1 /*
2 * Intel Wireless UWB Link 1480
3 * MAC Firmware upload implementation
4 *
5 * Copyright (C) 2005-2006 Intel Corporation
6 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version
10 * 2 as published by the Free Software Foundation.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20 * 02110-1301, USA.
21 *
22 *
23 * Implementation of the code for parsing the firmware file (extract
24 * the headers and binary code chunks) in the fw_*() functions. The
25 * code to upload pre and mac firmwares is the same, so it uses a
26 * common entry point in __mac_fw_upload(), which uses the i1480
27 * function pointers to push the firmware to the device.
28 */
29 #include <linux/delay.h>
30 #include <linux/firmware.h>
31 #include <linux/slab.h>
32 #include <linux/uwb.h>
33 #include "i1480-dfu.h"
34
35 /*
36 * Descriptor for a continuous segment of MAC fw data
37 */
38 struct fw_hdr {
39 unsigned long address;
40 size_t length;
41 const u32 *bin;
42 struct fw_hdr *next;
43 };
44
45
46 /* Free a chain of firmware headers */
47 static
fw_hdrs_free(struct fw_hdr * hdr)48 void fw_hdrs_free(struct fw_hdr *hdr)
49 {
50 struct fw_hdr *next;
51
52 while (hdr) {
53 next = hdr->next;
54 kfree(hdr);
55 hdr = next;
56 }
57 }
58
59
60 /* Fill a firmware header descriptor from a memory buffer */
61 static
fw_hdr_load(struct i1480 * i1480,struct fw_hdr * hdr,unsigned hdr_cnt,const char * _data,const u32 * data_itr,const u32 * data_top)62 int fw_hdr_load(struct i1480 *i1480, struct fw_hdr *hdr, unsigned hdr_cnt,
63 const char *_data, const u32 *data_itr, const u32 *data_top)
64 {
65 size_t hdr_offset = (const char *) data_itr - _data;
66 size_t remaining_size = (void *) data_top - (void *) data_itr;
67 if (data_itr + 2 > data_top) {
68 dev_err(i1480->dev, "fw hdr #%u/%zu: EOF reached in header at "
69 "offset %zu, limit %zu\n",
70 hdr_cnt, hdr_offset,
71 (const char *) data_itr + 2 - _data,
72 (const char *) data_top - _data);
73 return -EINVAL;
74 }
75 hdr->next = NULL;
76 hdr->address = le32_to_cpu(*data_itr++);
77 hdr->length = le32_to_cpu(*data_itr++);
78 hdr->bin = data_itr;
79 if (hdr->length > remaining_size) {
80 dev_err(i1480->dev, "fw hdr #%u/%zu: EOF reached in data; "
81 "chunk too long (%zu bytes), only %zu left\n",
82 hdr_cnt, hdr_offset, hdr->length, remaining_size);
83 return -EINVAL;
84 }
85 return 0;
86 }
87
88
89 /**
90 * Get a buffer where the firmware is supposed to be and create a
91 * chain of headers linking them together.
92 *
93 * @phdr: where to place the pointer to the first header (headers link
94 * to the next via the @hdr->next ptr); need to free the whole
95 * chain when done.
96 *
97 * @_data: Pointer to the data buffer.
98 *
99 * @_data_size: Size of the data buffer (bytes); data size has to be a
100 * multiple of 4. Function will fail if not.
101 *
102 * Goes over the whole binary blob; reads the first chunk and creates
103 * a fw hdr from it (which points to where the data is in @_data and
104 * the length of the chunk); then goes on to the next chunk until
105 * done. Each header is linked to the next.
