1 /*
2  * Copyright (c) 2014-2017 Qualcomm Atheros, Inc.
3  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
4  *
5  * Permission to use, copy, modify, and/or distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 /* Algorithmic part of the firmware download.
19  * To be included in the container file providing framework
20  */
21 
22 #define wil_err_fw(wil, fmt, arg...) wil_err(wil, "ERR[ FW ]" fmt, ##arg)
23 #define wil_dbg_fw(wil, fmt, arg...) wil_dbg(wil, "DBG[ FW ]" fmt, ##arg)
24 #define wil_hex_dump_fw(prefix_str, prefix_type, rowsize,		\
25 			groupsize, buf, len, ascii)			\
26 			print_hex_dump_debug("DBG[ FW ]" prefix_str,	\
27 					     prefix_type, rowsize,	\
28 					     groupsize, buf, len, ascii)
29 
30 static bool wil_fw_addr_check(struct wil6210_priv *wil,
31 			      void __iomem **ioaddr, __le32 val,
32 			      u32 size, const char *msg)
33 {
34 	*ioaddr = wmi_buffer_block(wil, val, size);
35 	if (!(*ioaddr)) {
36 		wil_err_fw(wil, "bad %s: 0x%08x\n", msg, le32_to_cpu(val));
37 		return false;
38 	}
39 	return true;
40 }
41 
42 /**
43  * wil_fw_verify - verify firmware file validity
44  *
45  * perform various checks for the firmware file header.
46  * records are not validated.
47  *
48  * Return file size or negative error
49  */
50 static int wil_fw_verify(struct wil6210_priv *wil, const u8 *data, size_t size)
51 {
52 	const struct wil_fw_record_head *hdr = (const void *)data;
53 	struct wil_fw_record_file_header fh;
54 	const struct wil_fw_record_file_header *fh_;
55 	u32 crc;
56 	u32 dlen;
57 
58 	if (size % 4) {
59 		wil_err_fw(wil, "image size not aligned: %zu\n", size);
60 		return -EINVAL;
61 	}
62 	/* have enough data for the file header? */
63 	if (size < sizeof(*hdr) + sizeof(fh)) {
64 		wil_err_fw(wil, "file too short: %zu bytes\n", size);
65 		return -EINVAL;
66 	}
67 
68 	/* start with the file header? */
69 	if (le16_to_cpu(hdr->type) != wil_fw_type_file_header) {
70 		wil_err_fw(wil, "no file header\n");
71 		return -EINVAL;
72 	}
73 
74 	/* data_len */
75 	fh_ = (struct wil_fw_record_file_header *)&hdr[1];
76 	dlen = le32_to_cpu(fh_->data_len);
77 	if (dlen % 4) {
78 		wil_err_fw(wil, "data length not aligned: %lu\n", (ulong)dlen);
79 		return -EINVAL;
80 	}
81 	if (size < dlen) {
82 		wil_err_fw(wil, "file truncated at %zu/%lu\n",
83 			   size, (ulong)dlen);
84 		return -EINVAL;
85 	}
86 	if (dlen < sizeof(*hdr) + sizeof(fh)) {
87 		wil_err_fw(wil, "data length too short: %lu\n", (ulong)dlen);
88 		return -EINVAL;
89 	}
90 
91 	/* signature */
92 	if (le32_to_cpu(fh_->signature) != WIL_FW_SIGNATURE) {
93 		wil_err_fw(wil, "bad header signature: 0x%08x\n",
94 			   le32_to_cpu(fh_->signature));
95 		return -EINVAL;
96 	}
97 
98 	/* version */
99 	if (le32_to_cpu(fh_->version) > WIL_FW_FMT_VERSION) {
100 		wil_err_fw(wil, "unsupported header version: %d\n",
101 			   le32_to_cpu(fh_->version));
102 		return -EINVAL;
103 	}
104 
105 	/* checksum. ~crc32(~0, data, size) when fh.crc set to 0*/
106 	fh = *fh_;
