if_iwm.c revision 330140
1/* $OpenBSD: if_iwm.c,v 1.42 2015/05/30 02:49:23 deraadt Exp $ */ 2 3/* 4 * Copyright (c) 2014 genua mbh <info@genua.de> 5 * Copyright (c) 2014 Fixup Software Ltd. 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20/*- 21 * Based on BSD-licensed source modules in the Linux iwlwifi driver, 22 * which were used as the reference documentation for this implementation. 23 * 24 * Driver version we are currently based off of is 25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd) 26 * 27 *********************************************************************** 28 * 29 * This file is provided under a dual BSD/GPLv2 license. When using or 30 * redistributing this file, you may do so under either license. 31 * 32 * GPL LICENSE SUMMARY 33 * 34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved. 35 * 36 * This program is free software; you can redistribute it and/or modify 37 * it under the terms of version 2 of the GNU General Public License as 38 * published by the Free Software Foundation. 39 * 40 * This program is distributed in the hope that it will be useful, but 41 * WITHOUT ANY WARRANTY; without even the implied warranty of 42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 43 * General Public License for more details. 44 * 45 * You should have received a copy of the GNU General Public License 46 * along with this program; if not, write to the Free Software 47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 48 * USA 49 * 50 * The full GNU General Public License is included in this distribution 51 * in the file called COPYING. 52 * 53 * Contact Information: 54 * Intel Linux Wireless <ilw@linux.intel.com> 55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 56 * 57 * 58 * BSD LICENSE 59 * 60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved. 61 * All rights reserved. 62 * 63 * Redistribution and use in source and binary forms, with or without 64 * modification, are permitted provided that the following conditions 65 * are met: 66 * 67 * * Redistributions of source code must retain the above copyright 68 * notice, this list of conditions and the following disclaimer. 69 * * Redistributions in binary form must reproduce the above copyright 70 * notice, this list of conditions and the following disclaimer in 71 * the documentation and/or other materials provided with the 72 * distribution. 73 * * Neither the name Intel Corporation nor the names of its 74 * contributors may be used to endorse or promote products derived 75 * from this software without specific prior written permission. 76 * 77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 88 */ 89 90/*- 91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 92 * 93 * Permission to use, copy, modify, and distribute this software for any 94 * purpose with or without fee is hereby granted, provided that the above 95 * copyright notice and this permission notice appear in all copies. 96 * 97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 104 */ 105#include <sys/cdefs.h> 106__FBSDID("$FreeBSD: stable/11/sys/dev/iwm/if_iwm.c 330140 2018-03-01 03:05:00Z eadler $"); 107 108#include "opt_wlan.h" 109 110#include <sys/param.h> 111#include <sys/bus.h> 112#include <sys/conf.h> 113#include <sys/endian.h> 114#include <sys/firmware.h> 115#include <sys/kernel.h> 116#include <sys/malloc.h> 117#include <sys/mbuf.h> 118#include <sys/mutex.h> 119#include <sys/module.h> 120#include <sys/proc.h> 121#include <sys/rman.h> 122#include <sys/socket.h> 123#include <sys/sockio.h> 124#include <sys/sysctl.h> 125#include <sys/linker.h> 126 127#include <machine/bus.h> 128#include <machine/endian.h> 129#include <machine/resource.h> 130 131#include <dev/pci/pcivar.h> 132#include <dev/pci/pcireg.h> 133 134#include <net/bpf.h> 135 136#include <net/if.h> 137#include <net/if_var.h> 138#include <net/if_arp.h> 139#include <net/if_dl.h> 140#include <net/if_media.h> 141#include <net/if_types.h> 142 143#include <netinet/in.h> 144#include <netinet/in_systm.h> 145#include <netinet/if_ether.h> 146#include <netinet/ip.h> 147 148#include <net80211/ieee80211_var.h> 149#include <net80211/ieee80211_regdomain.h> 150#include <net80211/ieee80211_ratectl.h> 151#include <net80211/ieee80211_radiotap.h> 152 153#include <dev/iwm/if_iwmreg.h> 154#include <dev/iwm/if_iwmvar.h> 155#include <dev/iwm/if_iwm_debug.h> 156#include <dev/iwm/if_iwm_util.h> 157#include <dev/iwm/if_iwm_binding.h> 158#include <dev/iwm/if_iwm_phy_db.h> 159#include <dev/iwm/if_iwm_mac_ctxt.h> 160#include <dev/iwm/if_iwm_phy_ctxt.h> 161#include <dev/iwm/if_iwm_time_event.h> 162#include <dev/iwm/if_iwm_power.h> 163#include <dev/iwm/if_iwm_scan.h> 164 165#include <dev/iwm/if_iwm_pcie_trans.h> 166#include <dev/iwm/if_iwm_led.h> 167 168const uint8_t iwm_nvm_channels[] = { 169 /* 2.4 GHz */ 170 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 171 /* 5 GHz */ 172 36, 40, 44, 48, 52, 56, 60, 64, 173 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 174 149, 153, 157, 161, 165 175}; 176_Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS, 177 "IWM_NUM_CHANNELS is too small"); 178 179const uint8_t iwm_nvm_channels_8000[] = { 180 /* 2.4 GHz */ 181 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 182 /* 5 GHz */ 183 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 184 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 185 149, 153, 157, 161, 165, 169, 173, 177, 181 186}; 187_Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000, 188 "IWM_NUM_CHANNELS_8000 is too small"); 189 190#define IWM_NUM_2GHZ_CHANNELS 14 191#define IWM_N_HW_ADDR_MASK 0xF 192 193/* 194 * XXX For now, there's simply a fixed set of rate table entries 195 * that are populated. 196 */ 197const struct iwm_rate { 198 uint8_t rate; 199 uint8_t plcp; 200} iwm_rates[] = { 201 { 2, IWM_RATE_1M_PLCP }, 202 { 4, IWM_RATE_2M_PLCP }, 203 { 11, IWM_RATE_5M_PLCP }, 204 { 22, IWM_RATE_11M_PLCP }, 205 { 12, IWM_RATE_6M_PLCP }, 206 { 18, IWM_RATE_9M_PLCP }, 207 { 24, IWM_RATE_12M_PLCP }, 208 { 36, IWM_RATE_18M_PLCP }, 209 { 48, IWM_RATE_24M_PLCP }, 210 { 72, IWM_RATE_36M_PLCP }, 211 { 96, IWM_RATE_48M_PLCP }, 212 { 108, IWM_RATE_54M_PLCP }, 213}; 214#define IWM_RIDX_CCK 0 215#define IWM_RIDX_OFDM 4 216#define IWM_RIDX_MAX (nitems(iwm_rates)-1) 217#define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM) 218#define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM) 219 220struct iwm_nvm_section { 221 uint16_t length; 222 uint8_t *data; 223}; 224 225static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t); 226static int iwm_firmware_store_section(struct iwm_softc *, 227 enum iwm_ucode_type, 228 const uint8_t *, size_t); 229static int iwm_set_default_calib(struct iwm_softc *, const void *); 230static void iwm_fw_info_free(struct iwm_fw_info *); 231static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type); 232static void iwm_dma_map_addr(void *, bus_dma_segment_t *, int, int); 233static int iwm_dma_contig_alloc(bus_dma_tag_t, struct iwm_dma_info *, 234 bus_size_t, bus_size_t); 235static void iwm_dma_contig_free(struct iwm_dma_info *); 236static int iwm_alloc_fwmem(struct iwm_softc *); 237static void iwm_free_fwmem(struct iwm_softc *); 238static int iwm_alloc_sched(struct iwm_softc *); 239static void iwm_free_sched(struct iwm_softc *); 240static int iwm_alloc_kw(struct iwm_softc *); 241static void iwm_free_kw(struct iwm_softc *); 242static int iwm_alloc_ict(struct iwm_softc *); 243static void iwm_free_ict(struct iwm_softc *); 244static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 245static void iwm_disable_rx_dma(struct iwm_softc *); 246static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 247static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 248static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *, 249 int); 250static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 251static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 252static void iwm_enable_interrupts(struct iwm_softc *); 253static void iwm_restore_interrupts(struct iwm_softc *); 254static void iwm_disable_interrupts(struct iwm_softc *); 255static void iwm_ict_reset(struct iwm_softc *); 256static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *); 257static void iwm_stop_device(struct iwm_softc *); 258static void iwm_mvm_nic_config(struct iwm_softc *); 259static int iwm_nic_rx_init(struct iwm_softc *); 260static int iwm_nic_tx_init(struct iwm_softc *); 261static int iwm_nic_init(struct iwm_softc *); 262static int iwm_enable_txq(struct iwm_softc *, int, int, int); 263static int iwm_post_alive(struct iwm_softc *); 264static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t, 265 uint16_t, uint8_t *, uint16_t *); 266static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *, 267 uint16_t *, size_t); 268static uint32_t iwm_eeprom_channel_flags(uint16_t); 269static void iwm_add_channel_band(struct iwm_softc *, 270 struct ieee80211_channel[], int, int *, int, size_t, 271 const uint8_t[]); 272static void iwm_init_channel_map(struct ieee80211com *, int, int *, 273 struct ieee80211_channel[]); 274static int iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *, 275 const uint16_t *, const uint16_t *, 276 const uint16_t *, const uint16_t *, 277 const uint16_t *); 278static void iwm_set_hw_address_8000(struct iwm_softc *, 279 struct iwm_nvm_data *, 280 const uint16_t *, const uint16_t *); 281static int iwm_get_sku(const struct iwm_softc *, const uint16_t *, 282 const uint16_t *); 283static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *); 284static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *, 285 const uint16_t *); 286static int iwm_get_n_hw_addrs(const struct iwm_softc *, 287 const uint16_t *); 288static void iwm_set_radio_cfg(const struct iwm_softc *, 289 struct iwm_nvm_data *, uint32_t); 290static int iwm_parse_nvm_sections(struct iwm_softc *, 291 struct iwm_nvm_section *); 292static int iwm_nvm_init(struct iwm_softc *); 293static int iwm_firmware_load_sect(struct iwm_softc *, uint32_t, 294 const uint8_t *, uint32_t); 295static int iwm_firmware_load_chunk(struct iwm_softc *, uint32_t, 296 const uint8_t *, uint32_t); 297static int iwm_load_firmware_7000(struct iwm_softc *, enum iwm_ucode_type); 298static int iwm_load_cpu_sections_8000(struct iwm_softc *, 299 struct iwm_fw_sects *, int , int *); 300static int iwm_load_firmware_8000(struct iwm_softc *, enum iwm_ucode_type); 301static int iwm_load_firmware(struct iwm_softc *, enum iwm_ucode_type); 302static int iwm_start_fw(struct iwm_softc *, enum iwm_ucode_type); 303static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t); 304static int iwm_send_phy_cfg_cmd(struct iwm_softc *); 305static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *, 306 enum iwm_ucode_type); 307static int iwm_run_init_mvm_ucode(struct iwm_softc *, int); 308static int iwm_rx_addbuf(struct iwm_softc *, int, int); 309static int iwm_mvm_calc_rssi(struct iwm_softc *, struct iwm_rx_phy_info *); 310static int iwm_mvm_get_signal_strength(struct iwm_softc *, 311 struct iwm_rx_phy_info *); 312static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *, 313 struct iwm_rx_packet *, 314 struct iwm_rx_data *); 315static int iwm_get_noise(const struct iwm_mvm_statistics_rx_non_phy *); 316static void iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct iwm_rx_packet *, 317 struct iwm_rx_data *); 318static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *, 319 struct iwm_rx_packet *, 320 struct iwm_node *); 321static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *, 322 struct iwm_rx_data *); 323static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *); 324#if 0 325static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t, 326 uint16_t); 327#endif 328static const struct iwm_rate * 329 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *, 330 struct ieee80211_frame *, struct iwm_tx_cmd *); 331static int iwm_tx(struct iwm_softc *, struct mbuf *, 332 struct ieee80211_node *, int); 333static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *, 334 const struct ieee80211_bpf_params *); 335static int iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *, 336 struct iwm_mvm_add_sta_cmd_v7 *, 337 int *); 338static int iwm_mvm_sta_send_to_fw(struct iwm_softc *, struct iwm_node *, 339 int); 340static int iwm_mvm_add_sta(struct iwm_softc *, struct iwm_node *); 341static int iwm_mvm_update_sta(struct iwm_softc *, struct iwm_node *); 342static int iwm_mvm_add_int_sta_common(struct iwm_softc *, 343 struct iwm_int_sta *, 344 const uint8_t *, uint16_t, uint16_t); 345static int iwm_mvm_add_aux_sta(struct iwm_softc *); 346static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_node *); 347static int iwm_auth(struct ieee80211vap *, struct iwm_softc *); 348static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *); 349static int iwm_release(struct iwm_softc *, struct iwm_node *); 350static struct ieee80211_node * 351 iwm_node_alloc(struct ieee80211vap *, 352 const uint8_t[IEEE80211_ADDR_LEN]); 353static void iwm_setrates(struct iwm_softc *, struct iwm_node *); 354static int iwm_media_change(struct ifnet *); 355static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int); 356static void iwm_endscan_cb(void *, int); 357static void iwm_mvm_fill_sf_command(struct iwm_softc *, 358 struct iwm_sf_cfg_cmd *, 359 struct ieee80211_node *); 360static int iwm_mvm_sf_config(struct iwm_softc *, enum iwm_sf_state); 361static int iwm_send_bt_init_conf(struct iwm_softc *); 362static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *); 363static void iwm_mvm_tt_tx_backoff(struct iwm_softc *, uint32_t); 364static int iwm_init_hw(struct iwm_softc *); 365static void iwm_init(struct iwm_softc *); 366static void iwm_start(struct iwm_softc *); 367static void iwm_stop(struct iwm_softc *); 368static void iwm_watchdog(void *); 369static void iwm_parent(struct ieee80211com *); 370#ifdef IWM_DEBUG 371static const char * 372 iwm_desc_lookup(uint32_t); 373static void iwm_nic_error(struct iwm_softc *); 374static void iwm_nic_umac_error(struct iwm_softc *); 375#endif 376static void iwm_notif_intr(struct iwm_softc *); 377static void iwm_intr(void *); 378static int iwm_attach(device_t); 379static int iwm_is_valid_ether_addr(uint8_t *); 380static void iwm_preinit(void *); 381static int iwm_detach_local(struct iwm_softc *sc, int); 382static void iwm_init_task(void *); 383static void iwm_radiotap_attach(struct iwm_softc *); 384static struct ieee80211vap * 385 iwm_vap_create(struct ieee80211com *, 386 const char [IFNAMSIZ], int, 387 enum ieee80211_opmode, int, 388 const uint8_t [IEEE80211_ADDR_LEN], 389 const uint8_t [IEEE80211_ADDR_LEN]); 390static void iwm_vap_delete(struct ieee80211vap *); 391static void iwm_scan_start(struct ieee80211com *); 392static void iwm_scan_end(struct ieee80211com *); 393static void iwm_update_mcast(struct ieee80211com *); 394static void iwm_set_channel(struct ieee80211com *); 395static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long); 396static void iwm_scan_mindwell(struct ieee80211_scan_state *); 397static int iwm_detach(device_t); 398 399/* 400 * Firmware parser. 401 */ 402 403static int 404iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen) 405{ 406 const struct iwm_fw_cscheme_list *l = (const void *)data; 407 408 if (dlen < sizeof(*l) || 409 dlen < sizeof(l->size) + l->size * sizeof(*l->cs)) 410 return EINVAL; 411 412 /* we don't actually store anything for now, always use s/w crypto */ 413 414 return 0; 415} 416 417static int 418iwm_firmware_store_section(struct iwm_softc *sc, 419 enum iwm_ucode_type type, const uint8_t *data, size_t dlen) 420{ 421 struct iwm_fw_sects *fws; 422 struct iwm_fw_onesect *fwone; 423 424 if (type >= IWM_UCODE_TYPE_MAX) 425 return EINVAL; 426 if (dlen < sizeof(uint32_t)) 427 return EINVAL; 428 429 fws = &sc->sc_fw.fw_sects[type]; 430 if (fws->fw_count >= IWM_UCODE_SECT_MAX) 431 return EINVAL; 432 433 fwone = &fws->fw_sect[fws->fw_count]; 434 435 /* first 32bit are device load offset */ 436 memcpy(&fwone->fws_devoff, data, sizeof(uint32_t)); 437 438 /* rest is data */ 439 fwone->fws_data = data + sizeof(uint32_t); 440 fwone->fws_len = dlen - sizeof(uint32_t); 441 442 fws->fw_count++; 443 fws->fw_totlen += fwone->fws_len; 444 445 return 0; 446} 447 448/* iwlwifi: iwl-drv.c */ 449struct iwm_tlv_calib_data { 450 uint32_t ucode_type; 451 struct iwm_tlv_calib_ctrl calib; 452} __packed; 453 454static int 455iwm_set_default_calib(struct iwm_softc *sc, const void *data) 456{ 457 const struct iwm_tlv_calib_data *def_calib = data; 458 uint32_t ucode_type = le32toh(def_calib->ucode_type); 459 460 if (ucode_type >= IWM_UCODE_TYPE_MAX) { 461 device_printf(sc->sc_dev, 462 "Wrong ucode_type %u for default " 463 "calibration.\n", ucode_type); 464 return EINVAL; 465 } 466 467 sc->sc_default_calib[ucode_type].flow_trigger = 468 def_calib->calib.flow_trigger; 469 sc->sc_default_calib[ucode_type].event_trigger = 470 def_calib->calib.event_trigger; 471 472 return 0; 473} 474 475static void 476iwm_fw_info_free(struct iwm_fw_info *fw) 477{ 478 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD); 479 fw->fw_fp = NULL; 480 /* don't touch fw->fw_status */ 481 memset(fw->fw_sects, 0, sizeof(fw->fw_sects)); 482} 483 484static int 485iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 486{ 487 struct iwm_fw_info *fw = &sc->sc_fw; 488 const struct iwm_tlv_ucode_header *uhdr; 489 struct iwm_ucode_tlv tlv; 490 enum iwm_ucode_tlv_type tlv_type; 491 const struct firmware *fwp; 492 const uint8_t *data; 493 int error = 0; 494 size_t len; 495 496 if (fw->fw_status == IWM_FW_STATUS_DONE && 497 ucode_type != IWM_UCODE_TYPE_INIT) 498 return 0; 499 500 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS) 501 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0); 502 fw->fw_status = IWM_FW_STATUS_INPROGRESS; 503 504 if (fw->fw_fp != NULL) 505 iwm_fw_info_free(fw); 506 507 /* 508 * Load firmware into driver memory. 509 * fw_fp will be set. 510 */ 511 IWM_UNLOCK(sc); 512 fwp = firmware_get(sc->sc_fwname); 513 IWM_LOCK(sc); 514 if (fwp == NULL) { 515 device_printf(sc->sc_dev, 516 "could not read firmware %s (error %d)\n", 517 sc->sc_fwname, error); 518 goto out; 519 } 520 fw->fw_fp = fwp; 521 522 /* (Re-)Initialize default values. */ 523 sc->sc_capaflags = 0; 524 sc->sc_capa_n_scan_channels = IWM_MAX_NUM_SCAN_CHANNELS; 525 memset(sc->sc_enabled_capa, 0, sizeof(sc->sc_enabled_capa)); 526 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc)); 527 528 /* 529 * Parse firmware contents 530 */ 531 532 uhdr = (const void *)fw->fw_fp->data; 533 if (*(const uint32_t *)fw->fw_fp->data != 0 534 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) { 535 device_printf(sc->sc_dev, "invalid firmware %s\n", 536 sc->sc_fwname); 537 error = EINVAL; 538 goto out; 539 } 540 541 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%d.%d (API ver %d)", 542 IWM_UCODE_MAJOR(le32toh(uhdr->ver)), 543 IWM_UCODE_MINOR(le32toh(uhdr->ver)), 544 IWM_UCODE_API(le32toh(uhdr->ver))); 545 data = uhdr->data; 546 len = fw->fw_fp->datasize - sizeof(*uhdr); 547 548 while (len >= sizeof(tlv)) { 549 size_t tlv_len; 550 const void *tlv_data; 551 552 memcpy(&tlv, data, sizeof(tlv)); 553 tlv_len = le32toh(tlv.length); 554 tlv_type = le32toh(tlv.type); 555 556 len -= sizeof(tlv); 557 data += sizeof(tlv); 558 tlv_data = data; 559 560 if (len < tlv_len) { 561 device_printf(sc->sc_dev, 562 "firmware too short: %zu bytes\n", 563 len); 564 error = EINVAL; 565 goto parse_out; 566 } 567 568 switch ((int)tlv_type) { 569 case IWM_UCODE_TLV_PROBE_MAX_LEN: 570 if (tlv_len < sizeof(uint32_t)) { 571 device_printf(sc->sc_dev, 572 "%s: PROBE_MAX_LEN (%d) < sizeof(uint32_t)\n", 573 __func__, 574 (int) tlv_len); 575 error = EINVAL; 576 goto parse_out; 577 } 578 sc->sc_capa_max_probe_len 579 = le32toh(*(const uint32_t *)tlv_data); 580 /* limit it to something sensible */ 581 if (sc->sc_capa_max_probe_len > 582 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) { 583 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 584 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN " 585 "ridiculous\n", __func__); 586 error = EINVAL; 587 goto parse_out; 588 } 589 break; 590 case IWM_UCODE_TLV_PAN: 591 if (tlv_len) { 592 device_printf(sc->sc_dev, 593 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n", 594 __func__, 595 (int) tlv_len); 596 error = EINVAL; 597 goto parse_out; 598 } 599 sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN; 600 break; 601 case IWM_UCODE_TLV_FLAGS: 602 if (tlv_len < sizeof(uint32_t)) { 603 device_printf(sc->sc_dev, 604 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n", 605 __func__, 606 (int) tlv_len); 607 error = EINVAL; 608 goto parse_out; 609 } 610 /* 611 * Apparently there can be many flags, but Linux driver 612 * parses only the first one, and so do we. 613 * 614 * XXX: why does this override IWM_UCODE_TLV_PAN? 615 * Intentional or a bug? Observations from 616 * current firmware file: 617 * 1) TLV_PAN is parsed first 618 * 2) TLV_FLAGS contains TLV_FLAGS_PAN 619 * ==> this resets TLV_PAN to itself... hnnnk 620 */ 621 sc->sc_capaflags = le32toh(*(const uint32_t *)tlv_data); 622 break; 623 case IWM_UCODE_TLV_CSCHEME: 624 if ((error = iwm_store_cscheme(sc, 625 tlv_data, tlv_len)) != 0) { 626 device_printf(sc->sc_dev, 627 "%s: iwm_store_cscheme(): returned %d\n", 628 __func__, 629 error); 630 goto parse_out; 631 } 632 break; 633 case IWM_UCODE_TLV_NUM_OF_CPU: { 634 uint32_t num_cpu; 635 if (tlv_len != sizeof(uint32_t)) { 636 device_printf(sc->sc_dev, 637 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) < sizeof(uint32_t)\n", 638 __func__, 639 (int) tlv_len); 640 error = EINVAL; 641 goto parse_out; 642 } 643 num_cpu = le32toh(*(const uint32_t *)tlv_data); 644 if (num_cpu < 1 || num_cpu > 2) { 645 device_printf(sc->sc_dev, 646 "%s: Driver supports only 1 or 2 CPUs\n", 647 __func__); 648 error = EINVAL; 649 goto parse_out; 650 } 651 break; 652 } 653 case IWM_UCODE_TLV_SEC_RT: 654 if ((error = iwm_firmware_store_section(sc, 655 IWM_UCODE_TYPE_REGULAR, tlv_data, tlv_len)) != 0) { 656 device_printf(sc->sc_dev, 657 "%s: IWM_UCODE_TYPE_REGULAR: iwm_firmware_store_section() failed; %d\n", 658 __func__, 659 error); 660 goto parse_out; 661 } 662 break; 663 case IWM_UCODE_TLV_SEC_INIT: 664 if ((error = iwm_firmware_store_section(sc, 665 IWM_UCODE_TYPE_INIT, tlv_data, tlv_len)) != 0) { 666 device_printf(sc->sc_dev, 667 "%s: IWM_UCODE_TYPE_INIT: iwm_firmware_store_section() failed; %d\n", 668 __func__, 669 error); 670 goto parse_out; 671 } 672 break; 673 case IWM_UCODE_TLV_SEC_WOWLAN: 674 if ((error = iwm_firmware_store_section(sc, 675 IWM_UCODE_TYPE_WOW, tlv_data, tlv_len)) != 0) { 676 device_printf(sc->sc_dev, 677 "%s: IWM_UCODE_TYPE_WOW: iwm_firmware_store_section() failed; %d\n", 678 __func__, 679 error); 680 goto parse_out; 681 } 682 break; 683 case IWM_UCODE_TLV_DEF_CALIB: 684 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) { 685 device_printf(sc->sc_dev, 686 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n", 687 __func__, 688 (int) tlv_len, 689 (int) sizeof(struct iwm_tlv_calib_data)); 690 error = EINVAL; 691 goto parse_out; 692 } 693 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) { 694 device_printf(sc->sc_dev, 695 "%s: iwm_set_default_calib() failed: %d\n", 696 __func__, 697 error); 698 goto parse_out; 699 } 700 break; 701 case IWM_UCODE_TLV_PHY_SKU: 702 if (tlv_len != sizeof(uint32_t)) { 703 error = EINVAL; 704 device_printf(sc->sc_dev, 705 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n", 706 __func__, 707 (int) tlv_len); 708 goto parse_out; 709 } 710 sc->sc_fw_phy_config = 711 le32toh(*(const uint32_t *)tlv_data); 712 break; 713 714 case IWM_UCODE_TLV_API_CHANGES_SET: { 715 const struct iwm_ucode_api *api; 716 if (tlv_len != sizeof(*api)) { 717 error = EINVAL; 718 goto parse_out; 719 } 720 api = (const struct iwm_ucode_api *)tlv_data; 721 /* Flags may exceed 32 bits in future firmware. */ 722 if (le32toh(api->api_index) > 0) { 723 device_printf(sc->sc_dev, 724 "unsupported API index %d\n", 725 le32toh(api->api_index)); 726 goto parse_out; 727 } 728 sc->sc_ucode_api = le32toh(api->api_flags); 729 break; 730 } 731 732 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: { 733 const struct iwm_ucode_capa *capa; 734 int idx, i; 735 if (tlv_len != sizeof(*capa)) { 736 error = EINVAL; 737 goto parse_out; 738 } 739 capa = (const struct iwm_ucode_capa *)tlv_data; 740 idx = le32toh(capa->api_index); 741 if (idx > howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) { 742 device_printf(sc->sc_dev, 743 "unsupported API index %d\n", idx); 744 goto parse_out; 745 } 746 for (i = 0; i < 32; i++) { 747 if ((le32toh(capa->api_capa) & (1U << i)) == 0) 748 continue; 749 setbit(sc->sc_enabled_capa, i + (32 * idx)); 750 } 751 break; 752 } 753 754 case 48: /* undocumented TLV */ 755 case IWM_UCODE_TLV_SDIO_ADMA_ADDR: 756 case IWM_UCODE_TLV_FW_GSCAN_CAPA: 757 /* ignore, not used by current driver */ 758 break; 759 760 case IWM_UCODE_TLV_SEC_RT_USNIFFER: 761 if ((error = iwm_firmware_store_section(sc, 762 IWM_UCODE_TYPE_REGULAR_USNIFFER, tlv_data, 763 tlv_len)) != 0) 764 goto parse_out; 765 break; 766 767 case IWM_UCODE_TLV_N_SCAN_CHANNELS: 768 if (tlv_len != sizeof(uint32_t)) { 769 error = EINVAL; 770 goto parse_out; 771 } 772 sc->sc_capa_n_scan_channels = 773 le32toh(*(const uint32_t *)tlv_data); 774 break; 775 776 case IWM_UCODE_TLV_FW_VERSION: 777 if (tlv_len != sizeof(uint32_t) * 3) { 778 error = EINVAL; 779 goto parse_out; 780 } 781 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), 782 "%d.