1 /******************************************************************************
3 * This file is provided under a dual BSD/GPLv2 license. When using or
4 * redistributing this file, you may do so under either license.
8 * Copyright(c) 2010 - 2012 Intel Corporation. All rights reserved.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of version 2 of the GNU General Public License as
12 * published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
24 * The full GNU General Public License is included in this distribution
25 * in the file called LICENSE.GPL.
27 * Contact Information:
28 * Intel Linux Wireless <ilw@linux.intel.com>
29 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
33 * Copyright(c) 2010 - 2012 Intel Corporation. All rights reserved.
34 * All rights reserved.
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
40 * * Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * * Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in
44 * the documentation and/or other materials provided with the
46 * * Neither the name Intel Corporation nor the names of its
47 * contributors may be used to endorse or promote products derived
48 * from this software without specific prior written permission.
50 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
51 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
52 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
53 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
54 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
56 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
57 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
58 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
59 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
60 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
62 *****************************************************************************/
63 #include <linux/init.h>
64 #include <linux/kernel.h>
65 #include <linux/module.h>
66 #include <linux/dma-mapping.h>
67 #include <net/net_namespace.h>
68 #include <linux/netdevice.h>
69 #include <net/cfg80211.h>
70 #include <net/mac80211.h>
71 #include <net/netlink.h>
75 #include "iwl-debug.h"
78 #include "iwl-testmode.h"
79 #include "iwl-trans.h"
84 /* Periphery registers absolute lower bound. This is used in order to
85 * differentiate registery access through HBUS_TARG_PRPH_* and
86 * HBUS_TARG_MEM_* accesses.
88 #define IWL_TM_ABS_PRPH_START (0xA00000)
90 /* The TLVs used in the gnl message policy between the kernel module and
91 * user space application. iwl_testmode_gnl_msg_policy is to be carried
92 * through the NL80211_CMD_TESTMODE channel regulated by nl80211.
96 struct nla_policy iwl_testmode_gnl_msg_policy[IWL_TM_ATTR_MAX] = {
97 [IWL_TM_ATTR_COMMAND] = { .type = NLA_U32, },
99 [IWL_TM_ATTR_UCODE_CMD_ID] = { .type = NLA_U8, },
100 [IWL_TM_ATTR_UCODE_CMD_DATA] = { .type = NLA_UNSPEC, },
102 [IWL_TM_ATTR_REG_OFFSET] = { .type = NLA_U32, },
103 [IWL_TM_ATTR_REG_VALUE8] = { .type = NLA_U8, },
104 [IWL_TM_ATTR_REG_VALUE32] = { .type = NLA_U32, },
106 [IWL_TM_ATTR_SYNC_RSP] = { .type = NLA_UNSPEC, },
107 [IWL_TM_ATTR_UCODE_RX_PKT] = { .type = NLA_UNSPEC, },
109 [IWL_TM_ATTR_EEPROM] = { .type = NLA_UNSPEC, },
111 [IWL_TM_ATTR_TRACE_ADDR] = { .type = NLA_UNSPEC, },
112 [IWL_TM_ATTR_TRACE_DUMP] = { .type = NLA_UNSPEC, },
113 [IWL_TM_ATTR_TRACE_SIZE] = { .type = NLA_U32, },
115 [IWL_TM_ATTR_FIXRATE] = { .type = NLA_U32, },
117 [IWL_TM_ATTR_UCODE_OWNER] = { .type = NLA_U8, },
119 [IWL_TM_ATTR_MEM_ADDR] = { .type = NLA_U32, },
120 [IWL_TM_ATTR_BUFFER_SIZE] = { .type = NLA_U32, },
121 [IWL_TM_ATTR_BUFFER_DUMP] = { .type = NLA_UNSPEC, },
123 [IWL_TM_ATTR_FW_VERSION] = { .type = NLA_U32, },
124 [IWL_TM_ATTR_DEVICE_ID] = { .type = NLA_U32, },
125 [IWL_TM_ATTR_FW_TYPE] = { .type = NLA_U32, },
126 [IWL_TM_ATTR_FW_INST_SIZE] = { .type = NLA_U32, },
127 [IWL_TM_ATTR_FW_DATA_SIZE] = { .type = NLA_U32, },
129 [IWL_TM_ATTR_ENABLE_NOTIFICATION] = {.type = NLA_FLAG, },
133 * See the struct iwl_rx_packet in iwl-commands.h for the format of the
134 * received events from the device
136 static inline int get_event_length(struct iwl_rx_cmd_buffer *rxb)
138 struct iwl_rx_packet *pkt = rxb_addr(rxb);
140 return le32_to_cpu(pkt->len_n_flags) & FH_RSCSR_FRAME_SIZE_MSK;
147 * This function multicasts the spontaneous messages from the device to the
148 * user space. It is invoked whenever there is a received messages
149 * from the device. This function is called within the ISR of the rx handlers
152 * The parsing of the message content is left to the user space application,
153 * The message content is treated as unattacked raw data and is encapsulated
154 * with IWL_TM_ATTR_UCODE_RX_PKT multicasting to the user space.
