iwl-drv.c 52.9 KB
Newer Older
1 2 3 4 5 6 7
/******************************************************************************
 *
 * This file is provided under a dual BSD/GPLv2 license.  When using or
 * redistributing this file, you may do so under either license.
 *
 * GPL LICENSE SUMMARY
 *
8
 * Copyright(c) 2007 - 2014 Intel Corporation. All rights reserved.
9
 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
10
 * Copyright(c) 2016 - 2017 Intel Deutschland GmbH
11
 * Copyright(c) 2018 - 2019 Intel Corporation
12 13 14 15 16 17 18 19 20 21 22
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * The full GNU General Public License is included in this distribution
23
 * in the file called COPYING.
24 25
 *
 * Contact Information:
26
 *  Intel Linux Wireless <linuxwifi@intel.com>
27 28 29 30
 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
 *
 * BSD LICENSE
 *
31
 * Copyright(c) 2005 - 2014 Intel Corporation. All rights reserved.
32
 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
33
 * Copyright(c) 2016 - 2017 Intel Deutschland GmbH
34
 * Copyright(c) 2018 - 2019 Intel Corporation
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *  * Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *  * Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *  * Neither the name Intel Corporation nor the names of its
 *    contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 *****************************************************************************/
#include <linux/completion.h>
65 66 67
#include <linux/dma-mapping.h>
#include <linux/firmware.h>
#include <linux/module.h>
J
Johannes Berg 已提交
68
#include <linux/vmalloc.h>
69 70

#include "iwl-drv.h"
71
#include "iwl-csr.h"
72
#include "iwl-debug.h"
73
#include "iwl-trans.h"
74
#include "iwl-op-mode.h"
75
#include "iwl-agn-hw.h"
76
#include "fw/img.h"
77
#include "iwl-dbg-tlv.h"
78
#include "iwl-config.h"
79
#include "iwl-modparams.h"
80
#include "fw/api/alive.h"
81

82 83 84 85 86 87 88 89 90 91 92
/******************************************************************************
 *
 * module boiler plate
 *
 ******************************************************************************/

#define DRV_DESCRIPTION	"Intel(R) Wireless WiFi driver for Linux"
MODULE_DESCRIPTION(DRV_DESCRIPTION);
MODULE_AUTHOR(DRV_COPYRIGHT " " DRV_AUTHOR);
MODULE_LICENSE("GPL");

93 94 95 96
#ifdef CONFIG_IWLWIFI_DEBUGFS
static struct dentry *iwl_dbgfs_root;
#endif

J
Johannes Berg 已提交
97 98
/**
 * struct iwl_drv - drv common data
99
 * @list: list of drv structures using this opmode
J
Johannes Berg 已提交
100 101
 * @fw: the iwl_fw structure
 * @op_mode: the running op_mode
102
 * @trans: transport layer
103
 * @dev: for debug prints only
J
Johannes Berg 已提交
104 105 106 107 108
 * @fw_index: firmware revision to try loading
 * @firmware_name: composite filename of ucode file to load
 * @request_firmware_complete: the firmware has been obtained from user space
 */
struct iwl_drv {
109
	struct list_head list;
J
Johannes Berg 已提交
110 111 112
	struct iwl_fw fw;

	struct iwl_op_mode *op_mode;
113
	struct iwl_trans *trans;
114
	struct device *dev;
J
Johannes Berg 已提交
115 116

	int fw_index;                   /* firmware we're trying to load */
117
	char firmware_name[64];         /* name of firmware file to load */
J
Johannes Berg 已提交
118 119

	struct completion request_firmware_complete;
120 121 122 123 124 125

#ifdef CONFIG_IWLWIFI_DEBUGFS
	struct dentry *dbgfs_drv;
	struct dentry *dbgfs_trans;
	struct dentry *dbgfs_op_mode;
#endif
J
Johannes Berg 已提交
126 127
};

J
Johannes Berg 已提交
128
enum {
129 130
	DVM_OP_MODE,
	MVM_OP_MODE,
J
Johannes Berg 已提交
131
};
J
Johannes Berg 已提交
132

J
Johannes Berg 已提交
133 134
/* Protects the table contents, i.e. the ops pointer & drv list */
static struct mutex iwlwifi_opmode_table_mtx;
135 136 137 138 139
static struct iwlwifi_opmode_table {
	const char *name;			/* name: iwldvm, iwlmvm, etc */
	const struct iwl_op_mode_ops *ops;	/* pointer to op_mode ops */
	struct list_head drv;		/* list of devices using this op_mode */
} iwlwifi_opmode_table[] = {		/* ops set when driver is initialized */
J
Johannes Berg 已提交
140 141
	[DVM_OP_MODE] = { .name = "iwldvm", .ops = NULL },
	[MVM_OP_MODE] = { .name = "iwlmvm", .ops = NULL },
142
};
J
Johannes Berg 已提交
143

144 145
#define IWL_DEFAULT_SCAN_CHANNELS 40

146
/*
S
Sara Sharon 已提交
147
 * struct fw_sec: Just for the image parsing process.
148 149 150 151 152 153 154 155
 * For the fw storage we are using struct fw_desc.
 */
struct fw_sec {
	const void *data;		/* the sec data */
	size_t size;			/* section size */
	u32 offset;			/* offset of writing in the device */
};

J
Johannes Berg 已提交
156
static void iwl_free_fw_desc(struct iwl_drv *drv, struct fw_desc *desc)
157
{
J
Johannes Berg 已提交
158 159
	vfree(desc->data);
	desc->data = NULL;
160 161 162
	desc->len = 0;
}

J
Johannes Berg 已提交
163
static void iwl_free_fw_img(struct iwl_drv *drv, struct fw_img *img)
164
{
D
David Spinadel 已提交
165
	int i;
166
	for (i = 0; i < img->num_sec; i++)
D
David Spinadel 已提交
167
		iwl_free_fw_desc(drv, &img->sec[i]);
168
	kfree(img->sec);
169 170
}

J
Johannes Berg 已提交
171
static void iwl_dealloc_ucode(struct iwl_drv *drv)
172
{
D
David Spinadel 已提交
173
	int i;
174

175 176 177 178 179 180
	kfree(drv->fw.dbg.dest_tlv);
	for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.conf_tlv); i++)
		kfree(drv->fw.dbg.conf_tlv[i]);
	for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.trigger_tlv); i++)
		kfree(drv->fw.dbg.trigger_tlv[i]);
	kfree(drv->fw.dbg.mem_tlv);
181
	kfree(drv->fw.iml);
182
	kfree(drv->fw.ucode_capa.cmd_versions);
183

D
David Spinadel 已提交
184 185
	for (i = 0; i < IWL_UCODE_TYPE_MAX; i++)
		iwl_free_fw_img(drv, drv->fw.img + i);
186 187
}

J
Johannes Berg 已提交
188
static int iwl_alloc_fw_desc(struct iwl_drv *drv, struct fw_desc *desc,
J
Johannes Berg 已提交
189
			     struct fw_sec *sec)
190
{
J
Johannes Berg 已提交
191 192 193 194 195
	void *data;

	desc->data = NULL;

	if (!sec || !sec->size)
196 197
		return -EINVAL;

J
Johannes Berg 已提交
198 199
	data = vmalloc(sec->size);
	if (!data)
200 201
		return -ENOMEM;

202 203
	desc->len = sec->size;
	desc->offset = sec->offset;
J
Johannes Berg 已提交
204 205 206
	memcpy(data, sec->data, desc->len);
	desc->data = data;

207 208 209
	return 0;
}

210 211
static void iwl_req_fw_callback(const struct firmware *ucode_raw,
				void *context);
212

J
Johannes Berg 已提交
213
static int iwl_request_firmware(struct iwl_drv *drv, bool first)
214
{
215
	const struct iwl_cfg *cfg = drv->trans->cfg;
216
	char tag[8];
217

218
	if (drv->trans->cfg->device_family == IWL_DEVICE_FAMILY_9000 &&
219 220 221 222 223 224 225
	    (CSR_HW_REV_STEP(drv->trans->hw_rev) != SILICON_B_STEP &&
	     CSR_HW_REV_STEP(drv->trans->hw_rev) != SILICON_C_STEP)) {
		IWL_ERR(drv,
			"Only HW steps B and C are currently supported (0x%0x)\n",
			drv->trans->hw_rev);
		return -EINVAL;
	}
226 227

	if (first) {
228
		drv->fw_index = cfg->ucode_api_max;
J
Johannes Berg 已提交
229
		sprintf(tag, "%d", drv->fw_index);
230
	} else {
J
Johannes Berg 已提交
231 232
		drv->fw_index--;
		sprintf(tag, "%d", drv->fw_index);
233 234
	}

235
	if (drv->fw_index < cfg->ucode_api_min) {
J
Johannes Berg 已提交
236
		IWL_ERR(drv, "no suitable firmware found!\n");
237 238

		if (cfg->ucode_api_min == cfg->ucode_api_max) {
239
			IWL_ERR(drv, "%s%d is required\n", cfg->fw_name_pre,
240 241 242
				cfg->ucode_api_max);
		} else {
			IWL_ERR(drv, "minimum version required: %s%d\n",
243
				cfg->fw_name_pre, cfg->ucode_api_min);
244
			IWL_ERR(drv, "maximum version supported: %s%d\n",
245
				cfg->fw_name_pre, cfg->ucode_api_max);
246 247 248 249
		}

		IWL_ERR(drv,
			"check git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git\n");
250 251 252
		return -ENOENT;
	}

253
	snprintf(drv->firmware_name, sizeof(drv->firmware_name), "%s%s.ucode",
254
		 cfg->fw_name_pre, tag);
255

256 257
	IWL_DEBUG_FW_INFO(drv, "attempting to load firmware '%s'\n",
			  drv->firmware_name);
258

J
Johannes Berg 已提交
259
	return request_firmware_nowait(THIS_MODULE, 1, drv->firmware_name,
260
				       drv->trans->dev,
261
				       GFP_KERNEL, drv, iwl_req_fw_callback);
262 263
}

264
struct fw_img_parsing {
265
	struct fw_sec *sec;
266 267 268
	int sec_counter;
};

