1/* 2 * Intel Wireless UWB Link 1480 3 * MAC Firmware upload implementation 4 * 5 * Copyright (C) 2005-2006 Intel Corporation 6 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com> 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License version 10 * 2 as published by the Free Software Foundation. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 20 * 02110-1301, USA. 21 * 22 * 23 * Implementation of the code for parsing the firmware file (extract 24 * the headers and binary code chunks) in the fw_*() functions. The 25 * code to upload pre and mac firmwares is the same, so it uses a 26 * common entry point in __mac_fw_upload(), which uses the i1480 27 * function pointers to push the firmware to the device. 28 */ 29#include <linux/delay.h> 30#include <linux/firmware.h> 31#include <linux/slab.h> 32#include <linux/uwb.h> 33#include "i1480-dfu.h" 34 35/* 36 * Descriptor for a continuous segment of MAC fw data 37 */ 38struct fw_hdr { 39 unsigned long address; 40 size_t length; 41 const u32 *bin; 42 struct fw_hdr *next; 43}; 44 45 46/* Free a chain of firmware headers */ 47static 48void fw_hdrs_free(struct fw_hdr *hdr) 49{ 50 struct fw_hdr *next; 51 52 while (hdr) { 53 next = hdr->next; 54 kfree(hdr); 55 hdr = next; 56 } 57} 58 59 60/* Fill a firmware header descriptor from a memory buffer */ 61static 62int fw_hdr_load(struct i1480 *i1480, struct fw_hdr *hdr, unsigned hdr_cnt, 63 const char *_data, const u32 *data_itr, const u32 *data_top) 64{ 65 size_t hdr_offset = (const char *) data_itr - _data; 66 size_t remaining_size = (void *) data_top - (void *) data_itr; 67 if (data_itr + 2 > data_top) { 68 dev_err(i1480->dev, "fw hdr #%u/%zu: EOF reached in header at " 69 "offset %zu, limit %zu\n", 70 hdr_cnt, hdr_offset, 71 (const char *) data_itr + 2 - _data, 72 (const char *) data_top - _data); 73 return -EINVAL; 74 } 75 hdr->next = NULL; 76 hdr->address = le32_to_cpu(*data_itr++); 77 hdr->length = le32_to_cpu(*data_itr++); 78 hdr->bin = data_itr; 79 if (hdr->length > remaining_size) { 80 dev_err(i1480->dev, "fw hdr #%u/%zu: EOF reached in data; " 81 "chunk too long (%zu bytes), only %zu left\n", 82 hdr_cnt, hdr_offset, hdr->length, remaining_size); 83 return -EINVAL; 84 } 85 return 0; 86} 87 88 89/** 90 * Get a buffer where the firmware is supposed to be and create a 91 * chain of headers linking them together. 92 * 93 * @phdr: where to place the pointer to the first header (headers link 94 * to the next via the @hdr->next ptr); need to free the whole 95 * chain when done. 96 * 97 * @_data: Pointer to the data buffer. 98 * 99 * @_data_size: Size of the data buffer (bytes); data size has to be a 100 * multiple of 4. Function will fail if not. 101 * 102 * Goes over the whole binary blob; reads the first chunk and creates 103 * a fw hdr from it (which points to where the data is in @_data and 104 * the length of the chunk); then goes on to the next chunk until 105 * done. Each header is linked to the next. 106 */ 107static 108int fw_hdrs_load(struct i1480 *i1480, struct fw_hdr **phdr, 109 const char *_data, size_t data_size) 110{ 111 int result; 112 unsigned hdr_cnt = 0; 113 u32 *data = (u32 *) _data, *data_itr, *data_top; 114 struct fw_hdr *hdr, **prev_hdr = phdr; 115 116 result = -EINVAL; 117 /* Check size is ok and pointer is aligned */ 118 if (data_size % sizeof(u32) != 0) 119 goto error; 120 if ((unsigned long) _data % sizeof(u16) != 0) 121 goto error; 122 *phdr = NULL; 123 data_itr = data; 124 data_top = (u32 *) (_data + data_size); 125 while (data_itr < data_top) { 126 result = -ENOMEM; 127 hdr = kmalloc(sizeof(*hdr), GFP_KERNEL); 128 if (hdr == NULL) { 129 