1 // SPDX-License-Identifier: GPL-2.0
3 * Greybus Firmware Download Protocol Driver.
5 * Copyright 2016 Google Inc.
6 * Copyright 2016 Linaro Ltd.
9 #include <linux/firmware.h>
10 #include <linux/jiffies.h>
11 #include <linux/mutex.h>
12 #include <linux/workqueue.h>
13 #include <linux/greybus.h>
16 /* Estimated minimum buffer size, actual size can be smaller than this */
17 #define MIN_FETCH_SIZE 512
18 /* Timeout, in jiffies, within which fetch or release firmware must be called */
19 #define NEXT_REQ_TIMEOUT_J msecs_to_jiffies(1000)
25 char name
[FW_NAME_SIZE
];
26 const struct firmware
*fw
;
27 struct list_head node
;
29 struct delayed_work dwork
;
30 /* Timeout, in jiffies, within which the firmware shall download */
31 unsigned long release_timeout_j
;
33 struct fw_download
*fw_download
;
37 struct device
*parent
;
38 struct gb_connection
*connection
;
39 struct list_head fw_requests
;
44 static void fw_req_release(struct kref
*kref
)
46 struct fw_request
*fw_req
= container_of(kref
, struct fw_request
, kref
);
48 dev_dbg(fw_req
->fw_download
->parent
, "firmware %s released\n",
51 release_firmware(fw_req
->fw
);
54 * The request timed out and the module may send a fetch-fw or
55 * release-fw request later. Lets block the id we allocated for this
56 * request, so that the AP doesn't refer to a later fw-request (with
57 * same firmware_id) for the old timedout fw-request.
61 * This also means that after 255 timeouts we will fail to service new
62 * firmware downloads. But what else can we do in that case anyway? Lets
63 * just hope that it never happens.
65 if (!fw_req
->timedout
)
66 ida_simple_remove(&fw_req
->fw_download
->id_map
,
73 * Incoming requests are serialized for a connection, and the only race possible
74 * is between the timeout handler freeing this and an incoming request.
76 * The operations on the fw-request list are protected by the mutex and
77 * get_fw_req() increments the reference count before returning a fw_req pointer
80 * free_firmware() also takes the mutex while removing an entry from the list,
81 * it guarantees that every user of fw_req has taken a kref-reference by now and
82 * we wouldn't have any new users.
84 * Once the last user drops the reference, the fw_req structure is freed.
86 static void put_fw_req(struct fw_request
*fw_req
)
88 kref_put(&fw_req
->kref
, fw_req_release
);
91 /* Caller must call put_fw_req() after using struct fw_request */
92 static struct fw_request
*get_fw_req(struct fw_download
*fw_download
,
95 struct fw_request
*fw_req
;
97 mutex_lock(&fw_download
->mutex
);
99 list_for_each_entry(fw_req
, &fw_download
->fw_requests
, node
) {
100 if (fw_req
->firmware_id
== firmware_id
) {
101 kref_get(&fw_req
->kref
);
109 mutex_unlock(&fw_download
->mutex
);
114 static void free_firmware(struct fw_download
*fw_download
,
115 struct fw_request
*fw_req
)
117 /* Already disabled from timeout handlers */
118 if (fw_req
->disabled
)
121 mutex_lock(&fw_download
->mutex
);
122 list_del(&fw_req
->node
);
123 mutex_unlock(&fw_download
->mutex
);
125 fw_req
->disabled
= true;
129 static void fw_request_timedout(struct work_struct
*work
)
131 struct delayed_work
*dwork
= to_delayed_work(work
);
132 struct fw_request
*fw_req
= container_of(dwork
,
133 struct fw_request
, dwork
);
134 struct fw_download
*fw_download
= fw_req
->fw_download
;
136 dev_err(fw_download
->parent
,
137 "Timed out waiting for fetch / release firmware requests: %u\n",
138 fw_req
->firmware_id
);
140 fw_req
->timedout
= true;
141 free_firmware(fw_download
, fw_req
);
144 static int exceeds_release_timeout(struct fw_request
*fw_req
)
146 struct fw_download
*fw_download
= fw_req
->fw_download
;
148 if (time_before(jiffies
, fw_req
->release_timeout_j
))
151 dev_err(fw_download
->parent
,
152 "Firmware download didn't finish in time, abort: %d\n",
153 fw_req
->firmware_id
);