269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284
/*
 * struct fw_sec_parsing: to extract fw section and it's offset from tlv
 */
struct fw_sec_parsing {
	__le32 offset;
	const u8 data[];
} __packed;

/**
 * struct iwl_tlv_calib_data - parse the default calib data from TLV
 *
 * @ucode_type: the uCode to which the following default calib relates.
 * @calib: default calibrations.
 */
struct iwl_tlv_calib_data {
	__le32 ucode_type;
J
Johannes Berg 已提交
285
	struct iwl_tlv_calib_ctrl calib;
286 287
} __packed;

288 289
struct iwl_firmware_pieces {
	struct fw_img_parsing img[IWL_UCODE_TYPE_MAX];
290 291 292

	u32 init_evtlog_ptr, init_evtlog_size, init_errlog_ptr;
	u32 inst_evtlog_ptr, inst_evtlog_size, inst_errlog_ptr;
293 294

	/* FW debug data parsed for driver usage */
295 296 297 298 299 300
	bool dbg_dest_tlv_init;
	u8 *dbg_dest_ver;
	union {
		struct iwl_fw_dbg_dest_tlv *dbg_dest_tlv;
		struct iwl_fw_dbg_dest_tlv_v1 *dbg_dest_tlv_v1;
	};
301 302 303 304
	struct iwl_fw_dbg_conf_tlv *dbg_conf_tlv[FW_DBG_CONF_MAX];
	size_t dbg_conf_tlv_len[FW_DBG_CONF_MAX];
	struct iwl_fw_dbg_trigger_tlv *dbg_trigger_tlv[FW_DBG_TRIGGER_MAX];
	size_t dbg_trigger_tlv_len[FW_DBG_TRIGGER_MAX];
305
	struct iwl_fw_dbg_mem_seg_tlv *dbg_mem_tlv;
306
	size_t n_mem_tlv;
307 308
};

309 310 311 312 313 314 315 316 317 318 319
/*
 * These functions are just to extract uCode section data from the pieces
 * structure.
 */
static struct fw_sec *get_sec(struct iwl_firmware_pieces *pieces,
			      enum iwl_ucode_type type,
			      int  sec)
{
	return &pieces->img[type].sec[sec];
}

320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339
static void alloc_sec_data(struct iwl_firmware_pieces *pieces,
			   enum iwl_ucode_type type,
			   int sec)
{
	struct fw_img_parsing *img = &pieces->img[type];
	struct fw_sec *sec_memory;
	int size = sec + 1;
	size_t alloc_size = sizeof(*img->sec) * size;

	if (img->sec && img->sec_counter >= size)
		return;

	sec_memory = krealloc(img->sec, alloc_size, GFP_KERNEL);
	if (!sec_memory)
		return;

	img->sec = sec_memory;
	img->sec_counter = size;
}

340 341 342 343 344
static void set_sec_data(struct iwl_firmware_pieces *pieces,
			 enum iwl_ucode_type type,
			 int sec,
			 const void *data)
{
345 346
	alloc_sec_data(pieces, type, sec);

347 348 349 350 351 352 353 354
	pieces->img[type].sec[sec].data = data;
}

static void set_sec_size(struct iwl_firmware_pieces *pieces,
			 enum iwl_ucode_type type,
			 int sec,
			 size_t size)
{
355 356
	alloc_sec_data(pieces, type, sec);

357 358 359 360 361 362 363 364 365 366 367 368 369 370 371
	pieces->img[type].sec[sec].size = size;
}

static size_t get_sec_size(struct iwl_firmware_pieces *pieces,
			   enum iwl_ucode_type type,
			   int sec)
{
	return pieces->img[type].sec[sec].size;
}

static void set_sec_offset(struct iwl_firmware_pieces *pieces,
			   enum iwl_ucode_type type,
			   int sec,
			   u32 offset)
{
372 373
	alloc_sec_data(pieces, type, sec);

374 375 376
	pieces->img[type].sec[sec].offset = offset;
}

377 378 379 380 381 382 383 384 385 386 387 388 389 390
static int iwl_store_cscheme(struct iwl_fw *fw, const u8 *data, const u32 len)
{
	int i, j;
	struct iwl_fw_cscheme_list *l = (struct iwl_fw_cscheme_list *)data;
	struct iwl_fw_cipher_scheme *fwcs;

	if (len < sizeof(*l) ||
	    len < sizeof(l->size) + l->size * sizeof(l->cs[0]))
		return -EINVAL;

	for (i = 0, j = 0; i < IWL_UCODE_MAX_CS && i < l->size; i++) {
		fwcs = &l->cs[j];

		/* we skip schemes with zero cipher suite selector */
391
		if (!fwcs->cipher)
392 393
			continue;

394
		fw->cs[j++] = *fwcs;
395 396 397 398 399
	}

	return 0;
}

400 401 402 403 404 405 406 407 408 409
/*
 * Gets uCode section from tlv.
 */
static int iwl_store_ucode_sec(struct iwl_firmware_pieces *pieces,
			       const void *data, enum iwl_ucode_type type,
			       int size)
{
	struct fw_img_parsing *img;
	struct fw_sec *sec;
	struct fw_sec_parsing *sec_parse;
410
	size_t alloc_size;
411 412 413 414 415 416 417

	if (WARN_ON(!pieces || !data || type >= IWL_UCODE_TYPE_MAX))
		return -1;

	sec_parse = (struct fw_sec_parsing *)data;

	img = &pieces->img[type];
418 419 420 421 422 423 424

	alloc_size = sizeof(*img->sec) * (img->sec_counter + 1);
	sec = krealloc(img->sec, alloc_size, GFP_KERNEL);
	if (!sec)
		return -ENOMEM;
	img->sec = sec;

425 426 427 428
	sec = &img->sec[img->sec_counter];

	sec->offset = le32_to_cpu(sec_parse->offset);
	sec->data = sec_parse->data;
429
	sec->size = size - sizeof(sec_parse->offset);
430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445

	++img->sec_counter;

	return 0;
}

static int iwl_set_default_calib(struct iwl_drv *drv, const u8 *data)
{
	struct iwl_tlv_calib_data *def_calib =
					(struct iwl_tlv_calib_data *)data;
	u32 ucode_type = le32_to_cpu(def_calib->ucode_type);
	if (ucode_type >= IWL_UCODE_TYPE_MAX) {
		IWL_ERR(drv, "Wrong ucode_type %u for default calibration.\n",
			ucode_type);
		return -EINVAL;
	}
J
Johannes Berg 已提交
446 447 448 449 450
	drv->fw.default_calib[ucode_type].flow_trigger =
		def_calib->calib.flow_trigger;
	drv->fw.default_calib[ucode_type].event_trigger =
		def_calib->calib.event_trigger;

451 452 453
	return 0;
}

454 455
static void iwl_set_ucode_api_flags(struct iwl_drv *drv, const u8 *data,
				    struct iwl_ucode_capabilities *capa)
456 457 458
{
	const struct iwl_ucode_api *ucode_api = (void *)data;
	u32 api_index = le32_to_cpu(ucode_api->api_index);
459 460
	u32 api_flags = le32_to_cpu(ucode_api->api_flags);
	int i;
461

462
	if (api_index >= DIV_ROUND_UP(NUM_IWL_UCODE_TLV_API, 32)) {
463 464 465
		IWL_WARN(drv,
			 "api flags index %d larger than supported by driver\n",
			 api_index);
466
		return;
467 468
	}

469 470 471 472
	for (i = 0; i < 32; i++) {
		if (api_flags & BIT(i))
			__set_bit(i + 32 * api_index, capa->_api);
	}
473 474
}

475 476
static void iwl_set_ucode_capabilities(struct iwl_drv *drv, const u8 *data,
				       struct iwl_ucode_capabilities *capa)
477 478 479
{
	const struct iwl_ucode_capa *ucode_capa = (void *)data;
	u32 api_index = le32_to_cpu(ucode_capa->api_index);
480 481
	u32 api_flags = le32_to_cpu(ucode_capa->api_capa);
	int i;
482

483
	if (api_index >= DIV_ROUND_UP(NUM_IWL_UCODE_TLV_CAPA, 32)) {
484 485 486
		IWL_WARN(drv,
			 "capa flags index %d larger than supported by driver\n",
			 api_index);
487
		return;
488 489
	}

490 491 492 493
	for (i = 0; i < 32; i++) {
		if (api_flags & BIT(i))
			__set_bit(i + 32 * api_index, capa->_capa);
	}
494 495
}

J
Johannes Berg 已提交
496
static int iwl_parse_v1_v2_firmware(struct iwl_drv *drv,
497 498
				    const struct firmware *ucode_raw,
				    struct iwl_firmware_pieces *pieces)
499 500 501 502 503 504
{
	struct iwl_ucode_header *ucode = (void *)ucode_raw->data;
	u32 api_ver, hdr_size, build;
	char buildstr[25];
	const u8 *src;

J
Johannes Berg 已提交
505 506
	drv->fw.ucode_ver = le32_to_cpu(ucode->ver);
	api_ver = IWL_UCODE_API(drv->fw.ucode_ver);
507 508 509 510 511

	switch (api_ver) {
	default:
		hdr_size = 28;
		if (ucode_raw->size < hdr_size) {
J
Johannes Berg 已提交
512
			IWL_ERR(drv, "File size too small!\n");
513 514 515
			return -EINVAL;
		}
		build = le32_to_cpu(ucode->u.v2.build);
516 517 518 519 520 521 522 523
		set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST,
			     le32_to_cpu(ucode->u.v2.inst_size));
		set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA,
			     le32_to_cpu(ucode->u.v2.data_size));
		set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST,
			     le32_to_cpu(ucode->u.v2.init_size));
		set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA,
			     le32_to_cpu(ucode->u.v2.init_data_size));
524 525 526 527 528 529 530
		src = ucode->u.v2.data;
		break;
	case 0:
	case 1:
	case 2:
		hdr_size = 24;
		if (ucode_raw->size < hdr_size) {
J
Johannes Berg 已提交
531
			IWL_ERR(drv, "File size too small!\n");
532 533 534
			return -EINVAL;
		}
		build = 0;
535 536 537 538 539 540 541 542
		set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST,
			     le32_to_cpu(ucode->u.v1.inst_size));
		set_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA,
			     le32_to_cpu(ucode->u.v1.data_size));
		set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST,
			     le32_to_cpu(ucode->u.v1.init_size));
		set_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA,
			     le32_to_cpu(ucode->u.v1.init_data_size));
543 544 545 546 547
		src = ucode->u.v1.data;
		break;
	}

	if (build)
548
		sprintf(buildstr, " build %u", build);
549 550 551
	else
		buildstr[0] = '\0';

