Loading...
1// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
2/*
3 * Copyright (C) 2005-2014, 2018-2023 Intel Corporation
4 * Copyright (C) 2013-2015 Intel Mobile Communications GmbH
5 * Copyright (C) 2016-2017 Intel Deutschland GmbH
6 */
7#include <linux/completion.h>
8#include <linux/dma-mapping.h>
9#include <linux/firmware.h>
10#include <linux/module.h>
11#include <linux/vmalloc.h>
12
13#include "iwl-drv.h"
14#include "iwl-csr.h"
15#include "iwl-debug.h"
16#include "iwl-trans.h"
17#include "iwl-op-mode.h"
18#include "iwl-agn-hw.h"
19#include "fw/img.h"
20#include "iwl-dbg-tlv.h"
21#include "iwl-config.h"
22#include "iwl-modparams.h"
23#include "fw/api/alive.h"
24#include "fw/api/mac.h"
25
26/******************************************************************************
27 *
28 * module boiler plate
29 *
30 ******************************************************************************/
31
32#define DRV_DESCRIPTION "Intel(R) Wireless WiFi driver for Linux"
33MODULE_DESCRIPTION(DRV_DESCRIPTION);
34MODULE_LICENSE("GPL");
35
36#ifdef CONFIG_IWLWIFI_DEBUGFS
37static struct dentry *iwl_dbgfs_root;
38#endif
39
40/**
41 * struct iwl_drv - drv common data
42 * @list: list of drv structures using this opmode
43 * @fw: the iwl_fw structure
44 * @op_mode: the running op_mode
45 * @trans: transport layer
46 * @dev: for debug prints only
47 * @fw_index: firmware revision to try loading
48 * @firmware_name: composite filename of ucode file to load
49 * @request_firmware_complete: the firmware has been obtained from user space
50 * @dbgfs_drv: debugfs root directory entry
51 * @dbgfs_trans: debugfs transport directory entry
52 * @dbgfs_op_mode: debugfs op_mode directory entry
53 */
54struct iwl_drv {
55 struct list_head list;
56 struct iwl_fw fw;
57
58 struct iwl_op_mode *op_mode;
59 struct iwl_trans *trans;
60 struct device *dev;
61
62 int fw_index; /* firmware we're trying to load */
63 char firmware_name[64]; /* name of firmware file to load */
64
65 struct completion request_firmware_complete;
66
67#ifdef CONFIG_IWLWIFI_DEBUGFS
68 struct dentry *dbgfs_drv;
69 struct dentry *dbgfs_trans;
70 struct dentry *dbgfs_op_mode;
71#endif
72};
73
74enum {
75 DVM_OP_MODE,
76 MVM_OP_MODE,
77};
78
79/* Protects the table contents, i.e. the ops pointer & drv list */
80static DEFINE_MUTEX(iwlwifi_opmode_table_mtx);
81static struct iwlwifi_opmode_table {
82 const char *name; /* name: iwldvm, iwlmvm, etc */
83 const struct iwl_op_mode_ops *ops; /* pointer to op_mode ops */
84 struct list_head drv; /* list of devices using this op_mode */
85} iwlwifi_opmode_table[] = { /* ops set when driver is initialized */
86 [DVM_OP_MODE] = { .name = "iwldvm", .ops = NULL },
87 [MVM_OP_MODE] = { .name = "iwlmvm", .ops = NULL },
88};
89
90#define IWL_DEFAULT_SCAN_CHANNELS 40
91
92/*
93 * struct fw_sec: Just for the image parsing process.
94 * For the fw storage we are using struct fw_desc.
95 */
96struct fw_sec {
97 const void *data; /* the sec data */
98 size_t size; /* section size */
99 u32 offset; /* offset of writing in the device */
100};
101
102static void iwl_free_fw_desc(struct iwl_drv *drv, struct fw_desc *desc)
103{
104 vfree(desc->data);
105 desc->data = NULL;
106 desc->len = 0;
107}
108
109static void iwl_free_fw_img(struct iwl_drv *drv, struct fw_img *img)
110{
111 int i;
112 for (i = 0; i < img->num_sec; i++)
113 iwl_free_fw_desc(drv, &img->sec[i]);
114 kfree(img->sec);
115}
116
117static void iwl_dealloc_ucode(struct iwl_drv *drv)
118{
119 int i;
120
121 kfree(drv->fw.dbg.dest_tlv);
122 for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.conf_tlv); i++)
123 kfree(drv->fw.dbg.conf_tlv[i]);
124 for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.trigger_tlv); i++)
125 kfree(drv->fw.dbg.trigger_tlv[i]);
126 kfree(drv->fw.dbg.mem_tlv);
127 kfree(drv->fw.iml);
128 kfree(drv->fw.ucode_capa.cmd_versions);
129 kfree(drv->fw.phy_integration_ver);
130 kfree(drv->trans->dbg.pc_data);
131 drv->trans->dbg.pc_data = NULL;
132
133 for (i = 0; i < IWL_UCODE_TYPE_MAX; i++)
134 iwl_free_fw_img(drv, drv->fw.img + i);
135
136 /* clear the data for the aborted load case */
137 memset(&drv->fw, 0, sizeof(drv->fw));
138}
139
140static int iwl_alloc_fw_desc(struct iwl_drv *drv, struct fw_desc *desc,
141 struct fw_sec *sec)
142{
143 void *data;
144
145 desc->data = NULL;
146
147 if (!sec || !sec->size)
148 return -EINVAL;
149
150 data = vmalloc(sec->size);
151 if (!data)
152 return -ENOMEM;
153
154 desc->len = sec->size;
155 desc->offset = sec->offset;
156 memcpy(data, sec->data, desc->len);
157 desc->data = data;
158
159 return 0;
160}
161
162static inline char iwl_drv_get_step(int step)
163{
164 if (step == SILICON_Z_STEP)
165 return 'z';
166 if (step == SILICON_TC_STEP)
167 return 'a';
168 return 'a' + step;
169}
170
171const char *iwl_drv_get_fwname_pre(struct iwl_trans *trans, char *buf)
172{
173 char mac_step, rf_step;
174 const char *rf, *cdb;
175
176 if (trans->cfg->fw_name_pre)
177 return trans->cfg->fw_name_pre;
178
179 if (WARN_ON(!trans->cfg->fw_name_mac))
180 return "unconfigured";
181
182 mac_step = iwl_drv_get_step(trans->hw_rev_step);
183
184 rf_step = iwl_drv_get_step(CSR_HW_RFID_STEP(trans->hw_rf_id));
185
186 switch (CSR_HW_RFID_TYPE(trans->hw_rf_id)) {
187 case IWL_CFG_RF_TYPE_HR1:
188 case IWL_CFG_RF_TYPE_HR2:
189 rf = "hr";
190 break;
191 case IWL_CFG_RF_TYPE_GF:
192 rf = "gf";
193 break;
194 case IWL_CFG_RF_TYPE_MR:
195 rf = "mr";
196 break;
197 case IWL_CFG_RF_TYPE_MS:
198 rf = "ms";
199 break;
200 case IWL_CFG_RF_TYPE_FM:
201 rf = "fm";
202 break;
203 case IWL_CFG_RF_TYPE_WH:
204 if (SILICON_Z_STEP ==
205 CSR_HW_RFID_STEP(trans->hw_rf_id)) {
206 rf = "whtc";
207 rf_step = 'a';
208 } else {
209 rf = "wh";
210 }
211 break;
212 default:
213 return "unknown-rf";
214 }
215
216 cdb = CSR_HW_RFID_IS_CDB(trans->hw_rf_id) ? "4" : "";
217
218 scnprintf(buf, FW_NAME_PRE_BUFSIZE,
219 "iwlwifi-%s-%c0-%s%s-%c0",
220 trans->cfg->fw_name_mac, mac_step,
221 rf, cdb, rf_step);
222
223 return buf;
224}
225IWL_EXPORT_SYMBOL(iwl_drv_get_fwname_pre);
226
227static void iwl_req_fw_callback(const struct firmware *ucode_raw,
228 void *context);
229
230static int iwl_request_firmware(struct iwl_drv *drv, bool first)
231{
232 const struct iwl_cfg *cfg = drv->trans->cfg;
233 char _fw_name_pre[FW_NAME_PRE_BUFSIZE];
234 const char *fw_name_pre;
235
236 if (drv->trans->trans_cfg->device_family == IWL_DEVICE_FAMILY_9000 &&
237 (drv->trans->hw_rev_step != SILICON_B_STEP &&
238 drv->trans->hw_rev_step != SILICON_C_STEP)) {
239 IWL_ERR(drv,
240 "Only HW steps B and C are currently supported (0x%0x)\n",
241 drv->trans->hw_rev);
242 return -EINVAL;
243 }
244
245 fw_name_pre = iwl_drv_get_fwname_pre(drv->trans, _fw_name_pre);
246
247 if (first)
248 drv->fw_index = cfg->ucode_api_max;
249 else
250 drv->fw_index--;
251
252 if (drv->fw_index < cfg->ucode_api_min) {
253 IWL_ERR(drv, "no suitable firmware found!\n");
254
255 if (cfg->ucode_api_min == cfg->ucode_api_max) {
256 IWL_ERR(drv, "%s-%d is required\n", fw_name_pre,
257 cfg->ucode_api_max);
258 } else {
259 IWL_ERR(drv, "minimum version required: %s-%d\n",
260 fw_name_pre, cfg->ucode_api_min);
261 IWL_ERR(drv, "maximum version supported: %s-%d\n",
262 fw_name_pre, cfg->ucode_api_max);
263 }
264
265 IWL_ERR(drv,
266 "check git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git\n");
267 return -ENOENT;
268 }
269
270 snprintf(drv->firmware_name, sizeof(drv->firmware_name), "%s-%d.ucode",
271 fw_name_pre, drv->fw_index);
272
273 IWL_DEBUG_FW_INFO(drv, "attempting to load firmware '%s'\n",
274 drv->firmware_name);
275
276 return request_firmware_nowait(THIS_MODULE, 1, drv->firmware_name,
277 drv->trans->dev,
278 GFP_KERNEL, drv, iwl_req_fw_callback);
279}
280
281struct fw_img_parsing {
282 struct fw_sec *sec;
283 int sec_counter;
284};
285
286/*
287 * struct fw_sec_parsing: to extract fw section and it's offset from tlv
288 */
289struct fw_sec_parsing {
290 __le32 offset;
291 const u8 data[];
292} __packed;
293
294/**
295 * struct iwl_tlv_calib_data - parse the default calib data from TLV
296 *
297 * @ucode_type: the uCode to which the following default calib relates.
298 * @calib: default calibrations.
299 */
300struct iwl_tlv_calib_data {
301 __le32 ucode_type;
302 struct iwl_tlv_calib_ctrl calib;
303} __packed;
304
305struct iwl_firmware_pieces {
306 struct fw_img_parsing img[IWL_UCODE_TYPE_MAX];
307
308 u32 init_evtlog_ptr, init_evtlog_size, init_errlog_ptr;
309 u32 inst_evtlog_ptr, inst_evtlog_size, inst_errlog_ptr;
310
311 /* FW debug data parsed for driver usage */
312 bool dbg_dest_tlv_init;
313 const u8 *dbg_dest_ver;
314 union {
315 const struct iwl_fw_dbg_dest_tlv *dbg_dest_tlv;
316 const struct iwl_fw_dbg_dest_tlv_v1 *dbg_dest_tlv_v1;
317 };
318 const struct iwl_fw_dbg_conf_tlv *dbg_conf_tlv[FW_DBG_CONF_MAX];
319 size_t dbg_conf_tlv_len[FW_DBG_CONF_MAX];
320 const struct iwl_fw_dbg_trigger_tlv *dbg_trigger_tlv[FW_DBG_TRIGGER_MAX];
321 size_t dbg_trigger_tlv_len[FW_DBG_TRIGGER_MAX];
322 struct iwl_fw_dbg_mem_seg_tlv *dbg_mem_tlv;
323 size_t n_mem_tlv;
324};
325
326/*
327 * These functions are just to extract uCode section data from the pieces
328 * structure.
329 */
330static struct fw_sec *get_sec(struct iwl_firmware_pieces *pieces,
331 enum iwl_ucode_type type,
332 int sec)
333{
334 return &pieces->img[type].sec[sec];
335}
336
337static void alloc_sec_data(struct iwl_firmware_pieces *pieces,
338 enum iwl_ucode_type type,
339 int sec)
340{
341 struct fw_img_parsing *img = &pieces->img[type];
342 struct fw_sec *sec_memory;
343 int size = sec + 1;
344 size_t alloc_size = sizeof(*img->sec) * size;
345
346 if (img->sec && img->sec_counter >= size)
347 return;
348
349 sec_memory = krealloc(img->sec, alloc_size, GFP_KERNEL);
350 if (!sec_memory)
351 return;
352
353 img->sec = sec_memory;
354 img->sec_counter = size;
355}
356
357static void set_sec_data(struct iwl_firmware_pieces *pieces,
358 enum iwl_ucode_type type,
359 int sec,
360 const void *data)
361{
362 alloc_sec_data(pieces, type, sec);
363
364 pieces->img[type].sec[sec].data = data;
365}
366
367static void set_sec_size(struct iwl_firmware_pieces *pieces,
368 enum iwl_ucode_type type,
369 int sec,
370 size_t size)
371{
372 alloc_sec_data(pieces, type, sec);
373
374 pieces->img[type].sec[sec].size = size;
375}
376
377static size_t get_sec_size(struct iwl_firmware_pieces *pieces,
378 enum iwl_ucode_type type,
379 int sec)
380{
381 return pieces->img[type].sec[sec].size;
382}
383
384static void set_sec_offset(struct iwl_firmware_pieces *pieces,
385 enum iwl_ucode_type type,
386 int sec,
387 u32 offset)
388{
389 alloc_sec_data(pieces, type, sec);
390
391 pieces->img[type].sec[sec].offset = offset;
392}
393
394/*
395 * Gets uCode section from tlv.
396 */
397static int iwl_store_ucode_sec(struct iwl_firmware_pieces *pieces,
398 const void *data, enum iwl_ucode_type type,
399 int size)
400{
401 struct fw_img_parsing *img;
402 struct fw_sec *sec;
403 const struct fw_sec_parsing *sec_parse;
404 size_t alloc_size;
405
406 if (WARN_ON(!pieces || !data || type >= IWL_UCODE_TYPE_MAX))
407 return -1;
408
409 sec_parse = (const struct fw_sec_parsing *)data;
410
411 img = &pieces->img[type];
412
413 alloc_size = sizeof(*img->sec) * (img->sec_counter + 1);
414 sec = krealloc(img->sec, alloc_size, GFP_KERNEL);
415 if (!sec)
416 return -ENOMEM;
417 img->sec = sec;
418
419 sec = &img->sec[img->sec_counter];
420
421 sec->offset = le32_to_cpu(sec_parse->offset);
422 sec->data = sec_parse->data;
423 sec->size = size - sizeof(sec_parse->offset);
424
425 ++img->sec_counter;
426
427 return 0;
428}
429
430static int iwl_set_default_calib(struct iwl_drv *drv, const u8 *data)
431{
432 const struct iwl_tlv_calib_data *def_calib =
433 (const struct iwl_tlv_calib_data *)data;
434 u32 ucode_type = le32_to_cpu(def_calib->ucode_type);
435 if (ucode_type >= IWL_UCODE_TYPE_MAX) {
436 IWL_ERR(drv, "Wrong ucode_type %u for default calibration.\n",
437 ucode_type);
438 return -EINVAL;
439 }
440 drv->fw.default_calib[ucode_type].flow_trigger =
441 def_calib->calib.flow_trigger;
442 drv->fw.default_calib[ucode_type].event_trigger =
443 def_calib->calib.event_trigger;
444
445 return 0;
446}
447
448static void iwl_set_ucode_api_flags(struct iwl_drv *drv, const u8 *data,
449 struct iwl_ucode_capabilities *capa)
450{
451 const struct iwl_ucode_api *ucode_api = (const void *)data;
452 u32 api_index = le32_to_cpu(ucode_api->api_index);
453 u32 api_flags = le32_to_cpu(ucode_api->api_flags);
454 int i;
455
456 if (api_index >= DIV_ROUND_UP(NUM_IWL_UCODE_TLV_API, 32)) {
457 IWL_WARN(drv,
458 "api flags index %d larger than supported by driver\n",
459 api_index);
460 return;
461 }
462
463 for (i = 0; i < 32; i++) {
464 if (api_flags & BIT(i))
465 __set_bit(i + 32 * api_index, capa->_api);
466 }
467}
468
469static void iwl_set_ucode_capabilities(struct iwl_drv *drv, const u8 *data,
470 struct iwl_ucode_capabilities *capa)
471{
472 const struct iwl_ucode_capa *ucode_capa = (const void *)data;
473 u32 api_index = le32_to_cpu(ucode_capa->api_index);
474 u32 api_flags = le32_to_cpu(ucode_capa->api_capa);
475 int i;
476
477 if (api_index >= DIV_ROUND_UP(NUM_IWL_UCODE_TLV_CAPA, 32)) {
478 IWL_WARN(drv,
479 "capa flags index %d larger than supported by driver\n",
480 api_index);
481 return;
482 }
483
484 for (i = 0; i < 32; i++) {
485 if (api_flags & BIT(i))
486 __set_bit(i + 32 * api_index, capa->_capa);
487 }
488}
489
490static const char *iwl_reduced_fw_name(struct iwl_drv *drv)
491{
492 const char *name = drv->firmware_name;
493
494 if (strncmp(name, "iwlwifi-", 8) == 0)
495 name += 8;
496
497 return name;
498}
499
500static int iwl_parse_v1_v2_firmware(struct iwl_drv *drv,
501 const struct firmware *ucode_raw,
502 struct iwl_firmware_pieces *pieces)
503{
504 const struct iwl_ucode_header *ucode = (const void *)ucode_raw->data;
505 u32 api_ver, hdr_size, build;
506 char buildstr[25];
507 const u8 *src;
508
509 drv->fw.ucode_ver = le32_to_cpu(ucode->ver);
510 api_ver = IWL_UCODE_API(drv->fw.ucode_ver);
511
512 switch (api_ver) {
513 default:
514 hdr_size = 28;
515 if (ucode_raw->size < hdr_size) {
516 IWL_ERR(drv, "File size too small!\n");
517 return -EINVAL;
518 }
519 build = le32_to_cpu(ucode->u.v2.build);
520 set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST,
521 le32_to_cpu(ucode->u.v2.inst_size));
522 set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA,
523 le32_to_cpu(ucode->u.v2.data_size));
524 set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST,
525 le32_to_cpu(ucode->u.v2.init_size));
526 set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA,
527 le32_to_cpu(ucode->u.v2.init_data_size));
528 src = ucode->u.v2.data;
529 break;
530 case 0:
531 case 1:
532 case 2:
533 hdr_size = 24;
534 if (ucode_raw->size < hdr_size) {
535 IWL_ERR(drv, "File size too small!\n");
536 return -EINVAL;
537 }
538 build = 0;
539 set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST,
540 le32_to_cpu(ucode->u.v1.inst_size));
541 set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA,
542 le32_to_cpu(ucode->u.v1.data_size));
543 set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST,
544 le32_to_cpu(ucode->u.v1.init_size));
545 set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA,
546 le32_to_cpu(ucode->u.v1.init_data_size));
547 src = ucode->u.v1.data;
548 break;
549 }
550
551 if (build)
552 sprintf(buildstr, " build %u", build);
553 else
554 buildstr[0] = '\0';
555
556 snprintf(drv->fw.fw_version,
557 sizeof(drv->fw.fw_version),
