1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
7 #include <linux/delay.h>
8 #include <linux/device.h>
9 #include <linux/dma-direction.h>
10 #include <linux/dma-mapping.h>
11 #include <linux/firmware.h>
12 #include <linux/interrupt.h>
13 #include <linux/list.h>
14 #include <linux/mhi.h>
15 #include <linux/module.h>
16 #include <linux/random.h>
17 #include <linux/slab.h>
18 #include <linux/wait.h>
21 /* Setup RDDM vector table for RDDM transfer and program RXVEC */
22 int mhi_rddm_prepare(struct mhi_controller *mhi_cntrl,
23 struct image_info *img_info)
25 struct mhi_buf *mhi_buf = img_info->mhi_buf;
26 struct bhi_vec_entry *bhi_vec = img_info->bhi_vec;
27 void __iomem *base = mhi_cntrl->bhie;
28 struct device *dev = &mhi_cntrl->mhi_dev->dev;
33 for (i = 0; i < img_info->entries - 1; i++, mhi_buf++, bhi_vec++) {
34 bhi_vec->dma_addr = mhi_buf->dma_addr;
35 bhi_vec->size = mhi_buf->len;
38 dev_dbg(dev, "BHIe programming for RDDM\n");
40 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECADDR_HIGH_OFFS,
41 upper_32_bits(mhi_buf->dma_addr));
43 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECADDR_LOW_OFFS,
44 lower_32_bits(mhi_buf->dma_addr));
46 mhi_write_reg(mhi_cntrl, base, BHIE_RXVECSIZE_OFFS, mhi_buf->len);
47 sequence_id = MHI_RANDOM_U32_NONZERO(BHIE_RXVECSTATUS_SEQNUM_BMSK);
49 ret = mhi_write_reg_field(mhi_cntrl, base, BHIE_RXVECDB_OFFS,
50 BHIE_RXVECDB_SEQNUM_BMSK, sequence_id);
52 dev_err(dev, "Failed to write sequence ID for BHIE_RXVECDB\n");
56 dev_dbg(dev, "Address: %p and len: 0x%zx sequence: %u\n",
57 &mhi_buf->dma_addr, mhi_buf->len, sequence_id);
62 /* Collect RDDM buffer during kernel panic */
63 static int __mhi_download_rddm_in_panic(struct mhi_controller *mhi_cntrl)
68 const u32 delayus = 2000;
69 u32 retry = (mhi_cntrl->timeout_ms * 1000) / delayus;
70 const u32 rddm_timeout_us = 200000;
71 int rddm_retry = rddm_timeout_us / delayus;
72 void __iomem *base = mhi_cntrl->bhie;
73 struct device *dev = &mhi_cntrl->mhi_dev->dev;
75 dev_dbg(dev, "Entered with pm_state:%s dev_state:%s ee:%s\n",
76 to_mhi_pm_state_str(mhi_cntrl->pm_state),
77 mhi_state_str(mhi_cntrl->dev_state),
78 TO_MHI_EXEC_STR(mhi_cntrl->ee));
81 * This should only be executing during a kernel panic, we expect all
82 * other cores to shutdown while we're collecting RDDM buffer. After
83 * returning from this function, we expect the device to reset.
85 * Normaly, we read/write pm_state only after grabbing the
86 * pm_lock, since we're in a panic, skipping it. Also there is no
87 * gurantee that this state change would take effect since
88 * we're setting it w/o grabbing pm_lock
90 mhi_cntrl->pm_state = MHI_PM_LD_ERR_FATAL_DETECT;
91 /* update should take the effect immediately */
95 * Make sure device is not already in RDDM. In case the device asserts
96 * and a kernel panic follows, device will already be in RDDM.
97 * Do not trigger SYS ERR again and proceed with waiting for
98 * image download completion.