J
Johannes Berg 已提交
552 553
	snprintf(drv->fw.fw_version,
		 sizeof(drv->fw.fw_version),
554
		 "%u.%u.%u.%u%s",
J
Johannes Berg 已提交
555 556 557 558
		 IWL_UCODE_MAJOR(drv->fw.ucode_ver),
		 IWL_UCODE_MINOR(drv->fw.ucode_ver),
		 IWL_UCODE_API(drv->fw.ucode_ver),
		 IWL_UCODE_SERIAL(drv->fw.ucode_ver),
559 560 561
		 buildstr);

	/* Verify size of file vs. image size info in file's header */
562 563 564 565 566 567

	if (ucode_raw->size != hdr_size +
	    get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST) +
	    get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA) +
	    get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST) +
	    get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA)) {
568

J
Johannes Berg 已提交
569
		IWL_ERR(drv,
570 571 572 573 574 575
			"uCode file size %d does not match expected size\n",
			(int)ucode_raw->size);
		return -EINVAL;
	}


576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591
	set_sec_data(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST, src);
	src += get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST);
	set_sec_offset(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST,
		       IWLAGN_RTC_INST_LOWER_BOUND);
	set_sec_data(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA, src);
	src += get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA);
	set_sec_offset(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA,
		       IWLAGN_RTC_DATA_LOWER_BOUND);
	set_sec_data(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST, src);
	src += get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST);
	set_sec_offset(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST,
		       IWLAGN_RTC_INST_LOWER_BOUND);
	set_sec_data(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA, src);
	src += get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA);
	set_sec_offset(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA,
		       IWLAGN_RTC_DATA_LOWER_BOUND);
592 593 594
	return 0;
}

595 596
#define FW_ADDR_CACHE_CONTROL 0xC0000000

J
Johannes Berg 已提交
597
static int iwl_parse_tlv_firmware(struct iwl_drv *drv,
598
				const struct firmware *ucode_raw,
599
				struct iwl_firmware_pieces *pieces,
600 601
				struct iwl_ucode_capabilities *capa,
				bool *usniffer_images)
602 603 604 605 606 607
{
	struct iwl_tlv_ucode_header *ucode = (void *)ucode_raw->data;
	struct iwl_ucode_tlv *tlv;
	size_t len = ucode_raw->size;
	const u8 *data;
	u32 tlv_len;
608
	u32 usniffer_img;
609 610 611
	enum iwl_ucode_tlv_type tlv_type;
	const u8 *tlv_data;
	char buildstr[25];
612
	u32 build, paging_mem_size;
613
	int num_of_cpus;
614
	bool usniffer_req = false;
615 616

	if (len < sizeof(*ucode)) {
J
Johannes Berg 已提交
617
		IWL_ERR(drv, "uCode has invalid length: %zd\n", len);
618 619 620 621
		return -EINVAL;
	}

	if (ucode->magic != cpu_to_le32(IWL_TLV_UCODE_MAGIC)) {
J
Johannes Berg 已提交
622
		IWL_ERR(drv, "invalid uCode magic: 0X%x\n",
623 624 625 626
			le32_to_cpu(ucode->magic));
		return -EINVAL;
	}

J
Johannes Berg 已提交
627
	drv->fw.ucode_ver = le32_to_cpu(ucode->ver);
628 629
	memcpy(drv->fw.human_readable, ucode->human_readable,
	       sizeof(drv->fw.human_readable));
630 631 632
	build = le32_to_cpu(ucode->build);

	if (build)
633
		sprintf(buildstr, " build %u", build);
634 635 636
	else
		buildstr[0] = '\0';

J
Johannes Berg 已提交
637 638
	snprintf(drv->fw.fw_version,
		 sizeof(drv->fw.fw_version),
639
		 "%u.%u.%u.%u%s",
J
Johannes Berg 已提交
640 641 642 643
		 IWL_UCODE_MAJOR(drv->fw.ucode_ver),
		 IWL_UCODE_MINOR(drv->fw.ucode_ver),
		 IWL_UCODE_API(drv->fw.ucode_ver),
		 IWL_UCODE_SERIAL(drv->fw.ucode_ver),
644 645 646 647 648 649
		 buildstr);

	data = ucode->data;

	len -= sizeof(*ucode);

650
	if (iwlwifi_mod_params.enable_ini)
651
		iwl_alloc_dbg_tlv(drv->trans, len, data, false);
652

653 654 655 656 657
	while (len >= sizeof(*tlv)) {
		len -= sizeof(*tlv);
		tlv = (void *)data;

		tlv_len = le32_to_cpu(tlv->length);
658
		tlv_type = le32_to_cpu(tlv->type);
659 660 661
		tlv_data = tlv->data;

		if (len < tlv_len) {
J
Johannes Berg 已提交
662
			IWL_ERR(drv, "invalid TLV len: %zd/%u\n",
663 664 665 666 667 668 669 670
				len, tlv_len);
			return -EINVAL;
		}
		len -= ALIGN(tlv_len, 4);
		data += sizeof(*tlv) + ALIGN(tlv_len, 4);

		switch (tlv_type) {
		case IWL_UCODE_TLV_INST:
671 672 673 674 675 676 677
			set_sec_data(pieces, IWL_UCODE_REGULAR,
				     IWL_UCODE_SECTION_INST, tlv_data);
			set_sec_size(pieces, IWL_UCODE_REGULAR,
				     IWL_UCODE_SECTION_INST, tlv_len);
			set_sec_offset(pieces, IWL_UCODE_REGULAR,
				       IWL_UCODE_SECTION_INST,
				       IWLAGN_RTC_INST_LOWER_BOUND);
678 679
			break;
		case IWL_UCODE_TLV_DATA:
680 681 682 683 684 685 686
			set_sec_data(pieces, IWL_UCODE_REGULAR,
				     IWL_UCODE_SECTION_DATA, tlv_data);
			set_sec_size(pieces, IWL_UCODE_REGULAR,
				     IWL_UCODE_SECTION_DATA, tlv_len);
			set_sec_offset(pieces, IWL_UCODE_REGULAR,
				       IWL_UCODE_SECTION_DATA,
				       IWLAGN_RTC_DATA_LOWER_BOUND);
687 688
			break;
		case IWL_UCODE_TLV_INIT:
689 690 691 692 693 694 695
			set_sec_data(pieces, IWL_UCODE_INIT,
				     IWL_UCODE_SECTION_INST, tlv_data);
			set_sec_size(pieces, IWL_UCODE_INIT,
				     IWL_UCODE_SECTION_INST, tlv_len);
			set_sec_offset(pieces, IWL_UCODE_INIT,
				       IWL_UCODE_SECTION_INST,
				       IWLAGN_RTC_INST_LOWER_BOUND);
696 697
			break;
		case IWL_UCODE_TLV_INIT_DATA:
698 699 700 701 702 703 704
			set_sec_data(pieces, IWL_UCODE_INIT,
				     IWL_UCODE_SECTION_DATA, tlv_data);
			set_sec_size(pieces, IWL_UCODE_INIT,
				     IWL_UCODE_SECTION_DATA, tlv_len);
			set_sec_offset(pieces, IWL_UCODE_INIT,
				       IWL_UCODE_SECTION_DATA,
				       IWLAGN_RTC_DATA_LOWER_BOUND);
705 706
			break;
		case IWL_UCODE_TLV_BOOT:
J
Johannes Berg 已提交
707
			IWL_ERR(drv, "Found unexpected BOOT ucode\n");
708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735
			break;
		case IWL_UCODE_TLV_PROBE_MAX_LEN:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			capa->max_probe_length =
					le32_to_cpup((__le32 *)tlv_data);
			break;
		case IWL_UCODE_TLV_PAN:
			if (tlv_len)
				goto invalid_tlv_len;
			capa->flags |= IWL_UCODE_TLV_FLAGS_PAN;
			break;
		case IWL_UCODE_TLV_FLAGS:
			/* must be at least one u32 */
			if (tlv_len < sizeof(u32))
				goto invalid_tlv_len;
			/* and a proper number of u32s */
			if (tlv_len % sizeof(u32))
				goto invalid_tlv_len;
			/*
			 * This driver only reads the first u32 as
			 * right now no more features are defined,
			 * if that changes then either the driver
			 * will not work with the new firmware, or
			 * it'll not take advantage of new features.
			 */
			capa->flags = le32_to_cpup((__le32 *)tlv_data);
			break;
736 737 738
		case IWL_UCODE_TLV_API_CHANGES_SET:
			if (tlv_len != sizeof(struct iwl_ucode_api))
				goto invalid_tlv_len;
739
			iwl_set_ucode_api_flags(drv, tlv_data, capa);
740 741 742 743
			break;
		case IWL_UCODE_TLV_ENABLED_CAPABILITIES:
			if (tlv_len != sizeof(struct iwl_ucode_capa))
				goto invalid_tlv_len;
744
			iwl_set_ucode_capabilities(drv, tlv_data, capa);
745
			break;
746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784
		case IWL_UCODE_TLV_INIT_EVTLOG_PTR:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			pieces->init_evtlog_ptr =
					le32_to_cpup((__le32 *)tlv_data);
			break;
		case IWL_UCODE_TLV_INIT_EVTLOG_SIZE:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			pieces->init_evtlog_size =
					le32_to_cpup((__le32 *)tlv_data);
			break;
		case IWL_UCODE_TLV_INIT_ERRLOG_PTR:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			pieces->init_errlog_ptr =
					le32_to_cpup((__le32 *)tlv_data);
			break;
		case IWL_UCODE_TLV_RUNT_EVTLOG_PTR:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			pieces->inst_evtlog_ptr =
					le32_to_cpup((__le32 *)tlv_data);
			break;
		case IWL_UCODE_TLV_RUNT_EVTLOG_SIZE:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			pieces->inst_evtlog_size =
					le32_to_cpup((__le32 *)tlv_data);
			break;
		case IWL_UCODE_TLV_RUNT_ERRLOG_PTR:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			pieces->inst_errlog_ptr =
					le32_to_cpup((__le32 *)tlv_data);
			break;
		case IWL_UCODE_TLV_ENHANCE_SENS_TBL:
			if (tlv_len)
				goto invalid_tlv_len;
J
Johannes Berg 已提交
785
			drv->fw.enhance_sensitivity_table = true;
786 787
			break;
		case IWL_UCODE_TLV_WOWLAN_INST:
788 789 790 791 792 793 794
			set_sec_data(pieces, IWL_UCODE_WOWLAN,
				     IWL_UCODE_SECTION_INST, tlv_data);
			set_sec_size(pieces, IWL_UCODE_WOWLAN,
				     IWL_UCODE_SECTION_INST, tlv_len);
			set_sec_offset(pieces, IWL_UCODE_WOWLAN,
				       IWL_UCODE_SECTION_INST,
				       IWLAGN_RTC_INST_LOWER_BOUND);
795 796
			break;
		case IWL_UCODE_TLV_WOWLAN_DATA:
797 798 799 800 801 802 803
			set_sec_data(pieces, IWL_UCODE_WOWLAN,
				     IWL_UCODE_SECTION_DATA, tlv_data);
			set_sec_size(pieces, IWL_UCODE_WOWLAN,
				     IWL_UCODE_SECTION_DATA, tlv_len);
			set_sec_offset(pieces, IWL_UCODE_WOWLAN,
				       IWL_UCODE_SECTION_DATA,
				       IWLAGN_RTC_DATA_LOWER_BOUND);
804 805 806 807 808 809 810
			break;
		case IWL_UCODE_TLV_PHY_CALIBRATION_SIZE:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			capa->standard_phy_calibration_size =
					le32_to_cpup((__le32 *)tlv_data);
			break;
811
		case IWL_UCODE_TLV_SEC_RT:
812 813
			iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_REGULAR,
					    tlv_len);
814
			drv->fw.type = IWL_FW_MVM;
815 816 817 818
			break;
		case IWL_UCODE_TLV_SEC_INIT:
			iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_INIT,
					    tlv_len);
819
			drv->fw.type = IWL_FW_MVM;
820 821 822 823
			break;
		case IWL_UCODE_TLV_SEC_WOWLAN:
			iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_WOWLAN,
					    tlv_len);
824
			drv->fw.type = IWL_FW_MVM;
825 826 827 828 829 830 831 832 833 834 835
			break;
		case IWL_UCODE_TLV_DEF_CALIB:
			if (tlv_len != sizeof(struct iwl_tlv_calib_data))
				goto invalid_tlv_len;
			if (iwl_set_default_calib(drv, tlv_data))
				goto tlv_error;
			break;
		case IWL_UCODE_TLV_PHY_SKU:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			drv->fw.phy_config = le32_to_cpup((__le32 *)tlv_data);
836 837 838 839 840 841
			drv->fw.valid_tx_ant = (drv->fw.phy_config &
						FW_PHY_CFG_TX_CHAIN) >>
						FW_PHY_CFG_TX_CHAIN_POS;
			drv->fw.valid_rx_ant = (drv->fw.phy_config &
						FW_PHY_CFG_RX_CHAIN) >>
						FW_PHY_CFG_RX_CHAIN_POS;
842
			break;
843
		case IWL_UCODE_TLV_SECURE_SEC_RT:
844 845
			iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_REGULAR,
					    tlv_len);
846
			drv->fw.type = IWL_FW_MVM;
847 848 849 850
			break;
		case IWL_UCODE_TLV_SECURE_SEC_INIT:
			iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_INIT,
					    tlv_len);
851
			drv->fw.type = IWL_FW_MVM;
852 853 854 855
			break;
		case IWL_UCODE_TLV_SECURE_SEC_WOWLAN:
			iwl_store_ucode_sec(pieces, tlv_data, IWL_UCODE_WOWLAN,
					    tlv_len);
856
			drv->fw.type = IWL_FW_MVM;
857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875
			break;
		case IWL_UCODE_TLV_NUM_OF_CPU:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			num_of_cpus =
				le32_to_cpup((__le32 *)tlv_data);