106 */
107 static
fw_hdrs_load(struct i1480 * i1480,struct fw_hdr ** phdr,const char * _data,size_t data_size)108 int fw_hdrs_load(struct i1480 *i1480, struct fw_hdr **phdr,
109 const char *_data, size_t data_size)
110 {
111 int result;
112 unsigned hdr_cnt = 0;
113 u32 *data = (u32 *) _data, *data_itr, *data_top;
114 struct fw_hdr *hdr, **prev_hdr = phdr;
115
116 result = -EINVAL;
117 /* Check size is ok and pointer is aligned */
118 if (data_size % sizeof(u32) != 0)
119 goto error;
120 if ((unsigned long) _data % sizeof(u16) != 0)
121 goto error;
122 *phdr = NULL;
123 data_itr = data;
124 data_top = (u32 *) (_data + data_size);
125 while (data_itr < data_top) {
126 result = -ENOMEM;
127 hdr = kmalloc(sizeof(*hdr), GFP_KERNEL);
128 if (hdr == NULL) {
129 dev_err(i1480->dev, "Cannot allocate fw header "
130 "for chunk #%u\n", hdr_cnt);
131 goto error_alloc;
132 }
133 result = fw_hdr_load(i1480, hdr, hdr_cnt,
134 _data, data_itr, data_top);
135 if (result < 0)
136 goto error_load;
137 data_itr += 2 + hdr->length;
138 *prev_hdr = hdr;
139 prev_hdr = &hdr->next;
140 hdr_cnt++;
141 };
142 *prev_hdr = NULL;
143 return 0;
144
145 error_load:
146 kfree(hdr);
147 error_alloc:
148 fw_hdrs_free(*phdr);
149 error:
150 return result;
151 }
152
153
154 /**
155 * Compares a chunk of fw with one in the devices's memory
156 *
157 * @i1480: Device instance
158 * @hdr: Pointer to the firmware chunk
159 * @returns: 0 if equal, < 0 errno on error. If > 0, it is the offset
160 * where the difference was found (plus one).
161 *
162 * Kind of dirty and simplistic, but does the trick in both the PCI
163 * and USB version. We do a quick[er] memcmp(), and if it fails, we do
164 * a byte-by-byte to find the offset.
165 */
166 static
i1480_fw_cmp(struct i1480 * i1480,struct fw_hdr * hdr)167 ssize_t i1480_fw_cmp(struct i1480 *i1480, struct fw_hdr *hdr)
168 {
169 ssize_t result = 0;
170 u32 src_itr = 0, cnt;
171 size_t size = hdr->length*sizeof(hdr->bin[0]);
172 size_t chunk_size;
173 u8 *bin = (u8 *) hdr->bin;
174
175 while (size > 0) {
176 chunk_size = size < i1480->buf_size ? size : i1480->buf_size;
177 result = i1480->read(i1480, hdr->address + src_itr, chunk_size);
178 if (result < 0) {
179 dev_err(i1480->dev, "error reading for verification: "
180 "%zd\n", result);
181 goto error;
182 }
183 if (memcmp(i1480->cmd_buf, bin + src_itr, result)) {
184 u8 *buf = i1480->cmd_buf;
185 for (cnt = 0; cnt < result; cnt++)
186 if (bin[src_itr + cnt] != buf[cnt]) {
187 dev_err(i1480->dev, "byte failed at "
188 "src_itr %u cnt %u [0x%02x "
189 "vs 0x%02x]\n", src_itr, cnt,
190 bin[src_itr + cnt], buf[cnt]);
191 result = src_itr + cnt + 1;
192 goto cmp_failed;
193 }
194 }
195 src_itr += result;
196 size -= result;
197 }
198 result = 0;
199 error:
200 cmp_failed:
201 return result;
202 }
203
204
205 /**
206 * Writes firmware headers to the device.
207 *
208 * @prd: PRD instance
209 * @hdr: Processed firmware
210 * @returns: 0 if ok, < 0 errno on error.