156 * @priv: the instance of iwlwifi device
157 * @rxb: pointer to rx data content received by the ISR
159 * See the message policies and TLVs in iwl_testmode_gnl_msg_policy[].
160 * For the messages multicasting to the user application, the mandatory
162 * IWL_TM_ATTR_COMMAND must be IWL_TM_CMD_DEV2APP_UCODE_RX_PKT
163 * IWL_TM_ATTR_UCODE_RX_PKT for carrying the message content
166 static void iwl_testmode_ucode_rx_pkt(struct iwl_priv *priv,
167 struct iwl_rx_cmd_buffer *rxb)
169 struct ieee80211_hw *hw = priv->hw;
174 data = (void *)rxb_addr(rxb);
175 length = get_event_length(rxb);
177 if (!data || length == 0)
180 skb = cfg80211_testmode_alloc_event_skb(hw->wiphy, 20 + length,
184 "Run out of memory for messages to user space ?\n");
187 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT);
188 /* the length doesn't include len_n_flags field, so add it manually */
189 NLA_PUT(skb, IWL_TM_ATTR_UCODE_RX_PKT, length + sizeof(__le32), data);
190 cfg80211_testmode_event(skb, GFP_ATOMIC);
195 IWL_ERR(priv, "Ouch, overran buffer, check allocation!\n");
198 void iwl_testmode_init(struct iwl_priv *priv)
200 priv->pre_rx_handler = NULL;
201 priv->testmode_trace.trace_enabled = false;
202 priv->testmode_mem.read_in_progress = false;
205 static void iwl_mem_cleanup(struct iwl_priv *priv)
207 if (priv->testmode_mem.read_in_progress) {
208 kfree(priv->testmode_mem.buff_addr);
209 priv->testmode_mem.buff_addr = NULL;
210 priv->testmode_mem.buff_size = 0;
211 priv->testmode_mem.num_chunks = 0;
212 priv->testmode_mem.read_in_progress = false;
216 static void iwl_trace_cleanup(struct iwl_priv *priv)
218 if (priv->testmode_trace.trace_enabled) {
219 if (priv->testmode_trace.cpu_addr &&
220 priv->testmode_trace.dma_addr)
221 dma_free_coherent(trans(priv)->dev,
222 priv->testmode_trace.total_size,
223 priv->testmode_trace.cpu_addr,
224 priv->testmode_trace.dma_addr);
225 priv->testmode_trace.trace_enabled = false;
226 priv->testmode_trace.cpu_addr = NULL;
227 priv->testmode_trace.trace_addr = NULL;
228 priv->testmode_trace.dma_addr = 0;
229 priv->testmode_trace.buff_size = 0;
230 priv->testmode_trace.total_size = 0;
235 void iwl_testmode_cleanup(struct iwl_priv *priv)
237 iwl_trace_cleanup(priv);
238 iwl_mem_cleanup(priv);
243 * This function handles the user application commands to the ucode.
245 * It retrieves the mandatory fields IWL_TM_ATTR_UCODE_CMD_ID and
246 * IWL_TM_ATTR_UCODE_CMD_DATA and calls to the handler to send the
247 * host command to the ucode.