%d.%d", 783 le32toh(((const uint32_t *)tlv_data)[0]), 784 le32toh(((const uint32_t *)tlv_data)[1]), 785 le32toh(((const uint32_t *)tlv_data)[2])); 786 break; 787 788 default: 789 device_printf(sc->sc_dev, 790 "%s: unknown firmware section %d, abort\n", 791 __func__, tlv_type); 792 error = EINVAL; 793 goto parse_out; 794 } 795 796 len -= roundup(tlv_len, 4); 797 data += roundup(tlv_len, 4); 798 } 799 800 KASSERT(error == 0, ("unhandled error")); 801 802 parse_out: 803 if (error) { 804 device_printf(sc->sc_dev, "firmware parse error %d, " 805 "section type %d\n", error, tlv_type); 806 } 807 808 if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_PM_CMD_SUPPORT)) { 809 device_printf(sc->sc_dev, 810 "device uses unsupported power ops\n"); 811 error = ENOTSUP; 812 } 813 814 out: 815 if (error) { 816 fw->fw_status = IWM_FW_STATUS_NONE; 817 if (fw->fw_fp != NULL) 818 iwm_fw_info_free(fw); 819 } else 820 fw->fw_status = IWM_FW_STATUS_DONE; 821 wakeup(&sc->sc_fw); 822 823 return error; 824} 825 826/* 827 * DMA resource routines 828 */ 829 830static void 831iwm_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 832{ 833 if (error != 0) 834 return; 835 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 836 *(bus_addr_t *)arg = segs[0].ds_addr; 837} 838 839static int 840iwm_dma_contig_alloc(bus_dma_tag_t tag, struct iwm_dma_info *dma, 841 bus_size_t size, bus_size_t alignment) 842{ 843 int error; 844 845 dma->tag = NULL; 846 dma->map = NULL; 847 dma->size = size; 848 dma->vaddr = NULL; 849 850 error = bus_dma_tag_create(tag, alignment, 851 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 852 1, size, 0, NULL, NULL, &dma->tag); 853 if (error != 0) 854 goto fail; 855 856 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 857 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 858 if (error != 0) 859 goto fail; 860 861 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 862 iwm_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 863 if (error != 0) { 864 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 865 dma->vaddr = NULL; 866 goto fail; 867 } 868 869 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 870 871 return 0; 872 873fail: 874 iwm_dma_contig_free(dma); 875 876 return error; 877} 878 879static void 880iwm_dma_contig_free(struct iwm_dma_info *dma) 881{ 882 if (dma->vaddr != NULL) { 883 bus_dmamap_sync(dma->tag, dma->map, 884 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 885 bus_dmamap_unload(dma->tag, dma->map); 886 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 887 dma->vaddr = NULL; 888 } 889 if (dma->tag != NULL) { 890 bus_dma_tag_destroy(dma->tag); 891 dma->tag = NULL; 892 } 893} 894 895/* fwmem is used to load firmware onto the card */ 896static int 897iwm_alloc_fwmem(struct iwm_softc *sc) 898{ 899 /* Must be aligned on a 16-byte boundary. */ 900 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, 901 sc->sc_fwdmasegsz, 16); 902} 903 904static void 905iwm_free_fwmem(struct iwm_softc *sc) 906{ 907 iwm_dma_contig_free(&sc->fw_dma); 908} 909 910/* tx scheduler rings. not used? */ 911static int 912iwm_alloc_sched(struct iwm_softc *sc) 913{ 914 /* TX scheduler rings must be aligned on a 1KB boundary. */ 915 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma, 916 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024); 917} 918 919static void 920iwm_free_sched(struct iwm_softc *sc) 921{ 922 iwm_dma_contig_free(&sc->sched_dma); 923} 924 925/* keep-warm page is used internally by the card. see iwl-fh.h for more info */ 926static int 927iwm_alloc_kw(struct iwm_softc *sc) 928{ 929 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096); 930} 931 932static void 933iwm_free_kw(struct iwm_softc *sc) 934{ 935 iwm_dma_contig_free(&sc->kw_dma); 936} 937 938/* interrupt cause table */ 939static int 940iwm_alloc_ict(struct iwm_softc *sc) 941{ 942 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, 943 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT); 944} 945 946static void 947iwm_free_ict(struct iwm_softc *sc) 948{ 949 iwm_dma_contig_free(&sc->ict_dma); 950} 951 952static int 953iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 954{ 955 bus_size_t size; 956 int i, error; 957 958 ring->cur = 0; 959 960 /* Allocate RX descriptors (256-byte aligned). */ 961 size = IWM_RX_RING_COUNT * sizeof(uint32_t); 962 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 963 if (error != 0) { 964 device_printf(sc->sc_dev, 965 "could not allocate RX ring DMA memory\n"); 966 goto fail; 967 } 968 ring->desc = ring->desc_dma.vaddr; 969 970 /* Allocate RX status area (16-byte aligned). */ 971 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma, 972 sizeof(*ring->stat), 16); 973 if (error != 0) { 974 device_printf(sc->sc_dev, 975 "could not allocate RX status DMA memory\n"); 976 goto fail; 977 } 978 ring->stat = ring->stat_dma.vaddr; 979 980 /* Create RX buffer DMA tag. */ 981 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 982 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 983 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat); 984 if (error != 0) { 985 device_printf(sc->sc_dev, 986 "%s: could not create RX buf DMA tag, error %d\n", 987 __func__, error); 988 goto fail; 989 } 990 991 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */ 992 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map); 993 if (error != 0) { 994 device_printf(sc->sc_dev, 995 "%s: could not create RX buf DMA map, error %d\n", 996 __func__, error); 997 goto fail; 998 } 999 /* 1000 * Allocate and map RX buffers. 1001 */ 1002 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 1003 struct iwm_rx_data *data = &ring->data[i]; 1004 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1005 if (error != 0) { 1006 device_printf(sc->sc_dev, 1007 "%s: could not create RX buf DMA map, error %d\n", 1008 __func__, error); 1009 goto fail; 1010 } 1011 data->m = NULL; 1012 1013 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) { 1014 goto fail; 1015 } 1016 } 1017 return 0; 1018 1019fail: iwm_free_rx_ring(sc, ring); 1020 return error; 1021} 1022 1023static void 1024iwm_disable_rx_dma(struct iwm_softc *sc) 1025{ 1026 /* XXX conditional nic locks are stupid */ 1027 /* XXX print out if we can't lock the NIC? */ 1028 if (iwm_nic_lock(sc)) { 1029 /* XXX handle if RX stop doesn't finish? */ 1030 (void) iwm_pcie_rx_stop(sc); 1031 iwm_nic_unlock(sc); 1032 } 1033} 1034 1035static void 1036iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1037{ 1038 /* Reset the ring state */ 1039 ring->cur = 0; 1040 1041 /* 1042 * The hw rx ring index in shared memory must also be cleared, 1043 * otherwise the discrepancy can cause reprocessing chaos. 1044 */ 1045 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1046} 1047 1048static void 1049iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1050{ 1051 int i; 1052 1053 iwm_dma_contig_free(&ring->desc_dma); 1054 iwm_dma_contig_free(&ring->stat_dma); 1055 1056 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 1057 struct iwm_rx_data *data = &ring->data[i]; 1058 1059 if (data->m != NULL) { 1060 bus_dmamap_sync(ring->data_dmat, data->map, 1061 BUS_DMASYNC_POSTREAD); 1062 bus_dmamap_unload(ring->data_dmat, data->map); 1063 m_freem(data->m); 1064 data->m = NULL; 1065 } 1066 if (data->map != NULL) { 1067 bus_dmamap_destroy(ring->data_dmat, data->map); 1068 data->map = NULL; 1069 } 1070 } 1071 if (ring->spare_map != NULL) { 1072 bus_dmamap_destroy(ring->data_dmat, ring->spare_map); 1073 ring->spare_map = NULL; 1074 } 1075 if (ring->data_dmat != NULL) { 1076 bus_dma_tag_destroy(ring->data_dmat); 1077 ring->data_dmat = NULL; 1078 } 1079} 1080 1081static int 1082iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid) 1083{ 1084 bus_addr_t paddr; 1085 bus_size_t size; 1086 size_t maxsize; 1087 int nsegments; 1088 int i, error; 1089 1090 ring->qid = qid; 1091 ring->queued = 0; 1092 ring->cur = 0; 1093 1094 /* Allocate TX descriptors (256-byte aligned). */ 1095 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd); 1096 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 1097 if (error != 0) { 1098 device_printf(sc->sc_dev, 1099 "could not allocate TX ring DMA memory\n"); 1100 goto fail; 1101 } 1102 ring->desc = ring->desc_dma.vaddr; 1103 1104 /* 1105 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need 1106 * to allocate commands space for other rings. 1107 */ 1108 if (qid > IWM_MVM_CMD_QUEUE) 1109 return 0; 1110 1111 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd); 1112 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4); 1113 if (error != 0) { 1114 device_printf(sc->sc_dev, 1115 "could not allocate TX cmd DMA memory\n"); 1116 goto fail; 1117 } 1118 ring->cmd = ring->cmd_dma.vaddr; 1119 1120 /* FW commands may require more mapped space than packets. */ 1121 if (qid == IWM_MVM_CMD_QUEUE) { 1122 maxsize = IWM_RBUF_SIZE; 1123 nsegments = 1; 1124 } else { 1125 maxsize = MCLBYTES; 1126 nsegments = IWM_MAX_SCATTER - 2; 1127 } 1128 1129 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 1130 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize, 1131 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat); 1132 if (error != 0) { 1133 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n"); 1134 goto fail; 1135 } 1136 1137 paddr = ring->cmd_dma.paddr; 1138 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1139 struct iwm_tx_data *data = &ring->data[i]; 1140 1141 data->cmd_paddr = paddr; 1142 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header) 1143 + offsetof(struct iwm_tx_cmd, scratch); 1144 paddr += sizeof(struct iwm_device_cmd); 1145 1146 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1147 if (error != 0) { 1148 device_printf(sc->sc_dev, 1149 "could not create TX buf DMA map\n"); 1150 goto fail; 1151 } 1152 } 1153 KASSERT(paddr == ring->cmd_dma.paddr + size, 1154 ("invalid physical address")); 1155 return 0; 1156 1157fail: iwm_free_tx_ring(sc, ring); 1158 return error; 1159} 1160 1161static void 1162iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1163{ 1164 int i; 1165 1166 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1167 struct iwm_tx_data *data = &ring->data[i]; 1168 1169 if (data->m != NULL) { 1170 bus_dmamap_sync(ring->data_dmat, data->map, 1171 BUS_DMASYNC_POSTWRITE); 1172 bus_dmamap_unload(ring->data_dmat, data->map); 1173 m_freem(data->m); 1174 data->m = NULL; 1175 } 1176 } 1177 /* Clear TX descriptors. */ 1178 memset(ring->desc, 0, ring->desc_dma.size); 1179 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1180 BUS_DMASYNC_PREWRITE); 1181 sc->qfullmsk &= ~(1 << ring->qid); 1182 ring->queued = 0; 1183 ring->cur = 0; 1184} 1185 1186static void 1187iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1188{ 1189 int i; 1190 1191 iwm_dma_contig_free(&ring->desc_dma); 1192 iwm_dma_contig_free(&ring->cmd_dma); 1193 1194 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1195 struct iwm_tx_data *data = &ring->data[i]; 1196 1197 if (data->m != NULL) { 1198 bus_dmamap_sync(ring->data_dmat, data->map, 1199 BUS_DMASYNC_POSTWRITE); 1200 bus_dmamap_unload(ring->data_dmat, data->map); 1201 m_freem(data->m); 1202 data->m = NULL; 1203 } 1204 if (data->map != NULL) { 1205 bus_dmamap_destroy(ring->data_dmat, data->map); 1206 data->map = NULL; 1207 } 1208 } 1209 if (ring->data_dmat != NULL) { 1210 bus_dma_tag_destroy(ring->data_dmat); 1211 ring->data_dmat = NULL; 1212 } 1213} 1214 1215/* 1216 * High-level hardware frobbing routines 1217 */ 1218 1219static void 1220iwm_enable_interrupts(struct iwm_softc *sc) 1221{ 1222 sc->sc_intmask = IWM_CSR_INI_SET_MASK; 1223 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1224} 1225 1226static void 1227iwm_restore_interrupts(struct iwm_softc *sc) 1228{ 1229 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1230} 1231 1232static void 1233iwm_disable_interrupts(struct iwm_softc *sc) 1234{ 1235 /* disable interrupts */ 1236 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 1237 1238 /* acknowledge all interrupts */ 1239 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1240 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0); 1241} 1242 1243static void 1244iwm_ict_reset(struct iwm_softc *sc) 1245{ 1246 iwm_disable_interrupts(sc); 1247 1248 /* Reset ICT table. */ 1249 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE); 1250 sc->ict_cur = 0; 1251 1252 /* Set physical address of ICT table (4KB aligned). */ 1253 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG, 1254 IWM_CSR_DRAM_INT_TBL_ENABLE 1255 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER 1256 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK 1257 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT); 1258 1259 /* Switch to ICT interrupt mode in driver. */ 1260 sc->sc_flags |= IWM_FLAG_USE_ICT; 1261 1262 /* Re-enable interrupts. */ 1263 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1264 iwm_enable_interrupts(sc); 1265} 1266 1267/* iwlwifi pcie/trans.c */ 1268 1269/* 1270 * Since this .. hard-resets things, it's time to actually 1271 * mark the first vap (if any) as having no mac context. 1272 * It's annoying, but since the driver is potentially being 1273 * stop/start'ed whilst active (thanks openbsd port!) we 1274 * have to correctly track this. 1275 */ 1276static void 1277iwm_stop_device(struct iwm_softc *sc) 1278{ 1279 struct ieee80211com *ic = &sc->sc_ic; 1280 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1281 int chnl, qid; 1282 uint32_t mask = 0; 1283 1284 /* tell the device to stop sending interrupts */ 1285 iwm_disable_interrupts(sc); 1286 1287 /* 1288 * FreeBSD-local: mark the first vap as not-uploaded, 1289 * so the next transition through auth/assoc 1290 * will correctly populate the MAC context. 1291 */ 1292 if (vap) { 1293 struct iwm_vap *iv = IWM_VAP(vap); 1294 iv->is_uploaded = 0; 1295 } 1296 1297 /* device going down, Stop using ICT table */ 1298 sc->sc_flags &= ~IWM_FLAG_USE_ICT; 1299 1300 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */ 1301 1302 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1303 1304 if (iwm_nic_lock(sc)) { 1305 /* Stop each Tx DMA channel */ 1306 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1307 IWM_WRITE(sc, 1308 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0); 1309 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl); 1310 } 1311 1312 /* Wait for DMA channels to be idle */ 1313 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask, 1314 5000)) { 1315 device_printf(sc->sc_dev, 1316 "Failing on timeout while stopping DMA channel: [0x%08x]\n", 1317 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG)); 1318 } 1319 iwm_nic_unlock(sc); 1320 } 1321 iwm_disable_rx_dma(sc); 1322 1323 /* Stop RX ring. */ 1324 iwm_reset_rx_ring(sc, &sc->rxq); 1325 1326 /* Reset all TX rings. */ 1327 for (qid = 0; qid < nitems(sc->txq); qid++) 1328 iwm_reset_tx_ring(sc, &sc->txq[qid]); 1329 1330 /* 1331 * Power-down device's busmaster DMA clocks 1332 */ 1333 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, IWM_APMG_CLK_VAL_DMA_CLK_RQT); 1334 DELAY(5); 1335 1336 /* Make sure (redundant) we've released our request to stay awake */ 1337 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 1338 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1339 1340 /* Stop the device, and put it in low power state */ 1341 iwm_apm_stop(sc); 1342 1343 /* Upon stop, the APM issues an interrupt if HW RF kill is set. 1344 * Clean again the interrupt here 1345 */ 1346 iwm_disable_interrupts(sc); 1347 /* stop and reset the on-board processor */ 1348 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET); 1349 1350 /* 1351 * Even if we stop the HW, we still want the RF kill 1352 * interrupt 1353 */ 1354 iwm_enable_rfkill_int(sc); 1355 iwm_check_rfkill(sc); 1356} 1357 1358/* iwlwifi: mvm/ops.c */ 1359static void 1360iwm_mvm_nic_config(struct iwm_softc *sc) 1361{ 1362 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash; 1363 uint32_t reg_val = 0; 1364 1365 radio_cfg_type = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >> 1366 IWM_FW_PHY_CFG_RADIO_TYPE_POS; 1367 radio_cfg_step = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >> 1368 IWM_FW_PHY_CFG_RADIO_STEP_POS; 1369 radio_cfg_dash = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >> 1370 IWM_FW_PHY_CFG_RADIO_DASH_POS; 1371 1372 /* SKU control */ 1373 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) << 1374 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP; 1375 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) << 1376 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH; 1377 1378 /* radio configuration */ 1379 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE; 1380 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP; 1381 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH; 1382 1383 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val); 1384 1385 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1386 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type, 1387 radio_cfg_step, radio_cfg_dash); 1388 1389 /* 1390 * W/A : NIC is stuck in a reset state after Early PCIe power off 1391 * (PCIe power is lost before PERST# is asserted), causing ME FW 1392 * to lose ownership and not being able to obtain it back. 1393 */ 1394 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 1395 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG, 1396 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS, 1397 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS); 1398 } 1399} 1400 1401static int 1402iwm_nic_rx_init(struct iwm_softc *sc) 1403{ 1404 if (!iwm_nic_lock(sc)) 1405 return EBUSY; 1406 1407 /* 1408 * Initialize RX ring. This is from the iwn driver. 1409 */ 1410 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1411 1412 /* stop DMA */ 1413 iwm_disable_rx_dma(sc); 1414 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0); 1415 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0); 1416 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0); 1417 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0); 1418 1419 /* Set physical address of RX ring (256-byte aligned). */ 1420 IWM_WRITE(sc, 1421 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8); 1422 1423 /* Set physical address of RX status (16-byte aligned). */ 1424 IWM_WRITE(sc, 1425 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4); 1426 1427 /* Enable RX. */ 1428 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 1429 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL | 1430 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */ 1431 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL | 1432 IWM_FH_RCSR_CHNL0_RX_CONFIG_SINGLE_FRAME_MSK | 1433 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) | 1434 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K | 1435 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS); 1436 1437 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF); 1438 1439 /* W/A for interrupt coalescing bug in 7260 and 3160 */ 1440 if (sc->host_interrupt_operation_mode) 1441 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE); 1442 1443 /* 1444 * Thus sayeth el jefe (iwlwifi) via a comment: 1445 * 1446 * This value should initially be 0 (before preparing any 1447 * RBs), should be 8 after preparing the first 8 RBs (for example) 1448 */ 1449 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8); 1450 1451 iwm_nic_unlock(sc); 1452 1453 return 0; 1454} 1455 1456static int 1457iwm_nic_tx_init(struct iwm_softc *sc) 1458{ 1459 int qid; 1460 1461 if (!iwm_nic_lock(sc)) 1462 return EBUSY; 1463 1464 /* Deactivate TX scheduler. */ 1465 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1466 1467 /* Set physical address of "keep warm" page (16-byte aligned). */ 1468 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4); 1469 1470 /* Initialize TX rings. */ 1471 for (qid = 0; qid < nitems(sc->txq); qid++) { 1472 struct iwm_tx_ring *txq = &sc->txq[qid]; 1473 1474 /* Set physical address of TX ring (256-byte aligned). */ 1475 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid), 1476 txq->desc_dma.paddr >> 8); 1477 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 1478 "%s: loading ring %d descriptors (%p) at %lx\n", 1479 __func__, 1480 qid, txq->desc, 1481 (unsigned long) (txq->desc_dma.paddr >> 8)); 1482 } 1483 1484 iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE); 1485 1486 iwm_nic_unlock(sc); 1487 1488 return 0; 1489} 1490 1491static int 1492iwm_nic_init(struct iwm_softc *sc) 1493{ 1494 int error; 1495 1496 iwm_apm_init(sc); 1497 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 1498 iwm_set_pwr(sc); 1499 1500 iwm_mvm_nic_config(sc); 1501 1502 if ((error = iwm_nic_rx_init(sc)) != 0) 1503 return error; 1504 1505 /* 1506 * Ditto for TX, from iwn 1507 */ 1508 if ((error = iwm_nic_tx_init(sc)) != 0) 1509 return error; 1510 1511 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1512 "%s: shadow registers enabled\n", __func__); 1513 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff); 1514 1515 return 0; 1516} 1517 1518const uint8_t iwm_mvm_ac_to_tx_fifo[] = { 1519 IWM_MVM_TX_FIFO_VO, 1520 IWM_MVM_TX_FIFO_VI, 1521 IWM_MVM_TX_FIFO_BE, 1522 IWM_MVM_TX_FIFO_BK, 1523}; 1524 1525static int 1526iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo) 1527{ 1528 if (!iwm_nic_lock(sc)) { 1529 device_printf(sc->sc_dev, 1530 "%s: cannot enable txq %d\n", 1531 __func__, 1532 qid); 1533 return EBUSY; 1534 } 1535 1536 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0); 1537 1538 if (qid == IWM_MVM_CMD_QUEUE) { 1539 /* unactivate before configuration */ 1540 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1541 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) 