1 /******************************************************************************
3 * This file is provided under a dual BSD/GPLv2 license. When using or
4 * redistributing this file, you may do so under either license.
8 * Copyright(c) 2010 - 2012 Intel Corporation. All rights reserved.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of version 2 of the GNU General Public License as
12 * published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
24 * The full GNU General Public License is included in this distribution
25 * in the file called LICENSE.GPL.
27 * Contact Information:
28 * Intel Linux Wireless <ilw@linux.intel.com>
29 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
33 * Copyright(c) 2010 - 2012 Intel Corporation. All rights reserved.
34 * All rights reserved.
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
40 * * Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * * Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in
44 * the documentation and/or other materials provided with the
46 * * Neither the name Intel Corporation nor the names of its
47 * contributors may be used to endorse or promote products derived
48 * from this software without specific prior written permission.
50 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
51 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
52 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
53 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
54 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
56 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
57 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
58 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
59 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
60 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
62 *****************************************************************************/
63 #include <linux/init.h>
64 #include <linux/kernel.h>
65 #include <linux/module.h>
66 #include <linux/dma-mapping.h>
67 #include <net/net_namespace.h>
68 #include <linux/netdevice.h>
69 #include <net/cfg80211.h>
70 #include <net/mac80211.h>
71 #include <net/netlink.h>
75 #include "iwl-debug.h"
78 #include "iwl-testmode.h"
79 #include "iwl-trans.h"
83 /* Periphery registers absolute lower bound. This is used in order to
84 * differentiate registery access through HBUS_TARG_PRPH_* and
85 * HBUS_TARG_MEM_* accesses.
87 #define IWL_TM_ABS_PRPH_START (0xA00000)
89 /* The TLVs used in the gnl message policy between the kernel module and
90 * user space application. iwl_testmode_gnl_msg_policy is to be carried
91 * through the NL80211_CMD_TESTMODE channel regulated by nl80211.
95 struct nla_policy iwl_testmode_gnl_msg_policy[IWL_TM_ATTR_MAX] = {
96 [IWL_TM_ATTR_COMMAND] = { .type = NLA_U32, },
98 [IWL_TM_ATTR_UCODE_CMD_ID] = { .type = NLA_U8, },
99 [IWL_TM_ATTR_UCODE_CMD_DATA] = { .type = NLA_UNSPEC, },
101 [IWL_TM_ATTR_REG_OFFSET] = { .type = NLA_U32, },
102 [IWL_TM_ATTR_REG_VALUE8] = { .type = NLA_U8, },
103 [IWL_TM_ATTR_REG_VALUE32] = { .type = NLA_U32, },
105 [IWL_TM_ATTR_SYNC_RSP] = { .type = NLA_UNSPEC, },
106 [IWL_TM_ATTR_UCODE_RX_PKT] = { .type = NLA_UNSPEC, },
108 [IWL_TM_ATTR_EEPROM] = { .type = NLA_UNSPEC, },
110 [IWL_TM_ATTR_TRACE_ADDR] = { .type = NLA_UNSPEC, },
111 [IWL_TM_ATTR_TRACE_DUMP] = { .type = NLA_UNSPEC, },
112 [IWL_TM_ATTR_TRACE_SIZE] = { .type = NLA_U32, },
114 [IWL_TM_ATTR_FIXRATE] = { .type = NLA_U32, },
116 [IWL_TM_ATTR_UCODE_OWNER] = { .type = NLA_U8, },
118 [IWL_TM_ATTR_MEM_ADDR] = { .type = NLA_U32, },
119 [IWL_TM_ATTR_BUFFER_SIZE] = { .type = NLA_U32, },
120 [IWL_TM_ATTR_BUFFER_DUMP] = { .type = NLA_UNSPEC, },
122 [IWL_TM_ATTR_FW_VERSION] = { .type = NLA_U32, },
123 [IWL_TM_ATTR_DEVICE_ID] = { .type = NLA_U32, },
124 [IWL_TM_ATTR_FW_TYPE] = { .type = NLA_U32, },
125 [IWL_TM_ATTR_FW_INST_SIZE] = { .type = NLA_U32, },
126 [IWL_TM_ATTR_FW_DATA_SIZE] = { .type = NLA_U32, },
130 * See the struct iwl_rx_packet in iwl-commands.h for the format of the
131 * received events from the device
133 static inline int get_event_length(struct iwl_rx_cmd_buffer *rxb)
135 struct iwl_rx_packet *pkt = rxb_addr(rxb);
137 return le32_to_cpu(pkt->len_n_flags) & FH_RSCSR_FRAME_SIZE_MSK;
144 * This function multicasts the spontaneous messages from the device to the
145 * user space. It is invoked whenever there is a received messages
146 * from the device. This function is called within the ISR of the rx handlers
149 * The parsing of the message content is left to the user space application,
150 * The message content is treated as unattacked raw data and is encapsulated
151 * with IWL_TM_ATTR_UCODE_RX_PKT multicasting to the user space.
