1 /******************************************************************************
2  *
3  * This file is provided under a dual BSD/GPLv2 license.  When using or
4  * redistributing this file, you may do so under either license.
5  *
6  * GPL LICENSE SUMMARY
7  *
8  * Copyright(c) 2008 - 2014 Intel Corporation. All rights reserved.
9  * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
10  * Copyright(c) 2015 - 2017 Intel Deutschland GmbH
11  * Copyright(c) 2018        Intel Corporation
12  *
13  * This program is free software; you can redistribute it and/or modify
14  * it under the terms of version 2 of the GNU General Public License as
15  * published by the Free Software Foundation.
16  *
17  * This program is distributed in the hope that it will be useful, but
18  * WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
20  * General Public License for more details.
21  *
22  * The full GNU General Public License is included in this distribution
23  * in the file called COPYING.
24  *
25  * Contact Information:
26  *  Intel Linux Wireless <linuxwifi@intel.com>
27  * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
28  *
29  * BSD LICENSE
30  *
31  * Copyright(c) 2005 - 2014 Intel Corporation. All rights reserved.
32  * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
33  * Copyright(c) 2015 - 2017 Intel Deutschland GmbH
34  * Copyright(c) 2018        Intel Corporation
35  * All rights reserved.
36  *
37  * Redistribution and use in source and binary forms, with or without
38  * modification, are permitted provided that the following conditions
39  * are met:
40  *
41  *  * Redistributions of source code must retain the above copyright
42  *    notice, this list of conditions and the following disclaimer.
43  *  * Redistributions in binary form must reproduce the above copyright
44  *    notice, this list of conditions and the following disclaimer in
45  *    the documentation and/or other materials provided with the
46  *    distribution.
47  *  * Neither the name Intel Corporation nor the names of its
48  *    contributors may be used to endorse or promote products derived
49  *    from this software without specific prior written permission.
50  *
51  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
52  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
53  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
54  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
55  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
56  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
57  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
58  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
59  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
60  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
61  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
62  *
63  *****************************************************************************/
64 #include <linux/devcoredump.h>
65 #include "iwl-drv.h"
66 #include "runtime.h"
67 #include "dbg.h"
68 #include "debugfs.h"
69 #include "iwl-io.h"
70 #include "iwl-prph.h"
71 #include "iwl-csr.h"
72 
73 /**
74  * struct iwl_fw_dump_ptrs - set of pointers needed for the fw-error-dump
75  *
76  * @fwrt_ptr: pointer to the buffer coming from fwrt
77  * @trans_ptr: pointer to struct %iwl_trans_dump_data which contains the
78  *	transport's data.
79  * @trans_len: length of the valid data in trans_ptr
80  * @fwrt_len: length of the valid data in fwrt_ptr
81  */
82 struct iwl_fw_dump_ptrs {
83 	struct iwl_trans_dump_data *trans_ptr;
84 	void *fwrt_ptr;
85 	u32 fwrt_len;
86 };
87 
88 #define RADIO_REG_MAX_READ 0x2ad
89 static void iwl_read_radio_regs(struct iwl_fw_runtime *fwrt,
90 				struct iwl_fw_error_dump_data **dump_data)
91 {
92 	u8 *pos = (void *)(*dump_data)->data;
93 	unsigned long flags;
94 	int i;
95 
96 	IWL_DEBUG_INFO(fwrt, "WRT radio registers dump\n");
97 
98 	if (!iwl_trans_grab_nic_access(fwrt->trans, &flags))
99 		return;
100 
101 	(*dump_data)->type = cpu_to_le32(IWL_FW_ERROR_DUMP_RADIO_REG);
102 	(*dump_data)->len = cpu_to_le32(RADIO_REG_MAX_READ);
103 
104 	for (i = 0; i < RADIO_REG_MAX_READ; i++) {
105 		u32 rd_cmd = RADIO_RSP_RD_CMD;
106 
107 		rd_cmd |= i << RADIO_RSP_ADDR_POS;
108 		iwl_write_prph_no_grab(fwrt->trans, RSP_RADIO_CMD, rd_cmd);
109 		*pos = (u8)iwl_read_prph_no_grab(fwrt->trans, RSP_RADIO_RDDAT);
110 
111 		pos++;
112 	}
113 
114 	*dump_data = iwl_fw_error_next_data(*dump_data);
115 
116 	iwl_trans_release_nic_access(fwrt->trans, &flags);
117 }
118 
119 static void iwl_fwrt_dump_rxf(struct iwl_fw_runtime *fwrt,
120 			      struct iwl_fw_error_dump_data **dump_data,
121 			      int size, u32 offset, int fifo_num)
122 {
123 	struct iwl_fw_error_dump_fifo *fifo_hdr;
124 	u32 *fifo_data;
125 	u32 fifo_len;
126 	int i;
127 
128 	fifo_hdr = (void *)(*dump_data)->data;
129 	fifo_data = (void *)fifo_hdr->data;
130 	fifo_len = size;
131 
132 	/* No need to try to read the data if the length is 0 */
133 	if (fifo_len == 0)
134 		return;
135 
136 	/* Add a TLV for the RXF */
137 	(*dump_data)->type = cpu_to_le32(IWL_FW_ERROR_DUMP_RXF);
138 	(*dump_data)->len = cpu_to_le32(fifo_len + sizeof(*fifo_hdr));
139 
140 	fifo_hdr->fifo_num = cpu_to_le32(fifo_num);
141 	fifo_hdr->available_bytes =
142 		cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
143 						RXF_RD_D_SPACE + offset));
144 	fifo_hdr->wr_ptr =
145 		cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
146 						RXF_RD_WR_PTR + offset));
147 	fifo_hdr->rd_ptr =
148 		cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
149 						RXF_RD_RD_PTR + offset));
150 	fifo_hdr->fence_ptr =
151 		cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
152 						RXF_RD_FENCE_PTR + offset));
153 	fifo_hdr->fence_mode =
154 		cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
155 						RXF_SET_FENCE_MODE + offset));
156 
157 	/* Lock fence */
158 	iwl_trans_write_prph(fwrt->trans, RXF_SET_FENCE_MODE + offset, 0x1);
159 	/* Set fence pointer to the same place like WR pointer */
160 	iwl_trans_write_prph(fwrt->trans, RXF_LD_WR2FENCE + offset, 0x1);
161 	/* Set fence offset */
162 	iwl_trans_write_prph(fwrt->trans,
163 			     RXF_LD_FENCE_OFFSET_ADDR + offset, 0x0);
164 
165 	/* Read FIFO */
166 	fifo_len /= sizeof(u32); /* Size in DWORDS */
167 	for (i = 0; i < fifo_len; i++)
168 		fifo_data[i] = iwl_trans_read_prph(fwrt->trans,
169 						 RXF_FIFO_RD_FENCE_INC +
170 						 offset);
171 	*dump_data = iwl_fw_error_next_data(*dump_data);
172 }
173 
174 static void iwl_fwrt_dump_txf(struct iwl_fw_runtime *fwrt,
175 			      struct iwl_fw_error_dump_data **dump_data,
176 			      int size, u32 offset, int fifo_num)
177 {
178 	struct iwl_fw_error_dump_fifo *fifo_hdr;
179 	u32 *fifo_data;
180 	u32 fifo_len;
181 	int i;
182 
183 	fifo_hdr = (void *)(*dump_data)->data;
184 	fifo_data = (void *)fifo_hdr->data;
185 	fifo_len = size;
186 
187 	/* No need to try to read the data if the length is 0 */
188 	if (fifo_len == 0)
189 		return;
190 
191 	/* Add a TLV for the FIFO */
192 	(*dump_data)->type = cpu_to_le32(IWL_FW_ERROR_DUMP_TXF);
193 	(*dump_data)->len = cpu_to_le32(fifo_len + sizeof(*fifo_hdr));
194 
195 	fifo_hdr->fifo_num = cpu_to_le32(fifo_num);
196 	fifo_hdr->available_bytes =
197 		cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
198 						TXF_FIFO_ITEM_CNT + offset));
199 	fifo_hdr->wr_ptr =
200 		cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
201 						TXF_WR_PTR + offset));
202 	fifo_hdr->rd_ptr =
203 		cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
204 						TXF_RD_PTR + offset));
205 	fifo_hdr->fence_ptr =
206 		cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
207 						TXF_FENCE_PTR + offset));
208 	fifo_hdr->fence_mode =
209 		cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
210 						TXF_LOCK_FENCE + offset));
211 
212 	/* Set the TXF_READ_MODIFY_ADDR to TXF_WR_PTR */
213 	iwl_trans_write_prph(fwrt->trans, TXF_READ_MODIFY_ADDR + offset,
214 			     TXF_WR_PTR + offset);
215 
216 	/* Dummy-read to advance the read pointer to the head */
217 	iwl_trans_read_prph(fwrt->trans, TXF_READ_MODIFY_DATA + offset);
218 
219 	/* Read FIFO */
220 	fifo_len /= sizeof(u32); /* Size in DWORDS */
221 	for (i = 0; i < fifo_len; i++)
222 		fifo_data[i] = iwl_trans_read_prph(fwrt->trans,
223 						  TXF_READ_MODIFY_DATA +
224 						  offset);
225 	*dump_data = iwl_fw_error_next_data(*dump_data);
226 }
227 
228 static void iwl_fw_dump_rxf(struct iwl_fw_runtime *fwrt,
229 			    struct iwl_fw_error_dump_data **dump_data)
230 {
231 	struct iwl_fwrt_shared_mem_cfg *cfg = &fwrt->smem_cfg;
232 	unsigned long flags;
233 
234 	IWL_DEBUG_INFO(fwrt, "WRT RX FIFO dump\n");
235 
236 	if (!iwl_trans_grab_nic_access(fwrt->trans, &flags))
237 		return;
238 
239 	if (iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_RXF)) {
240 		/* Pull RXF1 */