211 */
212 static
mac_fw_hdrs_push(struct i1480 * i1480,struct fw_hdr * hdr,const char * fw_name,const char * fw_tag)213 int mac_fw_hdrs_push(struct i1480 *i1480, struct fw_hdr *hdr,
214 const char *fw_name, const char *fw_tag)
215 {
216 struct device *dev = i1480->dev;
217 ssize_t result = 0;
218 struct fw_hdr *hdr_itr;
219 int verif_retry_count;
220
221 /* Now, header by header, push them to the hw */
222 for (hdr_itr = hdr; hdr_itr != NULL; hdr_itr = hdr_itr->next) {
223 verif_retry_count = 0;
224 retry:
225 dev_dbg(dev, "fw chunk (%zu @ 0x%08lx)\n",
226 hdr_itr->length * sizeof(hdr_itr->bin[0]),
227 hdr_itr->address);
228 result = i1480->write(i1480, hdr_itr->address, hdr_itr->bin,
229 hdr_itr->length*sizeof(hdr_itr->bin[0]));
230 if (result < 0) {
231 dev_err(dev, "%s fw '%s': write failed (%zuB @ 0x%lx):"
232 " %zd\n", fw_tag, fw_name,
233 hdr_itr->length * sizeof(hdr_itr->bin[0]),
234 hdr_itr->address, result);
235 break;
236 }
237 result = i1480_fw_cmp(i1480, hdr_itr);
238 if (result < 0) {
239 dev_err(dev, "%s fw '%s': verification read "
240 "failed (%zuB @ 0x%lx): %zd\n",
241 fw_tag, fw_name,
242 hdr_itr->length * sizeof(hdr_itr->bin[0]),
243 hdr_itr->address, result);
244 break;
245 }
246 if (result > 0) { /* Offset where it failed + 1 */
247 result--;
248 dev_err(dev, "%s fw '%s': WARNING: verification "
249 "failed at 0x%lx: retrying\n",
250 fw_tag, fw_name, hdr_itr->address + result);
251 if (++verif_retry_count < 3)
252 goto retry; /* write this block again! */
253 dev_err(dev, "%s fw '%s': verification failed at 0x%lx: "
254 "tried %d times\n", fw_tag, fw_name,
255 hdr_itr->address + result, verif_retry_count);
256 result = -EINVAL;
257 break;
258 }
259 }
260 return result;
261 }
262
263
264 /** Puts the device in firmware upload mode.*/
265 static
mac_fw_upload_enable(struct i1480 * i1480)266 int mac_fw_upload_enable(struct i1480 *i1480)
267 {
268 int result;
269 u32 reg = 0x800000c0;
270 u32 *buffer = (u32 *)i1480->cmd_buf;
271
272 if (i1480->hw_rev > 1)
273 reg = 0x8000d0d4;
274 result = i1480->read(i1480, reg, sizeof(u32));
275 if (result < 0)
276 goto error_cmd;
277 *buffer &= ~i1480_FW_UPLOAD_MODE_MASK;
278 result = i1480->write(i1480, reg, buffer, sizeof(u32));
279 if (result < 0)
280 goto error_cmd;
281 return 0;
282 error_cmd:
283 dev_err(i1480->dev, "can't enable fw upload mode: %d\n", result);
284 return result;
285 }
286
287
288 /** Gets the device out of firmware upload mode. */
289 static
mac_fw_upload_disable(struct i1480 * i1480)290 int mac_fw_upload_disable(struct i1480 *i1480)
291 {
292 int result;
293 u32 reg = 0x800000c0;
294 u32 *buffer = (u32 *)i1480->cmd_buf;
295
296 if (i1480->hw_rev > 1)
297 reg = 0x8000d0d4;
298 result = i1480->read(i1480, reg, sizeof(u32));
299 if (result < 0)
300 goto error_cmd;
301 *buffer |= i1480_FW_UPLOAD_MODE_MASK;
302 result = i1480->write(i1480, reg, buffer, sizeof(u32));
303 if (result < 0)
304 goto error_cmd;
305 return 0;
306 error_cmd:
307 dev_err(i1480->dev, "can't disable fw upload mode: %d\n", result);
308 return result;
309 }
310
311
312
313 /**
314 * Generic function for uploading a MAC firmware.
315 *
316 * @i1480: Device instance
317 * @fw_name: Name of firmware file to upload.