			if (num_of_cpus == 2) {
				drv->fw.img[IWL_UCODE_REGULAR].is_dual_cpus =
					true;
				drv->fw.img[IWL_UCODE_INIT].is_dual_cpus =
					true;
				drv->fw.img[IWL_UCODE_WOWLAN].is_dual_cpus =
					true;
			} else if ((num_of_cpus > 2) || (num_of_cpus < 1)) {
				IWL_ERR(drv, "Driver support upto 2 CPUs\n");
				return -EINVAL;
			}
			break;
876 877 878 879
		case IWL_UCODE_TLV_CSCHEME:
			if (iwl_store_cscheme(&drv->fw, tlv_data, tlv_len))
				goto invalid_tlv_len;
			break;
880 881 882 883 884 885
		case IWL_UCODE_TLV_N_SCAN_CHANNELS:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			capa->n_scan_channels =
				le32_to_cpup((__le32 *)tlv_data);
			break;
886 887 888 889 890 891 892 893 894 895 896 897
		case IWL_UCODE_TLV_FW_VERSION: {
			__le32 *ptr = (void *)tlv_data;
			u32 major, minor;
			u8 local_comp;

			if (tlv_len != sizeof(u32) * 3)
				goto invalid_tlv_len;

			major = le32_to_cpup(ptr++);
			minor = le32_to_cpup(ptr++);
			local_comp = le32_to_cpup(ptr);

898 899 900 901 902 903 904 905
			if (major >= 35)
				snprintf(drv->fw.fw_version,
					 sizeof(drv->fw.fw_version),
					"%u.%08x.%u", major, minor, local_comp);
			else
				snprintf(drv->fw.fw_version,
					 sizeof(drv->fw.fw_version),
					"%u.%u.%u", major, minor, local_comp);
906 907
			break;
			}
908
		case IWL_UCODE_TLV_FW_DBG_DEST: {
909 910 911 912 913 914 915 916 917 918 919 920 921 922 923
			struct iwl_fw_dbg_dest_tlv *dest = NULL;
			struct iwl_fw_dbg_dest_tlv_v1 *dest_v1 = NULL;
			u8 mon_mode;

			pieces->dbg_dest_ver = (u8 *)tlv_data;
			if (*pieces->dbg_dest_ver == 1) {
				dest = (void *)tlv_data;
			} else if (*pieces->dbg_dest_ver == 0) {
				dest_v1 = (void *)tlv_data;
			} else {
				IWL_ERR(drv,
					"The version is %d, and it is invalid\n",
					*pieces->dbg_dest_ver);
				break;
			}
924

925
			if (pieces->dbg_dest_tlv_init) {
926 927 928 929 930
				IWL_ERR(drv,
					"dbg destination ignored, already exists\n");
				break;
			}

931 932 933 934 935 936 937 938 939 940
			pieces->dbg_dest_tlv_init = true;

			if (dest_v1) {
				pieces->dbg_dest_tlv_v1 = dest_v1;
				mon_mode = dest_v1->monitor_mode;
			} else {
				pieces->dbg_dest_tlv = dest;
				mon_mode = dest->monitor_mode;
			}

941
			IWL_INFO(drv, "Found debug destination: %s\n",
942 943
				 get_fw_dbg_mode_string(mon_mode));

944
			drv->fw.dbg.n_dest_reg = (dest_v1) ?
945 946 947 948 949 950
				tlv_len -
				offsetof(struct iwl_fw_dbg_dest_tlv_v1,
					 reg_ops) :
				tlv_len -
				offsetof(struct iwl_fw_dbg_dest_tlv,
					 reg_ops);
951

952 953
			drv->fw.dbg.n_dest_reg /=
				sizeof(drv->fw.dbg.dest_tlv->reg_ops[0]);
954 955 956 957 958 959

			break;
			}
		case IWL_UCODE_TLV_FW_DBG_CONF: {
			struct iwl_fw_dbg_conf_tlv *conf = (void *)tlv_data;

960
			if (!pieces->dbg_dest_tlv_init) {
961 962 963 964 965 966
				IWL_ERR(drv,
					"Ignore dbg config %d - no destination configured\n",
					conf->id);
				break;
			}

967
			if (conf->id >= ARRAY_SIZE(drv->fw.dbg.conf_tlv)) {
968 969 970 971 972 973 974 975 976 977 978 979 980
				IWL_ERR(drv,
					"Skip unknown configuration: %d\n",
					conf->id);
				break;
			}

			if (pieces->dbg_conf_tlv[conf->id]) {
				IWL_ERR(drv,
					"Ignore duplicate dbg config %d\n",
					conf->id);
				break;
			}

981 982 983
			if (conf->usniffer)
				usniffer_req = true;

984 985 986 987 988 989 990
			IWL_INFO(drv, "Found debug configuration: %d\n",
				 conf->id);

			pieces->dbg_conf_tlv[conf->id] = conf;
			pieces->dbg_conf_tlv_len[conf->id] = tlv_len;
			break;
			}
991 992 993 994 995
		case IWL_UCODE_TLV_FW_DBG_TRIGGER: {
			struct iwl_fw_dbg_trigger_tlv *trigger =
				(void *)tlv_data;
			u32 trigger_id = le32_to_cpu(trigger->id);

996
			if (trigger_id >= ARRAY_SIZE(drv->fw.dbg.trigger_tlv)) {
997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015
				IWL_ERR(drv,
					"Skip unknown trigger: %u\n",
					trigger->id);
				break;
			}

			if (pieces->dbg_trigger_tlv[trigger_id]) {
				IWL_ERR(drv,
					"Ignore duplicate dbg trigger %u\n",
					trigger->id);
				break;
			}

