1/****************************************************************************** 2 * 3 * This file is provided under a dual BSD/GPLv2 license. When using or 4 * redistributing this file, you may do so under either license. 5 * 6 * GPL LICENSE SUMMARY 7 * 8 * Copyright(c) 2010 - 2011 Intel Corporation. All rights reserved. 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of version 2 of the GNU General Public License as 12 * published by the Free Software Foundation. 13 * 14 * This program is distributed in the hope that it will be useful, but 15 * WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software 21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 22 * USA 23 * 24 * The full GNU General Public License is included in this distribution 25 * in the file called LICENSE.GPL. 26 * 27 * Contact Information: 28 * Intel Linux Wireless <ilw@linux.intel.com> 29 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 30 * 31 * BSD LICENSE 32 * 33 * Copyright(c) 2010 - 2011 Intel Corporation. All rights reserved. 34 * All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 40 * * Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * * Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in 44 * the documentation and/or other materials provided with the 45 * distribution. 46 * * Neither the name Intel Corporation nor the names of its 47 * contributors may be used to endorse or promote products derived 48 * from this software without specific prior written permission. 49 * 50 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 51 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 52 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 53 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 54 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 56 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 57 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 58 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 59 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 60 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 61 * 62 *****************************************************************************/ 63#include <linux/init.h> 64#include <linux/kernel.h> 65#include <linux/module.h> 66#include <linux/dma-mapping.h> 67#include <net/net_namespace.h> 68#include <linux/netdevice.h> 69#include <net/cfg80211.h> 70#include <net/mac80211.h> 71#include <net/netlink.h> 72 73#include "iwl-wifi.h" 74#include "iwl-dev.h" 75#include "iwl-core.h" 76#include "iwl-debug.h" 77#include "iwl-io.h" 78#include "iwl-agn.h" 79#include "iwl-testmode.h" 80#include "iwl-trans.h" 81#include "iwl-bus.h" 82 83/* The TLVs used in the gnl message policy between the kernel module and 84 * user space application. iwl_testmode_gnl_msg_policy is to be carried 85 * through the NL80211_CMD_TESTMODE channel regulated by nl80211. 86 * See iwl-testmode.h 87 */ 88static 89struct nla_policy iwl_testmode_gnl_msg_policy[IWL_TM_ATTR_MAX] = { 90 [IWL_TM_ATTR_COMMAND] = { .type = NLA_U32, }, 91 92 [IWL_TM_ATTR_UCODE_CMD_ID] = { .type = NLA_U8, }, 93 [IWL_TM_ATTR_UCODE_CMD_DATA] = { .type = NLA_UNSPEC, }, 94 95 [IWL_TM_ATTR_REG_OFFSET] = { .type = NLA_U32, }, 96 [IWL_TM_ATTR_REG_VALUE8] = { .type = NLA_U8, }, 97 [IWL_TM_ATTR_REG_VALUE32] = { .type = NLA_U32, }, 98 99 [IWL_TM_ATTR_SYNC_RSP] = { .type = NLA_UNSPEC, }, 100 [IWL_TM_ATTR_UCODE_RX_PKT] = { .type = NLA_UNSPEC, }, 101 102 [IWL_TM_ATTR_EEPROM] = { .type = NLA_UNSPEC, }, 103 104 [IWL_TM_ATTR_TRACE_ADDR] = { .type = NLA_UNSPEC, }, 105 [IWL_TM_ATTR_TRACE_DUMP] = { .type = NLA_UNSPEC, }, 106 [IWL_TM_ATTR_TRACE_SIZE] = { .type = NLA_U32, }, 107 108 [IWL_TM_ATTR_FIXRATE] = { .type = NLA_U32, }, 109 110 [IWL_TM_ATTR_UCODE_OWNER] = { .type = NLA_U8, }, 111 112 [IWL_TM_ATTR_SRAM_ADDR] = { .type = NLA_U32, }, 113 [IWL_TM_ATTR_SRAM_SIZE] = { .type = NLA_U32, }, 114 [IWL_TM_ATTR_SRAM_DUMP] = { .type = NLA_UNSPEC, }, 115 116 [IWL_TM_ATTR_FW_VERSION] = { .type = NLA_U32, }, 117 [IWL_TM_ATTR_DEVICE_ID] = { .type = NLA_U32, }, 118}; 119 120/* 121 * See the struct iwl_rx_packet in iwl-commands.h for the format of the 122 * received events from the device 123 */ 124static inline int get_event_length(struct iwl_rx_mem_buffer *rxb) 125{ 126 struct iwl_rx_packet *pkt = rxb_addr(rxb); 127 if (pkt) 128 return le32_to_cpu(pkt->len_n_flags) & FH_RSCSR_FRAME_SIZE_MSK; 129 else 130 return 0; 131} 132 133 134/* 135 * This function multicasts the spontaneous messages from the device to the 136 * user space. It is invoked whenever there is a received messages 137 * from the device. This function is called within the ISR of the rx handlers 138 * in iwlagn driver. 139 * 140 * The parsing of the message content is left to the user space application, 141 * The message content is treated as unattacked raw data and is encapsulated 142 * with IWL_TM_ATTR_UCODE_RX_PKT multicasting to the user space. 143 * 144 * @priv: the instance of iwlwifi device 145 * @rxb: pointer to rx data content received by the ISR 146 * 147 * See the message policies and TLVs in iwl_testmode_gnl_msg_policy[]. 148 * For the messages multicasting to the user application, the mandatory 149 * TLV fields are : 150 * IWL_TM_ATTR_COMMAND must be IWL_TM_CMD_DEV2APP_UCODE_RX_PKT 151 * IWL_TM_ATTR_UCODE_RX_PKT for carrying the message content 152 */ 153 154static void iwl_testmode_ucode_rx_pkt(struct iwl_priv *priv, 155 struct iwl_rx_mem_buffer *rxb) 156{ 157 struct ieee80211_hw *hw = priv->hw; 158 struct sk_buff *skb; 159 void *data; 160 int length; 161 162 data = (void *)rxb_addr(rxb); 163 length = get_event_length(rxb); 164 165 if (!data || length == 0) 166 return; 167 168 skb = cfg80211_testmode_alloc_event_skb(hw->wiphy, 20 + length, 169 GFP_ATOMIC); 170 if (skb == NULL) { 171 IWL_DEBUG_INFO(priv, 172 "Run out of memory for messages to user space ?\n"); 173 return; 174 } 175 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT); 176 NLA_PUT(skb, IWL_TM_ATTR_UCODE_RX_PKT, length, data); 177 cfg80211_testmode_event(skb, GFP_ATOMIC); 178 return; 179 180nla_put_failure: 181 kfree_skb(skb); 182 IWL_DEBUG_INFO(priv, "Ouch, overran buffer, check allocation!\n"); 183} 184 185void iwl_testmode_init(struct iwl_priv *priv) 186{ 187 priv->pre_rx_handler = iwl_testmode_ucode_rx_pkt; 188 priv->testmode_trace.trace_enabled = false; 189 priv->testmode_sram.sram_readed = false; 190} 191 192static void iwl_sram_cleanup(struct iwl_priv *priv) 193{ 194 if (priv->testmode_sram.sram_readed) { 195 kfree(priv->testmode_sram.buff_addr); 196 priv->testmode_sram.buff_addr = NULL; 197 priv->testmode_sram.buff_size = 0; 198 priv->testmode_sram.num_chunks = 0; 199 priv->testmode_sram.sram_readed = false; 200 } 201} 202 203static void iwl_trace_cleanup(struct iwl_priv *priv) 204{ 205 if (priv->testmode_trace.trace_enabled) { 206 if (priv->testmode_trace.cpu_addr && 207 priv->testmode_trace.dma_addr) 208 dma_free_coherent(bus(priv)->dev, 209 priv->testmode_trace.total_size, 210 priv->testmode_trace.cpu_addr, 211 priv->testmode_trace.dma_addr); 212 priv->testmode_trace.trace_enabled = false; 213 priv->testmode_trace.cpu_addr = NULL; 214 priv->testmode_trace.trace_addr = NULL; 215 priv->testmode_trace.dma_addr = 0; 216 priv->testmode_trace.buff_size = 0; 217 priv->testmode_trace.total_size = 0; 218 } 219} 220 221 222void iwl_testmode_cleanup(struct iwl_priv *priv) 223{ 224 iwl_trace_cleanup(priv); 225 iwl_sram_cleanup(priv); 226} 227 228/* 229 * This function handles the user application commands to the ucode. 230 * 231 * It retrieves the mandatory fields IWL_TM_ATTR_UCODE_CMD_ID and 232 * IWL_TM_ATTR_UCODE_CMD_DATA and calls to the handler to send the 233 * host command to the ucode. 