if_iwm.c revision 330164
1/* $OpenBSD: if_iwm.c,v 1.42 2015/05/30 02:49:23 deraadt Exp $ */ 2 3/* 4 * Copyright (c) 2014 genua mbh <info@genua.de> 5 * Copyright (c) 2014 Fixup Software Ltd. 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20/*- 21 * Based on BSD-licensed source modules in the Linux iwlwifi driver, 22 * which were used as the reference documentation for this implementation. 23 * 24 * Driver version we are currently based off of is 25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd) 26 * 27 *********************************************************************** 28 * 29 * This file is provided under a dual BSD/GPLv2 license. When using or 30 * redistributing this file, you may do so under either license. 31 * 32 * GPL LICENSE SUMMARY 33 * 34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved. 35 * 36 * This program is free software; you can redistribute it and/or modify 37 * it under the terms of version 2 of the GNU General Public License as 38 * published by the Free Software Foundation. 39 * 40 * This program is distributed in the hope that it will be useful, but 41 * WITHOUT ANY WARRANTY; without even the implied warranty of 42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 43 * General Public License for more details. 44 * 45 * You should have received a copy of the GNU General Public License 46 * along with this program; if not, write to the Free Software 47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 48 * USA 49 * 50 * The full GNU General Public License is included in this distribution 51 * in the file called COPYING. 52 * 53 * Contact Information: 54 * Intel Linux Wireless <ilw@linux.intel.com> 55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 56 * 57 * 58 * BSD LICENSE 59 * 60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved. 61 * All rights reserved. 62 * 63 * Redistribution and use in source and binary forms, with or without 64 * modification, are permitted provided that the following conditions 65 * are met: 66 * 67 * * Redistributions of source code must retain the above copyright 68 * notice, this list of conditions and the following disclaimer. 69 * * Redistributions in binary form must reproduce the above copyright 70 * notice, this list of conditions and the following disclaimer in 71 * the documentation and/or other materials provided with the 72 * distribution. 73 * * Neither the name Intel Corporation nor the names of its 74 * contributors may be used to endorse or promote products derived 75 * from this software without specific prior written permission. 76 * 77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 88 */ 89 90/*- 91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 92 * 93 * Permission to use, copy, modify, and distribute this software for any 94 * purpose with or without fee is hereby granted, provided that the above 95 * copyright notice and this permission notice appear in all copies. 96 * 97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 104 */ 105#include <sys/cdefs.h> 106__FBSDID("$FreeBSD: stable/11/sys/dev/iwm/if_iwm.c 330164 2018-03-01 05:40:00Z eadler $"); 107 108#include "opt_wlan.h" 109 110#include <sys/param.h> 111#include <sys/bus.h> 112#include <sys/conf.h> 113#include <sys/endian.h> 114#include <sys/firmware.h> 115#include <sys/kernel.h> 116#include <sys/malloc.h> 117#include <sys/mbuf.h> 118#include <sys/mutex.h> 119#include <sys/module.h> 120#include <sys/proc.h> 121#include <sys/rman.h> 122#include <sys/socket.h> 123#include <sys/sockio.h> 124#include <sys/sysctl.h> 125#include <sys/linker.h> 126 127#include <machine/bus.h> 128#include <machine/endian.h> 129#include <machine/resource.h> 130 131#include <dev/pci/pcivar.h> 132#include <dev/pci/pcireg.h> 133 134#include <net/bpf.h> 135 136#include <net/if.h> 137#include <net/if_var.h> 138#include <net/if_arp.h> 139#include <net/if_dl.h> 140#include <net/if_media.h> 141#include <net/if_types.h> 142 143#include <netinet/in.h> 144#include <netinet/in_systm.h> 145#include <netinet/if_ether.h> 146#include <netinet/ip.h> 147 148#include <net80211/ieee80211_var.h> 149#include <net80211/ieee80211_regdomain.h> 150#include <net80211/ieee80211_ratectl.h> 151#include <net80211/ieee80211_radiotap.h> 152 153#include <dev/iwm/if_iwmreg.h> 154#include <dev/iwm/if_iwmvar.h> 155#include <dev/iwm/if_iwm_debug.h> 156#include <dev/iwm/if_iwm_util.h> 157#include <dev/iwm/if_iwm_binding.h> 158#include <dev/iwm/if_iwm_phy_db.h> 159#include <dev/iwm/if_iwm_mac_ctxt.h> 160#include <dev/iwm/if_iwm_phy_ctxt.h> 161#include <dev/iwm/if_iwm_time_event.h> 162#include <dev/iwm/if_iwm_power.h> 163#include <dev/iwm/if_iwm_scan.h> 164 165#include <dev/iwm/if_iwm_pcie_trans.h> 166#include <dev/iwm/if_iwm_led.h> 167 168const uint8_t iwm_nvm_channels[] = { 169 /* 2.4 GHz */ 170 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 171 /* 5 GHz */ 172 36, 40, 44, 48, 52, 56, 60, 64, 173 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 174 149, 153, 157, 161, 165 175}; 176_Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS, 177 "IWM_NUM_CHANNELS is too small"); 178 179const uint8_t iwm_nvm_channels_8000[] = { 180 /* 2.4 GHz */ 181 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 182 /* 5 GHz */ 183 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 184 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 185 149, 153, 157, 161, 165, 169, 173, 177, 181 186}; 187_Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000, 188 "IWM_NUM_CHANNELS_8000 is too small"); 189 190#define IWM_NUM_2GHZ_CHANNELS 14 191#define IWM_N_HW_ADDR_MASK 0xF 192 193/* 194 * XXX For now, there's simply a fixed set of rate table entries 195 * that are populated. 196 */ 197const struct iwm_rate { 198 uint8_t rate; 199 uint8_t plcp; 200} iwm_rates[] = { 201 { 2, IWM_RATE_1M_PLCP }, 202 { 4, IWM_RATE_2M_PLCP }, 203 { 11, IWM_RATE_5M_PLCP }, 204 { 22, IWM_RATE_11M_PLCP }, 205 { 12, IWM_RATE_6M_PLCP }, 206 { 18, IWM_RATE_9M_PLCP }, 207 { 24, IWM_RATE_12M_PLCP }, 208 { 36, IWM_RATE_18M_PLCP }, 209 { 48, IWM_RATE_24M_PLCP }, 210 { 72, IWM_RATE_36M_PLCP }, 211 { 96, IWM_RATE_48M_PLCP }, 212 { 108, IWM_RATE_54M_PLCP }, 213}; 214#define IWM_RIDX_CCK 0 215#define IWM_RIDX_OFDM 4 216#define IWM_RIDX_MAX (nitems(iwm_rates)-1) 217#define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM) 218#define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM) 219 220struct iwm_nvm_section { 221 uint16_t length; 222 uint8_t *data; 223}; 224 225static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t); 226static int iwm_firmware_store_section(struct iwm_softc *, 227 enum iwm_ucode_type, 228 const uint8_t *, size_t); 229static int iwm_set_default_calib(struct iwm_softc *, const void *); 230static void iwm_fw_info_free(struct iwm_fw_info *); 231static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type); 232static void iwm_dma_map_addr(void *, bus_dma_segment_t *, int, int); 233static int iwm_dma_contig_alloc(bus_dma_tag_t, struct iwm_dma_info *, 234 bus_size_t, bus_size_t); 235static void iwm_dma_contig_free(struct iwm_dma_info *); 236static int iwm_alloc_fwmem(struct iwm_softc *); 237static int iwm_alloc_sched(struct iwm_softc *); 238static int iwm_alloc_kw(struct iwm_softc *); 239static int iwm_alloc_ict(struct iwm_softc *); 240static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 241static void iwm_disable_rx_dma(struct iwm_softc *); 242static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 243static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 244static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *, 245 int); 246static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 247static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 248static void iwm_enable_interrupts(struct iwm_softc *); 249static void iwm_restore_interrupts(struct iwm_softc *); 250static void iwm_disable_interrupts(struct iwm_softc *); 251static void iwm_ict_reset(struct iwm_softc *); 252static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *); 253static void iwm_stop_device(struct iwm_softc *); 254static void iwm_mvm_nic_config(struct iwm_softc *); 255static int iwm_nic_rx_init(struct iwm_softc *); 256static int iwm_nic_tx_init(struct iwm_softc *); 257static int iwm_nic_init(struct iwm_softc *); 258static int iwm_enable_txq(struct iwm_softc *, int, int, int); 259static int iwm_post_alive(struct iwm_softc *); 260static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t, 261 uint16_t, uint8_t *, uint16_t *); 262static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *, 263 uint16_t *, size_t); 264static uint32_t iwm_eeprom_channel_flags(uint16_t); 265static void iwm_add_channel_band(struct iwm_softc *, 266 struct ieee80211_channel[], int, int *, int, size_t, 267 const uint8_t[]); 268static void iwm_init_channel_map(struct ieee80211com *, int, int *, 269 struct ieee80211_channel[]); 270static int iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *, 271 const uint16_t *, const uint16_t *, 272 const uint16_t *, const uint16_t *, 273 const uint16_t *); 274static void iwm_set_hw_address_8000(struct iwm_softc *, 275 struct iwm_nvm_data *, 276 const uint16_t *, const uint16_t *); 277static int iwm_get_sku(const struct iwm_softc *, const uint16_t *, 278 const uint16_t *); 279static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *); 280static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *, 281 const uint16_t *); 282static int iwm_get_n_hw_addrs(const struct iwm_softc *, 283 const uint16_t *); 284static void iwm_set_radio_cfg(const struct iwm_softc *, 285 struct iwm_nvm_data *, uint32_t); 286static int iwm_parse_nvm_sections(struct iwm_softc *, 287 struct iwm_nvm_section *); 288static int iwm_nvm_init(struct iwm_softc *); 289static int iwm_firmware_load_sect(struct iwm_softc *, uint32_t, 290 const uint8_t *, uint32_t); 291static int iwm_firmware_load_chunk(struct iwm_softc *, uint32_t, 292 const uint8_t *, uint32_t); 293static int iwm_load_firmware_7000(struct iwm_softc *, enum iwm_ucode_type); 294static int iwm_load_cpu_sections_8000(struct iwm_softc *, 295 struct iwm_fw_sects *, int , int *); 296static int iwm_load_firmware_8000(struct iwm_softc *, enum iwm_ucode_type); 297static int iwm_load_firmware(struct iwm_softc *, enum iwm_ucode_type); 298static int iwm_start_fw(struct iwm_softc *, enum iwm_ucode_type); 299static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t); 300static int iwm_send_phy_cfg_cmd(struct iwm_softc *); 301static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *, 302 enum iwm_ucode_type); 303static int iwm_run_init_mvm_ucode(struct iwm_softc *, int); 304static int iwm_rx_addbuf(struct iwm_softc *, int, int); 305static int iwm_mvm_calc_rssi(struct iwm_softc *, struct iwm_rx_phy_info *); 306static int iwm_mvm_get_signal_strength(struct iwm_softc *, 307 struct iwm_rx_phy_info *); 308static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *, 309 struct iwm_rx_packet *, 310 struct iwm_rx_data *); 311static int iwm_get_noise(struct iwm_softc *sc, 312 const struct iwm_mvm_statistics_rx_non_phy *); 313static void iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct iwm_rx_packet *, 314 struct iwm_rx_data *); 315static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *, 316 struct iwm_rx_packet *, 317 struct iwm_node *); 318static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *, 319 struct iwm_rx_data *); 320static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *); 321#if 0 322static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t, 323 uint16_t); 324#endif 325static const struct iwm_rate * 326 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *, 327 struct mbuf *, struct iwm_tx_cmd *); 328static int iwm_tx(struct iwm_softc *, struct mbuf *, 329 struct ieee80211_node *, int); 330static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *, 331 const struct ieee80211_bpf_params *); 332static int iwm_mvm_flush_tx_path(struct iwm_softc *sc, 333 uint32_t tfd_msk, uint32_t flags); 334static int iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *, 335 struct iwm_mvm_add_sta_cmd_v7 *, 336 int *); 337static int iwm_mvm_sta_send_to_fw(struct iwm_softc *, struct iwm_node *, 338 int); 339static int iwm_mvm_add_sta(struct iwm_softc *, struct iwm_node *); 340static int iwm_mvm_update_sta(struct iwm_softc *, struct iwm_node *); 341static int iwm_mvm_add_int_sta_common(struct iwm_softc *, 342 struct iwm_int_sta *, 343 const uint8_t *, uint16_t, uint16_t); 344static int iwm_mvm_add_aux_sta(struct iwm_softc *); 345static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_node *); 346static int iwm_auth(struct ieee80211vap *, struct iwm_softc *); 347static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *); 348static int iwm_release(struct iwm_softc *, struct iwm_node *); 349static struct ieee80211_node * 350 iwm_node_alloc(struct ieee80211vap *, 351 const uint8_t[IEEE80211_ADDR_LEN]); 352static void iwm_setrates(struct iwm_softc *, struct iwm_node *); 353static int iwm_media_change(struct ifnet *); 354static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int); 355static void iwm_endscan_cb(void *, int); 356static void iwm_mvm_fill_sf_command(struct iwm_softc *, 357 struct iwm_sf_cfg_cmd *, 358 struct ieee80211_node *); 359static int iwm_mvm_sf_config(struct iwm_softc *, enum iwm_sf_state); 360static int iwm_send_bt_init_conf(struct iwm_softc *); 361static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *); 362static void iwm_mvm_tt_tx_backoff(struct iwm_softc *, uint32_t); 363static int iwm_init_hw(struct iwm_softc *); 364static void iwm_init(struct iwm_softc *); 365static void iwm_start(struct iwm_softc *); 366static void iwm_stop(struct iwm_softc *); 367static void iwm_watchdog(void *); 368static void iwm_parent(struct ieee80211com *); 369#ifdef IWM_DEBUG 370static const char * 371 iwm_desc_lookup(uint32_t); 372static void iwm_nic_error(struct iwm_softc *); 373static void iwm_nic_umac_error(struct iwm_softc *); 374#endif 375static void iwm_notif_intr(struct iwm_softc *); 376static void iwm_intr(void *); 377static int iwm_attach(device_t); 378static int iwm_is_valid_ether_addr(uint8_t *); 379static void iwm_preinit(void *); 380static int iwm_detach_local(struct iwm_softc *sc, int); 381static void iwm_init_task(void *); 382static void iwm_radiotap_attach(struct iwm_softc *); 383static struct ieee80211vap * 384 iwm_vap_create(struct ieee80211com *, 385 const char [IFNAMSIZ], int, 386 enum ieee80211_opmode, int, 387 const uint8_t [IEEE80211_ADDR_LEN], 388 const uint8_t [IEEE80211_ADDR_LEN]); 389static void iwm_vap_delete(struct ieee80211vap *); 390static void iwm_scan_start(struct ieee80211com *); 391static void iwm_scan_end(struct ieee80211com *); 392static void iwm_update_mcast(struct ieee80211com *); 393static void iwm_set_channel(struct ieee80211com *); 394static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long); 395static void iwm_scan_mindwell(struct ieee80211_scan_state *); 396static int iwm_detach(device_t); 397 398/* 399 * Firmware parser. 400 */ 401 402static int 403iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen) 404{ 405 const struct iwm_fw_cscheme_list *l = (const void *)data; 406 407 if (dlen < sizeof(*l) || 408 dlen < sizeof(l->size) + l->size * sizeof(*l->cs)) 409 return EINVAL; 410 411 /* we don't actually store anything for now, always use s/w crypto */ 412 413 return 0; 414} 415 416static int 417iwm_firmware_store_section(struct iwm_softc *sc, 418 enum iwm_ucode_type type, const uint8_t *data, size_t dlen) 419{ 420 struct iwm_fw_sects *fws; 421 struct iwm_fw_onesect *fwone; 422 423 if (type >= IWM_UCODE_TYPE_MAX) 424 return EINVAL; 425 if (dlen < sizeof(uint32_t)) 426 return EINVAL; 427 428 fws = &sc->sc_fw.fw_sects[type]; 429 if (fws->fw_count >= IWM_UCODE_SECT_MAX) 430 return EINVAL; 431 432 fwone = &fws->fw_sect[fws->fw_count]; 433 434 /* first 32bit are device load offset */ 435 memcpy(&fwone->fws_devoff, data, sizeof(uint32_t)); 436 437 /* rest is data */ 438 fwone->fws_data = data + sizeof(uint32_t); 439 fwone->fws_len = dlen - sizeof(uint32_t); 440 441 fws->fw_count++; 442 443 return 0; 444} 445 446#define IWM_DEFAULT_SCAN_CHANNELS 40 447 448/* iwlwifi: iwl-drv.c */ 449struct iwm_tlv_calib_data { 450 uint32_t ucode_type; 451 struct iwm_tlv_calib_ctrl calib; 452} __packed; 453 454static int 455iwm_set_default_calib(struct iwm_softc *sc, const void *data) 456{ 457 const struct iwm_tlv_calib_data *def_calib = data; 458 uint32_t ucode_type = le32toh(def_calib->ucode_type); 459 460 if (ucode_type >= IWM_UCODE_TYPE_MAX) { 461 device_printf(sc->sc_dev, 462 "Wrong ucode_type %u for default " 463 "calibration.\n", ucode_type); 464 return EINVAL; 465 } 466 467 sc->sc_default_calib[ucode_type].flow_trigger = 468 def_calib->calib.flow_trigger; 469 sc->sc_default_calib[ucode_type].event_trigger = 470 def_calib->calib.event_trigger; 471 472 return 0; 473} 474 475static void 476iwm_fw_info_free(struct iwm_fw_info *fw) 477{ 478 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD); 479 fw->fw_fp = NULL; 480 /* don't touch fw->fw_status */ 481 memset(fw->fw_sects, 0, sizeof(fw->fw_sects)); 482} 483 484static int 485iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 486{ 487 struct iwm_fw_info *fw = &sc->sc_fw; 488 const struct iwm_tlv_ucode_header *uhdr; 489 struct iwm_ucode_tlv tlv; 490 enum iwm_ucode_tlv_type tlv_type; 491 const struct firmware *fwp; 492 const uint8_t *data; 493 int error = 0; 494 size_t len; 495 496 if (fw->fw_status == IWM_FW_STATUS_DONE && 497 ucode_type != IWM_UCODE_TYPE_INIT) 498 return 0; 499 500 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS) 501 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0); 502 fw->fw_status = IWM_FW_STATUS_INPROGRESS; 503 504 if (fw->fw_fp != NULL) 505 iwm_fw_info_free(fw); 506 507 /* 508 * Load firmware into driver memory. 509 * fw_fp will be set. 510 */ 511 IWM_UNLOCK(sc); 512 fwp = firmware_get(sc->sc_fwname); 513 IWM_LOCK(sc); 514 if (fwp == NULL) { 515 device_printf(sc->sc_dev, 516 "could not read firmware %s (error %d)\n", 517 sc->sc_fwname, error); 518 goto out; 519 } 520 fw->fw_fp = fwp; 521 522 /* (Re-)Initialize default values. */ 523 sc->sc_capaflags = 0; 524 sc->sc_capa_n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS; 525 memset(sc->sc_enabled_capa, 0, sizeof(sc->sc_enabled_capa)); 526 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc)); 527 528 /* 529 * Parse firmware contents 530 */ 531 532 uhdr = (const void *)fw->fw_fp->data; 533 if (*(const uint32_t *)fw->fw_fp->data != 0 534 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) { 535 device_printf(sc->sc_dev, "invalid firmware %s\n", 536 sc->sc_fwname); 537 error = EINVAL; 538 goto out; 539 } 540 541 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%d.%d (API ver %d)", 542 IWM_UCODE_MAJOR(le32toh(uhdr->ver)), 543 IWM_UCODE_MINOR(le32toh(uhdr->ver)), 544 IWM_UCODE_API(le32toh(uhdr->ver))); 545 data = uhdr->data; 546 len = fw->fw_fp->datasize - sizeof(*uhdr); 547 548 while (len >= sizeof(tlv)) { 549 size_t tlv_len; 550 const void *tlv_data; 551 552 memcpy(&tlv, data, sizeof(tlv)); 553 tlv_len = le32toh(tlv.length); 554 tlv_type = le32toh(tlv.type); 555 556 len -= sizeof(tlv); 557 data += sizeof(tlv); 558 tlv_data = data; 559 560 if (len < tlv_len) { 561 device_printf(sc->sc_dev, 562 "firmware too short: %zu bytes\n", 563 len); 564 error = EINVAL; 565 goto parse_out; 566 } 567 568 switch ((int)tlv_type) { 569 case IWM_UCODE_TLV_PROBE_MAX_LEN: 570 if (tlv_len < sizeof(uint32_t)) { 571 device_printf(sc->sc_dev, 572 "%s: PROBE_MAX_LEN (%d) < sizeof(uint32_t)\n", 573 __func__, 574 (int) tlv_len); 575 error = EINVAL; 576 goto parse_out; 577 } 578 sc->sc_capa_max_probe_len 579 = le32toh(*(const uint32_t *)tlv_data); 580 /* limit it to something sensible */ 581 if (sc->sc_capa_max_probe_len > 582 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) { 583 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 584 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN " 585 "ridiculous\n", __func__); 586 error = EINVAL; 587 goto parse_out; 588 } 589 break; 590 case IWM_UCODE_TLV_PAN: 591 if (tlv_len) { 592 device_printf(sc->sc_dev, 593 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n", 594 __func__, 595 (int) tlv_len); 596 error = EINVAL; 597 goto parse_out; 598 } 599 sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN; 600 break; 601 case IWM_UCODE_TLV_FLAGS: 602 if (tlv_len < sizeof(uint32_t)) { 603 device_printf(sc->sc_dev, 604 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n", 605 __func__, 606 (int) tlv_len); 607 error = EINVAL; 608 goto parse_out; 609 } 610 /* 611 * Apparently there can be many flags, but Linux driver 612 * parses only the first one, and so do we. 613 * 614 * XXX: why does this override IWM_UCODE_TLV_PAN? 615 * Intentional or a bug? Observations from 616 * current firmware file: 617 * 1) TLV_PAN is parsed first 618 * 2) TLV_FLAGS contains TLV_FLAGS_PAN 619 * ==> this resets TLV_PAN to itself... hnnnk 620 */ 621 sc->sc_capaflags = le32toh(*(const uint32_t *)tlv_data); 622 break; 623 case IWM_UCODE_TLV_CSCHEME: 624 if ((error = iwm_store_cscheme(sc, 625 tlv_data, tlv_len)) != 0) { 626 device_printf(sc->sc_dev, 627 "%s: iwm_store_cscheme(): returned %d\n", 628 __func__, 629 error); 630 goto parse_out; 631 } 632 break; 633 case IWM_UCODE_TLV_NUM_OF_CPU: { 634 uint32_t num_cpu; 635 if (tlv_len != sizeof(uint32_t)) { 636 device_printf(sc->sc_dev, 637 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) < sizeof(uint32_t)\n", 638 __func__, 639 (int) tlv_len); 640 error = EINVAL; 641 goto parse_out; 642 } 643 num_cpu = le32toh(*(const uint32_t *)tlv_data); 644 if (num_cpu < 1 || num_cpu > 2) { 645 device_printf(sc->sc_dev, 646 "%s: Driver supports only 1 or 2 CPUs\n", 647 __func__); 648 error = EINVAL; 649 goto parse_out; 650 } 651 break; 652 } 653 case IWM_UCODE_TLV_SEC_RT: 654 if ((error = iwm_firmware_store_section(sc, 655 IWM_UCODE_TYPE_REGULAR, tlv_data, tlv_len)) != 0) { 656 device_printf(sc->sc_dev, 657 "%s: IWM_UCODE_TYPE_REGULAR: iwm_firmware_store_section() failed; %d\n", 658 __func__, 659 error); 660 goto parse_out; 661 } 662 break; 663 case IWM_UCODE_TLV_SEC_INIT: 664 if ((error = iwm_firmware_store_section(sc, 665 IWM_UCODE_TYPE_INIT, tlv_data, tlv_len)) != 0) { 666 device_printf(sc->sc_dev, 667 "%s: IWM_UCODE_TYPE_INIT: iwm_firmware_store_section() failed; %d\n", 668 __func__, 669 error); 670 goto parse_out; 671 } 672 break; 673 case IWM_UCODE_TLV_SEC_WOWLAN: 674 if ((error = iwm_firmware_store_section(sc, 675 IWM_UCODE_TYPE_WOW, tlv_data, tlv_len)) != 0) { 676 device_printf(sc->sc_dev, 677 "%s: IWM_UCODE_TYPE_WOW: iwm_firmware_store_section() failed; %d\n", 678 __func__, 679 error); 680 goto parse_out; 681 } 682 break; 683 case IWM_UCODE_TLV_DEF_CALIB: 684 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) { 685 device_printf(sc->sc_dev, 686 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n", 687 __func__, 688 (int) tlv_len, 689 (int) sizeof(struct iwm_tlv_calib_data)); 690 error = EINVAL; 691 goto parse_out; 692 } 693 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) { 694 device_printf(sc->sc_dev, 695 "%s: iwm_set_default_calib() failed: %d\n", 696 __func__, 697 error); 698 goto parse_out; 699 } 700 break; 701 case IWM_UCODE_TLV_PHY_SKU: 702 if (tlv_len != sizeof(uint32_t)) { 703 error = EINVAL; 704 device_printf(sc->sc_dev, 705 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n", 706 __func__, 707 (int) tlv_len); 708 goto parse_out; 709 } 710 sc->sc_fw_phy_config = 711 le32toh(*(const uint32_t *)tlv_data); 712 break; 713 714 case IWM_UCODE_TLV_API_CHANGES_SET: { 715 const struct iwm_ucode_api *api; 716 if (tlv_len != sizeof(*api)) { 717 error = EINVAL; 718 goto parse_out; 719 } 720 api = (const struct iwm_ucode_api *)tlv_data; 721 /* Flags may exceed 32 bits in future firmware. */ 722 if (le32toh(api->api_index) > 0) { 723 device_printf(sc->sc_dev, 724 "unsupported API index %d\n", 725 le32toh(api->api_index)); 726 goto parse_out; 727 } 728 sc->sc_ucode_api = le32toh(api->api_flags); 729 break; 730 } 731 732 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: { 733 const struct iwm_ucode_capa *capa; 734 int idx, i; 735 if (tlv_len != sizeof(*capa)) { 736 error = EINVAL; 737 goto parse_out; 738 } 739 capa = (const struct iwm_ucode_capa *)tlv_data; 740 idx = le32toh(capa->api_index); 741 if (idx >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) { 742 device_printf(sc->sc_dev, 743 "unsupported API index %d\n", idx); 744 goto parse_out; 745 } 746 for (i = 0; i < 32; i++) { 747 if ((le32toh(capa->api_capa) & (1U << i)) == 0) 748 continue; 749 setbit(sc->sc_enabled_capa, i + (32 * idx)); 750 } 751 break; 752 } 753 754 case 48: /* undocumented TLV */ 755 case IWM_UCODE_TLV_SDIO_ADMA_ADDR: 756 case IWM_UCODE_TLV_FW_GSCAN_CAPA: 757 /* ignore, not used by current driver */ 758 break; 759 760 case IWM_UCODE_TLV_SEC_RT_USNIFFER: 761 if ((error = iwm_firmware_store_section(sc, 762 IWM_UCODE_TYPE_REGULAR_USNIFFER, tlv_data, 763 tlv_len)) != 0) 764 goto parse_out; 765 break; 766 767 case IWM_UCODE_TLV_N_SCAN_CHANNELS: 768 if (tlv_len != sizeof(uint32_t)) { 769 error = EINVAL; 770 goto parse_out; 771 } 772 sc->sc_capa_n_scan_channels = 773 le32toh(*(const uint32_t *)tlv_data); 774 break; 775 776 case IWM_UCODE_TLV_FW_VERSION: 777 if (tlv_len != sizeof(uint32_t) * 3) { 778 error = EINVAL; 779 goto parse_out; 780 } 781 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), 782 "%d.