241 		iwl_fwrt_dump_rxf(fwrt, dump_data,
242 				  cfg->lmac[0].rxfifo1_size, 0, 0);
243 		/* Pull RXF2 */
244 		iwl_fwrt_dump_rxf(fwrt, dump_data, cfg->rxfifo2_size,
245 				  RXF_DIFF_FROM_PREV, 1);
246 		/* Pull LMAC2 RXF1 */
247 		if (fwrt->smem_cfg.num_lmacs > 1)
248 			iwl_fwrt_dump_rxf(fwrt, dump_data,
249 					  cfg->lmac[1].rxfifo1_size,
250 					  LMAC2_PRPH_OFFSET, 2);
251 	}
252 
253 	iwl_trans_release_nic_access(fwrt->trans, &flags);
254 }
255 
256 static void iwl_fw_dump_txf(struct iwl_fw_runtime *fwrt,
257 			    struct iwl_fw_error_dump_data **dump_data)
258 {
259 	struct iwl_fw_error_dump_fifo *fifo_hdr;
260 	struct iwl_fwrt_shared_mem_cfg *cfg = &fwrt->smem_cfg;
261 	u32 *fifo_data;
262 	u32 fifo_len;
263 	unsigned long flags;
264 	int i, j;
265 
266 	IWL_DEBUG_INFO(fwrt, "WRT TX FIFO dump\n");
267 
268 	if (!iwl_trans_grab_nic_access(fwrt->trans, &flags))
269 		return;
270 
271 	if (iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_TXF)) {
272 		/* Pull TXF data from LMAC1 */
273 		for (i = 0; i < fwrt->smem_cfg.num_txfifo_entries; i++) {
274 			/* Mark the number of TXF we're pulling now */
275 			iwl_trans_write_prph(fwrt->trans, TXF_LARC_NUM, i);
276 			iwl_fwrt_dump_txf(fwrt, dump_data,
277 					  cfg->lmac[0].txfifo_size[i], 0, i);
278 		}
279 
280 		/* Pull TXF data from LMAC2 */
281 		if (fwrt->smem_cfg.num_lmacs > 1) {
282 			for (i = 0; i < fwrt->smem_cfg.num_txfifo_entries;
283 			     i++) {
284 				/* Mark the number of TXF we're pulling now */
285 				iwl_trans_write_prph(fwrt->trans,
286 						     TXF_LARC_NUM +
287 						     LMAC2_PRPH_OFFSET, i);
288 				iwl_fwrt_dump_txf(fwrt, dump_data,
289 						  cfg->lmac[1].txfifo_size[i],
290 						  LMAC2_PRPH_OFFSET,
291 						  i + cfg->num_txfifo_entries);
292 			}
293 		}
294 	}
295 
296 	if (iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_INTERNAL_TXF) &&
297 	    fw_has_capa(&fwrt->fw->ucode_capa,
298 			IWL_UCODE_TLV_CAPA_EXTEND_SHARED_MEM_CFG)) {
299 		/* Pull UMAC internal TXF data from all TXFs */
300 		for (i = 0;
301 		     i < ARRAY_SIZE(fwrt->smem_cfg.internal_txfifo_size);
302 		     i++) {
303 			fifo_hdr = (void *)(*dump_data)->data;
304 			fifo_data = (void *)fifo_hdr->data;
305 			fifo_len = fwrt->smem_cfg.internal_txfifo_size[i];
306 
307 			/* No need to try to read the data if the length is 0 */
308 			if (fifo_len == 0)
309 				continue;
310 
311 			/* Add a TLV for the internal FIFOs */
312 			(*dump_data)->type =
313 				cpu_to_le32(IWL_FW_ERROR_DUMP_INTERNAL_TXF);
314 			(*dump_data)->len =
315 				cpu_to_le32(fifo_len + sizeof(*fifo_hdr));
316 
317 			fifo_hdr->fifo_num = cpu_to_le32(i);
318 
319 			/* Mark the number of TXF we're pulling now */
320 			iwl_trans_write_prph(fwrt->trans, TXF_CPU2_NUM, i +
321 				fwrt->smem_cfg.num_txfifo_entries);
322 
323 			fifo_hdr->available_bytes =
324 				cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
325 								TXF_CPU2_FIFO_ITEM_CNT));
326 			fifo_hdr->wr_ptr =
327 				cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
328 								TXF_CPU2_WR_PTR));
329 			fifo_hdr->rd_ptr =
330 				cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
331 								TXF_CPU2_RD_PTR));
332 			fifo_hdr->fence_ptr =
333 				cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
334 								TXF_CPU2_FENCE_PTR));
335 			fifo_hdr->fence_mode =
336 				cpu_to_le32(iwl_trans_read_prph(fwrt->trans,
337 								TXF_CPU2_LOCK_FENCE));
338 
339 			/* Set TXF_CPU2_READ_MODIFY_ADDR to TXF_CPU2_WR_PTR */
340 			iwl_trans_write_prph(fwrt->trans,
341 					     TXF_CPU2_READ_MODIFY_ADDR,
342 					     TXF_CPU2_WR_PTR);
343 
344 			/* Dummy-read to advance the read pointer to head */
345 			iwl_trans_read_prph(fwrt->trans,
346 					    TXF_CPU2_READ_MODIFY_DATA);
347 
348 			/* Read FIFO */
349 			fifo_len /= sizeof(u32); /* Size in DWORDS */
350 			for (j = 0; j < fifo_len; j++)
351 				fifo_data[j] =
352 					iwl_trans_read_prph(fwrt->trans,
353 							    TXF_CPU2_READ_MODIFY_DATA);
354 			*dump_data = iwl_fw_error_next_data(*dump_data);
355 		}
356 	}
357 
358 	iwl_trans_release_nic_access(fwrt->trans, &flags);
359 }
360 
361 #define IWL8260_ICCM_OFFSET		0x44000 /* Only for B-step */
362 #define IWL8260_ICCM_LEN		0xC000 /* Only for B-step */
363 
364 struct iwl_prph_range {
365 	u32 start, end;
366 };
367 
368 static const struct iwl_prph_range iwl_prph_dump_addr_comm[] = {
369 	{ .start = 0x00a00000, .end = 0x00a00000 },
370 	{ .start = 0x00a0000c, .end = 0x00a00024 },
371 	{ .start = 0x00a0002c, .end = 0x00a0003c },
372 	{ .start = 0x00a00410, .end = 0x00a00418 },
373 	{ .start = 0x00a00420, .end = 0x00a00420 },
374 	{ .start = 0x00a00428, .end = 0x00a00428 },
375 	{ .start = 0x00a00430, .end = 0x00a0043c },
376 	{ .start = 0x00a00444, .end = 0x00a00444 },
377 	{ .start = 0x00a004c0, .end = 0x00a004cc },
378 	{ .start = 0x00a004d8, .end = 0x00a004d8 },
379 	{ .start = 0x00a004e0, .end = 0x00a004f0 },
380 	{ .start = 0x00a00840, .end = 0x00a00840 },
381 	{ .start = 0x00a00850, .end = 0x00a00858 },
382 	{ .start = 0x00a01004, .end = 0x00a01008 },
383 	{ .start = 0x00a01010, .end = 0x00a01010 },
384 	{ .start = 0x00a01018, .end = 0x00a01018 },
385 	{ .start = 0x00a01024, .end = 0x00a01024 },
386 	{ .start = 0x00a0102c, .end = 0x00a01034 },
387 	{ .start = 0x00a0103c, .end = 0x00a01040 },
388 	{ .start = 0x00a01048, .end = 0x00a01094 },
389 	{ .start = 0x00a01c00, .end = 0x00a01c20 },
390 	{ .start = 0x00a01c58, .end = 0x00a01c58 },
391 	{ .start = 0x00a01c7c, .end = 0x00a01c7c },
392 	{ .start = 0x00a01c28, .end = 0x00a01c54 },
393 	{ .start = 0x00a01c5c, .end = 0x00a01c5c },
394 	{ .start = 0x00a01c60, .end = 0x00a01cdc },
395 	{ .start = 0x00a01ce0, .end = 0x00a01d0c },
396 	{ .start = 0x00a01d18, .end = 0x00a01d20 },
397 	{ .start = 0x00a01d2c, .end = 0x00a01d30 },
398 	{ .start = 0x00a01d40, .end = 0x00a01d5c },
399 	{ .start = 0x00a01d80, .end = 0x00a01d80 },
400 	{ .start = 0x00a01d98, .end = 0x00a01d9c },
401 	{ .start = 0x00a01da8, .end = 0x00a01da8 },
402 	{ .start = 0x00a01db8, .end = 0x00a01df4 },
403 	{ .start = 0x00a01dc0, .end = 0x00a01dfc },
404 	{ .start = 0x00a01e00, .end = 0x00a01e2c },
405 	{ .start = 0x00a01e40, .end = 0x00a01e60 },
406 	{ .start = 0x00a01e68, .end = 0x00a01e6c },
407 	{ .start = 0x00a01e74, .end = 0x00a01e74 },
408 	{ .start = 0x00a01e84, .end = 0x00a01e90 },
409 	{ .start = 0x00a01e9c, .end = 0x00a01ec4 },
410 	{ .start = 0x00a01ed0, .end = 0x00a01ee0 },
411 	{ .start = 0x00a01f00, .end = 0x00a01f1c },
412 	{ .start = 0x00a01f44, .end = 0x00a01ffc },
413 	{ .start = 0x00a02000, .end = 0x00a02048 },
414 	{ .start = 0x00a02068, .end = 0x00a020f0 },
415 	{ .start = 0x00a02100, .end = 0x00a02118 },
416 	{ .start = 0x00a02140, .end = 0x00a0214c },
417 	{ .start = 0x00a02168, .end = 0x00a0218c },
418 	{ .start = 0x00a021c0, .end = 0x00a021c0 },
419 	{ .start = 0x00a02400, .end = 0x00a02410 },
420 	{ .start = 0x00a02418, .end = 0x00a02420 },
421 	{ .start = 0x00a02428, .end = 0x00a0242c },
422 	{ .start = 0x00a02434, .end = 0x00a02434 },
423 	{ .start = 0x00a02440, .end = 0x00a02460 },
424 	{ .start = 0x00a02468, .end = 0x00a024b0 },
425 	{ .start = 0x00a024c8, .end = 0x00a024cc },
426 	{ .start = 0x00a02500, .end = 0x00a02504 },
427 	{ .start = 0x00a0250c, .end = 0x00a02510 },
428 	{ .start = 0x00a02540, .end = 0x00a02554 },
429 	{ .start = 0x00a02580, .end = 0x00a025f4 },
430 	{ .start = 0x00a02600, .end = 0x00a0260c },
431 	{ .start = 0x00a02648, .end = 0x00a02650 },
432 	{ .start = 0x00a02680, .end = 0x00a02680 },
433 	{ .start = 0x00a026c0, .end = 0x00a026d0 },
434 	{ .start = 0x00a02700, .end = 0x00a0270c },
435 	{ .start = 0x00a02804, .end = 0x00a02804 },
436 	{ .start = 0x00a02818, .end = 0x00a0281c },
437 	{ .start = 0x00a02c00, .end = 0x00a02db4 },
438 	{ .start = 0x00a02df4, .end = 0x00a02fb0 },
439 	{ .start = 0x00a03000, .end = 0x00a03014 },
440 	{ .start = 0x00a0301c, .end = 0x00a0302c },
441 	{ .start = 0x00a03034, .end = 0x00a03038 },
442 	{ .start = 0x00a03040, .end = 0x00a03048 },
443 	{ .start = 0x00a03060, .end = 0x00a03068 },
444 	{ .start = 0x00a03070, .end = 0x00a03074 },
445 	{ .start = 0x00a0307c, .end = 0x00a0307c },
446 	{ .start = 0x00a03080, .end = 0x00a03084 },
447 	{ .start = 0x00a0308c, .end = 0x00a03090 },
448 	{ .start = 0x00a03098, .end = 0x00a03098 },
449 	{ .start = 0x00a030a0, .end = 0x00a030a0 },
450 	{ .start = 0x00a030a8, .end = 0x00a030b4 },
451 	{ .start = 0x00a030bc, .end = 0x00a030bc },
452 	{ .start = 0x00a030c0, .end = 0x00a0312c },
453 	{ .start = 0x00a03c00, .end = 0x00a03c5c },
454 	{ .start = 0x00a04400, .end = 0x00a04454 },
455 	{ .start = 0x00a04460, .end = 0x00a04474 },
456 	{ .start = 0x00a044c0, .end = 0x00a044ec },
457 	{ .start = 0x00a04500, .end = 0x00a04504 },
458 	{ .start = 0x00a04510, .end = 0x00a04538 },
459 	{ .start = 0x00a04540, .end = 0x00a04548 },
460 	{ .start = 0x00a04560, .end = 0x00a0457c },
