LXR linux/drivers/net/wireless/ath/carl9170/fw.c

   1/*
   2 * Atheros CARL9170 driver
   3 *
   4 * firmware parser
   5 *
   6 * Copyright 2009, 2010, Christian Lamparter <chunkeey@googlemail.com>
   7 *
   8 * This program is free software; you can redistribute it and/or modify
   9 * it under the terms of the GNU General Public License as published by
  10 * the Free Software Foundation; either version 2 of the License, or
  11 * (at your option) any later version.
  12 *
  13 * This program is distributed in the hope that it will be useful,
  14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16 * GNU General Public License for more details.
  17 *
  18 * You should have received a copy of the GNU General Public License
  19 * along with this program; see the file COPYING.  If not, see
  20 * http://www.gnu.org/licenses/.
  21 */
  22
  23#include <linux/kernel.h>
  24#include <linux/firmware.h>
  25#include <linux/crc32.h>
  26#include <linux/module.h>
  27#include "carl9170.h"
  28#include "fwcmd.h"
  29#include "version.h"
  30
  31static const u8 otus_magic[4] = { OTUS_MAGIC };
  32
  33static const void *carl9170_fw_find_desc(struct ar9170 *ar, const u8 descid[4],
  34        const unsigned int len, const u8 compatible_revision)
  35{
  36        const struct carl9170fw_desc_head *iter;
  37
  38        carl9170fw_for_each_hdr(iter, ar->fw.desc) {
  39                if (carl9170fw_desc_cmp(iter, descid, len,
  40                                        compatible_revision))
  41                        return (void *)iter;
  42        }
  43
  44        /* needed to find the LAST desc */
  45        if (carl9170fw_desc_cmp(iter, descid, len,
  46                                compatible_revision))
  47                return (void *)iter;
  48
  49        return NULL;
  50}
  51
  52static int carl9170_fw_verify_descs(struct ar9170 *ar,
  53        const struct carl9170fw_desc_head *head, unsigned int max_len)
  54{
  55        const struct carl9170fw_desc_head *pos;
  56        unsigned long pos_addr, end_addr;
  57        unsigned int pos_length;
  58
  59        if (max_len < sizeof(*pos))
  60                return -ENODATA;
  61
  62        max_len = min_t(unsigned int, CARL9170FW_DESC_MAX_LENGTH, max_len);
  63
  64        pos = head;
  65        pos_addr = (unsigned long) pos;
  66        end_addr = pos_addr + max_len;
  67
  68        while (pos_addr < end_addr) {
  69                if (pos_addr + sizeof(*head) > end_addr)
  70                        return -E2BIG;
  71
  72                pos_length = le16_to_cpu(pos->length);
  73
  74                if (pos_length < sizeof(*head))
  75                        return -EBADMSG;
  76
  77                if (pos_length > max_len)
  78                        return -EOVERFLOW;
  79
  80                if (pos_addr + pos_length > end_addr)
  81                        return -EMSGSIZE;
  82
  83                if (carl9170fw_desc_cmp(pos, LAST_MAGIC,
  84                                        CARL9170FW_LAST_DESC_SIZE,
  85                                        CARL9170FW_LAST_DESC_CUR_VER))
  86                        return 0;
  87
  88                pos_addr += pos_length;
  89                pos = (void *)pos_addr;
  90                max_len -= pos_length;
  91        }
  92        return -EINVAL;
  93}
  94
  95static void carl9170_fw_info(struct ar9170 *ar)
  96{
  97        const struct carl9170fw_motd_desc *motd_desc;
  98        unsigned int str_ver_len;
  99        u32 fw_date;
 100
 101        dev_info(&ar->udev->dev, "driver   API: %s 2%03d-%02d-%02d [%d-%d]\n",
 102                CARL9170FW_VERSION_GIT, CARL9170FW_VERSION_YEAR,
 103                CARL9170FW_VERSION_MONTH, CARL9170FW_VERSION_DAY,
 104                CARL9170FW_API_MIN_VER, CARL9170FW_API_MAX_VER);
 105
 106        motd_desc = carl9170_fw_find_desc(ar, MOTD_MAGIC,
 107                sizeof(*motd_desc), CARL9170FW_MOTD_DESC_CUR_VER);
 108
 109        if (motd_desc) {
 110                str_ver_len = strnlen(motd_desc->release,
 111                        CARL9170FW_MOTD_RELEASE_LEN);
 112
 113                fw_date = le32_to_cpu(motd_desc->fw_year_month_day);