107 	fh.crc = 0;
108 
109 	crc = crc32_le(~0, (unsigned char const *)hdr, sizeof(*hdr));
110 	crc = crc32_le(crc, (unsigned char const *)&fh, sizeof(fh));
111 	crc = crc32_le(crc, (unsigned char const *)&fh_[1],
112 		       dlen - sizeof(*hdr) - sizeof(fh));
113 	crc = ~crc;
114 
115 	if (crc != le32_to_cpu(fh_->crc)) {
116 		wil_err_fw(wil, "checksum mismatch:"
117 			   " calculated for %lu bytes 0x%08x != 0x%08x\n",
118 			   (ulong)dlen, crc, le32_to_cpu(fh_->crc));
119 		return -EINVAL;
120 	}
121 
122 	return (int)dlen;
123 }
124 
125 static int fw_ignore_section(struct wil6210_priv *wil, const void *data,
126 			     size_t size)
127 {
128 	return 0;
129 }
130 
131 static int
132 fw_handle_capabilities(struct wil6210_priv *wil, const void *data,
133 		       size_t size)
134 {
135 	const struct wil_fw_record_capabilities *rec = data;
136 	size_t capa_size;
137 
138 	if (size < sizeof(*rec)) {
139 		wil_err_fw(wil, "capabilities record too short: %zu\n", size);
140 		/* let the FW load anyway */
141 		return 0;
142 	}
143 
144 	capa_size = size - offsetof(struct wil_fw_record_capabilities,
145 				    capabilities);
146 	bitmap_zero(wil->fw_capabilities, WMI_FW_CAPABILITY_MAX);
147 	memcpy(wil->fw_capabilities, rec->capabilities,
148 	       min_t(size_t, sizeof(wil->fw_capabilities), capa_size));
149 	wil_hex_dump_fw("CAPA", DUMP_PREFIX_OFFSET, 16, 1,
150 			rec->capabilities, capa_size, false);
151 	return 0;
152 }
153 
154 static int
155 fw_handle_brd_file(struct wil6210_priv *wil, const void *data,
156 		   size_t size)
157 {
158 	const struct wil_fw_record_brd_file *rec = data;
159 	u32 max_num_ent, i, ent_size;
160 
161 	if (size <= offsetof(struct wil_fw_record_brd_file, brd_info)) {
162 		wil_err(wil, "board record too short, size %zu\n", size);
163 		return -EINVAL;
164 	}
165 
166 	ent_size = size - offsetof(struct wil_fw_record_brd_file, brd_info);
167 	max_num_ent = ent_size / sizeof(struct brd_info);
168 
169 	if (!max_num_ent) {
170 		wil_err(wil, "brd info entries are missing\n");
171 		return -EINVAL;
172 	}
173 
174 	wil->brd_info = kcalloc(max_num_ent, sizeof(struct wil_brd_info),
175 				GFP_KERNEL);
176 	if (!wil->brd_info)
177 		return -ENOMEM;
178 
179 	for (i = 0; i < max_num_ent; i++) {
180 		wil->brd_info[i].file_addr =
181 			le32_to_cpu(rec->brd_info[i].base_addr);
182 		wil->brd_info[i].file_max_size =
183 			le32_to_cpu(rec->brd_info[i].max_size_bytes);
184 
185 		if (!wil->brd_info[i].file_addr)
186 			break;
187 
188 		wil_dbg_fw(wil,
189 			   "brd info %d: file_addr 0x%x, file_max_size %d\n",
190 			   i, wil->brd_info[i].file_addr,
191 			   wil->brd_info[i].file_max_size);
192 	}
193 
194 	wil->num_of_brd_entries = i;
195 	if (wil->num_of_brd_entries == 0) {
196 		kfree(wil->brd_info);
197 		wil->brd_info = NULL;
198 		wil_dbg_fw(wil,
199 			   "no valid brd info entries, using brd file addr\n");
200 
201 	} else {
202 		wil_dbg_fw(wil, "num of brd info entries %d\n",
203 			   wil->num_of_brd_entries);
204 	}
205 