234 * 235 * If any mandatory field is missing, -ENOMSG is replied to the user space 236 * application; otherwise, the actual execution result of the host command to 237 * ucode is replied. 238 * 239 * @hw: ieee80211_hw object that represents the device 240 * @tb: gnl message fields from the user space 241 */ 242static int iwl_testmode_ucode(struct ieee80211_hw *hw, struct nlattr **tb) 243{ 244 struct iwl_priv *priv = hw->priv; 245 struct iwl_host_cmd cmd; 246 247 memset(&cmd, 0, sizeof(struct iwl_host_cmd)); 248 249 if (!tb[IWL_TM_ATTR_UCODE_CMD_ID] || 250 !tb[IWL_TM_ATTR_UCODE_CMD_DATA]) { 251 IWL_DEBUG_INFO(priv, 252 "Error finding ucode command mandatory fields\n"); 253 return -ENOMSG; 254 } 255 256 cmd.flags = CMD_ON_DEMAND; 257 cmd.id = nla_get_u8(tb[IWL_TM_ATTR_UCODE_CMD_ID]); 258 cmd.data[0] = nla_data(tb[IWL_TM_ATTR_UCODE_CMD_DATA]); 259 cmd.len[0] = nla_len(tb[IWL_TM_ATTR_UCODE_CMD_DATA]); 260 cmd.dataflags[0] = IWL_HCMD_DFL_NOCOPY; 261 IWL_INFO(priv, "testmode ucode command ID 0x%x, flags 0x%x," 262 " len %d\n", cmd.id, cmd.flags, cmd.len[0]); 263 /* ok, let's submit the command to ucode */ 264 return iwl_trans_send_cmd(trans(priv), &cmd); 265} 266 267 268/* 269 * This function handles the user application commands for register access. 270 * 271 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the 272 * handlers respectively. 273 * 274 * If it's an unknown commdn ID, -ENOSYS is returned; or -ENOMSG if the 275 * mandatory fields(IWL_TM_ATTR_REG_OFFSET,IWL_TM_ATTR_REG_VALUE32, 276 * IWL_TM_ATTR_REG_VALUE8) are missing; Otherwise 0 is replied indicating 277 * the success of the command execution. 278 * 279 * If IWL_TM_ATTR_COMMAND is IWL_TM_CMD_APP2DEV_REG_READ32, the register read 280 * value is returned with IWL_TM_ATTR_REG_VALUE32. 281 * 282 * @hw: ieee80211_hw object that represents the device 283 * @tb: gnl message fields from the user space 284 */ 285static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb) 286{ 287 struct iwl_priv *priv = hw->priv; 288 u32 ofs, val32; 289 u8 val8; 290 struct sk_buff *skb; 291 int status = 0; 292 293 if (!tb[IWL_TM_ATTR_REG_OFFSET]) { 294 IWL_DEBUG_INFO(priv, "Error finding register offset\n"); 295 return -ENOMSG; 296 } 297 ofs = nla_get_u32(tb[IWL_TM_ATTR_REG_OFFSET]); 298 IWL_INFO(priv, "testmode register access command offset 0x%x\n", ofs); 299 300 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) { 301 case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32: 302 val32 = iwl_read32(bus(priv), ofs); 303 IWL_INFO(priv, "32bit value to read 0x%x\n", val32); 304 305 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20); 306 if (!skb) { 307 IWL_DEBUG_INFO(priv, "Error allocating memory\n"); 308 return -ENOMEM; 309 } 310 NLA_PUT_U32(skb, IWL_TM_ATTR_REG_VALUE32, val32); 311 status = cfg80211_testmode_reply(skb); 312 if (status < 0) 313 IWL_DEBUG_INFO(priv, 314 "Error sending msg : %d\n", status); 315 break; 316 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32: 317 if (!tb[IWL_TM_ATTR_REG_VALUE32]) { 318 IWL_DEBUG_INFO(priv, 319 "Error finding value to write\n"); 320 return -ENOMSG; 321 } else { 322 val32 = nla_get_u32(tb[IWL_TM_ATTR_REG_VALUE32]); 323 IWL_INFO(priv, "32bit value to write 0x%x\n", val32); 324 iwl_write32(bus(priv), ofs, val32); 325 } 326 break; 327 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8: 328 if (!tb[IWL_TM_ATTR_REG_VALUE8]) { 329 IWL_DEBUG_INFO(priv, "Error finding value to write\n"); 330 return -ENOMSG; 331 } else { 332 val8 = nla_get_u8(tb[IWL_TM_ATTR_REG_VALUE8]); 333 IWL_INFO(priv, "8bit value to write 0x%x\n", val8); 334 iwl_write8(bus(priv), ofs, val8); 335 } 336 break; 337 case IWL_TM_CMD_APP2DEV_INDIRECT_REG_READ32: 338 val32 = iwl_read_prph(bus(priv), ofs); 339 IWL_INFO(priv, "32bit value to read 0x%x\n", val32); 340 341 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20); 342 if (!skb) { 343 IWL_DEBUG_INFO(priv, "Error allocating