drivers/staging/greybus/fw-download.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * Greybus Firmware Download Protocol Driver.
   4  *
   5  * Copyright 2016 Google Inc.
   6  * Copyright 2016 Linaro Ltd.
   7  */
   8
   9 #include <linux/firmware.h>
  10 #include <linux/jiffies.h>
  11 #include <linux/mutex.h>
  12 #include <linux/workqueue.h>
  13 #include <linux/greybus.h>
  14 #include "firmware.h"
  15
  16 /* Estimated minimum buffer size, actual size can be smaller than this */
  17 #define MIN_FETCH_SIZE          512
  18 /* Timeout, in jiffies, within which fetch or release firmware must be called */
  19 #define NEXT_REQ_TIMEOUT_J      msecs_to_jiffies(1000)
  20
  21 struct fw_request {
  22         u8                      firmware_id;
  23         bool                    disabled;
  24         bool                    timedout;
  25         char                    name[FW_NAME_SIZE];
  26         const struct firmware   *fw;
  27         struct list_head        node;
  28
  29         struct delayed_work     dwork;
  30         /* Timeout, in jiffies, within which the firmware shall download */
  31         unsigned long           release_timeout_j;
  32         struct kref             kref;
  33         struct fw_download      *fw_download;
  34 };
  35
  36 struct fw_download {
  37         struct device           *parent;
  38         struct gb_connection    *connection;
  39         struct list_head        fw_requests;
  40         struct ida              id_map;
  41         struct mutex            mutex;
  42 };
  43
  44 static void fw_req_release(struct kref *kref)
  45 {
  46         struct fw_request *fw_req = container_of(kref, struct fw_request, kref);
  47
  48         dev_dbg(fw_req->fw_download->parent, "firmware %s released\n",
  49                 fw_req->name);
  50
  51         release_firmware(fw_req->fw);
  52
  53         /*
  54          * The request timed out and the module may send a fetch-fw or
  55          * release-fw request later. Lets block the id we allocated for this
  56          * request, so that the AP doesn't refer to a later fw-request (with
  57          * same firmware_id) for the old timedout fw-request.
  58          *
  59          * NOTE:
  60          *
  61          * This also means that after 255 timeouts we will fail to service new
  62          * firmware downloads. But what else can we do in that case anyway? Lets
  63          * just hope that it never happens.
  64          */
  65         if (!fw_req->timedout)
  66                 ida_free(&fw_req->fw_download->id_map, fw_req->firmware_id);
  67
  68         kfree(fw_req);
  69 }
  70
  71 /*
  72  * Incoming requests are serialized for a connection, and the only race possible
  73  * is between the timeout handler freeing this and an incoming request.
  74  *
  75  * The operations on the fw-request list are protected by the mutex and
  76  * get_fw_req() increments the reference count before returning a fw_req pointer
  77  * to the users.
  78  *
  79  * free_firmware() also takes the mutex while removing an entry from the list,
  80  * it guarantees that every user of fw_req has taken a kref-reference by now and
  81  * we wouldn't have any new users.
  82  *
  83  * Once the last user drops the reference, the fw_req structure is freed.