%d.%d", 783 le32toh(((const uint32_t *)tlv_data)[0]), 784 le32toh(((const uint32_t *)tlv_data)[1]), 785 le32toh(((const uint32_t *)tlv_data)[2])); 786 break; 787 788 default: 789 device_printf(sc->sc_dev, 790 "%s: unknown firmware section %d, abort\n", 791 __func__, tlv_type); 792 error = EINVAL; 793 goto parse_out; 794 } 795 796 len -= roundup(tlv_len, 4); 797 data += roundup(tlv_len, 4); 798 } 799 800 KASSERT(error == 0, ("unhandled error")); 801 802 parse_out: 803 if (error) { 804 device_printf(sc->sc_dev, "firmware parse error %d, " 805 "section type %d\n", error, tlv_type); 806 } 807 808 if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_PM_CMD_SUPPORT)) { 809 device_printf(sc->sc_dev, 810 "device uses unsupported power ops\n"); 811 error = ENOTSUP; 812 } 813 814 out: 815 if (error) { 816 fw->fw_status = IWM_FW_STATUS_NONE; 817 if (fw->fw_fp != NULL) 818 iwm_fw_info_free(fw); 819 } else 820 fw->fw_status = IWM_FW_STATUS_DONE; 821 wakeup(&sc->sc_fw); 822 823 return error; 824} 825 826/* 827 * DMA resource routines 828 */ 829 830static void 831iwm_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 832{ 833 if (error != 0) 834 return; 835 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 836 *(bus_addr_t *)arg = segs[0].ds_addr; 837} 838 839static int 840iwm_dma_contig_alloc(bus_dma_tag_t tag, struct iwm_dma_info *dma, 841 bus_size_t size, bus_size_t alignment) 842{ 843 int error; 844 845 dma->tag = NULL; 846 dma->map = NULL; 847 dma->size = size; 848 dma->vaddr = NULL; 849 850 error = bus_dma_tag_create(tag, alignment, 851 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 852 1, size, 0, NULL, NULL, &dma->tag); 853 if (error != 0) 854 goto fail; 855 856 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 857 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 858 if (error != 0) 859 goto fail; 860 861 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 862 iwm_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 863 if (error != 0) { 864 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 865 dma->vaddr = NULL; 866 goto fail; 867 } 868 869 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 870 871 return 0; 872 873fail: 874 iwm_dma_contig_free(dma); 875 876 return error; 877} 878 879static void 880iwm_dma_contig_free(struct iwm_dma_info *dma) 881{ 882 if (dma->vaddr != NULL) { 883 bus_dmamap_sync(dma->tag, dma->map, 884 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 885 bus_dmamap_unload(dma->tag, dma->map); 886 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 887 dma->vaddr = NULL; 888 } 889 if (dma->tag != NULL) { 890 bus_dma_tag_destroy(dma->tag); 891 dma->tag = NULL; 892 } 893} 894 895/* fwmem is used to load firmware onto the card */ 896static int 897iwm_alloc_fwmem(struct iwm_softc *sc) 898{ 899 /* Must be aligned on a 16-byte boundary. */ 900 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, 901 sc->sc_fwdmasegsz, 16); 902} 903 904/* tx scheduler rings. not used? */ 905static int 906iwm_alloc_sched(struct iwm_softc *sc) 907{ 908 /* TX scheduler rings must be aligned on a 1KB boundary. */ 909 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma, 910 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024); 911} 912 913/* keep-warm page is used internally by the card. see iwl-fh.h for more info */ 914static int 915iwm_alloc_kw(struct iwm_softc *sc) 916{ 917 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096); 918} 919 920/* interrupt cause table */ 921static int 922iwm_alloc_ict(struct iwm_softc *sc) 923{ 924 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, 925 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT); 926} 927 928static int 929iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 930{ 931 bus_size_t size; 932 int i, error; 933 934 ring->cur = 0; 935 936 /* Allocate RX descriptors (256-byte aligned). */ 937 size = IWM_RX_RING_COUNT * sizeof(uint32_t); 938 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 939 if (error != 0) { 940 device_printf(sc->sc_dev, 941 "could not allocate RX ring DMA memory\n"); 942 goto fail; 943 } 944 ring->desc = ring->desc_dma.vaddr; 945 946 /* Allocate RX status area (16-byte aligned). */ 947 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma, 948 sizeof(*ring->stat), 16); 949 if (error != 0) { 950 device_printf(sc->sc_dev, 951 "could not allocate RX status DMA memory\n"); 952 goto fail; 953 } 954 ring->stat = ring->stat_dma.vaddr; 955 956 /* Create RX buffer DMA tag. */ 957 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 958 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 959 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat); 960 if (error != 0) { 961 device_printf(sc->sc_dev, 962 "%s: could not create RX buf DMA tag, error %d\n", 963 __func__, error); 964 goto fail; 965 } 966 967 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */ 968 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map); 969 if (error != 0) { 970 device_printf(sc->sc_dev, 971 "%s: could not create RX buf DMA map, error %d\n", 972 __func__, error); 973 goto fail; 974 } 975 /* 976 * Allocate and map RX buffers. 977 */ 978 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 979 struct iwm_rx_data *data = &ring->data[i]; 980 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 981 if (error != 0) { 982 device_printf(sc->sc_dev, 983 "%s: could not create RX buf DMA map, error %d\n", 984 __func__, error); 985 goto fail; 986 } 987 data->m = NULL; 988 989 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) { 990 goto fail; 991 } 992 } 993 return 0; 994 995fail: iwm_free_rx_ring(sc, ring); 996 return error; 997} 998 999static void 1000iwm_disable_rx_dma(struct iwm_softc *sc) 1001{ 1002 /* XXX conditional nic locks are stupid */ 1003 /* XXX print out if we can't lock the NIC? */ 1004 if (iwm_nic_lock(sc)) { 1005 /* XXX handle if RX stop doesn't finish? */ 1006 (void) iwm_pcie_rx_stop(sc); 1007 iwm_nic_unlock(sc); 1008 } 1009} 1010 1011static void 1012iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1013{ 1014 /* Reset the ring state */ 1015 ring->cur = 0; 1016 1017 /* 1018 * The hw rx ring index in shared memory must also be cleared, 1019 * otherwise the discrepancy can cause reprocessing chaos. 1020 */ 1021 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1022} 1023 1024static void 1025iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1026{ 1027 int i; 1028 1029 iwm_dma_contig_free(&ring->desc_dma); 1030 iwm_dma_contig_free(&ring->stat_dma); 1031 1032 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 1033 struct iwm_rx_data *data = &ring->data[i]; 1034 1035 if (data->m != NULL) { 1036 bus_dmamap_sync(ring->data_dmat, data->map, 1037 BUS_DMASYNC_POSTREAD); 1038 bus_dmamap_unload(ring->data_dmat, data->map); 1039 m_freem(data->m); 1040 data->m = NULL; 1041 } 1042 if (data->map != NULL) { 1043 bus_dmamap_destroy(ring->data_dmat, data->map); 1044 data->map = NULL; 1045 } 1046 } 1047 if (ring->spare_map != NULL) { 1048 bus_dmamap_destroy(ring->data_dmat, ring->spare_map); 1049 ring->spare_map = NULL; 1050 } 1051 if (ring->data_dmat != NULL) { 1052 bus_dma_tag_destroy(ring->data_dmat); 1053 ring->data_dmat = NULL; 1054 } 1055} 1056 1057static int 1058iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid) 1059{ 1060 bus_addr_t paddr; 1061 bus_size_t size; 1062 size_t maxsize; 1063 int nsegments; 1064 int i, error; 1065 1066 ring->qid = qid; 1067 ring->queued = 0; 1068 ring->cur = 0; 1069 1070 /* Allocate TX descriptors (256-byte aligned). */ 1071 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd); 1072 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 1073 if (error != 0) { 1074 device_printf(sc->sc_dev, 1075 "could not allocate TX ring DMA memory\n"); 1076 goto fail; 1077 } 1078 ring->desc = ring->desc_dma.vaddr; 1079 1080 /* 1081 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need 1082 * to allocate commands space for other rings. 1083 */ 1084 if (qid > IWM_MVM_CMD_QUEUE) 1085 return 0; 1086 1087 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd); 1088 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4); 1089 if (error != 0) { 1090 device_printf(sc->sc_dev, 1091 "could not allocate TX cmd DMA memory\n"); 1092 goto fail; 1093 } 1094 ring->cmd = ring->cmd_dma.vaddr; 1095 1096 /* FW commands may require more mapped space than packets. */ 1097 if (qid == IWM_MVM_CMD_QUEUE) { 1098 maxsize = IWM_RBUF_SIZE; 1099 nsegments = 1; 1100 } else { 1101 maxsize = MCLBYTES; 1102 nsegments = IWM_MAX_SCATTER - 2; 1103 } 1104 1105 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 1106 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize, 1107 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat); 1108 if (error != 0) { 1109 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n"); 1110 goto fail; 1111 } 1112 1113 paddr = ring->cmd_dma.paddr; 1114 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1115 struct iwm_tx_data *data = &ring->data[i]; 1116 1117 data->cmd_paddr = paddr; 1118 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header) 1119 + offsetof(struct iwm_tx_cmd, scratch); 1120 paddr += sizeof(struct iwm_device_cmd); 1121 1122 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1123 if (error != 0) { 1124 device_printf(sc->sc_dev, 1125 "could not create TX buf DMA map\n"); 1126 goto fail; 1127 } 1128 } 1129 KASSERT(paddr == ring->cmd_dma.paddr + size, 1130 ("invalid physical address")); 1131 return 0; 1132 1133fail: iwm_free_tx_ring(sc, ring); 1134 return error; 1135} 1136 1137static void 1138iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1139{ 1140 int i; 1141 1142 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1143 struct iwm_tx_data *data = &ring->data[i]; 1144 1145 if (data->m != NULL) { 1146 bus_dmamap_sync(ring->data_dmat, data->map, 1147 BUS_DMASYNC_POSTWRITE); 1148 bus_dmamap_unload(ring->data_dmat, data->map); 1149 m_freem(data->m); 1150 data->m = NULL; 1151 } 1152 } 1153 /* Clear TX descriptors. */ 1154 memset(ring->desc, 0, ring->desc_dma.size); 1155 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1156 BUS_DMASYNC_PREWRITE); 1157 sc->qfullmsk &= ~(1 << ring->qid); 1158 ring->queued = 0; 1159 ring->cur = 0; 1160} 1161 1162static void 1163iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1164{ 1165 int i; 1166 1167 iwm_dma_contig_free(&ring->desc_dma); 1168 iwm_dma_contig_free(&ring->cmd_dma); 1169 1170 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1171 struct iwm_tx_data *data = &ring->data[i]; 1172 1173 if (data->m != NULL) { 1174 bus_dmamap_sync(ring->data_dmat, data->map, 1175 BUS_DMASYNC_POSTWRITE); 1176 bus_dmamap_unload(ring->data_dmat, data->map); 1177 m_freem(data->m); 1178 data->m = NULL; 1179 } 1180 if (data->map != NULL) { 1181 bus_dmamap_destroy(ring->data_dmat, data->map); 1182 data->map = NULL; 1183 } 1184 } 1185 if (ring->data_dmat != NULL) { 1186 bus_dma_tag_destroy(ring->data_dmat); 1187 ring->data_dmat = NULL; 1188 } 1189} 1190 1191/* 1192 * High-level hardware frobbing routines 1193 */ 1194 1195static void 1196iwm_enable_interrupts(struct iwm_softc *sc) 1197{ 1198 sc->sc_intmask = IWM_CSR_INI_SET_MASK; 1199 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1200} 1201 1202static void 1203iwm_restore_interrupts(struct iwm_softc *sc) 1204{ 1205 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1206} 1207 1208static void 1209iwm_disable_interrupts(struct iwm_softc *sc) 1210{ 1211 /* disable interrupts */ 1212 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 1213 1214 /* acknowledge all interrupts */ 1215 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1216 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0); 1217} 1218 1219static void 1220iwm_ict_reset(struct iwm_softc *sc) 1221{ 1222 iwm_disable_interrupts(sc); 1223 1224 /* Reset ICT table. */ 1225 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE); 1226 sc->ict_cur = 0; 1227 1228 /* Set physical address of ICT table (4KB aligned). */ 1229 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG, 1230 IWM_CSR_DRAM_INT_TBL_ENABLE 1231 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER 1232 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK 1233 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT); 1234 1235 /* Switch to ICT interrupt mode in driver. */ 1236 sc->sc_flags |= IWM_FLAG_USE_ICT; 1237 1238 /* Re-enable interrupts. */ 1239 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1240 iwm_enable_interrupts(sc); 1241} 1242 1243/* iwlwifi pcie/trans.c */ 1244 1245/* 1246 * Since this .. hard-resets things, it's time to actually 1247 * mark the first vap (if any) as having no mac context. 1248 * It's annoying, but since the driver is potentially being 1249 * stop/start'ed whilst active (thanks openbsd port!) we 1250 * have to correctly track this. 1251 */ 1252static void 1253iwm_stop_device(struct iwm_softc *sc) 1254{ 1255 struct ieee80211com *ic = &sc->sc_ic; 1256 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1257 int chnl, qid; 1258 uint32_t mask = 0; 1259 1260 /* tell the device to stop sending interrupts */ 1261 iwm_disable_interrupts(sc); 1262 1263 /* 1264 * FreeBSD-local: mark the first vap as not-uploaded, 1265 * so the next transition through auth/assoc 1266 * will correctly populate the MAC context. 1267 */ 1268 if (vap) { 1269 struct iwm_vap *iv = IWM_VAP(vap); 1270 iv->is_uploaded = 0; 1271 } 1272 1273 /* device going down, Stop using ICT table */ 1274 sc->sc_flags &= ~IWM_FLAG_USE_ICT; 1275 1276 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */ 1277 1278 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1279 1280 if (iwm_nic_lock(sc)) { 1281 /* Stop each Tx DMA channel */ 1282 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1283 IWM_WRITE(sc, 1284 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0); 1285 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl); 1286 } 1287 1288 /* Wait for DMA channels to be idle */ 1289 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask, 1290 5000)) { 1291 device_printf(sc->sc_dev, 1292 "Failing on timeout while stopping DMA channel: [0x%08x]\n", 1293 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG)); 1294 } 1295 iwm_nic_unlock(sc); 1296 } 1297 iwm_disable_rx_dma(sc); 1298 1299 /* Stop RX ring. */ 1300 iwm_reset_rx_ring(sc, &sc->rxq); 1301 1302 /* Reset all TX rings. */ 1303 for (qid = 0; qid < nitems(sc->txq); qid++) 1304 iwm_reset_tx_ring(sc, &sc->txq[qid]); 1305 1306 /* 1307 * Power-down device's busmaster DMA clocks 1308 */ 1309 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, IWM_APMG_CLK_VAL_DMA_CLK_RQT); 1310 DELAY(5); 1311 1312 /* Make sure (redundant) we've released our request to stay awake */ 1313 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 1314 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1315 1316 /* Stop the device, and put it in low power state */ 1317 iwm_apm_stop(sc); 1318 1319 /* Upon stop, the APM issues an interrupt if HW RF kill is set. 1320 * Clean again the interrupt here 1321 */ 1322 iwm_disable_interrupts(sc); 1323 /* stop and reset the on-board processor */ 1324 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET); 1325 1326 /* 1327 * Even if we stop the HW, we still want the RF kill 1328 * interrupt 1329 */ 1330 iwm_enable_rfkill_int(sc); 1331 iwm_check_rfkill(sc); 1332} 1333 1334/* iwlwifi: mvm/ops.c */ 1335static void 1336iwm_mvm_nic_config(struct iwm_softc *sc) 1337{ 1338 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash; 1339 uint32_t reg_val = 0; 1340 1341 radio_cfg_type = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >> 1342 IWM_FW_PHY_CFG_RADIO_TYPE_POS; 1343 radio_cfg_step = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >> 1344 IWM_FW_PHY_CFG_RADIO_STEP_POS; 1345 radio_cfg_dash = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >> 1346 IWM_FW_PHY_CFG_RADIO_DASH_POS; 1347 1348 /* SKU control */ 1349 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) << 1350 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP; 1351 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) << 1352 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH; 1353 1354 /* radio configuration */ 1355 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE; 1356 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP; 1357 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH; 1358 1359 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val); 1360 1361 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1362 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type, 1363 radio_cfg_step, radio_cfg_dash); 1364 1365 /* 1366 * W/A : NIC is stuck in a reset state after Early PCIe power off 1367 * (PCIe power is lost before PERST# is asserted), causing ME FW 1368 * to lose ownership and not being able to obtain it back. 1369 */ 1370 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 1371 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG, 1372 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS, 1373 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS); 1374 } 1375} 1376 1377static int 1378iwm_nic_rx_init(struct iwm_softc *sc) 1379{ 1380 if (!iwm_nic_lock(sc)) 1381 return EBUSY; 1382 1383 /* 1384 * Initialize RX ring. This is from the iwn driver. 1385 */ 1386 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1387 1388 /* stop DMA */ 1389 iwm_disable_rx_dma(sc); 1390 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0); 1391 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0); 1392 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0); 1393 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0); 1394 1395 /* Set physical address of RX ring (256-byte aligned). */ 1396 IWM_WRITE(sc, 1397 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8); 1398 1399 /* Set physical address of RX status (16-byte aligned). */ 1400 IWM_WRITE(sc, 1401 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4); 1402 1403 /* Enable RX. */ 1404 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 1405 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL | 1406 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */ 1407 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL | 1408 IWM_FH_RCSR_CHNL0_RX_CONFIG_SINGLE_FRAME_MSK | 1409 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) | 1410 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K | 1411 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS); 1412 1413 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF); 1414 1415 /* W/A for interrupt coalescing bug in 7260 and 3160 */ 1416 if (sc->host_interrupt_operation_mode) 1417 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE); 1418 1419 /* 1420 * Thus sayeth el jefe (iwlwifi) via a comment: 1421 * 1422 * This value should initially be 0 (before preparing any 1423 * RBs), should be 8 after preparing the first 8 RBs (for example) 1424 */ 1425 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8); 1426 1427 iwm_nic_unlock(sc); 1428 1429 return 0; 1430} 1431 1432static int 1433iwm_nic_tx_init(struct iwm_softc *sc) 1434{ 1435 int qid; 1436 1437 if (!iwm_nic_lock(sc)) 1438 return EBUSY; 1439 1440 /* Deactivate TX scheduler. */ 1441 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1442 1443 /* Set physical address of "keep warm" page (16-byte aligned). */ 1444 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4); 1445 1446 /* Initialize TX rings. */ 1447 for (qid = 0; qid < nitems(sc->txq); qid++) { 1448 struct iwm_tx_ring *txq = &sc->txq[qid]; 1449 1450 /* Set physical address of TX ring (256-byte aligned). */ 1451 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid), 1452 txq->desc_dma.paddr >> 8); 1453 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 1454 "%s: loading ring %d descriptors (%p) at %lx\n", 1455 __func__, 1456 qid, txq->desc, 1457 (unsigned long) (txq->desc_dma.paddr >> 8)); 1458 } 1459 1460 iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE); 1461 1462 iwm_nic_unlock(sc); 1463 1464 return 0; 1465} 1466 1467static int 1468iwm_nic_init(struct iwm_softc *sc) 1469{ 1470 int error; 1471 1472 iwm_apm_init(sc); 1473 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 1474 iwm_set_pwr(sc); 1475 1476 iwm_mvm_nic_config(sc); 1477 1478 if ((error = iwm_nic_rx_init(sc)) != 0) 1479 return error; 1480 1481 /* 1482 * Ditto for TX, from iwn 1483 */ 1484 if ((error = iwm_nic_tx_init(sc)) != 0) 1485 return error; 1486 1487 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1488 "%s: shadow registers enabled\n", __func__); 1489 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff); 1490 1491 return 0; 1492} 1493 1494const uint8_t iwm_mvm_ac_to_tx_fifo[] = { 1495 IWM_MVM_TX_FIFO_VO, 1496 IWM_MVM_TX_FIFO_VI, 1497 IWM_MVM_TX_FIFO_BE, 1498 IWM_MVM_TX_FIFO_BK, 1499}; 1500 1501static int 1502iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo) 1503{ 1504 if (!iwm_nic_lock(sc)) { 1505 device_printf(sc->sc_dev, 1506 "%s: cannot enable txq %d\n", 1507 __func__, 1508 qid); 1509 return EBUSY; 1510 } 1511 1512 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0); 1513 1514 if (qid == IWM_MVM_CMD_QUEUE) { 1515 /* unactivate before configuration */ 1516 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1517 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) 1518 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN)); 1519 1520 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid)); 1521 1522 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0); 1523 1524 iwm_write_mem32(sc, sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0); 1525 /* Set scheduler window size and frame limit. */ 1526 iwm_write_mem32(sc, 1527 sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) + 1528 sizeof(uint32_t), 1529 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) & 1530 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) | 1531 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) & 1532 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK)); 1533 1534 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1535 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) | 1536 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) | 1537 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) | 1538 IWM_SCD_QUEUE_STTS_REG_MSK); 1539 } else { 1540 struct iwm_scd_txq_cfg_cmd cmd; 1541 int error; 1542 1543 iwm_nic_unlock(sc); 1544 1545 memset(&cmd, 0, sizeof(cmd)); 1546 cmd.scd_queue = qid; 1547 cmd.enable = 1; 