dev_err(i1480->dev, "Cannot allocate fw header " 130 "for chunk #%u\n", hdr_cnt); 131 goto error_alloc; 132 } 133 result = fw_hdr_load(i1480, hdr, hdr_cnt, 134 _data, data_itr, data_top); 135 if (result < 0) 136 goto error_load; 137 data_itr += 2 + hdr->length; 138 *prev_hdr = hdr; 139 prev_hdr = &hdr->next; 140 hdr_cnt++; 141 }; 142 *prev_hdr = NULL; 143 return 0; 144 145error_load: 146 kfree(hdr); 147error_alloc: 148 fw_hdrs_free(*phdr); 149error: 150 return result; 151} 152 153 154/** 155 * Compares a chunk of fw with one in the devices's memory 156 * 157 * @i1480: Device instance 158 * @hdr: Pointer to the firmware chunk 159 * @returns: 0 if equal, < 0 errno on error. If > 0, it is the offset 160 * where the difference was found (plus one). 161 * 162 * Kind of dirty and simplistic, but does the trick in both the PCI 163 * and USB version. We do a quick[er] memcmp(), and if it fails, we do 164 * a byte-by-byte to find the offset. 165 */ 166static 167ssize_t i1480_fw_cmp(struct i1480 *i1480, struct fw_hdr *hdr) 168{ 169 ssize_t result = 0; 170 u32 src_itr = 0, cnt; 171 size_t size = hdr->length*sizeof(hdr->bin[0]); 172 size_t chunk_size; 173 u8 *bin = (u8 *) hdr->bin; 174 175 while (size > 0) { 176 chunk_size = size < i1480->buf_size ? size : i1480->buf_size; 177 result = i1480->read(i1480, hdr->address + src_itr, chunk_size); 178 if (result < 0) { 179 dev_err(i1480->dev, "error reading for verification: " 180 "%zd\n", result); 181 goto error; 182 } 183 if (memcmp(i1480->cmd_buf, bin + src_itr, result)) { 184 u8 *buf = i1480->cmd_buf; 185 for (cnt = 0; cnt < result; cnt++) 186 if (bin[src_itr + cnt] != buf[cnt]) { 187 dev_err(i1480->dev, "byte failed at " 188 "src_itr %u cnt %u [0x%02x " 189 "vs 0x%02x]\n", src_itr, cnt, 190 bin[src_itr + cnt], buf[cnt]); 191 result = src_itr + cnt + 1; 192 goto cmp_failed; 193 } 194 } 195 src_itr += result; 196 size -= result; 197 } 198 result = 0; 199error: 200cmp_failed: 201 return result; 202} 203 204 205/** 206 * Writes firmware headers to the device. 207 * 208 * @prd: PRD instance 209 * @hdr: Processed firmware 210 * @returns: 0 if ok, < 0 errno on error. 211 */ 212static 213int mac_fw_hdrs_push(struct i1480 *i1480, struct fw_hdr *hdr, 214 const char *fw_name, const char *fw_tag) 215{ 216 struct device *dev = i1480->dev; 217 ssize_t result = 0; 218 struct fw_hdr *hdr_itr; 219 int verif_retry_count; 220 221 /* Now, header by header, push them to the hw */ 222 for (hdr_itr = hdr; hdr_itr != NULL; hdr_itr = hdr_itr->next) { 223 verif_retry_count = 0; 224retry: 225 dev_dbg(dev, "fw chunk (%zu @ 0x%08lx)\n", 226 hdr_itr->length * sizeof(hdr_itr->bin[0]), 227 hdr_itr->address); 228 result = i1480->write(i1480, hdr_itr->address, hdr_itr->bin, 229 hdr_itr->length*sizeof(hdr_itr->bin[0])); 230 if (result < 0) { 231 dev_err(dev, "%s fw '%s': write failed (%zuB @ 0x%lx):" 232 " %zd\n", fw_tag, fw_name, 233 hdr_itr->length * sizeof(hdr_itr->bin[0]), 234 hdr_itr->address, result); 235 break; 236 } 237 result = i1480_fw_cmp(i1480, hdr_itr); 238 if (result < 0) { 239 dev_err(dev, "%s fw '%s': verification read " 240 "failed (%zuB @ 0x%lx): %zd\n", 241 fw_tag, fw_name, 242 hdr_itr->length * sizeof(hdr_itr->bin[0]), 243 hdr_itr->address, result); 244 break; 245 } 246 if (result > 0) { /* Offset where it failed + 1 */ 247 result--; 248 dev_err(dev, "%s fw '%s': WARNING: verification " 249 "failed at 0x%lx: retrying\n", 250 fw_tag, fw_name, hdr_itr->address + result); 251 if (++verif_retry_count < 3) 252 goto retry; /* write this block again! */ 253 dev_err(dev, "%s fw '%s': verification failed at 0x%lx: " 254 "tried %d times\n", fw_tag, fw_name, 255 hdr_itr->address + result, verif_retry_count); 256 result = -EINVAL; 257 break; 258 } 259 } 260 return result; 261} 262 263 264/** Puts the device in firmware upload mode.