[rescue] Re-work rescue calling convention

Rather than passing `bootdata` and `boot_log` along in every call, store
pointers to them into the `rescue_state_t` structure.

Signed-off-by: Chris Frantz <[email protected]>
(cherry picked from commit 1213c98)

Author: cfrantz

sw/device/silicon_creator/lib/rescue/BUILD

@@ -27,6 +27,7 @@ cc_library(
         "//hw/top:flash_ctrl_c_regs",
         "//sw/device/lib/base:memory",
         "//sw/device/silicon_creator/lib:boot_data",
+        "//sw/device/silicon_creator/lib:boot_log",
         "//sw/device/silicon_creator/lib:dbg_print",
         "//sw/device/silicon_creator/lib:error",
         "//sw/device/silicon_creator/lib/boot_svc:boot_svc_msg",
@@ -90,7 +91,6 @@ cc_library(
         ":rescue",
         "//sw/device/lib/base:macros",
         "//sw/device/lib/base:memory",
-        "//sw/device/silicon_creator/lib:boot_data",
         "//sw/device/silicon_creator/lib:error",
         "//sw/device/silicon_creator/lib/drivers:rstmgr",
         "//sw/device/silicon_creator/lib/drivers:usb",

sw/device/silicon_creator/lib/rescue/dfu.c

@@ -30,8 +30,7 @@ static const rescue_mode_properties_t mode_by_altsetting[] = {
     //{ kRescueModeOwnerPage1, false, true },
 };
 
-static rom_error_t validate_mode(uint32_t setting, rescue_state_t *state,
-                                 boot_data_t *bootdata) {
+static rom_error_t validate_mode(uint32_t setting, rescue_state_t *state) {
   // Allow the `setting` to be either an index or a FourCC code.
   // The the integer value is less than the arraysize, then its clearly an
   // index.
@@ -58,18 +57,18 @@ static rom_error_t validate_mode(uint32_t setting, rescue_state_t *state,
   // rescue buffer.
   const rescue_mode_properties_t *mode = &mode_by_altsetting[setting];
   rom_error_t error2 = kErrorOk;
-  rom_error_t error = rescue_validate_mode(mode->mode, state, bootdata);
+  rom_error_t error = rescue_validate_mode(mode->mode, state);
   if (error == kErrorOk && mode->upload) {
     // DFU upload means send to the host.  We stage the data that would
     // be sent to the rescue buffer.
-    rescue_send_handler(state, bootdata);
+    rescue_send_handler(state);
   }
   // BootSvc and OwnerPage are also recv (from the host) services.  Make sure
   // we're set up to process a DFU download for those services.
   if (mode->mode == kRescueModeBootSvcRsp) {
-    error2 = rescue_validate_mode(kRescueModeBootSvcReq, state, bootdata);
+    error2 = rescue_validate_mode(kRescueModeBootSvcReq, state);
   } else if (mode->mode == kRescueModeOwnerPage0) {
-    error2 = rescue_validate_mode(kRescueModeOwnerBlock, state, bootdata);
+    error2 = rescue_validate_mode(kRescueModeOwnerBlock, state);
   }
 