			IWL_INFO(drv, "Found debug trigger: %u\n", trigger->id);

			pieces->dbg_trigger_tlv[trigger_id] = trigger;
			pieces->dbg_trigger_tlv_len[trigger_id] = tlv_len;
			break;
			}
1016 1017 1018 1019 1020 1021 1022
		case IWL_UCODE_TLV_FW_DBG_DUMP_LST: {
			if (tlv_len != sizeof(u32)) {
				IWL_ERR(drv,
					"dbg lst mask size incorrect, skip\n");
				break;
			}

1023
			drv->fw.dbg.dump_mask =
1024 1025 1026
				le32_to_cpup((__le32 *)tlv_data);
			break;
			}
1027
		case IWL_UCODE_TLV_SEC_RT_USNIFFER:
1028
			*usniffer_images = true;
1029 1030 1031 1032
			iwl_store_ucode_sec(pieces, tlv_data,
					    IWL_UCODE_REGULAR_USNIFFER,
					    tlv_len);
			break;
1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061
		case IWL_UCODE_TLV_PAGING:
			if (tlv_len != sizeof(u32))
				goto invalid_tlv_len;
			paging_mem_size = le32_to_cpup((__le32 *)tlv_data);

			IWL_DEBUG_FW(drv,
				     "Paging: paging enabled (size = %u bytes)\n",
				     paging_mem_size);

			if (paging_mem_size > MAX_PAGING_IMAGE_SIZE) {
				IWL_ERR(drv,
					"Paging: driver supports up to %lu bytes for paging image\n",
					MAX_PAGING_IMAGE_SIZE);
				return -EINVAL;
			}

			if (paging_mem_size & (FW_PAGING_SIZE - 1)) {
				IWL_ERR(drv,
					"Paging: image isn't multiple %lu\n",
					FW_PAGING_SIZE);
				return -EINVAL;
			}

			drv->fw.img[IWL_UCODE_REGULAR].paging_mem_size =
				paging_mem_size;
			usniffer_img = IWL_UCODE_REGULAR_USNIFFER;
			drv->fw.img[usniffer_img].paging_mem_size =
				paging_mem_size;
			break;
1062
		case IWL_UCODE_TLV_FW_GSCAN_CAPA:
1063
			/* ignored */
1064
			break;
1065 1066 1067
		case IWL_UCODE_TLV_FW_MEM_SEG: {
			struct iwl_fw_dbg_mem_seg_tlv *dbg_mem =
				(void *)tlv_data;
1068 1069
			size_t size;
			struct iwl_fw_dbg_mem_seg_tlv *n;
1070 1071 1072 1073 1074 1075 1076

			if (tlv_len != (sizeof(*dbg_mem)))
				goto invalid_tlv_len;

			IWL_DEBUG_INFO(drv, "Found debug memory segment: %u\n",
				       dbg_mem->data_type);

1077
			size = sizeof(*pieces->dbg_mem_tlv) *
1078
			       (pieces->n_mem_tlv + 1);
1079 1080 1081 1082
			n = krealloc(pieces->dbg_mem_tlv, size, GFP_KERNEL);
			if (!n)
				return -ENOMEM;
			pieces->dbg_mem_tlv = n;
1083 1084
			pieces->dbg_mem_tlv[pieces->n_mem_tlv] = *dbg_mem;
			pieces->n_mem_tlv++;
1085 1086
			break;
			}
1087 1088 1089 1090 1091 1092 1093
		case IWL_UCODE_TLV_IML: {
			drv->fw.iml_len = tlv_len;
			drv->fw.iml = kmemdup(tlv_data, tlv_len, GFP_KERNEL);
			if (!drv->fw.iml)
				return -ENOMEM;
			break;
			}
1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107
		case IWL_UCODE_TLV_FW_RECOVERY_INFO: {
			struct {
				__le32 buf_addr;
				__le32 buf_size;
			} *recov_info = (void *)tlv_data;

			if (tlv_len != sizeof(*recov_info))
				goto invalid_tlv_len;
			capa->error_log_addr =
				le32_to_cpu(recov_info->buf_addr);
			capa->error_log_size =
				le32_to_cpu(recov_info->buf_size);
			}
			break;
1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139
		case IWL_UCODE_TLV_UMAC_DEBUG_ADDRS: {
			struct iwl_umac_debug_addrs *dbg_ptrs =
				(void *)tlv_data;

			if (tlv_len != sizeof(*dbg_ptrs))
				goto invalid_tlv_len;
			if (drv->trans->cfg->device_family <
			    IWL_DEVICE_FAMILY_22000)
				break;
			drv->trans->umac_error_event_table =
				le32_to_cpu(dbg_ptrs->error_info_addr) &
				~FW_ADDR_CACHE_CONTROL;
			drv->trans->error_event_table_tlv_status |=
				IWL_ERROR_EVENT_TABLE_UMAC;
			break;
			}
		case IWL_UCODE_TLV_LMAC_DEBUG_ADDRS: {
			struct iwl_lmac_debug_addrs *dbg_ptrs =
				(void *)tlv_data;

			if (tlv_len != sizeof(*dbg_ptrs))
				goto invalid_tlv_len;
			if (drv->trans->cfg->device_family <
			    IWL_DEVICE_FAMILY_22000)
				break;
			drv->trans->lmac_error_event_table[0] =
				le32_to_cpu(dbg_ptrs->error_event_table_ptr) &
				~FW_ADDR_CACHE_CONTROL;
			drv->trans->error_event_table_tlv_status |=
				IWL_ERROR_EVENT_TABLE_LMAC1;
			break;
			}
1140 1141 1142 1143 1144 1145
		case IWL_UCODE_TLV_TYPE_BUFFER_ALLOCATION:
		case IWL_UCODE_TLV_TYPE_HCMD:
		case IWL_UCODE_TLV_TYPE_REGIONS:
		case IWL_UCODE_TLV_TYPE_TRIGGERS:
		case IWL_UCODE_TLV_TYPE_DEBUG_FLOW:
			if (iwlwifi_mod_params.enable_ini)
1146
				iwl_fw_dbg_copy_tlv(drv->trans, tlv, false);
1147
			break;
1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164
		case IWL_UCODE_TLV_CMD_VERSIONS:
			if (tlv_len % sizeof(struct iwl_fw_cmd_version)) {
				IWL_ERR(drv,
					"Invalid length for command versions: %u\n",
					tlv_len);
				tlv_len /= sizeof(struct iwl_fw_cmd_version);
				tlv_len *= sizeof(struct iwl_fw_cmd_version);
			}
			if (WARN_ON(capa->cmd_versions))
				return -EINVAL;
			capa->cmd_versions = kmemdup(tlv_data, tlv_len,
						     GFP_KERNEL);
			if (!capa->cmd_versions)
				return -ENOMEM;
			capa->n_cmd_versions =
				tlv_len / sizeof(struct iwl_fw_cmd_version);
			break;
1165
		default:
J
Johannes Berg 已提交
1166
			IWL_DEBUG_INFO(drv, "unknown TLV: %d\n", tlv_type);
1167 1168 1169 1170
			break;
		}
	}

1171 1172
	if (!fw_has_capa(capa, IWL_UCODE_TLV_CAPA_USNIFFER_UNIFIED) &&
	    usniffer_req && !*usniffer_images) {
1173 1174 1175 1176 1177
		IWL_ERR(drv,
			"user selected to work with usniffer but usniffer image isn't available in ucode package\n");
		return -EINVAL;
	}

1178
	if (len) {
J
Johannes Berg 已提交
1179 1180
		IWL_ERR(drv, "invalid TLV after parsing: %zd\n", len);
		iwl_print_hex_dump(drv, IWL_DL_FW, (u8 *)data, len);
1181 1182 1183 1184 1185 1186
		return -EINVAL;
	}

	return 0;

 invalid_tlv_len:
J
Johannes Berg 已提交
1187
	IWL_ERR(drv, "TLV %d has invalid size: %u\n", tlv_type, tlv_len);
1188
 tlv_error:
J
Johannes Berg 已提交
1189
	iwl_print_hex_dump(drv, IWL_DL_FW, tlv_data, tlv_len);
1190 1191 1192 1193

	return -EINVAL;
}

1194 1195 1196
static int iwl_alloc_ucode(struct iwl_drv *drv,
			   struct iwl_firmware_pieces *pieces,
			   enum iwl_ucode_type type)
D
David Spinadel 已提交
1197 1198
{
	int i;
1199 1200 1201 1202 1203 1204 1205 1206 1207 1208
	struct fw_desc *sec;

	sec = kcalloc(pieces->img[type].sec_counter, sizeof(*sec), GFP_KERNEL);
	if (!sec)
		return -ENOMEM;
	drv->fw.img[type].sec = sec;
	drv->fw.img[type].num_sec = pieces->img[type].sec_counter;

	for (i = 0; i < pieces->img[type].sec_counter; i++)
		if (iwl_alloc_fw_desc(drv, &sec[i], get_sec(pieces, type, i)))
1209
			return -ENOMEM;
1210

D
David Spinadel 已提交
1211 1212 1213 1214 1215 1216 1217
	return 0;
}

static int validate_sec_sizes(struct iwl_drv *drv,
			      struct iwl_firmware_pieces *pieces,
			      const struct iwl_cfg *cfg)
{
1218
	IWL_DEBUG_INFO(drv, "f/w package hdr runtime inst size = %zd\n",
D
David Spinadel 已提交
1219 1220
		get_sec_size(pieces, IWL_UCODE_REGULAR,
			     IWL_UCODE_SECTION_INST));
1221
	IWL_DEBUG_INFO(drv, "f/w package hdr runtime data size = %zd\n",
D
David Spinadel 已提交
1222 1223
		get_sec_size(pieces, IWL_UCODE_REGULAR,
			     IWL_UCODE_SECTION_DATA));
1224
	IWL_DEBUG_INFO(drv, "f/w package hdr init inst size = %zd\n",
D
David Spinadel 已提交
1225
		get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST));
1226
	IWL_DEBUG_INFO(drv, "f/w package hdr init data size = %zd\n",
D
David Spinadel 已提交
1227 1228 1229 1230
		get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA));