1548 cmd.sta_id = sta_id; 1549 cmd.tx_fifo = fifo; 1550 cmd.aggregate = 0; 1551 cmd.window = IWM_FRAME_LIMIT; 1552 1553 error = iwm_mvm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC, 1554 sizeof(cmd), &cmd); 1555 if (error) { 1556 device_printf(sc->sc_dev, 1557 "cannot enable txq %d\n", qid); 1558 return error; 1559 } 1560 1561 if (!iwm_nic_lock(sc)) 1562 return EBUSY; 1563 } 1564 1565 iwm_write_prph(sc, IWM_SCD_EN_CTRL, 1566 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid); 1567 1568 iwm_nic_unlock(sc); 1569 1570 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n", 1571 __func__, qid, fifo); 1572 1573 return 0; 1574} 1575 1576static int 1577iwm_post_alive(struct iwm_softc *sc) 1578{ 1579 int nwords; 1580 int error, chnl; 1581 uint32_t base; 1582 1583 if (!iwm_nic_lock(sc)) 1584 return EBUSY; 1585 1586 base = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR); 1587 if (sc->sched_base != base) { 1588 device_printf(sc->sc_dev, 1589 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n", 1590 __func__, sc->sched_base, base); 1591 } 1592 1593 iwm_ict_reset(sc); 1594 1595 /* Clear TX scheduler state in SRAM. */ 1596 nwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND - 1597 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) 1598 / sizeof(uint32_t); 1599 error = iwm_write_mem(sc, 1600 sc->sched_base + IWM_SCD_CONTEXT_MEM_LOWER_BOUND, 1601 NULL, nwords); 1602 if (error) 1603 goto out; 1604 1605 /* Set physical address of TX scheduler rings (1KB aligned). */ 1606 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10); 1607 1608 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0); 1609 1610 iwm_nic_unlock(sc); 1611 1612 /* enable command channel */ 1613 error = iwm_enable_txq(sc, 0 /* unused */, IWM_MVM_CMD_QUEUE, 7); 1614 if (error) 1615 return error; 1616 1617 if (!iwm_nic_lock(sc)) 1618 return EBUSY; 1619 1620 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff); 1621 1622 /* Enable DMA channels. */ 1623 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1624 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 1625 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 1626 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE); 1627 } 1628 1629 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG, 1630 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN); 1631 1632 /* Enable L1-Active */ 1633 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) { 1634 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG, 1635 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS); 1636 } 1637 1638 out: 1639 iwm_nic_unlock(sc); 1640 return error; 1641} 1642 1643/* 1644 * NVM read access and content parsing. We do not support 1645 * external NVM or writing NVM. 1646 * iwlwifi/mvm/nvm.c 1647 */ 1648 1649/* list of NVM sections we are allowed/need to read */ 1650const int nvm_to_read[] = { 1651 IWM_NVM_SECTION_TYPE_HW, 1652 IWM_NVM_SECTION_TYPE_SW, 1653 IWM_NVM_SECTION_TYPE_REGULATORY, 1654 IWM_NVM_SECTION_TYPE_CALIBRATION, 1655 IWM_NVM_SECTION_TYPE_PRODUCTION, 1656 IWM_NVM_SECTION_TYPE_HW_8000, 1657 IWM_NVM_SECTION_TYPE_MAC_OVERRIDE, 1658 IWM_NVM_SECTION_TYPE_PHY_SKU, 1659}; 1660 1661/* Default NVM size to read */ 1662#define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024) 1663#define IWM_MAX_NVM_SECTION_SIZE 8192 1664 1665#define IWM_NVM_WRITE_OPCODE 1 1666#define IWM_NVM_READ_OPCODE 0 1667 1668/* load nvm chunk response */ 1669enum { 1670 IWM_READ_NVM_CHUNK_SUCCEED = 0, 1671 IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS = 1 1672}; 1673 1674static int 1675iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section, 1676 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len) 1677{ 1678 offset = 0; 1679 struct iwm_nvm_access_cmd nvm_access_cmd = { 1680 .offset = htole16(offset), 1681 .length = htole16(length), 1682 .type = htole16(section), 1683 .op_code = IWM_NVM_READ_OPCODE, 1684 }; 1685 struct iwm_nvm_access_resp *nvm_resp; 1686 struct iwm_rx_packet *pkt; 1687 struct iwm_host_cmd cmd = { 1688 .id = IWM_NVM_ACCESS_CMD, 1689 .flags = IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL, 1690 .data = { &nvm_access_cmd, }, 1691 }; 1692 int ret, bytes_read, offset_read; 1693 uint8_t *resp_data; 1694 1695 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd); 1696 1697 ret = iwm_send_cmd(sc, &cmd); 1698 if (ret) { 1699 device_printf(sc->sc_dev, 1700 "Could not send NVM_ACCESS command (error=%d)\n", ret); 1701 return ret; 1702 } 1703 1704 pkt = cmd.resp_pkt; 1705 if (pkt->hdr.flags & IWM_CMD_FAILED_MSK) { 1706 device_printf(sc->sc_dev, 1707 "Bad return from IWM_NVM_ACCES_COMMAND (0x%08X)\n", 1708 pkt->hdr.flags); 1709 ret = EIO; 1710 goto exit; 1711 } 1712 1713 /* Extract NVM response */ 1714 nvm_resp = (void *)pkt->data; 1715 1716 ret = le16toh(nvm_resp->status); 1717 bytes_read = le16toh(nvm_resp->length); 1718 offset_read = le16toh(nvm_resp->offset); 1719 resp_data = nvm_resp->data; 1720 if (ret) { 1721 if ((offset != 0) && 1722 (ret == IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS)) { 1723 /* 1724 * meaning of NOT_VALID_ADDRESS: 1725 * driver try to read chunk from address that is 1726 * multiple of 2K and got an error since addr is empty. 1727 * meaning of (offset != 0): driver already 1728 * read valid data from another chunk so this case 1729 * is not an error. 1730 */ 1731 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1732 "NVM access command failed on offset 0x%x since that section size is multiple 2K\n", 1733 offset); 1734 *len = 0; 1735 ret = 0; 1736 } else { 1737 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1738 "NVM access command failed with status %d\n", ret); 1739 ret = EIO; 1740 } 1741 goto exit; 1742 } 1743 1744 if (offset_read != offset) { 1745 device_printf(sc->sc_dev, 1746 "NVM ACCESS response with invalid offset %d\n", 1747 offset_read); 1748 ret = EINVAL; 1749 goto exit; 1750 } 1751 1752 if (bytes_read > length) { 1753 device_printf(sc->sc_dev, 1754 "NVM ACCESS response with too much data " 1755 "(%d bytes requested, %d bytes received)\n", 1756 length, bytes_read); 1757 ret = EINVAL; 1758 goto exit; 1759 } 1760 1761 memcpy(data + offset, resp_data, bytes_read); 1762 *len = bytes_read; 1763 1764 exit: 1765 iwm_free_resp(sc, &cmd); 1766 return ret; 1767} 1768 1769/* 1770 * Reads an NVM section completely. 1771 * NICs prior to 7000 family don't have a real NVM, but just read 1772 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited 1773 * by uCode, we need to manually check in this case that we don't 1774 * overflow and try to read more than the EEPROM size. 1775 * For 7000 family NICs, we supply the maximal size we can read, and 1776 * the uCode fills the response with as much data as we can, 1777 * without overflowing, so no check is needed. 1778 */ 1779static int 1780iwm_nvm_read_section(struct iwm_softc *sc, 1781 uint16_t section, uint8_t *data, uint16_t *len, size_t max_len) 1782{ 1783 uint16_t chunklen, seglen; 1784 int error = 0; 1785 1786 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1787 "reading NVM section %d\n", section); 1788 1789 chunklen = seglen = IWM_NVM_DEFAULT_CHUNK_SIZE; 1790 *len = 0; 1791 1792 /* Read NVM chunks until exhausted (reading less than requested) */ 1793 while (seglen == chunklen && *len < max_len) { 1794 error = iwm_nvm_read_chunk(sc, 1795 section, *len, chunklen, data, &seglen); 1796 if (error) { 1797 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1798 "Cannot read from NVM section " 1799 "%d at offset %d\n", section, *len); 1800 return error; 1801 } 1802 *len += seglen; 1803 } 1804 1805 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1806 "NVM section %d read completed (%d bytes, error=%d)\n", 1807 section, *len, error); 1808 return error; 1809} 1810 1811/* 1812 * BEGIN IWM_NVM_PARSE 1813 */ 1814 1815/* iwlwifi/iwl-nvm-parse.c */ 1816 1817/* NVM offsets (in words) definitions */ 1818enum iwm_nvm_offsets { 1819 /* NVM HW-Section offset (in words) definitions */ 1820 IWM_HW_ADDR = 0x15, 1821 1822/* NVM SW-Section offset (in words) definitions */ 1823 IWM_NVM_SW_SECTION = 0x1C0, 1824 IWM_NVM_VERSION = 0, 1825 IWM_RADIO_CFG = 1, 1826 IWM_SKU = 2, 1827 IWM_N_HW_ADDRS = 3, 1828 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION, 1829 1830/* NVM calibration section offset (in words) definitions */ 1831 IWM_NVM_CALIB_SECTION = 0x2B8, 1832 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION 1833}; 1834 1835enum iwm_8000_nvm_offsets { 1836 /* NVM HW-Section offset (in words) definitions */ 1837 IWM_HW_ADDR0_WFPM_8000 = 0x12, 1838 IWM_HW_ADDR1_WFPM_8000 = 0x16, 1839 IWM_HW_ADDR0_PCIE_8000 = 0x8A, 1840 IWM_HW_ADDR1_PCIE_8000 = 0x8E, 1841 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1, 1842 1843 /* NVM SW-Section offset (in words) definitions */ 1844 IWM_NVM_SW_SECTION_8000 = 0x1C0, 1845 IWM_NVM_VERSION_8000 = 0, 1846 IWM_RADIO_CFG_8000 = 0, 1847 IWM_SKU_8000 = 2, 1848 IWM_N_HW_ADDRS_8000 = 3, 1849 1850 /* NVM REGULATORY -Section offset (in words) definitions */ 1851 IWM_NVM_CHANNELS_8000 = 0, 1852 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7, 1853 IWM_NVM_LAR_OFFSET_8000 = 0x507, 1854 IWM_NVM_LAR_ENABLED_8000 = 0x7, 1855 1856 /* NVM calibration section offset (in words) definitions */ 1857 IWM_NVM_CALIB_SECTION_8000 = 0x2B8, 1858 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000 1859}; 1860 1861/* SKU Capabilities (actual values from NVM definition) */ 1862enum nvm_sku_bits { 1863 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0), 1864 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1), 1865 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2), 1866 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3), 1867}; 1868 1869/* radio config bits (actual values from NVM definition) */ 1870#define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */ 1871#define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */ 1872#define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */ 1873#define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */ 1874#define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */ 1875#define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */ 1876 1877#define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF) 1878#define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF) 1879#define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF) 1880#define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF) 1881#define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF) 1882#define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF) 1883 1884#define DEFAULT_MAX_TX_POWER 16 1885 1886/** 1887 * enum iwm_nvm_channel_flags - channel flags in NVM 1888 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo 1889 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel 1890 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed 1891 * @IWM_NVM_CHANNEL_RADAR: radar detection required 1892 * XXX cannot find this (DFS) flag in iwl-nvm-parse.c 1893 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate 1894 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?) 1895 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?) 1896 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?) 1897 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?) 1898 */ 1899enum iwm_nvm_channel_flags { 1900 IWM_NVM_CHANNEL_VALID = (1 << 0), 1901 IWM_NVM_CHANNEL_IBSS = (1 << 1), 1902 IWM_NVM_CHANNEL_ACTIVE = (1 << 3), 1903 IWM_NVM_CHANNEL_RADAR = (1 << 4), 1904 IWM_NVM_CHANNEL_DFS = (1 << 7), 1905 IWM_NVM_CHANNEL_WIDE = (1 << 8), 1906 IWM_NVM_CHANNEL_40MHZ = (1 << 9), 1907 IWM_NVM_CHANNEL_80MHZ = (1 << 10), 1908 IWM_NVM_CHANNEL_160MHZ = (1 << 11), 1909}; 1910 1911/* 1912 * Translate EEPROM flags to net80211. 1913 */ 1914static uint32_t 1915iwm_eeprom_channel_flags(uint16_t ch_flags) 1916{ 1917 uint32_t nflags; 1918 1919 nflags = 0; 1920 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0) 1921 nflags |= IEEE80211_CHAN_PASSIVE; 1922 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0) 1923 nflags |= IEEE80211_CHAN_NOADHOC; 1924 if (ch_flags & IWM_NVM_CHANNEL_RADAR) { 1925 nflags |= IEEE80211_CHAN_DFS; 1926 /* Just in case. */ 1927 nflags |= IEEE80211_CHAN_NOADHOC; 1928 } 1929 1930 return (nflags); 1931} 1932 1933static void 1934iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[], 1935 int maxchans, int *nchans, int ch_idx, size_t ch_num, 1936 const uint8_t bands[]) 1937{ 1938 const uint16_t * const nvm_ch_flags = sc->sc_nvm.nvm_ch_flags; 1939 uint32_t nflags; 1940 uint16_t ch_flags; 1941 uint8_t ieee; 1942 int error; 1943 1944 for (; ch_idx < ch_num; ch_idx++) { 1945 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx); 1946 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 1947 ieee = iwm_nvm_channels[ch_idx]; 1948 else 1949 ieee = iwm_nvm_channels_8000[ch_idx]; 1950 1951 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) { 1952 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 1953 "Ch. %d Flags %x [%sGHz] - No traffic\n", 1954 ieee, ch_flags, 1955 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 1956 "5.2" : "2.4"); 1957 continue; 1958 } 1959 1960 nflags = iwm_eeprom_channel_flags(ch_flags); 1961 error = ieee80211_add_channel(chans, maxchans, nchans, 1962 ieee, 0, 0, nflags, bands); 1963 if (error != 0) 1964 break; 1965 1966 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 1967 "Ch. %d Flags %x [%sGHz] - Added\n", 1968 ieee, ch_flags, 1969 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 1970 "5.2" : "2.4"); 1971 } 1972} 1973 1974static void 1975iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans, 1976 struct ieee80211_channel chans[]) 1977{ 1978 struct iwm_softc *sc = ic->ic_softc; 1979 struct iwm_nvm_data *data = &sc->sc_nvm; 1980 uint8_t bands[IEEE80211_MODE_BYTES]; 1981 size_t ch_num; 1982 1983 memset(bands, 0, sizeof(bands)); 1984 /* 1-13: 11b/g channels. */ 1985 setbit(bands, IEEE80211_MODE_11B); 1986 setbit(bands, IEEE80211_MODE_11G); 1987 iwm_add_channel_band(sc, chans, maxchans, nchans, 0, 1988 IWM_NUM_2GHZ_CHANNELS - 1, bands); 1989 1990 /* 14: 11b channel only. */ 1991 clrbit(bands, IEEE80211_MODE_11G); 1992 iwm_add_channel_band(sc, chans, maxchans, nchans, 1993 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands); 1994 1995 if (data->sku_cap_band_52GHz_enable) { 1996 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 1997 ch_num = nitems(iwm_nvm_channels); 1998 else 1999 ch_num = nitems(iwm_nvm_channels_8000); 2000 memset(bands, 0, sizeof(bands)); 2001 setbit(bands, IEEE80211_MODE_11A); 2002 iwm_add_channel_band(sc, chans, maxchans, nchans, 2003 IWM_NUM_2GHZ_CHANNELS, ch_num, bands); 2004 } 2005} 2006 2007static void 2008iwm_set_hw_address_8000(struct iwm_softc *sc, struct iwm_nvm_data *data, 2009 const uint16_t *mac_override, const uint16_t *nvm_hw) 2010{ 2011 const uint8_t *hw_addr; 2012 2013 if (mac_override) { 2014 static const uint8_t reserved_mac[] = { 2015 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00 2016 }; 2017 2018 hw_addr = (const uint8_t *)(mac_override + 2019 IWM_MAC_ADDRESS_OVERRIDE_8000); 2020 2021 /* 2022 * Store the MAC address from MAO section. 2023 * No byte swapping is required in MAO section 2024 */ 2025 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr); 2026 2027 /* 2028 * Force the use of the OTP MAC address in case of reserved MAC 2029 * address in the NVM, or if address is given but invalid. 2030 */ 2031 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) && 2032 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) && 2033 iwm_is_valid_ether_addr(data->hw_addr) && 2034 !IEEE80211_IS_MULTICAST(data->hw_addr)) 2035 return; 2036 2037 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2038 "%s: mac address from nvm override section invalid\n", 2039 __func__); 2040 } 2041 2042 if (nvm_hw) { 2043 /* read the mac address from WFMP registers */ 2044 uint32_t mac_addr0 = 2045 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0)); 2046 uint32_t mac_addr1 = 2047 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1)); 2048 2049 hw_addr = (const uint8_t *)&mac_addr0; 2050 data->hw_addr[0] = hw_addr[3]; 2051 data->hw_addr[1] = hw_addr[2]; 2052 data->hw_addr[2] = hw_addr[1]; 2053 data->hw_addr[3] = hw_addr[0]; 2054 2055 hw_addr = (const uint8_t *)&mac_addr1; 2056 data->hw_addr[4] = hw_addr[1]; 2057 data->hw_addr[5] = hw_addr[0]; 2058 2059 return; 2060 } 2061 2062 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__); 2063 memset(data->hw_addr, 0, sizeof(data->hw_addr)); 2064} 2065 2066static int 2067iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2068 const uint16_t *phy_sku) 2069{ 2070 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) 2071 return le16_to_cpup(nvm_sw + IWM_SKU); 2072 2073 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000)); 2074} 2075 2076static int 2077iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2078{ 2079 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) 2080 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION); 2081 else 2082 return le32_to_cpup((const uint32_t *)(nvm_sw + 2083 IWM_NVM_VERSION_8000)); 2084} 2085 2086static int 2087iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2088 const uint16_t *phy_sku) 2089{ 2090 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) 2091 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG); 2092 2093 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000)); 2094} 2095 2096static int 2097iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2098{ 2099 int n_hw_addr; 2100 2101 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) 2102 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS); 2103 2104 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000)); 2105 2106 return n_hw_addr & IWM_N_HW_ADDR_MASK; 2107} 2108 2109static void 2110iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data, 2111 uint32_t radio_cfg) 2112{ 2113 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) { 2114 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg); 2115 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg); 2116 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg); 2117 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg); 2118 return; 2119 } 2120 2121 /* set the radio configuration for family 8000 */ 2122 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg); 2123 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg); 2124 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg); 2125 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg); 2126 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg); 2127 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg); 2128} 2129 2130static int 2131iwm_parse_nvm_data(struct iwm_softc *sc, 2132 const uint16_t *nvm_hw, const uint16_t *nvm_sw, 2133 const uint16_t *nvm_calib, const uint16_t *mac_override, 2134 const uint16_t *phy_sku, const uint16_t *regulatory) 2135{ 2136 struct iwm_nvm_data *data = &sc->sc_nvm; 2137 uint8_t hw_addr[IEEE80211_ADDR_LEN]; 2138 uint32_t sku, radio_cfg; 2139 2140 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw); 2141 2142 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku); 2143 iwm_set_radio_cfg(sc, data, radio_cfg); 2144 2145 sku = iwm_get_sku(sc, nvm_sw, phy_sku); 2146 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ; 2147 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ; 2148 data->sku_cap_11n_enable = 0; 2149 2150 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw); 2151 2152 /* The byte order is little endian 16 bit, meaning 214365 */ 2153 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 2154 IEEE80211_ADDR_COPY(hw_addr, nvm_hw + IWM_HW_ADDR); 2155 data->hw_addr[0] = hw_addr[1]; 2156 data->hw_addr[1] = hw_addr[0]; 2157 data->hw_addr[2] = hw_addr[3]; 2158 data->hw_addr[3] = hw_addr[2]; 2159 data->hw_addr[4] = hw_addr[5]; 2160 data->hw_addr[5] = hw_addr[4]; 2161 } else { 2162 iwm_set_hw_address_8000(sc, data, mac_override, nvm_hw); 2163 } 2164 2165 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 2166 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS], 2167 IWM_NUM_CHANNELS * sizeof(uint16_t)); 2168 } else { 2169 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000], 2170 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t)); 2171 } 2172 2173 return 0; 2174} 2175 2176/* 2177 * END NVM PARSE 2178 */ 2179 2180static int 2181iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections) 2182{ 2183 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku; 2184 2185 /* Checking for required sections */ 2186 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 2187 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2188 !sections[IWM_NVM_SECTION_TYPE_HW].data) { 2189 device_printf(sc->sc_dev, 2190 "Can't parse empty OTP/NVM sections\n"); 2191 return ENOENT; 2192 } 2193 2194 hw = (const uint16_t *) sections[IWM_NVM_SECTION_TYPE_HW].data; 2195 } else if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) { 2196 /* SW and REGULATORY sections are mandatory */ 2197 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2198 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) { 2199 device_printf(sc->sc_dev, 2200 "Can't parse empty OTP/NVM sections\n"); 2201 return ENOENT; 2202 } 2203 /* MAC_OVERRIDE or at least HW section must exist */ 2204 if (!sections[IWM_NVM_SECTION_TYPE_HW_8000].data && 2205 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) { 2206 device_printf(sc->sc_dev, 2207 "Can't parse mac_address, empty sections\n"); 2208 return ENOENT; 2209 } 2210 2211 /* PHY_SKU section is mandatory in B0 */ 2212 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) { 2213 device_printf(sc->sc_dev, 2214 "Can't parse phy_sku in B0, empty sections\n"); 2215 return ENOENT; 2216 } 2217 2218 hw = (const uint16_t *) 2219 sections[IWM_NVM_SECTION_TYPE_HW_8000].data; 2220 } else { 2221 panic("unknown device family %d\n", sc->sc_device_family); 2222 } 2223 2224 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data; 2225 calib = (const uint16_t *) 2226 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data; 2227 regulatory = (const uint16_t *) 2228 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data; 2229 mac_override = (const uint16_t *) 2230 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data; 2231 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data; 2232 2233 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override, 2234 phy_sku, regulatory); 2235} 2236 2237static int 2238iwm_nvm_init(struct iwm_softc *sc) 2239{ 2240 struct iwm_nvm_section nvm_sections[IWM_NVM_NUM_OF_SECTIONS]; 2241 int i, section, error; 2242 uint16_t len; 2243 uint8_t *buf; 2244 const size_t bufsz = IWM_MAX_NVM_SECTION_SIZE; 2245 2246 memset(nvm_sections, 0 , sizeof(nvm_sections)); 2247 2248 buf = malloc(bufsz, M_DEVBUF, M_NOWAIT); 2249 if (buf == NULL) 2250 return ENOMEM; 2251 2252 for (i = 0; i < nitems(nvm_to_read); i++) { 2253 section = nvm_to_read[i]; 2254 KASSERT(section <= nitems(nvm_sections), 2255 ("too many sections")); 2256 2257 error = iwm_nvm_read_section(sc, section, buf, &len, bufsz); 2258 if (error) { 2259 error = 0; 2260 continue; 2261 } 2262 nvm_sections[section].data = malloc(len, M_DEVBUF, M_NOWAIT); 2263 if (nvm_sections[section].data == NULL) { 2264 error = ENOMEM; 2265 break; 2266 } 2267 memcpy(nvm_sections[section].data, buf, len); 2268 nvm_sections[section].length = len; 2269 } 2270 free(buf, M_DEVBUF); 2271 if (error == 0) 2272 error = iwm_parse_nvm_sections(sc, nvm_sections); 2273 2274 for (i = 0; i < IWM_NVM_NUM_OF_SECTIONS; i++) { 2275 if (nvm_sections[i].data != NULL) 2276 free(nvm_sections[i].data, M_DEVBUF); 2277 } 2278 2279 return error; 2280} 2281 2282/* 2283 * Firmware loading gunk. This is kind of a weird hybrid between the 2284 * iwn driver and the Linux iwlwifi driver. 