558 "%u.%u.%u.%u%s %s",
559 IWL_UCODE_MAJOR(drv->fw.ucode_ver),
560 IWL_UCODE_MINOR(drv->fw.ucode_ver),
561 IWL_UCODE_API(drv->fw.ucode_ver),
562 IWL_UCODE_SERIAL(drv->fw.ucode_ver),
563 buildstr, iwl_reduced_fw_name(drv));
564
565 /* Verify size of file vs. image size info in file's header */
566
567 if (ucode_raw->size != hdr_size +
568 get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST) +
569 get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA) +
570 get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST) +
571 get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA)) {
572
573 IWL_ERR(drv,
574 "uCode file size %d does not match expected size\n",
575 (int)ucode_raw->size);
576 return -EINVAL;
577 }
578
579
580 set_sec_data(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST, src);
581 src += get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST);
582 set_sec_offset(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST,
583 IWLAGN_RTC_INST_LOWER_BOUND);
584 set_sec_data(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA, src);
585 src += get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA);
586 set_sec_offset(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA,
587 IWLAGN_RTC_DATA_LOWER_BOUND);
588 set_sec_data(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST, src);
589 src += get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST);
590 set_sec_offset(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST,
591 IWLAGN_RTC_INST_LOWER_BOUND);
592 set_sec_data(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA, src);
593 src += get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA);
594 set_sec_offset(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA,
595 IWLAGN_RTC_DATA_LOWER_BOUND);
596 return 0;
597}
598
599static void iwl_drv_set_dump_exclude(struct iwl_drv *drv,
600 enum iwl_ucode_tlv_type tlv_type,
601 const void *tlv_data, u32 tlv_len)
602{
603 const struct iwl_fw_dump_exclude *fw = tlv_data;
604 struct iwl_dump_exclude *excl;
605
606 if (tlv_len < sizeof(*fw))
607 return;
608
609 if (tlv_type == IWL_UCODE_TLV_SEC_TABLE_ADDR) {
610 excl = &drv->fw.dump_excl[0];
611
612 /* second time we find this, it's for WoWLAN */
613 if (excl->addr)
614 excl = &drv->fw.dump_excl_wowlan[0];
615 } else if (fw_has_capa(&drv->fw.ucode_capa,
616 IWL_UCODE_TLV_CAPA_CNSLDTD_D3_D0_IMG)) {
617 /* IWL_UCODE_TLV_D3_KEK_KCK_ADDR is regular image */
618 excl = &drv->fw.dump_excl[0];
619 } else {
620 /* IWL_UCODE_TLV_D3_KEK_KCK_ADDR is WoWLAN image */
621 excl = &drv->fw.dump_excl_wowlan[0];
622 }
623
624 if (excl->addr)
625 excl++;
626
627 if (excl->addr) {
628 IWL_DEBUG_FW_INFO(drv, "found too many excludes in fw file\n");
629 return;
630 }
631
632 excl->addr = le32_to_cpu(fw->addr) & ~FW_ADDR_CACHE_CONTROL;
633 excl->size = le32_to_cpu(fw->size);
634}
635
636static void iwl_parse_dbg_tlv_assert_tables(struct iwl_drv *drv,
637 const struct iwl_ucode_tlv *tlv)
638{
639 const struct iwl_fw_ini_region_tlv *region;
640 u32 length = le32_to_cpu(tlv->length);
641 u32 addr;
642
643 if (length < offsetof(typeof(*region), special_mem) +
644 sizeof(region->special_mem))
645 return;
646
647 region = (const void *)tlv->data;
648 addr = le32_to_cpu(region->special_mem.base_addr);
649 addr += le32_to_cpu(region->special_mem.offset);
650 addr &= ~FW_ADDR_CACHE_CONTROL;
651
652 if (region->type != IWL_FW_INI_REGION_SPECIAL_DEVICE_MEMORY)
653 return;
654
655 switch (region->sub_type) {
656 case IWL_FW_INI_REGION_DEVICE_MEMORY_SUBTYPE_UMAC_ERROR_TABLE:
657 drv->trans->dbg.umac_error_event_table = addr;
658 drv->trans->dbg.error_event_table_tlv_status |=
659 IWL_ERROR_EVENT_TABLE_UMAC;
660 break;
661 case IWL_FW_INI_REGION_DEVICE_MEMORY_SUBTYPE_LMAC_1_ERROR_TABLE:
662 drv->trans->dbg.lmac_error_event_table[0] = addr;
663 drv->trans->dbg.error_event_table_tlv_status |=
664 IWL_ERROR_EVENT_TABLE_LMAC1;
665 break;
666 case IWL_FW_INI_REGION_DEVICE_MEMORY_SUBTYPE_LMAC_2_ERROR_TABLE:
667 drv->trans->dbg.lmac_error_event_table[1] = addr;
668 drv->trans->dbg.error_event_table_tlv_status |=
669 IWL_ERROR_EVENT_TABLE_LMAC2;
670 break;
671 case IWL_FW_INI_REGION_DEVICE_MEMORY_SUBTYPE_TCM_1_ERROR_TABLE:
672 drv->trans->dbg.tcm_error_event_table[0] = addr;
673 drv->trans->dbg.error_event_table_tlv_status |=
674 IWL_ERROR_EVENT_TABLE_TCM1;
675 break;
676 case IWL_FW_INI_REGION_DEVICE_MEMORY_SUBTYPE_TCM_2_ERROR_TABLE:
677 drv->trans->dbg.tcm_error_event_table[1] = addr;
678 drv->trans->dbg.error_event_table_tlv_status |=
679 IWL_ERROR_EVENT_TABLE_TCM2;
680 break;
681 case IWL_FW_INI_REGION_DEVICE_MEMORY_SUBTYPE_RCM_1_ERROR_TABLE:
682 drv->trans->dbg.rcm_error_event_table[0] = addr;
683 drv->trans->dbg.error_event_table_tlv_status |=
684 IWL_ERROR_EVENT_TABLE_RCM1;
685 break;
686 case IWL_FW_INI_REGION_DEVICE_MEMORY_SUBTYPE_RCM_2_ERROR_TABLE:
687 drv->trans->dbg.rcm_error_event_table[1] = addr;
688 drv->trans->dbg.error_event_table_tlv_status |=
689 IWL_ERROR_EVENT_TABLE_RCM2;
690 break;
691 default:
692 break;
693 }
694}
695
696static int iwl_parse_tlv_firmware(struct iwl_drv *drv,
697 const struct firmware *ucode_raw,
698 struct iwl_firmware_pieces *pieces,
699 struct iwl_ucode_capabilities *capa,
700 bool *usniffer_images)
701{
702 const struct iwl_tlv_ucode_header *ucode = (const void *)ucode_raw->data;
703 const struct iwl_ucode_tlv *tlv;
704 size_t len = ucode_raw->size;
705 const u8 *data;
706 u32 tlv_len;
707 u32 usniffer_img;
708 enum iwl_ucode_tlv_type tlv_type;
709 const u8 *tlv_data;
710 char buildstr[25];
711 u32 build, paging_mem_size;
712 int num_of_cpus;
713 bool usniffer_req = false;
714
715 if (len < sizeof(*ucode)) {
716 IWL_ERR(drv, "uCode has invalid length: %zd\n", len);
717 return -EINVAL;
718 }
719
720 if (ucode->magic != cpu_to_le32(IWL_TLV_UCODE_MAGIC)) {
721 IWL_ERR(drv, "invalid uCode magic: 0X%x\n",
722 le32_to_cpu(ucode->magic));
723 return -EINVAL;
724 }
725
726 drv->fw.ucode_ver = le32_to_cpu(ucode->ver);
727 memcpy(drv->fw.human_readable, ucode->human_readable,
728 sizeof(drv->fw.human_readable));
729 build = le32_to_cpu(ucode->build);
730
731 if (build)
732 sprintf(buildstr, " build %u", build);
733 else
734 buildstr[0] = '\0';
735
736 snprintf(drv->fw.fw_version,
737 sizeof(drv->fw.fw_version),
738 "%u.%u.%u.%u%s %s",
739 IWL_UCODE_MAJOR(drv->fw.ucode_ver),
740 IWL_UCODE_MINOR(drv->fw.ucode_ver),
741 IWL_UCODE_API(drv->fw.ucode_ver),
742 IWL_UCODE_SERIAL(drv->fw.ucode_ver),
743 buildstr, iwl_reduced_fw_name(drv));
744
745 data = ucode->data;
746
747 len -= sizeof(*ucode);
748
749 while (len >= sizeof(*tlv)) {
750 len -= sizeof(*tlv);
751
752 tlv = (const void *)data;
753 tlv_len = le32_to_cpu(tlv->length);
754 tlv_type = le32_to_cpu(tlv->type);
755 tlv_data = tlv->data;
756
757 if (len < tlv_len) {
758 IWL_ERR(drv, "invalid TLV len: %zd/%u\n",
759 len, tlv_len);
760 return -EINVAL;
761 }
762 len -= ALIGN(tlv_len, 4);
763 data += sizeof(*tlv) + ALIGN(tlv_len, 4);
764
765 switch (tlv_type) {
766 case IWL_UCODE_TLV_INST:
767 set_sec_data(pieces, IWL_UCODE_REGULAR,
768 IWL_UCODE_SECTION_INST, tlv_data);
769 set_sec_size(pieces, IWL_UCODE_REGULAR,
770 IWL_UCODE_SECTION_INST, tlv_len);
771 set_sec_offset(pieces, IWL_UCODE_REGULAR,
772 IWL_UCODE_SECTION_INST,
773 IWLAGN_RTC_INST_LOWER_BOUND);
774 break;
775 case IWL_UCODE_TLV_DATA:
776 set_sec_data(pieces, IWL_UCODE_REGULAR,
777 IWL_UCODE_SECTION_DATA, tlv_data);
778 set_sec_size(pieces, IWL_UCODE_REGULAR,
779 IWL_UCODE_SECTION_DATA, tlv_len);
780 set_sec_offset(pieces, IWL_UCODE_REGULAR,
781 IWL_UCODE_SECTION_DATA,
782 IWLAGN_RTC_DATA_LOWER_BOUND);
783 break;
784 case IWL_UCODE_TLV_INIT:
785 set_sec_data(pieces, IWL_UCODE_INIT,
786 IWL_UCODE_SECTION_INST, tlv_data);
787 set_sec_size(pieces, IWL_UCODE_INIT,
788 IWL_UCODE_SECTION_INST, tlv_len);
789 set_sec_offset(pieces, IWL_UCODE_INIT,
790 IWL_UCODE_SECTION_INST,
791 IWLAGN_RTC_INST_LOWER_BOUND);
792 break;
793 case IWL_UCODE_TLV_INIT_DATA:
794 set_sec_data(pieces, IWL_UCODE_INIT,
795 IWL_UCODE_SECTION_DATA, tlv_data);
796 set_sec_size(pieces, IWL_UCODE_INIT,
797 IWL_UCODE_SECTION_DATA, tlv_len);
798 set_sec_offset(pieces, IWL_UCODE_INIT,
799 IWL_UCODE_SECTION_DATA,
800 IWLAGN_RTC_DATA_LOWER_BOUND);
801 break;
802 case IWL_UCODE_TLV_BOOT:
803 IWL_ERR(drv, "Found unexpected BOOT ucode\n");
804 break;
805 case IWL_UCODE_TLV_PROBE_MAX_LEN:
806 if (tlv_len != sizeof(u32))
807 goto invalid_tlv_len;
808 capa->max_probe_length =
809 le32_to_cpup((const __le32 *)tlv_data);
810 break;
811 case IWL_UCODE_TLV_PAN:
812 if (tlv_len)
813 goto invalid_tlv_len;
814 capa->flags |= IWL_UCODE_TLV_FLAGS_PAN;
815 break;
816 case IWL_UCODE_TLV_FLAGS:
817 /* must be at least one u32 */
818 if (tlv_len < sizeof(u32))
819 goto invalid_tlv_len;
820 /* and a proper number of u32s */
821 if (tlv_len % sizeof(u32))
822 goto invalid_tlv_len;
823 /*
824 * This driver only reads the first u32 as
825 * right now no more features are defined,
826 * if that changes then either the driver
827 * will not work with the new firmware, or
828 * it'll not take advantage of new features.
829 */
830 capa->flags = le32_to_cpup((const __le32 *)tlv_data);
831 break;
832 case IWL_UCODE_TLV_API_CHANGES_SET:
833 if (tlv_len != sizeof(struct iwl_ucode_api))
834 goto invalid_tlv_len;
835 iwl_set_ucode_api_flags(drv, tlv_data, capa);
836 break;
837 case IWL_UCODE_TLV_ENABLED_CAPABILITIES:
838 if (tlv_len != sizeof(struct iwl_ucode_capa))
839 goto invalid_tlv_len;
840 iwl_set_ucode_capabilities(drv, tlv_data, capa);
841 break;
842 case IWL_UCODE_TLV_INIT_EVTLOG_PTR:
843 if (tlv_len != sizeof(u32))
844 goto invalid_tlv_len;
845 pieces->init_evtlog_ptr =
846 le32_to_cpup((const __le32 *)tlv_data);
847 break;
848 case IWL_UCODE_TLV_INIT_EVTLOG_SIZE:
849 if (tlv_len != sizeof(u32))
850 goto invalid_tlv_len;
851 pieces->init_evtlog_size =
852 le32_to_cpup((const __le32 *)tlv_data);
853 break;
854 case IWL_UCODE_TLV_INIT_ERRLOG_PTR:
855 if (tlv_len != sizeof(u32))
856 goto invalid_tlv_len;
857 pieces->init_errlog_ptr =
858 le32_to_cpup((const __le32 *)tlv_data);
859 break;
860 case IWL_UCODE_TLV_RUNT_EVTLOG_PTR:
861 if (tlv_len != sizeof(u32))
862 goto invalid_tlv_len;
863 pieces->inst_evtlog_ptr =
864 le32_to_cpup((const __le32 *)tlv_data);
865 break;
866 case IWL_UCODE_TLV_RUNT_EVTLOG_SIZE:
867 if (tlv_len != sizeof(u32))
868 goto invalid_tlv_len;
869 pieces->inst_evtlog_size =
870 le32_to_cpup((const __le32 *)tlv_data);
871 break;
872 case IWL_UCODE_TLV_RUNT_ERRLOG_PTR:
873 if (tlv_len != sizeof(u32))
874 goto invalid_tlv_len;
875 pieces->inst_errlog_ptr =
876 le32_to_cpup((const __le32 *)tlv_data);
877 break;
878 case IWL_UCODE_TLV_ENHANCE_SENS_TBL:
879 if (tlv_len)
880 goto invalid_tlv_len;
881 drv->fw.enhance_sensitivity_table = true;
882 break;
883 case IWL_UCODE_TLV_WOWLAN_INST:
884 set_sec_data(pieces, IWL_UCODE_WOWLAN,
885 IWL_UCODE_SECTION_INST, tlv_data);
886 set_sec_size(pieces, IWL_UCODE_WOWLAN,
887 IWL_UCODE_SECTION_INST, tlv_len);
888 set_sec_offset(pieces, IWL_UCODE_WOWLAN,
889 IWL_UCODE_SECTION_INST,
890 IWLAGN_RTC_INST_LOWER_BOUND);
891 break;
892 case IWL_UCODE_TLV_WOWLAN_DATA:
893 set_sec_data(pieces, IWL_UCODE_WOWLAN,
894 IWL_UCODE_SECTION_DATA, tlv_data);
895 set_sec_size(pieces, IWL_UCODE_WOWLAN,
896 IWL_UCODE_SECTION_DATA, tlv_len);
897 set_sec_offset(pieces, IWL_UCODE_WOWLAN,
898 IWL_UCODE_SECTION_DATA,
899 IWLAGN_RTC_DATA_LOWER_BOUND);
900 break;
901 case IWL_UCODE_TLV_PHY_CALIBRATION_SIZE:
902 if (tlv_len != sizeof(u32))
903 goto invalid_tlv_len;
904 capa->standard_phy_calibration_size =
905 le32_to_cpup((const __le32 *)tlv_data);
906 break;
907 case IWL_UCODE_TLV_SEC_RT:
908 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_REGULAR,
909 tlv_len);
910 drv->fw.type = IWL_FW_MVM;
911 break;
912 case IWL_UCODE_TLV_SEC_INIT:
913 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_INIT,
914 tlv_len);
915 drv->fw.type = IWL_FW_MVM;
916 break;
917 case IWL_UCODE_TLV_SEC_WOWLAN:
918 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_WOWLAN,
919 tlv_len);
920 drv->fw.type = IWL_FW_MVM;
921 break;
922 case IWL_UCODE_TLV_DEF_CALIB:
923 if (tlv_len != sizeof(struct iwl_tlv_calib_data))
924 goto invalid_tlv_len;
925 if (iwl_set_default_calib(drv, tlv_data))
926 goto tlv_error;
927 break;
928 case IWL_UCODE_TLV_PHY_SKU:
929 if (tlv_len != sizeof(u32))
930 goto invalid_tlv_len;
931 drv->fw.phy_config = le32_to_cpup((const __le32 *)tlv_data);
932 drv->fw.valid_tx_ant = (drv->fw.phy_config &
933 FW_PHY_CFG_TX_CHAIN) >>
934 FW_PHY_CFG_TX_CHAIN_POS;
935 drv->fw.valid_rx_ant = (drv->fw.phy_config &
936 FW_PHY_CFG_RX_CHAIN) >>
937 FW_PHY_CFG_RX_CHAIN_POS;
938 break;
939 case IWL_UCODE_TLV_SECURE_SEC_RT:
940 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_REGULAR,
941 tlv_len);
942 drv->fw.type = IWL_FW_MVM;
943 break;
944 case IWL_UCODE_TLV_SECURE_SEC_INIT:
945 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_INIT,
946 tlv_len);
947 drv->fw.type = IWL_FW_MVM;
948 break;
949 case IWL_UCODE_TLV_SECURE_SEC_WOWLAN:
950 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_WOWLAN,
951 tlv_len);
952 drv->fw.type = IWL_FW_MVM;
953 break;
954 case IWL_UCODE_TLV_NUM_OF_CPU:
955 if (tlv_len != sizeof(u32))
956 goto invalid_tlv_len;
957 num_of_cpus =
958 le32_to_cpup((const __le32 *)tlv_data);
959
960 if (num_of_cpus == 2) {
961 drv->fw.img[IWL_UCODE_REGULAR].is_dual_cpus =
962 true;
963 drv->fw.img[IWL_UCODE_INIT].is_dual_cpus =
964 true;
965 drv->fw.img[IWL_UCODE_WOWLAN].is_dual_cpus =
966 true;
967 } else if ((num_of_cpus > 2) || (num_of_cpus < 1)) {
968 IWL_ERR(drv, "Driver support up to 2 CPUs\n");
969 return -EINVAL;
970 }
971 break;
972 case IWL_UCODE_TLV_N_SCAN_CHANNELS:
973 if (tlv_len != sizeof(u32))
974 goto invalid_tlv_len;
975 capa->n_scan_channels =
976 le32_to_cpup((const __le32 *)tlv_data);
977 break;
978 case IWL_UCODE_TLV_FW_VERSION: {
979 const __le32 *ptr = (const void *)tlv_data;
980 u32 major, minor;
981 u8 local_comp;
982
983 if (tlv_len != sizeof(u32) * 3)
984 goto invalid_tlv_len;
985
986 major = le32_to_cpup(ptr++);
987 minor = le32_to_cpup(ptr++);
988 local_comp = le32_to_cpup(ptr);
989
990 if (major >= 35)
991 snprintf(drv->fw.fw_version,
992 sizeof(drv->fw.fw_version),
993 "%u.%08x.%u %s", major, minor,
994 local_comp, iwl_reduced_fw_name(drv));
995 else
996 snprintf(drv->fw.fw_version,
997 sizeof(drv->fw.fw_version),
998 "%u.%u.%u %s", major, minor,
999 local_comp, iwl_reduced_fw_name(drv));
1000 break;
1001 }
1002 case IWL_UCODE_TLV_FW_DBG_DEST: {
1003 const struct iwl_fw_dbg_dest_tlv *dest = NULL;
1004 const struct iwl_fw_dbg_dest_tlv_v1 *dest_v1 = NULL;
1005 u8 mon_mode;
1006
1007 pieces->dbg_dest_ver = (const u8 *)tlv_data;
1008 if (*pieces->dbg_dest_ver == 1) {
1009 dest = (const void *)tlv_data;
1010 } else if (*pieces->dbg_dest_ver == 0) {
1011 dest_v1 = (const void *)tlv_data;
1012 } else {
1013 IWL_ERR(drv,
1014 "The version is %d, and it is invalid\n",
1015 *pieces->dbg_dest_ver);
1016 break;
1017 }
1018
1019 if (pieces->dbg_dest_tlv_init) {
1020 IWL_ERR(drv,
1021 "dbg destination ignored, already exists\n");
1022 break;
1023 }
1024
1025 pieces->dbg_dest_tlv_init = true;
1026
1027 if (dest_v1) {
1028 pieces->dbg_dest_tlv_v1 = dest_v1;
1029 mon_mode = dest_v1->monitor_mode;
1030 } else {
1031 pieces->dbg_dest_tlv = dest;
1032 mon_mode = dest->monitor_mode;
1033 }
1034
1035 IWL_INFO(drv, "Found debug destination: %s\n",
1036 get_fw_dbg_mode_string(mon_mode));
1037
1038 drv->fw.dbg.n_dest_reg = (dest_v1) ?