memory\n"); 344 return -ENOMEM; 345 } 346 NLA_PUT_U32(skb, IWL_TM_ATTR_REG_VALUE32, val32); 347 status = cfg80211_testmode_reply(skb); 348 if (status < 0) 349 IWL_DEBUG_INFO(priv, 350 "Error sending msg : %d\n", status); 351 break; 352 case IWL_TM_CMD_APP2DEV_INDIRECT_REG_WRITE32: 353 if (!tb[IWL_TM_ATTR_REG_VALUE32]) { 354 IWL_DEBUG_INFO(priv, 355 "Error finding value to write\n"); 356 return -ENOMSG; 357 } else { 358 val32 = nla_get_u32(tb[IWL_TM_ATTR_REG_VALUE32]); 359 IWL_INFO(priv, "32bit value to write 0x%x\n", val32); 360 iwl_write_prph(bus(priv), ofs, val32); 361 } 362 break; 363 default: 364 IWL_DEBUG_INFO(priv, "Unknown testmode register command ID\n"); 365 return -ENOSYS; 366 } 367 368 return status; 369 370nla_put_failure: 371 kfree_skb(skb); 372 return -EMSGSIZE; 373} 374 375 376static int iwl_testmode_cfg_init_calib(struct iwl_priv *priv) 377{ 378 struct iwl_notification_wait calib_wait; 379 int ret; 380 381 iwl_init_notification_wait(priv->shrd, &calib_wait, 382 CALIBRATION_COMPLETE_NOTIFICATION, 383 NULL, NULL); 384 ret = iwl_init_alive_start(trans(priv)); 385 if (ret) { 386 IWL_DEBUG_INFO(priv, 387 "Error configuring init calibration: %d\n", ret); 388 goto cfg_init_calib_error; 389 } 390 391 ret = iwl_wait_notification(priv->shrd, &calib_wait, 2 * HZ); 392 if (ret) 393 IWL_DEBUG_INFO(priv, "Error detecting" 394 " CALIBRATION_COMPLETE_NOTIFICATION: %d\n", ret); 395 return ret; 396 397cfg_init_calib_error: 398 iwl_remove_notification(priv->shrd, &calib_wait); 399 return ret; 400} 401 402/* 403 * This function handles the user application commands for driver. 404 * 405 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the 406 * handlers respectively. 407 * 408 * If it's an unknown commdn ID, -ENOSYS is replied; otherwise, the returned 409 * value of the actual command execution is replied to the user application. 410 * 411 * If there's any message responding to the user space, IWL_TM_ATTR_SYNC_RSP 412 * is used for carry the message while IWL_TM_ATTR_COMMAND must set to 413 * IWL_TM_CMD_DEV2APP_SYNC_RSP. 414 * 415 * @hw: ieee80211_hw object that represents the device 416 * @tb: gnl message fields from the user space 417 */ 418static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) 419{ 420 struct iwl_priv *priv = hw->priv; 421 struct iwl_trans *trans = trans(priv); 422 struct sk_buff *skb; 423 unsigned char *rsp_data_ptr = NULL; 424 int status = 0, rsp_data_len = 0; 425 u32 devid; 426 427 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) { 428 case IWL_TM_CMD_APP2DEV_GET_DEVICENAME: 429 rsp_data_ptr = (unsigned char *)cfg(priv)->name; 430 rsp_data_len = strlen(cfg(priv)->name); 431 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 432 rsp_data_len + 20); 433 if (!skb) { 434 IWL_DEBUG_INFO(priv, 435 "Error allocating memory\n"); 436 return -ENOMEM; 437 } 438 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, 439 IWL_TM_CMD_DEV2APP_SYNC_RSP); 440 NLA_PUT(skb, IWL_TM_ATTR_SYNC_RSP, 441 rsp_data_len, rsp_data_ptr); 442 status = cfg80211_testmode_reply(skb); 443 if (status < 0) 444 IWL_DEBUG_INFO(priv, "Error sending msg : %d\n", 445 status); 446 break; 447 448 case IWL_TM_CMD_APP2DEV_LOAD_INIT_FW: 449 status = iwl_load_ucode_wait_alive(trans, IWL_UCODE_INIT); 450 if (status) 451 IWL_DEBUG_INFO(priv, 452 "Error loading init ucode: %d\n", status); 453 break; 454 455 case IWL_TM_CMD_APP2DEV_CFG_INIT_CALIB: 456 iwl_testmode_cfg_init_calib(priv); 457 iwl_trans_stop_device(trans); 458 break; 459 460 case IWL_TM_CMD_APP2DEV_LOAD_RUNTIME_FW: 461 status = iwl_load_ucode_wait_alive(trans, IWL_UCODE_REGULAR); 462 if (status) { 463 IWL_DEBUG_INFO(priv, 464 "Error loading runtime ucode: %d\n", status); 465 break; 466 } 467 status = iwl_alive_start(priv); 468 if (status) 469 IWL_DEBUG_INFO(priv, 470 "Error starting the device: %d\n", status); 471 break; 472 473 case