2285 */ 2286 2287static int 2288iwm_firmware_load_sect(struct iwm_softc *sc, uint32_t dst_addr, 2289 const uint8_t *section, uint32_t byte_cnt) 2290{ 2291 int error = EINVAL; 2292 uint32_t chunk_sz, offset; 2293 2294 chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, byte_cnt); 2295 2296 for (offset = 0; offset < byte_cnt; offset += chunk_sz) { 2297 uint32_t addr, len; 2298 const uint8_t *data; 2299 2300 addr = dst_addr + offset; 2301 len = MIN(chunk_sz, byte_cnt - offset); 2302 data = section + offset; 2303 2304 error = iwm_firmware_load_chunk(sc, addr, data, len); 2305 if (error) 2306 break; 2307 } 2308 2309 return error; 2310} 2311 2312static int 2313iwm_firmware_load_chunk(struct iwm_softc *sc, uint32_t dst_addr, 2314 const uint8_t *chunk, uint32_t byte_cnt) 2315{ 2316 struct iwm_dma_info *dma = &sc->fw_dma; 2317 int error; 2318 2319 /* Copy firmware chunk into pre-allocated DMA-safe memory. */ 2320 memcpy(dma->vaddr, chunk, byte_cnt); 2321 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 2322 2323 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 2324 dst_addr <= IWM_FW_MEM_EXTENDED_END) { 2325 iwm_set_bits_prph(sc, IWM_LMPM_CHICK, 2326 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2327 } 2328 2329 sc->sc_fw_chunk_done = 0; 2330 2331 if (!iwm_nic_lock(sc)) 2332 return EBUSY; 2333 2334 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2335 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE); 2336 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL), 2337 dst_addr); 2338 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL), 2339 dma->paddr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK); 2340 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL), 2341 (iwm_get_dma_hi_addr(dma->paddr) 2342 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt); 2343 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL), 2344 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM | 2345 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX | 2346 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID); 2347 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2348 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 2349 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE | 2350 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD); 2351 2352 iwm_nic_unlock(sc); 2353 2354 /* wait 1s for this segment to load */ 2355 while (!sc->sc_fw_chunk_done) 2356 if ((error = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz)) != 0) 2357 break; 2358 2359 if (!sc->sc_fw_chunk_done) { 2360 device_printf(sc->sc_dev, 2361 "fw chunk addr 0x%x len %d failed to load\n", 2362 dst_addr, byte_cnt); 2363 } 2364 2365 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 2366 dst_addr <= IWM_FW_MEM_EXTENDED_END && iwm_nic_lock(sc)) { 2367 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK, 2368 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2369 iwm_nic_unlock(sc); 2370 } 2371 2372 return error; 2373} 2374 2375int 2376iwm_load_cpu_sections_8000(struct iwm_softc *sc, struct iwm_fw_sects *fws, 2377 int cpu, int *first_ucode_section) 2378{ 2379 int shift_param; 2380 int i, error = 0, sec_num = 0x1; 2381 uint32_t val, last_read_idx = 0; 2382 const void *data; 2383 uint32_t dlen; 2384 uint32_t offset; 2385 2386 if (cpu == 1) { 2387 shift_param = 0; 2388 *first_ucode_section = 0; 2389 } else { 2390 shift_param = 16; 2391 (*first_ucode_section)++; 2392 } 2393 2394 for (i = *first_ucode_section; i < IWM_UCODE_SECT_MAX; i++) { 2395 last_read_idx = i; 2396 data = fws->fw_sect[i].fws_data; 2397 dlen = fws->fw_sect[i].fws_len; 2398 offset = fws->fw_sect[i].fws_devoff; 2399 2400 /* 2401 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between 2402 * CPU1 to CPU2. 2403 * PAGING_SEPARATOR_SECTION delimiter - separate between 2404 * CPU2 non paged to CPU2 paging sec. 2405 */ 2406 if (!data || offset == IWM_CPU1_CPU2_SEPARATOR_SECTION || 2407 offset == IWM_PAGING_SEPARATOR_SECTION) 2408 break; 2409 2410 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2411 "LOAD FIRMWARE chunk %d offset 0x%x len %d for cpu %d\n", 2412 i, offset, dlen, cpu); 2413 2414 if (dlen > sc->sc_fwdmasegsz) { 2415 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2416 "chunk %d too large (%d bytes)\n", i, dlen); 2417 error = EFBIG; 2418 } else { 2419 error = iwm_firmware_load_sect(sc, offset, data, dlen); 2420 } 2421 if (error) { 2422 device_printf(sc->sc_dev, 2423 "could not load firmware chunk %d (error %d)\n", 2424 i, error); 2425 return error; 2426 } 2427 2428 /* Notify the ucode of the loaded section number and status */ 2429 if (iwm_nic_lock(sc)) { 2430 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS); 2431 val = val | (sec_num << shift_param); 2432 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val); 2433 sec_num = (sec_num << 1) | 0x1; 2434 iwm_nic_unlock(sc); 2435 2436 /* 2437 * The firmware won't load correctly without this delay. 2438 */ 2439 DELAY(8000); 2440 } 2441 } 2442 2443 *first_ucode_section = last_read_idx; 2444 2445 if (iwm_nic_lock(sc)) { 2446 if (cpu == 1) 2447 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF); 2448 else 2449 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF); 2450 iwm_nic_unlock(sc); 2451 } 2452 2453 return 0; 2454} 2455 2456int 2457iwm_load_firmware_8000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2458{ 2459 struct iwm_fw_sects *fws; 2460 int error = 0; 2461 int first_ucode_section; 2462 2463 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "loading ucode type %d\n", 2464 ucode_type); 2465 2466 fws = &sc->sc_fw.fw_sects[ucode_type]; 2467 2468 /* configure the ucode to be ready to get the secured image */ 2469 /* release CPU reset */ 2470 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET, IWM_RELEASE_CPU_RESET_BIT); 2471 2472 /* load to FW the binary Secured sections of CPU1 */ 2473 error = iwm_load_cpu_sections_8000(sc, fws, 1, &first_ucode_section); 2474 if (error) 2475 return error; 2476 2477 /* load to FW the binary sections of CPU2 */ 2478 return iwm_load_cpu_sections_8000(sc, fws, 2, &first_ucode_section); 2479} 2480 2481static int 2482iwm_load_firmware_7000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2483{ 2484 struct iwm_fw_sects *fws; 2485 int error, i; 2486 const void *data; 2487 uint32_t dlen; 2488 uint32_t offset; 2489 2490 sc->sc_uc.uc_intr = 0; 2491 2492 fws = &sc->sc_fw.fw_sects[ucode_type]; 2493 for (i = 0; i < fws->fw_count; i++) { 2494 data = fws->fw_sect[i].fws_data; 2495 dlen = fws->fw_sect[i].fws_len; 2496 offset = fws->fw_sect[i].fws_devoff; 2497 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 2498 "LOAD FIRMWARE type %d offset %u len %d\n", 2499 ucode_type, offset, dlen); 2500 if (dlen > sc->sc_fwdmasegsz) { 2501 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 2502 "chunk %d too large (%d bytes)\n", i, dlen); 2503 error = EFBIG; 2504 } else { 2505 error = iwm_firmware_load_sect(sc, offset, data, dlen); 2506 } 2507 if (error) { 2508 device_printf(sc->sc_dev, 2509 "could not load firmware chunk %u of %u " 2510 "(error=%d)\n", i, fws->fw_count, error); 2511 return error; 2512 } 2513 } 2514 2515 IWM_WRITE(sc, IWM_CSR_RESET, 0); 2516 2517 return 0; 2518} 2519 2520static int 2521iwm_load_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2522{ 2523 int error, w; 2524 2525 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) 2526 error = iwm_load_firmware_8000(sc, ucode_type); 2527 else 2528 error = iwm_load_firmware_7000(sc, ucode_type); 2529 if (error) 2530 return error; 2531 2532 /* wait for the firmware to load */ 2533 for (w = 0; !sc->sc_uc.uc_intr && w < 10; w++) { 2534 error = msleep(&sc->sc_uc, &sc->sc_mtx, 0, "iwmuc", hz/10); 2535 } 2536 if (error || !sc->sc_uc.uc_ok) { 2537 device_printf(sc->sc_dev, "could not load firmware\n"); 2538 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) { 2539 device_printf(sc->sc_dev, "cpu1 status: 0x%x\n", 2540 iwm_read_prph(sc, IWM_SB_CPU_1_STATUS)); 2541 device_printf(sc->sc_dev, "cpu2 status: 0x%x\n", 2542 iwm_read_prph(sc, IWM_SB_CPU_2_STATUS)); 2543 } 2544 } 2545 2546 /* 2547 * Give the firmware some time to initialize. 2548 * Accessing it too early causes errors. 2549 */ 2550 msleep(&w, &sc->sc_mtx, 0, "iwmfwinit", hz); 2551 2552 return error; 2553} 2554 2555/* iwlwifi: pcie/trans.c */ 2556static int 2557iwm_start_fw(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2558{ 2559 int error; 2560 2561 IWM_WRITE(sc, IWM_CSR_INT, ~0); 2562 2563 if ((error = iwm_nic_init(sc)) != 0) { 2564 device_printf(sc->sc_dev, "unable to init nic\n"); 2565 return error; 2566 } 2567 2568 /* make sure rfkill handshake bits are cleared */ 2569 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2570 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, 2571 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED); 2572 2573 /* clear (again), then enable host interrupts */ 2574 IWM_WRITE(sc, IWM_CSR_INT, ~0); 2575 iwm_enable_interrupts(sc); 2576 2577 /* really make sure rfkill handshake bits are cleared */ 2578 /* maybe we should write a few times more? just to make sure */ 2579 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2580 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2581 2582 /* Load the given image to the HW */ 2583 return iwm_load_firmware(sc, ucode_type); 2584} 2585 2586static int 2587iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant) 2588{ 2589 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = { 2590 .valid = htole32(valid_tx_ant), 2591 }; 2592 2593 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD, 2594 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd); 2595} 2596 2597/* iwlwifi: mvm/fw.c */ 2598static int 2599iwm_send_phy_cfg_cmd(struct iwm_softc *sc) 2600{ 2601 struct iwm_phy_cfg_cmd phy_cfg_cmd; 2602 enum iwm_ucode_type ucode_type = sc->sc_uc_current; 2603 2604 /* Set parameters */ 2605 phy_cfg_cmd.phy_cfg = htole32(sc->sc_fw_phy_config); 2606 phy_cfg_cmd.calib_control.event_trigger = 2607 sc->sc_default_calib[ucode_type].event_trigger; 2608 phy_cfg_cmd.calib_control.flow_trigger = 2609 sc->sc_default_calib[ucode_type].flow_trigger; 2610 2611 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET, 2612 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg); 2613 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC, 2614 sizeof(phy_cfg_cmd), &phy_cfg_cmd); 2615} 2616 2617static int 2618iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc, 2619 enum iwm_ucode_type ucode_type) 2620{ 2621 enum iwm_ucode_type old_type = sc->sc_uc_current; 2622 int error; 2623 2624 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) { 2625 device_printf(sc->sc_dev, "iwm_read_firmware: failed %d\n", 2626 error); 2627 return error; 2628 } 2629 2630 sc->sc_uc_current = ucode_type; 2631 error = iwm_start_fw(sc, ucode_type); 2632 if (error) { 2633 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error); 2634 sc->sc_uc_current = old_type; 2635 return error; 2636 } 2637 2638 error = iwm_post_alive(sc); 2639 if (error) { 2640 device_printf(sc->sc_dev, "iwm_fw_alive: failed %d\n", error); 2641 } 2642 return error; 2643} 2644 2645/* 2646 * mvm misc bits 2647 */ 2648 2649/* 2650 * follows iwlwifi/fw.c 2651 */ 2652static int 2653iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm) 2654{ 2655 int error; 2656 2657 /* do not operate with rfkill switch turned on */ 2658 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) { 2659 device_printf(sc->sc_dev, 2660 "radio is disabled by hardware switch\n"); 2661 return EPERM; 2662 } 2663 2664 sc->sc_init_complete = 0; 2665 if ((error = iwm_mvm_load_ucode_wait_alive(sc, 2666 IWM_UCODE_TYPE_INIT)) != 0) { 2667 device_printf(sc->sc_dev, "failed to load init firmware\n"); 2668 return error; 2669 } 2670 2671 if (justnvm) { 2672 if ((error = iwm_nvm_init(sc)) != 0) { 2673 device_printf(sc->sc_dev, "failed to read nvm\n"); 2674 return error; 2675 } 2676 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->sc_nvm.hw_addr); 2677 2678 return 0; 2679 } 2680 2681 if ((error = iwm_send_bt_init_conf(sc)) != 0) { 2682 device_printf(sc->sc_dev, 2683 "failed to send bt coex configuration: %d\n", error); 2684 return error; 2685 } 2686 2687 /* Init Smart FIFO. */ 2688 error = iwm_mvm_sf_config(sc, IWM_SF_INIT_OFF); 2689 if (error != 0) 2690 return error; 2691 2692 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2693 "%s: phy_txant=0x%08x, nvm_valid_tx_ant=0x%02x, valid=0x%02x\n", 2694 __func__, 2695 ((sc->sc_fw_phy_config & IWM_FW_PHY_CFG_TX_CHAIN) 2696 >> IWM_FW_PHY_CFG_TX_CHAIN_POS), 2697 sc->sc_nvm.valid_tx_ant, 2698 iwm_fw_valid_tx_ant(sc)); 2699 2700 2701 /* Send TX valid antennas before triggering calibrations */ 2702 if ((error = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc))) != 0) { 2703 device_printf(sc->sc_dev, 2704 "failed to send antennas before calibration: %d\n", error); 2705 return error; 2706 } 2707 2708 /* 2709 * Send phy configurations command to init uCode 2710 * to start the 16.0 uCode init image internal calibrations. 2711 */ 2712 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0 ) { 2713 device_printf(sc->sc_dev, 2714 "%s: failed to run internal calibration: %d\n", 2715 __func__, error); 2716 return error; 2717 } 2718 2719 /* 2720 * Nothing to do but wait for the init complete notification 2721 * from the firmware 2722 */ 2723 while (!sc->sc_init_complete) { 2724 error = msleep(&sc->sc_init_complete, &sc->sc_mtx, 2725 0, "iwminit", 2*hz); 2726 if (error) { 2727 device_printf(sc->sc_dev, "init complete failed: %d\n", 2728 sc->sc_init_complete); 2729 break; 2730 } 2731 } 2732 2733 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "init %scomplete\n", 2734 sc->sc_init_complete ? "" : "not "); 2735 2736 return error; 2737} 2738 2739/* 2740 * receive side 2741 */ 2742 2743/* (re)stock rx ring, called at init-time and at runtime */ 2744static int 2745iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx) 2746{ 2747 struct iwm_rx_ring *ring = &sc->rxq; 2748 struct iwm_rx_data *data = &ring->data[idx]; 2749 struct mbuf *m; 2750 bus_dmamap_t dmamap = NULL; 2751 bus_dma_segment_t seg; 2752 int nsegs, error; 2753 2754 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE); 2755 if (m == NULL) 2756 return ENOBUFS; 2757 2758 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size; 2759 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m, 2760 &seg, &nsegs, BUS_DMA_NOWAIT); 2761 if (error != 0) { 2762 device_printf(sc->sc_dev, 2763 "%s: can't map mbuf, error %d\n", __func__, error); 2764 goto fail; 2765 } 2766 2767 if (data->m != NULL) 2768 bus_dmamap_unload(ring->data_dmat, data->map); 2769 2770 /* Swap ring->spare_map with data->map */ 2771 dmamap = data->map; 2772 data->map = ring->spare_map; 2773 ring->spare_map = dmamap; 2774 2775 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD); 2776 data->m = m; 2777 2778 /* Update RX descriptor. */ 2779 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned")); 2780 ring->desc[idx] = htole32(seg.ds_addr >> 8); 2781 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2782 BUS_DMASYNC_PREWRITE); 2783 2784 return 0; 2785fail: 2786 m_freem(m); 2787 return error; 2788} 2789 2790/* iwlwifi: mvm/rx.c */ 2791#define IWM_RSSI_OFFSET 50 2792static int 2793iwm_mvm_calc_rssi(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 2794{ 2795 int rssi_a, rssi_b, rssi_a_dbm, rssi_b_dbm, max_rssi_dbm; 2796 uint32_t agc_a, agc_b; 2797 uint32_t val; 2798 2799 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_AGC_IDX]); 2800 agc_a = (val & IWM_OFDM_AGC_A_MSK) >> IWM_OFDM_AGC_A_POS; 2801 agc_b = (val & IWM_OFDM_AGC_B_MSK) >> IWM_OFDM_AGC_B_POS; 2802 2803 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_RSSI_AB_IDX]); 2804 rssi_a = (val & IWM_OFDM_RSSI_INBAND_A_MSK) >> IWM_OFDM_RSSI_A_POS; 2805 rssi_b = (val & IWM_OFDM_RSSI_INBAND_B_MSK) >> IWM_OFDM_RSSI_B_POS; 2806 2807 /* 2808 * dBm = rssi dB - agc dB - constant. 2809 * Higher AGC (higher radio gain) means lower signal. 2810 */ 2811 rssi_a_dbm = rssi_a - IWM_RSSI_OFFSET - agc_a; 2812 rssi_b_dbm = rssi_b - IWM_RSSI_OFFSET - agc_b; 2813 max_rssi_dbm = MAX(rssi_a_dbm, rssi_b_dbm); 2814 2815 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2816 "Rssi In A %d B %d Max %d AGCA %d AGCB %d\n", 2817 rssi_a_dbm, rssi_b_dbm, max_rssi_dbm, agc_a, agc_b); 2818 2819 return max_rssi_dbm; 2820} 2821 2822/* iwlwifi: mvm/rx.c */ 2823/* 2824 * iwm_mvm_get_signal_strength - use new rx PHY INFO API 2825 * values are reported by the fw as positive values - need to negate 2826 * to obtain their dBM. Account for missing antennas by replacing 0 2827 * values by -256dBm: practically 0 power and a non-feasible 8 bit value. 2828 */ 2829static int 2830iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 2831{ 2832 int energy_a, energy_b, energy_c, max_energy; 2833 uint32_t val; 2834 2835 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]); 2836 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >> 2837 IWM_RX_INFO_ENERGY_ANT_A_POS; 2838 energy_a = energy_a ? -energy_a : -256; 2839 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >> 2840 IWM_RX_INFO_ENERGY_ANT_B_POS; 2841 energy_b = energy_b ? -energy_b : -256; 2842 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >> 2843 IWM_RX_INFO_ENERGY_ANT_C_POS; 2844 energy_c = energy_c ? -energy_c : -256; 2845 max_energy = MAX(energy_a, energy_b); 2846 max_energy = MAX(max_energy, energy_c); 2847 2848 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2849 "energy In A %d B %d C %d , and max %d\n", 2850 energy_a, energy_b, energy_c, max_energy); 2851 2852 return max_energy; 2853} 2854 2855static void 2856iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc, 2857 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 2858{ 2859 struct iwm_rx_phy_info *phy_info = (void *)pkt->data; 2860 2861 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n"); 2862 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD); 2863 2864 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info)); 2865} 2866 2867/* 2868 * Retrieve the average noise (in dBm) among receivers. 2869 */ 2870static int 2871iwm_get_noise(struct iwm_softc *sc, 2872 const struct iwm_mvm_statistics_rx_non_phy *stats) 2873{ 2874 int i, total, nbant, noise; 2875 2876 total = nbant = noise = 0; 2877 for (i = 0; i < 3; i++) { 2878 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff; 2879 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n", 2880 __func__, 2881 i, 2882 noise); 2883 2884 if (noise) { 2885 total += noise; 2886 nbant++; 2887 } 2888 } 2889 2890 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n", 2891 __func__, nbant, total); 2892#if 0 2893 /* There should be at least one antenna but check anyway. */ 2894 return (nbant == 0) ? -127 : (total / nbant) - 107; 2895#else 2896 /* For now, just hard-code it to -96 to be safe */ 2897 return (-96); 2898#endif 2899} 2900 2901/* 2902 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler 2903 * 2904 * Handles the actual data of the Rx packet from the fw 2905 */ 2906static void 2907iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc, 2908 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 2909{ 2910 struct ieee80211com *ic = &sc->sc_ic; 2911 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2912 struct ieee80211_frame *wh; 2913 struct ieee80211_node *ni; 2914 struct ieee80211_rx_stats rxs; 2915 struct mbuf *m; 2916 struct iwm_rx_phy_info *phy_info; 2917 struct iwm_rx_mpdu_res_start *rx_res; 2918 uint32_t len; 2919 uint32_t rx_pkt_status; 2920 int rssi; 2921 2922 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD); 2923 2924 phy_info = &sc->sc_last_phy_info; 2925 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data; 2926 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res)); 2927 len = le16toh(rx_res->byte_count); 2928 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len)); 2929 2930 m = data->m; 2931 m->m_data = pkt->data + sizeof(*rx_res); 2932 m->m_pkthdr.len = m->m_len = len; 2933 2934 if (__predict_false(phy_info->cfg_phy_cnt > 20)) { 2935 device_printf(sc->sc_dev, 2936 "dsp size out of range [0,20]: %d\n", 2937 phy_info->cfg_phy_cnt); 2938 goto fail; 2939 } 2940 2941 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) || 2942 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) { 2943 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2944 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status); 2945 goto fail; 2946 } 2947 2948 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_RX_ENERGY_API) { 2949 rssi = iwm_mvm_get_signal_strength(sc, phy_info); 2950 } else { 2951 rssi = iwm_mvm_calc_rssi(sc, phy_info); 2952 } 2953 2954 /* Note: RSSI is absolute (ie a -ve value) */ 2955 if (rssi < IWM_MIN_DBM) 2956 rssi = IWM_MIN_DBM; 2957 else if (rssi > IWM_MAX_DBM) 2958 rssi = IWM_MAX_DBM; 2959 2960 /* Map it to relative value */ 2961 rssi = rssi - sc->sc_noise; 2962 2963 /* replenish ring for the buffer we're going to feed to the sharks */ 2964 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) { 2965 device_printf(sc->sc_dev, "%s: unable to add more buffers\n", 2966 __func__); 2967 goto fail; 2968 } 2969 2970 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2971 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise); 2972 2973 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 2974 2975 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2976 "%s: phy_info: channel=%d, flags=0x%08x\n", 2977 __func__, 2978 le16toh(phy_info->channel), 2979 le16toh(phy_info->phy_flags)); 2980 2981 /* 2982 * Populate an RX state struct with the provided information. 2983 */ 2984 bzero(&rxs, sizeof(rxs)); 2985 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; 2986 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 2987 rxs.c_ieee = le16toh(phy_info->channel); 2988 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) { 2989 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ); 2990 } else { 2991 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ); 2992 } 2993 2994 /* rssi is in 1/2db units */ 2995 rxs.rssi = rssi * 2; 2996 rxs.nf = sc->sc_noise; 2997 2998 if (ieee80211_radiotap_active_vap(vap)) { 2999 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap; 3000 3001 tap->wr_flags = 0; 3002 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE)) 3003 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3004 tap->wr_chan_freq = htole16(rxs.c_freq); 3005 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */ 3006 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 3007 tap->wr_dbm_antsignal = (int8_t)rssi; 3008 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise; 3009 tap->wr_tsft = phy_info->system_timestamp; 3010 switch (phy_info->rate) { 3011 /* CCK rates. */ 3012 case 10: tap->wr_rate = 2; break; 3013 case 20: tap->wr_rate = 4; break; 3014 case 55: tap->wr_rate = 11; break; 3015 case 110: tap->wr_rate = 22; break; 3016 /* OFDM rates. */ 3017 case 0xd: tap->wr_rate = 12; break; 3018 case 0xf: tap->wr_rate = 18; break; 3019 case 0x5: tap->wr_rate = 24; break; 3020 case 0x7: tap->wr_rate = 36; break; 3021 case 0x9: tap->wr_rate = 48; break; 3022 case 0xb: tap->wr_rate = 72; break; 3023 case 0x1: tap->wr_rate = 96; break; 3024 case 0x3: tap->wr_rate = 108; break; 3025 /* Unknown rate: should not happen. */ 3026 default: tap->wr_rate = 0; 3027 } 3028 } 3029 3030 IWM_UNLOCK(sc); 3031 if (ni != NULL) { 3032 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m); 3033 ieee80211_input_mimo(ni, m, &rxs); 3034 ieee80211_free_node(ni); 3035 } else { 3036 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m); 3037 ieee80211_input_mimo_all(ic, m, &rxs); 3038 } 3039 IWM_LOCK(sc); 3040 3041 return; 3042 3043fail: counter_u64_add(ic->ic_ierrors, 1); 3044} 3045 3046static int 3047iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 3048 struct iwm_node *in) 3049{ 3050 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data; 3051 struct ieee80211_node *ni = &in->in_ni; 3052 struct ieee80211vap *vap = ni->ni_vap; 3053 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK; 3054 int failack = tx_resp->failure_frame; 3055 3056 KASSERT(tx_resp->frame_count == 1, ("too many frames")); 3057 3058 /* Update rate control statistics. */ 3059 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n", 3060 __func__, 3061 (int) le16toh(tx_resp->status.status), 3062 (int) le16toh(tx_resp->status.sequence), 3063 tx_resp->frame_count, 3064 tx_resp->bt_kill_count, 3065 tx_resp->failure_rts, 3066 tx_resp->failure_frame, 3067 le32toh(tx_resp->initial_rate), 3068 (int) le16toh(tx_resp->wireless_media_time)); 3069 3070 if (status != IWM_TX_STATUS_SUCCESS && 3071 status != IWM_TX_STATUS_DIRECT_DONE) { 3072 ieee80211_ratectl_tx_complete(vap, ni, 3073 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL); 3074 return (1); 3075 } else { 3076 ieee80211_ratectl_tx_complete(vap, ni, 3077 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL); 3078 return (0); 3079 } 3080} 3081 3082static void 3083iwm_mvm_rx_tx_cmd(struct iwm_softc *sc, 3084 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 3085{ 3086 struct iwm_cmd_header *cmd_hdr = &pkt->hdr; 3087 int idx = cmd_hdr->idx; 3088 int qid = cmd_hdr->qid; 3089 struct iwm_tx_ring *ring = &sc->txq[qid]; 3090 struct iwm_tx_data *txd = &ring->data[idx]; 3091 struct iwm_node *in = txd->in; 3092 struct mbuf *m = txd->m; 3093 int status; 3094 3095 KASSERT(txd->done == 0, ("txd not done")); 3096 KASSERT(txd->in != NULL, ("txd without node")); 3097 KASSERT(txd->m != NULL, ("txd without mbuf")); 3098 3099 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 3100 3101 sc->sc_tx_timer = 0; 3102 3103 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in); 3104 3105 /* Unmap and free mbuf. */ 3106 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE); 3107 bus_dmamap_unload(ring->data_dmat, txd->map); 3108 3109 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3110 "free txd %p, in %p\n", txd, txd->in); 3111 txd->done = 1; 3112 txd->m = NULL; 3113 txd->in = NULL; 3114 3115 ieee80211_tx_complete(&in->in_ni, m, status); 3116 3117 if (--ring->queued < IWM_TX_RING_LOMARK) { 3118 sc->qfullmsk &= ~(1 << ring->qid); 3119 if (sc->qfullmsk == 0) { 3120 iwm_start(sc); 3121 } 3122 } 3123} 3124 3125/* 3126 * transmit side 3127 */ 3128 3129/* 3130 * Process a "command done" firmware notification. This is where we wakeup 3131 * processes waiting for a synchronous command completion. 