   if (error == kErrorOk || error2 == kErrorOk) {
@@ -180,7 +179,7 @@ static rom_error_t vendor_request(dfu_ctx_t *ctx, usb_setup_data_t *setup) {
     // FourCC from the value and index fields.
     case kDfuVendorSetMode: {
       uint32_t mode = ((uint32_t)setup->value << 16) | setup->index;
-      if (validate_mode(mode, &ctx->state, ctx->bootdata) == kErrorOk) {
+      if (validate_mode(mode, &ctx->state) == kErrorOk) {
         dfu_transport_data(ctx, kUsbDirIn, NULL, 0, 0);
       } else {
         return kErrorUsbBadSetup;
@@ -195,7 +194,7 @@ static rom_error_t vendor_request(dfu_ctx_t *ctx, usb_setup_data_t *setup) {
 static rom_error_t interface_request(dfu_ctx_t *ctx, usb_setup_data_t *setup) {
   switch (setup->request) {
     case kUsbSetupReqSetInterface:
-      if (validate_mode(setup->value, &ctx->state, ctx->bootdata) == kErrorOk) {
+      if (validate_mode(setup->value, &ctx->state) == kErrorOk) {
         ctx->interface = (uint8_t)setup->value;
         dfu_transport_data(ctx, kUsbDirIn, NULL, 0, 0);
       } else {
@@ -216,7 +215,7 @@ static rom_error_t set_configuration(dfu_ctx_t *ctx) {
   ctx->dfu_error = kDfuErrOk;
   ctx->dfu_state = kDfuStateIdle;
   ctx->interface = 0;
-  validate_mode(ctx->interface, &ctx->state, ctx->bootdata);
+  validate_mode(ctx->interface, &ctx->state);
   ctx->ep0.configuration = ctx->ep0.next.configuration;
   return kErrorOk;
 }
@@ -282,7 +281,7 @@ void dfu_protocol_handler(void *_ctx, uint8_t ep, usb_transfer_flags_t flags,
         ctx->state.data[ctx->state.offset++] = 0xFF;
       }
       // Pass the rescue buffer to the rescue receive handler.
-      rom_error_t error = rescue_recv_handler(&ctx->state, ctx->bootdata);
+      rom_error_t error = rescue_recv_handler(&ctx->state);
       switch (error) {
         case kErrorOk:
           ctx->dfu_error = kDfuErrOk;

sw/device/silicon_creator/lib/rescue/dfu.h

@@ -7,7 +7,6 @@
 
 #include <stdint.h>
 
-#include "sw/device/silicon_creator/lib/boot_data.h"
 #include "sw/device/silicon_creator/lib/drivers/usb.h"
 #include "sw/device/silicon_creator/lib/rescue/rescue.h"
 
@@ -132,8 +131,6 @@ typedef struct dfu_ctx {
   usb_control_ctx_t ep0;
   /** Rescue state. */
   rescue_state_t state;
-  /** Pointer to bootdata. */
-  boot_data_t *bootdata;
   /** Expected receive length (upload) */
   uint32_t expected_len;
   /** Status buffer (used to respond to DfuReqGetStatus). */

sw/device/silicon_creator/lib/rescue/rescue.c

@@ -7,6 +7,7 @@
 #include "sw/device/lib/arch/device.h"
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/silicon_creator/lib/boot_data.h"
+#include "sw/device/silicon_creator/lib/boot_log.h"
 #include "sw/device/silicon_creator/lib/boot_svc/boot_svc_msg.h"
 #include "sw/device/silicon_creator/lib/dbg_print.h"
 #include "sw/device/silicon_creator/lib/drivers/flash_ctrl.h"
@@ -55,11 +56,11 @@ rom_error_t flash_firmware_block(rescue_state_t *state) {
   return kErrorOk;
 }
 
-rom_error_t flash_owner_block(rescue_state_t *state, boot_data_t *bootdata) {
-  if (bootdata->ownership_state == kOwnershipStateUnlockedAny ||
-      bootdata->ownership_state == kOwnershipStateUnlockedSelf ||
-      bootdata->ownership_state == kOwnershipStateUnlockedEndorsed ||
-      (bootdata->ownership_state == kOwnershipStateLockedOwner &&
+rom_error_t flash_owner_block(rescue_state_t *state) {
+  if (state->bootdata->ownership_state == kOwnershipStateUnlockedAny ||
+      state->bootdata->ownership_state == kOwnershipStateUnlockedSelf ||
+      state->bootdata->ownership_state == kOwnershipStateUnlockedEndorsed ||
+      (state->bootdata->ownership_state == kOwnershipStateLockedOwner &&
        owner_block_newversion_mode() == kHardenedBoolTrue)) {
     HARDENED_RETURN_IF_ERROR(flash_ctrl_info_erase(
         &kFlashCtrlInfoPageOwnerSlot1, kFlashCtrlEraseTypePage));
@@ -93,8 +94,7 @@ static void ownership_erase(void) {
 }
 #endif
 
-rom_error_t rescue_validate_mode(uint32_t mode, rescue_state_t *state,
-                                 boot_data_t *bootdata) {
+rom_error_t rescue_validate_mode(uint32_t mode, rescue_state_t *state) {
   dbg_printf("\r\nmode: %C\r\n", bitfield_byteswap32(mode));
   rom_error_t result = kErrorOk;
 