 114
 115                dev_info(&ar->udev->dev, "firmware API: %.*s 2%03d-%02d-%02d\n",
 116                         str_ver_len, motd_desc->release,
 117                         CARL9170FW_GET_YEAR(fw_date),
 118                         CARL9170FW_GET_MONTH(fw_date),
 119                         CARL9170FW_GET_DAY(fw_date));
 120
 121                strlcpy(ar->hw->wiphy->fw_version, motd_desc->release,
 122                        sizeof(ar->hw->wiphy->fw_version));
 123        }
 124}
 125
 126static bool valid_dma_addr(const u32 address)
 127{
 128        if (address >= AR9170_SRAM_OFFSET &&
 129            address < (AR9170_SRAM_OFFSET + AR9170_SRAM_SIZE))
 130                return true;
 131
 132        return false;
 133}
 134
 135static bool valid_cpu_addr(const u32 address)
 136{
 137        if (valid_dma_addr(address) || (address >= AR9170_PRAM_OFFSET &&
 138            address < (AR9170_PRAM_OFFSET + AR9170_PRAM_SIZE)))
 139                return true;
 140
 141        return false;
 142}
 143
 144static int carl9170_fw_checksum(struct ar9170 *ar, const __u8 *data,
 145                                size_t len)
 146{
 147        const struct carl9170fw_otus_desc *otus_desc;
 148        const struct carl9170fw_last_desc *last_desc;
 149        const struct carl9170fw_chk_desc *chk_desc;
 150        unsigned long fin, diff;
 151        unsigned int dsc_len;
 152        u32 crc32;
 153
 154        last_desc = carl9170_fw_find_desc(ar, LAST_MAGIC,
 155                sizeof(*last_desc), CARL9170FW_LAST_DESC_CUR_VER);
 156        if (!last_desc)
 157                return -EINVAL;
 158
 159        otus_desc = carl9170_fw_find_desc(ar, OTUS_MAGIC,
 160                sizeof(*otus_desc), CARL9170FW_OTUS_DESC_CUR_VER);
 161        if (!otus_desc) {
 162                dev_err(&ar->udev->dev, "failed to find compatible firmware "
 163                        "descriptor.\n");
 164                return -ENODATA;
 165        }
 166
 167        chk_desc = carl9170_fw_find_desc(ar, CHK_MAGIC,
 168                sizeof(*chk_desc), CARL9170FW_CHK_DESC_CUR_VER);
 169
 170        if (!chk_desc) {
 171                dev_warn(&ar->udev->dev, "Unprotected firmware image.\n");
 172                return 0;
 173        }
 174
 175        dsc_len = min_t(unsigned int, len,
 176                        (unsigned long)chk_desc - (unsigned long)otus_desc);
 177
 178        fin = (unsigned long) last_desc + sizeof(*last_desc);
 179        diff = fin - (unsigned long) otus_desc;
 180
 181        if (diff < len)
 182                len -= diff;
 183
 184        if (len < 256)
 185                return -EIO;
 186
 187        crc32 = crc32_le(~0, data, len);
 188        if (cpu_to_le32(crc32) != chk_desc->fw_crc32) {
 189                dev_err(&ar->udev->dev, "fw checksum test failed.\n");
 190                return -ENOEXEC;
 191        }
 192
 193        crc32 = crc32_le(crc32, (void *)otus_desc, dsc_len);
 194        if (cpu_to_le32(crc32) != chk_desc->hdr_crc32) {
 195                dev_err(&ar->udev->dev, "descriptor check failed.\n");
 196                return -EINVAL;
 197        }
 198        return 0;
 199}
 200
 201static int carl9170_fw_tx_sequence(struct ar9170 *ar)
 202{
 203        const struct carl9170fw_txsq_desc *txsq_desc;
 204
 205        txsq_desc = carl9170_fw_find_desc(ar, TXSQ_MAGIC, sizeof(*txsq_desc),
 206                                          CARL9170FW_TXSQ_DESC_CUR_VER);
 207        if (txsq_desc) {
 208                ar->fw.tx_seq_table = le32_to_cpu(txsq_desc->seq_table_addr);
 209                if (!valid_cpu_addr(ar->fw.tx_seq_table))
 210                        return -EINVAL;
 211        } else {
 212                ar->fw.tx_seq_table = 0;
 213        }
 214
 215        return 0;
 216}
 217
 218static void carl9170_fw_set_if_combinations(struct ar9170 *ar,
 219                                            u16 if_comb_types)
 220{
 221        if (ar->fw.vif_num < 2)
 222                return;
 223
 224        ar->if_comb_limits[0].max = ar->fw.vif_num;
 225        ar->if_comb_limits[0].types = if_comb_types;
 226
 227        ar->if_combs[0].num_different_channels = 1;