206 	return 0;
207 }
208 
209 static int
210 fw_handle_concurrency(struct wil6210_priv *wil, const void *data,
211 		      size_t size)
212 {
213 	const struct wil_fw_record_concurrency *rec = data;
214 	const struct wil_fw_concurrency_combo *combo;
215 	const struct wil_fw_concurrency_limit *limit;
216 	size_t remain, lsize;
217 	int i, n_combos;
218 
219 	if (size < sizeof(*rec)) {
220 		wil_err_fw(wil, "concurrency record too short: %zu\n", size);
221 		/* continue, let the FW load anyway */
222 		return 0;
223 	}
224 
225 	n_combos = le16_to_cpu(rec->n_combos);
226 	remain = size - offsetof(struct wil_fw_record_concurrency, combos);
227 	combo = rec->combos;
228 	for (i = 0; i < n_combos; i++) {
229 		if (remain < sizeof(*combo))
230 			goto out_short;
231 		remain -= sizeof(*combo);
232 		limit = combo->limits;
233 		lsize = combo->n_limits * sizeof(*limit);
234 		if (remain < lsize)
235 			goto out_short;
236 		remain -= lsize;
237 		limit += combo->n_limits;
238 		combo = (struct wil_fw_concurrency_combo *)limit;
239 	}
240 
241 	return wil_cfg80211_iface_combinations_from_fw(wil, rec);
242 out_short:
243 	wil_err_fw(wil, "concurrency record truncated\n");
244 	return 0;
245 }
246 
247 static int
248 fw_handle_comment(struct wil6210_priv *wil, const void *data,
249 		  size_t size)
250 {
251 	const struct wil_fw_record_comment_hdr *hdr = data;
252 	u32 magic;
253 	int rc = 0;
254 
255 	if (size < sizeof(*hdr))
256 		return 0;
257 
258 	magic = le32_to_cpu(hdr->magic);
259 
260 	switch (magic) {
261 	case WIL_FW_CAPABILITIES_MAGIC:
262 		wil_dbg_fw(wil, "magic is WIL_FW_CAPABILITIES_MAGIC\n");
263 		rc = fw_handle_capabilities(wil, data, size);
264 		break;
265 	case WIL_BRD_FILE_MAGIC:
266 		wil_dbg_fw(wil, "magic is WIL_BRD_FILE_MAGIC\n");
267 		rc = fw_handle_brd_file(wil, data, size);
268 		break;
269 	case WIL_FW_CONCURRENCY_MAGIC:
270 		wil_dbg_fw(wil, "magic is WIL_FW_CONCURRENCY_MAGIC\n");
271 		rc = fw_handle_concurrency(wil, data, size);
272 		break;
273 	default:
274 		wil_hex_dump_fw("", DUMP_PREFIX_OFFSET, 16, 1,
275 				data, size, true);
276 	}
277 
278 	return rc;
279 }
280 
281 static int __fw_handle_data(struct wil6210_priv *wil, const void *data,
282 			    size_t size, __le32 addr)
283 {
284 	const struct wil_fw_record_data *d = data;
285 	void __iomem *dst;
286 	size_t s = size - sizeof(*d);
287 
288 	if (size < sizeof(*d) + sizeof(u32)) {
289 		wil_err_fw(wil, "data record too short: %zu\n", size);
290 		return -EINVAL;
291 	}
292 
293 	if (!wil_fw_addr_check(wil, &dst, addr, s, "address"))
294 		return -EINVAL;
295 	wil_dbg_fw(wil, "write [0x%08x] <== %zu bytes\n", le32_to_cpu(addr), s);
296 	wil_memcpy_toio_32(dst, d->data, s);
297 	wmb(); /* finish before processing next record */
298 
299 	return 0;
300 }
301 
302 static int fw_handle_data(struct wil6210_priv *wil, const void *data,
303 			  size_t size)
304 {
305 	const struct wil_fw_record_data *d = data;
306 
307 	return __fw_handle_data(wil, data, size, d->addr);
