if_iwm.c revision 330171
1/* $OpenBSD: if_iwm.c,v 1.42 2015/05/30 02:49:23 deraadt Exp $ */ 2 3/* 4 * Copyright (c) 2014 genua mbh <info@genua.de> 5 * Copyright (c) 2014 Fixup Software Ltd. 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20/*- 21 * Based on BSD-licensed source modules in the Linux iwlwifi driver, 22 * which were used as the reference documentation for this implementation. 23 * 24 * Driver version we are currently based off of is 25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd) 26 * 27 *********************************************************************** 28 * 29 * This file is provided under a dual BSD/GPLv2 license. When using or 30 * redistributing this file, you may do so under either license. 31 * 32 * GPL LICENSE SUMMARY 33 * 34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved. 35 * 36 * This program is free software; you can redistribute it and/or modify 37 * it under the terms of version 2 of the GNU General Public License as 38 * published by the Free Software Foundation. 39 * 40 * This program is distributed in the hope that it will be useful, but 41 * WITHOUT ANY WARRANTY; without even the implied warranty of 42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 43 * General Public License for more details. 44 * 45 * You should have received a copy of the GNU General Public License 46 * along with this program; if not, write to the Free Software 47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 48 * USA 49 * 50 * The full GNU General Public License is included in this distribution 51 * in the file called COPYING. 52 * 53 * Contact Information: 54 * Intel Linux Wireless <ilw@linux.intel.com> 55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 56 * 57 * 58 * BSD LICENSE 59 * 60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved. 61 * All rights reserved. 62 * 63 * Redistribution and use in source and binary forms, with or without 64 * modification, are permitted provided that the following conditions 65 * are met: 66 * 67 * * Redistributions of source code must retain the above copyright 68 * notice, this list of conditions and the following disclaimer. 69 * * Redistributions in binary form must reproduce the above copyright 70 * notice, this list of conditions and the following disclaimer in 71 * the documentation and/or other materials provided with the 72 * distribution. 73 * * Neither the name Intel Corporation nor the names of its 74 * contributors may be used to endorse or promote products derived 75 * from this software without specific prior written permission. 76 * 77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 88 */ 89 90/*- 91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 92 * 93 * Permission to use, copy, modify, and distribute this software for any 94 * purpose with or without fee is hereby granted, provided that the above 95 * copyright notice and this permission notice appear in all copies. 96 * 97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 104 */ 105#include <sys/cdefs.h> 106__FBSDID("$FreeBSD: stable/11/sys/dev/iwm/if_iwm.c 330171 2018-03-01 05:49:32Z eadler $"); 107 108#include "opt_wlan.h" 109 110#include <sys/param.h> 111#include <sys/bus.h> 112#include <sys/conf.h> 113#include <sys/endian.h> 114#include <sys/firmware.h> 115#include <sys/kernel.h> 116#include <sys/malloc.h> 117#include <sys/mbuf.h> 118#include <sys/mutex.h> 119#include <sys/module.h> 120#include <sys/proc.h> 121#include <sys/rman.h> 122#include <sys/socket.h> 123#include <sys/sockio.h> 124#include <sys/sysctl.h> 125#include <sys/linker.h> 126 127#include <machine/bus.h> 128#include <machine/endian.h> 129#include <machine/resource.h> 130 131#include <dev/pci/pcivar.h> 132#include <dev/pci/pcireg.h> 133 134#include <net/bpf.h> 135 136#include <net/if.h> 137#include <net/if_var.h> 138#include <net/if_arp.h> 139#include <net/if_dl.h> 140#include <net/if_media.h> 141#include <net/if_types.h> 142 143#include <netinet/in.h> 144#include <netinet/in_systm.h> 145#include <netinet/if_ether.h> 146#include <netinet/ip.h> 147 148#include <net80211/ieee80211_var.h> 149#include <net80211/ieee80211_regdomain.h> 150#include <net80211/ieee80211_ratectl.h> 151#include <net80211/ieee80211_radiotap.h> 152 153#include <dev/iwm/if_iwmreg.h> 154#include <dev/iwm/if_iwmvar.h> 155#include <dev/iwm/if_iwm_debug.h> 156#include <dev/iwm/if_iwm_notif_wait.h> 157#include <dev/iwm/if_iwm_util.h> 158#include <dev/iwm/if_iwm_binding.h> 159#include <dev/iwm/if_iwm_phy_db.h> 160#include <dev/iwm/if_iwm_mac_ctxt.h> 161#include <dev/iwm/if_iwm_phy_ctxt.h> 162#include <dev/iwm/if_iwm_time_event.h> 163#include <dev/iwm/if_iwm_power.h> 164#include <dev/iwm/if_iwm_scan.h> 165 166#include <dev/iwm/if_iwm_pcie_trans.h> 167#include <dev/iwm/if_iwm_led.h> 168 169#define IWM_NVM_HW_SECTION_NUM_FAMILY_7000 0 170#define IWM_NVM_HW_SECTION_NUM_FAMILY_8000 10 171 172/* lower blocks contain EEPROM image and calibration data */ 173#define IWM_OTP_LOW_IMAGE_SIZE_FAMILY_7000 (16 * 512 * sizeof(uint16_t)) /* 16 KB */ 174#define IWM_OTP_LOW_IMAGE_SIZE_FAMILY_8000 (32 * 512 * sizeof(uint16_t)) /* 32 KB */ 175 176#define IWM7260_FW "iwm7260fw" 177#define IWM3160_FW "iwm3160fw" 178#define IWM7265_FW "iwm7265fw" 179#define IWM7265D_FW "iwm7265Dfw" 180#define IWM8000_FW "iwm8000Cfw" 181 182#define IWM_DEVICE_7000_COMMON \ 183 .device_family = IWM_DEVICE_FAMILY_7000, \ 184 .eeprom_size = IWM_OTP_LOW_IMAGE_SIZE_FAMILY_7000, \ 185 .nvm_hw_section_num = IWM_NVM_HW_SECTION_NUM_FAMILY_7000 186 187const struct iwm_cfg iwm7260_cfg = { 188 .fw_name = IWM7260_FW, 189 IWM_DEVICE_7000_COMMON, 190 .host_interrupt_operation_mode = 1, 191}; 192 193const struct iwm_cfg iwm3160_cfg = { 194 .fw_name = IWM3160_FW, 195 IWM_DEVICE_7000_COMMON, 196 .host_interrupt_operation_mode = 1, 197}; 198 199const struct iwm_cfg iwm3165_cfg = { 200 /* XXX IWM7265D_FW doesn't seem to work properly yet */ 201 .fw_name = IWM7265_FW, 202 IWM_DEVICE_7000_COMMON, 203 .host_interrupt_operation_mode = 0, 204}; 205 206const struct iwm_cfg iwm7265_cfg = { 207 .fw_name = IWM7265_FW, 208 IWM_DEVICE_7000_COMMON, 209 .host_interrupt_operation_mode = 0, 210}; 211 212const struct iwm_cfg iwm7265d_cfg = { 213 /* XXX IWM7265D_FW doesn't seem to work properly yet */ 214 .fw_name = IWM7265_FW, 215 IWM_DEVICE_7000_COMMON, 216 .host_interrupt_operation_mode = 0, 217}; 218 219#define IWM_DEVICE_8000_COMMON \ 220 .device_family = IWM_DEVICE_FAMILY_8000, \ 221 .eeprom_size = IWM_OTP_LOW_IMAGE_SIZE_FAMILY_8000, \ 222 .nvm_hw_section_num = IWM_NVM_HW_SECTION_NUM_FAMILY_8000 223 224const struct iwm_cfg iwm8260_cfg = { 225 .fw_name = IWM8000_FW, 226 IWM_DEVICE_8000_COMMON, 227 .host_interrupt_operation_mode = 0, 228}; 229 230const uint8_t iwm_nvm_channels[] = { 231 /* 2.4 GHz */ 232 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 233 /* 5 GHz */ 234 36, 40, 44, 48, 52, 56, 60, 64, 235 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 236 149, 153, 157, 161, 165 237}; 238_Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS, 239 "IWM_NUM_CHANNELS is too small"); 240 241const uint8_t iwm_nvm_channels_8000[] = { 242 /* 2.4 GHz */ 243 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 244 /* 5 GHz */ 245 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 246 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 247 149, 153, 157, 161, 165, 169, 173, 177, 181 248}; 249_Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000, 250 "IWM_NUM_CHANNELS_8000 is too small"); 251 252#define IWM_NUM_2GHZ_CHANNELS 14 253#define IWM_N_HW_ADDR_MASK 0xF 254 255/* 256 * XXX For now, there's simply a fixed set of rate table entries 257 * that are populated. 258 */ 259const struct iwm_rate { 260 uint8_t rate; 261 uint8_t plcp; 262} iwm_rates[] = { 263 { 2, IWM_RATE_1M_PLCP }, 264 { 4, IWM_RATE_2M_PLCP }, 265 { 11, IWM_RATE_5M_PLCP }, 266 { 22, IWM_RATE_11M_PLCP }, 267 { 12, IWM_RATE_6M_PLCP }, 268 { 18, IWM_RATE_9M_PLCP }, 269 { 24, IWM_RATE_12M_PLCP }, 270 { 36, IWM_RATE_18M_PLCP }, 271 { 48, IWM_RATE_24M_PLCP }, 272 { 72, IWM_RATE_36M_PLCP }, 273 { 96, IWM_RATE_48M_PLCP }, 274 { 108, IWM_RATE_54M_PLCP }, 275}; 276#define IWM_RIDX_CCK 0 277#define IWM_RIDX_OFDM 4 278#define IWM_RIDX_MAX (nitems(iwm_rates)-1) 279#define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM) 280#define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM) 281 282struct iwm_nvm_section { 283 uint16_t length; 284 uint8_t *data; 285}; 286 287#define IWM_MVM_UCODE_CALIB_TIMEOUT (2*hz) 288 289static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t); 290static int iwm_firmware_store_section(struct iwm_softc *, 291 enum iwm_ucode_type, 292 const uint8_t *, size_t); 293static int iwm_set_default_calib(struct iwm_softc *, const void *); 294static void iwm_fw_info_free(struct iwm_fw_info *); 295static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type); 296static void iwm_dma_map_addr(void *, bus_dma_segment_t *, int, int); 297static int iwm_dma_contig_alloc(bus_dma_tag_t, struct iwm_dma_info *, 298 bus_size_t, bus_size_t); 299static void iwm_dma_contig_free(struct iwm_dma_info *); 300static int iwm_alloc_fwmem(struct iwm_softc *); 301static int iwm_alloc_sched(struct iwm_softc *); 302static int iwm_alloc_kw(struct iwm_softc *); 303static int iwm_alloc_ict(struct iwm_softc *); 304static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 305static void iwm_disable_rx_dma(struct iwm_softc *); 306static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 307static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 308static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *, 309 int); 310static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 311static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 312static void iwm_enable_interrupts(struct iwm_softc *); 313static void iwm_restore_interrupts(struct iwm_softc *); 314static void iwm_disable_interrupts(struct iwm_softc *); 315static void iwm_ict_reset(struct iwm_softc *); 316static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *); 317static void iwm_stop_device(struct iwm_softc *); 318static void iwm_mvm_nic_config(struct iwm_softc *); 319static int iwm_nic_rx_init(struct iwm_softc *); 320static int iwm_nic_tx_init(struct iwm_softc *); 321static int iwm_nic_init(struct iwm_softc *); 322static int iwm_enable_txq(struct iwm_softc *, int, int, int); 323static int iwm_post_alive(struct iwm_softc *); 324static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t, 325 uint16_t, uint8_t *, uint16_t *); 326static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *, 327 uint16_t *, uint32_t); 328static uint32_t iwm_eeprom_channel_flags(uint16_t); 329static void iwm_add_channel_band(struct iwm_softc *, 330 struct ieee80211_channel[], int, int *, int, size_t, 331 const uint8_t[]); 332static void iwm_init_channel_map(struct ieee80211com *, int, int *, 333 struct ieee80211_channel[]); 334static struct iwm_nvm_data * 335 iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *, 336 const uint16_t *, const uint16_t *, 337 const uint16_t *, const uint16_t *, 338 const uint16_t *); 339static void iwm_free_nvm_data(struct iwm_nvm_data *); 340static void iwm_set_hw_address_family_8000(struct iwm_softc *, 341 struct iwm_nvm_data *, 342 const uint16_t *, 343 const uint16_t *); 344static int iwm_get_sku(const struct iwm_softc *, const uint16_t *, 345 const uint16_t *); 346static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *); 347static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *, 348 const uint16_t *); 349static int iwm_get_n_hw_addrs(const struct iwm_softc *, 350 const uint16_t *); 351static void iwm_set_radio_cfg(const struct iwm_softc *, 352 struct iwm_nvm_data *, uint32_t); 353static struct iwm_nvm_data * 354 iwm_parse_nvm_sections(struct iwm_softc *, struct iwm_nvm_section *); 355static int iwm_nvm_init(struct iwm_softc *); 356static int iwm_firmware_load_sect(struct iwm_softc *, uint32_t, 357 const uint8_t *, uint32_t); 358static int iwm_firmware_load_chunk(struct iwm_softc *, uint32_t, 359 const uint8_t *, uint32_t); 360static int iwm_load_firmware_7000(struct iwm_softc *, enum iwm_ucode_type); 361static int iwm_load_cpu_sections_8000(struct iwm_softc *, 362 struct iwm_fw_sects *, int , int *); 363static int iwm_load_firmware_8000(struct iwm_softc *, enum iwm_ucode_type); 364static int iwm_load_firmware(struct iwm_softc *, enum iwm_ucode_type); 365static int iwm_start_fw(struct iwm_softc *, enum iwm_ucode_type); 366static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t); 367static int iwm_send_phy_cfg_cmd(struct iwm_softc *); 368static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *, 369 enum iwm_ucode_type); 370static int iwm_run_init_mvm_ucode(struct iwm_softc *, int); 371static int iwm_rx_addbuf(struct iwm_softc *, int, int); 372static int iwm_mvm_calc_rssi(struct iwm_softc *, struct iwm_rx_phy_info *); 373static int iwm_mvm_get_signal_strength(struct iwm_softc *, 374 struct iwm_rx_phy_info *); 375static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *, 376 struct iwm_rx_packet *, 377 struct iwm_rx_data *); 378static int iwm_get_noise(struct iwm_softc *sc, 379 const struct iwm_mvm_statistics_rx_non_phy *); 380static void iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct iwm_rx_packet *, 381 struct iwm_rx_data *); 382static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *, 383 struct iwm_rx_packet *, 384 struct iwm_node *); 385static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *, 386 struct iwm_rx_data *); 387static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *); 388#if 0 389static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t, 390 uint16_t); 391#endif 392static const struct iwm_rate * 393 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *, 394 struct mbuf *, struct iwm_tx_cmd *); 395static int iwm_tx(struct iwm_softc *, struct mbuf *, 396 struct ieee80211_node *, int); 397static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *, 398 const struct ieee80211_bpf_params *); 399static int iwm_mvm_flush_tx_path(struct iwm_softc *sc, 400 uint32_t tfd_msk, uint32_t flags); 401static int iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *, 402 struct iwm_mvm_add_sta_cmd_v7 *, 403 int *); 404static int iwm_mvm_sta_send_to_fw(struct iwm_softc *, struct iwm_node *, 405 int); 406static int iwm_mvm_add_sta(struct iwm_softc *, struct iwm_node *); 407static int iwm_mvm_update_sta(struct iwm_softc *, struct iwm_node *); 408static int iwm_mvm_add_int_sta_common(struct iwm_softc *, 409 struct iwm_int_sta *, 410 const uint8_t *, uint16_t, uint16_t); 411static int iwm_mvm_add_aux_sta(struct iwm_softc *); 412static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_node *); 413static int iwm_auth(struct ieee80211vap *, struct iwm_softc *); 414static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *); 415static int iwm_release(struct iwm_softc *, struct iwm_node *); 416static struct ieee80211_node * 417 iwm_node_alloc(struct ieee80211vap *, 418 const uint8_t[IEEE80211_ADDR_LEN]); 419static void iwm_setrates(struct iwm_softc *, struct iwm_node *); 420static int iwm_media_change(struct ifnet *); 421static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int); 422static void iwm_endscan_cb(void *, int); 423static void iwm_mvm_fill_sf_command(struct iwm_softc *, 424 struct iwm_sf_cfg_cmd *, 425 struct ieee80211_node *); 426static int iwm_mvm_sf_config(struct iwm_softc *, enum iwm_sf_state); 427static int iwm_send_bt_init_conf(struct iwm_softc *); 428static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *); 429static void iwm_mvm_tt_tx_backoff(struct iwm_softc *, uint32_t); 430static int iwm_init_hw(struct iwm_softc *); 431static void iwm_init(struct iwm_softc *); 432static void iwm_start(struct iwm_softc *); 433static void iwm_stop(struct iwm_softc *); 434static void iwm_watchdog(void *); 435static void iwm_parent(struct ieee80211com *); 436#ifdef IWM_DEBUG 437static const char * 438 iwm_desc_lookup(uint32_t); 439static void iwm_nic_error(struct iwm_softc *); 440static void iwm_nic_umac_error(struct iwm_softc *); 441#endif 442static void iwm_notif_intr(struct iwm_softc *); 443static void iwm_intr(void *); 444static int iwm_attach(device_t); 445static int iwm_is_valid_ether_addr(uint8_t *); 446static void iwm_preinit(void *); 447static int iwm_detach_local(struct iwm_softc *sc, int); 448static void iwm_init_task(void *); 449static void iwm_radiotap_attach(struct iwm_softc *); 450static struct ieee80211vap * 451 iwm_vap_create(struct ieee80211com *, 452 const char [IFNAMSIZ], int, 453 enum ieee80211_opmode, int, 454 const uint8_t [IEEE80211_ADDR_LEN], 455 const uint8_t [IEEE80211_ADDR_LEN]); 456static void iwm_vap_delete(struct ieee80211vap *); 457static void iwm_scan_start(struct ieee80211com *); 458static void iwm_scan_end(struct ieee80211com *); 459static void iwm_update_mcast(struct ieee80211com *); 460static void iwm_set_channel(struct ieee80211com *); 461static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long); 462static void iwm_scan_mindwell(struct ieee80211_scan_state *); 463static int iwm_detach(device_t); 464 465/* 466 * Firmware parser. 467 */ 468 469static int 470iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen) 471{ 472 const struct iwm_fw_cscheme_list *l = (const void *)data; 473 474 if (dlen < sizeof(*l) || 475 dlen < sizeof(l->size) + l->size * sizeof(*l->cs)) 476 return EINVAL; 477 478 /* we don't actually store anything for now, always use s/w crypto */ 479 480 return 0; 481} 482 483static int 484iwm_firmware_store_section(struct iwm_softc *sc, 485 enum iwm_ucode_type type, const uint8_t *data, size_t dlen) 486{ 487 struct iwm_fw_sects *fws; 488 struct iwm_fw_onesect *fwone; 489 490 if (type >= IWM_UCODE_TYPE_MAX) 491 return EINVAL; 492 if (dlen < sizeof(uint32_t)) 493 return EINVAL; 494 495 fws = &sc->sc_fw.fw_sects[type]; 496 if (fws->fw_count >= IWM_UCODE_SECTION_MAX) 497 return EINVAL; 498 499 fwone = &fws->fw_sect[fws->fw_count]; 500 501 /* first 32bit are device load offset */ 502 memcpy(&fwone->fws_devoff, data, sizeof(uint32_t)); 503 504 /* rest is data */ 505 fwone->fws_data = data + sizeof(uint32_t); 506 fwone->fws_len = dlen - sizeof(uint32_t); 507 508 fws->fw_count++; 509 510 return 0; 511} 512 513#define IWM_DEFAULT_SCAN_CHANNELS 40 514 515/* iwlwifi: iwl-drv.c */ 516struct iwm_tlv_calib_data { 517 uint32_t ucode_type; 518 struct iwm_tlv_calib_ctrl calib; 519} __packed; 520 521static int 522iwm_set_default_calib(struct iwm_softc *sc, const void *data) 523{ 524 const struct iwm_tlv_calib_data *def_calib = data; 525 uint32_t ucode_type = le32toh(def_calib->ucode_type); 526 527 if (ucode_type >= IWM_UCODE_TYPE_MAX) { 528 device_printf(sc->sc_dev, 529 "Wrong ucode_type %u for default " 530 "calibration.\n", ucode_type); 531 return EINVAL; 532 } 533 534 sc->sc_default_calib[ucode_type].flow_trigger = 535 def_calib->calib.flow_trigger; 536 sc->sc_default_calib[ucode_type].event_trigger = 537 def_calib->calib.event_trigger; 538 539 return 0; 540} 541 542static void 543iwm_fw_info_free(struct iwm_fw_info *fw) 544{ 545 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD); 546 fw->fw_fp = NULL; 547 /* don't touch fw->fw_status */ 548 memset(fw->fw_sects, 0, sizeof(fw->fw_sects)); 549} 550 551static int 552iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 553{ 554 struct iwm_fw_info *fw = &sc->sc_fw; 555 const struct iwm_tlv_ucode_header *uhdr; 556 struct iwm_ucode_tlv tlv; 557 enum iwm_ucode_tlv_type tlv_type; 558 const struct firmware *fwp; 559 const uint8_t *data; 560 uint32_t usniffer_img; 561 uint32_t paging_mem_size; 562 int error = 0; 563 size_t len; 564 565 if (fw->fw_status == IWM_FW_STATUS_DONE && 566 ucode_type != IWM_UCODE_INIT) 567 return 0; 568 569 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS) 570 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0); 571 fw->fw_status = IWM_FW_STATUS_INPROGRESS; 572 573 if (fw->fw_fp != NULL) 574 iwm_fw_info_free(fw); 575 576 /* 577 * Load firmware into driver memory. 578 * fw_fp will be set. 579 */ 580 IWM_UNLOCK(sc); 581 fwp = firmware_get(sc->cfg->fw_name); 582 IWM_LOCK(sc); 583 if (fwp == NULL) { 584 device_printf(sc->sc_dev, 585 "could not read firmware %s (error %d)\n", 586 sc->cfg->fw_name, error); 587 goto out; 588 } 589 fw->fw_fp = fwp; 590 591 /* (Re-)Initialize default values. */ 592 sc->sc_capaflags = 0; 593 sc->sc_capa_n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS; 594 memset(sc->sc_enabled_capa, 0, sizeof(sc->sc_enabled_capa)); 595 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc)); 596 597 /* 598 * Parse firmware contents 599 */ 600 601 uhdr = (const void *)fw->fw_fp->data; 602 if (*(const uint32_t *)fw->fw_fp->data != 0 603 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) { 604 device_printf(sc->sc_dev, "invalid firmware %s\n", 605 sc->cfg->fw_name); 606 error = EINVAL; 607 goto out; 608 } 609 610 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%d.