1 /* Firmware file reading and download helpers
2  *
3  * See copyright notice in main.c
4  */
5 #include <linux/kernel.h>
6 #include <linux/slab.h>
7 #include <linux/firmware.h>
8 #include <linux/device.h>
9 #include <linux/module.h>
10 
11 #include "hermes.h"
12 #include "hermes_dld.h"
13 #include "orinoco.h"
14 
15 #include "fw.h"
16 
17 /* End markers (for Symbol firmware only) */
18 #define TEXT_END	0x1A		/* End of text header */
19 
20 struct fw_info {
21 	char *pri_fw;
22 	char *sta_fw;
23 	char *ap_fw;
24 	u32 pda_addr;
25 	u16 pda_size;
26 };
27 
28 static const struct fw_info orinoco_fw[] = {
29 	{ NULL, "agere_sta_fw.bin", "agere_ap_fw.bin", 0x00390000, 1000 },
30 	{ NULL, "prism_sta_fw.bin", "prism_ap_fw.bin", 0, 1024 },
31 	{ "symbol_sp24t_prim_fw", "symbol_sp24t_sec_fw", NULL, 0x00003100, 512 }
32 };
33 MODULE_FIRMWARE("agere_sta_fw.bin");
34 MODULE_FIRMWARE("agere_ap_fw.bin");
35 MODULE_FIRMWARE("prism_sta_fw.bin");
36 MODULE_FIRMWARE("prism_ap_fw.bin");
37 MODULE_FIRMWARE("symbol_sp24t_prim_fw");
38 MODULE_FIRMWARE("symbol_sp24t_sec_fw");
39 
40 /* Structure used to access fields in FW
41  * Make sure LE decoding macros are used
42  */
43 struct orinoco_fw_header {
44 	char hdr_vers[6];       /* ASCII string for header version */
45 	__le16 headersize;      /* Total length of header */
46 	__le32 entry_point;     /* NIC entry point */
47 	__le32 blocks;          /* Number of blocks to program */
48 	__le32 block_offset;    /* Offset of block data from eof header */
49 	__le32 pdr_offset;      /* Offset to PDR data from eof header */
50 	__le32 pri_offset;      /* Offset to primary plug data */
51 	__le32 compat_offset;   /* Offset to compatibility data*/
52 	char signature[0];      /* FW signature length headersize-20 */
53 } __packed;
54 
55 /* Check the range of various header entries. Return a pointer to a
56  * description of the problem, or NULL if everything checks out. */
validate_fw(const struct orinoco_fw_header * hdr,size_t len)57 static const char *validate_fw(const struct orinoco_fw_header *hdr, size_t len)
58 {
59 	u16 hdrsize;
60 
61 	if (len < sizeof(*hdr))
62 		return "image too small";
63 	if (memcmp(hdr->hdr_vers, "HFW", 3) != 0)
64 		return "format not recognised";
65 
66 	hdrsize = le16_to_cpu(hdr->headersize);
67 	if (hdrsize > len)
68 		return "bad headersize";
69 	if ((hdrsize + le32_to_cpu(hdr->block_offset)) > len)
70 		return "bad block offset";
71 	if ((hdrsize + le32_to_cpu(hdr->pdr_offset)) > len)
72 		return "bad PDR offset";
73 	if ((hdrsize + le32_to_cpu(hdr->pri_offset)) > len)
74 		return "bad PRI offset";
75 	if ((hdrsize + le32_to_cpu(hdr->compat_offset)) > len)
76 		return "bad compat offset";
77 
78 	/* TODO: consider adding a checksum or CRC to the firmware format */
79 	return NULL;
80 }
81 
82 #if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
83 static inline const struct firmware *
orinoco_cached_fw_get(struct orinoco_private * priv,bool primary)84 orinoco_cached_fw_get(struct orinoco_private *priv, bool primary)
85 {
86 	if (primary)
87 		return priv->cached_pri_fw;
88 	else
89 		return priv->cached_fw;
90 }
91 #else
92 #define orinoco_cached_fw_get(priv, primary) (NULL)
93 #endif
94 
95 /* Download either STA or AP firmware into the card. */
96 static int
orinoco_dl_firmware(struct orinoco_private * priv,const struct fw_info * fw,int ap)97 orinoco_dl_firmware(struct orinoco_private *priv,
98 		    const struct fw_info *fw,
99 		    int ap)
100 {
101 	/* Plug Data Area (PDA) */
102 	__le16 *pda;
103 
104 	struct hermes *hw = &priv->hw;
105 	const struct firmware *fw_entry;
106 	const struct orinoco_fw_header *hdr;
107 	const unsigned char *first_block;
108 	const void *end;
109 	const char *firmware;
110 	const char *fw_err;
111 	struct device *dev = priv->dev;
112 	int err = 0;
113 
114 	pda = kzalloc(fw->pda_size, GFP_KERNEL);
115 	if (!pda)
116 		return -ENOMEM;
117 
118 	if (ap)
119 		firmware = fw->ap_fw;
120 	else
121 		firmware = fw->sta_fw;
122 
123 	dev_dbg(dev, "Attempting to download firmware %s\n", firmware);
124 
125 	/* Read current plug data */
126 	err = hw->ops->read_pda(hw, pda, fw->pda_addr, fw->pda_size);
127 	dev_dbg(dev, "Read PDA returned %d\n", err);
128 	if (err)
129 		goto free;
130 
131 	if (!orinoco_cached_fw_get(priv, false)) {
132 		err = request_firmware(&fw_entry, firmware, priv->dev);