1039 tlv_len -
1040 offsetof(struct iwl_fw_dbg_dest_tlv_v1,
1041 reg_ops) :
1042 tlv_len -
1043 offsetof(struct iwl_fw_dbg_dest_tlv,
1044 reg_ops);
1045
1046 drv->fw.dbg.n_dest_reg /=
1047 sizeof(drv->fw.dbg.dest_tlv->reg_ops[0]);
1048
1049 break;
1050 }
1051 case IWL_UCODE_TLV_FW_DBG_CONF: {
1052 const struct iwl_fw_dbg_conf_tlv *conf =
1053 (const void *)tlv_data;
1054
1055 if (!pieces->dbg_dest_tlv_init) {
1056 IWL_ERR(drv,
1057 "Ignore dbg config %d - no destination configured\n",
1058 conf->id);
1059 break;
1060 }
1061
1062 if (conf->id >= ARRAY_SIZE(drv->fw.dbg.conf_tlv)) {
1063 IWL_ERR(drv,
1064 "Skip unknown configuration: %d\n",
1065 conf->id);
1066 break;
1067 }
1068
1069 if (pieces->dbg_conf_tlv[conf->id]) {
1070 IWL_ERR(drv,
1071 "Ignore duplicate dbg config %d\n",
1072 conf->id);
1073 break;
1074 }
1075
1076 if (conf->usniffer)
1077 usniffer_req = true;
1078
1079 IWL_INFO(drv, "Found debug configuration: %d\n",
1080 conf->id);
1081
1082 pieces->dbg_conf_tlv[conf->id] = conf;
1083 pieces->dbg_conf_tlv_len[conf->id] = tlv_len;
1084 break;
1085 }
1086 case IWL_UCODE_TLV_FW_DBG_TRIGGER: {
1087 const struct iwl_fw_dbg_trigger_tlv *trigger =
1088 (const void *)tlv_data;
1089 u32 trigger_id = le32_to_cpu(trigger->id);
1090
1091 if (trigger_id >= ARRAY_SIZE(drv->fw.dbg.trigger_tlv)) {
1092 IWL_ERR(drv,
1093 "Skip unknown trigger: %u\n",
1094 trigger->id);
1095 break;
1096 }
1097
1098 if (pieces->dbg_trigger_tlv[trigger_id]) {
1099 IWL_ERR(drv,
1100 "Ignore duplicate dbg trigger %u\n",
1101 trigger->id);
1102 break;
1103 }
1104
1105 IWL_INFO(drv, "Found debug trigger: %u\n", trigger->id);
1106
1107 pieces->dbg_trigger_tlv[trigger_id] = trigger;
1108 pieces->dbg_trigger_tlv_len[trigger_id] = tlv_len;
1109 break;
1110 }
1111 case IWL_UCODE_TLV_FW_DBG_DUMP_LST: {
1112 if (tlv_len != sizeof(u32)) {
1113 IWL_ERR(drv,
1114 "dbg lst mask size incorrect, skip\n");
1115 break;
1116 }
1117
1118 drv->fw.dbg.dump_mask =
1119 le32_to_cpup((const __le32 *)tlv_data);
1120 break;
1121 }
1122 case IWL_UCODE_TLV_SEC_RT_USNIFFER:
1123 *usniffer_images = true;
1124 iwl_store_ucode_sec(pieces, tlv_data,
1125 IWL_UCODE_REGULAR_USNIFFER,
1126 tlv_len);
1127 break;
1128 case IWL_UCODE_TLV_PAGING:
1129 if (tlv_len != sizeof(u32))
1130 goto invalid_tlv_len;
1131 paging_mem_size = le32_to_cpup((const __le32 *)tlv_data);
1132
1133 IWL_DEBUG_FW(drv,
1134 "Paging: paging enabled (size = %u bytes)\n",
1135 paging_mem_size);
1136
1137 if (paging_mem_size > MAX_PAGING_IMAGE_SIZE) {
1138 IWL_ERR(drv,
1139 "Paging: driver supports up to %lu bytes for paging image\n",
1140 MAX_PAGING_IMAGE_SIZE);
1141 return -EINVAL;
1142 }
1143
1144 if (paging_mem_size & (FW_PAGING_SIZE - 1)) {
1145 IWL_ERR(drv,
1146 "Paging: image isn't multiple %lu\n",
1147 FW_PAGING_SIZE);
1148 return -EINVAL;
1149 }
1150
1151 drv->fw.img[IWL_UCODE_REGULAR].paging_mem_size =
1152 paging_mem_size;
1153 usniffer_img = IWL_UCODE_REGULAR_USNIFFER;
1154 drv->fw.img[usniffer_img].paging_mem_size =
1155 paging_mem_size;
1156 break;
1157 case IWL_UCODE_TLV_FW_GSCAN_CAPA:
1158 /* ignored */
1159 break;
1160 case IWL_UCODE_TLV_FW_MEM_SEG: {
1161 const struct iwl_fw_dbg_mem_seg_tlv *dbg_mem =
1162 (const void *)tlv_data;
1163 size_t size;
1164 struct iwl_fw_dbg_mem_seg_tlv *n;
1165
1166 if (tlv_len != (sizeof(*dbg_mem)))
1167 goto invalid_tlv_len;
1168
1169 IWL_DEBUG_INFO(drv, "Found debug memory segment: %u\n",
1170 dbg_mem->data_type);
1171
1172 size = sizeof(*pieces->dbg_mem_tlv) *
1173 (pieces->n_mem_tlv + 1);
1174 n = krealloc(pieces->dbg_mem_tlv, size, GFP_KERNEL);
1175 if (!n)
1176 return -ENOMEM;
1177 pieces->dbg_mem_tlv = n;
1178 pieces->dbg_mem_tlv[pieces->n_mem_tlv] = *dbg_mem;
1179 pieces->n_mem_tlv++;
1180 break;
1181 }
1182 case IWL_UCODE_TLV_IML: {
1183 drv->fw.iml_len = tlv_len;
1184 drv->fw.iml = kmemdup(tlv_data, tlv_len, GFP_KERNEL);
1185 if (!drv->fw.iml)
1186 return -ENOMEM;
1187 break;
1188 }
1189 case IWL_UCODE_TLV_FW_RECOVERY_INFO: {
1190 const struct {
1191 __le32 buf_addr;
1192 __le32 buf_size;
1193 } *recov_info = (const void *)tlv_data;
1194
1195 if (tlv_len != sizeof(*recov_info))
1196 goto invalid_tlv_len;
1197 capa->error_log_addr =
1198 le32_to_cpu(recov_info->buf_addr);
1199 capa->error_log_size =
1200 le32_to_cpu(recov_info->buf_size);
1201 }
1202 break;
1203 case IWL_UCODE_TLV_FW_FSEQ_VERSION: {
1204 const struct {
1205 u8 version[32];
1206 u8 sha1[20];
1207 } *fseq_ver = (const void *)tlv_data;
1208
1209 if (tlv_len != sizeof(*fseq_ver))
1210 goto invalid_tlv_len;
1211 IWL_INFO(drv, "TLV_FW_FSEQ_VERSION: %s\n",
1212 fseq_ver->version);
1213 }
1214 break;
1215 case IWL_UCODE_TLV_FW_NUM_STATIONS:
1216 if (tlv_len != sizeof(u32))
1217 goto invalid_tlv_len;
1218 if (le32_to_cpup((const __le32 *)tlv_data) >
1219 IWL_MVM_STATION_COUNT_MAX) {
1220 IWL_ERR(drv,
1221 "%d is an invalid number of station\n",
1222 le32_to_cpup((const __le32 *)tlv_data));
1223 goto tlv_error;
1224 }
1225 capa->num_stations =
1226 le32_to_cpup((const __le32 *)tlv_data);
1227 break;
1228 case IWL_UCODE_TLV_FW_NUM_BEACONS:
1229 if (tlv_len != sizeof(u32))
1230 goto invalid_tlv_len;
1231 capa->num_beacons =
1232 le32_to_cpup((const __le32 *)tlv_data);
1233 break;
1234 case IWL_UCODE_TLV_UMAC_DEBUG_ADDRS: {
1235 const struct iwl_umac_debug_addrs *dbg_ptrs =
1236 (const void *)tlv_data;
1237
1238 if (tlv_len != sizeof(*dbg_ptrs))
1239 goto invalid_tlv_len;
1240 if (drv->trans->trans_cfg->device_family <
1241 IWL_DEVICE_FAMILY_22000)
1242 break;
1243 drv->trans->dbg.umac_error_event_table =
1244 le32_to_cpu(dbg_ptrs->error_info_addr) &
1245 ~FW_ADDR_CACHE_CONTROL;
1246 drv->trans->dbg.error_event_table_tlv_status |=
1247 IWL_ERROR_EVENT_TABLE_UMAC;
1248 break;
1249 }
1250 case IWL_UCODE_TLV_LMAC_DEBUG_ADDRS: {
1251 const struct iwl_lmac_debug_addrs *dbg_ptrs =
1252 (const void *)tlv_data;
1253
1254 if (tlv_len != sizeof(*dbg_ptrs))
1255 goto invalid_tlv_len;
1256 if (drv->trans->trans_cfg->device_family <
1257 IWL_DEVICE_FAMILY_22000)
1258 break;
1259 drv->trans->dbg.lmac_error_event_table[0] =
1260 le32_to_cpu(dbg_ptrs->error_event_table_ptr) &
1261 ~FW_ADDR_CACHE_CONTROL;
1262 drv->trans->dbg.error_event_table_tlv_status |=
1263 IWL_ERROR_EVENT_TABLE_LMAC1;
1264 break;
1265 }
1266 case IWL_UCODE_TLV_TYPE_REGIONS:
1267 iwl_parse_dbg_tlv_assert_tables(drv, tlv);
1268 fallthrough;
1269 case IWL_UCODE_TLV_TYPE_DEBUG_INFO:
1270 case IWL_UCODE_TLV_TYPE_BUFFER_ALLOCATION:
1271 case IWL_UCODE_TLV_TYPE_HCMD:
1272 case IWL_UCODE_TLV_TYPE_TRIGGERS:
1273 case IWL_UCODE_TLV_TYPE_CONF_SET:
1274 if (iwlwifi_mod_params.enable_ini)
1275 iwl_dbg_tlv_alloc(drv->trans, tlv, false);
1276 break;
1277 case IWL_UCODE_TLV_CMD_VERSIONS:
1278 if (tlv_len % sizeof(struct iwl_fw_cmd_version)) {
1279 IWL_ERR(drv,
1280 "Invalid length for command versions: %u\n",
1281 tlv_len);
1282 tlv_len /= sizeof(struct iwl_fw_cmd_version);
1283 tlv_len *= sizeof(struct iwl_fw_cmd_version);
1284 }
1285 if (WARN_ON(capa->cmd_versions))
1286 return -EINVAL;
1287 capa->cmd_versions = kmemdup(tlv_data, tlv_len,
1288 GFP_KERNEL);
1289 if (!capa->cmd_versions)
1290 return -ENOMEM;
1291 capa->n_cmd_versions =
1292 tlv_len / sizeof(struct iwl_fw_cmd_version);
1293 break;
1294 case IWL_UCODE_TLV_PHY_INTEGRATION_VERSION:
1295 if (drv->fw.phy_integration_ver) {
1296 IWL_ERR(drv,
1297 "phy integration str ignored, already exists\n");
1298 break;
1299 }
1300
1301 drv->fw.phy_integration_ver =
1302 kmemdup(tlv_data, tlv_len, GFP_KERNEL);
1303 if (!drv->fw.phy_integration_ver)
1304 return -ENOMEM;
1305 drv->fw.phy_integration_ver_len = tlv_len;
1306 break;
1307 case IWL_UCODE_TLV_SEC_TABLE_ADDR:
1308 case IWL_UCODE_TLV_D3_KEK_KCK_ADDR:
1309 iwl_drv_set_dump_exclude(drv, tlv_type,
1310 tlv_data, tlv_len);
1311 break;
1312 case IWL_UCODE_TLV_CURRENT_PC:
1313 if (tlv_len < sizeof(struct iwl_pc_data))
1314 goto invalid_tlv_len;
1315 drv->trans->dbg.pc_data =
1316 kmemdup(tlv_data, tlv_len, GFP_KERNEL);
1317 if (!drv->trans->dbg.pc_data)
1318 return -ENOMEM;
1319 drv->trans->dbg.num_pc =
1320 tlv_len / sizeof(struct iwl_pc_data);
1321 break;
1322 default:
1323 IWL_DEBUG_INFO(drv, "unknown TLV: %d\n", tlv_type);
1324 break;
1325 }
1326 }
1327
1328 if (!fw_has_capa(capa, IWL_UCODE_TLV_CAPA_USNIFFER_UNIFIED) &&
1329 usniffer_req && !*usniffer_images) {
1330 IWL_ERR(drv,
1331 "user selected to work with usniffer but usniffer image isn't available in ucode package\n");
1332 return -EINVAL;
1333 }
1334
1335 if (len) {
1336 IWL_ERR(drv, "invalid TLV after parsing: %zd\n", len);
1337 iwl_print_hex_dump(drv, IWL_DL_FW, data, len);
1338 return -EINVAL;
1339 }
1340
1341 return 0;
1342
1343 invalid_tlv_len:
1344 IWL_ERR(drv, "TLV %d has invalid size: %u\n", tlv_type, tlv_len);
1345 tlv_error:
1346 iwl_print_hex_dump(drv, IWL_DL_FW, tlv_data, tlv_len);
1347
1348 return -EINVAL;
1349}
1350
1351static int iwl_alloc_ucode(struct iwl_drv *drv,
1352 struct iwl_firmware_pieces *pieces,
1353 enum iwl_ucode_type type)
1354{
1355 int i;
1356 struct fw_desc *sec;
1357
1358 sec = kcalloc(pieces->img[type].sec_counter, sizeof(*sec), GFP_KERNEL);
1359 if (!sec)
1360 return -ENOMEM;
1361 drv->fw.img[type].sec = sec;
1362 drv->fw.img[type].num_sec = pieces->img[type].sec_counter;
1363
1364 for (i = 0; i < pieces->img[type].sec_counter; i++)
1365 if (iwl_alloc_fw_desc(drv, &sec[i], get_sec(pieces, type, i)))
1366 return -ENOMEM;
1367
1368 return 0;
1369}
1370
1371static int validate_sec_sizes(struct iwl_drv *drv,
1372 struct iwl_firmware_pieces *pieces,
1373 const struct iwl_cfg *cfg)
1374{
1375 IWL_DEBUG_INFO(drv, "f/w package hdr runtime inst size = %zd\n",
1376 get_sec_size(pieces, IWL_UCODE_REGULAR,
1377 IWL_UCODE_SECTION_INST));
1378 IWL_DEBUG_INFO(drv, "f/w package hdr runtime data size = %zd\n",
1379 get_sec_size(pieces, IWL_UCODE_REGULAR,
1380 IWL_UCODE_SECTION_DATA));
1381 IWL_DEBUG_INFO(drv, "f/w package hdr init inst size = %zd\n",
1382 get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST));
1383 IWL_DEBUG_INFO(drv, "f/w package hdr init data size = %zd\n",
1384 get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA));
1385
1386 /* Verify that uCode images will fit in card's SRAM. */
1387 if (get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST) >
1388 cfg->max_inst_size) {
1389 IWL_ERR(drv, "uCode instr len %zd too large to fit in\n",
1390 get_sec_size(pieces, IWL_UCODE_REGULAR,
1391 IWL_UCODE_SECTION_INST));
1392 return -1;
1393 }
1394
1395 if (get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA) >
1396 cfg->max_data_size) {
1397 IWL_ERR(drv, "uCode data len %zd too large to fit in\n",
1398 get_sec_size(pieces, IWL_UCODE_REGULAR,
1399 IWL_UCODE_SECTION_DATA));
1400 return -1;
1401 }
1402
1403 if (get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST) >
1404 cfg->max_inst_size) {
1405 IWL_ERR(drv, "uCode init instr len %zd too large to fit in\n",
1406 get_sec_size(pieces, IWL_UCODE_INIT,
1407 IWL_UCODE_SECTION_INST));
1408 return -1;
1409 }
1410
1411 if (get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA) >
1412 cfg->max_data_size) {
1413 IWL_ERR(drv, "uCode init data len %zd too large to fit in\n",
1414 get_sec_size(pieces, IWL_UCODE_REGULAR,
1415 IWL_UCODE_SECTION_DATA));
1416 return -1;
1417 }
1418 return 0;
1419}
1420
1421static struct iwl_op_mode *
1422_iwl_op_mode_start(struct iwl_drv *drv, struct iwlwifi_opmode_table *op)
1423{
1424 const struct iwl_op_mode_ops *ops = op->ops;
1425 struct dentry *dbgfs_dir = NULL;
1426 struct iwl_op_mode *op_mode = NULL;
1427 int retry, max_retry = !!iwlwifi_mod_params.fw_restart * IWL_MAX_INIT_RETRY;
1428
1429 /* also protects start/stop from racing against each other */
1430 lockdep_assert_held(&iwlwifi_opmode_table_mtx);
1431
1432 for (retry = 0; retry <= max_retry; retry++) {
1433
1434#ifdef CONFIG_IWLWIFI_DEBUGFS
1435 drv->dbgfs_op_mode = debugfs_create_dir(op->name,
1436 drv->dbgfs_drv);
1437 dbgfs_dir = drv->dbgfs_op_mode;
1438#endif
1439
1440 op_mode = ops->start(drv->trans, drv->trans->cfg,
1441 &drv->fw, dbgfs_dir);
1442
1443 if (op_mode)
1444 return op_mode;
1445
1446 if (test_bit(STATUS_TRANS_DEAD, &drv->trans->status))
1447 break;
1448
1449 IWL_ERR(drv, "retry init count %d\n", retry);
1450
1451#ifdef CONFIG_IWLWIFI_DEBUGFS
1452 debugfs_remove_recursive(drv->dbgfs_op_mode);
1453 drv->dbgfs_op_mode = NULL;
1454#endif
1455 }
1456
1457 return NULL;
1458}
1459
1460static void _iwl_op_mode_stop(struct iwl_drv *drv)
1461{
1462 /* also protects start/stop from racing against each other */
1463 lockdep_assert_held(&iwlwifi_opmode_table_mtx);
1464
1465 /* op_mode can be NULL if its start failed */
1466 if (drv->op_mode) {
1467 iwl_op_mode_stop(drv->op_mode);
1468 drv->op_mode = NULL;
1469
1470#ifdef CONFIG_IWLWIFI_DEBUGFS
1471 debugfs_remove_recursive(drv->dbgfs_op_mode);
1472 drv->dbgfs_op_mode = NULL;
1473#endif
1474 }
1475}
1476
1477/*
1478 * iwl_req_fw_callback - callback when firmware was loaded
1479 *
1480 * If loaded successfully, copies the firmware into buffers
1481 * for the card to fetch (via DMA).