*/ 265static 266int mac_fw_upload_enable(struct i1480 *i1480) 267{ 268 int result; 269 u32 reg = 0x800000c0; 270 u32 *buffer = (u32 *)i1480->cmd_buf; 271 272 if (i1480->hw_rev > 1) 273 reg = 0x8000d0d4; 274 result = i1480->read(i1480, reg, sizeof(u32)); 275 if (result < 0) 276 goto error_cmd; 277 *buffer &= ~i1480_FW_UPLOAD_MODE_MASK; 278 result = i1480->write(i1480, reg, buffer, sizeof(u32)); 279 if (result < 0) 280 goto error_cmd; 281 return 0; 282error_cmd: 283 dev_err(i1480->dev, "can't enable fw upload mode: %d\n", result); 284 return result; 285} 286 287 288/** Gets the device out of firmware upload mode. */ 289static 290int mac_fw_upload_disable(struct i1480 *i1480) 291{ 292 int result; 293 u32 reg = 0x800000c0; 294 u32 *buffer = (u32 *)i1480->cmd_buf; 295 296 if (i1480->hw_rev > 1) 297 reg = 0x8000d0d4; 298 result = i1480->read(i1480, reg, sizeof(u32)); 299 if (result < 0) 300 goto error_cmd; 301 *buffer |= i1480_FW_UPLOAD_MODE_MASK; 302 result = i1480->write(i1480, reg, buffer, sizeof(u32)); 303 if (result < 0) 304 goto error_cmd; 305 return 0; 306error_cmd: 307 dev_err(i1480->dev, "can't disable fw upload mode: %d\n", result); 308 return result; 309} 310 311 312 313/** 314 * Generic function for uploading a MAC firmware. 315 * 316 * @i1480: Device instance 317 * @fw_name: Name of firmware file to upload. 318 * @fw_tag: Name of the firmware type (for messages) 319 * [eg: MAC, PRE] 320 * @do_wait: Wait for device to emit initialization done message (0 321 * for PRE fws, 1 for MAC fws). 322 * @returns: 0 if ok, < 0 errno on error. 323 */ 324static 325int __mac_fw_upload(struct i1480 *i1480, const char *fw_name, 326 const char *fw_tag) 327{ 328 int result; 329 const struct firmware *fw; 330 struct fw_hdr *fw_hdrs; 331 332 result = request_firmware(&fw, fw_name, i1480->dev); 333 if (result < 0) /* Up to caller to complain on -ENOENT */ 334 goto out; 335 result = fw_hdrs_load(i1480, &fw_hdrs, fw->data, fw->size); 336 if (result < 0) { 337 dev_err(i1480->dev, "%s fw '%s': failed to parse firmware " 338 "file: %d\n", fw_tag, fw_name, result); 339 goto out_release; 340 } 341 result = mac_fw_upload_enable(i1480); 342 if (result < 0) 343 goto out_hdrs_release; 344 result = mac_fw_hdrs_push(i1480, fw_hdrs, fw_name, fw_tag); 345 mac_fw_upload_disable(i1480); 346out_hdrs_release: 347 if (result >= 0) 348 dev_info(i1480->dev, "%s fw '%s': uploaded\n", fw_tag, fw_name); 349 else 350 dev_err(i1480->dev, "%s fw '%s': failed to upload (%d), " 351 "power cycle device\n", fw_tag, fw_name, result); 352 fw_hdrs_free(fw_hdrs); 353out_release: 354 release_firmware(fw); 355out: 356 return result; 357} 358 359 360/** 361 * Upload a pre-PHY firmware 362 * 363 */ 364int i1480_pre_fw_upload(struct i1480 *i1480) 365{ 366 int result; 367 result = __mac_fw_upload(i1480, i1480->pre_fw_name, "PRE"); 368 if (result == 0) 369 msleep(400); 370 return result; 371} 372 373 374/** 375 * Reset a the MAC and PHY 376 * 377 * @i1480: Device's instance 378 * @returns: 0 if ok, < 0 errno code on error 379 * 380 * We put the command on kmalloc'ed memory as some arches cannot do 381 * USB from the stack. The reply event is copied from an stage buffer, 382 * so it can be in the stack. See WUSB1.0[8.6.2.4] for more details. 