1 // SPDX-License-Identifier: BSD-3-Clause-Clear 2 /* 3 * Copyright (c) 2018-2019 The Linux Foundation. All rights reserved. 4 * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved. 5 */ 6 7 #include "testmode.h" 8 #include <net/netlink.h> 9 #include "debug.h" 10 #include "wmi.h" 11 #include "hw.h" 12 #include "core.h" 13 #include "testmode_i.h" 14 15 #define ATH11K_FTM_SEGHDR_CURRENT_SEQ GENMASK(3, 0) 16 #define ATH11K_FTM_SEGHDR_TOTAL_SEGMENTS GENMASK(7, 4) 17 18 static const struct nla_policy ath11k_tm_policy[ATH11K_TM_ATTR_MAX + 1] = { 19 [ATH11K_TM_ATTR_CMD] = { .type = NLA_U32 }, 20 [ATH11K_TM_ATTR_DATA] = { .type = NLA_BINARY, 21 .len = ATH11K_TM_DATA_MAX_LEN }, 22 [ATH11K_TM_ATTR_WMI_CMDID] = { .type = NLA_U32 }, 23 [ATH11K_TM_ATTR_VERSION_MAJOR] = { .type = NLA_U32 }, 24 [ATH11K_TM_ATTR_VERSION_MINOR] = { .type = NLA_U32 }, 25 }; 26 27 static struct ath11k *ath11k_tm_get_ar(struct ath11k_base *ab) 28 { 29 struct ath11k_pdev *pdev; 30 struct ath11k *ar = NULL; 31 int i; 32 33 for (i = 0; i < ab->num_radios; i++) { 34 pdev = &ab->pdevs[i]; 35 ar = pdev->ar; 36 37 if (ar && ar->state == ATH11K_STATE_FTM) 38 break; 39 } 40 41 return ar; 42 } 43 44 /* This function handles unsegmented events. Data in various events are aggregated 45 * in application layer, this event is unsegmented from host perspective. 46 */ 47 static void ath11k_tm_wmi_event_unsegmented(struct ath11k_base *ab, u32 cmd_id, 48 struct sk_buff *skb) 49 { 50 struct sk_buff *nl_skb; 51 struct ath11k *ar; 52 53 ath11k_dbg(ab, ATH11K_DBG_TESTMODE, 54 "event wmi cmd_id %d skb length %d\n", 55 cmd_id, skb->len); 56 ath11k_dbg_dump(ab, ATH11K_DBG_TESTMODE, NULL, "", skb->data, skb->len); 57 58 ar = ath11k_tm_get_ar(ab); 59 if (!ar) { 60 ath11k_warn(ab, "testmode event not handled due to invalid pdev\n"); 61 return; 62 } 63 64 spin_lock_bh(&ar->data_lock); 65 66 nl_skb = cfg80211_testmode_alloc_event_skb(ar->hw->wiphy, 67 2 * nla_total_size(sizeof(u32)) + 68 nla_total_size(skb->len), 69 GFP_ATOMIC); 70 if (!nl_skb) { 71 ath11k_warn(ab, 72 "failed to allocate skb for unsegmented testmode wmi event\n"); 73 goto out; 74 } 75 76 if (nla_put_u32(nl_skb, ATH11K_TM_ATTR_CMD, ATH11K_TM_CMD_WMI) || 77 nla_put_u32(nl_skb, ATH11K_TM_ATTR_WMI_CMDID, cmd_id) || 78 nla_put(nl_skb, ATH11K_TM_ATTR_DATA, skb->len, skb->data)) { 79 ath11k_warn(ab, "failed to populate testmode unsegmented event\n"); 80 kfree_skb(nl_skb); 81 goto out; 82 } 83 84 cfg80211_testmode_event(nl_skb, GFP_ATOMIC); 85 spin_unlock_bh(&ar->data_lock); 86 return; 87 88 out: 89 spin_unlock_bh(&ar->data_lock); 90 ath11k_warn(ab, "Failed to send testmode event to higher layers\n"); 91 } 92 93 /* This