1482 */
1483static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
1484{
1485 struct iwl_drv *drv = context;
1486 struct iwl_fw *fw = &drv->fw;
1487 const struct iwl_ucode_header *ucode;
1488 struct iwlwifi_opmode_table *op;
1489 int err;
1490 struct iwl_firmware_pieces *pieces;
1491 const unsigned int api_max = drv->trans->cfg->ucode_api_max;
1492 const unsigned int api_min = drv->trans->cfg->ucode_api_min;
1493 size_t trigger_tlv_sz[FW_DBG_TRIGGER_MAX];
1494 u32 api_ver;
1495 int i;
1496 bool load_module = false;
1497 bool usniffer_images = false;
1498 bool failure = true;
1499
1500 fw->ucode_capa.max_probe_length = IWL_DEFAULT_MAX_PROBE_LENGTH;
1501 fw->ucode_capa.standard_phy_calibration_size =
1502 IWL_DEFAULT_STANDARD_PHY_CALIBRATE_TBL_SIZE;
1503 fw->ucode_capa.n_scan_channels = IWL_DEFAULT_SCAN_CHANNELS;
1504 fw->ucode_capa.num_stations = IWL_MVM_STATION_COUNT_MAX;
1505 fw->ucode_capa.num_beacons = 1;
1506 /* dump all fw memory areas by default */
1507 fw->dbg.dump_mask = 0xffffffff;
1508
1509 pieces = kzalloc(sizeof(*pieces), GFP_KERNEL);
1510 if (!pieces)
1511 goto out_free_fw;
1512
1513 if (!ucode_raw)
1514 goto try_again;
1515
1516 IWL_DEBUG_FW_INFO(drv, "Loaded firmware file '%s' (%zd bytes).\n",
1517 drv->firmware_name, ucode_raw->size);
1518
1519 /* Make sure that we got at least the API version number */
1520 if (ucode_raw->size < 4) {
1521 IWL_ERR(drv, "File size way too small!\n");
1522 goto try_again;
1523 }
1524
1525 /* Data from ucode file: header followed by uCode images */
1526 ucode = (const struct iwl_ucode_header *)ucode_raw->data;
1527
1528 if (ucode->ver)
1529 err = iwl_parse_v1_v2_firmware(drv, ucode_raw, pieces);
1530 else
1531 err = iwl_parse_tlv_firmware(drv, ucode_raw, pieces,
1532 &fw->ucode_capa, &usniffer_images);
1533
1534 if (err)
1535 goto try_again;
1536
1537 if (fw_has_api(&drv->fw.ucode_capa, IWL_UCODE_TLV_API_NEW_VERSION))
1538 api_ver = drv->fw.ucode_ver;
1539 else
1540 api_ver = IWL_UCODE_API(drv->fw.ucode_ver);
1541
1542 /*
1543 * api_ver should match the api version forming part of the
1544 * firmware filename ... but we don't check for that and only rely
1545 * on the API version read from firmware header from here on forward
1546 */
1547 if (api_ver < api_min || api_ver > api_max) {
1548 IWL_ERR(drv,
1549 "Driver unable to support your firmware API. "
1550 "Driver supports v%u, firmware is v%u.\n",
1551 api_max, api_ver);
1552 goto try_again;
1553 }
1554
1555 /*
1556 * In mvm uCode there is no difference between data and instructions
1557 * sections.
1558 */
1559 if (fw->type == IWL_FW_DVM && validate_sec_sizes(drv, pieces,
1560 drv->trans->cfg))
1561 goto try_again;
1562
1563 /* Allocate ucode buffers for card's bus-master loading ... */
1564
1565 /* Runtime instructions and 2 copies of data:
1566 * 1) unmodified from disk
1567 * 2) backup cache for save/restore during power-downs
1568 */
1569 for (i = 0; i < IWL_UCODE_TYPE_MAX; i++)
1570 if (iwl_alloc_ucode(drv, pieces, i))
1571 goto out_free_fw;
1572
1573 if (pieces->dbg_dest_tlv_init) {
1574 size_t dbg_dest_size = sizeof(*drv->fw.dbg.dest_tlv) +
1575 sizeof(drv->fw.dbg.dest_tlv->reg_ops[0]) *
1576 drv->fw.dbg.n_dest_reg;
1577
1578 drv->fw.dbg.dest_tlv = kmalloc(dbg_dest_size, GFP_KERNEL);
1579
1580 if (!drv->fw.dbg.dest_tlv)
1581 goto out_free_fw;
1582
1583 if (*pieces->dbg_dest_ver == 0) {
1584 memcpy(drv->fw.dbg.dest_tlv, pieces->dbg_dest_tlv_v1,
1585 dbg_dest_size);
1586 } else {
1587 struct iwl_fw_dbg_dest_tlv_v1 *dest_tlv =
1588 drv->fw.dbg.dest_tlv;
1589
1590 dest_tlv->version = pieces->dbg_dest_tlv->version;
1591 dest_tlv->monitor_mode =
1592 pieces->dbg_dest_tlv->monitor_mode;
1593 dest_tlv->size_power =
1594 pieces->dbg_dest_tlv->size_power;
1595 dest_tlv->wrap_count =
1596 pieces->dbg_dest_tlv->wrap_count;
1597 dest_tlv->write_ptr_reg =
1598 pieces->dbg_dest_tlv->write_ptr_reg;
1599 dest_tlv->base_shift =
1600 pieces->dbg_dest_tlv->base_shift;
1601 memcpy(dest_tlv->reg_ops,
1602 pieces->dbg_dest_tlv->reg_ops,
1603 sizeof(drv->fw.dbg.dest_tlv->reg_ops[0]) *
1604 drv->fw.dbg.n_dest_reg);
1605
1606 /* In version 1 of the destination tlv, which is
1607 * relevant for internal buffer exclusively,
1608 * the base address is part of given with the length
1609 * of the buffer, and the size shift is give instead of
1610 * end shift. We now store these values in base_reg,
1611 * and end shift, and when dumping the data we'll
1612 * manipulate it for extracting both the length and
1613 * base address */
1614 dest_tlv->base_reg = pieces->dbg_dest_tlv->cfg_reg;
1615 dest_tlv->end_shift =
1616 pieces->dbg_dest_tlv->size_shift;
1617 }
1618 }
1619
1620 for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.conf_tlv); i++) {
1621 if (pieces->dbg_conf_tlv[i]) {
1622 drv->fw.dbg.conf_tlv[i] =
1623 kmemdup(pieces->dbg_conf_tlv[i],
1624 pieces->dbg_conf_tlv_len[i],
1625 GFP_KERNEL);
1626 if (!drv->fw.dbg.conf_tlv[i])
1627 goto out_free_fw;
1628 }
1629 }
1630
1631 memset(&trigger_tlv_sz, 0xff, sizeof(trigger_tlv_sz));
1632
1633 trigger_tlv_sz[FW_DBG_TRIGGER_MISSED_BEACONS] =
1634 sizeof(struct iwl_fw_dbg_trigger_missed_bcon);
1635 trigger_tlv_sz[FW_DBG_TRIGGER_CHANNEL_SWITCH] = 0;
1636 trigger_tlv_sz[FW_DBG_TRIGGER_FW_NOTIF] =
1637 sizeof(struct iwl_fw_dbg_trigger_cmd);
1638 trigger_tlv_sz[FW_DBG_TRIGGER_MLME] =
1639 sizeof(struct iwl_fw_dbg_trigger_mlme);
1640 trigger_tlv_sz[FW_DBG_TRIGGER_STATS] =
1641 sizeof(struct iwl_fw_dbg_trigger_stats);
1642 trigger_tlv_sz[FW_DBG_TRIGGER_RSSI] =
1643 sizeof(struct iwl_fw_dbg_trigger_low_rssi);
1644 trigger_tlv_sz[FW_DBG_TRIGGER_TXQ_TIMERS] =
1645 sizeof(struct iwl_fw_dbg_trigger_txq_timer);
1646 trigger_tlv_sz[FW_DBG_TRIGGER_TIME_EVENT] =
1647 sizeof(struct iwl_fw_dbg_trigger_time_event);
1648 trigger_tlv_sz[FW_DBG_TRIGGER_BA] =
1649 sizeof(struct iwl_fw_dbg_trigger_ba);
1650 trigger_tlv_sz[FW_DBG_TRIGGER_TDLS] =
1651 sizeof(struct iwl_fw_dbg_trigger_tdls);
1652
1653 for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.trigger_tlv); i++) {
1654 if (pieces->dbg_trigger_tlv[i]) {
1655 /*
1656 * If the trigger isn't long enough, WARN and exit.
1657 * Someone is trying to debug something and he won't
1658 * be able to catch the bug he is trying to chase.
1659 * We'd better be noisy to be sure he knows what's
1660 * going on.
1661 */
1662 if (WARN_ON(pieces->dbg_trigger_tlv_len[i] <
1663 (trigger_tlv_sz[i] +
1664 sizeof(struct iwl_fw_dbg_trigger_tlv))))
1665 goto out_free_fw;
1666 drv->fw.dbg.trigger_tlv_len[i] =
1667 pieces->dbg_trigger_tlv_len[i];
1668 drv->fw.dbg.trigger_tlv[i] =
1669 kmemdup(pieces->dbg_trigger_tlv[i],
1670 drv->fw.dbg.trigger_tlv_len[i],
1671 GFP_KERNEL);
1672 if (!drv->fw.dbg.trigger_tlv[i])
1673 goto out_free_fw;
1674 }
1675 }
1676
1677 /* Now that we can no longer fail, copy information */
1678
1679 drv->fw.dbg.mem_tlv = pieces->dbg_mem_tlv;
1680 pieces->dbg_mem_tlv = NULL;
1681 drv->fw.dbg.n_mem_tlv = pieces->n_mem_tlv;
1682
1683 /*
1684 * The (size - 16) / 12 formula is based on the information recorded
1685 * for each event, which is of mode 1 (including timestamp) for all
1686 * new microcodes that include this information.
1687 */
1688 fw->init_evtlog_ptr = pieces->init_evtlog_ptr;
1689 if (pieces->init_evtlog_size)
1690 fw->init_evtlog_size = (pieces->init_evtlog_size - 16)/12;
1691 else
1692 fw->init_evtlog_size =
1693 drv->trans->trans_cfg->base_params->max_event_log_size;
1694 fw->init_errlog_ptr = pieces->init_errlog_ptr;
1695 fw->inst_evtlog_ptr = pieces->inst_evtlog_ptr;
1696 if (pieces->inst_evtlog_size)
1697 fw->inst_evtlog_size = (pieces->inst_evtlog_size - 16)/12;
1698 else
1699 fw->inst_evtlog_size =
1700 drv->trans->trans_cfg->base_params->max_event_log_size;
1701 fw->inst_errlog_ptr = pieces->inst_errlog_ptr;
1702
1703 /*
1704 * figure out the offset of chain noise reset and gain commands
1705 * base on the size of standard phy calibration commands table size
1706 */
1707 if (fw->ucode_capa.standard_phy_calibration_size >
1708 IWL_MAX_PHY_CALIBRATE_TBL_SIZE)
1709 fw->ucode_capa.standard_phy_calibration_size =
1710 IWL_MAX_STANDARD_PHY_CALIBRATE_TBL_SIZE;
1711
1712 /* We have our copies now, allow OS release its copies */
1713 release_firmware(ucode_raw);
1714
1715 iwl_dbg_tlv_load_bin(drv->trans->dev, drv->trans);
1716
1717 mutex_lock(&iwlwifi_opmode_table_mtx);
1718 switch (fw->type) {
1719 case IWL_FW_DVM:
1720 op = &iwlwifi_opmode_table[DVM_OP_MODE];
1721 break;
1722 default:
1723 WARN(1, "Invalid fw type %d\n", fw->type);
1724 fallthrough;
1725 case IWL_FW_MVM:
1726 op = &iwlwifi_opmode_table[MVM_OP_MODE];
1727 break;
1728 }
1729
1730 IWL_INFO(drv, "loaded firmware version %s op_mode %s\n",
1731 drv->fw.fw_version, op->name);
1732
1733 /* add this device to the list of devices using this op_mode */
1734 list_add_tail(&drv->list, &op->drv);
1735
1736 if (op->ops) {
1737 drv->op_mode = _iwl_op_mode_start(drv, op);
1738
1739 if (!drv->op_mode) {
1740 mutex_unlock(&iwlwifi_opmode_table_mtx);
1741 goto out_unbind;
1742 }
1743 } else {
1744 load_module = true;
1745 }
1746 mutex_unlock(&iwlwifi_opmode_table_mtx);
1747
1748 complete(&drv->request_firmware_complete);
1749
1750 /*
1751 * Load the module last so we don't block anything
1752 * else from proceeding if the module fails to load
1753 * or hangs loading.
1754 */
1755 if (load_module)
1756 request_module("%s", op->name);
1757 failure = false;
1758 goto free;
1759
1760 try_again:
1761 /* try next, if any */
1762 release_firmware(ucode_raw);
1763 if (iwl_request_firmware(drv, false))
1764 goto out_unbind;
1765 goto free;
1766
1767 out_free_fw:
1768 release_firmware(ucode_raw);
1769 out_unbind:
1770 complete(&drv->request_firmware_complete);
1771 device_release_driver(drv->trans->dev);
1772 /* drv has just been freed by the release */
1773 failure = false;
1774 free:
1775 if (failure)
1776 iwl_dealloc_ucode(drv);
1777
1778 if (pieces) {
1779 for (i = 0; i < ARRAY_SIZE(pieces->img); i++)
1780 kfree(pieces->img[i].sec);
1781 kfree(pieces->dbg_mem_tlv);
1782 kfree(pieces);
1783 }
1784}
1785
1786struct iwl_drv *iwl_drv_start(struct iwl_trans *trans)
1787{
1788 struct iwl_drv *drv;
1789 int ret;
1790
1791 drv = kzalloc(sizeof(*drv), GFP_KERNEL);
1792 if (!drv) {
1793 ret = -ENOMEM;
1794 goto err;
1795 }
1796
1797 drv->trans = trans;
1798 drv->dev = trans->dev;
1799
1800 init_completion(&drv->request_firmware_complete);
1801 INIT_LIST_HEAD(&drv->list);
1802
1803#ifdef CONFIG_IWLWIFI_DEBUGFS
1804 /* Create the device debugfs entries. */
1805 drv->dbgfs_drv = debugfs_create_dir(dev_name(trans->dev),
1806 iwl_dbgfs_root);
1807
1808 /* Create transport layer debugfs dir */
1809 drv->trans->dbgfs_dir = debugfs_create_dir("trans", drv->dbgfs_drv);
1810#endif
1811
1812 drv->trans->dbg.domains_bitmap = IWL_TRANS_FW_DBG_DOMAIN(drv->trans);
1813 if (iwlwifi_mod_params.enable_ini != ENABLE_INI) {
1814 /* We have a non-default value in the module parameter,
1815 * take its value
1816 */
1817 drv->trans->dbg.domains_bitmap &= 0xffff;
1818 if (iwlwifi_mod_params.enable_ini != IWL_FW_INI_PRESET_DISABLE) {
1819 if (iwlwifi_mod_params.enable_ini > ENABLE_INI) {
1820 IWL_ERR(trans,
1821 "invalid enable_ini module parameter value: max = %d, using 0 instead\n",
1822 ENABLE_INI);
1823 iwlwifi_mod_params.enable_ini = 0;
1824 }
1825 drv->trans->dbg.domains_bitmap =
1826 BIT(IWL_FW_DBG_DOMAIN_POS + iwlwifi_mod_params.enable_ini);
1827 }
1828 }
1829
1830 ret = iwl_request_firmware(drv, true);
1831 if (ret) {
1832 IWL_ERR(trans, "Couldn't request the fw\n");
1833 goto err_fw;
1834 }
1835
1836 return drv;
1837
1838err_fw:
1839#ifdef CONFIG_IWLWIFI_DEBUGFS
1840 debugfs_remove_recursive(drv->dbgfs_drv);
1841 iwl_dbg_tlv_free(drv->trans);
1842#endif
1843 kfree(drv);
1844err:
1845 return ERR_PTR(ret);
1846}
1847
1848void iwl_drv_stop(struct iwl_drv *drv)
1849{
1850 wait_for_completion(&drv->request_firmware_complete);
1851
1852 mutex_lock(&iwlwifi_opmode_table_mtx);
1853
1854 _iwl_op_mode_stop(drv);
1855
1856 iwl_dealloc_ucode(drv);
1857
1858 /*
1859 * List is empty (this item wasn't added)
1860 * when firmware loading failed -- in that
1861 * case we can't remove it from any list.
1862 */
1863 if (!list_empty(&drv->list))
1864 list_del(&drv->list);
1865 mutex_unlock(&iwlwifi_opmode_table_mtx);
1866
1867#ifdef CONFIG_IWLWIFI_DEBUGFS
1868 drv->trans->ops->debugfs_cleanup(drv->trans);
1869
1870 debugfs_remove_recursive(drv->dbgfs_drv);
1871#endif
1872
1873 iwl_dbg_tlv_free(drv->trans);
1874
1875 kfree(drv);
1876}
1877
1878/* shared module parameters */
1879struct iwl_mod_params iwlwifi_mod_params = {
1880 .fw_restart = true,
1881 .bt_coex_active = true,
1882 .power_level = IWL_POWER_INDEX_1,
1883 .uapsd_disable = IWL_DISABLE_UAPSD_BSS | IWL_DISABLE_UAPSD_P2P_CLIENT,
1884 .enable_ini = ENABLE_INI,
1885 /* the rest are 0 by default */
1886};
1887IWL_EXPORT_SYMBOL(iwlwifi_mod_params);
1888
1889int iwl_opmode_register(const char *name, const struct iwl_op_mode_ops *ops)
1890{
1891 int i;
1892 struct iwl_drv *drv;
1893 struct iwlwifi_opmode_table *op;
1894
1895 mutex_lock(&iwlwifi_opmode_table_mtx);
1896 for (i = 0; i < ARRAY_SIZE(iwlwifi_opmode_table); i++) {
1897 op = &iwlwifi_opmode_table[i];
1898 if (strcmp(op->name, name))
1899 continue;
1900 op->ops = ops;
1901 /* TODO: need to handle exceptional case */
1902 list_for_each_entry(drv, &op->drv, list)
1903 drv->op_mode = _iwl_op_mode_start(drv, op);
1904
1905 mutex_unlock(&iwlwifi_opmode_table_mtx);
1906 return 0;
1907 }
1908 mutex_unlock(&iwlwifi_opmode_table_mtx);
1909 return -EIO;
1910}
1911IWL_EXPORT_SYMBOL(iwl_opmode_register);
1912
1913void iwl_opmode_deregister(const char *name)
1914{
1915 int i;
1916 struct iwl_drv *drv;
1917
1918 mutex_lock(&iwlwifi_opmode_table_mtx);
1919 for (i = 0; i < ARRAY_SIZE(iwlwifi_opmode_table); i++) {
1920 if (strcmp(iwlwifi_opmode_table[i].name, name))
1921 continue;
1922 iwlwifi_opmode_table[i].ops = NULL;
1923
1924 /* call the stop routine for all devices */
1925 list_for_each_entry(drv, &iwlwifi_opmode_table[i].drv, list)
1926 _iwl_op_mode_stop(drv);
1927
1928 mutex_unlock(&iwlwifi_opmode_table_mtx);
1929 return;
1930 }
1931 mutex_unlock(&iwlwifi_opmode_table_mtx);
1932}
1933IWL_EXPORT_SYMBOL(iwl_opmode_deregister);
1934
1935static int __init iwl_drv_init(void)
1936{
1937 int i, err;
1938
1939 for (i = 0; i < ARRAY_SIZE(iwlwifi_opmode_table); i++)
1940 INIT_LIST_HEAD(&iwlwifi_opmode_table[i].drv);
1941
1942 pr_info(DRV_DESCRIPTION "\n");
1943
1944#ifdef CONFIG_IWLWIFI_DEBUGFS
1945 /* Create the root of iwlwifi debugfs subsystem. */
1946 iwl_dbgfs_root = debugfs_create_dir(DRV_NAME, NULL);
1947#endif
1948
1949 err = iwl_pci_register_driver();
1950 if (err)
1951 goto cleanup_debugfs;
1952
1953 return 0;
1954
1955cleanup_debugfs:
1956#ifdef CONFIG_IWLWIFI_DEBUGFS
1957 debugfs_remove_recursive(iwl_dbgfs_root);
1958#endif
1959 return err;
1960}
1961module_init(iwl_drv_init);
1962
1963static void __exit iwl_drv_exit(void)
1964{
1965 iwl_pci_unregister_driver();
1966
1967#ifdef CONFIG_IWLWIFI_DEBUGFS
1968 debugfs_remove_recursive(iwl_dbgfs_root);
1969#endif
1970}
1971module_exit(iwl_drv_exit);
1972
1973#ifdef CONFIG_IWLWIFI_DEBUG
1974module_param_named(debug, iwlwifi_mod_params.debug_level, uint, 0644);
1975MODULE_PARM_DESC(debug, "debug output mask");
1976#endif
1977
1978module_param_named(swcrypto, iwlwifi_mod_params.swcrypto, int, 0444);
1979MODULE_PARM_DESC(swcrypto, "using crypto in software (default 0 [hardware])");
1980module_param_named(11n_disable, iwlwifi_mod_params.disable_11n, uint, 0444);
1981MODULE_PARM_DESC(11n_disable,
1982 "disable 11n functionality, bitmap: 1: full, 2: disable agg TX, 4: disable agg RX, 8 enable agg TX");
1983module_param_named(amsdu_size, iwlwifi_mod_params.amsdu_size, int, 0444);
1984MODULE_PARM_DESC(amsdu_size,
1985 "amsdu size 0: 12K for multi Rx queue devices, 2K for AX210 devices, "
1986 "4K for other devices 1:4K 2:8K 3:12K (16K buffers) 4: 2K (default 0)");
1987module_param_named(fw_restart, iwlwifi_mod_params.fw_restart, bool, 0444);
1988MODULE_PARM_DESC(fw_restart, "restart firmware in case of error (default true)");
1989
1990module_param_named(nvm_file, iwlwifi_mod_params.nvm_file, charp, 0444);
1991MODULE_PARM_DESC(nvm_file, "NVM file name");
1992
1993module_param_named(uapsd_disable, iwlwifi_mod_params.uapsd_disable, uint, 0644);
1994MODULE_PARM_DESC(uapsd_disable,
1995 "disable U-APSD functionality bitmap 1: BSS 2: P2P Client (default: 3)");
1996
1997module_param_named(enable_ini, iwlwifi_mod_params.enable_ini, uint, 0444);
1998MODULE_PARM_DESC(enable_ini,
1999 "0:disable, 1-15:FW_DBG_PRESET Values, 16:enabled without preset value defined,"
2000 "Debug INI TLV FW debug infrastructure (default: 16)");
2001
2002/*
2003 * set bt_coex_active to true, uCode will do kill/defer
2004 * every time the priority line is asserted (BT is sending signals on the
2005 * priority line in the PCIx).
