if_iwm.c revision 330181
1280849Scy/* $OpenBSD: if_iwm.c,v 1.42 2015/05/30 02:49:23 deraadt Exp $ */ 2181834Sroberto 3280849Scy/* 4362716Scy * Copyright (c) 2014 genua mbh <info@genua.de> 5181834Sroberto * Copyright (c) 2014 Fixup Software Ltd. 6181834Sroberto * 7181834Sroberto * Permission to use, copy, modify, and distribute this software for any 8344884Scy * purpose with or without fee is hereby granted, provided that the above 9181834Sroberto * copyright notice and this permission notice appear in all copies. 10280849Scy * 11280849Scy * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12280849Scy * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13280849Scy * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14280849Scy * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15280849Scy * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16280849Scy * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17181834Sroberto * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18280849Scy */ 19280849Scy 20181834Sroberto/*- 21358659Scy * Based on BSD-licensed source modules in the Linux iwlwifi driver, 22280849Scy * which were used as the reference documentation for this implementation. 23280849Scy * 24280849Scy * Driver version we are currently based off of is 25280849Scy * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd) 26280849Scy * 27280849Scy *********************************************************************** 28280849Scy * 29280849Scy * This file is provided under a dual BSD/GPLv2 license. When using or 30280849Scy * redistributing this file, you may do so under either license. 31280849Scy * 32280849Scy * GPL LICENSE SUMMARY 33280849Scy * 34280849Scy * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved. 35280849Scy * 36280849Scy * This program is free software; you can redistribute it and/or modify 37181834Sroberto * it under the terms of version 2 of the GNU General Public License as 38280849Scy * published by the Free Software Foundation. 39181834Sroberto * 40181834Sroberto * This program is distributed in the hope that it will be useful, but 41181834Sroberto * WITHOUT ANY WARRANTY; without even the implied warranty of 42181834Sroberto * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 43181834Sroberto * General Public License for more details. 44181834Sroberto * 45280849Scy * You should have received a copy of the GNU General Public License 46181834Sroberto * along with this program; if not, write to the Free Software 47181834Sroberto * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 48181834Sroberto * USA 49280849Scy * 50181834Sroberto * The full GNU General Public License is included in this distribution 51181834Sroberto * in the file called COPYING. 52181834Sroberto * 53181834Sroberto * Contact Information: 54181834Sroberto * Intel Linux Wireless <ilw@linux.intel.com> 55181834Sroberto * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 56344884Scy * 57181834Sroberto * 58181834Sroberto * BSD LICENSE 59181834Sroberto * 60181834Sroberto * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved. 61181834Sroberto * All rights reserved. 62181834Sroberto * 63280849Scy * Redistribution and use in source and binary forms, with or without 64280849Scy * modification, are permitted provided that the following conditions 65181834Sroberto * are met: 66181834Sroberto * 67280849Scy * * Redistributions of source code must retain the above copyright 68280849Scy * notice, this list of conditions and the following disclaimer. 69280849Scy * * Redistributions in binary form must reproduce the above copyright 70280849Scy * notice, this list of conditions and the following disclaimer in 71280849Scy * the documentation and/or other materials provided with the 72280849Scy * distribution. 73280849Scy * * Neither the name Intel Corporation nor the names of its 74280849Scy * contributors may be used to endorse or promote products derived 75280849Scy * from this software without specific prior written permission. 76280849Scy * 77282408Scy * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 78282408Scy * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 79282408Scy * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 80282408Scy * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 81282408Scy * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 82282408Scy * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 83282408Scy * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 84282408Scy * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 85282408Scy * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 86282408Scy * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 87282408Scy * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 88282408Scy */ 89282408Scy 90282408Scy/*- 91282408Scy * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 92282408Scy * 93282408Scy * Permission to use, copy, modify, and distribute this software for any 94282408Scy * purpose with or without fee is hereby granted, provided that the above 95282408Scy * copyright notice and this permission notice appear in all copies. 96282408Scy * 97282408Scy * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 98282408Scy * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 99282408Scy * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 100282408Scy * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 101282408Scy * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 102282408Scy * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 103282408Scy * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 104282408Scy */ 105181834Sroberto#include <sys/cdefs.h> 106280849Scy__FBSDID("$FreeBSD: stable/11/sys/dev/iwm/if_iwm.c 330181 2018-03-01 06:00:59Z eadler $"); 107282408Scy 108280849Scy#include "opt_wlan.h" 109362716Scy 110280849Scy#include <sys/param.h> 111362716Scy#include <sys/bus.h> 112181834Sroberto#include <sys/conf.h> 113280849Scy#include <sys/endian.h> 114181834Sroberto#include <sys/firmware.h> 115181834Sroberto#include <sys/kernel.h> 116280849Scy#include <sys/malloc.h> 117181834Sroberto#include <sys/mbuf.h> 118181834Sroberto#include <sys/mutex.h> 119280849Scy#include <sys/module.h> 120181834Sroberto#include <sys/proc.h> 121280849Scy#include <sys/rman.h> 122181834Sroberto#include <sys/socket.h> 123280849Scy#include <sys/sockio.h> 124280849Scy#include <sys/sysctl.h> 125280849Scy#include <sys/linker.h> 126280849Scy 127181834Sroberto#include <machine/bus.h> 128280849Scy#include <machine/endian.h> 129181834Sroberto#include <machine/resource.h> 130280849Scy 131181834Sroberto#include <dev/pci/pcivar.h> 132280849Scy#include <dev/pci/pcireg.h> 133181834Sroberto 134280849Scy#include <net/bpf.h> 135181834Sroberto 136280849Scy#include <net/if.h> 137280849Scy#include <net/if_var.h> 138181834Sroberto#include <net/if_arp.h> 139280849Scy#include <net/if_dl.h> 140280849Scy#include <net/if_media.h> 141181834Sroberto#include <net/if_types.h> 142280849Scy 143181834Sroberto#include <netinet/in.h> 144181834Sroberto#include <netinet/in_systm.h> 145280849Scy#include <netinet/if_ether.h> 146181834Sroberto#include <netinet/ip.h> 147181834Sroberto 148280849Scy#include <net80211/ieee80211_var.h> 149280849Scy#include <net80211/ieee80211_regdomain.h> 150280849Scy#include <net80211/ieee80211_ratectl.h> 151280849Scy#include <net80211/ieee80211_radiotap.h> 152280849Scy 153280849Scy#include <dev/iwm/if_iwmreg.h> 154280849Scy#include <dev/iwm/if_iwmvar.h> 155280849Scy#include <dev/iwm/if_iwm_debug.h> 156280849Scy#include <dev/iwm/if_iwm_notif_wait.h> 157280849Scy#include <dev/iwm/if_iwm_util.h> 158280849Scy#include <dev/iwm/if_iwm_binding.h> 159280849Scy#include <dev/iwm/if_iwm_phy_db.h> 160181834Sroberto#include <dev/iwm/if_iwm_mac_ctxt.h> 161181834Sroberto#include <dev/iwm/if_iwm_phy_ctxt.h> 162181834Sroberto#include <dev/iwm/if_iwm_time_event.h> 163181834Sroberto#include <dev/iwm/if_iwm_power.h> 164181834Sroberto#include <dev/iwm/if_iwm_scan.h> 165181834Sroberto 166181834Sroberto#include <dev/iwm/if_iwm_pcie_trans.h> 167181834Sroberto#include <dev/iwm/if_iwm_led.h> 168181834Sroberto 169181834Sroberto#define IWM_NVM_HW_SECTION_NUM_FAMILY_7000 0 170181834Sroberto#define IWM_NVM_HW_SECTION_NUM_FAMILY_8000 10 171181834Sroberto 172181834Sroberto/* lower blocks contain EEPROM image and calibration data */ 173181834Sroberto#define IWM_OTP_LOW_IMAGE_SIZE_FAMILY_7000 (16 * 512 * sizeof(uint16_t)) /* 16 KB */ 174181834Sroberto#define IWM_OTP_LOW_IMAGE_SIZE_FAMILY_8000 (32 * 512 * sizeof(uint16_t)) /* 32 KB */ 175181834Sroberto 176181834Sroberto#define IWM7260_FW "iwm7260fw" 177181834Sroberto#define IWM3160_FW "iwm3160fw" 178181834Sroberto#define IWM7265_FW "iwm7265fw" 179181834Sroberto#define IWM7265D_FW "iwm7265Dfw" 180181834Sroberto#define IWM8000_FW "iwm8000Cfw" 181181834Sroberto 182181834Sroberto#define IWM_DEVICE_7000_COMMON \ 183181834Sroberto .device_family = IWM_DEVICE_FAMILY_7000, \ 184181834Sroberto .eeprom_size = IWM_OTP_LOW_IMAGE_SIZE_FAMILY_7000, \ 185181834Sroberto .nvm_hw_section_num = IWM_NVM_HW_SECTION_NUM_FAMILY_7000, \ 186181834Sroberto .apmg_wake_up_wa = 1 187181834Sroberto 188181834Srobertoconst struct iwm_cfg iwm7260_cfg = { 189181834Sroberto .fw_name = IWM7260_FW, 190181834Sroberto IWM_DEVICE_7000_COMMON, 191181834Sroberto .host_interrupt_operation_mode = 1, 192181834Sroberto}; 193181834Sroberto 194181834Srobertoconst struct iwm_cfg iwm3160_cfg = { 195181834Sroberto .fw_name = IWM3160_FW, 196181834Sroberto IWM_DEVICE_7000_COMMON, 197181834Sroberto .host_interrupt_operation_mode = 1, 198181834Sroberto}; 199181834Sroberto 200181834Srobertoconst struct iwm_cfg iwm3165_cfg = { 201181834Sroberto /* XXX IWM7265D_FW doesn't seem to work properly yet */ 202181834Sroberto .fw_name = IWM7265_FW, 203282408Scy IWM_DEVICE_7000_COMMON, 204282408Scy .host_interrupt_operation_mode = 0, 205282408Scy}; 206282408Scy 207181834Srobertoconst struct iwm_cfg iwm7265_cfg = { 208181834Sroberto .fw_name = IWM7265_FW, 209181834Sroberto IWM_DEVICE_7000_COMMON, 210181834Sroberto .host_interrupt_operation_mode = 0, 211181834Sroberto}; 212181834Sroberto 213181834Srobertoconst struct iwm_cfg iwm7265d_cfg = { 214181834Sroberto /* XXX IWM7265D_FW doesn't seem to work properly yet */ 215181834Sroberto .fw_name = IWM7265_FW, 216181834Sroberto IWM_DEVICE_7000_COMMON, 217181834Sroberto .host_interrupt_operation_mode = 0, 218181834Sroberto}; 219181834Sroberto 220181834Sroberto#define IWM_DEVICE_8000_COMMON \ 221181834Sroberto .device_family = IWM_DEVICE_FAMILY_8000, \ 222181834Sroberto .eeprom_size = IWM_OTP_LOW_IMAGE_SIZE_FAMILY_8000, \ 223181834Sroberto .nvm_hw_section_num = IWM_NVM_HW_SECTION_NUM_FAMILY_8000 224181834Sroberto 225181834Srobertoconst struct iwm_cfg iwm8260_cfg = { 226181834Sroberto .fw_name = IWM8000_FW, 227181834Sroberto IWM_DEVICE_8000_COMMON, 228181834Sroberto .host_interrupt_operation_mode = 0, 229181834Sroberto}; 230181834Sroberto 231181834Srobertoconst uint8_t iwm_nvm_channels[] = { 232181834Sroberto /* 2.4 GHz */ 233181834Sroberto 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 234181834Sroberto /* 5 GHz */ 235181834Sroberto 36, 40, 44, 48, 52, 56, 60, 64, 236181834Sroberto 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 237181834Sroberto 149, 153, 157, 161, 165 238181834Sroberto}; 239181834Sroberto_Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS, 240181834Sroberto "IWM_NUM_CHANNELS is too small"); 241181834Sroberto 242181834Srobertoconst uint8_t iwm_nvm_channels_8000[] = { 243181834Sroberto /* 2.4 GHz */ 244181834Sroberto 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 245181834Sroberto /* 5 GHz */ 246181834Sroberto 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 247181834Sroberto 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 248181834Sroberto 149, 153, 157, 161, 165, 169, 173, 177, 181 249181834Sroberto}; 250181834Sroberto_Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000, 251181834Sroberto "IWM_NUM_CHANNELS_8000 is too small"); 252181834Sroberto 253181834Sroberto#define IWM_NUM_2GHZ_CHANNELS 14 254181834Sroberto#define IWM_N_HW_ADDR_MASK 0xF 255280849Scy 256280849Scy/* 257280849Scy * XXX For now, there's simply a fixed set of rate table entries 258181834Sroberto * that are populated. 259181834Sroberto */ 260181834Srobertoconst struct iwm_rate { 261181834Sroberto uint8_t rate; 262181834Sroberto uint8_t plcp; 263181834Sroberto} iwm_rates[] = { 264181834Sroberto { 2, IWM_RATE_1M_PLCP }, 265181834Sroberto { 4, IWM_RATE_2M_PLCP }, 266181834Sroberto { 11, IWM_RATE_5M_PLCP }, 267181834Sroberto { 22, IWM_RATE_11M_PLCP }, 268181834Sroberto { 12, IWM_RATE_6M_PLCP }, 269181834Sroberto { 18, IWM_RATE_9M_PLCP }, 270181834Sroberto { 24, IWM_RATE_12M_PLCP }, 271280849Scy { 36, IWM_RATE_18M_PLCP }, 272280849Scy { 48, IWM_RATE_24M_PLCP }, 273280849Scy { 72, IWM_RATE_36M_PLCP }, 274280849Scy { 96, IWM_RATE_48M_PLCP }, 275181834Sroberto { 108, IWM_RATE_54M_PLCP }, 276181834Sroberto}; 277181834Sroberto#define IWM_RIDX_CCK 0 278181834Sroberto#define IWM_RIDX_OFDM 4 279181834Sroberto#define IWM_RIDX_MAX (nitems(iwm_rates)-1) 280181834Sroberto#define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM) 281181834Sroberto#define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM) 282181834Sroberto 283280849Scystruct iwm_nvm_section { 284280849Scy uint16_t length; 285280849Scy uint8_t *data; 286280849Scy}; 287181834Sroberto 288181834Sroberto#define IWM_MVM_UCODE_CALIB_TIMEOUT (2*hz) 289181834Sroberto 290181834Srobertostatic int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t); 291280849Scystatic int iwm_firmware_store_section(struct iwm_softc *, 292280849Scy enum iwm_ucode_type, 293280849Scy const uint8_t *, size_t); 294280849Scystatic int iwm_set_default_calib(struct iwm_softc *, const void *); 295280849Scystatic void iwm_fw_info_free(struct iwm_fw_info *); 296280849Scystatic int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type); 297280849Scystatic void iwm_dma_map_addr(void *, bus_dma_segment_t *, int, int); 298280849Scystatic int iwm_dma_contig_alloc(bus_dma_tag_t, struct iwm_dma_info *, 299280849Scy bus_size_t, bus_size_t); 300280849Scystatic void iwm_dma_contig_free(struct iwm_dma_info *); 301280849Scystatic int iwm_alloc_fwmem(struct iwm_softc *); 302280849Scystatic int iwm_alloc_sched(struct iwm_softc *); 303181834Srobertostatic int iwm_alloc_kw(struct iwm_softc *); 304181834Srobertostatic int iwm_alloc_ict(struct iwm_softc *); 305181834Srobertostatic int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 306181834Srobertostatic void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 307181834Srobertostatic void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 308181834Srobertostatic int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *, 309181834Sroberto int); 310181834Srobertostatic void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 311181834Srobertostatic void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 312181834Srobertostatic void iwm_enable_interrupts(struct iwm_softc *); 313181834Srobertostatic void iwm_restore_interrupts(struct iwm_softc *); 314282408Scystatic void iwm_disable_interrupts(struct iwm_softc *); 315181834Srobertostatic void iwm_ict_reset(struct iwm_softc *); 316181834Srobertostatic int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *); 317181834Srobertostatic void iwm_stop_device(struct iwm_softc *); 318181834Srobertostatic void iwm_mvm_nic_config(struct iwm_softc *); 319181834Srobertostatic int iwm_nic_rx_init(struct iwm_softc *); 320181834Srobertostatic int iwm_nic_tx_init(struct iwm_softc *); 321181834Srobertostatic int iwm_nic_init(struct iwm_softc *); 322181834Srobertostatic int iwm_enable_txq(struct iwm_softc *, int, int, int); 323181834Srobertostatic int iwm_post_alive(struct iwm_softc *); 324181834Srobertostatic int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t, 325181834Sroberto uint16_t, uint8_t *, uint16_t *); 326181834Srobertostatic int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *, 327280849Scy uint16_t *, uint32_t); 328181834Srobertostatic uint32_t iwm_eeprom_channel_flags(uint16_t); 329181834Srobertostatic void iwm_add_channel_band(struct iwm_softc *, 330181834Sroberto struct ieee80211_channel[], int, int *, int, size_t, 331280849Scy const uint8_t[]); 332181834Srobertostatic void iwm_init_channel_map(struct ieee80211com *, int, int *, 333181834Sroberto struct ieee80211_channel[]); 334280849Scystatic struct iwm_nvm_data * 335181834Sroberto iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *, 336280849Scy const uint16_t *, const uint16_t *, 337280849Scy const uint16_t *, const uint16_t *, 338280849Scy const uint16_t *); 339181834Srobertostatic void iwm_free_nvm_data(struct iwm_nvm_data *); 340181834Srobertostatic void iwm_set_hw_address_family_8000(struct iwm_softc *, 341280849Scy struct iwm_nvm_data *, 342181834Sroberto const uint16_t *, 343280849Scy const uint16_t *); 344181834Srobertostatic int iwm_get_sku(const struct iwm_softc *, const uint16_t *, 345181834Sroberto const uint16_t *); 346181834Srobertostatic int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *); 347181834Srobertostatic int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *, 348181834Sroberto const uint16_t *); 349181834Srobertostatic int iwm_get_n_hw_addrs(const struct iwm_softc *, 350181834Sroberto const uint16_t *); 351181834Srobertostatic void iwm_set_radio_cfg(const struct iwm_softc *, 352181834Sroberto struct iwm_nvm_data *, uint32_t); 353280849Scystatic struct iwm_nvm_data * 354280849Scy iwm_parse_nvm_sections(struct iwm_softc *, struct iwm_nvm_section *); 355181834Srobertostatic int iwm_nvm_init(struct iwm_softc *); 356181834Srobertostatic int iwm_firmware_load_sect(struct iwm_softc *, uint32_t, 357282408Scy const uint8_t *, uint32_t); 358181834Srobertostatic int iwm_firmware_load_chunk(struct iwm_softc *, uint32_t, 359181834Sroberto const uint8_t *, uint32_t); 360181834Srobertostatic int iwm_load_firmware_7000(struct iwm_softc *, enum iwm_ucode_type); 361181834Srobertostatic int iwm_load_cpu_sections_8000(struct iwm_softc *, 362181834Sroberto struct iwm_fw_sects *, int , int *); 363181834Srobertostatic int iwm_load_firmware_8000(struct iwm_softc *, enum iwm_ucode_type); 364181834Srobertostatic int iwm_load_firmware(struct iwm_softc *, enum iwm_ucode_type); 365181834Srobertostatic int iwm_start_fw(struct iwm_softc *, enum iwm_ucode_type); 366181834Srobertostatic int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t); 367181834Srobertostatic int iwm_send_phy_cfg_cmd(struct iwm_softc *); 368280849Scystatic int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *, 369181834Sroberto enum iwm_ucode_type); 370181834Srobertostatic int iwm_run_init_mvm_ucode(struct iwm_softc *, int); 371181834Srobertostatic int iwm_rx_addbuf(struct iwm_softc *, int, int); 372280849Scystatic int iwm_mvm_calc_rssi(struct iwm_softc *, struct iwm_rx_phy_info *); 373181834Srobertostatic int iwm_mvm_get_signal_strength(struct iwm_softc *, 374181834Sroberto struct iwm_rx_phy_info *); 375181834Srobertostatic void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *, 376280849Scy struct iwm_rx_packet *, 377280849Scy struct iwm_rx_data *); 378280849Scystatic int iwm_get_noise(struct iwm_softc *sc, 379280849Scy const struct iwm_mvm_statistics_rx_non_phy *); 380280849Scystatic void iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct iwm_rx_packet *, 381280849Scy struct iwm_rx_data *); 382280849Scystatic int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *, 383280849Scy struct iwm_rx_packet *, 384280849Scy struct iwm_node *); 385181834Srobertostatic void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *, 386280849Scy struct iwm_rx_data *); 387280849Scystatic void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *); 388280849Scy#if 0 389280849Scystatic void iwm_update_sched(struct iwm_softc *, int, int, uint8_t, 390181834Sroberto uint16_t); 391280849Scy#endif 392181834Srobertostatic const struct iwm_rate * 393280849Scy iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *, 394280849Scy struct mbuf *, struct iwm_tx_cmd *); 395181834Srobertostatic int iwm_tx(struct iwm_softc *, struct mbuf *, 396181834Sroberto struct ieee80211_node *, int); 397181834Srobertostatic int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *, 398280849Scy const struct ieee80211_bpf_params *); 399280849Scystatic int iwm_mvm_flush_tx_path(struct iwm_softc *sc, 400181834Sroberto uint32_t tfd_msk, uint32_t flags); 401181834Srobertostatic int iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *, 402181834Sroberto struct iwm_mvm_add_sta_cmd_v7 *, 403181834Sroberto int *); 404280849Scystatic int iwm_mvm_sta_send_to_fw(struct iwm_softc *, struct iwm_node *, 405181834Sroberto int); 406280849Scystatic int iwm_mvm_add_sta(struct iwm_softc *, struct iwm_node *); 407280849Scystatic int iwm_mvm_update_sta(struct iwm_softc *, struct iwm_node *); 408280849Scystatic int iwm_mvm_add_int_sta_common(struct iwm_softc *, 409280849Scy struct iwm_int_sta *, 410280849Scy const uint8_t *, uint16_t, uint16_t); 411181834Srobertostatic int iwm_mvm_add_aux_sta(struct iwm_softc *); 412181834Srobertostatic int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_node *); 413181834Srobertostatic int iwm_auth(struct ieee80211vap *, struct iwm_softc *); 414181834Srobertostatic int iwm_assoc(struct ieee80211vap *, struct iwm_softc *); 415280849Scystatic int iwm_release(struct iwm_softc *, struct iwm_node *); 416181834Srobertostatic struct ieee80211_node * 417280849Scy iwm_node_alloc(struct ieee80211vap *, 418280849Scy const uint8_t[IEEE80211_ADDR_LEN]); 419280849Scystatic void iwm_setrates(struct iwm_softc *, struct iwm_node *); 420280849Scystatic int iwm_media_change(struct ifnet *); 421280849Scystatic int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int); 422280849Scystatic void iwm_endscan_cb(void *, int); 423280849Scystatic void iwm_mvm_fill_sf_command(struct iwm_softc *, 424280849Scy struct iwm_sf_cfg_cmd *, 425181834Sroberto struct ieee80211_node *); 426280849Scystatic int iwm_mvm_sf_config(struct iwm_softc *, enum iwm_sf_state); 427280849Scystatic int iwm_send_bt_init_conf(struct iwm_softc *); 428280849Scystatic int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *); 429181834Srobertostatic void iwm_mvm_tt_tx_backoff(struct iwm_softc *, uint32_t); 430280849Scystatic int iwm_init_hw(struct iwm_softc *); 431280849Scystatic void iwm_init(struct iwm_softc *); 432280849Scystatic void iwm_start(struct iwm_softc *); 433280849Scystatic void iwm_stop(struct iwm_softc *); 434280849Scystatic void iwm_watchdog(void *); 435280849Scystatic void iwm_parent(struct ieee80211com *); 436280849Scy#ifdef IWM_DEBUG 437280849Scystatic const char * 438280849Scy iwm_desc_lookup(uint32_t); 439280849Scystatic void iwm_nic_error(struct iwm_softc *); 440280849Scystatic void iwm_nic_umac_error(struct iwm_softc *); 441280849Scy#endif 442280849Scystatic void iwm_notif_intr(struct iwm_softc *); 443280849Scystatic void iwm_intr(void *); 444280849Scystatic int iwm_attach(device_t); 445280849Scystatic int iwm_is_valid_ether_addr(uint8_t *); 446280849Scystatic void iwm_preinit(void *); 447280849Scystatic int iwm_detach_local(struct iwm_softc *sc, int); 448280849Scystatic void iwm_init_task(void *); 449280849Scystatic void iwm_radiotap_attach(struct iwm_softc *); 450280849Scystatic struct ieee80211vap * 451280849Scy iwm_vap_create(struct ieee80211com *, 452280849Scy const char [IFNAMSIZ], int, 453280849Scy enum ieee80211_opmode, int, 454280849Scy const uint8_t [IEEE80211_ADDR_LEN], 455280849Scy const uint8_t [IEEE80211_ADDR_LEN]); 456280849Scystatic void iwm_vap_delete(struct ieee80211vap *); 457280849Scystatic void iwm_scan_start(struct ieee80211com *); 458280849Scystatic void iwm_scan_end(struct ieee80211com *); 459280849Scystatic void iwm_update_mcast(struct ieee80211com *); 460181834Srobertostatic void iwm_set_channel(struct ieee80211com *); 461181834Srobertostatic void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long); 462181834Srobertostatic void iwm_scan_mindwell(struct ieee80211_scan_state *); 463181834Srobertostatic int iwm_detach(device_t); 464280849Scy 465181834Sroberto/* 466 * Firmware parser. 