%d (API ver %d)", 611 IWM_UCODE_MAJOR(le32toh(uhdr->ver)), 612 IWM_UCODE_MINOR(le32toh(uhdr->ver)), 613 IWM_UCODE_API(le32toh(uhdr->ver))); 614 data = uhdr->data; 615 len = fw->fw_fp->datasize - sizeof(*uhdr); 616 617 while (len >= sizeof(tlv)) { 618 size_t tlv_len; 619 const void *tlv_data; 620 621 memcpy(&tlv, data, sizeof(tlv)); 622 tlv_len = le32toh(tlv.length); 623 tlv_type = le32toh(tlv.type); 624 625 len -= sizeof(tlv); 626 data += sizeof(tlv); 627 tlv_data = data; 628 629 if (len < tlv_len) { 630 device_printf(sc->sc_dev, 631 "firmware too short: %zu bytes\n", 632 len); 633 error = EINVAL; 634 goto parse_out; 635 } 636 637 switch ((int)tlv_type) { 638 case IWM_UCODE_TLV_PROBE_MAX_LEN: 639 if (tlv_len < sizeof(uint32_t)) { 640 device_printf(sc->sc_dev, 641 "%s: PROBE_MAX_LEN (%d) < sizeof(uint32_t)\n", 642 __func__, 643 (int) tlv_len); 644 error = EINVAL; 645 goto parse_out; 646 } 647 sc->sc_capa_max_probe_len 648 = le32toh(*(const uint32_t *)tlv_data); 649 /* limit it to something sensible */ 650 if (sc->sc_capa_max_probe_len > 651 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) { 652 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 653 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN " 654 "ridiculous\n", __func__); 655 error = EINVAL; 656 goto parse_out; 657 } 658 break; 659 case IWM_UCODE_TLV_PAN: 660 if (tlv_len) { 661 device_printf(sc->sc_dev, 662 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n", 663 __func__, 664 (int) tlv_len); 665 error = EINVAL; 666 goto parse_out; 667 } 668 sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN; 669 break; 670 case IWM_UCODE_TLV_FLAGS: 671 if (tlv_len < sizeof(uint32_t)) { 672 device_printf(sc->sc_dev, 673 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n", 674 __func__, 675 (int) tlv_len); 676 error = EINVAL; 677 goto parse_out; 678 } 679 /* 680 * Apparently there can be many flags, but Linux driver 681 * parses only the first one, and so do we. 682 * 683 * XXX: why does this override IWM_UCODE_TLV_PAN? 684 * Intentional or a bug? Observations from 685 * current firmware file: 686 * 1) TLV_PAN is parsed first 687 * 2) TLV_FLAGS contains TLV_FLAGS_PAN 688 * ==> this resets TLV_PAN to itself... hnnnk 689 */ 690 sc->sc_capaflags = le32toh(*(const uint32_t *)tlv_data); 691 break; 692 case IWM_UCODE_TLV_CSCHEME: 693 if ((error = iwm_store_cscheme(sc, 694 tlv_data, tlv_len)) != 0) { 695 device_printf(sc->sc_dev, 696 "%s: iwm_store_cscheme(): returned %d\n", 697 __func__, 698 error); 699 goto parse_out; 700 } 701 break; 702 case IWM_UCODE_TLV_NUM_OF_CPU: { 703 uint32_t num_cpu; 704 if (tlv_len != sizeof(uint32_t)) { 705 device_printf(sc->sc_dev, 706 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) < sizeof(uint32_t)\n", 707 __func__, 708 (int) tlv_len); 709 error = EINVAL; 710 goto parse_out; 711 } 712 num_cpu = le32toh(*(const uint32_t *)tlv_data); 713 if (num_cpu < 1 || num_cpu > 2) { 714 device_printf(sc->sc_dev, 715 "%s: Driver supports only 1 or 2 CPUs\n", 716 __func__); 717 error = EINVAL; 718 goto parse_out; 719 } 720 break; 721 } 722 case IWM_UCODE_TLV_SEC_RT: 723 if ((error = iwm_firmware_store_section(sc, 724 IWM_UCODE_REGULAR, tlv_data, tlv_len)) != 0) { 725 device_printf(sc->sc_dev, 726 "%s: IWM_UCODE_REGULAR: iwm_firmware_store_section() failed; %d\n", 727 __func__, 728 error); 729 goto parse_out; 730 } 731 break; 732 case IWM_UCODE_TLV_SEC_INIT: 733 if ((error = iwm_firmware_store_section(sc, 734 IWM_UCODE_INIT, tlv_data, tlv_len)) != 0) { 735 device_printf(sc->sc_dev, 736 "%s: IWM_UCODE_INIT: iwm_firmware_store_section() failed; %d\n", 737 __func__, 738 error); 739 goto parse_out; 740 } 741 break; 742 case IWM_UCODE_TLV_SEC_WOWLAN: 743 if ((error = iwm_firmware_store_section(sc, 744 IWM_UCODE_WOWLAN, tlv_data, tlv_len)) != 0) { 745 device_printf(sc->sc_dev, 746 "%s: IWM_UCODE_WOWLAN: iwm_firmware_store_section() failed; %d\n", 747 __func__, 748 error); 749 goto parse_out; 750 } 751 break; 752 case IWM_UCODE_TLV_DEF_CALIB: 753 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) { 754 device_printf(sc->sc_dev, 755 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n", 756 __func__, 757 (int) tlv_len, 758 (int) sizeof(struct iwm_tlv_calib_data)); 759 error = EINVAL; 760 goto parse_out; 761 } 762 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) { 763 device_printf(sc->sc_dev, 764 "%s: iwm_set_default_calib() failed: %d\n", 765 __func__, 766 error); 767 goto parse_out; 768 } 769 break; 770 case IWM_UCODE_TLV_PHY_SKU: 771 if (tlv_len != sizeof(uint32_t)) { 772 error = EINVAL; 773 device_printf(sc->sc_dev, 774 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n", 775 __func__, 776 (int) tlv_len); 777 goto parse_out; 778 } 779 sc->sc_fw.phy_config = 780 le32toh(*(const uint32_t *)tlv_data); 781 sc->sc_fw.valid_tx_ant = (sc->sc_fw.phy_config & 782 IWM_FW_PHY_CFG_TX_CHAIN) >> 783 IWM_FW_PHY_CFG_TX_CHAIN_POS; 784 sc->sc_fw.valid_rx_ant = (sc->sc_fw.phy_config & 785 IWM_FW_PHY_CFG_RX_CHAIN) >> 786 IWM_FW_PHY_CFG_RX_CHAIN_POS; 787 break; 788 789 case IWM_UCODE_TLV_API_CHANGES_SET: { 790 const struct iwm_ucode_api *api; 791 if (tlv_len != sizeof(*api)) { 792 error = EINVAL; 793 goto parse_out; 794 } 795 api = (const struct iwm_ucode_api *)tlv_data; 796 /* Flags may exceed 32 bits in future firmware. */ 797 if (le32toh(api->api_index) > 0) { 798 device_printf(sc->sc_dev, 799 "unsupported API index %d\n", 800 le32toh(api->api_index)); 801 goto parse_out; 802 } 803 sc->sc_ucode_api = le32toh(api->api_flags); 804 break; 805 } 806 807 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: { 808 const struct iwm_ucode_capa *capa; 809 int idx, i; 810 if (tlv_len != sizeof(*capa)) { 811 error = EINVAL; 812 goto parse_out; 813 } 814 capa = (const struct iwm_ucode_capa *)tlv_data; 815 idx = le32toh(capa->api_index); 816 if (idx >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) { 817 device_printf(sc->sc_dev, 818 "unsupported API index %d\n", idx); 819 goto parse_out; 820 } 821 for (i = 0; i < 32; i++) { 822 if ((le32toh(capa->api_capa) & (1U << i)) == 0) 823 continue; 824 setbit(sc->sc_enabled_capa, i + (32 * idx)); 825 } 826 break; 827 } 828 829 case 48: /* undocumented TLV */ 830 case IWM_UCODE_TLV_SDIO_ADMA_ADDR: 831 case IWM_UCODE_TLV_FW_GSCAN_CAPA: 832 /* ignore, not used by current driver */ 833 break; 834 835 case IWM_UCODE_TLV_SEC_RT_USNIFFER: 836 if ((error = iwm_firmware_store_section(sc, 837 IWM_UCODE_REGULAR_USNIFFER, tlv_data, 838 tlv_len)) != 0) 839 goto parse_out; 840 break; 841 842 case IWM_UCODE_TLV_PAGING: 843 if (tlv_len != sizeof(uint32_t)) { 844 error = EINVAL; 845 goto parse_out; 846 } 847 paging_mem_size = le32toh(*(const uint32_t *)tlv_data); 848 849 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 850 "%s: Paging: paging enabled (size = %u bytes)\n", 851 __func__, paging_mem_size); 852 if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) { 853 device_printf(sc->sc_dev, 854 "%s: Paging: driver supports up to %u bytes for paging image\n", 855 __func__, IWM_MAX_PAGING_IMAGE_SIZE); 856 error = EINVAL; 857 goto out; 858 } 859 if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) { 860 device_printf(sc->sc_dev, 861 "%s: Paging: image isn't multiple %u\n", 862 __func__, IWM_FW_PAGING_SIZE); 863 error = EINVAL; 864 goto out; 865 } 866 867 sc->sc_fw.fw_sects[IWM_UCODE_REGULAR].paging_mem_size = 868 paging_mem_size; 869 usniffer_img = IWM_UCODE_REGULAR_USNIFFER; 870 sc->sc_fw.fw_sects[usniffer_img].paging_mem_size = 871 paging_mem_size; 872 break; 873 874 case IWM_UCODE_TLV_N_SCAN_CHANNELS: 875 if (tlv_len != sizeof(uint32_t)) { 876 error = EINVAL; 877 goto parse_out; 878 } 879 sc->sc_capa_n_scan_channels = 880 le32toh(*(const uint32_t *)tlv_data); 881 break; 882 883 case IWM_UCODE_TLV_FW_VERSION: 884 if (tlv_len != sizeof(uint32_t) * 3) { 885 error = EINVAL; 886 goto parse_out; 887 } 888 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), 889 "%d.%d.%d", 890 le32toh(((const uint32_t *)tlv_data)[0]), 891 le32toh(((const uint32_t *)tlv_data)[1]), 892 le32toh(((const uint32_t *)tlv_data)[2])); 893 break; 894 895 default: 896 device_printf(sc->sc_dev, 897 "%s: unknown firmware section %d, abort\n", 898 __func__, tlv_type); 899 error = EINVAL; 900 goto parse_out; 901 } 902 903 len -= roundup(tlv_len, 4); 904 data += roundup(tlv_len, 4); 905 } 906 907 KASSERT(error == 0, ("unhandled error")); 908 909 parse_out: 910 if (error) { 911 device_printf(sc->sc_dev, "firmware parse error %d, " 912 "section type %d\n", error, tlv_type); 913 } 914 915 if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_PM_CMD_SUPPORT)) { 916 device_printf(sc->sc_dev, 917 "device uses unsupported power ops\n"); 918 error = ENOTSUP; 919 } 920 921 out: 922 if (error) { 923 fw->fw_status = IWM_FW_STATUS_NONE; 924 if (fw->fw_fp != NULL) 925 iwm_fw_info_free(fw); 926 } else 927 fw->fw_status = IWM_FW_STATUS_DONE; 928 wakeup(&sc->sc_fw); 929 930 return error; 931} 932 933/* 934 * DMA resource routines 935 */ 936 937static void 938iwm_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 939{ 940 if (error != 0) 941 return; 942 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 943 *(bus_addr_t *)arg = segs[0].ds_addr; 944} 945 946static int 947iwm_dma_contig_alloc(bus_dma_tag_t tag, struct iwm_dma_info *dma, 948 bus_size_t size, bus_size_t alignment) 949{ 950 int error; 951 952 dma->tag = NULL; 953 dma->map = NULL; 954 dma->size = size; 955 dma->vaddr = NULL; 956 957 error = bus_dma_tag_create(tag, alignment, 958 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 959 1, size, 0, NULL, NULL, &dma->tag); 960 if (error != 0) 961 goto fail; 962 963 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 964 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 965 if (error != 0) 966 goto fail; 967 968 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 969 iwm_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 970 if (error != 0) { 971 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 972 dma->vaddr = NULL; 973 goto fail; 974 } 975 976 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 977 978 return 0; 979 980fail: 981 iwm_dma_contig_free(dma); 982 983 return error; 984} 985 986static void 987iwm_dma_contig_free(struct iwm_dma_info *dma) 988{ 989 if (dma->vaddr != NULL) { 990 bus_dmamap_sync(dma->tag, dma->map, 991 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 992 bus_dmamap_unload(dma->tag, dma->map); 993 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 994 dma->vaddr = NULL; 995 } 996 if (dma->tag != NULL) { 997 bus_dma_tag_destroy(dma->tag); 998 dma->tag = NULL; 999 } 1000} 1001 1002/* fwmem is used to load firmware onto the card */ 1003static int 1004iwm_alloc_fwmem(struct iwm_softc *sc) 1005{ 1006 /* Must be aligned on a 16-byte boundary. */ 1007 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, 1008 sc->sc_fwdmasegsz, 16); 1009} 1010 1011/* tx scheduler rings. not used? */ 1012static int 1013iwm_alloc_sched(struct iwm_softc *sc) 1014{ 1015 /* TX scheduler rings must be aligned on a 1KB boundary. */ 1016 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma, 1017 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024); 1018} 1019 1020/* keep-warm page is used internally by the card. see iwl-fh.h for more info */ 1021static int 1022iwm_alloc_kw(struct iwm_softc *sc) 1023{ 1024 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096); 1025} 1026 1027/* interrupt cause table */ 1028static int 1029iwm_alloc_ict(struct iwm_softc *sc) 1030{ 1031 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, 1032 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT); 1033} 1034 1035static int 1036iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1037{ 1038 bus_size_t size; 1039 int i, error; 1040 1041 ring->cur = 0; 1042 1043 /* Allocate RX descriptors (256-byte aligned). */ 1044 size = IWM_RX_RING_COUNT * sizeof(uint32_t); 1045 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 1046 if (error != 0) { 1047 device_printf(sc->sc_dev, 1048 "could not allocate RX ring DMA memory\n"); 1049 goto fail; 1050 } 1051 ring->desc = ring->desc_dma.vaddr; 1052 1053 /* Allocate RX status area (16-byte aligned). */ 1054 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma, 1055 sizeof(*ring->stat), 16); 1056 if (error != 0) { 1057 device_printf(sc->sc_dev, 1058 "could not allocate RX status DMA memory\n"); 1059 goto fail; 1060 } 1061 ring->stat = ring->stat_dma.vaddr; 1062 1063 /* Create RX buffer DMA tag. */ 1064 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 1065 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 1066 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat); 1067 if (error != 0) { 1068 device_printf(sc->sc_dev, 1069 "%s: could not create RX buf DMA tag, error %d\n", 1070 __func__, error); 1071 goto fail; 1072 } 1073 1074 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */ 1075 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map); 1076 if (error != 0) { 1077 device_printf(sc->sc_dev, 1078 "%s: could not create RX buf DMA map, error %d\n", 1079 __func__, error); 1080 goto fail; 1081 } 1082 /* 1083 * Allocate and map RX buffers. 1084 */ 1085 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 1086 struct iwm_rx_data *data = &ring->data[i]; 1087 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1088 if (error != 0) { 1089 device_printf(sc->sc_dev, 1090 "%s: could not create RX buf DMA map, error %d\n", 1091 __func__, error); 1092 goto fail; 1093 } 1094 data->m = NULL; 1095 1096 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) { 1097 goto fail; 1098 } 1099 } 1100 return 0; 1101 1102fail: iwm_free_rx_ring(sc, ring); 1103 return error; 1104} 1105 1106static void 1107iwm_disable_rx_dma(struct iwm_softc *sc) 1108{ 1109 /* XXX conditional nic locks are stupid */ 1110 /* XXX print out if we can't lock the NIC? */ 1111 if (iwm_nic_lock(sc)) { 1112 /* XXX handle if RX stop doesn't finish? */ 1113 (void) iwm_pcie_rx_stop(sc); 1114 iwm_nic_unlock(sc); 1115 } 1116} 1117 1118static void 1119iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1120{ 1121 /* Reset the ring state */ 1122 ring->cur = 0; 1123 1124 /* 1125 * The hw rx ring index in shared memory must also be cleared, 1126 * otherwise the discrepancy can cause reprocessing chaos. 1127 */ 1128 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1129} 1130 1131static void 1132iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1133{ 1134 int i; 1135 1136 iwm_dma_contig_free(&ring->desc_dma); 1137 iwm_dma_contig_free(&ring->stat_dma); 1138 1139 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 1140 struct iwm_rx_data *data = &ring->data[i]; 1141 1142 if (data->m != NULL) { 1143 bus_dmamap_sync(ring->data_dmat, data->map, 1144 BUS_DMASYNC_POSTREAD); 1145 bus_dmamap_unload(ring->data_dmat, data->map); 1146 m_freem(data->m); 1147 data->m = NULL; 1148 } 1149 if (data->map != NULL) { 1150 bus_dmamap_destroy(ring->data_dmat, data->map); 1151 data->map = NULL; 1152 } 1153 } 1154 if (ring->spare_map != NULL) { 1155 bus_dmamap_destroy(ring->data_dmat, ring->spare_map); 1156 ring->spare_map = NULL; 1157 } 1158 if (ring->data_dmat != NULL) { 1159 bus_dma_tag_destroy(ring->data_dmat); 1160 ring->data_dmat = NULL; 1161 } 1162} 1163 1164static int 1165iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid) 1166{ 1167 bus_addr_t paddr; 1168 bus_size_t size; 1169 size_t maxsize; 1170 int nsegments; 1171 int i, error; 1172 1173 ring->qid = qid; 1174 ring->queued = 0; 1175 ring->cur = 0; 1176 1177 /* Allocate TX descriptors (256-byte aligned). */ 1178 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd); 1179 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 1180 if (error != 0) { 1181 device_printf(sc->sc_dev, 1182 "could not allocate TX ring DMA memory\n"); 1183 goto fail; 1184 } 1185 ring->desc = ring->desc_dma.vaddr; 1186 1187 /* 1188 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need 1189 * to allocate commands space for other rings. 1190 */ 1191 if (qid > IWM_MVM_CMD_QUEUE) 1192 return 0; 1193 1194 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd); 1195 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4); 1196 if (error != 0) { 1197 device_printf(sc->sc_dev, 1198 "could not allocate TX cmd DMA memory\n"); 1199 goto fail; 1200 } 1201 ring->cmd = ring->cmd_dma.vaddr; 1202 1203 /* FW commands may require more mapped space than packets. */ 1204 if (qid == IWM_MVM_CMD_QUEUE) { 1205 maxsize = IWM_RBUF_SIZE; 1206 nsegments = 1; 1207 } else { 1208 maxsize = MCLBYTES; 1209 nsegments = IWM_MAX_SCATTER - 2; 1210 } 1211 1212 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 1213 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize, 1214 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat); 1215 if (error != 0) { 1216 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n"); 1217 goto fail; 1218 } 1219 1220 paddr = ring->cmd_dma.paddr; 1221 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1222 struct iwm_tx_data *data = &ring->data[i]; 1223 1224 data->cmd_paddr = paddr; 1225 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header) 1226 + offsetof(struct iwm_tx_cmd, scratch); 1227 paddr += sizeof(struct iwm_device_cmd); 1228 1229 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1230 if (error != 0) { 1231 device_printf(sc->sc_dev, 1232 "could not create TX buf DMA map\n"); 1233 goto fail; 1234 } 1235 } 1236 KASSERT(paddr == ring->cmd_dma.paddr + size, 1237 ("invalid physical address")); 1238 return 0; 1239 1240fail: iwm_free_tx_ring(sc, ring); 1241 return error; 1242} 1243 1244static void 1245iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1246{ 1247 int i; 1248 1249 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1250 struct iwm_tx_data *data = &ring->data[i]; 1251 1252 if (data->m != NULL) { 1253 bus_dmamap_sync(ring->data_dmat, data->map, 1254 BUS_DMASYNC_POSTWRITE); 1255 bus_dmamap_unload(ring->data_dmat, data->map); 1256 m_freem(data->m); 1257 data->m = NULL; 1258 } 1259 } 1260 /* Clear TX descriptors. */ 1261 memset(ring->desc, 0, ring->desc_dma.size); 1262 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1263 BUS_DMASYNC_PREWRITE); 1264 sc->qfullmsk &= ~(1 << ring->qid); 1265 ring->queued = 0; 1266 ring->cur = 0; 1267} 1268 1269static void 1270iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1271{ 1272 int i; 1273 1274 iwm_dma_contig_free(&ring->desc_dma); 1275 iwm_dma_contig_free(&ring->cmd_dma); 1276 1277 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1278 struct iwm_tx_data *data = &ring->data[i]; 1279 1280 if (data->m != NULL) { 1281 bus_dmamap_sync(ring->data_dmat, data->map, 1282 BUS_DMASYNC_POSTWRITE); 1283 bus_dmamap_unload(ring->data_dmat, data->map); 1284 m_freem(data->m); 1285 data->m = NULL; 1286 } 1287 if (data->map != NULL) { 1288 bus_dmamap_destroy(ring->data_dmat, data->map); 1289 data->map = NULL; 1290 } 1291 } 1292 if (ring->data_dmat != NULL) { 1293 bus_dma_tag_destroy(ring->data_dmat); 1294 ring->data_dmat = NULL; 1295 } 1296} 1297 1298/* 1299 * High-level hardware frobbing routines 1300 */ 1301 1302static void 1303iwm_enable_interrupts(struct iwm_softc *sc) 1304{ 1305 sc->sc_intmask = IWM_CSR_INI_SET_MASK; 1306 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1307} 1308 1309static void 1310iwm_restore_interrupts(struct iwm_softc *sc) 1311{ 1312 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1313} 1314 1315static void 1316iwm_disable_interrupts(struct iwm_softc *sc) 1317{ 1318 /* disable interrupts */ 1319 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 1320 1321 /* acknowledge all interrupts */ 1322 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1323 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0); 1324} 1325 1326static void 1327iwm_ict_reset(struct iwm_softc *sc) 1328{ 1329 iwm_disable_interrupts(sc); 1330 1331 /* Reset ICT table. */ 1332 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE); 1333 sc->ict_cur = 0; 1334 1335 /* Set physical address of ICT table (4KB aligned). */ 1336 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG, 1337 IWM_CSR_DRAM_INT_TBL_ENABLE 1338 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER 1339 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK 1340 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT); 1341 1342 /* Switch to ICT interrupt mode in driver. */ 1343 sc->sc_flags |= IWM_FLAG_USE_ICT; 1344 1345 /* Re-enable interrupts. */ 1346 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1347 iwm_enable_interrupts(sc); 1348} 1349 1350/* iwlwifi pcie/trans.c */ 1351 1352/* 1353 * Since this .. hard-resets things, it's time to actually 1354 * mark the first vap (if any) as having no mac context. 1355 * It's annoying, but since the driver is potentially being 1356 * stop/start'ed whilst active (thanks openbsd port!) we 1357 * have to correctly track this. 1358 */ 1359static void 1360iwm_stop_device(struct iwm_softc *sc) 1361{ 1362 struct ieee80211com *ic = &sc->sc_ic; 1363 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1364 int chnl, qid; 1365 uint32_t mask = 0; 1366 1367 /* tell the device to stop sending interrupts */ 1368 iwm_disable_interrupts(sc); 1369 1370 /* 1371 * FreeBSD-local: mark the first vap as not-uploaded, 1372 * so the next transition through auth/assoc 1373 * will correctly populate the MAC context. 1374 */ 1375 if (vap) { 1376 struct iwm_vap *iv = IWM_VAP(vap); 1377 iv->is_uploaded = 0; 1378 } 1379 1380 /* device going down, Stop using ICT table */ 1381 sc->sc_flags &= ~IWM_FLAG_USE_ICT; 1382 1383 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */ 1384 1385 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1386 1387 if (iwm_nic_lock(sc)) { 1388 /* Stop each Tx DMA channel */ 1389 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1390 IWM_WRITE(sc, 1391 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0); 1392 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl); 1393 } 1394 1395 /* Wait for DMA channels to be idle */ 1396 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask, 1397 5000)) { 1398 device_printf(sc->sc_dev, 1399 "Failing on timeout while stopping DMA channel: [0x%08x]\n", 1400 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG)); 1401 } 1402 iwm_nic_unlock(sc); 1403 } 1404 iwm_disable_rx_dma(sc); 1405 1406 /* Stop RX ring. */ 1407 iwm_reset_rx_ring(sc, &sc->rxq); 1408 1409 /* Reset all TX rings. */ 1410 for (qid = 0; qid < nitems(sc->txq); qid++) 1411 iwm_reset_tx_ring(sc, &sc->txq[qid]); 1412 1413 /* 1414 * Power-down device's busmaster DMA clocks 1415 */ 1416 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, IWM_APMG_CLK_VAL_DMA_CLK_RQT); 1417 DELAY(5); 1418 1419 /* Make sure (redundant) we've released our request to stay awake */ 1420 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 1421 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1422 1423 /* Stop the device, and put it in low power state */ 1424 iwm_apm_stop(sc); 1425 1426 /* Upon stop, the APM issues an interrupt if HW RF kill is set. 1427 * Clean again the interrupt here 1428 */ 1429 iwm_disable_interrupts(sc); 1430 /* stop and reset the on-board processor */ 1431 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET); 1432 1433 /* 1434 * Even if we stop the HW, we still want the RF kill 1435 * interrupt 1436 */ 1437 iwm_enable_rfkill_int(sc); 1438 iwm_check_rfkill(sc); 1439} 1440 1441/* iwlwifi: mvm/ops.c */ 1442static void 1443iwm_mvm_nic_config(struct iwm_softc *sc) 1444{ 1445 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash; 1446 uint32_t reg_val = 0; 1447 uint32_t phy_config = iwm_mvm_get_phy_config(sc); 1448 1449 radio_cfg_type = (phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >> 1450 IWM_FW_PHY_CFG_RADIO_TYPE_POS; 1451 radio_cfg_step = (phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >> 1452 IWM_FW_PHY_CFG_RADIO_STEP_POS; 1453 radio_cfg_dash = (phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >> 1454 IWM_FW_PHY_CFG_RADIO_DASH_POS; 1455 1456 /* SKU control */ 1457 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) << 1458 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP; 1459 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) << 1460 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH; 1461 1462 /* radio configuration */ 1463 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE; 1464 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP; 1465 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH; 1466 1467 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val); 1468 1469 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1470 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type, 1471 radio_cfg_step, radio_cfg_dash); 1472 1473 /* 1474 * W/A : NIC is stuck in a reset state after Early PCIe power off 1475 * (PCIe power is lost before PERST# is asserted), causing ME FW 1476 * to lose ownership and not being able to obtain it back. 1477 */ 1478 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 1479 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG, 1480 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS, 1481 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS); 1482 } 1483} 1484 1485static int 1486iwm_nic_rx_init(struct iwm_softc *sc) 1487{ 1488 if (!iwm_nic_lock(sc)) 1489 return EBUSY; 1490 1491 /* 1492 * Initialize RX ring. This is from the iwn driver. 