IWL_TM_CMD_APP2DEV_LOAD_WOWLAN_FW: 474 iwl_scan_cancel_timeout(priv, 200); 475 iwl_trans_stop_device(trans); 476 status = iwl_load_ucode_wait_alive(trans, IWL_UCODE_WOWLAN); 477 if (status) { 478 IWL_DEBUG_INFO(priv, 479 "Error loading WOWLAN ucode: %d\n", status); 480 break; 481 } 482 status = iwl_alive_start(priv); 483 if (status) 484 IWL_DEBUG_INFO(priv, 485 "Error starting the device: %d\n", status); 486 break; 487 488 case IWL_TM_CMD_APP2DEV_GET_EEPROM: 489 if (priv->shrd->eeprom) { 490 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 491 cfg(priv)->base_params->eeprom_size + 20); 492 if (!skb) { 493 IWL_DEBUG_INFO(priv, 494 "Error allocating memory\n"); 495 return -ENOMEM; 496 } 497 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, 498 IWL_TM_CMD_DEV2APP_EEPROM_RSP); 499 NLA_PUT(skb, IWL_TM_ATTR_EEPROM, 500 cfg(priv)->base_params->eeprom_size, 501 priv->shrd->eeprom); 502 status = cfg80211_testmode_reply(skb); 503 if (status < 0) 504 IWL_DEBUG_INFO(priv, 505 "Error sending msg : %d\n", 506 status); 507 } else 508 return -EFAULT; 509 break; 510 511 case IWL_TM_CMD_APP2DEV_FIXRATE_REQ: 512 if (!tb[IWL_TM_ATTR_FIXRATE]) { 513 IWL_DEBUG_INFO(priv, 514 "Error finding fixrate setting\n"); 515 return -ENOMSG; 516 } 517 priv->tm_fixed_rate = nla_get_u32(tb[IWL_TM_ATTR_FIXRATE]); 518 break; 519 520 case IWL_TM_CMD_APP2DEV_GET_FW_VERSION: 521 IWL_INFO(priv, "uCode version raw: 0x%x\n", priv->ucode_ver); 522 523 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20); 524 if (!skb) { 525 IWL_DEBUG_INFO(priv, "Error allocating memory\n"); 526 return -ENOMEM; 527 } 528 NLA_PUT_U32(skb, IWL_TM_ATTR_FW_VERSION, priv->ucode_ver); 529 status = cfg80211_testmode_reply(skb); 530 if (status < 0) 531 IWL_DEBUG_INFO(priv, 532 "Error sending msg : %d\n", status); 533 break; 534 535 case IWL_TM_CMD_APP2DEV_GET_DEVICE_ID: 536 devid = bus_get_hw_id(bus(priv)); 537 IWL_INFO(priv, "hw version: 0x%x\n", devid); 538 539 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20); 540 if (!skb) { 541 IWL_DEBUG_INFO(priv, "Error allocating memory\n"); 542 return -ENOMEM; 543 } 544 NLA_PUT_U32(skb, IWL_TM_ATTR_DEVICE_ID, devid); 545 status = cfg80211_testmode_reply(skb); 546 if (status < 0) 547 IWL_DEBUG_INFO(priv, 548 "Error sending msg : %d\n", status); 549 break; 550 551 default: 552 IWL_DEBUG_INFO(priv, "Unknown testmode driver command ID\n"); 553 return -ENOSYS; 554 } 555 return status; 556 557nla_put_failure: 558 kfree_skb(skb); 559 return -EMSGSIZE; 560} 561 562 563/* 564 * This function handles the user application commands for uCode trace 565 * 566 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the 567 * handlers respectively. 568 * 569 * If it's an unknown commdn ID, -ENOSYS is replied; otherwise, the returned 570 * value of the actual command execution is replied to the user application. 571 * 572 * @hw: ieee80211_hw object that represents the device 573 * @tb: gnl message fields from the user space 574 */ 575static int iwl_testmode_trace(struct ieee80211_hw *hw, struct nlattr **tb) 576{ 577 struct iwl_priv *priv = hw->priv; 578 struct sk_buff *skb; 579 int status = 0; 580 struct device *dev = bus(priv)->dev; 581 582 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) { 583 case IWL_TM_CMD_APP2DEV_BEGIN_TRACE: 584 if (priv->testmode_trace.trace_enabled) 585 return -EBUSY; 586 587 if (!tb[IWL_TM_ATTR_TRACE_SIZE]) 588 priv->testmode_trace.buff_size = TRACE_BUFF_SIZE_DEF; 589 else 590 priv->testmode_trace.buff_size = 591 nla_get_u32(tb[IWL_TM_ATTR_TRACE_SIZE]); 592 if (!priv->testmode_trace.buff_size) 593 return -EINVAL; 594 if (priv->testmode_trace.buff_size < TRACE_BUFF_SIZE_MIN || 595 priv->testmode_trace.buff_size > TRACE_BUFF_SIZE_MAX) 596 return -EINVAL; 597 598 priv->testmode_trace.total_size = 599 priv->testmode_trace.buff_size + TRACE_BUFF_PADD; 600 priv->testmode_trace.cpu_addr = 