461 	{ .start = 0x00a04590, .end = 0x00a04598 },
462 	{ .start = 0x00a045c0, .end = 0x00a045f4 },
463 };
464 
465 static const struct iwl_prph_range iwl_prph_dump_addr_9000[] = {
466 	{ .start = 0x00a05c00, .end = 0x00a05c18 },
467 	{ .start = 0x00a05400, .end = 0x00a056e8 },
468 	{ .start = 0x00a08000, .end = 0x00a098bc },
469 	{ .start = 0x00a02400, .end = 0x00a02758 },
470 };
471 
472 static void iwl_read_prph_block(struct iwl_trans *trans, u32 start,
473 				u32 len_bytes, __le32 *data)
474 {
475 	u32 i;
476 
477 	for (i = 0; i < len_bytes; i += 4)
478 		*data++ = cpu_to_le32(iwl_read_prph_no_grab(trans, start + i));
479 }
480 
481 static void iwl_dump_prph(struct iwl_trans *trans,
482 			  struct iwl_fw_error_dump_data **data,
483 			  const struct iwl_prph_range *iwl_prph_dump_addr,
484 			  u32 range_len)
485 {
486 	struct iwl_fw_error_dump_prph *prph;
487 	unsigned long flags;
488 	u32 i;
489 
490 	IWL_DEBUG_INFO(trans, "WRT PRPH dump\n");
491 
492 	if (!iwl_trans_grab_nic_access(trans, &flags))
493 		return;
494 
495 	for (i = 0; i < range_len; i++) {
496 		/* The range includes both boundaries */
497 		int num_bytes_in_chunk = iwl_prph_dump_addr[i].end -
498 			 iwl_prph_dump_addr[i].start + 4;
499 
500 		(*data)->type = cpu_to_le32(IWL_FW_ERROR_DUMP_PRPH);
501 		(*data)->len = cpu_to_le32(sizeof(*prph) +
502 					num_bytes_in_chunk);
503 		prph = (void *)(*data)->data;
504 		prph->prph_start = cpu_to_le32(iwl_prph_dump_addr[i].start);
505 
506 		iwl_read_prph_block(trans, iwl_prph_dump_addr[i].start,
507 				    /* our range is inclusive, hence + 4 */
508 				    iwl_prph_dump_addr[i].end -
509 				    iwl_prph_dump_addr[i].start + 4,
510 				    (void *)prph->data);
511 
512 		*data = iwl_fw_error_next_data(*data);
513 	}
514 
515 	iwl_trans_release_nic_access(trans, &flags);
516 }
517 
518 /*
519  * alloc_sgtable - allocates scallerlist table in the given size,
520  * fills it with pages and returns it
521  * @size: the size (in bytes) of the table
522 */
523 static struct scatterlist *alloc_sgtable(int size)
524 {
525 	int alloc_size, nents, i;
526 	struct page *new_page;
527 	struct scatterlist *iter;
528 	struct scatterlist *table;
529 
530 	nents = DIV_ROUND_UP(size, PAGE_SIZE);
531 	table = kcalloc(nents, sizeof(*table), GFP_KERNEL);
532 	if (!table)
533 		return NULL;
534 	sg_init_table(table, nents);
535 	iter = table;
536 	for_each_sg(table, iter, sg_nents(table), i) {
537 		new_page = alloc_page(GFP_KERNEL);
538 		if (!new_page) {
539 			/* release all previous allocated pages in the table */
540 			iter = table;
541 			for_each_sg(table, iter, sg_nents(table), i) {
542 				new_page = sg_page(iter);
543 				if (new_page)
544 					__free_page(new_page);
545 			}
546 			return NULL;
547 		}
548 		alloc_size = min_t(int, size, PAGE_SIZE);
549 		size -= PAGE_SIZE;
550 		sg_set_page(iter, new_page, alloc_size, 0);
551 	}
552 	return table;
553 }
554 
555 static int iwl_fw_get_prph_len(struct iwl_fw_runtime *fwrt)
556 {
557 	u32 prph_len = 0;
558 	int i;
559 
560 	for (i = 0; i < ARRAY_SIZE(iwl_prph_dump_addr_comm);
561 	     i++) {
562 		/* The range includes both boundaries */
563 		int num_bytes_in_chunk =
564 			iwl_prph_dump_addr_comm[i].end -
565 			iwl_prph_dump_addr_comm[i].start + 4;
566 
567 		prph_len += sizeof(struct iwl_fw_error_dump_data) +
568 			sizeof(struct iwl_fw_error_dump_prph) +
569 			num_bytes_in_chunk;
570 	}
571 
572 	if (fwrt->trans->cfg->mq_rx_supported) {
573 		for (i = 0; i <
574 			ARRAY_SIZE(iwl_prph_dump_addr_9000); i++) {
575 			/* The range includes both boundaries */
576 			int num_bytes_in_chunk =
577 				iwl_prph_dump_addr_9000[i].end -
578 				iwl_prph_dump_addr_9000[i].start + 4;
579 
580 			prph_len += sizeof(struct iwl_fw_error_dump_data) +
581 				sizeof(struct iwl_fw_error_dump_prph) +
582 				num_bytes_in_chunk;
583 		}
584 	}
585 	return prph_len;
586 }
587 
588 static void iwl_fw_dump_mem(struct iwl_fw_runtime *fwrt,
589 			    struct iwl_fw_error_dump_data **dump_data,
590 			    u32 len, u32 ofs, u32 type)
591 {
592 	struct iwl_fw_error_dump_mem *dump_mem;
593 
594 	if (!len)
595 		return;
596 
597 	(*dump_data)->type = cpu_to_le32(IWL_FW_ERROR_DUMP_MEM);
598 	(*dump_data)->len = cpu_to_le32(len + sizeof(*dump_mem));
599 	dump_mem = (void *)(*dump_data)->data;
600 	dump_mem->type = cpu_to_le32(type);
601 	dump_mem->offset = cpu_to_le32(ofs);
602 	iwl_trans_read_mem_bytes(fwrt->trans, ofs, dump_mem->data, len);
603 	*dump_data = iwl_fw_error_next_data(*dump_data);
604 
605 	IWL_DEBUG_INFO(fwrt, "WRT memory dump. Type=%u\n", dump_mem->type);
606 }
607 
608 static void iwl_fw_dump_named_mem(struct iwl_fw_runtime *fwrt,
609 				  struct iwl_fw_error_dump_data **dump_data,
610 				  u32 len, u32 ofs, u8 *name, u8 name_len)
611 {
612 	struct iwl_fw_error_dump_named_mem *dump_mem;
613 
614 	if (!len)
615 		return;
616 
617 	(*dump_data)->type = cpu_to_le32(IWL_FW_ERROR_DUMP_MEM);
618 	(*dump_data)->len = cpu_to_le32(len + sizeof(*dump_mem));
619 	dump_mem = (void *)(*dump_data)->data;
620 	dump_mem->type = cpu_to_le32(IWL_FW_ERROR_DUMP_MEM_NAMED_MEM);
621 	dump_mem->offset = cpu_to_le32(ofs);
622 	dump_mem->name_len = name_len;
623 	memcpy(dump_mem->name, name, name_len);
624 	iwl_trans_read_mem_bytes(fwrt->trans, ofs, dump_mem->data, len);
625 	*dump_data = iwl_fw_error_next_data(*dump_data);
626 
627 	IWL_DEBUG_INFO(fwrt, "WRT memory dump. Type=%u\n", dump_mem->type);
628 }
629 
630 #define ADD_LEN(len, item_len, const_len) \
631 	do {size_t item = item_len; len += (!!item) * const_len + item; } \
632 	while (0)
633 
634 static int iwl_fw_rxf_len(struct iwl_fw_runtime *fwrt,
635 			  struct iwl_fwrt_shared_mem_cfg *mem_cfg)
636 {
637 	size_t hdr_len = sizeof(struct iwl_fw_error_dump_data) +
638 			 sizeof(struct iwl_fw_error_dump_fifo);
639 	u32 fifo_len = 0;
640 	int i;
641 
642 	if (!iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_RXF))
643 		return 0;
644 
645 	/* Count RXF2 size */
646 	ADD_LEN(fifo_len, mem_cfg->rxfifo2_size, hdr_len);
647 
648 	/* Count RXF1 sizes */
649 	for (i = 0; i < mem_cfg->num_lmacs; i++)
650 		ADD_LEN(fifo_len, mem_cfg->lmac[i].rxfifo1_size, hdr_len);
651 
652 	return fifo_len;
653 }
654 
655 static int iwl_fw_txf_len(struct iwl_fw_runtime *fwrt,
656 			  struct iwl_fwrt_shared_mem_cfg *mem_cfg)
657 {
658 	size_t hdr_len = sizeof(struct iwl_fw_error_dump_data) +
659 			 sizeof(struct iwl_fw_error_dump_fifo);
660 	u32 fifo_len = 0;
661 	int i;
662 
663 	if (!iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_TXF))
664 		goto dump_internal_txf;
665 
666 	/* Count TXF sizes */
667 	for (i = 0; i < mem_cfg->num_lmacs; i++) {
668 		int j;
669 
670 		for (j = 0; j < mem_cfg->num_txfifo_entries; j++)
671 			ADD_LEN(fifo_len, mem_cfg->lmac[i].txfifo_size[j],
672 				hdr_len);
673 	}
674 
675 dump_internal_txf:
676 	if (!(iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_INTERNAL_TXF) &&
677 	      fw_has_capa(&fwrt->fw->ucode_capa,
678 			  IWL_UCODE_TLV_CAPA_EXTEND_SHARED_MEM_CFG)))
679 		goto out;
680 
681 	for (i = 0; i < ARRAY_SIZE(mem_cfg->internal_txfifo_size); i++)
682 		ADD_LEN(fifo_len, mem_cfg->internal_txfifo_size[i], hdr_len);
683 
684 out:
685 	return fifo_len;
686 }
687 
688 static void iwl_dump_paging(struct iwl_fw_runtime *fwrt,
689 			    struct iwl_fw_error_dump_data **data)
690 {
691 	int i;
692 
693 	IWL_DEBUG_INFO(fwrt, "WRT paging dump\n");
694 	for (i = 1; i < fwrt->num_of_paging_blk + 1; i++) {
695 		struct iwl_fw_error_dump_paging *paging;
696 		struct page *pages =
697 			fwrt->fw_paging_db[i].fw_paging_block;
698 		dma_addr_t addr = fwrt->fw_paging_db[i].fw_paging_phys;
699 
700 		(*data)->type = cpu_to_le32(IWL_FW_ERROR_DUMP_PAGING);
701 		(*data)->len = cpu_to_le32(sizeof(*paging) +
702 					     PAGING_BLOCK_SIZE);
703 		paging =  (void *)(*data)->data;
704 		paging->index = cpu_to_le32(i);
705 		dma_sync_single_for_cpu(fwrt->trans->dev, addr,
706 					PAGING_BLOCK_SIZE,
707 					DMA_BIDIRECTIONAL);
708 		memcpy(paging->data, page_address(pages),
709 		       PAGING_BLOCK_SIZE);
710 		(*data) = iwl_fw_error_next_data(*data);
711 	}
712 }
713 
714 static struct iwl_fw_error_dump_file *
715 _iwl_fw_error_dump(struct iwl_fw_runtime *fwrt,
716 		   struct iwl_fw_dump_ptrs *fw_error_dump)
717 {
718 	struct iwl_fw_error_dump_file *dump_file;
719 	struct iwl_fw_error_dump_data *dump_data;
720 	struct iwl_fw_error_dump_info *dump_info;
721 	struct iwl_fw_error_dump_smem_cfg *dump_smem_cfg;
722 	struct iwl_fw_error_dump_trigger_desc *dump_trig;
723 	u32 sram_len, sram_ofs;
724 	const struct iwl_fw_dbg_mem_seg_tlv *fw_mem = fwrt->fw->dbg.mem_tlv;
725 	struct iwl_fwrt_shared_mem_cfg *mem_cfg = &fwrt->smem_cfg;
726 	u32 file_len, fifo_len = 0, prph_len = 0, radio_len = 0;
727 	u32 smem_len = fwrt->fw->dbg.n_mem_tlv ? 0 : fwrt->trans->cfg->smem_len;
728 	u32 sram2_len = fwrt->fw->dbg.n_mem_tlv ?
