1 /* Copyright 2017 IBM Corp.
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
12 * implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define pr_fmt(fmt) "MBOX-FLASH: " fmt
18
19 #define _GNU_SOURCE
20 #include <errno.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24
25 #include <skiboot.h>
26 #include <inttypes.h>
27 #include <timebase.h>
28 #include <timer.h>
29 #include <libflash/libflash.h>
30 #include <libflash/mbox-flash.h>
31 #include <lpc.h>
32 #include <lpc-mbox.h>
33
34 #include <ccan/container_of/container_of.h>
35
36 #ifndef __SKIBOOT__
37 #ifndef __TEST__
38 #error "This libflash backend must be compiled with skiboot"
39 #endif
40 #endif
41
42 /* Same technique as BUILD_BUG_ON from linux */
43 #define CHECK_HANDLER_SIZE(handlers) ((void)sizeof(char[1 - 2*!!(ARRAY_SIZE(handlers) != (MBOX_COMMAND_COUNT + 1))]))
44
45 #define MBOX_DEFAULT_TIMEOUT 3 /* seconds */
46
47 #define MSG_CREATE(init_command) { .command = init_command }
48
49 struct mbox_flash_data;
50 typedef void (mbox_handler)(struct mbox_flash_data *, struct bmc_mbox_msg *);
51
52 struct lpc_window {
53 uint32_t lpc_addr; /* Offset into LPC space */
54 uint32_t cur_pos; /* Current position of the window in the flash */
55 uint32_t size; /* Size of the window into the flash */
56 bool open;
57 };
58
59 struct mbox_flash_data {
60 int version;
61 uint16_t timeout;
62 uint32_t shift;
63 struct lpc_window read;
64 struct lpc_window write;
65 struct blocklevel_device bl;
66 uint32_t total_size;
67 uint32_t erase_granule;
68 int rc;
69 bool reboot;
70 bool pause;
71 bool busy;
72 bool ack;
73 mbox_handler **handlers;
74 };
75
76 static mbox_handler mbox_flash_do_nop;
77 static mbox_handler mbox_flash_do_illegal;
78
79 /* Version 1, 2, 3 compatible */
80 static mbox_handler mbox_flash_do_get_mbox_info;
81
82 /* Version 2 and 3 compatible */
83 static mbox_handler mbox_flash_do_get_flash_info;
84 static mbox_handler mbox_flash_do_get_flash_info_v1;
85
86 /* Version 2 and 3 compatible */
87 static mbox_handler mbox_flash_do_create_read_window;
88 static mbox_handler mbox_flash_do_create_read_window_v1;
89
90 /* Version 2 and 3 compatible */
91 static mbox_handler mbox_flash_do_create_write_window;
92 static mbox_handler mbox_flash_do_create_write_window_v1;
93
94 /* Version 1, 2, 3 compatible */
95 static mbox_handler mbox_flash_do_close_window;
96
97 /* Plus one, commands start at 1 */
98 static mbox_handler *handlers_v3[] = {
99 NULL,
100 &mbox_flash_do_nop,
101 &mbox_flash_do_get_mbox_info,
102 &mbox_flash_do_get_flash_info,
103 &mbox_flash_do_create_read_window,
104 &mbox_flash_do_close_window,
105 &mbox_flash_do_create_write_window,
106 &mbox_flash_do_nop,
107 &mbox_flash_do_nop,
108 &mbox_flash_do_nop,
109 &mbox_flash_do_nop,
110 &mbox_flash_do_nop,
111 &mbox_flash_do_nop
112 };
113
114 /* Plus one, commands start at 1 */
115 static mbox_handler *handlers_v2[] = {
116 NULL,
117 &mbox_flash_do_nop,
118 &mbox_flash_do_get_mbox_info,
119 &mbox_flash_do_get_flash_info,
120 &mbox_flash_do_create_read_window,
121 &mbox_flash_do_close_window,
122 &mbox_flash_do_create_write_window,
123 &mbox_flash_do_nop,
124 &mbox_flash_do_nop,
125 &mbox_flash_do_nop,
126 &mbox_flash_do_nop,
127 &mbox_flash_do_illegal,
128 &mbox_flash_do_illegal
129 };
130
131 /*
132 * Plus one, commands start at 1.
133 * V2 adds a command so there should never be a response for the last
134 * command.
135 * Ensure we print an error message with mbox_flash_do_illegal().