601 dma_alloc_coherent(dev, 602 priv->testmode_trace.total_size, 603 &priv->testmode_trace.dma_addr, 604 GFP_KERNEL); 605 if (!priv->testmode_trace.cpu_addr) 606 return -ENOMEM; 607 priv->testmode_trace.trace_enabled = true; 608 priv->testmode_trace.trace_addr = (u8 *)PTR_ALIGN( 609 priv->testmode_trace.cpu_addr, 0x100); 610 memset(priv->testmode_trace.trace_addr, 0x03B, 611 priv->testmode_trace.buff_size); 612 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 613 sizeof(priv->testmode_trace.dma_addr) + 20); 614 if (!skb) { 615 IWL_DEBUG_INFO(priv, 616 "Error allocating memory\n"); 617 iwl_trace_cleanup(priv); 618 return -ENOMEM; 619 } 620 NLA_PUT(skb, IWL_TM_ATTR_TRACE_ADDR, 621 sizeof(priv->testmode_trace.dma_addr), 622 (u64 *)&priv->testmode_trace.dma_addr); 623 status = cfg80211_testmode_reply(skb); 624 if (status < 0) { 625 IWL_DEBUG_INFO(priv, 626 "Error sending msg : %d\n", 627 status); 628 } 629 priv->testmode_trace.num_chunks = 630 DIV_ROUND_UP(priv->testmode_trace.buff_size, 631 DUMP_CHUNK_SIZE); 632 break; 633 634 case IWL_TM_CMD_APP2DEV_END_TRACE: 635 iwl_trace_cleanup(priv); 636 break; 637 default: 638 IWL_DEBUG_INFO(priv, "Unknown testmode mem command ID\n"); 639 return -ENOSYS; 640 } 641 return status; 642 643nla_put_failure: 644 kfree_skb(skb); 645 if (nla_get_u32(tb[IWL_TM_ATTR_COMMAND]) == 646 IWL_TM_CMD_APP2DEV_BEGIN_TRACE) 647 iwl_trace_cleanup(priv); 648 return -EMSGSIZE; 649} 650 651static int iwl_testmode_trace_dump(struct ieee80211_hw *hw, struct nlattr **tb, 652 struct sk_buff *skb, 653 struct netlink_callback *cb) 654{ 655 struct iwl_priv *priv = hw->priv; 656 int idx, length; 657 658 if (priv->testmode_trace.trace_enabled && 659 priv->testmode_trace.trace_addr) { 660 idx = cb->args[4]; 661 if (idx >= priv->testmode_trace.num_chunks) 662 return -ENOENT; 663 length = DUMP_CHUNK_SIZE; 664 if (((idx + 1) == priv->testmode_trace.num_chunks) && 665 (priv->testmode_trace.buff_size % DUMP_CHUNK_SIZE)) 666 length = priv->testmode_trace.buff_size % 667 DUMP_CHUNK_SIZE; 668 669 NLA_PUT(skb, IWL_TM_ATTR_TRACE_DUMP, length, 670 priv->testmode_trace.trace_addr + 671 (DUMP_CHUNK_SIZE * idx)); 672 idx++; 673 cb->args[4] = idx; 674 return 0; 675 } else 676 return -EFAULT; 677 678 nla_put_failure: 679 return -ENOBUFS; 680} 681 682/* 683 * This function handles the user application switch ucode ownership. 684 * 685 * It retrieves the mandatory fields IWL_TM_ATTR_UCODE_OWNER and 686 * decide who the current owner of the uCode 687 * 688 * If the current owner is OWNERSHIP_TM, then the only host command 689 * can deliver to uCode is from testmode, all the other host commands 690 * will dropped. 691 * 692 * default driver is the owner of uCode in normal operational mode 693 * 694 * @hw: ieee80211_hw object that represents the device 695 * @tb: gnl message fields from the user space 696 */ 697static int iwl_testmode_ownership(struct ieee80211_hw *hw, struct nlattr **tb) 698{ 699 struct iwl_priv *priv = hw->priv; 700 u8 owner; 701 702 if (!tb[IWL_TM_ATTR_UCODE_OWNER]) { 703 IWL_DEBUG_INFO(priv, "Error finding ucode owner\n"); 704 return -ENOMSG; 705 } 706 707 owner = nla_get_u8(tb[IWL_TM_ATTR_UCODE_OWNER]); 708 if ((owner == IWL_OWNERSHIP_DRIVER) || (owner == IWL_OWNERSHIP_TM)) 709 priv->shrd->ucode_owner = owner; 710 else { 711 IWL_DEBUG_INFO(priv, "Invalid owner\n"); 712 return -EINVAL; 713 } 714 return 0; 715} 716 717/* 718 * This function handles the user application commands for SRAM data dump 719 * 720 * It retrieves the mandatory fields IWL_TM_ATTR_SRAM_ADDR and 721 * IWL_TM_ATTR_SRAM_SIZE to decide the memory area for SRAM data reading 722 * 723 * Several error will be retured, -EBUSY if the SRAM data retrieved by 724 * previous command has not been delivered to userspace, or -ENOMSG if 725 * the mandatory fields (IWL_TM_ATTR_SRAM_ADDR,IWL_TM_ATTR_SRAM_SIZE) 726 * are missing, or -ENOMEM if the buffer allocation fails. 