100 ee = mhi_get_exec_env(mhi_cntrl);
101 if (ee == MHI_EE_MAX)
102 goto error_exit_rddm;
104 if (ee != MHI_EE_RDDM) {
105 dev_dbg(dev, "Trigger device into RDDM mode using SYS ERR\n");
106 mhi_set_mhi_state(mhi_cntrl, MHI_STATE_SYS_ERR);
108 dev_dbg(dev, "Waiting for device to enter RDDM\n");
109 while (rddm_retry--) {
110 ee = mhi_get_exec_env(mhi_cntrl);
111 if (ee == MHI_EE_RDDM)
117 if (rddm_retry <= 0) {
118 /* Hardware reset so force device to enter RDDM */
120 "Did not enter RDDM, do a host req reset\n");
121 mhi_soc_reset(mhi_cntrl);
125 ee = mhi_get_exec_env(mhi_cntrl);
129 "Waiting for RDDM image download via BHIe, current EE:%s\n",
130 TO_MHI_EXEC_STR(ee));
133 ret = mhi_read_reg_field(mhi_cntrl, base, BHIE_RXVECSTATUS_OFFS,
134 BHIE_RXVECSTATUS_STATUS_BMSK, &rx_status);
138 if (rx_status == BHIE_RXVECSTATUS_STATUS_XFER_COMPL)
144 ee = mhi_get_exec_env(mhi_cntrl);
145 ret = mhi_read_reg(mhi_cntrl, base, BHIE_RXVECSTATUS_OFFS, &rx_status);
147 dev_err(dev, "RXVEC_STATUS: 0x%x\n", rx_status);
150 dev_err(dev, "RDDM transfer failed. Current EE: %s\n",
151 TO_MHI_EXEC_STR(ee));
156 /* Download RDDM image from device */
157 int mhi_download_rddm_image(struct mhi_controller *mhi_cntrl, bool in_panic)
159 void __iomem *base = mhi_cntrl->bhie;
160 struct device *dev = &mhi_cntrl->mhi_dev->dev;
164 return __mhi_download_rddm_in_panic(mhi_cntrl);
166 dev_dbg(dev, "Waiting for RDDM image download via BHIe\n");
168 /* Wait for the image download to complete */
169 wait_event_timeout(mhi_cntrl->state_event,
170 mhi_read_reg_field(mhi_cntrl, base,
171 BHIE_RXVECSTATUS_OFFS,
172 BHIE_RXVECSTATUS_STATUS_BMSK,
173 &rx_status) || rx_status,
174 msecs_to_jiffies(mhi_cntrl->timeout_ms));
176 return (rx_status == BHIE_RXVECSTATUS_STATUS_XFER_COMPL) ? 0 : -EIO;
178 EXPORT_SYMBOL_GPL(mhi_download_rddm_image);
180 static int mhi_fw_load_bhie(struct mhi_controller *mhi_cntrl,
181 const struct mhi_buf *mhi_buf)
183 void __iomem *base = mhi_cntrl->bhie;
184 struct device *dev = &mhi_cntrl->mhi_dev->dev;
185 rwlock_t *pm_lock = &mhi_cntrl->pm_lock;
186 u32 tx_status, sequence_id;
189 read_lock_bh(pm_lock);
190 if (!MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) {
191 read_unlock_bh(pm_lock);
195 sequence_id = MHI_RANDOM_U32_NONZERO(BHIE_TXVECSTATUS_SEQNUM_BMSK);
196 dev_dbg(dev, "Starting image download via BHIe. Sequence ID: %u\n",
198 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECADDR_HIGH_OFFS,
199 upper_32_bits(mhi_buf->dma_addr));
201 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECADDR_LOW_OFFS,
202 lower_32_bits(mhi_buf->dma_addr));
204 mhi_write_reg(mhi_cntrl, base, BHIE_TXVECSIZE_OFFS, mhi_buf->len);
206 ret = mhi_write_reg_field(mhi_cntrl, base, BHIE_TXVECDB_OFFS,
207 BHIE_TXVECDB_SEQNUM_BMSK, sequence_id);
208 read_unlock_bh(pm_lock);
213 /* Wait for the image download to complete */
214 ret = wait_event_timeout(mhi_cntrl->state_event,
215 MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) ||
216 mhi_read_reg_field(mhi_cntrl, base,
217 BHIE_TXVECSTATUS_OFFS,
218 BHIE_TXVECSTATUS_STATUS_BMSK,
219 &tx_status) || tx_status,
220 msecs_to_jiffies(mhi_cntrl->timeout_ms));
221 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) ||
222 tx_status != BHIE_TXVECSTATUS_STATUS_XFER_COMPL)
225 return (!ret) ? -ETIMEDOUT : 0;
228 static int mhi_fw_load_bhi(struct mhi_controller *mhi_cntrl,
232 u32 tx_status, val, session_id;
234 void __iomem *base = mhi_cntrl->bhi;
235 rwlock_t *pm_lock = &mhi_cntrl->pm_lock;
236 struct device *dev = &mhi_cntrl->mhi_dev->dev;
241 { "ERROR_CODE", BHI_ERRCODE },
242 { "ERROR_DBG1", BHI_ERRDBG1 },
243 { "ERROR_DBG2", BHI_ERRDBG2 },
244 { "ERROR_DBG3", BHI_ERRDBG3 },
248 read_lock_bh(pm_lock);
249 if (!MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) {
250 read_unlock_bh(pm_lock);
251 goto invalid_pm_state;
254 session_id = MHI_RANDOM_U32_NONZERO(BHI_TXDB_SEQNUM_BMSK);
255 dev_dbg(dev, "Starting image download via BHI. Session ID: %u\n",
257 mhi_write_reg(mhi_cntrl, base, BHI_STATUS, 0);