2006 * set bt_coex_active to false, uCode will ignore the BT activity and
2007 * perform the normal operation
2008 *
2009 * User might experience transmit issue on some platform due to WiFi/BT
2010 * co-exist problem. The possible behaviors are:
2011 * Able to scan and finding all the available AP
2012 * Not able to associate with any AP
2013 * On those platforms, WiFi communication can be restored by set
2014 * "bt_coex_active" module parameter to "false"
2015 *
2016 * default: bt_coex_active = true (BT_COEX_ENABLE)
2017 */
2018module_param_named(bt_coex_active, iwlwifi_mod_params.bt_coex_active,
2019 bool, 0444);
2020MODULE_PARM_DESC(bt_coex_active, "enable wifi/bt co-exist (default: enable)");
2021
2022module_param_named(led_mode, iwlwifi_mod_params.led_mode, int, 0444);
2023MODULE_PARM_DESC(led_mode, "0=system default, "
2024 "1=On(RF On)/Off(RF Off), 2=blinking, 3=Off (default: 0)");
2025
2026module_param_named(power_save, iwlwifi_mod_params.power_save, bool, 0444);
2027MODULE_PARM_DESC(power_save,
2028 "enable WiFi power management (default: disable)");
2029
2030module_param_named(power_level, iwlwifi_mod_params.power_level, int, 0444);
2031MODULE_PARM_DESC(power_level,
2032 "default power save level (range from 1 - 5, default: 1)");
2033
2034module_param_named(disable_11ac, iwlwifi_mod_params.disable_11ac, bool, 0444);
2035MODULE_PARM_DESC(disable_11ac, "Disable VHT capabilities (default: false)");
2036
2037module_param_named(remove_when_gone,
2038 iwlwifi_mod_params.remove_when_gone, bool,
2039 0444);
2040MODULE_PARM_DESC(remove_when_gone,
2041 "Remove dev from PCIe bus if it is deemed inaccessible (default: false)");
2042
2043module_param_named(disable_11ax, iwlwifi_mod_params.disable_11ax, bool,
2044 S_IRUGO);
2045MODULE_PARM_DESC(disable_11ax, "Disable HE capabilities (default: false)");
2046
2047module_param_named(disable_11be, iwlwifi_mod_params.disable_11be, bool, 0444);
2048MODULE_PARM_DESC(disable_11be, "Disable EHT capabilities (default: false)");
1/******************************************************************************
2 *
3 * This file is provided under a dual BSD/GPLv2 license. When using or
4 * redistributing this file, you may do so under either license.
5 *
6 * GPL LICENSE SUMMARY
7 *
8 * Copyright(c) 2007 - 2014, 2018 - 2020 Intel Corporation. All rights reserved.
9 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
10 * Copyright(c) 2016 - 2017 Intel Deutschland GmbH
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of version 2 of the GNU General Public License as
14 * published by the Free Software Foundation.
15 *
16 * This program is distributed in the hope that it will be useful, but
17 * WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 * General Public License for more details.
20 *
21 * The full GNU General Public License is included in this distribution
22 * in the file called COPYING.
23 *
24 * Contact Information:
25 * Intel Linux Wireless <linuxwifi@intel.com>
26 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
27 *
28 * BSD LICENSE
29 *
30 * Copyright(c) 2005 - 2014, 2018 - 2020 Intel Corporation. All rights reserved.
31 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
32 * Copyright(c) 2016 - 2017 Intel Deutschland GmbH
33 * All rights reserved.
34 *
35 * Redistribution and use in source and binary forms, with or without
36 * modification, are permitted provided that the following conditions
37 * are met:
38 *
39 * * Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * * Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in
43 * the documentation and/or other materials provided with the
44 * distribution.
45 * * Neither the name Intel Corporation nor the names of its
46 * contributors may be used to endorse or promote products derived
47 * from this software without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
50 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
51 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
52 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
53 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
54 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
55 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
56 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
57 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
58 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
59 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
60 *
61 *****************************************************************************/
62#include <linux/completion.h>
63#include <linux/dma-mapping.h>
64#include <linux/firmware.h>
65#include <linux/module.h>
66#include <linux/vmalloc.h>
67
68#include "iwl-drv.h"
69#include "iwl-csr.h"
70#include "iwl-debug.h"
71#include "iwl-trans.h"
72#include "iwl-op-mode.h"
73#include "iwl-agn-hw.h"
74#include "fw/img.h"
75#include "iwl-dbg-tlv.h"
76#include "iwl-config.h"
77#include "iwl-modparams.h"
78#include "fw/api/alive.h"
79
80/******************************************************************************
81 *
82 * module boiler plate
83 *
84 ******************************************************************************/
85
86#define DRV_DESCRIPTION "Intel(R) Wireless WiFi driver for Linux"
87MODULE_DESCRIPTION(DRV_DESCRIPTION);
88MODULE_AUTHOR(DRV_AUTHOR);
89MODULE_LICENSE("GPL");
90
91#ifdef CONFIG_IWLWIFI_DEBUGFS
92static struct dentry *iwl_dbgfs_root;
93#endif
94
95/**
96 * struct iwl_drv - drv common data
97 * @list: list of drv structures using this opmode
98 * @fw: the iwl_fw structure
99 * @op_mode: the running op_mode
100 * @trans: transport layer
101 * @dev: for debug prints only
102 * @fw_index: firmware revision to try loading
103 * @firmware_name: composite filename of ucode file to load
104 * @request_firmware_complete: the firmware has been obtained from user space
105 */
106struct iwl_drv {
107 struct list_head list;
108 struct iwl_fw fw;
109
110 struct iwl_op_mode *op_mode;
111 struct iwl_trans *trans;
112 struct device *dev;
113
114 int fw_index; /* firmware we're trying to load */
115 char firmware_name[64]; /* name of firmware file to load */
116
117 struct completion request_firmware_complete;
118
119#ifdef CONFIG_IWLWIFI_DEBUGFS
120 struct dentry *dbgfs_drv;
121 struct dentry *dbgfs_trans;
122 struct dentry *dbgfs_op_mode;
123#endif
124};
125
126enum {
127 DVM_OP_MODE,
128 MVM_OP_MODE,
129};
130
131/* Protects the table contents, i.e. the ops pointer & drv list */
132static struct mutex iwlwifi_opmode_table_mtx;
133static struct iwlwifi_opmode_table {
134 const char *name; /* name: iwldvm, iwlmvm, etc */
135 const struct iwl_op_mode_ops *ops; /* pointer to op_mode ops */
136 struct list_head drv; /* list of devices using this op_mode */
137} iwlwifi_opmode_table[] = { /* ops set when driver is initialized */
138 [DVM_OP_MODE] = { .name = "iwldvm", .ops = NULL },
139 [MVM_OP_MODE] = { .name = "iwlmvm", .ops = NULL },
140};
141
142#define IWL_DEFAULT_SCAN_CHANNELS 40
143
144/*
145 * struct fw_sec: Just for the image parsing process.
146 * For the fw storage we are using struct fw_desc.
147 */
148struct fw_sec {
149 const void *data; /* the sec data */
150 size_t size; /* section size */
151 u32 offset; /* offset of writing in the device */
152};
153
154static void iwl_free_fw_desc(struct iwl_drv *drv, struct fw_desc *desc)
155{
156 vfree(desc->data);
157 desc->data = NULL;
158 desc->len = 0;
159}
160
161static void iwl_free_fw_img(struct iwl_drv *drv, struct fw_img *img)
162{
163 int i;
164 for (i = 0; i < img->num_sec; i++)
165 iwl_free_fw_desc(drv, &img->sec[i]);
166 kfree(img->sec);
167}
168
169static void iwl_dealloc_ucode(struct iwl_drv *drv)
170{
171 int i;
172
173 kfree(drv->fw.dbg.dest_tlv);
174 for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.conf_tlv); i++)
175 kfree(drv->fw.dbg.conf_tlv[i]);
176 for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.trigger_tlv); i++)
177 kfree(drv->fw.dbg.trigger_tlv[i]);
178 kfree(drv->fw.dbg.mem_tlv);
179 kfree(drv->fw.iml);
180 kfree(drv->fw.ucode_capa.cmd_versions);
181
182 for (i = 0; i < IWL_UCODE_TYPE_MAX; i++)
183 iwl_free_fw_img(drv, drv->fw.img + i);
184}
185
186static int iwl_alloc_fw_desc(struct iwl_drv *drv, struct fw_desc *desc,
187 struct fw_sec *sec)
188{
189 void *data;
190
191 desc->data = NULL;
192
193 if (!sec || !sec->size)
194 return -EINVAL;
195
196 data = vmalloc(sec->size);
197 if (!data)
198 return -ENOMEM;
199
200 desc->len = sec->size;
201 desc->offset = sec->offset;
202 memcpy(data, sec->data, desc->len);
203 desc->data = data;
204
205 return 0;
206}
207
208static void iwl_req_fw_callback(const struct firmware *ucode_raw,
209 void *context);
210
211static int iwl_request_firmware(struct iwl_drv *drv, bool first)
212{
213 const struct iwl_cfg *cfg = drv->trans->cfg;
214 char tag[8];
215
216 if (drv->trans->trans_cfg->device_family == IWL_DEVICE_FAMILY_9000 &&
217 (CSR_HW_REV_STEP(drv->trans->hw_rev) != SILICON_B_STEP &&
218 CSR_HW_REV_STEP(drv->trans->hw_rev) != SILICON_C_STEP)) {
219 IWL_ERR(drv,
220 "Only HW steps B and C are currently supported (0x%0x)\n",
221 drv->trans->hw_rev);
222 return -EINVAL;
223 }
224
225 if (first) {
226 drv->fw_index = cfg->ucode_api_max;
227 sprintf(tag, "%d", drv->fw_index);
228 } else {
229 drv->fw_index--;
230 sprintf(tag, "%d", drv->fw_index);
231 }
232
233 if (drv->fw_index < cfg->ucode_api_min) {
234 IWL_ERR(drv, "no suitable firmware found!\n");
235
236 if (cfg->ucode_api_min == cfg->ucode_api_max) {
237 IWL_ERR(drv, "%s%d is required\n", cfg->fw_name_pre,
238 cfg->ucode_api_max);
239 } else {
240 IWL_ERR(drv, "minimum version required: %s%d\n",
241 cfg->fw_name_pre, cfg->ucode_api_min);
242 IWL_ERR(drv, "maximum version supported: %s%d\n",
243 cfg->fw_name_pre, cfg->ucode_api_max);
244 }
245
246 IWL_ERR(drv,
247 "check git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git\n");
248 return -ENOENT;
249 }
250
251 snprintf(drv->firmware_name, sizeof(drv->firmware_name), "%s%s.ucode",
252 cfg->fw_name_pre, tag);
253
254 IWL_DEBUG_FW_INFO(drv, "attempting to load firmware '%s'\n",
255 drv->firmware_name);
256
257 return request_firmware_nowait(THIS_MODULE, 1, drv->firmware_name,
258 drv->trans->dev,
259 GFP_KERNEL, drv, iwl_req_fw_callback);
260}
261
262struct fw_img_parsing {
263 struct fw_sec *sec;
264 int sec_counter;
265};
266
267/*
268 * struct fw_sec_parsing: to extract fw section and it's offset from tlv
269 */
270struct fw_sec_parsing {
271 __le32 offset;
272 const u8 data[];
273} __packed;
274
275/**
276 * struct iwl_tlv_calib_data - parse the default calib data from TLV
277 *
278 * @ucode_type: the uCode to which the following default calib relates.
279 * @calib: default calibrations.
280 */
281struct iwl_tlv_calib_data {
282 __le32 ucode_type;
283 struct iwl_tlv_calib_ctrl calib;
284} __packed;
285
286struct iwl_firmware_pieces {
287 struct fw_img_parsing img[IWL_UCODE_TYPE_MAX];
288
289 u32 init_evtlog_ptr, init_evtlog_size, init_errlog_ptr;
290 u32 inst_evtlog_ptr, inst_evtlog_size, inst_errlog_ptr;
291
292 /* FW debug data parsed for driver usage */
293 bool dbg_dest_tlv_init;
294 u8 *dbg_dest_ver;
295 union {
296 struct iwl_fw_dbg_dest_tlv *dbg_dest_tlv;
297 struct iwl_fw_dbg_dest_tlv_v1 *dbg_dest_tlv_v1;
298 };
299 struct iwl_fw_dbg_conf_tlv *dbg_conf_tlv[FW_DBG_CONF_MAX];
300 size_t dbg_conf_tlv_len[FW_DBG_CONF_MAX];
301 struct iwl_fw_dbg_trigger_tlv *dbg_trigger_tlv[FW_DBG_TRIGGER_MAX];
302 size_t dbg_trigger_tlv_len[FW_DBG_TRIGGER_MAX];
303 struct iwl_fw_dbg_mem_seg_tlv *dbg_mem_tlv;
304 size_t n_mem_tlv;
305};
306
307/*
308 * These functions are just to extract uCode section data from the pieces
309 * structure.
310 */
311static struct fw_sec *get_sec(struct iwl_firmware_pieces *pieces,
312 enum iwl_ucode_type type,
313 int sec)
314{
315 return &pieces->img[type].sec[sec];
316}
317
318static void alloc_sec_data(struct iwl_firmware_pieces *pieces,
319 enum iwl_ucode_type type,
320 int sec)
321{
322 struct fw_img_parsing *img = &pieces->img[type];
323 struct fw_sec *sec_memory;
324 int size = sec + 1;
325 size_t alloc_size = sizeof(*img->sec) * size;
326
327 if (img->sec && img->sec_counter >= size)
328 return;
329
330 sec_memory = krealloc(img->sec, alloc_size, GFP_KERNEL);
331 if (!sec_memory)
332 return;
333
334 img->sec = sec_memory;
335 img->sec_counter = size;
336}
337
338static void set_sec_data(struct iwl_firmware_pieces *pieces,
339 enum iwl_ucode_type type,
340 int sec,
341 const void *data)
342{
343 alloc_sec_data(pieces, type, sec);
344
345 pieces->img[type].sec[sec].data = data;
346}
347
348static void set_sec_size(struct iwl_firmware_pieces *pieces,
349 enum iwl_ucode_type type,
350 int sec,
351 size_t size)
352{
353 alloc_sec_data(pieces, type, sec);
354
355 pieces->img[type].sec[sec].size = size;
356}
357
358static size_t get_sec_size(struct iwl_firmware_pieces *pieces,
359 enum iwl_ucode_type type,
360 int sec)
361{
362 return pieces->img[type].sec[sec].size;
363}
364
365static void set_sec_offset(struct iwl_firmware_pieces *pieces,
366 enum iwl_ucode_type type,
367 int sec,
368 u32 offset)
369{
370 alloc_sec_data(pieces, type, sec);
371
372 pieces->img[type].sec[sec].offset = offset;
373}
374
375static int iwl_store_cscheme(struct iwl_fw *fw, const u8 *data, const u32 len)
376{
377 int i, j;
378 struct iwl_fw_cscheme_list *l = (struct iwl_fw_cscheme_list *)data;
379 struct iwl_fw_cipher_scheme *fwcs;
380
381 if (len < sizeof(*l) ||
382 len < sizeof(l->size) + l->size * sizeof(l->cs[0]))
383 return -EINVAL;
384
385 for (i = 0, j = 0; i < IWL_UCODE_MAX_CS && i < l->size; i++) {
386 fwcs = &l->cs[j];
387
388 /* we skip schemes with zero cipher suite selector */
389 if (!fwcs->cipher)
390 continue;
391
392 fw->cs[j++] = *fwcs;
393 }
394
395 return 0;
396}
397
398/*
399 * Gets uCode section from tlv.