136 */
137 static mbox_handler *handlers_v1[] = {
138 NULL,
139 &mbox_flash_do_nop,
140 &mbox_flash_do_get_mbox_info,
141 &mbox_flash_do_get_flash_info_v1,
142 &mbox_flash_do_create_read_window_v1,
143 &mbox_flash_do_close_window,
144 &mbox_flash_do_create_write_window_v1,
145 &mbox_flash_do_nop,
146 &mbox_flash_do_nop,
147 &mbox_flash_do_nop,
148 &mbox_flash_do_illegal,
149 &mbox_flash_do_illegal,
150 &mbox_flash_do_illegal
151 };
152
153
154 static void mbox_flash_callback(struct bmc_mbox_msg *msg, void *priv);
155 static void mbox_flash_attn(uint8_t attn, void *priv);
156
157 static int protocol_init(struct mbox_flash_data *mbox_flash, uint8_t shift);
158
lpc_window_read(struct mbox_flash_data * mbox_flash,uint32_t pos,void * buf,uint32_t len)159 static int lpc_window_read(struct mbox_flash_data *mbox_flash, uint32_t pos,
160 void *buf, uint32_t len)
161 {
162 uint32_t off = mbox_flash->read.lpc_addr + (pos - mbox_flash->read.cur_pos);
163 int rc;
164
165 prlog(PR_TRACE, "Reading at 0x%08x for 0x%08x offset: 0x%08x\n",
166 pos, len, off);
167
168 while(len) {
169 uint32_t chunk;
170 uint32_t dat;
171
172 /* XXX: make this read until it's aligned */
173 if (len > 3 && !(off & 3)) {
174 rc = lpc_read(OPAL_LPC_FW, off, &dat, 4);
175 if (!rc)
176 *(uint32_t *)buf = dat;
177 chunk = 4;
178 } else {
179 rc = lpc_read(OPAL_LPC_FW, off, &dat, 1);
180 if (!rc)
181 *(uint8_t *)buf = dat;
182 chunk = 1;
183 }
184 if (rc) {
185 prlog(PR_ERR, "lpc_read failure %d to FW 0x%08x\n", rc, off);
186 return rc;
187 }
188 len -= chunk;
189 off += chunk;
190 buf += chunk;
191 }
192
193 return 0;
194 }
195
lpc_window_write(struct mbox_flash_data * mbox_flash,uint32_t pos,const void * buf,uint32_t len)196 static int lpc_window_write(struct mbox_flash_data *mbox_flash, uint32_t pos,
197 const void *buf, uint32_t len)
198 {
199 uint32_t off = mbox_flash->write.lpc_addr + (pos - mbox_flash->write.cur_pos);
200 int rc;
201
202
203 prlog(PR_TRACE, "Writing at 0x%08x for 0x%08x offset: 0x%08x\n",
204 pos, len, off);
205
206 while(len) {
207 uint32_t chunk;
208
209 if (len > 3 && !(off & 3)) {
210 rc = lpc_write(OPAL_LPC_FW, off,
211 *(uint32_t *)buf, 4);
212 chunk = 4;
213 } else {
214 rc = lpc_write(OPAL_LPC_FW, off,
215 *(uint8_t *)buf, 1);
216 chunk = 1;
217 }
218 if (rc) {
219 prlog(PR_ERR, "lpc_write failure %d to FW 0x%08x\n", rc, off);
220 return rc;
221 }
222 len -= chunk;
223 off += chunk;
224 buf += chunk;
225 }
226
227 return 0;
228 }
229
mbox_flash_mask(struct mbox_flash_data * mbox_flash)230 static uint64_t mbox_flash_mask(struct mbox_flash_data *mbox_flash)
231 {
232 return (1ULL << mbox_flash->shift) - 1;
233 }
234
msg_get_u8(struct bmc_mbox_msg * msg,int i)235 __unused static uint8_t msg_get_u8(struct bmc_mbox_msg *msg, int i)
236 {
237 return msg->args[i];
238 }
239
msg_put_u8(struct bmc_mbox_msg * msg,int i,uint8_t val)240 static void msg_put_u8(struct bmc_mbox_msg *msg, int i, uint8_t val)
241 {
242 msg->args[i] = val;
243 }
244
msg_get_u16(struct bmc_mbox_msg * msg,int i)245 static uint16_t msg_get_u16(struct bmc_mbox_msg *msg, int i)
246 {
247 return le16_to_cpu(*(uint16_t *)(&msg->args[i]));
248 }
249
msg_put_u16(struct bmc_mbox_msg * msg,int i,uint16_t val)250 static void msg_put_u16(struct bmc_mbox_msg *msg, int i, uint16_t val)
251 {
252 uint16_t tmp = cpu_to_le16(val);
253 memcpy(&msg->args[i], &tmp, sizeof(val));
254 }
255
msg_get_u32(struct bmc_mbox_msg * msg,int i)256 static uint32_t msg_get_u32(struct bmc_mbox_msg *msg, int i)
257 {
258 return le32_to_cpu(*(uint32_t *)(&msg->args[i]));
259 }
260
msg_put_u32(struct bmc_mbox_msg * msg,int i,uint32_t val)261 static void msg_put_u32(struct bmc_mbox_msg *msg, int i, uint32_t val)
262 {
263 uint32_t tmp = cpu_to_le32(val);
264 memcpy(&msg->args[i], &tmp, sizeof(val));
265 }
266
blocks_to_bytes(struct mbox_flash_data * mbox_flash,uint16_t blocks)267 static uint32_t blocks_to_bytes(struct mbox_flash_data *mbox_flash, uint16_t blocks)
268 {
269 return blocks << mbox_flash->shift;
270 }
271
bytes_to_blocks(struct mbox_flash_data * mbox_flash,uint32_t bytes)272 static uint16_t bytes_to_blocks(struct mbox_flash_data *mbox_flash,
273 uint32_t bytes)
274 {
275 return bytes >> mbox_flash->shift;
276 }
277
278 /*
279 * The BMC may send is an out of band message to say that it doesn't
280 * own the flash anymore.
281 * It guarantees we can still access our (open) windows but it does
282 * not guarantee their contents until it clears the bit without
283 * sending us a corresponding bit to say that the windows are bad
284 * first.
285 * Since this is all things that will happen in the future, we should
286 * not perform any calls speculatively as its almost impossible to
287 * rewind.
288 */
is_paused(struct mbox_flash_data * mbox_flash)289 static bool is_paused(struct mbox_flash_data *mbox_flash)
290 {
291 return mbox_flash->pause;
292 }
293
294 /*
295 * After a read or a write it is wise to check that the window we just
296 * read/write to/from is still valid otherwise it is possible some of
297 * the data didn't make it.
298 * This check is an optimisation as we'll close all our windows on any
299 * notification from the BMC that the windows are bad. See the above
300 * comment about is_paused().
301 * A foolproof (but much closer) method of validating reads/writes
302 * would be to attempt to close the window, if that fails then we can
303 * be sure that the read/write was no good.
304 */
is_valid(struct mbox_flash_data * mbox_flash,struct lpc_window * win)305 static bool is_valid(struct mbox_flash_data *mbox_flash, struct lpc_window *win)
306 {
307 return !is_paused(mbox_flash) && win->open;
308 }
309
310 /*
311 * Check if we've received a BMC reboot notification.
312 * The strategy is to check on entry to mbox-flash and return a
313 * failure accordingly. Races will be handled by the fact that the BMC
314 * won't respond so timeouts will occur. As an added precaution
315 * msg_send() checks right before sending a message (to make the race
316 * as small as possible to avoid needless timeouts).