1493 */ 1494 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1495 1496 /* stop DMA */ 1497 iwm_disable_rx_dma(sc); 1498 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0); 1499 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0); 1500 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0); 1501 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0); 1502 1503 /* Set physical address of RX ring (256-byte aligned). */ 1504 IWM_WRITE(sc, 1505 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8); 1506 1507 /* Set physical address of RX status (16-byte aligned). */ 1508 IWM_WRITE(sc, 1509 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4); 1510 1511 /* Enable RX. */ 1512 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 1513 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL | 1514 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */ 1515 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL | 1516 IWM_FH_RCSR_CHNL0_RX_CONFIG_SINGLE_FRAME_MSK | 1517 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) | 1518 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K | 1519 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS); 1520 1521 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF); 1522 1523 /* W/A for interrupt coalescing bug in 7260 and 3160 */ 1524 if (sc->cfg->host_interrupt_operation_mode) 1525 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE); 1526 1527 /* 1528 * Thus sayeth el jefe (iwlwifi) via a comment: 1529 * 1530 * This value should initially be 0 (before preparing any 1531 * RBs), should be 8 after preparing the first 8 RBs (for example) 1532 */ 1533 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8); 1534 1535 iwm_nic_unlock(sc); 1536 1537 return 0; 1538} 1539 1540static int 1541iwm_nic_tx_init(struct iwm_softc *sc) 1542{ 1543 int qid; 1544 1545 if (!iwm_nic_lock(sc)) 1546 return EBUSY; 1547 1548 /* Deactivate TX scheduler. */ 1549 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1550 1551 /* Set physical address of "keep warm" page (16-byte aligned). */ 1552 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4); 1553 1554 /* Initialize TX rings. */ 1555 for (qid = 0; qid < nitems(sc->txq); qid++) { 1556 struct iwm_tx_ring *txq = &sc->txq[qid]; 1557 1558 /* Set physical address of TX ring (256-byte aligned). */ 1559 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid), 1560 txq->desc_dma.paddr >> 8); 1561 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 1562 "%s: loading ring %d descriptors (%p) at %lx\n", 1563 __func__, 1564 qid, txq->desc, 1565 (unsigned long) (txq->desc_dma.paddr >> 8)); 1566 } 1567 1568 iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE); 1569 1570 iwm_nic_unlock(sc); 1571 1572 return 0; 1573} 1574 1575static int 1576iwm_nic_init(struct iwm_softc *sc) 1577{ 1578 int error; 1579 1580 iwm_apm_init(sc); 1581 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 1582 iwm_set_pwr(sc); 1583 1584 iwm_mvm_nic_config(sc); 1585 1586 if ((error = iwm_nic_rx_init(sc)) != 0) 1587 return error; 1588 1589 /* 1590 * Ditto for TX, from iwn 1591 */ 1592 if ((error = iwm_nic_tx_init(sc)) != 0) 1593 return error; 1594 1595 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1596 "%s: shadow registers enabled\n", __func__); 1597 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff); 1598 1599 return 0; 1600} 1601 1602const uint8_t iwm_mvm_ac_to_tx_fifo[] = { 1603 IWM_MVM_TX_FIFO_VO, 1604 IWM_MVM_TX_FIFO_VI, 1605 IWM_MVM_TX_FIFO_BE, 1606 IWM_MVM_TX_FIFO_BK, 1607}; 1608 1609static int 1610iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo) 1611{ 1612 if (!iwm_nic_lock(sc)) { 1613 device_printf(sc->sc_dev, 1614 "%s: cannot enable txq %d\n", 1615 __func__, 1616 qid); 1617 return EBUSY; 1618 } 1619 1620 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0); 1621 1622 if (qid == IWM_MVM_CMD_QUEUE) { 1623 /* unactivate before configuration */ 1624 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1625 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) 1626 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN)); 1627 1628 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid)); 1629 1630 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0); 1631 1632 iwm_write_mem32(sc, sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0); 1633 /* Set scheduler window size and frame limit. */ 1634 iwm_write_mem32(sc, 1635 sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) + 1636 sizeof(uint32_t), 1637 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) & 1638 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) | 1639 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) & 1640 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK)); 1641 1642 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1643 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) | 1644 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) | 1645 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) | 1646 IWM_SCD_QUEUE_STTS_REG_MSK); 1647 } else { 1648 struct iwm_scd_txq_cfg_cmd cmd; 1649 int error; 1650 1651 iwm_nic_unlock(sc); 1652 1653 memset(&cmd, 0, sizeof(cmd)); 1654 cmd.scd_queue = qid; 1655 cmd.enable = 1; 1656 cmd.sta_id = sta_id; 1657 cmd.tx_fifo = fifo; 1658 cmd.aggregate = 0; 1659 cmd.window = IWM_FRAME_LIMIT; 1660 1661 error = iwm_mvm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC, 1662 sizeof(cmd), &cmd); 1663 if (error) { 1664 device_printf(sc->sc_dev, 1665 "cannot enable txq %d\n", qid); 1666 return error; 1667 } 1668 1669 if (!iwm_nic_lock(sc)) 1670 return EBUSY; 1671 } 1672 1673 iwm_write_prph(sc, IWM_SCD_EN_CTRL, 1674 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid); 1675 1676 iwm_nic_unlock(sc); 1677 1678 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n", 1679 __func__, qid, fifo); 1680 1681 return 0; 1682} 1683 1684static int 1685iwm_post_alive(struct iwm_softc *sc) 1686{ 1687 int nwords; 1688 int error, chnl; 1689 uint32_t base; 1690 1691 if (!iwm_nic_lock(sc)) 1692 return EBUSY; 1693 1694 base = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR); 1695 if (sc->sched_base != base) { 1696 device_printf(sc->sc_dev, 1697 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n", 1698 __func__, sc->sched_base, base); 1699 } 1700 1701 iwm_ict_reset(sc); 1702 1703 /* Clear TX scheduler state in SRAM. */ 1704 nwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND - 1705 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) 1706 / sizeof(uint32_t); 1707 error = iwm_write_mem(sc, 1708 sc->sched_base + IWM_SCD_CONTEXT_MEM_LOWER_BOUND, 1709 NULL, nwords); 1710 if (error) 1711 goto out; 1712 1713 /* Set physical address of TX scheduler rings (1KB aligned). */ 1714 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10); 1715 1716 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0); 1717 1718 iwm_nic_unlock(sc); 1719 1720 /* enable command channel */ 1721 error = iwm_enable_txq(sc, 0 /* unused */, IWM_MVM_CMD_QUEUE, 7); 1722 if (error) 1723 return error; 1724 1725 if (!iwm_nic_lock(sc)) 1726 return EBUSY; 1727 1728 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff); 1729 1730 /* Enable DMA channels. */ 1731 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1732 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 1733 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 1734 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE); 1735 } 1736 1737 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG, 1738 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN); 1739 1740 /* Enable L1-Active */ 1741 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 1742 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG, 1743 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS); 1744 } 1745 1746 out: 1747 iwm_nic_unlock(sc); 1748 return error; 1749} 1750 1751/* 1752 * NVM read access and content parsing. We do not support 1753 * external NVM or writing NVM. 1754 * iwlwifi/mvm/nvm.c 1755 */ 1756 1757/* Default NVM size to read */ 1758#define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024) 1759 1760#define IWM_NVM_WRITE_OPCODE 1 1761#define IWM_NVM_READ_OPCODE 0 1762 1763/* load nvm chunk response */ 1764enum { 1765 IWM_READ_NVM_CHUNK_SUCCEED = 0, 1766 IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS = 1 1767}; 1768 1769static int 1770iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section, 1771 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len) 1772{ 1773 struct iwm_nvm_access_cmd nvm_access_cmd = { 1774 .offset = htole16(offset), 1775 .length = htole16(length), 1776 .type = htole16(section), 1777 .op_code = IWM_NVM_READ_OPCODE, 1778 }; 1779 struct iwm_nvm_access_resp *nvm_resp; 1780 struct iwm_rx_packet *pkt; 1781 struct iwm_host_cmd cmd = { 1782 .id = IWM_NVM_ACCESS_CMD, 1783 .flags = IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL, 1784 .data = { &nvm_access_cmd, }, 1785 }; 1786 int ret, bytes_read, offset_read; 1787 uint8_t *resp_data; 1788 1789 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd); 1790 1791 ret = iwm_send_cmd(sc, &cmd); 1792 if (ret) { 1793 device_printf(sc->sc_dev, 1794 "Could not send NVM_ACCESS command (error=%d)\n", ret); 1795 return ret; 1796 } 1797 1798 pkt = cmd.resp_pkt; 1799 1800 /* Extract NVM response */ 1801 nvm_resp = (void *)pkt->data; 1802 ret = le16toh(nvm_resp->status); 1803 bytes_read = le16toh(nvm_resp->length); 1804 offset_read = le16toh(nvm_resp->offset); 1805 resp_data = nvm_resp->data; 1806 if (ret) { 1807 if ((offset != 0) && 1808 (ret == IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS)) { 1809 /* 1810 * meaning of NOT_VALID_ADDRESS: 1811 * driver try to read chunk from address that is 1812 * multiple of 2K and got an error since addr is empty. 1813 * meaning of (offset != 0): driver already 1814 * read valid data from another chunk so this case 1815 * is not an error. 1816 */ 1817 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1818 "NVM access command failed on offset 0x%x since that section size is multiple 2K\n", 1819 offset); 1820 *len = 0; 1821 ret = 0; 1822 } else { 1823 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1824 "NVM access command failed with status %d\n", ret); 1825 ret = EIO; 1826 } 1827 goto exit; 1828 } 1829 1830 if (offset_read != offset) { 1831 device_printf(sc->sc_dev, 1832 "NVM ACCESS response with invalid offset %d\n", 1833 offset_read); 1834 ret = EINVAL; 1835 goto exit; 1836 } 1837 1838 if (bytes_read > length) { 1839 device_printf(sc->sc_dev, 1840 "NVM ACCESS response with too much data " 1841 "(%d bytes requested, %d bytes received)\n", 1842 length, bytes_read); 1843 ret = EINVAL; 1844 goto exit; 1845 } 1846 1847 /* Write data to NVM */ 1848 memcpy(data + offset, resp_data, bytes_read); 1849 *len = bytes_read; 1850 1851 exit: 1852 iwm_free_resp(sc, &cmd); 1853 return ret; 1854} 1855 1856/* 1857 * Reads an NVM section completely. 1858 * NICs prior to 7000 family don't have a real NVM, but just read 1859 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited 1860 * by uCode, we need to manually check in this case that we don't 1861 * overflow and try to read more than the EEPROM size. 1862 * For 7000 family NICs, we supply the maximal size we can read, and 1863 * the uCode fills the response with as much data as we can, 1864 * without overflowing, so no check is needed. 1865 */ 1866static int 1867iwm_nvm_read_section(struct iwm_softc *sc, 1868 uint16_t section, uint8_t *data, uint16_t *len, uint32_t size_read) 1869{ 1870 uint16_t seglen, length, offset = 0; 1871 int ret; 1872 1873 /* Set nvm section read length */ 1874 length = IWM_NVM_DEFAULT_CHUNK_SIZE; 1875 1876 seglen = length; 1877 1878 /* Read the NVM until exhausted (reading less than requested) */ 1879 while (seglen == length) { 1880 /* Check no memory assumptions fail and cause an overflow */ 1881 if ((size_read + offset + length) > 1882 sc->cfg->eeprom_size) { 1883 device_printf(sc->sc_dev, 1884 "EEPROM size is too small for NVM\n"); 1885 return ENOBUFS; 1886 } 1887 1888 ret = iwm_nvm_read_chunk(sc, section, offset, length, data, &seglen); 1889 if (ret) { 1890 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1891 "Cannot read NVM from section %d offset %d, length %d\n", 1892 section, offset, length); 1893 return ret; 1894 } 1895 offset += seglen; 1896 } 1897 1898 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1899 "NVM section %d read completed\n", section); 1900 *len = offset; 1901 return 0; 1902} 1903 1904/* 1905 * BEGIN IWM_NVM_PARSE 1906 */ 1907 1908/* iwlwifi/iwl-nvm-parse.c */ 1909 1910/* NVM offsets (in words) definitions */ 1911enum iwm_nvm_offsets { 1912 /* NVM HW-Section offset (in words) definitions */ 1913 IWM_HW_ADDR = 0x15, 1914 1915/* NVM SW-Section offset (in words) definitions */ 1916 IWM_NVM_SW_SECTION = 0x1C0, 1917 IWM_NVM_VERSION = 0, 1918 IWM_RADIO_CFG = 1, 1919 IWM_SKU = 2, 1920 IWM_N_HW_ADDRS = 3, 1921 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION, 1922 1923/* NVM calibration section offset (in words) definitions */ 1924 IWM_NVM_CALIB_SECTION = 0x2B8, 1925 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION 1926}; 1927 1928enum iwm_8000_nvm_offsets { 1929 /* NVM HW-Section offset (in words) definitions */ 1930 IWM_HW_ADDR0_WFPM_8000 = 0x12, 1931 IWM_HW_ADDR1_WFPM_8000 = 0x16, 1932 IWM_HW_ADDR0_PCIE_8000 = 0x8A, 1933 IWM_HW_ADDR1_PCIE_8000 = 0x8E, 1934 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1, 1935 1936 /* NVM SW-Section offset (in words) definitions */ 1937 IWM_NVM_SW_SECTION_8000 = 0x1C0, 1938 IWM_NVM_VERSION_8000 = 0, 1939 IWM_RADIO_CFG_8000 = 0, 1940 IWM_SKU_8000 = 2, 1941 IWM_N_HW_ADDRS_8000 = 3, 1942 1943 /* NVM REGULATORY -Section offset (in words) definitions */ 1944 IWM_NVM_CHANNELS_8000 = 0, 1945 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7, 1946 IWM_NVM_LAR_OFFSET_8000 = 0x507, 1947 IWM_NVM_LAR_ENABLED_8000 = 0x7, 1948 1949 /* NVM calibration section offset (in words) definitions */ 1950 IWM_NVM_CALIB_SECTION_8000 = 0x2B8, 1951 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000 1952}; 1953 1954/* SKU Capabilities (actual values from NVM definition) */ 1955enum nvm_sku_bits { 1956 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0), 1957 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1), 1958 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2), 1959 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3), 1960}; 1961 1962/* radio config bits (actual values from NVM definition) */ 1963#define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */ 1964#define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */ 1965#define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */ 1966#define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */ 1967#define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */ 1968#define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */ 1969 1970#define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF) 1971#define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF) 1972#define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF) 1973#define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF) 1974#define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF) 1975#define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF) 1976 1977#define DEFAULT_MAX_TX_POWER 16 1978 1979/** 1980 * enum iwm_nvm_channel_flags - channel flags in NVM 1981 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo 1982 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel 1983 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed 1984 * @IWM_NVM_CHANNEL_RADAR: radar detection required 1985 * XXX cannot find this (DFS) flag in iwm-nvm-parse.c 1986 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate 1987 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?) 1988 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?) 1989 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?) 1990 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?) 1991 */ 1992enum iwm_nvm_channel_flags { 1993 IWM_NVM_CHANNEL_VALID = (1 << 0), 1994 IWM_NVM_CHANNEL_IBSS = (1 << 1), 1995 IWM_NVM_CHANNEL_ACTIVE = (1 << 3), 1996 IWM_NVM_CHANNEL_RADAR = (1 << 4), 1997 IWM_NVM_CHANNEL_DFS = (1 << 7), 1998 IWM_NVM_CHANNEL_WIDE = (1 << 8), 1999 IWM_NVM_CHANNEL_40MHZ = (1 << 9), 2000 IWM_NVM_CHANNEL_80MHZ = (1 << 10), 2001 IWM_NVM_CHANNEL_160MHZ = (1 << 11), 2002}; 2003 2004/* 2005 * Translate EEPROM flags to net80211. 2006 */ 2007static uint32_t 2008iwm_eeprom_channel_flags(uint16_t ch_flags) 2009{ 2010 uint32_t nflags; 2011 2012 nflags = 0; 2013 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0) 2014 nflags |= IEEE80211_CHAN_PASSIVE; 2015 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0) 2016 nflags |= IEEE80211_CHAN_NOADHOC; 2017 if (ch_flags & IWM_NVM_CHANNEL_RADAR) { 2018 nflags |= IEEE80211_CHAN_DFS; 2019 /* Just in case. */ 2020 nflags |= IEEE80211_CHAN_NOADHOC; 2021 } 2022 2023 return (nflags); 2024} 2025 2026static void 2027iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[], 2028 int maxchans, int *nchans, int ch_idx, size_t ch_num, 2029 const uint8_t bands[]) 2030{ 2031 const uint16_t * const nvm_ch_flags = sc->nvm_data->nvm_ch_flags; 2032 uint32_t nflags; 2033 uint16_t ch_flags; 2034 uint8_t ieee; 2035 int error; 2036 2037 for (; ch_idx < ch_num; ch_idx++) { 2038 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx); 2039 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 2040 ieee = iwm_nvm_channels[ch_idx]; 2041 else 2042 ieee = iwm_nvm_channels_8000[ch_idx]; 2043 2044 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) { 2045 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 2046 "Ch. %d Flags %x [%sGHz] - No traffic\n", 2047 ieee, ch_flags, 2048 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 2049 "5.2" : "2.4"); 2050 continue; 2051 } 2052 2053 nflags = iwm_eeprom_channel_flags(ch_flags); 2054 error = ieee80211_add_channel(chans, maxchans, nchans, 2055 ieee, 0, 0, nflags, bands); 2056 if (error != 0) 2057 break; 2058 2059 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 2060 "Ch. %d Flags %x [%sGHz] - Added\n", 2061 ieee, ch_flags, 2062 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 2063 "5.2" : "2.4"); 2064 } 2065} 2066 2067static void 2068iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans, 2069 struct ieee80211_channel chans[]) 2070{ 2071 struct iwm_softc *sc = ic->ic_softc; 2072 struct iwm_nvm_data *data = sc->nvm_data; 2073 uint8_t bands[IEEE80211_MODE_BYTES]; 2074 size_t ch_num; 2075 2076 memset(bands, 0, sizeof(bands)); 2077 /* 1-13: 11b/g channels. */ 2078 setbit(bands, IEEE80211_MODE_11B); 2079 setbit(bands, IEEE80211_MODE_11G); 2080 iwm_add_channel_band(sc, chans, maxchans, nchans, 0, 2081 IWM_NUM_2GHZ_CHANNELS - 1, bands); 2082 2083 /* 14: 11b channel only. */ 2084 clrbit(bands, IEEE80211_MODE_11G); 2085 iwm_add_channel_band(sc, chans, maxchans, nchans, 2086 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands); 2087 2088 if (data->sku_cap_band_52GHz_enable) { 2089 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 2090 ch_num = nitems(iwm_nvm_channels); 2091 else 2092 ch_num = nitems(iwm_nvm_channels_8000); 2093 memset(bands, 0, sizeof(bands)); 2094 setbit(bands, IEEE80211_MODE_11A); 2095 iwm_add_channel_band(sc, chans, maxchans, nchans, 2096 IWM_NUM_2GHZ_CHANNELS, ch_num, bands); 2097 } 2098} 2099 2100static void 2101iwm_set_hw_address_family_8000(struct iwm_softc *sc, struct iwm_nvm_data *data, 2102 const uint16_t *mac_override, const uint16_t *nvm_hw) 2103{ 2104 const uint8_t *hw_addr; 2105 2106 if (mac_override) { 2107 static const uint8_t reserved_mac[] = { 2108 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00 2109 }; 2110 2111 hw_addr = (const uint8_t *)(mac_override + 2112 IWM_MAC_ADDRESS_OVERRIDE_8000); 2113 2114 /* 2115 * Store the MAC address from MAO section. 2116 * No byte swapping is required in MAO section 2117 */ 2118 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr); 2119 2120 /* 2121 * Force the use of the OTP MAC address in case of reserved MAC 2122 * address in the NVM, or if address is given but invalid. 2123 */ 2124 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) && 2125 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) && 2126 iwm_is_valid_ether_addr(data->hw_addr) && 2127 !IEEE80211_IS_MULTICAST(data->hw_addr)) 2128 return; 2129 2130 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2131 "%s: mac address from nvm override section invalid\n", 2132 __func__); 2133 } 2134 2135 if (nvm_hw) { 2136 /* read the mac address from WFMP registers */ 2137 uint32_t mac_addr0 = 2138 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0)); 2139 uint32_t mac_addr1 = 2140 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1)); 2141 2142 hw_addr = (const uint8_t *)&mac_addr0; 2143 data->hw_addr[0] = hw_addr[3]; 2144 data->hw_addr[1] = hw_addr[2]; 2145 data->hw_addr[2] = hw_addr[1]; 2146 data->hw_addr[3] = hw_addr[0]; 2147 2148 hw_addr = (const uint8_t *)&mac_addr1; 2149 data->hw_addr[4] = hw_addr[1]; 2150 data->hw_addr[5] = hw_addr[0]; 2151 2152 return; 2153 } 2154 2155 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__); 2156 memset(data->hw_addr, 0, sizeof(data->hw_addr)); 2157} 2158 2159static int 2160iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2161 const uint16_t *phy_sku) 2162{ 2163 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2164 return le16_to_cpup(nvm_sw + IWM_SKU); 2165 2166 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000)); 2167} 2168 2169static int 2170iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2171{ 2172 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2173 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION); 2174 else 2175 return le32_to_cpup((const uint32_t *)(nvm_sw + 2176 IWM_NVM_VERSION_8000)); 2177} 2178 2179static int 2180iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2181 const uint16_t *phy_sku) 2182{ 2183 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2184 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG); 2185 2186 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000)); 2187} 2188 2189static int 2190iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2191{ 2192 int n_hw_addr; 2193 2194 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2195 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS); 2196 2197 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000)); 2198 2199 return n_hw_addr & IWM_N_HW_ADDR_MASK; 2200} 2201 2202static void 2203iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data, 2204 uint32_t radio_cfg) 2205{ 2206 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2207 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg); 2208 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg); 2209 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg); 2210 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg); 2211 return; 2212 } 2213 2214 /* set the radio configuration for family 8000 */ 2215 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg); 2216 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg); 2217 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg); 2218 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg); 2219 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg); 2220 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg); 2221} 2222 2223static int 2224iwm_set_hw_address(struct iwm_softc *sc, struct iwm_nvm_data *data, 2225 const uint16_t *nvm_hw, const uint16_t *mac_override) 2226{ 2227#ifdef notyet /* for FAMILY 9000 */ 2228 if (cfg->mac_addr_from_csr) { 2229 iwm_set_hw_address_from_csr(sc, data); 2230 } else 2231#endif 2232 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2233 const uint8_t *hw_addr = (const uint8_t *)(nvm_hw + IWM_HW_ADDR); 2234 2235 /* The byte order is little endian 16 bit, meaning 214365 */ 2236 data->hw_addr[0] = hw_addr[1]; 2237 data->hw_addr[1] = hw_addr[0]; 2238 data->hw_addr[2] = hw_addr[3]; 2239 data->hw_addr[3] = hw_addr[2]; 2240 data->hw_addr[4] = hw_addr[5]; 2241 data->hw_addr[5] = hw_addr[4]; 2242 } else { 2243 iwm_set_hw_address_family_8000(sc, data, mac_override, nvm_hw); 2244 } 2245 2246 if (!iwm_is_valid_ether_addr(data->hw_addr)) { 2247 device_printf(sc->sc_dev, "no valid mac address was found\n"); 2248 return EINVAL; 2249 } 2250 2251 return 0; 2252} 2253 2254static struct iwm_nvm_data * 2255iwm_parse_nvm_data(struct iwm_softc *sc, 2256 const uint16_t *nvm_hw, const uint16_t *nvm_sw, 2257 const uint16_t *nvm_calib, const uint16_t *mac_override, 2258 const uint16_t *phy_sku, const uint16_t *regulatory) 2259{ 2260 struct iwm_nvm_data *data; 2261 uint32_t sku, radio_cfg; 2262 2263 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2264 data = malloc(sizeof(*data) + 2265 IWM_NUM_CHANNELS * sizeof(uint16_t), 2266 M_DEVBUF, M_NOWAIT | M_ZERO); 2267 } else { 2268 data = malloc(sizeof(*data) + 2269 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t), 2270 M_DEVBUF, M_NOWAIT | M_ZERO); 2271 } 2272 if (!data) 2273 return NULL; 2274 2275 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw); 2276 2277 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku); 2278 iwm_set_radio_cfg(sc, data, radio_cfg); 2279 2280 sku = iwm_get_sku(sc, nvm_sw, phy_sku); 2281 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ; 2282 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ; 2283 data->sku_cap_11n_enable = 0; 2284 2285 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw); 2286 2287 /* If no valid mac address was found - bail out */ 2288 if (iwm_set_hw_address(sc, data, nvm_hw, mac_override)) { 2289 free(data, M_DEVBUF); 2290 return NULL; 2291 } 2292 2293 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 2294 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS], 2295 IWM_NUM_CHANNELS * sizeof(uint16_t)); 2296 } else { 2297 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000], 2298 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t)); 2299 } 2300 2301 return data; 2302} 2303 2304static void 2305iwm_free_nvm_data(struct iwm_nvm_data *data) 2306{ 2307 if (data != NULL) 2308 free(data, M_DEVBUF); 2309} 2310 2311static struct iwm_nvm_data * 2312iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections) 2313{ 2314 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku; 2315 2316 /* Checking for required sections */ 2317 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 2318 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2319 !sections[sc->cfg->nvm_hw_section_num].data) { 2320 device_printf(sc->sc_dev, 2321 "Can't parse empty OTP/NVM sections\n"); 2322 return NULL; 2323 } 2324 } else if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 2325 /* SW and REGULATORY sections are mandatory */ 2326 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2327 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) { 2328 device_printf(sc->sc_dev, 2329 "Can't parse empty OTP/NVM sections\n"); 2330 return NULL; 2331 } 2332 /* MAC_OVERRIDE or at least HW section must exist */ 2333 if (!sections[sc->cfg->nvm_hw_section_num].data && 2334 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) { 2335 device_printf(sc->sc_dev, 2336 "Can't parse mac_address, empty sections\n"); 2337 return NULL; 2338 } 2339 2340 /* PHY_SKU section is mandatory in B0 */ 2341 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) { 2342 device_printf(sc->sc_dev, 2343 "Can't parse phy_sku in B0, empty sections\n"); 2344 return NULL; 2345 } 2346 } else { 2347 panic("unknown device family %d\n", sc->cfg->device_family); 2348 } 2349 2350 hw = (const uint16_t *) sections[sc->cfg->nvm_hw_section_num].data; 2351 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data; 2352 calib = (const uint16_t *) 2353 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data; 2354 regulatory = (const uint16_t *) 2355 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data; 2356 mac_override = (const uint16_t *) 2357 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data; 2358 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data; 2359 2360 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override, 2361 phy_sku, regulatory); 2362} 2363 2364static int 2365iwm_nvm_init(struct iwm_softc *sc) 2366{ 2367 struct iwm_nvm_section nvm_sections[IWM_NVM_MAX_NUM_SECTIONS]; 2368 int i, ret, section; 2369 uint32_t size_read = 0; 2370 uint8_t *nvm_buffer, *temp; 2371 uint16_t len; 2372 2373 memset(nvm_sections, 0, sizeof(nvm_sections)); 2374 2375 if (sc->cfg->nvm_hw_section_num >= IWM_NVM_MAX_NUM_SECTIONS) 2376 return EINVAL; 2377 2378 /* load NVM values from nic */ 2379 /* Read From FW NVM */ 2380 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, "Read from NVM\n"); 2381 2382 nvm_buffer = malloc(sc->cfg->eeprom_size, M_DEVBUF, M_NOWAIT | M_ZERO); 2383 if (!nvm_buffer) 2384 return ENOMEM; 2385 for (section = 0; section < IWM_NVM_MAX_NUM_SECTIONS; section++) { 2386 /* we override the constness for initial read */ 2387 ret = iwm_nvm_read_section(sc, section, nvm_buffer, 2388 &len, size_read); 2389 if (ret) 2390 continue; 2391 size_read += len; 2392 temp = malloc(len, M_DEVBUF, M_NOWAIT); 2393 if (!temp) { 2394 ret = ENOMEM; 2395 break; 2396 } 2397 memcpy(temp, nvm_buffer, len); 2398 2399 nvm_sections[section].data = temp; 2400 nvm_sections[section].length = len; 2401 } 2402 if (!size_read) 2403 device_printf(sc->sc_dev, "OTP is blank\n"); 2404 free(nvm_buffer, M_DEVBUF); 2405 2406 sc->nvm_data = iwm_parse_nvm_sections(sc, nvm_sections); 2407 if (!sc->nvm_data) 2408 return EINVAL; 2409 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 2410 "nvm version = %x\n", sc->nvm_data->nvm_version); 2411 2412 for (i = 0; i < IWM_NVM_MAX_NUM_SECTIONS; i++) { 2413 if (nvm_sections[i].data != NULL) 2414 free(nvm_sections[i].data, M_DEVBUF); 2415 } 2416 2417 return 0; 2418} 2419 2420/* 2421 * Firmware loading gunk. This is kind of a weird hybrid between the 2422 * iwn driver and the Linux iwlwifi driver. 