  84  */
  85 static void put_fw_req(struct fw_request *fw_req)
  86 {
  87         kref_put(&fw_req->kref, fw_req_release);
  88 }
  89
  90 /* Caller must call put_fw_req() after using struct fw_request */
  91 static struct fw_request *get_fw_req(struct fw_download *fw_download,
  92                                      u8 firmware_id)
  93 {
  94         struct fw_request *fw_req;
  95
  96         mutex_lock(&fw_download->mutex);
  97
  98         list_for_each_entry(fw_req, &fw_download->fw_requests, node) {
  99                 if (fw_req->firmware_id == firmware_id) {
 100                         kref_get(&fw_req->kref);
 101                         goto unlock;
 102                 }
 103         }
 104
 105         fw_req = NULL;
 106
 107 unlock:
 108         mutex_unlock(&fw_download->mutex);
 109
 110         return fw_req;
 111 }
 112
 113 static void free_firmware(struct fw_download *fw_download,
 114                           struct fw_request *fw_req)
 115 {
 116         /* Already disabled from timeout handlers */
 117         if (fw_req->disabled)
 118                 return;
 119
 120         mutex_lock(&fw_download->mutex);
 121         list_del(&fw_req->node);
 122         mutex_unlock(&fw_download->mutex);
 123
 124         fw_req->disabled = true;
 125         put_fw_req(fw_req);
 126 }
 127
 128 static void fw_request_timedout(struct work_struct *work)
 129 {
 130         struct delayed_work *dwork = to_delayed_work(work);
 131         struct fw_request *fw_req = container_of(dwork,
 132                                                  struct fw_request, dwork);
 133         struct fw_download *fw_download = fw_req->fw_download;
 134
 135         dev_err(fw_download->parent,
 136                 "Timed out waiting for fetch / release firmware requests: %u\n",
 137                 fw_req->firmware_id);
 138
 139         fw_req->timedout = true;
 140         free_firmware(fw_download, fw_req);
 141 }
 142
 143 static int exceeds_release_timeout(struct fw_request *fw_req)
 144 {
 145         struct fw_download *fw_download = fw_req->fw_download;
 146
 147         if (time_before(jiffies, fw_req->release_timeout_j))
 148                 return 0;
 149
 150         dev_err(fw_download->parent,
 151                 "Firmware download didn't finish in time, abort: %d\n",
 152                 fw_req->firmware_id);
 153
 154         fw_req->timedout = true;
 155         free_firmware(fw_download, fw_req);
 156
 157         return -ETIMEDOUT;
 158 }
 159
 160 /* This returns path of the firmware blob on the disk */
 161 static struct fw_request *find_firmware(struct fw_download *fw_download,
 162                                         const char *tag)
 163 {
 164         struct gb_interface *intf = fw_download->connection->bundle->intf;
 165         struct fw_request *fw_req;
 166         int ret, req_count;
 167
 168         fw_req = kzalloc(sizeof(*fw_req), GFP_KERNEL);
 169         if (!fw_req)
 170                 return ERR_PTR(-ENOMEM);
 171
 172         /* Allocate ids from 1 to 255 (u8-max), 0 is an invalid id */
 173         ret = ida_alloc_range(&fw_download->id_map, 1, 255, GFP_KERNEL);
 174         if (ret < 0) {
 175                 dev_err(fw_download->parent,
 176                         "failed to allocate firmware id (%d)\n", ret);
 177                 goto err_free_req;
 178         }
 179         fw_req->firmware_id = ret;
 180
 181         snprintf(fw_req->name, sizeof(fw_req->name),
 182                  FW_NAME_PREFIX "/*(DEBLOBBED)*/",
 183                  intf->ddbl1_manufacturer_id, intf->ddbl1_product_id,
 184                  intf->vendor_id, intf->product_id, tag);
 185
 186         dev_info(fw_download->parent, "Requested firmware package '%s'\n",
 187                  fw_req->name);
 188
 189         ret = reject_firmware(&fw_req->fw, fw_req->name, fw_download->parent);
 190         if (ret) {
 191                 dev_err(fw_download->parent,
 192                         "firmware request failed for %s (%d)\n", fw_req->name,
 193                         ret);
 194                 goto err_free_id;
 195         }
 196
 197         fw_req->fw_download = fw_download;
 198         kref_init(&fw_req->kref);
 199
 200         mutex_lock(&fw_download->mutex);
 201         list_add(&fw_req->node, &fw_download->fw_requests);
 202         mutex_unlock(&fw_download->mutex);