317 */
is_reboot(struct mbox_flash_data * mbox_flash)318 static bool is_reboot(struct mbox_flash_data *mbox_flash)
319 {
320 return mbox_flash->reboot;
321 }
322
msg_send(struct mbox_flash_data * mbox_flash,struct bmc_mbox_msg * msg,unsigned int timeout_sec)323 static int msg_send(struct mbox_flash_data *mbox_flash, struct bmc_mbox_msg *msg,
324 unsigned int timeout_sec)
325 {
326 if (is_reboot(mbox_flash))
327 return FLASH_ERR_AGAIN;
328 mbox_flash->busy = true;
329 mbox_flash->rc = 0;
330 return bmc_mbox_enqueue(msg, timeout_sec);
331 }
332
wait_for_bmc(struct mbox_flash_data * mbox_flash,unsigned int timeout_sec)333 static int wait_for_bmc(struct mbox_flash_data *mbox_flash, unsigned int timeout_sec)
334 {
335 unsigned long last = 1, start = tb_to_secs(mftb());
336 prlog(PR_TRACE, "Waiting for BMC\n");
337 while (mbox_flash->busy && timeout_sec > last) {
338 long now = tb_to_secs(mftb());
339 if (now - start > last) {
340 if (last < timeout_sec / 2)
341 prlog(PR_TRACE, "Been waiting for the BMC for %lu secs\n", last);
342 else
343 prlog(PR_ERR, "BMC NOT RESPONDING %lu second wait\n", last);
344 last++;
345 }
346 /*
347 * Both functions are important.
348 * Well time_wait_ms() relaxes the spin... so... its nice
349 */
350 check_timers(false);
351 if (mbox_flash->busy)
352 time_wait_ms(MBOX_DEFAULT_POLL_MS);
353 asm volatile ("" ::: "memory");
354 }
355
356 if (mbox_flash->busy) {
357 prlog(PR_ERR, "Timeout waiting for BMC\n");
358 mbox_flash->busy = false;
359 return MBOX_R_TIMEOUT;
360 }
361
362 return mbox_flash->rc;
363 }
364
mbox_flash_ack(struct mbox_flash_data * mbox_flash,uint8_t reg)365 static int mbox_flash_ack(struct mbox_flash_data *mbox_flash, uint8_t reg)
366 {
367 struct bmc_mbox_msg msg = MSG_CREATE(MBOX_C_BMC_EVENT_ACK);
368 int rc;
369
370 msg_put_u8(&msg, 0, reg);
371
372 /* Clear this first so msg_send() doesn't freak out */
373 mbox_flash->reboot = false;
374
375 /*
376 * Use a lower timeout - there is strong evidence to suggest the
377 * BMC won't respond, don't waste time spinning here just have the
378 * high levels retry when the BMC might be back
379 */
380 rc = msg_send(mbox_flash, &msg, 3);
381
382 /* Still need to deal with it, we've only acked it now. */
383 mbox_flash->reboot = true;
384
385 if (rc) {
386 prlog(PR_ERR, "Failed to enqueue/send BMC MBOX message\n");
387 return rc;
388 }
389
390 /*
391 * Use a lower timeout - there is strong evidence to suggest the
392 * BMC won't respond, don't waste time spinning here just have the
393 * high levels retry when the BMC might be back
394 */
395 rc = wait_for_bmc(mbox_flash, 3);
396 if (rc)
397 prlog(PR_ERR, "Error waiting for BMC\n");
398
399 return rc;
400 }
401
do_acks(struct mbox_flash_data * mbox_flash)402 static int do_acks(struct mbox_flash_data *mbox_flash)
403 {
404 int rc;
405
406 if (!mbox_flash->ack)
407 return 0; /* Nothing to do */
408
409 rc = mbox_flash_ack(mbox_flash, bmc_mbox_get_attn_reg() & MBOX_ATTN_ACK_MASK);
410 if (!rc)
411 mbox_flash->ack = false;
412
413 return rc;
414 }
415
mbox_flash_do_nop(struct mbox_flash_data * mbox_flash __unused,struct bmc_mbox_msg * msg __unused)416 static void mbox_flash_do_nop(struct mbox_flash_data *mbox_flash __unused,
417 struct bmc_mbox_msg *msg __unused)
418 {
419 }
420
mbox_flash_do_illegal(struct mbox_flash_data * mbox_flash __unused,struct bmc_mbox_msg * msg __unused)421 static void mbox_flash_do_illegal(struct mbox_flash_data *mbox_flash __unused,
422 struct bmc_mbox_msg *msg __unused)
423 {
424 prlog(PR_CRIT, "Got response to unknown message type\n");
425 }
426
427 /* Version 1, 2 and 3 compatible */
mbox_flash_do_get_mbox_info(struct mbox_flash_data * mbox_flash,struct bmc_mbox_msg * msg)428 static void mbox_flash_do_get_mbox_info(struct mbox_flash_data *mbox_flash,
429 struct bmc_mbox_msg *msg)
430 {
431
432 mbox_flash->version = msg_get_u8(msg, 0);
433 switch (mbox_flash->version) {
434 case 1:
435 /* Not all version 1 daemons set argument 5 correctly */
436 mbox_flash->shift = 12; /* Protocol hardcodes to 4K anyway */
437 mbox_flash->read.size = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 1));
438 mbox_flash->write.size = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 3));
439 break;
440 case 3:
441 case 2:
442 mbox_flash->shift = msg_get_u8(msg, 5);
443 mbox_flash->timeout = msg_get_u16(msg, 6);
444 if (mbox_flash->timeout == 0)
445 mbox_flash->timeout = MBOX_DEFAULT_TIMEOUT;
446 break;
447 }
448 /* Callers will handle the case where the version is not known
449 *
450 * Here we deliberately ignore the 'default' sizes.