308 }
309 
310 static int fw_handle_fill(struct wil6210_priv *wil, const void *data,
311 			  size_t size)
312 {
313 	const struct wil_fw_record_fill *d = data;
314 	void __iomem *dst;
315 	u32 v;
316 	size_t s = (size_t)le32_to_cpu(d->size);
317 
318 	if (size != sizeof(*d)) {
319 		wil_err_fw(wil, "bad size for fill record: %zu\n", size);
320 		return -EINVAL;
321 	}
322 
323 	if (s < sizeof(u32)) {
324 		wil_err_fw(wil, "fill size too short: %zu\n", s);
325 		return -EINVAL;
326 	}
327 
328 	if (s % sizeof(u32)) {
329 		wil_err_fw(wil, "fill size not aligned: %zu\n", s);
330 		return -EINVAL;
331 	}
332 
333 	if (!wil_fw_addr_check(wil, &dst, d->addr, s, "address"))
334 		return -EINVAL;
335 
336 	v = le32_to_cpu(d->value);
337 	wil_dbg_fw(wil, "fill [0x%08x] <== 0x%08x, %zu bytes\n",
338 		   le32_to_cpu(d->addr), v, s);
339 	wil_memset_toio_32(dst, v, s);
340 	wmb(); /* finish before processing next record */
341 
342 	return 0;
343 }
344 
345 static int fw_handle_file_header(struct wil6210_priv *wil, const void *data,
346 				 size_t size)
347 {
348 	const struct wil_fw_record_file_header *d = data;
349 
350 	if (size != sizeof(*d)) {
351 		wil_err_fw(wil, "file header length incorrect: %zu\n", size);
352 		return -EINVAL;
353 	}
354 
355 	wil_dbg_fw(wil, "new file, ver. %d, %i bytes\n",
356 		   d->version, d->data_len);
357 	wil_hex_dump_fw("", DUMP_PREFIX_OFFSET, 16, 1, d->comment,
358 			sizeof(d->comment), true);
359 
360 	if (!memcmp(d->comment, WIL_FW_VERSION_PREFIX,
361 		    WIL_FW_VERSION_PREFIX_LEN))
362 		memcpy(wil->fw_version,
363 		       d->comment + WIL_FW_VERSION_PREFIX_LEN,
364 		       min(sizeof(d->comment) - WIL_FW_VERSION_PREFIX_LEN,
365 			   sizeof(wil->fw_version) - 1));
366 
367 	return 0;
368 }
369 
370 static int fw_handle_direct_write(struct wil6210_priv *wil, const void *data,
371 				  size_t size)
372 {
373 	const struct wil_fw_record_direct_write *d = data;
374 	const struct wil_fw_data_dwrite *block = d->data;
375 	int n, i;
376 
377 	if (size % sizeof(*block)) {
378 		wil_err_fw(wil, "record size not aligned on %zu: %zu\n",
379 			   sizeof(*block), size);
380 		return -EINVAL;
381 	}
382 	n = size / sizeof(*block);
383 
384 	for (i = 0; i < n; i++) {
385 		void __iomem *dst;
386 		u32 m = le32_to_cpu(block[i].mask);
387 		u32 v = le32_to_cpu(block[i].value);
388 		u32 x, y;
389 
390 		if (!wil_fw_addr_check(wil, &dst, block[i].addr, 0, "address"))
391 			return -EINVAL;
392 
393 		x = readl(dst);
394 		y = (x & m) | (v & ~m);
395 		wil_dbg_fw(wil, "write [0x%08x] <== 0x%08x "
396 			   "(old 0x%08x val 0x%08x mask 0x%08x)\n",
397 			   le32_to_cpu(block[i].addr), y, x, v, m);
398 		writel(y, dst);
399 		wmb(); /* finish before processing next record */
400 	}
401 
402 	return 0;
403 }
404 
405 static int gw_write(struct wil6210_priv *wil, void __iomem *gwa_addr,
406 		    void __iomem *gwa_cmd, void __iomem *gwa_ctl, u32 gw_cmd,
407 		    u32 a)
408 {
409 	unsigned delay = 0;
410 
411 	writel(a, gwa_addr);