153 * @priv: the instance of iwlwifi device
154 * @rxb: pointer to rx data content received by the ISR
156 * See the message policies and TLVs in iwl_testmode_gnl_msg_policy[].
157 * For the messages multicasting to the user application, the mandatory
159 * IWL_TM_ATTR_COMMAND must be IWL_TM_CMD_DEV2APP_UCODE_RX_PKT
160 * IWL_TM_ATTR_UCODE_RX_PKT for carrying the message content
163 static void iwl_testmode_ucode_rx_pkt(struct iwl_priv *priv,
164 struct iwl_rx_cmd_buffer *rxb)
166 struct ieee80211_hw *hw = priv->hw;
171 data = (void *)rxb_addr(rxb);
172 length = get_event_length(rxb);
174 if (!data || length == 0)
177 skb = cfg80211_testmode_alloc_event_skb(hw->wiphy, 20 + length,
181 "Run out of memory for messages to user space ?\n");
184 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT);
185 NLA_PUT(skb, IWL_TM_ATTR_UCODE_RX_PKT, length, data);
186 cfg80211_testmode_event(skb, GFP_ATOMIC);
191 IWL_ERR(priv, "Ouch, overran buffer, check allocation!\n");
194 void iwl_testmode_init(struct iwl_priv *priv)
196 priv->pre_rx_handler = iwl_testmode_ucode_rx_pkt;
197 priv->testmode_trace.trace_enabled = false;
198 priv->testmode_mem.read_in_progress = false;
201 static void iwl_mem_cleanup(struct iwl_priv *priv)
203 if (priv->testmode_mem.read_in_progress) {
204 kfree(priv->testmode_mem.buff_addr);
205 priv->testmode_mem.buff_addr = NULL;
206 priv->testmode_mem.buff_size = 0;
207 priv->testmode_mem.num_chunks = 0;
208 priv->testmode_mem.read_in_progress = false;
212 static void iwl_trace_cleanup(struct iwl_priv *priv)
214 if (priv->testmode_trace.trace_enabled) {
215 if (priv->testmode_trace.cpu_addr &&
216 priv->testmode_trace.dma_addr)
217 dma_free_coherent(trans(priv)->dev,
218 priv->testmode_trace.total_size,
219 priv->testmode_trace.cpu_addr,
220 priv->testmode_trace.dma_addr);
221 priv->testmode_trace.trace_enabled = false;
222 priv->testmode_trace.cpu_addr = NULL;
223 priv->testmode_trace.trace_addr = NULL;
224 priv->testmode_trace.dma_addr = 0;
225 priv->testmode_trace.buff_size = 0;
226 priv->testmode_trace.total_size = 0;
231 void iwl_testmode_cleanup(struct iwl_priv *priv)
233 iwl_trace_cleanup(priv);
234 iwl_mem_cleanup(priv);
239 * This function handles the user application commands to the ucode.
241 * It retrieves the mandatory fields IWL_TM_ATTR_UCODE_CMD_ID and
242 * IWL_TM_ATTR_UCODE_CMD_DATA and calls to the handler to send the
243 * host command to the ucode.