1542 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN)); 1543 1544 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid)); 1545 1546 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0); 1547 1548 iwm_write_mem32(sc, sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0); 1549 /* Set scheduler window size and frame limit. */ 1550 iwm_write_mem32(sc, 1551 sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) + 1552 sizeof(uint32_t), 1553 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) & 1554 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) | 1555 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) & 1556 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK)); 1557 1558 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1559 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) | 1560 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) | 1561 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) | 1562 IWM_SCD_QUEUE_STTS_REG_MSK); 1563 } else { 1564 struct iwm_scd_txq_cfg_cmd cmd; 1565 int error; 1566 1567 iwm_nic_unlock(sc); 1568 1569 memset(&cmd, 0, sizeof(cmd)); 1570 cmd.scd_queue = qid; 1571 cmd.enable = 1; 1572 cmd.sta_id = sta_id; 1573 cmd.tx_fifo = fifo; 1574 cmd.aggregate = 0; 1575 cmd.window = IWM_FRAME_LIMIT; 1576 1577 error = iwm_mvm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC, 1578 sizeof(cmd), &cmd); 1579 if (error) { 1580 device_printf(sc->sc_dev, 1581 "cannot enable txq %d\n", qid); 1582 return error; 1583 } 1584 1585 if (!iwm_nic_lock(sc)) 1586 return EBUSY; 1587 } 1588 1589 iwm_write_prph(sc, IWM_SCD_EN_CTRL, 1590 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid); 1591 1592 iwm_nic_unlock(sc); 1593 1594 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n", 1595 __func__, qid, fifo); 1596 1597 return 0; 1598} 1599 1600static int 1601iwm_post_alive(struct iwm_softc *sc) 1602{ 1603 int nwords; 1604 int error, chnl; 1605 uint32_t base; 1606 1607 if (!iwm_nic_lock(sc)) 1608 return EBUSY; 1609 1610 base = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR); 1611 if (sc->sched_base != base) { 1612 device_printf(sc->sc_dev, 1613 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n", 1614 __func__, sc->sched_base, base); 1615 } 1616 1617 iwm_ict_reset(sc); 1618 1619 /* Clear TX scheduler state in SRAM. */ 1620 nwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND - 1621 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) 1622 / sizeof(uint32_t); 1623 error = iwm_write_mem(sc, 1624 sc->sched_base + IWM_SCD_CONTEXT_MEM_LOWER_BOUND, 1625 NULL, nwords); 1626 if (error) 1627 goto out; 1628 1629 /* Set physical address of TX scheduler rings (1KB aligned). */ 1630 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10); 1631 1632 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0); 1633 1634 iwm_nic_unlock(sc); 1635 1636 /* enable command channel */ 1637 error = iwm_enable_txq(sc, 0 /* unused */, IWM_MVM_CMD_QUEUE, 7); 1638 if (error) 1639 return error; 1640 1641 if (!iwm_nic_lock(sc)) 1642 return EBUSY; 1643 1644 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff); 1645 1646 /* Enable DMA channels. */ 1647 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1648 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 1649 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 1650 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE); 1651 } 1652 1653 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG, 1654 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN); 1655 1656 /* Enable L1-Active */ 1657 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) { 1658 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG, 1659 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS); 1660 } 1661 1662 out: 1663 iwm_nic_unlock(sc); 1664 return error; 1665} 1666 1667/* 1668 * NVM read access and content parsing. We do not support 1669 * external NVM or writing NVM. 1670 * iwlwifi/mvm/nvm.c 1671 */ 1672 1673/* list of NVM sections we are allowed/need to read */ 1674const int nvm_to_read[] = { 1675 IWM_NVM_SECTION_TYPE_HW, 1676 IWM_NVM_SECTION_TYPE_SW, 1677 IWM_NVM_SECTION_TYPE_REGULATORY, 1678 IWM_NVM_SECTION_TYPE_CALIBRATION, 1679 IWM_NVM_SECTION_TYPE_PRODUCTION, 1680 IWM_NVM_SECTION_TYPE_HW_8000, 1681 IWM_NVM_SECTION_TYPE_MAC_OVERRIDE, 1682 IWM_NVM_SECTION_TYPE_PHY_SKU, 1683}; 1684 1685/* Default NVM size to read */ 1686#define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024) 1687#define IWM_MAX_NVM_SECTION_SIZE 8192 1688 1689#define IWM_NVM_WRITE_OPCODE 1 1690#define IWM_NVM_READ_OPCODE 0 1691 1692/* load nvm chunk response */ 1693#define IWM_READ_NVM_CHUNK_SUCCEED 0 1694#define IWM_READ_NVM_CHUNK_INVALID_ADDRESS 1 1695 1696static int 1697iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section, 1698 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len) 1699{ 1700 offset = 0; 1701 struct iwm_nvm_access_cmd nvm_access_cmd = { 1702 .offset = htole16(offset), 1703 .length = htole16(length), 1704 .type = htole16(section), 1705 .op_code = IWM_NVM_READ_OPCODE, 1706 }; 1707 struct iwm_nvm_access_resp *nvm_resp; 1708 struct iwm_rx_packet *pkt; 1709 struct iwm_host_cmd cmd = { 1710 .id = IWM_NVM_ACCESS_CMD, 1711 .flags = IWM_CMD_SYNC | IWM_CMD_WANT_SKB | 1712 IWM_CMD_SEND_IN_RFKILL, 1713 .data = { &nvm_access_cmd, }, 1714 }; 1715 int ret, offset_read; 1716 size_t bytes_read; 1717 uint8_t *resp_data; 1718 1719 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd); 1720 1721 ret = iwm_send_cmd(sc, &cmd); 1722 if (ret) { 1723 device_printf(sc->sc_dev, 1724 "Could not send NVM_ACCESS command (error=%d)\n", ret); 1725 return ret; 1726 } 1727 1728 pkt = cmd.resp_pkt; 1729 if (pkt->hdr.flags & IWM_CMD_FAILED_MSK) { 1730 device_printf(sc->sc_dev, 1731 "Bad return from IWM_NVM_ACCES_COMMAND (0x%08X)\n", 1732 pkt->hdr.flags); 1733 ret = EIO; 1734 goto exit; 1735 } 1736 1737 /* Extract NVM response */ 1738 nvm_resp = (void *)pkt->data; 1739 1740 ret = le16toh(nvm_resp->status); 1741 bytes_read = le16toh(nvm_resp->length); 1742 offset_read = le16toh(nvm_resp->offset); 1743 resp_data = nvm_resp->data; 1744 if (ret) { 1745 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1746 "NVM access command failed with status %d\n", ret); 1747 ret = EINVAL; 1748 goto exit; 1749 } 1750 1751 if (offset_read != offset) { 1752 device_printf(sc->sc_dev, 1753 "NVM ACCESS response with invalid offset %d\n", 1754 offset_read); 1755 ret = EINVAL; 1756 goto exit; 1757 } 1758 1759 if (bytes_read > length) { 1760 device_printf(sc->sc_dev, 1761 "NVM ACCESS response with too much data " 1762 "(%d bytes requested, %zd bytes received)\n", 1763 length, bytes_read); 1764 ret = EINVAL; 1765 goto exit; 1766 } 1767 1768 memcpy(data + offset, resp_data, bytes_read); 1769 *len = bytes_read; 1770 1771 exit: 1772 iwm_free_resp(sc, &cmd); 1773 return ret; 1774} 1775 1776/* 1777 * Reads an NVM section completely. 1778 * NICs prior to 7000 family don't have a real NVM, but just read 1779 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited 1780 * by uCode, we need to manually check in this case that we don't 1781 * overflow and try to read more than the EEPROM size. 1782 * For 7000 family NICs, we supply the maximal size we can read, and 1783 * the uCode fills the response with as much data as we can, 1784 * without overflowing, so no check is needed. 1785 */ 1786static int 1787iwm_nvm_read_section(struct iwm_softc *sc, 1788 uint16_t section, uint8_t *data, uint16_t *len, size_t max_len) 1789{ 1790 uint16_t chunklen, seglen; 1791 int error = 0; 1792 1793 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1794 "reading NVM section %d\n", section); 1795 1796 chunklen = seglen = IWM_NVM_DEFAULT_CHUNK_SIZE; 1797 *len = 0; 1798 1799 /* Read NVM chunks until exhausted (reading less than requested) */ 1800 while (seglen == chunklen && *len < max_len) { 1801 error = iwm_nvm_read_chunk(sc, 1802 section, *len, chunklen, data, &seglen); 1803 if (error) { 1804 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1805 "Cannot read from NVM section " 1806 "%d at offset %d\n", section, *len); 1807 return error; 1808 } 1809 *len += seglen; 1810 } 1811 1812 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1813 "NVM section %d read completed (%d bytes, error=%d)\n", 1814 section, *len, error); 1815 return error; 1816} 1817 1818/* 1819 * BEGIN IWM_NVM_PARSE 1820 */ 1821 1822/* iwlwifi/iwl-nvm-parse.c */ 1823 1824/* NVM offsets (in words) definitions */ 1825enum iwm_nvm_offsets { 1826 /* NVM HW-Section offset (in words) definitions */ 1827 IWM_HW_ADDR = 0x15, 1828 1829/* NVM SW-Section offset (in words) definitions */ 1830 IWM_NVM_SW_SECTION = 0x1C0, 1831 IWM_NVM_VERSION = 0, 1832 IWM_RADIO_CFG = 1, 1833 IWM_SKU = 2, 1834 IWM_N_HW_ADDRS = 3, 1835 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION, 1836 1837/* NVM calibration section offset (in words) definitions */ 1838 IWM_NVM_CALIB_SECTION = 0x2B8, 1839 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION 1840}; 1841 1842enum iwm_8000_nvm_offsets { 1843 /* NVM HW-Section offset (in words) definitions */ 1844 IWM_HW_ADDR0_WFPM_8000 = 0x12, 1845 IWM_HW_ADDR1_WFPM_8000 = 0x16, 1846 IWM_HW_ADDR0_PCIE_8000 = 0x8A, 1847 IWM_HW_ADDR1_PCIE_8000 = 0x8E, 1848 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1, 1849 1850 /* NVM SW-Section offset (in words) definitions */ 1851 IWM_NVM_SW_SECTION_8000 = 0x1C0, 1852 IWM_NVM_VERSION_8000 = 0, 1853 IWM_RADIO_CFG_8000 = 0, 1854 IWM_SKU_8000 = 2, 1855 IWM_N_HW_ADDRS_8000 = 3, 1856 1857 /* NVM REGULATORY -Section offset (in words) definitions */ 1858 IWM_NVM_CHANNELS_8000 = 0, 1859 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7, 1860 IWM_NVM_LAR_OFFSET_8000 = 0x507, 1861 IWM_NVM_LAR_ENABLED_8000 = 0x7, 1862 1863 /* NVM calibration section offset (in words) definitions */ 1864 IWM_NVM_CALIB_SECTION_8000 = 0x2B8, 1865 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000 1866}; 1867 1868/* SKU Capabilities (actual values from NVM definition) */ 1869enum nvm_sku_bits { 1870 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0), 1871 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1), 1872 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2), 1873 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3), 1874}; 1875 1876/* radio config bits (actual values from NVM definition) */ 1877#define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */ 1878#define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */ 1879#define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */ 1880#define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */ 1881#define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */ 1882#define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */ 1883 1884#define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF) 1885#define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF) 1886#define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF) 1887#define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF) 1888#define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF) 1889#define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF) 1890 1891#define DEFAULT_MAX_TX_POWER 16 1892 1893/** 1894 * enum iwm_nvm_channel_flags - channel flags in NVM 1895 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo 1896 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel 1897 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed 1898 * @IWM_NVM_CHANNEL_RADAR: radar detection required 1899 * XXX cannot find this (DFS) flag in iwl-nvm-parse.c 1900 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate 1901 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?) 1902 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?) 1903 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?) 1904 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?) 1905 */ 1906enum iwm_nvm_channel_flags { 1907 IWM_NVM_CHANNEL_VALID = (1 << 0), 1908 IWM_NVM_CHANNEL_IBSS = (1 << 1), 1909 IWM_NVM_CHANNEL_ACTIVE = (1 << 3), 1910 IWM_NVM_CHANNEL_RADAR = (1 << 4), 1911 IWM_NVM_CHANNEL_DFS = (1 << 7), 1912 IWM_NVM_CHANNEL_WIDE = (1 << 8), 1913 IWM_NVM_CHANNEL_40MHZ = (1 << 9), 1914 IWM_NVM_CHANNEL_80MHZ = (1 << 10), 1915 IWM_NVM_CHANNEL_160MHZ = (1 << 11), 1916}; 1917 1918/* 1919 * Translate EEPROM flags to net80211. 1920 */ 1921static uint32_t 1922iwm_eeprom_channel_flags(uint16_t ch_flags) 1923{ 1924 uint32_t nflags; 1925 1926 nflags = 0; 1927 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0) 1928 nflags |= IEEE80211_CHAN_PASSIVE; 1929 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0) 1930 nflags |= IEEE80211_CHAN_NOADHOC; 1931 if (ch_flags & IWM_NVM_CHANNEL_RADAR) { 1932 nflags |= IEEE80211_CHAN_DFS; 1933 /* Just in case. */ 1934 nflags |= IEEE80211_CHAN_NOADHOC; 1935 } 1936 1937 return (nflags); 1938} 1939 1940static void 1941iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[], 1942 int maxchans, int *nchans, int ch_idx, size_t ch_num, 1943 const uint8_t bands[]) 1944{ 1945 const uint16_t * const nvm_ch_flags = sc->sc_nvm.nvm_ch_flags; 1946 uint32_t nflags; 1947 uint16_t ch_flags; 1948 uint8_t ieee; 1949 int error; 1950 1951 for (; ch_idx < ch_num; ch_idx++) { 1952 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx); 1953 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 1954 ieee = iwm_nvm_channels[ch_idx]; 1955 else 1956 ieee = iwm_nvm_channels_8000[ch_idx]; 1957 1958 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) { 1959 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 1960 "Ch. %d Flags %x [%sGHz] - No traffic\n", 1961 ieee, ch_flags, 1962 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 1963 "5.2" : "2.4"); 1964 continue; 1965 } 1966 1967 nflags = iwm_eeprom_channel_flags(ch_flags); 1968 error = ieee80211_add_channel(chans, maxchans, nchans, 1969 ieee, 0, 0, nflags, bands); 1970 if (error != 0) 1971 break; 1972 1973 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 1974 "Ch. %d Flags %x [%sGHz] - Added\n", 1975 ieee, ch_flags, 1976 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 1977 "5.2" : "2.4"); 1978 } 1979} 1980 1981static void 1982iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans, 1983 struct ieee80211_channel chans[]) 1984{ 1985 struct iwm_softc *sc = ic->ic_softc; 1986 struct iwm_nvm_data *data = &sc->sc_nvm; 1987 uint8_t bands[IEEE80211_MODE_BYTES]; 1988 size_t ch_num; 1989 1990 memset(bands, 0, sizeof(bands)); 1991 /* 1-13: 11b/g channels. */ 1992 setbit(bands, IEEE80211_MODE_11B); 1993 setbit(bands, IEEE80211_MODE_11G); 1994 iwm_add_channel_band(sc, chans, maxchans, nchans, 0, 1995 IWM_NUM_2GHZ_CHANNELS - 1, bands); 1996 1997 /* 14: 11b channel only. */ 1998 clrbit(bands, IEEE80211_MODE_11G); 1999 iwm_add_channel_band(sc, chans, maxchans, nchans, 2000 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands); 2001 2002 if (data->sku_cap_band_52GHz_enable) { 2003 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 2004 ch_num = nitems(iwm_nvm_channels); 2005 else 2006 ch_num = nitems(iwm_nvm_channels_8000); 2007 memset(bands, 0, sizeof(bands)); 2008 setbit(bands, IEEE80211_MODE_11A); 2009 iwm_add_channel_band(sc, chans, maxchans, nchans, 2010 IWM_NUM_2GHZ_CHANNELS, ch_num, bands); 2011 } 2012} 2013 2014static void 2015iwm_set_hw_address_8000(struct iwm_softc *sc, struct iwm_nvm_data *data, 2016 const uint16_t *mac_override, const uint16_t *nvm_hw) 2017{ 2018 const uint8_t *hw_addr; 2019 2020 if (mac_override) { 2021 static const uint8_t reserved_mac[] = { 2022 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00 2023 }; 2024 2025 hw_addr = (const uint8_t *)(mac_override + 2026 IWM_MAC_ADDRESS_OVERRIDE_8000); 2027 2028 /* 2029 * Store the MAC address from MAO section. 2030 * No byte swapping is required in MAO section 2031 */ 2032 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr); 2033 2034 /* 2035 * Force the use of the OTP MAC address in case of reserved MAC 2036 * address in the NVM, or if address is given but invalid. 2037 */ 2038 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) && 2039 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) && 2040 iwm_is_valid_ether_addr(data->hw_addr) && 2041 !IEEE80211_IS_MULTICAST(data->hw_addr)) 2042 return; 2043 2044 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2045 "%s: mac address from nvm override section invalid\n", 2046 __func__); 2047 } 2048 2049 if (nvm_hw) { 2050 /* read the mac address from WFMP registers */ 2051 uint32_t mac_addr0 = 2052 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0)); 2053 uint32_t mac_addr1 = 2054 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1)); 2055 2056 hw_addr = (const uint8_t *)&mac_addr0; 2057 data->hw_addr[0] = hw_addr[3]; 2058 data->hw_addr[1] = hw_addr[2]; 2059 data->hw_addr[2] = hw_addr[1]; 2060 data->hw_addr[3] = hw_addr[0]; 2061 2062 hw_addr = (const uint8_t *)&mac_addr1; 2063 data->hw_addr[4] = hw_addr[1]; 2064 data->hw_addr[5] = hw_addr[0]; 2065 2066 return; 2067 } 2068 2069 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__); 2070 memset(data->hw_addr, 0, sizeof(data->hw_addr)); 2071} 2072 2073static int 2074iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2075 const uint16_t *phy_sku) 2076{ 2077 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) 2078 return le16_to_cpup(nvm_sw + IWM_SKU); 2079 2080 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000)); 2081} 2082 2083static int 2084iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2085{ 2086 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) 2087 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION); 2088 else 2089 return le32_to_cpup((const uint32_t *)(nvm_sw + 2090 IWM_NVM_VERSION_8000)); 2091} 2092 2093static int 2094iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2095 const uint16_t *phy_sku) 2096{ 2097 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) 2098 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG); 2099 2100 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000)); 2101} 2102 2103static int 2104iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2105{ 2106 int n_hw_addr; 2107 2108 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) 2109 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS); 2110 2111 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000)); 2112 2113 return n_hw_addr & IWM_N_HW_ADDR_MASK; 2114} 2115 2116static void 2117iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data, 2118 uint32_t radio_cfg) 2119{ 2120 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) { 2121 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg); 2122 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg); 2123 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg); 2124 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg); 2125 return; 2126 } 2127 2128 /* set the radio configuration for family 8000 */ 2129 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg); 2130 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg); 2131 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg); 2132 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg); 2133 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg); 2134 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg); 2135} 2136 2137static int 2138iwm_parse_nvm_data(struct iwm_softc *sc, 2139 const uint16_t *nvm_hw, const uint16_t *nvm_sw, 2140 const uint16_t *nvm_calib, const uint16_t *mac_override, 2141 const uint16_t *phy_sku, const uint16_t *regulatory) 2142{ 2143 struct iwm_nvm_data *data = &sc->sc_nvm; 2144 uint8_t hw_addr[IEEE80211_ADDR_LEN]; 2145 uint32_t sku, radio_cfg; 2146 2147 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw); 2148 2149 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku); 2150 iwm_set_radio_cfg(sc, data, radio_cfg); 2151 2152 sku = iwm_get_sku(sc, nvm_sw, phy_sku); 2153 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ; 2154 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ; 2155 data->sku_cap_11n_enable = 0; 2156 2157 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw); 2158 2159 /* The byte order is little endian 16 bit, meaning 214365 */ 2160 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 2161 IEEE80211_ADDR_COPY(hw_addr, nvm_hw + IWM_HW_ADDR); 2162 data->hw_addr[0] = hw_addr[1]; 2163 data->hw_addr[1] = hw_addr[0]; 2164 data->hw_addr[2] = hw_addr[3]; 2165 data->hw_addr[3] = hw_addr[2]; 2166 data->hw_addr[4] = hw_addr[5]; 2167 data->hw_addr[5] = hw_addr[4]; 2168 } else { 2169 iwm_set_hw_address_8000(sc, data, mac_override, nvm_hw); 2170 } 2171 2172 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 2173 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS], 2174 IWM_NUM_CHANNELS * sizeof(uint16_t)); 2175 } else { 2176 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000], 2177 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t)); 2178 } 2179 data->calib_version = 255; /* TODO: 2180 this value will prevent some checks from 2181 failing, we need to check if this 2182 field is still needed, and if it does, 2183 where is it in the NVM */ 2184 2185 return 0; 2186} 2187 2188/* 2189 * END NVM PARSE 2190 */ 2191 2192static int 2193iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections) 2194{ 2195 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku; 2196 2197 /* Checking for required sections */ 2198 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 2199 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2200 !sections[IWM_NVM_SECTION_TYPE_HW].data) { 2201 device_printf(sc->sc_dev, 2202 "Can't parse empty OTP/NVM sections\n"); 2203 return ENOENT; 2204 } 2205 2206 hw = (const uint16_t *) sections[IWM_NVM_SECTION_TYPE_HW].data; 2207 } else if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) { 2208 /* SW and REGULATORY sections are mandatory */ 2209 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2210 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) { 2211 device_printf(sc->sc_dev, 2212 "Can't parse empty OTP/NVM sections\n"); 2213 return ENOENT; 2214 } 2215 /* MAC_OVERRIDE or at least HW section must exist */ 2216 if (!sections[IWM_NVM_SECTION_TYPE_HW_8000].data && 2217 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) { 2218 device_printf(sc->sc_dev, 2219 "Can't parse mac_address, empty sections\n"); 2220 return ENOENT; 2221 } 2222 2223 /* PHY_SKU section is mandatory in B0 */ 2224 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) { 2225 device_printf(sc->sc_dev, 2226 "Can't parse phy_sku in B0, empty sections\n"); 2227 return ENOENT; 2228 } 2229 2230 hw = (const uint16_t *) 2231 sections[IWM_NVM_SECTION_TYPE_HW_8000].data; 2232 } else { 2233 panic("unknown device family %d\n", sc->sc_device_family); 2234 } 2235 2236 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data; 2237 calib = (const uint16_t *) 2238 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data; 2239 regulatory = (const uint16_t *) 2240 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data; 2241 mac_override = (const uint16_t *) 2242 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data; 2243 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data; 2244 2245 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override, 2246 phy_sku, regulatory); 2247} 2248 2249static int 2250iwm_nvm_init(struct iwm_softc *sc) 2251{ 2252 struct iwm_nvm_section nvm_sections[IWM_NVM_NUM_OF_SECTIONS]; 2253 int i, section, error; 2254 uint16_t len; 2255 uint8_t *buf; 2256 const size_t bufsz = IWM_MAX_NVM_SECTION_SIZE; 2257 2258 memset(nvm_sections, 0 , sizeof(nvm_sections)); 2259 2260 buf = malloc(bufsz, M_DEVBUF, M_NOWAIT); 2261 if (buf == NULL) 2262 return ENOMEM; 2263 2264 for (i = 0; i < nitems(nvm_to_read); i++) { 2265 section = nvm_to_read[i]; 2266 KASSERT(section <= nitems(nvm_sections), 2267 ("too many sections")); 2268 2269 error = iwm_nvm_read_section(sc, section, buf, &len, bufsz); 2270 if (error) { 2271 error = 0; 2272 continue; 2273 } 2274 nvm_sections[section].data = malloc(len, M_DEVBUF, M_NOWAIT); 2275 if (nvm_sections[section].data == NULL) { 2276 error = ENOMEM; 2277 break; 2278 } 2279 memcpy(nvm_sections[section].data, buf, len); 2280 nvm_sections[section].length = len; 2281 } 2282 free(buf, M_DEVBUF); 2283 if (error == 0) 2284 error = iwm_parse_nvm_sections(sc, nvm_sections); 2285 2286 for (i = 0; i < IWM_NVM_NUM_OF_SECTIONS; i++) { 2287 if (nvm_sections[i].data != NULL) 2288 free(nvm_sections[i].data, M_DEVBUF); 2289 } 2290 2291 return error; 2292} 2293 2294/* 2295 * Firmware loading gunk. This is kind of a weird hybrid between the 2296 * iwn driver and the Linux iwlwifi driver. 