412 	writel(gw_cmd, gwa_cmd);
413 	wmb(); /* finish before activate gw */
414 
415 	writel(WIL_FW_GW_CTL_RUN, gwa_ctl); /* activate gw */
416 	do {
417 		udelay(1); /* typical time is few usec */
418 		if (delay++ > 100) {
419 			wil_err_fw(wil, "gw timeout\n");
420 			return -EINVAL;
421 		}
422 	} while (readl(gwa_ctl) & WIL_FW_GW_CTL_BUSY); /* gw done? */
423 
424 	return 0;
425 }
426 
427 static int fw_handle_gateway_data(struct wil6210_priv *wil, const void *data,
428 				  size_t size)
429 {
430 	const struct wil_fw_record_gateway_data *d = data;
431 	const struct wil_fw_data_gw *block = d->data;
432 	void __iomem *gwa_addr;
433 	void __iomem *gwa_val;
434 	void __iomem *gwa_cmd;
435 	void __iomem *gwa_ctl;
436 	u32 gw_cmd;
437 	int n, i;
438 
439 	if (size < sizeof(*d) + sizeof(*block)) {
440 		wil_err_fw(wil, "gateway record too short: %zu\n", size);
441 		return -EINVAL;
442 	}
443 
444 	if ((size - sizeof(*d)) % sizeof(*block)) {
445 		wil_err_fw(wil, "gateway record data size"
446 			   " not aligned on %zu: %zu\n",
447 			   sizeof(*block), size - sizeof(*d));
448 		return -EINVAL;
449 	}
450 	n = (size - sizeof(*d)) / sizeof(*block);
451 
452 	gw_cmd = le32_to_cpu(d->command);
453 
454 	wil_dbg_fw(wil, "gw write record [%3d] blocks, cmd 0x%08x\n",
455 		   n, gw_cmd);
456 
457 	if (!wil_fw_addr_check(wil, &gwa_addr, d->gateway_addr_addr, 0,
458 			       "gateway_addr_addr") ||
459 	    !wil_fw_addr_check(wil, &gwa_val, d->gateway_value_addr, 0,
460 			       "gateway_value_addr") ||
461 	    !wil_fw_addr_check(wil, &gwa_cmd, d->gateway_cmd_addr, 0,
462 			       "gateway_cmd_addr") ||
463 	    !wil_fw_addr_check(wil, &gwa_ctl, d->gateway_ctrl_address, 0,
464 			       "gateway_ctrl_address"))
465 		return -EINVAL;
466 
467 	wil_dbg_fw(wil, "gw addresses: addr 0x%08x val 0x%08x"
468 		   " cmd 0x%08x ctl 0x%08x\n",
469 		   le32_to_cpu(d->gateway_addr_addr),
470 		   le32_to_cpu(d->gateway_value_addr),
471 		   le32_to_cpu(d->gateway_cmd_addr),
472 		   le32_to_cpu(d->gateway_ctrl_address));
473 
474 	for (i = 0; i < n; i++) {
475 		int rc;
476 		u32 a = le32_to_cpu(block[i].addr);
477 		u32 v = le32_to_cpu(block[i].value);
478 
479 		wil_dbg_fw(wil, "  gw write[%3d] [0x%08x] <== 0x%08x\n",
480 			   i, a, v);
481 
482 		writel(v, gwa_val);
483 		rc = gw_write(wil, gwa_addr, gwa_cmd, gwa_ctl, gw_cmd, a);
484 		if (rc)
485 			return rc;
486 	}
487 
488 	return 0;
489 }
490 
491 static int fw_handle_gateway_data4(struct wil6210_priv *wil, const void *data,
492 				   size_t size)
493 {
494 	const struct wil_fw_record_gateway_data4 *d = data;
495 	const struct wil_fw_data_gw4 *block = d->data;
496 	void __iomem *gwa_addr;
497 	void __iomem *gwa_val[ARRAY_SIZE(block->value)];
498 	void __iomem *gwa_cmd;
499 	void __iomem *gwa_ctl;
500 	u32 gw_cmd;
501 	int n, i, k;
502 
503 	if (size < sizeof(*d) + sizeof(*block)) {
504 		wil_err_fw(wil, "gateway4 record too short: %zu\n", size);
505 		return -EINVAL;
506 	}
507 
508 	if ((size - sizeof(*d)) % sizeof(*block)) {
