Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / net / wireless / iwlwifi / iwl-testmode.c
blob4a5cddd2d56bfb867a21c6d00f49cd219743ce2a
1 /******************************************************************************
3 * This file is provided under a dual BSD/GPLv2 license. When using or
4 * redistributing this file, you may do so under either license.
6 * GPL LICENSE SUMMARY
8 * Copyright(c) 2010 - 2011 Intel Corporation. All rights reserved.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of version 2 of the GNU General Public License as
12 * published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
22 * USA
24 * The full GNU General Public License is included in this distribution
25 * in the file called LICENSE.GPL.
27 * Contact Information:
28 * Intel Linux Wireless <ilw@linux.intel.com>
29 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
31 * BSD LICENSE
33 * Copyright(c) 2010 - 2011 Intel Corporation. All rights reserved.
34 * All rights reserved.
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
40 * * Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * * Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in
44 * the documentation and/or other materials provided with the
45 * distribution.
46 * * Neither the name Intel Corporation nor the names of its
47 * contributors may be used to endorse or promote products derived
48 * from this software without specific prior written permission.
50 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
51 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
52 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
53 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
54 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
56 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
57 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
58 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
59 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
60 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
62 *****************************************************************************/
63 #include <linux/init.h>
64 #include <linux/kernel.h>
65 #include <linux/module.h>
66 #include <linux/dma-mapping.h>
67 #include <net/net_namespace.h>
68 #include <linux/netdevice.h>
69 #include <net/cfg80211.h>
70 #include <net/mac80211.h>
71 #include <net/netlink.h>
73 #include "iwl-wifi.h"
74 #include "iwl-dev.h"
75 #include "iwl-core.h"
76 #include "iwl-debug.h"
77 #include "iwl-io.h"
78 #include "iwl-agn.h"
79 #include "iwl-testmode.h"
80 #include "iwl-trans.h"
81 #include "iwl-bus.h"
83 /* The TLVs used in the gnl message policy between the kernel module and
84 * user space application. iwl_testmode_gnl_msg_policy is to be carried
85 * through the NL80211_CMD_TESTMODE channel regulated by nl80211.
86 * See iwl-testmode.h
88 static
89 struct nla_policy iwl_testmode_gnl_msg_policy[IWL_TM_ATTR_MAX] = {
90 [IWL_TM_ATTR_COMMAND] = { .type = NLA_U32, },
92 [IWL_TM_ATTR_UCODE_CMD_ID] = { .type = NLA_U8, },
93 [IWL_TM_ATTR_UCODE_CMD_DATA] = { .type = NLA_UNSPEC, },
95 [IWL_TM_ATTR_REG_OFFSET] = { .type = NLA_U32, },
96 [IWL_TM_ATTR_REG_VALUE8] = { .type = NLA_U8, },
97 [IWL_TM_ATTR_REG_VALUE32] = { .type = NLA_U32, },
99 [IWL_TM_ATTR_SYNC_RSP] = { .type = NLA_UNSPEC, },
100 [IWL_TM_ATTR_UCODE_RX_PKT] = { .type = NLA_UNSPEC, },
102 [IWL_TM_ATTR_EEPROM] = { .type = NLA_UNSPEC, },
104 [IWL_TM_ATTR_TRACE_ADDR] = { .type = NLA_UNSPEC, },
105 [IWL_TM_ATTR_TRACE_DUMP] = { .type = NLA_UNSPEC, },
106 [IWL_TM_ATTR_TRACE_SIZE] = { .type = NLA_U32, },
108 [IWL_TM_ATTR_FIXRATE] = { .type = NLA_U32, },
110 [IWL_TM_ATTR_UCODE_OWNER] = { .type = NLA_U8, },
112 [IWL_TM_ATTR_SRAM_ADDR] = { .type = NLA_U32, },
113 [IWL_TM_ATTR_SRAM_SIZE] = { .type = NLA_U32, },
114 [IWL_TM_ATTR_SRAM_DUMP] = { .type = NLA_UNSPEC, },
116 [IWL_TM_ATTR_FW_VERSION] = { .type = NLA_U32, },
117 [IWL_TM_ATTR_DEVICE_ID] = { .type = NLA_U32, },
121 * See the struct iwl_rx_packet in iwl-commands.h for the format of the
122 * received events from the device
124 static inline int get_event_length(struct iwl_rx_mem_buffer *rxb)
126 struct iwl_rx_packet *pkt = rxb_addr(rxb);
127 if (pkt)
128 return le32_to_cpu(pkt->len_n_flags) & FH_RSCSR_FRAME_SIZE_MSK;
129 else
130 return 0;
135 * This function multicasts the spontaneous messages from the device to the
136 * user space. It is invoked whenever there is a received messages
137 * from the device. This function is called within the ISR of the rx handlers
138 * in iwlagn driver.