400 */
401static int iwl_store_ucode_sec(struct iwl_firmware_pieces *pieces,
402 const void *data, enum iwl_ucode_type type,
403 int size)
404{
405 struct fw_img_parsing *img;
406 struct fw_sec *sec;
407 struct fw_sec_parsing *sec_parse;
408 size_t alloc_size;
409
410 if (WARN_ON(!pieces || !data || type >= IWL_UCODE_TYPE_MAX))
411 return -1;
412
413 sec_parse = (struct fw_sec_parsing *)data;
414
415 img = &pieces->img[type];
416
417 alloc_size = sizeof(*img->sec) * (img->sec_counter + 1);
418 sec = krealloc(img->sec, alloc_size, GFP_KERNEL);
419 if (!sec)
420 return -ENOMEM;
421 img->sec = sec;
422
423 sec = &img->sec[img->sec_counter];
424
425 sec->offset = le32_to_cpu(sec_parse->offset);
426 sec->data = sec_parse->data;
427 sec->size = size - sizeof(sec_parse->offset);
428
429 ++img->sec_counter;
430
431 return 0;
432}
433
434static int iwl_set_default_calib(struct iwl_drv *drv, const u8 *data)
435{
436 struct iwl_tlv_calib_data *def_calib =
437 (struct iwl_tlv_calib_data *)data;
438 u32 ucode_type = le32_to_cpu(def_calib->ucode_type);
439 if (ucode_type >= IWL_UCODE_TYPE_MAX) {
440 IWL_ERR(drv, "Wrong ucode_type %u for default calibration.\n",
441 ucode_type);
442 return -EINVAL;
443 }
444 drv->fw.default_calib[ucode_type].flow_trigger =
445 def_calib->calib.flow_trigger;
446 drv->fw.default_calib[ucode_type].event_trigger =
447 def_calib->calib.event_trigger;
448
449 return 0;
450}
451
452static void iwl_set_ucode_api_flags(struct iwl_drv *drv, const u8 *data,
453 struct iwl_ucode_capabilities *capa)
454{
455 const struct iwl_ucode_api *ucode_api = (void *)data;
456 u32 api_index = le32_to_cpu(ucode_api->api_index);
457 u32 api_flags = le32_to_cpu(ucode_api->api_flags);
458 int i;
459
460 if (api_index >= DIV_ROUND_UP(NUM_IWL_UCODE_TLV_API, 32)) {
461 IWL_WARN(drv,
462 "api flags index %d larger than supported by driver\n",
463 api_index);
464 return;
465 }
466
467 for (i = 0; i < 32; i++) {
468 if (api_flags & BIT(i))
469 __set_bit(i + 32 * api_index, capa->_api);
470 }
471}
472
473static void iwl_set_ucode_capabilities(struct iwl_drv *drv, const u8 *data,
474 struct iwl_ucode_capabilities *capa)
475{
476 const struct iwl_ucode_capa *ucode_capa = (void *)data;
477 u32 api_index = le32_to_cpu(ucode_capa->api_index);
478 u32 api_flags = le32_to_cpu(ucode_capa->api_capa);
479 int i;
480
481 if (api_index >= DIV_ROUND_UP(NUM_IWL_UCODE_TLV_CAPA, 32)) {
482 IWL_WARN(drv,
483 "capa flags index %d larger than supported by driver\n",
484 api_index);
485 return;
486 }
487
488 for (i = 0; i < 32; i++) {
489 if (api_flags & BIT(i))
490 __set_bit(i + 32 * api_index, capa->_capa);
491 }
492}
493
494static const char *iwl_reduced_fw_name(struct iwl_drv *drv)
495{
496 const char *name = drv->firmware_name;
497
498 if (strncmp(name, "iwlwifi-", 8) == 0)
499 name += 8;
500
501 return name;
502}
503
504static int iwl_parse_v1_v2_firmware(struct iwl_drv *drv,
505 const struct firmware *ucode_raw,
506 struct iwl_firmware_pieces *pieces)
507{
508 struct iwl_ucode_header *ucode = (void *)ucode_raw->data;
509 u32 api_ver, hdr_size, build;
510 char buildstr[25];
511 const u8 *src;
512
513 drv->fw.ucode_ver = le32_to_cpu(ucode->ver);
514 api_ver = IWL_UCODE_API(drv->fw.ucode_ver);
515
516 switch (api_ver) {
517 default:
518 hdr_size = 28;
519 if (ucode_raw->size < hdr_size) {
520 IWL_ERR(drv, "File size too small!\n");
521 return -EINVAL;
522 }
523 build = le32_to_cpu(ucode->u.v2.build);
524 set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST,
525 le32_to_cpu(ucode->u.v2.inst_size));
526 set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA,
527 le32_to_cpu(ucode->u.v2.data_size));
528 set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST,
529 le32_to_cpu(ucode->u.v2.init_size));
530 set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA,
531 le32_to_cpu(ucode->u.v2.init_data_size));
532 src = ucode->u.v2.data;
533 break;
534 case 0:
535 case 1:
536 case 2:
537 hdr_size = 24;
538 if (ucode_raw->size < hdr_size) {
539 IWL_ERR(drv, "File size too small!\n");
540 return -EINVAL;
541 }
542 build = 0;
543 set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST,
544 le32_to_cpu(ucode->u.v1.inst_size));
545 set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA,
546 le32_to_cpu(ucode->u.v1.data_size));
547 set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST,
548 le32_to_cpu(ucode->u.v1.init_size));
549 set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA,
550 le32_to_cpu(ucode->u.v1.init_data_size));
551 src = ucode->u.v1.data;
552 break;
553 }
554
555 if (build)
556 sprintf(buildstr, " build %u", build);
557 else
558 buildstr[0] = '\0';
559
560 snprintf(drv->fw.fw_version,
561 sizeof(drv->fw.fw_version),
562 "%u.%u.%u.%u%s %s",
563 IWL_UCODE_MAJOR(drv->fw.ucode_ver),
564 IWL_UCODE_MINOR(drv->fw.ucode_ver),
565 IWL_UCODE_API(drv->fw.ucode_ver),
566 IWL_UCODE_SERIAL(drv->fw.ucode_ver),
567 buildstr, iwl_reduced_fw_name(drv));
568
569 /* Verify size of file vs. image size info in file's header */
570
571 if (ucode_raw->size != hdr_size +
572 get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST) +
573 get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA) +
574 get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST) +
575 get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA)) {
576
577 IWL_ERR(drv,
578 "uCode file size %d does not match expected size\n",
579 (int)ucode_raw->size);
580 return -EINVAL;
581 }
582
583
584 set_sec_data(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST, src);
585 src += get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST);
586 set_sec_offset(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST,
587 IWLAGN_RTC_INST_LOWER_BOUND);
588 set_sec_data(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA, src);
589 src += get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA);
590 set_sec_offset(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA,
591 IWLAGN_RTC_DATA_LOWER_BOUND);
592 set_sec_data(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST, src);
593 src += get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST);
594 set_sec_offset(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST,
595 IWLAGN_RTC_INST_LOWER_BOUND);
596 set_sec_data(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA, src);
597 src += get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA);
598 set_sec_offset(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA,
599 IWLAGN_RTC_DATA_LOWER_BOUND);
600 return 0;
601}
602
603#define FW_ADDR_CACHE_CONTROL 0xC0000000
604
605static int iwl_parse_tlv_firmware(struct iwl_drv *drv,
606 const struct firmware *ucode_raw,
607 struct iwl_firmware_pieces *pieces,
608 struct iwl_ucode_capabilities *capa,
609 bool *usniffer_images)
610{
611 struct iwl_tlv_ucode_header *ucode = (void *)ucode_raw->data;
612 struct iwl_ucode_tlv *tlv;
613 size_t len = ucode_raw->size;
614 const u8 *data;
615 u32 tlv_len;
616 u32 usniffer_img;
617 enum iwl_ucode_tlv_type tlv_type;
618 const u8 *tlv_data;
619 char buildstr[25];
620 u32 build, paging_mem_size;
621 int num_of_cpus;
622 bool usniffer_req = false;
623
624 if (len < sizeof(*ucode)) {
625 IWL_ERR(drv, "uCode has invalid length: %zd\n", len);
626 return -EINVAL;
627 }
628
629 if (ucode->magic != cpu_to_le32(IWL_TLV_UCODE_MAGIC)) {
630 IWL_ERR(drv, "invalid uCode magic: 0X%x\n",
631 le32_to_cpu(ucode->magic));
632 return -EINVAL;
633 }
634
635 drv->fw.ucode_ver = le32_to_cpu(ucode->ver);
636 memcpy(drv->fw.human_readable, ucode->human_readable,
637 sizeof(drv->fw.human_readable));
638 build = le32_to_cpu(ucode->build);
639
640 if (build)
641 sprintf(buildstr, " build %u", build);
642 else
643 buildstr[0] = '\0';
644
645 snprintf(drv->fw.fw_version,
646 sizeof(drv->fw.fw_version),
647 "%u.%u.%u.%u%s %s",
648 IWL_UCODE_MAJOR(drv->fw.ucode_ver),
649 IWL_UCODE_MINOR(drv->fw.ucode_ver),
650 IWL_UCODE_API(drv->fw.ucode_ver),
651 IWL_UCODE_SERIAL(drv->fw.ucode_ver),
652 buildstr, iwl_reduced_fw_name(drv));
653
654 data = ucode->data;
655
656 len -= sizeof(*ucode);
657
658 while (len >= sizeof(*tlv)) {
659 len -= sizeof(*tlv);
660 tlv = (void *)data;
661
662 tlv_len = le32_to_cpu(tlv->length);
663 tlv_type = le32_to_cpu(tlv->type);
664 tlv_data = tlv->data;
665
666 if (len < tlv_len) {
667 IWL_ERR(drv, "invalid TLV len: %zd/%u\n",
668 len, tlv_len);
669 return -EINVAL;
670 }
671 len -= ALIGN(tlv_len, 4);
672 data += sizeof(*tlv) + ALIGN(tlv_len, 4);
673
674 switch (tlv_type) {
675 case IWL_UCODE_TLV_INST:
676 set_sec_data(pieces, IWL_UCODE_REGULAR,
677 IWL_UCODE_SECTION_INST, tlv_data);
678 set_sec_size(pieces, IWL_UCODE_REGULAR,
679 IWL_UCODE_SECTION_INST, tlv_len);
680 set_sec_offset(pieces, IWL_UCODE_REGULAR,
681 IWL_UCODE_SECTION_INST,
682 IWLAGN_RTC_INST_LOWER_BOUND);
683 break;
684 case IWL_UCODE_TLV_DATA:
685 set_sec_data(pieces, IWL_UCODE_REGULAR,
686 IWL_UCODE_SECTION_DATA, tlv_data);
687 set_sec_size(pieces, IWL_UCODE_REGULAR,
688 IWL_UCODE_SECTION_DATA, tlv_len);
689 set_sec_offset(pieces, IWL_UCODE_REGULAR,
690 IWL_UCODE_SECTION_DATA,
691 IWLAGN_RTC_DATA_LOWER_BOUND);
692 break;
693 case IWL_UCODE_TLV_INIT:
694 set_sec_data(pieces, IWL_UCODE_INIT,
695 IWL_UCODE_SECTION_INST, tlv_data);
696 set_sec_size(pieces, IWL_UCODE_INIT,
697 IWL_UCODE_SECTION_INST, tlv_len);
698 set_sec_offset(pieces, IWL_UCODE_INIT,
699 IWL_UCODE_SECTION_INST,
700 IWLAGN_RTC_INST_LOWER_BOUND);
701 break;
702 case IWL_UCODE_TLV_INIT_DATA:
703 set_sec_data(pieces, IWL_UCODE_INIT,
704 IWL_UCODE_SECTION_DATA, tlv_data);
705 set_sec_size(pieces, IWL_UCODE_INIT,
706 IWL_UCODE_SECTION_DATA, tlv_len);
707 set_sec_offset(pieces, IWL_UCODE_INIT,
708 IWL_UCODE_SECTION_DATA,
709 IWLAGN_RTC_DATA_LOWER_BOUND);
710 break;
711 case IWL_UCODE_TLV_BOOT:
712 IWL_ERR(drv, "Found unexpected BOOT ucode\n");
713 break;
714 case IWL_UCODE_TLV_PROBE_MAX_LEN:
715 if (tlv_len != sizeof(u32))
716 goto invalid_tlv_len;
717 capa->max_probe_length =
718 le32_to_cpup((__le32 *)tlv_data);
719 break;
720 case IWL_UCODE_TLV_PAN:
721 if (tlv_len)
722 goto invalid_tlv_len;
723 capa->flags |= IWL_UCODE_TLV_FLAGS_PAN;
724 break;
725 case IWL_UCODE_TLV_FLAGS:
726 /* must be at least one u32 */
727 if (tlv_len < sizeof(u32))
728 goto invalid_tlv_len;
729 /* and a proper number of u32s */
730 if (tlv_len % sizeof(u32))
731 goto invalid_tlv_len;
732 /*
733 * This driver only reads the first u32 as
734 * right now no more features are defined,
735 * if that changes then either the driver
736 * will not work with the new firmware, or
737 * it'll not take advantage of new features.
738 */
739 capa->flags = le32_to_cpup((__le32 *)tlv_data);
740 break;
741 case IWL_UCODE_TLV_API_CHANGES_SET:
742 if (tlv_len != sizeof(struct iwl_ucode_api))
743 goto invalid_tlv_len;
744 iwl_set_ucode_api_flags(drv, tlv_data, capa);
745 break;
746 case IWL_UCODE_TLV_ENABLED_CAPABILITIES:
747 if (tlv_len != sizeof(struct iwl_ucode_capa))
748 goto invalid_tlv_len;
749 iwl_set_ucode_capabilities(drv, tlv_data, capa);
750 break;
751 case IWL_UCODE_TLV_INIT_EVTLOG_PTR:
752 if (tlv_len != sizeof(u32))
753 goto invalid_tlv_len;
754 pieces->init_evtlog_ptr =
755 le32_to_cpup((__le32 *)tlv_data);
756 break;
757 case IWL_UCODE_TLV_INIT_EVTLOG_SIZE:
758 if (tlv_len != sizeof(u32))
759 goto invalid_tlv_len;
760 pieces->init_evtlog_size =
761 le32_to_cpup((__le32 *)tlv_data);
762 break;
763 case IWL_UCODE_TLV_INIT_ERRLOG_PTR:
764 if (tlv_len != sizeof(u32))
765 goto invalid_tlv_len;
766 pieces->init_errlog_ptr =
767 le32_to_cpup((__le32 *)tlv_data);
768 break;
769 case IWL_UCODE_TLV_RUNT_EVTLOG_PTR:
770 if (tlv_len != sizeof(u32))
771 goto invalid_tlv_len;
772 pieces->inst_evtlog_ptr =
773 le32_to_cpup((__le32 *)tlv_data);
774 break;
775 case IWL_UCODE_TLV_RUNT_EVTLOG_SIZE:
776 if (tlv_len != sizeof(u32))
777 goto invalid_tlv_len;
778 pieces->inst_evtlog_size =
779 le32_to_cpup((__le32 *)tlv_data);
780 break;
781 case IWL_UCODE_TLV_RUNT_ERRLOG_PTR:
782 if (tlv_len != sizeof(u32))
783 goto invalid_tlv_len;
784 pieces->inst_errlog_ptr =
785 le32_to_cpup((__le32 *)tlv_data);
786 break;
787 case IWL_UCODE_TLV_ENHANCE_SENS_TBL:
788 if (tlv_len)
789 goto invalid_tlv_len;
790 drv->fw.enhance_sensitivity_table = true;
791 break;
792 case IWL_UCODE_TLV_WOWLAN_INST:
793 set_sec_data(pieces, IWL_UCODE_WOWLAN,
794 IWL_UCODE_SECTION_INST, tlv_data);
795 set_sec_size(pieces, IWL_UCODE_WOWLAN,
796 IWL_UCODE_SECTION_INST, tlv_len);
797 set_sec_offset(pieces, IWL_UCODE_WOWLAN,
798 IWL_UCODE_SECTION_INST,
799 IWLAGN_RTC_INST_LOWER_BOUND);
800 break;
801 case IWL_UCODE_TLV_WOWLAN_DATA:
802 set_sec_data(pieces, IWL_UCODE_WOWLAN,
803 IWL_UCODE_SECTION_DATA, tlv_data);
804 set_sec_size(pieces, IWL_UCODE_WOWLAN,
805 IWL_UCODE_SECTION_DATA, tlv_len);
806 set_sec_offset(pieces, IWL_UCODE_WOWLAN,
807 IWL_UCODE_SECTION_DATA,
808 IWLAGN_RTC_DATA_LOWER_BOUND);
809 break;
810 case IWL_UCODE_TLV_PHY_CALIBRATION_SIZE:
811 if (tlv_len != sizeof(u32))
812 goto invalid_tlv_len;
813 capa->standard_phy_calibration_size =
814 le32_to_cpup((__le32 *)tlv_data);
815 break;
816 case IWL_UCODE_TLV_SEC_RT:
817 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_REGULAR,
818 tlv_len);
819 drv->fw.type = IWL_FW_MVM;
820 break;
821 case IWL_UCODE_TLV_SEC_INIT:
822 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_INIT,
823 tlv_len);
824 drv->fw.type = IWL_FW_MVM;
825 break;
826 case IWL_UCODE_TLV_SEC_WOWLAN:
827 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_WOWLAN,
828 tlv_len);
829 drv->fw.type = IWL_FW_MVM;
830 break;
831 case IWL_UCODE_TLV_DEF_CALIB:
832 if (tlv_len != sizeof(struct iwl_tlv_calib_data))
833 goto invalid_tlv_len;
834 if (iwl_set_default_calib(drv, tlv_data))
835 goto tlv_error;
836 break;
837 case IWL_UCODE_TLV_PHY_SKU:
838 if (tlv_len != sizeof(u32))
839 goto invalid_tlv_len;
840 drv->fw.phy_config = le32_to_cpup((__le32 *)tlv_data);
841 drv->fw.valid_tx_ant = (drv->fw.phy_config &
842 FW_PHY_CFG_TX_CHAIN) >>
843 FW_PHY_CFG_TX_CHAIN_POS;
844 drv->fw.valid_rx_ant = (drv->fw.phy_config &
845 FW_PHY_CFG_RX_CHAIN) >>
846 FW_PHY_CFG_RX_CHAIN_POS;
847 break;
848 case IWL_UCODE_TLV_SECURE_SEC_RT:
849 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_REGULAR,
850 tlv_len);
851 drv->fw.type = IWL_FW_MVM;
852 break;
853 case IWL_UCODE_TLV_SECURE_SEC_INIT:
854 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_INIT,
855 tlv_len);
856 drv->fw.type = IWL_FW_MVM;
857 break;
858 case IWL_UCODE_TLV_SECURE_SEC_WOWLAN:
859 iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_WOWLAN,
860 tlv_len);
861 drv->fw.type = IWL_FW_MVM;
862 break;
863 case IWL_UCODE_TLV_NUM_OF_CPU:
864 if (tlv_len != sizeof(u32))
865 goto invalid_tlv_len;
866 num_of_cpus =
867 le32_to_cpup((__le32 *)tlv_data);
868
869 if (num_of_cpus == 2) {
870 drv->fw.img[IWL_UCODE_REGULAR].is_dual_cpus =
871 true;
872 drv->fw.img[IWL_UCODE_INIT].is_dual_cpus =
873 true;
874 drv->fw.img[IWL_UCODE_WOWLAN].is_dual_cpus =
875 true;
876 } else if ((num_of_cpus > 2) || (num_of_cpus < 1)) {
877 IWL_ERR(drv, "Driver support upto 2 CPUs\n");
878 return -EINVAL;
879 }
880 break;
881 case IWL_UCODE_TLV_CSCHEME:
882 if (iwl_store_cscheme(&drv->fw, tlv_data, tlv_len))
883 goto invalid_tlv_len;
884 break;
885 case IWL_UCODE_TLV_N_SCAN_CHANNELS:
886 if (tlv_len != sizeof(u32))
887 goto invalid_tlv_len;
888 capa->n_scan_channels =
889 le32_to_cpup((__le32 *)tlv_data);
890 break;
891 case IWL_UCODE_TLV_FW_VERSION: {
892 __le32 *ptr = (void *)tlv_data;
893 u32 major, minor;
894 u8 local_comp;
895
896 if (tlv_len != sizeof(u32) * 3)
897 goto invalid_tlv_len;
898
899 major = le32_to_cpup(ptr++);
900 minor = le32_to_cpup(ptr++);
901 local_comp = le32_to_cpup(ptr);
902
903 if (major >= 35)
904 snprintf(drv->fw.fw_version,
905 sizeof(drv->fw.fw_version),
906 "%u.%08x.%u %s", major, minor,
907 local_comp, iwl_reduced_fw_name(drv));
908 else
909 snprintf(drv->fw.fw_version,
910 sizeof(drv->fw.fw_version),
911 "%u.%u.%u %s", major, minor,
912 local_comp, iwl_reduced_fw_name(drv));
913 break;
914 }
915 case IWL_UCODE_TLV_FW_DBG_DEST: {
916 struct iwl_fw_dbg_dest_tlv *dest = NULL;
917 struct iwl_fw_dbg_dest_tlv_v1 *dest_v1 = NULL;
918 u8 mon_mode;
919
920 pieces->dbg_dest_ver = (u8 *)tlv_data;
921 if (*pieces->dbg_dest_ver == 1) {
922 dest = (void *)tlv_data;
923 } else if (*pieces->dbg_dest_ver == 0) {
924 dest_v1 = (void *)tlv_data;
925 } else {
926 IWL_ERR(drv,
927 "The version is %d, and it is invalid\n",
928 *pieces->dbg_dest_ver);
929 break;
930 }
931
932 if (pieces->dbg_dest_tlv_init) {
933 IWL_ERR(drv,
934 "dbg destination ignored, already exists\n");
935 break;
936 }
937
938 pieces->dbg_dest_tlv_init = true;
939
940 if (dest_v1) {
941 pieces->dbg_dest_tlv_v1 = dest_v1;
942 mon_mode = dest_v1->monitor_mode;
943 } else {
944 pieces->dbg_dest_tlv = dest;
945 mon_mode = dest->monitor_mode;
946 }
947
948 IWL_INFO(drv, "Found debug destination: %s\n",
949 get_fw_dbg_mode_string(mon_mode));
950
951 drv->fw.dbg.n_dest_reg = (dest_v1) ?