509 		wil_err_fw(wil, "gateway4 record data size"
510 			   " not aligned on %zu: %zu\n",
511 			   sizeof(*block), size - sizeof(*d));
512 		return -EINVAL;
513 	}
514 	n = (size - sizeof(*d)) / sizeof(*block);
515 
516 	gw_cmd = le32_to_cpu(d->command);
517 
518 	wil_dbg_fw(wil, "gw4 write record [%3d] blocks, cmd 0x%08x\n",
519 		   n, gw_cmd);
520 
521 	if (!wil_fw_addr_check(wil, &gwa_addr, d->gateway_addr_addr, 0,
522 			       "gateway_addr_addr"))
523 		return -EINVAL;
524 	for (k = 0; k < ARRAY_SIZE(block->value); k++)
525 		if (!wil_fw_addr_check(wil, &gwa_val[k],
526 				       d->gateway_value_addr[k],
527 				       0, "gateway_value_addr"))
528 			return -EINVAL;
529 	if (!wil_fw_addr_check(wil, &gwa_cmd, d->gateway_cmd_addr, 0,
530 			       "gateway_cmd_addr") ||
531 	    !wil_fw_addr_check(wil, &gwa_ctl, d->gateway_ctrl_address, 0,
532 			       "gateway_ctrl_address"))
533 		return -EINVAL;
534 
535 	wil_dbg_fw(wil, "gw4 addresses: addr 0x%08x cmd 0x%08x ctl 0x%08x\n",
536 		   le32_to_cpu(d->gateway_addr_addr),
537 		   le32_to_cpu(d->gateway_cmd_addr),
538 		   le32_to_cpu(d->gateway_ctrl_address));
539 	wil_hex_dump_fw("val addresses: ", DUMP_PREFIX_NONE, 16, 4,
540 			d->gateway_value_addr, sizeof(d->gateway_value_addr),
541 			false);
542 
543 	for (i = 0; i < n; i++) {
544 		int rc;
545 		u32 a = le32_to_cpu(block[i].addr);
546 		u32 v[ARRAY_SIZE(block->value)];
547 
548 		for (k = 0; k < ARRAY_SIZE(block->value); k++)
549 			v[k] = le32_to_cpu(block[i].value[k]);
550 
551 		wil_dbg_fw(wil, "  gw4 write[%3d] [0x%08x] <==\n", i, a);
552 		wil_hex_dump_fw("    val ", DUMP_PREFIX_NONE, 16, 4, v,
553 				sizeof(v), false);
554 
555 		for (k = 0; k < ARRAY_SIZE(block->value); k++)
556 			writel(v[k], gwa_val[k]);
557 		rc = gw_write(wil, gwa_addr, gwa_cmd, gwa_ctl, gw_cmd, a);
558 		if (rc)
559 			return rc;
560 	}
561 
562 	return 0;
563 }
564 
565 static const struct {
566 	int type;
567 	int (*load_handler)(struct wil6210_priv *wil, const void *data,
568 			    size_t size);
569 	int (*parse_handler)(struct wil6210_priv *wil, const void *data,
570 			     size_t size);
571 } wil_fw_handlers[] = {
572 	{wil_fw_type_comment, fw_handle_comment, fw_handle_comment},
573 	{wil_fw_type_data, fw_handle_data, fw_ignore_section},
574 	{wil_fw_type_fill, fw_handle_fill, fw_ignore_section},
575 	/* wil_fw_type_action */
576 	/* wil_fw_type_verify */
577 	{wil_fw_type_file_header, fw_handle_file_header,
578 		fw_handle_file_header},
579 	{wil_fw_type_direct_write, fw_handle_direct_write, fw_ignore_section},
580 	{wil_fw_type_gateway_data, fw_handle_gateway_data, fw_ignore_section},
581 	{wil_fw_type_gateway_data4, fw_handle_gateway_data4,
582 		fw_ignore_section},
583 };
584 
585 static int wil_fw_handle_record(struct wil6210_priv *wil, int type,
586 				const void *data, size_t size, bool load)
587 {
588 	int i;
589 
590 	for (i = 0; i < ARRAY_SIZE(wil_fw_handlers); i++)
591 		if (wil_fw_handlers[i].type == type)
592 			return load ?