467 */ 468 469static int 470iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen) 471{ 472 const struct iwm_fw_cscheme_list *l = (const void *)data; 473 474 if (dlen < sizeof(*l) || 475 dlen < sizeof(l->size) + l->size * sizeof(*l->cs)) 476 return EINVAL; 477 478 /* we don't actually store anything for now, always use s/w crypto */ 479 480 return 0; 481} 482 483static int 484iwm_firmware_store_section(struct iwm_softc *sc, 485 enum iwm_ucode_type type, const uint8_t *data, size_t dlen) 486{ 487 struct iwm_fw_sects *fws; 488 struct iwm_fw_onesect *fwone; 489 490 if (type >= IWM_UCODE_TYPE_MAX) 491 return EINVAL; 492 if (dlen < sizeof(uint32_t)) 493 return EINVAL; 494 495 fws = &sc->sc_fw.fw_sects[type]; 496 if (fws->fw_count >= IWM_UCODE_SECTION_MAX) 497 return EINVAL; 498 499 fwone = &fws->fw_sect[fws->fw_count]; 500 501 /* first 32bit are device load offset */ 502 memcpy(&fwone->fws_devoff, data, sizeof(uint32_t)); 503 504 /* rest is data */ 505 fwone->fws_data = data + sizeof(uint32_t); 506 fwone->fws_len = dlen - sizeof(uint32_t); 507 508 fws->fw_count++; 509 510 return 0; 511} 512 513#define IWM_DEFAULT_SCAN_CHANNELS 40 514 515/* iwlwifi: iwl-drv.c */ 516struct iwm_tlv_calib_data { 517 uint32_t ucode_type; 518 struct iwm_tlv_calib_ctrl calib; 519} __packed; 520 521static int 522iwm_set_default_calib(struct iwm_softc *sc, const void *data) 523{ 524 const struct iwm_tlv_calib_data *def_calib = data; 525 uint32_t ucode_type = le32toh(def_calib->ucode_type); 526 527 if (ucode_type >= IWM_UCODE_TYPE_MAX) { 528 device_printf(sc->sc_dev, 529 "Wrong ucode_type %u for default " 530 "calibration.\n", ucode_type); 531 return EINVAL; 532 } 533 534 sc->sc_default_calib[ucode_type].flow_trigger = 535 def_calib->calib.flow_trigger; 536 sc->sc_default_calib[ucode_type].event_trigger = 537 def_calib->calib.event_trigger; 538 539 return 0; 540} 541 542static void 543iwm_fw_info_free(struct iwm_fw_info *fw) 544{ 545 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD); 546 fw->fw_fp = NULL; 547 /* don't touch fw->fw_status */ 548 memset(fw->fw_sects, 0, sizeof(fw->fw_sects)); 549} 550 551static int 552iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 553{ 554 struct iwm_fw_info *fw = &sc->sc_fw; 555 const struct iwm_tlv_ucode_header *uhdr; 556 struct iwm_ucode_tlv tlv; 557 enum iwm_ucode_tlv_type tlv_type; 558 const struct firmware *fwp; 559 const uint8_t *data; 560 uint32_t usniffer_img; 561 uint32_t paging_mem_size; 562 int error = 0; 563 size_t len; 564 565 if (fw->fw_status == IWM_FW_STATUS_DONE && 566 ucode_type != IWM_UCODE_INIT) 567 return 0; 568 569 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS) 570 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0); 571 fw->fw_status = IWM_FW_STATUS_INPROGRESS; 572 573 if (fw->fw_fp != NULL) 574 iwm_fw_info_free(fw); 575 576 /* 577 * Load firmware into driver memory. 578 * fw_fp will be set. 579 */ 580 IWM_UNLOCK(sc); 581 fwp = firmware_get(sc->cfg->fw_name); 582 IWM_LOCK(sc); 583 if (fwp == NULL) { 584 device_printf(sc->sc_dev, 585 "could not read firmware %s (error %d)\n", 586 sc->cfg->fw_name, error); 587 goto out; 588 } 589 fw->fw_fp = fwp; 590 591 /* (Re-)Initialize default values. */ 592 sc->sc_capaflags = 0; 593 sc->sc_capa_n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS; 594 memset(sc->sc_enabled_capa, 0, sizeof(sc->sc_enabled_capa)); 595 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc)); 596 597 /* 598 * Parse firmware contents 599 */ 600 601 uhdr = (const void *)fw->fw_fp->data; 602 if (*(const uint32_t *)fw->fw_fp->data != 0 603 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) { 604 device_printf(sc->sc_dev, "invalid firmware %s\n", 605 sc->cfg->fw_name); 606 error = EINVAL; 607 goto out; 608 } 609 610 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%d.%d (API ver %d)", 611 IWM_UCODE_MAJOR(le32toh(uhdr->ver)), 612 IWM_UCODE_MINOR(le32toh(uhdr->ver)), 613 IWM_UCODE_API(le32toh(uhdr->ver))); 614 data = uhdr->data; 615 len = fw->fw_fp->datasize - sizeof(*uhdr); 616 617 while (len >= sizeof(tlv)) { 618 size_t tlv_len; 619 const void *tlv_data; 620 621 memcpy(&tlv, data, sizeof(tlv)); 622 tlv_len = le32toh(tlv.length); 623 tlv_type = le32toh(tlv.type); 624 625 len -= sizeof(tlv); 626 data += sizeof(tlv); 627 tlv_data = data; 628 629 if (len < tlv_len) { 630 device_printf(sc->sc_dev, 631 "firmware too short: %zu bytes\n", 632 len); 633 error = EINVAL; 634 goto parse_out; 635 } 636 637 switch ((int)tlv_type) { 638 case IWM_UCODE_TLV_PROBE_MAX_LEN: 639 if (tlv_len < sizeof(uint32_t)) { 640 device_printf(sc->sc_dev, 641 "%s: PROBE_MAX_LEN (%d) < sizeof(uint32_t)\n", 642 __func__, 643 (int) tlv_len); 644 error = EINVAL; 645 goto parse_out; 646 } 647 sc->sc_capa_max_probe_len 648 = le32toh(*(const uint32_t *)tlv_data); 649 /* limit it to something sensible */ 650 if (sc->sc_capa_max_probe_len > 651 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) { 652 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 653 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN " 654 "ridiculous\n", __func__); 655 error = EINVAL; 656 goto parse_out; 657 } 658 break; 659 case IWM_UCODE_TLV_PAN: 660 if (tlv_len) { 661 device_printf(sc->sc_dev, 662 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n", 663 __func__, 664 (int) tlv_len); 665 error = EINVAL; 666 goto parse_out; 667 } 668 sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN; 669 break; 670 case IWM_UCODE_TLV_FLAGS: 671 if (tlv_len < sizeof(uint32_t)) { 672 device_printf(sc->sc_dev, 673 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n", 674 __func__, 675 (int) tlv_len); 676 error = EINVAL; 677 goto parse_out; 678 } 679 /* 680 * Apparently there can be many flags, but Linux driver 681 * parses only the first one, and so do we. 682 * 683 * XXX: why does this override IWM_UCODE_TLV_PAN? 684 * Intentional or a bug? Observations from 685 * current firmware file: 686 * 1) TLV_PAN is parsed first 687 * 2) TLV_FLAGS contains TLV_FLAGS_PAN 688 * ==> this resets TLV_PAN to itself... hnnnk 689 */ 690 sc->sc_capaflags = le32toh(*(const uint32_t *)tlv_data); 691 break; 692 case IWM_UCODE_TLV_CSCHEME: 693 if ((error = iwm_store_cscheme(sc, 694 tlv_data, tlv_len)) != 0) { 695 device_printf(sc->sc_dev, 696 "%s: iwm_store_cscheme(): returned %d\n", 697 __func__, 698 error); 699 goto parse_out; 700 } 701 break; 702 case IWM_UCODE_TLV_NUM_OF_CPU: { 703 uint32_t num_cpu; 704 if (tlv_len != sizeof(uint32_t)) { 705 device_printf(sc->sc_dev, 706 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) < sizeof(uint32_t)\n", 707 __func__, 708 (int) tlv_len); 709 error = EINVAL; 710 goto parse_out; 711 } 712 num_cpu = le32toh(*(const uint32_t *)tlv_data); 713 if (num_cpu < 1 || num_cpu > 2) { 714 device_printf(sc->sc_dev, 715 "%s: Driver supports only 1 or 2 CPUs\n", 716 __func__); 717 error = EINVAL; 718 goto parse_out; 719 } 720 break; 721 } 722 case IWM_UCODE_TLV_SEC_RT: 723 if ((error = iwm_firmware_store_section(sc, 724 IWM_UCODE_REGULAR, tlv_data, tlv_len)) != 0) { 725 device_printf(sc->sc_dev, 726 "%s: IWM_UCODE_REGULAR: iwm_firmware_store_section() failed; %d\n", 727 __func__, 728 error); 729 goto parse_out; 730 } 731 break; 732 case IWM_UCODE_TLV_SEC_INIT: 733 if ((error = iwm_firmware_store_section(sc, 734 IWM_UCODE_INIT, tlv_data, tlv_len)) != 0) { 735 device_printf(sc->sc_dev, 736 "%s: IWM_UCODE_INIT: iwm_firmware_store_section() failed; %d\n", 737 __func__, 738 error); 739 goto parse_out; 740 } 741 break; 742 case IWM_UCODE_TLV_SEC_WOWLAN: 743 if ((error = iwm_firmware_store_section(sc, 744 IWM_UCODE_WOWLAN, tlv_data, tlv_len)) != 0) { 745 device_printf(sc->sc_dev, 746 "%s: IWM_UCODE_WOWLAN: iwm_firmware_store_section() failed; %d\n", 747 __func__, 748 error); 749 goto parse_out; 750 } 751 break; 752 case IWM_UCODE_TLV_DEF_CALIB: 753 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) { 754 device_printf(sc->sc_dev, 755 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n", 756 __func__, 757 (int) tlv_len, 758 (int) sizeof(struct iwm_tlv_calib_data)); 759 error = EINVAL; 760 goto parse_out; 761 } 762 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) { 763 device_printf(sc->sc_dev, 764 "%s: iwm_set_default_calib() failed: %d\n", 765 __func__, 766 error); 767 goto parse_out; 768 } 769 break; 770 case IWM_UCODE_TLV_PHY_SKU: 771 if (tlv_len != sizeof(uint32_t)) { 772 error = EINVAL; 773 device_printf(sc->sc_dev, 774 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n", 775 __func__, 776 (int) tlv_len); 777 goto parse_out; 778 } 779 sc->sc_fw.phy_config = 780 le32toh(*(const uint32_t *)tlv_data); 781 sc->sc_fw.valid_tx_ant = (sc->sc_fw.phy_config & 782 IWM_FW_PHY_CFG_TX_CHAIN) >> 783 IWM_FW_PHY_CFG_TX_CHAIN_POS; 784 sc->sc_fw.valid_rx_ant = (sc->sc_fw.phy_config & 785 IWM_FW_PHY_CFG_RX_CHAIN) >> 786 IWM_FW_PHY_CFG_RX_CHAIN_POS; 787 break; 788 789 case IWM_UCODE_TLV_API_CHANGES_SET: { 790 const struct iwm_ucode_api *api; 791 if (tlv_len != sizeof(*api)) { 792 error = EINVAL; 793 goto parse_out; 794 } 795 api = (const struct iwm_ucode_api *)tlv_data; 796 /* Flags may exceed 32 bits in future firmware. */ 797 if (le32toh(api->api_index) > 0) { 798 device_printf(sc->sc_dev, 799 "unsupported API index %d\n", 800 le32toh(api->api_index)); 801 goto parse_out; 802 } 803 sc->sc_ucode_api = le32toh(api->api_flags); 804 break; 805 } 806 807 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: { 808 const struct iwm_ucode_capa *capa; 809 int idx, i; 810 if (tlv_len != sizeof(*capa)) { 811 error = EINVAL; 812 goto parse_out; 813 } 814 capa = (const struct iwm_ucode_capa *)tlv_data; 815 idx = le32toh(capa->api_index); 816 if (idx >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) { 817 device_printf(sc->sc_dev, 818 "unsupported API index %d\n", idx); 819 goto parse_out; 820 } 821 for (i = 0; i < 32; i++) { 822 if ((le32toh(capa->api_capa) & (1U << i)) == 0) 823 continue; 824 setbit(sc->sc_enabled_capa, i + (32 * idx)); 825 } 826 break; 827 } 828 829 case 48: /* undocumented TLV */ 830 case IWM_UCODE_TLV_SDIO_ADMA_ADDR: 831 case IWM_UCODE_TLV_FW_GSCAN_CAPA: 832 /* ignore, not used by current driver */ 833 break; 834 835 case IWM_UCODE_TLV_SEC_RT_USNIFFER: 836 if ((error = iwm_firmware_store_section(sc, 837 IWM_UCODE_REGULAR_USNIFFER, tlv_data, 838 tlv_len)) != 0) 839 goto parse_out; 840 break; 841 842 case IWM_UCODE_TLV_PAGING: 843 if (tlv_len != sizeof(uint32_t)) { 844 error = EINVAL; 845 goto parse_out; 846 } 847 paging_mem_size = le32toh(*(const uint32_t *)tlv_data); 848 849 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 850 "%s: Paging: paging enabled (size = %u bytes)\n", 851 __func__, paging_mem_size); 852 if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) { 853 device_printf(sc->sc_dev, 854 "%s: Paging: driver supports up to %u bytes for paging image\n", 855 __func__, IWM_MAX_PAGING_IMAGE_SIZE); 856 error = EINVAL; 857 goto out; 858 } 859 if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) { 860 device_printf(sc->sc_dev, 861 "%s: Paging: image isn't multiple %u\n", 862 __func__, IWM_FW_PAGING_SIZE); 863 error = EINVAL; 864 goto out; 865 } 866 867 sc->sc_fw.fw_sects[IWM_UCODE_REGULAR].paging_mem_size = 868 paging_mem_size; 869 usniffer_img = IWM_UCODE_REGULAR_USNIFFER; 870 sc->sc_fw.fw_sects[usniffer_img].paging_mem_size = 871 paging_mem_size; 872 break; 873 874 case IWM_UCODE_TLV_N_SCAN_CHANNELS: 875 if (tlv_len != sizeof(uint32_t)) { 876 error = EINVAL; 877 goto parse_out; 878 } 879 sc->sc_capa_n_scan_channels = 880 le32toh(*(const uint32_t *)tlv_data); 881 break; 882 883 case IWM_UCODE_TLV_FW_VERSION: 884 if (tlv_len != sizeof(uint32_t) * 3) { 885 error = EINVAL; 886 goto parse_out; 887 } 888 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), 889 "%d.%d.%d", 890 le32toh(((const uint32_t *)tlv_data)[0]), 891 le32toh(((const uint32_t *)tlv_data)[1]), 892 le32toh(((const uint32_t *)tlv_data)[2])); 893 break; 894 895 case IWM_UCODE_TLV_FW_MEM_SEG: 896 break; 897 898 default: 899 device_printf(sc->sc_dev, 900 "%s: unknown firmware section %d, abort\n", 901 __func__, tlv_type); 902 error = EINVAL; 903 goto parse_out; 904 } 905 906 len -= roundup(tlv_len, 4); 907 data += roundup(tlv_len, 4); 908 } 909 910 KASSERT(error == 0, ("unhandled error")); 911 912 parse_out: 913 if (error) { 914 device_printf(sc->sc_dev, "firmware parse error %d, " 915 "section type %d\n", error, tlv_type); 916 } 917 918 if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_PM_CMD_SUPPORT)) { 919 device_printf(sc->sc_dev, 920 "device uses unsupported power ops\n"); 921 error = ENOTSUP; 922 } 923 924 out: 925 if (error) { 926 fw->fw_status = IWM_FW_STATUS_NONE; 927 if (fw->fw_fp != NULL) 928 iwm_fw_info_free(fw); 929 } else 930 fw->fw_status = IWM_FW_STATUS_DONE; 931 wakeup(&sc->sc_fw); 932 933 return error; 934} 935 936/* 937 * DMA resource routines 938 */ 939 940static void 941iwm_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 942{ 943 if (error != 0) 944 return; 945 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 946 *(bus_addr_t *)arg = segs[0].ds_addr; 947} 948 949static int 950iwm_dma_contig_alloc(bus_dma_tag_t tag, struct iwm_dma_info *dma, 951 bus_size_t size, bus_size_t alignment) 952{ 953 int error; 954 955 dma->tag = NULL; 956 dma->map = NULL; 957 dma->size = size; 958 dma->vaddr = NULL; 959 960 error = bus_dma_tag_create(tag, alignment, 961 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 962 1, size, 0, NULL, NULL, &dma->tag); 963 if (error != 0) 964 goto fail; 965 966 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 967 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 968 if (error != 0) 969 goto fail; 970 971 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 972 iwm_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 973 if (error != 0) { 974 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 975 dma->vaddr = NULL; 976 goto fail; 977 } 978 979 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 980 981 return 0; 982 983fail: 984 iwm_dma_contig_free(dma); 985 986 return error; 987} 988 989static void 990iwm_dma_contig_free(struct iwm_dma_info *dma) 991{ 992 if (dma->vaddr != NULL) { 993 bus_dmamap_sync(dma->tag, dma->map, 994 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 995 bus_dmamap_unload(dma->tag, dma->map); 996 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 997 dma->vaddr = NULL; 998 } 999 if (dma->tag != NULL) { 1000 bus_dma_tag_destroy(dma->tag); 1001 dma->tag = NULL; 1002 } 1003} 1004 1005/* fwmem is used to load firmware onto the card */ 1006static int 1007iwm_alloc_fwmem(struct iwm_softc *sc) 1008{ 1009 /* Must be aligned on a 16-byte boundary. */ 1010 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, 1011 sc->sc_fwdmasegsz, 16); 1012} 1013 1014/* tx scheduler rings. not used? */ 1015static int 1016iwm_alloc_sched(struct iwm_softc *sc) 1017{ 1018 /* TX scheduler rings must be aligned on a 1KB boundary. */ 1019 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma, 1020 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024); 1021} 1022 1023/* keep-warm page is used internally by the card. see iwl-fh.h for more info */ 1024static int 1025iwm_alloc_kw(struct iwm_softc *sc) 1026{ 1027 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096); 1028} 1029 1030/* interrupt cause table */ 1031static int 1032iwm_alloc_ict(struct iwm_softc *sc) 1033{ 1034 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, 1035 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT); 1036} 1037 1038static int 1039iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1040{ 1041 bus_size_t size; 1042 int i, error; 1043 1044 ring->cur = 0; 1045 1046 /* Allocate RX descriptors (256-byte aligned). */ 1047 size = IWM_RX_RING_COUNT * sizeof(uint32_t); 1048 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 1049 if (error != 0) { 1050 device_printf(sc->sc_dev, 1051 "could not allocate RX ring DMA memory\n"); 1052 goto fail; 1053 } 1054 ring->desc = ring->desc_dma.vaddr; 1055 1056 /* Allocate RX status area (16-byte aligned). */ 1057 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma, 1058 sizeof(*ring->stat), 16); 1059 if (error != 0) { 1060 device_printf(sc->sc_dev, 1061 "could not allocate RX status DMA memory\n"); 1062 goto fail; 1063 } 1064 ring->stat = ring->stat_dma.vaddr; 1065 1066 /* Create RX buffer DMA tag. */ 1067 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 1068 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 1069 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat); 1070 if (error != 0) { 1071 device_printf(sc->sc_dev, 1072 "%s: could not create RX buf DMA tag, error %d\n", 1073 __func__, error); 1074 goto fail; 1075 } 1076 1077 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */ 1078 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map); 1079 if (error != 0) { 1080 device_printf(sc->sc_dev, 1081 "%s: could not create RX buf DMA map, error %d\n", 1082 __func__, error); 1083 goto fail; 1084 } 1085 /* 1086 * Allocate and map RX buffers. 1087 */ 1088 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 1089 struct iwm_rx_data *data = &ring->data[i]; 1090 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1091 if (error != 0) { 1092 device_printf(sc->sc_dev, 1093 "%s: could not create RX buf DMA map, error %d\n", 1094 __func__, error); 1095 goto fail; 1096 } 1097 data->m = NULL; 1098 1099 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) { 1100 goto fail; 1101 } 1102 } 1103 return 0; 1104 1105fail: iwm_free_rx_ring(sc, ring); 1106 return error; 1107} 1108 1109static void 1110iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1111{ 1112 /* Reset the ring state */ 1113 ring->cur = 0; 1114 1115 /* 1116 * The hw rx ring index in shared memory must also be cleared, 1117 * otherwise the discrepancy can cause reprocessing chaos. 1118 */ 1119 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1120} 1121 1122static void 1123iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1124{ 1125 int i; 1126 1127 iwm_dma_contig_free(&ring->desc_dma); 1128 iwm_dma_contig_free(&ring->stat_dma); 1129 1130 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 1131 struct iwm_rx_data *data = &ring->data[i]; 1132 1133 if (data->m != NULL) { 1134 bus_dmamap_sync(ring->data_dmat, data->map, 1135 BUS_DMASYNC_POSTREAD); 1136 bus_dmamap_unload(ring->data_dmat, data->map); 1137 m_freem(data->m); 1138 data->m = NULL; 1139 } 1140 if (data->map != NULL) { 1141 bus_dmamap_destroy(ring->data_dmat, data->map); 1142 data->map = NULL; 1143 } 1144 } 1145 if (ring->spare_map != NULL) { 1146 bus_dmamap_destroy(ring->data_dmat, ring->spare_map); 1147 ring->spare_map = NULL; 1148 } 1149 if (ring->data_dmat != NULL) { 1150 bus_dma_tag_destroy(ring->data_dmat); 1151 ring->data_dmat = NULL; 1152 } 1153} 1154 1155static int 1156iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid) 1157{ 1158 bus_addr_t paddr; 1159 bus_size_t size; 1160 size_t maxsize; 1161 int nsegments; 1162 int i, error; 1163 1164 ring->qid = qid; 1165 ring->queued = 0; 1166 ring->cur = 0; 1167 1168 /* Allocate TX descriptors (256-byte aligned). */ 1169 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd); 1170 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 1171 if (error != 0) { 1172 device_printf(sc->sc_dev, 1173 "could not allocate TX ring DMA memory\n"); 1174 goto fail; 1175 } 1176 ring->desc = ring->desc_dma.vaddr; 1177 1178 /* 1179 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need 1180 * to allocate commands space for other rings. 1181 */ 1182 if (qid > IWM_MVM_CMD_QUEUE) 1183 return 0; 1184 1185 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd); 1186 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4); 1187 if (error != 0) { 1188 device_printf(sc->sc_dev, 1189 "could not allocate TX cmd DMA memory\n"); 1190 goto fail; 1191 } 1192 ring->cmd = ring->cmd_dma.vaddr; 1193 1194 /* FW commands may require more mapped space than packets. */ 1195 if (qid == IWM_MVM_CMD_QUEUE) { 1196 maxsize = IWM_RBUF_SIZE; 1197 nsegments = 1; 1198 } else { 1199 maxsize = MCLBYTES; 1200 nsegments = IWM_MAX_SCATTER - 2; 1201 } 1202 1203 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 1204 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize, 1205 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat); 1206 if (error != 0) { 1207 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n"); 1208 goto fail; 1209 } 1210 1211 paddr = ring->cmd_dma.paddr; 1212 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1213 struct iwm_tx_data *data = &ring->data[i]; 1214 1215 data->cmd_paddr = paddr; 1216 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header) 1217 + offsetof(struct iwm_tx_cmd, scratch); 1218 paddr += sizeof(struct iwm_device_cmd); 1219 1220 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1221 if (error != 0) { 1222 device_printf(sc->sc_dev, 1223 "could not create TX buf DMA map\n"); 1224 goto fail; 1225 } 1226 } 1227 KASSERT(paddr == ring->cmd_dma.paddr + size, 1228 ("invalid physical address")); 1229 return 0; 1230 1231fail: iwm_free_tx_ring(sc, ring); 1232 return error; 1233} 1234 1235static void 1236iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1237{ 1238 int i; 1239 1240 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1241 struct iwm_tx_data *data = &ring->data[i]; 1242 1243 if (data->m != NULL) { 1244 bus_dmamap_sync(ring->data_dmat, data->map, 1245 BUS_DMASYNC_POSTWRITE); 1246 bus_dmamap_unload(ring->data_dmat, data->map); 1247 m_freem(data->m); 1248 data->m = NULL; 1249 } 1250 } 1251 /* Clear TX descriptors. */ 1252 memset(ring->desc, 0, ring->desc_dma.size); 1253 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1254 BUS_DMASYNC_PREWRITE); 1255 sc->qfullmsk &= ~(1 << ring->qid); 1256 ring->queued = 0; 1257 ring->cur = 0; 1258 1259 if (ring->qid == IWM_MVM_CMD_QUEUE && sc->cmd_hold_nic_awake) 1260 iwm_pcie_clear_cmd_in_flight(sc); 1261} 1262 1263static void 1264iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1265{ 1266 int i; 1267 1268 iwm_dma_contig_free(&ring->desc_dma); 1269 iwm_dma_contig_free(&ring->cmd_dma); 1270 1271 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1272 struct iwm_tx_data *data = &ring->data[i]; 1273 1274 if (data->m != NULL) { 1275 bus_dmamap_sync(ring->data_dmat, data->map, 1276 BUS_DMASYNC_POSTWRITE); 1277 bus_dmamap_unload(ring->data_dmat, data->map); 1278 m_freem(data->m); 1279 data->m = NULL; 1280 } 1281 if (data->map != NULL) { 1282 bus_dmamap_destroy(ring->data_dmat, data->map); 1283 data->map = NULL; 1284 } 1285 } 1286 if (ring->data_dmat != NULL) { 1287 bus_dma_tag_destroy(ring->data_dmat); 1288 ring->data_dmat = NULL; 1289 } 1290} 1291 1292/* 1293 * High-level hardware frobbing routines 1294 */ 1295 1296static void 1297iwm_enable_interrupts(struct iwm_softc *sc) 1298{ 1299 sc->sc_intmask = IWM_CSR_INI_SET_MASK; 1300 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1301} 1302 1303static void 1304iwm_restore_interrupts(struct iwm_softc *sc) 1305{ 1306 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1307} 1308 1309static void 1310iwm_disable_interrupts(struct iwm_softc *sc) 1311{ 1312 /* disable interrupts */ 1313 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 1314 1315 /* acknowledge all interrupts */ 1316 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1317 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0); 1318} 1319 1320static void 1321iwm_ict_reset(struct iwm_softc *sc) 1322{ 1323 iwm_disable_interrupts(sc); 1324 1325 /* Reset ICT table. */ 1326 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE); 1327 sc->ict_cur = 0; 1328 1329 /* Set physical address of ICT table (4KB aligned). */ 1330 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG, 1331 IWM_CSR_DRAM_INT_TBL_ENABLE 1332 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER 1333 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK 1334 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT); 1335 1336 /* Switch to ICT interrupt mode in driver. */ 1337 sc->sc_flags |= IWM_FLAG_USE_ICT; 1338 1339 /* Re-enable interrupts. */ 1340 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1341 iwm_enable_interrupts(sc); 1342} 1343 1344/* iwlwifi pcie/trans.c */ 1345 1346/* 1347 * Since this .. hard-resets things, it's time to actually 1348 * mark the first vap (if any) as having no mac context. 