function handles segmented events. Data of various events received 94 * from firmware is aggregated and sent to application layer 95 */ 96 static int ath11k_tm_process_event(struct ath11k_base *ab, u32 cmd_id, 97 const struct wmi_ftm_event_msg *ftm_msg, 98 u16 length) 99 { 100 struct sk_buff *nl_skb; 101 int ret = 0; 102 struct ath11k *ar; 103 u8 const *buf_pos; 104 u16 datalen; 105 u8 total_segments, current_seq; 106 u32 data_pos; 107 u32 pdev_id; 108 109 ath11k_dbg(ab, ATH11K_DBG_TESTMODE, 110 "event wmi cmd_id %d ftm event msg %pK datalen %d\n", 111 cmd_id, ftm_msg, length); 112 ath11k_dbg_dump(ab, ATH11K_DBG_TESTMODE, NULL, "", ftm_msg, length); 113 pdev_id = DP_HW2SW_MACID(ftm_msg->seg_hdr.pdev_id); 114 115 if (pdev_id >= ab->num_radios) { 116 ath11k_warn(ab, "testmode event not handled due to invalid pdev id: %d\n", 117 pdev_id); 118 return -EINVAL; 119 } 120 121 ar = ab->pdevs[pdev_id].ar; 122 if (!ar) { 123 ath11k_warn(ab, "testmode event not handled due to absence of pdev\n"); 124 return -ENODEV; 125 } 126 127 current_seq = FIELD_GET(ATH11K_FTM_SEGHDR_CURRENT_SEQ, 128 ftm_msg->seg_hdr.segmentinfo); 129 total_segments = FIELD_GET(ATH11K_FTM_SEGHDR_TOTAL_SEGMENTS, 130 ftm_msg->seg_hdr.segmentinfo); 131 datalen = length - (sizeof(struct wmi_ftm_seg_hdr)); 132 buf_pos = ftm_msg->data; 133 134 spin_lock_bh(&ar->data_lock); 135 136 if (current_seq == 0) { 137 ab->testmode.expected_seq = 0; 138 ab->testmode.data_pos = 0; 139 } 140 141 data_pos = ab->testmode.data_pos; 142 143 if ((data_pos + datalen) > ATH11K_FTM_EVENT_MAX_BUF_LENGTH) { 144 ath11k_warn(ab, "Invalid ftm event length at %d: %d\n", 145 data_pos, datalen); 146 ret = -EINVAL; 147 goto out; 148 } 149 150 memcpy(&ab->testmode.eventdata[data_pos], buf_pos, datalen); 151 data_pos += datalen; 152 153 if (++ab->testmode.expected_seq != total_segments) { 154 ab->testmode.data_pos = data_pos; 155 ath11k_dbg(ab, ATH11K_DBG_TESTMODE, 156 "partial data received current_seq %d total_seg %d\n", 157 current_seq, total_segments); 158 goto out; 159 } 160 161 ath11k_dbg(ab, ATH11K_DBG_TESTMODE, 162 "total data length pos %d len %d\n", 163 data_pos, ftm_msg->seg_hdr.len); 164 nl_skb = cfg80211_testmode_alloc_event_skb(ar->hw->wiphy, 165 2 * nla_total_size(sizeof(u32)) + 166 nla_total_size(data_pos), 167 GFP_ATOMIC); 168 if (!nl_skb) { 169 ath11k_warn(ab, 170 "failed to allocate skb for segmented testmode wmi event\n"); 171 ret = -ENOMEM; 172 goto out; 173 } 174 175 if (nla_put_u32(nl_skb, ATH11K_TM_ATTR_CMD, 176 ATH11K_TM_CMD_WMI_FTM) || 177 nla_put_u32(nl_skb, ATH11K_TM_ATTR_WMI_CMDID, cmd_id) || 178 nla_put(nl_skb, ATH11K_TM_ATTR_DATA, data_pos, 179 &ab->testmode.eventdata[0])) { 