727 * 728 * Otherwise 0 is replied indicating the success of the SRAM reading. 729 * 730 * @hw: ieee80211_hw object that represents the device 731 * @tb: gnl message fields from the user space 732 */ 733static int iwl_testmode_sram(struct ieee80211_hw *hw, struct nlattr **tb) 734{ 735 struct iwl_priv *priv = hw->priv; 736 u32 base, ofs, size, maxsize; 737 738 if (priv->testmode_sram.sram_readed) 739 return -EBUSY; 740 741 if (!tb[IWL_TM_ATTR_SRAM_ADDR]) { 742 IWL_DEBUG_INFO(priv, "Error finding SRAM offset address\n"); 743 return -ENOMSG; 744 } 745 ofs = nla_get_u32(tb[IWL_TM_ATTR_SRAM_ADDR]); 746 if (!tb[IWL_TM_ATTR_SRAM_SIZE]) { 747 IWL_DEBUG_INFO(priv, "Error finding size for SRAM reading\n"); 748 return -ENOMSG; 749 } 750 size = nla_get_u32(tb[IWL_TM_ATTR_SRAM_SIZE]); 751 switch (priv->shrd->ucode_type) { 752 case IWL_UCODE_REGULAR: 753 maxsize = trans(priv)->ucode_rt.data.len; 754 break; 755 case IWL_UCODE_INIT: 756 maxsize = trans(priv)->ucode_init.data.len; 757 break; 758 case IWL_UCODE_WOWLAN: 759 maxsize = trans(priv)->ucode_wowlan.data.len; 760 break; 761 case IWL_UCODE_NONE: 762 IWL_DEBUG_INFO(priv, "Error, uCode does not been loaded\n"); 763 return -ENOSYS; 764 default: 765 IWL_DEBUG_INFO(priv, "Error, unsupported uCode type\n"); 766 return -ENOSYS; 767 } 768 if ((ofs + size) > maxsize) { 769 IWL_DEBUG_INFO(priv, "Invalid offset/size: out of range\n"); 770 return -EINVAL; 771 } 772 priv->testmode_sram.buff_size = (size / 4) * 4; 773 priv->testmode_sram.buff_addr = 774 kmalloc(priv->testmode_sram.buff_size, GFP_KERNEL); 775 if (priv->testmode_sram.buff_addr == NULL) { 776 IWL_DEBUG_INFO(priv, "Error allocating memory\n"); 777 return -ENOMEM; 778 } 779 base = 0x800000; 780 _iwl_read_targ_mem_words(bus(priv), base + ofs, 781 priv->testmode_sram.buff_addr, 782 priv->testmode_sram.buff_size / 4); 783 priv->testmode_sram.num_chunks = 784 DIV_ROUND_UP(priv->testmode_sram.buff_size, DUMP_CHUNK_SIZE); 785 priv->testmode_sram.sram_readed = true; 786 return 0; 787} 788 789static int iwl_testmode_sram_dump(struct ieee80211_hw *hw, struct nlattr **tb, 790 struct sk_buff *skb, 791 struct netlink_callback *cb) 792{ 793 struct iwl_priv *priv = hw->priv; 794 int idx, length; 795 796 if (priv->testmode_sram.sram_readed) { 797 idx = cb->args[4]; 798 if (idx >= priv->testmode_sram.num_chunks) { 799 iwl_sram_cleanup(priv); 800 return -ENOENT; 801 } 802 length = DUMP_CHUNK_SIZE; 803 if (((idx + 1) == priv->testmode_sram.num_chunks) && 804 (priv->testmode_sram.buff_size % DUMP_CHUNK_SIZE)) 805 length = priv->testmode_sram.buff_size % 806 DUMP_CHUNK_SIZE; 807 808 NLA_PUT(skb, IWL_TM_ATTR_SRAM_DUMP, length, 809 priv->testmode_sram.buff_addr + 810 (DUMP_CHUNK_SIZE * idx)); 811 idx++; 812 cb->args[4] = idx; 813 return 0; 814 } else 815 return -EFAULT; 816 817 nla_put_failure: 818 return -ENOBUFS; 819} 820 821 822/* The testmode gnl message handler that takes the gnl message from the 823 * user space and parses it per the policy iwl_testmode_gnl_msg_policy, then 824 * invoke the corresponding handlers. 825 * 826 * This function is invoked when there is user space application sending 827 * gnl message through the testmode tunnel NL80211_CMD_TESTMODE regulated 828 * by nl80211. 829 * 830 * It retrieves the mandatory field, IWL_TM_ATTR_COMMAND, before 831 * dispatching it to the corresponding handler. 832 * 833 * If IWL_TM_ATTR_COMMAND is missing, -ENOMSG is replied to user application; 834 * -ENOSYS is replied to the user application if the command is unknown; 835 * Otherwise, the command is dispatched to the respective handler. 