 203
 204         /* Timeout, in jiffies, within which firmware should get loaded */
 205         req_count = DIV_ROUND_UP(fw_req->fw->size, MIN_FETCH_SIZE);
 206         fw_req->release_timeout_j = jiffies + req_count * NEXT_REQ_TIMEOUT_J;
 207
 208         INIT_DELAYED_WORK(&fw_req->dwork, fw_request_timedout);
 209         schedule_delayed_work(&fw_req->dwork, NEXT_REQ_TIMEOUT_J);
 210
 211         return fw_req;
 212
 213 err_free_id:
 214         ida_free(&fw_download->id_map, fw_req->firmware_id);
 215 err_free_req:
 216         kfree(fw_req);
 217
 218         return ERR_PTR(ret);
 219 }
 220
 221 static int fw_download_find_firmware(struct gb_operation *op)
 222 {
 223         struct gb_connection *connection = op->connection;
 224         struct fw_download *fw_download = gb_connection_get_data(connection);
 225         struct gb_fw_download_find_firmware_request *request;
 226         struct gb_fw_download_find_firmware_response *response;
 227         struct fw_request *fw_req;
 228         const char *tag;
 229
 230         if (op->request->payload_size != sizeof(*request)) {
 231                 dev_err(fw_download->parent,
 232                         "illegal size of find firmware request (%zu != %zu)\n",
 233                         op->request->payload_size, sizeof(*request));
 234                 return -EINVAL;
 235         }
 236
 237         request = op->request->payload;
 238         tag = (const char *)request->firmware_tag;
 239
 240         /* firmware_tag must be null-terminated */
 241         if (strnlen(tag, GB_FIRMWARE_TAG_MAX_SIZE) ==
 242             GB_FIRMWARE_TAG_MAX_SIZE) {
 243                 dev_err(fw_download->parent,
 244                         "firmware-tag is not null-terminated\n");
 245                 return -EINVAL;
 246         }
 247
 248         fw_req = find_firmware(fw_download, tag);
 249         if (IS_ERR(fw_req))
 250                 return PTR_ERR(fw_req);
 251
 252         if (!gb_operation_response_alloc(op, sizeof(*response), GFP_KERNEL)) {
 253                 dev_err(fw_download->parent, "error allocating response\n");
 254                 free_firmware(fw_download, fw_req);
 255                 return -ENOMEM;
 256         }
 257
 258         response = op->response->payload;
 259         response->firmware_id = fw_req->firmware_id;
 260         response->size = cpu_to_le32(fw_req->fw->size);
 261
 262         dev_dbg(fw_download->parent,
 263                 "firmware size is %zu bytes\n", fw_req->fw->size);
 264
 265         return 0;
 266 }
 267
 268 static int fw_download_fetch_firmware(struct gb_operation *op)
 269 {
 270         struct gb_connection *connection = op->connection;
 271         struct fw_download *fw_download = gb_connection_get_data(connection);
 272         struct gb_fw_download_fetch_firmware_request *request;
 273         struct fw_request *fw_req;
 274         const struct firmware *fw;
 275         unsigned int offset, size;
 276         u8 firmware_id;
 277         u8 *response;
 278         int ret = 0;
 279
 280         if (op->request->payload_size != sizeof(*request)) {
 281                 dev_err(fw_download->parent,
 282                         "Illegal size of fetch firmware request (%zu %zu)\n",
 283                         op->request->payload_size, sizeof(*request));
 284                 return -EINVAL;
 285         }
 286
 287         request = op->request->payload;
 288         offset = le32_to_cpu(request->offset);
 289         size = le32_to_cpu(request->size);
 290         firmware_id = request->firmware_id;
 291
 292         fw_req = get_fw_req(fw_download, firmware_id);
 293         if (!fw_req) {
 294                 dev_err(fw_download->parent,
 295                         "firmware not available for id: %02u\n", firmware_id);
 296                 return -EINVAL;
 297         }
 298
 299         /* Make sure work handler isn't running in parallel */
 300         cancel_delayed_work_sync(&fw_req->dwork);
 301
 302         /* We timed-out before reaching here ? */
 303         if (fw_req->disabled) {
 304                 ret = -ETIMEDOUT;
 305                 goto put_fw;
 306         }
 307
 308         /*
 309          * Firmware download must finish within a limited time interval. If it
 310          * doesn't, then we might have a buggy Module on the other side. Abort
 311          * download.