140 * The parsing of the message content is left to the user space application,
141 * The message content is treated as unattacked raw data and is encapsulated
142 * with IWL_TM_ATTR_UCODE_RX_PKT multicasting to the user space.
144 * @priv: the instance of iwlwifi device
145 * @rxb: pointer to rx data content received by the ISR
147 * See the message policies and TLVs in iwl_testmode_gnl_msg_policy[].
148 * For the messages multicasting to the user application, the mandatory
149 * TLV fields are :
150 * IWL_TM_ATTR_COMMAND must be IWL_TM_CMD_DEV2APP_UCODE_RX_PKT
151 * IWL_TM_ATTR_UCODE_RX_PKT for carrying the message content
154 static void iwl_testmode_ucode_rx_pkt(struct iwl_priv *priv,
155 struct iwl_rx_mem_buffer *rxb)
157 struct ieee80211_hw *hw = priv->hw;
158 struct sk_buff *skb;
159 void *data;
160 int length;
162 data = (void *)rxb_addr(rxb);
163 length = get_event_length(rxb);
165 if (!data || length == 0)
166 return;
168 skb = cfg80211_testmode_alloc_event_skb(hw->wiphy, 20 + length,
169 GFP_ATOMIC);
170 if (skb == NULL) {
171 IWL_DEBUG_INFO(priv,
172 "Run out of memory for messages to user space ?\n");
173 return;
175 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT);
176 NLA_PUT(skb, IWL_TM_ATTR_UCODE_RX_PKT, length, data);
177 cfg80211_testmode_event(skb, GFP_ATOMIC);
178 return;
180 nla_put_failure:
181 kfree_skb(skb);
182 IWL_DEBUG_INFO(priv, "Ouch, overran buffer, check allocation!\n");
185 void iwl_testmode_init(struct iwl_priv *priv)
187 priv->pre_rx_handler = iwl_testmode_ucode_rx_pkt;
188 priv->testmode_trace.trace_enabled = false;
189 priv->testmode_sram.sram_readed = false;
192 static void iwl_sram_cleanup(struct iwl_priv *priv)
194 if (priv->testmode_sram.sram_readed) {
195 kfree(priv->testmode_sram.buff_addr);
196 priv->testmode_sram.buff_addr = NULL;
197 priv->testmode_sram.buff_size = 0;
198 priv->testmode_sram.num_chunks = 0;
199 priv->testmode_sram.sram_readed = false;
203 static void iwl_trace_cleanup(struct iwl_priv *priv)
205 if (priv->testmode_trace.trace_enabled) {
206 if (priv->testmode_trace.cpu_addr &&
207 priv->testmode_trace.dma_addr)
208 dma_free_coherent(bus(priv)->dev,
209 priv->testmode_trace.total_size,
210 priv->testmode_trace.cpu_addr,
211 priv->testmode_trace.dma_addr);
212 priv->testmode_trace.trace_enabled = false;
213 priv->testmode_trace.cpu_addr = NULL;
214 priv->testmode_trace.trace_addr = NULL;
215 priv->testmode_trace.dma_addr = 0;
216 priv->testmode_trace.buff_size = 0;
217 priv->testmode_trace.total_size = 0;
222 void iwl_testmode_cleanup(struct iwl_priv *priv)
224 iwl_trace_cleanup(priv);
225 iwl_sram_cleanup(priv);
229 * This function handles the user application commands to the ucode.
231 * It retrieves the mandatory fields IWL_TM_ATTR_UCODE_CMD_ID and
232 * IWL_TM_ATTR_UCODE_CMD_DATA and calls to the handler to send the
233 * host command to the ucode.
235 * If any mandatory field is missing, -ENOMSG is replied to the user space
236 * application; otherwise, the actual execution result of the host command to
237 * ucode is replied.
239 * @hw: ieee80211_hw object that represents the device
240 * @tb: gnl message fields from the user space
242 static int iwl_testmode_ucode(struct ieee80211_hw *hw, struct nlattr **tb)
244 struct iwl_priv *priv = hw->priv;
245 struct iwl_host_cmd cmd;
247 memset(&cmd, 0, sizeof(struct iwl_host_cmd));
249 if (!tb[IWL_TM_ATTR_UCODE_CMD_ID] ||
250 !tb[IWL_TM_ATTR_UCODE_CMD_DATA]) {
251 IWL_DEBUG_INFO(priv,
252 "Error finding ucode command mandatory fields\n");
253 return -ENOMSG;
256 cmd.flags = CMD_ON_DEMAND;
257 cmd.id = nla_get_u8(tb[IWL_TM_ATTR_UCODE_CMD_ID]);
258 cmd.data[0] = nla_data(tb[IWL_TM_ATTR_UCODE_CMD_DATA]);
259 cmd.len[0] = nla_len(tb[IWL_TM_ATTR_UCODE_CMD_DATA]);
260 cmd.dataflags[0] = IWL_HCMD_DFL_NOCOPY;
261 IWL_INFO(priv, "testmode ucode command ID 0x%x, flags 0x%x,"
262 " len %d\n", cmd.id, cmd.flags, cmd.len[0]);
263 /* ok, let's submit the command to ucode */
264 return iwl_trans_send_cmd(trans(priv), &cmd);
269 * This function handles the user application commands for register access.