2297 */ 2298 2299static int 2300iwm_firmware_load_sect(struct iwm_softc *sc, uint32_t dst_addr, 2301 const uint8_t *section, uint32_t byte_cnt) 2302{ 2303 int error = EINVAL; 2304 uint32_t chunk_sz, offset; 2305 2306 chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, byte_cnt); 2307 2308 for (offset = 0; offset < byte_cnt; offset += chunk_sz) { 2309 uint32_t addr, len; 2310 const uint8_t *data; 2311 2312 addr = dst_addr + offset; 2313 len = MIN(chunk_sz, byte_cnt - offset); 2314 data = section + offset; 2315 2316 error = iwm_firmware_load_chunk(sc, addr, data, len); 2317 if (error) 2318 break; 2319 } 2320 2321 return error; 2322} 2323 2324static int 2325iwm_firmware_load_chunk(struct iwm_softc *sc, uint32_t dst_addr, 2326 const uint8_t *chunk, uint32_t byte_cnt) 2327{ 2328 struct iwm_dma_info *dma = &sc->fw_dma; 2329 int error; 2330 2331 /* Copy firmware chunk into pre-allocated DMA-safe memory. */ 2332 memcpy(dma->vaddr, chunk, byte_cnt); 2333 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 2334 2335 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 2336 dst_addr <= IWM_FW_MEM_EXTENDED_END) { 2337 iwm_set_bits_prph(sc, IWM_LMPM_CHICK, 2338 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2339 } 2340 2341 sc->sc_fw_chunk_done = 0; 2342 2343 if (!iwm_nic_lock(sc)) 2344 return EBUSY; 2345 2346 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2347 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE); 2348 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL), 2349 dst_addr); 2350 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL), 2351 dma->paddr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK); 2352 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL), 2353 (iwm_get_dma_hi_addr(dma->paddr) 2354 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt); 2355 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL), 2356 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM | 2357 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX | 2358 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID); 2359 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2360 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 2361 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE | 2362 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD); 2363 2364 iwm_nic_unlock(sc); 2365 2366 /* wait 1s for this segment to load */ 2367 while (!sc->sc_fw_chunk_done) 2368 if ((error = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz)) != 0) 2369 break; 2370 2371 if (!sc->sc_fw_chunk_done) { 2372 device_printf(sc->sc_dev, 2373 "fw chunk addr 0x%x len %d failed to load\n", 2374 dst_addr, byte_cnt); 2375 } 2376 2377 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 2378 dst_addr <= IWM_FW_MEM_EXTENDED_END && iwm_nic_lock(sc)) { 2379 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK, 2380 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2381 iwm_nic_unlock(sc); 2382 } 2383 2384 return error; 2385} 2386 2387int 2388iwm_load_cpu_sections_8000(struct iwm_softc *sc, struct iwm_fw_sects *fws, 2389 int cpu, int *first_ucode_section) 2390{ 2391 int shift_param; 2392 int i, error = 0, sec_num = 0x1; 2393 uint32_t val, last_read_idx = 0; 2394 const void *data; 2395 uint32_t dlen; 2396 uint32_t offset; 2397 2398 if (cpu == 1) { 2399 shift_param = 0; 2400 *first_ucode_section = 0; 2401 } else { 2402 shift_param = 16; 2403 (*first_ucode_section)++; 2404 } 2405 2406 for (i = *first_ucode_section; i < IWM_UCODE_SECT_MAX; i++) { 2407 last_read_idx = i; 2408 data = fws->fw_sect[i].fws_data; 2409 dlen = fws->fw_sect[i].fws_len; 2410 offset = fws->fw_sect[i].fws_devoff; 2411 2412 /* 2413 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between 2414 * CPU1 to CPU2. 2415 * PAGING_SEPARATOR_SECTION delimiter - separate between 2416 * CPU2 non paged to CPU2 paging sec. 2417 */ 2418 if (!data || offset == IWM_CPU1_CPU2_SEPARATOR_SECTION || 2419 offset == IWM_PAGING_SEPARATOR_SECTION) 2420 break; 2421 2422 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2423 "LOAD FIRMWARE chunk %d offset 0x%x len %d for cpu %d\n", 2424 i, offset, dlen, cpu); 2425 2426 if (dlen > sc->sc_fwdmasegsz) { 2427 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2428 "chunk %d too large (%d bytes)\n", i, dlen); 2429 error = EFBIG; 2430 } else { 2431 error = iwm_firmware_load_sect(sc, offset, data, dlen); 2432 } 2433 if (error) { 2434 device_printf(sc->sc_dev, 2435 "could not load firmware chunk %d (error %d)\n", 2436 i, error); 2437 return error; 2438 } 2439 2440 /* Notify the ucode of the loaded section number and status */ 2441 if (iwm_nic_lock(sc)) { 2442 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS); 2443 val = val | (sec_num << shift_param); 2444 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val); 2445 sec_num = (sec_num << 1) | 0x1; 2446 iwm_nic_unlock(sc); 2447 2448 /* 2449 * The firmware won't load correctly without this delay. 2450 */ 2451 DELAY(8000); 2452 } 2453 } 2454 2455 *first_ucode_section = last_read_idx; 2456 2457 if (iwm_nic_lock(sc)) { 2458 if (cpu == 1) 2459 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF); 2460 else 2461 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF); 2462 iwm_nic_unlock(sc); 2463 } 2464 2465 return 0; 2466} 2467 2468int 2469iwm_load_firmware_8000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2470{ 2471 struct iwm_fw_sects *fws; 2472 int error = 0; 2473 int first_ucode_section; 2474 2475 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "loading ucode type %d\n", 2476 ucode_type); 2477 2478 fws = &sc->sc_fw.fw_sects[ucode_type]; 2479 2480 /* configure the ucode to be ready to get the secured image */ 2481 /* release CPU reset */ 2482 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET, IWM_RELEASE_CPU_RESET_BIT); 2483 2484 /* load to FW the binary Secured sections of CPU1 */ 2485 error = iwm_load_cpu_sections_8000(sc, fws, 1, &first_ucode_section); 2486 if (error) 2487 return error; 2488 2489 /* load to FW the binary sections of CPU2 */ 2490 return iwm_load_cpu_sections_8000(sc, fws, 2, &first_ucode_section); 2491} 2492 2493static int 2494iwm_load_firmware_7000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2495{ 2496 struct iwm_fw_sects *fws; 2497 int error, i; 2498 const void *data; 2499 uint32_t dlen; 2500 uint32_t offset; 2501 2502 sc->sc_uc.uc_intr = 0; 2503 2504 fws = &sc->sc_fw.fw_sects[ucode_type]; 2505 for (i = 0; i < fws->fw_count; i++) { 2506 data = fws->fw_sect[i].fws_data; 2507 dlen = fws->fw_sect[i].fws_len; 2508 offset = fws->fw_sect[i].fws_devoff; 2509 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 2510 "LOAD FIRMWARE type %d offset %u len %d\n", 2511 ucode_type, offset, dlen); 2512 if (dlen > sc->sc_fwdmasegsz) { 2513 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 2514 "chunk %d too large (%d bytes)\n", i, dlen); 2515 error = EFBIG; 2516 } else { 2517 error = iwm_firmware_load_sect(sc, offset, data, dlen); 2518 } 2519 if (error) { 2520 device_printf(sc->sc_dev, 2521 "could not load firmware chunk %u of %u " 2522 "(error=%d)\n", i, fws->fw_count, error); 2523 return error; 2524 } 2525 } 2526 2527 IWM_WRITE(sc, IWM_CSR_RESET, 0); 2528 2529 return 0; 2530} 2531 2532static int 2533iwm_load_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2534{ 2535 int error, w; 2536 2537 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) 2538 error = iwm_load_firmware_8000(sc, ucode_type); 2539 else 2540 error = iwm_load_firmware_7000(sc, ucode_type); 2541 if (error) 2542 return error; 2543 2544 /* wait for the firmware to load */ 2545 for (w = 0; !sc->sc_uc.uc_intr && w < 10; w++) { 2546 error = msleep(&sc->sc_uc, &sc->sc_mtx, 0, "iwmuc", hz/10); 2547 } 2548 if (error || !sc->sc_uc.uc_ok) { 2549 device_printf(sc->sc_dev, "could not load firmware\n"); 2550 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) { 2551 device_printf(sc->sc_dev, "cpu1 status: 0x%x\n", 2552 iwm_read_prph(sc, IWM_SB_CPU_1_STATUS)); 2553 device_printf(sc->sc_dev, "cpu2 status: 0x%x\n", 2554 iwm_read_prph(sc, IWM_SB_CPU_2_STATUS)); 2555 } 2556 } 2557 2558 /* 2559 * Give the firmware some time to initialize. 2560 * Accessing it too early causes errors. 2561 */ 2562 msleep(&w, &sc->sc_mtx, 0, "iwmfwinit", hz); 2563 2564 return error; 2565} 2566 2567/* iwlwifi: pcie/trans.c */ 2568static int 2569iwm_start_fw(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2570{ 2571 int error; 2572 2573 IWM_WRITE(sc, IWM_CSR_INT, ~0); 2574 2575 if ((error = iwm_nic_init(sc)) != 0) { 2576 device_printf(sc->sc_dev, "unable to init nic\n"); 2577 return error; 2578 } 2579 2580 /* make sure rfkill handshake bits are cleared */ 2581 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2582 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, 2583 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED); 2584 2585 /* clear (again), then enable host interrupts */ 2586 IWM_WRITE(sc, IWM_CSR_INT, ~0); 2587 iwm_enable_interrupts(sc); 2588 2589 /* really make sure rfkill handshake bits are cleared */ 2590 /* maybe we should write a few times more? just to make sure */ 2591 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2592 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2593 2594 /* Load the given image to the HW */ 2595 return iwm_load_firmware(sc, ucode_type); 2596} 2597 2598static int 2599iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant) 2600{ 2601 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = { 2602 .valid = htole32(valid_tx_ant), 2603 }; 2604 2605 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD, 2606 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd); 2607} 2608 2609/* iwlwifi: mvm/fw.c */ 2610static int 2611iwm_send_phy_cfg_cmd(struct iwm_softc *sc) 2612{ 2613 struct iwm_phy_cfg_cmd phy_cfg_cmd; 2614 enum iwm_ucode_type ucode_type = sc->sc_uc_current; 2615 2616 /* Set parameters */ 2617 phy_cfg_cmd.phy_cfg = htole32(sc->sc_fw_phy_config); 2618 phy_cfg_cmd.calib_control.event_trigger = 2619 sc->sc_default_calib[ucode_type].event_trigger; 2620 phy_cfg_cmd.calib_control.flow_trigger = 2621 sc->sc_default_calib[ucode_type].flow_trigger; 2622 2623 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET, 2624 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg); 2625 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC, 2626 sizeof(phy_cfg_cmd), &phy_cfg_cmd); 2627} 2628 2629static int 2630iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc, 2631 enum iwm_ucode_type ucode_type) 2632{ 2633 enum iwm_ucode_type old_type = sc->sc_uc_current; 2634 int error; 2635 2636 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) { 2637 device_printf(sc->sc_dev, "iwm_read_firmware: failed %d\n", 2638 error); 2639 return error; 2640 } 2641 2642 sc->sc_uc_current = ucode_type; 2643 error = iwm_start_fw(sc, ucode_type); 2644 if (error) { 2645 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error); 2646 sc->sc_uc_current = old_type; 2647 return error; 2648 } 2649 2650 error = iwm_post_alive(sc); 2651 if (error) { 2652 device_printf(sc->sc_dev, "iwm_fw_alive: failed %d\n", error); 2653 } 2654 return error; 2655} 2656 2657/* 2658 * mvm misc bits 2659 */ 2660 2661/* 2662 * follows iwlwifi/fw.c 2663 */ 2664static int 2665iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm) 2666{ 2667 int error; 2668 2669 /* do not operate with rfkill switch turned on */ 2670 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) { 2671 device_printf(sc->sc_dev, 2672 "radio is disabled by hardware switch\n"); 2673 return EPERM; 2674 } 2675 2676 sc->sc_init_complete = 0; 2677 if ((error = iwm_mvm_load_ucode_wait_alive(sc, 2678 IWM_UCODE_TYPE_INIT)) != 0) { 2679 device_printf(sc->sc_dev, "failed to load init firmware\n"); 2680 return error; 2681 } 2682 2683 if (justnvm) { 2684 if ((error = iwm_nvm_init(sc)) != 0) { 2685 device_printf(sc->sc_dev, "failed to read nvm\n"); 2686 return error; 2687 } 2688 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->sc_nvm.hw_addr); 2689 2690 return 0; 2691 } 2692 2693 if ((error = iwm_send_bt_init_conf(sc)) != 0) { 2694 device_printf(sc->sc_dev, 2695 "failed to send bt coex configuration: %d\n", error); 2696 return error; 2697 } 2698 2699 /* Init Smart FIFO. */ 2700 error = iwm_mvm_sf_config(sc, IWM_SF_INIT_OFF); 2701 if (error != 0) 2702 return error; 2703 2704 /* Send TX valid antennas before triggering calibrations */ 2705 if ((error = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc))) != 0) { 2706 device_printf(sc->sc_dev, 2707 "failed to send antennas before calibration: %d\n", error); 2708 return error; 2709 } 2710 2711 /* 2712 * Send phy configurations command to init uCode 2713 * to start the 16.0 uCode init image internal calibrations. 2714 */ 2715 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0 ) { 2716 device_printf(sc->sc_dev, 2717 "%s: failed to run internal calibration: %d\n", 2718 __func__, error); 2719 return error; 2720 } 2721 2722 /* 2723 * Nothing to do but wait for the init complete notification 2724 * from the firmware 2725 */ 2726 while (!sc->sc_init_complete) { 2727 error = msleep(&sc->sc_init_complete, &sc->sc_mtx, 2728 0, "iwminit", 2*hz); 2729 if (error) { 2730 device_printf(sc->sc_dev, "init complete failed: %d\n", 2731 sc->sc_init_complete); 2732 break; 2733 } 2734 } 2735 2736 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "init %scomplete\n", 2737 sc->sc_init_complete ? "" : "not "); 2738 2739 return error; 2740} 2741 2742/* 2743 * receive side 2744 */ 2745 2746/* (re)stock rx ring, called at init-time and at runtime */ 2747static int 2748iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx) 2749{ 2750 struct iwm_rx_ring *ring = &sc->rxq; 2751 struct iwm_rx_data *data = &ring->data[idx]; 2752 struct mbuf *m; 2753 bus_dmamap_t dmamap = NULL; 2754 bus_dma_segment_t seg; 2755 int nsegs, error; 2756 2757 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE); 2758 if (m == NULL) 2759 return ENOBUFS; 2760 2761 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size; 2762 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m, 2763 &seg, &nsegs, BUS_DMA_NOWAIT); 2764 if (error != 0) { 2765 device_printf(sc->sc_dev, 2766 "%s: can't map mbuf, error %d\n", __func__, error); 2767 goto fail; 2768 } 2769 2770 if (data->m != NULL) 2771 bus_dmamap_unload(ring->data_dmat, data->map); 2772 2773 /* Swap ring->spare_map with data->map */ 2774 dmamap = data->map; 2775 data->map = ring->spare_map; 2776 ring->spare_map = dmamap; 2777 2778 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD); 2779 data->m = m; 2780 2781 /* Update RX descriptor. */ 2782 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned")); 2783 ring->desc[idx] = htole32(seg.ds_addr >> 8); 2784 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2785 BUS_DMASYNC_PREWRITE); 2786 2787 return 0; 2788fail: 2789 m_freem(m); 2790 return error; 2791} 2792 2793/* iwlwifi: mvm/rx.c */ 2794#define IWM_RSSI_OFFSET 50 2795static int 2796iwm_mvm_calc_rssi(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 2797{ 2798 int rssi_a, rssi_b, rssi_a_dbm, rssi_b_dbm, max_rssi_dbm; 2799 uint32_t agc_a, agc_b; 2800 uint32_t val; 2801 2802 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_AGC_IDX]); 2803 agc_a = (val & IWM_OFDM_AGC_A_MSK) >> IWM_OFDM_AGC_A_POS; 2804 agc_b = (val & IWM_OFDM_AGC_B_MSK) >> IWM_OFDM_AGC_B_POS; 2805 2806 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_RSSI_AB_IDX]); 2807 rssi_a = (val & IWM_OFDM_RSSI_INBAND_A_MSK) >> IWM_OFDM_RSSI_A_POS; 2808 rssi_b = (val & IWM_OFDM_RSSI_INBAND_B_MSK) >> IWM_OFDM_RSSI_B_POS; 2809 2810 /* 2811 * dBm = rssi dB - agc dB - constant. 2812 * Higher AGC (higher radio gain) means lower signal. 2813 */ 2814 rssi_a_dbm = rssi_a - IWM_RSSI_OFFSET - agc_a; 2815 rssi_b_dbm = rssi_b - IWM_RSSI_OFFSET - agc_b; 2816 max_rssi_dbm = MAX(rssi_a_dbm, rssi_b_dbm); 2817 2818 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2819 "Rssi In A %d B %d Max %d AGCA %d AGCB %d\n", 2820 rssi_a_dbm, rssi_b_dbm, max_rssi_dbm, agc_a, agc_b); 2821 2822 return max_rssi_dbm; 2823} 2824 2825/* iwlwifi: mvm/rx.c */ 2826/* 2827 * iwm_mvm_get_signal_strength - use new rx PHY INFO API 2828 * values are reported by the fw as positive values - need to negate 2829 * to obtain their dBM. Account for missing antennas by replacing 0 2830 * values by -256dBm: practically 0 power and a non-feasible 8 bit value. 2831 */ 2832static int 2833iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 2834{ 2835 int energy_a, energy_b, energy_c, max_energy; 2836 uint32_t val; 2837 2838 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]); 2839 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >> 2840 IWM_RX_INFO_ENERGY_ANT_A_POS; 2841 energy_a = energy_a ? -energy_a : -256; 2842 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >> 2843 IWM_RX_INFO_ENERGY_ANT_B_POS; 2844 energy_b = energy_b ? -energy_b : -256; 2845 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >> 2846 IWM_RX_INFO_ENERGY_ANT_C_POS; 2847 energy_c = energy_c ? -energy_c : -256; 2848 max_energy = MAX(energy_a, energy_b); 2849 max_energy = MAX(max_energy, energy_c); 2850 2851 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2852 "energy In A %d B %d C %d , and max %d\n", 2853 energy_a, energy_b, energy_c, max_energy); 2854 2855 return max_energy; 2856} 2857 2858static void 2859iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc, 2860 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 2861{ 2862 struct iwm_rx_phy_info *phy_info = (void *)pkt->data; 2863 2864 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n"); 2865 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD); 2866 2867 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info)); 2868} 2869 2870/* 2871 * Retrieve the average noise (in dBm) among receivers. 2872 */ 2873static int 2874iwm_get_noise(const struct iwm_mvm_statistics_rx_non_phy *stats) 2875{ 2876 int i, total, nbant, noise; 2877 2878 total = nbant = noise = 0; 2879 for (i = 0; i < 3; i++) { 2880 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff; 2881 if (noise) { 2882 total += noise; 2883 nbant++; 2884 } 2885 } 2886 2887 /* There should be at least one antenna but check anyway. */ 2888 return (nbant == 0) ? -127 : (total / nbant) - 107; 2889} 2890 2891/* 2892 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler 2893 * 2894 * Handles the actual data of the Rx packet from the fw 2895 */ 2896static void 2897iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc, 2898 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 2899{ 2900 struct ieee80211com *ic = &sc->sc_ic; 2901 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2902 struct ieee80211_frame *wh; 2903 struct ieee80211_node *ni; 2904 struct ieee80211_rx_stats rxs; 2905 struct mbuf *m; 2906 struct iwm_rx_phy_info *phy_info; 2907 struct iwm_rx_mpdu_res_start *rx_res; 2908 uint32_t len; 2909 uint32_t rx_pkt_status; 2910 int rssi; 2911 2912 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD); 2913 2914 phy_info = &sc->sc_last_phy_info; 2915 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data; 2916 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res)); 2917 len = le16toh(rx_res->byte_count); 2918 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len)); 2919 2920 m = data->m; 2921 m->m_data = pkt->data + sizeof(*rx_res); 2922 m->m_pkthdr.len = m->m_len = len; 2923 2924 if (__predict_false(phy_info->cfg_phy_cnt > 20)) { 2925 device_printf(sc->sc_dev, 2926 "dsp size out of range [0,20]: %d\n", 2927 phy_info->cfg_phy_cnt); 2928 return; 2929 } 2930 2931 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) || 2932 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) { 2933 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2934 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status); 2935 return; /* drop */ 2936 } 2937 2938 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_RX_ENERGY_API) { 2939 rssi = iwm_mvm_get_signal_strength(sc, phy_info); 2940 } else { 2941 rssi = iwm_mvm_calc_rssi(sc, phy_info); 2942 } 2943 rssi = (0 - IWM_MIN_DBM) + rssi; /* normalize */ 2944 rssi = MIN(rssi, sc->sc_max_rssi); /* clip to max. 100% */ 2945 2946 /* replenish ring for the buffer we're going to feed to the sharks */ 2947 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) { 2948 device_printf(sc->sc_dev, "%s: unable to add more buffers\n", 2949 __func__); 2950 return; 2951 } 2952 2953 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 2954 2955 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2956 "%s: phy_info: channel=%d, flags=0x%08x\n", 2957 __func__, 2958 le16toh(phy_info->channel), 2959 le16toh(phy_info->phy_flags)); 2960 2961 /* 2962 * Populate an RX state struct with the provided information. 