 228        ar->if_combs[0].max_interfaces = ar->fw.vif_num;
 229        ar->if_combs[0].limits = ar->if_comb_limits;
 230        ar->if_combs[0].n_limits = ARRAY_SIZE(ar->if_comb_limits);
 231
 232        ar->hw->wiphy->iface_combinations = ar->if_combs;
 233        ar->hw->wiphy->n_iface_combinations = ARRAY_SIZE(ar->if_combs);
 234}
 235
 236static int carl9170_fw(struct ar9170 *ar, const __u8 *data, size_t len)
 237{
 238        const struct carl9170fw_otus_desc *otus_desc;
 239        int err;
 240        u16 if_comb_types;
 241
 242        err = carl9170_fw_checksum(ar, data, len);
 243        if (err)
 244                return err;
 245
 246        otus_desc = carl9170_fw_find_desc(ar, OTUS_MAGIC,
 247                sizeof(*otus_desc), CARL9170FW_OTUS_DESC_CUR_VER);
 248        if (!otus_desc) {
 249                return -ENODATA;
 250        }
 251
 252#define SUPP(feat)                                              \
 253        (carl9170fw_supports(otus_desc->feature_set, feat))
 254
 255        if (!SUPP(CARL9170FW_DUMMY_FEATURE)) {
 256                dev_err(&ar->udev->dev, "invalid firmware descriptor "
 257                        "format detected.\n");
 258                return -EINVAL;
 259        }
 260
 261        ar->fw.api_version = otus_desc->api_ver;
 262
 263        if (ar->fw.api_version < CARL9170FW_API_MIN_VER ||
 264            ar->fw.api_version > CARL9170FW_API_MAX_VER) {
 265                dev_err(&ar->udev->dev, "unsupported firmware api version.\n");
 266                return -EINVAL;
 267        }
 268
 269        if (!SUPP(CARL9170FW_COMMAND_PHY) || SUPP(CARL9170FW_UNUSABLE) ||
 270            !SUPP(CARL9170FW_HANDLE_BACK_REQ)) {
 271                dev_err(&ar->udev->dev, "firmware does support "
 272                        "mandatory features.\n");
 273                return -ECANCELED;
 274        }
 275
 276        if (ilog2(le32_to_cpu(otus_desc->feature_set)) >=
 277                __CARL9170FW_FEATURE_NUM) {
 278                dev_warn(&ar->udev->dev, "driver does not support all "
 279                         "firmware features.\n");
 280        }
 281
 282        if (!SUPP(CARL9170FW_COMMAND_CAM)) {
 283                dev_info(&ar->udev->dev, "crypto offloading is disabled "
 284                         "by firmware.\n");
 285                ar->fw.disable_offload_fw = true;
 286        }
 287
 288        if (SUPP(CARL9170FW_PSM) && SUPP(CARL9170FW_FIXED_5GHZ_PSM))
 289                ar->hw->flags |= IEEE80211_HW_SUPPORTS_PS;
 290
 291        if (!SUPP(CARL9170FW_USB_INIT_FIRMWARE)) {
 292                dev_err(&ar->udev->dev, "firmware does not provide "
 293                        "mandatory interfaces.\n");
 294                return -EINVAL;
 295        }
 296
 297        if (SUPP(CARL9170FW_MINIBOOT))
 298                ar->fw.offset = le16_to_cpu(otus_desc->miniboot_size);
 299        else
 300                ar->fw.offset = 0;
 301
 302        if (SUPP(CARL9170FW_USB_DOWN_STREAM)) {
 303                ar->hw->extra_tx_headroom += sizeof(struct ar9170_stream);
 304                ar->fw.tx_stream = true;
 305        }
 306
 307        if (SUPP(CARL9170FW_USB_UP_STREAM))
 308                ar->fw.rx_stream = true;
 309
 310        if (SUPP(CARL9170FW_RX_FILTER)) {
 311                ar->fw.rx_filter = true;
 312                ar->rx_filter_caps = FIF_FCSFAIL | FIF_PLCPFAIL |
 313                        FIF_CONTROL | FIF_PSPOLL | FIF_OTHER_BSS |
 314                        FIF_PROMISC_IN_BSS;
 315        }
 316
 317        if (SUPP(CARL9170FW_HW_COUNTERS))
 318                ar->fw.hw_counters = true;
 319
 320        if (SUPP(CARL9170FW_WOL))
 321                device_set_wakeup_enable(&ar->udev->dev, true);
 322
 323        if (SUPP(CARL9170FW_RX_BA_FILTER))
 324                ar->fw.ba_filter = true;
 325
 326        if_comb_types = BIT(NL80211_IFTYPE_STATION) |
 327                        BIT(NL80211_IFTYPE_P2P_CLIENT);
 328
 329        ar->fw.vif_num = otus_desc->vif_num;
 330        ar->fw.cmd_bufs = otus_desc->cmd_bufs;
 331        ar->fw.address = le32_to_cpu(otus_desc->fw_address);
 332        ar->fw.rx_size = le16_to_cpu(otus_desc->rx_max_frame_len);