2423 */ 2424 2425static int 2426iwm_firmware_load_sect(struct iwm_softc *sc, uint32_t dst_addr, 2427 const uint8_t *section, uint32_t byte_cnt) 2428{ 2429 int error = EINVAL; 2430 uint32_t chunk_sz, offset; 2431 2432 chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, byte_cnt); 2433 2434 for (offset = 0; offset < byte_cnt; offset += chunk_sz) { 2435 uint32_t addr, len; 2436 const uint8_t *data; 2437 2438 addr = dst_addr + offset; 2439 len = MIN(chunk_sz, byte_cnt - offset); 2440 data = section + offset; 2441 2442 error = iwm_firmware_load_chunk(sc, addr, data, len); 2443 if (error) 2444 break; 2445 } 2446 2447 return error; 2448} 2449 2450static int 2451iwm_firmware_load_chunk(struct iwm_softc *sc, uint32_t dst_addr, 2452 const uint8_t *chunk, uint32_t byte_cnt) 2453{ 2454 struct iwm_dma_info *dma = &sc->fw_dma; 2455 int error; 2456 2457 /* Copy firmware chunk into pre-allocated DMA-safe memory. */ 2458 memcpy(dma->vaddr, chunk, byte_cnt); 2459 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 2460 2461 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 2462 dst_addr <= IWM_FW_MEM_EXTENDED_END) { 2463 iwm_set_bits_prph(sc, IWM_LMPM_CHICK, 2464 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2465 } 2466 2467 sc->sc_fw_chunk_done = 0; 2468 2469 if (!iwm_nic_lock(sc)) 2470 return EBUSY; 2471 2472 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2473 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE); 2474 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL), 2475 dst_addr); 2476 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL), 2477 dma->paddr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK); 2478 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL), 2479 (iwm_get_dma_hi_addr(dma->paddr) 2480 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt); 2481 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL), 2482 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM | 2483 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX | 2484 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID); 2485 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2486 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 2487 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE | 2488 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD); 2489 2490 iwm_nic_unlock(sc); 2491 2492 /* wait 1s for this segment to load */ 2493 while (!sc->sc_fw_chunk_done) 2494 if ((error = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz)) != 0) 2495 break; 2496 2497 if (!sc->sc_fw_chunk_done) { 2498 device_printf(sc->sc_dev, 2499 "fw chunk addr 0x%x len %d failed to load\n", 2500 dst_addr, byte_cnt); 2501 } 2502 2503 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 2504 dst_addr <= IWM_FW_MEM_EXTENDED_END && iwm_nic_lock(sc)) { 2505 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK, 2506 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2507 iwm_nic_unlock(sc); 2508 } 2509 2510 return error; 2511} 2512 2513int 2514iwm_load_cpu_sections_8000(struct iwm_softc *sc, struct iwm_fw_sects *fws, 2515 int cpu, int *first_ucode_section) 2516{ 2517 int shift_param; 2518 int i, error = 0, sec_num = 0x1; 2519 uint32_t val, last_read_idx = 0; 2520 const void *data; 2521 uint32_t dlen; 2522 uint32_t offset; 2523 2524 if (cpu == 1) { 2525 shift_param = 0; 2526 *first_ucode_section = 0; 2527 } else { 2528 shift_param = 16; 2529 (*first_ucode_section)++; 2530 } 2531 2532 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) { 2533 last_read_idx = i; 2534 data = fws->fw_sect[i].fws_data; 2535 dlen = fws->fw_sect[i].fws_len; 2536 offset = fws->fw_sect[i].fws_devoff; 2537 2538 /* 2539 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between 2540 * CPU1 to CPU2. 2541 * PAGING_SEPARATOR_SECTION delimiter - separate between 2542 * CPU2 non paged to CPU2 paging sec. 2543 */ 2544 if (!data || offset == IWM_CPU1_CPU2_SEPARATOR_SECTION || 2545 offset == IWM_PAGING_SEPARATOR_SECTION) 2546 break; 2547 2548 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2549 "LOAD FIRMWARE chunk %d offset 0x%x len %d for cpu %d\n", 2550 i, offset, dlen, cpu); 2551 2552 if (dlen > sc->sc_fwdmasegsz) { 2553 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2554 "chunk %d too large (%d bytes)\n", i, dlen); 2555 error = EFBIG; 2556 } else { 2557 error = iwm_firmware_load_sect(sc, offset, data, dlen); 2558 } 2559 if (error) { 2560 device_printf(sc->sc_dev, 2561 "could not load firmware chunk %d (error %d)\n", 2562 i, error); 2563 return error; 2564 } 2565 2566 /* Notify the ucode of the loaded section number and status */ 2567 if (iwm_nic_lock(sc)) { 2568 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS); 2569 val = val | (sec_num << shift_param); 2570 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val); 2571 sec_num = (sec_num << 1) | 0x1; 2572 iwm_nic_unlock(sc); 2573 2574 /* 2575 * The firmware won't load correctly without this delay. 2576 */ 2577 DELAY(8000); 2578 } 2579 } 2580 2581 *first_ucode_section = last_read_idx; 2582 2583 if (iwm_nic_lock(sc)) { 2584 if (cpu == 1) 2585 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF); 2586 else 2587 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF); 2588 iwm_nic_unlock(sc); 2589 } 2590 2591 return 0; 2592} 2593 2594int 2595iwm_load_firmware_8000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2596{ 2597 struct iwm_fw_sects *fws; 2598 int error = 0; 2599 int first_ucode_section; 2600 2601 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "loading ucode type %d\n", 2602 ucode_type); 2603 2604 fws = &sc->sc_fw.fw_sects[ucode_type]; 2605 2606 /* configure the ucode to be ready to get the secured image */ 2607 /* release CPU reset */ 2608 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET, IWM_RELEASE_CPU_RESET_BIT); 2609 2610 /* load to FW the binary Secured sections of CPU1 */ 2611 error = iwm_load_cpu_sections_8000(sc, fws, 1, &first_ucode_section); 2612 if (error) 2613 return error; 2614 2615 /* load to FW the binary sections of CPU2 */ 2616 return iwm_load_cpu_sections_8000(sc, fws, 2, &first_ucode_section); 2617} 2618 2619static int 2620iwm_load_firmware_7000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2621{ 2622 struct iwm_fw_sects *fws; 2623 int error, i; 2624 const void *data; 2625 uint32_t dlen; 2626 uint32_t offset; 2627 2628 sc->sc_uc.uc_intr = 0; 2629 2630 fws = &sc->sc_fw.fw_sects[ucode_type]; 2631 for (i = 0; i < fws->fw_count; i++) { 2632 data = fws->fw_sect[i].fws_data; 2633 dlen = fws->fw_sect[i].fws_len; 2634 offset = fws->fw_sect[i].fws_devoff; 2635 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 2636 "LOAD FIRMWARE type %d offset %u len %d\n", 2637 ucode_type, offset, dlen); 2638 if (dlen > sc->sc_fwdmasegsz) { 2639 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 2640 "chunk %d too large (%d bytes)\n", i, dlen); 2641 error = EFBIG; 2642 } else { 2643 error = iwm_firmware_load_sect(sc, offset, data, dlen); 2644 } 2645 if (error) { 2646 device_printf(sc->sc_dev, 2647 "could not load firmware chunk %u of %u " 2648 "(error=%d)\n", i, fws->fw_count, error); 2649 return error; 2650 } 2651 } 2652 2653 IWM_WRITE(sc, IWM_CSR_RESET, 0); 2654 2655 return 0; 2656} 2657 2658static int 2659iwm_load_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2660{ 2661 int error, w; 2662 2663 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 2664 error = iwm_load_firmware_8000(sc, ucode_type); 2665 else 2666 error = iwm_load_firmware_7000(sc, ucode_type); 2667 if (error) 2668 return error; 2669 2670 /* wait for the firmware to load */ 2671 for (w = 0; !sc->sc_uc.uc_intr && w < 10; w++) { 2672 error = msleep(&sc->sc_uc, &sc->sc_mtx, 0, "iwmuc", hz/10); 2673 } 2674 if (error || !sc->sc_uc.uc_ok) { 2675 device_printf(sc->sc_dev, "could not load firmware\n"); 2676 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 2677 device_printf(sc->sc_dev, "cpu1 status: 0x%x\n", 2678 iwm_read_prph(sc, IWM_SB_CPU_1_STATUS)); 2679 device_printf(sc->sc_dev, "cpu2 status: 0x%x\n", 2680 iwm_read_prph(sc, IWM_SB_CPU_2_STATUS)); 2681 } 2682 } 2683 2684 /* 2685 * Give the firmware some time to initialize. 2686 * Accessing it too early causes errors. 2687 */ 2688 msleep(&w, &sc->sc_mtx, 0, "iwmfwinit", hz); 2689 2690 return error; 2691} 2692 2693/* iwlwifi: pcie/trans.c */ 2694static int 2695iwm_start_fw(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2696{ 2697 int error; 2698 2699 IWM_WRITE(sc, IWM_CSR_INT, ~0); 2700 2701 if ((error = iwm_nic_init(sc)) != 0) { 2702 device_printf(sc->sc_dev, "unable to init nic\n"); 2703 return error; 2704 } 2705 2706 /* make sure rfkill handshake bits are cleared */ 2707 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2708 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, 2709 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED); 2710 2711 /* clear (again), then enable host interrupts */ 2712 IWM_WRITE(sc, IWM_CSR_INT, ~0); 2713 iwm_enable_interrupts(sc); 2714 2715 /* really make sure rfkill handshake bits are cleared */ 2716 /* maybe we should write a few times more? just to make sure */ 2717 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2718 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2719 2720 /* Load the given image to the HW */ 2721 return iwm_load_firmware(sc, ucode_type); 2722} 2723 2724static int 2725iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant) 2726{ 2727 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = { 2728 .valid = htole32(valid_tx_ant), 2729 }; 2730 2731 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD, 2732 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd); 2733} 2734 2735/* iwlwifi: mvm/fw.c */ 2736static int 2737iwm_send_phy_cfg_cmd(struct iwm_softc *sc) 2738{ 2739 struct iwm_phy_cfg_cmd phy_cfg_cmd; 2740 enum iwm_ucode_type ucode_type = sc->sc_uc_current; 2741 2742 /* Set parameters */ 2743 phy_cfg_cmd.phy_cfg = htole32(iwm_mvm_get_phy_config(sc)); 2744 phy_cfg_cmd.calib_control.event_trigger = 2745 sc->sc_default_calib[ucode_type].event_trigger; 2746 phy_cfg_cmd.calib_control.flow_trigger = 2747 sc->sc_default_calib[ucode_type].flow_trigger; 2748 2749 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET, 2750 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg); 2751 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC, 2752 sizeof(phy_cfg_cmd), &phy_cfg_cmd); 2753} 2754 2755static int 2756iwm_wait_phy_db_entry(struct iwm_softc *sc, 2757 struct iwm_rx_packet *pkt, void *data) 2758{ 2759 struct iwm_phy_db *phy_db = data; 2760 2761 if (pkt->hdr.code != IWM_CALIB_RES_NOTIF_PHY_DB) { 2762 if(pkt->hdr.code != IWM_INIT_COMPLETE_NOTIF) { 2763 device_printf(sc->sc_dev, "%s: Unexpected cmd: %d\n", 2764 __func__, pkt->hdr.code); 2765 } 2766 return TRUE; 2767 } 2768 2769 if (iwm_phy_db_set_section(phy_db, pkt)) { 2770 device_printf(sc->sc_dev, 2771 "%s: iwm_phy_db_set_section failed\n", __func__); 2772 } 2773 2774 return FALSE; 2775} 2776 2777static int 2778iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc, 2779 enum iwm_ucode_type ucode_type) 2780{ 2781 enum iwm_ucode_type old_type = sc->sc_uc_current; 2782 int error; 2783 2784 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) { 2785 device_printf(sc->sc_dev, "iwm_read_firmware: failed %d\n", 2786 error); 2787 return error; 2788 } 2789 2790 sc->sc_uc_current = ucode_type; 2791 error = iwm_start_fw(sc, ucode_type); 2792 if (error) { 2793 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error); 2794 sc->sc_uc_current = old_type; 2795 return error; 2796 } 2797 2798 error = iwm_post_alive(sc); 2799 if (error) { 2800 device_printf(sc->sc_dev, "iwm_fw_alive: failed %d\n", error); 2801 } 2802 return error; 2803} 2804 2805/* 2806 * mvm misc bits 2807 */ 2808 2809/* 2810 * follows iwlwifi/fw.c 2811 */ 2812static int 2813iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm) 2814{ 2815 struct iwm_notification_wait calib_wait; 2816 static const uint16_t init_complete[] = { 2817 IWM_INIT_COMPLETE_NOTIF, 2818 IWM_CALIB_RES_NOTIF_PHY_DB 2819 }; 2820 int ret; 2821 2822 /* do not operate with rfkill switch turned on */ 2823 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) { 2824 device_printf(sc->sc_dev, 2825 "radio is disabled by hardware switch\n"); 2826 return EPERM; 2827 } 2828 2829 iwm_init_notification_wait(sc->sc_notif_wait, 2830 &calib_wait, 2831 init_complete, 2832 nitems(init_complete), 2833 iwm_wait_phy_db_entry, 2834 sc->sc_phy_db); 2835 2836 /* Will also start the device */ 2837 ret = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_INIT); 2838 if (ret) { 2839 device_printf(sc->sc_dev, "Failed to start INIT ucode: %d\n", 2840 ret); 2841 goto error; 2842 } 2843 2844 if (justnvm) { 2845 /* Read nvm */ 2846 ret = iwm_nvm_init(sc); 2847 if (ret) { 2848 device_printf(sc->sc_dev, "failed to read nvm\n"); 2849 goto error; 2850 } 2851 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->nvm_data->hw_addr); 2852 goto error; 2853 } 2854 2855 ret = iwm_send_bt_init_conf(sc); 2856 if (ret) { 2857 device_printf(sc->sc_dev, 2858 "failed to send bt coex configuration: %d\n", ret); 2859 goto error; 2860 } 2861 2862 /* Init Smart FIFO. */ 2863 ret = iwm_mvm_sf_config(sc, IWM_SF_INIT_OFF); 2864 if (ret) 2865 goto error; 2866 2867 /* Send TX valid antennas before triggering calibrations */ 2868 ret = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc)); 2869 if (ret) { 2870 device_printf(sc->sc_dev, 2871 "failed to send antennas before calibration: %d\n", ret); 2872 goto error; 2873 } 2874 2875 /* 2876 * Send phy configurations command to init uCode 2877 * to start the 16.0 uCode init image internal calibrations. 2878 */ 2879 ret = iwm_send_phy_cfg_cmd(sc); 2880 if (ret) { 2881 device_printf(sc->sc_dev, 2882 "%s: Failed to run INIT calibrations: %d\n", 2883 __func__, ret); 2884 goto error; 2885 } 2886 2887 /* 2888 * Nothing to do but wait for the init complete notification 2889 * from the firmware. 2890 */ 2891 IWM_UNLOCK(sc); 2892 ret = iwm_wait_notification(sc->sc_notif_wait, &calib_wait, 2893 IWM_MVM_UCODE_CALIB_TIMEOUT); 2894 IWM_LOCK(sc); 2895 2896 2897 goto out; 2898 2899error: 2900 iwm_remove_notification(sc->sc_notif_wait, &calib_wait); 2901out: 2902 return ret; 2903} 2904 2905/* 2906 * receive side 2907 */ 2908 2909/* (re)stock rx ring, called at init-time and at runtime */ 2910static int 2911iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx) 2912{ 2913 struct iwm_rx_ring *ring = &sc->rxq; 2914 struct iwm_rx_data *data = &ring->data[idx]; 2915 struct mbuf *m; 2916 bus_dmamap_t dmamap = NULL; 2917 bus_dma_segment_t seg; 2918 int nsegs, error; 2919 2920 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE); 2921 if (m == NULL) 2922 return ENOBUFS; 2923 2924 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size; 2925 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m, 2926 &seg, &nsegs, BUS_DMA_NOWAIT); 2927 if (error != 0) { 2928 device_printf(sc->sc_dev, 2929 "%s: can't map mbuf, error %d\n", __func__, error); 2930 goto fail; 2931 } 2932 2933 if (data->m != NULL) 2934 bus_dmamap_unload(ring->data_dmat, data->map); 2935 2936 /* Swap ring->spare_map with data->map */ 2937 dmamap = data->map; 2938 data->map = ring->spare_map; 2939 ring->spare_map = dmamap; 2940 2941 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD); 2942 data->m = m; 2943 2944 /* Update RX descriptor. */ 2945 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned")); 2946 ring->desc[idx] = htole32(seg.ds_addr >> 8); 2947 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2948 BUS_DMASYNC_PREWRITE); 2949 2950 return 0; 2951fail: 2952 m_freem(m); 2953 return error; 2954} 2955 2956/* iwlwifi: mvm/rx.c */ 2957#define IWM_RSSI_OFFSET 50 2958static int 2959iwm_mvm_calc_rssi(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 2960{ 2961 int rssi_a, rssi_b, rssi_a_dbm, rssi_b_dbm, max_rssi_dbm; 2962 uint32_t agc_a, agc_b; 2963 uint32_t val; 2964 2965 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_AGC_IDX]); 2966 agc_a = (val & IWM_OFDM_AGC_A_MSK) >> IWM_OFDM_AGC_A_POS; 2967 agc_b = (val & IWM_OFDM_AGC_B_MSK) >> IWM_OFDM_AGC_B_POS; 2968 2969 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_RSSI_AB_IDX]); 2970 rssi_a = (val & IWM_OFDM_RSSI_INBAND_A_MSK) >> IWM_OFDM_RSSI_A_POS; 2971 rssi_b = (val & IWM_OFDM_RSSI_INBAND_B_MSK) >> IWM_OFDM_RSSI_B_POS; 2972 2973 /* 2974 * dBm = rssi dB - agc dB - constant. 2975 * Higher AGC (higher radio gain) means lower signal. 2976 */ 2977 rssi_a_dbm = rssi_a - IWM_RSSI_OFFSET - agc_a; 2978 rssi_b_dbm = rssi_b - IWM_RSSI_OFFSET - agc_b; 2979 max_rssi_dbm = MAX(rssi_a_dbm, rssi_b_dbm); 2980 2981 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2982 "Rssi In A %d B %d Max %d AGCA %d AGCB %d\n", 2983 rssi_a_dbm, rssi_b_dbm, max_rssi_dbm, agc_a, agc_b); 2984 2985 return max_rssi_dbm; 2986} 2987 2988/* iwlwifi: mvm/rx.c */ 2989/* 2990 * iwm_mvm_get_signal_strength - use new rx PHY INFO API 2991 * values are reported by the fw as positive values - need to negate 2992 * to obtain their dBM. Account for missing antennas by replacing 0 2993 * values by -256dBm: practically 0 power and a non-feasible 8 bit value. 2994 */ 2995static int 2996iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 2997{ 2998 int energy_a, energy_b, energy_c, max_energy; 2999 uint32_t val; 3000 3001 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]); 3002 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >> 3003 IWM_RX_INFO_ENERGY_ANT_A_POS; 3004 energy_a = energy_a ? -energy_a : -256; 3005 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >> 3006 IWM_RX_INFO_ENERGY_ANT_B_POS; 3007 energy_b = energy_b ? -energy_b : -256; 3008 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >> 3009 IWM_RX_INFO_ENERGY_ANT_C_POS; 3010 energy_c = energy_c ? -energy_c : -256; 3011 max_energy = MAX(energy_a, energy_b); 3012 max_energy = MAX(max_energy, energy_c); 3013 3014 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3015 "energy In A %d B %d C %d , and max %d\n", 3016 energy_a, energy_b, energy_c, max_energy); 3017 3018 return max_energy; 3019} 3020 3021static void 3022iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc, 3023 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 3024{ 3025 struct iwm_rx_phy_info *phy_info = (void *)pkt->data; 3026 3027 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n"); 3028 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD); 3029 3030 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info)); 3031} 3032 3033/* 3034 * Retrieve the average noise (in dBm) among receivers. 3035 */ 3036static int 3037iwm_get_noise(struct iwm_softc *sc, 3038 const struct iwm_mvm_statistics_rx_non_phy *stats) 3039{ 3040 int i, total, nbant, noise; 3041 3042 total = nbant = noise = 0; 3043 for (i = 0; i < 3; i++) { 3044 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff; 3045 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n", 3046 __func__, 3047 i, 3048 noise); 3049 3050 if (noise) { 3051 total += noise; 3052 nbant++; 3053 } 3054 } 3055 3056 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n", 3057 __func__, nbant, total); 3058#if 0 3059 /* There should be at least one antenna but check anyway. */ 3060 return (nbant == 0) ? -127 : (total / nbant) - 107; 3061#else 3062 /* For now, just hard-code it to -96 to be safe */ 3063 return (-96); 3064#endif 3065} 3066 3067/* 3068 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler 3069 * 3070 * Handles the actual data of the Rx packet from the fw 3071 */ 3072static void 3073iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc, 3074 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 3075{ 3076 struct ieee80211com *ic = &sc->sc_ic; 3077 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3078 struct ieee80211_frame *wh; 3079 struct ieee80211_node *ni; 3080 struct ieee80211_rx_stats rxs; 3081 struct mbuf *m; 3082 struct iwm_rx_phy_info *phy_info; 3083 struct iwm_rx_mpdu_res_start *rx_res; 3084 uint32_t len; 3085 uint32_t rx_pkt_status; 3086 int rssi; 3087 3088 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD); 3089 3090 phy_info = &sc->sc_last_phy_info; 3091 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data; 3092 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res)); 3093 len = le16toh(rx_res->byte_count); 3094 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len)); 3095 3096 m = data->m; 3097 m->m_data = pkt->data + sizeof(*rx_res); 3098 m->m_pkthdr.len = m->m_len = len; 3099 3100 if (__predict_false(phy_info->cfg_phy_cnt > 20)) { 3101 device_printf(sc->sc_dev, 3102 "dsp size out of range [0,20]: %d\n", 3103 phy_info->cfg_phy_cnt); 3104 goto fail; 3105 } 3106 3107 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) || 3108 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) { 3109 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3110 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status); 3111 goto fail; 3112 } 3113 3114 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_RX_ENERGY_API) { 3115 rssi = iwm_mvm_get_signal_strength(sc, phy_info); 3116 } else { 3117 rssi = iwm_mvm_calc_rssi(sc, phy_info); 3118 } 3119 3120 /* Note: RSSI is absolute (ie a -ve value) */ 3121 if (rssi < IWM_MIN_DBM) 3122 rssi = IWM_MIN_DBM; 3123 else if (rssi > IWM_MAX_DBM) 3124 rssi = IWM_MAX_DBM; 3125 3126 /* Map it to relative value */ 3127 rssi = rssi - sc->sc_noise; 3128 3129 /* replenish ring for the buffer we're going to feed to the sharks */ 3130 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) { 3131 device_printf(sc->sc_dev, "%s: unable to add more buffers\n", 3132 __func__); 3133 goto fail; 3134 } 3135 3136 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3137 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise); 3138 3139 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 3140 3141 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3142 "%s: phy_info: channel=%d, flags=0x%08x\n", 3143 __func__, 3144 le16toh(phy_info->channel), 3145 le16toh(phy_info->phy_flags)); 3146 3147 /* 3148 * Populate an RX state struct with the provided information. 