952 tlv_len -
953 offsetof(struct iwl_fw_dbg_dest_tlv_v1,
954 reg_ops) :
955 tlv_len -
956 offsetof(struct iwl_fw_dbg_dest_tlv,
957 reg_ops);
958
959 drv->fw.dbg.n_dest_reg /=
960 sizeof(drv->fw.dbg.dest_tlv->reg_ops[0]);
961
962 break;
963 }
964 case IWL_UCODE_TLV_FW_DBG_CONF: {
965 struct iwl_fw_dbg_conf_tlv *conf = (void *)tlv_data;
966
967 if (!pieces->dbg_dest_tlv_init) {
968 IWL_ERR(drv,
969 "Ignore dbg config %d - no destination configured\n",
970 conf->id);
971 break;
972 }
973
974 if (conf->id >= ARRAY_SIZE(drv->fw.dbg.conf_tlv)) {
975 IWL_ERR(drv,
976 "Skip unknown configuration: %d\n",
977 conf->id);
978 break;
979 }
980
981 if (pieces->dbg_conf_tlv[conf->id]) {
982 IWL_ERR(drv,
983 "Ignore duplicate dbg config %d\n",
984 conf->id);
985 break;
986 }
987
988 if (conf->usniffer)
989 usniffer_req = true;
990
991 IWL_INFO(drv, "Found debug configuration: %d\n",
992 conf->id);
993
994 pieces->dbg_conf_tlv[conf->id] = conf;
995 pieces->dbg_conf_tlv_len[conf->id] = tlv_len;
996 break;
997 }
998 case IWL_UCODE_TLV_FW_DBG_TRIGGER: {
999 struct iwl_fw_dbg_trigger_tlv *trigger =
1000 (void *)tlv_data;
1001 u32 trigger_id = le32_to_cpu(trigger->id);
1002
1003 if (trigger_id >= ARRAY_SIZE(drv->fw.dbg.trigger_tlv)) {
1004 IWL_ERR(drv,
1005 "Skip unknown trigger: %u\n",
1006 trigger->id);
1007 break;
1008 }
1009
1010 if (pieces->dbg_trigger_tlv[trigger_id]) {
1011 IWL_ERR(drv,
1012 "Ignore duplicate dbg trigger %u\n",
1013 trigger->id);
1014 break;
1015 }
1016
1017 IWL_INFO(drv, "Found debug trigger: %u\n", trigger->id);
1018
1019 pieces->dbg_trigger_tlv[trigger_id] = trigger;
1020 pieces->dbg_trigger_tlv_len[trigger_id] = tlv_len;
1021 break;
1022 }
1023 case IWL_UCODE_TLV_FW_DBG_DUMP_LST: {
1024 if (tlv_len != sizeof(u32)) {
1025 IWL_ERR(drv,
1026 "dbg lst mask size incorrect, skip\n");
1027 break;
1028 }
1029
1030 drv->fw.dbg.dump_mask =
1031 le32_to_cpup((__le32 *)tlv_data);
1032 break;
1033 }
1034 case IWL_UCODE_TLV_SEC_RT_USNIFFER:
1035 *usniffer_images = true;
1036 iwl_store_ucode_sec(pieces, tlv_data,
1037 IWL_UCODE_REGULAR_USNIFFER,
1038 tlv_len);
1039 break;
1040 case IWL_UCODE_TLV_PAGING:
1041 if (tlv_len != sizeof(u32))
1042 goto invalid_tlv_len;
1043 paging_mem_size = le32_to_cpup((__le32 *)tlv_data);
1044
1045 IWL_DEBUG_FW(drv,
1046 "Paging: paging enabled (size = %u bytes)\n",
1047 paging_mem_size);
1048
1049 if (paging_mem_size > MAX_PAGING_IMAGE_SIZE) {
1050 IWL_ERR(drv,
1051 "Paging: driver supports up to %lu bytes for paging image\n",
1052 MAX_PAGING_IMAGE_SIZE);
1053 return -EINVAL;
1054 }
1055
1056 if (paging_mem_size & (FW_PAGING_SIZE - 1)) {
1057 IWL_ERR(drv,
1058 "Paging: image isn't multiple %lu\n",
1059 FW_PAGING_SIZE);
1060 return -EINVAL;
1061 }
1062
1063 drv->fw.img[IWL_UCODE_REGULAR].paging_mem_size =
1064 paging_mem_size;
1065 usniffer_img = IWL_UCODE_REGULAR_USNIFFER;
1066 drv->fw.img[usniffer_img].paging_mem_size =
1067 paging_mem_size;
1068 break;
1069 case IWL_UCODE_TLV_FW_GSCAN_CAPA:
1070 /* ignored */
1071 break;
1072 case IWL_UCODE_TLV_FW_MEM_SEG: {
1073 struct iwl_fw_dbg_mem_seg_tlv *dbg_mem =
1074 (void *)tlv_data;
1075 size_t size;
1076 struct iwl_fw_dbg_mem_seg_tlv *n;
1077
1078 if (tlv_len != (sizeof(*dbg_mem)))
1079 goto invalid_tlv_len;
1080
1081 IWL_DEBUG_INFO(drv, "Found debug memory segment: %u\n",
1082 dbg_mem->data_type);
1083
1084 size = sizeof(*pieces->dbg_mem_tlv) *
1085 (pieces->n_mem_tlv + 1);
1086 n = krealloc(pieces->dbg_mem_tlv, size, GFP_KERNEL);
1087 if (!n)
1088 return -ENOMEM;
1089 pieces->dbg_mem_tlv = n;
1090 pieces->dbg_mem_tlv[pieces->n_mem_tlv] = *dbg_mem;
1091 pieces->n_mem_tlv++;
1092 break;
1093 }
1094 case IWL_UCODE_TLV_IML: {
1095 drv->fw.iml_len = tlv_len;
1096 drv->fw.iml = kmemdup(tlv_data, tlv_len, GFP_KERNEL);
1097 if (!drv->fw.iml)
1098 return -ENOMEM;
1099 break;
1100 }
1101 case IWL_UCODE_TLV_FW_RECOVERY_INFO: {
1102 struct {
1103 __le32 buf_addr;
1104 __le32 buf_size;
1105 } *recov_info = (void *)tlv_data;
1106
1107 if (tlv_len != sizeof(*recov_info))
1108 goto invalid_tlv_len;
1109 capa->error_log_addr =
1110 le32_to_cpu(recov_info->buf_addr);
1111 capa->error_log_size =
1112 le32_to_cpu(recov_info->buf_size);
1113 }
1114 break;
1115 case IWL_UCODE_TLV_FW_FSEQ_VERSION: {
1116 struct {
1117 u8 version[32];
1118 u8 sha1[20];
1119 } *fseq_ver = (void *)tlv_data;
1120
1121 if (tlv_len != sizeof(*fseq_ver))
1122 goto invalid_tlv_len;
1123 IWL_INFO(drv, "TLV_FW_FSEQ_VERSION: %s\n",
1124 fseq_ver->version);
1125 }
1126 break;
1127 case IWL_UCODE_TLV_UMAC_DEBUG_ADDRS: {
1128 struct iwl_umac_debug_addrs *dbg_ptrs =
1129 (void *)tlv_data;
1130
1131 if (tlv_len != sizeof(*dbg_ptrs))
1132 goto invalid_tlv_len;
1133 if (drv->trans->trans_cfg->device_family <
1134 IWL_DEVICE_FAMILY_22000)
1135 break;
1136 drv->trans->dbg.umac_error_event_table =
1137 le32_to_cpu(dbg_ptrs->error_info_addr) &
1138 ~FW_ADDR_CACHE_CONTROL;
1139 drv->trans->dbg.error_event_table_tlv_status |=
1140 IWL_ERROR_EVENT_TABLE_UMAC;
1141 break;
1142 }
1143 case IWL_UCODE_TLV_LMAC_DEBUG_ADDRS: {
1144 struct iwl_lmac_debug_addrs *dbg_ptrs =
1145 (void *)tlv_data;
1146
1147 if (tlv_len != sizeof(*dbg_ptrs))
1148 goto invalid_tlv_len;
1149 if (drv->trans->trans_cfg->device_family <
1150 IWL_DEVICE_FAMILY_22000)
1151 break;
1152 drv->trans->dbg.lmac_error_event_table[0] =
1153 le32_to_cpu(dbg_ptrs->error_event_table_ptr) &
1154 ~FW_ADDR_CACHE_CONTROL;
1155 drv->trans->dbg.error_event_table_tlv_status |=
1156 IWL_ERROR_EVENT_TABLE_LMAC1;
1157 break;
1158 }
1159 case IWL_UCODE_TLV_TYPE_DEBUG_INFO:
1160 case IWL_UCODE_TLV_TYPE_BUFFER_ALLOCATION:
1161 case IWL_UCODE_TLV_TYPE_HCMD:
1162 case IWL_UCODE_TLV_TYPE_REGIONS:
1163 case IWL_UCODE_TLV_TYPE_TRIGGERS:
1164 if (iwlwifi_mod_params.enable_ini)
1165 iwl_dbg_tlv_alloc(drv->trans, tlv, false);
1166 break;
1167 case IWL_UCODE_TLV_CMD_VERSIONS:
1168 if (tlv_len % sizeof(struct iwl_fw_cmd_version)) {
1169 IWL_ERR(drv,
1170 "Invalid length for command versions: %u\n",
1171 tlv_len);
1172 tlv_len /= sizeof(struct iwl_fw_cmd_version);
1173 tlv_len *= sizeof(struct iwl_fw_cmd_version);
1174 }
1175 if (WARN_ON(capa->cmd_versions))
1176 return -EINVAL;
1177 capa->cmd_versions = kmemdup(tlv_data, tlv_len,
1178 GFP_KERNEL);
1179 if (!capa->cmd_versions)
1180 return -ENOMEM;
1181 capa->n_cmd_versions =
1182 tlv_len / sizeof(struct iwl_fw_cmd_version);
1183 break;
1184 default:
1185 IWL_DEBUG_INFO(drv, "unknown TLV: %d\n", tlv_type);
1186 break;
1187 }
1188 }
1189
1190 if (!fw_has_capa(capa, IWL_UCODE_TLV_CAPA_USNIFFER_UNIFIED) &&
1191 usniffer_req && !*usniffer_images) {
1192 IWL_ERR(drv,
1193 "user selected to work with usniffer but usniffer image isn't available in ucode package\n");
1194 return -EINVAL;
1195 }
1196
1197 if (len) {
1198 IWL_ERR(drv, "invalid TLV after parsing: %zd\n", len);
1199 iwl_print_hex_dump(drv, IWL_DL_FW, (u8 *)data, len);
1200 return -EINVAL;
1201 }
1202
1203 return 0;
1204
1205 invalid_tlv_len:
1206 IWL_ERR(drv, "TLV %d has invalid size: %u\n", tlv_type, tlv_len);
1207 tlv_error:
1208 iwl_print_hex_dump(drv, IWL_DL_FW, tlv_data, tlv_len);
1209
1210 return -EINVAL;
1211}
1212
1213static int iwl_alloc_ucode(struct iwl_drv *drv,
1214 struct iwl_firmware_pieces *pieces,
1215 enum iwl_ucode_type type)
1216{
1217 int i;
1218 struct fw_desc *sec;
1219
1220 sec = kcalloc(pieces->img[type].sec_counter, sizeof(*sec), GFP_KERNEL);
1221 if (!sec)
1222 return -ENOMEM;
1223 drv->fw.img[type].sec = sec;
1224 drv->fw.img[type].num_sec = pieces->img[type].sec_counter;
1225
1226 for (i = 0; i < pieces->img[type].sec_counter; i++)
1227 if (iwl_alloc_fw_desc(drv, &sec[i], get_sec(pieces, type, i)))
1228 return -ENOMEM;
1229
1230 return 0;
1231}
1232
1233static int validate_sec_sizes(struct iwl_drv *drv,
1234 struct iwl_firmware_pieces *pieces,
1235 const struct iwl_cfg *cfg)
1236{
1237 IWL_DEBUG_INFO(drv, "f/w package hdr runtime inst size = %zd\n",
1238 get_sec_size(pieces, IWL_UCODE_REGULAR,
1239 IWL_UCODE_SECTION_INST));
1240 IWL_DEBUG_INFO(drv, "f/w package hdr runtime data size = %zd\n",
1241 get_sec_size(pieces, IWL_UCODE_REGULAR,
1242 IWL_UCODE_SECTION_DATA));
1243 IWL_DEBUG_INFO(drv, "f/w package hdr init inst size = %zd\n",
1244 get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST));
1245 IWL_DEBUG_INFO(drv, "f/w package hdr init data size = %zd\n",
1246 get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA));
1247
1248 /* Verify that uCode images will fit in card's SRAM. */
1249 if (get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST) >
1250 cfg->max_inst_size) {
1251 IWL_ERR(drv, "uCode instr len %zd too large to fit in\n",
1252 get_sec_size(pieces, IWL_UCODE_REGULAR,
1253 IWL_UCODE_SECTION_INST));
1254 return -1;
1255 }
1256
1257 if (get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA) >
1258 cfg->max_data_size) {
1259 IWL_ERR(drv, "uCode data len %zd too large to fit in\n",
1260 get_sec_size(pieces, IWL_UCODE_REGULAR,
1261 IWL_UCODE_SECTION_DATA));
1262 return -1;
1263 }
1264
1265 if (get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST) >
1266 cfg->max_inst_size) {
1267 IWL_ERR(drv, "uCode init instr len %zd too large to fit in\n",
1268 get_sec_size(pieces, IWL_UCODE_INIT,
1269 IWL_UCODE_SECTION_INST));
1270 return -1;
1271 }
1272
1273 if (get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA) >
1274 cfg->max_data_size) {
1275 IWL_ERR(drv, "uCode init data len %zd too large to fit in\n",
1276 get_sec_size(pieces, IWL_UCODE_REGULAR,
1277 IWL_UCODE_SECTION_DATA));
1278 return -1;
1279 }
1280 return 0;
1281}
1282
1283static struct iwl_op_mode *
1284_iwl_op_mode_start(struct iwl_drv *drv, struct iwlwifi_opmode_table *op)
1285{
1286 const struct iwl_op_mode_ops *ops = op->ops;
1287 struct dentry *dbgfs_dir = NULL;
1288 struct iwl_op_mode *op_mode = NULL;
1289
1290#ifdef CONFIG_IWLWIFI_DEBUGFS
1291 drv->dbgfs_op_mode = debugfs_create_dir(op->name,
1292 drv->dbgfs_drv);
1293 dbgfs_dir = drv->dbgfs_op_mode;
1294#endif
1295
1296 op_mode = ops->start(drv->trans, drv->trans->cfg, &drv->fw, dbgfs_dir);
1297
1298#ifdef CONFIG_IWLWIFI_DEBUGFS
1299 if (!op_mode) {
1300 debugfs_remove_recursive(drv->dbgfs_op_mode);
1301 drv->dbgfs_op_mode = NULL;
1302 }
1303#endif
1304
1305 return op_mode;
1306}
1307
1308static void _iwl_op_mode_stop(struct iwl_drv *drv)
1309{
1310 /* op_mode can be NULL if its start failed */
1311 if (drv->op_mode) {
1312 iwl_op_mode_stop(drv->op_mode);
1313 drv->op_mode = NULL;
1314
1315#ifdef CONFIG_IWLWIFI_DEBUGFS
1316 debugfs_remove_recursive(drv->dbgfs_op_mode);
1317 drv->dbgfs_op_mode = NULL;
1318#endif
1319 }
1320}
1321
1322/**
1323 * iwl_req_fw_callback - callback when firmware was loaded
1324 *
1325 * If loaded successfully, copies the firmware into buffers
1326 * for the card to fetch (via DMA).
1327 */
1328static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
1329{
1330 struct iwl_drv *drv = context;
1331 struct iwl_fw *fw = &drv->fw;
1332 struct iwl_ucode_header *ucode;
1333 struct iwlwifi_opmode_table *op;
1334 int err;
1335 struct iwl_firmware_pieces *pieces;
1336 const unsigned int api_max = drv->trans->cfg->ucode_api_max;
1337 const unsigned int api_min = drv->trans->cfg->ucode_api_min;
1338 size_t trigger_tlv_sz[FW_DBG_TRIGGER_MAX];
1339 u32 api_ver;
1340 int i;
1341 bool load_module = false;
1342 bool usniffer_images = false;
1343
1344 fw->ucode_capa.max_probe_length = IWL_DEFAULT_MAX_PROBE_LENGTH;
1345 fw->ucode_capa.standard_phy_calibration_size =
1346 IWL_DEFAULT_STANDARD_PHY_CALIBRATE_TBL_SIZE;
1347 fw->ucode_capa.n_scan_channels = IWL_DEFAULT_SCAN_CHANNELS;
1348 /* dump all fw memory areas by default */
1349 fw->dbg.dump_mask = 0xffffffff;
1350
1351 pieces = kzalloc(sizeof(*pieces), GFP_KERNEL);
1352 if (!pieces)
1353 goto out_free_fw;
1354
1355 if (!ucode_raw)
1356 goto try_again;
1357
1358 IWL_DEBUG_FW_INFO(drv, "Loaded firmware file '%s' (%zd bytes).\n",
1359 drv->firmware_name, ucode_raw->size);
1360
1361 /* Make sure that we got at least the API version number */
1362 if (ucode_raw->size < 4) {
1363 IWL_ERR(drv, "File size way too small!\n");
1364 goto try_again;
1365 }
1366
1367 /* Data from ucode file: header followed by uCode images */
1368 ucode = (struct iwl_ucode_header *)ucode_raw->data;
1369
1370 if (ucode->ver)
1371 err = iwl_parse_v1_v2_firmware(drv, ucode_raw, pieces);
1372 else
1373 err = iwl_parse_tlv_firmware(drv, ucode_raw, pieces,
1374 &fw->ucode_capa, &usniffer_images);
1375
1376 if (err)
1377 goto try_again;
1378
1379 if (fw_has_api(&drv->fw.ucode_capa, IWL_UCODE_TLV_API_NEW_VERSION))
1380 api_ver = drv->fw.ucode_ver;
1381 else
1382 api_ver = IWL_UCODE_API(drv->fw.ucode_ver);
1383
1384 /*
1385 * api_ver should match the api version forming part of the
1386 * firmware filename ... but we don't check for that and only rely
1387 * on the API version read from firmware header from here on forward
1388 */
1389 if (api_ver < api_min || api_ver > api_max) {
1390 IWL_ERR(drv,
1391 "Driver unable to support your firmware API. "
1392 "Driver supports v%u, firmware is v%u.\n",
1393 api_max, api_ver);
1394 goto try_again;
1395 }
1396
1397 /*
1398 * In mvm uCode there is no difference between data and instructions
1399 * sections.