258 mhi_write_reg(mhi_cntrl, base, BHI_IMGADDR_HIGH,
259 upper_32_bits(dma_addr));
260 mhi_write_reg(mhi_cntrl, base, BHI_IMGADDR_LOW,
261 lower_32_bits(dma_addr));
262 mhi_write_reg(mhi_cntrl, base, BHI_IMGSIZE, size);
263 mhi_write_reg(mhi_cntrl, base, BHI_IMGTXDB, session_id);
264 read_unlock_bh(pm_lock);
266 /* Wait for the image download to complete */
267 ret = wait_event_timeout(mhi_cntrl->state_event,
268 MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state) ||
269 mhi_read_reg_field(mhi_cntrl, base, BHI_STATUS,
270 BHI_STATUS_MASK, &tx_status) || tx_status,
271 msecs_to_jiffies(mhi_cntrl->timeout_ms));
272 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state))
273 goto invalid_pm_state;
275 if (tx_status == BHI_STATUS_ERROR) {
276 dev_err(dev, "Image transfer failed\n");
277 read_lock_bh(pm_lock);
278 if (MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) {
279 for (i = 0; error_reg[i].name; i++) {
280 ret = mhi_read_reg(mhi_cntrl, base,
281 error_reg[i].offset, &val);
284 dev_err(dev, "Reg: %s value: 0x%x\n",
285 error_reg[i].name, val);
288 read_unlock_bh(pm_lock);
289 goto invalid_pm_state;
292 return (!ret) ? -ETIMEDOUT : 0;
299 void mhi_free_bhie_table(struct mhi_controller *mhi_cntrl,
300 struct image_info *image_info)
303 struct mhi_buf *mhi_buf = image_info->mhi_buf;
305 for (i = 0; i < image_info->entries; i++, mhi_buf++)
306 dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len,
307 mhi_buf->buf, mhi_buf->dma_addr);
309 kfree(image_info->mhi_buf);
313 int mhi_alloc_bhie_table(struct mhi_controller *mhi_cntrl,
314 struct image_info **image_info,
317 size_t seg_size = mhi_cntrl->seg_len;
318 int segments = DIV_ROUND_UP(alloc_size, seg_size) + 1;
320 struct image_info *img_info;
321 struct mhi_buf *mhi_buf;
323 img_info = kzalloc(sizeof(*img_info), GFP_KERNEL);
327 /* Allocate memory for entries */
328 img_info->mhi_buf = kcalloc(segments, sizeof(*img_info->mhi_buf),
330 if (!img_info->mhi_buf)
331 goto error_alloc_mhi_buf;
333 /* Allocate and populate vector table */
334 mhi_buf = img_info->mhi_buf;
335 for (i = 0; i < segments; i++, mhi_buf++) {
336 size_t vec_size = seg_size;
338 /* Vector table is the last entry */
339 if (i == segments - 1)
340 vec_size = sizeof(struct bhi_vec_entry) * i;
342 mhi_buf->len = vec_size;
343 mhi_buf->buf = dma_alloc_coherent(mhi_cntrl->cntrl_dev,
344 vec_size, &mhi_buf->dma_addr,
347 goto error_alloc_segment;
350 img_info->bhi_vec = img_info->mhi_buf[segments - 1].buf;
351 img_info->entries = segments;
352 *image_info = img_info;
357 for (--i, --mhi_buf; i >= 0; i--, mhi_buf--)
358 dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len,
359 mhi_buf->buf, mhi_buf->dma_addr);
367 static void mhi_firmware_copy(struct mhi_controller *mhi_cntrl,
368 const u8 *buf, size_t remainder,
369 struct image_info *img_info)
372 struct mhi_buf *mhi_buf = img_info->mhi_buf;
373 struct bhi_vec_entry *bhi_vec = img_info->bhi_vec;
376 to_cpy = min(remainder, mhi_buf->len);
377 memcpy(mhi_buf->buf, buf, to_cpy);
378 bhi_vec->dma_addr = mhi_buf->dma_addr;
379 bhi_vec->size = to_cpy;
388 void mhi_fw_load_handler(struct mhi_controller *mhi_cntrl)
390 const struct firmware *firmware = NULL;
391 struct device *dev = &mhi_cntrl->mhi_dev->dev;
392 enum mhi_pm_state new_state;
400 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state)) {
401 dev_err(dev, "Device MHI is not in valid state\n");
405 /* save hardware info from BHI */
406 ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->bhi, BHI_SERIALNU,
407 &mhi_cntrl->serial_number);
409 dev_err(dev, "Could not capture serial number via BHI\n");
411 for (i = 0; i < ARRAY_SIZE(mhi_cntrl->oem_pk_hash); i++) {
412 ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->bhi, BHI_OEMPKHASH(i),
413 &mhi_cntrl->oem_pk_hash[i]);
415 dev_err(dev, "Could not capture OEM PK HASH via BHI\n");
420 /* wait for ready on pass through or any other execution environment */
421 if (!MHI_FW_LOAD_CAPABLE(mhi_cntrl->ee))
422 goto fw_load_ready_state;
424 fw_name = (mhi_cntrl->ee == MHI_EE_EDL) ?