155 fw_req
->timedout
= true;
156 free_firmware(fw_download
, fw_req
);
161 /* This returns path of the firmware blob on the disk */
162 static struct fw_request
*find_firmware(struct fw_download
*fw_download
,
165 struct gb_interface
*intf
= fw_download
->connection
->bundle
->intf
;
166 struct fw_request
*fw_req
;
169 fw_req
= kzalloc(sizeof(*fw_req
), GFP_KERNEL
);
171 return ERR_PTR(-ENOMEM
);
173 /* Allocate ids from 1 to 255 (u8-max), 0 is an invalid id */
174 ret
= ida_simple_get(&fw_download
->id_map
, 1, 256, GFP_KERNEL
);
176 dev_err(fw_download
->parent
,
177 "failed to allocate firmware id (%d)\n", ret
);
180 fw_req
->firmware_id
= ret
;
182 snprintf(fw_req
->name
, sizeof(fw_req
->name
),
183 FW_NAME_PREFIX
"%08x_%08x_%08x_%08x_%s.tftf",
184 intf
->ddbl1_manufacturer_id
, intf
->ddbl1_product_id
,
185 intf
->vendor_id
, intf
->product_id
, tag
);
187 dev_info(fw_download
->parent
, "Requested firmware package '%s'\n",
190 ret
= request_firmware(&fw_req
->fw
, fw_req
->name
, fw_download
->parent
);
192 dev_err(fw_download
->parent
,
193 "firmware request failed for %s (%d)\n", fw_req
->name
,
198 fw_req
->fw_download
= fw_download
;
199 kref_init(&fw_req
->kref
);
201 mutex_lock(&fw_download
->mutex
);
202 list_add(&fw_req
->node
, &fw_download
->fw_requests
);
203 mutex_unlock(&fw_download
->mutex
);
205 /* Timeout, in jiffies, within which firmware should get loaded */
206 req_count
= DIV_ROUND_UP(fw_req
->fw
->size
, MIN_FETCH_SIZE
);
207 fw_req
->release_timeout_j
= jiffies
+ req_count
* NEXT_REQ_TIMEOUT_J
;
209 INIT_DELAYED_WORK(&fw_req
->dwork
, fw_request_timedout
);
210 schedule_delayed_work(&fw_req
->dwork
, NEXT_REQ_TIMEOUT_J
);
215 ida_simple_remove(&fw_download
->id_map
, fw_req
->firmware_id
);
222 static int fw_download_find_firmware(struct gb_operation
*op
)
224 struct gb_connection
*connection
= op
->connection
;
225 struct fw_download
*fw_download
= gb_connection_get_data(connection
);
226 struct gb_fw_download_find_firmware_request
*request
;
227 struct gb_fw_download_find_firmware_response
*response
;
228 struct fw_request
*fw_req
;
231 if (op
->request
->payload_size
!= sizeof(*request
)) {
232 dev_err(fw_download
->parent
,
233 "illegal size of find firmware request (%zu != %zu)\n",
234 op
->request
->payload_size
, sizeof(*request
));
238 request
= op
->request
->payload
;
239 tag
= (const char *)request
->firmware_tag
;
241 /* firmware_tag must be null-terminated */
242 if (strnlen(tag
, GB_FIRMWARE_TAG_MAX_SIZE
) ==
243 GB_FIRMWARE_TAG_MAX_SIZE
) {
244 dev_err(fw_download
->parent
,
245 "firmware-tag is not null-terminated\n");
249 fw_req
= find_firmware(fw_download
, tag
);
251 return PTR_ERR(fw_req
);
253 if (!gb_operation_response_alloc(op
, sizeof(*response
), GFP_KERNEL
)) {
254 dev_err(fw_download
->parent
, "error allocating response\n");
255 free_firmware(fw_download
, fw_req
);
259 response
= op
->response
->payload
;
260 response
->firmware_id
= fw_req
->firmware_id
;
261 response
->size
= cpu_to_le32(fw_req
->fw
->size
);
263 dev_dbg(fw_download
->parent
,
264 "firmware size is %zu bytes\n", fw_req
->fw
->size
);
269 static int fw_download_fetch_firmware(struct gb_operation
*op
)
271 struct gb_connection
*connection
= op
->connection
;
272 struct fw_download
*fw_download
= gb_connection_get_data(connection
);
273 struct gb_fw_download_fetch_firmware_request
*request
;
274 struct gb_fw_download_fetch_firmware_response
*response
;
275 struct fw_request
*fw_req
;
276 const struct firmware
*fw
;
277 unsigned int offset
, size
;
281 if (op
->request
->payload_size
!= sizeof(*request
)) {
282 dev_err(fw_download
->parent
,
283 "Illegal size of fetch firmware request (%zu %zu)\n",
284 op
->request
->payload_size
, sizeof(*request
));
288 request
= op
->request
->payload
;
289 offset
= le32_to_cpu(request
->offset
);
290 size
= le32_to_cpu(request
->size