245 * If any mandatory field is missing, -ENOMSG is replied to the user space
246 * application; otherwise, waits for the host command to be sent and checks
247 * the return code. In case or error, it is returned, otherwise a reply is
248 * allocated and the reply RX packet
251 * @hw: ieee80211_hw object that represents the device
252 * @tb: gnl message fields from the user space
254 static int iwl_testmode_ucode(struct ieee80211_hw *hw, struct nlattr **tb)
256 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
257 struct iwl_host_cmd cmd;
258 struct iwl_rx_packet *pkt;
265 memset(&cmd, 0, sizeof(struct iwl_host_cmd));
267 if (!tb[IWL_TM_ATTR_UCODE_CMD_ID] ||
268 !tb[IWL_TM_ATTR_UCODE_CMD_DATA]) {
269 IWL_ERR(priv, "Missing ucode command mandatory fields\n");
273 cmd.flags = CMD_ON_DEMAND | CMD_SYNC;
274 cmd_want_skb = nla_get_flag(tb[IWL_TM_ATTR_UCODE_CMD_SKB]);
276 cmd.flags |= CMD_WANT_SKB;
278 cmd.id = nla_get_u8(tb[IWL_TM_ATTR_UCODE_CMD_ID]);
279 cmd.data[0] = nla_data(tb[IWL_TM_ATTR_UCODE_CMD_DATA]);
280 cmd.len[0] = nla_len(tb[IWL_TM_ATTR_UCODE_CMD_DATA]);
281 cmd.dataflags[0] = IWL_HCMD_DFL_NOCOPY;
282 IWL_DEBUG_INFO(priv, "testmode ucode command ID 0x%x, flags 0x%x,"
283 " len %d\n", cmd.id, cmd.flags, cmd.len[0]);
285 ret = iwl_trans_send_cmd(trans(priv), &cmd);
287 IWL_ERR(priv, "Failed to send hcmd\n");
293 /* Handling return of SKB to the user */
296 IWL_ERR(priv, "HCMD received a null response packet\n");
300 reply_len = le32_to_cpu(pkt->len_n_flags) & FH_RSCSR_FRAME_SIZE_MSK;
301 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, reply_len + 20);
302 reply_buf = kmalloc(reply_len, GFP_KERNEL);
303 if (!skb || !reply_buf) {
309 /* The reply is in a page, that we cannot send to user space. */
310 memcpy(reply_buf, &(pkt->hdr), reply_len);
313 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT);
314 NLA_PUT(skb, IWL_TM_ATTR_UCODE_RX_PKT, reply_len, reply_buf);
315 return cfg80211_testmode_reply(skb);
318 IWL_DEBUG_INFO(priv, "Failed creating NL attributes\n");
324 * This function handles the user application commands for register access.
326 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the
327 * handlers respectively.
329 * If it's an unknown commdn ID, -ENOSYS is returned; or -ENOMSG if the
330 * mandatory fields(IWL_TM_ATTR_REG_OFFSET,IWL_TM_ATTR_REG_VALUE32,
331 * IWL_TM_ATTR_REG_VALUE8) are missing; Otherwise 0 is replied indicating
332 * the success of the command execution.
334 * If IWL_TM_ATTR_COMMAND is IWL_TM_CMD_APP2DEV_REG_READ32, the register read
335 * value is returned with IWL_TM_ATTR_REG_VALUE32.
337 * @hw: ieee80211_hw object that represents the device
338 * @tb: gnl message fields from the user space
340 static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb)
342 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
348 if (!tb[IWL_TM_ATTR_REG_OFFSET]) {
349 IWL_ERR(priv, "Missing register offset\n");
352 ofs = nla_get_u32(tb[IWL_TM_ATTR_REG_OFFSET]);
353 IWL_INFO(priv, "testmode register access command offset 0x%x\n", ofs);
355 /* Allow access only to FH/CSR/HBUS in direct mode.
356 Since we don't have the upper bounds for the CSR and HBUS segments,
357 we will use only the upper bound of FH for sanity check. */
358 cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]);
359 if ((cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32 ||
360 cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32 ||
361 cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8) &&
362 (ofs >= FH_MEM_UPPER_BOUND)) {
363 IWL_ERR(priv, "offset out of segment (0x0 - 0x%x)\n",
369 case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32:
370 val32 = iwl_read_direct32(trans(priv), ofs);
371 IWL_INFO(priv, "32bit value to read 0x%x\n", val32);
373 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20);
375 IWL_ERR(priv, "Memory allocation fail\n");
378 NLA_PUT_U32(skb, IWL_TM_ATTR_REG_VALUE32, val32);
379 status = cfg80211_testmode_reply(skb);
381 IWL_ERR(priv, "Error sending msg : %d\n", status);
383 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32:
384 if (!tb[IWL_TM_ATTR_REG_VALUE32]) {
385 IWL_ERR(priv, "Missing value to write\n");
388 val32 = nla_get_u32(tb[IWL_TM_ATTR_REG_VALUE32]);
389 IWL_INFO(priv, "32bit value to write 0x%x\n", val32);
390 iwl_write_direct32(trans(priv), ofs, val32);
393 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8:
394 if (!tb[IWL_TM_ATTR_REG_VALUE8]) {
395 IWL_ERR(priv, "Missing value to write\n");
398 val8 = nla_get_u8(tb[IWL_TM_ATTR_REG_VALUE8]);
399 IWL_INFO(priv, "8bit value to write 0x%x\n", val8);
400 iwl_write8(trans(priv), ofs, val8);
404 IWL_ERR(priv, "Unknown testmode register command ID\n");
416 static int iwl_testmode_cfg_init_calib(struct iwl_priv *priv)
418 struct iwl_notification_wait calib_wait;
421 iwl_init_notification_wait(priv->shrd, &calib_wait,
422 CALIBRATION_COMPLETE_NOTIFICATION,
424 ret = iwl_init_alive_start(priv);
426 IWL_ERR(priv, "Fail init calibration: %d\n", ret);
427 goto cfg_init_calib_error;
430 ret = iwl_wait_notification(priv->shrd, &calib_wait, 2 * HZ);
432 IWL_ERR(priv, "Error detecting"
433 " CALIBRATION_COMPLETE_NOTIFICATION: %d\n", ret);
436 cfg_init_calib_error:
437 iwl_remove_notification(priv->shrd, &calib_wait);
442 * This function handles the user application commands for driver.