180 ath11k_warn(ab, "failed to populate segmented testmode event"); 181 kfree_skb(nl_skb); 182 ret = -ENOBUFS; 183 goto out; 184 } 185 186 cfg80211_testmode_event(nl_skb, GFP_ATOMIC); 187 188 out: 189 spin_unlock_bh(&ar->data_lock); 190 return ret; 191 } 192 193 static void ath11k_tm_wmi_event_segmented(struct ath11k_base *ab, u32 cmd_id, 194 struct sk_buff *skb) 195 { 196 const void **tb; 197 const struct wmi_ftm_event_msg *ev; 198 u16 length; 199 int ret; 200 201 tb = ath11k_wmi_tlv_parse_alloc(ab, skb, GFP_ATOMIC); 202 if (IS_ERR(tb)) { 203 ret = PTR_ERR(tb); 204 ath11k_warn(ab, "failed to parse ftm event tlv: %d\n", ret); 205 return; 206 } 207 208 ev = tb[WMI_TAG_ARRAY_BYTE]; 209 if (!ev) { 210 ath11k_warn(ab, "failed to fetch ftm msg\n"); 211 kfree(tb); 212 return; 213 } 214 215 length = skb->len - TLV_HDR_SIZE; 216 ret = ath11k_tm_process_event(ab, cmd_id, ev, length); 217 if (ret) 218 ath11k_warn(ab, "Failed to process ftm event\n"); 219 220 kfree(tb); 221 } 222 223 void ath11k_tm_wmi_event(struct ath11k_base *ab, u32 cmd_id, struct sk_buff *skb) 224 { 225 if (test_bit(ATH11K_FLAG_FTM_SEGMENTED, &ab->dev_flags)) 226 ath11k_tm_wmi_event_segmented(ab, cmd_id, skb); 227 else 228 ath11k_tm_wmi_event_unsegmented(ab, cmd_id, skb); 229 } 230 231 static int ath11k_tm_cmd_get_version(struct ath11k *ar, struct nlattr *tb[]) 232 { 233 struct sk_buff *skb; 234 int ret; 235 236 ath11k_dbg(ar->ab, ATH11K_DBG_TESTMODE, 237 "cmd get version_major %d version_minor %d\n", 238 ATH11K_TESTMODE_VERSION_MAJOR, 239 ATH11K_TESTMODE_VERSION_MINOR); 240 241 skb = cfg80211_testmode_alloc_reply_skb(ar->hw->wiphy, 242 nla_total_size(sizeof(u32))); 243 if (!skb) 244 return -ENOMEM; 245 246 ret = nla_put_u32(skb, ATH11K_TM_ATTR_VERSION_MAJOR, 247 ATH11K_TESTMODE_VERSION_MAJOR); 248 if (ret) { 249 kfree_skb(skb); 250 return ret; 251 } 252 253 ret = nla_put_u32(skb, ATH11K_TM_ATTR_VERSION_MINOR, 254 ATH11K_TESTMODE_VERSION_MINOR); 255 if (ret) { 256 kfree_skb(skb); 257 return ret; 258 } 259 260 return cfg80211_testmode_reply(skb); 261 } 262 263 static int ath11k_tm_cmd_testmode_start(struct ath11k *ar, struct nlattr *tb[]) 264 { 265 int ret; 266 267 mutex_lock(&ar->conf_mutex); 268 269 if (ar->state == ATH11K_STATE_FTM) { 270 ret = -EALREADY; 271 goto err; 272 } 273 274 /* start utf only when the driver is not in use */ 275 if (ar->state != ATH11K_STATE_OFF) { 276 ret = -EBUSY; 277 goto err; 278 } 279 280 ar->ab->testmode.eventdata = kzalloc(ATH11K_FTM_EVENT_MAX_BUF_LENGTH, 281 GFP_KERNEL); 282 if (!ar->ab->testmode.eventdata) { 283 ret = -ENOMEM; 284 goto err; 285 } 286 287 ar->state = ATH11K_STATE_FTM; 288 ar->ftm_msgref = 0; 