729 				0 : fwrt->trans->cfg->dccm2_len;
730 	int i;
731 
732 	/* SRAM - include stack CCM if driver knows the values for it */
733 	if (!fwrt->trans->cfg->dccm_offset || !fwrt->trans->cfg->dccm_len) {
734 		const struct fw_img *img;
735 
736 		img = &fwrt->fw->img[fwrt->cur_fw_img];
737 		sram_ofs = img->sec[IWL_UCODE_SECTION_DATA].offset;
738 		sram_len = img->sec[IWL_UCODE_SECTION_DATA].len;
739 	} else {
740 		sram_ofs = fwrt->trans->cfg->dccm_offset;
741 		sram_len = fwrt->trans->cfg->dccm_len;
742 	}
743 
744 	/* reading RXF/TXF sizes */
745 	if (test_bit(STATUS_FW_ERROR, &fwrt->trans->status)) {
746 		fifo_len = iwl_fw_rxf_len(fwrt, mem_cfg);
747 		fifo_len += iwl_fw_txf_len(fwrt, mem_cfg);
748 
749 		/* Make room for PRPH registers */
750 		if (!fwrt->trans->cfg->gen2 &&
751 		   iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_PRPH))
752 			prph_len += iwl_fw_get_prph_len(fwrt);
753 
754 		if (fwrt->trans->cfg->device_family == IWL_DEVICE_FAMILY_7000 &&
755 		    iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_RADIO_REG))
756 			radio_len = sizeof(*dump_data) + RADIO_REG_MAX_READ;
757 	}
758 
759 	file_len = sizeof(*dump_file) + fifo_len + prph_len + radio_len;
760 
761 	if (iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_DEV_FW_INFO))
762 		file_len += sizeof(*dump_data) + sizeof(*dump_info);
763 	if (iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_MEM_CFG))
764 		file_len += sizeof(*dump_data) + sizeof(*dump_smem_cfg);
765 
766 	if (iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_MEM)) {
767 		size_t hdr_len = sizeof(*dump_data) +
768 				 sizeof(struct iwl_fw_error_dump_mem);
769 
770 		/* Dump SRAM only if no mem_tlvs */
771 		if (!fwrt->fw->dbg.n_mem_tlv)
772 			ADD_LEN(file_len, sram_len, hdr_len);
773 
774 		/* Make room for all mem types that exist */
775 		ADD_LEN(file_len, smem_len, hdr_len);
776 		ADD_LEN(file_len, sram2_len, hdr_len);
777 
778 		for (i = 0; i < fwrt->fw->dbg.n_mem_tlv; i++)
779 			ADD_LEN(file_len, le32_to_cpu(fw_mem[i].len), hdr_len);
780 	}
781 
782 	/* Make room for fw's virtual image pages, if it exists */
783 	if (iwl_fw_dbg_is_paging_enabled(fwrt))
784 		file_len += fwrt->num_of_paging_blk *
785 			(sizeof(*dump_data) +
786 			 sizeof(struct iwl_fw_error_dump_paging) +
787 			 PAGING_BLOCK_SIZE);
788 
789 	if (iwl_fw_dbg_is_d3_debug_enabled(fwrt) && fwrt->dump.d3_debug_data) {
790 		file_len += sizeof(*dump_data) +
791 			fwrt->trans->cfg->d3_debug_data_length * 2;
792 	}
793 
794 	/* If we only want a monitor dump, reset the file length */
795 	if (fwrt->dump.monitor_only) {
796 		file_len = sizeof(*dump_file) + sizeof(*dump_data) * 2 +
797 			   sizeof(*dump_info) + sizeof(*dump_smem_cfg);
798 	}
799 
800 	if (iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_ERROR_INFO) &&
801 	    fwrt->dump.desc)
802 		file_len += sizeof(*dump_data) + sizeof(*dump_trig) +
803 			    fwrt->dump.desc->len;
804 
805 	dump_file = vzalloc(file_len);
806 	if (!dump_file)
807 		return NULL;
808 
809 	fw_error_dump->fwrt_ptr = dump_file;
810 
811 	dump_file->barker = cpu_to_le32(IWL_FW_ERROR_DUMP_BARKER);
812 	dump_data = (void *)dump_file->data;
813 
814 	if (iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_DEV_FW_INFO)) {
815 		dump_data->type = cpu_to_le32(IWL_FW_ERROR_DUMP_DEV_FW_INFO);
816 		dump_data->len = cpu_to_le32(sizeof(*dump_info));
817 		dump_info = (void *)dump_data->data;