249 * If any mandatory field is missing, -ENOMSG is replied to the user space
250 * application; otherwise, waits for the host command to be sent and checks
251 * the return code. In case or error, it is returned, otherwise a reply is
252 * allocated and the reply RX packet
255 * @hw: ieee80211_hw object that represents the device
256 * @tb: gnl message fields from the user space
258 static int iwl_testmode_ucode(struct ieee80211_hw *hw, struct nlattr **tb)
260 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
261 struct iwl_host_cmd cmd;
262 struct iwl_rx_packet *pkt;
269 memset(&cmd, 0, sizeof(struct iwl_host_cmd));
271 if (!tb[IWL_TM_ATTR_UCODE_CMD_ID] ||
272 !tb[IWL_TM_ATTR_UCODE_CMD_DATA]) {
273 IWL_ERR(priv, "Missing ucode command mandatory fields\n");
277 cmd.flags = CMD_ON_DEMAND | CMD_SYNC;
278 cmd_want_skb = nla_get_flag(tb[IWL_TM_ATTR_UCODE_CMD_SKB]);
280 cmd.flags |= CMD_WANT_SKB;
282 cmd.id = nla_get_u8(tb[IWL_TM_ATTR_UCODE_CMD_ID]);
283 cmd.data[0] = nla_data(tb[IWL_TM_ATTR_UCODE_CMD_DATA]);
284 cmd.len[0] = nla_len(tb[IWL_TM_ATTR_UCODE_CMD_DATA]);
285 cmd.dataflags[0] = IWL_HCMD_DFL_NOCOPY;
286 IWL_DEBUG_INFO(priv, "testmode ucode command ID 0x%x, flags 0x%x,"
287 " len %d\n", cmd.id, cmd.flags, cmd.len[0]);
289 ret = iwl_dvm_send_cmd(priv, &cmd);
291 IWL_ERR(priv, "Failed to send hcmd\n");
297 /* Handling return of SKB to the user */
300 IWL_ERR(priv, "HCMD received a null response packet\n");
304 reply_len = le32_to_cpu(pkt->len_n_flags) & FH_RSCSR_FRAME_SIZE_MSK;
305 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, reply_len + 20);
306 reply_buf = kmalloc(reply_len, GFP_KERNEL);
307 if (!skb || !reply_buf) {
313 /* The reply is in a page, that we cannot send to user space. */
314 memcpy(reply_buf, &(pkt->hdr), reply_len);
317 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT);
318 NLA_PUT(skb, IWL_TM_ATTR_UCODE_RX_PKT, reply_len, reply_buf);
319 return cfg80211_testmode_reply(skb);
322 IWL_DEBUG_INFO(priv, "Failed creating NL attributes\n");
328 * This function handles the user application commands for register access.
330 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the
331 * handlers respectively.
333 * If it's an unknown commdn ID, -ENOSYS is returned; or -ENOMSG if the
334 * mandatory fields(IWL_TM_ATTR_REG_OFFSET,IWL_TM_ATTR_REG_VALUE32,
335 * IWL_TM_ATTR_REG_VALUE8) are missing; Otherwise 0 is replied indicating
336 * the success of the command execution.
338 * If IWL_TM_ATTR_COMMAND is IWL_TM_CMD_APP2DEV_REG_READ32, the register read
339 * value is returned with IWL_TM_ATTR_REG_VALUE32.
341 * @hw: ieee80211_hw object that represents the device
342 * @tb: gnl message fields from the user space
344 static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb)
346 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
352 if (!tb[IWL_TM_ATTR_REG_OFFSET]) {
353 IWL_ERR(priv, "Missing register offset\n");
356 ofs = nla_get_u32(tb[IWL_TM_ATTR_REG_OFFSET]);
357 IWL_INFO(priv, "testmode register access command offset 0x%x\n", ofs);
359 /* Allow access only to FH/CSR/HBUS in direct mode.
360 Since we don't have the upper bounds for the CSR and HBUS segments,
361 we will use only the upper bound of FH for sanity check. */
362 cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]);
363 if ((cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32 ||
364 cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32 ||
365 cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8) &&
366 (ofs >= FH_MEM_UPPER_BOUND)) {
367 IWL_ERR(priv, "offset out of segment (0x0 - 0x%x)\n",
373 case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32:
374 val32 = iwl_read_direct32(trans(priv), ofs);
375 IWL_INFO(priv, "32bit value to read 0x%x\n", val32);
377 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20);
379 IWL_ERR(priv, "Memory allocation fail\n");
382 NLA_PUT_U32(skb, IWL_TM_ATTR_REG_VALUE32, val32);
383 status = cfg80211_testmode_reply(skb);
385 IWL_ERR(priv, "Error sending msg : %d\n", status);
387 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32:
388 if (!tb[IWL_TM_ATTR_REG_VALUE32]) {
389 IWL_ERR(priv, "Missing value to write\n");
392 val32 = nla_get_u32(tb[IWL_TM_ATTR_REG_VALUE32]);
393 IWL_INFO(priv, "32bit value to write 0x%x\n", val32);
394 iwl_write_direct32(trans(priv), ofs, val32);
397 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8:
398 if (!tb[IWL_TM_ATTR_REG_VALUE8]) {
399 IWL_ERR(priv, "Missing value to write\n");
402 val8 = nla_get_u8(tb[IWL_TM_ATTR_REG_VALUE8]);
403 IWL_INFO(priv, "8bit value to write 0x%x\n", val8);
404 iwl_write8(trans(priv), ofs, val8);
408 IWL_ERR(priv, "Unknown testmode register command ID\n");
420 static int iwl_testmode_cfg_init_calib(struct iwl_priv *priv)
422 struct iwl_notification_wait calib_wait;
425 iwl_init_notification_wait(&priv->notif_wait, &calib_wait,
426 CALIBRATION_COMPLETE_NOTIFICATION,
428 ret = iwl_init_alive_start(priv);
430 IWL_ERR(priv, "Fail init calibration: %d\n", ret);
431 goto cfg_init_calib_error;
434 ret = iwl_wait_notification(&priv->notif_wait, &calib_wait, 2 * HZ);
436 IWL_ERR(priv, "Error detecting"
437 " CALIBRATION_COMPLETE_NOTIFICATION: %d\n", ret);
440 cfg_init_calib_error:
441 iwl_remove_notification(&priv->notif_wait, &calib_wait);
446 * This function handles the user application commands for driver.