593 				wil_fw_handlers[i].load_handler(
594 					wil, data, size) :
595 				wil_fw_handlers[i].parse_handler(
596 					wil, data, size);
597 
598 	wil_err_fw(wil, "unknown record type: %d\n", type);
599 	return -EINVAL;
600 }
601 
602 /**
603  * wil_fw_process - process section from FW file
604  * if load is true: Load the FW and uCode code and data to the
605  * corresponding device memory regions,
606  * otherwise only parse and look for capabilities
607  *
608  * Return error code
609  */
610 static int wil_fw_process(struct wil6210_priv *wil, const void *data,
611 			  size_t size, bool load)
612 {
613 	int rc = 0;
614 	const struct wil_fw_record_head *hdr;
615 	size_t s, hdr_sz;
616 
617 	for (hdr = data;; hdr = (const void *)hdr + s, size -= s) {
618 		if (size < sizeof(*hdr))
619 			break;
620 		hdr_sz = le32_to_cpu(hdr->size);
621 		s = sizeof(*hdr) + hdr_sz;
622 		if (s > size)
623 			break;
624 		if (hdr_sz % 4) {
625 			wil_err_fw(wil, "unaligned record size: %zu\n",
626 				   hdr_sz);
627 			return -EINVAL;
628 		}
629 		rc = wil_fw_handle_record(wil, le16_to_cpu(hdr->type),
630 					  &hdr[1], hdr_sz, load);
631 		if (rc)
632 			return rc;
633 	}
634 	if (size) {
635 		wil_err_fw(wil, "unprocessed bytes: %zu\n", size);
636 		if (size >= sizeof(*hdr)) {
637 			wil_err_fw(wil, "Stop at offset %ld"
638 				   " record type %d [%zd bytes]\n",
639 				   (long)((const void *)hdr - data),
640 				   le16_to_cpu(hdr->type), hdr_sz);
641 		}
642 		return -EINVAL;
643 	}
644 
645 	return rc;
646 }
647 
648 /**
649  * wil_request_firmware - Request firmware
650  *
651  * Request firmware image from the file
652  * If load is true, load firmware to device, otherwise
653  * only parse and extract capabilities
654  *
655  * Return error code
656  */
657 int wil_request_firmware(struct wil6210_priv *wil, const char *name,
658 			 bool load)
659 {
660 	int rc, rc1;
661 	const struct firmware *fw;
662 	size_t sz;
663 	const void *d;
664 
665 	rc = request_firmware(&fw, name, wil_to_dev(wil));
666 	if (rc) {
667 		wil_err_fw(wil, "Failed to load firmware %s rc %d\n", name, rc);
668 		return rc;
669 	}
670 	wil_dbg_fw(wil, "Loading <%s>, %zu bytes\n", name, fw->size);
671 
672 	/* re-initialize board info params */
673 	wil->num_of_brd_entries = 0;
674 	kfree(wil->brd_info);
675 	wil->brd_info = NULL;
676 
677 	for (sz = fw->size, d = fw->data; sz; sz -= rc1, d += rc1) {
678 		rc1 = wil_fw_verify(wil, d, sz);
679 		if (rc1 < 0) {
680 			rc = rc1;
681 			goto out;
682 		}
683 		rc = wil_fw_process(wil, d, rc1, load);
684 		if (rc < 0)
685 			goto out;
686 	}
687 
688 out:
689 	release_firmware(fw);
690 	if (rc)
691 		wil_err_fw(wil, "Loading <%s> failed, rc %d\n", name, rc);
692 	return rc;
693 }
694 
695 /**
696  * wil_brd_process - process section from BRD file
697  *
698  * Return error code
699  */
700 static int wil_brd_process(struct wil6210_priv *wil, const void *data,
701 			   size_t size)
702 {
703 	int rc = 0;
704 	const struct wil_fw_record_head *hdr = data;
705 	size_t s, hdr_sz = 0;
706 	u16 type;
707 	int i = 0;
708 
709 	/* Assuming the board file includes only one file header
710 	 * and one or several data records.
711 	 * Each record starts with wil_fw_record_head.