818 		dump_info->device_family =
819 			fwrt->trans->cfg->device_family ==
820 			IWL_DEVICE_FAMILY_7000 ?
821 				cpu_to_le32(IWL_FW_ERROR_DUMP_FAMILY_7) :
822 				cpu_to_le32(IWL_FW_ERROR_DUMP_FAMILY_8);
823 		dump_info->hw_step =
824 			cpu_to_le32(CSR_HW_REV_STEP(fwrt->trans->hw_rev));
825 		memcpy(dump_info->fw_human_readable, fwrt->fw->human_readable,
826 		       sizeof(dump_info->fw_human_readable));
827 		strncpy(dump_info->dev_human_readable, fwrt->trans->cfg->name,
828 			sizeof(dump_info->dev_human_readable) - 1);
829 		strncpy(dump_info->bus_human_readable, fwrt->dev->bus->name,
830 			sizeof(dump_info->bus_human_readable) - 1);
831 		dump_info->rt_status = cpu_to_le32(fwrt->dump.rt_status);
832 
833 		dump_data = iwl_fw_error_next_data(dump_data);
834 	}
835 
836 	if (iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_MEM_CFG)) {
837 		/* Dump shared memory configuration */
838 		dump_data->type = cpu_to_le32(IWL_FW_ERROR_DUMP_MEM_CFG);
839 		dump_data->len = cpu_to_le32(sizeof(*dump_smem_cfg));
840 		dump_smem_cfg = (void *)dump_data->data;
841 		dump_smem_cfg->num_lmacs = cpu_to_le32(mem_cfg->num_lmacs);
842 		dump_smem_cfg->num_txfifo_entries =
843 			cpu_to_le32(mem_cfg->num_txfifo_entries);
844 		for (i = 0; i < MAX_NUM_LMAC; i++) {
845 			int j;
846 			u32 *txf_size = mem_cfg->lmac[i].txfifo_size;
847 
848 			for (j = 0; j < TX_FIFO_MAX_NUM; j++)
849 				dump_smem_cfg->lmac[i].txfifo_size[j] =
850 					cpu_to_le32(txf_size[j]);
851 			dump_smem_cfg->lmac[i].rxfifo1_size =
852 				cpu_to_le32(mem_cfg->lmac[i].rxfifo1_size);
853 		}
854 		dump_smem_cfg->rxfifo2_size =
855 			cpu_to_le32(mem_cfg->rxfifo2_size);
856 		dump_smem_cfg->internal_txfifo_addr =
857 			cpu_to_le32(mem_cfg->internal_txfifo_addr);
858 		for (i = 0; i < TX_FIFO_INTERNAL_MAX_NUM; i++) {
859 			dump_smem_cfg->internal_txfifo_size[i] =
860 				cpu_to_le32(mem_cfg->internal_txfifo_size[i]);
861 		}
862 
863 		dump_data = iwl_fw_error_next_data(dump_data);
864 	}
865 
866 	/* We only dump the FIFOs if the FW is in error state */
867 	if (fifo_len) {
868 		iwl_fw_dump_rxf(fwrt, &dump_data);
869 		iwl_fw_dump_txf(fwrt, &dump_data);
870 		if (radio_len)
871 			iwl_read_radio_regs(fwrt, &dump_data);
872 	}
873 
874 	if (iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_ERROR_INFO) &&
875 	    fwrt->dump.desc) {
876 		dump_data->type = cpu_to_le32(IWL_FW_ERROR_DUMP_ERROR_INFO);
877 		dump_data->len = cpu_to_le32(sizeof(*dump_trig) +
878 					     fwrt->dump.desc->len);
879 		dump_trig = (void *)dump_data->data;
880 		memcpy(dump_trig, &fwrt->dump.desc->trig_desc,
881 		       sizeof(*dump_trig) + fwrt->dump.desc->len);
882 
883 		dump_data = iwl_fw_error_next_data(dump_data);
884 	}
885 
886 	/* In case we only want monitor dump, skip to dump trasport data */
887 	if (fwrt->dump.monitor_only)
888 		goto out;
889 
890 	if (iwl_fw_dbg_type_on(fwrt, IWL_FW_ERROR_DUMP_MEM)) {
891 		const struct iwl_fw_dbg_mem_seg_tlv *fw_dbg_mem =
892 			fwrt->fw->dbg.mem_tlv;
893 
894 		if (!fwrt->fw->dbg.n_mem_tlv)
895 			iwl_fw_dump_mem(fwrt, &dump_data, sram_len, sram_ofs,
896 					IWL_FW_ERROR_DUMP_MEM_SRAM);
897 
898 		for (i = 0; i < fwrt->fw->dbg.n_mem_tlv; i++) {
899 			u32 len = le32_to_cpu(fw_dbg_mem[i].len);
900 			u32 ofs = le32_to_cpu(fw_dbg_mem[i].ofs);
901 
902 			iwl_fw_dump_mem(fwrt, &dump_data, len, ofs,
903 					le32_to_cpu(fw_dbg_mem[i].data_type));
904 		}
905 
906 		iwl_fw_dump_mem(fwrt, &dump_data, smem_len,
907 				fwrt->trans->cfg->smem_offset,
908 				IWL_FW_ERROR_DUMP_MEM_SMEM);
909 
910 		iwl_fw_dump_mem(fwrt, &dump_data, sram2_len,
911 				fwrt->trans->cfg->dccm2_offset,
912 				IWL_FW_ERROR_DUMP_MEM_SRAM);
913 	}
914 
915 	if (iwl_fw_dbg_is_d3_debug_enabled(fwrt) && fwrt->dump.d3_debug_data) {
916 		u32 addr = fwrt->trans->cfg->d3_debug_data_base_addr;
917 		size_t data_size = fwrt->trans->cfg->d3_debug_data_length;
918 
919 		dump_data->type = cpu_to_le32(IWL_FW_ERROR_DUMP_D3_DEBUG_DATA);
920 		dump_data->len = cpu_to_le32(data_size * 2);
921 
922 		memcpy(dump_data->data, fwrt->dump.d3_debug_data, data_size);
923 
924 		kfree(fwrt->dump.d3_debug_data);
925 		fwrt->dump.d3_debug_data = NULL;
926 
927 		iwl_trans_read_mem_bytes(fwrt->trans, addr,
928 					 dump_data->data + data_size,
929 					 data_size);
930 
931 		dump_data = iwl_fw_error_next_data(dump_data);
932 	}
933 
934 	/* Dump fw's virtual image */
935 	if (iwl_fw_dbg_is_paging_enabled(fwrt))
936 		iwl_dump_paging(fwrt, &dump_data);
937 
938 	if (prph_len) {
939 		iwl_dump_prph(fwrt->trans, &dump_data,
940 			      iwl_prph_dump_addr_comm,
941 			      ARRAY_SIZE(iwl_prph_dump_addr_comm));
942 
943 		if (fwrt->trans->cfg->mq_rx_supported)
944 			iwl_dump_prph(fwrt->trans, &dump_data,
945 				      iwl_prph_dump_addr_9000,
946 				      ARRAY_SIZE(iwl_prph_dump_addr_9000));
947 	}
948 
949 out:
950 	dump_file->file_len = cpu_to_le32(file_len);
951 	return dump_file;
952 }
953 
954 static void iwl_dump_prph_ini(struct iwl_trans *trans,
955 			      struct iwl_fw_error_dump_data **data,
956 			      struct iwl_fw_ini_region_cfg *reg)
957 {
958 	struct iwl_fw_error_dump_prph *prph;
959 	unsigned long flags;
960 	u32 i, size = le32_to_cpu(reg->num_regions);
961 
962 	IWL_DEBUG_INFO(trans, "WRT PRPH dump\n");
963 
964 	if (!iwl_trans_grab_nic_access(trans, &flags))
965 		return;
966 
967 	for (i = 0; i < size; i++) {
968 		(*data)->type = cpu_to_le32(IWL_FW_ERROR_DUMP_PRPH);
969 		(*data)->len = cpu_to_le32(le32_to_cpu(reg->size) +
970 					   sizeof(*prph));
971 		prph = (void *)(*data)->data;
972 		prph->prph_start = reg->start_addr[i];
973 		prph->data[0] = cpu_to_le32(iwl_read_prph_no_grab(trans,
974 								  le32_to_cpu(prph->prph_start)));
975 		*data = iwl_fw_error_next_data(*data);
976 	}
977 	iwl_trans_release_nic_access(trans, &flags);
978 }
979 
980 static void iwl_dump_csr_ini(struct iwl_trans *trans,
981 			     struct iwl_fw_error_dump_data **data,
982 			     struct iwl_fw_ini_region_cfg *reg)
983 {
984 	int i, num = le32_to_cpu(reg->num_regions);
985 	u32 size = le32_to_cpu(reg->size);
986 
987 	IWL_DEBUG_INFO(trans, "WRT CSR dump\n");
988 
989 	for (i = 0; i < num; i++) {
990 		u32 add = le32_to_cpu(reg->start_addr[i]);
991 		__le32 *val;
992 		int j;
993 
994 		(*data)->type = cpu_to_le32(IWL_FW_ERROR_DUMP_CSR);
995 		(*data)->len = cpu_to_le32(size);
996 		val = (void *)(*data)->data;
997 
998 		for (j = 0; j < size; j += 4)
999 			*val++ = cpu_to_le32(iwl_trans_read32(trans, j + add));
1000 
1001 		*data = iwl_fw_error_next_data(*data);
1002 	}
1003 }
1004 
1005 static int iwl_fw_ini_get_trigger_len(struct iwl_fw_runtime *fwrt,
1006 				      struct iwl_fw_ini_trigger *trigger)
1007 {
1008 	int i, num, size = 0, hdr_len = sizeof(struct iwl_fw_error_dump_data);
1009 
1010 	if (!trigger || !trigger->num_regions)
1011 		return 0;
1012 
1013 	num = le32_to_cpu(trigger->num_regions);
1014 	for (i = 0; i < num; i++) {
1015 		u32 reg_id = le32_to_cpu(trigger->data[i]);
1016 		struct iwl_fw_ini_region_cfg *reg;
1017 		enum iwl_fw_ini_region_type type;
1018 		u32 num_entries;
1019 
1020 		if (WARN_ON(reg_id >= ARRAY_SIZE(fwrt->dump.active_regs)))
1021 			continue;
1022 
1023 		reg = fwrt->dump.active_regs[reg_id].reg;
1024 		if (WARN(!reg, "Unassigned region %d\n", reg_id))
1025 			continue;
1026 
1027 		type = le32_to_cpu(reg->region_type);
1028 		num_entries = le32_to_cpu(reg->num_regions);
1029 
1030 		switch (type) {
1031 		case IWL_FW_INI_REGION_DEVICE_MEMORY:
1032 			size += hdr_len +
1033 				sizeof(struct iwl_fw_error_dump_named_mem) +
1034 				le32_to_cpu(reg->size);
1035 			break;
1036 		case IWL_FW_INI_REGION_PERIPHERY_MAC:
1037 		case IWL_FW_INI_REGION_PERIPHERY_PHY:
1038 		case IWL_FW_INI_REGION_PERIPHERY_AUX:
1039 			size += num_entries *
1040 				(hdr_len +
1041 				 sizeof(struct iwl_fw_error_dump_prph) +
1042 				 sizeof(u32));
1043 			break;
1044 		case IWL_FW_INI_REGION_TXF:
1045 			size += iwl_fw_txf_len(fwrt, &fwrt->smem_cfg);
1046 			break;
1047 		case IWL_FW_INI_REGION_RXF:
1048 			size += iwl_fw_rxf_len(fwrt, &fwrt->smem_cfg);
1049 			break;
1050 		case IWL_FW_INI_REGION_PAGING:
1051 			if (!iwl_fw_dbg_is_paging_enabled(fwrt))
1052 				break;
1053 			size += fwrt->num_of_paging_blk *
1054 				(hdr_len +
1055 				 sizeof(struct iwl_fw_error_dump_paging) +
1056 				 PAGING_BLOCK_SIZE);
1057 			break;