448 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the
449 * handlers respectively.
451 * If it's an unknown commdn ID, -ENOSYS is replied; otherwise, the returned
452 * value of the actual command execution is replied to the user application.
454 * If there's any message responding to the user space, IWL_TM_ATTR_SYNC_RSP
455 * is used for carry the message while IWL_TM_ATTR_COMMAND must set to
456 * IWL_TM_CMD_DEV2APP_SYNC_RSP.
458 * @hw: ieee80211_hw object that represents the device
459 * @tb: gnl message fields from the user space
461 static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb)
463 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
464 struct iwl_trans *trans = trans(priv);
466 unsigned char *rsp_data_ptr = NULL;
467 int status = 0, rsp_data_len = 0;
468 u32 devid, inst_size = 0, data_size = 0;
469 const struct fw_img *img;
471 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) {
472 case IWL_TM_CMD_APP2DEV_GET_DEVICENAME:
473 rsp_data_ptr = (unsigned char *)cfg(priv)->name;
474 rsp_data_len = strlen(cfg(priv)->name);
475 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy,
478 IWL_ERR(priv, "Memory allocation fail\n");
481 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND,
482 IWL_TM_CMD_DEV2APP_SYNC_RSP);
483 NLA_PUT(skb, IWL_TM_ATTR_SYNC_RSP,
484 rsp_data_len, rsp_data_ptr);
485 status = cfg80211_testmode_reply(skb);
487 IWL_ERR(priv, "Error sending msg : %d\n", status);
490 case IWL_TM_CMD_APP2DEV_LOAD_INIT_FW:
491 status = iwl_load_ucode_wait_alive(priv, IWL_UCODE_INIT);
493 IWL_ERR(priv, "Error loading init ucode: %d\n", status);
496 case IWL_TM_CMD_APP2DEV_CFG_INIT_CALIB:
497 iwl_testmode_cfg_init_calib(priv);
498 priv->ucode_loaded = false;
499 iwl_trans_stop_device(trans);
502 case IWL_TM_CMD_APP2DEV_LOAD_RUNTIME_FW:
503 status = iwl_load_ucode_wait_alive(priv, IWL_UCODE_REGULAR);
506 "Error loading runtime ucode: %d\n", status);
509 status = iwl_alive_start(priv);
512 "Error starting the device: %d\n", status);
515 case IWL_TM_CMD_APP2DEV_LOAD_WOWLAN_FW:
516 iwl_scan_cancel_timeout(priv, 200);
517 priv->ucode_loaded = false;
518 iwl_trans_stop_device(trans);
519 status = iwl_load_ucode_wait_alive(priv, IWL_UCODE_WOWLAN);
522 "Error loading WOWLAN ucode: %d\n", status);
525 status = iwl_alive_start(priv);
528 "Error starting the device: %d\n", status);
531 case IWL_TM_CMD_APP2DEV_GET_EEPROM:
532 if (priv->shrd->eeprom) {
533 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy,
534 cfg(priv)->base_params->eeprom_size + 20);
536 IWL_ERR(priv, "Memory allocation fail\n");
539 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND,
540 IWL_TM_CMD_DEV2APP_EEPROM_RSP);
541 NLA_PUT(skb, IWL_TM_ATTR_EEPROM,
542 cfg(priv)->base_params->eeprom_size,
544 status = cfg80211_testmode_reply(skb);
546 IWL_ERR(priv, "Error sending msg : %d\n",
552 case IWL_TM_CMD_APP2DEV_FIXRATE_REQ:
553 if (!tb[IWL_TM_ATTR_FIXRATE]) {
554 IWL_ERR(priv, "Missing fixrate setting\n");
557 priv->tm_fixed_rate = nla_get_u32(tb[IWL_TM_ATTR_FIXRATE]);
560 case IWL_TM_CMD_APP2DEV_GET_FW_VERSION:
561 IWL_INFO(priv, "uCode version raw: 0x%x\n",
562 priv->fw->ucode_ver);
564 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20);
566 IWL_ERR(priv, "Memory allocation fail\n");
569 NLA_PUT_U32(skb, IWL_TM_ATTR_FW_VERSION,
570 priv->fw->ucode_ver);
571 status = cfg80211_testmode_reply(skb);
573 IWL_ERR(priv, "Error sending msg : %d\n", status);
576 case IWL_TM_CMD_APP2DEV_GET_DEVICE_ID:
577 devid = trans(priv)->hw_id;
578 IWL_INFO(priv, "hw version: 0x%x\n", devid);
580 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20);
582 IWL_ERR(priv, "Memory allocation fail\n");
585 NLA_PUT_U32(skb, IWL_TM_ATTR_DEVICE_ID, devid);
586 status = cfg80211_testmode_reply(skb);