271 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the
272 * handlers respectively.
274 * If it's an unknown commdn ID, -ENOSYS is returned; or -ENOMSG if the
275 * mandatory fields(IWL_TM_ATTR_REG_OFFSET,IWL_TM_ATTR_REG_VALUE32,
276 * IWL_TM_ATTR_REG_VALUE8) are missing; Otherwise 0 is replied indicating
277 * the success of the command execution.
279 * If IWL_TM_ATTR_COMMAND is IWL_TM_CMD_APP2DEV_REG_READ32, the register read
280 * value is returned with IWL_TM_ATTR_REG_VALUE32.
282 * @hw: ieee80211_hw object that represents the device
283 * @tb: gnl message fields from the user space
285 static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb)
287 struct iwl_priv *priv = hw->priv;
288 u32 ofs, val32;
289 u8 val8;
290 struct sk_buff *skb;
291 int status = 0;
293 if (!tb[IWL_TM_ATTR_REG_OFFSET]) {
294 IWL_DEBUG_INFO(priv, "Error finding register offset\n");
295 return -ENOMSG;
297 ofs = nla_get_u32(tb[IWL_TM_ATTR_REG_OFFSET]);
298 IWL_INFO(priv, "testmode register access command offset 0x%x\n", ofs);
300 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) {
301 case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32:
302 val32 = iwl_read32(bus(priv), ofs);
303 IWL_INFO(priv, "32bit value to read 0x%x\n", val32);
305 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20);
306 if (!skb) {
307 IWL_DEBUG_INFO(priv, "Error allocating memory\n");
308 return -ENOMEM;
310 NLA_PUT_U32(skb, IWL_TM_ATTR_REG_VALUE32, val32);
311 status = cfg80211_testmode_reply(skb);
312 if (status < 0)
313 IWL_DEBUG_INFO(priv,
314 "Error sending msg : %d\n", status);
315 break;
316 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32:
317 if (!tb[IWL_TM_ATTR_REG_VALUE32]) {
318 IWL_DEBUG_INFO(priv,
319 "Error finding value to write\n");
320 return -ENOMSG;
321 } else {
322 val32 = nla_get_u32(tb[IWL_TM_ATTR_REG_VALUE32]);
323 IWL_INFO(priv, "32bit value to write 0x%x\n", val32);
324 iwl_write32(bus(priv), ofs, val32);
326 break;
327 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8:
328 if (!tb[IWL_TM_ATTR_REG_VALUE8]) {
329 IWL_DEBUG_INFO(priv, "Error finding value to write\n");
330 return -ENOMSG;
331 } else {
332 val8 = nla_get_u8(tb[IWL_TM_ATTR_REG_VALUE8]);
333 IWL_INFO(priv, "8bit value to write 0x%x\n", val8);
334 iwl_write8(bus(priv), ofs, val8);
336 break;
337 case IWL_TM_CMD_APP2DEV_INDIRECT_REG_READ32:
338 val32 = iwl_read_prph(bus(priv), ofs);
339 IWL_INFO(priv, "32bit value to read 0x%x\n", val32);
341 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20);
342 if (!skb) {
343 IWL_DEBUG_INFO(priv, "Error allocating memory\n");
344 return -ENOMEM;
346 NLA_PUT_U32(skb, IWL_TM_ATTR_REG_VALUE32, val32);
347 status = cfg80211_testmode_reply(skb);
348 if (status < 0)
349 IWL_DEBUG_INFO(priv,
350 "Error sending msg : %d\n", status);
351 break;
352 case IWL_TM_CMD_APP2DEV_INDIRECT_REG_WRITE32:
353 if (!tb[IWL_TM_ATTR_REG_VALUE32]) {
354 IWL_DEBUG_INFO(priv,
355 "Error finding value to write\n");
356 return -ENOMSG;
357 } else {
358 val32 = nla_get_u32(tb[IWL_TM_ATTR_REG_VALUE32]);
359 IWL_INFO(priv, "32bit value to write 0x%x\n", val32);
360 iwl_write_prph(bus(priv), ofs, val32);
362 break;
363 default:
364 IWL_DEBUG_INFO(priv, "Unknown testmode register command ID\n");
365 return -ENOSYS;
368 return status;
370 nla_put_failure:
371 kfree_skb(skb);
372 return -EMSGSIZE;
376 static int iwl_testmode_cfg_init_calib(struct iwl_priv *priv)
378 struct iwl_notification_wait calib_wait;
379 int ret;
381 iwl_init_notification_wait(priv->shrd, &calib_wait,
382 CALIBRATION_COMPLETE_NOTIFICATION,
383 NULL, NULL);
384 ret = iwl_init_alive_start(trans(priv));
385 if (ret) {
386 IWL_DEBUG_INFO(priv,
387 "Error configuring init calibration: %d\n", ret);
388 goto cfg_init_calib_error;
391 ret = iwl_wait_notification(priv->shrd, &calib_wait, 2 * HZ);
392 if (ret)
393 IWL_DEBUG_INFO(priv, "Error detecting"
394 " CALIBRATION_COMPLETE_NOTIFICATION: %d\n", ret);
395 return ret;
397 cfg_init_calib_error:
398 iwl_remove_notification(priv->shrd, &calib_wait);
399 return ret;
403 * This function handles the user application commands for driver.