	/* Verify that uCode images will fit in card's SRAM. */
	if (get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_INST) >
1231
	    cfg->max_inst_size) {
1232
		IWL_ERR(drv, "uCode instr len %zd too large to fit in\n",
D
David Spinadel 已提交
1233
			get_sec_size(pieces, IWL_UCODE_REGULAR,
1234
				     IWL_UCODE_SECTION_INST));
D
David Spinadel 已提交
1235 1236 1237 1238
		return -1;
	}

	if (get_sec_size(pieces, IWL_UCODE_REGULAR, IWL_UCODE_SECTION_DATA) >
1239
	    cfg->max_data_size) {
1240
		IWL_ERR(drv, "uCode data len %zd too large to fit in\n",
D
David Spinadel 已提交
1241
			get_sec_size(pieces, IWL_UCODE_REGULAR,
1242
				     IWL_UCODE_SECTION_DATA));
D
David Spinadel 已提交
1243 1244 1245
		return -1;
	}

1246 1247
	if (get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_INST) >
	     cfg->max_inst_size) {
1248
		IWL_ERR(drv, "uCode init instr len %zd too large to fit in\n",
D
David Spinadel 已提交
1249
			get_sec_size(pieces, IWL_UCODE_INIT,
1250
				     IWL_UCODE_SECTION_INST));
D
David Spinadel 已提交
1251 1252 1253 1254
		return -1;
	}

	if (get_sec_size(pieces, IWL_UCODE_INIT, IWL_UCODE_SECTION_DATA) >
1255
	    cfg->max_data_size) {
1256
		IWL_ERR(drv, "uCode init data len %zd too large to fit in\n",
D
David Spinadel 已提交
1257
			get_sec_size(pieces, IWL_UCODE_REGULAR,
1258
				     IWL_UCODE_SECTION_DATA));
D
David Spinadel 已提交
1259 1260 1261 1262 1263
		return -1;
	}
	return 0;
}

1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276
static struct iwl_op_mode *
_iwl_op_mode_start(struct iwl_drv *drv, struct iwlwifi_opmode_table *op)
{
	const struct iwl_op_mode_ops *ops = op->ops;
	struct dentry *dbgfs_dir = NULL;
	struct iwl_op_mode *op_mode = NULL;

#ifdef CONFIG_IWLWIFI_DEBUGFS
	drv->dbgfs_op_mode = debugfs_create_dir(op->name,
						drv->dbgfs_drv);
	dbgfs_dir = drv->dbgfs_op_mode;
#endif

1277
	op_mode = ops->start(drv->trans, drv->trans->cfg, &drv->fw, dbgfs_dir);
1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302

#ifdef CONFIG_IWLWIFI_DEBUGFS
	if (!op_mode) {
		debugfs_remove_recursive(drv->dbgfs_op_mode);
		drv->dbgfs_op_mode = NULL;
	}
#endif

	return op_mode;
}

static void _iwl_op_mode_stop(struct iwl_drv *drv)
{
	/* op_mode can be NULL if its start failed */
	if (drv->op_mode) {
		iwl_op_mode_stop(drv->op_mode);
		drv->op_mode = NULL;

#ifdef CONFIG_IWLWIFI_DEBUGFS
		debugfs_remove_recursive(drv->dbgfs_op_mode);
		drv->dbgfs_op_mode = NULL;
#endif
	}
}

1303
/**
1304
 * iwl_req_fw_callback - callback when firmware was loaded
1305 1306 1307 1308
 *
 * If loaded successfully, copies the firmware into buffers
 * for the card to fetch (via DMA).
 */
1309
static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
1310
{
J
Johannes Berg 已提交
1311 1312
	struct iwl_drv *drv = context;
	struct iwl_fw *fw = &drv->fw;
1313
	struct iwl_ucode_header *ucode;
1314
	struct iwlwifi_opmode_table *op;
1315
	int err;
1316
	struct iwl_firmware_pieces *pieces;
1317 1318
	const unsigned int api_max = drv->trans->cfg->ucode_api_max;
	const unsigned int api_min = drv->trans->cfg->ucode_api_min;
1319
	size_t trigger_tlv_sz[FW_DBG_TRIGGER_MAX];
1320
	u32 api_ver;
D
David Spinadel 已提交
1321
	int i;
1322
	bool load_module = false;
1323
	bool usniffer_images = false;
1324

1325
	fw->ucode_capa.max_probe_length = IWL_DEFAULT_MAX_PROBE_LENGTH;
1326 1327
	fw->ucode_capa.standard_phy_calibration_size =
			IWL_DEFAULT_STANDARD_PHY_CALIBRATE_TBL_SIZE;
1328
	fw->ucode_capa.n_scan_channels = IWL_DEFAULT_SCAN_CHANNELS;
1329 1330
	/* dump all fw memory areas by default */
	fw->dbg.dump_mask = 0xffffffff;
1331

1332 1333
	pieces = kzalloc(sizeof(*pieces), GFP_KERNEL);
	if (!pieces)
1334
		goto out_free_fw;
1335

1336
	if (!ucode_raw)
1337 1338
		goto try_again;

1339 1340
	IWL_DEBUG_FW_INFO(drv, "Loaded firmware file '%s' (%zd bytes).\n",
			  drv->firmware_name, ucode_raw->size);
1341 1342 1343

	/* Make sure that we got at least the API version number */
	if (ucode_raw->size < 4) {
J
Johannes Berg 已提交
1344
		IWL_ERR(drv, "File size way too small!\n");
1345 1346 1347 1348 1349 1350 1351
		goto try_again;
	}

	/* Data from ucode file:  header followed by uCode images */
	ucode = (struct iwl_ucode_header *)ucode_raw->data;

	if (ucode->ver)
1352
		err = iwl_parse_v1_v2_firmware(drv, ucode_raw, pieces);
1353
	else
1354
		err = iwl_parse_tlv_firmware(drv, ucode_raw, pieces,
1355
					     &fw->ucode_capa, &usniffer_images);
1356 1357 1358 1359

	if (err)
		goto try_again;

1360 1361 1362 1363
	if (fw_has_api(&drv->fw.ucode_capa, IWL_UCODE_TLV_API_NEW_VERSION))
		api_ver = drv->fw.ucode_ver;
	else
		api_ver = IWL_UCODE_API(drv->fw.ucode_ver);
1364 1365 1366 1367 1368 1369

	/*
	 * api_ver should match the api version forming part of the
	 * firmware filename ... but we don't check for that and only rely
	 * on the API version read from firmware header from here on forward
	 */
1370 1371 1372 1373 1374 1375
	if (api_ver < api_min || api_ver > api_max) {
		IWL_ERR(drv,
			"Driver unable to support your firmware API. "
			"Driver supports v%u, firmware is v%u.\n",
			api_max, api_ver);
		goto try_again;
1376 1377
	}

1378 1379 1380 1381
	/*
	 * In mvm uCode there is no difference between data and instructions
	 * sections.
	 */
1382 1383
	if (fw->type == IWL_FW_DVM && validate_sec_sizes(drv, pieces,
							 drv->trans->cfg))
1384 1385 1386 1387 1388 1389
		goto try_again;

	/* Allocate ucode buffers for card's bus-master loading ... */

	/* Runtime instructions and 2 copies of data:
	 * 1) unmodified from disk
1390 1391
	 * 2) backup cache for save/restore during power-downs
	 */
D
David Spinadel 已提交
1392
	for (i = 0; i < IWL_UCODE_TYPE_MAX; i++)
1393
		if (iwl_alloc_ucode(drv, pieces, i))
1394
			goto out_free_fw;
1395

1396
	if (pieces->dbg_dest_tlv_init) {
1397 1398 1399
		size_t dbg_dest_size = sizeof(*drv->fw.dbg.dest_tlv) +
			sizeof(drv->fw.dbg.dest_tlv->reg_ops[0]) *
			drv->fw.dbg.n_dest_reg;
1400

1401
		drv->fw.dbg.dest_tlv = kmalloc(dbg_dest_size, GFP_KERNEL);
1402

1403
		if (!drv->fw.dbg.dest_tlv)
1404
			goto out_free_fw;
1405 1406

		if (*pieces->dbg_dest_ver == 0) {
1407
			memcpy(drv->fw.dbg.dest_tlv, pieces->dbg_dest_tlv_v1,
1408 1409 1410
			       dbg_dest_size);
		} else {
			struct iwl_fw_dbg_dest_tlv_v1 *dest_tlv =
1411
				drv->fw.dbg.dest_tlv;
1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425

			dest_tlv->version = pieces->dbg_dest_tlv->version;
			dest_tlv->monitor_mode =
				pieces->dbg_dest_tlv->monitor_mode;
			dest_tlv->size_power =
				pieces->dbg_dest_tlv->size_power;
			dest_tlv->wrap_count =
				pieces->dbg_dest_tlv->wrap_count;
			dest_tlv->write_ptr_reg =
				pieces->dbg_dest_tlv->write_ptr_reg;
			dest_tlv->base_shift =
				pieces->dbg_dest_tlv->base_shift;
			memcpy(dest_tlv->reg_ops,
			       pieces->dbg_dest_tlv->reg_ops,
1426 1427
			       sizeof(drv->fw.dbg.dest_tlv->reg_ops[0]) *
			       drv->fw.dbg.n_dest_reg);
1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440

			/* In version 1 of the destination tlv, which is
			 * relevant for internal buffer exclusively,
			 * the base address is part of given with the length
			 * of the buffer, and the size shift is give instead of
			 * end shift. We now store these values in base_reg,
			 * and end shift, and when dumping the data we'll
			 * manipulate it for extracting both the length and
			 * base address */
			dest_tlv->base_reg = pieces->dbg_dest_tlv->cfg_reg;
			dest_tlv->end_shift =
				pieces->dbg_dest_tlv->size_shift;
		}
1441 1442
	}

1443
	for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.conf_tlv); i++) {
1444
		if (pieces->dbg_conf_tlv[i]) {
1445
			drv->fw.dbg.conf_tlv[i] =
1446
				kmemdup(pieces->dbg_conf_tlv[i],
1447
					pieces->dbg_conf_tlv_len[i],
1448
					GFP_KERNEL);
1449
			if (!pieces->dbg_conf_tlv_len[i])
1450 1451 1452 1453
				goto out_free_fw;
		}
	}