1058 		case IWL_FW_INI_REGION_CSR:
1059 			size += num_entries *
1060 				(hdr_len + le32_to_cpu(reg->size));
1061 			break;
1062 		case IWL_FW_INI_REGION_DRAM_BUFFER:
1063 			/* Transport takes care of DRAM dumping */
1064 		case IWL_FW_INI_REGION_INTERNAL_BUFFER:
1065 		case IWL_FW_INI_REGION_DRAM_IMR:
1066 			/* Undefined yet */
1067 		default:
1068 			break;
1069 		}
1070 	}
1071 	return size;
1072 }
1073 
1074 static void iwl_fw_ini_dump_trigger(struct iwl_fw_runtime *fwrt,
1075 				    struct iwl_fw_ini_trigger *trigger,
1076 				    struct iwl_fw_error_dump_data **data,
1077 				    u32 *dump_mask)
1078 {
1079 	int i, num = le32_to_cpu(trigger->num_regions);
1080 
1081 	for (i = 0; i < num; i++) {
1082 		u32 reg_id = le32_to_cpu(trigger->data[i]);
1083 		enum iwl_fw_ini_region_type type;
1084 		struct iwl_fw_ini_region_cfg *reg;
1085 
1086 		if (reg_id >= ARRAY_SIZE(fwrt->dump.active_regs))
1087 			continue;
1088 
1089 		reg = fwrt->dump.active_regs[reg_id].reg;
1090 		/* Don't warn, get_trigger_len already warned */
1091 		if (!reg)
1092 			continue;
1093 
1094 		type = le32_to_cpu(reg->region_type);
1095 		switch (type) {
1096 		case IWL_FW_INI_REGION_DEVICE_MEMORY:
1097 			if (WARN_ON(le32_to_cpu(reg->num_regions) > 1))
1098 				continue;
1099 			iwl_fw_dump_named_mem(fwrt, data,
1100 					      le32_to_cpu(reg->size),
1101 					      le32_to_cpu(reg->start_addr[0]),
1102 					      reg->name,
1103 					      le32_to_cpu(reg->name_len));
1104 			break;
1105 		case IWL_FW_INI_REGION_PERIPHERY_MAC:
1106 		case IWL_FW_INI_REGION_PERIPHERY_PHY:
1107 		case IWL_FW_INI_REGION_PERIPHERY_AUX:
1108 			iwl_dump_prph_ini(fwrt->trans, data, reg);
1109 			break;
1110 		case IWL_FW_INI_REGION_DRAM_BUFFER:
1111 			*dump_mask |= IWL_FW_ERROR_DUMP_FW_MONITOR;
1112 			break;
1113 		case IWL_FW_INI_REGION_PAGING:
1114 			if (iwl_fw_dbg_is_paging_enabled(fwrt))
1115 				iwl_dump_paging(fwrt, data);
1116 			else
1117 				*dump_mask |= IWL_FW_ERROR_DUMP_PAGING;
1118 			break;
1119 		case IWL_FW_INI_REGION_TXF:
1120 			iwl_fw_dump_txf(fwrt, data);
1121 			break;
1122 		case IWL_FW_INI_REGION_RXF:
1123 			iwl_fw_dump_rxf(fwrt, data);
1124 			break;
1125 		case IWL_FW_INI_REGION_CSR:
1126 			iwl_dump_csr_ini(fwrt->trans, data, reg);
1127 			break;
1128 		case IWL_FW_INI_REGION_DRAM_IMR:
1129 		case IWL_FW_INI_REGION_INTERNAL_BUFFER:
1130 			/* This is undefined yet */
1131 		default:
1132 			break;
1133 		}
1134 	}
1135 }
1136 
1137 static struct iwl_fw_error_dump_file *
1138 _iwl_fw_error_ini_dump(struct iwl_fw_runtime *fwrt,
1139 		       struct iwl_fw_dump_ptrs *fw_error_dump,
1140 		       u32 *dump_mask)
1141 {
1142 	int size, id = le32_to_cpu(fwrt->dump.desc->trig_desc.type);
1143 	struct iwl_fw_error_dump_data *dump_data;
1144 	struct iwl_fw_error_dump_file *dump_file;
1145 	struct iwl_fw_ini_trigger *trigger, *ext;
1146 
1147 	if (id == FW_DBG_TRIGGER_FW_ASSERT)
1148 		id = IWL_FW_TRIGGER_ID_FW_ASSERT;
1149 	else if (id == FW_DBG_TRIGGER_USER)
1150 		id = IWL_FW_TRIGGER_ID_USER_TRIGGER;
1151 	else if (id < FW_DBG_TRIGGER_MAX)
1152 		return NULL;
1153 
1154 	if (WARN_ON(id >= ARRAY_SIZE(fwrt->dump.active_trigs)))
1155 		return NULL;
1156 
1157 	trigger = fwrt->dump.active_trigs[id].conf;
1158 	ext = fwrt->dump.active_trigs[id].conf_ext;
1159 
1160 	size = sizeof(*dump_file);
1161 	size += iwl_fw_ini_get_trigger_len(fwrt, trigger);
1162 	size += iwl_fw_ini_get_trigger_len(fwrt, ext);
1163 
1164 	if (!size)
1165 		return NULL;
1166 
1167 	dump_file = vzalloc(size);
1168 	if (!dump_file)
1169 		return NULL;
1170 
1171 	fw_error_dump->fwrt_ptr = dump_file;
1172 
1173 	dump_file->barker = cpu_to_le32(IWL_FW_ERROR_DUMP_BARKER);
1174 	dump_data = (void *)dump_file->data;
1175 	dump_file->file_len = cpu_to_le32(size);
1176 
1177 	*dump_mask = 0;
1178 	if (trigger)
1179 		iwl_fw_ini_dump_trigger(fwrt, trigger, &dump_data, dump_mask);
1180 	if (ext)
1181 		iwl_fw_ini_dump_trigger(fwrt, ext, &dump_data, dump_mask);
1182 
1183 	return dump_file;
1184 }
1185 
1186 void iwl_fw_error_dump(struct iwl_fw_runtime *fwrt)
1187 {
1188 	struct iwl_fw_dump_ptrs *fw_error_dump;
1189 	struct iwl_fw_error_dump_file *dump_file;
1190 	struct scatterlist *sg_dump_data;
1191 	u32 file_len;
1192 	u32 dump_mask = fwrt->fw->dbg.dump_mask;
1193 
1194 	IWL_DEBUG_INFO(fwrt, "WRT dump start\n");
1195 
1196 	/* there's no point in fw dump if the bus is dead */
1197 	if (test_bit(STATUS_TRANS_DEAD, &fwrt->trans->status)) {
1198 		IWL_ERR(fwrt, "Skip fw error dump since bus is dead\n");
1199 		goto out;
1200 	}
1201 
1202 	fw_error_dump = kzalloc(sizeof(*fw_error_dump), GFP_KERNEL);
1203 	if (!fw_error_dump)
1204 		goto out;
1205 
1206 	if (fwrt->trans->ini_valid)
1207 		dump_file = _iwl_fw_error_ini_dump(fwrt, fw_error_dump,
1208 						   &dump_mask);
1209 	else
1210 		dump_file = _iwl_fw_error_dump(fwrt, fw_error_dump);
1211 
1212 	if (!dump_file) {
1213 		kfree(fw_error_dump);
1214 		goto out;
1215 	}
1216 
1217 	if (!fwrt->trans->ini_valid && fwrt->dump.monitor_only)
1218 		dump_mask &= IWL_FW_ERROR_DUMP_FW_MONITOR;
1219 
1220 	fw_error_dump->trans_ptr = iwl_trans_dump_data(fwrt->trans, dump_mask);
1221 	file_len = le32_to_cpu(dump_file->file_len);
1222 	fw_error_dump->fwrt_len = file_len;
1223 	if (fw_error_dump->trans_ptr) {
1224 		file_len += fw_error_dump->trans_ptr->len;
1225 		dump_file->file_len = cpu_to_le32(file_len);
1226 	}
1227 
1228 	sg_dump_data = alloc_sgtable(file_len);
1229 	if (sg_dump_data) {
1230 		sg_pcopy_from_buffer(sg_dump_data,
1231 				     sg_nents(sg_dump_data),
1232 				     fw_error_dump->fwrt_ptr,
1233 				     fw_error_dump->fwrt_len, 0);
1234 		if (fw_error_dump->trans_ptr)
1235 			sg_pcopy_from_buffer(sg_dump_data,
1236 					     sg_nents(sg_dump_data),
1237 					     fw_error_dump->trans_ptr->data,
1238 					     fw_error_dump->trans_ptr->len,
1239 					     fw_error_dump->fwrt_len);
1240 		dev_coredumpsg(fwrt->trans->dev, sg_dump_data, file_len,
1241 			       GFP_KERNEL);
1242 	}
1243 	vfree(fw_error_dump->fwrt_ptr);
1244 	vfree(fw_error_dump->trans_ptr);
1245 	kfree(fw_error_dump);
1246 
1247 out:
1248 	iwl_fw_free_dump_desc(fwrt);
1249 	clear_bit(IWL_FWRT_STATUS_DUMPING, &fwrt->status);
1250 	IWL_DEBUG_INFO(fwrt, "WRT dump done\n");
1251 }
1252 IWL_EXPORT_SYMBOL(iwl_fw_error_dump);
1253 
1254 const struct iwl_fw_dump_desc iwl_dump_desc_assert = {
1255 	.trig_desc = {
1256 		.type = cpu_to_le32(FW_DBG_TRIGGER_FW_ASSERT),
1257 	},
1258 };
1259 IWL_EXPORT_SYMBOL(iwl_dump_desc_assert);
1260 
1261 void iwl_fw_assert_error_dump(struct iwl_fw_runtime *fwrt)
1262 {
1263 	IWL_INFO(fwrt, "error dump due to fw assert\n");
1264 	fwrt->dump.desc = &iwl_dump_desc_assert;
1265 	iwl_fw_error_dump(fwrt);
1266 }
1267 IWL_EXPORT_SYMBOL(iwl_fw_assert_error_dump);
1268 
1269 void iwl_fw_alive_error_dump(struct iwl_fw_runtime *fwrt)
1270 {
1271 	struct iwl_fw_dump_desc *iwl_dump_desc_no_alive =
1272 		kmalloc(sizeof(*iwl_dump_desc_no_alive), GFP_KERNEL);
1273 
1274 	if (!iwl_dump_desc_no_alive)
1275 		return;
1276 
1277 	iwl_dump_desc_no_alive->trig_desc.type =
1278 		cpu_to_le32(FW_DBG_TRIGGER_NO_ALIVE);
1279 	iwl_dump_desc_no_alive->len = 0;
1280 
1281 	if (WARN_ON(fwrt->dump.desc))
1282 		iwl_fw_free_dump_desc(fwrt);
1283 
1284 	IWL_WARN(fwrt, "Collecting data: trigger %d fired.\n",
1285 		 FW_DBG_TRIGGER_NO_ALIVE);
1286 
1287 	fwrt->dump.desc = iwl_dump_desc_no_alive;
1288 	iwl_fw_error_dump(fwrt);
1289 	clear_bit(IWL_FWRT_STATUS_WAIT_ALIVE, &fwrt->status);
1290 }
1291 IWL_EXPORT_SYMBOL(iwl_fw_alive_error_dump);
1292 
1293 int iwl_fw_dbg_collect_desc(struct iwl_fw_runtime *fwrt,
1294 			    const struct iwl_fw_dump_desc *desc,
1295 			    bool monitor_only,
1296 			    unsigned int delay)
1297 {
1298 	/*
1299 	 * If the loading of the FW completed successfully, the next step is to
1300 	 * get the SMEM config data. Thus, if fwrt->smem_cfg.num_lmacs is non
1301 	 * zero, the FW was already loaded successully. If the state is "NO_FW"
1302 	 * in such a case - exit, since FW may be dead. Otherwise, we
1303 	 * can try to collect the data, since FW might just not be fully
1304 	 * loaded (no "ALIVE" yet), and the debug data is accessible.
1305 	 *
1306 	 * Corner case: got the FW alive but crashed before getting the SMEM
1307 	 *	config. In such a case, due to HW access problems, we might
1308 	 *	collect garbage.