405 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the
406 * handlers respectively.
408 * If it's an unknown commdn ID, -ENOSYS is replied; otherwise, the returned
409 * value of the actual command execution is replied to the user application.
411 * If there's any message responding to the user space, IWL_TM_ATTR_SYNC_RSP
412 * is used for carry the message while IWL_TM_ATTR_COMMAND must set to
413 * IWL_TM_CMD_DEV2APP_SYNC_RSP.
415 * @hw: ieee80211_hw object that represents the device
416 * @tb: gnl message fields from the user space
418 static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb)
420 struct iwl_priv *priv = hw->priv;
421 struct iwl_trans *trans = trans(priv);
422 struct sk_buff *skb;
423 unsigned char *rsp_data_ptr = NULL;
424 int status = 0, rsp_data_len = 0;
425 u32 devid;
427 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) {
428 case IWL_TM_CMD_APP2DEV_GET_DEVICENAME:
429 rsp_data_ptr = (unsigned char *)cfg(priv)->name;
430 rsp_data_len = strlen(cfg(priv)->name);
431 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy,
432 rsp_data_len + 20);
433 if (!skb) {
434 IWL_DEBUG_INFO(priv,
435 "Error allocating memory\n");
436 return -ENOMEM;
438 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND,
439 IWL_TM_CMD_DEV2APP_SYNC_RSP);
440 NLA_PUT(skb, IWL_TM_ATTR_SYNC_RSP,
441 rsp_data_len, rsp_data_ptr);
442 status = cfg80211_testmode_reply(skb);
443 if (status < 0)
444 IWL_DEBUG_INFO(priv, "Error sending msg : %d\n",
445 status);
446 break;
448 case IWL_TM_CMD_APP2DEV_LOAD_INIT_FW:
449 status = iwl_load_ucode_wait_alive(trans, IWL_UCODE_INIT);
450 if (status)
451 IWL_DEBUG_INFO(priv,
452 "Error loading init ucode: %d\n", status);
453 break;
455 case IWL_TM_CMD_APP2DEV_CFG_INIT_CALIB:
456 iwl_testmode_cfg_init_calib(priv);
457 iwl_trans_stop_device(trans);
458 break;
460 case IWL_TM_CMD_APP2DEV_LOAD_RUNTIME_FW:
461 status = iwl_load_ucode_wait_alive(trans, IWL_UCODE_REGULAR);
462 if (status) {
463 IWL_DEBUG_INFO(priv,
464 "Error loading runtime ucode: %d\n", status);
465 break;
467 status = iwl_alive_start(priv);
468 if (status)
469 IWL_DEBUG_INFO(priv,
470 "Error starting the device: %d\n", status);
471 break;
473 case IWL_TM_CMD_APP2DEV_LOAD_WOWLAN_FW:
474 iwl_scan_cancel_timeout(priv, 200);
475 iwl_trans_stop_device(trans);
476 status = iwl_load_ucode_wait_alive(trans, IWL_UCODE_WOWLAN);
477 if (status) {
478 IWL_DEBUG_INFO(priv,
479 "Error loading WOWLAN ucode: %d\n", status);
480 break;
482 status = iwl_alive_start(priv);
483 if (status)
484 IWL_DEBUG_INFO(priv,
485 "Error starting the device: %d\n", status);
486 break;
488 case IWL_TM_CMD_APP2DEV_GET_EEPROM:
489 if (priv->shrd->eeprom) {
490 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy,
491 cfg(priv)->base_params->eeprom_size + 20);
492 if (!skb) {
493 IWL_DEBUG_INFO(priv,
494 "Error allocating memory\n");
495 return -ENOMEM;
497 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND,
498 IWL_TM_CMD_DEV2APP_EEPROM_RSP);
499 NLA_PUT(skb, IWL_TM_ATTR_EEPROM,
500 cfg(priv)->base_params->eeprom_size,
501 priv->shrd->eeprom);
502 status = cfg80211_testmode_reply(skb);
503 if (status < 0)
504 IWL_DEBUG_INFO(priv,
505 "Error sending msg : %d\n",
506 status);
507 } else
508 return -EFAULT;
509 break;