3149 */ 3150 bzero(&rxs, sizeof(rxs)); 3151 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; 3152 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 3153 rxs.c_ieee = le16toh(phy_info->channel); 3154 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) { 3155 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ); 3156 } else { 3157 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ); 3158 } 3159 3160 /* rssi is in 1/2db units */ 3161 rxs.rssi = rssi * 2; 3162 rxs.nf = sc->sc_noise; 3163 3164 if (ieee80211_radiotap_active_vap(vap)) { 3165 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap; 3166 3167 tap->wr_flags = 0; 3168 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE)) 3169 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3170 tap->wr_chan_freq = htole16(rxs.c_freq); 3171 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */ 3172 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 3173 tap->wr_dbm_antsignal = (int8_t)rssi; 3174 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise; 3175 tap->wr_tsft = phy_info->system_timestamp; 3176 switch (phy_info->rate) { 3177 /* CCK rates. */ 3178 case 10: tap->wr_rate = 2; break; 3179 case 20: tap->wr_rate = 4; break; 3180 case 55: tap->wr_rate = 11; break; 3181 case 110: tap->wr_rate = 22; break; 3182 /* OFDM rates. */ 3183 case 0xd: tap->wr_rate = 12; break; 3184 case 0xf: tap->wr_rate = 18; break; 3185 case 0x5: tap->wr_rate = 24; break; 3186 case 0x7: tap->wr_rate = 36; break; 3187 case 0x9: tap->wr_rate = 48; break; 3188 case 0xb: tap->wr_rate = 72; break; 3189 case 0x1: tap->wr_rate = 96; break; 3190 case 0x3: tap->wr_rate = 108; break; 3191 /* Unknown rate: should not happen. */ 3192 default: tap->wr_rate = 0; 3193 } 3194 } 3195 3196 IWM_UNLOCK(sc); 3197 if (ni != NULL) { 3198 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m); 3199 ieee80211_input_mimo(ni, m, &rxs); 3200 ieee80211_free_node(ni); 3201 } else { 3202 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m); 3203 ieee80211_input_mimo_all(ic, m, &rxs); 3204 } 3205 IWM_LOCK(sc); 3206 3207 return; 3208 3209fail: counter_u64_add(ic->ic_ierrors, 1); 3210} 3211 3212static int 3213iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 3214 struct iwm_node *in) 3215{ 3216 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data; 3217 struct ieee80211_node *ni = &in->in_ni; 3218 struct ieee80211vap *vap = ni->ni_vap; 3219 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK; 3220 int failack = tx_resp->failure_frame; 3221 3222 KASSERT(tx_resp->frame_count == 1, ("too many frames")); 3223 3224 /* Update rate control statistics. */ 3225 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n", 3226 __func__, 3227 (int) le16toh(tx_resp->status.status), 3228 (int) le16toh(tx_resp->status.sequence), 3229 tx_resp->frame_count, 3230 tx_resp->bt_kill_count, 3231 tx_resp->failure_rts, 3232 tx_resp->failure_frame, 3233 le32toh(tx_resp->initial_rate), 3234 (int) le16toh(tx_resp->wireless_media_time)); 3235 3236 if (status != IWM_TX_STATUS_SUCCESS && 3237 status != IWM_TX_STATUS_DIRECT_DONE) { 3238 ieee80211_ratectl_tx_complete(vap, ni, 3239 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL); 3240 return (1); 3241 } else { 3242 ieee80211_ratectl_tx_complete(vap, ni, 3243 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL); 3244 return (0); 3245 } 3246} 3247 3248static void 3249iwm_mvm_rx_tx_cmd(struct iwm_softc *sc, 3250 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 3251{ 3252 struct iwm_cmd_header *cmd_hdr = &pkt->hdr; 3253 int idx = cmd_hdr->idx; 3254 int qid = cmd_hdr->qid; 3255 struct iwm_tx_ring *ring = &sc->txq[qid]; 3256 struct iwm_tx_data *txd = &ring->data[idx]; 3257 struct iwm_node *in = txd->in; 3258 struct mbuf *m = txd->m; 3259 int status; 3260 3261 KASSERT(txd->done == 0, ("txd not done")); 3262 KASSERT(txd->in != NULL, ("txd without node")); 3263 KASSERT(txd->m != NULL, ("txd without mbuf")); 3264 3265 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 3266 3267 sc->sc_tx_timer = 0; 3268 3269 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in); 3270 3271 /* Unmap and free mbuf. */ 3272 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE); 3273 bus_dmamap_unload(ring->data_dmat, txd->map); 3274 3275 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3276 "free txd %p, in %p\n", txd, txd->in); 3277 txd->done = 1; 3278 txd->m = NULL; 3279 txd->in = NULL; 3280 3281 ieee80211_tx_complete(&in->in_ni, m, status); 3282 3283 if (--ring->queued < IWM_TX_RING_LOMARK) { 3284 sc->qfullmsk &= ~(1 << ring->qid); 3285 if (sc->qfullmsk == 0) { 3286 iwm_start(sc); 3287 } 3288 } 3289} 3290 3291/* 3292 * transmit side 3293 */ 3294 3295/* 3296 * Process a "command done" firmware notification. This is where we wakeup 3297 * processes waiting for a synchronous command completion. 3298 * from if_iwn 3299 */ 3300static void 3301iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3302{ 3303 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE]; 3304 struct iwm_tx_data *data; 3305 3306 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) { 3307 return; /* Not a command ack. */ 3308 } 3309 3310 /* XXX wide commands? */ 3311 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 3312 "cmd notification type 0x%x qid %d idx %d\n", 3313 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx); 3314 3315 data = &ring->data[pkt->hdr.idx]; 3316 3317 /* If the command was mapped in an mbuf, free it. */ 3318 if (data->m != NULL) { 3319 bus_dmamap_sync(ring->data_dmat, data->map, 3320 BUS_DMASYNC_POSTWRITE); 3321 bus_dmamap_unload(ring->data_dmat, data->map); 3322 m_freem(data->m); 3323 data->m = NULL; 3324 } 3325 wakeup(&ring->desc[pkt->hdr.idx]); 3326} 3327 3328#if 0 3329/* 3330 * necessary only for block ack mode 3331 */ 3332void 3333iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id, 3334 uint16_t len) 3335{ 3336 struct iwm_agn_scd_bc_tbl *scd_bc_tbl; 3337 uint16_t w_val; 3338 3339 scd_bc_tbl = sc->sched_dma.vaddr; 3340 3341 len += 8; /* magic numbers came naturally from paris */ 3342 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE) 3343 len = roundup(len, 4) / 4; 3344 3345 w_val = htole16(sta_id << 12 | len); 3346 3347 /* Update TX scheduler. */ 3348 scd_bc_tbl[qid].tfd_offset[idx] = w_val; 3349 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3350 BUS_DMASYNC_PREWRITE); 3351 3352 /* I really wonder what this is ?!? */ 3353 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) { 3354 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val; 3355 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3356 BUS_DMASYNC_PREWRITE); 3357 } 3358} 3359#endif 3360 3361/* 3362 * Take an 802.11 (non-n) rate, find the relevant rate 3363 * table entry. return the index into in_ridx[]. 3364 * 3365 * The caller then uses that index back into in_ridx 3366 * to figure out the rate index programmed /into/ 3367 * the firmware for this given node. 3368 */ 3369static int 3370iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in, 3371 uint8_t rate) 3372{ 3373 int i; 3374 uint8_t r; 3375 3376 for (i = 0; i < nitems(in->in_ridx); i++) { 3377 r = iwm_rates[in->in_ridx[i]].rate; 3378 if (rate == r) 3379 return (i); 3380 } 3381 3382 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3383 "%s: couldn't find an entry for rate=%d\n", 3384 __func__, 3385 rate); 3386 3387 /* XXX Return the first */ 3388 /* XXX TODO: have it return the /lowest/ */ 3389 return (0); 3390} 3391 3392static int 3393iwm_tx_rateidx_global_lookup(struct iwm_softc *sc, uint8_t rate) 3394{ 3395 int i; 3396 3397 for (i = 0; i < nitems(iwm_rates); i++) { 3398 if (iwm_rates[i].rate == rate) 3399 return (i); 3400 } 3401 /* XXX error? */ 3402 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3403 "%s: couldn't find an entry for rate=%d\n", 3404 __func__, 3405 rate); 3406 return (0); 3407} 3408 3409/* 3410 * Fill in the rate related information for a transmit command. 3411 */ 3412static const struct iwm_rate * 3413iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in, 3414 struct mbuf *m, struct iwm_tx_cmd *tx) 3415{ 3416 struct ieee80211_node *ni = &in->in_ni; 3417 struct ieee80211_frame *wh; 3418 const struct ieee80211_txparam *tp = ni->ni_txparms; 3419 const struct iwm_rate *rinfo; 3420 int type; 3421 int ridx, rate_flags; 3422 3423 wh = mtod(m, struct ieee80211_frame *); 3424 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3425 3426 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT; 3427 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY; 3428 3429 if (type == IEEE80211_FC0_TYPE_MGT) { 3430 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3431 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3432 "%s: MGT (%d)\n", __func__, tp->mgmtrate); 3433 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3434 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mcastrate); 3435 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3436 "%s: MCAST (%d)\n", __func__, tp->mcastrate); 3437 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 3438 ridx = iwm_tx_rateidx_global_lookup(sc, tp->ucastrate); 3439 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3440 "%s: FIXED_RATE (%d)\n", __func__, tp->ucastrate); 3441 } else if (m->m_flags & M_EAPOL) { 3442 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3443 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3444 "%s: EAPOL\n", __func__); 3445 } else if (type == IEEE80211_FC0_TYPE_DATA) { 3446 int i; 3447 3448 /* for data frames, use RS table */ 3449 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DATA\n", __func__); 3450 /* XXX pass pktlen */ 3451 (void) ieee80211_ratectl_rate(ni, NULL, 0); 3452 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate); 3453 ridx = in->in_ridx[i]; 3454 3455 /* This is the index into the programmed table */ 3456 tx->initial_rate_index = i; 3457 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE); 3458 3459 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3460 "%s: start with i=%d, txrate %d\n", 3461 __func__, i, iwm_rates[ridx].rate); 3462 } else { 3463 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3464 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DEFAULT (%d)\n", 3465 __func__, tp->mgmtrate); 3466 } 3467 3468 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3469 "%s: frame type=%d txrate %d\n", 3470 __func__, type, iwm_rates[ridx].rate); 3471 3472 rinfo = &iwm_rates[ridx]; 3473 3474 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n", 3475 __func__, ridx, 3476 rinfo->rate, 3477 !! (IWM_RIDX_IS_CCK(ridx)) 3478 ); 3479 3480 /* XXX TODO: hard-coded TX antenna? */ 3481 rate_flags = 1 << IWM_RATE_MCS_ANT_POS; 3482 if (IWM_RIDX_IS_CCK(ridx)) 3483 rate_flags |= IWM_RATE_MCS_CCK_MSK; 3484 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp); 3485 3486 return rinfo; 3487} 3488 3489#define TB0_SIZE 16 3490static int 3491iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac) 3492{ 3493 struct ieee80211com *ic = &sc->sc_ic; 3494 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3495 struct iwm_node *in = IWM_NODE(ni); 3496 struct iwm_tx_ring *ring; 3497 struct iwm_tx_data *data; 3498 struct iwm_tfd *desc; 3499 struct iwm_device_cmd *cmd; 3500 struct iwm_tx_cmd *tx; 3501 struct ieee80211_frame *wh; 3502 struct ieee80211_key *k = NULL; 3503 struct mbuf *m1; 3504 const struct iwm_rate *rinfo; 3505 uint32_t flags; 3506 u_int hdrlen; 3507 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER]; 3508 int nsegs; 3509 uint8_t tid, type; 3510 int i, totlen, error, pad; 3511 3512 wh = mtod(m, struct ieee80211_frame *); 3513 hdrlen = ieee80211_anyhdrsize(wh); 3514 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3515 tid = 0; 3516 ring = &sc->txq[ac]; 3517 desc = &ring->desc[ring->cur]; 3518 memset(desc, 0, sizeof(*desc)); 3519 data = &ring->data[ring->cur]; 3520 3521 /* Fill out iwm_tx_cmd to send to the firmware */ 3522 cmd = &ring->cmd[ring->cur]; 3523 cmd->hdr.code = IWM_TX_CMD; 3524 cmd->hdr.flags = 0; 3525 cmd->hdr.qid = ring->qid; 3526 cmd->hdr.idx = ring->cur; 3527 3528 tx = (void *)cmd->data; 3529 memset(tx, 0, sizeof(*tx)); 3530 3531 rinfo = iwm_tx_fill_cmd(sc, in, m, tx); 3532 3533 /* Encrypt the frame if need be. */ 3534 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 3535 /* Retrieve key for TX && do software encryption. */ 3536 k = ieee80211_crypto_encap(ni, m); 3537 if (k == NULL) { 3538 m_freem(m); 3539 return (ENOBUFS); 3540 } 3541 /* 802.11 header may have moved. */ 3542 wh = mtod(m, struct ieee80211_frame *); 3543 } 3544 3545 if (ieee80211_radiotap_active_vap(vap)) { 3546 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap; 3547 3548 tap->wt_flags = 0; 3549 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 3550 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 3551 tap->wt_rate = rinfo->rate; 3552 if (k != NULL) 3553 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 3554 ieee80211_radiotap_tx(vap, m); 3555 } 3556 3557 3558 totlen = m->m_pkthdr.len; 3559 3560 flags = 0; 3561 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3562 flags |= IWM_TX_CMD_FLG_ACK; 3563 } 3564 3565 if (type == IEEE80211_FC0_TYPE_DATA 3566 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) 3567 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3568 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE; 3569 } 3570 3571 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3572 type != IEEE80211_FC0_TYPE_DATA) 3573 tx->sta_id = sc->sc_aux_sta.sta_id; 3574 else 3575 tx->sta_id = IWM_STATION_ID; 3576 3577 if (type == IEEE80211_FC0_TYPE_MGT) { 3578 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 3579 3580 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 3581 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 3582 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC); 3583 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) { 3584 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3585 } else { 3586 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT); 3587 } 3588 } else { 3589 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3590 } 3591 3592 if (hdrlen & 3) { 3593 /* First segment length must be a multiple of 4. */ 3594 flags |= IWM_TX_CMD_FLG_MH_PAD; 3595 pad = 4 - (hdrlen & 3); 3596 } else 3597 pad = 0; 3598 3599 tx->driver_txop = 0; 3600 tx->next_frame_len = 0; 3601 3602 tx->len = htole16(totlen); 3603 tx->tid_tspec = tid; 3604 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE); 3605 3606 /* Set physical address of "scratch area". */ 3607 tx->dram_lsb_ptr = htole32(data->scratch_paddr); 3608 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr); 3609 3610 /* Copy 802.11 header in TX command. */ 3611 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 3612 3613 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL; 3614 3615 tx->sec_ctl = 0; 3616 tx->tx_flags |= htole32(flags); 3617 3618 /* Trim 802.11 header. */ 3619 m_adj(m, hdrlen); 3620 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3621 segs, &nsegs, BUS_DMA_NOWAIT); 3622 if (error != 0) { 3623 if (error != EFBIG) { 3624 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3625 error); 3626 m_freem(m); 3627 return error; 3628 } 3629 /* Too many DMA segments, linearize mbuf. */ 3630 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2); 3631 if (m1 == NULL) { 3632 device_printf(sc->sc_dev, 3633 "%s: could not defrag mbuf\n", __func__); 3634 m_freem(m); 3635 return (ENOBUFS); 3636 } 3637 m = m1; 3638 3639 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3640 segs, &nsegs, BUS_DMA_NOWAIT); 3641 if (error != 0) { 3642 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3643 error); 3644 m_freem(m); 3645 return error; 3646 } 3647 } 3648 data->m = m; 3649 data->in = in; 3650 data->done = 0; 3651 3652 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3653 "sending txd %p, in %p\n", data, data->in); 3654 KASSERT(data->in != NULL, ("node is NULL")); 3655 3656 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3657 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n", 3658 ring->qid, ring->cur, totlen, nsegs, 3659 le32toh(tx->tx_flags), 3660 le32toh(tx->rate_n_flags), 3661 tx->initial_rate_index 3662 ); 3663 3664 /* Fill TX descriptor. */ 3665 desc->num_tbs = 2 + nsegs; 3666 3667 desc->tbs[0].lo = htole32(data->cmd_paddr); 3668 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3669 (TB0_SIZE << 4); 3670 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE); 3671 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3672 ((sizeof(struct iwm_cmd_header) + sizeof(*tx) 3673 + hdrlen + pad - TB0_SIZE) << 4); 3674 3675 /* Other DMA segments are for data payload. */ 3676 for (i = 0; i < nsegs; i++) { 3677 seg = &segs[i]; 3678 desc->tbs[i+2].lo = htole32(seg->ds_addr); 3679 desc->tbs[i+2].hi_n_len = \ 3680 htole16(iwm_get_dma_hi_addr(seg->ds_addr)) 3681 | ((seg->ds_len) << 4); 3682 } 3683 3684 bus_dmamap_sync(ring->data_dmat, data->map, 3685 BUS_DMASYNC_PREWRITE); 3686 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map, 3687 BUS_DMASYNC_PREWRITE); 3688 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3689 BUS_DMASYNC_PREWRITE); 3690 3691#if 0 3692 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len)); 3693#endif 3694 3695 /* Kick TX ring. */ 3696 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT; 3697 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 3698 3699 /* Mark TX ring as full if we reach a certain threshold. */ 3700 if (++ring->queued > IWM_TX_RING_HIMARK) { 3701 sc->qfullmsk |= 1 << ring->qid; 3702 } 3703 3704 return 0; 3705} 3706 3707static int 3708iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3709 const struct ieee80211_bpf_params *params) 3710{ 3711 struct ieee80211com *ic = ni->ni_ic; 3712 struct iwm_softc *sc = ic->ic_softc; 3713 int error = 0; 3714 3715 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3716 "->%s begin\n", __func__); 3717 3718 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 3719 m_freem(m); 3720 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3721 "<-%s not RUNNING\n", __func__); 3722 return (ENETDOWN); 3723 } 3724 3725 IWM_LOCK(sc); 3726 /* XXX fix this */ 3727 if (params == NULL) { 3728 error = iwm_tx(sc, m, ni, 0); 3729 } else { 3730 error = iwm_tx(sc, m, ni, 0); 3731 } 3732 sc->sc_tx_timer = 5; 3733 IWM_UNLOCK(sc); 3734 3735 return (error); 3736} 3737 3738/* 3739 * mvm/tx.c 3740 */ 3741 3742/* 3743 * Note that there are transports that buffer frames before they reach 3744 * the firmware. This means that after flush_tx_path is called, the 3745 * queue might not be empty. The race-free way to handle this is to: 3746 * 1) set the station as draining 3747 * 2) flush the Tx path 3748 * 3) wait for the transport queues to be empty 3749 */ 3750int 3751iwm_mvm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags) 3752{ 3753 int ret; 3754 struct iwm_tx_path_flush_cmd flush_cmd = { 3755 .queues_ctl = htole32(tfd_msk), 3756 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH), 3757 }; 3758 3759 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags, 3760 sizeof(flush_cmd), &flush_cmd); 3761 if (ret) 3762 device_printf(sc->sc_dev, 3763 "Flushing tx queue failed: %d\n", ret); 3764 return ret; 3765} 3766 3767/* 3768 * BEGIN mvm/sta.c 3769 */ 3770 3771static int 3772iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *sc, 3773 struct iwm_mvm_add_sta_cmd_v7 *cmd, int *status) 3774{ 3775 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(*cmd), 3776 cmd, status); 3777} 3778 3779/* send station add/update command to firmware */ 3780static int 3781iwm_mvm_sta_send_to_fw(struct iwm_softc *sc, struct iwm_node *in, int update) 3782{ 3783 struct iwm_mvm_add_sta_cmd_v7 add_sta_cmd; 3784 int ret; 3785 uint32_t status; 3786 3787 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd)); 3788 3789 add_sta_cmd.sta_id = IWM_STATION_ID; 3790 add_sta_cmd.mac_id_n_color 3791 = htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_DEFAULT_MACID, 3792 IWM_DEFAULT_COLOR)); 3793 if (!update) { 3794 int ac; 3795 for (ac = 0; ac < WME_NUM_AC; ac++) { 3796 add_sta_cmd.tfd_queue_msk |= 3797 htole32(1 << iwm_mvm_ac_to_tx_fifo[ac]); 3798 } 3799 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid); 3800 } 3801 add_sta_cmd.add_modify = update ? 1 : 0; 3802 add_sta_cmd.station_flags_msk 3803 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK); 3804 add_sta_cmd.tid_disable_tx = htole16(0xffff); 3805 if (update) 3806 add_sta_cmd.modify_mask |= (IWM_STA_MODIFY_TID_DISABLE_TX); 3807 3808 status = IWM_ADD_STA_SUCCESS; 3809 ret = iwm_mvm_send_add_sta_cmd_status(sc, &add_sta_cmd, &status); 3810 if (ret) 3811 return ret; 3812 3813 switch (status) { 3814 case IWM_ADD_STA_SUCCESS: 3815 break; 3816 default: 3817 ret = EIO; 3818 device_printf(sc->sc_dev, "IWM_ADD_STA failed\n"); 3819 break; 3820 } 3821 3822 return ret; 3823} 3824 3825static int 3826iwm_mvm_add_sta(struct iwm_softc *sc, struct iwm_node *in) 3827{ 3828 return iwm_mvm_sta_send_to_fw(sc, in, 0); 3829} 3830 3831static int 3832iwm_mvm_update_sta(struct iwm_softc *sc, struct iwm_node *in) 3833{ 3834 return iwm_mvm_sta_send_to_fw(sc, in, 1); 3835} 3836 3837static int 3838iwm_mvm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta, 3839 const uint8_t *addr, uint16_t mac_id, uint16_t color) 3840{ 3841 struct iwm_mvm_add_sta_cmd_v7 cmd; 3842 int ret; 3843 uint32_t status; 3844 3845 memset(&cmd, 0, sizeof(cmd)); 3846 cmd.sta_id = sta->sta_id; 3847 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color)); 3848 3849 cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk); 3850 cmd.tid_disable_tx = htole16(0xffff); 3851 3852 if (addr) 3853 IEEE80211_ADDR_COPY(cmd.addr, addr); 3854 3855 ret = iwm_mvm_send_add_sta_cmd_status(sc, &cmd, &status); 3856 if (ret) 3857 return ret; 3858 3859 switch (status) { 3860 case IWM_ADD_STA_SUCCESS: 3861 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 3862 "%s: Internal station added.\n", __func__); 3863 return 0; 3864 default: 3865 device_printf(sc->sc_dev, 3866 "%s: Add internal station failed, status=0x%x\n", 3867 __func__, status); 3868 ret = EIO; 3869 break; 3870 } 3871 return ret; 3872} 3873 3874static int 3875iwm_mvm_add_aux_sta(struct iwm_softc *sc) 3876{ 3877 int ret; 3878 3879 sc->sc_aux_sta.sta_id = IWM_AUX_STA_ID; 3880 sc->sc_aux_sta.tfd_queue_msk = (1 << IWM_MVM_AUX_QUEUE); 3881 3882 ret = iwm_enable_txq(sc, 0, IWM_MVM_AUX_QUEUE, IWM_MVM_TX_FIFO_MCAST); 3883 if (ret) 3884 return ret; 3885 3886 ret = iwm_mvm_add_int_sta_common(sc, 3887 &sc->sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0); 3888 3889 if (ret) 3890 memset(&sc->sc_aux_sta, 0, sizeof(sc->sc_aux_sta)); 3891 return ret; 3892} 3893 3894/* 3895 * END mvm/sta.c 3896 */ 3897 3898/* 3899 * BEGIN mvm/quota.c 3900 */ 3901 3902static int 3903iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_node *in) 3904{ 3905 struct iwm_time_quota_cmd cmd; 3906 int i, idx, ret, num_active_macs, quota, quota_rem; 3907 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, }; 3908 int n_ifs[IWM_MAX_BINDINGS] = {0, }; 3909 uint16_t id; 3910 3911 memset(&cmd, 0, sizeof(cmd)); 3912 3913 /* currently, PHY ID == binding ID */ 3914 if (in) { 3915 id = in->in_phyctxt->id; 3916 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id")); 3917 colors[id] = in->in_phyctxt->color; 3918 3919 if (1) 3920 n_ifs[id] = 1; 3921 } 3922 3923 /* 3924 * The FW's scheduling session consists of 3925 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments 3926 * equally between all the bindings that require quota 3927 */ 3928 num_active_macs = 0; 3929 for (i = 0; i < IWM_MAX_BINDINGS; i++) { 3930 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID); 3931 num_active_macs += n_ifs[i]; 3932 } 3933 3934 quota = 0; 3935 quota_rem = 0; 3936 if (num_active_macs) { 3937 quota = IWM_MVM_MAX_QUOTA / num_active_macs; 3938 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs; 3939 } 3940 3941 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) { 3942 if (colors[i] < 0) 3943 continue; 3944 3945 cmd.quotas[idx].id_and_color = 3946 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i])); 3947 3948 if (n_ifs[i] <= 0) { 3949 cmd.quotas[idx].quota = htole32(0); 3950 cmd.quotas[idx].max_duration = htole32(0); 3951 } else { 3952 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]); 3953 cmd.quotas[idx].max_duration = htole32(0); 3954 } 3955 idx++; 3956 } 3957 3958 /* Give the remainder of the session to the first binding */ 3959 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem); 3960 3961 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC, 3962 sizeof(cmd), &cmd); 3963 if (ret) 3964 device_printf(sc->sc_dev, 3965 "%s: Failed to send quota: %d\n", __func__, ret); 3966 return ret; 3967} 3968 3969/* 3970 * END mvm/quota.c 3971 */ 3972 3973/* 3974 * ieee80211 routines 3975 */ 3976 3977/* 3978 * Change to AUTH state in 80211 state machine. Roughly matches what 3979 * Linux does in bss_info_changed(). 