1400 */
1401 if (fw->type == IWL_FW_DVM && validate_sec_sizes(drv, pieces,
1402 drv->trans->cfg))
1403 goto try_again;
1404
1405 /* Allocate ucode buffers for card's bus-master loading ... */
1406
1407 /* Runtime instructions and 2 copies of data:
1408 * 1) unmodified from disk
1409 * 2) backup cache for save/restore during power-downs
1410 */
1411 for (i = 0; i < IWL_UCODE_TYPE_MAX; i++)
1412 if (iwl_alloc_ucode(drv, pieces, i))
1413 goto out_free_fw;
1414
1415 if (pieces->dbg_dest_tlv_init) {
1416 size_t dbg_dest_size = sizeof(*drv->fw.dbg.dest_tlv) +
1417 sizeof(drv->fw.dbg.dest_tlv->reg_ops[0]) *
1418 drv->fw.dbg.n_dest_reg;
1419
1420 drv->fw.dbg.dest_tlv = kmalloc(dbg_dest_size, GFP_KERNEL);
1421
1422 if (!drv->fw.dbg.dest_tlv)
1423 goto out_free_fw;
1424
1425 if (*pieces->dbg_dest_ver == 0) {
1426 memcpy(drv->fw.dbg.dest_tlv, pieces->dbg_dest_tlv_v1,
1427 dbg_dest_size);
1428 } else {
1429 struct iwl_fw_dbg_dest_tlv_v1 *dest_tlv =
1430 drv->fw.dbg.dest_tlv;
1431
1432 dest_tlv->version = pieces->dbg_dest_tlv->version;
1433 dest_tlv->monitor_mode =
1434 pieces->dbg_dest_tlv->monitor_mode;
1435 dest_tlv->size_power =
1436 pieces->dbg_dest_tlv->size_power;
1437 dest_tlv->wrap_count =
1438 pieces->dbg_dest_tlv->wrap_count;
1439 dest_tlv->write_ptr_reg =
1440 pieces->dbg_dest_tlv->write_ptr_reg;
1441 dest_tlv->base_shift =
1442 pieces->dbg_dest_tlv->base_shift;
1443 memcpy(dest_tlv->reg_ops,
1444 pieces->dbg_dest_tlv->reg_ops,
1445 sizeof(drv->fw.dbg.dest_tlv->reg_ops[0]) *
1446 drv->fw.dbg.n_dest_reg);
1447
1448 /* In version 1 of the destination tlv, which is
1449 * relevant for internal buffer exclusively,
1450 * the base address is part of given with the length
1451 * of the buffer, and the size shift is give instead of
1452 * end shift. We now store these values in base_reg,
1453 * and end shift, and when dumping the data we'll
1454 * manipulate it for extracting both the length and
1455 * base address */
1456 dest_tlv->base_reg = pieces->dbg_dest_tlv->cfg_reg;
1457 dest_tlv->end_shift =
1458 pieces->dbg_dest_tlv->size_shift;
1459 }
1460 }
1461
1462 for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.conf_tlv); i++) {
1463 if (pieces->dbg_conf_tlv[i]) {
1464 drv->fw.dbg.conf_tlv[i] =
1465 kmemdup(pieces->dbg_conf_tlv[i],
1466 pieces->dbg_conf_tlv_len[i],
1467 GFP_KERNEL);
1468 if (!drv->fw.dbg.conf_tlv[i])
1469 goto out_free_fw;
1470 }
1471 }
1472
1473 memset(&trigger_tlv_sz, 0xff, sizeof(trigger_tlv_sz));
1474
1475 trigger_tlv_sz[FW_DBG_TRIGGER_MISSED_BEACONS] =
1476 sizeof(struct iwl_fw_dbg_trigger_missed_bcon);
1477 trigger_tlv_sz[FW_DBG_TRIGGER_CHANNEL_SWITCH] = 0;
1478 trigger_tlv_sz[FW_DBG_TRIGGER_FW_NOTIF] =
1479 sizeof(struct iwl_fw_dbg_trigger_cmd);
1480 trigger_tlv_sz[FW_DBG_TRIGGER_MLME] =
1481 sizeof(struct iwl_fw_dbg_trigger_mlme);
1482 trigger_tlv_sz[FW_DBG_TRIGGER_STATS] =
1483 sizeof(struct iwl_fw_dbg_trigger_stats);
1484 trigger_tlv_sz[FW_DBG_TRIGGER_RSSI] =
1485 sizeof(struct iwl_fw_dbg_trigger_low_rssi);
1486 trigger_tlv_sz[FW_DBG_TRIGGER_TXQ_TIMERS] =
1487 sizeof(struct iwl_fw_dbg_trigger_txq_timer);
1488 trigger_tlv_sz[FW_DBG_TRIGGER_TIME_EVENT] =
1489 sizeof(struct iwl_fw_dbg_trigger_time_event);
1490 trigger_tlv_sz[FW_DBG_TRIGGER_BA] =
1491 sizeof(struct iwl_fw_dbg_trigger_ba);
1492 trigger_tlv_sz[FW_DBG_TRIGGER_TDLS] =
1493 sizeof(struct iwl_fw_dbg_trigger_tdls);
1494
1495 for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.trigger_tlv); i++) {
1496 if (pieces->dbg_trigger_tlv[i]) {
1497 /*
1498 * If the trigger isn't long enough, WARN and exit.
1499 * Someone is trying to debug something and he won't
1500 * be able to catch the bug he is trying to chase.
1501 * We'd better be noisy to be sure he knows what's
1502 * going on.
1503 */
1504 if (WARN_ON(pieces->dbg_trigger_tlv_len[i] <
1505 (trigger_tlv_sz[i] +
1506 sizeof(struct iwl_fw_dbg_trigger_tlv))))
1507 goto out_free_fw;
1508 drv->fw.dbg.trigger_tlv_len[i] =
1509 pieces->dbg_trigger_tlv_len[i];
1510 drv->fw.dbg.trigger_tlv[i] =
1511 kmemdup(pieces->dbg_trigger_tlv[i],
1512 drv->fw.dbg.trigger_tlv_len[i],
1513 GFP_KERNEL);
1514 if (!drv->fw.dbg.trigger_tlv[i])
1515 goto out_free_fw;
1516 }
1517 }
1518
1519 /* Now that we can no longer fail, copy information */
1520
1521 drv->fw.dbg.mem_tlv = pieces->dbg_mem_tlv;
1522 pieces->dbg_mem_tlv = NULL;
1523 drv->fw.dbg.n_mem_tlv = pieces->n_mem_tlv;
1524
1525 /*
1526 * The (size - 16) / 12 formula is based on the information recorded
1527 * for each event, which is of mode 1 (including timestamp) for all
1528 * new microcodes that include this information.
1529 */
1530 fw->init_evtlog_ptr = pieces->init_evtlog_ptr;
1531 if (pieces->init_evtlog_size)
1532 fw->init_evtlog_size = (pieces->init_evtlog_size - 16)/12;
1533 else
1534 fw->init_evtlog_size =
1535 drv->trans->trans_cfg->base_params->max_event_log_size;
1536 fw->init_errlog_ptr = pieces->init_errlog_ptr;
1537 fw->inst_evtlog_ptr = pieces->inst_evtlog_ptr;
1538 if (pieces->inst_evtlog_size)
1539 fw->inst_evtlog_size = (pieces->inst_evtlog_size - 16)/12;
1540 else
1541 fw->inst_evtlog_size =
1542 drv->trans->trans_cfg->base_params->max_event_log_size;
1543 fw->inst_errlog_ptr = pieces->inst_errlog_ptr;
1544
1545 /*
1546 * figure out the offset of chain noise reset and gain commands
1547 * base on the size of standard phy calibration commands table size
1548 */
1549 if (fw->ucode_capa.standard_phy_calibration_size >
1550 IWL_MAX_PHY_CALIBRATE_TBL_SIZE)
1551 fw->ucode_capa.standard_phy_calibration_size =
1552 IWL_MAX_STANDARD_PHY_CALIBRATE_TBL_SIZE;
1553
1554 /* We have our copies now, allow OS release its copies */
1555 release_firmware(ucode_raw);
1556
1557 mutex_lock(&iwlwifi_opmode_table_mtx);
1558 switch (fw->type) {
1559 case IWL_FW_DVM:
1560 op = &iwlwifi_opmode_table[DVM_OP_MODE];
1561 break;
1562 default:
1563 WARN(1, "Invalid fw type %d\n", fw->type);
1564 /* fall through */
1565 case IWL_FW_MVM:
1566 op = &iwlwifi_opmode_table[MVM_OP_MODE];
1567 break;
1568 }
1569
1570 IWL_INFO(drv, "loaded firmware version %s op_mode %s\n",
1571 drv->fw.fw_version, op->name);
1572
1573 iwl_dbg_tlv_load_bin(drv->trans->dev, drv->trans);
1574
1575 /* add this device to the list of devices using this op_mode */
1576 list_add_tail(&drv->list, &op->drv);
1577
1578 if (op->ops) {
1579 drv->op_mode = _iwl_op_mode_start(drv, op);
1580
1581 if (!drv->op_mode) {
1582 mutex_unlock(&iwlwifi_opmode_table_mtx);
1583 goto out_unbind;
1584 }
1585 } else {
1586 load_module = true;
1587 }
1588 mutex_unlock(&iwlwifi_opmode_table_mtx);
1589
1590 /*
1591 * Complete the firmware request last so that
1592 * a driver unbind (stop) doesn't run while we
1593 * are doing the start() above.
1594 */
1595 complete(&drv->request_firmware_complete);
1596
1597 /*
1598 * Load the module last so we don't block anything
1599 * else from proceeding if the module fails to load
1600 * or hangs loading.
1601 */
1602 if (load_module) {
1603 request_module("%s", op->name);
1604#ifdef CONFIG_IWLWIFI_OPMODE_MODULAR
1605 if (err)
1606 IWL_ERR(drv,
1607 "failed to load module %s (error %d), is dynamic loading enabled?\n",
1608 op->name, err);
1609#endif
1610 }
1611 goto free;
1612
1613 try_again:
1614 /* try next, if any */
1615 release_firmware(ucode_raw);
1616 if (iwl_request_firmware(drv, false))
1617 goto out_unbind;
1618 goto free;
1619
1620 out_free_fw:
1621 release_firmware(ucode_raw);
1622 out_unbind:
1623 complete(&drv->request_firmware_complete);
1624 device_release_driver(drv->trans->dev);
1625 free:
1626 if (pieces) {
1627 for (i = 0; i < ARRAY_SIZE(pieces->img); i++)
1628 kfree(pieces->img[i].sec);
1629 kfree(pieces->dbg_mem_tlv);
1630 kfree(pieces);
1631 }
1632}
1633
1634struct iwl_drv *iwl_drv_start(struct iwl_trans *trans)
1635{
1636 struct iwl_drv *drv;
1637 int ret;
1638
1639 drv = kzalloc(sizeof(*drv), GFP_KERNEL);
1640 if (!drv) {
1641 ret = -ENOMEM;
1642 goto err;
1643 }
1644
1645 drv->trans = trans;
1646 drv->dev = trans->dev;
1647
1648 init_completion(&drv->request_firmware_complete);
1649 INIT_LIST_HEAD(&drv->list);
1650
1651#ifdef CONFIG_IWLWIFI_DEBUGFS
1652 /* Create the device debugfs entries. */
1653 drv->dbgfs_drv = debugfs_create_dir(dev_name(trans->dev),
1654 iwl_dbgfs_root);
1655
1656 /* Create transport layer debugfs dir */
1657 drv->trans->dbgfs_dir = debugfs_create_dir("trans", drv->dbgfs_drv);
1658#endif
1659
1660 drv->trans->dbg.domains_bitmap = IWL_TRANS_FW_DBG_DOMAIN(drv->trans);
1661
1662 ret = iwl_request_firmware(drv, true);
1663 if (ret) {
1664 IWL_ERR(trans, "Couldn't request the fw\n");
1665 goto err_fw;
1666 }
1667
1668 return drv;
1669
1670err_fw:
1671#ifdef CONFIG_IWLWIFI_DEBUGFS
1672 debugfs_remove_recursive(drv->dbgfs_drv);
1673 iwl_dbg_tlv_free(drv->trans);
1674#endif
1675 kfree(drv);
1676err:
1677 return ERR_PTR(ret);
1678}
1679
1680void iwl_drv_stop(struct iwl_drv *drv)
1681{
1682 wait_for_completion(&drv->request_firmware_complete);
1683
1684 _iwl_op_mode_stop(drv);
1685
1686 iwl_dealloc_ucode(drv);
1687
1688 mutex_lock(&iwlwifi_opmode_table_mtx);
1689 /*
1690 * List is empty (this item wasn't added)
1691 * when firmware loading failed -- in that
1692 * case we can't remove it from any list.
1693 */
1694 if (!list_empty(&drv->list))
1695 list_del(&drv->list);
1696 mutex_unlock(&iwlwifi_opmode_table_mtx);
1697
1698#ifdef CONFIG_IWLWIFI_DEBUGFS
1699 drv->trans->ops->debugfs_cleanup(drv->trans);
1700
1701 debugfs_remove_recursive(drv->dbgfs_drv);
1702#endif
1703
1704 iwl_dbg_tlv_free(drv->trans);
1705
1706 kfree(drv);
1707}
1708
1709
1710/* shared module parameters */
1711struct iwl_mod_params iwlwifi_mod_params = {
1712 .fw_restart = true,
1713 .bt_coex_active = true,
1714 .power_level = IWL_POWER_INDEX_1,
1715 .uapsd_disable = IWL_DISABLE_UAPSD_BSS | IWL_DISABLE_UAPSD_P2P_CLIENT,
1716 .enable_ini = true,
1717 /* the rest are 0 by default */
1718};
1719IWL_EXPORT_SYMBOL(iwlwifi_mod_params);
1720
1721int iwl_opmode_register(const char *name, const struct iwl_op_mode_ops *ops)
1722{
1723 int i;
1724 struct iwl_drv *drv;
1725 struct iwlwifi_opmode_table *op;
1726
1727 mutex_lock(&iwlwifi_opmode_table_mtx);
1728 for (i = 0; i < ARRAY_SIZE(iwlwifi_opmode_table); i++) {
1729 op = &iwlwifi_opmode_table[i];
1730 if (strcmp(op->name, name))
1731 continue;
1732 op->ops = ops;
1733 /* TODO: need to handle exceptional case */
1734 list_for_each_entry(drv, &op->drv, list)
1735 drv->op_mode = _iwl_op_mode_start(drv, op);
1736
1737 mutex_unlock(&iwlwifi_opmode_table_mtx);
1738 return 0;
1739 }
1740 mutex_unlock(&iwlwifi_opmode_table_mtx);
1741 return -EIO;
1742}
1743IWL_EXPORT_SYMBOL(iwl_opmode_register);
1744
1745void iwl_opmode_deregister(const char *name)
1746{
1747 int i;
1748 struct iwl_drv *drv;
1749
1750 mutex_lock(&iwlwifi_opmode_table_mtx);
1751 for (i = 0; i < ARRAY_SIZE(iwlwifi_opmode_table); i++) {
1752 if (strcmp(iwlwifi_opmode_table[i].name, name))
1753 continue;
1754 iwlwifi_opmode_table[i].ops = NULL;
1755
1756 /* call the stop routine for all devices */
1757 list_for_each_entry(drv, &iwlwifi_opmode_table[i].drv, list)
1758 _iwl_op_mode_stop(drv);
1759
1760 mutex_unlock(&iwlwifi_opmode_table_mtx);
1761 return;
1762 }
1763 mutex_unlock(&iwlwifi_opmode_table_mtx);
1764}
1765IWL_EXPORT_SYMBOL(iwl_opmode_deregister);
1766
1767static int __init iwl_drv_init(void)
1768{
1769 int i, err;
1770
1771 mutex_init(&iwlwifi_opmode_table_mtx);
1772
1773 for (i = 0; i < ARRAY_SIZE(iwlwifi_opmode_table); i++)
1774 INIT_LIST_HEAD(&iwlwifi_opmode_table[i].drv);
1775
1776 pr_info(DRV_DESCRIPTION "\n");
1777
1778#ifdef CONFIG_IWLWIFI_DEBUGFS
1779 /* Create the root of iwlwifi debugfs subsystem. */
1780 iwl_dbgfs_root = debugfs_create_dir(DRV_NAME, NULL);
1781#endif
1782
1783 err = iwl_pci_register_driver();
1784 if (err)
1785 goto cleanup_debugfs;
1786
1787 return 0;
1788
1789cleanup_debugfs:
1790#ifdef CONFIG_IWLWIFI_DEBUGFS
1791 debugfs_remove_recursive(iwl_dbgfs_root);
1792#endif
1793 return err;
1794}
1795module_init(iwl_drv_init);
1796
1797static void __exit iwl_drv_exit(void)
1798{
1799 iwl_pci_unregister_driver();
1800
1801#ifdef CONFIG_IWLWIFI_DEBUGFS
1802 debugfs_remove_recursive(iwl_dbgfs_root);
1803#endif
1804}
1805module_exit(iwl_drv_exit);
1806
1807#ifdef CONFIG_IWLWIFI_DEBUG
1808module_param_named(debug, iwlwifi_mod_params.debug_level, uint, 0644);
1809MODULE_PARM_DESC(debug, "debug output mask");
1810#endif
1811
1812module_param_named(swcrypto, iwlwifi_mod_params.swcrypto, int, 0444);
1813MODULE_PARM_DESC(swcrypto, "using crypto in software (default 0 [hardware])");
1814module_param_named(11n_disable, iwlwifi_mod_params.disable_11n, uint, 0444);
1815MODULE_PARM_DESC(11n_disable,
1816 "disable 11n functionality, bitmap: 1: full, 2: disable agg TX, 4: disable agg RX, 8 enable agg TX");
1817module_param_named(amsdu_size, iwlwifi_mod_params.amsdu_size, int, 0444);
1818MODULE_PARM_DESC(amsdu_size,
1819 "amsdu size 0: 12K for multi Rx queue devices, 2K for AX210 devices, "
1820 "4K for other devices 1:4K 2:8K 3:12K 4: 2K (default 0)");
1821module_param_named(fw_restart, iwlwifi_mod_params.fw_restart, bool, 0444);
1822MODULE_PARM_DESC(fw_restart, "restart firmware in case of error (default true)");
1823
1824module_param_named(nvm_file, iwlwifi_mod_params.nvm_file, charp, 0444);
1825MODULE_PARM_DESC(nvm_file, "NVM file name");
1826
1827module_param_named(uapsd_disable, iwlwifi_mod_params.uapsd_disable, uint, 0644);
1828MODULE_PARM_DESC(uapsd_disable,
1829 "disable U-APSD functionality bitmap 1: BSS 2: P2P Client (default: 3)");
1830module_param_named(enable_ini, iwlwifi_mod_params.enable_ini,
1831 bool, S_IRUGO | S_IWUSR);
1832MODULE_PARM_DESC(enable_ini,
1833 "Enable debug INI TLV FW debug infrastructure (default: true");
1834
1835/*
1836 * set bt_coex_active to true, uCode will do kill/defer
1837 * every time the priority line is asserted (BT is sending signals on the
1838 * priority line in the PCIx).
1839 * set bt_coex_active to false, uCode will ignore the BT activity and
1840 * perform the normal operation
1841 *
1842 * User might experience transmit issue on some platform due to WiFi/BT
1843 * co-exist problem. The possible behaviors are:
1844 * Able to scan and finding all the available AP
1845 * Not able to associate with any AP
1846 * On those platforms, WiFi communication can be restored by set
1847 * "bt_coex_active" module parameter to "false"
1848 *
1849 * default: bt_coex_active = true (BT_COEX_ENABLE)
1850 */
1851module_param_named(bt_coex_active, iwlwifi_mod_params.bt_coex_active,
1852 bool, 0444);
1853MODULE_PARM_DESC(bt_coex_active, "enable wifi/bt co-exist (default: enable)");
1854
1855module_param_named(led_mode, iwlwifi_mod_params.led_mode, int, 0444);
1856MODULE_PARM_DESC(led_mode, "0=system default, "
1857 "1=On(RF On)/Off(RF Off), 2=blinking, 3=Off (default: 0)");
1858
1859module_param_named(power_save, iwlwifi_mod_params.power_save, bool, 0444);
1860MODULE_PARM_DESC(power_save,
1861 "enable WiFi power management (default: disable)");
1862
1863module_param_named(power_level, iwlwifi_mod_params.power_level, int, 0444);
1864MODULE_PARM_DESC(power_level,
1865 "default power save level (range from 1 - 5, default: 1)");
1866
1867module_param_named(disable_11ac, iwlwifi_mod_params.disable_11ac, bool, 0444);
1868MODULE_PARM_DESC(disable_11ac, "Disable VHT capabilities (default: false)");
1869
1870module_param_named(remove_when_gone,
1871 iwlwifi_mod_params.remove_when_gone, bool,
1872 0444);
1873MODULE_PARM_DESC(remove_when_gone,
1874 "Remove dev from PCIe bus if it is deemed inaccessible (default: false)");
1875
1876module_param_named(disable_11ax, iwlwifi_mod_params.disable_11ax, bool,
1877 S_IRUGO);
1878MODULE_PARM_DESC(disable_11ax, "Disable HE capabilities (default: false)");