511 case IWL_TM_CMD_APP2DEV_FIXRATE_REQ:
512 if (!tb[IWL_TM_ATTR_FIXRATE]) {
513 IWL_DEBUG_INFO(priv,
514 "Error finding fixrate setting\n");
515 return -ENOMSG;
517 priv->tm_fixed_rate = nla_get_u32(tb[IWL_TM_ATTR_FIXRATE]);
518 break;
520 case IWL_TM_CMD_APP2DEV_GET_FW_VERSION:
521 IWL_INFO(priv, "uCode version raw: 0x%x\n", priv->ucode_ver);
523 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20);
524 if (!skb) {
525 IWL_DEBUG_INFO(priv, "Error allocating memory\n");
526 return -ENOMEM;
528 NLA_PUT_U32(skb, IWL_TM_ATTR_FW_VERSION, priv->ucode_ver);
529 status = cfg80211_testmode_reply(skb);
530 if (status < 0)
531 IWL_DEBUG_INFO(priv,
532 "Error sending msg : %d\n", status);
533 break;
535 case IWL_TM_CMD_APP2DEV_GET_DEVICE_ID:
536 devid = bus_get_hw_id(bus(priv));
537 IWL_INFO(priv, "hw version: 0x%x\n", devid);
539 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20);
540 if (!skb) {
541 IWL_DEBUG_INFO(priv, "Error allocating memory\n");
542 return -ENOMEM;
544 NLA_PUT_U32(skb, IWL_TM_ATTR_DEVICE_ID, devid);
545 status = cfg80211_testmode_reply(skb);
546 if (status < 0)
547 IWL_DEBUG_INFO(priv,
548 "Error sending msg : %d\n", status);
549 break;
551 default:
552 IWL_DEBUG_INFO(priv, "Unknown testmode driver command ID\n");
553 return -ENOSYS;
555 return status;
557 nla_put_failure:
558 kfree_skb(skb);
559 return -EMSGSIZE;
564 * This function handles the user application commands for uCode trace
566 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the
567 * handlers respectively.
569 * If it's an unknown commdn ID, -ENOSYS is replied; otherwise, the returned
570 * value of the actual command execution is replied to the user application.
572 * @hw: ieee80211_hw object that represents the device
573 * @tb: gnl message fields from the user space
575 static int iwl_testmode_trace(struct ieee80211_hw *hw, struct nlattr **tb)
577 struct iwl_priv *priv = hw->priv;
578 struct sk_buff *skb;
579 int status = 0;
580 struct device *dev = bus(priv)->dev;
582 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) {
583 case IWL_TM_CMD_APP2DEV_BEGIN_TRACE:
584 if (priv->testmode_trace.trace_enabled)
585 return -EBUSY;
587 if (!tb[IWL_TM_ATTR_TRACE_SIZE])
588 priv->testmode_trace.buff_size = TRACE_BUFF_SIZE_DEF;
589 else
590 priv->testmode_trace.buff_size =
591 nla_get_u32(tb[IWL_TM_ATTR_TRACE_SIZE]);
592 if (!priv->testmode_trace.buff_size)
593 return -EINVAL;
594 if (priv->testmode_trace.buff_size < TRACE_BUFF_SIZE_MIN ||
595 priv->testmode_trace.buff_size > TRACE_BUFF_SIZE_MAX)
596 return -EINVAL;
598 priv->testmode_trace.total_size =
599 priv->testmode_trace.buff_size + TRACE_BUFF_PADD;
600 priv->testmode_trace.cpu_addr =
601 dma_alloc_coherent(dev,
602 priv->testmode_trace.total_size,
603 &priv->testmode_trace.dma_addr,
604 GFP_KERNEL);
605 if (!priv->testmode_trace.cpu_addr)
606 return -ENOMEM;
607 priv->testmode_trace.trace_enabled = true;
608 priv->testmode_trace.trace_addr = (u8 *)PTR_ALIGN(
609 priv->testmode_trace.cpu_addr, 0x100);
610 memset(priv->testmode_trace.trace_addr, 0x03B,
611 priv->testmode_trace.buff_size);
612 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy,
613 sizeof(priv->testmode_trace.dma_addr) + 20);
614 if (!skb) {
615 IWL_DEBUG_INFO(priv,
616 "Error allocating memory\n");