588 IWL_ERR(priv, "Error sending msg : %d\n", status);
591 case IWL_TM_CMD_APP2DEV_GET_FW_INFO:
592 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20 + 8);
594 IWL_ERR(priv, "Memory allocation fail\n");
597 if (!priv->ucode_loaded) {
598 IWL_ERR(priv, "No uCode has not been loaded\n");
601 img = &priv->fw->img[priv->shrd->ucode_type];
602 inst_size = img->sec[IWL_UCODE_SECTION_INST].len;
603 data_size = img->sec[IWL_UCODE_SECTION_DATA].len;
605 NLA_PUT_U32(skb, IWL_TM_ATTR_FW_TYPE, priv->shrd->ucode_type);
606 NLA_PUT_U32(skb, IWL_TM_ATTR_FW_INST_SIZE, inst_size);
607 NLA_PUT_U32(skb, IWL_TM_ATTR_FW_DATA_SIZE, data_size);
608 status = cfg80211_testmode_reply(skb);
610 IWL_ERR(priv, "Error sending msg : %d\n", status);
614 IWL_ERR(priv, "Unknown testmode driver command ID\n");
626 * This function handles the user application commands for uCode trace
628 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the
629 * handlers respectively.
631 * If it's an unknown commdn ID, -ENOSYS is replied; otherwise, the returned
632 * value of the actual command execution is replied to the user application.
634 * @hw: ieee80211_hw object that represents the device
635 * @tb: gnl message fields from the user space
637 static int iwl_testmode_trace(struct ieee80211_hw *hw, struct nlattr **tb)
639 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
642 struct device *dev = trans(priv)->dev;
644 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) {
645 case IWL_TM_CMD_APP2DEV_BEGIN_TRACE:
646 if (priv->testmode_trace.trace_enabled)
649 if (!tb[IWL_TM_ATTR_TRACE_SIZE])
650 priv->testmode_trace.buff_size = TRACE_BUFF_SIZE_DEF;
652 priv->testmode_trace.buff_size =
653 nla_get_u32(tb[IWL_TM_ATTR_TRACE_SIZE]);
654 if (!priv->testmode_trace.buff_size)
656 if (priv->testmode_trace.buff_size < TRACE_BUFF_SIZE_MIN ||
657 priv->testmode_trace.buff_size > TRACE_BUFF_SIZE_MAX)
660 priv->testmode_trace.total_size =
661 priv->testmode_trace.buff_size + TRACE_BUFF_PADD;
662 priv->testmode_trace.cpu_addr =
663 dma_alloc_coherent(dev,
664 priv->testmode_trace.total_size,
665 &priv->testmode_trace.dma_addr,
667 if (!priv->testmode_trace.cpu_addr)
669 priv->testmode_trace.trace_enabled = true;
670 priv->testmode_trace.trace_addr = (u8 *)PTR_ALIGN(
671 priv->testmode_trace.cpu_addr, 0x100);
672 memset(priv->testmode_trace.trace_addr, 0x03B,
673 priv->testmode_trace.buff_size);
674 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy,
675 sizeof(priv->testmode_trace.dma_addr) + 20);
677 IWL_ERR(priv, "Memory allocation fail\n");
678 iwl_trace_cleanup(priv);
681 NLA_PUT(skb, IWL_TM_ATTR_TRACE_ADDR,
682 sizeof(priv->testmode_trace.dma_addr),
683 (u64 *)&priv->testmode_trace.dma_addr);
684 status = cfg80211_testmode_reply(skb);
686 IWL_ERR(priv, "Error sending msg : %d\n", status);
688 priv->testmode_trace.num_chunks =
689 DIV_ROUND_UP(priv->testmode_trace.buff_size,
693 case IWL_TM_CMD_APP2DEV_END_TRACE:
694 iwl_trace_cleanup(priv);
697 IWL_ERR(priv, "Unknown testmode mem command ID\n");
704 if (nla_get_u32(tb[IWL_TM_ATTR_COMMAND]) ==
705 IWL_TM_CMD_APP2DEV_BEGIN_TRACE)
706 iwl_trace_cleanup(priv);
710 static int iwl_testmode_trace_dump(struct ieee80211_hw *hw,
712 struct netlink_callback *cb)
714 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
717 if (priv->testmode_trace.trace_enabled &&
718 priv->testmode_trace.trace_addr) {
720 if (idx >= priv->testmode_trace.num_chunks)
722 length = DUMP_CHUNK_SIZE;
723 if (((idx + 1) == priv->testmode_trace.num_chunks) &&
724 (priv->testmode_trace.buff_size % DUMP_CHUNK_SIZE))
725 length = priv->testmode_trace.buff_size %
728 NLA_PUT(skb, IWL_TM_ATTR_TRACE_DUMP, length,
729 priv->testmode_trace.trace_addr +
730 (DUMP_CHUNK_SIZE * idx));
742 * This function handles the user application switch ucode ownership.