3132 * from if_iwn 3133 */ 3134static void 3135iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3136{ 3137 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE]; 3138 struct iwm_tx_data *data; 3139 3140 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) { 3141 return; /* Not a command ack. */ 3142 } 3143 3144 /* XXX wide commands? */ 3145 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 3146 "cmd notification type 0x%x qid %d idx %d\n", 3147 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx); 3148 3149 data = &ring->data[pkt->hdr.idx]; 3150 3151 /* If the command was mapped in an mbuf, free it. */ 3152 if (data->m != NULL) { 3153 bus_dmamap_sync(ring->data_dmat, data->map, 3154 BUS_DMASYNC_POSTWRITE); 3155 bus_dmamap_unload(ring->data_dmat, data->map); 3156 m_freem(data->m); 3157 data->m = NULL; 3158 } 3159 wakeup(&ring->desc[pkt->hdr.idx]); 3160} 3161 3162#if 0 3163/* 3164 * necessary only for block ack mode 3165 */ 3166void 3167iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id, 3168 uint16_t len) 3169{ 3170 struct iwm_agn_scd_bc_tbl *scd_bc_tbl; 3171 uint16_t w_val; 3172 3173 scd_bc_tbl = sc->sched_dma.vaddr; 3174 3175 len += 8; /* magic numbers came naturally from paris */ 3176 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE) 3177 len = roundup(len, 4) / 4; 3178 3179 w_val = htole16(sta_id << 12 | len); 3180 3181 /* Update TX scheduler. */ 3182 scd_bc_tbl[qid].tfd_offset[idx] = w_val; 3183 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3184 BUS_DMASYNC_PREWRITE); 3185 3186 /* I really wonder what this is ?!? */ 3187 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) { 3188 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val; 3189 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3190 BUS_DMASYNC_PREWRITE); 3191 } 3192} 3193#endif 3194 3195/* 3196 * Take an 802.11 (non-n) rate, find the relevant rate 3197 * table entry. return the index into in_ridx[]. 3198 * 3199 * The caller then uses that index back into in_ridx 3200 * to figure out the rate index programmed /into/ 3201 * the firmware for this given node. 3202 */ 3203static int 3204iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in, 3205 uint8_t rate) 3206{ 3207 int i; 3208 uint8_t r; 3209 3210 for (i = 0; i < nitems(in->in_ridx); i++) { 3211 r = iwm_rates[in->in_ridx[i]].rate; 3212 if (rate == r) 3213 return (i); 3214 } 3215 3216 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3217 "%s: couldn't find an entry for rate=%d\n", 3218 __func__, 3219 rate); 3220 3221 /* XXX Return the first */ 3222 /* XXX TODO: have it return the /lowest/ */ 3223 return (0); 3224} 3225 3226static int 3227iwm_tx_rateidx_global_lookup(struct iwm_softc *sc, uint8_t rate) 3228{ 3229 int i; 3230 3231 for (i = 0; i < nitems(iwm_rates); i++) { 3232 if (iwm_rates[i].rate == rate) 3233 return (i); 3234 } 3235 /* XXX error? */ 3236 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3237 "%s: couldn't find an entry for rate=%d\n", 3238 __func__, 3239 rate); 3240 return (0); 3241} 3242 3243/* 3244 * Fill in the rate related information for a transmit command. 3245 */ 3246static const struct iwm_rate * 3247iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in, 3248 struct mbuf *m, struct iwm_tx_cmd *tx) 3249{ 3250 struct ieee80211_node *ni = &in->in_ni; 3251 struct ieee80211_frame *wh; 3252 const struct ieee80211_txparam *tp = ni->ni_txparms; 3253 const struct iwm_rate *rinfo; 3254 int type; 3255 int ridx, rate_flags; 3256 3257 wh = mtod(m, struct ieee80211_frame *); 3258 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3259 3260 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT; 3261 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY; 3262 3263 if (type == IEEE80211_FC0_TYPE_MGT) { 3264 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3265 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3266 "%s: MGT (%d)\n", __func__, tp->mgmtrate); 3267 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3268 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mcastrate); 3269 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3270 "%s: MCAST (%d)\n", __func__, tp->mcastrate); 3271 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 3272 ridx = iwm_tx_rateidx_global_lookup(sc, tp->ucastrate); 3273 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3274 "%s: FIXED_RATE (%d)\n", __func__, tp->ucastrate); 3275 } else if (m->m_flags & M_EAPOL) { 3276 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3277 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3278 "%s: EAPOL\n", __func__); 3279 } else if (type == IEEE80211_FC0_TYPE_DATA) { 3280 int i; 3281 3282 /* for data frames, use RS table */ 3283 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DATA\n", __func__); 3284 /* XXX pass pktlen */ 3285 (void) ieee80211_ratectl_rate(ni, NULL, 0); 3286 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate); 3287 ridx = in->in_ridx[i]; 3288 3289 /* This is the index into the programmed table */ 3290 tx->initial_rate_index = i; 3291 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE); 3292 3293 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3294 "%s: start with i=%d, txrate %d\n", 3295 __func__, i, iwm_rates[ridx].rate); 3296 } else { 3297 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3298 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DEFAULT (%d)\n", 3299 __func__, tp->mgmtrate); 3300 } 3301 3302 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3303 "%s: frame type=%d txrate %d\n", 3304 __func__, type, iwm_rates[ridx].rate); 3305 3306 rinfo = &iwm_rates[ridx]; 3307 3308 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n", 3309 __func__, ridx, 3310 rinfo->rate, 3311 !! (IWM_RIDX_IS_CCK(ridx)) 3312 ); 3313 3314 /* XXX TODO: hard-coded TX antenna? */ 3315 rate_flags = 1 << IWM_RATE_MCS_ANT_POS; 3316 if (IWM_RIDX_IS_CCK(ridx)) 3317 rate_flags |= IWM_RATE_MCS_CCK_MSK; 3318 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp); 3319 3320 return rinfo; 3321} 3322 3323#define TB0_SIZE 16 3324static int 3325iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac) 3326{ 3327 struct ieee80211com *ic = &sc->sc_ic; 3328 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3329 struct iwm_node *in = IWM_NODE(ni); 3330 struct iwm_tx_ring *ring; 3331 struct iwm_tx_data *data; 3332 struct iwm_tfd *desc; 3333 struct iwm_device_cmd *cmd; 3334 struct iwm_tx_cmd *tx; 3335 struct ieee80211_frame *wh; 3336 struct ieee80211_key *k = NULL; 3337 struct mbuf *m1; 3338 const struct iwm_rate *rinfo; 3339 uint32_t flags; 3340 u_int hdrlen; 3341 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER]; 3342 int nsegs; 3343 uint8_t tid, type; 3344 int i, totlen, error, pad; 3345 3346 wh = mtod(m, struct ieee80211_frame *); 3347 hdrlen = ieee80211_anyhdrsize(wh); 3348 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3349 tid = 0; 3350 ring = &sc->txq[ac]; 3351 desc = &ring->desc[ring->cur]; 3352 memset(desc, 0, sizeof(*desc)); 3353 data = &ring->data[ring->cur]; 3354 3355 /* Fill out iwm_tx_cmd to send to the firmware */ 3356 cmd = &ring->cmd[ring->cur]; 3357 cmd->hdr.code = IWM_TX_CMD; 3358 cmd->hdr.flags = 0; 3359 cmd->hdr.qid = ring->qid; 3360 cmd->hdr.idx = ring->cur; 3361 3362 tx = (void *)cmd->data; 3363 memset(tx, 0, sizeof(*tx)); 3364 3365 rinfo = iwm_tx_fill_cmd(sc, in, m, tx); 3366 3367 /* Encrypt the frame if need be. */ 3368 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 3369 /* Retrieve key for TX && do software encryption. */ 3370 k = ieee80211_crypto_encap(ni, m); 3371 if (k == NULL) { 3372 m_freem(m); 3373 return (ENOBUFS); 3374 } 3375 /* 802.11 header may have moved. */ 3376 wh = mtod(m, struct ieee80211_frame *); 3377 } 3378 3379 if (ieee80211_radiotap_active_vap(vap)) { 3380 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap; 3381 3382 tap->wt_flags = 0; 3383 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 3384 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 3385 tap->wt_rate = rinfo->rate; 3386 if (k != NULL) 3387 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 3388 ieee80211_radiotap_tx(vap, m); 3389 } 3390 3391 3392 totlen = m->m_pkthdr.len; 3393 3394 flags = 0; 3395 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3396 flags |= IWM_TX_CMD_FLG_ACK; 3397 } 3398 3399 if (type == IEEE80211_FC0_TYPE_DATA 3400 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) 3401 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3402 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE; 3403 } 3404 3405 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3406 type != IEEE80211_FC0_TYPE_DATA) 3407 tx->sta_id = sc->sc_aux_sta.sta_id; 3408 else 3409 tx->sta_id = IWM_STATION_ID; 3410 3411 if (type == IEEE80211_FC0_TYPE_MGT) { 3412 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 3413 3414 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 3415 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 3416 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC); 3417 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) { 3418 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3419 } else { 3420 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT); 3421 } 3422 } else { 3423 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3424 } 3425 3426 if (hdrlen & 3) { 3427 /* First segment length must be a multiple of 4. */ 3428 flags |= IWM_TX_CMD_FLG_MH_PAD; 3429 pad = 4 - (hdrlen & 3); 3430 } else 3431 pad = 0; 3432 3433 tx->driver_txop = 0; 3434 tx->next_frame_len = 0; 3435 3436 tx->len = htole16(totlen); 3437 tx->tid_tspec = tid; 3438 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE); 3439 3440 /* Set physical address of "scratch area". */ 3441 tx->dram_lsb_ptr = htole32(data->scratch_paddr); 3442 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr); 3443 3444 /* Copy 802.11 header in TX command. */ 3445 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 3446 3447 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL; 3448 3449 tx->sec_ctl = 0; 3450 tx->tx_flags |= htole32(flags); 3451 3452 /* Trim 802.11 header. */ 3453 m_adj(m, hdrlen); 3454 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3455 segs, &nsegs, BUS_DMA_NOWAIT); 3456 if (error != 0) { 3457 if (error != EFBIG) { 3458 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3459 error); 3460 m_freem(m); 3461 return error; 3462 } 3463 /* Too many DMA segments, linearize mbuf. */ 3464 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2); 3465 if (m1 == NULL) { 3466 device_printf(sc->sc_dev, 3467 "%s: could not defrag mbuf\n", __func__); 3468 m_freem(m); 3469 return (ENOBUFS); 3470 } 3471 m = m1; 3472 3473 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3474 segs, &nsegs, BUS_DMA_NOWAIT); 3475 if (error != 0) { 3476 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3477 error); 3478 m_freem(m); 3479 return error; 3480 } 3481 } 3482 data->m = m; 3483 data->in = in; 3484 data->done = 0; 3485 3486 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3487 "sending txd %p, in %p\n", data, data->in); 3488 KASSERT(data->in != NULL, ("node is NULL")); 3489 3490 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3491 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n", 3492 ring->qid, ring->cur, totlen, nsegs, 3493 le32toh(tx->tx_flags), 3494 le32toh(tx->rate_n_flags), 3495 tx->initial_rate_index 3496 ); 3497 3498 /* Fill TX descriptor. */ 3499 desc->num_tbs = 2 + nsegs; 3500 3501 desc->tbs[0].lo = htole32(data->cmd_paddr); 3502 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3503 (TB0_SIZE << 4); 3504 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE); 3505 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3506 ((sizeof(struct iwm_cmd_header) + sizeof(*tx) 3507 + hdrlen + pad - TB0_SIZE) << 4); 3508 3509 /* Other DMA segments are for data payload. */ 3510 for (i = 0; i < nsegs; i++) { 3511 seg = &segs[i]; 3512 desc->tbs[i+2].lo = htole32(seg->ds_addr); 3513 desc->tbs[i+2].hi_n_len = \ 3514 htole16(iwm_get_dma_hi_addr(seg->ds_addr)) 3515 | ((seg->ds_len) << 4); 3516 } 3517 3518 bus_dmamap_sync(ring->data_dmat, data->map, 3519 BUS_DMASYNC_PREWRITE); 3520 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map, 3521 BUS_DMASYNC_PREWRITE); 3522 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3523 BUS_DMASYNC_PREWRITE); 3524 3525#if 0 3526 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len)); 3527#endif 3528 3529 /* Kick TX ring. */ 3530 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT; 3531 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 3532 3533 /* Mark TX ring as full if we reach a certain threshold. */ 3534 if (++ring->queued > IWM_TX_RING_HIMARK) { 3535 sc->qfullmsk |= 1 << ring->qid; 3536 } 3537 3538 return 0; 3539} 3540 3541static int 3542iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3543 const struct ieee80211_bpf_params *params) 3544{ 3545 struct ieee80211com *ic = ni->ni_ic; 3546 struct iwm_softc *sc = ic->ic_softc; 3547 int error = 0; 3548 3549 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3550 "->%s begin\n", __func__); 3551 3552 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 3553 m_freem(m); 3554 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3555 "<-%s not RUNNING\n", __func__); 3556 return (ENETDOWN); 3557 } 3558 3559 IWM_LOCK(sc); 3560 /* XXX fix this */ 3561 if (params == NULL) { 3562 error = iwm_tx(sc, m, ni, 0); 3563 } else { 3564 error = iwm_tx(sc, m, ni, 0); 3565 } 3566 sc->sc_tx_timer = 5; 3567 IWM_UNLOCK(sc); 3568 3569 return (error); 3570} 3571 3572/* 3573 * mvm/tx.c 3574 */ 3575 3576/* 3577 * Note that there are transports that buffer frames before they reach 3578 * the firmware. This means that after flush_tx_path is called, the 3579 * queue might not be empty. The race-free way to handle this is to: 3580 * 1) set the station as draining 3581 * 2) flush the Tx path 3582 * 3) wait for the transport queues to be empty 3583 */ 3584int 3585iwm_mvm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags) 3586{ 3587 int ret; 3588 struct iwm_tx_path_flush_cmd flush_cmd = { 3589 .queues_ctl = htole32(tfd_msk), 3590 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH), 3591 }; 3592 3593 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags, 3594 sizeof(flush_cmd), &flush_cmd); 3595 if (ret) 3596 device_printf(sc->sc_dev, 3597 "Flushing tx queue failed: %d\n", ret); 3598 return ret; 3599} 3600 3601/* 3602 * BEGIN mvm/sta.c 3603 */ 3604 3605static int 3606iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *sc, 3607 struct iwm_mvm_add_sta_cmd_v7 *cmd, int *status) 3608{ 3609 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(*cmd), 3610 cmd, status); 3611} 3612 3613/* send station add/update command to firmware */ 3614static int 3615iwm_mvm_sta_send_to_fw(struct iwm_softc *sc, struct iwm_node *in, int update) 3616{ 3617 struct iwm_mvm_add_sta_cmd_v7 add_sta_cmd; 3618 int ret; 3619 uint32_t status; 3620 3621 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd)); 3622 3623 add_sta_cmd.sta_id = IWM_STATION_ID; 3624 add_sta_cmd.mac_id_n_color 3625 = htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_DEFAULT_MACID, 3626 IWM_DEFAULT_COLOR)); 3627 if (!update) { 3628 int ac; 3629 for (ac = 0; ac < WME_NUM_AC; ac++) { 3630 add_sta_cmd.tfd_queue_msk |= 3631 htole32(1 << iwm_mvm_ac_to_tx_fifo[ac]); 3632 } 3633 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid); 3634 } 3635 add_sta_cmd.add_modify = update ? 1 : 0; 3636 add_sta_cmd.station_flags_msk 3637 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK); 3638 add_sta_cmd.tid_disable_tx = htole16(0xffff); 3639 if (update) 3640 add_sta_cmd.modify_mask |= (IWM_STA_MODIFY_TID_DISABLE_TX); 3641 3642 status = IWM_ADD_STA_SUCCESS; 3643 ret = iwm_mvm_send_add_sta_cmd_status(sc, &add_sta_cmd, &status); 3644 if (ret) 3645 return ret; 3646 3647 switch (status) { 3648 case IWM_ADD_STA_SUCCESS: 3649 break; 3650 default: 3651 ret = EIO; 3652 device_printf(sc->sc_dev, "IWM_ADD_STA failed\n"); 3653 break; 3654 } 3655 3656 return ret; 3657} 3658 3659static int 3660iwm_mvm_add_sta(struct iwm_softc *sc, struct iwm_node *in) 3661{ 3662 return iwm_mvm_sta_send_to_fw(sc, in, 0); 3663} 3664 3665static int 3666iwm_mvm_update_sta(struct iwm_softc *sc, struct iwm_node *in) 3667{ 3668 return iwm_mvm_sta_send_to_fw(sc, in, 1); 3669} 3670 3671static int 3672iwm_mvm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta, 3673 const uint8_t *addr, uint16_t mac_id, uint16_t color) 3674{ 3675 struct iwm_mvm_add_sta_cmd_v7 cmd; 3676 int ret; 3677 uint32_t status; 3678 3679 memset(&cmd, 0, sizeof(cmd)); 3680 cmd.sta_id = sta->sta_id; 3681 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color)); 3682 3683 cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk); 3684 cmd.tid_disable_tx = htole16(0xffff); 3685 3686 if (addr) 3687 IEEE80211_ADDR_COPY(cmd.addr, addr); 3688 3689 ret = iwm_mvm_send_add_sta_cmd_status(sc, &cmd, &status); 3690 if (ret) 3691 return ret; 3692 3693 switch (status) { 3694 case IWM_ADD_STA_SUCCESS: 3695 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 3696 "%s: Internal station added.\n", __func__); 3697 return 0; 3698 default: 3699 device_printf(sc->sc_dev, 3700 "%s: Add internal station failed, status=0x%x\n", 3701 __func__, status); 3702 ret = EIO; 3703 break; 3704 } 3705 return ret; 3706} 3707 3708static int 3709iwm_mvm_add_aux_sta(struct iwm_softc *sc) 3710{ 3711 int ret; 3712 3713 sc->sc_aux_sta.sta_id = IWM_AUX_STA_ID; 3714 sc->sc_aux_sta.tfd_queue_msk = (1 << IWM_MVM_AUX_QUEUE); 3715 3716 ret = iwm_enable_txq(sc, 0, IWM_MVM_AUX_QUEUE, IWM_MVM_TX_FIFO_MCAST); 3717 if (ret) 3718 return ret; 3719 3720 ret = iwm_mvm_add_int_sta_common(sc, 3721 &sc->sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0); 3722 3723 if (ret) 3724 memset(&sc->sc_aux_sta, 0, sizeof(sc->sc_aux_sta)); 3725 return ret; 3726} 3727 3728/* 3729 * END mvm/sta.c 3730 */ 3731 3732/* 3733 * BEGIN mvm/quota.c 3734 */ 3735 3736static int 3737iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_node *in) 3738{ 3739 struct iwm_time_quota_cmd cmd; 3740 int i, idx, ret, num_active_macs, quota, quota_rem; 3741 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, }; 3742 int n_ifs[IWM_MAX_BINDINGS] = {0, }; 3743 uint16_t id; 3744 3745 memset(&cmd, 0, sizeof(cmd)); 3746 3747 /* currently, PHY ID == binding ID */ 3748 if (in) { 3749 id = in->in_phyctxt->id; 3750 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id")); 3751 colors[id] = in->in_phyctxt->color; 3752 3753 if (1) 3754 n_ifs[id] = 1; 3755 } 3756 3757 /* 3758 * The FW's scheduling session consists of 3759 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments 3760 * equally between all the bindings that require quota 3761 */ 3762 num_active_macs = 0; 3763 for (i = 0; i < IWM_MAX_BINDINGS; i++) { 3764 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID); 3765 num_active_macs += n_ifs[i]; 3766 } 3767 3768 quota = 0; 3769 quota_rem = 0; 3770 if (num_active_macs) { 3771 quota = IWM_MVM_MAX_QUOTA / num_active_macs; 3772 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs; 3773 } 3774 3775 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) { 3776 if (colors[i] < 0) 3777 continue; 3778 3779 cmd.quotas[idx].id_and_color = 3780 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i])); 3781 3782 if (n_ifs[i] <= 0) { 3783 cmd.quotas[idx].quota = htole32(0); 3784 cmd.quotas[idx].max_duration = htole32(0); 3785 } else { 3786 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]); 3787 cmd.quotas[idx].max_duration = htole32(0); 3788 } 3789 idx++; 3790 } 3791 3792 /* Give the remainder of the session to the first binding */ 3793 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem); 3794 3795 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC, 3796 sizeof(cmd), &cmd); 3797 if (ret) 3798 device_printf(sc->sc_dev, 3799 "%s: Failed to send quota: %d\n", __func__, ret); 3800 return ret; 3801} 3802 3803/* 3804 * END mvm/quota.c 3805 */ 3806 3807/* 3808 * ieee80211 routines 3809 */ 3810 3811/* 3812 * Change to AUTH state in 80211 state machine. Roughly matches what 3813 * Linux does in bss_info_changed(). 3814 */ 3815static int 3816iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc) 3817{ 3818 struct ieee80211_node *ni; 3819 struct iwm_node *in; 3820 struct iwm_vap *iv = IWM_VAP(vap); 3821 uint32_t duration; 3822 int error; 3823 3824 /* 3825 * XXX i have a feeling that the vap node is being 3826 * freed from underneath us. Grr. 3827 */ 3828 ni = ieee80211_ref_node(vap->iv_bss); 3829 in = IWM_NODE(ni); 3830 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE, 3831 "%s: called; vap=%p, bss ni=%p\n", 3832 __func__, 3833 vap, 3834 ni); 3835 3836 in->in_assoc = 0; 3837 3838 error = iwm_mvm_sf_config(sc, IWM_SF_FULL_ON); 3839 if (error != 0) 3840 return error; 3841 3842 error = iwm_allow_mcast(vap, sc); 3843 if (error) { 3844 device_printf(sc->sc_dev, 3845 "%s: failed to set multicast\n", __func__); 3846 goto out; 3847 } 3848 3849 /* 3850 * This is where it deviates from what Linux does. 3851 * 3852 * Linux iwlwifi doesn't reset the nic each time, nor does it 3853 * call ctxt_add() here. Instead, it adds it during vap creation, 3854 * and always does a mac_ctx_changed(). 