617 iwl_trace_cleanup(priv);
618 return -ENOMEM;
620 NLA_PUT(skb, IWL_TM_ATTR_TRACE_ADDR,
621 sizeof(priv->testmode_trace.dma_addr),
622 (u64 *)&priv->testmode_trace.dma_addr);
623 status = cfg80211_testmode_reply(skb);
624 if (status < 0) {
625 IWL_DEBUG_INFO(priv,
626 "Error sending msg : %d\n",
627 status);
629 priv->testmode_trace.num_chunks =
630 DIV_ROUND_UP(priv->testmode_trace.buff_size,
631 DUMP_CHUNK_SIZE);
632 break;
634 case IWL_TM_CMD_APP2DEV_END_TRACE:
635 iwl_trace_cleanup(priv);
636 break;
637 default:
638 IWL_DEBUG_INFO(priv, "Unknown testmode mem command ID\n");
639 return -ENOSYS;
641 return status;
643 nla_put_failure:
644 kfree_skb(skb);
645 if (nla_get_u32(tb[IWL_TM_ATTR_COMMAND]) ==
646 IWL_TM_CMD_APP2DEV_BEGIN_TRACE)
647 iwl_trace_cleanup(priv);
648 return -EMSGSIZE;
651 static int iwl_testmode_trace_dump(struct ieee80211_hw *hw, struct nlattr **tb,
652 struct sk_buff *skb,
653 struct netlink_callback *cb)
655 struct iwl_priv *priv = hw->priv;
656 int idx, length;
658 if (priv->testmode_trace.trace_enabled &&
659 priv->testmode_trace.trace_addr) {
660 idx = cb->args[4];
661 if (idx >= priv->testmode_trace.num_chunks)
662 return -ENOENT;
663 length = DUMP_CHUNK_SIZE;
664 if (((idx + 1) == priv->testmode_trace.num_chunks) &&
665 (priv->testmode_trace.buff_size % DUMP_CHUNK_SIZE))
666 length = priv->testmode_trace.buff_size %
667 DUMP_CHUNK_SIZE;
669 NLA_PUT(skb, IWL_TM_ATTR_TRACE_DUMP, length,
670 priv->testmode_trace.trace_addr +
671 (DUMP_CHUNK_SIZE * idx));
672 idx++;
673 cb->args[4] = idx;
674 return 0;
675 } else
676 return -EFAULT;
678 nla_put_failure:
679 return -ENOBUFS;
683 * This function handles the user application switch ucode ownership.
685 * It retrieves the mandatory fields IWL_TM_ATTR_UCODE_OWNER and
686 * decide who the current owner of the uCode
688 * If the current owner is OWNERSHIP_TM, then the only host command
689 * can deliver to uCode is from testmode, all the other host commands
690 * will dropped.
692 * default driver is the owner of uCode in normal operational mode
694 * @hw: ieee80211_hw object that represents the device
695 * @tb: gnl message fields from the user space
697 static int iwl_testmode_ownership(struct ieee80211_hw *hw, struct nlattr **tb)
699 struct iwl_priv *priv = hw->priv;
700 u8 owner;
702 if (!tb[IWL_TM_ATTR_UCODE_OWNER]) {
703 IWL_DEBUG_INFO(priv, "Error finding ucode owner\n");
704 return -ENOMSG;
707 owner = nla_get_u8(tb[IWL_TM_ATTR_UCODE_OWNER]);
708 if ((owner == IWL_OWNERSHIP_DRIVER) || (owner == IWL_OWNERSHIP_TM))
709 priv->shrd->ucode_owner = owner;
710 else {
711 IWL_DEBUG_INFO(priv, "Invalid owner\n");
712 return -EINVAL;
714 return 0;
718 * This function handles the user application commands for SRAM data dump
720 * It retrieves the mandatory fields IWL_TM_ATTR_SRAM_ADDR and
721 * IWL_TM_ATTR_SRAM_SIZE to decide the memory area for SRAM data reading
723 * Several error will be retured, -EBUSY if the SRAM data retrieved by
724 * previous command has not been delivered to userspace, or -ENOMSG if
725 * the mandatory fields (IWL_TM_ATTR_SRAM_ADDR,IWL_TM_ATTR_SRAM_SIZE)
726 * are missing, or -ENOMEM if the buffer allocation fails.
728 * Otherwise 0 is replied indicating the success of the SRAM reading.