444 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the
445 * handlers respectively.
447 * If it's an unknown commdn ID, -ENOSYS is replied; otherwise, the returned
448 * value of the actual command execution is replied to the user application.
450 * If there's any message responding to the user space, IWL_TM_ATTR_SYNC_RSP
451 * is used for carry the message while IWL_TM_ATTR_COMMAND must set to
452 * IWL_TM_CMD_DEV2APP_SYNC_RSP.
454 * @hw: ieee80211_hw object that represents the device
455 * @tb: gnl message fields from the user space
457 static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb)
459 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
460 struct iwl_trans *trans = trans(priv);
462 unsigned char *rsp_data_ptr = NULL;
463 int status = 0, rsp_data_len = 0;
464 u32 devid, inst_size = 0, data_size = 0;
466 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) {
467 case IWL_TM_CMD_APP2DEV_GET_DEVICENAME:
468 rsp_data_ptr = (unsigned char *)cfg(priv)->name;
469 rsp_data_len = strlen(cfg(priv)->name);
470 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy,
473 IWL_ERR(priv, "Memory allocation fail\n");
476 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND,
477 IWL_TM_CMD_DEV2APP_SYNC_RSP);
478 NLA_PUT(skb, IWL_TM_ATTR_SYNC_RSP,
479 rsp_data_len, rsp_data_ptr);
480 status = cfg80211_testmode_reply(skb);
482 IWL_ERR(priv, "Error sending msg : %d\n", status);
485 case IWL_TM_CMD_APP2DEV_LOAD_INIT_FW:
486 status = iwl_load_ucode_wait_alive(priv, IWL_UCODE_INIT);
488 IWL_ERR(priv, "Error loading init ucode: %d\n", status);
491 case IWL_TM_CMD_APP2DEV_CFG_INIT_CALIB:
492 iwl_testmode_cfg_init_calib(priv);
493 iwl_trans_stop_device(trans);
496 case IWL_TM_CMD_APP2DEV_LOAD_RUNTIME_FW:
497 status = iwl_load_ucode_wait_alive(priv, IWL_UCODE_REGULAR);
500 "Error loading runtime ucode: %d\n", status);
503 status = iwl_alive_start(priv);
506 "Error starting the device: %d\n", status);
509 case IWL_TM_CMD_APP2DEV_LOAD_WOWLAN_FW:
510 iwl_scan_cancel_timeout(priv, 200);
511 iwl_trans_stop_device(trans);
512 status = iwl_load_ucode_wait_alive(priv, IWL_UCODE_WOWLAN);
515 "Error loading WOWLAN ucode: %d\n", status);
518 status = iwl_alive_start(priv);
521 "Error starting the device: %d\n", status);
524 case IWL_TM_CMD_APP2DEV_GET_EEPROM:
525 if (priv->shrd->eeprom) {
526 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy,
527 cfg(priv)->base_params->eeprom_size + 20);
529 IWL_ERR(priv, "Memory allocation fail\n");
532 NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND,
533 IWL_TM_CMD_DEV2APP_EEPROM_RSP);
534 NLA_PUT(skb, IWL_TM_ATTR_EEPROM,
535 cfg(priv)->base_params->eeprom_size,
537 status = cfg80211_testmode_reply(skb);
539 IWL_ERR(priv, "Error sending msg : %d\n",
545 case IWL_TM_CMD_APP2DEV_FIXRATE_REQ:
546 if (!tb[IWL_TM_ATTR_FIXRATE]) {
547 IWL_ERR(priv, "Missing fixrate setting\n");
550 priv->tm_fixed_rate = nla_get_u32(tb[IWL_TM_ATTR_FIXRATE]);
553 case IWL_TM_CMD_APP2DEV_GET_FW_VERSION:
554 IWL_INFO(priv, "uCode version raw: 0x%x\n",
555 priv->fw->ucode_ver);
557 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20);
559 IWL_ERR(priv, "Memory allocation fail\n");
562 NLA_PUT_U32(skb, IWL_TM_ATTR_FW_VERSION,
563 priv->fw->ucode_ver);
564 status = cfg80211_testmode_reply(skb);
566 IWL_ERR(priv, "Error sending msg : %d\n", status);
569 case IWL_TM_CMD_APP2DEV_GET_DEVICE_ID:
570 devid = trans(priv)->hw_id;
571 IWL_INFO(priv, "hw version: 0x%x\n", devid);
573 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20);
575 IWL_ERR(priv, "Memory allocation fail\n");
578 NLA_PUT_U32(skb, IWL_TM_ATTR_DEVICE_ID, devid);
579 status = cfg80211_testmode_reply(skb);
581 IWL_ERR(priv, "Error sending msg : %d\n", status);
584 case IWL_TM_CMD_APP2DEV_GET_FW_INFO:
585 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20 + 8);
587 IWL_ERR(priv, "Memory allocation fail\n");
590 switch (priv->shrd->ucode_type) {
591 case IWL_UCODE_REGULAR:
592 inst_size = priv->fw->ucode_rt.code.len;
593 data_size = priv->fw->ucode_rt.data.len;
596 inst_size = priv->fw->ucode_init.code.len;
597 data_size = priv->fw->ucode_init.data.len;
599 case IWL_UCODE_WOWLAN:
600 inst_size = priv->fw->ucode_wowlan.code.len;
601 data_size = priv->fw->ucode_wowlan.data.len;
604 IWL_ERR(priv, "No uCode has not been loaded\n");
607 IWL_ERR(priv, "Unsupported uCode type\n");
610 NLA_PUT_U32(skb, IWL_TM_ATTR_FW_TYPE, priv->shrd->ucode_type);
611 NLA_PUT_U32(skb, IWL_TM_ATTR_FW_INST_SIZE, inst_size);
612 NLA_PUT_U32(skb, IWL_TM_ATTR_FW_DATA_SIZE, data_size);
613 status = cfg80211_testmode_reply(skb);
615 IWL_ERR(priv, "Error sending msg : %d\n", status);
619 IWL_ERR(priv, "Unknown testmode driver command ID\n");
631 * This function handles the user application commands for uCode trace
633 * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the
634 * handlers respectively.
636 * If it's an unknown commdn ID, -ENOSYS is replied; otherwise, the returned
637 * value of the actual command execution is replied to the user application.
639 * @hw: ieee80211_hw object that represents the device
640 * @tb: gnl message fields from the user space
642 static int iwl_testmode_trace(struct ieee80211_hw *hw, struct nlattr **tb)
644 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
647 struct device *dev = trans(priv)->dev;
649 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) {
650 case IWL_TM_CMD_APP2DEV_BEGIN_TRACE:
651 if (priv->testmode_trace.trace_enabled)
654 if (!tb[IWL_TM_ATTR_TRACE_SIZE])
655 priv->testmode_trace.buff_size = TRACE_BUFF_SIZE_DEF;
657 priv->testmode_trace.buff_size =
658 nla_get_u32(tb[IWL_TM_ATTR_TRACE_SIZE]);
659 if (!priv->testmode_trace.buff_size)
661 if (priv->testmode_trace.buff_size < TRACE_BUFF_SIZE_MIN ||
662 priv->testmode_trace.buff_size > TRACE_BUFF_SIZE_MAX)
665 priv->testmode_trace.total_size =
666 priv->testmode_trace.buff_size + TRACE_BUFF_PADD;
667 priv->testmode_trace.cpu_addr =
668 dma_alloc_coherent(dev,
669 priv->testmode_trace.total_size,
670 &priv->testmode_trace.dma_addr,
672 if (!priv->testmode_trace.cpu_addr)
674 priv->testmode_trace.trace_enabled = true;
675 priv->testmode_trace.trace_addr = (u8 *)PTR_ALIGN(
676 priv->testmode_trace.cpu_addr, 0x100);
677 memset(priv->testmode_trace.trace_addr, 0x03B,
678 priv->testmode_trace.buff_size);
679 skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy,
680 sizeof(priv->testmode_trace.dma_addr) + 20);
682 IWL_ERR(priv, "Memory allocation fail\n");
683 iwl_trace_cleanup(priv);
686 NLA_PUT(skb, IWL_TM_ATTR_TRACE_ADDR,
687 sizeof(priv->testmode_trace.dma_addr),
688 (u64 *)&priv->testmode_trace.dma_addr);
689 status = cfg80211_testmode_reply(skb);
691 IWL_ERR(priv, "Error sending msg : %d\n", status);
693 priv->testmode_trace.num_chunks =