3855 * 3856 * The openbsd port doesn't attempt to do that - it reset things 3857 * at odd states and does the add here. 3858 * 3859 * So, until the state handling is fixed (ie, we never reset 3860 * the NIC except for a firmware failure, which should drag 3861 * the NIC back to IDLE, re-setup and re-add all the mac/phy 3862 * contexts that are required), let's do a dirty hack here. 3863 */ 3864 if (iv->is_uploaded) { 3865 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 3866 device_printf(sc->sc_dev, 3867 "%s: failed to update MAC\n", __func__); 3868 goto out; 3869 } 3870 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 3871 in->in_ni.ni_chan, 1, 1)) != 0) { 3872 device_printf(sc->sc_dev, 3873 "%s: failed update phy ctxt\n", __func__); 3874 goto out; 3875 } 3876 in->in_phyctxt = &sc->sc_phyctxt[0]; 3877 3878 if ((error = iwm_mvm_binding_update(sc, in)) != 0) { 3879 device_printf(sc->sc_dev, 3880 "%s: binding update cmd\n", __func__); 3881 goto out; 3882 } 3883 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 3884 device_printf(sc->sc_dev, 3885 "%s: failed to update sta\n", __func__); 3886 goto out; 3887 } 3888 } else { 3889 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) { 3890 device_printf(sc->sc_dev, 3891 "%s: failed to add MAC\n", __func__); 3892 goto out; 3893 } 3894 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 3895 in->in_ni.ni_chan, 1, 1)) != 0) { 3896 device_printf(sc->sc_dev, 3897 "%s: failed add phy ctxt!\n", __func__); 3898 error = ETIMEDOUT; 3899 goto out; 3900 } 3901 in->in_phyctxt = &sc->sc_phyctxt[0]; 3902 3903 if ((error = iwm_mvm_binding_add_vif(sc, in)) != 0) { 3904 device_printf(sc->sc_dev, 3905 "%s: binding add cmd\n", __func__); 3906 goto out; 3907 } 3908 if ((error = iwm_mvm_add_sta(sc, in)) != 0) { 3909 device_printf(sc->sc_dev, 3910 "%s: failed to add sta\n", __func__); 3911 goto out; 3912 } 3913 } 3914 3915 /* 3916 * Prevent the FW from wandering off channel during association 3917 * by "protecting" the session with a time event. 3918 */ 3919 /* XXX duration is in units of TU, not MS */ 3920 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS; 3921 iwm_mvm_protect_session(sc, in, duration, 500 /* XXX magic number */); 3922 DELAY(100); 3923 3924 error = 0; 3925out: 3926 ieee80211_free_node(ni); 3927 return (error); 3928} 3929 3930static int 3931iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc) 3932{ 3933 struct iwm_node *in = IWM_NODE(vap->iv_bss); 3934 int error; 3935 3936 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 3937 device_printf(sc->sc_dev, 3938 "%s: failed to update STA\n", __func__); 3939 return error; 3940 } 3941 3942 in->in_assoc = 1; 3943 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 3944 device_printf(sc->sc_dev, 3945 "%s: failed to update MAC\n", __func__); 3946 return error; 3947 } 3948 3949 return 0; 3950} 3951 3952static int 3953iwm_release(struct iwm_softc *sc, struct iwm_node *in) 3954{ 3955 uint32_t tfd_msk; 3956 3957 /* 3958 * Ok, so *technically* the proper set of calls for going 3959 * from RUN back to SCAN is: 3960 * 3961 * iwm_mvm_power_mac_disable(sc, in); 3962 * iwm_mvm_mac_ctxt_changed(sc, in); 3963 * iwm_mvm_rm_sta(sc, in); 3964 * iwm_mvm_update_quotas(sc, NULL); 3965 * iwm_mvm_mac_ctxt_changed(sc, in); 3966 * iwm_mvm_binding_remove_vif(sc, in); 3967 * iwm_mvm_mac_ctxt_remove(sc, in); 3968 * 3969 * However, that freezes the device not matter which permutations 3970 * and modifications are attempted. Obviously, this driver is missing 3971 * something since it works in the Linux driver, but figuring out what 3972 * is missing is a little more complicated. Now, since we're going 3973 * back to nothing anyway, we'll just do a complete device reset. 3974 * Up your's, device! 3975 */ 3976 /* 3977 * Just using 0xf for the queues mask is fine as long as we only 3978 * get here from RUN state. 3979 */ 3980 tfd_msk = 0xf; 3981 mbufq_drain(&sc->sc_snd); 3982 iwm_mvm_flush_tx_path(sc, tfd_msk, IWM_CMD_SYNC); 3983 /* 3984 * We seem to get away with just synchronously sending the 3985 * IWM_TXPATH_FLUSH command. 3986 */ 3987// iwm_trans_wait_tx_queue_empty(sc, tfd_msk); 3988 iwm_stop_device(sc); 3989 iwm_init_hw(sc); 3990 if (in) 3991 in->in_assoc = 0; 3992 return 0; 3993 3994#if 0 3995 int error; 3996 3997 iwm_mvm_power_mac_disable(sc, in); 3998 3999 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) { 4000 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error); 4001 return error; 4002 } 4003 4004 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) { 4005 device_printf(sc->sc_dev, "sta remove fail %d\n", error); 4006 return error; 4007 } 4008 error = iwm_mvm_rm_sta(sc, in); 4009 in->in_assoc = 0; 4010 iwm_mvm_update_quotas(sc, NULL); 4011 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) { 4012 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error); 4013 return error; 4014 } 4015 iwm_mvm_binding_remove_vif(sc, in); 4016 4017 iwm_mvm_mac_ctxt_remove(sc, in); 4018 4019 return error; 4020#endif 4021} 4022 4023static struct ieee80211_node * 4024iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 4025{ 4026 return malloc(sizeof (struct iwm_node), M_80211_NODE, 4027 M_NOWAIT | M_ZERO); 4028} 4029 4030static void 4031iwm_setrates(struct iwm_softc *sc, struct iwm_node *in) 4032{ 4033 struct ieee80211_node *ni = &in->in_ni; 4034 struct iwm_lq_cmd *lq = &in->in_lq; 4035 int nrates = ni->ni_rates.rs_nrates; 4036 int i, ridx, tab = 0; 4037// int txant = 0; 4038 4039 if (nrates > nitems(lq->rs_table)) { 4040 device_printf(sc->sc_dev, 4041 "%s: node supports %d rates, driver handles " 4042 "only %zu\n", __func__, nrates, nitems(lq->rs_table)); 4043 return; 4044 } 4045 if (nrates == 0) { 4046 device_printf(sc->sc_dev, 4047 "%s: node supports 0 rates, odd!\n", __func__); 4048 return; 4049 } 4050 4051 /* 4052 * XXX .. and most of iwm_node is not initialised explicitly; 4053 * it's all just 0x0 passed to the firmware. 4054 */ 4055 4056 /* first figure out which rates we should support */ 4057 /* XXX TODO: this isn't 11n aware /at all/ */ 4058 memset(&in->in_ridx, -1, sizeof(in->in_ridx)); 4059 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4060 "%s: nrates=%d\n", __func__, nrates); 4061 4062 /* 4063 * Loop over nrates and populate in_ridx from the highest 4064 * rate to the lowest rate. Remember, in_ridx[] has 4065 * IEEE80211_RATE_MAXSIZE entries! 4066 */ 4067 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) { 4068 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL; 4069 4070 /* Map 802.11 rate to HW rate index. */ 4071 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++) 4072 if (iwm_rates[ridx].rate == rate) 4073 break; 4074 if (ridx > IWM_RIDX_MAX) { 4075 device_printf(sc->sc_dev, 4076 "%s: WARNING: device rate for %d not found!\n", 4077 __func__, rate); 4078 } else { 4079 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4080 "%s: rate: i: %d, rate=%d, ridx=%d\n", 4081 __func__, 4082 i, 4083 rate, 4084 ridx); 4085 in->in_ridx[i] = ridx; 4086 } 4087 } 4088 4089 /* then construct a lq_cmd based on those */ 4090 memset(lq, 0, sizeof(*lq)); 4091 lq->sta_id = IWM_STATION_ID; 4092 4093 /* For HT, always enable RTS/CTS to avoid excessive retries. */ 4094 if (ni->ni_flags & IEEE80211_NODE_HT) 4095 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK; 4096 4097 /* 4098 * are these used? (we don't do SISO or MIMO) 4099 * need to set them to non-zero, though, or we get an error. 4100 */ 4101 lq->single_stream_ant_msk = 1; 4102 lq->dual_stream_ant_msk = 1; 4103 4104 /* 4105 * Build the actual rate selection table. 4106 * The lowest bits are the rates. Additionally, 4107 * CCK needs bit 9 to be set. The rest of the bits 4108 * we add to the table select the tx antenna 4109 * Note that we add the rates in the highest rate first 4110 * (opposite of ni_rates). 4111 */ 4112 /* 4113 * XXX TODO: this should be looping over the min of nrates 4114 * and LQ_MAX_RETRY_NUM. Sigh. 4115 */ 4116 for (i = 0; i < nrates; i++) { 4117 int nextant; 4118 4119#if 0 4120 if (txant == 0) 4121 txant = iwm_fw_valid_tx_ant(sc); 4122 nextant = 1<<(ffs(txant)-1); 4123 txant &= ~nextant; 4124#else 4125 nextant = iwm_fw_valid_tx_ant(sc); 4126#endif 4127 /* 4128 * Map the rate id into a rate index into 4129 * our hardware table containing the 4130 * configuration to use for this rate. 4131 */ 4132 ridx = in->in_ridx[i]; 4133 tab = iwm_rates[ridx].plcp; 4134 tab |= nextant << IWM_RATE_MCS_ANT_POS; 4135 if (IWM_RIDX_IS_CCK(ridx)) 4136 tab |= IWM_RATE_MCS_CCK_MSK; 4137 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4138 "station rate i=%d, rate=%d, hw=%x\n", 4139 i, iwm_rates[ridx].rate, tab); 4140 lq->rs_table[i] = htole32(tab); 4141 } 4142 /* then fill the rest with the lowest possible rate */ 4143 for (i = nrates; i < nitems(lq->rs_table); i++) { 4144 KASSERT(tab != 0, ("invalid tab")); 4145 lq->rs_table[i] = htole32(tab); 4146 } 4147} 4148 4149static int 4150iwm_media_change(struct ifnet *ifp) 4151{ 4152 struct ieee80211vap *vap = ifp->if_softc; 4153 struct ieee80211com *ic = vap->iv_ic; 4154 struct iwm_softc *sc = ic->ic_softc; 4155 int error; 4156 4157 error = ieee80211_media_change(ifp); 4158 if (error != ENETRESET) 4159 return error; 4160 4161 IWM_LOCK(sc); 4162 if (ic->ic_nrunning > 0) { 4163 iwm_stop(sc); 4164 iwm_init(sc); 4165 } 4166 IWM_UNLOCK(sc); 4167 return error; 4168} 4169 4170 4171static int 4172iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 4173{ 4174 struct iwm_vap *ivp = IWM_VAP(vap); 4175 struct ieee80211com *ic = vap->iv_ic; 4176 struct iwm_softc *sc = ic->ic_softc; 4177 struct iwm_node *in; 4178 int error; 4179 4180 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4181 "switching state %s -> %s\n", 4182 ieee80211_state_name[vap->iv_state], 4183 ieee80211_state_name[nstate]); 4184 IEEE80211_UNLOCK(ic); 4185 IWM_LOCK(sc); 4186 4187 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state) 4188 iwm_led_blink_stop(sc); 4189 4190 /* disable beacon filtering if we're hopping out of RUN */ 4191 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) { 4192 iwm_mvm_disable_beacon_filter(sc); 4193 4194 if (((in = IWM_NODE(vap->iv_bss)) != NULL)) 4195 in->in_assoc = 0; 4196 4197 if (nstate == IEEE80211_S_INIT) { 4198 IWM_UNLOCK(sc); 4199 IEEE80211_LOCK(ic); 4200 error = ivp->iv_newstate(vap, nstate, arg); 4201 IEEE80211_UNLOCK(ic); 4202 IWM_LOCK(sc); 4203 iwm_release(sc, NULL); 4204 IWM_UNLOCK(sc); 4205 IEEE80211_LOCK(ic); 4206 return error; 4207 } 4208 4209 /* 4210 * It's impossible to directly go RUN->SCAN. If we iwm_release() 4211 * above then the card will be completely reinitialized, 4212 * so the driver must do everything necessary to bring the card 4213 * from INIT to SCAN. 4214 * 4215 * Additionally, upon receiving deauth frame from AP, 4216 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH 4217 * state. This will also fail with this driver, so bring the FSM 4218 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well. 4219 * 4220 * XXX TODO: fix this for FreeBSD! 4221 */ 4222 if (nstate == IEEE80211_S_SCAN || 4223 nstate == IEEE80211_S_AUTH || 4224 nstate == IEEE80211_S_ASSOC) { 4225 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4226 "Force transition to INIT; MGT=%d\n", arg); 4227 IWM_UNLOCK(sc); 4228 IEEE80211_LOCK(ic); 4229 /* Always pass arg as -1 since we can't Tx right now. */ 4230 /* 4231 * XXX arg is just ignored anyway when transitioning 4232 * to IEEE80211_S_INIT. 4233 */ 4234 vap->iv_newstate(vap, IEEE80211_S_INIT, -1); 4235 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4236 "Going INIT->SCAN\n"); 4237 nstate = IEEE80211_S_SCAN; 4238 IEEE80211_UNLOCK(ic); 4239 IWM_LOCK(sc); 4240 } 4241 } 4242 4243 switch (nstate) { 4244 case IEEE80211_S_INIT: 4245 break; 4246 4247 case IEEE80211_S_AUTH: 4248 if ((error = iwm_auth(vap, sc)) != 0) { 4249 device_printf(sc->sc_dev, 4250 "%s: could not move to auth state: %d\n", 4251 __func__, error); 4252 break; 4253 } 4254 break; 4255 4256 case IEEE80211_S_ASSOC: 4257 if ((error = iwm_assoc(vap, sc)) != 0) { 4258 device_printf(sc->sc_dev, 4259 "%s: failed to associate: %d\n", __func__, 4260 error); 4261 break; 4262 } 4263 break; 4264 4265 case IEEE80211_S_RUN: 4266 { 4267 struct iwm_host_cmd cmd = { 4268 .id = IWM_LQ_CMD, 4269 .len = { sizeof(in->in_lq), }, 4270 .flags = IWM_CMD_SYNC, 4271 }; 4272 4273 /* Update the association state, now we have it all */ 4274 /* (eg associd comes in at this point */ 4275 error = iwm_assoc(vap, sc); 4276 if (error != 0) { 4277 device_printf(sc->sc_dev, 4278 "%s: failed to update association state: %d\n", 4279 __func__, 4280 error); 4281 break; 4282 } 4283 4284 in = IWM_NODE(vap->iv_bss); 4285 iwm_mvm_power_mac_update_mode(sc, in); 4286 iwm_mvm_enable_beacon_filter(sc, in); 4287 iwm_mvm_update_quotas(sc, in); 4288 iwm_setrates(sc, in); 4289 4290 cmd.data[0] = &in->in_lq; 4291 if ((error = iwm_send_cmd(sc, &cmd)) != 0) { 4292 device_printf(sc->sc_dev, 4293 "%s: IWM_LQ_CMD failed\n", __func__); 4294 } 4295 4296 iwm_mvm_led_enable(sc); 4297 break; 4298 } 4299 4300 default: 4301 break; 4302 } 4303 IWM_UNLOCK(sc); 4304 IEEE80211_LOCK(ic); 4305 4306 return (ivp->iv_newstate(vap, nstate, arg)); 4307} 4308 4309void 4310iwm_endscan_cb(void *arg, int pending) 4311{ 4312 struct iwm_softc *sc = arg; 4313 struct ieee80211com *ic = &sc->sc_ic; 4314 4315 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE, 4316 "%s: scan ended\n", 4317 __func__); 4318 4319 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps)); 4320} 4321 4322/* 4323 * Aging and idle timeouts for the different possible scenarios 4324 * in default configuration 4325 */ 4326static const uint32_t 4327iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4328 { 4329 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF), 4330 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF) 4331 }, 4332 { 4333 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF), 4334 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF) 4335 }, 4336 { 4337 htole32(IWM_SF_MCAST_AGING_TIMER_DEF), 4338 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF) 4339 }, 4340 { 4341 htole32(IWM_SF_BA_AGING_TIMER_DEF), 4342 htole32(IWM_SF_BA_IDLE_TIMER_DEF) 4343 }, 4344 { 4345 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF), 4346 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF) 4347 }, 4348}; 4349 4350/* 4351 * Aging and idle timeouts for the different possible scenarios 4352 * in single BSS MAC configuration. 4353 */ 4354static const uint32_t 4355iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4356 { 4357 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER), 4358 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER) 4359 }, 4360 { 4361 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER), 4362 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER) 4363 }, 4364 { 4365 htole32(IWM_SF_MCAST_AGING_TIMER), 4366 htole32(IWM_SF_MCAST_IDLE_TIMER) 4367 }, 4368 { 4369 htole32(IWM_SF_BA_AGING_TIMER), 4370 htole32(IWM_SF_BA_IDLE_TIMER) 4371 }, 4372 { 4373 htole32(IWM_SF_TX_RE_AGING_TIMER), 4374 htole32(IWM_SF_TX_RE_IDLE_TIMER) 4375 }, 4376}; 4377 4378static void 4379iwm_mvm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd, 4380 struct ieee80211_node *ni) 4381{ 4382 int i, j, watermark; 4383 4384 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN); 4385 4386 /* 4387 * If we are in association flow - check antenna configuration 4388 * capabilities of the AP station, and choose the watermark accordingly. 4389 */ 4390 if (ni) { 4391 if (ni->ni_flags & IEEE80211_NODE_HT) { 4392#ifdef notyet 4393 if (ni->ni_rxmcs[2] != 0) 4394 watermark = IWM_SF_W_MARK_MIMO3; 4395 else if (ni->ni_rxmcs[1] != 0) 4396 watermark = IWM_SF_W_MARK_MIMO2; 4397 else 4398#endif 4399 watermark = IWM_SF_W_MARK_SISO; 4400 } else { 4401 watermark = IWM_SF_W_MARK_LEGACY; 4402 } 4403 /* default watermark value for unassociated mode. */ 4404 } else { 4405 watermark = IWM_SF_W_MARK_MIMO2; 4406 } 4407 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark); 4408 4409 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) { 4410 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) { 4411 sf_cmd->long_delay_timeouts[i][j] = 4412 htole32(IWM_SF_LONG_DELAY_AGING_TIMER); 4413 } 4414 } 4415 4416 if (ni) { 4417 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout, 4418 sizeof(iwm_sf_full_timeout)); 4419 } else { 4420 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def, 4421 sizeof(iwm_sf_full_timeout_def)); 4422 } 4423} 4424 4425static int 4426iwm_mvm_sf_config(struct iwm_softc *sc, enum iwm_sf_state new_state) 4427{ 4428 struct ieee80211com *ic = &sc->sc_ic; 4429 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4430 struct iwm_sf_cfg_cmd sf_cmd = { 4431 .state = htole32(IWM_SF_FULL_ON), 4432 }; 4433 int ret = 0; 4434 4435 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) 4436 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF); 4437 4438 switch (new_state) { 4439 case IWM_SF_UNINIT: 4440 case IWM_SF_INIT_OFF: 4441 iwm_mvm_fill_sf_command(sc, &sf_cmd, NULL); 4442 break; 4443 case IWM_SF_FULL_ON: 4444 iwm_mvm_fill_sf_command(sc, &sf_cmd, vap->iv_bss); 4445 break; 4446 default: 4447 IWM_DPRINTF(sc, IWM_DEBUG_PWRSAVE, 4448 "Invalid state: %d. not sending Smart Fifo cmd\n", 4449 new_state); 4450 return EINVAL; 4451 } 4452 4453 ret = iwm_mvm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC, 4454 sizeof(sf_cmd), &sf_cmd); 4455 return ret; 4456} 4457 4458static int 4459iwm_send_bt_init_conf(struct iwm_softc *sc) 4460{ 4461 struct iwm_bt_coex_cmd bt_cmd; 4462 4463 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI); 4464 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET); 4465 4466 return iwm_mvm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd), 4467 &bt_cmd); 4468} 4469 4470static int 4471iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2) 4472{ 4473 struct iwm_mcc_update_cmd mcc_cmd; 4474 struct iwm_host_cmd hcmd = { 4475 .id = IWM_MCC_UPDATE_CMD, 4476 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB), 4477 .data = { &mcc_cmd }, 4478 }; 4479 int ret; 4480#ifdef IWM_DEBUG 4481 struct iwm_rx_packet *pkt; 4482 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL; 4483 struct iwm_mcc_update_resp *mcc_resp; 4484 int n_channels; 4485 uint16_t mcc; 4486#endif 4487 int resp_v2 = isset(sc->sc_enabled_capa, 4488 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2); 4489 4490 memset(&mcc_cmd, 0, sizeof(mcc_cmd)); 4491 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]); 4492 if ((sc->sc_ucode_api & IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) || 4493 isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC)) 4494 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT; 4495 else 4496 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW; 4497 4498 if (resp_v2) 4499 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd); 4500 else 4501 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1); 4502 4503 IWM_DPRINTF(sc, IWM_DEBUG_NODE, 4504 "send MCC update to FW with '%c%c' src = %d\n", 4505 alpha2[0], alpha2[1], mcc_cmd.source_id); 4506 4507 ret = iwm_send_cmd(sc, &hcmd); 4508 if (ret) 4509 return ret; 4510 4511#ifdef IWM_DEBUG 4512 pkt = hcmd.resp_pkt; 4513 4514 /* Extract MCC response */ 4515 if (resp_v2) { 4516 mcc_resp = (void *)pkt->data; 4517 mcc = mcc_resp->mcc; 4518 n_channels = le32toh(mcc_resp->n_channels); 4519 } else { 4520 mcc_resp_v1 = (void *)pkt->data; 4521 mcc = mcc_resp_v1->mcc; 4522 n_channels = le32toh(mcc_resp_v1->n_channels); 4523 } 4524 4525 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */ 4526 if (mcc == 0) 4527 mcc = 0x3030; /* "00" - world */ 4528 4529 IWM_DPRINTF(sc, IWM_DEBUG_NODE, 4530 "regulatory domain '%c%c' (%d channels available)\n", 4531 mcc >> 8, mcc & 0xff, n_channels); 4532#endif 4533 iwm_free_resp(sc, &hcmd); 4534 4535 return 0; 4536} 4537 4538static void 4539iwm_mvm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff) 4540{ 4541 struct iwm_host_cmd cmd = { 4542 .id = IWM_REPLY_THERMAL_MNG_BACKOFF, 4543 .len = { sizeof(uint32_t), }, 4544 .data = { &backoff, }, 4545 }; 4546 4547 if (iwm_send_cmd(sc, &cmd) != 0) { 4548 device_printf(sc->sc_dev, 4549 "failed to change thermal tx backoff\n"); 4550 } 4551} 4552 4553static int 4554iwm_init_hw(struct iwm_softc *sc) 4555{ 4556 struct ieee80211com *ic = &sc->sc_ic; 4557 int error, i, ac; 4558 4559 if ((error = iwm_start_hw(sc)) != 0) { 4560 printf("iwm_start_hw: failed %d\n", error); 4561 return error; 4562 } 4563 4564 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) { 4565 printf("iwm_run_init_mvm_ucode: failed %d\n", error); 4566 return error; 4567 } 4568 4569 /* 4570 * should stop and start HW since that INIT 4571 * image just loaded 4572 */ 4573 iwm_stop_device(sc); 4574 if ((error = iwm_start_hw(sc)) != 0) { 4575 device_printf(sc->sc_dev, "could not initialize hardware\n"); 4576 return error; 4577 } 4578 4579 /* omstart, this time with the regular firmware */ 4580 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_TYPE_REGULAR); 4581 if (error) { 4582 device_printf(sc->sc_dev, "could not load firmware\n"); 4583 goto error; 4584 } 4585 4586 if ((error = iwm_send_bt_init_conf(sc)) != 0) { 4587 device_printf(sc->sc_dev, "bt init conf failed\n"); 4588 goto error; 4589 } 4590 4591 if ((error = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc))) != 0) { 4592 device_printf(sc->sc_dev, "antenna config failed\n"); 4593 goto error; 4594 } 4595 4596 /* Send phy db control command and then phy db calibration */ 4597 if ((error = iwm_send_phy_db_data(sc->sc_phy_db)) != 0) 4598 goto error; 4599 4600 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) { 4601 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n"); 4602 goto error; 4603 } 4604 4605 /* Add auxiliary station for scanning */ 4606 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) { 4607 device_printf(sc->sc_dev, "add_aux_sta failed\n"); 4608 goto error; 4609 } 4610 4611 for (i = 0; i < IWM_NUM_PHY_CTX; i++) { 4612 /* 4613 * The channel used here isn't relevant as it's 4614 * going to be overwritten in the other flows. 