730 * @hw: ieee80211_hw object that represents the device
731 * @tb: gnl message fields from the user space
733 static int iwl_testmode_sram(struct ieee80211_hw *hw, struct nlattr **tb)
735 struct iwl_priv *priv = hw->priv;
736 u32 base, ofs, size, maxsize;
738 if (priv->testmode_sram.sram_readed)
739 return -EBUSY;
741 if (!tb[IWL_TM_ATTR_SRAM_ADDR]) {
742 IWL_DEBUG_INFO(priv, "Error finding SRAM offset address\n");
743 return -ENOMSG;
745 ofs = nla_get_u32(tb[IWL_TM_ATTR_SRAM_ADDR]);
746 if (!tb[IWL_TM_ATTR_SRAM_SIZE]) {
747 IWL_DEBUG_INFO(priv, "Error finding size for SRAM reading\n");
748 return -ENOMSG;
750 size = nla_get_u32(tb[IWL_TM_ATTR_SRAM_SIZE]);
751 switch (priv->shrd->ucode_type) {
752 case IWL_UCODE_REGULAR:
753 maxsize = trans(priv)->ucode_rt.data.len;
754 break;
755 case IWL_UCODE_INIT:
756 maxsize = trans(priv)->ucode_init.data.len;
757 break;
758 case IWL_UCODE_WOWLAN:
759 maxsize = trans(priv)->ucode_wowlan.data.len;
760 break;
761 case IWL_UCODE_NONE:
762 IWL_DEBUG_INFO(priv, "Error, uCode does not been loaded\n");
763 return -ENOSYS;
764 default:
765 IWL_DEBUG_INFO(priv, "Error, unsupported uCode type\n");
766 return -ENOSYS;
768 if ((ofs + size) > maxsize) {
769 IWL_DEBUG_INFO(priv, "Invalid offset/size: out of range\n");
770 return -EINVAL;
772 priv->testmode_sram.buff_size = (size / 4) * 4;
773 priv->testmode_sram.buff_addr =
774 kmalloc(priv->testmode_sram.buff_size, GFP_KERNEL);
775 if (priv->testmode_sram.buff_addr == NULL) {
776 IWL_DEBUG_INFO(priv, "Error allocating memory\n");
777 return -ENOMEM;
779 base = 0x800000;
780 _iwl_read_targ_mem_words(bus(priv), base + ofs,
781 priv->testmode_sram.buff_addr,
782 priv->testmode_sram.buff_size / 4);
783 priv->testmode_sram.num_chunks =
784 DIV_ROUND_UP(priv->testmode_sram.buff_size, DUMP_CHUNK_SIZE);
785 priv->testmode_sram.sram_readed = true;
786 return 0;
789 static int iwl_testmode_sram_dump(struct ieee80211_hw *hw, struct nlattr **tb,
790 struct sk_buff *skb,
791 struct netlink_callback *cb)
793 struct iwl_priv *priv = hw->priv;
794 int idx, length;
796 if (priv->testmode_sram.sram_readed) {
797 idx = cb->args[4];
798 if (idx >= priv->testmode_sram.num_chunks) {
799 iwl_sram_cleanup(priv);
800 return -ENOENT;
802 length = DUMP_CHUNK_SIZE;
803 if (((idx + 1) == priv->testmode_sram.num_chunks) &&
804 (priv->testmode_sram.buff_size % DUMP_CHUNK_SIZE))
805 length = priv->testmode_sram.buff_size %
806 DUMP_CHUNK_SIZE;
808 NLA_PUT(skb, IWL_TM_ATTR_SRAM_DUMP, length,
809 priv->testmode_sram.buff_addr +
810 (DUMP_CHUNK_SIZE * idx));
811 idx++;
812 cb->args[4] = idx;
813 return 0;
814 } else
815 return -EFAULT;
817 nla_put_failure:
818 return -ENOBUFS;
822 /* The testmode gnl message handler that takes the gnl message from the
823 * user space and parses it per the policy iwl_testmode_gnl_msg_policy, then
824 * invoke the corresponding handlers.
826 * This function is invoked when there is user space application sending
827 * gnl message through the testmode tunnel NL80211_CMD_TESTMODE regulated
828 * by nl80211.
830 * It retrieves the mandatory field, IWL_TM_ATTR_COMMAND, before
831 * dispatching it to the corresponding handler.
833 * If IWL_TM_ATTR_COMMAND is missing, -ENOMSG is replied to user application;
834 * -ENOSYS is replied to the user application if the command is unknown;
835 * Otherwise, the command is dispatched to the respective handler.