744 * It retrieves the mandatory fields IWL_TM_ATTR_UCODE_OWNER and
745 * decide who the current owner of the uCode
747 * If the current owner is OWNERSHIP_TM, then the only host command
748 * can deliver to uCode is from testmode, all the other host commands
751 * default driver is the owner of uCode in normal operational mode
753 * @hw: ieee80211_hw object that represents the device
754 * @tb: gnl message fields from the user space
756 static int iwl_testmode_ownership(struct ieee80211_hw *hw, struct nlattr **tb)
758 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
761 if (!tb[IWL_TM_ATTR_UCODE_OWNER]) {
762 IWL_ERR(priv, "Missing ucode owner\n");
766 owner = nla_get_u8(tb[IWL_TM_ATTR_UCODE_OWNER]);
767 if (owner == IWL_OWNERSHIP_DRIVER) {
768 priv->ucode_owner = owner;
769 priv->pre_rx_handler = NULL;
770 } else if (owner == IWL_OWNERSHIP_TM) {
771 priv->pre_rx_handler = iwl_testmode_ucode_rx_pkt;
772 priv->ucode_owner = owner;
774 IWL_ERR(priv, "Invalid owner\n");
780 static int iwl_testmode_indirect_read(struct iwl_priv *priv, u32 addr, u32 size)
782 struct iwl_trans *trans = trans(priv);
788 priv->testmode_mem.buff_size = size;
789 priv->testmode_mem.buff_addr =
790 kmalloc(priv->testmode_mem.buff_size, GFP_KERNEL);
791 if (priv->testmode_mem.buff_addr == NULL)
794 /* Hard-coded periphery absolute address */
795 if (IWL_TM_ABS_PRPH_START <= addr &&
796 addr < IWL_TM_ABS_PRPH_START + PRPH_END) {
797 spin_lock_irqsave(&trans->reg_lock, flags);
798 iwl_grab_nic_access(trans);
799 iwl_write32(trans, HBUS_TARG_PRPH_RADDR,
801 for (i = 0; i < size; i += 4)
802 *(u32 *)(priv->testmode_mem.buff_addr + i) =
803 iwl_read32(trans, HBUS_TARG_PRPH_RDAT);
804 iwl_release_nic_access(trans);
805 spin_unlock_irqrestore(&trans->reg_lock, flags);
806 } else { /* target memory (SRAM) */
807 _iwl_read_targ_mem_words(trans, addr,
808 priv->testmode_mem.buff_addr,
809 priv->testmode_mem.buff_size / 4);
812 priv->testmode_mem.num_chunks =
813 DIV_ROUND_UP(priv->testmode_mem.buff_size, DUMP_CHUNK_SIZE);
814 priv->testmode_mem.read_in_progress = true;
819 static int iwl_testmode_indirect_write(struct iwl_priv *priv, u32 addr,
820 u32 size, unsigned char *buf)
822 struct iwl_trans *trans = trans(priv);
826 if (IWL_TM_ABS_PRPH_START <= addr &&
827 addr < IWL_TM_ABS_PRPH_START + PRPH_END) {
828 /* Periphery writes can be 1-3 bytes long, or DWORDs */
830 memcpy(&val, buf, size);
831 spin_lock_irqsave(&trans->reg_lock, flags);
832 iwl_grab_nic_access(trans);
833 iwl_write32(trans, HBUS_TARG_PRPH_WADDR,
834 (addr & 0x0000FFFF) |
836 iwl_write32(trans, HBUS_TARG_PRPH_WDAT, val);
837 iwl_release_nic_access(trans);
838 /* needed after consecutive writes w/o read */
840 spin_unlock_irqrestore(&trans->reg_lock, flags);
844 for (i = 0; i < size; i += 4)
845 iwl_write_prph(trans, addr+i,
848 } else if (iwlagn_hw_valid_rtc_data_addr(addr) ||
849 (IWLAGN_RTC_INST_LOWER_BOUND <= addr &&
850 addr < IWLAGN_RTC_INST_UPPER_BOUND)) {
851 _iwl_write_targ_mem_words(trans, addr, buf, size/4);
858 * This function handles the user application commands for SRAM data dump
860 * It retrieves the mandatory fields IWL_TM_ATTR_SRAM_ADDR and
861 * IWL_TM_ATTR_SRAM_SIZE to decide the memory area for SRAM data reading
863 * Several error will be retured, -EBUSY if the SRAM data retrieved by
864 * previous command has not been delivered to userspace, or -ENOMSG if
865 * the mandatory fields (IWL_TM_ATTR_SRAM_ADDR,IWL_TM_ATTR_SRAM_SIZE)
866 * are missing, or -ENOMEM if the buffer allocation fails.