 312          */
 313         ret = exceeds_release_timeout(fw_req);
 314         if (ret)
 315                 goto put_fw;
 316
 317         fw = fw_req->fw;
 318
 319         if (offset >= fw->size || size > fw->size - offset) {
 320                 dev_err(fw_download->parent,
 321                         "bad fetch firmware request (offs = %u, size = %u)\n",
 322                         offset, size);
 323                 ret = -EINVAL;
 324                 goto put_fw;
 325         }
 326
 327         /* gb_fw_download_fetch_firmware_response contains only a byte array */
 328         if (!gb_operation_response_alloc(op, size, GFP_KERNEL)) {
 329                 dev_err(fw_download->parent,
 330                         "error allocating fetch firmware response\n");
 331                 ret = -ENOMEM;
 332                 goto put_fw;
 333         }
 334
 335         response = op->response->payload;
 336         memcpy(response, fw->data + offset, size);
 337
 338         dev_dbg(fw_download->parent,
 339                 "responding with firmware (offs = %u, size = %u)\n", offset,
 340                 size);
 341
 342         /* Refresh timeout */
 343         schedule_delayed_work(&fw_req->dwork, NEXT_REQ_TIMEOUT_J);
 344
 345 put_fw:
 346         put_fw_req(fw_req);
 347
 348         return ret;
 349 }
 350
 351 static int fw_download_release_firmware(struct gb_operation *op)
 352 {
 353         struct gb_connection *connection = op->connection;
 354         struct fw_download *fw_download = gb_connection_get_data(connection);
 355         struct gb_fw_download_release_firmware_request *request;
 356         struct fw_request *fw_req;
 357         u8 firmware_id;
 358
 359         if (op->request->payload_size != sizeof(*request)) {
 360                 dev_err(fw_download->parent,
 361                         "Illegal size of release firmware request (%zu %zu)\n",
 362                         op->request->payload_size, sizeof(*request));
 363                 return -EINVAL;
 364         }
 365
 366         request = op->request->payload;
 367         firmware_id = request->firmware_id;
 368
 369         fw_req = get_fw_req(fw_download, firmware_id);
 370         if (!fw_req) {
 371                 dev_err(fw_download->parent,
 372                         "firmware not available for id: %02u\n", firmware_id);
 373                 return -EINVAL;
 374         }
 375
 376         cancel_delayed_work_sync(&fw_req->dwork);
 377
 378         free_firmware(fw_download, fw_req);
 379         put_fw_req(fw_req);
 380
 381         dev_dbg(fw_download->parent, "release firmware\n");
 382
 383         return 0;
 384 }
 385
 386 int gb_fw_download_request_handler(struct gb_operation *op)
 387 {
 388         u8 type = op->type;
 389
 390         switch (type) {
 391         case GB_FW_DOWNLOAD_TYPE_FIND_FIRMWARE:
 392                 return fw_download_find_firmware(op);
 393         case GB_FW_DOWNLOAD_TYPE_FETCH_FIRMWARE:
 394                 return fw_download_fetch_firmware(op);
 395         case GB_FW_DOWNLOAD_TYPE_RELEASE_FIRMWARE:
 396                 return fw_download_release_firmware(op);
 397         default:
 398                 dev_err(&op->connection->bundle->dev,
 399                         "unsupported request: %u\n", type);
 400                 return -EINVAL;
 401         }
 402 }
 403
 404 int gb_fw_download_connection_init(struct gb_connection *connection)
 405 {
 406         struct fw_download *fw_download;
 407         int ret;
 408
 409         if (!connection)
 410                 return 0;
 411
 412         fw_download = kzalloc(sizeof(*fw_download), GFP_KERNEL);
 413         if (!fw_download)
 414                 return -ENOMEM;
 415
 416         fw_download->parent = &connection->bundle->dev;
 417         INIT_LIST_HEAD(&fw_download->fw_requests);
 418         ida_init(&fw_download->id_map);
 419         gb_connection_set_data(connection, fw_download);
 420         fw_download->connection = connection;
 421         mutex_init(&fw_download->mutex);
 422
 423         ret = gb_connection_enable(connection);
 424         if (ret)
 425                 goto err_destroy_id_map;
 426
 427         return 0;
 428
 429 err_destroy_id_map:
 430         ida_destroy(&fw_download->id_map);
 431         kfree(fw_download);
 432
 433         return ret;
 434 }
 435
 436 void gb_fw_download_connection_exit(struct gb_connection *connection)
 437 {
 438         struct fw_download *fw_download;
 439         struct fw_request *fw_req, *tmp;
 440
 441         if (!connection)
 442                 return;
 443
 444         fw_download = gb_connection_get_data(connection);
 445         gb_connection_disable(fw_download->connection);
 446
 447         /*
 448          * Make sure we have a reference to the pending requests, before they
 449          * are freed from the timeout handler.
 450          */
 451         mutex_lock(&fw_download->mutex);
 452         list_for_each_entry(fw_req, &fw_download->fw_requests, node)
 453                 kref_get(&fw_req->kref);
 454         mutex_unlock(&fw_download->mutex);
 455
 456         /* Release pending firmware packages */
 457         list_for_each_entry_safe(fw_req, tmp, &fw_download->fw_requests, node) {
 458                 cancel_delayed_work_sync(&fw_req->dwork);
 459                 free_firmware(fw_download, fw_req);
 460                 put_fw_req(fw_req);
 461         }
 462
 463         ida_destroy(&fw_download->id_map);
 464         kfree(fw_download);
 465 }