4615 * For now use the first channel we have. 4616 */ 4617 if ((error = iwm_mvm_phy_ctxt_add(sc, 4618 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0) 4619 goto error; 4620 } 4621 4622 /* Initialize tx backoffs to the minimum. */ 4623 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 4624 iwm_mvm_tt_tx_backoff(sc, 0); 4625 4626 error = iwm_mvm_power_update_device(sc); 4627 if (error) 4628 goto error; 4629 4630 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_SUPPORT)) { 4631 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0) 4632 goto error; 4633 } 4634 4635 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) { 4636 if ((error = iwm_mvm_config_umac_scan(sc)) != 0) 4637 goto error; 4638 } 4639 4640 /* Enable Tx queues. */ 4641 for (ac = 0; ac < WME_NUM_AC; ac++) { 4642 error = iwm_enable_txq(sc, IWM_STATION_ID, ac, 4643 iwm_mvm_ac_to_tx_fifo[ac]); 4644 if (error) 4645 goto error; 4646 } 4647 4648 if ((error = iwm_mvm_disable_beacon_filter(sc)) != 0) { 4649 device_printf(sc->sc_dev, "failed to disable beacon filter\n"); 4650 goto error; 4651 } 4652 4653 return 0; 4654 4655 error: 4656 iwm_stop_device(sc); 4657 return error; 4658} 4659 4660/* Allow multicast from our BSSID. */ 4661static int 4662iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc) 4663{ 4664 struct ieee80211_node *ni = vap->iv_bss; 4665 struct iwm_mcast_filter_cmd *cmd; 4666 size_t size; 4667 int error; 4668 4669 size = roundup(sizeof(*cmd), 4); 4670 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO); 4671 if (cmd == NULL) 4672 return ENOMEM; 4673 cmd->filter_own = 1; 4674 cmd->port_id = 0; 4675 cmd->count = 0; 4676 cmd->pass_all = 1; 4677 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid); 4678 4679 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD, 4680 IWM_CMD_SYNC, size, cmd); 4681 free(cmd, M_DEVBUF); 4682 4683 return (error); 4684} 4685 4686/* 4687 * ifnet interfaces 4688 */ 4689 4690static void 4691iwm_init(struct iwm_softc *sc) 4692{ 4693 int error; 4694 4695 if (sc->sc_flags & IWM_FLAG_HW_INITED) { 4696 return; 4697 } 4698 sc->sc_generation++; 4699 sc->sc_flags &= ~IWM_FLAG_STOPPED; 4700 4701 if ((error = iwm_init_hw(sc)) != 0) { 4702 printf("iwm_init_hw failed %d\n", error); 4703 iwm_stop(sc); 4704 return; 4705 } 4706 4707 /* 4708 * Ok, firmware loaded and we are jogging 4709 */ 4710 sc->sc_flags |= IWM_FLAG_HW_INITED; 4711 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 4712} 4713 4714static int 4715iwm_transmit(struct ieee80211com *ic, struct mbuf *m) 4716{ 4717 struct iwm_softc *sc; 4718 int error; 4719 4720 sc = ic->ic_softc; 4721 4722 IWM_LOCK(sc); 4723 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 4724 IWM_UNLOCK(sc); 4725 return (ENXIO); 4726 } 4727 error = mbufq_enqueue(&sc->sc_snd, m); 4728 if (error) { 4729 IWM_UNLOCK(sc); 4730 return (error); 4731 } 4732 iwm_start(sc); 4733 IWM_UNLOCK(sc); 4734 return (0); 4735} 4736 4737/* 4738 * Dequeue packets from sendq and call send. 4739 */ 4740static void 4741iwm_start(struct iwm_softc *sc) 4742{ 4743 struct ieee80211_node *ni; 4744 struct mbuf *m; 4745 int ac = 0; 4746 4747 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__); 4748 while (sc->qfullmsk == 0 && 4749 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 4750 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 4751 if (iwm_tx(sc, m, ni, ac) != 0) { 4752 if_inc_counter(ni->ni_vap->iv_ifp, 4753 IFCOUNTER_OERRORS, 1); 4754 ieee80211_free_node(ni); 4755 continue; 4756 } 4757 sc->sc_tx_timer = 15; 4758 } 4759 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__); 4760} 4761 4762static void 4763iwm_stop(struct iwm_softc *sc) 4764{ 4765 4766 sc->sc_flags &= ~IWM_FLAG_HW_INITED; 4767 sc->sc_flags |= IWM_FLAG_STOPPED; 4768 sc->sc_generation++; 4769 iwm_led_blink_stop(sc); 4770 sc->sc_tx_timer = 0; 4771 iwm_stop_device(sc); 4772} 4773 4774static void 4775iwm_watchdog(void *arg) 4776{ 4777 struct iwm_softc *sc = arg; 4778 struct ieee80211com *ic = &sc->sc_ic; 4779 4780 if (sc->sc_tx_timer > 0) { 4781 if (--sc->sc_tx_timer == 0) { 4782 device_printf(sc->sc_dev, "device timeout\n"); 4783#ifdef IWM_DEBUG 4784 iwm_nic_error(sc); 4785#endif 4786 ieee80211_restart_all(ic); 4787 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 4788 return; 4789 } 4790 } 4791 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 4792} 4793 4794static void 4795iwm_parent(struct ieee80211com *ic) 4796{ 4797 struct iwm_softc *sc = ic->ic_softc; 4798 int startall = 0; 4799 4800 IWM_LOCK(sc); 4801 if (ic->ic_nrunning > 0) { 4802 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) { 4803 iwm_init(sc); 4804 startall = 1; 4805 } 4806 } else if (sc->sc_flags & IWM_FLAG_HW_INITED) 4807 iwm_stop(sc); 4808 IWM_UNLOCK(sc); 4809 if (startall) 4810 ieee80211_start_all(ic); 4811} 4812 4813/* 4814 * The interrupt side of things 4815 */ 4816 4817/* 4818 * error dumping routines are from iwlwifi/mvm/utils.c 4819 */ 4820 4821/* 4822 * Note: This structure is read from the device with IO accesses, 4823 * and the reading already does the endian conversion. As it is 4824 * read with uint32_t-sized accesses, any members with a different size 4825 * need to be ordered correctly though! 4826 */ 4827struct iwm_error_event_table { 4828 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 4829 uint32_t error_id; /* type of error */ 4830 uint32_t trm_hw_status0; /* TRM HW status */ 4831 uint32_t trm_hw_status1; /* TRM HW status */ 4832 uint32_t blink2; /* branch link */ 4833 uint32_t ilink1; /* interrupt link */ 4834 uint32_t ilink2; /* interrupt link */ 4835 uint32_t data1; /* error-specific data */ 4836 uint32_t data2; /* error-specific data */ 4837 uint32_t data3; /* error-specific data */ 4838 uint32_t bcon_time; /* beacon timer */ 4839 uint32_t tsf_low; /* network timestamp function timer */ 4840 uint32_t tsf_hi; /* network timestamp function timer */ 4841 uint32_t gp1; /* GP1 timer register */ 4842 uint32_t gp2; /* GP2 timer register */ 4843 uint32_t fw_rev_type; /* firmware revision type */ 4844 uint32_t major; /* uCode version major */ 4845 uint32_t minor; /* uCode version minor */ 4846 uint32_t hw_ver; /* HW Silicon version */ 4847 uint32_t brd_ver; /* HW board version */ 4848 uint32_t log_pc; /* log program counter */ 4849 uint32_t frame_ptr; /* frame pointer */ 4850 uint32_t stack_ptr; /* stack pointer */ 4851 uint32_t hcmd; /* last host command header */ 4852 uint32_t isr0; /* isr status register LMPM_NIC_ISR0: 4853 * rxtx_flag */ 4854 uint32_t isr1; /* isr status register LMPM_NIC_ISR1: 4855 * host_flag */ 4856 uint32_t isr2; /* isr status register LMPM_NIC_ISR2: 4857 * enc_flag */ 4858 uint32_t isr3; /* isr status register LMPM_NIC_ISR3: 4859 * time_flag */ 4860 uint32_t isr4; /* isr status register LMPM_NIC_ISR4: 4861 * wico interrupt */ 4862 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */ 4863 uint32_t wait_event; /* wait event() caller address */ 4864 uint32_t l2p_control; /* L2pControlField */ 4865 uint32_t l2p_duration; /* L2pDurationField */ 4866 uint32_t l2p_mhvalid; /* L2pMhValidBits */ 4867 uint32_t l2p_addr_match; /* L2pAddrMatchStat */ 4868 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on 4869 * (LMPM_PMG_SEL) */ 4870 uint32_t u_timestamp; /* indicate when the date and time of the 4871 * compilation */ 4872 uint32_t flow_handler; /* FH read/write pointers, RX credit */ 4873} __packed /* LOG_ERROR_TABLE_API_S_VER_3 */; 4874 4875/* 4876 * UMAC error struct - relevant starting from family 8000 chip. 4877 * Note: This structure is read from the device with IO accesses, 4878 * and the reading already does the endian conversion. As it is 4879 * read with u32-sized accesses, any members with a different size 4880 * need to be ordered correctly though! 4881 */ 4882struct iwm_umac_error_event_table { 4883 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 4884 uint32_t error_id; /* type of error */ 4885 uint32_t blink1; /* branch link */ 4886 uint32_t blink2; /* branch link */ 4887 uint32_t ilink1; /* interrupt link */ 4888 uint32_t ilink2; /* interrupt link */ 4889 uint32_t data1; /* error-specific data */ 4890 uint32_t data2; /* error-specific data */ 4891 uint32_t data3; /* error-specific data */ 4892 uint32_t umac_major; 4893 uint32_t umac_minor; 4894 uint32_t frame_pointer; /* core register 27*/ 4895 uint32_t stack_pointer; /* core register 28 */ 4896 uint32_t cmd_header; /* latest host cmd sent to UMAC */ 4897 uint32_t nic_isr_pref; /* ISR status register */ 4898} __packed; 4899 4900#define ERROR_START_OFFSET (1 * sizeof(uint32_t)) 4901#define ERROR_ELEM_SIZE (7 * sizeof(uint32_t)) 4902 4903#ifdef IWM_DEBUG 4904struct { 4905 const char *name; 4906 uint8_t num; 4907} advanced_lookup[] = { 4908 { "NMI_INTERRUPT_WDG", 0x34 }, 4909 { "SYSASSERT", 0x35 }, 4910 { "UCODE_VERSION_MISMATCH", 0x37 }, 4911 { "BAD_COMMAND", 0x38 }, 4912 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C }, 4913 { "FATAL_ERROR", 0x3D }, 4914 { "NMI_TRM_HW_ERR", 0x46 }, 4915 { "NMI_INTERRUPT_TRM", 0x4C }, 4916 { "NMI_INTERRUPT_BREAK_POINT", 0x54 }, 4917 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C }, 4918 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 }, 4919 { "NMI_INTERRUPT_HOST", 0x66 }, 4920 { "NMI_INTERRUPT_ACTION_PT", 0x7C }, 4921 { "NMI_INTERRUPT_UNKNOWN", 0x84 }, 4922 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 }, 4923 { "ADVANCED_SYSASSERT", 0 }, 4924}; 4925 4926static const char * 4927iwm_desc_lookup(uint32_t num) 4928{ 4929 int i; 4930 4931 for (i = 0; i < nitems(advanced_lookup) - 1; i++) 4932 if (advanced_lookup[i].num == num) 4933 return advanced_lookup[i].name; 4934 4935 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */ 4936 return advanced_lookup[i].name; 4937} 4938 4939static void 4940iwm_nic_umac_error(struct iwm_softc *sc) 4941{ 4942 struct iwm_umac_error_event_table table; 4943 uint32_t base; 4944 4945 base = sc->sc_uc.uc_umac_error_event_table; 4946 4947 if (base < 0x800000) { 4948 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n", 4949 base); 4950 return; 4951 } 4952 4953 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 4954 device_printf(sc->sc_dev, "reading errlog failed\n"); 4955 return; 4956 } 4957 4958 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 4959 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n"); 4960 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 4961 sc->sc_flags, table.valid); 4962 } 4963 4964 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id, 4965 iwm_desc_lookup(table.error_id)); 4966 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1); 4967 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2); 4968 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n", 4969 table.ilink1); 4970 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n", 4971 table.ilink2); 4972 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1); 4973 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2); 4974 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3); 4975 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major); 4976 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor); 4977 device_printf(sc->sc_dev, "0x%08X | frame pointer\n", 4978 table.frame_pointer); 4979 device_printf(sc->sc_dev, "0x%08X | stack pointer\n", 4980 table.stack_pointer); 4981 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header); 4982 device_printf(sc->sc_dev, "0x%08X | isr status reg\n", 4983 table.nic_isr_pref); 4984} 4985 4986/* 4987 * Support for dumping the error log seemed like a good idea ... 4988 * but it's mostly hex junk and the only sensible thing is the 4989 * hw/ucode revision (which we know anyway). Since it's here, 4990 * I'll just leave it in, just in case e.g. the Intel guys want to 4991 * help us decipher some "ADVANCED_SYSASSERT" later. 4992 */ 4993static void 4994iwm_nic_error(struct iwm_softc *sc) 4995{ 4996 struct iwm_error_event_table table; 4997 uint32_t base; 4998 4999 device_printf(sc->sc_dev, "dumping device error log\n"); 5000 base = sc->sc_uc.uc_error_event_table; 5001 if (base < 0x800000) { 5002 device_printf(sc->sc_dev, 5003 "Invalid error log pointer 0x%08x\n", base); 5004 return; 5005 } 5006 5007 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 5008 device_printf(sc->sc_dev, "reading errlog failed\n"); 5009 return; 5010 } 5011 5012 if (!table.valid) { 5013 device_printf(sc->sc_dev, "errlog not found, skipping\n"); 5014 return; 5015 } 5016 5017 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 5018 device_printf(sc->sc_dev, "Start Error Log Dump:\n"); 5019 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 5020 sc->sc_flags, table.valid); 5021 } 5022 5023 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id, 5024 iwm_desc_lookup(table.error_id)); 5025 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n", 5026 table.trm_hw_status0); 5027 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n", 5028 table.trm_hw_status1); 5029 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2); 5030 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1); 5031 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2); 5032 device_printf(sc->sc_dev, "%08X | data1\n", table.data1); 5033 device_printf(sc->sc_dev, "%08X | data2\n", table.data2); 5034 device_printf(sc->sc_dev, "%08X | data3\n", table.data3); 5035 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time); 5036 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low); 5037 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi); 5038 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1); 5039 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2); 5040 device_printf(sc->sc_dev, "%08X | uCode revision type\n", 5041 table.fw_rev_type); 5042 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major); 5043 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor); 5044 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver); 5045 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver); 5046 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd); 5047 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0); 5048 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1); 5049 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2); 5050 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3); 5051 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4); 5052 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id); 5053 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event); 5054 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control); 5055 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration); 5056 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid); 5057 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match); 5058 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel); 5059 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp); 5060 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler); 5061 5062 if (sc->sc_uc.uc_umac_error_event_table) 5063 iwm_nic_umac_error(sc); 5064} 5065#endif 5066 5067#define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT); 5068 5069/* 5070 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt. 5071 * Basic structure from if_iwn 5072 */ 5073static void 5074iwm_notif_intr(struct iwm_softc *sc) 5075{ 5076 struct ieee80211com *ic = &sc->sc_ic; 5077 uint16_t hw; 5078 5079 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map, 5080 BUS_DMASYNC_POSTREAD); 5081 5082 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff; 5083 5084 /* 5085 * Process responses 5086 */ 5087 while (sc->rxq.cur != hw) { 5088 struct iwm_rx_ring *ring = &sc->rxq; 5089 struct iwm_rx_data *data = &ring->data[ring->cur]; 5090 struct iwm_rx_packet *pkt; 5091 struct iwm_cmd_response *cresp; 5092 int qid, idx, code; 5093 5094 bus_dmamap_sync(ring->data_dmat, data->map, 5095 BUS_DMASYNC_POSTREAD); 5096 pkt = mtod(data->m, struct iwm_rx_packet *); 5097 5098 qid = pkt->hdr.qid & ~0x80; 5099 idx = pkt->hdr.idx; 5100 5101 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code); 5102 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5103 "rx packet qid=%d idx=%d type=%x %d %d\n", 5104 pkt->hdr.qid & ~0x80, pkt->hdr.idx, code, ring->cur, hw); 5105 5106 /* 5107 * randomly get these from the firmware, no idea why. 5108 * they at least seem harmless, so just ignore them for now 5109 */ 5110 if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0) 5111 || pkt->len_n_flags == htole32(0x55550000))) { 5112 ADVANCE_RXQ(sc); 5113 continue; 5114 } 5115 5116 switch (code) { 5117 case IWM_REPLY_RX_PHY_CMD: 5118 iwm_mvm_rx_rx_phy_cmd(sc, pkt, data); 5119 break; 5120 5121 case IWM_REPLY_RX_MPDU_CMD: 5122 iwm_mvm_rx_rx_mpdu(sc, pkt, data); 5123 break; 5124 5125 case IWM_TX_CMD: 5126 iwm_mvm_rx_tx_cmd(sc, pkt, data); 5127 break; 5128 5129 case IWM_MISSED_BEACONS_NOTIFICATION: { 5130 struct iwm_missed_beacons_notif *resp; 5131 int missed; 5132 5133 /* XXX look at mac_id to determine interface ID */ 5134 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5135 5136 resp = (void *)pkt->data; 5137 missed = le32toh(resp->consec_missed_beacons); 5138 5139 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE, 5140 "%s: MISSED_BEACON: mac_id=%d, " 5141 "consec_since_last_rx=%d, consec=%d, num_expect=%d " 5142 "num_rx=%d\n", 5143 __func__, 5144 le32toh(resp->mac_id), 5145 le32toh(resp->consec_missed_beacons_since_last_rx), 5146 le32toh(resp->consec_missed_beacons), 5147 le32toh(resp->num_expected_beacons), 5148 le32toh(resp->num_recvd_beacons)); 5149 5150 /* Be paranoid */ 5151 if (vap == NULL) 5152 break; 5153 5154 /* XXX no net80211 locking? */ 5155 if (vap->iv_state == IEEE80211_S_RUN && 5156 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 5157 if (missed > vap->iv_bmissthreshold) { 5158 /* XXX bad locking; turn into task */ 5159 IWM_UNLOCK(sc); 5160 ieee80211_beacon_miss(ic); 5161 IWM_LOCK(sc); 5162 } 5163 } 5164 5165 break; } 5166 5167 case IWM_MFUART_LOAD_NOTIFICATION: 5168 break; 5169 5170 case IWM_MVM_ALIVE: { 5171 struct iwm_mvm_alive_resp_v1 *resp1; 5172 struct iwm_mvm_alive_resp_v2 *resp2; 5173 struct iwm_mvm_alive_resp_v3 *resp3; 5174 5175 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp1)) { 5176 resp1 = (void *)pkt->data; 5177 sc->sc_uc.uc_error_event_table 5178 = le32toh(resp1->error_event_table_ptr); 5179 sc->sc_uc.uc_log_event_table 5180 = le32toh(resp1->log_event_table_ptr); 5181 sc->sched_base = le32toh(resp1->scd_base_ptr); 5182 if (resp1->status == IWM_ALIVE_STATUS_OK) 5183 sc->sc_uc.uc_ok = 1; 5184 else 5185 sc->sc_uc.uc_ok = 0; 5186 } 5187 5188 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp2)) { 5189 resp2 = (void *)pkt->data; 5190 sc->sc_uc.uc_error_event_table 5191 = le32toh(resp2->error_event_table_ptr); 5192 sc->sc_uc.uc_log_event_table 5193 = le32toh(resp2->log_event_table_ptr); 5194 sc->sched_base = le32toh(resp2->scd_base_ptr); 5195 sc->sc_uc.uc_umac_error_event_table 5196 = le32toh(resp2->error_info_addr); 5197 if (resp2->status == IWM_ALIVE_STATUS_OK) 5198 sc->sc_uc.uc_ok = 1; 5199 else 5200 sc->sc_uc.uc_ok = 0; 5201 } 5202 5203 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp3)) { 5204 resp3 = (void *)pkt->data; 5205 sc->sc_uc.uc_error_event_table 5206 = le32toh(resp3->error_event_table_ptr); 5207 sc->sc_uc.uc_log_event_table 5208 = le32toh(resp3->log_event_table_ptr); 5209 sc->sched_base = le32toh(resp3->scd_base_ptr); 5210 sc->sc_uc.uc_umac_error_event_table 5211 = le32toh(resp3->error_info_addr); 5212 if (resp3->status == IWM_ALIVE_STATUS_OK) 5213 sc->sc_uc.uc_ok = 1; 5214 else 5215 sc->sc_uc.uc_ok = 0; 5216 } 5217 5218 sc->sc_uc.uc_intr = 1; 5219 wakeup(&sc->sc_uc); 5220 break; } 5221 5222 case IWM_CALIB_RES_NOTIF_PHY_DB: { 5223 struct iwm_calib_res_notif_phy_db *phy_db_notif; 5224 phy_db_notif = (void *)pkt->data; 5225 5226 iwm_phy_db_set_section(sc->sc_phy_db, phy_db_notif); 5227 5228 break; } 5229 5230 case IWM_STATISTICS_NOTIFICATION: { 5231 struct iwm_notif_statistics *stats; 5232 stats = (void *)pkt->data; 5233 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats)); 5234 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general); 5235 break; } 5236 5237 case IWM_NVM_ACCESS_CMD: 5238 case IWM_MCC_UPDATE_CMD: 5239 if (sc->sc_wantresp == ((qid << 16) | idx)) { 5240 memcpy(sc->sc_cmd_resp, 5241 pkt, sizeof(sc->sc_cmd_resp)); 5242 } 5243 break; 5244 5245 case IWM_MCC_CHUB_UPDATE_CMD: { 5246 struct iwm_mcc_chub_notif *notif; 5247 notif = (void *)pkt->data; 5248 5249 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8; 5250 sc->sc_fw_mcc[1] = notif->mcc & 0xff; 5251 sc->sc_fw_mcc[2] = '\0'; 5252 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 5253 "fw source %d sent CC '%s'\n", 5254 notif->source_id, sc->sc_fw_mcc); 5255 break; } 5256 5257 case IWM_DTS_MEASUREMENT_NOTIFICATION: 5258 break; 5259 5260 case IWM_PHY_CONFIGURATION_CMD: 5261 case IWM_TX_ANT_CONFIGURATION_CMD: 5262 case IWM_ADD_STA: 5263 case IWM_MAC_CONTEXT_CMD: 5264 case IWM_REPLY_SF_CFG_CMD: 5265 case IWM_POWER_TABLE_CMD: 5266 case IWM_PHY_CONTEXT_CMD: 5267 case IWM_BINDING_CONTEXT_CMD: 5268 case IWM_TIME_EVENT_CMD: 5269 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD): 5270 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC): 5271 case IWM_SCAN_OFFLOAD_REQUEST_CMD: 5272 case IWM_REPLY_BEACON_FILTERING_CMD: 5273 case IWM_MAC_PM_POWER_TABLE: 5274 case IWM_TIME_QUOTA_CMD: 5275 case IWM_REMOVE_STA: 5276 case IWM_TXPATH_FLUSH: 5277 case IWM_LQ_CMD: 5278 case IWM_BT_CONFIG: 5279 case IWM_REPLY_THERMAL_MNG_BACKOFF: 5280 cresp = (void *)pkt->data; 5281 if (sc->sc_wantresp == ((qid << 16) | idx)) { 5282 memcpy(sc->sc_cmd_resp, 5283 pkt, sizeof(*pkt)+sizeof(*cresp)); 5284 } 5285 break; 5286 5287 /* ignore */ 5288 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */ 5289 break; 5290 5291 case IWM_INIT_COMPLETE_NOTIF: 5292 sc->sc_init_complete = 1; 5293 wakeup(&sc->sc_init_complete); 5294 break; 5295 5296 case IWM_SCAN_OFFLOAD_COMPLETE: { 5297 struct iwm_periodic_scan_complete *notif; 5298 notif = (void *)pkt->data; 5299 break; 5300 } 5301 5302 case IWM_SCAN_ITERATION_COMPLETE: { 5303 struct iwm_lmac_scan_complete_notif *notif; 5304 notif = (void *)pkt->data; 5305 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5306 break; 5307 } 5308 5309 case IWM_SCAN_COMPLETE_UMAC: { 5310 struct iwm_umac_scan_complete *notif; 5311 notif = (void *)pkt->data; 5312 5313 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 5314 "UMAC scan complete, status=0x%x\n", 5315 notif->status); 5316#if 0 /* XXX This would be a duplicate scan end call */ 5317 taskqueue_enqueue(sc->sc_tq, &sc->sc_es_task); 5318#endif 5319 break; 5320 } 5321 5322 case IWM_SCAN_ITERATION_COMPLETE_UMAC: { 5323 struct iwm_umac_scan_iter_complete_notif *notif; 5324 notif = (void *)pkt->data; 5325 5326 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration " 5327 "complete, status=0x%x, %d channels scanned\n", 5328 notif->status, notif->scanned_channels); 5329 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5330 break; 5331 } 5332 5333 case IWM_REPLY_ERROR: { 5334 struct iwm_error_resp *resp; 5335 resp = (void *)pkt->data; 5336 5337 device_printf(sc->sc_dev, 5338 "firmware error 0x%x, cmd 0x%x\n", 5339 le32toh(resp->error_type), 5340 resp->cmd_id); 5341 break; 5342 } 5343 5344 case IWM_TIME_EVENT_NOTIFICATION: { 5345 struct iwm_time_event_notif *notif; 5346 notif = (void *)pkt->data; 5347 5348 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5349 "TE notif status = 0x%x action = 0x%x\n", 5350 notif->status, notif->action); 5351 break; 5352 } 5353 5354 case IWM_MCAST_FILTER_CMD: 5355 break; 5356 5357 case IWM_SCD_QUEUE_CFG: { 5358 struct iwm_scd_txq_cfg_rsp *rsp; 5359 rsp = (void *)pkt->data; 5360 5361 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 5362 "queue cfg token=0x%x sta_id=%d " 5363 "tid=%d scd_queue=%d\n", 5364 rsp->token, rsp->sta_id, rsp->tid, 5365 rsp->scd_queue); 5366 break; 5367 } 5368 5369 default: 5370 device_printf(sc->sc_dev, 5371 "frame %d/%d %x UNHANDLED (this should " 5372 "not happen)\n", qid, idx, 5373 pkt->len_n_flags); 5374 break; 5375 } 5376 5377 /* 5378 * Why test bit 0x80? The Linux driver: 5379 * 5380 * There is one exception: uCode sets bit 15 when it 5381 * originates the response/notification, i.e. when the 5382 * response/notification is not a direct response to a 5383 * command sent by the driver. For example, uCode issues 5384 * IWM_REPLY_RX when it sends a received frame to the driver; 5385 * it is not a direct response to any driver command. 5386 * 5387 * Ok, so since when is 7 == 15? Well, the Linux driver 5388 * uses a slightly different format for pkt->hdr, and "qid" 5389 * is actually the upper byte of a two-byte field. 5390 */ 5391 if (!(pkt->hdr.qid & (1 << 7))) { 5392 iwm_cmd_done(sc, pkt); 5393 } 5394 5395 ADVANCE_RXQ(sc); 5396 } 5397 5398 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 5399 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 5400 5401 /* 5402 * Tell the firmware what we have processed. 5403 * Seems like the hardware gets upset unless we align 5404 * the write by 8?? 