694 DIV_ROUND_UP(priv->testmode_trace.buff_size,
698 case IWL_TM_CMD_APP2DEV_END_TRACE:
699 iwl_trace_cleanup(priv);
702 IWL_ERR(priv, "Unknown testmode mem command ID\n");
709 if (nla_get_u32(tb[IWL_TM_ATTR_COMMAND]) ==
710 IWL_TM_CMD_APP2DEV_BEGIN_TRACE)
711 iwl_trace_cleanup(priv);
715 static int iwl_testmode_trace_dump(struct ieee80211_hw *hw, struct nlattr **tb,
717 struct netlink_callback *cb)
719 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
722 if (priv->testmode_trace.trace_enabled &&
723 priv->testmode_trace.trace_addr) {
725 if (idx >= priv->testmode_trace.num_chunks)
727 length = DUMP_CHUNK_SIZE;
728 if (((idx + 1) == priv->testmode_trace.num_chunks) &&
729 (priv->testmode_trace.buff_size % DUMP_CHUNK_SIZE))
730 length = priv->testmode_trace.buff_size %
733 NLA_PUT(skb, IWL_TM_ATTR_TRACE_DUMP, length,
734 priv->testmode_trace.trace_addr +
735 (DUMP_CHUNK_SIZE * idx));
747 * This function handles the user application switch ucode ownership.
749 * It retrieves the mandatory fields IWL_TM_ATTR_UCODE_OWNER and
750 * decide who the current owner of the uCode
752 * If the current owner is OWNERSHIP_TM, then the only host command
753 * can deliver to uCode is from testmode, all the other host commands
756 * default driver is the owner of uCode in normal operational mode
758 * @hw: ieee80211_hw object that represents the device
759 * @tb: gnl message fields from the user space
761 static int iwl_testmode_ownership(struct ieee80211_hw *hw, struct nlattr **tb)
763 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
766 if (!tb[IWL_TM_ATTR_UCODE_OWNER]) {
767 IWL_ERR(priv, "Missing ucode owner\n");
771 owner = nla_get_u8(tb[IWL_TM_ATTR_UCODE_OWNER]);
772 if ((owner == IWL_OWNERSHIP_DRIVER) || (owner == IWL_OWNERSHIP_TM))
773 priv->shrd->ucode_owner = owner;
775 IWL_ERR(priv, "Invalid owner\n");
781 static int iwl_testmode_indirect_read(struct iwl_priv *priv, u32 addr, u32 size)
783 struct iwl_trans *trans = trans(priv);
789 priv->testmode_mem.buff_size = size;
790 priv->testmode_mem.buff_addr =
791 kmalloc(priv->testmode_mem.buff_size, GFP_KERNEL);
792 if (priv->testmode_mem.buff_addr == NULL)
795 /* Hard-coded periphery absolute address */
796 if (IWL_TM_ABS_PRPH_START <= addr &&
797 addr < IWL_TM_ABS_PRPH_START + PRPH_END) {
798 spin_lock_irqsave(&trans->reg_lock, flags);
799 iwl_grab_nic_access(trans);
800 iwl_write32(trans, HBUS_TARG_PRPH_RADDR,
802 for (i = 0; i < size; i += 4)
803 *(u32 *)(priv->testmode_mem.buff_addr + i) =
804 iwl_read32(trans, HBUS_TARG_PRPH_RDAT);
805 iwl_release_nic_access(trans);
806 spin_unlock_irqrestore(&trans->reg_lock, flags);
807 } else { /* target memory (SRAM) */
808 _iwl_read_targ_mem_words(trans, addr,
809 priv->testmode_mem.buff_addr,
810 priv->testmode_mem.buff_size / 4);
813 priv->testmode_mem.num_chunks =
814 DIV_ROUND_UP(priv->testmode_mem.buff_size, DUMP_CHUNK_SIZE);
815 priv->testmode_mem.read_in_progress = true;
820 static int iwl_testmode_indirect_write(struct iwl_priv *priv, u32 addr,
821 u32 size, unsigned char *buf)
823 struct iwl_trans *trans = trans(priv);
827 if (IWL_TM_ABS_PRPH_START <= addr &&
828 addr < IWL_TM_ABS_PRPH_START + PRPH_END) {
829 /* Periphery writes can be 1-3 bytes long, or DWORDs */
831 memcpy(&val, buf, size);
832 spin_lock_irqsave(&trans->reg_lock, flags);
833 iwl_grab_nic_access(trans);
834 iwl_write32(trans, HBUS_TARG_PRPH_WADDR,