@@ -131,10 +131,11 @@ rom_error_t rescue_validate_mode(uint32_t mode, rescue_state_t *state,
         dbg_printf("ok: send boot_svc request\r\n");
         break;
       case kRescueModeOwnerBlock:
-        if (bootdata->ownership_state == kOwnershipStateUnlockedAny ||
-            bootdata->ownership_state == kOwnershipStateUnlockedSelf ||
-            bootdata->ownership_state == kOwnershipStateUnlockedEndorsed ||
-            (bootdata->ownership_state == kOwnershipStateLockedOwner &&
+        if (state->bootdata->ownership_state == kOwnershipStateUnlockedAny ||
+            state->bootdata->ownership_state == kOwnershipStateUnlockedSelf ||
+            state->bootdata->ownership_state ==
+                kOwnershipStateUnlockedEndorsed ||
+            (state->bootdata->ownership_state == kOwnershipStateLockedOwner &&
              owner_block_newversion_mode() == kHardenedBoolTrue)) {
           dbg_printf("ok: send owner_block\r\n");
         } else {
@@ -170,7 +171,7 @@ rom_error_t rescue_validate_mode(uint32_t mode, rescue_state_t *state,
   return result;
 }
 
-rom_error_t rescue_send_handler(rescue_state_t *state, boot_data_t *bootdata) {
+rom_error_t rescue_send_handler(rescue_state_t *state) {
   hardened_bool_t allow =
       owner_rescue_command_allowed(state->config, state->mode);
   if (allow != kHardenedBoolTrue) {
@@ -219,7 +220,7 @@ rom_error_t rescue_send_handler(rescue_state_t *state, boot_data_t *bootdata) {
   return kErrorRescueSendStart;
 }
 
-rom_error_t rescue_recv_handler(rescue_state_t *state, boot_data_t *bootdata) {
+rom_error_t rescue_recv_handler(rescue_state_t *state) {
   hardened_bool_t allow =
       owner_rescue_command_allowed(state->config, state->mode);
   if (allow != kHardenedBoolTrue) {
@@ -249,7 +250,7 @@ rom_error_t rescue_recv_handler(rescue_state_t *state, boot_data_t *bootdata) {
       break;
     case kRescueModeOwnerBlock:
       if (state->offset == sizeof(state->data)) {
-        HARDENED_RETURN_IF_ERROR(flash_owner_block(state, bootdata));
+        HARDENED_RETURN_IF_ERROR(flash_owner_block(state));
         state->offset = 0;
       }
       break;
@@ -268,8 +269,11 @@ rom_error_t rescue_recv_handler(rescue_state_t *state, boot_data_t *bootdata) {
   return kErrorOk;
 }
 
-void rescue_state_init(rescue_state_t *state,
+void rescue_state_init(rescue_state_t *state, boot_data_t *bootdata,
+                       boot_log_t *boot_log,
                        const owner_rescue_config_t *config) {
+  state->boot_log = boot_log;
+  state->bootdata = bootdata;
   state->config = config;
   if ((hardened_bool_t)config == kHardenedBoolFalse) {
     HARDENED_CHECK_EQ((hardened_bool_t)config, kHardenedBoolFalse);

sw/device/silicon_creator/lib/rescue/rescue.h

@@ -9,6 +9,7 @@
 #include <stdint.h>
 
 #include "sw/device/silicon_creator/lib/boot_data.h"
+#include "sw/device/silicon_creator/lib/boot_log.h"
 #include "sw/device/silicon_creator/lib/boot_svc/boot_svc_msg.h"
 #include "sw/device/silicon_creator/lib/dbg_print.h"
 #include "sw/device/silicon_creator/lib/error.h"
@@ -80,6 +81,10 @@ typedef struct RescueState {
   // Range to erase and write for firmware rescue (inclusive).
   uint32_t flash_start;
   uint32_t flash_limit;
+  // Pointer to the current bootdata record.
+  boot_data_t *bootdata;
+  // Pointer to the boot log.
+  boot_log_t *boot_log;
   // Rescue configuration.
   const owner_rescue_config_t *config;
   // Data buffer to hold xmodem upload data.
@@ -90,42 +95,41 @@ typedef struct RescueState {
  * Handle rescue modes that involve sending data to the host.
  *
  * @param state Rescue state
- * @param bootdata Boot data
  * @return kErrorOk if nothing to do, kErrorRescueSendStart if the state->data
  *         buffer is ready to send, or an error.
  */
-rom_error_t rescue_send_handler(rescue_state_t *state, boot_data_t *bootdata);
+rom_error_t rescue_send_handler(rescue_state_t *state);
 