2963 */ 2964 bzero(&rxs, sizeof(rxs)); 2965 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; 2966 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 2967 rxs.c_ieee = le16toh(phy_info->channel); 2968 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) { 2969 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ); 2970 } else { 2971 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ); 2972 } 2973 rxs.rssi = rssi - sc->sc_noise; 2974 rxs.nf = sc->sc_noise; 2975 2976 if (ieee80211_radiotap_active_vap(vap)) { 2977 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap; 2978 2979 tap->wr_flags = 0; 2980 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE)) 2981 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2982 tap->wr_chan_freq = htole16(rxs.c_freq); 2983 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */ 2984 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2985 tap->wr_dbm_antsignal = (int8_t)rssi; 2986 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise; 2987 tap->wr_tsft = phy_info->system_timestamp; 2988 switch (phy_info->rate) { 2989 /* CCK rates. */ 2990 case 10: tap->wr_rate = 2; break; 2991 case 20: tap->wr_rate = 4; break; 2992 case 55: tap->wr_rate = 11; break; 2993 case 110: tap->wr_rate = 22; break; 2994 /* OFDM rates. */ 2995 case 0xd: tap->wr_rate = 12; break; 2996 case 0xf: tap->wr_rate = 18; break; 2997 case 0x5: tap->wr_rate = 24; break; 2998 case 0x7: tap->wr_rate = 36; break; 2999 case 0x9: tap->wr_rate = 48; break; 3000 case 0xb: tap->wr_rate = 72; break; 3001 case 0x1: tap->wr_rate = 96; break; 3002 case 0x3: tap->wr_rate = 108; break; 3003 /* Unknown rate: should not happen. */ 3004 default: tap->wr_rate = 0; 3005 } 3006 } 3007 3008 IWM_UNLOCK(sc); 3009 if (ni != NULL) { 3010 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m); 3011 ieee80211_input_mimo(ni, m, &rxs); 3012 ieee80211_free_node(ni); 3013 } else { 3014 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m); 3015 ieee80211_input_mimo_all(ic, m, &rxs); 3016 } 3017 IWM_LOCK(sc); 3018} 3019 3020static int 3021iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 3022 struct iwm_node *in) 3023{ 3024 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data; 3025 struct ieee80211_node *ni = &in->in_ni; 3026 struct ieee80211vap *vap = ni->ni_vap; 3027 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK; 3028 int failack = tx_resp->failure_frame; 3029 3030 KASSERT(tx_resp->frame_count == 1, ("too many frames")); 3031 3032 /* Update rate control statistics. */ 3033 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n", 3034 __func__, 3035 (int) le16toh(tx_resp->status.status), 3036 (int) le16toh(tx_resp->status.sequence), 3037 tx_resp->frame_count, 3038 tx_resp->bt_kill_count, 3039 tx_resp->failure_rts, 3040 tx_resp->failure_frame, 3041 le32toh(tx_resp->initial_rate), 3042 (int) le16toh(tx_resp->wireless_media_time)); 3043 3044 if (status != IWM_TX_STATUS_SUCCESS && 3045 status != IWM_TX_STATUS_DIRECT_DONE) { 3046 ieee80211_ratectl_tx_complete(vap, ni, 3047 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL); 3048 return (1); 3049 } else { 3050 ieee80211_ratectl_tx_complete(vap, ni, 3051 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL); 3052 return (0); 3053 } 3054} 3055 3056static void 3057iwm_mvm_rx_tx_cmd(struct iwm_softc *sc, 3058 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 3059{ 3060 struct iwm_cmd_header *cmd_hdr = &pkt->hdr; 3061 int idx = cmd_hdr->idx; 3062 int qid = cmd_hdr->qid; 3063 struct iwm_tx_ring *ring = &sc->txq[qid]; 3064 struct iwm_tx_data *txd = &ring->data[idx]; 3065 struct iwm_node *in = txd->in; 3066 struct mbuf *m = txd->m; 3067 int status; 3068 3069 KASSERT(txd->done == 0, ("txd not done")); 3070 KASSERT(txd->in != NULL, ("txd without node")); 3071 KASSERT(txd->m != NULL, ("txd without mbuf")); 3072 3073 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 3074 3075 sc->sc_tx_timer = 0; 3076 3077 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in); 3078 3079 /* Unmap and free mbuf. */ 3080 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE); 3081 bus_dmamap_unload(ring->data_dmat, txd->map); 3082 3083 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3084 "free txd %p, in %p\n", txd, txd->in); 3085 txd->done = 1; 3086 txd->m = NULL; 3087 txd->in = NULL; 3088 3089 ieee80211_tx_complete(&in->in_ni, m, status); 3090 3091 if (--ring->queued < IWM_TX_RING_LOMARK) { 3092 sc->qfullmsk &= ~(1 << ring->qid); 3093 if (sc->qfullmsk == 0) { 3094 iwm_start(sc); 3095 } 3096 } 3097} 3098 3099/* 3100 * transmit side 3101 */ 3102 3103/* 3104 * Process a "command done" firmware notification. This is where we wakeup 3105 * processes waiting for a synchronous command completion. 3106 * from if_iwn 3107 */ 3108static void 3109iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3110{ 3111 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE]; 3112 struct iwm_tx_data *data; 3113 3114 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) { 3115 return; /* Not a command ack. */ 3116 } 3117 3118 data = &ring->data[pkt->hdr.idx]; 3119 3120 /* If the command was mapped in an mbuf, free it. */ 3121 if (data->m != NULL) { 3122 bus_dmamap_sync(ring->data_dmat, data->map, 3123 BUS_DMASYNC_POSTWRITE); 3124 bus_dmamap_unload(ring->data_dmat, data->map); 3125 m_freem(data->m); 3126 data->m = NULL; 3127 } 3128 wakeup(&ring->desc[pkt->hdr.idx]); 3129} 3130 3131#if 0 3132/* 3133 * necessary only for block ack mode 3134 */ 3135void 3136iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id, 3137 uint16_t len) 3138{ 3139 struct iwm_agn_scd_bc_tbl *scd_bc_tbl; 3140 uint16_t w_val; 3141 3142 scd_bc_tbl = sc->sched_dma.vaddr; 3143 3144 len += 8; /* magic numbers came naturally from paris */ 3145 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE) 3146 len = roundup(len, 4) / 4; 3147 3148 w_val = htole16(sta_id << 12 | len); 3149 3150 /* Update TX scheduler. */ 3151 scd_bc_tbl[qid].tfd_offset[idx] = w_val; 3152 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3153 BUS_DMASYNC_PREWRITE); 3154 3155 /* I really wonder what this is ?!? */ 3156 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) { 3157 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val; 3158 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3159 BUS_DMASYNC_PREWRITE); 3160 } 3161} 3162#endif 3163 3164/* 3165 * Take an 802.11 (non-n) rate, find the relevant rate 3166 * table entry. return the index into in_ridx[]. 3167 * 3168 * The caller then uses that index back into in_ridx 3169 * to figure out the rate index programmed /into/ 3170 * the firmware for this given node. 3171 */ 3172static int 3173iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in, 3174 uint8_t rate) 3175{ 3176 int i; 3177 uint8_t r; 3178 3179 for (i = 0; i < nitems(in->in_ridx); i++) { 3180 r = iwm_rates[in->in_ridx[i]].rate; 3181 if (rate == r) 3182 return (i); 3183 } 3184 /* XXX Return the first */ 3185 /* XXX TODO: have it return the /lowest/ */ 3186 return (0); 3187} 3188 3189/* 3190 * Fill in the rate related information for a transmit command. 3191 */ 3192static const struct iwm_rate * 3193iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in, 3194 struct ieee80211_frame *wh, struct iwm_tx_cmd *tx) 3195{ 3196 struct ieee80211com *ic = &sc->sc_ic; 3197 struct ieee80211_node *ni = &in->in_ni; 3198 const struct iwm_rate *rinfo; 3199 int type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3200 int ridx, rate_flags; 3201 3202 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT; 3203 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY; 3204 3205 /* 3206 * XXX TODO: everything about the rate selection here is terrible! 3207 */ 3208 3209 if (type == IEEE80211_FC0_TYPE_DATA) { 3210 int i; 3211 /* for data frames, use RS table */ 3212 (void) ieee80211_ratectl_rate(ni, NULL, 0); 3213 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate); 3214 ridx = in->in_ridx[i]; 3215 3216 /* This is the index into the programmed table */ 3217 tx->initial_rate_index = i; 3218 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE); 3219 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3220 "%s: start with i=%d, txrate %d\n", 3221 __func__, i, iwm_rates[ridx].rate); 3222 } else { 3223 /* 3224 * For non-data, use the lowest supported rate for the given 3225 * operational mode. 3226 * 3227 * Note: there may not be any rate control information available. 3228 * This driver currently assumes if we're transmitting data 3229 * frames, use the rate control table. Grr. 3230 * 3231 * XXX TODO: use the configured rate for the traffic type! 3232 * XXX TODO: this should be per-vap, not curmode; as we later 3233 * on we'll want to handle off-channel stuff (eg TDLS). 3234 */ 3235 if (ic->ic_curmode == IEEE80211_MODE_11A) { 3236 /* 3237 * XXX this assumes the mode is either 11a or not 11a; 3238 * definitely won't work for 11n. 3239 */ 3240 ridx = IWM_RIDX_OFDM; 3241 } else { 3242 ridx = IWM_RIDX_CCK; 3243 } 3244 } 3245 3246 rinfo = &iwm_rates[ridx]; 3247 3248 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n", 3249 __func__, ridx, 3250 rinfo->rate, 3251 !! (IWM_RIDX_IS_CCK(ridx)) 3252 ); 3253 3254 /* XXX TODO: hard-coded TX antenna? */ 3255 rate_flags = 1 << IWM_RATE_MCS_ANT_POS; 3256 if (IWM_RIDX_IS_CCK(ridx)) 3257 rate_flags |= IWM_RATE_MCS_CCK_MSK; 3258 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp); 3259 3260 return rinfo; 3261} 3262 3263#define TB0_SIZE 16 3264static int 3265iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac) 3266{ 3267 struct ieee80211com *ic = &sc->sc_ic; 3268 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3269 struct iwm_node *in = IWM_NODE(ni); 3270 struct iwm_tx_ring *ring; 3271 struct iwm_tx_data *data; 3272 struct iwm_tfd *desc; 3273 struct iwm_device_cmd *cmd; 3274 struct iwm_tx_cmd *tx; 3275 struct ieee80211_frame *wh; 3276 struct ieee80211_key *k = NULL; 3277 struct mbuf *m1; 3278 const struct iwm_rate *rinfo; 3279 uint32_t flags; 3280 u_int hdrlen; 3281 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER]; 3282 int nsegs; 3283 uint8_t tid, type; 3284 int i, totlen, error, pad; 3285 3286 wh = mtod(m, struct ieee80211_frame *); 3287 hdrlen = ieee80211_anyhdrsize(wh); 3288 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3289 tid = 0; 3290 ring = &sc->txq[ac]; 3291 desc = &ring->desc[ring->cur]; 3292 memset(desc, 0, sizeof(*desc)); 3293 data = &ring->data[ring->cur]; 3294 3295 /* Fill out iwm_tx_cmd to send to the firmware */ 3296 cmd = &ring->cmd[ring->cur]; 3297 cmd->hdr.code = IWM_TX_CMD; 3298 cmd->hdr.flags = 0; 3299 cmd->hdr.qid = ring->qid; 3300 cmd->hdr.idx = ring->cur; 3301 3302 tx = (void *)cmd->data; 3303 memset(tx, 0, sizeof(*tx)); 3304 3305 rinfo = iwm_tx_fill_cmd(sc, in, wh, tx); 3306 3307 /* Encrypt the frame if need be. */ 3308 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 3309 /* Retrieve key for TX && do software encryption. */ 3310 k = ieee80211_crypto_encap(ni, m); 3311 if (k == NULL) { 3312 m_freem(m); 3313 return (ENOBUFS); 3314 } 3315 /* 802.11 header may have moved. */ 3316 wh = mtod(m, struct ieee80211_frame *); 3317 } 3318 3319 if (ieee80211_radiotap_active_vap(vap)) { 3320 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap; 3321 3322 tap->wt_flags = 0; 3323 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 3324 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 3325 tap->wt_rate = rinfo->rate; 3326 if (k != NULL) 3327 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 3328 ieee80211_radiotap_tx(vap, m); 3329 } 3330 3331 3332 totlen = m->m_pkthdr.len; 3333 3334 flags = 0; 3335 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3336 flags |= IWM_TX_CMD_FLG_ACK; 3337 } 3338 3339 if (type == IEEE80211_FC0_TYPE_DATA 3340 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) 3341 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3342 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE; 3343 } 3344 3345 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3346 type != IEEE80211_FC0_TYPE_DATA) 3347 tx->sta_id = sc->sc_aux_sta.sta_id; 3348 else 3349 tx->sta_id = IWM_STATION_ID; 3350 3351 if (type == IEEE80211_FC0_TYPE_MGT) { 3352 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 3353 3354 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 3355 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 3356 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC); 3357 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) { 3358 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3359 } else { 3360 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT); 3361 } 3362 } else { 3363 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3364 } 3365 3366 if (hdrlen & 3) { 3367 /* First segment length must be a multiple of 4. */ 3368 flags |= IWM_TX_CMD_FLG_MH_PAD; 3369 pad = 4 - (hdrlen & 3); 3370 } else 3371 pad = 0; 3372 3373 tx->driver_txop = 0; 3374 tx->next_frame_len = 0; 3375 3376 tx->len = htole16(totlen); 3377 tx->tid_tspec = tid; 3378 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE); 3379 3380 /* Set physical address of "scratch area". */ 3381 tx->dram_lsb_ptr = htole32(data->scratch_paddr); 3382 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr); 3383 3384 /* Copy 802.11 header in TX command. */ 3385 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 3386 3387 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL; 3388 3389 tx->sec_ctl = 0; 3390 tx->tx_flags |= htole32(flags); 3391 3392 /* Trim 802.11 header. */ 3393 m_adj(m, hdrlen); 3394 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3395 segs, &nsegs, BUS_DMA_NOWAIT); 3396 if (error != 0) { 3397 if (error != EFBIG) { 3398 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3399 error); 3400 m_freem(m); 3401 return error; 3402 } 3403 /* Too many DMA segments, linearize mbuf. */ 3404 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2); 3405 if (m1 == NULL) { 3406 device_printf(sc->sc_dev, 3407 "%s: could not defrag mbuf\n", __func__); 3408 m_freem(m); 3409 return (ENOBUFS); 3410 } 3411 m = m1; 3412 3413 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3414 segs, &nsegs, BUS_DMA_NOWAIT); 3415 if (error != 0) { 3416 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3417 error); 3418 m_freem(m); 3419 return error; 3420 } 3421 } 3422 data->m = m; 3423 data->in = in; 3424 data->done = 0; 3425 3426 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3427 "sending txd %p, in %p\n", data, data->in); 3428 KASSERT(data->in != NULL, ("node is NULL")); 3429 3430 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3431 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n", 3432 ring->qid, ring->cur, totlen, nsegs, 3433 le32toh(tx->tx_flags), 3434 le32toh(tx->rate_n_flags), 3435 tx->initial_rate_index 3436 ); 3437 3438 /* Fill TX descriptor. */ 3439 desc->num_tbs = 2 + nsegs; 3440 3441 desc->tbs[0].lo = htole32(data->cmd_paddr); 3442 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3443 (TB0_SIZE << 4); 3444 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE); 3445 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3446 ((sizeof(struct iwm_cmd_header) + sizeof(*tx) 3447 + hdrlen + pad - TB0_SIZE) << 4); 3448 3449 /* Other DMA segments are for data payload. */ 3450 for (i = 0; i < nsegs; i++) { 3451 seg = &segs[i]; 3452 desc->tbs[i+2].lo = htole32(seg->ds_addr); 3453 desc->tbs[i+2].hi_n_len = \ 3454 htole16(iwm_get_dma_hi_addr(seg->ds_addr)) 3455 | ((seg->ds_len) << 4); 3456 } 3457 3458 bus_dmamap_sync(ring->data_dmat, data->map, 3459 BUS_DMASYNC_PREWRITE); 3460 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map, 3461 BUS_DMASYNC_PREWRITE); 3462 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3463 BUS_DMASYNC_PREWRITE); 3464 3465#if 0 3466 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len)); 3467#endif 3468 3469 /* Kick TX ring. */ 3470 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT; 3471 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 3472 3473 /* Mark TX ring as full if we reach a certain threshold. */ 3474 if (++ring->queued > IWM_TX_RING_HIMARK) { 3475 sc->qfullmsk |= 1 << ring->qid; 3476 } 3477 3478 return 0; 3479} 3480 3481static int 3482iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3483 const struct ieee80211_bpf_params *params) 3484{ 3485 struct ieee80211com *ic = ni->ni_ic; 3486 struct iwm_softc *sc = ic->ic_softc; 3487 int error = 0; 3488 3489 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3490 "->%s begin\n", __func__); 3491 3492 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 3493 m_freem(m); 3494 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3495 "<-%s not RUNNING\n", __func__); 3496 return (ENETDOWN); 3497 } 3498 3499 IWM_LOCK(sc); 3500 /* XXX fix this */ 3501 if (params == NULL) { 3502 error = iwm_tx(sc, m, ni, 0); 3503 } else { 3504 error = iwm_tx(sc, m, ni, 0); 3505 } 3506 sc->sc_tx_timer = 5; 3507 IWM_UNLOCK(sc); 3508 3509 return (error); 3510} 3511 3512/* 3513 * mvm/tx.c 3514 */ 3515 3516#if 0 3517/* 3518 * Note that there are transports that buffer frames before they reach 3519 * the firmware. This means that after flush_tx_path is called, the 3520 * queue might not be empty. The race-free way to handle this is to: 3521 * 1) set the station as draining 3522 * 2) flush the Tx path 3523 * 3) wait for the transport queues to be empty 3524 */ 3525int 3526iwm_mvm_flush_tx_path(struct iwm_softc *sc, int tfd_msk, int sync) 3527{ 3528 struct iwm_tx_path_flush_cmd flush_cmd = { 3529 .queues_ctl = htole32(tfd_msk), 3530 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH), 3531 }; 3532 int ret; 3533 3534 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, 3535 sync ? IWM_CMD_SYNC : IWM_CMD_ASYNC, 3536 sizeof(flush_cmd), &flush_cmd); 3537 if (ret) 3538 device_printf(sc->sc_dev, 3539 "Flushing tx queue failed: %d\n", ret); 3540 return ret; 3541} 3542#endif 3543 3544/* 3545 * BEGIN mvm/sta.c 3546 */ 3547 3548static int 3549iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *sc, 3550 struct iwm_mvm_add_sta_cmd_v7 *cmd, int *status) 3551{ 3552 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(*cmd), 3553 cmd, status); 3554} 3555 3556/* send station add/update command to firmware */ 3557static int 3558iwm_mvm_sta_send_to_fw(struct iwm_softc *sc, struct iwm_node *in, int update) 3559{ 3560 struct iwm_mvm_add_sta_cmd_v7 add_sta_cmd; 3561 int ret; 3562 uint32_t status; 3563 3564 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd)); 3565 3566 add_sta_cmd.sta_id = IWM_STATION_ID; 3567 add_sta_cmd.mac_id_n_color 3568 = htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_DEFAULT_MACID, 3569 IWM_DEFAULT_COLOR)); 3570 if (!update) { 3571 int ac; 3572 for (ac = 0; ac < WME_NUM_AC; ac++) { 3573 add_sta_cmd.tfd_queue_msk |= 3574 htole32(1 << iwm_mvm_ac_to_tx_fifo[ac]); 3575 } 3576 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid); 3577 } 3578 add_sta_cmd.add_modify = update ? 1 : 0; 3579 add_sta_cmd.station_flags_msk 3580 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK); 3581 add_sta_cmd.tid_disable_tx = htole16(0xffff); 3582 if (update) 3583 add_sta_cmd.modify_mask |= (IWM_STA_MODIFY_TID_DISABLE_TX); 3584 3585 status = IWM_ADD_STA_SUCCESS; 3586 ret = iwm_mvm_send_add_sta_cmd_status(sc, &add_sta_cmd, &status); 3587 if (ret) 3588 return ret; 3589 3590 switch (status) { 3591 case IWM_ADD_STA_SUCCESS: 3592 break; 3593 default: 3594 ret = EIO; 3595 device_printf(sc->sc_dev, "IWM_ADD_STA failed\n"); 3596 break; 3597 } 3598 3599 return ret; 3600} 3601 3602static int 3603iwm_mvm_add_sta(struct iwm_softc *sc, struct iwm_node *in) 3604{ 3605 return iwm_mvm_sta_send_to_fw(sc, in, 0); 3606} 3607 3608static int 3609iwm_mvm_update_sta(struct iwm_softc *sc, struct iwm_node *in) 3610{ 3611 return iwm_mvm_sta_send_to_fw(sc, in, 1); 3612} 3613 3614static int 3615iwm_mvm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta, 3616 const uint8_t *addr, uint16_t mac_id, uint16_t color) 3617{ 3618 struct iwm_mvm_add_sta_cmd_v7 cmd; 3619 int ret; 3620 uint32_t status; 3621 3622 memset(&cmd, 0, sizeof(cmd)); 3623 cmd.sta_id = sta->sta_id; 3624 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color)); 3625 3626 cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk); 3627 cmd.tid_disable_tx = htole16(0xffff); 3628 3629 if (addr) 3630 IEEE80211_ADDR_COPY(cmd.addr, addr); 3631 3632 ret = iwm_mvm_send_add_sta_cmd_status(sc, &cmd, &status); 3633 if (ret) 3634 return ret; 3635 3636 switch (status) { 3637 case IWM_ADD_STA_SUCCESS: 3638 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 3639 "%s: Internal station added.\n", __func__); 3640 return 0; 3641 default: 3642 device_printf(sc->sc_dev, 3643 "%s: Add internal station failed, status=0x%x\n", 3644 __func__, status); 3645 ret = EIO; 3646 break; 3647 } 3648 return ret; 3649} 3650 3651static int 3652iwm_mvm_add_aux_sta(struct iwm_softc *sc) 3653{ 3654 int ret; 3655 3656 sc->sc_aux_sta.sta_id = IWM_AUX_STA_ID; 3657 sc->sc_aux_sta.tfd_queue_msk = (1 << IWM_MVM_AUX_QUEUE); 3658 3659 ret = iwm_enable_txq(sc, 0, IWM_MVM_AUX_QUEUE, IWM_MVM_TX_FIFO_MCAST); 3660 if (ret) 3661 return ret; 3662 3663 ret = iwm_mvm_add_int_sta_common(sc, 3664 &sc->sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0); 3665 3666 if (ret) 3667 memset(&sc->sc_aux_sta, 0, sizeof(sc->sc_aux_sta)); 3668 return ret; 3669} 3670 3671/* 3672 * END mvm/sta.c 3673 */ 3674 3675/* 3676 * BEGIN mvm/quota.c 3677 */ 3678 3679static int 3680iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_node *in) 3681{ 3682 struct iwm_time_quota_cmd cmd; 3683 int i, idx, ret, num_active_macs, quota, quota_rem; 3684 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, }; 3685 int n_ifs[IWM_MAX_BINDINGS] = {0, }; 3686 uint16_t id; 3687 3688 memset(&cmd, 0, sizeof(cmd)); 3689 3690 /* currently, PHY ID == binding ID */ 3691 if (in) { 3692 id = in->in_phyctxt->id; 3693 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id")); 3694 colors[id] = in->in_phyctxt->color; 3695 3696 if (1) 3697 n_ifs[id] = 1; 3698 } 3699 3700 /* 3701 * The FW's scheduling session consists of 3702 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments 3703 * equally between all the bindings that require quota 3704 */ 3705 num_active_macs = 0; 3706 for (i = 0; i < IWM_MAX_BINDINGS; i++) { 3707 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID); 3708 num_active_macs += n_ifs[i]; 3709 } 3710 3711 quota = 0; 3712 quota_rem = 0; 3713 if (num_active_macs) { 3714 quota = IWM_MVM_MAX_QUOTA / num_active_macs; 3715 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs; 3716 } 3717 3718 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) { 3719 if (colors[i] < 0) 3720 continue; 3721 3722 cmd.quotas[idx].id_and_color = 3723 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i])); 3724 3725 if (n_ifs[i] <= 0) { 3726 cmd.quotas[idx].quota = htole32(0); 3727 cmd.quotas[idx].max_duration = htole32(0); 3728 } else { 3729 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]); 3730 cmd.quotas[idx].max_duration = htole32(0); 3731 } 3732 idx++; 3733 } 3734 3735 /* Give the remainder of the session to the first binding */ 3736 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem); 3737 3738 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC, 3739 sizeof(cmd), &cmd); 3740 if (ret) 3741 device_printf(sc->sc_dev, 3742 "%s: Failed to send quota: %d\n", __func__, ret); 3743 return ret; 3744} 3745 3746/* 3747 * END mvm/quota.c 3748 */ 3749 3750/* 3751 * ieee80211 routines 3752 */ 3753 3754/* 3755 * Change to AUTH state in 80211 state machine. Roughly matches what 3756 * Linux does in bss_info_changed(). 3757 */ 3758static int 3759iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc) 3760{ 3761 struct ieee80211_node *ni; 3762 struct iwm_node *in; 3763 struct iwm_vap *iv = IWM_VAP(vap); 3764 uint32_t duration; 3765 int error; 3766 3767 /* 3768 * XXX i have a feeling that the vap node is being 3769 * freed from underneath us. Grr. 3770 */ 3771 ni = ieee80211_ref_node(vap->iv_bss); 3772 in = IWM_NODE(ni); 3773 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE, 3774 "%s: called; vap=%p, bss ni=%p\n", 3775 __func__, 3776 vap, 3777 ni); 3778 3779 in->in_assoc = 0; 3780 3781 error = iwm_mvm_sf_config(sc, IWM_SF_FULL_ON); 3782 if (error != 0) 3783 return error; 3784 3785 error = iwm_allow_mcast(vap, sc); 3786 if (error) { 3787 device_printf(sc->sc_dev, 3788 "%s: failed to set multicast\n", __func__); 3789 goto out; 3790 } 3791 3792 /* 3793 * This is where it deviates from what Linux does. 3794 * 3795 * Linux iwlwifi doesn't reset the nic each time, nor does it 3796 * call ctxt_add() here. Instead, it adds it during vap creation, 3797 * and always does a mac_ctx_changed(). 3798 * 3799 * The openbsd port doesn't attempt to do that - it reset things 3800 * at odd states and does the add here. 3801 * 3802 * So, until the state handling is fixed (ie, we never reset 3803 * the NIC except for a firmware failure, which should drag 3804 * the NIC back to IDLE, re-setup and re-add all the mac/phy 3805 * contexts that are required), let's do a dirty hack here. 3806 */ 3807 if (iv->is_uploaded) { 3808 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 3809 device_printf(sc->sc_dev, 3810 "%s: failed to update MAC\n", __func__); 3811 goto out; 3812 } 3813 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 3814 in->in_ni.ni_chan, 1, 1)) != 0) { 3815 device_printf(sc->sc_dev, 3816 "%s: failed update phy ctxt\n", __func__); 3817 goto out; 3818 } 3819 in->in_phyctxt = &sc->sc_phyctxt[0]; 3820 3821 if ((error = iwm_mvm_binding_update(sc, in)) != 0) { 3822 device_printf(sc->sc_dev, 3823 "%s: binding update cmd\n", __func__); 3824 goto out; 3825 } 3826 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 3827 device_printf(sc->sc_dev, 3828 "%s: failed to update sta\n", __func__); 3829 goto out; 3830 } 3831 } else { 3832 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) { 3833 device_printf(sc->sc_dev, 3834 "%s: failed to add MAC\n", __func__); 3835 goto out; 3836 } 3837 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 3838 in->in_ni.ni_chan, 1, 1)) != 0) { 3839 device_printf(sc->sc_dev, 3840 "%s: failed add phy ctxt!