289 290 mutex_unlock(&ar->conf_mutex); 291 292 ath11k_dbg(ar->ab, ATH11K_DBG_TESTMODE, "cmd start\n"); 293 return 0; 294 295 err: 296 mutex_unlock(&ar->conf_mutex); 297 return ret; 298 } 299 300 static int ath11k_tm_cmd_wmi(struct ath11k *ar, struct nlattr *tb[], 301 struct ieee80211_vif *vif) 302 { 303 struct ath11k_pdev_wmi *wmi = ar->wmi; 304 struct sk_buff *skb; 305 struct ath11k_vif *arvif; 306 u32 cmd_id, buf_len; 307 int ret, tag; 308 void *buf; 309 u32 *ptr; 310 311 mutex_lock(&ar->conf_mutex); 312 313 if (!tb[ATH11K_TM_ATTR_DATA]) { 314 ret = -EINVAL; 315 goto out; 316 } 317 318 if (!tb[ATH11K_TM_ATTR_WMI_CMDID]) { 319 ret = -EINVAL; 320 goto out; 321 } 322 323 buf = nla_data(tb[ATH11K_TM_ATTR_DATA]); 324 buf_len = nla_len(tb[ATH11K_TM_ATTR_DATA]); 325 if (!buf_len) { 326 ath11k_warn(ar->ab, "No data present in testmode wmi command\n"); 327 ret = -EINVAL; 328 goto out; 329 } 330 331 cmd_id = nla_get_u32(tb[ATH11K_TM_ATTR_WMI_CMDID]); 332 333 /* Make sure that the buffer length is long enough to 334 * hold TLV and pdev/vdev id. 335 */ 336 if (buf_len < sizeof(struct wmi_tlv) + sizeof(u32)) { 337 ret = -EINVAL; 338 goto out; 339 } 340 341 ptr = buf; 342 tag = FIELD_GET(WMI_TLV_TAG, *ptr); 343 344 /* pdev/vdev id start after TLV header */ 345 ptr++; 346 347 if (tag == WMI_TAG_PDEV_SET_PARAM_CMD) 348 *ptr = ar->pdev->pdev_id; 349 350 if (ar->ab->fw_mode != ATH11K_FIRMWARE_MODE_FTM && 351 (tag == WMI_TAG_VDEV_SET_PARAM_CMD || tag == WMI_TAG_UNIT_TEST_CMD)) { 352 if (vif) { 353 arvif = ath11k_vif_to_arvif(vif); 354 *ptr = arvif->vdev_id; 355 } else { 356 ret = -EINVAL; 357 goto out; 358 } 359 } 360 361 ath11k_dbg(ar->ab, ATH11K_DBG_TESTMODE, 362 "cmd wmi cmd_id %d buf length %d\n", 363 cmd_id, buf_len); 364 365 ath11k_dbg_dump(ar->ab, ATH11K_DBG_TESTMODE, NULL, "", buf, buf_len); 366 367 skb = ath11k_wmi_alloc_skb(wmi->wmi_ab, buf_len); 368 if (!skb) { 369 ret = -ENOMEM; 370 goto out; 371 } 372 373 memcpy(skb->data, buf, buf_len); 374 375 ret = ath11k_wmi_cmd_send(wmi, skb, cmd_id); 376 if (ret) { 377 dev_kfree_skb(skb); 378 ath11k_warn(ar->ab, "failed to transmit wmi command (testmode): %d\n", 379 ret); 380 goto out; 381 } 382 383 ret = 0; 384 385 out: 386 mutex_unlock(&ar->conf_mutex); 387 return ret; 388 } 389 390 static int ath11k_tm_cmd_wmi_ftm(struct ath11k *ar, struct nlattr *tb[]) 391 { 392 struct ath11k_pdev_wmi *wmi = ar->wmi; 393 struct ath11k_base *ab = ar->ab; 394 struct sk_buff *skb; 395 u32 cmd_id, buf_len, hdr_info; 396 int ret; 397 void *buf; 398 u8 segnumber = 0, seginfo; 399 u16 chunk_len, total_bytes, num_segments; 400 u8 *bufpos; 401 struct wmi_ftm_cmd *ftm_cmd; 402 403 