451 * All windows opened will not provide a hint and we're
452 * happy to let the BMC figure everything out.
453 * Future optimisations may use the default size.
454 */
455 }
456
457 /* Version 2 and 3 compatible */
mbox_flash_do_get_flash_info(struct mbox_flash_data * mbox_flash,struct bmc_mbox_msg * msg)458 static void mbox_flash_do_get_flash_info(struct mbox_flash_data *mbox_flash,
459 struct bmc_mbox_msg *msg)
460 {
461 mbox_flash->total_size = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 0));
462 mbox_flash->erase_granule = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 2));
463 }
464
mbox_flash_do_get_flash_info_v1(struct mbox_flash_data * mbox_flash,struct bmc_mbox_msg * msg)465 static void mbox_flash_do_get_flash_info_v1(struct mbox_flash_data *mbox_flash,
466 struct bmc_mbox_msg *msg)
467 {
468 mbox_flash->total_size = msg_get_u32(msg, 0);
469 mbox_flash->erase_granule = msg_get_u32(msg, 4);
470 }
471
472 /* Version 2 and 3 compatible */
mbox_flash_do_create_read_window(struct mbox_flash_data * mbox_flash,struct bmc_mbox_msg * msg)473 static void mbox_flash_do_create_read_window(struct mbox_flash_data *mbox_flash,
474 struct bmc_mbox_msg *msg)
475 {
476 mbox_flash->read.lpc_addr = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 0));
477 mbox_flash->read.size = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 2));
478 mbox_flash->read.cur_pos = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 4));
479 mbox_flash->read.open = true;
480 mbox_flash->write.open = false;
481 }
482
mbox_flash_do_create_read_window_v1(struct mbox_flash_data * mbox_flash,struct bmc_mbox_msg * msg)483 static void mbox_flash_do_create_read_window_v1(struct mbox_flash_data *mbox_flash,
484 struct bmc_mbox_msg *msg)
485 {
486 mbox_flash->read.lpc_addr = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 0));
487 mbox_flash->read.open = true;
488 mbox_flash->write.open = false;
489 }
490
491 /* Version 2 and 3 compatible */
mbox_flash_do_create_write_window(struct mbox_flash_data * mbox_flash,struct bmc_mbox_msg * msg)492 static void mbox_flash_do_create_write_window(struct mbox_flash_data *mbox_flash,
493 struct bmc_mbox_msg *msg)
494 {
495 mbox_flash->write.lpc_addr = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 0));
496 mbox_flash->write.size = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 2));
497 mbox_flash->write.cur_pos = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 4));
498 mbox_flash->write.open = true;
499 mbox_flash->read.open = false;
500 }
501
mbox_flash_do_create_write_window_v1(struct mbox_flash_data * mbox_flash,struct bmc_mbox_msg * msg)502 static void mbox_flash_do_create_write_window_v1(struct mbox_flash_data *mbox_flash,
503 struct bmc_mbox_msg *msg)
504 {
505 mbox_flash->write.lpc_addr = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 0));
506 mbox_flash->write.open = true;
507 mbox_flash->read.open = false;
508 }
509
510 /* Version 1 and Version 2 compatible */
mbox_flash_do_close_window(struct mbox_flash_data * mbox_flash,struct bmc_mbox_msg * msg __unused)511 static void mbox_flash_do_close_window(struct mbox_flash_data *mbox_flash,
512 struct bmc_mbox_msg *msg __unused)
513 {
514 mbox_flash->read.open = false;
515 mbox_flash->write.open = false;
516 }
517
handle_reboot(struct mbox_flash_data * mbox_flash)518 static int handle_reboot(struct mbox_flash_data *mbox_flash)
519 {
520 int rc;
521
522 /*
523 * If the BMC ready bit isn't present then we're basically
524 * guaranteed to timeout trying to talk to it so just fail
525 * whatever is trying to happen.
526 * Importantly, we can't trust that the presence of the bit means
527 * the daemon is ok - don't assume it is going to respond at all
528 * from here onwards
529 */
530 if (!(bmc_mbox_get_attn_reg() & MBOX_ATTN_BMC_DAEMON_READY))
531 return FLASH_ERR_AGAIN;
532
533 /* Clear this first so msg_send() doesn't freak out */
534 mbox_flash->reboot = false;
535
536 rc = do_acks(mbox_flash);
537 if (rc) {
538 if (rc == MBOX_R_TIMEOUT)
539 rc = FLASH_ERR_AGAIN;
540 mbox_flash->reboot = true;
541 return rc;
542 }
543
544 rc = protocol_init(mbox_flash, 0);
545 if (rc)
546 mbox_flash->reboot = true;
547
548 return rc;
549 }
550
do_delayed_work(struct mbox_flash_data * mbox_flash)551 static bool do_delayed_work(struct mbox_flash_data *mbox_flash)
552 {
553 return is_paused(mbox_flash) || do_acks(mbox_flash) ||
554 (is_reboot(mbox_flash) && handle_reboot(mbox_flash));
555 }
556
mbox_flash_mark_write(struct mbox_flash_data * mbox_flash,uint64_t pos,uint64_t len,int type)557 static int mbox_flash_mark_write(struct mbox_flash_data *mbox_flash,
558 uint64_t pos, uint64_t len, int type)
559 {
560 struct bmc_mbox_msg msg = MSG_CREATE(type);
561 int rc;
562
563 if (mbox_flash->version == 1) {
564 uint32_t start = ALIGN_DOWN(pos, 1 << mbox_flash->shift);
565 msg_put_u16(&msg, 0, bytes_to_blocks(mbox_flash, pos));
566 /*
567 * We need to make sure that we mark dirty until up to atleast
568 * pos + len.