1349 * It's annoying, but since the driver is potentially being 1350 * stop/start'ed whilst active (thanks openbsd port!) we 1351 * have to correctly track this. 1352 */ 1353static void 1354iwm_stop_device(struct iwm_softc *sc) 1355{ 1356 struct ieee80211com *ic = &sc->sc_ic; 1357 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1358 int chnl, qid; 1359 uint32_t mask = 0; 1360 1361 /* tell the device to stop sending interrupts */ 1362 iwm_disable_interrupts(sc); 1363 1364 /* 1365 * FreeBSD-local: mark the first vap as not-uploaded, 1366 * so the next transition through auth/assoc 1367 * will correctly populate the MAC context. 1368 */ 1369 if (vap) { 1370 struct iwm_vap *iv = IWM_VAP(vap); 1371 iv->is_uploaded = 0; 1372 } 1373 1374 /* device going down, Stop using ICT table */ 1375 sc->sc_flags &= ~IWM_FLAG_USE_ICT; 1376 1377 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */ 1378 1379 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1380 1381 if (iwm_nic_lock(sc)) { 1382 /* Stop each Tx DMA channel */ 1383 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1384 IWM_WRITE(sc, 1385 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0); 1386 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl); 1387 } 1388 1389 /* Wait for DMA channels to be idle */ 1390 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask, 1391 5000)) { 1392 device_printf(sc->sc_dev, 1393 "Failing on timeout while stopping DMA channel: [0x%08x]\n", 1394 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG)); 1395 } 1396 iwm_nic_unlock(sc); 1397 } 1398 iwm_pcie_rx_stop(sc); 1399 1400 /* Stop RX ring. */ 1401 iwm_reset_rx_ring(sc, &sc->rxq); 1402 1403 /* Reset all TX rings. */ 1404 for (qid = 0; qid < nitems(sc->txq); qid++) 1405 iwm_reset_tx_ring(sc, &sc->txq[qid]); 1406 1407 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 1408 /* Power-down device's busmaster DMA clocks */ 1409 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, 1410 IWM_APMG_CLK_VAL_DMA_CLK_RQT); 1411 DELAY(5); 1412 } 1413 1414 /* Make sure (redundant) we've released our request to stay awake */ 1415 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 1416 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1417 1418 /* Stop the device, and put it in low power state */ 1419 iwm_apm_stop(sc); 1420 1421 /* Upon stop, the APM issues an interrupt if HW RF kill is set. 1422 * Clean again the interrupt here 1423 */ 1424 iwm_disable_interrupts(sc); 1425 /* stop and reset the on-board processor */ 1426 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET); 1427 1428 /* 1429 * Even if we stop the HW, we still want the RF kill 1430 * interrupt 1431 */ 1432 iwm_enable_rfkill_int(sc); 1433 iwm_check_rfkill(sc); 1434} 1435 1436/* iwlwifi: mvm/ops.c */ 1437static void 1438iwm_mvm_nic_config(struct iwm_softc *sc) 1439{ 1440 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash; 1441 uint32_t reg_val = 0; 1442 uint32_t phy_config = iwm_mvm_get_phy_config(sc); 1443 1444 radio_cfg_type = (phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >> 1445 IWM_FW_PHY_CFG_RADIO_TYPE_POS; 1446 radio_cfg_step = (phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >> 1447 IWM_FW_PHY_CFG_RADIO_STEP_POS; 1448 radio_cfg_dash = (phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >> 1449 IWM_FW_PHY_CFG_RADIO_DASH_POS; 1450 1451 /* SKU control */ 1452 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) << 1453 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP; 1454 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) << 1455 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH; 1456 1457 /* radio configuration */ 1458 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE; 1459 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP; 1460 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH; 1461 1462 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val); 1463 1464 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1465 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type, 1466 radio_cfg_step, radio_cfg_dash); 1467 1468 /* 1469 * W/A : NIC is stuck in a reset state after Early PCIe power off 1470 * (PCIe power is lost before PERST# is asserted), causing ME FW 1471 * to lose ownership and not being able to obtain it back. 1472 */ 1473 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 1474 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG, 1475 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS, 1476 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS); 1477 } 1478} 1479 1480static int 1481iwm_nic_rx_init(struct iwm_softc *sc) 1482{ 1483 /* 1484 * Initialize RX ring. This is from the iwn driver. 1485 */ 1486 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1487 1488 /* Stop Rx DMA */ 1489 iwm_pcie_rx_stop(sc); 1490 1491 if (!iwm_nic_lock(sc)) 1492 return EBUSY; 1493 1494 /* reset and flush pointers */ 1495 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0); 1496 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0); 1497 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0); 1498 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0); 1499 1500 /* Set physical address of RX ring (256-byte aligned). */ 1501 IWM_WRITE(sc, 1502 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8); 1503 1504 /* Set physical address of RX status (16-byte aligned). */ 1505 IWM_WRITE(sc, 1506 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4); 1507 1508 /* Enable RX. */ 1509 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 1510 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL | 1511 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */ 1512 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL | 1513 IWM_FH_RCSR_CHNL0_RX_CONFIG_SINGLE_FRAME_MSK | 1514 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) | 1515 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K | 1516 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS); 1517 1518 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF); 1519 1520 /* W/A for interrupt coalescing bug in 7260 and 3160 */ 1521 if (sc->cfg->host_interrupt_operation_mode) 1522 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE); 1523 1524 /* 1525 * Thus sayeth el jefe (iwlwifi) via a comment: 1526 * 1527 * This value should initially be 0 (before preparing any 1528 * RBs), should be 8 after preparing the first 8 RBs (for example) 1529 */ 1530 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8); 1531 1532 iwm_nic_unlock(sc); 1533 1534 return 0; 1535} 1536 1537static int 1538iwm_nic_tx_init(struct iwm_softc *sc) 1539{ 1540 int qid; 1541 1542 if (!iwm_nic_lock(sc)) 1543 return EBUSY; 1544 1545 /* Deactivate TX scheduler. */ 1546 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1547 1548 /* Set physical address of "keep warm" page (16-byte aligned). */ 1549 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4); 1550 1551 /* Initialize TX rings. */ 1552 for (qid = 0; qid < nitems(sc->txq); qid++) { 1553 struct iwm_tx_ring *txq = &sc->txq[qid]; 1554 1555 /* Set physical address of TX ring (256-byte aligned). */ 1556 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid), 1557 txq->desc_dma.paddr >> 8); 1558 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 1559 "%s: loading ring %d descriptors (%p) at %lx\n", 1560 __func__, 1561 qid, txq->desc, 1562 (unsigned long) (txq->desc_dma.paddr >> 8)); 1563 } 1564 1565 iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE); 1566 1567 iwm_nic_unlock(sc); 1568 1569 return 0; 1570} 1571 1572static int 1573iwm_nic_init(struct iwm_softc *sc) 1574{ 1575 int error; 1576 1577 iwm_apm_init(sc); 1578 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 1579 iwm_set_pwr(sc); 1580 1581 iwm_mvm_nic_config(sc); 1582 1583 if ((error = iwm_nic_rx_init(sc)) != 0) 1584 return error; 1585 1586 /* 1587 * Ditto for TX, from iwn 1588 */ 1589 if ((error = iwm_nic_tx_init(sc)) != 0) 1590 return error; 1591 1592 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1593 "%s: shadow registers enabled\n", __func__); 1594 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff); 1595 1596 return 0; 1597} 1598 1599const uint8_t iwm_mvm_ac_to_tx_fifo[] = { 1600 IWM_MVM_TX_FIFO_VO, 1601 IWM_MVM_TX_FIFO_VI, 1602 IWM_MVM_TX_FIFO_BE, 1603 IWM_MVM_TX_FIFO_BK, 1604}; 1605 1606static int 1607iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo) 1608{ 1609 if (!iwm_nic_lock(sc)) { 1610 device_printf(sc->sc_dev, 1611 "%s: cannot enable txq %d\n", 1612 __func__, 1613 qid); 1614 return EBUSY; 1615 } 1616 1617 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0); 1618 1619 if (qid == IWM_MVM_CMD_QUEUE) { 1620 /* unactivate before configuration */ 1621 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1622 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) 1623 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN)); 1624 1625 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid)); 1626 1627 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0); 1628 1629 iwm_write_mem32(sc, sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0); 1630 /* Set scheduler window size and frame limit. */ 1631 iwm_write_mem32(sc, 1632 sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) + 1633 sizeof(uint32_t), 1634 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) & 1635 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) | 1636 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) & 1637 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK)); 1638 1639 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1640 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) | 1641 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) | 1642 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) | 1643 IWM_SCD_QUEUE_STTS_REG_MSK); 1644 } else { 1645 struct iwm_scd_txq_cfg_cmd cmd; 1646 int error; 1647 1648 iwm_nic_unlock(sc); 1649 1650 memset(&cmd, 0, sizeof(cmd)); 1651 cmd.scd_queue = qid; 1652 cmd.enable = 1; 1653 cmd.sta_id = sta_id; 1654 cmd.tx_fifo = fifo; 1655 cmd.aggregate = 0; 1656 cmd.window = IWM_FRAME_LIMIT; 1657 1658 error = iwm_mvm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC, 1659 sizeof(cmd), &cmd); 1660 if (error) { 1661 device_printf(sc->sc_dev, 1662 "cannot enable txq %d\n", qid); 1663 return error; 1664 } 1665 1666 if (!iwm_nic_lock(sc)) 1667 return EBUSY; 1668 } 1669 1670 iwm_write_prph(sc, IWM_SCD_EN_CTRL, 1671 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid); 1672 1673 iwm_nic_unlock(sc); 1674 1675 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n", 1676 __func__, qid, fifo); 1677 1678 return 0; 1679} 1680 1681static int 1682iwm_post_alive(struct iwm_softc *sc) 1683{ 1684 int nwords; 1685 int error, chnl; 1686 uint32_t base; 1687 1688 if (!iwm_nic_lock(sc)) 1689 return EBUSY; 1690 1691 base = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR); 1692 if (sc->sched_base != base) { 1693 device_printf(sc->sc_dev, 1694 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n", 1695 __func__, sc->sched_base, base); 1696 } 1697 1698 iwm_ict_reset(sc); 1699 1700 /* Clear TX scheduler state in SRAM. */ 1701 nwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND - 1702 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) 1703 / sizeof(uint32_t); 1704 error = iwm_write_mem(sc, 1705 sc->sched_base + IWM_SCD_CONTEXT_MEM_LOWER_BOUND, 1706 NULL, nwords); 1707 if (error) 1708 goto out; 1709 1710 /* Set physical address of TX scheduler rings (1KB aligned). */ 1711 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10); 1712 1713 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0); 1714 1715 iwm_nic_unlock(sc); 1716 1717 /* enable command channel */ 1718 error = iwm_enable_txq(sc, 0 /* unused */, IWM_MVM_CMD_QUEUE, 7); 1719 if (error) 1720 return error; 1721 1722 if (!iwm_nic_lock(sc)) 1723 return EBUSY; 1724 1725 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff); 1726 1727 /* Enable DMA channels. */ 1728 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1729 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 1730 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 1731 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE); 1732 } 1733 1734 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG, 1735 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN); 1736 1737 /* Enable L1-Active */ 1738 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 1739 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG, 1740 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS); 1741 } 1742 1743 out: 1744 iwm_nic_unlock(sc); 1745 return error; 1746} 1747 1748/* 1749 * NVM read access and content parsing. We do not support 1750 * external NVM or writing NVM. 1751 * iwlwifi/mvm/nvm.c 1752 */ 1753 1754/* Default NVM size to read */ 1755#define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024) 1756 1757#define IWM_NVM_WRITE_OPCODE 1 1758#define IWM_NVM_READ_OPCODE 0 1759 1760/* load nvm chunk response */ 1761enum { 1762 IWM_READ_NVM_CHUNK_SUCCEED = 0, 1763 IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS = 1 1764}; 1765 1766static int 1767iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section, 1768 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len) 1769{ 1770 struct iwm_nvm_access_cmd nvm_access_cmd = { 1771 .offset = htole16(offset), 1772 .length = htole16(length), 1773 .type = htole16(section), 1774 .op_code = IWM_NVM_READ_OPCODE, 1775 }; 1776 struct iwm_nvm_access_resp *nvm_resp; 1777 struct iwm_rx_packet *pkt; 1778 struct iwm_host_cmd cmd = { 1779 .id = IWM_NVM_ACCESS_CMD, 1780 .flags = IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL, 1781 .data = { &nvm_access_cmd, }, 1782 }; 1783 int ret, bytes_read, offset_read; 1784 uint8_t *resp_data; 1785 1786 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd); 1787 1788 ret = iwm_send_cmd(sc, &cmd); 1789 if (ret) { 1790 device_printf(sc->sc_dev, 1791 "Could not send NVM_ACCESS command (error=%d)\n", ret); 1792 return ret; 1793 } 1794 1795 pkt = cmd.resp_pkt; 1796 1797 /* Extract NVM response */ 1798 nvm_resp = (void *)pkt->data; 1799 ret = le16toh(nvm_resp->status); 1800 bytes_read = le16toh(nvm_resp->length); 1801 offset_read = le16toh(nvm_resp->offset); 1802 resp_data = nvm_resp->data; 1803 if (ret) { 1804 if ((offset != 0) && 1805 (ret == IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS)) { 1806 /* 1807 * meaning of NOT_VALID_ADDRESS: 1808 * driver try to read chunk from address that is 1809 * multiple of 2K and got an error since addr is empty. 1810 * meaning of (offset != 0): driver already 1811 * read valid data from another chunk so this case 1812 * is not an error. 1813 */ 1814 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1815 "NVM access command failed on offset 0x%x since that section size is multiple 2K\n", 1816 offset); 1817 *len = 0; 1818 ret = 0; 1819 } else { 1820 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1821 "NVM access command failed with status %d\n", ret); 1822 ret = EIO; 1823 } 1824 goto exit; 1825 } 1826 1827 if (offset_read != offset) { 1828 device_printf(sc->sc_dev, 1829 "NVM ACCESS response with invalid offset %d\n", 1830 offset_read); 1831 ret = EINVAL; 1832 goto exit; 1833 } 1834 1835 if (bytes_read > length) { 1836 device_printf(sc->sc_dev, 1837 "NVM ACCESS response with too much data " 1838 "(%d bytes requested, %d bytes received)\n", 1839 length, bytes_read); 1840 ret = EINVAL; 1841 goto exit; 1842 } 1843 1844 /* Write data to NVM */ 1845 memcpy(data + offset, resp_data, bytes_read); 1846 *len = bytes_read; 1847 1848 exit: 1849 iwm_free_resp(sc, &cmd); 1850 return ret; 1851} 1852 1853/* 1854 * Reads an NVM section completely. 1855 * NICs prior to 7000 family don't have a real NVM, but just read 1856 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited 1857 * by uCode, we need to manually check in this case that we don't 1858 * overflow and try to read more than the EEPROM size. 1859 * For 7000 family NICs, we supply the maximal size we can read, and 1860 * the uCode fills the response with as much data as we can, 1861 * without overflowing, so no check is needed. 1862 */ 1863static int 1864iwm_nvm_read_section(struct iwm_softc *sc, 1865 uint16_t section, uint8_t *data, uint16_t *len, uint32_t size_read) 1866{ 1867 uint16_t seglen, length, offset = 0; 1868 int ret; 1869 1870 /* Set nvm section read length */ 1871 length = IWM_NVM_DEFAULT_CHUNK_SIZE; 1872 1873 seglen = length; 1874 1875 /* Read the NVM until exhausted (reading less than requested) */ 1876 while (seglen == length) { 1877 /* Check no memory assumptions fail and cause an overflow */ 1878 if ((size_read + offset + length) > 1879 sc->cfg->eeprom_size) { 1880 device_printf(sc->sc_dev, 1881 "EEPROM size is too small for NVM\n"); 1882 return ENOBUFS; 1883 } 1884 1885 ret = iwm_nvm_read_chunk(sc, section, offset, length, data, &seglen); 1886 if (ret) { 1887 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1888 "Cannot read NVM from section %d offset %d, length %d\n", 1889 section, offset, length); 1890 return ret; 1891 } 1892 offset += seglen; 1893 } 1894 1895 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1896 "NVM section %d read completed\n", section); 1897 *len = offset; 1898 return 0; 1899} 1900 1901/* 1902 * BEGIN IWM_NVM_PARSE 1903 */ 1904 1905/* iwlwifi/iwl-nvm-parse.c */ 1906 1907/* NVM offsets (in words) definitions */ 1908enum iwm_nvm_offsets { 1909 /* NVM HW-Section offset (in words) definitions */ 1910 IWM_HW_ADDR = 0x15, 1911 1912/* NVM SW-Section offset (in words) definitions */ 1913 IWM_NVM_SW_SECTION = 0x1C0, 1914 IWM_NVM_VERSION = 0, 1915 IWM_RADIO_CFG = 1, 1916 IWM_SKU = 2, 1917 IWM_N_HW_ADDRS = 3, 1918 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION, 1919 1920/* NVM calibration section offset (in words) definitions */ 1921 IWM_NVM_CALIB_SECTION = 0x2B8, 1922 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION 1923}; 1924 1925enum iwm_8000_nvm_offsets { 1926 /* NVM HW-Section offset (in words) definitions */ 1927 IWM_HW_ADDR0_WFPM_8000 = 0x12, 1928 IWM_HW_ADDR1_WFPM_8000 = 0x16, 1929 IWM_HW_ADDR0_PCIE_8000 = 0x8A, 1930 IWM_HW_ADDR1_PCIE_8000 = 0x8E, 1931 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1, 1932 1933 /* NVM SW-Section offset (in words) definitions */ 1934 IWM_NVM_SW_SECTION_8000 = 0x1C0, 1935 IWM_NVM_VERSION_8000 = 0, 1936 IWM_RADIO_CFG_8000 = 0, 1937 IWM_SKU_8000 = 2, 1938 IWM_N_HW_ADDRS_8000 = 3, 1939 1940 /* NVM REGULATORY -Section offset (in words) definitions */ 1941 IWM_NVM_CHANNELS_8000 = 0, 1942 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7, 1943 IWM_NVM_LAR_OFFSET_8000 = 0x507, 1944 IWM_NVM_LAR_ENABLED_8000 = 0x7, 1945 1946 /* NVM calibration section offset (in words) definitions */ 1947 IWM_NVM_CALIB_SECTION_8000 = 0x2B8, 1948 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000 1949}; 1950 1951/* SKU Capabilities (actual values from NVM definition) */ 1952enum nvm_sku_bits { 1953 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0), 1954 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1), 1955 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2), 1956 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3), 1957}; 1958 1959/* radio config bits (actual values from NVM definition) */ 1960#define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */ 1961#define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */ 1962#define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */ 1963#define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */ 1964#define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */ 1965#define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */ 1966 1967#define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF) 1968#define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF) 1969#define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF) 1970#define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF) 1971#define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF) 1972#define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF) 1973 1974#define DEFAULT_MAX_TX_POWER 16 1975 1976/** 1977 * enum iwm_nvm_channel_flags - channel flags in NVM 1978 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo 1979 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel 1980 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed 1981 * @IWM_NVM_CHANNEL_RADAR: radar detection required 1982 * XXX cannot find this (DFS) flag in iwm-nvm-parse.c 1983 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate 1984 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?) 1985 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?) 1986 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?) 1987 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?) 1988 */ 1989enum iwm_nvm_channel_flags { 1990 IWM_NVM_CHANNEL_VALID = (1 << 0), 1991 IWM_NVM_CHANNEL_IBSS = (1 << 1), 1992 IWM_NVM_CHANNEL_ACTIVE = (1 << 3), 1993 IWM_NVM_CHANNEL_RADAR = (1 << 4), 1994 IWM_NVM_CHANNEL_DFS = (1 << 7), 1995 IWM_NVM_CHANNEL_WIDE = (1 << 8), 1996 IWM_NVM_CHANNEL_40MHZ = (1 << 9), 1997 IWM_NVM_CHANNEL_80MHZ = (1 << 10), 1998 IWM_NVM_CHANNEL_160MHZ = (1 << 11), 1999}; 2000 2001/* 2002 * Translate EEPROM flags to net80211. 