133 
134 		if (err) {
135 			dev_err(dev, "Cannot find firmware %s\n", firmware);
136 			err = -ENOENT;
137 			goto free;
138 		}
139 	} else
140 		fw_entry = orinoco_cached_fw_get(priv, false);
141 
142 	hdr = (const struct orinoco_fw_header *) fw_entry->data;
143 
144 	fw_err = validate_fw(hdr, fw_entry->size);
145 	if (fw_err) {
146 		dev_warn(dev, "Invalid firmware image detected (%s). "
147 			 "Aborting download\n", fw_err);
148 		err = -EINVAL;
149 		goto abort;
150 	}
151 
152 	/* Enable aux port to allow programming */
153 	err = hw->ops->program_init(hw, le32_to_cpu(hdr->entry_point));
154 	dev_dbg(dev, "Program init returned %d\n", err);
155 	if (err != 0)
156 		goto abort;
157 
158 	/* Program data */
159 	first_block = (fw_entry->data +
160 		       le16_to_cpu(hdr->headersize) +
161 		       le32_to_cpu(hdr->block_offset));
162 	end = fw_entry->data + fw_entry->size;
163 
164 	err = hermes_program(hw, first_block, end);
165 	dev_dbg(dev, "Program returned %d\n", err);
166 	if (err != 0)
167 		goto abort;
168 
169 	/* Update production data */
170 	first_block = (fw_entry->data +
171 		       le16_to_cpu(hdr->headersize) +
172 		       le32_to_cpu(hdr->pdr_offset));
173 
174 	err = hermes_apply_pda_with_defaults(hw, first_block, end, pda,
175 					     &pda[fw->pda_size / sizeof(*pda)]);
176 	dev_dbg(dev, "Apply PDA returned %d\n", err);
177 	if (err)
178 		goto abort;
179 
180 	/* Tell card we've finished */
181 	err = hw->ops->program_end(hw);
182 	dev_dbg(dev, "Program end returned %d\n", err);
183 	if (err != 0)
184 		goto abort;
185 
186 	/* Check if we're running */
187 	dev_dbg(dev, "hermes_present returned %d\n", hermes_present(hw));
188 
189 abort:
190 	/* If we requested the firmware, release it. */
191 	if (!orinoco_cached_fw_get(priv, false))
192 		release_firmware(fw_entry);
193 
194 free:
195 	kfree(pda);
196 	return err;
197 }
198 
199 /*
200  * Process a firmware image - stop the card, load the firmware, reset
201  * the card and make sure it responds.  For the secondary firmware take
202  * care of the PDA - read it and then write it on top of the firmware.
203  */
204 static int
symbol_dl_image(struct orinoco_private * priv,const struct fw_info * fw,const unsigned char * image,const void * end,int secondary)205 symbol_dl_image(struct orinoco_private *priv, const struct fw_info *fw,
206 		const unsigned char *image, const void *end,
207 		int secondary)
208 {
209 	struct hermes *hw = &priv->hw;
210 	int ret = 0;
211 	const unsigned char *ptr;
212 	const unsigned char *first_block;
213 
214 	/* Plug Data Area (PDA) */
215 	__le16 *pda = NULL;
216 
217 	/* Binary block begins after the 0x1A marker */
218 	ptr = image;
219 	while (*ptr++ != TEXT_END);
220 	first_block = ptr;
221 
222 	/* Read the PDA from EEPROM */
223 	if (secondary) {
224 		pda = kzalloc(fw->pda_size, GFP_KERNEL);
225 		if (!pda)
226 			return -ENOMEM;
227 
228 		ret = hw->ops->read_pda(hw, pda, fw->pda_addr, fw->pda_size);
229 		if (ret)
230 			goto free;
231 	}
232 
233 	/* Stop the firmware, so that it can be safely rewritten */
234 	if (priv->stop_fw) {
235 		ret = priv->stop_fw(priv, 1);
236 		if (ret)
237 			goto free;
238 	}
239 
240 	/* Program the adapter with new firmware */
241 	ret = hermes_program(hw, first_block, end);
242 	if (ret)
243 		goto free;
244 
245 	/* Write the PDA to the adapter */
246 	if (secondary) {
247 		size_t len = hermes_blocks_length(first_block, end);
248 		ptr = first_block + len;
249 		ret = hermes_apply_pda(hw, ptr, end, pda,
250 				       &pda[fw->pda_size / sizeof(*pda)]);
251 		kfree(pda);
252 		if (ret)
253 			return ret;
254 	}
255 
256 	/* Run the firmware */
257 	if (priv->stop_fw) {
258 		ret = priv->stop_fw(priv, 0);
259 		if (ret)
260 			return ret;
261 	}
262 
263 	/* Reset hermes chip and make sure it responds */
264 	ret = hw->ops->init(hw);
265 
266 	/* hermes_reset() should return 0 with the secondary firmware */
267 	if (secondary && ret != 0)
268 		return -ENODEV;
269 
270 	/* And this should work with any firmware */
271 	if (!hermes_present(hw))
272 		return -ENODEV;
273 
274 	return 0;
275 
276 free:
277 	kfree(pda);
278 	return ret;
279 }
280 
281 
282 /*
283  * Download the firmware into the card, this also does a PCMCIA soft
284  * reset on the card, to make sure it's in a sane state.