868 * Otherwise 0 is replied indicating the success of the SRAM reading.
870 * @hw: ieee80211_hw object that represents the device
871 * @tb: gnl message fields from the user space
873 static int iwl_testmode_indirect_mem(struct ieee80211_hw *hw,
876 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
880 /* Both read and write should be blocked, for atomicity */
881 if (priv->testmode_mem.read_in_progress)
884 cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]);
885 if (!tb[IWL_TM_ATTR_MEM_ADDR]) {
886 IWL_ERR(priv, "Error finding memory offset address\n");
889 addr = nla_get_u32(tb[IWL_TM_ATTR_MEM_ADDR]);
890 if (!tb[IWL_TM_ATTR_BUFFER_SIZE]) {
891 IWL_ERR(priv, "Error finding size for memory reading\n");
894 size = nla_get_u32(tb[IWL_TM_ATTR_BUFFER_SIZE]);
896 if (cmd == IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_READ)
897 return iwl_testmode_indirect_read(priv, addr, size);
899 if (!tb[IWL_TM_ATTR_BUFFER_DUMP])
901 buf = (unsigned char *) nla_data(tb[IWL_TM_ATTR_BUFFER_DUMP]);
902 return iwl_testmode_indirect_write(priv, addr, size, buf);
906 static int iwl_testmode_buffer_dump(struct ieee80211_hw *hw,
908 struct netlink_callback *cb)
910 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
913 if (priv->testmode_mem.read_in_progress) {
915 if (idx >= priv->testmode_mem.num_chunks) {
916 iwl_mem_cleanup(priv);
919 length = DUMP_CHUNK_SIZE;
920 if (((idx + 1) == priv->testmode_mem.num_chunks) &&
921 (priv->testmode_mem.buff_size % DUMP_CHUNK_SIZE))
922 length = priv->testmode_mem.buff_size %
925 NLA_PUT(skb, IWL_TM_ATTR_BUFFER_DUMP, length,
926 priv->testmode_mem.buff_addr +
927 (DUMP_CHUNK_SIZE * idx));
938 static int iwl_testmode_notifications(struct ieee80211_hw *hw,
941 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
944 enable = nla_get_flag(tb[IWL_TM_ATTR_ENABLE_NOTIFICATION]);
946 priv->pre_rx_handler = iwl_testmode_ucode_rx_pkt;
948 priv->pre_rx_handler = NULL;
953 /* The testmode gnl message handler that takes the gnl message from the
954 * user space and parses it per the policy iwl_testmode_gnl_msg_policy, then
955 * invoke the corresponding handlers.
957 * This function is invoked when there is user space application sending
958 * gnl message through the testmode tunnel NL80211_CMD_TESTMODE regulated
961 * It retrieves the mandatory field, IWL_TM_ATTR_COMMAND, before
962 * dispatching it to the corresponding handler.
964 * If IWL_TM_ATTR_COMMAND is missing, -ENOMSG is replied to user application;
965 * -ENOSYS is replied to the user application if the command is unknown;
966 * Otherwise, the command is dispatched to the respective handler.