835 (addr & 0x0000FFFF) |
837 iwl_write32(trans, HBUS_TARG_PRPH_WDAT, val);
838 iwl_release_nic_access(trans);
839 /* needed after consecutive writes w/o read */
841 spin_unlock_irqrestore(&trans->reg_lock, flags);
845 for (i = 0; i < size; i += 4)
846 iwl_write_prph(trans, addr+i,
849 } else if (iwlagn_hw_valid_rtc_data_addr(addr) ||
850 (IWLAGN_RTC_INST_LOWER_BOUND <= addr &&
851 addr < IWLAGN_RTC_INST_UPPER_BOUND)) {
852 _iwl_write_targ_mem_words(trans, addr, buf, size/4);
859 * This function handles the user application commands for SRAM data dump
861 * It retrieves the mandatory fields IWL_TM_ATTR_SRAM_ADDR and
862 * IWL_TM_ATTR_SRAM_SIZE to decide the memory area for SRAM data reading
864 * Several error will be retured, -EBUSY if the SRAM data retrieved by
865 * previous command has not been delivered to userspace, or -ENOMSG if
866 * the mandatory fields (IWL_TM_ATTR_SRAM_ADDR,IWL_TM_ATTR_SRAM_SIZE)
867 * are missing, or -ENOMEM if the buffer allocation fails.
869 * Otherwise 0 is replied indicating the success of the SRAM reading.
871 * @hw: ieee80211_hw object that represents the device
872 * @tb: gnl message fields from the user space
874 static int iwl_testmode_indirect_mem(struct ieee80211_hw *hw,
877 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
881 /* Both read and write should be blocked, for atomicity */
882 if (priv->testmode_mem.read_in_progress)
885 cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]);
886 if (!tb[IWL_TM_ATTR_MEM_ADDR]) {
887 IWL_ERR(priv, "Error finding memory offset address\n");
890 addr = nla_get_u32(tb[IWL_TM_ATTR_MEM_ADDR]);
891 if (!tb[IWL_TM_ATTR_BUFFER_SIZE]) {
892 IWL_ERR(priv, "Error finding size for memory reading\n");
895 size = nla_get_u32(tb[IWL_TM_ATTR_BUFFER_SIZE]);
897 if (cmd == IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_READ)
898 return iwl_testmode_indirect_read(priv, addr, size);
900 if (!tb[IWL_TM_ATTR_BUFFER_DUMP])
902 buf = (unsigned char *) nla_data(tb[IWL_TM_ATTR_BUFFER_DUMP]);
903 return iwl_testmode_indirect_write(priv, addr, size, buf);
907 static int iwl_testmode_buffer_dump(struct ieee80211_hw *hw, struct nlattr **tb,
909 struct netlink_callback *cb)
911 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
914 if (priv->testmode_mem.read_in_progress) {
916 if (idx >= priv->testmode_mem.num_chunks) {
917 iwl_mem_cleanup(priv);
920 length = DUMP_CHUNK_SIZE;
921 if (((idx + 1) == priv->testmode_mem.num_chunks) &&
922 (priv->testmode_mem.buff_size % DUMP_CHUNK_SIZE))
923 length = priv->testmode_mem.buff_size %
926 NLA_PUT(skb, IWL_TM_ATTR_BUFFER_DUMP, length,
927 priv->testmode_mem.buff_addr +
928 (DUMP_CHUNK_SIZE * idx));
940 /* The testmode gnl message handler that takes the gnl message from the
941 * user space and parses it per the policy iwl_testmode_gnl_msg_policy, then
942 * invoke the corresponding handlers.
944 * This function is invoked when there is user space application sending
945 * gnl message through the testmode tunnel NL80211_CMD_TESTMODE regulated
948 * It retrieves the mandatory field, IWL_TM_ATTR_COMMAND, before
949 * dispatching it to the corresponding handler.
951 * If IWL_TM_ATTR_COMMAND is missing, -ENOMSG is replied to user application;
952 * -ENOSYS is replied to the user application if the command is unknown;
953 * Otherwise, the command is dispatched to the respective handler.