1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468
	memset(&trigger_tlv_sz, 0xff, sizeof(trigger_tlv_sz));

	trigger_tlv_sz[FW_DBG_TRIGGER_MISSED_BEACONS] =
		sizeof(struct iwl_fw_dbg_trigger_missed_bcon);
	trigger_tlv_sz[FW_DBG_TRIGGER_CHANNEL_SWITCH] = 0;
	trigger_tlv_sz[FW_DBG_TRIGGER_FW_NOTIF] =
		sizeof(struct iwl_fw_dbg_trigger_cmd);
	trigger_tlv_sz[FW_DBG_TRIGGER_MLME] =
		sizeof(struct iwl_fw_dbg_trigger_mlme);
	trigger_tlv_sz[FW_DBG_TRIGGER_STATS] =
		sizeof(struct iwl_fw_dbg_trigger_stats);
	trigger_tlv_sz[FW_DBG_TRIGGER_RSSI] =
		sizeof(struct iwl_fw_dbg_trigger_low_rssi);
	trigger_tlv_sz[FW_DBG_TRIGGER_TXQ_TIMERS] =
		sizeof(struct iwl_fw_dbg_trigger_txq_timer);
1469 1470
	trigger_tlv_sz[FW_DBG_TRIGGER_TIME_EVENT] =
		sizeof(struct iwl_fw_dbg_trigger_time_event);
1471 1472
	trigger_tlv_sz[FW_DBG_TRIGGER_BA] =
		sizeof(struct iwl_fw_dbg_trigger_ba);
1473 1474
	trigger_tlv_sz[FW_DBG_TRIGGER_TDLS] =
		sizeof(struct iwl_fw_dbg_trigger_tdls);
1475

1476
	for (i = 0; i < ARRAY_SIZE(drv->fw.dbg.trigger_tlv); i++) {
1477
		if (pieces->dbg_trigger_tlv[i]) {
1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488
			/*
			 * If the trigger isn't long enough, WARN and exit.
			 * Someone is trying to debug something and he won't
			 * be able to catch the bug he is trying to chase.
			 * We'd better be noisy to be sure he knows what's
			 * going on.
			 */
			if (WARN_ON(pieces->dbg_trigger_tlv_len[i] <
				    (trigger_tlv_sz[i] +
				     sizeof(struct iwl_fw_dbg_trigger_tlv))))
				goto out_free_fw;
1489
			drv->fw.dbg.trigger_tlv_len[i] =
1490
				pieces->dbg_trigger_tlv_len[i];
1491
			drv->fw.dbg.trigger_tlv[i] =
1492
				kmemdup(pieces->dbg_trigger_tlv[i],
1493
					drv->fw.dbg.trigger_tlv_len[i],
1494
					GFP_KERNEL);
1495
			if (!drv->fw.dbg.trigger_tlv[i])
1496 1497 1498 1499
				goto out_free_fw;
		}
	}

1500 1501
	/* Now that we can no longer fail, copy information */

1502
	drv->fw.dbg.mem_tlv = pieces->dbg_mem_tlv;
1503
	pieces->dbg_mem_tlv = NULL;
1504
	drv->fw.dbg.n_mem_tlv = pieces->n_mem_tlv;
1505

1506 1507 1508 1509 1510
	/*
	 * The (size - 16) / 12 formula is based on the information recorded
	 * for each event, which is of mode 1 (including timestamp) for all
	 * new microcodes that include this information.
	 */
1511 1512 1513
	fw->init_evtlog_ptr = pieces->init_evtlog_ptr;
	if (pieces->init_evtlog_size)
		fw->init_evtlog_size = (pieces->init_evtlog_size - 16)/12;
1514
	else
1515
		fw->init_evtlog_size =
1516
			drv->trans->cfg->base_params->max_event_log_size;
1517 1518 1519 1520
	fw->init_errlog_ptr = pieces->init_errlog_ptr;
	fw->inst_evtlog_ptr = pieces->inst_evtlog_ptr;
	if (pieces->inst_evtlog_size)
		fw->inst_evtlog_size = (pieces->inst_evtlog_size - 16)/12;
1521
	else
1522
		fw->inst_evtlog_size =
1523
			drv->trans->cfg->base_params->max_event_log_size;
1524
	fw->inst_errlog_ptr = pieces->inst_errlog_ptr;
1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537

	/*
	 * figure out the offset of chain noise reset and gain commands
	 * base on the size of standard phy calibration commands table size
	 */
	if (fw->ucode_capa.standard_phy_calibration_size >
	    IWL_MAX_PHY_CALIBRATE_TBL_SIZE)
		fw->ucode_capa.standard_phy_calibration_size =
			IWL_MAX_STANDARD_PHY_CALIBRATE_TBL_SIZE;

	/* We have our copies now, allow OS release its copies */
	release_firmware(ucode_raw);

J
Johannes Berg 已提交
1538
	mutex_lock(&iwlwifi_opmode_table_mtx);
1539 1540
	switch (fw->type) {
	case IWL_FW_DVM:
J
Johannes Berg 已提交
1541
		op = &iwlwifi_opmode_table[DVM_OP_MODE];
1542 1543 1544
		break;
	default:
		WARN(1, "Invalid fw type %d\n", fw->type);
J
Johannes Berg 已提交
1545
		/* fall through */
1546 1547 1548 1549
	case IWL_FW_MVM:
		op = &iwlwifi_opmode_table[MVM_OP_MODE];
		break;
	}
1550

1551 1552 1553
	IWL_INFO(drv, "loaded firmware version %s op_mode %s\n",
		 drv->fw.fw_version, op->name);

1554 1555 1556 1557
	/* add this device to the list of devices using this op_mode */
	list_add_tail(&drv->list, &op->drv);

	if (op->ops) {
1558
		drv->op_mode = _iwl_op_mode_start(drv, op);
1559

D
Dan Carpenter 已提交
1560 1561
		if (!drv->op_mode) {
			mutex_unlock(&iwlwifi_opmode_table_mtx);
1562
			goto out_unbind;
D
Dan Carpenter 已提交
1563
		}
1564
	} else {
1565
		load_module = true;
1566
	}
J
Johannes Berg 已提交
1567
	mutex_unlock(&iwlwifi_opmode_table_mtx);
1568

1569 1570 1571 1572 1573 1574
	/*
	 * Complete the firmware request last so that
	 * a driver unbind (stop) doesn't run while we
	 * are doing the start() above.
	 */
	complete(&drv->request_firmware_complete);
1575 1576 1577 1578 1579 1580

	/*
	 * Load the module last so we don't block anything
	 * else from proceeding if the module fails to load
	 * or hangs loading.
	 */
1581
	if (load_module) {
1582
		request_module("%s", op->name);
1583
#ifdef CONFIG_IWLWIFI_OPMODE_MODULAR
1584 1585 1586 1587
		if (err)
			IWL_ERR(drv,
				"failed to load module %s (error %d), is dynamic loading enabled?\n",
				op->name, err);
1588
#endif
1589
	}
1590
	goto free;
1591 1592 1593 1594

 try_again:
	/* try next, if any */
	release_firmware(ucode_raw);
J
Johannes Berg 已提交
1595
	if (iwl_request_firmware(drv, false))
1596
		goto out_unbind;
1597
	goto free;
1598

1599
 out_free_fw:
1600 1601
	release_firmware(ucode_raw);
 out_unbind:
J
Johannes Berg 已提交
1602
	complete(&drv->request_firmware_complete);
1603
	device_release_driver(drv->trans->dev);
1604
 free:
1605 1606 1607 1608 1609 1610
	if (pieces) {
		for (i = 0; i < ARRAY_SIZE(pieces->img); i++)
			kfree(pieces->img[i].sec);
		kfree(pieces->dbg_mem_tlv);
		kfree(pieces);
	}
1611 1612
}

1613
struct iwl_drv *iwl_drv_start(struct iwl_trans *trans)
1614
{
J
Johannes Berg 已提交
1615
	struct iwl_drv *drv;
1616 1617
	int ret;

J
Johannes Berg 已提交
1618
	drv = kzalloc(sizeof(*drv), GFP_KERNEL);
1619 1620 1621 1622
	if (!drv) {
		ret = -ENOMEM;
		goto err;
	}
1623

1624
	drv->trans = trans;
1625
	drv->dev = trans->dev;
1626

J
Johannes Berg 已提交
1627
	init_completion(&drv->request_firmware_complete);
J
Johannes Berg 已提交
1628
	INIT_LIST_HEAD(&drv->list);
1629

1630 1631 1632 1633 1634 1635 1636 1637 1638
#ifdef CONFIG_IWLWIFI_DEBUGFS
	/* Create the device debugfs entries. */
	drv->dbgfs_drv = debugfs_create_dir(dev_name(trans->dev),
					    iwl_dbgfs_root);

	/* Create transport layer debugfs dir */
	drv->trans->dbgfs_dir = debugfs_create_dir("trans", drv->dbgfs_drv);
#endif

J
Johannes Berg 已提交
1639
	ret = iwl_request_firmware(drv, true);
1640
	if (ret) {
1641
		IWL_ERR(trans, "Couldn't request the fw\n");
1642
		goto err_fw;
1643 1644
	}

1645 1646 1647 1648 1649
	return drv;

err_fw:
#ifdef CONFIG_IWLWIFI_DEBUGFS
	debugfs_remove_recursive(drv->dbgfs_drv);
1650
	iwl_fw_dbg_free(drv->trans);
1651 1652
#endif
	kfree(drv);
1653
err:
1654
	return ERR_PTR(ret);
1655 1656
}

1657
void iwl_drv_stop(struct iwl_drv *drv)
1658
{
J
Johannes Berg 已提交
1659
	wait_for_completion(&drv->request_firmware_complete);
1660

1661
	_iwl_op_mode_stop(drv);
1662

J
Johannes Berg 已提交
1663
	iwl_dealloc_ucode(drv);
1664

J
Johannes Berg 已提交
1665 1666 1667 1668 1669 1670 1671 1672 1673 1674
	mutex_lock(&iwlwifi_opmode_table_mtx);
	/*
	 * List is empty (this item wasn't added)
	 * when firmware loading failed -- in that
	 * case we can't remove it from any list.
	 */
	if (!list_empty(&drv->list))
		list_del(&drv->list);
	mutex_unlock(&iwlwifi_opmode_table_mtx);

