1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 2 /* 3 * Copyright(c) 2020-2021 Intel Corporation 4 */ 5 6 #include "iwl-drv.h" 7 #include "pnvm.h" 8 #include "iwl-prph.h" 9 #include "iwl-io.h" 10 #include "fw/api/commands.h" 11 #include "fw/api/nvm-reg.h" 12 #include "fw/api/alive.h" 13 #include <linux/efi.h> 14 15 struct iwl_pnvm_section { 16 __le32 offset; 17 const u8 data[]; 18 } __packed; 19 20 static bool iwl_pnvm_complete_fn(struct iwl_notif_wait_data *notif_wait, 21 struct iwl_rx_packet *pkt, void *data) 22 { 23 struct iwl_trans *trans = (struct iwl_trans *)data; 24 struct iwl_pnvm_init_complete_ntfy *pnvm_ntf = (void *)pkt->data; 25 26 IWL_DEBUG_FW(trans, 27 "PNVM complete notification received with status %d\n", 28 le32_to_cpu(pnvm_ntf->status)); 29 30 return true; 31 } 32 33 static int iwl_pnvm_handle_section(struct iwl_trans *trans, const u8 *data, 34 size_t len) 35 { 36 struct iwl_ucode_tlv *tlv; 37 u32 sha1 = 0; 38 u16 mac_type = 0, rf_id = 0; 39 u8 *pnvm_data = NULL, *tmp; 40 u32 size = 0; 41 int ret; 42 43 IWL_DEBUG_FW(trans, "Handling PNVM section\n"); 44 45 while (len >= sizeof(*tlv)) { 46 u32 tlv_len, tlv_type; 47 48 len -= sizeof(*tlv); 49 tlv = (void *)data; 50 51 tlv_len = le32_to_cpu(tlv->length); 52 tlv_type = le32_to_cpu(tlv->type); 53 54 if (len < tlv_len) { 55 IWL_ERR(trans, "invalid TLV len: %zd/%u\n", 56 len, tlv_len); 57 ret = -EINVAL; 58 goto out; 59 } 60 61 data += sizeof(*tlv); 62 63 switch (tlv_type) { 64 case IWL_UCODE_TLV_PNVM_VERSION: 65 if (tlv_len < sizeof(__le32)) { 66 IWL_DEBUG_FW(trans, 67 "Invalid size for IWL_UCODE_TLV_PNVM_VERSION (expected %zd, got %d)\n", 68 sizeof(__le32), tlv_len); 69 break; 70 } 71 72 sha1 = le32_to_cpup((__le32 *)data); 73 74 IWL_DEBUG_FW(trans, 75 "Got IWL_UCODE_TLV_PNVM_VERSION %0x\n", 76 sha1); 77 break; 78 case IWL_UCODE_TLV_HW_TYPE: 79 if (tlv_len < 2 * sizeof(__le16)) { 80 IWL_DEBUG_FW(trans, 81 "Invalid size for IWL_UCODE_TLV_HW_TYPE (expected %zd, got %d)\n", 82 2 * sizeof(__le16), tlv_len); 83 break; 84 } 85 86 mac_type = le16_to_cpup((__le16 *)data); 87 rf_id = le16_to_cpup((__le16 *)(data + sizeof(__le16))); 88 89 IWL_DEBUG_FW(trans, 90 "Got IWL_UCODE_TLV_HW_TYPE mac_type 0x%0x rf_id 0x%0x\n", 91 mac_type, rf_id); 92 93 if (mac_type != CSR_HW_REV_TYPE(trans->hw_rev) || 94 rf_id != CSR_HW_RFID_TYPE(trans->hw_rf_id)) { 95 IWL_DEBUG_FW(trans, 96 "HW mismatch, skipping PNVM section, mac_type 0x%0x, rf_id 0x%0x.\n", 97 CSR_HW_REV_TYPE(trans->hw_rev), trans->hw_rf_id); 98 ret = -ENOENT; 99 goto out; 100 } 101 102 break; 103 case IWL_UCODE_TLV_SEC_RT: { 104 struct iwl_pnvm_section *section = (void *)data; 105 u32 data_len = tlv_len - sizeof(*section); 106 107 IWL_DEBUG_FW(trans, 108 "Got IWL_UCODE_TLV_SEC_RT len %d\n", 109 tlv_len); 110 111 /* TODO: remove, this is a deprecated separator */ 112 if (le32_to_cpup((__le32 *)data) == 0xddddeeee) { 113 IWL_DEBUG_FW(trans, "Ignoring separator.\n"); 114 break; 115 } 116 117 IWL_DEBUG_FW(trans, "Adding data (size %d)\n", 118 data_len); 119 120 tmp = krealloc(pnvm_data, size + data_len, GFP_KERNEL); 121 if (!tmp) { 122 IWL_DEBUG_FW(trans, 123 "Couldn't allocate (more) pnvm_data\n"); 124 125 ret = -ENOMEM; 126 goto out; 127 } 128 129 pnvm_data = tmp; 130 131 memcpy(pnvm_data + size, section->data, data_len); 132 133 size += data_len; 134 135 break; 136 } 137 case IWL_UCODE_TLV_PNVM_SKU: 138 IWL_DEBUG_FW(trans, 139 "New PNVM section started, stop parsing.