569 */
570 msg_put_u32(&msg, 2, pos + len - start);
571 } else {
572 uint64_t window_pos = pos - mbox_flash->write.cur_pos;
573 uint16_t start = bytes_to_blocks(mbox_flash, window_pos);
574 uint16_t end = bytes_to_blocks(mbox_flash,
575 ALIGN_UP(window_pos + len,
576 1 << mbox_flash->shift));
577
578 msg_put_u16(&msg, 0, start);
579 msg_put_u16(&msg, 2, end - start); /* Total Length */
580 }
581
582 rc = msg_send(mbox_flash, &msg, mbox_flash->timeout);
583 if (rc) {
584 prlog(PR_ERR, "Failed to enqueue/send BMC MBOX message\n");
585 return rc;
586 }
587
588 rc = wait_for_bmc(mbox_flash, mbox_flash->timeout);
589 if (rc)
590 prlog(PR_ERR, "Error waiting for BMC\n");
591
592 return rc;
593 }
594
mbox_flash_dirty(struct mbox_flash_data * mbox_flash,uint64_t pos,uint64_t len)595 static int mbox_flash_dirty(struct mbox_flash_data *mbox_flash, uint64_t pos,
596 uint64_t len)
597 {
598 if (!mbox_flash->write.open) {
599 prlog(PR_ERR, "Attempting to dirty without an open write window\n");
600 return FLASH_ERR_DEVICE_GONE;
601 }
602
603 return mbox_flash_mark_write(mbox_flash, pos, len,
604 MBOX_C_MARK_WRITE_DIRTY);
605 }
606
mbox_flash_erase(struct mbox_flash_data * mbox_flash,uint64_t pos,uint64_t len)607 static int mbox_flash_erase(struct mbox_flash_data *mbox_flash, uint64_t pos,
608 uint64_t len)
609 {
610 if (!mbox_flash->write.open) {
611 prlog(PR_ERR, "Attempting to erase without an open write window\n");
612 return FLASH_ERR_DEVICE_GONE;
613 }
614
615 return mbox_flash_mark_write(mbox_flash, pos, len,
616 MBOX_C_MARK_WRITE_ERASED);
617 }
618
mbox_flash_flush(struct mbox_flash_data * mbox_flash)619 static int mbox_flash_flush(struct mbox_flash_data *mbox_flash)
620 {
621 struct bmc_mbox_msg msg = MSG_CREATE(MBOX_C_WRITE_FLUSH);
622 int rc;
623
624 if (!mbox_flash->write.open) {
625 prlog(PR_ERR, "Attempting to flush without an open write window\n");
626 return FLASH_ERR_DEVICE_GONE;
627 }
628
629 rc = msg_send(mbox_flash, &msg, mbox_flash->timeout);
630 if (rc) {
631 prlog(PR_ERR, "Failed to enqueue/send BMC MBOX message\n");
632 return rc;
633 }
634
635 rc = wait_for_bmc(mbox_flash, mbox_flash->timeout);
636 if (rc)
637 prlog(PR_ERR, "Error waiting for BMC\n");
638
639 return rc;
640 }
641
642 /* Is the current window able perform the complete operation */
mbox_window_valid(struct lpc_window * win,uint64_t pos,uint64_t len)643 static bool mbox_window_valid(struct lpc_window *win, uint64_t pos,
644 uint64_t len)
645 {
646 if (!win->open)
647 return false;
648 if (pos < win->cur_pos) /* start */
649 return false;
650 if ((pos + len) > (win->cur_pos + win->size)) /* end */
651 return false;
652 return true;
653 }
654
mbox_window_move(struct mbox_flash_data * mbox_flash,struct lpc_window * win,uint8_t command,uint64_t pos,uint64_t len,uint64_t * size)655 static int mbox_window_move(struct mbox_flash_data *mbox_flash,
656 struct lpc_window *win, uint8_t command,
657 uint64_t pos, uint64_t len, uint64_t *size)
658 {
659 struct bmc_mbox_msg msg = MSG_CREATE(command);
660 int rc;
661
662 /* Is the window currently open valid */
663 if (mbox_window_valid(win, pos, len)) {
664 *size = len;
665 return 0;
666 }
667
668 /* V1 needs to remember where it has opened the window, note it
669 * here.
670 * If we're running V2 the response to the CREATE_*_WINDOW command
671 * will overwrite what we've noted here.
672 */
673 win->cur_pos = pos & ~mbox_flash_mask(mbox_flash);
674
675 msg_put_u16(&msg, 0, bytes_to_blocks(mbox_flash, pos));
676 rc = msg_send(mbox_flash, &msg, mbox_flash->timeout);
677 if (rc) {
678 prlog(PR_ERR, "Failed to enqueue/send BMC MBOX message\n");
679 return rc;
680 }
681
682 mbox_flash->read.open = false;
683 mbox_flash->write.open = false;
684
685 rc = wait_for_bmc(mbox_flash, mbox_flash->timeout);
686 if (rc) {
687 prlog(PR_ERR, "Error waiting for BMC\n");
688 return rc;
689 }
690
691 *size = len;
692 /* Is length past the end of the window? */
693 if ((pos + len) > (win->cur_pos + win->size))
694 /* Adjust size to meet current window */
695 *size = (win->cur_pos + win->size) - pos;
696
697 /*
698 * It doesn't make sense for size to be zero if len isn't zero.
699 * If this condition happens we're most likely going to spin since
700 * the caller will likely decerement pos by zero then call this
701 * again.
702 * Debateable as to if this should return non zero. At least the
703 * bug will be obvious from the barf.