1675
#ifdef CONFIG_IWLWIFI_DEBUGFS
1676 1677
	drv->trans->ops->debugfs_cleanup(drv->trans);

1678 1679 1680
	debugfs_remove_recursive(drv->dbgfs_drv);
#endif

1681 1682
	iwl_fw_dbg_free(drv->trans);

J
Johannes Berg 已提交
1683
	kfree(drv);
1684
}
1685 1686 1687 1688


/* shared module parameters */
struct iwl_mod_params iwlwifi_mod_params = {
1689
	.fw_restart = true,
1690 1691
	.bt_coex_active = true,
	.power_level = IWL_POWER_INDEX_1,
1692
	.d0i3_disable = true,
1693
	.d0i3_timeout = 1000,
1694
	.uapsd_disable = IWL_DISABLE_UAPSD_BSS | IWL_DISABLE_UAPSD_P2P_CLIENT,
1695 1696
	/* the rest are 0 by default */
};
1697
IWL_EXPORT_SYMBOL(iwlwifi_mod_params);
1698 1699 1700 1701 1702

int iwl_opmode_register(const char *name, const struct iwl_op_mode_ops *ops)
{
	int i;
	struct iwl_drv *drv;
1703
	struct iwlwifi_opmode_table *op;
1704

J
Johannes Berg 已提交
1705
	mutex_lock(&iwlwifi_opmode_table_mtx);
1706
	for (i = 0; i < ARRAY_SIZE(iwlwifi_opmode_table); i++) {
1707 1708
		op = &iwlwifi_opmode_table[i];
		if (strcmp(op->name, name))
1709
			continue;
1710 1711 1712 1713 1714
		op->ops = ops;
		/* TODO: need to handle exceptional case */
		list_for_each_entry(drv, &op->drv, list)
			drv->op_mode = _iwl_op_mode_start(drv, op);

J
Johannes Berg 已提交
1715
		mutex_unlock(&iwlwifi_opmode_table_mtx);
1716 1717
		return 0;
	}
J
Johannes Berg 已提交
1718
	mutex_unlock(&iwlwifi_opmode_table_mtx);
1719 1720
	return -EIO;
}
1721
IWL_EXPORT_SYMBOL(iwl_opmode_register);
1722 1723 1724 1725 1726 1727

void iwl_opmode_deregister(const char *name)
{
	int i;
	struct iwl_drv *drv;

J
Johannes Berg 已提交
1728
	mutex_lock(&iwlwifi_opmode_table_mtx);
1729 1730 1731 1732 1733 1734
	for (i = 0; i < ARRAY_SIZE(iwlwifi_opmode_table); i++) {
		if (strcmp(iwlwifi_opmode_table[i].name, name))
			continue;
		iwlwifi_opmode_table[i].ops = NULL;

		/* call the stop routine for all devices */
1735 1736 1737
		list_for_each_entry(drv, &iwlwifi_opmode_table[i].drv, list)
			_iwl_op_mode_stop(drv);

J
Johannes Berg 已提交
1738
		mutex_unlock(&iwlwifi_opmode_table_mtx);
1739 1740
		return;
	}
J
Johannes Berg 已提交
1741
	mutex_unlock(&iwlwifi_opmode_table_mtx);
1742
}
1743
IWL_EXPORT_SYMBOL(iwl_opmode_deregister);
1744 1745 1746 1747 1748

static int __init iwl_drv_init(void)
{
	int i;

J
Johannes Berg 已提交
1749 1750
	mutex_init(&iwlwifi_opmode_table_mtx);

1751 1752 1753
	for (i = 0; i < ARRAY_SIZE(iwlwifi_opmode_table); i++)
		INIT_LIST_HEAD(&iwlwifi_opmode_table[i].drv);

J
Johannes Berg 已提交
1754
	pr_info(DRV_DESCRIPTION "\n");
1755 1756
	pr_info(DRV_COPYRIGHT "\n");

1757 1758 1759 1760 1761
#ifdef CONFIG_IWLWIFI_DEBUGFS
	/* Create the root of iwlwifi debugfs subsystem. */
	iwl_dbgfs_root = debugfs_create_dir(DRV_NAME, NULL);
#endif

1762 1763 1764 1765 1766 1767 1768
	return iwl_pci_register_driver();
}
module_init(iwl_drv_init);

static void __exit iwl_drv_exit(void)
{
	iwl_pci_unregister_driver();
1769 1770 1771 1772

#ifdef CONFIG_IWLWIFI_DEBUGFS
	debugfs_remove_recursive(iwl_dbgfs_root);
#endif
1773 1774
}
module_exit(iwl_drv_exit);
1775 1776

#ifdef CONFIG_IWLWIFI_DEBUG
1777
module_param_named(debug, iwlwifi_mod_params.debug_level, uint, 0644);
1778 1779 1780
MODULE_PARM_DESC(debug, "debug output mask");
#endif

1781
module_param_named(swcrypto, iwlwifi_mod_params.swcrypto, int, 0444);
1782
MODULE_PARM_DESC(swcrypto, "using crypto in software (default 0 [hardware])");
1783
module_param_named(11n_disable, iwlwifi_mod_params.disable_11n, uint, 0444);
1784
MODULE_PARM_DESC(11n_disable,
1785
	"disable 11n functionality, bitmap: 1: full, 2: disable agg TX, 4: disable agg RX, 8 enable agg TX");
1786
module_param_named(amsdu_size, iwlwifi_mod_params.amsdu_size, int, 0444);
1787
MODULE_PARM_DESC(amsdu_size,
1788 1789
		 "amsdu size 0: 12K for multi Rx queue devices, 2K for 22560 devices, "
		 "4K for other devices 1:4K 2:8K 3:12K 4: 2K (default 0)");
1790
module_param_named(fw_restart, iwlwifi_mod_params.fw_restart, bool, 0444);
1791
MODULE_PARM_DESC(fw_restart, "restart firmware in case of error (default true)");
1792

1793
module_param_named(antenna_coupling, iwlwifi_mod_params.antenna_coupling,
1794
		   int, 0444);
1795
MODULE_PARM_DESC(antenna_coupling,
1796
		 "specify antenna coupling in dB (default: 0 dB)");
1797

1798
module_param_named(nvm_file, iwlwifi_mod_params.nvm_file, charp, 0444);
1799 1800
MODULE_PARM_DESC(nvm_file, "NVM file name");

1801
module_param_named(d0i3_disable, iwlwifi_mod_params.d0i3_disable, bool, 0444);
1802 1803
MODULE_PARM_DESC(d0i3_disable, "disable d0i3 functionality (default: Y)");

1804
module_param_named(lar_disable, iwlwifi_mod_params.lar_disable, bool, 0444);
1805 1806
MODULE_PARM_DESC(lar_disable, "disable LAR functionality (default: N)");

1807
module_param_named(uapsd_disable, iwlwifi_mod_params.uapsd_disable, uint, 0644);
1808 1809
MODULE_PARM_DESC(uapsd_disable,
		 "disable U-APSD functionality bitmap 1: BSS 2: P2P Client (default: 3)");
1810 1811 1812 1813
module_param_named(enable_ini, iwlwifi_mod_params.enable_ini,
		   bool, S_IRUGO | S_IWUSR);
MODULE_PARM_DESC(enable_ini,
		 "Enable debug INI TLV FW debug infrastructure (default: 0");
1814

1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831
/*
 * set bt_coex_active to true, uCode will do kill/defer
 * every time the priority line is asserted (BT is sending signals on the
 * priority line in the PCIx).
 * set bt_coex_active to false, uCode will ignore the BT activity and
 * perform the normal operation
 *
 * User might experience transmit issue on some platform due to WiFi/BT
 * co-exist problem. The possible behaviors are:
 *   Able to scan and finding all the available AP
 *   Not able to associate with any AP
 * On those platforms, WiFi communication can be restored by set
 * "bt_coex_active" module parameter to "false"
 *
 * default: bt_coex_active = true (BT_COEX_ENABLE)
 */
module_param_named(bt_coex_active, iwlwifi_mod_params.bt_coex_active,
1832
		   bool, 0444);
1833 1834
MODULE_PARM_DESC(bt_coex_active, "enable wifi/bt co-exist (default: enable)");

1835
module_param_named(led_mode, iwlwifi_mod_params.led_mode, int, 0444);
1836 1837 1838
MODULE_PARM_DESC(led_mode, "0=system default, "
		"1=On(RF On)/Off(RF Off), 2=blinking, 3=Off (default: 0)");

1839
module_param_named(power_save, iwlwifi_mod_params.power_save, bool, 0444);
1840 1841 1842
MODULE_PARM_DESC(power_save,
		 "enable WiFi power management (default: disable)");

1843
module_param_named(power_level, iwlwifi_mod_params.power_level, int, 0444);
1844 1845
MODULE_PARM_DESC(power_level,
		 "default power save level (range from 1 - 5, default: 1)");
1846

1847
module_param_named(fw_monitor, iwlwifi_mod_params.fw_monitor, bool, 0444);
1848
MODULE_PARM_DESC(fw_monitor,
1849
		 "firmware monitor - to debug FW (default: false - needs lots of memory)");
1850

1851
module_param_named(d0i3_timeout, iwlwifi_mod_params.d0i3_timeout, uint, 0444);
1852
MODULE_PARM_DESC(d0i3_timeout, "Timeout to D0i3 entry when idle (ms)");
1853

1854
module_param_named(disable_11ac, iwlwifi_mod_params.disable_11ac, bool, 0444);
1855
MODULE_PARM_DESC(disable_11ac, "Disable VHT capabilities (default: false)");
1856 1857 1858 1859 1860 1861

module_param_named(remove_when_gone,
		   iwlwifi_mod_params.remove_when_gone, bool,
		   0444);
MODULE_PARM_DESC(remove_when_gone,
		 "Remove dev from PCIe bus if it is deemed inaccessible (default: false)");
1862 1863 1864 1865

module_param_named(disable_11ax, iwlwifi_mod_params.disable_11ax, bool,
		   S_IRUGO);
MODULE_PARM_DESC(disable_11ax, "Disable HE capabilities (default: false)");