\n"); 140 goto done; 141 default: 142 IWL_DEBUG_FW(trans, "Found TLV 0x%0x, len %d\n", 143 tlv_type, tlv_len); 144 break; 145 } 146 147 len -= ALIGN(tlv_len, 4); 148 data += ALIGN(tlv_len, 4); 149 } 150 151 done: 152 if (!size) { 153 IWL_DEBUG_FW(trans, "Empty PNVM, skipping.\n"); 154 ret = -ENOENT; 155 goto out; 156 } 157 158 IWL_INFO(trans, "loaded PNVM version 0x%0x\n", sha1); 159 160 ret = iwl_trans_set_pnvm(trans, pnvm_data, size); 161 out: 162 kfree(pnvm_data); 163 return ret; 164 } 165 166 static int iwl_pnvm_parse(struct iwl_trans *trans, const u8 *data, 167 size_t len) 168 { 169 struct iwl_ucode_tlv *tlv; 170 171 IWL_DEBUG_FW(trans, "Parsing PNVM file\n"); 172 173 while (len >= sizeof(*tlv)) { 174 u32 tlv_len, tlv_type; 175 176 len -= sizeof(*tlv); 177 tlv = (void *)data; 178 179 tlv_len = le32_to_cpu(tlv->length); 180 tlv_type = le32_to_cpu(tlv->type); 181 182 if (len < tlv_len) { 183 IWL_ERR(trans, "invalid TLV len: %zd/%u\n", 184 len, tlv_len); 185 return -EINVAL; 186 } 187 188 if (tlv_type == IWL_UCODE_TLV_PNVM_SKU) { 189 struct iwl_sku_id *sku_id = 190 (void *)(data + sizeof(*tlv)); 191 192 IWL_DEBUG_FW(trans, 193 "Got IWL_UCODE_TLV_PNVM_SKU len %d\n", 194 tlv_len); 195 IWL_DEBUG_FW(trans, "sku_id 0x%0x 0x%0x 0x%0x\n", 196 le32_to_cpu(sku_id->data[0]), 197 le32_to_cpu(sku_id->data[1]), 198 le32_to_cpu(sku_id->data[2])); 199 200 data += sizeof(*tlv) + ALIGN(tlv_len, 4); 201 len -= ALIGN(tlv_len, 4); 202 203 if (trans->sku_id[0] == le32_to_cpu(sku_id->data[0]) && 204 trans->sku_id[1] == le32_to_cpu(sku_id->data[1]) && 205 trans->sku_id[2] == le32_to_cpu(sku_id->data[2])) { 206 int ret; 207 208 ret = iwl_pnvm_handle_section(trans, data, len); 209 if (!ret) 210 return 0; 211 } else { 212 IWL_DEBUG_FW(trans, "SKU ID didn't match!\n"); 213 } 214 } else { 215 data += sizeof(*tlv) + ALIGN(tlv_len, 4); 216 len -= ALIGN(tlv_len, 4); 217 } 218 } 219 220 return -ENOENT; 221 } 222 223 #if defined(CONFIG_EFI) 224 225 #define IWL_EFI_VAR_GUID EFI_GUID(0x92daaf2f, 0xc02b, 0x455b, \ 226 0xb2, 0xec, 0xf5, 0xa3, \ 227 0x59, 0x4f, 0x4a, 0xea) 228 229 #define IWL_UEFI_OEM_PNVM_NAME L"UefiCnvWlanOemSignedPnvm" 230 231 #define IWL_HARDCODED_PNVM_SIZE 4096 232 233 struct pnvm_sku_package { 234 u8 rev; 235 u8 reserved1[3]; 236 u32 total_size; 237 u8 n_skus; 238 u8 reserved2[11]; 239 u8 data[]; 240 }; 241 242 static int iwl_pnvm_get_from_efi(struct iwl_trans *trans, 243 u8 **data, size_t *len) 244 { 245 struct efivar_entry *pnvm_efivar; 246 struct pnvm_sku_package *package; 247 unsigned long package_size; 248 int err; 249 250 pnvm_efivar = kzalloc(sizeof(*pnvm_efivar), GFP_KERNEL); 251 if (!pnvm_efivar) 252 return -ENOMEM; 253 254 memcpy(&pnvm_efivar->var.VariableName, IWL_UEFI_OEM_PNVM_NAME, 255 sizeof(IWL_UEFI_OEM_PNVM_NAME)); 256 pnvm_efivar->var.VendorGuid = IWL_EFI_VAR_GUID; 257 258 /* 259 * TODO: we hardcode a maximum length here, because reading 260 * from the UEFI is not working. To implement this properly, 261 * we have to call efivar_entry_size(). 