1309 	 */
1310 	if (fwrt->trans->state == IWL_TRANS_NO_FW &&
1311 	    fwrt->smem_cfg.num_lmacs)
1312 		return -EIO;
1313 
1314 	if (test_and_set_bit(IWL_FWRT_STATUS_DUMPING, &fwrt->status) ||
1315 	    test_bit(IWL_FWRT_STATUS_WAIT_ALIVE, &fwrt->status))
1316 		return -EBUSY;
1317 
1318 	if (WARN_ON(fwrt->dump.desc))
1319 		iwl_fw_free_dump_desc(fwrt);
1320 
1321 	IWL_WARN(fwrt, "Collecting data: trigger %d fired.\n",
1322 		 le32_to_cpu(desc->trig_desc.type));
1323 
1324 	fwrt->dump.desc = desc;
1325 	fwrt->dump.monitor_only = monitor_only;
1326 
1327 	schedule_delayed_work(&fwrt->dump.wk, delay);
1328 
1329 	return 0;
1330 }
1331 IWL_EXPORT_SYMBOL(iwl_fw_dbg_collect_desc);
1332 
1333 int _iwl_fw_dbg_collect(struct iwl_fw_runtime *fwrt,
1334 			enum iwl_fw_dbg_trigger trig,
1335 			const char *str, size_t len,
1336 			struct iwl_fw_dbg_trigger_tlv *trigger)
1337 {
1338 	struct iwl_fw_dump_desc *desc;
1339 	unsigned int delay = 0;
1340 	bool monitor_only = false;
1341 
1342 	if (trigger) {
1343 		u16 occurrences = le16_to_cpu(trigger->occurrences) - 1;
1344 
1345 		if (!le16_to_cpu(trigger->occurrences))
1346 			return 0;
1347 
1348 		if (trigger->flags & IWL_FW_DBG_FORCE_RESTART) {
1349 			IWL_WARN(fwrt, "Force restart: trigger %d fired.\n",
1350 				 trig);
1351 			iwl_force_nmi(fwrt->trans);
1352 			return 0;
1353 		}
1354 
1355 		trigger->occurrences = cpu_to_le16(occurrences);
1356 		delay = le16_to_cpu(trigger->trig_dis_ms);
1357 		monitor_only = trigger->mode & IWL_FW_DBG_TRIGGER_MONITOR_ONLY;
1358 	}
1359 
1360 	desc = kzalloc(sizeof(*desc) + len, GFP_ATOMIC);
1361 	if (!desc)
1362 		return -ENOMEM;
1363 
1364 
1365 	desc->len = len;
1366 	desc->trig_desc.type = cpu_to_le32(trig);
1367 	memcpy(desc->trig_desc.data, str, len);
1368 
1369 	return iwl_fw_dbg_collect_desc(fwrt, desc, monitor_only, delay);
1370 }
1371 IWL_EXPORT_SYMBOL(_iwl_fw_dbg_collect);
1372 
1373 int iwl_fw_dbg_collect(struct iwl_fw_runtime *fwrt,
1374 		       u32 id, const char *str, size_t len)
1375 {
1376 	struct iwl_fw_dump_desc *desc;
1377 	u32 occur, delay;
1378 
1379 	if (!fwrt->trans->ini_valid)
1380 		return _iwl_fw_dbg_collect(fwrt, id, str, len, NULL);
1381 
1382 	if (id == FW_DBG_TRIGGER_USER)
1383 		id = IWL_FW_TRIGGER_ID_USER_TRIGGER;
1384 
1385 	if (WARN_ON(!fwrt->dump.active_trigs[id].active))
1386 		return -EINVAL;
1387 
1388 	delay = le32_to_cpu(fwrt->dump.active_trigs[id].conf->ignore_consec);
1389 	occur = le32_to_cpu(fwrt->dump.active_trigs[id].conf->occurrences);
1390 	if (!occur)
1391 		return 0;
1392 
1393 	if (le32_to_cpu(fwrt->dump.active_trigs[id].conf->force_restart)) {
1394 		IWL_WARN(fwrt, "Force restart: trigger %d fired.\n", id);
1395 		iwl_force_nmi(fwrt->trans);
1396 		return 0;
1397 	}
1398 
1399 	desc = kzalloc(sizeof(*desc) + len, GFP_ATOMIC);
1400 	if (!desc)
1401 		return -ENOMEM;
1402 
1403 	occur--;
1404 	fwrt->dump.active_trigs[id].conf->occurrences = cpu_to_le32(occur);
1405 
1406 	desc->len = len;
1407 	desc->trig_desc.type = cpu_to_le32(id);
1408 	memcpy(desc->trig_desc.data, str, len);
1409 
1410 	return iwl_fw_dbg_collect_desc(fwrt, desc, true, delay);
1411 }
1412 IWL_EXPORT_SYMBOL(iwl_fw_dbg_collect);
1413 
1414 int iwl_fw_dbg_collect_trig(struct iwl_fw_runtime *fwrt,
1415 			    struct iwl_fw_dbg_trigger_tlv *trigger,
1416 			    const char *fmt, ...)
1417 {
1418 	int ret, len = 0;
1419 	char buf[64];
1420 
1421 	if (fwrt->trans->ini_valid)
1422 		return 0;
1423 
1424 	if (fmt) {
1425 		va_list ap;
1426 
1427 		buf[sizeof(buf) - 1] = '\0';
1428 
1429 		va_start(ap, fmt);
1430 		vsnprintf(buf, sizeof(buf), fmt, ap);
1431 		va_end(ap);
1432 
1433 		/* check for truncation */
1434 		if (WARN_ON_ONCE(buf[sizeof(buf) - 1]))
1435 			buf[sizeof(buf) - 1] = '\0';
1436 
1437 		len = strlen(buf) + 1;
1438 	}
1439 
1440 	ret = _iwl_fw_dbg_collect(fwrt, le32_to_cpu(trigger->id), buf, len,
1441 				  trigger);
1442 
1443 	if (ret)
1444 		return ret;
1445 
1446 	return 0;
1447 }
1448 IWL_EXPORT_SYMBOL(iwl_fw_dbg_collect_trig);
1449 
1450 int iwl_fw_start_dbg_conf(struct iwl_fw_runtime *fwrt, u8 conf_id)
1451 {
1452 	u8 *ptr;
1453 	int ret;
1454 	int i;
1455 
1456 	if (WARN_ONCE(conf_id >= ARRAY_SIZE(fwrt->fw->dbg.conf_tlv),
1457 		      "Invalid configuration %d\n", conf_id))
1458 		return -EINVAL;
1459 
1460 	/* EARLY START - firmware's configuration is hard coded */
1461 	if ((!fwrt->fw->dbg.conf_tlv[conf_id] ||
1462 	     !fwrt->fw->dbg.conf_tlv[conf_id]->num_of_hcmds) &&
1463 	    conf_id == FW_DBG_START_FROM_ALIVE)
1464 		return 0;
1465 
1466 	if (!fwrt->fw->dbg.conf_tlv[conf_id])
1467 		return -EINVAL;
1468 
1469 	if (fwrt->dump.conf != FW_DBG_INVALID)
1470 		IWL_WARN(fwrt, "FW already configured (%d) - re-configuring\n",
1471 			 fwrt->dump.conf);
1472 
1473 	/* Send all HCMDs for configuring the FW debug */
1474 	ptr = (void *)&fwrt->fw->dbg.conf_tlv[conf_id]->hcmd;
1475 	for (i = 0; i < fwrt->fw->dbg.conf_tlv[conf_id]->num_of_hcmds; i++) {
1476 		struct iwl_fw_dbg_conf_hcmd *cmd = (void *)ptr;
1477 		struct iwl_host_cmd hcmd = {
1478 			.id = cmd->id,
1479 			.len = { le16_to_cpu(cmd->len), },
1480 			.data = { cmd->data, },
1481 		};
1482 
1483 		ret = iwl_trans_send_cmd(fwrt->trans, &hcmd);
1484 		if (ret)
1485 			return ret;
1486 
1487 		ptr += sizeof(*cmd);
1488 		ptr += le16_to_cpu(cmd->len);
1489 	}
1490 
1491 	fwrt->dump.conf = conf_id;
1492 
1493 	return 0;
1494 }
1495 IWL_EXPORT_SYMBOL(iwl_fw_start_dbg_conf);
1496 
1497 /* this function assumes dump_start was called beforehand and dump_end will be
1498  * called afterwards
1499  */
1500 void iwl_fw_dbg_collect_sync(struct iwl_fw_runtime *fwrt)
1501 {
1502 	struct iwl_fw_dbg_params params = {0};
1503 
1504 	if (!test_bit(IWL_FWRT_STATUS_DUMPING, &fwrt->status))
1505 		return;
1506 
1507 	if (fwrt->ops && fwrt->ops->fw_running &&
1508 	    !fwrt->ops->fw_running(fwrt->ops_ctx)) {
1509 		IWL_ERR(fwrt, "Firmware not running - cannot dump error\n");
1510 		iwl_fw_free_dump_desc(fwrt);
1511 		clear_bit(IWL_FWRT_STATUS_DUMPING, &fwrt->status);
1512 		return;
1513 	}
1514 
1515 	iwl_fw_dbg_stop_recording(fwrt, &params);
1516 
1517 	iwl_fw_error_dump(fwrt);
1518 
1519 	/* start recording again if the firmware is not crashed */
1520 	if (!test_bit(STATUS_FW_ERROR, &fwrt->trans->status) &&
1521 	    fwrt->fw->dbg.dest_tlv) {
1522 		/* wait before we collect the data till the DBGC stop */
1523 		udelay(500);
1524 		iwl_fw_dbg_restart_recording(fwrt, &params);
1525 	}
1526 }
1527 IWL_EXPORT_SYMBOL(iwl_fw_dbg_collect_sync);
1528 
1529 void iwl_fw_error_dump_wk(struct work_struct *work)
1530 {
1531 	struct iwl_fw_runtime *fwrt =
1532 		container_of(work, struct iwl_fw_runtime, dump.wk.work);
1533 
1534 	if (fwrt->ops && fwrt->ops->dump_start &&
1535 	    fwrt->ops->dump_start(fwrt->ops_ctx))
1536 		return;
1537 
1538 	iwl_fw_dbg_collect_sync(fwrt);
1539 
1540 	if (fwrt->ops && fwrt->ops->dump_end)
1541 		fwrt->ops->dump_end(fwrt->ops_ctx);
1542 }
1543 
1544 void iwl_fw_dbg_read_d3_debug_data(struct iwl_fw_runtime *fwrt)
1545 {
1546 	const struct iwl_cfg *cfg = fwrt->trans->cfg;
1547 
1548 	if (!iwl_fw_dbg_is_d3_debug_enabled(fwrt))
1549 		return;
1550 
1551 	if (!fwrt->dump.d3_debug_data) {
1552 		fwrt->dump.d3_debug_data = kmalloc(cfg->d3_debug_data_length,
1553 						   GFP_KERNEL);
1554 		if (!fwrt->dump.d3_debug_data) {