704 */
705 if (len != 0 && *size == 0) {
706 prlog(PR_ERR, "Failed read/write!\n");
707 prlog(PR_ERR, "Please update your BMC firmware\n");
708 prlog(PR_ERR, "Move window is indicating size zero!\n");
709 prlog(PR_ERR, "pos: 0x%" PRIx64 ", len: 0x%" PRIx64 "\n", pos, len);
710 prlog(PR_ERR, "win pos: 0x%08x win size: 0x%08x\n", win->cur_pos, win->size);
711 /*
712 * In practice skiboot gets stuck and this eventually
713 * brings down the host. Just fail pass the error back
714 * up and hope someone makes a good decision
715 */
716 return MBOX_R_SYSTEM_ERROR;
717 }
718
719 return rc;
720 }
721
mbox_flash_write(struct blocklevel_device * bl,uint64_t pos,const void * buf,uint64_t len)722 static int mbox_flash_write(struct blocklevel_device *bl, uint64_t pos,
723 const void *buf, uint64_t len)
724 {
725 struct mbox_flash_data *mbox_flash;
726 uint64_t size;
727
728 int rc = 0;
729
730 /* LPC is only 32bit */
731 if (pos > UINT_MAX || len > UINT_MAX)
732 return FLASH_ERR_PARM_ERROR;
733
734 mbox_flash = container_of(bl, struct mbox_flash_data, bl);
735
736 if (do_delayed_work(mbox_flash))
737 return FLASH_ERR_AGAIN;
738
739 prlog(PR_TRACE, "Flash write at %#" PRIx64 " for %#" PRIx64 "\n", pos, len);
740 while (len > 0) {
741 /* Move window and get a new size to read */
742 rc = mbox_window_move(mbox_flash, &mbox_flash->write,
743 MBOX_C_CREATE_WRITE_WINDOW, pos, len,
744 &size);
745 if (rc)
746 return rc;
747
748 /* Perform the read for this window */
749 rc = lpc_window_write(mbox_flash, pos, buf, size);
750 if (rc)
751 return rc;
752
753 rc = mbox_flash_dirty(mbox_flash, pos, size);
754 if (rc)
755 return rc;
756
757 /*
758 * Must flush here as changing the window contents
759 * without flushing entitles the BMC to throw away the
760 * data. Unlike the read case there isn't a need to explicitly
761 * validate the window, the flush command will fail if the
762 * window was compromised.
763 */
764 rc = mbox_flash_flush(mbox_flash);
765 if (rc)
766 return rc;
767
768 len -= size;
769 pos += size;
770 buf += size;
771 }
772 return rc;
773 }
774
mbox_flash_read(struct blocklevel_device * bl,uint64_t pos,void * buf,uint64_t len)775 static int mbox_flash_read(struct blocklevel_device *bl, uint64_t pos,
776 void *buf, uint64_t len)
777 {
778 struct mbox_flash_data *mbox_flash;
779 uint64_t size;
780
781 int rc = 0;
782
783 /* LPC is only 32bit */
784 if (pos > UINT_MAX || len > UINT_MAX)
785 return FLASH_ERR_PARM_ERROR;
786
787 mbox_flash = container_of(bl, struct mbox_flash_data, bl);
788
789 if (do_delayed_work(mbox_flash))
790 return FLASH_ERR_AGAIN;
791
792 prlog(PR_TRACE, "Flash read at %#" PRIx64 " for %#" PRIx64 "\n", pos, len);
793 while (len > 0) {
794 /* Move window and get a new size to read */
795 rc = mbox_window_move(mbox_flash, &mbox_flash->read,
796 MBOX_C_CREATE_READ_WINDOW, pos,
797 len, &size);
798 if (rc)
799 return rc;
800
801 /* Perform the read for this window */
802 rc = lpc_window_read(mbox_flash, pos, buf, size);
803 if (rc)
804 return rc;
805
806 len -= size;
807 pos += size;
808 buf += size;
809 /*
810 * Ensure my window is still open, if it isn't we can't trust
811 * what we read
812 */
813 if (!is_valid(mbox_flash, &mbox_flash->read))
814 return FLASH_ERR_AGAIN;
815 }
816 return rc;
817 }
818
mbox_flash_get_info(struct blocklevel_device * bl,const char ** name,uint64_t * total_size,uint32_t * erase_granule)819 static int mbox_flash_get_info(struct blocklevel_device *bl, const char **name,
820 uint64_t *total_size, uint32_t *erase_granule)
821 {
822 struct bmc_mbox_msg msg = MSG_CREATE(MBOX_C_GET_FLASH_INFO);
823 struct mbox_flash_data *mbox_flash;
824 int rc;
825
826 mbox_flash = container_of(bl, struct mbox_flash_data, bl);
827
828 if (do_delayed_work(mbox_flash))
829 return FLASH_ERR_AGAIN;
830
831 /*
832 * We want to avoid runtime mallocs in skiboot. The expected
833 * behavour to uses of libflash is that one can free() the memory
834 * returned.
835 * NULL will do for now.
836 */
837 if (name)
838 *name = NULL;
839
840 mbox_flash->busy = true;
841 rc = msg_send(mbox_flash, &msg, mbox_flash->timeout);
842 if (rc) {
843 prlog(PR_ERR, "Failed to enqueue/send BMC MBOX message\n");
844 return rc;
845 }
846
847 if (wait_for_bmc(mbox_flash, mbox_flash->timeout)) {
848 prlog(PR_ERR, "Error waiting for BMC\n");
849 return rc;
850 }
851
852 mbox_flash->bl.erase_mask = mbox_flash->erase_granule - 1;
853
854 if (total_size)
855 *total_size = mbox_flash->total_size;
856 if (erase_granule)
857 *erase_granule = mbox_flash->erase_granule;
858
859 return rc;
860 }
861
mbox_flash_erase_v2(struct blocklevel_device * bl,uint64_t pos,uint64_t len)862 static int mbox_flash_erase_v2(struct blocklevel_device *bl, uint64_t pos,
863 uint64_t len)
864 {
865 struct mbox_flash_data *mbox_flash;
866
867 /* LPC is only 32bit */
868 if (pos > UINT_MAX || len > UINT_MAX)
869 return FLASH_ERR_PARM_ERROR;
870
871 mbox_flash = container_of(bl, struct mbox_flash_data, bl);
872
873 prlog(PR_TRACE, "Flash erase at 0x%08x for 0x%08x\n", (u32) pos, (u32) len);
874 while (len > 0) {
875 uint64_t size;
876 int rc;
877
878 /* Move window and get a new size to erase */
879 rc = mbox_window_move(mbox_flash, &mbox_flash->write,
880 MBOX_C_CREATE_WRITE_WINDOW, pos, len, &size);
881 if (rc)
882 return rc;
883
884 rc = mbox_flash_erase(mbox_flash, pos, size);
885 if (rc)
886 return rc;
887
888 /*
889 * Flush directly, don't mark that region dirty otherwise it
890 * isn't clear if a write happened there or not
891 */
892
893 rc = mbox_flash_flush(mbox_flash);
894 if (rc)
895 return rc;
896
897 len -= size;
898 pos += size;
899 }
900
901 return 0;
902 }
903
mbox_flash_erase_v1(struct blocklevel_device * bl __unused,uint64_t pos __unused,uint64_t len __unused)904 static int mbox_flash_erase_v1(struct blocklevel_device *bl __unused,
905 uint64_t pos __unused, uint64_t len __unused)
906 {
907 /*
908 * We can probably get away with doing nothing.