3980 */ 3981static int 3982iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc) 3983{ 3984 struct ieee80211_node *ni; 3985 struct iwm_node *in; 3986 struct iwm_vap *iv = IWM_VAP(vap); 3987 uint32_t duration; 3988 int error; 3989 3990 /* 3991 * XXX i have a feeling that the vap node is being 3992 * freed from underneath us. Grr. 3993 */ 3994 ni = ieee80211_ref_node(vap->iv_bss); 3995 in = IWM_NODE(ni); 3996 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE, 3997 "%s: called; vap=%p, bss ni=%p\n", 3998 __func__, 3999 vap, 4000 ni); 4001 4002 in->in_assoc = 0; 4003 4004 error = iwm_mvm_sf_config(sc, IWM_SF_FULL_ON); 4005 if (error != 0) 4006 return error; 4007 4008 error = iwm_allow_mcast(vap, sc); 4009 if (error) { 4010 device_printf(sc->sc_dev, 4011 "%s: failed to set multicast\n", __func__); 4012 goto out; 4013 } 4014 4015 /* 4016 * This is where it deviates from what Linux does. 4017 * 4018 * Linux iwlwifi doesn't reset the nic each time, nor does it 4019 * call ctxt_add() here. Instead, it adds it during vap creation, 4020 * and always does a mac_ctx_changed(). 4021 * 4022 * The openbsd port doesn't attempt to do that - it reset things 4023 * at odd states and does the add here. 4024 * 4025 * So, until the state handling is fixed (ie, we never reset 4026 * the NIC except for a firmware failure, which should drag 4027 * the NIC back to IDLE, re-setup and re-add all the mac/phy 4028 * contexts that are required), let's do a dirty hack here. 4029 */ 4030 if (iv->is_uploaded) { 4031 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4032 device_printf(sc->sc_dev, 4033 "%s: failed to update MAC\n", __func__); 4034 goto out; 4035 } 4036 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 4037 in->in_ni.ni_chan, 1, 1)) != 0) { 4038 device_printf(sc->sc_dev, 4039 "%s: failed update phy ctxt\n", __func__); 4040 goto out; 4041 } 4042 in->in_phyctxt = &sc->sc_phyctxt[0]; 4043 4044 if ((error = iwm_mvm_binding_update(sc, in)) != 0) { 4045 device_printf(sc->sc_dev, 4046 "%s: binding update cmd\n", __func__); 4047 goto out; 4048 } 4049 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 4050 device_printf(sc->sc_dev, 4051 "%s: failed to update sta\n", __func__); 4052 goto out; 4053 } 4054 } else { 4055 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) { 4056 device_printf(sc->sc_dev, 4057 "%s: failed to add MAC\n", __func__); 4058 goto out; 4059 } 4060 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 4061 in->in_ni.ni_chan, 1, 1)) != 0) { 4062 device_printf(sc->sc_dev, 4063 "%s: failed add phy ctxt!\n", __func__); 4064 error = ETIMEDOUT; 4065 goto out; 4066 } 4067 in->in_phyctxt = &sc->sc_phyctxt[0]; 4068 4069 if ((error = iwm_mvm_binding_add_vif(sc, in)) != 0) { 4070 device_printf(sc->sc_dev, 4071 "%s: binding add cmd\n", __func__); 4072 goto out; 4073 } 4074 if ((error = iwm_mvm_add_sta(sc, in)) != 0) { 4075 device_printf(sc->sc_dev, 4076 "%s: failed to add sta\n", __func__); 4077 goto out; 4078 } 4079 } 4080 4081 /* 4082 * Prevent the FW from wandering off channel during association 4083 * by "protecting" the session with a time event. 4084 */ 4085 /* XXX duration is in units of TU, not MS */ 4086 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS; 4087 iwm_mvm_protect_session(sc, in, duration, 500 /* XXX magic number */); 4088 DELAY(100); 4089 4090 error = 0; 4091out: 4092 ieee80211_free_node(ni); 4093 return (error); 4094} 4095 4096static int 4097iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc) 4098{ 4099 struct iwm_node *in = IWM_NODE(vap->iv_bss); 4100 int error; 4101 4102 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 4103 device_printf(sc->sc_dev, 4104 "%s: failed to update STA\n", __func__); 4105 return error; 4106 } 4107 4108 in->in_assoc = 1; 4109 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4110 device_printf(sc->sc_dev, 4111 "%s: failed to update MAC\n", __func__); 4112 return error; 4113 } 4114 4115 return 0; 4116} 4117 4118static int 4119iwm_release(struct iwm_softc *sc, struct iwm_node *in) 4120{ 4121 uint32_t tfd_msk; 4122 4123 /* 4124 * Ok, so *technically* the proper set of calls for going 4125 * from RUN back to SCAN is: 4126 * 4127 * iwm_mvm_power_mac_disable(sc, in); 4128 * iwm_mvm_mac_ctxt_changed(sc, in); 4129 * iwm_mvm_rm_sta(sc, in); 4130 * iwm_mvm_update_quotas(sc, NULL); 4131 * iwm_mvm_mac_ctxt_changed(sc, in); 4132 * iwm_mvm_binding_remove_vif(sc, in); 4133 * iwm_mvm_mac_ctxt_remove(sc, in); 4134 * 4135 * However, that freezes the device not matter which permutations 4136 * and modifications are attempted. Obviously, this driver is missing 4137 * something since it works in the Linux driver, but figuring out what 4138 * is missing is a little more complicated. Now, since we're going 4139 * back to nothing anyway, we'll just do a complete device reset. 4140 * Up your's, device! 4141 */ 4142 /* 4143 * Just using 0xf for the queues mask is fine as long as we only 4144 * get here from RUN state. 4145 */ 4146 tfd_msk = 0xf; 4147 mbufq_drain(&sc->sc_snd); 4148 iwm_mvm_flush_tx_path(sc, tfd_msk, IWM_CMD_SYNC); 4149 /* 4150 * We seem to get away with just synchronously sending the 4151 * IWM_TXPATH_FLUSH command. 4152 */ 4153// iwm_trans_wait_tx_queue_empty(sc, tfd_msk); 4154 iwm_stop_device(sc); 4155 iwm_init_hw(sc); 4156 if (in) 4157 in->in_assoc = 0; 4158 return 0; 4159 4160#if 0 4161 int error; 4162 4163 iwm_mvm_power_mac_disable(sc, in); 4164 4165 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) { 4166 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error); 4167 return error; 4168 } 4169 4170 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) { 4171 device_printf(sc->sc_dev, "sta remove fail %d\n", error); 4172 return error; 4173 } 4174 error = iwm_mvm_rm_sta(sc, in); 4175 in->in_assoc = 0; 4176 iwm_mvm_update_quotas(sc, NULL); 4177 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) { 4178 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error); 4179 return error; 4180 } 4181 iwm_mvm_binding_remove_vif(sc, in); 4182 4183 iwm_mvm_mac_ctxt_remove(sc, in); 4184 4185 return error; 4186#endif 4187} 4188 4189static struct ieee80211_node * 4190iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 4191{ 4192 return malloc(sizeof (struct iwm_node), M_80211_NODE, 4193 M_NOWAIT | M_ZERO); 4194} 4195 4196static void 4197iwm_setrates(struct iwm_softc *sc, struct iwm_node *in) 4198{ 4199 struct ieee80211_node *ni = &in->in_ni; 4200 struct iwm_lq_cmd *lq = &in->in_lq; 4201 int nrates = ni->ni_rates.rs_nrates; 4202 int i, ridx, tab = 0; 4203// int txant = 0; 4204 4205 if (nrates > nitems(lq->rs_table)) { 4206 device_printf(sc->sc_dev, 4207 "%s: node supports %d rates, driver handles " 4208 "only %zu\n", __func__, nrates, nitems(lq->rs_table)); 4209 return; 4210 } 4211 if (nrates == 0) { 4212 device_printf(sc->sc_dev, 4213 "%s: node supports 0 rates, odd!\n", __func__); 4214 return; 4215 } 4216 4217 /* 4218 * XXX .. and most of iwm_node is not initialised explicitly; 4219 * it's all just 0x0 passed to the firmware. 4220 */ 4221 4222 /* first figure out which rates we should support */ 4223 /* XXX TODO: this isn't 11n aware /at all/ */ 4224 memset(&in->in_ridx, -1, sizeof(in->in_ridx)); 4225 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4226 "%s: nrates=%d\n", __func__, nrates); 4227 4228 /* 4229 * Loop over nrates and populate in_ridx from the highest 4230 * rate to the lowest rate. Remember, in_ridx[] has 4231 * IEEE80211_RATE_MAXSIZE entries! 4232 */ 4233 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) { 4234 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL; 4235 4236 /* Map 802.11 rate to HW rate index. */ 4237 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++) 4238 if (iwm_rates[ridx].rate == rate) 4239 break; 4240 if (ridx > IWM_RIDX_MAX) { 4241 device_printf(sc->sc_dev, 4242 "%s: WARNING: device rate for %d not found!\n", 4243 __func__, rate); 4244 } else { 4245 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4246 "%s: rate: i: %d, rate=%d, ridx=%d\n", 4247 __func__, 4248 i, 4249 rate, 4250 ridx); 4251 in->in_ridx[i] = ridx; 4252 } 4253 } 4254 4255 /* then construct a lq_cmd based on those */ 4256 memset(lq, 0, sizeof(*lq)); 4257 lq->sta_id = IWM_STATION_ID; 4258 4259 /* For HT, always enable RTS/CTS to avoid excessive retries. */ 4260 if (ni->ni_flags & IEEE80211_NODE_HT) 4261 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK; 4262 4263 /* 4264 * are these used? (we don't do SISO or MIMO) 4265 * need to set them to non-zero, though, or we get an error. 4266 */ 4267 lq->single_stream_ant_msk = 1; 4268 lq->dual_stream_ant_msk = 1; 4269 4270 /* 4271 * Build the actual rate selection table. 4272 * The lowest bits are the rates. Additionally, 4273 * CCK needs bit 9 to be set. The rest of the bits 4274 * we add to the table select the tx antenna 4275 * Note that we add the rates in the highest rate first 4276 * (opposite of ni_rates). 4277 */ 4278 /* 4279 * XXX TODO: this should be looping over the min of nrates 4280 * and LQ_MAX_RETRY_NUM. Sigh. 4281 */ 4282 for (i = 0; i < nrates; i++) { 4283 int nextant; 4284 4285#if 0 4286 if (txant == 0) 4287 txant = iwm_mvm_get_valid_tx_ant(sc); 4288 nextant = 1<<(ffs(txant)-1); 4289 txant &= ~nextant; 4290#else 4291 nextant = iwm_mvm_get_valid_tx_ant(sc); 4292#endif 4293 /* 4294 * Map the rate id into a rate index into 4295 * our hardware table containing the 4296 * configuration to use for this rate. 4297 */ 4298 ridx = in->in_ridx[i]; 4299 tab = iwm_rates[ridx].plcp; 4300 tab |= nextant << IWM_RATE_MCS_ANT_POS; 4301 if (IWM_RIDX_IS_CCK(ridx)) 4302 tab |= IWM_RATE_MCS_CCK_MSK; 4303 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4304 "station rate i=%d, rate=%d, hw=%x\n", 4305 i, iwm_rates[ridx].rate, tab); 4306 lq->rs_table[i] = htole32(tab); 4307 } 4308 /* then fill the rest with the lowest possible rate */ 4309 for (i = nrates; i < nitems(lq->rs_table); i++) { 4310 KASSERT(tab != 0, ("invalid tab")); 4311 lq->rs_table[i] = htole32(tab); 4312 } 4313} 4314 4315static int 4316iwm_media_change(struct ifnet *ifp) 4317{ 4318 struct ieee80211vap *vap = ifp->if_softc; 4319 struct ieee80211com *ic = vap->iv_ic; 4320 struct iwm_softc *sc = ic->ic_softc; 4321 int error; 4322 4323 error = ieee80211_media_change(ifp); 4324 if (error != ENETRESET) 4325 return error; 4326 4327 IWM_LOCK(sc); 4328 if (ic->ic_nrunning > 0) { 4329 iwm_stop(sc); 4330 iwm_init(sc); 4331 } 4332 IWM_UNLOCK(sc); 4333 return error; 4334} 4335 4336 4337static int 4338iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 4339{ 4340 struct iwm_vap *ivp = IWM_VAP(vap); 4341 struct ieee80211com *ic = vap->iv_ic; 4342 struct iwm_softc *sc = ic->ic_softc; 4343 struct iwm_node *in; 4344 int error; 4345 4346 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4347 "switching state %s -> %s\n", 4348 ieee80211_state_name[vap->iv_state], 4349 ieee80211_state_name[nstate]); 4350 IEEE80211_UNLOCK(ic); 4351 IWM_LOCK(sc); 4352 4353 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state) 4354 iwm_led_blink_stop(sc); 4355 4356 /* disable beacon filtering if we're hopping out of RUN */ 4357 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) { 4358 iwm_mvm_disable_beacon_filter(sc); 4359 4360 if (((in = IWM_NODE(vap->iv_bss)) != NULL)) 4361 in->in_assoc = 0; 4362 4363 if (nstate == IEEE80211_S_INIT) { 4364 IWM_UNLOCK(sc); 4365 IEEE80211_LOCK(ic); 4366 error = ivp->iv_newstate(vap, nstate, arg); 4367 IEEE80211_UNLOCK(ic); 4368 IWM_LOCK(sc); 4369 iwm_release(sc, NULL); 4370 IWM_UNLOCK(sc); 4371 IEEE80211_LOCK(ic); 4372 return error; 4373 } 4374 4375 /* 4376 * It's impossible to directly go RUN->SCAN. If we iwm_release() 4377 * above then the card will be completely reinitialized, 4378 * so the driver must do everything necessary to bring the card 4379 * from INIT to SCAN. 4380 * 4381 * Additionally, upon receiving deauth frame from AP, 4382 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH 4383 * state. This will also fail with this driver, so bring the FSM 4384 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well. 4385 * 4386 * XXX TODO: fix this for FreeBSD! 4387 */ 4388 if (nstate == IEEE80211_S_SCAN || 4389 nstate == IEEE80211_S_AUTH || 4390 nstate == IEEE80211_S_ASSOC) { 4391 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4392 "Force transition to INIT; MGT=%d\n", arg); 4393 IWM_UNLOCK(sc); 4394 IEEE80211_LOCK(ic); 4395 /* Always pass arg as -1 since we can't Tx right now. */ 4396 /* 4397 * XXX arg is just ignored anyway when transitioning 4398 * to IEEE80211_S_INIT. 4399 */ 4400 vap->iv_newstate(vap, IEEE80211_S_INIT, -1); 4401 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4402 "Going INIT->SCAN\n"); 4403 nstate = IEEE80211_S_SCAN; 4404 IEEE80211_UNLOCK(ic); 4405 IWM_LOCK(sc); 4406 } 4407 } 4408 4409 switch (nstate) { 4410 case IEEE80211_S_INIT: 4411 break; 4412 4413 case IEEE80211_S_AUTH: 4414 if ((error = iwm_auth(vap, sc)) != 0) { 4415 device_printf(sc->sc_dev, 4416 "%s: could not move to auth state: %d\n", 4417 __func__, error); 4418 break; 4419 } 4420 break; 4421 4422 case IEEE80211_S_ASSOC: 4423 if ((error = iwm_assoc(vap, sc)) != 0) { 4424 device_printf(sc->sc_dev, 4425 "%s: failed to associate: %d\n", __func__, 4426 error); 4427 break; 4428 } 4429 break; 4430 4431 case IEEE80211_S_RUN: 4432 { 4433 struct iwm_host_cmd cmd = { 4434 .id = IWM_LQ_CMD, 4435 .len = { sizeof(in->in_lq), }, 4436 .flags = IWM_CMD_SYNC, 4437 }; 4438 4439 /* Update the association state, now we have it all */ 4440 /* (eg associd comes in at this point */ 4441 error = iwm_assoc(vap, sc); 4442 if (error != 0) { 4443 device_printf(sc->sc_dev, 4444 "%s: failed to update association state: %d\n", 4445 __func__, 4446 error); 4447 break; 4448 } 4449 4450 in = IWM_NODE(vap->iv_bss); 4451 iwm_mvm_power_mac_update_mode(sc, in); 4452 iwm_mvm_enable_beacon_filter(sc, in); 4453 iwm_mvm_update_quotas(sc, in); 4454 iwm_setrates(sc, in); 4455 4456 cmd.data[0] = &in->in_lq; 4457 if ((error = iwm_send_cmd(sc, &cmd)) != 0) { 4458 device_printf(sc->sc_dev, 4459 "%s: IWM_LQ_CMD failed\n", __func__); 4460 } 4461 4462 iwm_mvm_led_enable(sc); 4463 break; 4464 } 4465 4466 default: 4467 break; 4468 } 4469 IWM_UNLOCK(sc); 4470 IEEE80211_LOCK(ic); 4471 4472 return (ivp->iv_newstate(vap, nstate, arg)); 4473} 4474 4475void 4476iwm_endscan_cb(void *arg, int pending) 4477{ 4478 struct iwm_softc *sc = arg; 4479 struct ieee80211com *ic = &sc->sc_ic; 4480 4481 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE, 4482 "%s: scan ended\n", 4483 __func__); 4484 4485 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps)); 4486} 4487 4488/* 4489 * Aging and idle timeouts for the different possible scenarios 4490 * in default configuration 4491 */ 4492static const uint32_t 4493iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4494 { 4495 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF), 4496 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF) 4497 }, 4498 { 4499 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF), 4500 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF) 4501 }, 4502 { 4503 htole32(IWM_SF_MCAST_AGING_TIMER_DEF), 4504 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF) 4505 }, 4506 { 4507 htole32(IWM_SF_BA_AGING_TIMER_DEF), 4508 htole32(IWM_SF_BA_IDLE_TIMER_DEF) 4509 }, 4510 { 4511 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF), 4512 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF) 4513 }, 4514}; 4515 4516/* 4517 * Aging and idle timeouts for the different possible scenarios 4518 * in single BSS MAC configuration. 4519 */ 4520static const uint32_t 4521iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4522 { 4523 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER), 4524 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER) 4525 }, 4526 { 4527 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER), 4528 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER) 4529 }, 4530 { 4531 htole32(IWM_SF_MCAST_AGING_TIMER), 4532 htole32(IWM_SF_MCAST_IDLE_TIMER) 4533 }, 4534 { 4535 htole32(IWM_SF_BA_AGING_TIMER), 4536 htole32(IWM_SF_BA_IDLE_TIMER) 4537 }, 4538 { 4539 htole32(IWM_SF_TX_RE_AGING_TIMER), 4540 htole32(IWM_SF_TX_RE_IDLE_TIMER) 4541 }, 4542}; 4543 4544static void 4545iwm_mvm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd, 4546 struct ieee80211_node *ni) 4547{ 4548 int i, j, watermark; 4549 4550 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN); 4551 4552 /* 4553 * If we are in association flow - check antenna configuration 4554 * capabilities of the AP station, and choose the watermark accordingly. 4555 */ 4556 if (ni) { 4557 if (ni->ni_flags & IEEE80211_NODE_HT) { 4558#ifdef notyet 4559 if (ni->ni_rxmcs[2] != 0) 4560 watermark = IWM_SF_W_MARK_MIMO3; 4561 else if (ni->ni_rxmcs[1] != 0) 4562 watermark = IWM_SF_W_MARK_MIMO2; 4563 else 4564#endif 4565 watermark = IWM_SF_W_MARK_SISO; 4566 } else { 4567 watermark = IWM_SF_W_MARK_LEGACY; 4568 } 4569 /* default watermark value for unassociated mode. */ 4570 } else { 4571 watermark = IWM_SF_W_MARK_MIMO2; 4572 } 4573 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark); 4574 4575 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) { 4576 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) { 4577 sf_cmd->long_delay_timeouts[i][j] = 4578 htole32(IWM_SF_LONG_DELAY_AGING_TIMER); 4579 } 4580 } 4581 4582 if (ni) { 4583 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout, 4584 sizeof(iwm_sf_full_timeout)); 4585 } else { 4586 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def, 4587 sizeof(iwm_sf_full_timeout_def)); 4588 } 4589} 4590 4591static int 4592iwm_mvm_sf_config(struct iwm_softc *sc, enum iwm_sf_state new_state) 4593{ 4594 struct ieee80211com *ic = &sc->sc_ic; 4595 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4596 struct iwm_sf_cfg_cmd sf_cmd = { 4597 .state = htole32(IWM_SF_FULL_ON), 4598 }; 4599 int ret = 0; 4600 4601 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 4602 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF); 4603 4604 switch (new_state) { 4605 case IWM_SF_UNINIT: 4606 case IWM_SF_INIT_OFF: 4607 iwm_mvm_fill_sf_command(sc, &sf_cmd, NULL); 4608 break; 4609 case IWM_SF_FULL_ON: 4610 iwm_mvm_fill_sf_command(sc, &sf_cmd, vap->iv_bss); 4611 break; 4612 default: 4613 IWM_DPRINTF(sc, IWM_DEBUG_PWRSAVE, 4614 "Invalid state: %d. not sending Smart Fifo cmd\n", 4615 new_state); 4616 return EINVAL; 4617 } 4618 4619 ret = iwm_mvm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC, 4620 sizeof(sf_cmd), &sf_cmd); 4621 return ret; 4622} 4623 4624static int 4625iwm_send_bt_init_conf(struct iwm_softc *sc) 4626{ 4627 struct iwm_bt_coex_cmd bt_cmd; 4628 4629 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI); 4630 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET); 4631 4632 return iwm_mvm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd), 4633 &bt_cmd); 4634} 4635 4636static int 4637iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2) 4638{ 4639 struct iwm_mcc_update_cmd mcc_cmd; 4640 struct iwm_host_cmd hcmd = { 4641 .id = IWM_MCC_UPDATE_CMD, 4642 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB), 4643 .data = { &mcc_cmd }, 4644 }; 4645 int ret; 4646#ifdef IWM_DEBUG 4647 struct iwm_rx_packet *pkt; 4648 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL; 4649 struct iwm_mcc_update_resp *mcc_resp; 4650 int n_channels; 4651 uint16_t mcc; 4652#endif 4653 int resp_v2 = isset(sc->sc_enabled_capa, 4654 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2); 4655 4656 memset(&mcc_cmd, 0, sizeof(mcc_cmd)); 4657 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]); 4658 if ((sc->sc_ucode_api & IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) || 4659 isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC)) 4660 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT; 4661 else 4662 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW; 4663 4664 if (resp_v2) 4665 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd); 4666 else 4667 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1); 4668 4669 IWM_DPRINTF(sc, IWM_DEBUG_NODE, 4670 "send MCC update to FW with '%c%c' src = %d\n", 4671 alpha2[0], alpha2[1], mcc_cmd.source_id); 4672 4673 ret = iwm_send_cmd(sc, &hcmd); 4674 if (ret) 4675 return ret; 4676 4677#ifdef IWM_DEBUG 4678 pkt = hcmd.resp_pkt; 4679 4680 /* Extract MCC response */ 4681 if (resp_v2) { 4682 mcc_resp = (void *)pkt->data; 4683 mcc = mcc_resp->mcc; 4684 n_channels = le32toh(mcc_resp->n_channels); 4685 } else { 4686 mcc_resp_v1 = (void *)pkt->data; 4687 mcc = mcc_resp_v1->mcc; 4688 n_channels = le32toh(mcc_resp_v1->n_channels); 4689 } 4690 4691 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */ 4692 if (mcc == 0) 4693 mcc = 0x3030; /* "00" - world */ 4694 4695 IWM_DPRINTF(sc, IWM_DEBUG_NODE, 4696 "regulatory domain '%c%c' (%d channels available)\n", 4697 mcc >> 8, mcc & 0xff, n_channels); 4698#endif 4699 iwm_free_resp(sc, &hcmd); 4700 4701 return 0; 4702} 4703 4704static void 4705iwm_mvm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff) 4706{ 4707 struct iwm_host_cmd cmd = { 4708 .id = IWM_REPLY_THERMAL_MNG_BACKOFF, 4709 .len = { sizeof(uint32_t), }, 4710 .data = { &backoff, }, 4711 }; 4712 4713 if (iwm_send_cmd(sc, &cmd) != 0) { 4714 device_printf(sc->sc_dev, 4715 "failed to change thermal tx backoff\n"); 4716 } 4717} 4718 4719static int 4720iwm_init_hw(struct iwm_softc *sc) 4721{ 4722 struct ieee80211com *ic = &sc->sc_ic; 4723 int error, i, ac; 4724 4725 if ((error = iwm_start_hw(sc)) != 0) { 4726 printf("iwm_start_hw: failed %d\n", error); 4727 return error; 4728 } 4729 4730 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) { 4731 printf("iwm_run_init_mvm_ucode: failed %d\n", error); 4732 return error; 4733 } 4734 4735 /* 4736 * should stop and start HW since that INIT 4737 * image just loaded 4738 */ 4739 iwm_stop_device(sc); 4740 if ((error = iwm_start_hw(sc)) != 0) { 4741 device_printf(sc->sc_dev, "could not initialize hardware\n"); 4742 return error; 4743 } 4744 4745 /* omstart, this time with the regular firmware */ 4746 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_REGULAR); 4747 if (error) { 4748 device_printf(sc->sc_dev, "could not load firmware\n"); 4749 goto error; 4750 } 4751 4752 if ((error = iwm_send_bt_init_conf(sc)) != 0) { 4753 device_printf(sc->sc_dev, "bt init conf failed\n"); 4754 goto error; 4755 } 4756 4757 error = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc)); 4758 if (error != 0) { 4759 device_printf(sc->sc_dev, "antenna config failed\n"); 4760 goto error; 4761 } 4762 4763 /* Send phy db control command and then phy db calibration */ 4764 if ((error = iwm_send_phy_db_data(sc->sc_phy_db)) != 0) 4765 goto error; 4766 4767 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) { 4768 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n"); 4769 goto error; 4770 } 4771 4772 /* Add auxiliary station for scanning */ 4773 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) { 4774 device_printf(sc->sc_dev, "add_aux_sta failed\n"); 4775 goto error; 4776 } 4777 4778 for (i = 0; i < IWM_NUM_PHY_CTX; i++) { 4779 /* 4780 * The channel used here isn't relevant as it's 4781 * going to be overwritten in the other flows. 