318 * @fw_tag: Name of the firmware type (for messages)
319 * [eg: MAC, PRE]
320 * @do_wait: Wait for device to emit initialization done message (0
321 * for PRE fws, 1 for MAC fws).
322 * @returns: 0 if ok, < 0 errno on error.
323 */
324 static
__mac_fw_upload(struct i1480 * i1480,const char * fw_name,const char * fw_tag)325 int __mac_fw_upload(struct i1480 *i1480, const char *fw_name,
326 const char *fw_tag)
327 {
328 int result;
329 const struct firmware *fw;
330 struct fw_hdr *fw_hdrs;
331
332 result = request_firmware(&fw, fw_name, i1480->dev);
333 if (result < 0) /* Up to caller to complain on -ENOENT */
334 goto out;
335 result = fw_hdrs_load(i1480, &fw_hdrs, fw->data, fw->size);
336 if (result < 0) {
337 dev_err(i1480->dev, "%s fw '%s': failed to parse firmware "
338 "file: %d\n", fw_tag, fw_name, result);
339 goto out_release;
340 }
341 result = mac_fw_upload_enable(i1480);
342 if (result < 0)
343 goto out_hdrs_release;
344 result = mac_fw_hdrs_push(i1480, fw_hdrs, fw_name, fw_tag);
345 mac_fw_upload_disable(i1480);
346 out_hdrs_release:
347 if (result >= 0)
348 dev_info(i1480->dev, "%s fw '%s': uploaded\n", fw_tag, fw_name);
349 else
350 dev_err(i1480->dev, "%s fw '%s': failed to upload (%d), "
351 "power cycle device\n", fw_tag, fw_name, result);
352 fw_hdrs_free(fw_hdrs);
353 out_release:
354 release_firmware(fw);
355 out:
356 return result;
357 }
358
359
360 /**
361 * Upload a pre-PHY firmware
362 *
363 */
i1480_pre_fw_upload(struct i1480 * i1480)364 int i1480_pre_fw_upload(struct i1480 *i1480)
365 {
366 int result;
367 result = __mac_fw_upload(i1480, i1480->pre_fw_name, "PRE");
368 if (result == 0)
369 msleep(400);
370 return result;
371 }
372
373
374 /**
375 * Reset a the MAC and PHY
376 *
377 * @i1480: Device's instance
378 * @returns: 0 if ok, < 0 errno code on error
379 *
380 * We put the command on kmalloc'ed memory as some arches cannot do
381 * USB from the stack. The reply event is copied from an stage buffer,
382 * so it can be in the stack. See WUSB1.0[8.6.2.4] for more details.
383 *
384 * We issue the reset to make sure the UWB controller reinits the PHY;
385 * this way we can now if the PHY init went ok.
386 */
387 static
i1480_cmd_reset(struct i1480 * i1480)388 int i1480_cmd_reset(struct i1480 *i1480)
389 {
390 int result;
391 struct uwb_rccb *cmd = (void *) i1480->cmd_buf;
392 struct i1480_evt_reset {
393 struct uwb_rceb rceb;
394 u8 bResultCode;
395 } __attribute__((packed)) *reply = (void *) i1480->evt_buf;
396
397 result = -ENOMEM;
398 cmd->bCommandType = UWB_RC_CET_GENERAL;
399 cmd->wCommand = cpu_to_le16(UWB_RC_CMD_RESET);
400 reply->rceb.bEventType = UWB_RC_CET_GENERAL;
401 reply->rceb.wEvent = UWB_RC_CMD_RESET;
402 result = i1480_cmd(i1480, "RESET", sizeof(*cmd), sizeof(*reply));
403 if (result < 0)
404 goto out;
405 if (reply->bResultCode != UWB_RC_RES_SUCCESS) {
406 dev_err(i1480->dev, "RESET: command execution failed: %u\n",
407 reply->bResultCode);
408 result = -EIO;
409 }
410 out:
411 return result;
412
413 }
414
415
416 /* Wait for the MAC FW to start running */
417 static
i1480_fw_is_running_q(struct i1480 * i1480)418 int i1480_fw_is_running_q(struct i1480 *i1480)
419 {
420 int cnt = 0;
421 int result;
422 u32 *val = (u32 *) i1480->cmd_buf;
423
424 for (cnt = 0; cnt < 10; cnt++) {
425 msleep(100);
426 result = i1480->read(i1480, 0x80080000, 4);
427 if (result < 0) {
428 dev_err(i1480->dev, "Can't read 0x8008000: %d\n", result);
429 goto out;
430 }
431 if (*val == 0x55555555UL) /* fw running? cool */
432 goto out;
433 }
434 dev_err(i1480->dev, "Timed out waiting for fw to start\n");
435 result = -ETIMEDOUT;
436 out:
437 return result;
438
439 }
440
441
442 /**
443 * Upload MAC firmware, wait for it to start
444 *
445 * @i1480: Device instance
446 * @fw_name: Name of the file that contains the firmware
447 *
448 * This has to be called after the pre fw has been uploaded (if
449 * there is any).