2003 */ 2004static uint32_t 2005iwm_eeprom_channel_flags(uint16_t ch_flags) 2006{ 2007 uint32_t nflags; 2008 2009 nflags = 0; 2010 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0) 2011 nflags |= IEEE80211_CHAN_PASSIVE; 2012 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0) 2013 nflags |= IEEE80211_CHAN_NOADHOC; 2014 if (ch_flags & IWM_NVM_CHANNEL_RADAR) { 2015 nflags |= IEEE80211_CHAN_DFS; 2016 /* Just in case. */ 2017 nflags |= IEEE80211_CHAN_NOADHOC; 2018 } 2019 2020 return (nflags); 2021} 2022 2023static void 2024iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[], 2025 int maxchans, int *nchans, int ch_idx, size_t ch_num, 2026 const uint8_t bands[]) 2027{ 2028 const uint16_t * const nvm_ch_flags = sc->nvm_data->nvm_ch_flags; 2029 uint32_t nflags; 2030 uint16_t ch_flags; 2031 uint8_t ieee; 2032 int error; 2033 2034 for (; ch_idx < ch_num; ch_idx++) { 2035 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx); 2036 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 2037 ieee = iwm_nvm_channels[ch_idx]; 2038 else 2039 ieee = iwm_nvm_channels_8000[ch_idx]; 2040 2041 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) { 2042 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 2043 "Ch. %d Flags %x [%sGHz] - No traffic\n", 2044 ieee, ch_flags, 2045 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 2046 "5.2" : "2.4"); 2047 continue; 2048 } 2049 2050 nflags = iwm_eeprom_channel_flags(ch_flags); 2051 error = ieee80211_add_channel(chans, maxchans, nchans, 2052 ieee, 0, 0, nflags, bands); 2053 if (error != 0) 2054 break; 2055 2056 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 2057 "Ch. %d Flags %x [%sGHz] - Added\n", 2058 ieee, ch_flags, 2059 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 2060 "5.2" : "2.4"); 2061 } 2062} 2063 2064static void 2065iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans, 2066 struct ieee80211_channel chans[]) 2067{ 2068 struct iwm_softc *sc = ic->ic_softc; 2069 struct iwm_nvm_data *data = sc->nvm_data; 2070 uint8_t bands[IEEE80211_MODE_BYTES]; 2071 size_t ch_num; 2072 2073 memset(bands, 0, sizeof(bands)); 2074 /* 1-13: 11b/g channels. */ 2075 setbit(bands, IEEE80211_MODE_11B); 2076 setbit(bands, IEEE80211_MODE_11G); 2077 iwm_add_channel_band(sc, chans, maxchans, nchans, 0, 2078 IWM_NUM_2GHZ_CHANNELS - 1, bands); 2079 2080 /* 14: 11b channel only. */ 2081 clrbit(bands, IEEE80211_MODE_11G); 2082 iwm_add_channel_band(sc, chans, maxchans, nchans, 2083 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands); 2084 2085 if (data->sku_cap_band_52GHz_enable) { 2086 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 2087 ch_num = nitems(iwm_nvm_channels); 2088 else 2089 ch_num = nitems(iwm_nvm_channels_8000); 2090 memset(bands, 0, sizeof(bands)); 2091 setbit(bands, IEEE80211_MODE_11A); 2092 iwm_add_channel_band(sc, chans, maxchans, nchans, 2093 IWM_NUM_2GHZ_CHANNELS, ch_num, bands); 2094 } 2095} 2096 2097static void 2098iwm_set_hw_address_family_8000(struct iwm_softc *sc, struct iwm_nvm_data *data, 2099 const uint16_t *mac_override, const uint16_t *nvm_hw) 2100{ 2101 const uint8_t *hw_addr; 2102 2103 if (mac_override) { 2104 static const uint8_t reserved_mac[] = { 2105 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00 2106 }; 2107 2108 hw_addr = (const uint8_t *)(mac_override + 2109 IWM_MAC_ADDRESS_OVERRIDE_8000); 2110 2111 /* 2112 * Store the MAC address from MAO section. 2113 * No byte swapping is required in MAO section 2114 */ 2115 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr); 2116 2117 /* 2118 * Force the use of the OTP MAC address in case of reserved MAC 2119 * address in the NVM, or if address is given but invalid. 2120 */ 2121 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) && 2122 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) && 2123 iwm_is_valid_ether_addr(data->hw_addr) && 2124 !IEEE80211_IS_MULTICAST(data->hw_addr)) 2125 return; 2126 2127 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2128 "%s: mac address from nvm override section invalid\n", 2129 __func__); 2130 } 2131 2132 if (nvm_hw) { 2133 /* read the mac address from WFMP registers */ 2134 uint32_t mac_addr0 = 2135 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0)); 2136 uint32_t mac_addr1 = 2137 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1)); 2138 2139 hw_addr = (const uint8_t *)&mac_addr0; 2140 data->hw_addr[0] = hw_addr[3]; 2141 data->hw_addr[1] = hw_addr[2]; 2142 data->hw_addr[2] = hw_addr[1]; 2143 data->hw_addr[3] = hw_addr[0]; 2144 2145 hw_addr = (const uint8_t *)&mac_addr1; 2146 data->hw_addr[4] = hw_addr[1]; 2147 data->hw_addr[5] = hw_addr[0]; 2148 2149 return; 2150 } 2151 2152 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__); 2153 memset(data->hw_addr, 0, sizeof(data->hw_addr)); 2154} 2155 2156static int 2157iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2158 const uint16_t *phy_sku) 2159{ 2160 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2161 return le16_to_cpup(nvm_sw + IWM_SKU); 2162 2163 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000)); 2164} 2165 2166static int 2167iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2168{ 2169 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2170 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION); 2171 else 2172 return le32_to_cpup((const uint32_t *)(nvm_sw + 2173 IWM_NVM_VERSION_8000)); 2174} 2175 2176static int 2177iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2178 const uint16_t *phy_sku) 2179{ 2180 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2181 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG); 2182 2183 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000)); 2184} 2185 2186static int 2187iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2188{ 2189 int n_hw_addr; 2190 2191 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2192 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS); 2193 2194 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000)); 2195 2196 return n_hw_addr & IWM_N_HW_ADDR_MASK; 2197} 2198 2199static void 2200iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data, 2201 uint32_t radio_cfg) 2202{ 2203 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2204 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg); 2205 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg); 2206 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg); 2207 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg); 2208 return; 2209 } 2210 2211 /* set the radio configuration for family 8000 */ 2212 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg); 2213 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg); 2214 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg); 2215 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg); 2216 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg); 2217 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg); 2218} 2219 2220static int 2221iwm_set_hw_address(struct iwm_softc *sc, struct iwm_nvm_data *data, 2222 const uint16_t *nvm_hw, const uint16_t *mac_override) 2223{ 2224#ifdef notyet /* for FAMILY 9000 */ 2225 if (cfg->mac_addr_from_csr) { 2226 iwm_set_hw_address_from_csr(sc, data); 2227 } else 2228#endif 2229 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2230 const uint8_t *hw_addr = (const uint8_t *)(nvm_hw + IWM_HW_ADDR); 2231 2232 /* The byte order is little endian 16 bit, meaning 214365 */ 2233 data->hw_addr[0] = hw_addr[1]; 2234 data->hw_addr[1] = hw_addr[0]; 2235 data->hw_addr[2] = hw_addr[3]; 2236 data->hw_addr[3] = hw_addr[2]; 2237 data->hw_addr[4] = hw_addr[5]; 2238 data->hw_addr[5] = hw_addr[4]; 2239 } else { 2240 iwm_set_hw_address_family_8000(sc, data, mac_override, nvm_hw); 2241 } 2242 2243 if (!iwm_is_valid_ether_addr(data->hw_addr)) { 2244 device_printf(sc->sc_dev, "no valid mac address was found\n"); 2245 return EINVAL; 2246 } 2247 2248 return 0; 2249} 2250 2251static struct iwm_nvm_data * 2252iwm_parse_nvm_data(struct iwm_softc *sc, 2253 const uint16_t *nvm_hw, const uint16_t *nvm_sw, 2254 const uint16_t *nvm_calib, const uint16_t *mac_override, 2255 const uint16_t *phy_sku, const uint16_t *regulatory) 2256{ 2257 struct iwm_nvm_data *data; 2258 uint32_t sku, radio_cfg; 2259 2260 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2261 data = malloc(sizeof(*data) + 2262 IWM_NUM_CHANNELS * sizeof(uint16_t), 2263 M_DEVBUF, M_NOWAIT | M_ZERO); 2264 } else { 2265 data = malloc(sizeof(*data) + 2266 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t), 2267 M_DEVBUF, M_NOWAIT | M_ZERO); 2268 } 2269 if (!data) 2270 return NULL; 2271 2272 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw); 2273 2274 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku); 2275 iwm_set_radio_cfg(sc, data, radio_cfg); 2276 2277 sku = iwm_get_sku(sc, nvm_sw, phy_sku); 2278 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ; 2279 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ; 2280 data->sku_cap_11n_enable = 0; 2281 2282 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw); 2283 2284 /* If no valid mac address was found - bail out */ 2285 if (iwm_set_hw_address(sc, data, nvm_hw, mac_override)) { 2286 free(data, M_DEVBUF); 2287 return NULL; 2288 } 2289 2290 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 2291 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS], 2292 IWM_NUM_CHANNELS * sizeof(uint16_t)); 2293 } else { 2294 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000], 2295 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t)); 2296 } 2297 2298 return data; 2299} 2300 2301static void 2302iwm_free_nvm_data(struct iwm_nvm_data *data) 2303{ 2304 if (data != NULL) 2305 free(data, M_DEVBUF); 2306} 2307 2308static struct iwm_nvm_data * 2309iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections) 2310{ 2311 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku; 2312 2313 /* Checking for required sections */ 2314 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 2315 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2316 !sections[sc->cfg->nvm_hw_section_num].data) { 2317 device_printf(sc->sc_dev, 2318 "Can't parse empty OTP/NVM sections\n"); 2319 return NULL; 2320 } 2321 } else if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 2322 /* SW and REGULATORY sections are mandatory */ 2323 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2324 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) { 2325 device_printf(sc->sc_dev, 2326 "Can't parse empty OTP/NVM sections\n"); 2327 return NULL; 2328 } 2329 /* MAC_OVERRIDE or at least HW section must exist */ 2330 if (!sections[sc->cfg->nvm_hw_section_num].data && 2331 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) { 2332 device_printf(sc->sc_dev, 2333 "Can't parse mac_address, empty sections\n"); 2334 return NULL; 2335 } 2336 2337 /* PHY_SKU section is mandatory in B0 */ 2338 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) { 2339 device_printf(sc->sc_dev, 2340 "Can't parse phy_sku in B0, empty sections\n"); 2341 return NULL; 2342 } 2343 } else { 2344 panic("unknown device family %d\n", sc->cfg->device_family); 2345 } 2346 2347 hw = (const uint16_t *) sections[sc->cfg->nvm_hw_section_num].data; 2348 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data; 2349 calib = (const uint16_t *) 2350 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data; 2351 regulatory = (const uint16_t *) 2352 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data; 2353 mac_override = (const uint16_t *) 2354 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data; 2355 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data; 2356 2357 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override, 2358 phy_sku, regulatory); 2359} 2360 2361static int 2362iwm_nvm_init(struct iwm_softc *sc) 2363{ 2364 struct iwm_nvm_section nvm_sections[IWM_NVM_MAX_NUM_SECTIONS]; 2365 int i, ret, section; 2366 uint32_t size_read = 0; 2367 uint8_t *nvm_buffer, *temp; 2368 uint16_t len; 2369 2370 memset(nvm_sections, 0, sizeof(nvm_sections)); 2371 2372 if (sc->cfg->nvm_hw_section_num >= IWM_NVM_MAX_NUM_SECTIONS) 2373 return EINVAL; 2374 2375 /* load NVM values from nic */ 2376 /* Read From FW NVM */ 2377 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, "Read from NVM\n"); 2378 2379 nvm_buffer = malloc(sc->cfg->eeprom_size, M_DEVBUF, M_NOWAIT | M_ZERO); 2380 if (!nvm_buffer) 2381 return ENOMEM; 2382 for (section = 0; section < IWM_NVM_MAX_NUM_SECTIONS; section++) { 2383 /* we override the constness for initial read */ 2384 ret = iwm_nvm_read_section(sc, section, nvm_buffer, 2385 &len, size_read); 2386 if (ret) 2387 continue; 2388 size_read += len; 2389 temp = malloc(len, M_DEVBUF, M_NOWAIT); 2390 if (!temp) { 2391 ret = ENOMEM; 2392 break; 2393 } 2394 memcpy(temp, nvm_buffer, len); 2395 2396 nvm_sections[section].data = temp; 2397 nvm_sections[section].length = len; 2398 } 2399 if (!size_read) 2400 device_printf(sc->sc_dev, "OTP is blank\n"); 2401 free(nvm_buffer, M_DEVBUF); 2402 2403 sc->nvm_data = iwm_parse_nvm_sections(sc, nvm_sections); 2404 if (!sc->nvm_data) 2405 return EINVAL; 2406 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 2407 "nvm version = %x\n", sc->nvm_data->nvm_version); 2408 2409 for (i = 0; i < IWM_NVM_MAX_NUM_SECTIONS; i++) { 2410 if (nvm_sections[i].data != NULL) 2411 free(nvm_sections[i].data, M_DEVBUF); 2412 } 2413 2414 return 0; 2415} 2416 2417/* 2418 * Firmware loading gunk. This is kind of a weird hybrid between the 2419 * iwn driver and the Linux iwlwifi driver. 2420 */ 2421 2422static int 2423iwm_firmware_load_sect(struct iwm_softc *sc, uint32_t dst_addr, 2424 const uint8_t *section, uint32_t byte_cnt) 2425{ 2426 int error = EINVAL; 2427 uint32_t chunk_sz, offset; 2428 2429 chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, byte_cnt); 2430 2431 for (offset = 0; offset < byte_cnt; offset += chunk_sz) { 2432 uint32_t addr, len; 2433 const uint8_t *data; 2434 2435 addr = dst_addr + offset; 2436 len = MIN(chunk_sz, byte_cnt - offset); 2437 data = section + offset; 2438 2439 error = iwm_firmware_load_chunk(sc, addr, data, len); 2440 if (error) 2441 break; 2442 } 2443 2444 return error; 2445} 2446 2447static int 2448iwm_firmware_load_chunk(struct iwm_softc *sc, uint32_t dst_addr, 2449 const uint8_t *chunk, uint32_t byte_cnt) 2450{ 2451 struct iwm_dma_info *dma = &sc->fw_dma; 2452 int error; 2453 2454 /* Copy firmware chunk into pre-allocated DMA-safe memory. */ 2455 memcpy(dma->vaddr, chunk, byte_cnt); 2456 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 2457 2458 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 2459 dst_addr <= IWM_FW_MEM_EXTENDED_END) { 2460 iwm_set_bits_prph(sc, IWM_LMPM_CHICK, 2461 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2462 } 2463 2464 sc->sc_fw_chunk_done = 0; 2465 2466 if (!iwm_nic_lock(sc)) 2467 return EBUSY; 2468 2469 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2470 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE); 2471 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL), 2472 dst_addr); 2473 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL), 2474 dma->paddr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK); 2475 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL), 2476 (iwm_get_dma_hi_addr(dma->paddr) 2477 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt); 2478 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL), 2479 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM | 2480 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX | 2481 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID); 2482 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2483 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 2484 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE | 2485 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD); 2486 2487 iwm_nic_unlock(sc); 2488 2489 /* wait 1s for this segment to load */ 2490 while (!sc->sc_fw_chunk_done) 2491 if ((error = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz)) != 0) 2492 break; 2493 2494 if (!sc->sc_fw_chunk_done) { 2495 device_printf(sc->sc_dev, 2496 "fw chunk addr 0x%x len %d failed to load\n", 2497 dst_addr, byte_cnt); 2498 } 2499 2500 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 2501 dst_addr <= IWM_FW_MEM_EXTENDED_END && iwm_nic_lock(sc)) { 2502 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK, 2503 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2504 iwm_nic_unlock(sc); 2505 } 2506 2507 return error; 2508} 2509 2510int 2511iwm_load_cpu_sections_8000(struct iwm_softc *sc, struct iwm_fw_sects *fws, 2512 int cpu, int *first_ucode_section) 2513{ 2514 int shift_param; 2515 int i, error = 0, sec_num = 0x1; 2516 uint32_t val, last_read_idx = 0; 2517 const void *data; 2518 uint32_t dlen; 2519 uint32_t offset; 2520 2521 if (cpu == 1) { 2522 shift_param = 0; 2523 *first_ucode_section = 0; 2524 } else { 2525 shift_param = 16; 2526 (*first_ucode_section)++; 2527 } 2528 2529 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) { 2530 last_read_idx = i; 2531 data = fws->fw_sect[i].fws_data; 2532 dlen = fws->fw_sect[i].fws_len; 2533 offset = fws->fw_sect[i].fws_devoff; 2534 2535 /* 2536 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between 2537 * CPU1 to CPU2. 2538 * PAGING_SEPARATOR_SECTION delimiter - separate between 2539 * CPU2 non paged to CPU2 paging sec. 2540 */ 2541 if (!data || offset == IWM_CPU1_CPU2_SEPARATOR_SECTION || 2542 offset == IWM_PAGING_SEPARATOR_SECTION) 2543 break; 2544 2545 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2546 "LOAD FIRMWARE chunk %d offset 0x%x len %d for cpu %d\n", 2547 i, offset, dlen, cpu); 2548 2549 if (dlen > sc->sc_fwdmasegsz) { 2550 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2551 "chunk %d too large (%d bytes)\n", i, dlen); 2552 error = EFBIG; 2553 } else { 2554 error = iwm_firmware_load_sect(sc, offset, data, dlen); 2555 } 2556 if (error) { 2557 device_printf(sc->sc_dev, 2558 "could not load firmware chunk %d (error %d)\n", 2559 i, error); 2560 return error; 2561 } 2562 2563 /* Notify the ucode of the loaded section number and status */ 2564 if (iwm_nic_lock(sc)) { 2565 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS); 2566 val = val | (sec_num << shift_param); 2567 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val); 2568 sec_num = (sec_num << 1) | 0x1; 2569 iwm_nic_unlock(sc); 2570 2571 /* 2572 * The firmware won't load correctly without this delay. 2573 */ 2574 DELAY(8000); 2575 } 2576 } 2577 2578 *first_ucode_section = last_read_idx; 2579 2580 if (iwm_nic_lock(sc)) { 2581 if (cpu == 1) 2582 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF); 2583 else 2584 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF); 2585 iwm_nic_unlock(sc); 2586 } 2587 2588 return 0; 2589} 2590 2591int 2592iwm_load_firmware_8000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2593{ 2594 struct iwm_fw_sects *fws; 2595 int error = 0; 2596 int first_ucode_section; 2597 2598 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "loading ucode type %d\n", 2599 ucode_type); 2600 2601 fws = &sc->sc_fw.fw_sects[ucode_type]; 2602 2603 /* configure the ucode to be ready to get the secured image */ 2604 /* release CPU reset */ 2605 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET, IWM_RELEASE_CPU_RESET_BIT); 2606 2607 /* load to FW the binary Secured sections of CPU1 */ 2608 error = iwm_load_cpu_sections_8000(sc, fws, 1, &first_ucode_section); 2609 if (error) 2610 return error; 2611 2612 /* load to FW the binary sections of CPU2 */ 2613 return iwm_load_cpu_sections_8000(sc, fws, 2, &first_ucode_section); 2614} 2615 2616static int 2617iwm_load_firmware_7000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2618{ 2619 struct iwm_fw_sects *fws; 2620 int error, i; 2621 const void *data; 2622 uint32_t dlen; 2623 uint32_t offset; 2624 2625 sc->sc_uc.uc_intr = 0; 2626 2627 fws = &sc->sc_fw.fw_sects[ucode_type]; 2628 for (i = 0; i < fws->fw_count; i++) { 2629 data = fws->fw_sect[i].fws_data; 2630 dlen = fws->fw_sect[i].fws_len; 2631 offset = fws->fw_sect[i].fws_devoff; 2632 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 2633 "LOAD FIRMWARE type %d offset %u len %d\n", 2634 ucode_type, offset, dlen); 2635 if (dlen > sc->sc_fwdmasegsz) { 2636 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 2637 "chunk %d too large (%d bytes)\n", i, dlen); 2638 error = EFBIG; 2639 } else { 2640 error = iwm_firmware_load_sect(sc, offset, data, dlen); 2641 } 2642 if (error) { 2643 device_printf(sc->sc_dev, 2644 "could not load firmware chunk %u of %u " 2645 "(error=%d)\n", i, fws->fw_count, error); 2646 return error; 2647 } 2648 } 2649 2650 IWM_WRITE(sc, IWM_CSR_RESET, 0); 2651 2652 return 0; 2653} 2654 2655static int 2656iwm_load_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2657{ 2658 int error, w; 2659 2660 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 2661 error = iwm_load_firmware_8000(sc, ucode_type); 2662 else 2663 error = iwm_load_firmware_7000(sc, ucode_type); 2664 if (error) 2665 return error; 2666 2667 /* wait for the firmware to load */ 2668 for (w = 0; !sc->sc_uc.uc_intr && w < 10; w++) { 2669 error = msleep(&sc->sc_uc, &sc->sc_mtx, 0, "iwmuc", hz/10); 2670 } 2671 if (error || !sc->sc_uc.uc_ok) { 2672 device_printf(sc->sc_dev, "could not load firmware\n"); 2673 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 2674 device_printf(sc->sc_dev, "cpu1 status: 0x%x\n", 2675 iwm_read_prph(sc, IWM_SB_CPU_1_STATUS)); 2676 device_printf(sc->sc_dev, "cpu2 status: 0x%x\n", 2677 iwm_read_prph(sc, IWM_SB_CPU_2_STATUS)); 2678 } 2679 } 2680 2681 return error; 2682} 2683 2684/* iwlwifi: pcie/trans.c */ 2685static int 2686iwm_start_fw(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 2687{ 2688 int error; 2689 2690 IWM_WRITE(sc, IWM_CSR_INT, ~0); 2691 2692 if ((error = iwm_nic_init(sc)) != 0) { 2693 device_printf(sc->sc_dev, "unable to init nic\n"); 2694 return error; 2695 } 2696 2697 /* make sure rfkill handshake bits are cleared */ 2698 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2699 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, 2700 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED); 2701 2702 /* clear (again), then enable host interrupts */ 2703 IWM_WRITE(sc, IWM_CSR_INT, ~0); 2704 iwm_enable_interrupts(sc); 2705 2706 /* really make sure rfkill handshake bits are cleared */ 2707 /* maybe we should write a few times more? just to make sure */ 2708 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2709 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2710 2711 /* Load the given image to the HW */ 2712 return iwm_load_firmware(sc, ucode_type); 2713} 2714 2715static int 2716iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant) 2717{ 2718 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = { 2719 .valid = htole32(valid_tx_ant), 2720 }; 2721 2722 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD, 2723 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd); 2724} 2725 2726/* iwlwifi: mvm/fw.c */ 2727static int 2728iwm_send_phy_cfg_cmd(struct iwm_softc *sc) 2729{ 2730 struct iwm_phy_cfg_cmd phy_cfg_cmd; 2731 enum iwm_ucode_type ucode_type = sc->sc_uc_current; 2732 2733 /* Set parameters */ 2734 phy_cfg_cmd.phy_cfg = htole32(iwm_mvm_get_phy_config(sc)); 2735 phy_cfg_cmd.calib_control.event_trigger = 2736 sc->sc_default_calib[ucode_type].event_trigger; 2737 phy_cfg_cmd.calib_control.flow_trigger = 2738 sc->sc_default_calib[ucode_type].flow_trigger; 2739 2740 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET, 2741 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg); 2742 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC, 2743 sizeof(phy_cfg_cmd), &phy_cfg_cmd); 2744} 2745 2746static int 2747iwm_wait_phy_db_entry(struct iwm_softc *sc, 2748 struct iwm_rx_packet *pkt, void *data) 2749{ 2750 struct iwm_phy_db *phy_db = data; 2751 2752 if (pkt->hdr.code != IWM_CALIB_RES_NOTIF_PHY_DB) { 2753 if(pkt->hdr.code != IWM_INIT_COMPLETE_NOTIF) { 2754 device_printf(sc->sc_dev, "%s: Unexpected cmd: %d\n", 2755 __func__, pkt->hdr.code); 2756 } 2757 return TRUE; 2758 } 2759 2760 if (iwm_phy_db_set_section(phy_db, pkt)) { 2761 device_printf(sc->sc_dev, 2762 "%s: iwm_phy_db_set_section failed\n", __func__); 2763 } 2764 2765 return FALSE; 2766} 2767 2768static int 2769iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc, 2770 enum iwm_ucode_type ucode_type) 2771{ 2772 enum iwm_ucode_type old_type = sc->sc_uc_current; 2773 int error; 2774 2775 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) { 2776 device_printf(sc->sc_dev, "iwm_read_firmware: failed %d\n", 2777 error); 2778 return error; 2779 } 2780 2781 sc->sc_uc_current = ucode_type; 2782 error = iwm_start_fw(sc, ucode_type); 2783 if (error) { 2784 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error); 2785 sc->sc_uc_current = old_type; 2786 return error; 2787 } 2788 2789 error = iwm_post_alive(sc); 2790 if (error) { 2791 device_printf(sc->sc_dev, "iwm_fw_alive: failed %d\n", error); 2792 } 2793 return error; 2794} 2795 2796/* 2797 * mvm misc bits 2798 */ 2799 2800/* 2801 * follows iwlwifi/fw.c 2802 */ 2803static int 2804iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm) 2805{ 2806 struct iwm_notification_wait calib_wait; 2807 static const uint16_t init_complete[] = { 2808 IWM_INIT_COMPLETE_NOTIF, 2809 IWM_CALIB_RES_NOTIF_PHY_DB 2810 }; 2811 int ret; 2812 2813 /* do not operate with rfkill switch turned on */ 2814 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) { 2815 device_printf(sc->sc_dev, 2816 "radio is disabled by hardware switch\n"); 2817 return EPERM; 2818 } 2819 2820 iwm_init_notification_wait(sc->sc_notif_wait, 2821 &calib_wait, 2822 init_complete, 2823 nitems(init_complete), 2824 iwm_wait_phy_db_entry, 2825 sc->sc_phy_db); 2826 2827 /* Will also start the device */ 2828 ret = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_INIT); 2829 if (ret) { 2830 device_printf(sc->sc_dev, "Failed to start INIT ucode: %d\n", 2831 ret); 2832 goto error; 2833 } 2834 2835 if (justnvm) { 2836 /* Read nvm */ 2837 ret = iwm_nvm_init(sc); 2838 if (ret) { 2839 device_printf(sc->sc_dev, "failed to read nvm\n"); 2840 goto error; 2841 } 2842 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->nvm_data->hw_addr); 2843 goto error; 2844 } 2845 2846 ret = iwm_send_bt_init_conf(sc); 2847 if (ret) { 2848 device_printf(sc->sc_dev, 2849 "failed to send bt coex configuration: %d\n", ret); 2850 goto error; 2851 } 2852 2853 /* Init Smart FIFO. */ 2854 ret = iwm_mvm_sf_config(sc, IWM_SF_INIT_OFF); 2855 if (ret) 2856 goto error; 2857 2858 /* Send TX valid antennas before triggering calibrations */ 2859 ret = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc)); 2860 if (ret) { 2861 device_printf(sc->sc_dev, 2862 "failed to send antennas before calibration: %d\n", ret); 2863 goto error; 2864 } 2865 2866 /* 2867 * Send phy configurations command to init uCode 2868 * to start the 16.0 uCode init image internal calibrations. 2869 */ 2870 ret = iwm_send_phy_cfg_cmd(sc); 2871 if (ret) { 2872 device_printf(sc->sc_dev, 2873 "%s: Failed to run INIT calibrations: %d\n", 2874 __func__, ret); 2875 goto error; 2876 } 2877 2878 /* 2879 * Nothing to do but wait for the init complete notification 2880 * from the firmware. 2881 */ 2882 IWM_UNLOCK(sc); 2883 ret = iwm_wait_notification(sc->sc_notif_wait, &calib_wait, 2884 IWM_MVM_UCODE_CALIB_TIMEOUT); 2885 IWM_LOCK(sc); 2886 2887 2888 goto out; 2889 2890error: 2891 iwm_remove_notification(sc->sc_notif_wait, &calib_wait); 2892out: 2893 return ret; 2894} 2895 2896/* 2897 * receive side 2898 */ 2899 2900/* (re)stock rx ring, called at init-time and at runtime */ 2901static int 2902iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx) 2903{ 2904 struct iwm_rx_ring *ring = &sc->rxq; 2905 struct iwm_rx_data *data = &ring->data[idx]; 2906 struct mbuf *m; 2907 bus_dmamap_t dmamap = NULL; 2908 bus_dma_segment_t seg; 2909 int nsegs, error; 2910 2911 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE); 2912 if (m == NULL) 2913 return ENOBUFS; 2914 2915 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size; 2916 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m, 2917 &seg, &nsegs, BUS_DMA_NOWAIT); 2918 if (error != 0) { 2919 device_printf(sc->sc_dev, 2920 "%s: can't map mbuf, error %d\n", __func__, error); 2921 goto fail; 2922 } 2923 2924 if (data->m != NULL) 2925 bus_dmamap_unload(ring->data_dmat, data->map); 2926 2927 /* Swap ring->spare_map with data->map */ 2928 dmamap = data->map; 2929 data->map = ring->spare_map; 2930 ring->spare_map = dmamap; 2931 2932 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD); 2933 data->m = m; 2934 2935 /* Update RX descriptor. */ 2936 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned")); 2937 ring->desc[idx] = htole32(seg.ds_addr >> 8); 2938 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2939 BUS_DMASYNC_PREWRITE); 2940 2941 return 0; 2942fail: 2943 m_freem(m); 2944 return error; 2945} 2946 2947/* iwlwifi: mvm/rx.c */ 2948#define IWM_RSSI_OFFSET 50 2949static int 2950iwm_mvm_calc_rssi(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 2951{ 2952 int rssi_a, rssi_b, rssi_a_dbm, rssi_b_dbm, max_rssi_dbm; 2953 uint32_t agc_a, agc_b; 2954 uint32_t val; 2955 2956 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_AGC_IDX]); 2957 agc_a = (val & IWM_OFDM_AGC_A_MSK) >> IWM_OFDM_AGC_A_POS; 2958 agc_b = (val & IWM_OFDM_AGC_B_MSK) >> IWM_OFDM_AGC_B_POS; 2959 2960 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_RSSI_AB_IDX]); 2961 rssi_a = (val & IWM_OFDM_RSSI_INBAND_A_MSK) >> IWM_OFDM_RSSI_A_POS; 2962 rssi_b = (val & IWM_OFDM_RSSI_INBAND_B_MSK) >> IWM_OFDM_RSSI_B_POS; 2963 2964 /* 2965 * dBm = rssi dB - agc dB - constant. 2966 * Higher AGC (higher radio gain) means lower signal. 2967 */ 2968 rssi_a_dbm = rssi_a - IWM_RSSI_OFFSET - agc_a; 2969 rssi_b_dbm = rssi_b - IWM_RSSI_OFFSET - agc_b; 2970 max_rssi_dbm = MAX(rssi_a_dbm, rssi_b_dbm); 2971 2972 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 2973 "Rssi In A %d B %d Max %d AGCA %d AGCB %d\n", 2974 rssi_a_dbm, rssi_b_dbm, max_rssi_dbm, agc_a, agc_b); 2975 2976 return max_rssi_dbm; 2977} 2978 2979/* iwlwifi: mvm/rx.c */ 2980/* 2981 * iwm_mvm_get_signal_strength - use new rx PHY INFO API 2982 * values are reported by the fw as positive values - need to negate 2983 * to obtain their dBM. Account for missing antennas by replacing 0 2984 * values by -256dBm: practically 0 power and a non-feasible 8 bit value. 2985 */ 2986static int 2987iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 2988{ 2989 int energy_a, energy_b, energy_c, max_energy; 2990 uint32_t val; 2991 2992 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]); 2993 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >> 2994 IWM_RX_INFO_ENERGY_ANT_A_POS; 2995 energy_a = energy_a ? -energy_a : -256; 2996 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >> 2997 IWM_RX_INFO_ENERGY_ANT_B_POS; 2998 energy_b = energy_b ? -energy_b : -256; 2999 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >> 3000 IWM_RX_INFO_ENERGY_ANT_C_POS; 3001 energy_c = energy_c ? -energy_c : -256; 3002 max_energy = MAX(energy_a, energy_b); 3003 max_energy = MAX(max_energy, energy_c); 3004 3005 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3006 "energy In A %d B %d C %d , and max %d\n", 3007 energy_a, energy_b, energy_c, max_energy); 3008 3009 return max_energy; 3010} 3011 3012static void 3013iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc, 3014 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 3015{ 3016 struct iwm_rx_phy_info *phy_info = (void *)pkt->data; 3017 3018 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n"); 3019 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD); 3020 3021 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info)); 3022} 3023 3024/* 3025 * Retrieve the average noise (in dBm) among receivers. 3026 */ 3027static int 3028iwm_get_noise(struct iwm_softc *sc, 3029 const struct iwm_mvm_statistics_rx_non_phy *stats) 3030{ 3031 int i, total, nbant, noise; 3032 3033 total = nbant = noise = 0; 3034 for (i = 0; i < 3; i++) { 3035 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff; 3036 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n", 3037 __func__, 3038 i, 3039 noise); 3040 3041 if (noise) { 3042 total += noise; 3043 nbant++; 3044 } 3045 } 3046 3047 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n", 3048 __func__, nbant, total); 3049#if 0 3050 /* There should be at least one antenna but check anyway. */ 3051 return (nbant == 0) ? -127 : (total / nbant) - 107; 3052#else 3053 /* For now, just hard-code it to -96 to be safe */ 3054 return (-96); 3055#endif 3056} 3057 3058/* 3059 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler 3060 * 3061 * Handles the actual data of the Rx packet from the fw 3062 */ 3063static void 3064iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc, 3065 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 3066{ 3067 struct ieee80211com *ic = &sc->sc_ic; 3068 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3069 struct ieee80211_frame *wh; 3070 struct ieee80211_node *ni; 3071 struct ieee80211_rx_stats rxs; 3072 struct mbuf *m; 3073 struct iwm_rx_phy_info *phy_info; 3074 struct iwm_rx_mpdu_res_start *rx_res; 3075 uint32_t len; 3076 uint32_t rx_pkt_status; 3077 int rssi; 3078 3079 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD); 3080 3081 phy_info = &sc->sc_last_phy_info; 3082 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data; 3083 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res)); 3084 len = le16toh(rx_res->byte_count); 3085 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len)); 3086 3087 m = data->m; 3088 m->m_data = pkt->data + sizeof(*rx_res); 3089 m->m_pkthdr.len = m->m_len = len; 3090 3091 if (__predict_false(phy_info->cfg_phy_cnt > 20)) { 3092 device_printf(sc->sc_dev, 3093 "dsp size out of range [0,20]: %d\n", 3094 phy_info->cfg_phy_cnt); 3095 goto fail; 3096 } 3097 3098 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) || 3099 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) { 3100 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3101 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status); 3102 goto fail; 3103 } 3104 3105 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_RX_ENERGY_API) { 3106 rssi = iwm_mvm_get_signal_strength(sc, phy_info); 3107 } else { 3108 rssi = iwm_mvm_calc_rssi(sc, phy_info); 3109 } 3110 3111 /* Note: RSSI is absolute (ie a -ve value) */ 3112 if (rssi < IWM_MIN_DBM) 3113 rssi = IWM_MIN_DBM; 3114 else if (rssi > IWM_MAX_DBM) 3115 rssi = IWM_MAX_DBM; 3116 3117 /* Map it to relative value */ 3118 rssi = rssi - sc->sc_noise; 3119 3120 /* replenish ring for the buffer we're going to feed to the sharks */ 3121 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) { 3122 device_printf(sc->sc_dev, "%s: unable to add more buffers\n", 3123 __func__); 3124 goto fail; 3125 } 3126 3127 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3128 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise); 3129 3130 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 3131 3132 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3133 "%s: phy_info: channel=%d, flags=0x%08x\n", 3134 __func__, 3135 le16toh(phy_info->channel), 3136 le16toh(phy_info->phy_flags)); 3137 3138 /* 3139 * Populate an RX state struct with the provided information. 3140 */ 3141 bzero(&rxs, sizeof(rxs)); 3142 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; 3143 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 3144 rxs.c_ieee = le16toh(phy_info->channel); 3145 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) { 3146 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ); 3147 } else { 3148 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ); 3149 } 3150 3151 /* rssi is in 1/2db units */ 3152 rxs.rssi = rssi * 2; 3153 rxs.nf = sc->sc_noise; 3154 3155 if (ieee80211_radiotap_active_vap(vap)) { 3156 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap; 3157 3158 tap->wr_flags = 0; 3159 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE)) 3160 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3161 tap->wr_chan_freq = htole16(rxs.c_freq); 3162 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */ 3163 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 3164 tap->wr_dbm_antsignal = (int8_t)rssi; 3165 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise; 3166 tap->wr_tsft = phy_info->system_timestamp; 3167 switch (phy_info->rate) { 3168 /* CCK rates. */ 3169 case 10: tap->wr_rate = 2; break; 3170 case 20: tap->wr_rate = 4; break; 3171 case 55: tap->wr_rate = 11; break; 3172 case 110: tap->wr_rate = 22; break; 3173 /* OFDM rates. */ 3174 case 0xd: tap->wr_rate = 12; break; 3175 case 0xf: tap->wr_rate = 18; break; 3176 case 0x5: tap->wr_rate = 24; break; 3177 case 0x7: tap->wr_rate = 36; break; 3178 case 0x9: tap->wr_rate = 48; break; 3179 case 0xb: tap->wr_rate = 72; break; 3180 case 0x1: tap->wr_rate = 96; break; 3181 case 0x3: tap->wr_rate = 108; break; 3182 /* Unknown rate: should not happen. */ 3183 default: tap->wr_rate = 0; 3184 } 3185 } 3186 3187 IWM_UNLOCK(sc); 3188 if (ni != NULL) { 3189 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m); 3190 ieee80211_input_mimo(ni, m, &rxs); 3191 ieee80211_free_node(ni); 3192 } else { 3193 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m); 3194 ieee80211_input_mimo_all(ic, m, &rxs); 3195 } 3196 IWM_LOCK(sc); 3197 3198 return; 3199 3200fail: counter_u64_add(ic->ic_ierrors, 1); 3201} 3202 3203static int 3204iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 3205 struct iwm_node *in) 3206{ 3207 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data; 3208 struct ieee80211_node *ni = &in->in_ni; 3209 struct ieee80211vap *vap = ni->ni_vap; 3210 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK; 3211 int failack = tx_resp->failure_frame; 3212 3213 KASSERT(tx_resp->frame_count == 1, ("too many frames")); 3214 3215 /* Update rate control statistics. */ 3216 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n", 3217 __func__, 3218 (int) le16toh(tx_resp->status.status), 3219 (int) le16toh(tx_resp->status.sequence), 3220 tx_resp->frame_count, 3221 tx_resp->bt_kill_count, 3222 tx_resp->failure_rts, 3223 tx_resp->failure_frame, 3224 le32toh(tx_resp->initial_rate), 3225 (int) le16toh(tx_resp->wireless_media_time)); 3226 3227 if (status != IWM_TX_STATUS_SUCCESS && 3228 status != IWM_TX_STATUS_DIRECT_DONE) { 3229 ieee80211_ratectl_tx_complete(vap, ni, 3230 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL); 3231 return (1); 3232 } else { 3233 ieee80211_ratectl_tx_complete(vap, ni, 3234 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL); 3235 return (0); 3236 } 3237} 3238 3239static void 3240iwm_mvm_rx_tx_cmd(struct iwm_softc *sc, 3241 struct iwm_rx_packet *pkt, struct iwm_rx_data *data) 3242{ 3243 struct iwm_cmd_header *cmd_hdr = &pkt->hdr; 3244 int idx = cmd_hdr->idx; 3245 int qid = cmd_hdr->qid; 3246 struct iwm_tx_ring *ring = &sc->txq[qid]; 3247 struct iwm_tx_data *txd = &ring->data[idx]; 3248 struct iwm_node *in = txd->in; 3249 struct mbuf *m = txd->m; 3250 int status; 3251 3252 KASSERT(txd->done == 0, ("txd not done")); 3253 KASSERT(txd->in != NULL, ("txd without node")); 3254 KASSERT(txd->m != NULL, ("txd without mbuf")); 3255 3256 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 3257 3258 sc->sc_tx_timer = 0; 3259 3260 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in); 3261 3262 /* Unmap and free mbuf. */ 3263 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE); 3264 bus_dmamap_unload(ring->data_dmat, txd->map); 3265 3266 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3267 "free txd %p, in %p\n", txd, txd->in); 3268 txd->done = 1; 3269 txd->m = NULL; 3270 txd->in = NULL; 3271 3272 ieee80211_tx_complete(&in->in_ni, m, status); 3273 3274 if (--ring->queued < IWM_TX_RING_LOMARK) { 3275 sc->qfullmsk &= ~(1 << ring->qid); 3276 if (sc->qfullmsk == 0) { 3277 iwm_start(sc); 3278 } 3279 } 3280} 3281 3282/* 3283 * transmit side 3284 */ 3285 3286/* 3287 * Process a "command done" firmware notification. This is where we wakeup 3288 * processes waiting for a synchronous command completion. 3289 * from if_iwn 3290 */ 3291static void 3292iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3293{ 3294 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE]; 3295 struct iwm_tx_data *data; 3296 3297 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) { 3298 return; /* Not a command ack. */ 3299 } 3300 3301 /* XXX wide commands? */ 3302 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 3303 "cmd notification type 0x%x qid %d idx %d\n", 3304 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx); 3305 3306 data = &ring->data[pkt->hdr.idx]; 3307 3308 /* If the command was mapped in an mbuf, free it. */ 3309 if (data->m != NULL) { 3310 bus_dmamap_sync(ring->data_dmat, data->map, 3311 BUS_DMASYNC_POSTWRITE); 3312 bus_dmamap_unload(ring->data_dmat, data->map); 3313 m_freem(data->m); 3314 data->m = NULL; 3315 } 3316 wakeup(&ring->desc[pkt->hdr.idx]); 3317 3318 if (((pkt->hdr.idx + ring->queued) % IWM_TX_RING_COUNT) != ring->cur) { 3319 device_printf(sc->sc_dev, 3320 "%s: Some HCMDs skipped?: idx=%d queued=%d cur=%d\n", 3321 __func__, pkt->hdr.idx, ring->queued, ring->cur); 3322 /* XXX call iwm_force_nmi() */ 3323 } 3324 3325 KASSERT(ring->queued > 0, ("ring->queued is empty?")); 3326 ring->queued--; 3327 if (ring->queued == 0) 3328 iwm_pcie_clear_cmd_in_flight(sc); 3329} 3330 3331#if 0 3332/* 3333 * necessary only for block ack mode 3334 */ 3335void 3336iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id, 3337 uint16_t len) 3338{ 3339 struct iwm_agn_scd_bc_tbl *scd_bc_tbl; 3340 uint16_t w_val; 3341 3342 scd_bc_tbl = sc->sched_dma.vaddr; 3343 3344 len += 8; /* magic numbers came naturally from paris */ 3345 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE) 3346 len = roundup(len, 4) / 4; 3347 3348 w_val = htole16(sta_id << 12 | len); 3349 3350 /* Update TX scheduler. */ 3351 scd_bc_tbl[qid].tfd_offset[idx] = w_val; 3352 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3353 BUS_DMASYNC_PREWRITE); 3354 3355 /* I really wonder what this is ?!? */ 3356 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) { 3357 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val; 3358 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3359 BUS_DMASYNC_PREWRITE); 3360 } 3361} 3362#endif 3363 3364/* 3365 * Take an 802.11 (non-n) rate, find the relevant rate 3366 * table entry. return the index into in_ridx[]. 3367 * 3368 * The caller then uses that index back into in_ridx 3369 * to figure out the rate index programmed /into/ 3370 * the firmware for this given node. 3371 */ 3372static int 3373iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in, 3374 uint8_t rate) 3375{ 3376 int i; 3377 uint8_t r; 3378 3379 for (i = 0; i < nitems(in->in_ridx); i++) { 3380 r = iwm_rates[in->in_ridx[i]].rate; 3381 if (rate == r) 3382 return (i); 3383 } 3384 3385 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3386 "%s: couldn't find an entry for rate=%d\n", 3387 __func__, 3388 rate); 3389 3390 /* XXX Return the first */ 3391 /* XXX TODO: have it return the /lowest/ */ 3392 return (0); 3393} 3394 3395static int 3396iwm_tx_rateidx_global_lookup(struct iwm_softc *sc, uint8_t rate) 3397{ 3398 int i; 3399 3400 for (i = 0; i < nitems(iwm_rates); i++) { 3401 if (iwm_rates[i].rate == rate) 3402 return (i); 3403 } 3404 /* XXX error? */ 3405 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3406 "%s: couldn't find an entry for rate=%d\n", 3407 __func__, 3408 rate); 3409 return (0); 3410} 3411 3412/* 3413 * Fill in the rate related information for a transmit command. 