909 * TODO: Rethink this, causes interesting behaviour in pflash.
910 * Users do expect pflash -{e,E} to do something. This is because
911 * on real flash this would have set that region to all 0xFF but
912 * really the erase at the blocklevel interface was only designed
913 * to be "please make this region writeable".
914 * It may be wise (despite the large performance penalty) to
915 * actually write all 0xFF here. I'll leave that as an exercise
916 * for the future.
917 */
918
919 return 0;
920 }
921
922 /* Called from interrupt handler, don't send any mbox messages */
mbox_flash_attn(uint8_t attn,void * priv)923 static void mbox_flash_attn(uint8_t attn, void *priv)
924 {
925 struct mbox_flash_data *mbox_flash = priv;
926
927 if (attn & MBOX_ATTN_ACK_MASK)
928 mbox_flash->ack = true;
929 if (attn & MBOX_ATTN_BMC_REBOOT) {
930 mbox_flash->reboot = true;
931 mbox_flash->read.open = false;
932 mbox_flash->write.open = false;
933 attn &= ~MBOX_ATTN_BMC_REBOOT;
934 }
935
936 if (attn & MBOX_ATTN_BMC_WINDOW_RESET) {
937 mbox_flash->read.open = false;
938 mbox_flash->write.open = false;
939 attn &= ~MBOX_ATTN_BMC_WINDOW_RESET;
940 }
941
942 if (attn & MBOX_ATTN_BMC_FLASH_LOST) {
943 mbox_flash->pause = true;
944 attn &= ~MBOX_ATTN_BMC_FLASH_LOST;
945 } else {
946 mbox_flash->pause = false;
947 }
948 }
949
mbox_flash_callback(struct bmc_mbox_msg * msg,void * priv)950 static void mbox_flash_callback(struct bmc_mbox_msg *msg, void *priv)
951 {
952 struct mbox_flash_data *mbox_flash = priv;
953
954 prlog(PR_TRACE, "BMC OK command %u\n", msg->command);
955
956 if (msg->response != MBOX_R_SUCCESS) {
957 prlog(PR_ERR, "Bad response code from BMC %d\n", msg->response);
958 mbox_flash->rc = msg->response;
959 goto out;
960 }
961
962 if (msg->command > MBOX_COMMAND_COUNT) {
963 prlog(PR_ERR, "Got response to unknown command %02x\n", msg->command);
964 mbox_flash->rc = -1;
965 goto out;
966 }
967
968 if (!mbox_flash->handlers[msg->command]) {
969 prlog(PR_ERR, "Couldn't find handler for message! command: %u, seq: %u\n",
970 msg->command, msg->seq);
971 mbox_flash->rc = MBOX_R_SYSTEM_ERROR;
972 goto out;
973 }
974
975 mbox_flash->rc = 0;
976
977 mbox_flash->handlers[msg->command](mbox_flash, msg);
978
979 out:
980 mbox_flash->busy = false;
981 }
982
protocol_init(struct mbox_flash_data * mbox_flash,uint8_t shift)983 static int protocol_init(struct mbox_flash_data *mbox_flash, uint8_t shift)
984 {
985 struct bmc_mbox_msg msg = MSG_CREATE(MBOX_C_GET_MBOX_INFO);
986 int rc;
987
988 mbox_flash->read.open = false;
989 mbox_flash->write.open = false;
990
991 /* Assume V2+ */
992 mbox_flash->bl.read = &mbox_flash_read;
993 mbox_flash->bl.write = &mbox_flash_write;
994 mbox_flash->bl.erase = &mbox_flash_erase_v2;
995 mbox_flash->bl.get_info = &mbox_flash_get_info;
996
997 /* Assume V3 */
998 mbox_flash->handlers = handlers_v3;
999
1000 bmc_mbox_register_callback(&mbox_flash_callback, mbox_flash);
1001 bmc_mbox_register_attn(&mbox_flash_attn, mbox_flash);
1002
1003 /*
1004 * For V1 of the protocol this is fixed.
1005 * V2+: The init code will update this
1006 */
1007 mbox_flash->shift = 12;
1008
1009 /*
1010 * For V1 we'll use this value.
1011 * V2+: The init code (may) update this
1012 */
1013 mbox_flash->timeout = MBOX_DEFAULT_TIMEOUT;
1014
1015 /*
1016 * Always attempt init with highest version known.