\n", __func__); 3841 error = ETIMEDOUT; 3842 goto out; 3843 } 3844 in->in_phyctxt = &sc->sc_phyctxt[0]; 3845 3846 if ((error = iwm_mvm_binding_add_vif(sc, in)) != 0) { 3847 device_printf(sc->sc_dev, 3848 "%s: binding add cmd\n", __func__); 3849 goto out; 3850 } 3851 if ((error = iwm_mvm_add_sta(sc, in)) != 0) { 3852 device_printf(sc->sc_dev, 3853 "%s: failed to add sta\n", __func__); 3854 goto out; 3855 } 3856 } 3857 3858 /* 3859 * Prevent the FW from wandering off channel during association 3860 * by "protecting" the session with a time event. 3861 */ 3862 /* XXX duration is in units of TU, not MS */ 3863 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS; 3864 iwm_mvm_protect_session(sc, in, duration, 500 /* XXX magic number */); 3865 DELAY(100); 3866 3867 error = 0; 3868out: 3869 ieee80211_free_node(ni); 3870 return (error); 3871} 3872 3873static int 3874iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc) 3875{ 3876 struct iwm_node *in = IWM_NODE(vap->iv_bss); 3877 int error; 3878 3879 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 3880 device_printf(sc->sc_dev, 3881 "%s: failed to update STA\n", __func__); 3882 return error; 3883 } 3884 3885 in->in_assoc = 1; 3886 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 3887 device_printf(sc->sc_dev, 3888 "%s: failed to update MAC\n", __func__); 3889 return error; 3890 } 3891 3892 return 0; 3893} 3894 3895static int 3896iwm_release(struct iwm_softc *sc, struct iwm_node *in) 3897{ 3898 /* 3899 * Ok, so *technically* the proper set of calls for going 3900 * from RUN back to SCAN is: 3901 * 3902 * iwm_mvm_power_mac_disable(sc, in); 3903 * iwm_mvm_mac_ctxt_changed(sc, in); 3904 * iwm_mvm_rm_sta(sc, in); 3905 * iwm_mvm_update_quotas(sc, NULL); 3906 * iwm_mvm_mac_ctxt_changed(sc, in); 3907 * iwm_mvm_binding_remove_vif(sc, in); 3908 * iwm_mvm_mac_ctxt_remove(sc, in); 3909 * 3910 * However, that freezes the device not matter which permutations 3911 * and modifications are attempted. Obviously, this driver is missing 3912 * something since it works in the Linux driver, but figuring out what 3913 * is missing is a little more complicated. Now, since we're going 3914 * back to nothing anyway, we'll just do a complete device reset. 3915 * Up your's, device! 3916 */ 3917 /* iwm_mvm_flush_tx_path(sc, 0xf, 1); */ 3918 iwm_stop_device(sc); 3919 iwm_init_hw(sc); 3920 if (in) 3921 in->in_assoc = 0; 3922 return 0; 3923 3924#if 0 3925 int error; 3926 3927 iwm_mvm_power_mac_disable(sc, in); 3928 3929 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) { 3930 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error); 3931 return error; 3932 } 3933 3934 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) { 3935 device_printf(sc->sc_dev, "sta remove fail %d\n", error); 3936 return error; 3937 } 3938 error = iwm_mvm_rm_sta(sc, in); 3939 in->in_assoc = 0; 3940 iwm_mvm_update_quotas(sc, NULL); 3941 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) { 3942 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error); 3943 return error; 3944 } 3945 iwm_mvm_binding_remove_vif(sc, in); 3946 3947 iwm_mvm_mac_ctxt_remove(sc, in); 3948 3949 return error; 3950#endif 3951} 3952 3953static struct ieee80211_node * 3954iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 3955{ 3956 return malloc(sizeof (struct iwm_node), M_80211_NODE, 3957 M_NOWAIT | M_ZERO); 3958} 3959 3960static void 3961iwm_setrates(struct iwm_softc *sc, struct iwm_node *in) 3962{ 3963 struct ieee80211_node *ni = &in->in_ni; 3964 struct iwm_lq_cmd *lq = &in->in_lq; 3965 int nrates = ni->ni_rates.rs_nrates; 3966 int i, ridx, tab = 0; 3967 int txant = 0; 3968 3969 if (nrates > nitems(lq->rs_table)) { 3970 device_printf(sc->sc_dev, 3971 "%s: node supports %d rates, driver handles " 3972 "only %zu\n", __func__, nrates, nitems(lq->rs_table)); 3973 return; 3974 } 3975 if (nrates == 0) { 3976 device_printf(sc->sc_dev, 3977 "%s: node supports 0 rates, odd!\n", __func__); 3978 return; 3979 } 3980 3981 /* 3982 * XXX .. and most of iwm_node is not initialised explicitly; 3983 * it's all just 0x0 passed to the firmware. 3984 */ 3985 3986 /* first figure out which rates we should support */ 3987 /* XXX TODO: this isn't 11n aware /at all/ */ 3988 memset(&in->in_ridx, -1, sizeof(in->in_ridx)); 3989 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3990 "%s: nrates=%d\n", __func__, nrates); 3991 3992 /* 3993 * Loop over nrates and populate in_ridx from the highest 3994 * rate to the lowest rate. Remember, in_ridx[] has 3995 * IEEE80211_RATE_MAXSIZE entries! 3996 */ 3997 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) { 3998 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL; 3999 4000 /* Map 802.11 rate to HW rate index. */ 4001 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++) 4002 if (iwm_rates[ridx].rate == rate) 4003 break; 4004 if (ridx > IWM_RIDX_MAX) { 4005 device_printf(sc->sc_dev, 4006 "%s: WARNING: device rate for %d not found!\n", 4007 __func__, rate); 4008 } else { 4009 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4010 "%s: rate: i: %d, rate=%d, ridx=%d\n", 4011 __func__, 4012 i, 4013 rate, 4014 ridx); 4015 in->in_ridx[i] = ridx; 4016 } 4017 } 4018 4019 /* then construct a lq_cmd based on those */ 4020 memset(lq, 0, sizeof(*lq)); 4021 lq->sta_id = IWM_STATION_ID; 4022 4023 /* For HT, always enable RTS/CTS to avoid excessive retries. */ 4024 if (ni->ni_flags & IEEE80211_NODE_HT) 4025 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK; 4026 4027 /* 4028 * are these used? (we don't do SISO or MIMO) 4029 * need to set them to non-zero, though, or we get an error. 4030 */ 4031 lq->single_stream_ant_msk = 1; 4032 lq->dual_stream_ant_msk = 1; 4033 4034 /* 4035 * Build the actual rate selection table. 4036 * The lowest bits are the rates. Additionally, 4037 * CCK needs bit 9 to be set. The rest of the bits 4038 * we add to the table select the tx antenna 4039 * Note that we add the rates in the highest rate first 4040 * (opposite of ni_rates). 4041 */ 4042 /* 4043 * XXX TODO: this should be looping over the min of nrates 4044 * and LQ_MAX_RETRY_NUM. Sigh. 4045 */ 4046 for (i = 0; i < nrates; i++) { 4047 int nextant; 4048 4049 if (txant == 0) 4050 txant = iwm_fw_valid_tx_ant(sc); 4051 nextant = 1<<(ffs(txant)-1); 4052 txant &= ~nextant; 4053 4054 /* 4055 * Map the rate id into a rate index into 4056 * our hardware table containing the 4057 * configuration to use for this rate. 4058 */ 4059 ridx = in->in_ridx[i]; 4060 tab = iwm_rates[ridx].plcp; 4061 tab |= nextant << IWM_RATE_MCS_ANT_POS; 4062 if (IWM_RIDX_IS_CCK(ridx)) 4063 tab |= IWM_RATE_MCS_CCK_MSK; 4064 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4065 "station rate i=%d, rate=%d, hw=%x\n", 4066 i, iwm_rates[ridx].rate, tab); 4067 lq->rs_table[i] = htole32(tab); 4068 } 4069 /* then fill the rest with the lowest possible rate */ 4070 for (i = nrates; i < nitems(lq->rs_table); i++) { 4071 KASSERT(tab != 0, ("invalid tab")); 4072 lq->rs_table[i] = htole32(tab); 4073 } 4074} 4075 4076static int 4077iwm_media_change(struct ifnet *ifp) 4078{ 4079 struct ieee80211vap *vap = ifp->if_softc; 4080 struct ieee80211com *ic = vap->iv_ic; 4081 struct iwm_softc *sc = ic->ic_softc; 4082 int error; 4083 4084 error = ieee80211_media_change(ifp); 4085 if (error != ENETRESET) 4086 return error; 4087 4088 IWM_LOCK(sc); 4089 if (ic->ic_nrunning > 0) { 4090 iwm_stop(sc); 4091 iwm_init(sc); 4092 } 4093 IWM_UNLOCK(sc); 4094 return error; 4095} 4096 4097 4098static int 4099iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 4100{ 4101 struct iwm_vap *ivp = IWM_VAP(vap); 4102 struct ieee80211com *ic = vap->iv_ic; 4103 struct iwm_softc *sc = ic->ic_softc; 4104 struct iwm_node *in; 4105 int error; 4106 4107 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4108 "switching state %s -> %s\n", 4109 ieee80211_state_name[vap->iv_state], 4110 ieee80211_state_name[nstate]); 4111 IEEE80211_UNLOCK(ic); 4112 IWM_LOCK(sc); 4113 4114 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state) 4115 iwm_led_blink_stop(sc); 4116 4117 /* disable beacon filtering if we're hopping out of RUN */ 4118 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) { 4119 iwm_mvm_disable_beacon_filter(sc); 4120 4121 if (((in = IWM_NODE(vap->iv_bss)) != NULL)) 4122 in->in_assoc = 0; 4123 4124 iwm_release(sc, NULL); 4125 4126 /* 4127 * It's impossible to directly go RUN->SCAN. If we iwm_release() 4128 * above then the card will be completely reinitialized, 4129 * so the driver must do everything necessary to bring the card 4130 * from INIT to SCAN. 4131 * 4132 * Additionally, upon receiving deauth frame from AP, 4133 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH 4134 * state. This will also fail with this driver, so bring the FSM 4135 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well. 4136 * 4137 * XXX TODO: fix this for FreeBSD! 4138 */ 4139 if (nstate == IEEE80211_S_SCAN || 4140 nstate == IEEE80211_S_AUTH || 4141 nstate == IEEE80211_S_ASSOC) { 4142 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4143 "Force transition to INIT; MGT=%d\n", arg); 4144 IWM_UNLOCK(sc); 4145 IEEE80211_LOCK(ic); 4146 /* Always pass arg as -1 since we can't Tx right now. */ 4147 /* 4148 * XXX arg is just ignored anyway when transitioning 4149 * to IEEE80211_S_INIT. 4150 */ 4151 vap->iv_newstate(vap, IEEE80211_S_INIT, -1); 4152 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4153 "Going INIT->SCAN\n"); 4154 nstate = IEEE80211_S_SCAN; 4155 IEEE80211_UNLOCK(ic); 4156 IWM_LOCK(sc); 4157 } 4158 } 4159 4160 switch (nstate) { 4161 case IEEE80211_S_INIT: 4162 break; 4163 4164 case IEEE80211_S_AUTH: 4165 if ((error = iwm_auth(vap, sc)) != 0) { 4166 device_printf(sc->sc_dev, 4167 "%s: could not move to auth state: %d\n", 4168 __func__, error); 4169 break; 4170 } 4171 break; 4172 4173 case IEEE80211_S_ASSOC: 4174 if ((error = iwm_assoc(vap, sc)) != 0) { 4175 device_printf(sc->sc_dev, 4176 "%s: failed to associate: %d\n", __func__, 4177 error); 4178 break; 4179 } 4180 break; 4181 4182 case IEEE80211_S_RUN: 4183 { 4184 struct iwm_host_cmd cmd = { 4185 .id = IWM_LQ_CMD, 4186 .len = { sizeof(in->in_lq), }, 4187 .flags = IWM_CMD_SYNC, 4188 }; 4189 4190 /* Update the association state, now we have it all */ 4191 /* (eg associd comes in at this point */ 4192 error = iwm_assoc(vap, sc); 4193 if (error != 0) { 4194 device_printf(sc->sc_dev, 4195 "%s: failed to update association state: %d\n", 4196 __func__, 4197 error); 4198 break; 4199 } 4200 4201 in = IWM_NODE(vap->iv_bss); 4202 iwm_mvm_power_mac_update_mode(sc, in); 4203 iwm_mvm_enable_beacon_filter(sc, in); 4204 iwm_mvm_update_quotas(sc, in); 4205 iwm_setrates(sc, in); 4206 4207 cmd.data[0] = &in->in_lq; 4208 if ((error = iwm_send_cmd(sc, &cmd)) != 0) { 4209 device_printf(sc->sc_dev, 4210 "%s: IWM_LQ_CMD failed\n", __func__); 4211 } 4212 4213 iwm_mvm_led_enable(sc); 4214 break; 4215 } 4216 4217 default: 4218 break; 4219 } 4220 IWM_UNLOCK(sc); 4221 IEEE80211_LOCK(ic); 4222 4223 return (ivp->iv_newstate(vap, nstate, arg)); 4224} 4225 4226void 4227iwm_endscan_cb(void *arg, int pending) 4228{ 4229 struct iwm_softc *sc = arg; 4230 struct ieee80211com *ic = &sc->sc_ic; 4231 4232 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE, 4233 "%s: scan ended\n", 4234 __func__); 4235 4236 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps)); 4237} 4238 4239/* 4240 * Aging and idle timeouts for the different possible scenarios 4241 * in default configuration 4242 */ 4243static const uint32_t 4244iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4245 { 4246 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF), 4247 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF) 4248 }, 4249 { 4250 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF), 4251 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF) 4252 }, 4253 { 4254 htole32(IWM_SF_MCAST_AGING_TIMER_DEF), 4255 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF) 4256 }, 4257 { 4258 htole32(IWM_SF_BA_AGING_TIMER_DEF), 4259 htole32(IWM_SF_BA_IDLE_TIMER_DEF) 4260 }, 4261 { 4262 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF), 4263 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF) 4264 }, 4265}; 4266 4267/* 4268 * Aging and idle timeouts for the different possible scenarios 4269 * in single BSS MAC configuration. 4270 */ 4271static const uint32_t 4272iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4273 { 4274 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER), 4275 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER) 4276 }, 4277 { 4278 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER), 4279 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER) 4280 }, 4281 { 4282 htole32(IWM_SF_MCAST_AGING_TIMER), 4283 htole32(IWM_SF_MCAST_IDLE_TIMER) 4284 }, 4285 { 4286 htole32(IWM_SF_BA_AGING_TIMER), 4287 htole32(IWM_SF_BA_IDLE_TIMER) 4288 }, 4289 { 4290 htole32(IWM_SF_TX_RE_AGING_TIMER), 4291 htole32(IWM_SF_TX_RE_IDLE_TIMER) 4292 }, 4293}; 4294 4295static void 4296iwm_mvm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd, 4297 struct ieee80211_node *ni) 4298{ 4299 int i, j, watermark; 4300 4301 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN); 4302 4303 /* 4304 * If we are in association flow - check antenna configuration 4305 * capabilities of the AP station, and choose the watermark accordingly. 4306 */ 4307 if (ni) { 4308 if (ni->ni_flags & IEEE80211_NODE_HT) { 4309#ifdef notyet 4310 if (ni->ni_rxmcs[2] != 0) 4311 watermark = IWM_SF_W_MARK_MIMO3; 4312 else if (ni->ni_rxmcs[1] != 0) 4313 watermark = IWM_SF_W_MARK_MIMO2; 4314 else 4315#endif 4316 watermark = IWM_SF_W_MARK_SISO; 4317 } else { 4318 watermark = IWM_SF_W_MARK_LEGACY; 4319 } 4320 /* default watermark value for unassociated mode. */ 4321 } else { 4322 watermark = IWM_SF_W_MARK_MIMO2; 4323 } 4324 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark); 4325 4326 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) { 4327 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) { 4328 sf_cmd->long_delay_timeouts[i][j] = 4329 htole32(IWM_SF_LONG_DELAY_AGING_TIMER); 4330 } 4331 } 4332 4333 if (ni) { 4334 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout, 4335 sizeof(iwm_sf_full_timeout)); 4336 } else { 4337 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def, 4338 sizeof(iwm_sf_full_timeout_def)); 4339 } 4340} 4341 4342static int 4343iwm_mvm_sf_config(struct iwm_softc *sc, enum iwm_sf_state new_state) 4344{ 4345 struct ieee80211com *ic = &sc->sc_ic; 4346 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4347 struct iwm_sf_cfg_cmd sf_cmd = { 4348 .state = htole32(IWM_SF_FULL_ON), 4349 }; 4350 int ret = 0; 4351 4352 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) 4353 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF); 4354 4355 switch (new_state) { 4356 case IWM_SF_UNINIT: 4357 case IWM_SF_INIT_OFF: 4358 iwm_mvm_fill_sf_command(sc, &sf_cmd, NULL); 4359 break; 4360 case IWM_SF_FULL_ON: 4361 iwm_mvm_fill_sf_command(sc, &sf_cmd, vap->iv_bss); 4362 break; 4363 default: 4364 IWM_DPRINTF(sc, IWM_DEBUG_PWRSAVE, 4365 "Invalid state: %d. not sending Smart Fifo cmd\n", 4366 new_state); 4367 return EINVAL; 4368 } 4369 4370 ret = iwm_mvm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC, 4371 sizeof(sf_cmd), &sf_cmd); 4372 return ret; 4373} 4374 4375static int 4376iwm_send_bt_init_conf(struct iwm_softc *sc) 4377{ 4378 struct iwm_bt_coex_cmd bt_cmd; 4379 4380 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI); 4381 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET); 4382 4383 return iwm_mvm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd), 4384 &bt_cmd); 4385} 4386 4387static int 4388iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2) 4389{ 4390 struct iwm_mcc_update_cmd mcc_cmd; 4391 struct iwm_host_cmd hcmd = { 4392 .id = IWM_MCC_UPDATE_CMD, 4393 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB), 4394 .data = { &mcc_cmd }, 4395 }; 4396 int ret; 4397#ifdef IWM_DEBUG 4398 struct iwm_rx_packet *pkt; 4399 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL; 4400 struct iwm_mcc_update_resp *mcc_resp; 4401 int n_channels; 4402 uint16_t mcc; 4403#endif 4404 int resp_v2 = isset(sc->sc_enabled_capa, 4405 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2); 4406 4407 memset(&mcc_cmd, 0, sizeof(mcc_cmd)); 4408 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]); 4409 if ((sc->sc_ucode_api & IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) || 4410 isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC)) 4411 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT; 4412 else 4413 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW; 4414 4415 if (resp_v2) 4416 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd); 4417 else 4418 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1); 4419 4420 IWM_DPRINTF(sc, IWM_DEBUG_NODE, 4421 "send MCC update to FW with '%c%c' src = %d\n", 4422 alpha2[0], alpha2[1], mcc_cmd.source_id); 4423 4424 ret = iwm_send_cmd(sc, &hcmd); 4425 if (ret) 4426 return ret; 4427 4428#ifdef IWM_DEBUG 4429 pkt = hcmd.resp_pkt; 4430 4431 /* Extract MCC response */ 4432 if (resp_v2) { 4433 mcc_resp = (void *)pkt->data; 4434 mcc = mcc_resp->mcc; 4435 n_channels = le32toh(mcc_resp->n_channels); 4436 } else { 4437 mcc_resp_v1 = (void *)pkt->data; 4438 mcc = mcc_resp_v1->mcc; 4439 n_channels = le32toh(mcc_resp_v1->n_channels); 4440 } 4441 4442 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */ 4443 if (mcc == 0) 4444 mcc = 0x3030; /* "00" - world */ 4445 4446 IWM_DPRINTF(sc, IWM_DEBUG_NODE, 4447 "regulatory domain '%c%c' (%d channels available)\n", 4448 mcc >> 8, mcc & 0xff, n_channels); 4449#endif 4450 iwm_free_resp(sc, &hcmd); 4451 4452 return 0; 4453} 4454 4455static void 4456iwm_mvm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff) 4457{ 4458 struct iwm_host_cmd cmd = { 4459 .id = IWM_REPLY_THERMAL_MNG_BACKOFF, 4460 .len = { sizeof(uint32_t), }, 4461 .data = { &backoff, }, 4462 }; 4463 4464 if (iwm_send_cmd(sc, &cmd) != 0) { 4465 device_printf(sc->sc_dev, 4466 "failed to change thermal tx backoff\n"); 4467 } 4468} 4469 4470static int 4471iwm_init_hw(struct iwm_softc *sc) 4472{ 4473 struct ieee80211com *ic = &sc->sc_ic; 4474 int error, i, ac; 4475 4476 if ((error = iwm_start_hw(sc)) != 0) { 4477 printf("iwm_start_hw: failed %d\n", error); 4478 return error; 4479 } 4480 4481 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) { 4482 printf("iwm_run_init_mvm_ucode: failed %d\n", error); 4483 return error; 4484 } 4485 4486 /* 4487 * should stop and start HW since that INIT 4488 * image just loaded 4489 */ 4490 iwm_stop_device(sc); 4491 if ((error = iwm_start_hw(sc)) != 0) { 4492 device_printf(sc->sc_dev, "could not initialize hardware\n"); 4493 return error; 4494 } 4495 4496 /* omstart, this time with the regular firmware */ 4497 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_TYPE_REGULAR); 4498 if (error) { 4499 device_printf(sc->sc_dev, "could not load firmware\n"); 4500 goto error; 4501 } 4502 4503 if ((error = iwm_send_bt_init_conf(sc)) != 0) { 4504 device_printf(sc->sc_dev, "bt init conf failed\n"); 4505 goto error; 4506 } 4507 4508 if ((error = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc))) != 0) { 4509 device_printf(sc->sc_dev, "antenna config failed\n"); 4510 goto error; 4511 } 4512 4513 /* Send phy db control command and then phy db calibration*/ 4514 if ((error = iwm_send_phy_db_data(sc)) != 0) { 4515 device_printf(sc->sc_dev, "phy_db_data failed\n"); 4516 goto error; 4517 } 4518 4519 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) { 4520 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n"); 4521 goto error; 4522 } 4523 4524 /* Add auxiliary station for scanning */ 4525 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) { 4526 device_printf(sc->sc_dev, "add_aux_sta failed\n"); 4527 goto error; 4528 } 4529 4530 for (i = 0; i < IWM_NUM_PHY_CTX; i++) { 4531 /* 4532 * The channel used here isn't relevant as it's 4533 * going to be overwritten in the other flows. 4534 * For now use the first channel we have. 4535 */ 4536 if ((error = iwm_mvm_phy_ctxt_add(sc, 4537 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0) 4538 goto error; 4539 } 4540 4541 /* Initialize tx backoffs to the minimum. */ 4542 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 4543 iwm_mvm_tt_tx_backoff(sc, 0); 4544 4545 error = iwm_mvm_power_update_device(sc); 4546 if (error) 4547 goto error; 4548 4549 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_SUPPORT)) { 4550 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0) 4551 goto error; 4552 } 4553 4554 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) { 4555 if ((error = iwm_mvm_config_umac_scan(sc)) != 0) 4556 goto error; 4557 } 4558 4559 /* Enable Tx queues. */ 4560 for (ac = 0; ac < WME_NUM_AC; ac++) { 4561 error = iwm_enable_txq(sc, IWM_STATION_ID, ac, 4562 iwm_mvm_ac_to_tx_fifo[ac]); 4563 if (error) 4564 goto error; 4565 } 4566 4567 if ((error = iwm_mvm_disable_beacon_filter(sc)) != 0) { 4568 device_printf(sc->sc_dev, "failed to disable beacon filter\n"); 4569 goto error; 4570 } 4571 4572 return 0; 4573 4574 error: 4575 iwm_stop_device(sc); 4576 return error; 4577} 4578 4579/* Allow multicast from our BSSID. */ 4580static int 4581iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc) 4582{ 4583 struct ieee80211_node *ni = vap->iv_bss; 4584 struct iwm_mcast_filter_cmd *cmd; 4585 size_t size; 4586 int error; 4587 4588 size = roundup(sizeof(*cmd), 4); 4589 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO); 4590 if (cmd == NULL) 4591 return ENOMEM; 4592 cmd->filter_own = 1; 4593 cmd->port_id = 0; 4594 cmd->count = 0; 4595 cmd->pass_all = 1; 4596 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid); 4597 4598 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD, 4599 IWM_CMD_SYNC, size, cmd); 4600 free(cmd, M_DEVBUF); 4601 4602 return (error); 4603} 4604 4605/* 4606 * ifnet interfaces 4607 */ 4608 4609static void 4610iwm_init(struct iwm_softc *sc) 4611{ 4612 int error; 4613 4614 if (sc->sc_flags & IWM_FLAG_HW_INITED) { 4615 return; 4616 } 4617 sc->sc_generation++; 4618 sc->sc_flags &= ~IWM_FLAG_STOPPED; 4619 4620 if ((error = iwm_init_hw(sc)) != 0) { 4621 printf("iwm_init_hw failed %d\n", error); 4622 iwm_stop(sc); 4623 return; 4624 } 4625 4626 /* 4627 * Ok, firmware loaded and we are jogging 4628 */ 4629 sc->sc_flags |= IWM_FLAG_HW_INITED; 4630 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 4631} 4632 4633static int 4634iwm_transmit(struct ieee80211com *ic, struct mbuf *m) 4635{ 4636 struct iwm_softc *sc; 4637 int error; 4638 4639 sc = ic->ic_softc; 4640 4641 IWM_LOCK(sc); 4642 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 4643 IWM_UNLOCK(sc); 4644 return (ENXIO); 4645 } 4646 error = mbufq_enqueue(&sc->sc_snd, m); 4647 if (error) { 4648 IWM_UNLOCK(sc); 4649 return (error); 4650 } 4651 iwm_start(sc); 4652 IWM_UNLOCK(sc); 4653 return (0); 4654} 4655 4656/* 4657 * Dequeue packets from sendq and call send. 4658 */ 4659static void 4660iwm_start(struct iwm_softc *sc) 4661{ 4662 struct ieee80211_node *ni; 4663 struct mbuf *m; 4664 int ac = 0; 4665 4666 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__); 4667 while (sc->qfullmsk == 0 && 4668 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 4669 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 4670 if (iwm_tx(sc, m, ni, ac) != 0) { 4671 if_inc_counter(ni->ni_vap->iv_ifp, 4672 IFCOUNTER_OERRORS, 1); 4673 ieee80211_free_node(ni); 4674 continue; 4675 } 4676 sc->sc_tx_timer = 15; 4677 } 4678 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__); 4679} 4680 4681static void 4682iwm_stop(struct iwm_softc *sc) 4683{ 4684 4685 sc->sc_flags &= ~IWM_FLAG_HW_INITED; 4686 sc->sc_flags |= IWM_FLAG_STOPPED; 4687 sc->sc_generation++; 4688 iwm_led_blink_stop(sc); 4689 sc->sc_tx_timer = 0; 4690 iwm_stop_device(sc); 4691} 4692 4693static void 4694iwm_watchdog(void *arg) 4695{ 4696 struct iwm_softc *sc = arg; 4697 struct ieee80211com *ic = &sc->sc_ic; 4698 4699 if (sc->sc_tx_timer > 0) { 4700 if (--sc->sc_tx_timer == 0) { 4701 device_printf(sc->sc_dev, "device timeout\n"); 4702#ifdef IWM_DEBUG 4703 iwm_nic_error(sc); 4704#endif 4705 ieee80211_restart_all(ic); 4706 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 4707 return; 4708 } 4709 } 4710 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 4711} 4712 4713static void 4714iwm_parent(struct ieee80211com *ic) 4715{ 4716 struct iwm_softc *sc = ic->ic_softc; 4717 int startall = 0; 4718 4719 IWM_LOCK(sc); 4720 if (ic->ic_nrunning > 0) { 4721 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) { 4722 iwm_init(sc); 4723 startall = 1; 4724 } 4725 } else if (sc->sc_flags & IWM_FLAG_HW_INITED) 4726 iwm_stop(sc); 4727 IWM_UNLOCK(sc); 4728 if (startall) 4729 ieee80211_start_all(ic); 4730} 4731 4732/* 4733 * The interrupt side of things 4734 */ 4735 4736/* 4737 * error dumping routines are from iwlwifi/mvm/utils.c 4738 */ 4739 4740/* 4741 * Note: This structure is read from the device with IO accesses, 4742 * and the reading already does the endian conversion. As it is 4743 * read with uint32_t-sized accesses, any members with a different size 4744 * need to be ordered correctly though! 