3414 */ 3415static const struct iwm_rate * 3416iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in, 3417 struct mbuf *m, struct iwm_tx_cmd *tx) 3418{ 3419 struct ieee80211_node *ni = &in->in_ni; 3420 struct ieee80211_frame *wh; 3421 const struct ieee80211_txparam *tp = ni->ni_txparms; 3422 const struct iwm_rate *rinfo; 3423 int type; 3424 int ridx, rate_flags; 3425 3426 wh = mtod(m, struct ieee80211_frame *); 3427 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3428 3429 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT; 3430 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY; 3431 3432 if (type == IEEE80211_FC0_TYPE_MGT) { 3433 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3434 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3435 "%s: MGT (%d)\n", __func__, tp->mgmtrate); 3436 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3437 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mcastrate); 3438 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3439 "%s: MCAST (%d)\n", __func__, tp->mcastrate); 3440 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 3441 ridx = iwm_tx_rateidx_global_lookup(sc, tp->ucastrate); 3442 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3443 "%s: FIXED_RATE (%d)\n", __func__, tp->ucastrate); 3444 } else if (m->m_flags & M_EAPOL) { 3445 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3446 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3447 "%s: EAPOL\n", __func__); 3448 } else if (type == IEEE80211_FC0_TYPE_DATA) { 3449 int i; 3450 3451 /* for data frames, use RS table */ 3452 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DATA\n", __func__); 3453 /* XXX pass pktlen */ 3454 (void) ieee80211_ratectl_rate(ni, NULL, 0); 3455 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate); 3456 ridx = in->in_ridx[i]; 3457 3458 /* This is the index into the programmed table */ 3459 tx->initial_rate_index = i; 3460 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE); 3461 3462 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3463 "%s: start with i=%d, txrate %d\n", 3464 __func__, i, iwm_rates[ridx].rate); 3465 } else { 3466 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3467 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DEFAULT (%d)\n", 3468 __func__, tp->mgmtrate); 3469 } 3470 3471 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3472 "%s: frame type=%d txrate %d\n", 3473 __func__, type, iwm_rates[ridx].rate); 3474 3475 rinfo = &iwm_rates[ridx]; 3476 3477 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n", 3478 __func__, ridx, 3479 rinfo->rate, 3480 !! (IWM_RIDX_IS_CCK(ridx)) 3481 ); 3482 3483 /* XXX TODO: hard-coded TX antenna? */ 3484 rate_flags = 1 << IWM_RATE_MCS_ANT_POS; 3485 if (IWM_RIDX_IS_CCK(ridx)) 3486 rate_flags |= IWM_RATE_MCS_CCK_MSK; 3487 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp); 3488 3489 return rinfo; 3490} 3491 3492#define TB0_SIZE 16 3493static int 3494iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac) 3495{ 3496 struct ieee80211com *ic = &sc->sc_ic; 3497 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3498 struct iwm_node *in = IWM_NODE(ni); 3499 struct iwm_tx_ring *ring; 3500 struct iwm_tx_data *data; 3501 struct iwm_tfd *desc; 3502 struct iwm_device_cmd *cmd; 3503 struct iwm_tx_cmd *tx; 3504 struct ieee80211_frame *wh; 3505 struct ieee80211_key *k = NULL; 3506 struct mbuf *m1; 3507 const struct iwm_rate *rinfo; 3508 uint32_t flags; 3509 u_int hdrlen; 3510 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER]; 3511 int nsegs; 3512 uint8_t tid, type; 3513 int i, totlen, error, pad; 3514 3515 wh = mtod(m, struct ieee80211_frame *); 3516 hdrlen = ieee80211_anyhdrsize(wh); 3517 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3518 tid = 0; 3519 ring = &sc->txq[ac]; 3520 desc = &ring->desc[ring->cur]; 3521 memset(desc, 0, sizeof(*desc)); 3522 data = &ring->data[ring->cur]; 3523 3524 /* Fill out iwm_tx_cmd to send to the firmware */ 3525 cmd = &ring->cmd[ring->cur]; 3526 cmd->hdr.code = IWM_TX_CMD; 3527 cmd->hdr.flags = 0; 3528 cmd->hdr.qid = ring->qid; 3529 cmd->hdr.idx = ring->cur; 3530 3531 tx = (void *)cmd->data; 3532 memset(tx, 0, sizeof(*tx)); 3533 3534 rinfo = iwm_tx_fill_cmd(sc, in, m, tx); 3535 3536 /* Encrypt the frame if need be. */ 3537 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 3538 /* Retrieve key for TX && do software encryption. */ 3539 k = ieee80211_crypto_encap(ni, m); 3540 if (k == NULL) { 3541 m_freem(m); 3542 return (ENOBUFS); 3543 } 3544 /* 802.11 header may have moved. */ 3545 wh = mtod(m, struct ieee80211_frame *); 3546 } 3547 3548 if (ieee80211_radiotap_active_vap(vap)) { 3549 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap; 3550 3551 tap->wt_flags = 0; 3552 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 3553 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 3554 tap->wt_rate = rinfo->rate; 3555 if (k != NULL) 3556 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 3557 ieee80211_radiotap_tx(vap, m); 3558 } 3559 3560 3561 totlen = m->m_pkthdr.len; 3562 3563 flags = 0; 3564 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3565 flags |= IWM_TX_CMD_FLG_ACK; 3566 } 3567 3568 if (type == IEEE80211_FC0_TYPE_DATA 3569 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) 3570 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3571 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE; 3572 } 3573 3574 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3575 type != IEEE80211_FC0_TYPE_DATA) 3576 tx->sta_id = sc->sc_aux_sta.sta_id; 3577 else 3578 tx->sta_id = IWM_STATION_ID; 3579 3580 if (type == IEEE80211_FC0_TYPE_MGT) { 3581 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 3582 3583 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 3584 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 3585 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC); 3586 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) { 3587 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3588 } else { 3589 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT); 3590 } 3591 } else { 3592 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3593 } 3594 3595 if (hdrlen & 3) { 3596 /* First segment length must be a multiple of 4. */ 3597 flags |= IWM_TX_CMD_FLG_MH_PAD; 3598 pad = 4 - (hdrlen & 3); 3599 } else 3600 pad = 0; 3601 3602 tx->driver_txop = 0; 3603 tx->next_frame_len = 0; 3604 3605 tx->len = htole16(totlen); 3606 tx->tid_tspec = tid; 3607 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE); 3608 3609 /* Set physical address of "scratch area". */ 3610 tx->dram_lsb_ptr = htole32(data->scratch_paddr); 3611 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr); 3612 3613 /* Copy 802.11 header in TX command. */ 3614 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 3615 3616 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL; 3617 3618 tx->sec_ctl = 0; 3619 tx->tx_flags |= htole32(flags); 3620 3621 /* Trim 802.11 header. */ 3622 m_adj(m, hdrlen); 3623 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3624 segs, &nsegs, BUS_DMA_NOWAIT); 3625 if (error != 0) { 3626 if (error != EFBIG) { 3627 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3628 error); 3629 m_freem(m); 3630 return error; 3631 } 3632 /* Too many DMA segments, linearize mbuf. */ 3633 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2); 3634 if (m1 == NULL) { 3635 device_printf(sc->sc_dev, 3636 "%s: could not defrag mbuf\n", __func__); 3637 m_freem(m); 3638 return (ENOBUFS); 3639 } 3640 m = m1; 3641 3642 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3643 segs, &nsegs, BUS_DMA_NOWAIT); 3644 if (error != 0) { 3645 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3646 error); 3647 m_freem(m); 3648 return error; 3649 } 3650 } 3651 data->m = m; 3652 data->in = in; 3653 data->done = 0; 3654 3655 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3656 "sending txd %p, in %p\n", data, data->in); 3657 KASSERT(data->in != NULL, ("node is NULL")); 3658 3659 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3660 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n", 3661 ring->qid, ring->cur, totlen, nsegs, 3662 le32toh(tx->tx_flags), 3663 le32toh(tx->rate_n_flags), 3664 tx->initial_rate_index 3665 ); 3666 3667 /* Fill TX descriptor. */ 3668 desc->num_tbs = 2 + nsegs; 3669 3670 desc->tbs[0].lo = htole32(data->cmd_paddr); 3671 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3672 (TB0_SIZE << 4); 3673 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE); 3674 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3675 ((sizeof(struct iwm_cmd_header) + sizeof(*tx) 3676 + hdrlen + pad - TB0_SIZE) << 4); 3677 3678 /* Other DMA segments are for data payload. */ 3679 for (i = 0; i < nsegs; i++) { 3680 seg = &segs[i]; 3681 desc->tbs[i+2].lo = htole32(seg->ds_addr); 3682 desc->tbs[i+2].hi_n_len = \ 3683 htole16(iwm_get_dma_hi_addr(seg->ds_addr)) 3684 | ((seg->ds_len) << 4); 3685 } 3686 3687 bus_dmamap_sync(ring->data_dmat, data->map, 3688 BUS_DMASYNC_PREWRITE); 3689 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map, 3690 BUS_DMASYNC_PREWRITE); 3691 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3692 BUS_DMASYNC_PREWRITE); 3693 3694#if 0 3695 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len)); 3696#endif 3697 3698 /* Kick TX ring. */ 3699 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT; 3700 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 3701 3702 /* Mark TX ring as full if we reach a certain threshold. */ 3703 if (++ring->queued > IWM_TX_RING_HIMARK) { 3704 sc->qfullmsk |= 1 << ring->qid; 3705 } 3706 3707 return 0; 3708} 3709 3710static int 3711iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3712 const struct ieee80211_bpf_params *params) 3713{ 3714 struct ieee80211com *ic = ni->ni_ic; 3715 struct iwm_softc *sc = ic->ic_softc; 3716 int error = 0; 3717 3718 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3719 "->%s begin\n", __func__); 3720 3721 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 3722 m_freem(m); 3723 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3724 "<-%s not RUNNING\n", __func__); 3725 return (ENETDOWN); 3726 } 3727 3728 IWM_LOCK(sc); 3729 /* XXX fix this */ 3730 if (params == NULL) { 3731 error = iwm_tx(sc, m, ni, 0); 3732 } else { 3733 error = iwm_tx(sc, m, ni, 0); 3734 } 3735 sc->sc_tx_timer = 5; 3736 IWM_UNLOCK(sc); 3737 3738 return (error); 3739} 3740 3741/* 3742 * mvm/tx.c 3743 */ 3744 3745/* 3746 * Note that there are transports that buffer frames before they reach 3747 * the firmware. This means that after flush_tx_path is called, the 3748 * queue might not be empty. The race-free way to handle this is to: 3749 * 1) set the station as draining 3750 * 2) flush the Tx path 3751 * 3) wait for the transport queues to be empty 3752 */ 3753int 3754iwm_mvm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags) 3755{ 3756 int ret; 3757 struct iwm_tx_path_flush_cmd flush_cmd = { 3758 .queues_ctl = htole32(tfd_msk), 3759 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH), 3760 }; 3761 3762 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags, 3763 sizeof(flush_cmd), &flush_cmd); 3764 if (ret) 3765 device_printf(sc->sc_dev, 3766 "Flushing tx queue failed: %d\n", ret); 3767 return ret; 3768} 3769 3770/* 3771 * BEGIN mvm/sta.c 3772 */ 3773 3774static int 3775iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *sc, 3776 struct iwm_mvm_add_sta_cmd_v7 *cmd, int *status) 3777{ 3778 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(*cmd), 3779 cmd, status); 3780} 3781 3782/* send station add/update command to firmware */ 3783static int 3784iwm_mvm_sta_send_to_fw(struct iwm_softc *sc, struct iwm_node *in, int update) 3785{ 3786 struct iwm_mvm_add_sta_cmd_v7 add_sta_cmd; 3787 int ret; 3788 uint32_t status; 3789 3790 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd)); 3791 3792 add_sta_cmd.sta_id = IWM_STATION_ID; 3793 add_sta_cmd.mac_id_n_color 3794 = htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_DEFAULT_MACID, 3795 IWM_DEFAULT_COLOR)); 3796 if (!update) { 3797 int ac; 3798 for (ac = 0; ac < WME_NUM_AC; ac++) { 3799 add_sta_cmd.tfd_queue_msk |= 3800 htole32(1 << iwm_mvm_ac_to_tx_fifo[ac]); 3801 } 3802 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid); 3803 } 3804 add_sta_cmd.add_modify = update ? 1 : 0; 3805 add_sta_cmd.station_flags_msk 3806 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK); 3807 add_sta_cmd.tid_disable_tx = htole16(0xffff); 3808 if (update) 3809 add_sta_cmd.modify_mask |= (IWM_STA_MODIFY_TID_DISABLE_TX); 3810 3811 status = IWM_ADD_STA_SUCCESS; 3812 ret = iwm_mvm_send_add_sta_cmd_status(sc, &add_sta_cmd, &status); 3813 if (ret) 3814 return ret; 3815 3816 switch (status) { 3817 case IWM_ADD_STA_SUCCESS: 3818 break; 3819 default: 3820 ret = EIO; 3821 device_printf(sc->sc_dev, "IWM_ADD_STA failed\n"); 3822 break; 3823 } 3824 3825 return ret; 3826} 3827 3828static int 3829iwm_mvm_add_sta(struct iwm_softc *sc, struct iwm_node *in) 3830{ 3831 return iwm_mvm_sta_send_to_fw(sc, in, 0); 3832} 3833 3834static int 3835iwm_mvm_update_sta(struct iwm_softc *sc, struct iwm_node *in) 3836{ 3837 return iwm_mvm_sta_send_to_fw(sc, in, 1); 3838} 3839 3840static int 3841iwm_mvm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta, 3842 const uint8_t *addr, uint16_t mac_id, uint16_t color) 3843{ 3844 struct iwm_mvm_add_sta_cmd_v7 cmd; 3845 int ret; 3846 uint32_t status; 3847 3848 memset(&cmd, 0, sizeof(cmd)); 3849 cmd.sta_id = sta->sta_id; 3850 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color)); 3851 3852 cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk); 3853 cmd.tid_disable_tx = htole16(0xffff); 3854 3855 if (addr) 3856 IEEE80211_ADDR_COPY(cmd.addr, addr); 3857 3858 ret = iwm_mvm_send_add_sta_cmd_status(sc, &cmd, &status); 3859 if (ret) 3860 return ret; 3861 3862 switch (status) { 3863 case IWM_ADD_STA_SUCCESS: 3864 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 3865 "%s: Internal station added.\n", __func__); 3866 return 0; 3867 default: 3868 device_printf(sc->sc_dev, 3869 "%s: Add internal station failed, status=0x%x\n", 3870 __func__, status); 3871 ret = EIO; 3872 break; 3873 } 3874 return ret; 3875} 3876 3877static int 3878iwm_mvm_add_aux_sta(struct iwm_softc *sc) 3879{ 3880 int ret; 3881 3882 sc->sc_aux_sta.sta_id = IWM_AUX_STA_ID; 3883 sc->sc_aux_sta.tfd_queue_msk = (1 << IWM_MVM_AUX_QUEUE); 3884 3885 ret = iwm_enable_txq(sc, 0, IWM_MVM_AUX_QUEUE, IWM_MVM_TX_FIFO_MCAST); 3886 if (ret) 3887 return ret; 3888 3889 ret = iwm_mvm_add_int_sta_common(sc, 3890 &sc->sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0); 3891 3892 if (ret) 3893 memset(&sc->sc_aux_sta, 0, sizeof(sc->sc_aux_sta)); 3894 return ret; 3895} 3896 3897/* 3898 * END mvm/sta.c 3899 */ 3900 3901/* 3902 * BEGIN mvm/quota.c 3903 */ 3904 3905static int 3906iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_node *in) 3907{ 3908 struct iwm_time_quota_cmd cmd; 3909 int i, idx, ret, num_active_macs, quota, quota_rem; 3910 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, }; 3911 int n_ifs[IWM_MAX_BINDINGS] = {0, }; 3912 uint16_t id; 3913 3914 memset(&cmd, 0, sizeof(cmd)); 3915 3916 /* currently, PHY ID == binding ID */ 3917 if (in) { 3918 id = in->in_phyctxt->id; 3919 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id")); 3920 colors[id] = in->in_phyctxt->color; 3921 3922 if (1) 3923 n_ifs[id] = 1; 3924 } 3925 3926 /* 3927 * The FW's scheduling session consists of 3928 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments 3929 * equally between all the bindings that require quota 3930 */ 3931 num_active_macs = 0; 3932 for (i = 0; i < IWM_MAX_BINDINGS; i++) { 3933 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID); 3934 num_active_macs += n_ifs[i]; 3935 } 3936 3937 quota = 0; 3938 quota_rem = 0; 3939 if (num_active_macs) { 3940 quota = IWM_MVM_MAX_QUOTA / num_active_macs; 3941 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs; 3942 } 3943 3944 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) { 3945 if (colors[i] < 0) 3946 continue; 3947 3948 cmd.quotas[idx].id_and_color = 3949 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i])); 3950 3951 if (n_ifs[i] <= 0) { 3952 cmd.quotas[idx].quota = htole32(0); 3953 cmd.quotas[idx].max_duration = htole32(0); 3954 } else { 3955 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]); 3956 cmd.quotas[idx].max_duration = htole32(0); 3957 } 3958 idx++; 3959 } 3960 3961 /* Give the remainder of the session to the first binding */ 3962 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem); 3963 3964 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC, 3965 sizeof(cmd), &cmd); 3966 if (ret) 3967 device_printf(sc->sc_dev, 3968 "%s: Failed to send quota: %d\n", __func__, ret); 3969 return ret; 3970} 3971 3972/* 3973 * END mvm/quota.c 3974 */ 3975 3976/* 3977 * ieee80211 routines 3978 */ 3979 3980/* 3981 * Change to AUTH state in 80211 state machine. Roughly matches what 3982 * Linux does in bss_info_changed(). 3983 */ 3984static int 3985iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc) 3986{ 3987 struct ieee80211_node *ni; 3988 struct iwm_node *in; 3989 struct iwm_vap *iv = IWM_VAP(vap); 3990 uint32_t duration; 3991 int error; 3992 3993 /* 3994 * XXX i have a feeling that the vap node is being 3995 * freed from underneath us. Grr. 3996 */ 3997 ni = ieee80211_ref_node(vap->iv_bss); 3998 in = IWM_NODE(ni); 3999 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE, 4000 "%s: called; vap=%p, bss ni=%p\n", 4001 __func__, 4002 vap, 4003 ni); 4004 4005 in->in_assoc = 0; 4006 4007 error = iwm_mvm_sf_config(sc, IWM_SF_FULL_ON); 4008 if (error != 0) 4009 return error; 4010 4011 error = iwm_allow_mcast(vap, sc); 4012 if (error) { 4013 device_printf(sc->sc_dev, 4014 "%s: failed to set multicast\n", __func__); 4015 goto out; 4016 } 4017 4018 /* 4019 * This is where it deviates from what Linux does. 4020 * 4021 * Linux iwlwifi doesn't reset the nic each time, nor does it 4022 * call ctxt_add() here. Instead, it adds it during vap creation, 4023 * and always does a mac_ctx_changed(). 4024 * 4025 * The openbsd port doesn't attempt to do that - it reset things 4026 * at odd states and does the add here. 4027 * 4028 * So, until the state handling is fixed (ie, we never reset 4029 * the NIC except for a firmware failure, which should drag 4030 * the NIC back to IDLE, re-setup and re-add all the mac/phy 4031 * contexts that are required), let's do a dirty hack here. 4032 */ 4033 if (iv->is_uploaded) { 4034 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4035 device_printf(sc->sc_dev, 4036 "%s: failed to update MAC\n", __func__); 4037 goto out; 4038 } 4039 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 4040 in->in_ni.ni_chan, 1, 1)) != 0) { 4041 device_printf(sc->sc_dev, 4042 "%s: failed update phy ctxt\n", __func__); 4043 goto out; 4044 } 4045 in->in_phyctxt = &sc->sc_phyctxt[0]; 4046 4047 if ((error = iwm_mvm_binding_update(sc, in)) != 0) { 4048 device_printf(sc->sc_dev, 4049 "%s: binding update cmd\n", __func__); 4050 goto out; 4051 } 4052 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 4053 device_printf(sc->sc_dev, 4054 "%s: failed to update sta\n", __func__); 4055 goto out; 4056 } 4057 } else { 4058 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) { 4059 device_printf(sc->sc_dev, 4060 "%s: failed to add MAC\n", __func__); 4061 goto out; 4062 } 4063 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 4064 in->in_ni.ni_chan, 1, 1)) != 0) { 4065 device_printf(sc->sc_dev, 4066 "%s: failed add phy ctxt!\n", __func__); 4067 error = ETIMEDOUT; 4068 goto out; 4069 } 4070 in->in_phyctxt = &sc->sc_phyctxt[0]; 4071 4072 if ((error = iwm_mvm_binding_add_vif(sc, in)) != 0) { 4073 device_printf(sc->sc_dev, 4074 "%s: binding add cmd\n", __func__); 4075 goto out; 4076 } 4077 if ((error = iwm_mvm_add_sta(sc, in)) != 0) { 4078 device_printf(sc->sc_dev, 4079 "%s: failed to add sta\n", __func__); 4080 goto out; 4081 } 4082 } 4083 4084 /* 4085 * Prevent the FW from wandering off channel during association 4086 * by "protecting" the session with a time event. 4087 */ 4088 /* XXX duration is in units of TU, not MS */ 4089 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS; 4090 iwm_mvm_protect_session(sc, in, duration, 500 /* XXX magic number */); 4091 DELAY(100); 4092 4093 error = 0; 4094out: 4095 ieee80211_free_node(ni); 4096 return (error); 4097} 4098 4099static int 4100iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc) 4101{ 4102 struct iwm_node *in = IWM_NODE(vap->iv_bss); 4103 int error; 4104 4105 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 4106 device_printf(sc->sc_dev, 4107 "%s: failed to update STA\n", __func__); 4108 return error; 4109 } 4110 4111 in->in_assoc = 1; 4112 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4113 device_printf(sc->sc_dev, 4114 "%s: failed to update MAC\n", __func__); 4115 return error; 4116 } 4117 4118 return 0; 4119} 4120 4121static int 4122iwm_release(struct iwm_softc *sc, struct iwm_node *in) 4123{ 4124 uint32_t tfd_msk; 4125 4126 /* 4127 * Ok, so *technically* the proper set of calls for going 4128 * from RUN back to SCAN is: 4129 * 4130 * iwm_mvm_power_mac_disable(sc, in); 4131 * iwm_mvm_mac_ctxt_changed(sc, in); 4132 * iwm_mvm_rm_sta(sc, in); 4133 * iwm_mvm_update_quotas(sc, NULL); 4134 * iwm_mvm_mac_ctxt_changed(sc, in); 4135 * iwm_mvm_binding_remove_vif(sc, in); 4136 * iwm_mvm_mac_ctxt_remove(sc, in); 4137 * 4138 * However, that freezes the device not matter which permutations 4139 * and modifications are attempted. Obviously, this driver is missing 4140 * something since it works in the Linux driver, but figuring out what 4141 * is missing is a little more complicated. Now, since we're going 4142 * back to nothing anyway, we'll just do a complete device reset. 4143 * Up your's, device! 4144 */ 4145 /* 4146 * Just using 0xf for the queues mask is fine as long as we only 4147 * get here from RUN state. 4148 */ 4149 tfd_msk = 0xf; 4150 mbufq_drain(&sc->sc_snd); 4151 iwm_mvm_flush_tx_path(sc, tfd_msk, IWM_CMD_SYNC); 4152 /* 4153 * We seem to get away with just synchronously sending the 4154 * IWM_TXPATH_FLUSH command. 4155 */ 4156// iwm_trans_wait_tx_queue_empty(sc, tfd_msk); 4157 iwm_stop_device(sc); 4158 iwm_init_hw(sc); 4159 if (in) 4160 in->in_assoc = 0; 4161 return 0; 4162 4163#if 0 4164 int error; 4165 4166 iwm_mvm_power_mac_disable(sc, in); 4167 4168 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) { 4169 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error); 4170 return error; 4171 } 4172 4173 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) { 4174 device_printf(sc->sc_dev, "sta remove fail %d\n", error); 4175 return error; 4176 } 4177 error = iwm_mvm_rm_sta(sc, in); 4178 in->in_assoc = 0; 4179 iwm_mvm_update_quotas(sc, NULL); 4180 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) { 4181 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error); 4182 return error; 4183 } 4184 iwm_mvm_binding_remove_vif(sc, in); 4185 4186 iwm_mvm_mac_ctxt_remove(sc, in); 4187 4188 return error; 4189#endif 4190} 4191 4192static struct ieee80211_node * 4193iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 4194{ 4195 return malloc(sizeof (struct iwm_node), M_80211_NODE, 4196 M_NOWAIT | M_ZERO); 4197} 4198 4199static void 4200iwm_setrates(struct iwm_softc *sc, struct iwm_node *in) 4201{ 4202 struct ieee80211_node *ni = &in->in_ni; 4203 struct iwm_lq_cmd *lq = &in->in_lq; 4204 int nrates = ni->ni_rates.rs_nrates; 4205 int i, ridx, tab = 0; 4206// int txant = 0; 4207 4208 if (nrates > nitems(lq->rs_table)) { 4209 device_printf(sc->sc_dev, 4210 "%s: node supports %d rates, driver handles " 4211 "only %zu\n", __func__, nrates, nitems(lq->rs_table)); 4212 return; 4213 } 4214 if (nrates == 0) { 4215 device_printf(sc->sc_dev, 4216 "%s: node supports 0 rates, odd!\n", __func__); 4217 return; 4218 } 4219 4220 /* 4221 * XXX .. and most of iwm_node is not initialised explicitly; 4222 * it's all just 0x0 passed to the firmware. 4223 */ 4224 4225 /* first figure out which rates we should support */ 4226 /* XXX TODO: this isn't 11n aware /at all/ */ 4227 memset(&in->in_ridx, -1, sizeof(in->in_ridx)); 4228 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4229 "%s: nrates=%d\n", __func__, nrates); 4230 4231 /* 4232 * Loop over nrates and populate in_ridx from the highest 4233 * rate to the lowest rate. Remember, in_ridx[] has 4234 * IEEE80211_RATE_MAXSIZE entries! 4235 */ 4236 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) { 4237 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL; 4238 4239 /* Map 802.11 rate to HW rate index. */ 4240 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++) 4241 if (iwm_rates[ridx].rate == rate) 4242 break; 4243 if (ridx > IWM_RIDX_MAX) { 4244 device_printf(sc->sc_dev, 4245 "%s: WARNING: device rate for %d not found!\n", 4246 __func__, rate); 4247 } else { 4248 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4249 "%s: rate: i: %d, rate=%d, ridx=%d\n", 4250 __func__, 4251 i, 4252 rate, 4253 ridx); 4254 in->in_ridx[i] = ridx; 4255 } 4256 } 4257 4258 /* then construct a lq_cmd based on those */ 4259 memset(lq, 0, sizeof(*lq)); 4260 lq->sta_id = IWM_STATION_ID; 4261 4262 /* For HT, always enable RTS/CTS to avoid excessive retries. */ 4263 if (ni->ni_flags & IEEE80211_NODE_HT) 4264 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK; 4265 4266 /* 4267 * are these used? (we don't do SISO or MIMO) 4268 * need to set them to non-zero, though, or we get an error. 4269 */ 4270 lq->single_stream_ant_msk = 1; 4271 lq->dual_stream_ant_msk = 1; 4272 4273 /* 4274 * Build the actual rate selection table. 