1555 			IWL_ERR(fwrt,
1556 				"failed to allocate memory for D3 debug data\n");
1557 			return;
1558 		}
1559 	}
1560 
1561 	/* if the buffer holds previous debug data it is overwritten */
1562 	iwl_trans_read_mem_bytes(fwrt->trans, cfg->d3_debug_data_base_addr,
1563 				 fwrt->dump.d3_debug_data,
1564 				 cfg->d3_debug_data_length);
1565 }
1566 IWL_EXPORT_SYMBOL(iwl_fw_dbg_read_d3_debug_data);
1567 
1568 static void
1569 iwl_fw_dbg_buffer_allocation(struct iwl_fw_runtime *fwrt,
1570 			     struct iwl_fw_ini_allocation_tlv *alloc)
1571 {
1572 	struct iwl_trans *trans = fwrt->trans;
1573 	struct iwl_continuous_record_cmd cont_rec = {};
1574 	struct iwl_buffer_allocation_cmd *cmd = (void *)&cont_rec.pad[0];
1575 	struct iwl_host_cmd hcmd = {
1576 		.id = LDBG_CONFIG_CMD,
1577 		.flags = CMD_ASYNC,
1578 		.data[0] = &cont_rec,
1579 		.len[0] = sizeof(cont_rec),
1580 	};
1581 	void *virtual_addr = NULL;
1582 	u32 size = le32_to_cpu(alloc->size);
1583 	dma_addr_t phys_addr;
1584 
1585 	cont_rec.record_mode.enable_recording = cpu_to_le16(BUFFER_ALLOCATION);
1586 
1587 	if (!trans->num_blocks &&
1588 	    le32_to_cpu(alloc->buffer_location) !=
1589 	    IWL_FW_INI_LOCATION_DRAM_PATH)
1590 		return;
1591 
1592 	virtual_addr = dma_alloc_coherent(fwrt->trans->dev, size,
1593 					  &phys_addr, GFP_KERNEL);
1594 
1595 	/* TODO: alloc fragments if needed */
1596 	if (!virtual_addr)
1597 		IWL_ERR(fwrt, "Failed to allocate debug memory\n");
1598 
1599 	if (WARN_ON_ONCE(trans->num_blocks == ARRAY_SIZE(trans->fw_mon)))
1600 		return;
1601 
1602 	trans->fw_mon[trans->num_blocks].block = virtual_addr;
1603 	trans->fw_mon[trans->num_blocks].physical = phys_addr;
1604 	trans->fw_mon[trans->num_blocks].size = size;
1605 	trans->num_blocks++;
1606 
1607 	IWL_DEBUG_FW(trans, "Allocated debug block of size %d\n", size);
1608 
1609 	/* First block is assigned via registers / context info */
1610 	if (trans->num_blocks == 1)
1611 		return;
1612 
1613 	cmd->num_frags = cpu_to_le32(1);
1614 	cmd->fragments[0].address = cpu_to_le64(phys_addr);
1615 	cmd->fragments[0].size = alloc->size;
1616 	cmd->allocation_id = alloc->allocation_id;
1617 	cmd->buffer_location = alloc->buffer_location;
1618 
1619 	iwl_trans_send_cmd(trans, &hcmd);
1620 }
1621 
1622 static void iwl_fw_dbg_send_hcmd(struct iwl_fw_runtime *fwrt,
1623 				 struct iwl_ucode_tlv *tlv)
1624 {
1625 	struct iwl_fw_ini_hcmd_tlv *hcmd_tlv = (void *)&tlv->data[0];
1626 	struct iwl_fw_ini_hcmd *data = &hcmd_tlv->hcmd;
1627 	u16 len = le32_to_cpu(tlv->length) - sizeof(*hcmd_tlv);
1628 
1629 	struct iwl_host_cmd hcmd = {
1630 		.id = WIDE_ID(data->group, data->id),
1631 		.len = { len, },
1632 		.data = { data->data, },
1633 	};
1634 
1635 	iwl_trans_send_cmd(fwrt->trans, &hcmd);
1636 }
1637 
1638 static void iwl_fw_dbg_update_regions(struct iwl_fw_runtime *fwrt,
1639 				      struct iwl_fw_ini_region_tlv *tlv,
1640 				      bool ext, enum iwl_fw_ini_apply_point pnt)
1641 {
1642 	void *iter = (void *)tlv->region_config;
1643 	int i, size = le32_to_cpu(tlv->num_regions);
1644 
1645 	for (i = 0; i < size; i++) {
1646 		struct iwl_fw_ini_region_cfg *reg = iter;
1647 		int id = le32_to_cpu(reg->region_id);
1648 		struct iwl_fw_ini_active_regs *active;
1649 
1650 		if (WARN(id >= ARRAY_SIZE(fwrt->dump.active_regs),
1651 			 "Invalid region id %d for apply point %d\n", id, pnt))
1652 			break;
1653 
1654 		active = &fwrt->dump.active_regs[id];
1655 
1656 		if (ext && active->apply_point == pnt)
1657 			IWL_WARN(fwrt->trans,
1658 				 "External region TLV overrides FW default %x\n",
1659 				 id);
1660 
1661 		IWL_DEBUG_FW(fwrt,
1662 			     "%s: apply point %d, activating region ID %d\n",
1663 			     __func__, pnt, id);
1664 
1665 		active->reg = reg;
1666 		active->apply_point = pnt;
1667 
1668 		if (le32_to_cpu(reg->region_type) !=
1669 		    IWL_FW_INI_REGION_DRAM_BUFFER)
1670 			iter += le32_to_cpu(reg->num_regions) * sizeof(__le32);
1671 
1672 		iter += sizeof(*reg);
1673 	}
1674 }
1675 
1676 static void iwl_fw_dbg_update_triggers(struct iwl_fw_runtime *fwrt,
1677 				       struct iwl_fw_ini_trigger_tlv *tlv,
1678 				       bool ext,
1679 				       enum iwl_fw_ini_apply_point apply_point)
1680 {
1681 	int i, size = le32_to_cpu(tlv->num_triggers);
1682 	void *iter = (void *)tlv->trigger_config;
1683 
1684 	for (i = 0; i < size; i++) {
1685 		struct iwl_fw_ini_trigger *trig = iter;
1686 		struct iwl_fw_ini_active_triggers *active;
1687 		int id = le32_to_cpu(trig->trigger_id);
1688 		u32 num;
1689 
1690 		if (WARN_ON(id >= ARRAY_SIZE(fwrt->dump.active_trigs)))
1691 			break;
1692 
1693 		active = &fwrt->dump.active_trigs[id];
1694 
1695 		if (active->apply_point != apply_point) {
1696 			active->conf = NULL;
1697 			active->conf_ext = NULL;
1698 		}
1699 
1700 		num = le32_to_cpu(trig->num_regions);
1701 
1702 		if (ext && active->apply_point == apply_point) {
1703 			num += le32_to_cpu(active->conf->num_regions);
1704 			if (trig->ignore_default) {
1705 				active->conf_ext = active->conf;
1706 				active->conf = trig;
1707 			} else {
1708 				active->conf_ext = trig;
1709 			}
1710 		} else {
1711 			active->conf = trig;
1712 		}
1713 
1714 		/* Since zero means infinity - just set to -1 */
1715 		if (!le32_to_cpu(trig->occurrences))
1716 			trig->occurrences = cpu_to_le32(-1);
1717 		if (!le32_to_cpu(trig->ignore_consec))
1718 			trig->ignore_consec = cpu_to_le32(-1);
1719 
1720 		iter += sizeof(*trig) +
1721 			le32_to_cpu(trig->num_regions) * sizeof(__le32);
1722 
1723 		active->active = num;
1724 		active->apply_point = apply_point;
1725 	}
1726 }
1727 
1728 static void _iwl_fw_dbg_apply_point(struct iwl_fw_runtime *fwrt,
1729 				    struct iwl_apply_point_data *data,
1730 				    enum iwl_fw_ini_apply_point pnt,
1731 				    bool ext)
1732 {
1733 	void *iter = data->data;
1734 
1735 	while (iter && iter < data->data + data->size) {
1736 		struct iwl_ucode_tlv *tlv = iter;
1737 		void *ini_tlv = (void *)tlv->data;
1738 		u32 type = le32_to_cpu(tlv->type);
1739 
1740 		switch (type) {
1741 		case IWL_UCODE_TLV_TYPE_BUFFER_ALLOCATION:
1742 			iwl_fw_dbg_buffer_allocation(fwrt, ini_tlv);
1743 			break;
1744 		case IWL_UCODE_TLV_TYPE_HCMD:
1745 			if (pnt < IWL_FW_INI_APPLY_AFTER_ALIVE) {
1746 				IWL_ERR(fwrt,
1747 					"Invalid apply point %x for host command\n",
1748 					pnt);
1749 				goto next;
1750 			}
1751 			iwl_fw_dbg_send_hcmd(fwrt, tlv);
1752 			break;
1753 		case IWL_UCODE_TLV_TYPE_REGIONS:
1754 			iwl_fw_dbg_update_regions(fwrt, ini_tlv, ext, pnt);
1755 			break;
1756 		case IWL_UCODE_TLV_TYPE_TRIGGERS:
1757 			iwl_fw_dbg_update_triggers(fwrt, ini_tlv, ext, pnt);
1758 			break;
1759 		case IWL_UCODE_TLV_TYPE_DEBUG_FLOW:
1760 			break;
1761 		default:
1762 			WARN_ONCE(1, "Invalid TLV %x for apply point\n", type);
1763 			break;
1764 		}
1765 next:
1766 		iter += sizeof(*tlv) + le32_to_cpu(tlv->length);
1767 	}
1768 }
1769 
1770 void iwl_fw_dbg_apply_point(struct iwl_fw_runtime *fwrt,
1771 			    enum iwl_fw_ini_apply_point apply_point)
1772 {
1773 	void *data = &fwrt->trans->apply_points[apply_point];
1774 
1775 	_iwl_fw_dbg_apply_point(fwrt, data, apply_point, false);
1776 
1777 	data = &fwrt->trans->apply_points_ext[apply_point];
1778 	_iwl_fw_dbg_apply_point(fwrt, data, apply_point, true);
1779 }
1780 IWL_EXPORT_SYMBOL(iwl_fw_dbg_apply_point);
1781