi_cntrl->serial_number); 408 if (ret) 409 dev_err(dev, "Could not capture serial number via BHI\n"); 410 411 /* wait for ready on pass through or any other execution environment */ 412 if (!MHI_FW_LOAD_CAPABLE(mhi_cntrl->ee)) 413 goto fw_load_ready_state; 414 415 fw_name = (mhi_cntrl->ee == MHI_EE_EDL) ? 416 mhi_cntrl->edl_image : mhi_cntrl->fw_image; 417 418 /* check if the driver has already provided the firmware data */ 419 if (!fw_name && mhi_cntrl->fbc_download && 420 mhi_cntrl->fw_data && mhi_cntrl->fw_sz) { 421 if (!mhi_cntrl->sbl_size) { 422 dev_err(dev, "fw_data provided but no sbl_size\n"); 423 goto error_fw_load; 424 } 425 426 size = mhi_cntrl->sbl_size; 427 fw_data = mhi_cntrl->fw_data; 428 fw_sz = mhi_cntrl->fw_sz; 429 goto skip_req_fw; 430 } 431 432 if (!fw_name || (mhi_cntrl->fbc_download && (!mhi_cntrl->sbl_size || 433 !mhi_cntrl->seg_len))) { 434 dev_err(dev, 435 "No firmware image defined or !sbl_size || !seg_len\n"); 436 goto error_fw_load; 437 } 438 439 ret = request_firmware(&firmware, fw_name, dev); 440 if (ret) { 441 dev_err(dev, "Error loading firmware: %d\n", ret); 442 goto error_fw_load; 443 } 444 445 size = (mhi_cntrl->fbc_download) ? mhi_cntrl->sbl_size : firmware->size; 446 447 /* SBL size provided is maximum size, not necessarily the image size */ 448 if (size > firmware->size) 449 size = firmware->size; 450 451 fw_data = firmware->data; 452 fw_sz = firmware->size; 453 454skip_req_fw: 455 buf = dma_alloc_coherent(mhi_cntrl->cntrl_dev, size, &dma_addr, 456 GFP_KERNEL); 457 if (!buf) { 458 release_firmware(firmware); 459 goto error_fw_load; 460 } 461 462 /* Download image using BHI */ 463 memcpy(buf, fw_data, size); 464 ret = mhi_fw_load_bhi(mhi_cntrl, dma_addr, size); 465 dma_free_coherent(mhi_cntrl->cntrl_dev, size, buf, dma_addr); 466 467 /* Error or in EDL mode, we're done */ 468 if (ret) { 469 dev_err(dev, "MHI did not load image over BHI, ret: %d\n", ret); 470 release_firmware(firmware); 471 goto error_fw_load; 472 } 473 474 /* Wait for ready since EDL image was loaded */ 475 if (fw_name && fw_name == mhi_cntrl->edl_image) { 476 release_firmware(firmware); 477 goto fw_load_ready_state; 478 } 479 480 write_lock_irq(&mhi_cntrl->pm_lock); 481 mhi_cntrl->dev_state = MHI_STATE_RESET; 482 write_unlock_irq(&mhi_cntrl->pm_lock); 483 484 /* 485 * If we're doing fbc, populate vector tables while 486 * device transitioning into MHI READY state 487 */ 488 if (mhi_cntrl->fbc_download) { 489 ret = mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->fbc_image, fw_sz); 490 if (ret) { 491 release_firmware(firmware); 492 goto error_fw_load; 493 } 494 495 /* Load the firmware into BHIE vec table */ 496 mhi_firmware_copy(mhi_cntrl, fw_data, fw_sz, mhi_cntrl->fbc_image); 497 } 498 499 release_firmware(firmware); 500 501fw_load_ready_state: 502 /* Transitioning into MHI RESET->READY state */ 503 ret = mhi_ready_state_transition(mhi_cntrl); 504 if (ret) { 505 dev_err(dev, "MHI did not enter READY state\n"); 506 goto error_ready_state; 507 } 508 509 dev_info(dev, "Wait for device to enter SBL or Mission mode\n"); 510 return; 511 512error_ready_state: 513 if (mhi_cntrl->fbc_download) { 514 mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image); 515 mhi_cntrl->fbc_image = NULL; 516 } 517 518error_fw_load: 519 write_lock_irq(&mhi_cntrl->pm_lock); 520 new_state = mhi_tryset_pm_state(mhi_cntrl, MHI_PM_FW_DL_ERR); 521 write_unlock_irq(&mhi_cntrl->pm_lock); 522 if (new_state == MHI_PM_FW_DL_ERR) 523 wake_up_all(&mhi_cntrl->state_event); 524} 525 526int mhi_download_amss_image(struct mhi_controller *mhi_cntrl) 527{ 528 struct image_info *image_info = mhi_cntrl->fbc_image; 529 struct device *dev = &mhi_cntrl->mhi_dev->dev; 530 enum mhi_pm_state new_state; 531 int ret; 532 533 if (!image_info) 534 return -EIO; 535 536 ret = mhi_fw_load_bhie(mhi_cntrl, 537 /* Vector table is the last entry */ 538 &image_info->mhi_buf[image_info->entries - 1]); 539 if (ret) { 540 dev_err(dev, "MHI did not load AMSS, ret:%d\n", ret); 541 write_lock_irq(&mhi_cntrl->pm_lock); 542 new_state = mhi_tryset_pm_state(mhi_cntrl, MHI_PM_FW_DL_ERR); 543 write_unlock_irq(&mhi_cntrl->pm_lock); 544 if (new_state == MHI_PM_FW_DL_ERR) 545 wake_up_all(&mhi_cntrl->state_event); 546 } 547 548 return ret; 549} 550