262 */ 263 package_size = IWL_HARDCODED_PNVM_SIZE; 264 265 package = kmalloc(package_size, GFP_KERNEL); 266 if (!package) { 267 err = -ENOMEM; 268 goto out; 269 } 270 271 err = efivar_entry_get(pnvm_efivar, NULL, &package_size, package); 272 if (err) { 273 IWL_DEBUG_FW(trans, 274 "PNVM UEFI variable not found %d (len %lu)\n", 275 err, package_size); 276 goto out; 277 } 278 279 IWL_DEBUG_FW(trans, "Read PNVM fro UEFI with size %lu\n", package_size); 280 281 *data = kmemdup(package->data, *len, GFP_KERNEL); 282 if (!*data) 283 err = -ENOMEM; 284 *len = package_size - sizeof(*package); 285 286 out: 287 kfree(package); 288 kfree(pnvm_efivar); 289 290 return err; 291 } 292 #else /* CONFIG_EFI */ 293 static inline int iwl_pnvm_get_from_efi(struct iwl_trans *trans, 294 u8 **data, size_t *len) 295 { 296 return -EOPNOTSUPP; 297 } 298 #endif /* CONFIG_EFI */ 299 300 static int iwl_pnvm_get_from_fs(struct iwl_trans *trans, u8 **data, size_t *len) 301 { 302 const struct firmware *pnvm; 303 char pnvm_name[64]; 304 int ret; 305 306 /* 307 * The prefix unfortunately includes a hyphen at the end, so 308 * don't add the dot here... 309 */ 310 snprintf(pnvm_name, sizeof(pnvm_name), "%spnvm", 311 trans->cfg->fw_name_pre); 312 313 /* ...but replace the hyphen with the dot here. */ 314 if (strlen(trans->cfg->fw_name_pre) < sizeof(pnvm_name)) 315 pnvm_name[strlen(trans->cfg->fw_name_pre) - 1] = '.'; 316 317 ret = firmware_request_nowarn(&pnvm, pnvm_name, trans->dev); 318 if (ret) { 319 IWL_DEBUG_FW(trans, "PNVM file %s not found %d\n", 320 pnvm_name, ret); 321 return ret; 322 } 323 324 *data = kmemdup(pnvm->data, pnvm->size, GFP_KERNEL); 325 if (!*data) 326 return -ENOMEM; 327 328 *len = pnvm->size; 329 330 return 0; 331 } 332 333 int iwl_pnvm_load(struct iwl_trans *trans, 334 struct iwl_notif_wait_data *notif_wait) 335 { 336 u8 *data; 337 size_t len; 338 struct iwl_notification_wait pnvm_wait; 339 static const u16 ntf_cmds[] = { WIDE_ID(REGULATORY_AND_NVM_GROUP, 340 PNVM_INIT_COMPLETE_NTFY) }; 341 int ret; 342 343 /* if the SKU_ID is empty, there's nothing to do */ 344 if (!trans->sku_id[0] && !trans->sku_id[1] && !trans->sku_id[2]) 345 return 0; 346 347 /* 348 * If we already loaded (or tried to load) it before, we just 349 * need to set it again. 350 */ 351 if (trans->pnvm_loaded) { 352 ret = iwl_trans_set_pnvm(trans, NULL, 0); 353 if (ret) 354 return ret; 355 goto skip_parse; 356 } 357 358 /* First attempt to get the PNVM from BIOS */ 359 ret = iwl_pnvm_get_from_efi(trans, &data, &len); 360 if (!ret) 361 goto parse; 362 363 /* If it's not available, try from the filesystem */ 364 ret = iwl_pnvm_get_from_fs(trans, &data, &len); 365 if (ret) { 366 /* 367 * Pretend we've loaded it - at least we've tried and 368 * couldn't load it at all, so there's no point in 369 * trying again over and over. 370 */ 371 trans->pnvm_loaded = true; 372 373 goto skip_parse; 374 } 375 376 parse: 377 iwl_pnvm_parse(trans, data, len); 378 379 kfree(data); 380 381 skip_parse: 382 iwl_init_notification_wait(notif_wait, &pnvm_wait, 383 ntf_cmds, ARRAY_SIZE(ntf_cmds), 384 iwl_pnvm_complete_fn, trans); 385 386 /* kick the doorbell */ 387 iwl_write_umac_prph(trans, UREG_DOORBELL_TO_ISR6, 388 UREG_DOORBELL_TO_ISR6_PNVM); 389 390 return iwl_wait_notification(notif_wait, &pnvm_wait, 391 MVM_UCODE_PNVM_TIMEOUT); 392 } 393 IWL_EXPORT_SYMBOL(iwl_pnvm_load); 394