5405 */ 5406 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1; 5407 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7); 5408} 5409 5410static void 5411iwm_intr(void *arg) 5412{ 5413 struct iwm_softc *sc = arg; 5414 int handled = 0; 5415 int r1, r2, rv = 0; 5416 int isperiodic = 0; 5417 5418 IWM_LOCK(sc); 5419 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 5420 5421 if (sc->sc_flags & IWM_FLAG_USE_ICT) { 5422 uint32_t *ict = sc->ict_dma.vaddr; 5423 int tmp; 5424 5425 tmp = htole32(ict[sc->ict_cur]); 5426 if (!tmp) 5427 goto out_ena; 5428 5429 /* 5430 * ok, there was something. keep plowing until we have all. 5431 */ 5432 r1 = r2 = 0; 5433 while (tmp) { 5434 r1 |= tmp; 5435 ict[sc->ict_cur] = 0; 5436 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT; 5437 tmp = htole32(ict[sc->ict_cur]); 5438 } 5439 5440 /* this is where the fun begins. don't ask */ 5441 if (r1 == 0xffffffff) 5442 r1 = 0; 5443 5444 /* i am not expected to understand this */ 5445 if (r1 & 0xc0000) 5446 r1 |= 0x8000; 5447 r1 = (0xff & r1) | ((0xff00 & r1) << 16); 5448 } else { 5449 r1 = IWM_READ(sc, IWM_CSR_INT); 5450 /* "hardware gone" (where, fishing?) */ 5451 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 5452 goto out; 5453 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS); 5454 } 5455 if (r1 == 0 && r2 == 0) { 5456 goto out_ena; 5457 } 5458 5459 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask); 5460 5461 /* ignored */ 5462 handled |= (r1 & (IWM_CSR_INT_BIT_ALIVE /*| IWM_CSR_INT_BIT_SCD*/)); 5463 5464 if (r1 & IWM_CSR_INT_BIT_SW_ERR) { 5465 int i; 5466 struct ieee80211com *ic = &sc->sc_ic; 5467 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5468 5469#ifdef IWM_DEBUG 5470 iwm_nic_error(sc); 5471#endif 5472 /* Dump driver status (TX and RX rings) while we're here. */ 5473 device_printf(sc->sc_dev, "driver status:\n"); 5474 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) { 5475 struct iwm_tx_ring *ring = &sc->txq[i]; 5476 device_printf(sc->sc_dev, 5477 " tx ring %2d: qid=%-2d cur=%-3d " 5478 "queued=%-3d\n", 5479 i, ring->qid, ring->cur, ring->queued); 5480 } 5481 device_printf(sc->sc_dev, 5482 " rx ring: cur=%d\n", sc->rxq.cur); 5483 device_printf(sc->sc_dev, 5484 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state); 5485 5486 /* Don't stop the device; just do a VAP restart */ 5487 IWM_UNLOCK(sc); 5488 5489 if (vap == NULL) { 5490 printf("%s: null vap\n", __func__); 5491 return; 5492 } 5493 5494 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; " 5495 "restarting\n", __func__, vap->iv_state); 5496 5497 /* XXX TODO: turn this into a callout/taskqueue */ 5498 ieee80211_restart_all(ic); 5499 return; 5500 } 5501 5502 if (r1 & IWM_CSR_INT_BIT_HW_ERR) { 5503 handled |= IWM_CSR_INT_BIT_HW_ERR; 5504 device_printf(sc->sc_dev, "hardware error, stopping device\n"); 5505 iwm_stop(sc); 5506 rv = 1; 5507 goto out; 5508 } 5509 5510 /* firmware chunk loaded */ 5511 if (r1 & IWM_CSR_INT_BIT_FH_TX) { 5512 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK); 5513 handled |= IWM_CSR_INT_BIT_FH_TX; 5514 sc->sc_fw_chunk_done = 1; 5515 wakeup(&sc->sc_fw); 5516 } 5517 5518 if (r1 & IWM_CSR_INT_BIT_RF_KILL) { 5519 handled |= IWM_CSR_INT_BIT_RF_KILL; 5520 if (iwm_check_rfkill(sc)) { 5521 device_printf(sc->sc_dev, 5522 "%s: rfkill switch, disabling interface\n", 5523 __func__); 5524 iwm_stop(sc); 5525 } 5526 } 5527 5528 /* 5529 * The Linux driver uses periodic interrupts to avoid races. 5530 * We cargo-cult like it's going out of fashion. 5531 */ 5532 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) { 5533 handled |= IWM_CSR_INT_BIT_RX_PERIODIC; 5534 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC); 5535 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0) 5536 IWM_WRITE_1(sc, 5537 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS); 5538 isperiodic = 1; 5539 } 5540 5541 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) { 5542 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX); 5543 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK); 5544 5545 iwm_notif_intr(sc); 5546 5547 /* enable periodic interrupt, see above */ 5548 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic) 5549 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG, 5550 IWM_CSR_INT_PERIODIC_ENA); 5551 } 5552 5553 if (__predict_false(r1 & ~handled)) 5554 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5555 "%s: unhandled interrupts: %x\n", __func__, r1); 5556 rv = 1; 5557 5558 out_ena: 5559 iwm_restore_interrupts(sc); 5560 out: 5561 IWM_UNLOCK(sc); 5562 return; 5563} 5564 5565/* 5566 * Autoconf glue-sniffing 5567 */ 5568#define PCI_VENDOR_INTEL 0x8086 5569#define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3 5570#define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4 5571#define PCI_PRODUCT_INTEL_WL_3165_1 0x3165 5572#define PCI_PRODUCT_INTEL_WL_3165_2 0x3166 5573#define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1 5574#define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2 5575#define PCI_PRODUCT_INTEL_WL_7265_1 0x095a 5576#define PCI_PRODUCT_INTEL_WL_7265_2 0x095b 5577#define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3 5578#define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4 5579 5580static const struct iwm_devices { 5581 uint16_t device; 5582 const char *name; 5583} iwm_devices[] = { 5584 { PCI_PRODUCT_INTEL_WL_3160_1, "Intel Dual Band Wireless AC 3160" }, 5585 { PCI_PRODUCT_INTEL_WL_3160_2, "Intel Dual Band Wireless AC 3160" }, 5586 { PCI_PRODUCT_INTEL_WL_3165_1, "Intel Dual Band Wireless AC 3165" }, 5587 { PCI_PRODUCT_INTEL_WL_3165_2, "Intel Dual Band Wireless AC 3165" }, 5588 { PCI_PRODUCT_INTEL_WL_7260_1, "Intel Dual Band Wireless AC 7260" }, 5589 { PCI_PRODUCT_INTEL_WL_7260_2, "Intel Dual Band Wireless AC 7260" }, 5590 { PCI_PRODUCT_INTEL_WL_7265_1, "Intel Dual Band Wireless AC 7265" }, 5591 { PCI_PRODUCT_INTEL_WL_7265_2, "Intel Dual Band Wireless AC 7265" }, 5592 { PCI_PRODUCT_INTEL_WL_8260_1, "Intel Dual Band Wireless AC 8260" }, 5593 { PCI_PRODUCT_INTEL_WL_8260_2, "Intel Dual Band Wireless AC 8260" }, 5594}; 5595 5596static int 5597iwm_probe(device_t dev) 5598{ 5599 int i; 5600 5601 for (i = 0; i < nitems(iwm_devices); i++) { 5602 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL && 5603 pci_get_device(dev) == iwm_devices[i].device) { 5604 device_set_desc(dev, iwm_devices[i].name); 5605 return (BUS_PROBE_DEFAULT); 5606 } 5607 } 5608 5609 return (ENXIO); 5610} 5611 5612static int 5613iwm_dev_check(device_t dev) 5614{ 5615 struct iwm_softc *sc; 5616 5617 sc = device_get_softc(dev); 5618 5619 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV); 5620 switch (pci_get_device(dev)) { 5621 case PCI_PRODUCT_INTEL_WL_3160_1: 5622 case PCI_PRODUCT_INTEL_WL_3160_2: 5623 sc->sc_fwname = "iwm3160fw"; 5624 sc->host_interrupt_operation_mode = 1; 5625 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 5626 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5627 return (0); 5628 case PCI_PRODUCT_INTEL_WL_3165_1: 5629 case PCI_PRODUCT_INTEL_WL_3165_2: 5630 sc->sc_fwname = "iwm7265fw"; 5631 sc->host_interrupt_operation_mode = 0; 5632 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 5633 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5634 return (0); 5635 case PCI_PRODUCT_INTEL_WL_7260_1: 5636 case PCI_PRODUCT_INTEL_WL_7260_2: 5637 sc->sc_fwname = "iwm7260fw"; 5638 sc->host_interrupt_operation_mode = 1; 5639 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 5640 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5641 return (0); 5642 case PCI_PRODUCT_INTEL_WL_7265_1: 5643 case PCI_PRODUCT_INTEL_WL_7265_2: 5644 sc->sc_fwname = "iwm7265fw"; 5645 sc->host_interrupt_operation_mode = 0; 5646 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 5647 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5648 return (0); 5649 case PCI_PRODUCT_INTEL_WL_8260_1: 5650 case PCI_PRODUCT_INTEL_WL_8260_2: 5651 sc->sc_fwname = "iwm8000Cfw"; 5652 sc->host_interrupt_operation_mode = 0; 5653 sc->sc_device_family = IWM_DEVICE_FAMILY_8000; 5654 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000; 5655 return (0); 5656 default: 5657 device_printf(dev, "unknown adapter type\n"); 5658 return ENXIO; 5659 } 5660} 5661 5662/* PCI registers */ 5663#define PCI_CFG_RETRY_TIMEOUT 0x041 5664 5665static int 5666iwm_pci_attach(device_t dev) 5667{ 5668 struct iwm_softc *sc; 5669 int count, error, rid; 5670 uint16_t reg; 5671 5672 sc = device_get_softc(dev); 5673 5674 /* We disable the RETRY_TIMEOUT register (0x41) to keep 5675 * PCI Tx retries from interfering with C3 CPU state */ 5676 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 5677 5678 /* Enable bus-mastering and hardware bug workaround. */ 5679 pci_enable_busmaster(dev); 5680 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg)); 5681 /* if !MSI */ 5682 if (reg & PCIM_STATUS_INTxSTATE) { 5683 reg &= ~PCIM_STATUS_INTxSTATE; 5684 } 5685 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg)); 5686 5687 rid = PCIR_BAR(0); 5688 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 5689 RF_ACTIVE); 5690 if (sc->sc_mem == NULL) { 5691 device_printf(sc->sc_dev, "can't map mem space\n"); 5692 return (ENXIO); 5693 } 5694 sc->sc_st = rman_get_bustag(sc->sc_mem); 5695 sc->sc_sh = rman_get_bushandle(sc->sc_mem); 5696 5697 /* Install interrupt handler. */ 5698 count = 1; 5699 rid = 0; 5700 if (pci_alloc_msi(dev, &count) == 0) 5701 rid = 1; 5702 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 5703 (rid != 0 ? 0 : RF_SHAREABLE)); 5704 if (sc->sc_irq == NULL) { 5705 device_printf(dev, "can't map interrupt\n"); 5706 return (ENXIO); 5707 } 5708 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE, 5709 NULL, iwm_intr, sc, &sc->sc_ih); 5710 if (sc->sc_ih == NULL) { 5711 device_printf(dev, "can't establish interrupt"); 5712 return (ENXIO); 5713 } 5714 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev); 5715 5716 return (0); 5717} 5718 5719static void 5720iwm_pci_detach(device_t dev) 5721{ 5722 struct iwm_softc *sc = device_get_softc(dev); 5723 5724 if (sc->sc_irq != NULL) { 5725 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih); 5726 bus_release_resource(dev, SYS_RES_IRQ, 5727 rman_get_rid(sc->sc_irq), sc->sc_irq); 5728 pci_release_msi(dev); 5729 } 5730 if (sc->sc_mem != NULL) 5731 bus_release_resource(dev, SYS_RES_MEMORY, 5732 rman_get_rid(sc->sc_mem), sc->sc_mem); 5733} 5734 5735 5736 5737static int 5738iwm_attach(device_t dev) 5739{ 5740 struct iwm_softc *sc = device_get_softc(dev); 5741 struct ieee80211com *ic = &sc->sc_ic; 5742 int error; 5743 int txq_i, i; 5744 5745 sc->sc_dev = dev; 5746 sc->sc_attached = 1; 5747 IWM_LOCK_INIT(sc); 5748 mbufq_init(&sc->sc_snd, ifqmaxlen); 5749 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0); 5750 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0); 5751 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc); 5752 5753 /* Init phy db */ 5754 sc->sc_phy_db = iwm_phy_db_init(sc); 5755 if (!sc->sc_phy_db) { 5756 device_printf(dev, "Cannot init phy_db\n"); 5757 goto fail; 5758 } 5759 5760 /* PCI attach */ 5761 error = iwm_pci_attach(dev); 5762 if (error != 0) 5763 goto fail; 5764 5765 sc->sc_wantresp = -1; 5766 5767 /* Check device type */ 5768 error = iwm_dev_check(dev); 5769 if (error != 0) 5770 goto fail; 5771 5772 /* 5773 * We now start fiddling with the hardware 5774 */ 5775 /* 5776 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have 5777 * changed, and now the revision step also includes bit 0-1 (no more 5778 * "dash" value). To keep hw_rev backwards compatible - we'll store it 5779 * in the old format. 5780 */ 5781 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) 5782 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) | 5783 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2); 5784 5785 if (iwm_prepare_card_hw(sc) != 0) { 5786 device_printf(dev, "could not initialize hardware\n"); 5787 goto fail; 5788 } 5789 5790 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) { 5791 int ret; 5792 uint32_t hw_step; 5793 5794 /* 5795 * In order to recognize C step the driver should read the 5796 * chip version id located at the AUX bus MISC address. 5797 */ 5798 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, 5799 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE); 5800 DELAY(2); 5801 5802 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL, 5803 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 5804 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 5805 25000); 5806 if (!ret) { 5807 device_printf(sc->sc_dev, 5808 "Failed to wake up the nic\n"); 5809 goto fail; 5810 } 5811 5812 if (iwm_nic_lock(sc)) { 5813 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG); 5814 hw_step |= IWM_ENABLE_WFPM; 5815 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step); 5816 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG); 5817 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF; 5818 if (hw_step == 0x3) 5819 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) | 5820 (IWM_SILICON_C_STEP << 2); 5821 iwm_nic_unlock(sc); 5822 } else { 5823 device_printf(sc->sc_dev, "Failed to lock the nic\n"); 5824 goto fail; 5825 } 5826 } 5827 5828 /* Allocate DMA memory for firmware transfers. */ 5829 if ((error = iwm_alloc_fwmem(sc)) != 0) { 5830 device_printf(dev, "could not allocate memory for firmware\n"); 5831 goto fail; 5832 } 5833 5834 /* Allocate "Keep Warm" page. */ 5835 if ((error = iwm_alloc_kw(sc)) != 0) { 5836 device_printf(dev, "could not allocate keep warm page\n"); 5837 goto fail; 5838 } 5839 5840 /* We use ICT interrupts */ 5841 if ((error = iwm_alloc_ict(sc)) != 0) { 5842 device_printf(dev, "could not allocate ICT table\n"); 5843 goto fail; 5844 } 5845 5846 /* Allocate TX scheduler "rings". */ 5847 if ((error = iwm_alloc_sched(sc)) != 0) { 5848 device_printf(dev, "could not allocate TX scheduler rings\n"); 5849 goto fail; 5850 } 5851 5852 /* Allocate TX rings */ 5853 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) { 5854 if ((error = iwm_alloc_tx_ring(sc, 5855 &sc->txq[txq_i], txq_i)) != 0) { 5856 device_printf(dev, 5857 "could not allocate TX ring %d\n", 5858 txq_i); 5859 goto fail; 5860 } 5861 } 5862 5863 /* Allocate RX ring. */ 5864 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) { 5865 device_printf(dev, "could not allocate RX ring\n"); 5866 goto fail; 5867 } 5868 5869 /* Clear pending interrupts. */ 5870 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff); 5871 5872 ic->ic_softc = sc; 5873 ic->ic_name = device_get_nameunit(sc->sc_dev); 5874 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 5875 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 5876 5877 /* Set device capabilities. */ 5878 ic->ic_caps = 5879 IEEE80211_C_STA | 5880 IEEE80211_C_WPA | /* WPA/RSN */ 5881 IEEE80211_C_WME | 5882 IEEE80211_C_SHSLOT | /* short slot time supported */ 5883 IEEE80211_C_SHPREAMBLE /* short preamble supported */ 5884// IEEE80211_C_BGSCAN /* capable of bg scanning */ 5885 ; 5886 for (i = 0; i < nitems(sc->sc_phyctxt); i++) { 5887 sc->sc_phyctxt[i].id = i; 5888 sc->sc_phyctxt[i].color = 0; 5889 sc->sc_phyctxt[i].ref = 0; 5890 sc->sc_phyctxt[i].channel = NULL; 5891 } 5892 5893 /* Default noise floor */ 5894 sc->sc_noise = -96; 5895 5896 /* Max RSSI */ 5897 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM; 5898 5899 sc->sc_preinit_hook.ich_func = iwm_preinit; 5900 sc->sc_preinit_hook.ich_arg = sc; 5901 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) { 5902 device_printf(dev, "config_intrhook_establish failed\n"); 5903 goto fail; 5904 } 5905 5906#ifdef IWM_DEBUG 5907 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev), 5908 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug", 5909 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging"); 5910#endif 5911 5912 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 5913 "<-%s\n", __func__); 5914 5915 return 0; 5916 5917 /* Free allocated memory if something failed during attachment. */ 5918fail: 5919 iwm_detach_local(sc, 0); 5920 5921 return ENXIO; 5922} 5923 5924static int 5925iwm_is_valid_ether_addr(uint8_t *addr) 5926{ 5927 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 }; 5928 5929 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr)) 5930 return (FALSE); 5931 5932 return (TRUE); 5933} 5934 5935static int 5936iwm_update_edca(struct ieee80211com *ic) 5937{ 5938 struct iwm_softc *sc = ic->ic_softc; 5939 5940 device_printf(sc->sc_dev, "%s: called\n", __func__); 5941 return (0); 5942} 5943 5944static void 5945iwm_preinit(void *arg) 5946{ 5947 struct iwm_softc *sc = arg; 5948 device_t dev = sc->sc_dev; 5949 struct ieee80211com *ic = &sc->sc_ic; 5950 int error; 5951 5952 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 5953 "->%s\n", __func__); 5954 5955 IWM_LOCK(sc); 5956 if ((error = iwm_start_hw(sc)) != 0) { 5957 device_printf(dev, "could not initialize hardware\n"); 5958 IWM_UNLOCK(sc); 5959 goto fail; 5960 } 5961 5962 error = iwm_run_init_mvm_ucode(sc, 1); 5963 iwm_stop_device(sc); 5964 if (error) { 5965 IWM_UNLOCK(sc); 5966 goto fail; 5967 } 5968 device_printf(dev, 5969 "hw rev 0x%x, fw ver %s, address %s\n", 5970 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK, 5971 sc->sc_fwver, ether_sprintf(sc->sc_nvm.hw_addr)); 5972 5973 /* not all hardware can do 5GHz band */ 5974 if (!sc->sc_nvm.sku_cap_band_52GHz_enable) 5975 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0, 5976 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A])); 5977 IWM_UNLOCK(sc); 5978 5979 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 5980 ic->ic_channels); 5981 5982 /* 5983 * At this point we've committed - if we fail to do setup, 5984 * we now also have to tear down the net80211 state. 5985 */ 5986 ieee80211_ifattach(ic); 5987 ic->ic_vap_create = iwm_vap_create; 5988 ic->ic_vap_delete = iwm_vap_delete; 5989 ic->ic_raw_xmit = iwm_raw_xmit; 5990 ic->ic_node_alloc = iwm_node_alloc; 5991 ic->ic_scan_start = iwm_scan_start; 5992 ic->ic_scan_end = iwm_scan_end; 5993 ic->ic_update_mcast = iwm_update_mcast; 5994 ic->ic_getradiocaps = iwm_init_channel_map; 5995 ic->ic_set_channel = iwm_set_channel; 5996 ic->ic_scan_curchan = iwm_scan_curchan; 5997 ic->ic_scan_mindwell = iwm_scan_mindwell; 5998 ic->ic_wme.wme_update = iwm_update_edca; 5999 ic->ic_parent = iwm_parent; 6000 ic->ic_transmit = iwm_transmit; 6001 iwm_radiotap_attach(sc); 6002 if (bootverbose) 6003 ieee80211_announce(ic); 6004 6005 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6006 "<-%s\n", __func__); 6007 config_intrhook_disestablish(&sc->sc_preinit_hook); 6008 6009 return; 6010fail: 6011 config_intrhook_disestablish(&sc->sc_preinit_hook); 6012 iwm_detach_local(sc, 0); 6013} 6014 6015/* 6016 * Attach the interface to 802.11 radiotap. 6017 */ 6018static void 6019iwm_radiotap_attach(struct iwm_softc *sc) 6020{ 6021 struct ieee80211com *ic = &sc->sc_ic; 6022 6023 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6024 "->%s begin\n", __func__); 6025 ieee80211_radiotap_attach(ic, 6026 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 6027 IWM_TX_RADIOTAP_PRESENT, 6028 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 6029 IWM_RX_RADIOTAP_PRESENT); 6030 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6031 "->%s end\n", __func__); 6032} 6033 6034static struct ieee80211vap * 6035iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 6036 enum ieee80211_opmode opmode, int flags, 6037 const uint8_t bssid[IEEE80211_ADDR_LEN], 6038 const uint8_t mac[IEEE80211_ADDR_LEN]) 6039{ 6040 struct iwm_vap *ivp; 6041 struct ieee80211vap *vap; 6042 6043 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 6044 return NULL; 6045 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO); 6046 vap = &ivp->iv_vap; 6047 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 6048 vap->iv_bmissthreshold = 10; /* override default */ 6049 /* Override with driver methods. */ 6050 ivp->iv_newstate = vap->iv_newstate; 6051 vap->iv_newstate = iwm_newstate; 6052 6053 ieee80211_ratectl_init(vap); 6054 /* Complete setup. */ 6055 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status, 6056 mac); 6057 ic->ic_opmode = opmode; 6058 6059 return vap; 6060} 6061 6062static void 6063iwm_vap_delete(struct ieee80211vap *vap) 6064{ 6065 struct iwm_vap *ivp = IWM_VAP(vap); 6066 6067 ieee80211_ratectl_deinit(vap); 6068 ieee80211_vap_detach(vap); 6069 free(ivp, M_80211_VAP); 6070} 6071 6072static void 6073iwm_scan_start(struct ieee80211com *ic) 6074{ 6075 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6076 struct iwm_softc *sc = ic->ic_softc; 6077 int error; 6078 6079 IWM_LOCK(sc); 6080 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) 6081 error = iwm_mvm_umac_scan(sc); 6082 else 6083 error = iwm_mvm_lmac_scan(sc); 6084 if (error != 0) { 6085 device_printf(sc->sc_dev, "could not initiate 2 GHz scan\n"); 6086 IWM_UNLOCK(sc); 6087 ieee80211_cancel_scan(vap); 6088 } else { 6089 iwm_led_blink_start(sc); 6090 IWM_UNLOCK(sc); 6091 } 6092} 6093 6094static void 6095iwm_scan_end(struct ieee80211com *ic) 6096{ 6097 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6098 struct iwm_softc *sc = ic->ic_softc; 6099 6100 IWM_LOCK(sc); 6101 iwm_led_blink_stop(sc); 6102 if (vap->iv_state == IEEE80211_S_RUN) 6103 iwm_mvm_led_enable(sc); 6104 IWM_UNLOCK(sc); 6105} 6106 6107static void 6108iwm_update_mcast(struct ieee80211com *ic) 6109{ 6110} 6111 6112static void 6113iwm_set_channel(struct ieee80211com *ic) 6114{ 6115} 6116 6117static void 6118iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 6119{ 6120} 6121 6122static void 6123iwm_scan_mindwell(struct ieee80211_scan_state *ss) 6124{ 6125 return; 6126} 6127 6128void 6129iwm_init_task(void *arg1) 6130{ 6131 struct iwm_softc *sc = arg1; 6132 6133 IWM_LOCK(sc); 6134 while (sc->sc_flags & IWM_FLAG_BUSY) 6135 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0); 6136 sc->sc_flags |= IWM_FLAG_BUSY; 6137 iwm_stop(sc); 6138 if (sc->sc_ic.ic_nrunning > 0) 6139 iwm_init(sc); 6140 sc->sc_flags &= ~IWM_FLAG_BUSY; 6141 wakeup(&sc->sc_flags); 6142 IWM_UNLOCK(sc); 6143} 6144 6145static int 6146iwm_resume(device_t dev) 6147{ 6148 struct iwm_softc *sc = device_get_softc(dev); 6149 int do_reinit = 0; 6150 6151 /* 6152 * We disable the RETRY_TIMEOUT register (0x41) to keep 6153 * PCI Tx retries from interfering with C3 CPU state. 6154 */ 6155 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 6156 iwm_init_task(device_get_softc(dev)); 6157 6158 IWM_LOCK(sc); 6159 if (sc->sc_flags & IWM_FLAG_SCANNING) { 6160 sc->sc_flags &= ~IWM_FLAG_SCANNING; 6161 do_reinit = 1; 6162 } 6163 IWM_UNLOCK(sc); 6164 6165 if (do_reinit) 6166 ieee80211_resume_all(&sc->sc_ic); 6167 6168 return 0; 6169} 6170 6171static int 6172iwm_suspend(device_t dev) 6173{ 6174 int do_stop = 0; 6175 struct iwm_softc *sc = device_get_softc(dev); 6176 6177 do_stop = !! (sc->sc_ic.ic_nrunning > 0); 6178 6179 ieee80211_suspend_all(&sc->sc_ic); 6180 6181 if (do_stop) { 6182 IWM_LOCK(sc); 6183 iwm_stop(sc); 6184 sc->sc_flags |= IWM_FLAG_SCANNING; 6185 IWM_UNLOCK(sc); 6186 } 6187 6188 return (0); 6189} 6190 6191static int 6192iwm_detach_local(struct iwm_softc *sc, int do_net80211) 6193{ 6194 struct iwm_fw_info *fw = &sc->sc_fw; 6195 device_t dev = sc->sc_dev; 6196 int i; 6197 6198 if (!sc->sc_attached) 6199 return 0; 6200 sc->sc_attached = 0; 6201 6202 if (do_net80211) 6203 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task); 6204 6205 callout_drain(&sc->sc_led_blink_to); 6206 callout_drain(&sc->sc_watchdog_to); 6207 iwm_stop_device(sc); 6208 if (do_net80211) { 6209 ieee80211_ifdetach(&sc->sc_ic); 6210 } 6211 6212 iwm_phy_db_free(sc->sc_phy_db); 6213 sc->sc_phy_db = NULL; 6214 6215 /* Free descriptor rings */ 6216 iwm_free_rx_ring(sc, &sc->rxq); 6217 for (i = 0; i < nitems(sc->txq); i++) 6218 iwm_free_tx_ring(sc, &sc->txq[i]); 6219 6220 /* Free firmware */ 6221 if (fw->fw_fp != NULL) 6222 iwm_fw_info_free(fw); 6223 6224 /* Free scheduler */ 6225 iwm_dma_contig_free(&sc->sched_dma); 6226 iwm_dma_contig_free(&sc->ict_dma); 6227 iwm_dma_contig_free(&sc->kw_dma); 6228 iwm_dma_contig_free(&sc->fw_dma); 6229 6230 /* Finished with the hardware - detach things */ 6231 iwm_pci_detach(dev); 6232 6233 mbufq_drain(&sc->sc_snd); 6234 IWM_LOCK_DESTROY(sc); 6235 6236 return (0); 6237} 6238 6239static int 6240iwm_detach(device_t dev) 6241{ 6242 struct iwm_softc *sc = device_get_softc(dev); 6243 6244 return (iwm_detach_local(sc, 1)); 6245} 6246 6247static device_method_t iwm_pci_methods[] = { 6248 /* Device interface */ 6249 DEVMETHOD(device_probe, iwm_probe), 6250 DEVMETHOD(device_attach, iwm_attach), 6251 DEVMETHOD(device_detach, iwm_detach), 6252 DEVMETHOD(device_suspend, iwm_suspend), 6253 DEVMETHOD(device_resume, iwm_resume), 6254 6255 DEVMETHOD_END 6256}; 6257 6258static driver_t iwm_pci_driver = { 6259 "iwm", 6260 iwm_pci_methods, 6261 sizeof (struct iwm_softc) 6262}; 6263 6264static devclass_t iwm_devclass; 6265 6266DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL); 6267MODULE_DEPEND(iwm, firmware, 1, 1, 1); 6268MODULE_DEPEND(iwm, pci, 1, 1, 1); 6269MODULE_DEPEND(iwm, wlan, 1, 1, 1); 6270