 /**
  * Handle rescue movdes that involve receiving data into the device.
  *
  * @param state Rescue state
- * @param bootdata Boot data
  * @return kErrorOk if no error or an error code indicating a problem with
  *         the received data.
  */
-rom_error_t rescue_recv_handler(rescue_state_t *state, boot_data_t *bootdata);
+rom_error_t rescue_recv_handler(rescue_state_t *state);
 
 /**
  * Validate a new rescue mode.
  *
  * @param mode The new mode.
  * @param state Rescue state
- * @param bootdata Boot data
  * @return kErrorOk if the new mode was accepted, kErrorBadMode otherwise.
  *
  * The rescue state is updated: mode, offset and flash_offset.
  */
-rom_error_t rescue_validate_mode(uint32_t mode, rescue_state_t *state,
-                                 boot_data_t *bootdata);
+rom_error_t rescue_validate_mode(uint32_t mode, rescue_state_t *state);
 
 /**
  * Initialize the rescue state.
  *
  * @param state Rescue state
+ * @param bootdata Boot data
+ * @param boot_log The boot_log
  * @param config The ownership rescue config (if any).
  */
-void rescue_state_init(rescue_state_t *state,
+void rescue_state_init(rescue_state_t *state, boot_data_t *bootdata,
+                       boot_log_t *boot_log,
                        const owner_rescue_config_t *config);
 
 /**
@@ -140,10 +144,11 @@ rom_error_t rescue_enter_handler(boot_svc_msg_t *msg);
  * Perform the rescue protocol.
  *
  * @param bootdata Boot data
+ * @param boot_log The boot_log
  * @param config The ownership rescue config (if any).
  * @return Any error in processing the rescue protocol.
  */
-rom_error_t rescue_protocol(boot_data_t *bootdata,
+rom_error_t rescue_protocol(boot_data_t *bootdata, boot_log_t *boot_log,
                             const owner_rescue_config_t *config);
 
 /**

sw/device/silicon_creator/lib/rescue/rescue_spi.c

@@ -74,15 +74,14 @@ void dfu_transport_result(dfu_ctx_t *ctx, rom_error_t result) {
   spi_device_flash_status_clear();
 }
 
-rom_error_t rescue_protocol(boot_data_t *bootdata,
+rom_error_t rescue_protocol(boot_data_t *bootdata, boot_log_t *boot_log,
                             const owner_rescue_config_t *config) {
   dfu_ctx_t ctx = {
-      .bootdata = bootdata,
       .dfu_state = kDfuStateIdle,
       .dfu_error = kDfuErrOk,
   };
   dbg_printf("SPI-DFU rescue ready\r\n");
-  rescue_state_init(&ctx.state, config);
+  rescue_state_init(&ctx.state, bootdata, boot_log, config);
   spi_device_init(
       /*log2_density=*/kRescueDensity, &kRescueSfdpTable,
       sizeof(kRescueSfdpTable));

sw/device/silicon_creator/lib/rescue/rescue_usb.c

@@ -151,11 +151,10 @@ void dfu_transport_result(dfu_ctx_t *ctx, rom_error_t result) {
   }
 }
 
-rom_error_t rescue_protocol(boot_data_t *bootdata,
+rom_error_t rescue_protocol(boot_data_t *bootdata, boot_log_t *boot_log,
                             const owner_rescue_config_t *config) {
   set_serialnumber();
   dfu_ctx_t ctx = {
-      .bootdata = bootdata,
       .ep0 =
           {
               .device_desc = &device_desc,
@@ -166,7 +165,7 @@ rom_error_t rescue_protocol(boot_data_t *bootdata,
       .dfu_error = kDfuErrOk,
   };
   dbg_printf("USB-DFU rescue ready\r\n");
-  rescue_state_init(&ctx.state, config);
+  rescue_state_init(&ctx.state, bootdata, boot_log, config);
   pinmux_init_usb();
   usb_init();
   usb_ep_init(0, kUsbEpTypeControl, 0x40, dfu_protocol_handler, &ctx);