285  */
286 static int
symbol_dl_firmware(struct orinoco_private * priv,const struct fw_info * fw)287 symbol_dl_firmware(struct orinoco_private *priv,
288 		   const struct fw_info *fw)
289 {
290 	struct device *dev = priv->dev;
291 	int ret;
292 	const struct firmware *fw_entry;
293 
294 	if (!orinoco_cached_fw_get(priv, true)) {
295 		if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) {
296 			dev_err(dev, "Cannot find firmware: %s\n", fw->pri_fw);
297 			return -ENOENT;
298 		}
299 	} else
300 		fw_entry = orinoco_cached_fw_get(priv, true);
301 
302 	/* Load primary firmware */
303 	ret = symbol_dl_image(priv, fw, fw_entry->data,
304 			      fw_entry->data + fw_entry->size, 0);
305 
306 	if (!orinoco_cached_fw_get(priv, true))
307 		release_firmware(fw_entry);
308 	if (ret) {
309 		dev_err(dev, "Primary firmware download failed\n");
310 		return ret;
311 	}
312 
313 	if (!orinoco_cached_fw_get(priv, false)) {
314 		if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) {
315 			dev_err(dev, "Cannot find firmware: %s\n", fw->sta_fw);
316 			return -ENOENT;
317 		}
318 	} else
319 		fw_entry = orinoco_cached_fw_get(priv, false);
320 
321 	/* Load secondary firmware */
322 	ret = symbol_dl_image(priv, fw, fw_entry->data,
323 			      fw_entry->data + fw_entry->size, 1);
324 	if (!orinoco_cached_fw_get(priv, false))
325 		release_firmware(fw_entry);
326 	if (ret)
327 		dev_err(dev, "Secondary firmware download failed\n");
328 
329 	return ret;
330 }
331 
orinoco_download(struct orinoco_private * priv)332 int orinoco_download(struct orinoco_private *priv)
333 {
334 	int err = 0;
335 	/* Reload firmware */
336 	switch (priv->firmware_type) {
337 	case FIRMWARE_TYPE_AGERE:
338 		/* case FIRMWARE_TYPE_INTERSIL: */
339 		err = orinoco_dl_firmware(priv,
340 					  &orinoco_fw[priv->firmware_type], 0);
341 		break;
342 
343 	case FIRMWARE_TYPE_SYMBOL:
344 		err = symbol_dl_firmware(priv,
345 					 &orinoco_fw[priv->firmware_type]);
346 		break;
347 	case FIRMWARE_TYPE_INTERSIL:
348 		break;
349 	}
350 	/* TODO: if we fail we probably need to reinitialise
351 	 * the driver */
352 
353 	return err;
354 }
355 
356 #if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
orinoco_cache_fw(struct orinoco_private * priv,int ap)357 void orinoco_cache_fw(struct orinoco_private *priv, int ap)
358 {
359 	const struct firmware *fw_entry = NULL;
360 	const char *pri_fw;
361 	const char *fw;
362 
363 	pri_fw = orinoco_fw[priv->firmware_type].pri_fw;
364 	if (ap)
365 		fw = orinoco_fw[priv->firmware_type].ap_fw;
366 	else
367 		fw = orinoco_fw[priv->firmware_type].sta_fw;
368 
369 	if (pri_fw) {
370 		if (request_firmware(&fw_entry, pri_fw, priv->dev) == 0)
371 			priv->cached_pri_fw = fw_entry;
372 	}
373 
374 	if (fw) {
375 		if (request_firmware(&fw_entry, fw, priv->dev) == 0)
376 			priv->cached_fw = fw_entry;
377 	}
378 }
379 
orinoco_uncache_fw(struct orinoco_private * priv)380 void orinoco_uncache_fw(struct orinoco_private *priv)
381 {
382 	release_firmware(priv->cached_pri_fw);
383 	release_firmware(priv->cached_fw);
384 	priv->cached_pri_fw = NULL;
385 	priv->cached_fw = NULL;
386 }
387 #endif
388