837 * @hw: ieee80211_hw object that represents the device
838 * @data: pointer to user space message
839 * @len: length in byte of @data
841 int iwlagn_mac_testmode_cmd(struct ieee80211_hw *hw, void *data, int len)
843 struct nlattr *tb[IWL_TM_ATTR_MAX];
844 struct iwl_priv *priv = hw->priv;
845 int result;
847 result = nla_parse(tb, IWL_TM_ATTR_MAX - 1, data, len,
848 iwl_testmode_gnl_msg_policy);
849 if (result != 0) {
850 IWL_DEBUG_INFO(priv,
851 "Error parsing the gnl message : %d\n", result);
852 return result;
855 /* IWL_TM_ATTR_COMMAND is absolutely mandatory */
856 if (!tb[IWL_TM_ATTR_COMMAND]) {
857 IWL_DEBUG_INFO(priv, "Error finding testmode command type\n");
858 return -ENOMSG;
860 /* in case multiple accesses to the device happens */
861 mutex_lock(&priv->shrd->mutex);
863 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) {
864 case IWL_TM_CMD_APP2DEV_UCODE:
865 IWL_DEBUG_INFO(priv, "testmode cmd to uCode\n");
866 result = iwl_testmode_ucode(hw, tb);
867 break;
868 case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32:
869 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32:
870 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8:
871 case IWL_TM_CMD_APP2DEV_INDIRECT_REG_READ32:
872 case IWL_TM_CMD_APP2DEV_INDIRECT_REG_WRITE32:
873 IWL_DEBUG_INFO(priv, "testmode cmd to register\n");
874 result = iwl_testmode_reg(hw, tb);
875 break;
876 case IWL_TM_CMD_APP2DEV_GET_DEVICENAME:
877 case IWL_TM_CMD_APP2DEV_LOAD_INIT_FW:
878 case IWL_TM_CMD_APP2DEV_CFG_INIT_CALIB:
879 case IWL_TM_CMD_APP2DEV_LOAD_RUNTIME_FW:
880 case IWL_TM_CMD_APP2DEV_GET_EEPROM:
881 case IWL_TM_CMD_APP2DEV_FIXRATE_REQ:
882 case IWL_TM_CMD_APP2DEV_LOAD_WOWLAN_FW:
883 case IWL_TM_CMD_APP2DEV_GET_FW_VERSION:
884 case IWL_TM_CMD_APP2DEV_GET_DEVICE_ID:
885 IWL_DEBUG_INFO(priv, "testmode cmd to driver\n");
886 result = iwl_testmode_driver(hw, tb);
887 break;
889 case IWL_TM_CMD_APP2DEV_BEGIN_TRACE:
890 case IWL_TM_CMD_APP2DEV_END_TRACE:
891 case IWL_TM_CMD_APP2DEV_READ_TRACE:
892 IWL_DEBUG_INFO(priv, "testmode uCode trace cmd to driver\n");
893 result = iwl_testmode_trace(hw, tb);
894 break;
896 case IWL_TM_CMD_APP2DEV_OWNERSHIP:
897 IWL_DEBUG_INFO(priv, "testmode change uCode ownership\n");
898 result = iwl_testmode_ownership(hw, tb);
899 break;
901 case IWL_TM_CMD_APP2DEV_READ_SRAM:
902 IWL_DEBUG_INFO(priv, "testmode sram read cmd to driver\n");
903 result = iwl_testmode_sram(hw, tb);
904 break;
906 default:
907 IWL_DEBUG_INFO(priv, "Unknown testmode command\n");
908 result = -ENOSYS;
909 break;
912 mutex_unlock(&priv->shrd->mutex);
913 return result;
916 int iwlagn_mac_testmode_dump(struct ieee80211_hw *hw, struct sk_buff *skb,
917 struct netlink_callback *cb,
918 void *data, int len)
920 struct nlattr *tb[IWL_TM_ATTR_MAX];
921 struct iwl_priv *priv = hw->priv;
922 int result;
923 u32 cmd;
925 if (cb->args[3]) {
926 /* offset by 1 since commands start at 0 */
927 cmd = cb->args[3] - 1;
928 } else {
929 result = nla_parse(tb, IWL_TM_ATTR_MAX - 1, data, len,
930 iwl_testmode_gnl_msg_policy);
931 if (result) {
932 IWL_DEBUG_INFO(priv,
933 "Error parsing the gnl message : %d\n", result);
934 return result;
937 /* IWL_TM_ATTR_COMMAND is absolutely mandatory */
938 if (!tb[IWL_TM_ATTR_COMMAND]) {
939 IWL_DEBUG_INFO(priv,
940 "Error finding testmode command type\n");
941 return -ENOMSG;
943 cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]);
944 cb->args[3] = cmd + 1;
947 /* in case multiple accesses to the device happens */
948 mutex_lock(&priv->shrd->mutex);
949 switch (cmd) {
950 case IWL_TM_CMD_APP2DEV_READ_TRACE:
951 IWL_DEBUG_INFO(priv, "uCode trace cmd to driver\n");
952 result = iwl_testmode_trace_dump(hw, tb, skb, cb);
953 break;
954 case IWL_TM_CMD_APP2DEV_DUMP_SRAM:
955 IWL_DEBUG_INFO(priv, "testmode sram dump cmd to driver\n");
956 result = iwl_testmode_sram_dump(hw, tb, skb, cb);
957 break;
958 default:
959 result = -EINVAL;
960 break;
963 mutex_unlock(&priv->shrd->mutex);
964 return result;