 333        ar->fw.mem_blocks = min_t(unsigned int, otus_desc->tx_descs, 0xfe);
 334        atomic_set(&ar->mem_free_blocks, ar->fw.mem_blocks);
 335        ar->fw.mem_block_size = le16_to_cpu(otus_desc->tx_frag_len);
 336
 337        if (ar->fw.vif_num >= AR9170_MAX_VIRTUAL_MAC || !ar->fw.vif_num ||
 338            ar->fw.mem_blocks < 16 || !ar->fw.cmd_bufs ||
 339            ar->fw.mem_block_size < 64 || ar->fw.mem_block_size > 512 ||
 340            ar->fw.rx_size > 32768 || ar->fw.rx_size < 4096 ||
 341            !valid_cpu_addr(ar->fw.address)) {
 342                dev_err(&ar->udev->dev, "firmware shows obvious signs of "
 343                        "malicious tampering.\n");
 344                return -EINVAL;
 345        }
 346
 347        ar->fw.beacon_addr = le32_to_cpu(otus_desc->bcn_addr);
 348        ar->fw.beacon_max_len = le16_to_cpu(otus_desc->bcn_len);
 349
 350        if (valid_dma_addr(ar->fw.beacon_addr) && ar->fw.beacon_max_len >=
 351            AR9170_MAC_BCN_LENGTH_MAX) {
 352                ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
 353
 354                if (SUPP(CARL9170FW_WLANTX_CAB)) {
 355                        if_comb_types |=
 356                                BIT(NL80211_IFTYPE_AP) |
 357                                BIT(NL80211_IFTYPE_P2P_GO);
 358
 359#ifdef CONFIG_MAC80211_MESH
 360                        if_comb_types |=
 361                                BIT(NL80211_IFTYPE_MESH_POINT);
 362#endif /* CONFIG_MAC80211_MESH */
 363                }
 364        }
 365
 366        carl9170_fw_set_if_combinations(ar, if_comb_types);
 367
 368        ar->hw->wiphy->interface_modes |= if_comb_types;
 369
 370        ar->hw->wiphy->flags &= ~WIPHY_FLAG_PS_ON_BY_DEFAULT;
 371
 372        /* As IBSS Encryption is software-based, IBSS RSN is supported. */
 373        ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL |
 374                 WIPHY_FLAG_IBSS_RSN | WIPHY_FLAG_SUPPORTS_TDLS;
 375
 376#undef SUPPORTED
 377        return carl9170_fw_tx_sequence(ar);
 378}
 379
 380static struct carl9170fw_desc_head *
 381carl9170_find_fw_desc(struct ar9170 *ar, const __u8 *fw_data, const size_t len)
 382
 383{
 384        int scan = 0, found = 0;
 385
 386        if (!carl9170fw_size_check(len)) {
 387                dev_err(&ar->udev->dev, "firmware size is out of bound.\n");
 388                return NULL;
 389        }
 390
 391        while (scan < len - sizeof(struct carl9170fw_desc_head)) {
 392                if (fw_data[scan++] == otus_magic[found])
 393                        found++;
 394                else
 395                        found = 0;
 396
 397                if (scan >= len)
 398                        break;
 399
 400                if (found == sizeof(otus_magic))
 401                        break;
 402        }
 403
 404        if (found != sizeof(otus_magic))
 405                return NULL;
 406
 407        return (void *)&fw_data[scan - found];
 408}
 409
 410int carl9170_parse_firmware(struct ar9170 *ar)
 411{
 412        const struct carl9170fw_desc_head *fw_desc = NULL;
 413        const struct firmware *fw = ar->fw.fw;
 414        unsigned long header_offset = 0;
 415        int err;
 416
 417        if (WARN_ON(!fw))
 418                return -EINVAL;
 419
 420        fw_desc = carl9170_find_fw_desc(ar, fw->data, fw->size);
 421
 422        if (!fw_desc) {
 423                dev_err(&ar->udev->dev, "unsupported firmware.\n");
 424                return -ENODATA;
 425        }
 426
 427        header_offset = (unsigned long)fw_desc - (unsigned long)fw->data;
 428
 429        err = carl9170_fw_verify_descs(ar, fw_desc, fw->size - header_offset);
 430        if (err) {
 431                dev_err(&ar->udev->dev, "damaged firmware (%d).\n", err);
 432                return err;
 433        }
 434
 435        ar->fw.desc = fw_desc;
 436
 437        carl9170_fw_info(ar);
 438
 439        err = carl9170_fw(ar, fw->data, fw->size);
 440        if (err) {
 441                dev_err(&ar->udev->dev, "failed to parse firmware (%d).\n",
 442                        err);
 443                return err;
 444        }
 445
 446        return 0;
 447}
 448