4745 */ 4746struct iwm_error_event_table { 4747 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 4748 uint32_t error_id; /* type of error */ 4749 uint32_t trm_hw_status0; /* TRM HW status */ 4750 uint32_t trm_hw_status1; /* TRM HW status */ 4751 uint32_t blink2; /* branch link */ 4752 uint32_t ilink1; /* interrupt link */ 4753 uint32_t ilink2; /* interrupt link */ 4754 uint32_t data1; /* error-specific data */ 4755 uint32_t data2; /* error-specific data */ 4756 uint32_t data3; /* error-specific data */ 4757 uint32_t bcon_time; /* beacon timer */ 4758 uint32_t tsf_low; /* network timestamp function timer */ 4759 uint32_t tsf_hi; /* network timestamp function timer */ 4760 uint32_t gp1; /* GP1 timer register */ 4761 uint32_t gp2; /* GP2 timer register */ 4762 uint32_t fw_rev_type; /* firmware revision type */ 4763 uint32_t major; /* uCode version major */ 4764 uint32_t minor; /* uCode version minor */ 4765 uint32_t hw_ver; /* HW Silicon version */ 4766 uint32_t brd_ver; /* HW board version */ 4767 uint32_t log_pc; /* log program counter */ 4768 uint32_t frame_ptr; /* frame pointer */ 4769 uint32_t stack_ptr; /* stack pointer */ 4770 uint32_t hcmd; /* last host command header */ 4771 uint32_t isr0; /* isr status register LMPM_NIC_ISR0: 4772 * rxtx_flag */ 4773 uint32_t isr1; /* isr status register LMPM_NIC_ISR1: 4774 * host_flag */ 4775 uint32_t isr2; /* isr status register LMPM_NIC_ISR2: 4776 * enc_flag */ 4777 uint32_t isr3; /* isr status register LMPM_NIC_ISR3: 4778 * time_flag */ 4779 uint32_t isr4; /* isr status register LMPM_NIC_ISR4: 4780 * wico interrupt */ 4781 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */ 4782 uint32_t wait_event; /* wait event() caller address */ 4783 uint32_t l2p_control; /* L2pControlField */ 4784 uint32_t l2p_duration; /* L2pDurationField */ 4785 uint32_t l2p_mhvalid; /* L2pMhValidBits */ 4786 uint32_t l2p_addr_match; /* L2pAddrMatchStat */ 4787 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on 4788 * (LMPM_PMG_SEL) */ 4789 uint32_t u_timestamp; /* indicate when the date and time of the 4790 * compilation */ 4791 uint32_t flow_handler; /* FH read/write pointers, RX credit */ 4792} __packed /* LOG_ERROR_TABLE_API_S_VER_3 */; 4793 4794/* 4795 * UMAC error struct - relevant starting from family 8000 chip. 4796 * Note: This structure is read from the device with IO accesses, 4797 * and the reading already does the endian conversion. As it is 4798 * read with u32-sized accesses, any members with a different size 4799 * need to be ordered correctly though! 4800 */ 4801struct iwm_umac_error_event_table { 4802 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 4803 uint32_t error_id; /* type of error */ 4804 uint32_t blink1; /* branch link */ 4805 uint32_t blink2; /* branch link */ 4806 uint32_t ilink1; /* interrupt link */ 4807 uint32_t ilink2; /* interrupt link */ 4808 uint32_t data1; /* error-specific data */ 4809 uint32_t data2; /* error-specific data */ 4810 uint32_t data3; /* error-specific data */ 4811 uint32_t umac_major; 4812 uint32_t umac_minor; 4813 uint32_t frame_pointer; /* core register 27*/ 4814 uint32_t stack_pointer; /* core register 28 */ 4815 uint32_t cmd_header; /* latest host cmd sent to UMAC */ 4816 uint32_t nic_isr_pref; /* ISR status register */ 4817} __packed; 4818 4819#define ERROR_START_OFFSET (1 * sizeof(uint32_t)) 4820#define ERROR_ELEM_SIZE (7 * sizeof(uint32_t)) 4821 4822#ifdef IWM_DEBUG 4823struct { 4824 const char *name; 4825 uint8_t num; 4826} advanced_lookup[] = { 4827 { "NMI_INTERRUPT_WDG", 0x34 }, 4828 { "SYSASSERT", 0x35 }, 4829 { "UCODE_VERSION_MISMATCH", 0x37 }, 4830 { "BAD_COMMAND", 0x38 }, 4831 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C }, 4832 { "FATAL_ERROR", 0x3D }, 4833 { "NMI_TRM_HW_ERR", 0x46 }, 4834 { "NMI_INTERRUPT_TRM", 0x4C }, 4835 { "NMI_INTERRUPT_BREAK_POINT", 0x54 }, 4836 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C }, 4837 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 }, 4838 { "NMI_INTERRUPT_HOST", 0x66 }, 4839 { "NMI_INTERRUPT_ACTION_PT", 0x7C }, 4840 { "NMI_INTERRUPT_UNKNOWN", 0x84 }, 4841 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 }, 4842 { "ADVANCED_SYSASSERT", 0 }, 4843}; 4844 4845static const char * 4846iwm_desc_lookup(uint32_t num) 4847{ 4848 int i; 4849 4850 for (i = 0; i < nitems(advanced_lookup) - 1; i++) 4851 if (advanced_lookup[i].num == num) 4852 return advanced_lookup[i].name; 4853 4854 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */ 4855 return advanced_lookup[i].name; 4856} 4857 4858static void 4859iwm_nic_umac_error(struct iwm_softc *sc) 4860{ 4861 struct iwm_umac_error_event_table table; 4862 uint32_t base; 4863 4864 base = sc->sc_uc.uc_umac_error_event_table; 4865 4866 if (base < 0x800000) { 4867 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n", 4868 base); 4869 return; 4870 } 4871 4872 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 4873 device_printf(sc->sc_dev, "reading errlog failed\n"); 4874 return; 4875 } 4876 4877 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 4878 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n"); 4879 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 4880 sc->sc_flags, table.valid); 4881 } 4882 4883 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id, 4884 iwm_desc_lookup(table.error_id)); 4885 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1); 4886 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2); 4887 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n", 4888 table.ilink1); 4889 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n", 4890 table.ilink2); 4891 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1); 4892 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2); 4893 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3); 4894 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major); 4895 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor); 4896 device_printf(sc->sc_dev, "0x%08X | frame pointer\n", 4897 table.frame_pointer); 4898 device_printf(sc->sc_dev, "0x%08X | stack pointer\n", 4899 table.stack_pointer); 4900 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header); 4901 device_printf(sc->sc_dev, "0x%08X | isr status reg\n", 4902 table.nic_isr_pref); 4903} 4904 4905/* 4906 * Support for dumping the error log seemed like a good idea ... 4907 * but it's mostly hex junk and the only sensible thing is the 4908 * hw/ucode revision (which we know anyway). Since it's here, 4909 * I'll just leave it in, just in case e.g. the Intel guys want to 4910 * help us decipher some "ADVANCED_SYSASSERT" later. 4911 */ 4912static void 4913iwm_nic_error(struct iwm_softc *sc) 4914{ 4915 struct iwm_error_event_table table; 4916 uint32_t base; 4917 4918 device_printf(sc->sc_dev, "dumping device error log\n"); 4919 base = sc->sc_uc.uc_error_event_table; 4920 if (base < 0x800000) { 4921 device_printf(sc->sc_dev, 4922 "Invalid error log pointer 0x%08x\n", base); 4923 return; 4924 } 4925 4926 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 4927 device_printf(sc->sc_dev, "reading errlog failed\n"); 4928 return; 4929 } 4930 4931 if (!table.valid) { 4932 device_printf(sc->sc_dev, "errlog not found, skipping\n"); 4933 return; 4934 } 4935 4936 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 4937 device_printf(sc->sc_dev, "Start Error Log Dump:\n"); 4938 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 4939 sc->sc_flags, table.valid); 4940 } 4941 4942 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id, 4943 iwm_desc_lookup(table.error_id)); 4944 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n", 4945 table.trm_hw_status0); 4946 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n", 4947 table.trm_hw_status1); 4948 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2); 4949 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1); 4950 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2); 4951 device_printf(sc->sc_dev, "%08X | data1\n", table.data1); 4952 device_printf(sc->sc_dev, "%08X | data2\n", table.data2); 4953 device_printf(sc->sc_dev, "%08X | data3\n", table.data3); 4954 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time); 4955 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low); 4956 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi); 4957 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1); 4958 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2); 4959 device_printf(sc->sc_dev, "%08X | uCode revision type\n", 4960 table.fw_rev_type); 4961 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major); 4962 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor); 4963 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver); 4964 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver); 4965 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd); 4966 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0); 4967 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1); 4968 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2); 4969 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3); 4970 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4); 4971 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id); 4972 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event); 4973 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control); 4974 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration); 4975 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid); 4976 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match); 4977 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel); 4978 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp); 4979 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler); 4980 4981 if (sc->sc_uc.uc_umac_error_event_table) 4982 iwm_nic_umac_error(sc); 4983} 4984#endif 4985 4986#define SYNC_RESP_STRUCT(_var_, _pkt_) \ 4987do { \ 4988 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\ 4989 _var_ = (void *)((_pkt_)+1); \ 4990} while (/*CONSTCOND*/0) 4991 4992#define SYNC_RESP_PTR(_ptr_, _len_, _pkt_) \ 4993do { \ 4994 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\ 4995 _ptr_ = (void *)((_pkt_)+1); \ 4996} while (/*CONSTCOND*/0) 4997 4998#define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT); 4999 5000/* 5001 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt. 5002 * Basic structure from if_iwn 5003 */ 5004static void 5005iwm_notif_intr(struct iwm_softc *sc) 5006{ 5007 struct ieee80211com *ic = &sc->sc_ic; 5008 uint16_t hw; 5009 5010 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map, 5011 BUS_DMASYNC_POSTREAD); 5012 5013 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff; 5014 5015 /* 5016 * Process responses 5017 */ 5018 while (sc->rxq.cur != hw) { 5019 struct iwm_rx_ring *ring = &sc->rxq; 5020 struct iwm_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 5021 struct iwm_rx_packet *pkt; 5022 struct iwm_cmd_response *cresp; 5023 int qid, idx, code; 5024 5025 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 5026 BUS_DMASYNC_POSTREAD); 5027 pkt = mtod(data->m, struct iwm_rx_packet *); 5028 5029 qid = pkt->hdr.qid & ~0x80; 5030 idx = pkt->hdr.idx; 5031 5032 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code); 5033 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5034 "rx packet qid=%d idx=%d type=%x %d %d\n", 5035 pkt->hdr.qid & ~0x80, pkt->hdr.idx, code, sc->rxq.cur, hw); 5036 5037 /* 5038 * randomly get these from the firmware, no idea why. 5039 * they at least seem harmless, so just ignore them for now 5040 */ 5041 if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0) 5042 || pkt->len_n_flags == htole32(0x55550000))) { 5043 ADVANCE_RXQ(sc); 5044 continue; 5045 } 5046 5047 switch (code) { 5048 case IWM_REPLY_RX_PHY_CMD: 5049 iwm_mvm_rx_rx_phy_cmd(sc, pkt, data); 5050 break; 5051 5052 case IWM_REPLY_RX_MPDU_CMD: 5053 iwm_mvm_rx_rx_mpdu(sc, pkt, data); 5054 break; 5055 5056 case IWM_TX_CMD: 5057 iwm_mvm_rx_tx_cmd(sc, pkt, data); 5058 break; 5059 5060 case IWM_MISSED_BEACONS_NOTIFICATION: { 5061 struct iwm_missed_beacons_notif *resp; 5062 int missed; 5063 5064 /* XXX look at mac_id to determine interface ID */ 5065 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5066 5067 SYNC_RESP_STRUCT(resp, pkt); 5068 missed = le32toh(resp->consec_missed_beacons); 5069 5070 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE, 5071 "%s: MISSED_BEACON: mac_id=%d, " 5072 "consec_since_last_rx=%d, consec=%d, num_expect=%d " 5073 "num_rx=%d\n", 5074 __func__, 5075 le32toh(resp->mac_id), 5076 le32toh(resp->consec_missed_beacons_since_last_rx), 5077 le32toh(resp->consec_missed_beacons), 5078 le32toh(resp->num_expected_beacons), 5079 le32toh(resp->num_recvd_beacons)); 5080 5081 /* Be paranoid */ 5082 if (vap == NULL) 5083 break; 5084 5085 /* XXX no net80211 locking? */ 5086 if (vap->iv_state == IEEE80211_S_RUN && 5087 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 5088 if (missed > vap->iv_bmissthreshold) { 5089 /* XXX bad locking; turn into task */ 5090 IWM_UNLOCK(sc); 5091 ieee80211_beacon_miss(ic); 5092 IWM_LOCK(sc); 5093 } 5094 } 5095 5096 break; } 5097 5098 case IWM_MFUART_LOAD_NOTIFICATION: 5099 break; 5100 5101 case IWM_MVM_ALIVE: { 5102 struct iwm_mvm_alive_resp_v1 *resp1; 5103 struct iwm_mvm_alive_resp_v2 *resp2; 5104 struct iwm_mvm_alive_resp_v3 *resp3; 5105 5106 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp1)) { 5107 SYNC_RESP_STRUCT(resp1, pkt); 5108 sc->sc_uc.uc_error_event_table 5109 = le32toh(resp1->error_event_table_ptr); 5110 sc->sc_uc.uc_log_event_table 5111 = le32toh(resp1->log_event_table_ptr); 5112 sc->sched_base = le32toh(resp1->scd_base_ptr); 5113 if (resp1->status == IWM_ALIVE_STATUS_OK) 5114 sc->sc_uc.uc_ok = 1; 5115 else 5116 sc->sc_uc.uc_ok = 0; 5117 } 5118 5119 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp2)) { 5120 SYNC_RESP_STRUCT(resp2, pkt); 5121 sc->sc_uc.uc_error_event_table 5122 = le32toh(resp2->error_event_table_ptr); 5123 sc->sc_uc.uc_log_event_table 5124 = le32toh(resp2->log_event_table_ptr); 5125 sc->sched_base = le32toh(resp2->scd_base_ptr); 5126 sc->sc_uc.uc_umac_error_event_table 5127 = le32toh(resp2->error_info_addr); 5128 if (resp2->status == IWM_ALIVE_STATUS_OK) 5129 sc->sc_uc.uc_ok = 1; 5130 else 5131 sc->sc_uc.uc_ok = 0; 5132 } 5133 5134 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp3)) { 5135 SYNC_RESP_STRUCT(resp3, pkt); 5136 sc->sc_uc.uc_error_event_table 5137 = le32toh(resp3->error_event_table_ptr); 5138 sc->sc_uc.uc_log_event_table 5139 = le32toh(resp3->log_event_table_ptr); 5140 sc->sched_base = le32toh(resp3->scd_base_ptr); 5141 sc->sc_uc.uc_umac_error_event_table 5142 = le32toh(resp3->error_info_addr); 5143 if (resp3->status == IWM_ALIVE_STATUS_OK) 5144 sc->sc_uc.uc_ok = 1; 5145 else 5146 sc->sc_uc.uc_ok = 0; 5147 } 5148 5149 sc->sc_uc.uc_intr = 1; 5150 wakeup(&sc->sc_uc); 5151 break; } 5152 5153 case IWM_CALIB_RES_NOTIF_PHY_DB: { 5154 struct iwm_calib_res_notif_phy_db *phy_db_notif; 5155 SYNC_RESP_STRUCT(phy_db_notif, pkt); 5156 5157 iwm_phy_db_set_section(sc, phy_db_notif); 5158 5159 break; } 5160 5161 case IWM_STATISTICS_NOTIFICATION: { 5162 struct iwm_notif_statistics *stats; 5163 SYNC_RESP_STRUCT(stats, pkt); 5164 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats)); 5165 sc->sc_noise = iwm_get_noise(&stats->rx.general); 5166 break; } 5167 5168 case IWM_NVM_ACCESS_CMD: 5169 case IWM_MCC_UPDATE_CMD: 5170 if (sc->sc_wantresp == ((qid << 16) | idx)) { 5171 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 5172 BUS_DMASYNC_POSTREAD); 5173 memcpy(sc->sc_cmd_resp, 5174 pkt, sizeof(sc->sc_cmd_resp)); 5175 } 5176 break; 5177 5178 case IWM_MCC_CHUB_UPDATE_CMD: { 5179 struct iwm_mcc_chub_notif *notif; 5180 SYNC_RESP_STRUCT(notif, pkt); 5181 5182 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8; 5183 sc->sc_fw_mcc[1] = notif->mcc & 0xff; 5184 sc->sc_fw_mcc[2] = '\0'; 5185 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 5186 "fw source %d sent CC '%s'\n", 5187 notif->source_id, sc->sc_fw_mcc); 5188 break; } 5189 5190 case IWM_DTS_MEASUREMENT_NOTIFICATION: 5191 break; 5192 5193 case IWM_PHY_CONFIGURATION_CMD: 5194 case IWM_TX_ANT_CONFIGURATION_CMD: 5195 case IWM_ADD_STA: 5196 case IWM_MAC_CONTEXT_CMD: 5197 case IWM_REPLY_SF_CFG_CMD: 5198 case IWM_POWER_TABLE_CMD: 5199 case IWM_PHY_CONTEXT_CMD: 5200 case IWM_BINDING_CONTEXT_CMD: 5201 case IWM_TIME_EVENT_CMD: 5202 case IWM_SCAN_REQUEST_CMD: 5203 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD): 5204 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC): 5205 case IWM_SCAN_OFFLOAD_REQUEST_CMD: 5206 case IWM_REPLY_BEACON_FILTERING_CMD: 5207 case IWM_MAC_PM_POWER_TABLE: 5208 case IWM_TIME_QUOTA_CMD: 5209 case IWM_REMOVE_STA: 5210 case IWM_TXPATH_FLUSH: 5211 case IWM_LQ_CMD: 5212 case IWM_BT_CONFIG: 5213 case IWM_REPLY_THERMAL_MNG_BACKOFF: 5214 SYNC_RESP_STRUCT(cresp, pkt); 5215 if (sc->sc_wantresp == ((qid << 16) | idx)) { 5216 memcpy(sc->sc_cmd_resp, 5217 pkt, sizeof(*pkt)+sizeof(*cresp)); 5218 } 5219 break; 5220 5221 /* ignore */ 5222 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */ 5223 break; 5224 5225 case IWM_INIT_COMPLETE_NOTIF: 5226 sc->sc_init_complete = 1; 5227 wakeup(&sc->sc_init_complete); 5228 break; 5229 5230 case IWM_SCAN_OFFLOAD_COMPLETE: { 5231 struct iwm_periodic_scan_complete *notif; 5232 SYNC_RESP_STRUCT(notif, pkt); 5233 break; 5234 } 5235 5236 case IWM_SCAN_ITERATION_COMPLETE: { 5237 struct iwm_lmac_scan_complete_notif *notif; 5238 SYNC_RESP_STRUCT(notif, pkt); 5239 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5240 break; 5241 } 5242 5243 case IWM_SCAN_COMPLETE_UMAC: { 5244 struct iwm_umac_scan_complete *notif; 5245 SYNC_RESP_STRUCT(notif, pkt); 5246 5247 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 5248 "UMAC scan complete, status=0x%x\n", 5249 notif->status); 5250#if 0 /* XXX This would be a duplicate scan end call */ 5251 taskqueue_enqueue(sc->sc_tq, &sc->sc_es_task); 5252#endif 5253 break; 5254 } 5255 5256 case IWM_SCAN_ITERATION_COMPLETE_UMAC: { 5257 struct iwm_umac_scan_iter_complete_notif *notif; 5258 SYNC_RESP_STRUCT(notif, pkt); 5259 5260 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration " 5261 "complete, status=0x%x, %d channels scanned\n", 5262 notif->status, notif->scanned_channels); 5263 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5264 break; 5265 } 5266 5267 case IWM_REPLY_ERROR: { 5268 struct iwm_error_resp *resp; 5269 SYNC_RESP_STRUCT(resp, pkt); 5270 5271 device_printf(sc->sc_dev, 5272 "firmware error 0x%x, cmd 0x%x\n", 5273 le32toh(resp->error_type), 5274 resp->cmd_id); 5275 break; 5276 } 5277 5278 case IWM_TIME_EVENT_NOTIFICATION: { 5279 struct iwm_time_event_notif *notif; 5280 SYNC_RESP_STRUCT(notif, pkt); 5281 5282 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5283 "TE notif status = 0x%x action = 0x%x\n", 5284 notif->status, notif->action); 5285 break; 5286 } 5287 5288 case IWM_MCAST_FILTER_CMD: 5289 break; 5290 5291 case IWM_SCD_QUEUE_CFG: { 5292 struct iwm_scd_txq_cfg_rsp *rsp; 5293 SYNC_RESP_STRUCT(rsp, pkt); 5294 5295 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 5296 "queue cfg token=0x%x sta_id=%d " 5297 "tid=%d scd_queue=%d\n", 5298 rsp->token, rsp->sta_id, rsp->tid, 5299 rsp->scd_queue); 5300 break; 5301 } 5302 5303 default: 5304 device_printf(sc->sc_dev, 5305 "frame %d/%d %x UNHANDLED (this should " 5306 "not happen)\n", qid, idx, 5307 pkt->len_n_flags); 5308 break; 5309 } 5310 5311 /* 5312 * Why test bit 0x80? The Linux driver: 5313 * 5314 * There is one exception: uCode sets bit 15 when it 5315 * originates the response/notification, i.e. when the 5316 * response/notification is not a direct response to a 5317 * command sent by the driver. For example, uCode issues 5318 * IWM_REPLY_RX when it sends a received frame to the driver; 5319 * it is not a direct response to any driver command. 5320 * 5321 * Ok, so since when is 7 == 15? Well, the Linux driver 5322 * uses a slightly different format for pkt->hdr, and "qid" 5323 * is actually the upper byte of a two-byte field. 5324 */ 5325 if (!(pkt->hdr.qid & (1 << 7))) { 5326 iwm_cmd_done(sc, pkt); 5327 } 5328 5329 ADVANCE_RXQ(sc); 5330 } 5331 5332 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 5333 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 5334 5335 /* 5336 * Tell the firmware what we have processed. 5337 * Seems like the hardware gets upset unless we align 5338 * the write by 8?? 