836 * 837 * @hw: ieee80211_hw object that represents the device 838 * @data: pointer to user space message 839 * @len: length in byte of @data 840 */ 841int iwlagn_mac_testmode_cmd(struct ieee80211_hw *hw, void *data, int len) 842{ 843 struct nlattr *tb[IWL_TM_ATTR_MAX]; 844 struct iwl_priv *priv = hw->priv; 845 int result; 846 847 result = nla_parse(tb, IWL_TM_ATTR_MAX - 1, data, len, 848 iwl_testmode_gnl_msg_policy); 849 if (result != 0) { 850 IWL_DEBUG_INFO(priv, 851 "Error parsing the gnl message : %d\n", result); 852 return result; 853 } 854 855 /* IWL_TM_ATTR_COMMAND is absolutely mandatory */ 856 if (!tb[IWL_TM_ATTR_COMMAND]) { 857 IWL_DEBUG_INFO(priv, "Error finding testmode command type\n"); 858 return -ENOMSG; 859 } 860 /* in case multiple accesses to the device happens */ 861 mutex_lock(&priv->shrd->mutex); 862 863 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) { 864 case IWL_TM_CMD_APP2DEV_UCODE: 865 IWL_DEBUG_INFO(priv, "testmode cmd to uCode\n"); 866 result = iwl_testmode_ucode(hw, tb); 867 break; 868 case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32: 869 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32: 870 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8: 871 case IWL_TM_CMD_APP2DEV_INDIRECT_REG_READ32: 872 case IWL_TM_CMD_APP2DEV_INDIRECT_REG_WRITE32: 873 IWL_DEBUG_INFO(priv, "testmode cmd to register\n"); 874 result = iwl_testmode_reg(hw, tb); 875 break; 876 case IWL_TM_CMD_APP2DEV_GET_DEVICENAME: 877 case IWL_TM_CMD_APP2DEV_LOAD_INIT_FW: 878 case IWL_TM_CMD_APP2DEV_CFG_INIT_CALIB: 879 case IWL_TM_CMD_APP2DEV_LOAD_RUNTIME_FW: 880 case IWL_TM_CMD_APP2DEV_GET_EEPROM: 881 case IWL_TM_CMD_APP2DEV_FIXRATE_REQ: 882 case IWL_TM_CMD_APP2DEV_LOAD_WOWLAN_FW: 883 case IWL_TM_CMD_APP2DEV_GET_FW_VERSION: 884 case IWL_TM_CMD_APP2DEV_GET_DEVICE_ID: 885 IWL_DEBUG_INFO(priv, "testmode cmd to driver\n"); 886 result = iwl_testmode_driver(hw, tb); 887 break; 888 889 case IWL_TM_CMD_APP2DEV_BEGIN_TRACE: 890 case IWL_TM_CMD_APP2DEV_END_TRACE: 891 case IWL_TM_CMD_APP2DEV_READ_TRACE: 892 IWL_DEBUG_INFO(priv, "testmode uCode trace cmd to driver\n"); 893 result = iwl_testmode_trace(hw, tb); 894 break; 895 896 case IWL_TM_CMD_APP2DEV_OWNERSHIP: 897 IWL_DEBUG_INFO(priv, "testmode change uCode ownership\n"); 898 result = iwl_testmode_ownership(hw, tb); 899 break; 900 901 case IWL_TM_CMD_APP2DEV_READ_SRAM: 902 IWL_DEBUG_INFO(priv, "testmode sram read cmd to driver\n"); 903 result = iwl_testmode_sram(hw, tb); 904 break; 905 906 default: 907 IWL_DEBUG_INFO(priv, "Unknown testmode command\n"); 908 result = -ENOSYS; 909 break; 910 } 911 912 mutex_unlock(&priv->shrd->mutex); 913 return result; 914} 915 916int iwlagn_mac_testmode_dump(struct ieee80211_hw *hw, struct sk_buff *skb, 917 struct netlink_callback *cb, 918 void *data, int len) 919{ 920 struct nlattr *tb[IWL_TM_ATTR_MAX]; 921 struct iwl_priv *priv = hw->priv; 922 int result; 923 u32 cmd; 924 925 if (cb->args[3]) { 926 /* offset by 1 since commands start at 0 */ 927 cmd = cb->args[3] - 1; 928 } else { 929 result = nla_parse(tb, IWL_TM_ATTR_MAX - 1, data, len, 930 iwl_testmode_gnl_msg_policy); 931 if (result) { 932 IWL_DEBUG_INFO(priv, 933 "Error parsing the gnl message : %d\n", result); 934 return result; 935 } 936 937 /* IWL_TM_ATTR_COMMAND is absolutely mandatory */ 938 if (!tb[IWL_TM_ATTR_COMMAND]) { 939 IWL_DEBUG_INFO(priv, 940 "Error finding testmode command type\n"); 941 return -ENOMSG; 942 } 943 cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]); 944 cb->args[3] = cmd + 1; 945 } 946 947 /* in case multiple accesses to the device happens */ 948 mutex_lock(&priv->shrd->mutex); 949 switch (cmd) { 950 case IWL_TM_CMD_APP2DEV_READ_TRACE: 951 IWL_DEBUG_INFO(priv, "uCode trace cmd to driver\n"); 952 result = iwl_testmode_trace_dump(hw, tb, skb, cb); 953 break; 954 case IWL_TM_CMD_APP2DEV_DUMP_SRAM: 955 IWL_DEBUG_INFO(priv, "testmode sram dump cmd to driver\n"); 956 result = iwl_testmode_sram_dump(hw, tb, skb, cb); 957 break; 958 default: 959 result = -EINVAL; 960 break; 961 } 962 963 mutex_unlock(&priv->shrd->mutex); 964 return result; 965} 966