450 */
i1480_mac_fw_upload(struct i1480 * i1480)451 int i1480_mac_fw_upload(struct i1480 *i1480)
452 {
453 int result = 0, deprecated_name = 0;
454 struct i1480_rceb *rcebe = (void *) i1480->evt_buf;
455
456 result = __mac_fw_upload(i1480, i1480->mac_fw_name, "MAC");
457 if (result == -ENOENT) {
458 result = __mac_fw_upload(i1480, i1480->mac_fw_name_deprecate,
459 "MAC");
460 deprecated_name = 1;
461 }
462 if (result < 0)
463 return result;
464 if (deprecated_name == 1)
465 dev_warn(i1480->dev,
466 "WARNING: firmware file name %s is deprecated, "
467 "please rename to %s\n",
468 i1480->mac_fw_name_deprecate, i1480->mac_fw_name);
469 result = i1480_fw_is_running_q(i1480);
470 if (result < 0)
471 goto error_fw_not_running;
472 result = i1480->rc_setup ? i1480->rc_setup(i1480) : 0;
473 if (result < 0) {
474 dev_err(i1480->dev, "Cannot setup after MAC fw upload: %d\n",
475 result);
476 goto error_setup;
477 }
478 result = i1480->wait_init_done(i1480); /* wait init'on */
479 if (result < 0) {
480 dev_err(i1480->dev, "MAC fw '%s': Initialization timed out "
481 "(%d)\n", i1480->mac_fw_name, result);
482 goto error_init_timeout;
483 }
484 /* verify we got the right initialization done event */
485 if (i1480->evt_result != sizeof(*rcebe)) {
486 dev_err(i1480->dev, "MAC fw '%s': initialization event returns "
487 "wrong size (%zu bytes vs %zu needed)\n",
488 i1480->mac_fw_name, i1480->evt_result, sizeof(*rcebe));
489 goto error_size;
490 }
491 result = -EIO;
492 if (i1480_rceb_check(i1480, &rcebe->rceb, NULL, 0, i1480_CET_VS1,
493 i1480_EVT_RM_INIT_DONE) < 0) {
494 dev_err(i1480->dev, "wrong initialization event 0x%02x/%04x/%02x "
495 "received; expected 0x%02x/%04x/00\n",
496 rcebe->rceb.bEventType, le16_to_cpu(rcebe->rceb.wEvent),
497 rcebe->rceb.bEventContext, i1480_CET_VS1,
498 i1480_EVT_RM_INIT_DONE);
499 goto error_init_timeout;
500 }
501 result = i1480_cmd_reset(i1480);
502 if (result < 0)
503 dev_err(i1480->dev, "MAC fw '%s': MBOA reset failed (%d)\n",
504 i1480->mac_fw_name, result);
505 error_fw_not_running:
506 error_init_timeout:
507 error_size:
508 error_setup:
509 return result;
510 }
511