383 * 384 * We issue the reset to make sure the UWB controller reinits the PHY; 385 * this way we can now if the PHY init went ok. 386 */ 387static 388int i1480_cmd_reset(struct i1480 *i1480) 389{ 390 int result; 391 struct uwb_rccb *cmd = (void *) i1480->cmd_buf; 392 struct i1480_evt_reset { 393 struct uwb_rceb rceb; 394 u8 bResultCode; 395 } __attribute__((packed)) *reply = (void *) i1480->evt_buf; 396 397 result = -ENOMEM; 398 cmd->bCommandType = UWB_RC_CET_GENERAL; 399 cmd->wCommand = cpu_to_le16(UWB_RC_CMD_RESET); 400 reply->rceb.bEventType = UWB_RC_CET_GENERAL; 401 reply->rceb.wEvent = UWB_RC_CMD_RESET; 402 result = i1480_cmd(i1480, "RESET", sizeof(*cmd), sizeof(*reply)); 403 if (result < 0) 404 goto out; 405 if (reply->bResultCode != UWB_RC_RES_SUCCESS) { 406 dev_err(i1480->dev, "RESET: command execution failed: %u\n", 407 reply->bResultCode); 408 result = -EIO; 409 } 410out: 411 return result; 412 413} 414 415 416/* Wait for the MAC FW to start running */ 417static 418int i1480_fw_is_running_q(struct i1480 *i1480) 419{ 420 int cnt = 0; 421 int result; 422 u32 *val = (u32 *) i1480->cmd_buf; 423 424 for (cnt = 0; cnt < 10; cnt++) { 425 msleep(100); 426 result = i1480->read(i1480, 0x80080000, 4); 427 if (result < 0) { 428 dev_err(i1480->dev, "Can't read 0x8008000: %d\n", result); 429 goto out; 430 } 431 if (*val == 0x55555555UL) /* fw running? cool */ 432 goto out; 433 } 434 dev_err(i1480->dev, "Timed out waiting for fw to start\n"); 435 result = -ETIMEDOUT; 436out: 437 return result; 438 439} 440 441 442/** 443 * Upload MAC firmware, wait for it to start 444 * 445 * @i1480: Device instance 446 * @fw_name: Name of the file that contains the firmware 447 * 448 * This has to be called after the pre fw has been uploaded (if 449 * there is any). 450 */ 451int i1480_mac_fw_upload(struct i1480 *i1480) 452{ 453 int result = 0, deprecated_name = 0; 454 struct i1480_rceb *rcebe = (void *) i1480->evt_buf; 455 456 result = __mac_fw_upload(i1480, i1480->mac_fw_name, "MAC"); 457 if (result == -ENOENT) { 458 result = __mac_fw_upload(i1480, i1480->mac_fw_name_deprecate, 459 "MAC"); 460 deprecated_name = 1; 461 } 462 if (result < 0) 463 return result; 464 if (deprecated_name == 1) 465 dev_warn(i1480->dev, 466 "WARNING: firmware file name %s is deprecated, " 467 "please rename to %s\n", 468 i1480->mac_fw_name_deprecate, i1480->mac_fw_name); 469 result = i1480_fw_is_running_q(i1480); 470 if (result < 0) 471 goto error_fw_not_running; 472 result = i1480->rc_setup ? i1480->rc_setup(i1480) : 0; 473 if (result < 0) { 474 dev_err(i1480->dev, "Cannot setup after MAC fw upload: %d\n", 475 result); 476 goto error_setup; 477 } 478 result = i1480->wait_init_done(i1480); /* wait init'on */ 479 if (result < 0) { 480 dev_err(i1480->dev, "MAC fw '%s': Initialization timed out " 481 "(%d)\n", i1480->mac_fw_name, result); 482 goto error_init_timeout; 483 } 484 /* verify we got the right initialization done event */ 485 if (i1480->evt_result != sizeof(*rcebe)) { 486 dev_err(i1480->dev, "MAC fw '%s': initialization event returns " 487 "wrong size (%zu bytes vs %zu needed)\n", 488 i1480->mac_fw_name, i1480->evt_result, sizeof(*rcebe)); 489 goto error_size; 490 } 491 result = -EIO; 492 if (i1480_rceb_check(i1480, &rcebe->rceb, NULL, 0, i1480_CET_VS1, 493 i1480_EVT_RM_INIT_DONE) < 0) { 494 dev_err(i1480->dev, "wrong initialization event 0x%02x/%04x/%02x " 495 "received; expected 0x%02x/%04x/00\n", 496 rcebe->rceb.bEventType, le16_to_cpu(rcebe->rceb.wEvent), 497 rcebe->rceb.bEventContext, i1480_CET_VS1, 498 i1480_EVT_RM_INIT_DONE); 499 goto error_init_timeout; 500 } 501 result = i1480_cmd_reset(i1480); 502 if (result < 0) 503 dev_err(i1480->dev, "MAC fw '%s': MBOA reset failed (%d)\n", 504 i1480->mac_fw_name, result); 505error_fw_not_running: 506error_init_timeout: 507error_size: 508error_setup: 509 return result; 510} 511