4782 * For now use the first channel we have. 4783 */ 4784 if ((error = iwm_mvm_phy_ctxt_add(sc, 4785 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0) 4786 goto error; 4787 } 4788 4789 /* Initialize tx backoffs to the minimum. */ 4790 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 4791 iwm_mvm_tt_tx_backoff(sc, 0); 4792 4793 error = iwm_mvm_power_update_device(sc); 4794 if (error) 4795 goto error; 4796 4797 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_SUPPORT)) { 4798 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0) 4799 goto error; 4800 } 4801 4802 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) { 4803 if ((error = iwm_mvm_config_umac_scan(sc)) != 0) 4804 goto error; 4805 } 4806 4807 /* Enable Tx queues. */ 4808 for (ac = 0; ac < WME_NUM_AC; ac++) { 4809 error = iwm_enable_txq(sc, IWM_STATION_ID, ac, 4810 iwm_mvm_ac_to_tx_fifo[ac]); 4811 if (error) 4812 goto error; 4813 } 4814 4815 if ((error = iwm_mvm_disable_beacon_filter(sc)) != 0) { 4816 device_printf(sc->sc_dev, "failed to disable beacon filter\n"); 4817 goto error; 4818 } 4819 4820 return 0; 4821 4822 error: 4823 iwm_stop_device(sc); 4824 return error; 4825} 4826 4827/* Allow multicast from our BSSID. */ 4828static int 4829iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc) 4830{ 4831 struct ieee80211_node *ni = vap->iv_bss; 4832 struct iwm_mcast_filter_cmd *cmd; 4833 size_t size; 4834 int error; 4835 4836 size = roundup(sizeof(*cmd), 4); 4837 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO); 4838 if (cmd == NULL) 4839 return ENOMEM; 4840 cmd->filter_own = 1; 4841 cmd->port_id = 0; 4842 cmd->count = 0; 4843 cmd->pass_all = 1; 4844 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid); 4845 4846 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD, 4847 IWM_CMD_SYNC, size, cmd); 4848 free(cmd, M_DEVBUF); 4849 4850 return (error); 4851} 4852 4853/* 4854 * ifnet interfaces 4855 */ 4856 4857static void 4858iwm_init(struct iwm_softc *sc) 4859{ 4860 int error; 4861 4862 if (sc->sc_flags & IWM_FLAG_HW_INITED) { 4863 return; 4864 } 4865 sc->sc_generation++; 4866 sc->sc_flags &= ~IWM_FLAG_STOPPED; 4867 4868 if ((error = iwm_init_hw(sc)) != 0) { 4869 printf("iwm_init_hw failed %d\n", error); 4870 iwm_stop(sc); 4871 return; 4872 } 4873 4874 /* 4875 * Ok, firmware loaded and we are jogging 4876 */ 4877 sc->sc_flags |= IWM_FLAG_HW_INITED; 4878 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 4879} 4880 4881static int 4882iwm_transmit(struct ieee80211com *ic, struct mbuf *m) 4883{ 4884 struct iwm_softc *sc; 4885 int error; 4886 4887 sc = ic->ic_softc; 4888 4889 IWM_LOCK(sc); 4890 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 4891 IWM_UNLOCK(sc); 4892 return (ENXIO); 4893 } 4894 error = mbufq_enqueue(&sc->sc_snd, m); 4895 if (error) { 4896 IWM_UNLOCK(sc); 4897 return (error); 4898 } 4899 iwm_start(sc); 4900 IWM_UNLOCK(sc); 4901 return (0); 4902} 4903 4904/* 4905 * Dequeue packets from sendq and call send. 4906 */ 4907static void 4908iwm_start(struct iwm_softc *sc) 4909{ 4910 struct ieee80211_node *ni; 4911 struct mbuf *m; 4912 int ac = 0; 4913 4914 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__); 4915 while (sc->qfullmsk == 0 && 4916 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 4917 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 4918 if (iwm_tx(sc, m, ni, ac) != 0) { 4919 if_inc_counter(ni->ni_vap->iv_ifp, 4920 IFCOUNTER_OERRORS, 1); 4921 ieee80211_free_node(ni); 4922 continue; 4923 } 4924 sc->sc_tx_timer = 15; 4925 } 4926 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__); 4927} 4928 4929static void 4930iwm_stop(struct iwm_softc *sc) 4931{ 4932 4933 sc->sc_flags &= ~IWM_FLAG_HW_INITED; 4934 sc->sc_flags |= IWM_FLAG_STOPPED; 4935 sc->sc_generation++; 4936 iwm_led_blink_stop(sc); 4937 sc->sc_tx_timer = 0; 4938 iwm_stop_device(sc); 4939} 4940 4941static void 4942iwm_watchdog(void *arg) 4943{ 4944 struct iwm_softc *sc = arg; 4945 struct ieee80211com *ic = &sc->sc_ic; 4946 4947 if (sc->sc_tx_timer > 0) { 4948 if (--sc->sc_tx_timer == 0) { 4949 device_printf(sc->sc_dev, "device timeout\n"); 4950#ifdef IWM_DEBUG 4951 iwm_nic_error(sc); 4952#endif 4953 ieee80211_restart_all(ic); 4954 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 4955 return; 4956 } 4957 } 4958 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 4959} 4960 4961static void 4962iwm_parent(struct ieee80211com *ic) 4963{ 4964 struct iwm_softc *sc = ic->ic_softc; 4965 int startall = 0; 4966 4967 IWM_LOCK(sc); 4968 if (ic->ic_nrunning > 0) { 4969 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) { 4970 iwm_init(sc); 4971 startall = 1; 4972 } 4973 } else if (sc->sc_flags & IWM_FLAG_HW_INITED) 4974 iwm_stop(sc); 4975 IWM_UNLOCK(sc); 4976 if (startall) 4977 ieee80211_start_all(ic); 4978} 4979 4980/* 4981 * The interrupt side of things 4982 */ 4983 4984/* 4985 * error dumping routines are from iwlwifi/mvm/utils.c 4986 */ 4987 4988/* 4989 * Note: This structure is read from the device with IO accesses, 4990 * and the reading already does the endian conversion. As it is 4991 * read with uint32_t-sized accesses, any members with a different size 4992 * need to be ordered correctly though! 4993 */ 4994struct iwm_error_event_table { 4995 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 4996 uint32_t error_id; /* type of error */ 4997 uint32_t trm_hw_status0; /* TRM HW status */ 4998 uint32_t trm_hw_status1; /* TRM HW status */ 4999 uint32_t blink2; /* branch link */ 5000 uint32_t ilink1; /* interrupt link */ 5001 uint32_t ilink2; /* interrupt link */ 5002 uint32_t data1; /* error-specific data */ 5003 uint32_t data2; /* error-specific data */ 5004 uint32_t data3; /* error-specific data */ 5005 uint32_t bcon_time; /* beacon timer */ 5006 uint32_t tsf_low; /* network timestamp function timer */ 5007 uint32_t tsf_hi; /* network timestamp function timer */ 5008 uint32_t gp1; /* GP1 timer register */ 5009 uint32_t gp2; /* GP2 timer register */ 5010 uint32_t fw_rev_type; /* firmware revision type */ 5011 uint32_t major; /* uCode version major */ 5012 uint32_t minor; /* uCode version minor */ 5013 uint32_t hw_ver; /* HW Silicon version */ 5014 uint32_t brd_ver; /* HW board version */ 5015 uint32_t log_pc; /* log program counter */ 5016 uint32_t frame_ptr; /* frame pointer */ 5017 uint32_t stack_ptr; /* stack pointer */ 5018 uint32_t hcmd; /* last host command header */ 5019 uint32_t isr0; /* isr status register LMPM_NIC_ISR0: 5020 * rxtx_flag */ 5021 uint32_t isr1; /* isr status register LMPM_NIC_ISR1: 5022 * host_flag */ 5023 uint32_t isr2; /* isr status register LMPM_NIC_ISR2: 5024 * enc_flag */ 5025 uint32_t isr3; /* isr status register LMPM_NIC_ISR3: 5026 * time_flag */ 5027 uint32_t isr4; /* isr status register LMPM_NIC_ISR4: 5028 * wico interrupt */ 5029 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */ 5030 uint32_t wait_event; /* wait event() caller address */ 5031 uint32_t l2p_control; /* L2pControlField */ 5032 uint32_t l2p_duration; /* L2pDurationField */ 5033 uint32_t l2p_mhvalid; /* L2pMhValidBits */ 5034 uint32_t l2p_addr_match; /* L2pAddrMatchStat */ 5035 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on 5036 * (LMPM_PMG_SEL) */ 5037 uint32_t u_timestamp; /* indicate when the date and time of the 5038 * compilation */ 5039 uint32_t flow_handler; /* FH read/write pointers, RX credit */ 5040} __packed /* LOG_ERROR_TABLE_API_S_VER_3 */; 5041 5042/* 5043 * UMAC error struct - relevant starting from family 8000 chip. 5044 * Note: This structure is read from the device with IO accesses, 5045 * and the reading already does the endian conversion. As it is 5046 * read with u32-sized accesses, any members with a different size 5047 * need to be ordered correctly though! 5048 */ 5049struct iwm_umac_error_event_table { 5050 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 5051 uint32_t error_id; /* type of error */ 5052 uint32_t blink1; /* branch link */ 5053 uint32_t blink2; /* branch link */ 5054 uint32_t ilink1; /* interrupt link */ 5055 uint32_t ilink2; /* interrupt link */ 5056 uint32_t data1; /* error-specific data */ 5057 uint32_t data2; /* error-specific data */ 5058 uint32_t data3; /* error-specific data */ 5059 uint32_t umac_major; 5060 uint32_t umac_minor; 5061 uint32_t frame_pointer; /* core register 27*/ 5062 uint32_t stack_pointer; /* core register 28 */ 5063 uint32_t cmd_header; /* latest host cmd sent to UMAC */ 5064 uint32_t nic_isr_pref; /* ISR status register */ 5065} __packed; 5066 5067#define ERROR_START_OFFSET (1 * sizeof(uint32_t)) 5068#define ERROR_ELEM_SIZE (7 * sizeof(uint32_t)) 5069 5070#ifdef IWM_DEBUG 5071struct { 5072 const char *name; 5073 uint8_t num; 5074} advanced_lookup[] = { 5075 { "NMI_INTERRUPT_WDG", 0x34 }, 5076 { "SYSASSERT", 0x35 }, 5077 { "UCODE_VERSION_MISMATCH", 0x37 }, 5078 { "BAD_COMMAND", 0x38 }, 5079 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C }, 5080 { "FATAL_ERROR", 0x3D }, 5081 { "NMI_TRM_HW_ERR", 0x46 }, 5082 { "NMI_INTERRUPT_TRM", 0x4C }, 5083 { "NMI_INTERRUPT_BREAK_POINT", 0x54 }, 5084 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C }, 5085 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 }, 5086 { "NMI_INTERRUPT_HOST", 0x66 }, 5087 { "NMI_INTERRUPT_ACTION_PT", 0x7C }, 5088 { "NMI_INTERRUPT_UNKNOWN", 0x84 }, 5089 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 }, 5090 { "ADVANCED_SYSASSERT", 0 }, 5091}; 5092 5093static const char * 5094iwm_desc_lookup(uint32_t num) 5095{ 5096 int i; 5097 5098 for (i = 0; i < nitems(advanced_lookup) - 1; i++) 5099 if (advanced_lookup[i].num == num) 5100 return advanced_lookup[i].name; 5101 5102 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */ 5103 return advanced_lookup[i].name; 5104} 5105 5106static void 5107iwm_nic_umac_error(struct iwm_softc *sc) 5108{ 5109 struct iwm_umac_error_event_table table; 5110 uint32_t base; 5111 5112 base = sc->sc_uc.uc_umac_error_event_table; 5113 5114 if (base < 0x800000) { 5115 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n", 5116 base); 5117 return; 5118 } 5119 5120 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 5121 device_printf(sc->sc_dev, "reading errlog failed\n"); 5122 return; 5123 } 5124 5125 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 5126 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n"); 5127 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 5128 sc->sc_flags, table.valid); 5129 } 5130 5131 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id, 5132 iwm_desc_lookup(table.error_id)); 5133 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1); 5134 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2); 5135 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n", 5136 table.ilink1); 5137 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n", 5138 table.ilink2); 5139 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1); 5140 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2); 5141 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3); 5142 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major); 5143 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor); 5144 device_printf(sc->sc_dev, "0x%08X | frame pointer\n", 5145 table.frame_pointer); 5146 device_printf(sc->sc_dev, "0x%08X | stack pointer\n", 5147 table.stack_pointer); 5148 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header); 5149 device_printf(sc->sc_dev, "0x%08X | isr status reg\n", 5150 table.nic_isr_pref); 5151} 5152 5153/* 5154 * Support for dumping the error log seemed like a good idea ... 5155 * but it's mostly hex junk and the only sensible thing is the 5156 * hw/ucode revision (which we know anyway). Since it's here, 5157 * I'll just leave it in, just in case e.g. the Intel guys want to 5158 * help us decipher some "ADVANCED_SYSASSERT" later. 5159 */ 5160static void 5161iwm_nic_error(struct iwm_softc *sc) 5162{ 5163 struct iwm_error_event_table table; 5164 uint32_t base; 5165 5166 device_printf(sc->sc_dev, "dumping device error log\n"); 5167 base = sc->sc_uc.uc_error_event_table; 5168 if (base < 0x800000) { 5169 device_printf(sc->sc_dev, 5170 "Invalid error log pointer 0x%08x\n", base); 5171 return; 5172 } 5173 5174 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 5175 device_printf(sc->sc_dev, "reading errlog failed\n"); 5176 return; 5177 } 5178 5179 if (!table.valid) { 5180 device_printf(sc->sc_dev, "errlog not found, skipping\n"); 5181 return; 5182 } 5183 5184 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 5185 device_printf(sc->sc_dev, "Start Error Log Dump:\n"); 5186 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 5187 sc->sc_flags, table.valid); 5188 } 5189 5190 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id, 5191 iwm_desc_lookup(table.error_id)); 5192 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n", 5193 table.trm_hw_status0); 5194 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n", 5195 table.trm_hw_status1); 5196 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2); 5197 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1); 5198 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2); 5199 device_printf(sc->sc_dev, "%08X | data1\n", table.data1); 5200 device_printf(sc->sc_dev, "%08X | data2\n", table.data2); 5201 device_printf(sc->sc_dev, "%08X | data3\n", table.data3); 5202 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time); 5203 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low); 5204 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi); 5205 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1); 5206 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2); 5207 device_printf(sc->sc_dev, "%08X | uCode revision type\n", 5208 table.fw_rev_type); 5209 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major); 5210 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor); 5211 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver); 5212 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver); 5213 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd); 5214 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0); 5215 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1); 5216 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2); 5217 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3); 5218 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4); 5219 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id); 5220 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event); 5221 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control); 5222 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration); 5223 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid); 5224 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match); 5225 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel); 5226 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp); 5227 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler); 5228 5229 if (sc->sc_uc.uc_umac_error_event_table) 5230 iwm_nic_umac_error(sc); 5231} 5232#endif 5233 5234#define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT); 5235 5236/* 5237 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt. 5238 * Basic structure from if_iwn 5239 */ 5240static void 5241iwm_notif_intr(struct iwm_softc *sc) 5242{ 5243 struct ieee80211com *ic = &sc->sc_ic; 5244 uint16_t hw; 5245 5246 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map, 5247 BUS_DMASYNC_POSTREAD); 5248 5249 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff; 5250 5251 /* 5252 * Process responses 5253 */ 5254 while (sc->rxq.cur != hw) { 5255 struct iwm_rx_ring *ring = &sc->rxq; 5256 struct iwm_rx_data *data = &ring->data[ring->cur]; 5257 struct iwm_rx_packet *pkt; 5258 struct iwm_cmd_response *cresp; 5259 int qid, idx, code; 5260 5261 bus_dmamap_sync(ring->data_dmat, data->map, 5262 BUS_DMASYNC_POSTREAD); 5263 pkt = mtod(data->m, struct iwm_rx_packet *); 5264 5265 qid = pkt->hdr.qid & ~0x80; 5266 idx = pkt->hdr.idx; 5267 5268 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code); 5269 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5270 "rx packet qid=%d idx=%d type=%x %d %d\n", 5271 pkt->hdr.qid & ~0x80, pkt->hdr.idx, code, ring->cur, hw); 5272 5273 /* 5274 * randomly get these from the firmware, no idea why. 5275 * they at least seem harmless, so just ignore them for now 5276 */ 5277 if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0) 5278 || pkt->len_n_flags == htole32(0x55550000))) { 5279 ADVANCE_RXQ(sc); 5280 continue; 5281 } 5282 5283 iwm_notification_wait_notify(sc->sc_notif_wait, code, pkt); 5284 5285 switch (code) { 5286 case IWM_REPLY_RX_PHY_CMD: 5287 iwm_mvm_rx_rx_phy_cmd(sc, pkt, data); 5288 break; 5289 5290 case IWM_REPLY_RX_MPDU_CMD: 5291 iwm_mvm_rx_rx_mpdu(sc, pkt, data); 5292 break; 5293 5294 case IWM_TX_CMD: 5295 iwm_mvm_rx_tx_cmd(sc, pkt, data); 5296 break; 5297 5298 case IWM_MISSED_BEACONS_NOTIFICATION: { 5299 struct iwm_missed_beacons_notif *resp; 5300 int missed; 5301 5302 /* XXX look at mac_id to determine interface ID */ 5303 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5304 5305 resp = (void *)pkt->data; 5306 missed = le32toh(resp->consec_missed_beacons); 5307 5308 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE, 5309 "%s: MISSED_BEACON: mac_id=%d, " 5310 "consec_since_last_rx=%d, consec=%d, num_expect=%d " 5311 "num_rx=%d\n", 5312 __func__, 5313 le32toh(resp->mac_id), 5314 le32toh(resp->consec_missed_beacons_since_last_rx), 5315 le32toh(resp->consec_missed_beacons), 5316 le32toh(resp->num_expected_beacons), 5317 le32toh(resp->num_recvd_beacons)); 5318 5319 /* Be paranoid */ 5320 if (vap == NULL) 5321 break; 5322 5323 /* XXX no net80211 locking? */ 5324 if (vap->iv_state == IEEE80211_S_RUN && 5325 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 5326 if (missed > vap->iv_bmissthreshold) { 5327 /* XXX bad locking; turn into task */ 5328 IWM_UNLOCK(sc); 5329 ieee80211_beacon_miss(ic); 5330 IWM_LOCK(sc); 5331 } 5332 } 5333 5334 break; } 5335 5336 case IWM_MFUART_LOAD_NOTIFICATION: 5337 break; 5338 5339 case IWM_MVM_ALIVE: { 5340 struct iwm_mvm_alive_resp_v1 *resp1; 5341 struct iwm_mvm_alive_resp_v2 *resp2; 5342 struct iwm_mvm_alive_resp_v3 *resp3; 5343 5344 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp1)) { 5345 resp1 = (void *)pkt->data; 5346 sc->sc_uc.uc_error_event_table 5347 = le32toh(resp1->error_event_table_ptr); 5348 sc->sc_uc.uc_log_event_table 5349 = le32toh(resp1->log_event_table_ptr); 5350 sc->sched_base = le32toh(resp1->scd_base_ptr); 5351 if (resp1->status == IWM_ALIVE_STATUS_OK) 5352 sc->sc_uc.uc_ok = 1; 5353 else 5354 sc->sc_uc.uc_ok = 0; 5355 } 5356 5357 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp2)) { 5358 resp2 = (void *)pkt->data; 5359 sc->sc_uc.uc_error_event_table 5360 = le32toh(resp2->error_event_table_ptr); 5361 sc->sc_uc.uc_log_event_table 5362 = le32toh(resp2->log_event_table_ptr); 5363 sc->sched_base = le32toh(resp2->scd_base_ptr); 5364 sc->sc_uc.uc_umac_error_event_table 5365 = le32toh(resp2->error_info_addr); 5366 if (resp2->status == IWM_ALIVE_STATUS_OK) 5367 sc->sc_uc.uc_ok = 1; 5368 else 5369 sc->sc_uc.uc_ok = 0; 5370 } 5371 5372 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp3)) { 5373 resp3 = (void *)pkt->data; 5374 sc->sc_uc.uc_error_event_table 5375 = le32toh(resp3->error_event_table_ptr); 5376 sc->sc_uc.uc_log_event_table 5377 = le32toh(resp3->log_event_table_ptr); 5378 sc->sched_base = le32toh(resp3->scd_base_ptr); 5379 sc->sc_uc.uc_umac_error_event_table 5380 = le32toh(resp3->error_info_addr); 5381 if (resp3->status == IWM_ALIVE_STATUS_OK) 5382 sc->sc_uc.uc_ok = 1; 5383 else 5384 sc->sc_uc.uc_ok = 0; 5385 } 5386 5387 sc->sc_uc.uc_intr = 1; 5388 wakeup(&sc->sc_uc); 5389 break; } 5390 5391 case IWM_CALIB_RES_NOTIF_PHY_DB: 5392 break; 5393 5394 case IWM_STATISTICS_NOTIFICATION: { 5395 struct iwm_notif_statistics *stats; 5396 stats = (void *)pkt->data; 5397 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats)); 5398 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general); 5399 break; } 5400 5401 case IWM_NVM_ACCESS_CMD: 5402 case IWM_MCC_UPDATE_CMD: 5403 if (sc->sc_wantresp == ((qid << 16) | idx)) { 5404 memcpy(sc->sc_cmd_resp, 5405 pkt, sizeof(sc->sc_cmd_resp)); 5406 } 5407 break; 5408 5409 case IWM_MCC_CHUB_UPDATE_CMD: { 5410 struct iwm_mcc_chub_notif *notif; 5411 notif = (void *)pkt->data; 5412 5413 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8; 5414 sc->sc_fw_mcc[1] = notif->mcc & 0xff; 5415 sc->sc_fw_mcc[2] = '\0'; 5416 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 5417 "fw source %d sent CC '%s'\n", 5418 notif->source_id, sc->sc_fw_mcc); 5419 break; } 5420 5421 case IWM_DTS_MEASUREMENT_NOTIFICATION: 5422 break; 5423 5424 case IWM_PHY_CONFIGURATION_CMD: 5425 case IWM_TX_ANT_CONFIGURATION_CMD: 5426 case IWM_ADD_STA: 5427 case IWM_MAC_CONTEXT_CMD: 5428 case IWM_REPLY_SF_CFG_CMD: 5429 case IWM_POWER_TABLE_CMD: 5430 case IWM_PHY_CONTEXT_CMD: 5431 case IWM_BINDING_CONTEXT_CMD: 5432 case IWM_TIME_EVENT_CMD: 5433 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD): 5434 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC): 5435 case IWM_SCAN_OFFLOAD_REQUEST_CMD: 5436 case IWM_REPLY_BEACON_FILTERING_CMD: 5437 case IWM_MAC_PM_POWER_TABLE: 5438 case IWM_TIME_QUOTA_CMD: 5439 case IWM_REMOVE_STA: 5440 case IWM_TXPATH_FLUSH: 5441 case IWM_LQ_CMD: 5442 case IWM_BT_CONFIG: 5443 case IWM_REPLY_THERMAL_MNG_BACKOFF: 5444 cresp = (void *)pkt->data; 5445 if (sc->sc_wantresp == ((qid << 16) | idx)) { 5446 memcpy(sc->sc_cmd_resp, 5447 pkt, sizeof(*pkt)+sizeof(*cresp)); 5448 } 5449 break; 5450 5451 /* ignore */ 5452 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */ 5453 break; 5454 5455 case IWM_INIT_COMPLETE_NOTIF: 5456 break; 5457 5458 case IWM_SCAN_OFFLOAD_COMPLETE: { 5459 struct iwm_periodic_scan_complete *notif; 5460 notif = (void *)pkt->data; 5461 break; 5462 } 5463 5464 case IWM_SCAN_ITERATION_COMPLETE: { 5465 struct iwm_lmac_scan_complete_notif *notif; 5466 notif = (void *)pkt->data; 5467 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5468 break; 5469 } 5470 5471 case IWM_SCAN_COMPLETE_UMAC: { 5472 struct iwm_umac_scan_complete *notif; 5473 notif = (void *)pkt->data; 5474 5475 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 5476 "UMAC scan complete, status=0x%x\n", 5477 notif->status); 5478#if 0 /* XXX This would be a duplicate scan end call */ 5479 taskqueue_enqueue(sc->sc_tq, &sc->sc_es_task); 5480#endif 5481 break; 5482 } 5483 5484 case IWM_SCAN_ITERATION_COMPLETE_UMAC: { 5485 struct iwm_umac_scan_iter_complete_notif *notif; 5486 notif = (void *)pkt->data; 5487 5488 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration " 5489 "complete, status=0x%x, %d channels scanned\n", 5490 notif->status, notif->scanned_channels); 5491 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5492 break; 5493 } 5494 5495 case IWM_REPLY_ERROR: { 5496 struct iwm_error_resp *resp; 5497 resp = (void *)pkt->data; 5498 5499 device_printf(sc->sc_dev, 5500 "firmware error 0x%x, cmd 0x%x\n", 5501 le32toh(resp->error_type), 5502 resp->cmd_id); 5503 break; 5504 } 5505 5506 case IWM_TIME_EVENT_NOTIFICATION: { 5507 struct iwm_time_event_notif *notif; 5508 notif = (void *)pkt->data; 5509 5510 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5511 "TE notif status = 0x%x action = 0x%x\n", 5512 notif->status, notif->action); 5513 break; 5514 } 5515 5516 case IWM_MCAST_FILTER_CMD: 5517 break; 5518 5519 case IWM_SCD_QUEUE_CFG: { 5520 struct iwm_scd_txq_cfg_rsp *rsp; 5521 rsp = (void *)pkt->data; 5522 5523 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 5524 "queue cfg token=0x%x sta_id=%d " 5525 "tid=%d scd_queue=%d\n", 5526 rsp->token, rsp->sta_id, rsp->tid, 5527 rsp->scd_queue); 5528 break; 5529 } 5530 5531 default: 5532 device_printf(sc->sc_dev, 5533 "frame %d/%d %x UNHANDLED (this should " 5534 "not happen)\n", qid, idx, 5535 pkt->len_n_flags); 5536 break; 5537 } 5538 5539 /* 5540 * Why test bit 0x80? The Linux driver: 5541 * 5542 * There is one exception: uCode sets bit 15 when it 5543 * originates the response/notification, i.e. when the 5544 * response/notification is not a direct response to a 5545 * command sent by the driver. For example, uCode issues 5546 * IWM_REPLY_RX when it sends a received frame to the driver; 5547 * it is not a direct response to any driver command. 5548 * 5549 * Ok, so since when is 7 == 15? Well, the Linux driver 5550 * uses a slightly different format for pkt->hdr, and "qid" 5551 * is actually the upper byte of a two-byte field. 5552 */ 5553 if (!(pkt->hdr.qid & (1 << 7))) { 5554 iwm_cmd_done(sc, pkt); 5555 } 5556 5557 ADVANCE_RXQ(sc); 5558 } 5559 5560 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 5561 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 5562 5563 /* 5564 * Tell the firmware what we have processed. 5565 * Seems like the hardware gets upset unless we align 5566 * the write by 8?? 