968 * @hw: ieee80211_hw object that represents the device
969 * @data: pointer to user space message
970 * @len: length in byte of @data
972 int iwlagn_mac_testmode_cmd(struct ieee80211_hw *hw, void *data, int len)
974 struct nlattr *tb[IWL_TM_ATTR_MAX];
975 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
978 result = nla_parse(tb, IWL_TM_ATTR_MAX - 1, data, len,
979 iwl_testmode_gnl_msg_policy);
981 IWL_ERR(priv, "Error parsing the gnl message : %d\n", result);
985 /* IWL_TM_ATTR_COMMAND is absolutely mandatory */
986 if (!tb[IWL_TM_ATTR_COMMAND]) {
987 IWL_ERR(priv, "Missing testmode command type\n");
990 /* in case multiple accesses to the device happens */
991 mutex_lock(&priv->mutex);
993 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) {
994 case IWL_TM_CMD_APP2DEV_UCODE:
995 IWL_DEBUG_INFO(priv, "testmode cmd to uCode\n");
996 result = iwl_testmode_ucode(hw, tb);
998 case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32:
999 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32:
1000 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8:
1001 IWL_DEBUG_INFO(priv, "testmode cmd to register\n");
1002 result = iwl_testmode_reg(hw, tb);
1004 case IWL_TM_CMD_APP2DEV_GET_DEVICENAME:
1005 case IWL_TM_CMD_APP2DEV_LOAD_INIT_FW:
1006 case IWL_TM_CMD_APP2DEV_CFG_INIT_CALIB:
1007 case IWL_TM_CMD_APP2DEV_LOAD_RUNTIME_FW:
1008 case IWL_TM_CMD_APP2DEV_GET_EEPROM:
1009 case IWL_TM_CMD_APP2DEV_FIXRATE_REQ:
1010 case IWL_TM_CMD_APP2DEV_LOAD_WOWLAN_FW:
1011 case IWL_TM_CMD_APP2DEV_GET_FW_VERSION:
1012 case IWL_TM_CMD_APP2DEV_GET_DEVICE_ID:
1013 case IWL_TM_CMD_APP2DEV_GET_FW_INFO:
1014 IWL_DEBUG_INFO(priv, "testmode cmd to driver\n");
1015 result = iwl_testmode_driver(hw, tb);
1018 case IWL_TM_CMD_APP2DEV_BEGIN_TRACE:
1019 case IWL_TM_CMD_APP2DEV_END_TRACE:
1020 case IWL_TM_CMD_APP2DEV_READ_TRACE:
1021 IWL_DEBUG_INFO(priv, "testmode uCode trace cmd to driver\n");
1022 result = iwl_testmode_trace(hw, tb);
1025 case IWL_TM_CMD_APP2DEV_OWNERSHIP:
1026 IWL_DEBUG_INFO(priv, "testmode change uCode ownership\n");
1027 result = iwl_testmode_ownership(hw, tb);
1030 case IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_READ:
1031 case IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_WRITE:
1032 IWL_DEBUG_INFO(priv, "testmode indirect memory cmd "
1034 result = iwl_testmode_indirect_mem(hw, tb);
1037 case IWL_TM_CMD_APP2DEV_NOTIFICATIONS:
1038 IWL_DEBUG_INFO(priv, "testmode notifications cmd "
1040 result = iwl_testmode_notifications(hw, tb);
1044 IWL_ERR(priv, "Unknown testmode command\n");
1049 mutex_unlock(&priv->mutex);
1053 int iwlagn_mac_testmode_dump(struct ieee80211_hw *hw, struct sk_buff *skb,
1054 struct netlink_callback *cb,
1055 void *data, int len)
1057 struct nlattr *tb[IWL_TM_ATTR_MAX];
1058 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
1063 /* offset by 1 since commands start at 0 */
1064 cmd = cb->args[3] - 1;
1066 result = nla_parse(tb, IWL_TM_ATTR_MAX - 1, data, len,
1067 iwl_testmode_gnl_msg_policy);
1070 "Error parsing the gnl message : %d\n", result);
1074 /* IWL_TM_ATTR_COMMAND is absolutely mandatory */
1075 if (!tb[IWL_TM_ATTR_COMMAND]) {
1076 IWL_ERR(priv, "Missing testmode command type\n");
1079 cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]);
1080 cb->args[3] = cmd + 1;
1083 /* in case multiple accesses to the device happens */
1084 mutex_lock(&priv->mutex);
1086 case IWL_TM_CMD_APP2DEV_READ_TRACE:
1087 IWL_DEBUG_INFO(priv, "uCode trace cmd to driver\n");
1088 result = iwl_testmode_trace_dump(hw, skb, cb);
1090 case IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_DUMP:
1091 IWL_DEBUG_INFO(priv, "testmode sram dump cmd to driver\n");
1092 result = iwl_testmode_buffer_dump(hw, skb, cb);
1099 mutex_unlock(&priv->mutex);
projects / librecmc / linux-libre.git / blob