set_bit(ATH11K_FLAG_FTM_SEGMENTED, &ab->dev_flags); 404 405 mutex_lock(&ar->conf_mutex); 406 407 if (ar->state != ATH11K_STATE_FTM) { 408 ret = -ENETDOWN; 409 goto out; 410 } 411 412 if (!tb[ATH11K_TM_ATTR_DATA]) { 413 ret = -EINVAL; 414 goto out; 415 } 416 417 buf = nla_data(tb[ATH11K_TM_ATTR_DATA]); 418 buf_len = nla_len(tb[ATH11K_TM_ATTR_DATA]); 419 cmd_id = WMI_PDEV_UTF_CMDID; 420 421 ath11k_dbg(ar->ab, ATH11K_DBG_TESTMODE, 422 "cmd wmi ftm cmd_id %d buffer length %d\n", 423 cmd_id, buf_len); 424 ath11k_dbg_dump(ar->ab, ATH11K_DBG_TESTMODE, NULL, "", buf, buf_len); 425 426 bufpos = buf; 427 total_bytes = buf_len; 428 num_segments = total_bytes / MAX_WMI_UTF_LEN; 429 430 if (buf_len - (num_segments * MAX_WMI_UTF_LEN)) 431 num_segments++; 432 433 while (buf_len) { 434 chunk_len = min_t(u16, buf_len, MAX_WMI_UTF_LEN); 435 436 skb = ath11k_wmi_alloc_skb(wmi->wmi_ab, (chunk_len + 437 sizeof(struct wmi_ftm_cmd))); 438 if (!skb) { 439 ret = -ENOMEM; 440 goto out; 441 } 442 443 ftm_cmd = (struct wmi_ftm_cmd *)skb->data; 444 hdr_info = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_BYTE) | 445 FIELD_PREP(WMI_TLV_LEN, (chunk_len + 446 sizeof(struct wmi_ftm_seg_hdr))); 447 ftm_cmd->tlv_header = hdr_info; 448 ftm_cmd->seg_hdr.len = total_bytes; 449 ftm_cmd->seg_hdr.msgref = ar->ftm_msgref; 450 seginfo = FIELD_PREP(ATH11K_FTM_SEGHDR_TOTAL_SEGMENTS, num_segments) | 451 FIELD_PREP(ATH11K_FTM_SEGHDR_CURRENT_SEQ, segnumber); 452 ftm_cmd->seg_hdr.segmentinfo = seginfo; 453 segnumber++; 454 455 memcpy(&ftm_cmd->data, bufpos, chunk_len); 456 457 ret = ath11k_wmi_cmd_send(wmi, skb, cmd_id); 458 if (ret) { 459 ath11k_warn(ar->ab, "failed to send wmi ftm command: %d\n", ret); 460 goto out; 461 } 462 463 buf_len -= chunk_len; 464 bufpos += chunk_len; 465 } 466 467 ar->ftm_msgref++; 468 ret = 0; 469 470 out: 471 mutex_unlock(&ar->conf_mutex); 472 return ret; 473 } 474 475 int ath11k_tm_cmd(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 476 void *data, int len) 477 { 478 struct ath11k *ar = hw->priv; 479 struct nlattr *tb[ATH11K_TM_ATTR_MAX + 1]; 480 int ret; 481 482 ret = nla_parse(tb, ATH11K_TM_ATTR_MAX, data, len, ath11k_tm_policy, 483 NULL); 484 if (ret) 485 return ret; 486 487 if (!tb[ATH11K_TM_ATTR_CMD]) 488 return -EINVAL; 489 490 switch (nla_get_u32(tb[ATH11K_TM_ATTR_CMD])) { 491 case ATH11K_TM_CMD_GET_VERSION: 492 return ath11k_tm_cmd_get_version(ar, tb); 493 case ATH11K_TM_CMD_WMI: 494 return ath11k_tm_cmd_wmi(ar, tb, vif); 495 case ATH11K_TM_CMD_TESTMODE_START: 496 return ath11k_tm_cmd_testmode_start(ar, tb); 497 case ATH11K_TM_CMD_WMI_FTM: 498 return ath11k_tm_cmd_wmi_ftm(ar, tb); 499 default: 500 return -EOPNOTSUPP; 501 } 502 } 503