5339 */ 5340 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1; 5341 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7); 5342} 5343 5344static void 5345iwm_intr(void *arg) 5346{ 5347 struct iwm_softc *sc = arg; 5348 int handled = 0; 5349 int r1, r2, rv = 0; 5350 int isperiodic = 0; 5351 5352 IWM_LOCK(sc); 5353 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 5354 5355 if (sc->sc_flags & IWM_FLAG_USE_ICT) { 5356 uint32_t *ict = sc->ict_dma.vaddr; 5357 int tmp; 5358 5359 tmp = htole32(ict[sc->ict_cur]); 5360 if (!tmp) 5361 goto out_ena; 5362 5363 /* 5364 * ok, there was something. keep plowing until we have all. 5365 */ 5366 r1 = r2 = 0; 5367 while (tmp) { 5368 r1 |= tmp; 5369 ict[sc->ict_cur] = 0; 5370 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT; 5371 tmp = htole32(ict[sc->ict_cur]); 5372 } 5373 5374 /* this is where the fun begins. don't ask */ 5375 if (r1 == 0xffffffff) 5376 r1 = 0; 5377 5378 /* i am not expected to understand this */ 5379 if (r1 & 0xc0000) 5380 r1 |= 0x8000; 5381 r1 = (0xff & r1) | ((0xff00 & r1) << 16); 5382 } else { 5383 r1 = IWM_READ(sc, IWM_CSR_INT); 5384 /* "hardware gone" (where, fishing?) */ 5385 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 5386 goto out; 5387 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS); 5388 } 5389 if (r1 == 0 && r2 == 0) { 5390 goto out_ena; 5391 } 5392 5393 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask); 5394 5395 /* ignored */ 5396 handled |= (r1 & (IWM_CSR_INT_BIT_ALIVE /*| IWM_CSR_INT_BIT_SCD*/)); 5397 5398 if (r1 & IWM_CSR_INT_BIT_SW_ERR) { 5399 int i; 5400 struct ieee80211com *ic = &sc->sc_ic; 5401 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5402 5403#ifdef IWM_DEBUG 5404 iwm_nic_error(sc); 5405#endif 5406 /* Dump driver status (TX and RX rings) while we're here. */ 5407 device_printf(sc->sc_dev, "driver status:\n"); 5408 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) { 5409 struct iwm_tx_ring *ring = &sc->txq[i]; 5410 device_printf(sc->sc_dev, 5411 " tx ring %2d: qid=%-2d cur=%-3d " 5412 "queued=%-3d\n", 5413 i, ring->qid, ring->cur, ring->queued); 5414 } 5415 device_printf(sc->sc_dev, 5416 " rx ring: cur=%d\n", sc->rxq.cur); 5417 device_printf(sc->sc_dev, 5418 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state); 5419 5420 /* Don't stop the device; just do a VAP restart */ 5421 IWM_UNLOCK(sc); 5422 5423 if (vap == NULL) { 5424 printf("%s: null vap\n", __func__); 5425 return; 5426 } 5427 5428 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; " 5429 "restarting\n", __func__, vap->iv_state); 5430 5431 /* XXX TODO: turn this into a callout/taskqueue */ 5432 ieee80211_restart_all(ic); 5433 return; 5434 } 5435 5436 if (r1 & IWM_CSR_INT_BIT_HW_ERR) { 5437 handled |= IWM_CSR_INT_BIT_HW_ERR; 5438 device_printf(sc->sc_dev, "hardware error, stopping device\n"); 5439 iwm_stop(sc); 5440 rv = 1; 5441 goto out; 5442 } 5443 5444 /* firmware chunk loaded */ 5445 if (r1 & IWM_CSR_INT_BIT_FH_TX) { 5446 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK); 5447 handled |= IWM_CSR_INT_BIT_FH_TX; 5448 sc->sc_fw_chunk_done = 1; 5449 wakeup(&sc->sc_fw); 5450 } 5451 5452 if (r1 & IWM_CSR_INT_BIT_RF_KILL) { 5453 handled |= IWM_CSR_INT_BIT_RF_KILL; 5454 if (iwm_check_rfkill(sc)) { 5455 device_printf(sc->sc_dev, 5456 "%s: rfkill switch, disabling interface\n", 5457 __func__); 5458 iwm_stop(sc); 5459 } 5460 } 5461 5462 /* 5463 * The Linux driver uses periodic interrupts to avoid races. 5464 * We cargo-cult like it's going out of fashion. 5465 */ 5466 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) { 5467 handled |= IWM_CSR_INT_BIT_RX_PERIODIC; 5468 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC); 5469 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0) 5470 IWM_WRITE_1(sc, 5471 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS); 5472 isperiodic = 1; 5473 } 5474 5475 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) { 5476 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX); 5477 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK); 5478 5479 iwm_notif_intr(sc); 5480 5481 /* enable periodic interrupt, see above */ 5482 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic) 5483 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG, 5484 IWM_CSR_INT_PERIODIC_ENA); 5485 } 5486 5487 if (__predict_false(r1 & ~handled)) 5488 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5489 "%s: unhandled interrupts: %x\n", __func__, r1); 5490 rv = 1; 5491 5492 out_ena: 5493 iwm_restore_interrupts(sc); 5494 out: 5495 IWM_UNLOCK(sc); 5496 return; 5497} 5498 5499/* 5500 * Autoconf glue-sniffing 5501 */ 5502#define PCI_VENDOR_INTEL 0x8086 5503#define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3 5504#define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4 5505#define PCI_PRODUCT_INTEL_WL_3165_1 0x3165 5506#define PCI_PRODUCT_INTEL_WL_3165_2 0x3166 5507#define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1 5508#define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2 5509#define PCI_PRODUCT_INTEL_WL_7265_1 0x095a 5510#define PCI_PRODUCT_INTEL_WL_7265_2 0x095b 5511#define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3 5512#define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4 5513 5514static const struct iwm_devices { 5515 uint16_t device; 5516 const char *name; 5517} iwm_devices[] = { 5518 { PCI_PRODUCT_INTEL_WL_3160_1, "Intel Dual Band Wireless AC 3160" }, 5519 { PCI_PRODUCT_INTEL_WL_3160_2, "Intel Dual Band Wireless AC 3160" }, 5520 { PCI_PRODUCT_INTEL_WL_3165_1, "Intel Dual Band Wireless AC 3165" }, 5521 { PCI_PRODUCT_INTEL_WL_3165_2, "Intel Dual Band Wireless AC 3165" }, 5522 { PCI_PRODUCT_INTEL_WL_7260_1, "Intel Dual Band Wireless AC 7260" }, 5523 { PCI_PRODUCT_INTEL_WL_7260_2, "Intel Dual Band Wireless AC 7260" }, 5524 { PCI_PRODUCT_INTEL_WL_7265_1, "Intel Dual Band Wireless AC 7265" }, 5525 { PCI_PRODUCT_INTEL_WL_7265_2, "Intel Dual Band Wireless AC 7265" }, 5526 { PCI_PRODUCT_INTEL_WL_8260_1, "Intel Dual Band Wireless AC 8260" }, 5527 { PCI_PRODUCT_INTEL_WL_8260_2, "Intel Dual Band Wireless AC 8260" }, 5528}; 5529 5530static int 5531iwm_probe(device_t dev) 5532{ 5533 int i; 5534 5535 for (i = 0; i < nitems(iwm_devices); i++) { 5536 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL && 5537 pci_get_device(dev) == iwm_devices[i].device) { 5538 device_set_desc(dev, iwm_devices[i].name); 5539 return (BUS_PROBE_DEFAULT); 5540 } 5541 } 5542 5543 return (ENXIO); 5544} 5545 5546static int 5547iwm_dev_check(device_t dev) 5548{ 5549 struct iwm_softc *sc; 5550 5551 sc = device_get_softc(dev); 5552 5553 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV); 5554 switch (pci_get_device(dev)) { 5555 case PCI_PRODUCT_INTEL_WL_3160_1: 5556 case PCI_PRODUCT_INTEL_WL_3160_2: 5557 sc->sc_fwname = "iwm3160fw"; 5558 sc->host_interrupt_operation_mode = 1; 5559 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 5560 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5561 return (0); 5562 case PCI_PRODUCT_INTEL_WL_3165_1: 5563 case PCI_PRODUCT_INTEL_WL_3165_2: 5564 sc->sc_fwname = "iwm7265fw"; 5565 sc->host_interrupt_operation_mode = 0; 5566 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 5567 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5568 return (0); 5569 case PCI_PRODUCT_INTEL_WL_7260_1: 5570 case PCI_PRODUCT_INTEL_WL_7260_2: 5571 sc->sc_fwname = "iwm7260fw"; 5572 sc->host_interrupt_operation_mode = 1; 5573 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 5574 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5575 return (0); 5576 case PCI_PRODUCT_INTEL_WL_7265_1: 5577 case PCI_PRODUCT_INTEL_WL_7265_2: 5578 sc->sc_fwname = "iwm7265fw"; 5579 sc->host_interrupt_operation_mode = 0; 5580 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 5581 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5582 return (0); 5583 case PCI_PRODUCT_INTEL_WL_8260_1: 5584 case PCI_PRODUCT_INTEL_WL_8260_2: 5585 sc->sc_fwname = "iwm8000Cfw"; 5586 sc->host_interrupt_operation_mode = 0; 5587 sc->sc_device_family = IWM_DEVICE_FAMILY_8000; 5588 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000; 5589 return (0); 5590 default: 5591 device_printf(dev, "unknown adapter type\n"); 5592 return ENXIO; 5593 } 5594} 5595 5596/* PCI registers */ 5597#define PCI_CFG_RETRY_TIMEOUT 0x041 5598 5599static int 5600iwm_pci_attach(device_t dev) 5601{ 5602 struct iwm_softc *sc; 5603 int count, error, rid; 5604 uint16_t reg; 5605 5606 sc = device_get_softc(dev); 5607 5608 /* We disable the RETRY_TIMEOUT register (0x41) to keep 5609 * PCI Tx retries from interfering with C3 CPU state */ 5610 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 5611 5612 /* Enable bus-mastering and hardware bug workaround. */ 5613 pci_enable_busmaster(dev); 5614 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg)); 5615 /* if !MSI */ 5616 if (reg & PCIM_STATUS_INTxSTATE) { 5617 reg &= ~PCIM_STATUS_INTxSTATE; 5618 } 5619 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg)); 5620 5621 rid = PCIR_BAR(0); 5622 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 5623 RF_ACTIVE); 5624 if (sc->sc_mem == NULL) { 5625 device_printf(sc->sc_dev, "can't map mem space\n"); 5626 return (ENXIO); 5627 } 5628 sc->sc_st = rman_get_bustag(sc->sc_mem); 5629 sc->sc_sh = rman_get_bushandle(sc->sc_mem); 5630 5631 /* Install interrupt handler. */ 5632 count = 1; 5633 rid = 0; 5634 if (pci_alloc_msi(dev, &count) == 0) 5635 rid = 1; 5636 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 5637 (rid != 0 ? 0 : RF_SHAREABLE)); 5638 if (sc->sc_irq == NULL) { 5639 device_printf(dev, "can't map interrupt\n"); 5640 return (ENXIO); 5641 } 5642 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE, 5643 NULL, iwm_intr, sc, &sc->sc_ih); 5644 if (sc->sc_ih == NULL) { 5645 device_printf(dev, "can't establish interrupt"); 5646 return (ENXIO); 5647 } 5648 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev); 5649 5650 return (0); 5651} 5652 5653static void 5654iwm_pci_detach(device_t dev) 5655{ 5656 struct iwm_softc *sc = device_get_softc(dev); 5657 5658 if (sc->sc_irq != NULL) { 5659 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih); 5660 bus_release_resource(dev, SYS_RES_IRQ, 5661 rman_get_rid(sc->sc_irq), sc->sc_irq); 5662 pci_release_msi(dev); 5663 } 5664 if (sc->sc_mem != NULL) 5665 bus_release_resource(dev, SYS_RES_MEMORY, 5666 rman_get_rid(sc->sc_mem), sc->sc_mem); 5667} 5668 5669 5670 5671static int 5672iwm_attach(device_t dev) 5673{ 5674 struct iwm_softc *sc = device_get_softc(dev); 5675 struct ieee80211com *ic = &sc->sc_ic; 5676 int error; 5677 int txq_i, i; 5678 5679 sc->sc_dev = dev; 5680 IWM_LOCK_INIT(sc); 5681 mbufq_init(&sc->sc_snd, ifqmaxlen); 5682 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0); 5683 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0); 5684 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc); 5685 5686 /* PCI attach */ 5687 error = iwm_pci_attach(dev); 5688 if (error != 0) 5689 goto fail; 5690 5691 sc->sc_wantresp = -1; 5692 5693 /* Check device type */ 5694 error = iwm_dev_check(dev); 5695 if (error != 0) 5696 goto fail; 5697 5698 /* 5699 * We now start fiddling with the hardware 5700 */ 5701 /* 5702 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have 5703 * changed, and now the revision step also includes bit 0-1 (no more 5704 * "dash" value). To keep hw_rev backwards compatible - we'll store it 5705 * in the old format. 5706 */ 5707 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) 5708 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) | 5709 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2); 5710 5711 if (iwm_prepare_card_hw(sc) != 0) { 5712 device_printf(dev, "could not initialize hardware\n"); 5713 goto fail; 5714 } 5715 5716 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) { 5717 int ret; 5718 uint32_t hw_step; 5719 5720 /* 5721 * In order to recognize C step the driver should read the 5722 * chip version id located at the AUX bus MISC address. 5723 */ 5724 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, 5725 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE); 5726 DELAY(2); 5727 5728 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL, 5729 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 5730 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 5731 25000); 5732 if (ret < 0) { 5733 device_printf(sc->sc_dev, 5734 "Failed to wake up the nic\n"); 5735 goto fail; 5736 } 5737 5738 if (iwm_nic_lock(sc)) { 5739 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG); 5740 hw_step |= IWM_ENABLE_WFPM; 5741 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step); 5742 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG); 5743 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF; 5744 if (hw_step == 0x3) 5745 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) | 5746 (IWM_SILICON_C_STEP << 2); 5747 iwm_nic_unlock(sc); 5748 } else { 5749 device_printf(sc->sc_dev, "Failed to lock the nic\n"); 5750 goto fail; 5751 } 5752 } 5753 5754 /* Allocate DMA memory for firmware transfers. */ 5755 if ((error = iwm_alloc_fwmem(sc)) != 0) { 5756 device_printf(dev, "could not allocate memory for firmware\n"); 5757 goto fail; 5758 } 5759 5760 /* Allocate "Keep Warm" page. */ 5761 if ((error = iwm_alloc_kw(sc)) != 0) { 5762 device_printf(dev, "could not allocate keep warm page\n"); 5763 goto fail; 5764 } 5765 5766 /* We use ICT interrupts */ 5767 if ((error = iwm_alloc_ict(sc)) != 0) { 5768 device_printf(dev, "could not allocate ICT table\n"); 5769 goto fail; 5770 } 5771 5772 /* Allocate TX scheduler "rings". */ 5773 if ((error = iwm_alloc_sched(sc)) != 0) { 5774 device_printf(dev, "could not allocate TX scheduler rings\n"); 5775 goto fail; 5776 } 5777 5778 /* Allocate TX rings */ 5779 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) { 5780 if ((error = iwm_alloc_tx_ring(sc, 5781 &sc->txq[txq_i], txq_i)) != 0) { 5782 device_printf(dev, 5783 "could not allocate TX ring %d\n", 5784 txq_i); 5785 goto fail; 5786 } 5787 } 5788 5789 /* Allocate RX ring. */ 5790 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) { 5791 device_printf(dev, "could not allocate RX ring\n"); 5792 goto fail; 5793 } 5794 5795 /* Clear pending interrupts. */ 5796 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff); 5797 5798 ic->ic_softc = sc; 5799 ic->ic_name = device_get_nameunit(sc->sc_dev); 5800 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 5801 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 5802 5803 /* Set device capabilities. */ 5804 ic->ic_caps = 5805 IEEE80211_C_STA | 5806 IEEE80211_C_WPA | /* WPA/RSN */ 5807 IEEE80211_C_WME | 5808 IEEE80211_C_SHSLOT | /* short slot time supported */ 5809 IEEE80211_C_SHPREAMBLE /* short preamble supported */ 5810// IEEE80211_C_BGSCAN /* capable of bg scanning */ 5811 ; 5812 for (i = 0; i < nitems(sc->sc_phyctxt); i++) { 5813 sc->sc_phyctxt[i].id = i; 5814 sc->sc_phyctxt[i].color = 0; 5815 sc->sc_phyctxt[i].ref = 0; 5816 sc->sc_phyctxt[i].channel = NULL; 5817 } 5818 5819 /* Max RSSI */ 5820 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM; 5821 sc->sc_preinit_hook.ich_func = iwm_preinit; 5822 sc->sc_preinit_hook.ich_arg = sc; 5823 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) { 5824 device_printf(dev, "config_intrhook_establish failed\n"); 5825 goto fail; 5826 } 5827 5828#ifdef IWM_DEBUG 5829 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev), 5830 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug", 5831 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging"); 5832#endif 5833 5834 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 5835 "<-%s\n", __func__); 5836 5837 return 0; 5838 5839 /* Free allocated memory if something failed during attachment. */ 5840fail: 5841 iwm_detach_local(sc, 0); 5842 5843 return ENXIO; 5844} 5845 5846static int 5847iwm_is_valid_ether_addr(uint8_t *addr) 5848{ 5849 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 }; 5850 5851 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr)) 5852 return (FALSE); 5853 5854 return (TRUE); 5855} 5856 5857static int 5858iwm_update_edca(struct ieee80211com *ic) 5859{ 5860 struct iwm_softc *sc = ic->ic_softc; 5861 5862 device_printf(sc->sc_dev, "%s: called\n", __func__); 5863 return (0); 5864} 5865 5866static void 5867iwm_preinit(void *arg) 5868{ 5869 struct iwm_softc *sc = arg; 5870 device_t dev = sc->sc_dev; 5871 struct ieee80211com *ic = &sc->sc_ic; 5872 int error; 5873 5874 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 5875 "->%s\n", __func__); 5876 5877 IWM_LOCK(sc); 5878 if ((error = iwm_start_hw(sc)) != 0) { 5879 device_printf(dev, "could not initialize hardware\n"); 5880 IWM_UNLOCK(sc); 5881 goto fail; 5882 } 5883 5884 error = iwm_run_init_mvm_ucode(sc, 1); 5885 iwm_stop_device(sc); 5886 if (error) { 5887 IWM_UNLOCK(sc); 5888 goto fail; 5889 } 5890 device_printf(dev, 5891 "hw rev 0x%x, fw ver %s, address %s\n", 5892 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK, 5893 sc->sc_fwver, ether_sprintf(sc->sc_nvm.hw_addr)); 5894 5895 /* not all hardware can do 5GHz band */ 5896 if (!sc->sc_nvm.sku_cap_band_52GHz_enable) 5897 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0, 5898 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A])); 5899 IWM_UNLOCK(sc); 5900 5901 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 5902 ic->ic_channels); 5903 5904 /* 5905 * At this point we've committed - if we fail to do setup, 5906 * we now also have to tear down the net80211 state. 5907 */ 5908 ieee80211_ifattach(ic); 5909 ic->ic_vap_create = iwm_vap_create; 5910 ic->ic_vap_delete = iwm_vap_delete; 5911 ic->ic_raw_xmit = iwm_raw_xmit; 5912 ic->ic_node_alloc = iwm_node_alloc; 5913 ic->ic_scan_start = iwm_scan_start; 5914 ic->ic_scan_end = iwm_scan_end; 5915 ic->ic_update_mcast = iwm_update_mcast; 5916 ic->ic_getradiocaps = iwm_init_channel_map; 5917 ic->ic_set_channel = iwm_set_channel; 5918 ic->ic_scan_curchan = iwm_scan_curchan; 5919 ic->ic_scan_mindwell = iwm_scan_mindwell; 5920 ic->ic_wme.wme_update = iwm_update_edca; 5921 ic->ic_parent = iwm_parent; 5922 ic->ic_transmit = iwm_transmit; 5923 iwm_radiotap_attach(sc); 5924 if (bootverbose) 5925 ieee80211_announce(ic); 5926 5927 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 5928 "<-%s\n", __func__); 5929 config_intrhook_disestablish(&sc->sc_preinit_hook); 5930 5931 return; 5932fail: 5933 config_intrhook_disestablish(&sc->sc_preinit_hook); 5934 iwm_detach_local(sc, 0); 5935} 5936 5937/* 5938 * Attach the interface to 802.11 radiotap. 5939 */ 5940static void 5941iwm_radiotap_attach(struct iwm_softc *sc) 5942{ 5943 struct ieee80211com *ic = &sc->sc_ic; 5944 5945 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 5946 "->%s begin\n", __func__); 5947 ieee80211_radiotap_attach(ic, 5948 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 5949 IWM_TX_RADIOTAP_PRESENT, 5950 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 5951 IWM_RX_RADIOTAP_PRESENT); 5952 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 5953 "->%s end\n", __func__); 5954} 5955 5956static struct ieee80211vap * 5957iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 5958 enum ieee80211_opmode opmode, int flags, 5959 const uint8_t bssid[IEEE80211_ADDR_LEN], 5960 const uint8_t mac[IEEE80211_ADDR_LEN]) 5961{ 5962 struct iwm_vap *ivp; 5963 struct ieee80211vap *vap; 5964 5965 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 5966 return NULL; 5967 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO); 5968 vap = &ivp->iv_vap; 5969 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 5970 vap->iv_bmissthreshold = 10; /* override default */ 5971 /* Override with driver methods. */ 5972 ivp->iv_newstate = vap->iv_newstate; 5973 vap->iv_newstate = iwm_newstate; 5974 5975 ieee80211_ratectl_init(vap); 5976 /* Complete setup. */ 5977 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status, 5978 mac); 5979 ic->ic_opmode = opmode; 5980 5981 return vap; 5982} 5983 5984static void 5985iwm_vap_delete(struct ieee80211vap *vap) 5986{ 5987 struct iwm_vap *ivp = IWM_VAP(vap); 5988 5989 ieee80211_ratectl_deinit(vap); 5990 ieee80211_vap_detach(vap); 5991 free(ivp, M_80211_VAP); 5992} 5993 5994static void 5995iwm_scan_start(struct ieee80211com *ic) 5996{ 5997 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5998 struct iwm_softc *sc = ic->ic_softc; 5999 int error; 6000 6001 IWM_LOCK(sc); 6002 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) 6003 error = iwm_mvm_umac_scan(sc); 6004 else 6005 error = iwm_mvm_lmac_scan(sc); 6006 if (error != 0) { 6007 device_printf(sc->sc_dev, "could not initiate 2 GHz scan\n"); 6008 IWM_UNLOCK(sc); 6009 ieee80211_cancel_scan(vap); 6010 } else { 6011 iwm_led_blink_start(sc); 6012 IWM_UNLOCK(sc); 6013 } 6014} 6015 6016static void 6017iwm_scan_end(struct ieee80211com *ic) 6018{ 6019 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6020 struct iwm_softc *sc = ic->ic_softc; 6021 6022 IWM_LOCK(sc); 6023 iwm_led_blink_stop(sc); 6024 if (vap->iv_state == IEEE80211_S_RUN) 6025 iwm_mvm_led_enable(sc); 6026 IWM_UNLOCK(sc); 6027} 6028 6029static void 6030iwm_update_mcast(struct ieee80211com *ic) 6031{ 6032} 6033 6034static void 6035iwm_set_channel(struct ieee80211com *ic) 6036{ 6037} 6038 6039static void 6040iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 6041{ 6042} 6043 6044static void 6045iwm_scan_mindwell(struct ieee80211_scan_state *ss) 6046{ 6047 return; 6048} 6049 6050void 6051iwm_init_task(void *arg1) 6052{ 6053 struct iwm_softc *sc = arg1; 6054 6055 IWM_LOCK(sc); 6056 while (sc->sc_flags & IWM_FLAG_BUSY) 6057 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0); 6058 sc->sc_flags |= IWM_FLAG_BUSY; 6059 iwm_stop(sc); 6060 if (sc->sc_ic.ic_nrunning > 0) 6061 iwm_init(sc); 6062 sc->sc_flags &= ~IWM_FLAG_BUSY; 6063 wakeup(&sc->sc_flags); 6064 IWM_UNLOCK(sc); 6065} 6066 6067static int 6068iwm_resume(device_t dev) 6069{ 6070 struct iwm_softc *sc = device_get_softc(dev); 6071 int do_reinit = 0; 6072 6073 /* 6074 * We disable the RETRY_TIMEOUT register (0x41) to keep 6075 * PCI Tx retries from interfering with C3 CPU state. 6076 */ 6077 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 6078 iwm_init_task(device_get_softc(dev)); 6079 6080 IWM_LOCK(sc); 6081 if (sc->sc_flags & IWM_FLAG_SCANNING) { 6082 sc->sc_flags &= ~IWM_FLAG_SCANNING; 6083 do_reinit = 1; 6084 } 6085 IWM_UNLOCK(sc); 6086 6087 if (do_reinit) 6088 ieee80211_resume_all(&sc->sc_ic); 6089 6090 return 0; 6091} 6092 6093static int 6094iwm_suspend(device_t dev) 6095{ 6096 int do_stop = 0; 6097 struct iwm_softc *sc = device_get_softc(dev); 6098 6099 do_stop = !! (sc->sc_ic.ic_nrunning > 0); 6100 6101 ieee80211_suspend_all(&sc->sc_ic); 6102 6103 if (do_stop) { 6104 IWM_LOCK(sc); 6105 iwm_stop(sc); 6106 sc->sc_flags |= IWM_FLAG_SCANNING; 6107 IWM_UNLOCK(sc); 6108 } 6109 6110 return (0); 6111} 6112 6113static int 6114iwm_detach_local(struct iwm_softc *sc, int do_net80211) 6115{ 6116 struct iwm_fw_info *fw = &sc->sc_fw; 6117 device_t dev = sc->sc_dev; 6118 int i; 6119 6120 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task); 6121 6122 callout_drain(&sc->sc_led_blink_to); 6123 callout_drain(&sc->sc_watchdog_to); 6124 iwm_stop_device(sc); 6125 if (do_net80211) { 6126 ieee80211_ifdetach(&sc->sc_ic); 6127 } 6128 6129 iwm_phy_db_free(sc); 6130 6131 /* Free descriptor rings */ 6132 iwm_free_rx_ring(sc, &sc->rxq); 6133 for (i = 0; i < nitems(sc->txq); i++) 6134 iwm_free_tx_ring(sc, &sc->txq[i]); 6135 6136 /* Free firmware */ 6137 if (fw->fw_fp != NULL) 6138 iwm_fw_info_free(fw); 6139 6140 /* Free scheduler */ 6141 iwm_free_sched(sc); 6142 if (sc->ict_dma.vaddr != NULL) 6143 iwm_free_ict(sc); 6144 if (sc->kw_dma.vaddr != NULL) 6145 iwm_free_kw(sc); 6146 if (sc->fw_dma.vaddr != NULL) 6147 iwm_free_fwmem(sc); 6148 6149 /* Finished with the hardware - detach things */ 6150 iwm_pci_detach(dev); 6151 6152 mbufq_drain(&sc->sc_snd); 6153 IWM_LOCK_DESTROY(sc); 6154 6155 return (0); 6156} 6157 6158static int 6159iwm_detach(device_t dev) 6160{ 6161 struct iwm_softc *sc = device_get_softc(dev); 6162 6163 return (iwm_detach_local(sc, 1)); 6164} 6165 6166static device_method_t iwm_pci_methods[] = { 6167 /* Device interface */ 6168 DEVMETHOD(device_probe, iwm_probe), 6169 DEVMETHOD(device_attach, iwm_attach), 6170 DEVMETHOD(device_detach, iwm_detach), 6171 DEVMETHOD(device_suspend, iwm_suspend), 6172 DEVMETHOD(device_resume, iwm_resume), 6173 6174 DEVMETHOD_END 6175}; 6176 6177static driver_t iwm_pci_driver = { 6178 "iwm", 6179 iwm_pci_methods, 6180 sizeof (struct iwm_softc) 6181}; 6182 6183static devclass_t iwm_devclass; 6184 6185DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL); 6186MODULE_DEPEND(iwm, firmware, 1, 1, 1); 6187MODULE_DEPEND(iwm, pci, 1, 1, 1); 6188MODULE_DEPEND(iwm, wlan, 1, 1, 1); 6189