);
291 firmware_id
= request
->firmware_id
;
293 fw_req
= get_fw_req(fw_download
, firmware_id
);
295 dev_err(fw_download
->parent
,
296 "firmware not available for id: %02u\n", firmware_id
);
300 /* Make sure work handler isn't running in parallel */
301 cancel_delayed_work_sync(&fw_req
->dwork
);
303 /* We timed-out before reaching here ? */
304 if (fw_req
->disabled
) {
310 * Firmware download must finish within a limited time interval. If it
311 * doesn't, then we might have a buggy Module on the other side. Abort
314 ret
= exceeds_release_timeout(fw_req
);
320 if (offset
>= fw
->size
|| size
> fw
->size
- offset
) {
321 dev_err(fw_download
->parent
,
322 "bad fetch firmware request (offs = %u, size = %u)\n",
328 if (!gb_operation_response_alloc(op
, sizeof(*response
) + size
,
330 dev_err(fw_download
->parent
,
331 "error allocating fetch firmware response\n");
336 response
= op
->response
->payload
;
337 memcpy(response
->data
, fw
->data
+ offset
, size
);
339 dev_dbg(fw_download
->parent
,
340 "responding with firmware (offs = %u, size = %u)\n", offset
,
343 /* Refresh timeout */
344 schedule_delayed_work(&fw_req
->dwork
, NEXT_REQ_TIMEOUT_J
);
352 static int fw_download_release_firmware(struct gb_operation
*op
)
354 struct gb_connection
*connection
= op
->connection
;
355 struct fw_download
*fw_download
= gb_connection_get_data(connection
);
356 struct gb_fw_download_release_firmware_request
*request
;
357 struct fw_request
*fw_req
;
360 if (op
->request
->payload_size
!= sizeof(*request
)) {
361 dev_err(fw_download
->parent
,
362 "Illegal size of release firmware request (%zu %zu)\n",
363 op
->request
->payload_size
, sizeof(*request
));
367 request
= op
->request
->payload
;
368 firmware_id
= request
->firmware_id
;
370 fw_req
= get_fw_req(fw_download
, firmware_id
);
372 dev_err(fw_download
->parent
,
373 "firmware not available for id: %02u\n", firmware_id
);
377 cancel_delayed_work_sync(&fw_req
->dwork
);
379 free_firmware(fw_download
, fw_req
);
382 dev_dbg(fw_download
->parent
, "release firmware\n");
387 int gb_fw_download_request_handler(struct gb_operation
*op
)
392 case GB_FW_DOWNLOAD_TYPE_FIND_FIRMWARE
:
393 return fw_download_find_firmware(op
);
394 case GB_FW_DOWNLOAD_TYPE_FETCH_FIRMWARE
:
395 return fw_download_fetch_firmware(op
);
396 case GB_FW_DOWNLOAD_TYPE_RELEASE_FIRMWARE
:
397 return fw_download_release_firmware(op
);
399 dev_err(&op
->connection
->bundle
->dev
,
400 "unsupported request: %u\n", type
);
405 int gb_fw_download_connection_init(struct gb_connection
*connection
)
407 struct fw_download
*fw_download
;
413 fw_download
= kzalloc(sizeof(*fw_download
), GFP_KERNEL
);
417 fw_download
->parent
= &connection
->bundle
->dev
;
418 INIT_LIST_HEAD(&fw_download
->fw_requests
);
419 ida_init(&fw_download
->id_map
);
420 gb_connection_set_data(connection
, fw_download
);
421 fw_download
->connection
= connection
;
422 mutex_init(&fw_download
->mutex
);
424 ret
= gb_connection_enable(connection
);
426 goto err_destroy_id_map
;
431 ida_destroy(&fw_download
->id_map
);
437 void gb_fw_download_connection_exit(struct gb_connection
*connection
)
439 struct fw_download
*fw_download
;
440 struct fw_request
*fw_req
, *tmp
;
445 fw_download
= gb_connection_get_data(connection
);
446 gb_connection_disable(fw_download
->connection
);
449 * Make sure we have a reference to the pending requests, before they
450 * are freed from the timeout handler.
452 mutex_lock(&fw_download
->mutex
);
453 list_for_each_entry(fw_req
, &fw_download
->fw_requests
, node
)
454 kref_get(&fw_req
->kref
);
455 mutex_unlock(&fw_download
->mutex
);
457 /* Release pending firmware packages */
458 list_for_each_entry_safe(fw_req
, tmp
, &fw_download
->fw_requests
, node
) {
459 cancel_delayed_work_sync(&fw_req
->dwork
);
460 free_firmware(fw_download
, fw_req
);
464 ida_destroy(&fw_download
->id_map
);