955 * @hw: ieee80211_hw object that represents the device
956 * @data: pointer to user space message
957 * @len: length in byte of @data
959 int iwlagn_mac_testmode_cmd(struct ieee80211_hw *hw, void *data, int len)
961 struct nlattr *tb[IWL_TM_ATTR_MAX];
962 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
965 result = nla_parse(tb, IWL_TM_ATTR_MAX - 1, data, len,
966 iwl_testmode_gnl_msg_policy);
968 IWL_ERR(priv, "Error parsing the gnl message : %d\n", result);
972 /* IWL_TM_ATTR_COMMAND is absolutely mandatory */
973 if (!tb[IWL_TM_ATTR_COMMAND]) {
974 IWL_ERR(priv, "Missing testmode command type\n");
977 /* in case multiple accesses to the device happens */
978 mutex_lock(&priv->shrd->mutex);
980 switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) {
981 case IWL_TM_CMD_APP2DEV_UCODE:
982 IWL_DEBUG_INFO(priv, "testmode cmd to uCode\n");
983 result = iwl_testmode_ucode(hw, tb);
985 case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32:
986 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32:
987 case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8:
988 IWL_DEBUG_INFO(priv, "testmode cmd to register\n");
989 result = iwl_testmode_reg(hw, tb);
991 case IWL_TM_CMD_APP2DEV_GET_DEVICENAME:
992 case IWL_TM_CMD_APP2DEV_LOAD_INIT_FW:
993 case IWL_TM_CMD_APP2DEV_CFG_INIT_CALIB:
994 case IWL_TM_CMD_APP2DEV_LOAD_RUNTIME_FW:
995 case IWL_TM_CMD_APP2DEV_GET_EEPROM:
996 case IWL_TM_CMD_APP2DEV_FIXRATE_REQ:
997 case IWL_TM_CMD_APP2DEV_LOAD_WOWLAN_FW:
998 case IWL_TM_CMD_APP2DEV_GET_FW_VERSION:
999 case IWL_TM_CMD_APP2DEV_GET_DEVICE_ID:
1000 case IWL_TM_CMD_APP2DEV_GET_FW_INFO:
1001 IWL_DEBUG_INFO(priv, "testmode cmd to driver\n");
1002 result = iwl_testmode_driver(hw, tb);
1005 case IWL_TM_CMD_APP2DEV_BEGIN_TRACE:
1006 case IWL_TM_CMD_APP2DEV_END_TRACE:
1007 case IWL_TM_CMD_APP2DEV_READ_TRACE:
1008 IWL_DEBUG_INFO(priv, "testmode uCode trace cmd to driver\n");
1009 result = iwl_testmode_trace(hw, tb);
1012 case IWL_TM_CMD_APP2DEV_OWNERSHIP:
1013 IWL_DEBUG_INFO(priv, "testmode change uCode ownership\n");
1014 result = iwl_testmode_ownership(hw, tb);
1017 case IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_READ:
1018 case IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_WRITE:
1019 IWL_DEBUG_INFO(priv, "testmode indirect memory cmd "
1021 result = iwl_testmode_indirect_mem(hw, tb);
1025 IWL_ERR(priv, "Unknown testmode command\n");
1030 mutex_unlock(&priv->shrd->mutex);
1034 int iwlagn_mac_testmode_dump(struct ieee80211_hw *hw, struct sk_buff *skb,
1035 struct netlink_callback *cb,
1036 void *data, int len)
1038 struct nlattr *tb[IWL_TM_ATTR_MAX];
1039 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
1044 /* offset by 1 since commands start at 0 */
1045 cmd = cb->args[3] - 1;
1047 result = nla_parse(tb, IWL_TM_ATTR_MAX - 1, data, len,
1048 iwl_testmode_gnl_msg_policy);
1051 "Error parsing the gnl message : %d\n", result);
1055 /* IWL_TM_ATTR_COMMAND is absolutely mandatory */
1056 if (!tb[IWL_TM_ATTR_COMMAND]) {
1057 IWL_ERR(priv, "Missing testmode command type\n");
1060 cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]);
1061 cb->args[3] = cmd + 1;
1064 /* in case multiple accesses to the device happens */
1065 mutex_lock(&priv->shrd->mutex);
1067 case IWL_TM_CMD_APP2DEV_READ_TRACE:
1068 IWL_DEBUG_INFO(priv, "uCode trace cmd to driver\n");
1069 result = iwl_testmode_trace_dump(hw, tb, skb, cb);
1071 case IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_DUMP:
1072 IWL_DEBUG_INFO(priv, "testmode sram dump cmd to driver\n");
1073 result = iwl_testmode_buffer_dump(hw, tb, skb, cb);
1080 mutex_unlock(&priv->shrd->mutex);