5567 */ 5568 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1; 5569 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7); 5570} 5571 5572static void 5573iwm_intr(void *arg) 5574{ 5575 struct iwm_softc *sc = arg; 5576 int handled = 0; 5577 int r1, r2, rv = 0; 5578 int isperiodic = 0; 5579 5580 IWM_LOCK(sc); 5581 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 5582 5583 if (sc->sc_flags & IWM_FLAG_USE_ICT) { 5584 uint32_t *ict = sc->ict_dma.vaddr; 5585 int tmp; 5586 5587 tmp = htole32(ict[sc->ict_cur]); 5588 if (!tmp) 5589 goto out_ena; 5590 5591 /* 5592 * ok, there was something. keep plowing until we have all. 5593 */ 5594 r1 = r2 = 0; 5595 while (tmp) { 5596 r1 |= tmp; 5597 ict[sc->ict_cur] = 0; 5598 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT; 5599 tmp = htole32(ict[sc->ict_cur]); 5600 } 5601 5602 /* this is where the fun begins. don't ask */ 5603 if (r1 == 0xffffffff) 5604 r1 = 0; 5605 5606 /* i am not expected to understand this */ 5607 if (r1 & 0xc0000) 5608 r1 |= 0x8000; 5609 r1 = (0xff & r1) | ((0xff00 & r1) << 16); 5610 } else { 5611 r1 = IWM_READ(sc, IWM_CSR_INT); 5612 /* "hardware gone" (where, fishing?) */ 5613 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 5614 goto out; 5615 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS); 5616 } 5617 if (r1 == 0 && r2 == 0) { 5618 goto out_ena; 5619 } 5620 5621 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask); 5622 5623 /* ignored */ 5624 handled |= (r1 & (IWM_CSR_INT_BIT_ALIVE /*| IWM_CSR_INT_BIT_SCD*/)); 5625 5626 if (r1 & IWM_CSR_INT_BIT_SW_ERR) { 5627 int i; 5628 struct ieee80211com *ic = &sc->sc_ic; 5629 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5630 5631#ifdef IWM_DEBUG 5632 iwm_nic_error(sc); 5633#endif 5634 /* Dump driver status (TX and RX rings) while we're here. */ 5635 device_printf(sc->sc_dev, "driver status:\n"); 5636 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) { 5637 struct iwm_tx_ring *ring = &sc->txq[i]; 5638 device_printf(sc->sc_dev, 5639 " tx ring %2d: qid=%-2d cur=%-3d " 5640 "queued=%-3d\n", 5641 i, ring->qid, ring->cur, ring->queued); 5642 } 5643 device_printf(sc->sc_dev, 5644 " rx ring: cur=%d\n", sc->rxq.cur); 5645 device_printf(sc->sc_dev, 5646 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state); 5647 5648 /* Don't stop the device; just do a VAP restart */ 5649 IWM_UNLOCK(sc); 5650 5651 if (vap == NULL) { 5652 printf("%s: null vap\n", __func__); 5653 return; 5654 } 5655 5656 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; " 5657 "restarting\n", __func__, vap->iv_state); 5658 5659 /* XXX TODO: turn this into a callout/taskqueue */ 5660 ieee80211_restart_all(ic); 5661 return; 5662 } 5663 5664 if (r1 & IWM_CSR_INT_BIT_HW_ERR) { 5665 handled |= IWM_CSR_INT_BIT_HW_ERR; 5666 device_printf(sc->sc_dev, "hardware error, stopping device\n"); 5667 iwm_stop(sc); 5668 rv = 1; 5669 goto out; 5670 } 5671 5672 /* firmware chunk loaded */ 5673 if (r1 & IWM_CSR_INT_BIT_FH_TX) { 5674 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK); 5675 handled |= IWM_CSR_INT_BIT_FH_TX; 5676 sc->sc_fw_chunk_done = 1; 5677 wakeup(&sc->sc_fw); 5678 } 5679 5680 if (r1 & IWM_CSR_INT_BIT_RF_KILL) { 5681 handled |= IWM_CSR_INT_BIT_RF_KILL; 5682 if (iwm_check_rfkill(sc)) { 5683 device_printf(sc->sc_dev, 5684 "%s: rfkill switch, disabling interface\n", 5685 __func__); 5686 iwm_stop(sc); 5687 } 5688 } 5689 5690 /* 5691 * The Linux driver uses periodic interrupts to avoid races. 5692 * We cargo-cult like it's going out of fashion. 5693 */ 5694 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) { 5695 handled |= IWM_CSR_INT_BIT_RX_PERIODIC; 5696 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC); 5697 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0) 5698 IWM_WRITE_1(sc, 5699 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS); 5700 isperiodic = 1; 5701 } 5702 5703 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) { 5704 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX); 5705 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK); 5706 5707 iwm_notif_intr(sc); 5708 5709 /* enable periodic interrupt, see above */ 5710 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic) 5711 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG, 5712 IWM_CSR_INT_PERIODIC_ENA); 5713 } 5714 5715 if (__predict_false(r1 & ~handled)) 5716 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5717 "%s: unhandled interrupts: %x\n", __func__, r1); 5718 rv = 1; 5719 5720 out_ena: 5721 iwm_restore_interrupts(sc); 5722 out: 5723 IWM_UNLOCK(sc); 5724 return; 5725} 5726 5727/* 5728 * Autoconf glue-sniffing 5729 */ 5730#define PCI_VENDOR_INTEL 0x8086 5731#define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3 5732#define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4 5733#define PCI_PRODUCT_INTEL_WL_3165_1 0x3165 5734#define PCI_PRODUCT_INTEL_WL_3165_2 0x3166 5735#define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1 5736#define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2 5737#define PCI_PRODUCT_INTEL_WL_7265_1 0x095a 5738#define PCI_PRODUCT_INTEL_WL_7265_2 0x095b 5739#define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3 5740#define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4 5741 5742static const struct iwm_devices { 5743 uint16_t device; 5744 const char *name; 5745} iwm_devices[] = { 5746 { PCI_PRODUCT_INTEL_WL_3160_1, "Intel Dual Band Wireless AC 3160" }, 5747 { PCI_PRODUCT_INTEL_WL_3160_2, "Intel Dual Band Wireless AC 3160" }, 5748 { PCI_PRODUCT_INTEL_WL_3165_1, "Intel Dual Band Wireless AC 3165" }, 5749 { PCI_PRODUCT_INTEL_WL_3165_2, "Intel Dual Band Wireless AC 3165" }, 5750 { PCI_PRODUCT_INTEL_WL_7260_1, "Intel Dual Band Wireless AC 7260" }, 5751 { PCI_PRODUCT_INTEL_WL_7260_2, "Intel Dual Band Wireless AC 7260" }, 5752 { PCI_PRODUCT_INTEL_WL_7265_1, "Intel Dual Band Wireless AC 7265" }, 5753 { PCI_PRODUCT_INTEL_WL_7265_2, "Intel Dual Band Wireless AC 7265" }, 5754 { PCI_PRODUCT_INTEL_WL_8260_1, "Intel Dual Band Wireless AC 8260" }, 5755 { PCI_PRODUCT_INTEL_WL_8260_2, "Intel Dual Band Wireless AC 8260" }, 5756}; 5757 5758static int 5759iwm_probe(device_t dev) 5760{ 5761 int i; 5762 5763 for (i = 0; i < nitems(iwm_devices); i++) { 5764 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL && 5765 pci_get_device(dev) == iwm_devices[i].device) { 5766 device_set_desc(dev, iwm_devices[i].name); 5767 return (BUS_PROBE_DEFAULT); 5768 } 5769 } 5770 5771 return (ENXIO); 5772} 5773 5774static int 5775iwm_dev_check(device_t dev) 5776{ 5777 struct iwm_softc *sc; 5778 5779 sc = device_get_softc(dev); 5780 5781 switch (pci_get_device(dev)) { 5782 case PCI_PRODUCT_INTEL_WL_3160_1: 5783 case PCI_PRODUCT_INTEL_WL_3160_2: 5784 sc->cfg = &iwm3160_cfg; 5785 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5786 return (0); 5787 case PCI_PRODUCT_INTEL_WL_3165_1: 5788 case PCI_PRODUCT_INTEL_WL_3165_2: 5789 sc->cfg = &iwm3165_cfg; 5790 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5791 return (0); 5792 case PCI_PRODUCT_INTEL_WL_7260_1: 5793 case PCI_PRODUCT_INTEL_WL_7260_2: 5794 sc->cfg = &iwm7260_cfg; 5795 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5796 return (0); 5797 case PCI_PRODUCT_INTEL_WL_7265_1: 5798 case PCI_PRODUCT_INTEL_WL_7265_2: 5799 sc->cfg = &iwm7265_cfg; 5800 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5801 return (0); 5802 case PCI_PRODUCT_INTEL_WL_8260_1: 5803 case PCI_PRODUCT_INTEL_WL_8260_2: 5804 sc->cfg = &iwm8260_cfg; 5805 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000; 5806 return (0); 5807 default: 5808 device_printf(dev, "unknown adapter type\n"); 5809 return ENXIO; 5810 } 5811} 5812 5813/* PCI registers */ 5814#define PCI_CFG_RETRY_TIMEOUT 0x041 5815 5816static int 5817iwm_pci_attach(device_t dev) 5818{ 5819 struct iwm_softc *sc; 5820 int count, error, rid; 5821 uint16_t reg; 5822 5823 sc = device_get_softc(dev); 5824 5825 /* We disable the RETRY_TIMEOUT register (0x41) to keep 5826 * PCI Tx retries from interfering with C3 CPU state */ 5827 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 5828 5829 /* Enable bus-mastering and hardware bug workaround. */ 5830 pci_enable_busmaster(dev); 5831 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg)); 5832 /* if !MSI */ 5833 if (reg & PCIM_STATUS_INTxSTATE) { 5834 reg &= ~PCIM_STATUS_INTxSTATE; 5835 } 5836 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg)); 5837 5838 rid = PCIR_BAR(0); 5839 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 5840 RF_ACTIVE); 5841 if (sc->sc_mem == NULL) { 5842 device_printf(sc->sc_dev, "can't map mem space\n"); 5843 return (ENXIO); 5844 } 5845 sc->sc_st = rman_get_bustag(sc->sc_mem); 5846 sc->sc_sh = rman_get_bushandle(sc->sc_mem); 5847 5848 /* Install interrupt handler. */ 5849 count = 1; 5850 rid = 0; 5851 if (pci_alloc_msi(dev, &count) == 0) 5852 rid = 1; 5853 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 5854 (rid != 0 ? 0 : RF_SHAREABLE)); 5855 if (sc->sc_irq == NULL) { 5856 device_printf(dev, "can't map interrupt\n"); 5857 return (ENXIO); 5858 } 5859 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE, 5860 NULL, iwm_intr, sc, &sc->sc_ih); 5861 if (sc->sc_ih == NULL) { 5862 device_printf(dev, "can't establish interrupt"); 5863 return (ENXIO); 5864 } 5865 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev); 5866 5867 return (0); 5868} 5869 5870static void 5871iwm_pci_detach(device_t dev) 5872{ 5873 struct iwm_softc *sc = device_get_softc(dev); 5874 5875 if (sc->sc_irq != NULL) { 5876 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih); 5877 bus_release_resource(dev, SYS_RES_IRQ, 5878 rman_get_rid(sc->sc_irq), sc->sc_irq); 5879 pci_release_msi(dev); 5880 } 5881 if (sc->sc_mem != NULL) 5882 bus_release_resource(dev, SYS_RES_MEMORY, 5883 rman_get_rid(sc->sc_mem), sc->sc_mem); 5884} 5885 5886 5887 5888static int 5889iwm_attach(device_t dev) 5890{ 5891 struct iwm_softc *sc = device_get_softc(dev); 5892 struct ieee80211com *ic = &sc->sc_ic; 5893 int error; 5894 int txq_i, i; 5895 5896 sc->sc_dev = dev; 5897 sc->sc_attached = 1; 5898 IWM_LOCK_INIT(sc); 5899 mbufq_init(&sc->sc_snd, ifqmaxlen); 5900 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0); 5901 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0); 5902 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc); 5903 5904 sc->sc_notif_wait = iwm_notification_wait_init(sc); 5905 if (sc->sc_notif_wait == NULL) { 5906 device_printf(dev, "failed to init notification wait struct\n"); 5907 goto fail; 5908 } 5909 5910 /* Init phy db */ 5911 sc->sc_phy_db = iwm_phy_db_init(sc); 5912 if (!sc->sc_phy_db) { 5913 device_printf(dev, "Cannot init phy_db\n"); 5914 goto fail; 5915 } 5916 5917 /* PCI attach */ 5918 error = iwm_pci_attach(dev); 5919 if (error != 0) 5920 goto fail; 5921 5922 sc->sc_wantresp = -1; 5923 5924 /* Check device type */ 5925 error = iwm_dev_check(dev); 5926 if (error != 0) 5927 goto fail; 5928 5929 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV); 5930 /* 5931 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have 5932 * changed, and now the revision step also includes bit 0-1 (no more 5933 * "dash" value). To keep hw_rev backwards compatible - we'll store it 5934 * in the old format. 5935 */ 5936 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 5937 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) | 5938 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2); 5939 5940 if (iwm_prepare_card_hw(sc) != 0) { 5941 device_printf(dev, "could not initialize hardware\n"); 5942 goto fail; 5943 } 5944 5945 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 5946 int ret; 5947 uint32_t hw_step; 5948 5949 /* 5950 * In order to recognize C step the driver should read the 5951 * chip version id located at the AUX bus MISC address. 5952 */ 5953 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, 5954 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE); 5955 DELAY(2); 5956 5957 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL, 5958 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 5959 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 5960 25000); 5961 if (!ret) { 5962 device_printf(sc->sc_dev, 5963 "Failed to wake up the nic\n"); 5964 goto fail; 5965 } 5966 5967 if (iwm_nic_lock(sc)) { 5968 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG); 5969 hw_step |= IWM_ENABLE_WFPM; 5970 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step); 5971 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG); 5972 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF; 5973 if (hw_step == 0x3) 5974 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) | 5975 (IWM_SILICON_C_STEP << 2); 5976 iwm_nic_unlock(sc); 5977 } else { 5978 device_printf(sc->sc_dev, "Failed to lock the nic\n"); 5979 goto fail; 5980 } 5981 } 5982 5983 /* special-case 7265D, it has the same PCI IDs. */ 5984 if (sc->cfg == &iwm7265_cfg && 5985 (sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK) == IWM_CSR_HW_REV_TYPE_7265D) { 5986 sc->cfg = &iwm7265d_cfg; 5987 } 5988 5989 /* Allocate DMA memory for firmware transfers. */ 5990 if ((error = iwm_alloc_fwmem(sc)) != 0) { 5991 device_printf(dev, "could not allocate memory for firmware\n"); 5992 goto fail; 5993 } 5994 5995 /* Allocate "Keep Warm" page. */ 5996 if ((error = iwm_alloc_kw(sc)) != 0) { 5997 device_printf(dev, "could not allocate keep warm page\n"); 5998 goto fail; 5999 } 6000 6001 /* We use ICT interrupts */ 6002 if ((error = iwm_alloc_ict(sc)) != 0) { 6003 device_printf(dev, "could not allocate ICT table\n"); 6004 goto fail; 6005 } 6006 6007 /* Allocate TX scheduler "rings". */ 6008 if ((error = iwm_alloc_sched(sc)) != 0) { 6009 device_printf(dev, "could not allocate TX scheduler rings\n"); 6010 goto fail; 6011 } 6012 6013 /* Allocate TX rings */ 6014 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) { 6015 if ((error = iwm_alloc_tx_ring(sc, 6016 &sc->txq[txq_i], txq_i)) != 0) { 6017 device_printf(dev, 6018 "could not allocate TX ring %d\n", 6019 txq_i); 6020 goto fail; 6021 } 6022 } 6023 6024 /* Allocate RX ring. */ 6025 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) { 6026 device_printf(dev, "could not allocate RX ring\n"); 6027 goto fail; 6028 } 6029 6030 /* Clear pending interrupts. */ 6031 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff); 6032 6033 ic->ic_softc = sc; 6034 ic->ic_name = device_get_nameunit(sc->sc_dev); 6035 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 6036 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 6037 6038 /* Set device capabilities. */ 6039 ic->ic_caps = 6040 IEEE80211_C_STA | 6041 IEEE80211_C_WPA | /* WPA/RSN */ 6042 IEEE80211_C_WME | 6043 IEEE80211_C_SHSLOT | /* short slot time supported */ 6044 IEEE80211_C_SHPREAMBLE /* short preamble supported */ 6045// IEEE80211_C_BGSCAN /* capable of bg scanning */ 6046 ; 6047 for (i = 0; i < nitems(sc->sc_phyctxt); i++) { 6048 sc->sc_phyctxt[i].id = i; 6049 sc->sc_phyctxt[i].color = 0; 6050 sc->sc_phyctxt[i].ref = 0; 6051 sc->sc_phyctxt[i].channel = NULL; 6052 } 6053 6054 /* Default noise floor */ 6055 sc->sc_noise = -96; 6056 6057 /* Max RSSI */ 6058 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM; 6059 6060 sc->sc_preinit_hook.ich_func = iwm_preinit; 6061 sc->sc_preinit_hook.ich_arg = sc; 6062 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) { 6063 device_printf(dev, "config_intrhook_establish failed\n"); 6064 goto fail; 6065 } 6066 6067#ifdef IWM_DEBUG 6068 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev), 6069 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug", 6070 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging"); 6071#endif 6072 6073 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6074 "<-%s\n", __func__); 6075 6076 return 0; 6077 6078 /* Free allocated memory if something failed during attachment. */ 6079fail: 6080 iwm_detach_local(sc, 0); 6081 6082 return ENXIO; 6083} 6084 6085static int 6086iwm_is_valid_ether_addr(uint8_t *addr) 6087{ 6088 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 }; 6089 6090 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr)) 6091 return (FALSE); 6092 6093 return (TRUE); 6094} 6095 6096static int 6097iwm_update_edca(struct ieee80211com *ic) 6098{ 6099 struct iwm_softc *sc = ic->ic_softc; 6100 6101 device_printf(sc->sc_dev, "%s: called\n", __func__); 6102 return (0); 6103} 6104 6105static void 6106iwm_preinit(void *arg) 6107{ 6108 struct iwm_softc *sc = arg; 6109 device_t dev = sc->sc_dev; 6110 struct ieee80211com *ic = &sc->sc_ic; 6111 int error; 6112 6113 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6114 "->%s\n", __func__); 6115 6116 IWM_LOCK(sc); 6117 if ((error = iwm_start_hw(sc)) != 0) { 6118 device_printf(dev, "could not initialize hardware\n"); 6119 IWM_UNLOCK(sc); 6120 goto fail; 6121 } 6122 6123 error = iwm_run_init_mvm_ucode(sc, 1); 6124 iwm_stop_device(sc); 6125 if (error) { 6126 IWM_UNLOCK(sc); 6127 goto fail; 6128 } 6129 device_printf(dev, 6130 "hw rev 0x%x, fw ver %s, address %s\n", 6131 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK, 6132 sc->sc_fwver, ether_sprintf(sc->nvm_data->hw_addr)); 6133 6134 /* not all hardware can do 5GHz band */ 6135 if (!sc->nvm_data->sku_cap_band_52GHz_enable) 6136 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0, 6137 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A])); 6138 IWM_UNLOCK(sc); 6139 6140 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 6141 ic->ic_channels); 6142 6143 /* 6144 * At this point we've committed - if we fail to do setup, 6145 * we now also have to tear down the net80211 state. 6146 */ 6147 ieee80211_ifattach(ic); 6148 ic->ic_vap_create = iwm_vap_create; 6149 ic->ic_vap_delete = iwm_vap_delete; 6150 ic->ic_raw_xmit = iwm_raw_xmit; 6151 ic->ic_node_alloc = iwm_node_alloc; 6152 ic->ic_scan_start = iwm_scan_start; 6153 ic->ic_scan_end = iwm_scan_end; 6154 ic->ic_update_mcast = iwm_update_mcast; 6155 ic->ic_getradiocaps = iwm_init_channel_map; 6156 ic->ic_set_channel = iwm_set_channel; 6157 ic->ic_scan_curchan = iwm_scan_curchan; 6158 ic->ic_scan_mindwell = iwm_scan_mindwell; 6159 ic->ic_wme.wme_update = iwm_update_edca; 6160 ic->ic_parent = iwm_parent; 6161 ic->ic_transmit = iwm_transmit; 6162 iwm_radiotap_attach(sc); 6163 if (bootverbose) 6164 ieee80211_announce(ic); 6165 6166 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6167 "<-%s\n", __func__); 6168 config_intrhook_disestablish(&sc->sc_preinit_hook); 6169 6170 return; 6171fail: 6172 config_intrhook_disestablish(&sc->sc_preinit_hook); 6173 iwm_detach_local(sc, 0); 6174} 6175 6176/* 6177 * Attach the interface to 802.11 radiotap. 6178 */ 6179static void 6180iwm_radiotap_attach(struct iwm_softc *sc) 6181{ 6182 struct ieee80211com *ic = &sc->sc_ic; 6183 6184 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6185 "->%s begin\n", __func__); 6186 ieee80211_radiotap_attach(ic, 6187 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 6188 IWM_TX_RADIOTAP_PRESENT, 6189 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 6190 IWM_RX_RADIOTAP_PRESENT); 6191 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6192 "->%s end\n", __func__); 6193} 6194 6195static struct ieee80211vap * 6196iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 6197 enum ieee80211_opmode opmode, int flags, 6198 const uint8_t bssid[IEEE80211_ADDR_LEN], 6199 const uint8_t mac[IEEE80211_ADDR_LEN]) 6200{ 6201 struct iwm_vap *ivp; 6202 struct ieee80211vap *vap; 6203 6204 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 6205 return NULL; 6206 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO); 6207 vap = &ivp->iv_vap; 6208 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 6209 vap->iv_bmissthreshold = 10; /* override default */ 6210 /* Override with driver methods. */ 6211 ivp->iv_newstate = vap->iv_newstate; 6212 vap->iv_newstate = iwm_newstate; 6213 6214 ieee80211_ratectl_init(vap); 6215 /* Complete setup. */ 6216 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status, 6217 mac); 6218 ic->ic_opmode = opmode; 6219 6220 return vap; 6221} 6222 6223static void 6224iwm_vap_delete(struct ieee80211vap *vap) 6225{ 6226 struct iwm_vap *ivp = IWM_VAP(vap); 6227 6228 ieee80211_ratectl_deinit(vap); 6229 ieee80211_vap_detach(vap); 6230 free(ivp, M_80211_VAP); 6231} 6232 6233static void 6234iwm_scan_start(struct ieee80211com *ic) 6235{ 6236 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6237 struct iwm_softc *sc = ic->ic_softc; 6238 int error; 6239 6240 IWM_LOCK(sc); 6241 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) 6242 error = iwm_mvm_umac_scan(sc); 6243 else 6244 error = iwm_mvm_lmac_scan(sc); 6245 if (error != 0) { 6246 device_printf(sc->sc_dev, "could not initiate 2 GHz scan\n"); 6247 IWM_UNLOCK(sc); 6248 ieee80211_cancel_scan(vap); 6249 } else { 6250 iwm_led_blink_start(sc); 6251 IWM_UNLOCK(sc); 6252 } 6253} 6254 6255static void 6256iwm_scan_end(struct ieee80211com *ic) 6257{ 6258 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6259 struct iwm_softc *sc = ic->ic_softc; 6260 6261 IWM_LOCK(sc); 6262 iwm_led_blink_stop(sc); 6263 if (vap->iv_state == IEEE80211_S_RUN) 6264 iwm_mvm_led_enable(sc); 6265 IWM_UNLOCK(sc); 6266} 6267 6268static void 6269iwm_update_mcast(struct ieee80211com *ic) 6270{ 6271} 6272 6273static void 6274iwm_set_channel(struct ieee80211com *ic) 6275{ 6276} 6277 6278static void 6279iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 6280{ 6281} 6282 6283static void 6284iwm_scan_mindwell(struct ieee80211_scan_state *ss) 6285{ 6286 return; 6287} 6288 6289void 6290iwm_init_task(void *arg1) 6291{ 6292 struct iwm_softc *sc = arg1; 6293 6294 IWM_LOCK(sc); 6295 while (sc->sc_flags & IWM_FLAG_BUSY) 6296 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0); 6297 sc->sc_flags |= IWM_FLAG_BUSY; 6298 iwm_stop(sc); 6299 if (sc->sc_ic.ic_nrunning > 0) 6300 iwm_init(sc); 6301 sc->sc_flags &= ~IWM_FLAG_BUSY; 6302 wakeup(&sc->sc_flags); 6303 IWM_UNLOCK(sc); 6304} 6305 6306static int 6307iwm_resume(device_t dev) 6308{ 6309 struct iwm_softc *sc = device_get_softc(dev); 6310 int do_reinit = 0; 6311 6312 /* 6313 * We disable the RETRY_TIMEOUT register (0x41) to keep 6314 * PCI Tx retries from interfering with C3 CPU state. 6315 */ 6316 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 6317 iwm_init_task(device_get_softc(dev)); 6318 6319 IWM_LOCK(sc); 6320 if (sc->sc_flags & IWM_FLAG_SCANNING) { 6321 sc->sc_flags &= ~IWM_FLAG_SCANNING; 6322 do_reinit = 1; 6323 } 6324 IWM_UNLOCK(sc); 6325 6326 if (do_reinit) 6327 ieee80211_resume_all(&sc->sc_ic); 6328 6329 return 0; 6330} 6331 6332static int 6333iwm_suspend(device_t dev) 6334{ 6335 int do_stop = 0; 6336 struct iwm_softc *sc = device_get_softc(dev); 6337 6338 do_stop = !! (sc->sc_ic.ic_nrunning > 0); 6339 6340 ieee80211_suspend_all(&sc->sc_ic); 6341 6342 if (do_stop) { 6343 IWM_LOCK(sc); 6344 iwm_stop(sc); 6345 sc->sc_flags |= IWM_FLAG_SCANNING; 6346 IWM_UNLOCK(sc); 6347 } 6348 6349 return (0); 6350} 6351 6352static int 6353iwm_detach_local(struct iwm_softc *sc, int do_net80211) 6354{ 6355 struct iwm_fw_info *fw = &sc->sc_fw; 6356 device_t dev = sc->sc_dev; 6357 int i; 6358 6359 if (!sc->sc_attached) 6360 return 0; 6361 sc->sc_attached = 0; 6362 6363 if (do_net80211) 6364 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task); 6365 6366 callout_drain(&sc->sc_led_blink_to); 6367 callout_drain(&sc->sc_watchdog_to); 6368 iwm_stop_device(sc); 6369 if (do_net80211) { 6370 ieee80211_ifdetach(&sc->sc_ic); 6371 } 6372 6373 iwm_phy_db_free(sc->sc_phy_db); 6374 sc->sc_phy_db = NULL; 6375 6376 iwm_free_nvm_data(sc->nvm_data); 6377 6378 /* Free descriptor rings */ 6379 iwm_free_rx_ring(sc, &sc->rxq); 6380 for (i = 0; i < nitems(sc->txq); i++) 6381 iwm_free_tx_ring(sc, &sc->txq[i]); 6382 6383 /* Free firmware */ 6384 if (fw->fw_fp != NULL) 6385 iwm_fw_info_free(fw); 6386 6387 /* Free scheduler */ 6388 iwm_dma_contig_free(&sc->sched_dma); 6389 iwm_dma_contig_free(&sc->ict_dma); 6390 iwm_dma_contig_free(&sc->kw_dma); 6391 iwm_dma_contig_free(&sc->fw_dma); 6392 6393 /* Finished with the hardware - detach things */ 6394 iwm_pci_detach(dev); 6395 6396 if (sc->sc_notif_wait != NULL) { 6397 iwm_notification_wait_free(sc->sc_notif_wait); 6398 sc->sc_notif_wait = NULL; 6399 } 6400 6401 mbufq_drain(&sc->sc_snd); 6402 IWM_LOCK_DESTROY(sc); 6403 6404 return (0); 6405} 6406 6407static int 6408iwm_detach(device_t dev) 6409{ 6410 struct iwm_softc *sc = device_get_softc(dev); 6411 6412 return (iwm_detach_local(sc, 1)); 6413} 6414 6415static device_method_t iwm_pci_methods[] = { 6416 /* Device interface */ 6417 DEVMETHOD(device_probe, iwm_probe), 6418 DEVMETHOD(device_attach, iwm_attach), 6419 DEVMETHOD(device_detach, iwm_detach), 6420 DEVMETHOD(device_suspend, iwm_suspend), 6421 DEVMETHOD(device_resume, iwm_resume), 6422 6423 DEVMETHOD_END 6424}; 6425 6426static driver_t iwm_pci_driver = { 6427 "iwm", 6428 iwm_pci_methods, 6429 sizeof (struct iwm_softc) 6430}; 6431 6432static devclass_t iwm_devclass; 6433 6434DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL); 6435MODULE_DEPEND(iwm, firmware, 1, 1, 1); 6436MODULE_DEPEND(iwm, pci, 1, 1, 1); 6437MODULE_DEPEND(iwm, wlan, 1, 1, 1); 6438