712 	 */
713 	if (size < sizeof(*hdr))
714 		return -EINVAL;
715 	s = sizeof(*hdr) + le32_to_cpu(hdr->size);
716 	if (s > size)
717 		return -EINVAL;
718 
719 	/* Skip the header record and handle the data records */
720 	size -= s;
721 
722 	for (hdr = data + s;; hdr = (const void *)hdr + s, size -= s, i++) {
723 		if (size < sizeof(*hdr))
724 			break;
725 
726 		if (i >= wil->num_of_brd_entries) {
727 			wil_err_fw(wil,
728 				   "Too many brd records: %d, num of expected entries %d\n",
729 				   i, wil->num_of_brd_entries);
730 			break;
731 		}
732 
733 		hdr_sz = le32_to_cpu(hdr->size);
734 		s = sizeof(*hdr) + hdr_sz;
735 		if (wil->brd_info[i].file_max_size &&
736 		    hdr_sz > wil->brd_info[i].file_max_size)
737 			return -EINVAL;
738 		if (sizeof(*hdr) + hdr_sz > size)
739 			return -EINVAL;
740 		if (hdr_sz % 4) {
741 			wil_err_fw(wil, "unaligned record size: %zu\n",
742 				   hdr_sz);
743 			return -EINVAL;
744 		}
745 		type = le16_to_cpu(hdr->type);
746 		if (type != wil_fw_type_data) {
747 			wil_err_fw(wil,
748 				   "invalid record type for board file: %d\n",
749 				   type);
750 			return -EINVAL;
751 		}
752 		if (hdr_sz < sizeof(struct wil_fw_record_data)) {
753 			wil_err_fw(wil, "data record too short: %zu\n", hdr_sz);
754 			return -EINVAL;
755 		}
756 
757 		wil_dbg_fw(wil,
758 			   "using info from fw file for record %d: addr[0x%08x], max size %d\n",
759 			   i, wil->brd_info[i].file_addr,
760 			   wil->brd_info[i].file_max_size);
761 
762 		rc = __fw_handle_data(wil, &hdr[1], hdr_sz,
763 				      cpu_to_le32(wil->brd_info[i].file_addr));
764 		if (rc)
765 			return rc;
766 	}
767 
768 	if (size) {
769 		wil_err_fw(wil, "unprocessed bytes: %zu\n", size);
770 		if (size >= sizeof(*hdr)) {
771 			wil_err_fw(wil,
772 				   "Stop at offset %ld record type %d [%zd bytes]\n",
773 				   (long)((const void *)hdr - data),
774 				   le16_to_cpu(hdr->type), hdr_sz);
775 		}
776 		return -EINVAL;
777 	}
778 
779 	return 0;
780 }
781 
782 /**
783  * wil_request_board - Request board file
784  *
785  * Request board image from the file
786  * board file address and max size are read from FW file
787  * during initialization.
788  * brd file shall include one header and one data section.
789  *
790  * Return error code
791  */
792 int wil_request_board(struct wil6210_priv *wil, const char *name)
793 {
794 	int rc, dlen;
795 	const struct firmware *brd;
796 
797 	rc = request_firmware(&brd, name, wil_to_dev(wil));
798 	if (rc) {
799 		wil_err_fw(wil, "Failed to load brd %s\n", name);
800 		return rc;
801 	}
802 	wil_dbg_fw(wil, "Loading <%s>, %zu bytes\n", name, brd->size);
803 
804 	/* Verify the header */
805 	dlen = wil_fw_verify(wil, brd->data, brd->size);
806 	if (dlen < 0) {
807 		rc = dlen;
808 		goto out;
809 	}
810 
811 	/* Process the data records */
812 	rc = wil_brd_process(wil, brd->data, dlen);
813 
814 out:
815 	release_firmware(brd);
816 	if (rc)
817 		wil_err_fw(wil, "Loading <%s> failed, rc %d\n", name, rc);
818 	return rc;
819 }
820 
821 /**
822  * wil_fw_verify_file_exists - checks if firmware file exist
823  *
824  * @wil: driver context
825  * @name: firmware file name
826  *
827  * return value - boolean, true for success, false for failure
828  */
829 bool wil_fw_verify_file_exists(struct wil6210_priv *wil, const char *name)
830 {
831 	const struct firmware *fw;
832 	int rc;
833 
834 	rc = request_firmware(&fw, name, wil_to_dev(wil));
835 	if (!rc)
836 		release_firmware(fw);
837 	else
838 		wil_dbg_fw(wil, "<%s> not available: %d\n", name, rc);
839 	return !rc;
840 }
841