4275 * The lowest bits are the rates. Additionally, 4276 * CCK needs bit 9 to be set. The rest of the bits 4277 * we add to the table select the tx antenna 4278 * Note that we add the rates in the highest rate first 4279 * (opposite of ni_rates). 4280 */ 4281 /* 4282 * XXX TODO: this should be looping over the min of nrates 4283 * and LQ_MAX_RETRY_NUM. Sigh. 4284 */ 4285 for (i = 0; i < nrates; i++) { 4286 int nextant; 4287 4288#if 0 4289 if (txant == 0) 4290 txant = iwm_mvm_get_valid_tx_ant(sc); 4291 nextant = 1<<(ffs(txant)-1); 4292 txant &= ~nextant; 4293#else 4294 nextant = iwm_mvm_get_valid_tx_ant(sc); 4295#endif 4296 /* 4297 * Map the rate id into a rate index into 4298 * our hardware table containing the 4299 * configuration to use for this rate. 4300 */ 4301 ridx = in->in_ridx[i]; 4302 tab = iwm_rates[ridx].plcp; 4303 tab |= nextant << IWM_RATE_MCS_ANT_POS; 4304 if (IWM_RIDX_IS_CCK(ridx)) 4305 tab |= IWM_RATE_MCS_CCK_MSK; 4306 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4307 "station rate i=%d, rate=%d, hw=%x\n", 4308 i, iwm_rates[ridx].rate, tab); 4309 lq->rs_table[i] = htole32(tab); 4310 } 4311 /* then fill the rest with the lowest possible rate */ 4312 for (i = nrates; i < nitems(lq->rs_table); i++) { 4313 KASSERT(tab != 0, ("invalid tab")); 4314 lq->rs_table[i] = htole32(tab); 4315 } 4316} 4317 4318static int 4319iwm_media_change(struct ifnet *ifp) 4320{ 4321 struct ieee80211vap *vap = ifp->if_softc; 4322 struct ieee80211com *ic = vap->iv_ic; 4323 struct iwm_softc *sc = ic->ic_softc; 4324 int error; 4325 4326 error = ieee80211_media_change(ifp); 4327 if (error != ENETRESET) 4328 return error; 4329 4330 IWM_LOCK(sc); 4331 if (ic->ic_nrunning > 0) { 4332 iwm_stop(sc); 4333 iwm_init(sc); 4334 } 4335 IWM_UNLOCK(sc); 4336 return error; 4337} 4338 4339 4340static int 4341iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 4342{ 4343 struct iwm_vap *ivp = IWM_VAP(vap); 4344 struct ieee80211com *ic = vap->iv_ic; 4345 struct iwm_softc *sc = ic->ic_softc; 4346 struct iwm_node *in; 4347 int error; 4348 4349 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4350 "switching state %s -> %s\n", 4351 ieee80211_state_name[vap->iv_state], 4352 ieee80211_state_name[nstate]); 4353 IEEE80211_UNLOCK(ic); 4354 IWM_LOCK(sc); 4355 4356 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state) 4357 iwm_led_blink_stop(sc); 4358 4359 /* disable beacon filtering if we're hopping out of RUN */ 4360 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) { 4361 iwm_mvm_disable_beacon_filter(sc); 4362 4363 if (((in = IWM_NODE(vap->iv_bss)) != NULL)) 4364 in->in_assoc = 0; 4365 4366 if (nstate == IEEE80211_S_INIT) { 4367 IWM_UNLOCK(sc); 4368 IEEE80211_LOCK(ic); 4369 error = ivp->iv_newstate(vap, nstate, arg); 4370 IEEE80211_UNLOCK(ic); 4371 IWM_LOCK(sc); 4372 iwm_release(sc, NULL); 4373 IWM_UNLOCK(sc); 4374 IEEE80211_LOCK(ic); 4375 return error; 4376 } 4377 4378 /* 4379 * It's impossible to directly go RUN->SCAN. If we iwm_release() 4380 * above then the card will be completely reinitialized, 4381 * so the driver must do everything necessary to bring the card 4382 * from INIT to SCAN. 4383 * 4384 * Additionally, upon receiving deauth frame from AP, 4385 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH 4386 * state. This will also fail with this driver, so bring the FSM 4387 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well. 4388 * 4389 * XXX TODO: fix this for FreeBSD! 4390 */ 4391 if (nstate == IEEE80211_S_SCAN || 4392 nstate == IEEE80211_S_AUTH || 4393 nstate == IEEE80211_S_ASSOC) { 4394 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4395 "Force transition to INIT; MGT=%d\n", arg); 4396 IWM_UNLOCK(sc); 4397 IEEE80211_LOCK(ic); 4398 /* Always pass arg as -1 since we can't Tx right now. */ 4399 /* 4400 * XXX arg is just ignored anyway when transitioning 4401 * to IEEE80211_S_INIT. 4402 */ 4403 vap->iv_newstate(vap, IEEE80211_S_INIT, -1); 4404 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4405 "Going INIT->SCAN\n"); 4406 nstate = IEEE80211_S_SCAN; 4407 IEEE80211_UNLOCK(ic); 4408 IWM_LOCK(sc); 4409 } 4410 } 4411 4412 switch (nstate) { 4413 case IEEE80211_S_INIT: 4414 break; 4415 4416 case IEEE80211_S_AUTH: 4417 if ((error = iwm_auth(vap, sc)) != 0) { 4418 device_printf(sc->sc_dev, 4419 "%s: could not move to auth state: %d\n", 4420 __func__, error); 4421 break; 4422 } 4423 break; 4424 4425 case IEEE80211_S_ASSOC: 4426 if ((error = iwm_assoc(vap, sc)) != 0) { 4427 device_printf(sc->sc_dev, 4428 "%s: failed to associate: %d\n", __func__, 4429 error); 4430 break; 4431 } 4432 break; 4433 4434 case IEEE80211_S_RUN: 4435 { 4436 struct iwm_host_cmd cmd = { 4437 .id = IWM_LQ_CMD, 4438 .len = { sizeof(in->in_lq), }, 4439 .flags = IWM_CMD_SYNC, 4440 }; 4441 4442 /* Update the association state, now we have it all */ 4443 /* (eg associd comes in at this point */ 4444 error = iwm_assoc(vap, sc); 4445 if (error != 0) { 4446 device_printf(sc->sc_dev, 4447 "%s: failed to update association state: %d\n", 4448 __func__, 4449 error); 4450 break; 4451 } 4452 4453 in = IWM_NODE(vap->iv_bss); 4454 iwm_mvm_power_mac_update_mode(sc, in); 4455 iwm_mvm_enable_beacon_filter(sc, in); 4456 iwm_mvm_update_quotas(sc, in); 4457 iwm_setrates(sc, in); 4458 4459 cmd.data[0] = &in->in_lq; 4460 if ((error = iwm_send_cmd(sc, &cmd)) != 0) { 4461 device_printf(sc->sc_dev, 4462 "%s: IWM_LQ_CMD failed\n", __func__); 4463 } 4464 4465 iwm_mvm_led_enable(sc); 4466 break; 4467 } 4468 4469 default: 4470 break; 4471 } 4472 IWM_UNLOCK(sc); 4473 IEEE80211_LOCK(ic); 4474 4475 return (ivp->iv_newstate(vap, nstate, arg)); 4476} 4477 4478void 4479iwm_endscan_cb(void *arg, int pending) 4480{ 4481 struct iwm_softc *sc = arg; 4482 struct ieee80211com *ic = &sc->sc_ic; 4483 4484 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE, 4485 "%s: scan ended\n", 4486 __func__); 4487 4488 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps)); 4489} 4490 4491/* 4492 * Aging and idle timeouts for the different possible scenarios 4493 * in default configuration 4494 */ 4495static const uint32_t 4496iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4497 { 4498 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF), 4499 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF) 4500 }, 4501 { 4502 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF), 4503 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF) 4504 }, 4505 { 4506 htole32(IWM_SF_MCAST_AGING_TIMER_DEF), 4507 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF) 4508 }, 4509 { 4510 htole32(IWM_SF_BA_AGING_TIMER_DEF), 4511 htole32(IWM_SF_BA_IDLE_TIMER_DEF) 4512 }, 4513 { 4514 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF), 4515 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF) 4516 }, 4517}; 4518 4519/* 4520 * Aging and idle timeouts for the different possible scenarios 4521 * in single BSS MAC configuration. 4522 */ 4523static const uint32_t 4524iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4525 { 4526 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER), 4527 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER) 4528 }, 4529 { 4530 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER), 4531 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER) 4532 }, 4533 { 4534 htole32(IWM_SF_MCAST_AGING_TIMER), 4535 htole32(IWM_SF_MCAST_IDLE_TIMER) 4536 }, 4537 { 4538 htole32(IWM_SF_BA_AGING_TIMER), 4539 htole32(IWM_SF_BA_IDLE_TIMER) 4540 }, 4541 { 4542 htole32(IWM_SF_TX_RE_AGING_TIMER), 4543 htole32(IWM_SF_TX_RE_IDLE_TIMER) 4544 }, 4545}; 4546 4547static void 4548iwm_mvm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd, 4549 struct ieee80211_node *ni) 4550{ 4551 int i, j, watermark; 4552 4553 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN); 4554 4555 /* 4556 * If we are in association flow - check antenna configuration 4557 * capabilities of the AP station, and choose the watermark accordingly. 4558 */ 4559 if (ni) { 4560 if (ni->ni_flags & IEEE80211_NODE_HT) { 4561#ifdef notyet 4562 if (ni->ni_rxmcs[2] != 0) 4563 watermark = IWM_SF_W_MARK_MIMO3; 4564 else if (ni->ni_rxmcs[1] != 0) 4565 watermark = IWM_SF_W_MARK_MIMO2; 4566 else 4567#endif 4568 watermark = IWM_SF_W_MARK_SISO; 4569 } else { 4570 watermark = IWM_SF_W_MARK_LEGACY; 4571 } 4572 /* default watermark value for unassociated mode. */ 4573 } else { 4574 watermark = IWM_SF_W_MARK_MIMO2; 4575 } 4576 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark); 4577 4578 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) { 4579 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) { 4580 sf_cmd->long_delay_timeouts[i][j] = 4581 htole32(IWM_SF_LONG_DELAY_AGING_TIMER); 4582 } 4583 } 4584 4585 if (ni) { 4586 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout, 4587 sizeof(iwm_sf_full_timeout)); 4588 } else { 4589 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def, 4590 sizeof(iwm_sf_full_timeout_def)); 4591 } 4592} 4593 4594static int 4595iwm_mvm_sf_config(struct iwm_softc *sc, enum iwm_sf_state new_state) 4596{ 4597 struct ieee80211com *ic = &sc->sc_ic; 4598 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4599 struct iwm_sf_cfg_cmd sf_cmd = { 4600 .state = htole32(IWM_SF_FULL_ON), 4601 }; 4602 int ret = 0; 4603 4604 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 4605 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF); 4606 4607 switch (new_state) { 4608 case IWM_SF_UNINIT: 4609 case IWM_SF_INIT_OFF: 4610 iwm_mvm_fill_sf_command(sc, &sf_cmd, NULL); 4611 break; 4612 case IWM_SF_FULL_ON: 4613 iwm_mvm_fill_sf_command(sc, &sf_cmd, vap->iv_bss); 4614 break; 4615 default: 4616 IWM_DPRINTF(sc, IWM_DEBUG_PWRSAVE, 4617 "Invalid state: %d. not sending Smart Fifo cmd\n", 4618 new_state); 4619 return EINVAL; 4620 } 4621 4622 ret = iwm_mvm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC, 4623 sizeof(sf_cmd), &sf_cmd); 4624 return ret; 4625} 4626 4627static int 4628iwm_send_bt_init_conf(struct iwm_softc *sc) 4629{ 4630 struct iwm_bt_coex_cmd bt_cmd; 4631 4632 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI); 4633 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET); 4634 4635 return iwm_mvm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd), 4636 &bt_cmd); 4637} 4638 4639static int 4640iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2) 4641{ 4642 struct iwm_mcc_update_cmd mcc_cmd; 4643 struct iwm_host_cmd hcmd = { 4644 .id = IWM_MCC_UPDATE_CMD, 4645 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB), 4646 .data = { &mcc_cmd }, 4647 }; 4648 int ret; 4649#ifdef IWM_DEBUG 4650 struct iwm_rx_packet *pkt; 4651 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL; 4652 struct iwm_mcc_update_resp *mcc_resp; 4653 int n_channels; 4654 uint16_t mcc; 4655#endif 4656 int resp_v2 = isset(sc->sc_enabled_capa, 4657 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2); 4658 4659 memset(&mcc_cmd, 0, sizeof(mcc_cmd)); 4660 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]); 4661 if ((sc->sc_ucode_api & IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) || 4662 isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC)) 4663 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT; 4664 else 4665 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW; 4666 4667 if (resp_v2) 4668 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd); 4669 else 4670 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1); 4671 4672 IWM_DPRINTF(sc, IWM_DEBUG_NODE, 4673 "send MCC update to FW with '%c%c' src = %d\n", 4674 alpha2[0], alpha2[1], mcc_cmd.source_id); 4675 4676 ret = iwm_send_cmd(sc, &hcmd); 4677 if (ret) 4678 return ret; 4679 4680#ifdef IWM_DEBUG 4681 pkt = hcmd.resp_pkt; 4682 4683 /* Extract MCC response */ 4684 if (resp_v2) { 4685 mcc_resp = (void *)pkt->data; 4686 mcc = mcc_resp->mcc; 4687 n_channels = le32toh(mcc_resp->n_channels); 4688 } else { 4689 mcc_resp_v1 = (void *)pkt->data; 4690 mcc = mcc_resp_v1->mcc; 4691 n_channels = le32toh(mcc_resp_v1->n_channels); 4692 } 4693 4694 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */ 4695 if (mcc == 0) 4696 mcc = 0x3030; /* "00" - world */ 4697 4698 IWM_DPRINTF(sc, IWM_DEBUG_NODE, 4699 "regulatory domain '%c%c' (%d channels available)\n", 4700 mcc >> 8, mcc & 0xff, n_channels); 4701#endif 4702 iwm_free_resp(sc, &hcmd); 4703 4704 return 0; 4705} 4706 4707static void 4708iwm_mvm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff) 4709{ 4710 struct iwm_host_cmd cmd = { 4711 .id = IWM_REPLY_THERMAL_MNG_BACKOFF, 4712 .len = { sizeof(uint32_t), }, 4713 .data = { &backoff, }, 4714 }; 4715 4716 if (iwm_send_cmd(sc, &cmd) != 0) { 4717 device_printf(sc->sc_dev, 4718 "failed to change thermal tx backoff\n"); 4719 } 4720} 4721 4722static int 4723iwm_init_hw(struct iwm_softc *sc) 4724{ 4725 struct ieee80211com *ic = &sc->sc_ic; 4726 int error, i, ac; 4727 4728 if ((error = iwm_start_hw(sc)) != 0) { 4729 printf("iwm_start_hw: failed %d\n", error); 4730 return error; 4731 } 4732 4733 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) { 4734 printf("iwm_run_init_mvm_ucode: failed %d\n", error); 4735 return error; 4736 } 4737 4738 /* 4739 * should stop and start HW since that INIT 4740 * image just loaded 4741 */ 4742 iwm_stop_device(sc); 4743 if ((error = iwm_start_hw(sc)) != 0) { 4744 device_printf(sc->sc_dev, "could not initialize hardware\n"); 4745 return error; 4746 } 4747 4748 /* omstart, this time with the regular firmware */ 4749 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_REGULAR); 4750 if (error) { 4751 device_printf(sc->sc_dev, "could not load firmware\n"); 4752 goto error; 4753 } 4754 4755 if ((error = iwm_send_bt_init_conf(sc)) != 0) { 4756 device_printf(sc->sc_dev, "bt init conf failed\n"); 4757 goto error; 4758 } 4759 4760 error = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc)); 4761 if (error != 0) { 4762 device_printf(sc->sc_dev, "antenna config failed\n"); 4763 goto error; 4764 } 4765 4766 /* Send phy db control command and then phy db calibration */ 4767 if ((error = iwm_send_phy_db_data(sc->sc_phy_db)) != 0) 4768 goto error; 4769 4770 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) { 4771 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n"); 4772 goto error; 4773 } 4774 4775 /* Add auxiliary station for scanning */ 4776 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) { 4777 device_printf(sc->sc_dev, "add_aux_sta failed\n"); 4778 goto error; 4779 } 4780 4781 for (i = 0; i < IWM_NUM_PHY_CTX; i++) { 4782 /* 4783 * The channel used here isn't relevant as it's 4784 * going to be overwritten in the other flows. 4785 * For now use the first channel we have. 4786 */ 4787 if ((error = iwm_mvm_phy_ctxt_add(sc, 4788 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0) 4789 goto error; 4790 } 4791 4792 /* Initialize tx backoffs to the minimum. */ 4793 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 4794 iwm_mvm_tt_tx_backoff(sc, 0); 4795 4796 error = iwm_mvm_power_update_device(sc); 4797 if (error) 4798 goto error; 4799 4800 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_SUPPORT)) { 4801 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0) 4802 goto error; 4803 } 4804 4805 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) { 4806 if ((error = iwm_mvm_config_umac_scan(sc)) != 0) 4807 goto error; 4808 } 4809 4810 /* Enable Tx queues. */ 4811 for (ac = 0; ac < WME_NUM_AC; ac++) { 4812 error = iwm_enable_txq(sc, IWM_STATION_ID, ac, 4813 iwm_mvm_ac_to_tx_fifo[ac]); 4814 if (error) 4815 goto error; 4816 } 4817 4818 if ((error = iwm_mvm_disable_beacon_filter(sc)) != 0) { 4819 device_printf(sc->sc_dev, "failed to disable beacon filter\n"); 4820 goto error; 4821 } 4822 4823 return 0; 4824 4825 error: 4826 iwm_stop_device(sc); 4827 return error; 4828} 4829 4830/* Allow multicast from our BSSID. */ 4831static int 4832iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc) 4833{ 4834 struct ieee80211_node *ni = vap->iv_bss; 4835 struct iwm_mcast_filter_cmd *cmd; 4836 size_t size; 4837 int error; 4838 4839 size = roundup(sizeof(*cmd), 4); 4840 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO); 4841 if (cmd == NULL) 4842 return ENOMEM; 4843 cmd->filter_own = 1; 4844 cmd->port_id = 0; 4845 cmd->count = 0; 4846 cmd->pass_all = 1; 4847 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid); 4848 4849 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD, 4850 IWM_CMD_SYNC, size, cmd); 4851 free(cmd, M_DEVBUF); 4852 4853 return (error); 4854} 4855 4856/* 4857 * ifnet interfaces 4858 */ 4859 4860static void 4861iwm_init(struct iwm_softc *sc) 4862{ 4863 int error; 4864 4865 if (sc->sc_flags & IWM_FLAG_HW_INITED) { 4866 return; 4867 } 4868 sc->sc_generation++; 4869 sc->sc_flags &= ~IWM_FLAG_STOPPED; 4870 4871 if ((error = iwm_init_hw(sc)) != 0) { 4872 printf("iwm_init_hw failed %d\n", error); 4873 iwm_stop(sc); 4874 return; 4875 } 4876 4877 /* 4878 * Ok, firmware loaded and we are jogging 4879 */ 4880 sc->sc_flags |= IWM_FLAG_HW_INITED; 4881 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 4882} 4883 4884static int 4885iwm_transmit(struct ieee80211com *ic, struct mbuf *m) 4886{ 4887 struct iwm_softc *sc; 4888 int error; 4889 4890 sc = ic->ic_softc; 4891 4892 IWM_LOCK(sc); 4893 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 4894 IWM_UNLOCK(sc); 4895 return (ENXIO); 4896 } 4897 error = mbufq_enqueue(&sc->sc_snd, m); 4898 if (error) { 4899 IWM_UNLOCK(sc); 4900 return (error); 4901 } 4902 iwm_start(sc); 4903 IWM_UNLOCK(sc); 4904 return (0); 4905} 4906 4907/* 4908 * Dequeue packets from sendq and call send. 4909 */ 4910static void 4911iwm_start(struct iwm_softc *sc) 4912{ 4913 struct ieee80211_node *ni; 4914 struct mbuf *m; 4915 int ac = 0; 4916 4917 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__); 4918 while (sc->qfullmsk == 0 && 4919 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 4920 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 4921 if (iwm_tx(sc, m, ni, ac) != 0) { 4922 if_inc_counter(ni->ni_vap->iv_ifp, 4923 IFCOUNTER_OERRORS, 1); 4924 ieee80211_free_node(ni); 4925 continue; 4926 } 4927 sc->sc_tx_timer = 15; 4928 } 4929 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__); 4930} 4931 4932static void 4933iwm_stop(struct iwm_softc *sc) 4934{ 4935 4936 sc->sc_flags &= ~IWM_FLAG_HW_INITED; 4937 sc->sc_flags |= IWM_FLAG_STOPPED; 4938 sc->sc_generation++; 4939 iwm_led_blink_stop(sc); 4940 sc->sc_tx_timer = 0; 4941 iwm_stop_device(sc); 4942 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 4943} 4944 4945static void 4946iwm_watchdog(void *arg) 4947{ 4948 struct iwm_softc *sc = arg; 4949 struct ieee80211com *ic = &sc->sc_ic; 4950 4951 if (sc->sc_tx_timer > 0) { 4952 if (--sc->sc_tx_timer == 0) { 4953 device_printf(sc->sc_dev, "device timeout\n"); 4954#ifdef IWM_DEBUG 4955 iwm_nic_error(sc); 4956#endif 4957 ieee80211_restart_all(ic); 4958 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 4959 return; 4960 } 4961 } 4962 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 4963} 4964 4965static void 4966iwm_parent(struct ieee80211com *ic) 4967{ 4968 struct iwm_softc *sc = ic->ic_softc; 4969 int startall = 0; 4970 4971 IWM_LOCK(sc); 4972 if (ic->ic_nrunning > 0) { 4973 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) { 4974 iwm_init(sc); 4975 startall = 1; 4976 } 4977 } else if (sc->sc_flags & IWM_FLAG_HW_INITED) 4978 iwm_stop(sc); 4979 IWM_UNLOCK(sc); 4980 if (startall) 4981 ieee80211_start_all(ic); 4982} 4983 4984/* 4985 * The interrupt side of things 4986 */ 4987 4988/* 4989 * error dumping routines are from iwlwifi/mvm/utils.c 4990 */ 4991 4992/* 4993 * Note: This structure is read from the device with IO accesses, 4994 * and the reading already does the endian conversion. As it is 4995 * read with uint32_t-sized accesses, any members with a different size 4996 * need to be ordered correctly though! 4997 */ 4998struct iwm_error_event_table { 4999 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 5000 uint32_t error_id; /* type of error */ 5001 uint32_t trm_hw_status0; /* TRM HW status */ 5002 uint32_t trm_hw_status1; /* TRM HW status */ 5003 uint32_t blink2; /* branch link */ 5004 uint32_t ilink1; /* interrupt link */ 5005 uint32_t ilink2; /* interrupt link */ 5006 uint32_t data1; /* error-specific data */ 5007 uint32_t data2; /* error-specific data */ 5008 uint32_t data3; /* error-specific data */ 5009 uint32_t bcon_time; /* beacon timer */ 5010 uint32_t tsf_low; /* network timestamp function timer */ 5011 uint32_t tsf_hi; /* network timestamp function timer */ 5012 uint32_t gp1; /* GP1 timer register */ 5013 uint32_t gp2; /* GP2 timer register */ 5014 uint32_t fw_rev_type; /* firmware revision type */ 5015 uint32_t major; /* uCode version major */ 5016 uint32_t minor; /* uCode version minor */ 5017 uint32_t hw_ver; /* HW Silicon version */ 5018 uint32_t brd_ver; /* HW board version */ 5019 uint32_t log_pc; /* log program counter */ 5020 uint32_t frame_ptr; /* frame pointer */ 5021 uint32_t stack_ptr; /* stack pointer */ 5022 uint32_t hcmd; /* last host command header */ 5023 uint32_t isr0; /* isr status register LMPM_NIC_ISR0: 5024 * rxtx_flag */ 5025 uint32_t isr1; /* isr status register LMPM_NIC_ISR1: 5026 * host_flag */ 5027 uint32_t isr2; /* isr status register LMPM_NIC_ISR2: 5028 * enc_flag */ 5029 uint32_t isr3; /* isr status register LMPM_NIC_ISR3: 5030 * time_flag */ 5031 uint32_t isr4; /* isr status register LMPM_NIC_ISR4: 5032 * wico interrupt */ 5033 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */ 5034 uint32_t wait_event; /* wait event() caller address */ 5035 uint32_t l2p_control; /* L2pControlField */ 5036 uint32_t l2p_duration; /* L2pDurationField */ 5037 uint32_t l2p_mhvalid; /* L2pMhValidBits */ 5038 uint32_t l2p_addr_match; /* L2pAddrMatchStat */ 5039 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on 5040 * (LMPM_PMG_SEL) */ 5041 uint32_t u_timestamp; /* indicate when the date and time of the 5042 * compilation */ 5043 uint32_t flow_handler; /* FH read/write pointers, RX credit */ 5044} __packed /* LOG_ERROR_TABLE_API_S_VER_3 */; 5045 5046/* 5047 * UMAC error struct - relevant starting from family 8000 chip. 5048 * Note: This structure is read from the device with IO accesses, 5049 * and the reading already does the endian conversion. As it is 5050 * read with u32-sized accesses, any members with a different size 5051 * need to be ordered correctly though! 