425 mhi_cntrl->edl_image : mhi_cntrl->fw_image;
427 /* check if the driver has already provided the firmware data */
428 if (!fw_name && mhi_cntrl->fbc_download &&
429 mhi_cntrl->fw_data && mhi_cntrl->fw_sz) {
430 if (!mhi_cntrl->sbl_size) {
431 dev_err(dev, "fw_data provided but no sbl_size\n");
435 size = mhi_cntrl->sbl_size;
436 fw_data = mhi_cntrl->fw_data;
437 fw_sz = mhi_cntrl->fw_sz;
441 if (!fw_name || (mhi_cntrl->fbc_download && (!mhi_cntrl->sbl_size ||
442 !mhi_cntrl->seg_len))) {
444 "No firmware image defined or !sbl_size || !seg_len\n");
448 ret = request_firmware(&firmware, fw_name, dev);
450 dev_err(dev, "Error loading firmware: %d\n", ret);
454 size = (mhi_cntrl->fbc_download) ? mhi_cntrl->sbl_size : firmware->size;
456 /* SBL size provided is maximum size, not necessarily the image size */
457 if (size > firmware->size)
458 size = firmware->size;
460 fw_data = firmware->data;
461 fw_sz = firmware->size;
464 buf = dma_alloc_coherent(mhi_cntrl->cntrl_dev, size, &dma_addr,
467 release_firmware(firmware);
471 /* Download image using BHI */
472 memcpy(buf, fw_data, size);
473 ret = mhi_fw_load_bhi(mhi_cntrl, dma_addr, size);
474 dma_free_coherent(mhi_cntrl->cntrl_dev, size, buf, dma_addr);
476 /* Error or in EDL mode, we're done */
478 dev_err(dev, "MHI did not load image over BHI, ret: %d\n", ret);
479 release_firmware(firmware);
483 /* Wait for ready since EDL image was loaded */
484 if (fw_name && fw_name == mhi_cntrl->edl_image) {
485 release_firmware(firmware);
486 goto fw_load_ready_state;
489 write_lock_irq(&mhi_cntrl->pm_lock);
490 mhi_cntrl->dev_state = MHI_STATE_RESET;
491 write_unlock_irq(&mhi_cntrl->pm_lock);
494 * If we're doing fbc, populate vector tables while
495 * device transitioning into MHI READY state
497 if (mhi_cntrl->fbc_download) {
498 ret = mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->fbc_image, fw_sz);
500 release_firmware(firmware);
504 /* Load the firmware into BHIE vec table */
505 mhi_firmware_copy(mhi_cntrl, fw_data, fw_sz, mhi_cntrl->fbc_image);
508 release_firmware(firmware);
511 /* Transitioning into MHI RESET->READY state */
512 ret = mhi_ready_state_transition(mhi_cntrl);
514 dev_err(dev, "MHI did not enter READY state\n");
515 goto error_ready_state;
518 dev_info(dev, "Wait for device to enter SBL or Mission mode\n");
522 if (mhi_cntrl->fbc_download) {
523 mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image);
524 mhi_cntrl->fbc_image = NULL;
528 write_lock_irq(&mhi_cntrl->pm_lock);
529 new_state = mhi_tryset_pm_state(mhi_cntrl, MHI_PM_FW_DL_ERR);
530 write_unlock_irq(&mhi_cntrl->pm_lock);
531 if (new_state == MHI_PM_FW_DL_ERR)
532 wake_up_all(&mhi_cntrl->state_event);
535 int mhi_download_amss_image(struct mhi_controller *mhi_cntrl)
537 struct image_info *image_info = mhi_cntrl->fbc_image;
538 struct device *dev = &mhi_cntrl->mhi_dev->dev;
539 enum mhi_pm_state new_state;
545 ret = mhi_fw_load_bhie(mhi_cntrl,
546 /* Vector table is the last entry */
547 &image_info->mhi_buf[image_info->entries - 1]);
549 dev_err(dev, "MHI did not load AMSS, ret:%d\n", ret);
550 write_lock_irq(&mhi_cntrl->pm_lock);
551 new_state = mhi_tryset_pm_state(mhi_cntrl, MHI_PM_FW_DL_ERR);
552 write_unlock_irq(&mhi_cntrl->pm_lock);
553 if (new_state == MHI_PM_FW_DL_ERR)
554 wake_up_all(&mhi_cntrl->state_event);