1017 * The GET_MBOX_INFO response will confirm that the other side can
1018 * talk the highest version, we'll update this variable then if
1019 * our highest version is not supported
1020 */
1021 mbox_flash->version = 3;
1022
1023 negotiate_version:
1024 msg_put_u8(&msg, 0, mbox_flash->version);
1025 msg_put_u8(&msg, 1, shift);
1026 rc = msg_send(mbox_flash, &msg, mbox_flash->timeout);
1027 if (rc) {
1028 prlog(PR_ERR, "Failed to enqueue/send BMC MBOX message\n");
1029 return rc;
1030 }
1031
1032 rc = wait_for_bmc(mbox_flash, mbox_flash->timeout);
1033 if (rc) {
1034 prlog(PR_ERR, "Error waiting for BMC\n");
1035 if (mbox_flash->version > 1) {
1036 mbox_flash->version--;
1037 prlog(PR_INFO, "Retrying MBOX negotiation with BMC"
1038 " with MBOXv%d\n", mbox_flash->version);
1039 goto negotiate_version;
1040 }
1041 return rc;
1042 }
1043
1044 prlog(PR_INFO, "Detected mbox protocol version %d\n", mbox_flash->version);
1045 switch (mbox_flash->version) {
1046 case 1:
1047 mbox_flash->bl.erase = &mbox_flash_erase_v1;
1048 mbox_flash->handlers = handlers_v1;
1049 break;
1050 case 2:
1051 mbox_flash->handlers = handlers_v2;
1052 break;
1053 case 3:
1054 /* Nothing to do we assumed it would be V3 */
1055 break;
1056 default:
1057 /*
1058 * The BMC is can only lower the requested version not do
1059 * anything else. FWIW there is no verion 0.
1060 */
1061 prlog(PR_CRIT, "Bad version: %u\n", mbox_flash->version);
1062 rc = FLASH_ERR_PARM_ERROR;
1063 }
1064
1065 return rc;
1066 }
1067
mbox_flash_lock(struct blocklevel_device * bl,uint64_t pos,uint64_t len)1068 int mbox_flash_lock(struct blocklevel_device *bl, uint64_t pos, uint64_t len)
1069 {
1070 struct mbox_flash_data *mbox_flash;
1071 struct bmc_mbox_msg msg = MSG_CREATE(MBOX_C_MARK_LOCKED);
1072 int rc;
1073
1074 /* mbox-flash only talks 32bit for now */
1075 if (pos > UINT_MAX || len > UINT_MAX)
1076 return FLASH_ERR_PARM_ERROR;
1077
1078 /*
1079 * If the region isn't at least 4k aligned and in size then bail
1080 * out, the protocol won't allow for smaller block sizes.
1081 */
1082 if (pos & ((1 << 12) - 1) || len & ((1 << 12) - 1))
1083 return FLASH_ERR_PARM_ERROR;
1084
1085 mbox_flash = container_of(bl, struct mbox_flash_data, bl);
1086 if ((pos & mbox_flash_mask(mbox_flash)) || (len & mbox_flash_mask(mbox_flash))) {
1087 uint8_t shift = 0;
1088 /*
1089 * The current block size won't work for locking the requested
1090 * region must reinit.
1091 */
1092 while (!((1 << shift) & pos) && !((1 << shift) & len))
1093 shift++;
1094
1095 prlog(PR_INFO, "Locking flash requires re-init from shift of %d to shift of %d\n",
1096 mbox_flash->shift, shift);
1097
1098 rc = protocol_init(mbox_flash, shift);
1099 if (rc)
1100 return rc;
1101
1102 /*
1103 * The daemon didn't agree with the requested shift - the
1104 * flash won't be able to be locked
1105 */
1106 if (mbox_flash->shift > shift)
1107 return FLASH_ERR_PARM_ERROR;
1108 }
1109
1110 msg_put_u16(&msg, 0, bytes_to_blocks(mbox_flash, pos));
1111 msg_put_u16(&msg, 2, bytes_to_blocks(mbox_flash, len));
1112 rc = msg_send(mbox_flash, &msg, mbox_flash->timeout);
1113 if (rc) {
1114 prlog(PR_ERR, "Failed to enqueue/send BMC MBOX message\n");
1115 return rc;
1116 }
1117
1118 rc = wait_for_bmc(mbox_flash, mbox_flash->timeout);
1119 if (rc)
1120 prlog(PR_ERR, "Error waiting for BMC\n");
1121
1122 return rc;
1123 }
1124
mbox_flash_init(struct blocklevel_device ** bl)1125 int mbox_flash_init(struct blocklevel_device **bl)
1126 {
1127 struct mbox_flash_data *mbox_flash;
1128 int rc;
1129
1130 CHECK_HANDLER_SIZE(handlers_v3);
1131 CHECK_HANDLER_SIZE(handlers_v2);
1132 CHECK_HANDLER_SIZE(handlers_v1);
1133
1134 if (!bl)
1135 return FLASH_ERR_PARM_ERROR;
1136
1137 /* XXX: We only support one blocklevel flash device over mbox. If we
1138 * ever support more than one, move this out. The chances of that are
1139 * slim though due to circumstances.
1140 */
1141 mbox_init();
1142
1143 *bl = NULL;
1144
1145 mbox_flash = zalloc(sizeof(struct mbox_flash_data));
1146 if (!mbox_flash)
1147 return FLASH_ERR_MALLOC_FAILED;
1148
1149 /* Assume V2+ */
1150 mbox_flash->bl.read = &mbox_flash_read;
1151 mbox_flash->bl.write = &mbox_flash_write;
1152 mbox_flash->bl.erase = &mbox_flash_erase_v2;
1153 mbox_flash->bl.get_info = &mbox_flash_get_info;
1154
1155 if (bmc_mbox_get_attn_reg() & MBOX_ATTN_BMC_REBOOT)
1156 rc = handle_reboot(mbox_flash);
1157 else
1158 rc = protocol_init(mbox_flash, 0);
1159 if (rc) {
1160 free(mbox_flash);
1161 return rc;
1162 }
1163
1164 mbox_flash->bl.keep_alive = 0;
1165
1166 *bl = &(mbox_flash->bl);
1167 return 0;
1168 }
1169
mbox_flash_exit(struct blocklevel_device * bl)1170 void mbox_flash_exit(struct blocklevel_device *bl)
1171 {
1172 struct mbox_flash_data *mbox_flash;
1173 if (bl) {
1174 mbox_flash = container_of(bl, struct mbox_flash_data, bl);
1175 free(mbox_flash);
1176 }
1177 }
1178