5052 */ 5053struct iwm_umac_error_event_table { 5054 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 5055 uint32_t error_id; /* type of error */ 5056 uint32_t blink1; /* branch link */ 5057 uint32_t blink2; /* branch link */ 5058 uint32_t ilink1; /* interrupt link */ 5059 uint32_t ilink2; /* interrupt link */ 5060 uint32_t data1; /* error-specific data */ 5061 uint32_t data2; /* error-specific data */ 5062 uint32_t data3; /* error-specific data */ 5063 uint32_t umac_major; 5064 uint32_t umac_minor; 5065 uint32_t frame_pointer; /* core register 27*/ 5066 uint32_t stack_pointer; /* core register 28 */ 5067 uint32_t cmd_header; /* latest host cmd sent to UMAC */ 5068 uint32_t nic_isr_pref; /* ISR status register */ 5069} __packed; 5070 5071#define ERROR_START_OFFSET (1 * sizeof(uint32_t)) 5072#define ERROR_ELEM_SIZE (7 * sizeof(uint32_t)) 5073 5074#ifdef IWM_DEBUG 5075struct { 5076 const char *name; 5077 uint8_t num; 5078} advanced_lookup[] = { 5079 { "NMI_INTERRUPT_WDG", 0x34 }, 5080 { "SYSASSERT", 0x35 }, 5081 { "UCODE_VERSION_MISMATCH", 0x37 }, 5082 { "BAD_COMMAND", 0x38 }, 5083 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C }, 5084 { "FATAL_ERROR", 0x3D }, 5085 { "NMI_TRM_HW_ERR", 0x46 }, 5086 { "NMI_INTERRUPT_TRM", 0x4C }, 5087 { "NMI_INTERRUPT_BREAK_POINT", 0x54 }, 5088 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C }, 5089 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 }, 5090 { "NMI_INTERRUPT_HOST", 0x66 }, 5091 { "NMI_INTERRUPT_ACTION_PT", 0x7C }, 5092 { "NMI_INTERRUPT_UNKNOWN", 0x84 }, 5093 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 }, 5094 { "ADVANCED_SYSASSERT", 0 }, 5095}; 5096 5097static const char * 5098iwm_desc_lookup(uint32_t num) 5099{ 5100 int i; 5101 5102 for (i = 0; i < nitems(advanced_lookup) - 1; i++) 5103 if (advanced_lookup[i].num == num) 5104 return advanced_lookup[i].name; 5105 5106 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */ 5107 return advanced_lookup[i].name; 5108} 5109 5110static void 5111iwm_nic_umac_error(struct iwm_softc *sc) 5112{ 5113 struct iwm_umac_error_event_table table; 5114 uint32_t base; 5115 5116 base = sc->sc_uc.uc_umac_error_event_table; 5117 5118 if (base < 0x800000) { 5119 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n", 5120 base); 5121 return; 5122 } 5123 5124 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 5125 device_printf(sc->sc_dev, "reading errlog failed\n"); 5126 return; 5127 } 5128 5129 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 5130 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n"); 5131 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 5132 sc->sc_flags, table.valid); 5133 } 5134 5135 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id, 5136 iwm_desc_lookup(table.error_id)); 5137 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1); 5138 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2); 5139 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n", 5140 table.ilink1); 5141 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n", 5142 table.ilink2); 5143 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1); 5144 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2); 5145 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3); 5146 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major); 5147 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor); 5148 device_printf(sc->sc_dev, "0x%08X | frame pointer\n", 5149 table.frame_pointer); 5150 device_printf(sc->sc_dev, "0x%08X | stack pointer\n", 5151 table.stack_pointer); 5152 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header); 5153 device_printf(sc->sc_dev, "0x%08X | isr status reg\n", 5154 table.nic_isr_pref); 5155} 5156 5157/* 5158 * Support for dumping the error log seemed like a good idea ... 5159 * but it's mostly hex junk and the only sensible thing is the 5160 * hw/ucode revision (which we know anyway). Since it's here, 5161 * I'll just leave it in, just in case e.g. the Intel guys want to 5162 * help us decipher some "ADVANCED_SYSASSERT" later. 5163 */ 5164static void 5165iwm_nic_error(struct iwm_softc *sc) 5166{ 5167 struct iwm_error_event_table table; 5168 uint32_t base; 5169 5170 device_printf(sc->sc_dev, "dumping device error log\n"); 5171 base = sc->sc_uc.uc_error_event_table; 5172 if (base < 0x800000) { 5173 device_printf(sc->sc_dev, 5174 "Invalid error log pointer 0x%08x\n", base); 5175 return; 5176 } 5177 5178 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 5179 device_printf(sc->sc_dev, "reading errlog failed\n"); 5180 return; 5181 } 5182 5183 if (!table.valid) { 5184 device_printf(sc->sc_dev, "errlog not found, skipping\n"); 5185 return; 5186 } 5187 5188 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 5189 device_printf(sc->sc_dev, "Start Error Log Dump:\n"); 5190 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 5191 sc->sc_flags, table.valid); 5192 } 5193 5194 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id, 5195 iwm_desc_lookup(table.error_id)); 5196 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n", 5197 table.trm_hw_status0); 5198 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n", 5199 table.trm_hw_status1); 5200 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2); 5201 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1); 5202 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2); 5203 device_printf(sc->sc_dev, "%08X | data1\n", table.data1); 5204 device_printf(sc->sc_dev, "%08X | data2\n", table.data2); 5205 device_printf(sc->sc_dev, "%08X | data3\n", table.data3); 5206 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time); 5207 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low); 5208 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi); 5209 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1); 5210 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2); 5211 device_printf(sc->sc_dev, "%08X | uCode revision type\n", 5212 table.fw_rev_type); 5213 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major); 5214 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor); 5215 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver); 5216 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver); 5217 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd); 5218 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0); 5219 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1); 5220 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2); 5221 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3); 5222 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4); 5223 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id); 5224 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event); 5225 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control); 5226 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration); 5227 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid); 5228 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match); 5229 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel); 5230 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp); 5231 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler); 5232 5233 if (sc->sc_uc.uc_umac_error_event_table) 5234 iwm_nic_umac_error(sc); 5235} 5236#endif 5237 5238#define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT); 5239 5240/* 5241 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt. 5242 * Basic structure from if_iwn 5243 */ 5244static void 5245iwm_notif_intr(struct iwm_softc *sc) 5246{ 5247 struct ieee80211com *ic = &sc->sc_ic; 5248 uint16_t hw; 5249 5250 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map, 5251 BUS_DMASYNC_POSTREAD); 5252 5253 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff; 5254 5255 /* 5256 * Process responses 5257 */ 5258 while (sc->rxq.cur != hw) { 5259 struct iwm_rx_ring *ring = &sc->rxq; 5260 struct iwm_rx_data *data = &ring->data[ring->cur]; 5261 struct iwm_rx_packet *pkt; 5262 struct iwm_cmd_response *cresp; 5263 int qid, idx, code; 5264 5265 bus_dmamap_sync(ring->data_dmat, data->map, 5266 BUS_DMASYNC_POSTREAD); 5267 pkt = mtod(data->m, struct iwm_rx_packet *); 5268 5269 qid = pkt->hdr.qid & ~0x80; 5270 idx = pkt->hdr.idx; 5271 5272 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code); 5273 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5274 "rx packet qid=%d idx=%d type=%x %d %d\n", 5275 pkt->hdr.qid & ~0x80, pkt->hdr.idx, code, ring->cur, hw); 5276 5277 /* 5278 * randomly get these from the firmware, no idea why. 5279 * they at least seem harmless, so just ignore them for now 5280 */ 5281 if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0) 5282 || pkt->len_n_flags == htole32(0x55550000))) { 5283 ADVANCE_RXQ(sc); 5284 continue; 5285 } 5286 5287 iwm_notification_wait_notify(sc->sc_notif_wait, code, pkt); 5288 5289 switch (code) { 5290 case IWM_REPLY_RX_PHY_CMD: 5291 iwm_mvm_rx_rx_phy_cmd(sc, pkt, data); 5292 break; 5293 5294 case IWM_REPLY_RX_MPDU_CMD: 5295 iwm_mvm_rx_rx_mpdu(sc, pkt, data); 5296 break; 5297 5298 case IWM_TX_CMD: 5299 iwm_mvm_rx_tx_cmd(sc, pkt, data); 5300 break; 5301 5302 case IWM_MISSED_BEACONS_NOTIFICATION: { 5303 struct iwm_missed_beacons_notif *resp; 5304 int missed; 5305 5306 /* XXX look at mac_id to determine interface ID */ 5307 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5308 5309 resp = (void *)pkt->data; 5310 missed = le32toh(resp->consec_missed_beacons); 5311 5312 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE, 5313 "%s: MISSED_BEACON: mac_id=%d, " 5314 "consec_since_last_rx=%d, consec=%d, num_expect=%d " 5315 "num_rx=%d\n", 5316 __func__, 5317 le32toh(resp->mac_id), 5318 le32toh(resp->consec_missed_beacons_since_last_rx), 5319 le32toh(resp->consec_missed_beacons), 5320 le32toh(resp->num_expected_beacons), 5321 le32toh(resp->num_recvd_beacons)); 5322 5323 /* Be paranoid */ 5324 if (vap == NULL) 5325 break; 5326 5327 /* XXX no net80211 locking? */ 5328 if (vap->iv_state == IEEE80211_S_RUN && 5329 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 5330 if (missed > vap->iv_bmissthreshold) { 5331 /* XXX bad locking; turn into task */ 5332 IWM_UNLOCK(sc); 5333 ieee80211_beacon_miss(ic); 5334 IWM_LOCK(sc); 5335 } 5336 } 5337 5338 break; } 5339 5340 case IWM_MFUART_LOAD_NOTIFICATION: 5341 break; 5342 5343 case IWM_MVM_ALIVE: { 5344 struct iwm_mvm_alive_resp_v1 *resp1; 5345 struct iwm_mvm_alive_resp_v2 *resp2; 5346 struct iwm_mvm_alive_resp_v3 *resp3; 5347 5348 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp1)) { 5349 resp1 = (void *)pkt->data; 5350 sc->sc_uc.uc_error_event_table 5351 = le32toh(resp1->error_event_table_ptr); 5352 sc->sc_uc.uc_log_event_table 5353 = le32toh(resp1->log_event_table_ptr); 5354 sc->sched_base = le32toh(resp1->scd_base_ptr); 5355 if (resp1->status == IWM_ALIVE_STATUS_OK) 5356 sc->sc_uc.uc_ok = 1; 5357 else 5358 sc->sc_uc.uc_ok = 0; 5359 } 5360 5361 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp2)) { 5362 resp2 = (void *)pkt->data; 5363 sc->sc_uc.uc_error_event_table 5364 = le32toh(resp2->error_event_table_ptr); 5365 sc->sc_uc.uc_log_event_table 5366 = le32toh(resp2->log_event_table_ptr); 5367 sc->sched_base = le32toh(resp2->scd_base_ptr); 5368 sc->sc_uc.uc_umac_error_event_table 5369 = le32toh(resp2->error_info_addr); 5370 if (resp2->status == IWM_ALIVE_STATUS_OK) 5371 sc->sc_uc.uc_ok = 1; 5372 else 5373 sc->sc_uc.uc_ok = 0; 5374 } 5375 5376 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp3)) { 5377 resp3 = (void *)pkt->data; 5378 sc->sc_uc.uc_error_event_table 5379 = le32toh(resp3->error_event_table_ptr); 5380 sc->sc_uc.uc_log_event_table 5381 = le32toh(resp3->log_event_table_ptr); 5382 sc->sched_base = le32toh(resp3->scd_base_ptr); 5383 sc->sc_uc.uc_umac_error_event_table 5384 = le32toh(resp3->error_info_addr); 5385 if (resp3->status == IWM_ALIVE_STATUS_OK) 5386 sc->sc_uc.uc_ok = 1; 5387 else 5388 sc->sc_uc.uc_ok = 0; 5389 } 5390 5391 sc->sc_uc.uc_intr = 1; 5392 wakeup(&sc->sc_uc); 5393 break; } 5394 5395 case IWM_CALIB_RES_NOTIF_PHY_DB: 5396 break; 5397 5398 case IWM_STATISTICS_NOTIFICATION: { 5399 struct iwm_notif_statistics *stats; 5400 stats = (void *)pkt->data; 5401 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats)); 5402 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general); 5403 break; } 5404 5405 case IWM_NVM_ACCESS_CMD: 5406 case IWM_MCC_UPDATE_CMD: 5407 if (sc->sc_wantresp == ((qid << 16) | idx)) { 5408 memcpy(sc->sc_cmd_resp, 5409 pkt, sizeof(sc->sc_cmd_resp)); 5410 } 5411 break; 5412 5413 case IWM_MCC_CHUB_UPDATE_CMD: { 5414 struct iwm_mcc_chub_notif *notif; 5415 notif = (void *)pkt->data; 5416 5417 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8; 5418 sc->sc_fw_mcc[1] = notif->mcc & 0xff; 5419 sc->sc_fw_mcc[2] = '\0'; 5420 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 5421 "fw source %d sent CC '%s'\n", 5422 notif->source_id, sc->sc_fw_mcc); 5423 break; } 5424 5425 case IWM_DTS_MEASUREMENT_NOTIFICATION: 5426 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP, 5427 IWM_DTS_MEASUREMENT_NOTIF_WIDE): { 5428 struct iwm_dts_measurement_notif_v1 *notif; 5429 5430 if (iwm_rx_packet_payload_len(pkt) < sizeof(*notif)) { 5431 device_printf(sc->sc_dev, 5432 "Invalid DTS_MEASUREMENT_NOTIFICATION\n"); 5433 break; 5434 } 5435 notif = (void *)pkt->data; 5436 IWM_DPRINTF(sc, IWM_DEBUG_TEMP, 5437 "IWM_DTS_MEASUREMENT_NOTIFICATION - %d\n", 5438 notif->temp); 5439 break; 5440 } 5441 5442 case IWM_PHY_CONFIGURATION_CMD: 5443 case IWM_TX_ANT_CONFIGURATION_CMD: 5444 case IWM_ADD_STA: 5445 case IWM_MAC_CONTEXT_CMD: 5446 case IWM_REPLY_SF_CFG_CMD: 5447 case IWM_POWER_TABLE_CMD: 5448 case IWM_PHY_CONTEXT_CMD: 5449 case IWM_BINDING_CONTEXT_CMD: 5450 case IWM_TIME_EVENT_CMD: 5451 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD): 5452 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC): 5453 case IWM_SCAN_ABORT_UMAC: 5454 case IWM_SCAN_OFFLOAD_REQUEST_CMD: 5455 case IWM_SCAN_OFFLOAD_ABORT_CMD: 5456 case IWM_REPLY_BEACON_FILTERING_CMD: 5457 case IWM_MAC_PM_POWER_TABLE: 5458 case IWM_TIME_QUOTA_CMD: 5459 case IWM_REMOVE_STA: 5460 case IWM_TXPATH_FLUSH: 5461 case IWM_LQ_CMD: 5462 case IWM_BT_CONFIG: 5463 case IWM_REPLY_THERMAL_MNG_BACKOFF: 5464 cresp = (void *)pkt->data; 5465 if (sc->sc_wantresp == ((qid << 16) | idx)) { 5466 memcpy(sc->sc_cmd_resp, 5467 pkt, sizeof(*pkt)+sizeof(*cresp)); 5468 } 5469 break; 5470 5471 /* ignore */ 5472 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */ 5473 break; 5474 5475 case IWM_INIT_COMPLETE_NOTIF: 5476 break; 5477 5478 case IWM_SCAN_OFFLOAD_COMPLETE: { 5479 struct iwm_periodic_scan_complete *notif; 5480 notif = (void *)pkt->data; 5481 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 5482 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 5483 ieee80211_runtask(ic, &sc->sc_es_task); 5484 } 5485 break; 5486 } 5487 5488 case IWM_SCAN_ITERATION_COMPLETE: { 5489 struct iwm_lmac_scan_complete_notif *notif; 5490 notif = (void *)pkt->data; 5491 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5492 break; 5493 } 5494 5495 case IWM_SCAN_COMPLETE_UMAC: { 5496 struct iwm_umac_scan_complete *notif; 5497 notif = (void *)pkt->data; 5498 5499 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 5500 "UMAC scan complete, status=0x%x\n", 5501 notif->status); 5502 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 5503 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 5504 ieee80211_runtask(ic, &sc->sc_es_task); 5505 } 5506 break; 5507 } 5508 5509 case IWM_SCAN_ITERATION_COMPLETE_UMAC: { 5510 struct iwm_umac_scan_iter_complete_notif *notif; 5511 notif = (void *)pkt->data; 5512 5513 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration " 5514 "complete, status=0x%x, %d channels scanned\n", 5515 notif->status, notif->scanned_channels); 5516 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5517 break; 5518 } 5519 5520 case IWM_REPLY_ERROR: { 5521 struct iwm_error_resp *resp; 5522 resp = (void *)pkt->data; 5523 5524 device_printf(sc->sc_dev, 5525 "firmware error 0x%x, cmd 0x%x\n", 5526 le32toh(resp->error_type), 5527 resp->cmd_id); 5528 break; 5529 } 5530 5531 case IWM_TIME_EVENT_NOTIFICATION: { 5532 struct iwm_time_event_notif *notif; 5533 notif = (void *)pkt->data; 5534 5535 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5536 "TE notif status = 0x%x action = 0x%x\n", 5537 notif->status, notif->action); 5538 break; 5539 } 5540 5541 case IWM_MCAST_FILTER_CMD: 5542 break; 5543 5544 case IWM_SCD_QUEUE_CFG: { 5545 struct iwm_scd_txq_cfg_rsp *rsp; 5546 rsp = (void *)pkt->data; 5547 5548 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 5549 "queue cfg token=0x%x sta_id=%d " 5550 "tid=%d scd_queue=%d\n", 5551 rsp->token, rsp->sta_id, rsp->tid, 5552 rsp->scd_queue); 5553 break; 5554 } 5555 5556 default: 5557 device_printf(sc->sc_dev, 5558 "frame %d/%d %x UNHANDLED (this should " 5559 "not happen)\n", qid, idx, 5560 pkt->len_n_flags); 5561 break; 5562 } 5563 5564 /* 5565 * Why test bit 0x80? The Linux driver: 5566 * 5567 * There is one exception: uCode sets bit 15 when it 5568 * originates the response/notification, i.e. when the 5569 * response/notification is not a direct response to a 5570 * command sent by the driver. For example, uCode issues 5571 * IWM_REPLY_RX when it sends a received frame to the driver; 5572 * it is not a direct response to any driver command. 5573 * 5574 * Ok, so since when is 7 == 15? Well, the Linux driver 5575 * uses a slightly different format for pkt->hdr, and "qid" 5576 * is actually the upper byte of a two-byte field. 5577 */ 5578 if (!(pkt->hdr.qid & (1 << 7))) { 5579 iwm_cmd_done(sc, pkt); 5580 } 5581 5582 ADVANCE_RXQ(sc); 5583 } 5584 5585 /* 5586 * Tell the firmware what we have processed. 5587 * Seems like the hardware gets upset unless we align 5588 * the write by 8?? 5589 */ 5590 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1; 5591 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7); 5592} 5593 5594static void 5595iwm_intr(void *arg) 5596{ 5597 struct iwm_softc *sc = arg; 5598 int handled = 0; 5599 int r1, r2, rv = 0; 5600 int isperiodic = 0; 5601 5602 IWM_LOCK(sc); 5603 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 5604 5605 if (sc->sc_flags & IWM_FLAG_USE_ICT) { 5606 uint32_t *ict = sc->ict_dma.vaddr; 5607 int tmp; 5608 5609 tmp = htole32(ict[sc->ict_cur]); 5610 if (!tmp) 5611 goto out_ena; 5612 5613 /* 5614 * ok, there was something. keep plowing until we have all. 5615 */ 5616 r1 = r2 = 0; 5617 while (tmp) { 5618 r1 |= tmp; 5619 ict[sc->ict_cur] = 0; 5620 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT; 5621 tmp = htole32(ict[sc->ict_cur]); 5622 } 5623 5624 /* this is where the fun begins. don't ask */ 5625 if (r1 == 0xffffffff) 5626 r1 = 0; 5627 5628 /* i am not expected to understand this */ 5629 if (r1 & 0xc0000) 5630 r1 |= 0x8000; 5631 r1 = (0xff & r1) | ((0xff00 & r1) << 16); 5632 } else { 5633 r1 = IWM_READ(sc, IWM_CSR_INT); 5634 /* "hardware gone" (where, fishing?) */ 5635 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 5636 goto out; 5637 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS); 5638 } 5639 if (r1 == 0 && r2 == 0) { 5640 goto out_ena; 5641 } 5642 5643 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask); 5644 5645 /* ignored */ 5646 handled |= (r1 & (IWM_CSR_INT_BIT_ALIVE /*| IWM_CSR_INT_BIT_SCD*/)); 5647 5648 if (r1 & IWM_CSR_INT_BIT_SW_ERR) { 5649 int i; 5650 struct ieee80211com *ic = &sc->sc_ic; 5651 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5652 5653#ifdef IWM_DEBUG 5654 iwm_nic_error(sc); 5655#endif 5656 /* Dump driver status (TX and RX rings) while we're here. */ 5657 device_printf(sc->sc_dev, "driver status:\n"); 5658 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) { 5659 struct iwm_tx_ring *ring = &sc->txq[i]; 5660 device_printf(sc->sc_dev, 5661 " tx ring %2d: qid=%-2d cur=%-3d " 5662 "queued=%-3d\n", 5663 i, ring->qid, ring->cur, ring->queued); 5664 } 5665 device_printf(sc->sc_dev, 5666 " rx ring: cur=%d\n", sc->rxq.cur); 5667 device_printf(sc->sc_dev, 5668 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state); 5669 5670 /* Don't stop the device; just do a VAP restart */ 5671 IWM_UNLOCK(sc); 5672 5673 if (vap == NULL) { 5674 printf("%s: null vap\n", __func__); 5675 return; 5676 } 5677 5678 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; " 5679 "restarting\n", __func__, vap->iv_state); 5680 5681 /* XXX TODO: turn this into a callout/taskqueue */ 5682 ieee80211_restart_all(ic); 5683 return; 5684 } 5685 5686 if (r1 & IWM_CSR_INT_BIT_HW_ERR) { 5687 handled |= IWM_CSR_INT_BIT_HW_ERR; 5688 device_printf(sc->sc_dev, "hardware error, stopping device\n"); 5689 iwm_stop(sc); 5690 rv = 1; 5691 goto out; 5692 } 5693 5694 /* firmware chunk loaded */ 5695 if (r1 & IWM_CSR_INT_BIT_FH_TX) { 5696 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK); 5697 handled |= IWM_CSR_INT_BIT_FH_TX; 5698 sc->sc_fw_chunk_done = 1; 5699 wakeup(&sc->sc_fw); 5700 } 5701 5702 if (r1 & IWM_CSR_INT_BIT_RF_KILL) { 5703 handled |= IWM_CSR_INT_BIT_RF_KILL; 5704 if (iwm_check_rfkill(sc)) { 5705 device_printf(sc->sc_dev, 5706 "%s: rfkill switch, disabling interface\n", 5707 __func__); 5708 iwm_stop(sc); 5709 } 5710 } 5711 5712 /* 5713 * The Linux driver uses periodic interrupts to avoid races. 5714 * We cargo-cult like it's going out of fashion. 5715 */ 5716 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) { 5717 handled |= IWM_CSR_INT_BIT_RX_PERIODIC; 5718 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC); 5719 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0) 5720 IWM_WRITE_1(sc, 5721 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS); 5722 isperiodic = 1; 5723 } 5724 5725 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) { 5726 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX); 5727 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK); 5728 5729 iwm_notif_intr(sc); 5730 5731 /* enable periodic interrupt, see above */ 5732 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic) 5733 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG, 5734 IWM_CSR_INT_PERIODIC_ENA); 5735 } 5736 5737 if (__predict_false(r1 & ~handled)) 5738 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5739 "%s: unhandled interrupts: %x\n", __func__, r1); 5740 rv = 1; 5741 5742 out_ena: 5743 iwm_restore_interrupts(sc); 5744 out: 5745 IWM_UNLOCK(sc); 5746 return; 5747} 5748 5749/* 5750 * Autoconf glue-sniffing 5751 */ 5752#define PCI_VENDOR_INTEL 0x8086 5753#define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3 5754#define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4 5755#define PCI_PRODUCT_INTEL_WL_3165_1 0x3165 5756#define PCI_PRODUCT_INTEL_WL_3165_2 0x3166 5757#define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1 5758#define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2 5759#define PCI_PRODUCT_INTEL_WL_7265_1 0x095a 5760#define PCI_PRODUCT_INTEL_WL_7265_2 0x095b 5761#define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3 5762#define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4 5763 5764static const struct iwm_devices { 5765 uint16_t device; 5766 const char *name; 5767} iwm_devices[] = { 5768 { PCI_PRODUCT_INTEL_WL_3160_1, "Intel Dual Band Wireless AC 3160" }, 5769 { PCI_PRODUCT_INTEL_WL_3160_2, "Intel Dual Band Wireless AC 3160" }, 5770 { PCI_PRODUCT_INTEL_WL_3165_1, "Intel Dual Band Wireless AC 3165" }, 5771 { PCI_PRODUCT_INTEL_WL_3165_2, "Intel Dual Band Wireless AC 3165" }, 5772 { PCI_PRODUCT_INTEL_WL_7260_1, "Intel Dual Band Wireless AC 7260" }, 5773 { PCI_PRODUCT_INTEL_WL_7260_2, "Intel Dual Band Wireless AC 7260" }, 5774 { PCI_PRODUCT_INTEL_WL_7265_1, "Intel Dual Band Wireless AC 7265" }, 5775 { PCI_PRODUCT_INTEL_WL_7265_2, "Intel Dual Band Wireless AC 7265" }, 5776 { PCI_PRODUCT_INTEL_WL_8260_1, "Intel Dual Band Wireless AC 8260" }, 5777 { PCI_PRODUCT_INTEL_WL_8260_2, "Intel Dual Band Wireless AC 8260" }, 5778}; 5779 5780static int 5781iwm_probe(device_t dev) 5782{ 5783 int i; 5784 5785 for (i = 0; i < nitems(iwm_devices); i++) { 5786 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL && 5787 pci_get_device(dev) == iwm_devices[i].device) { 5788 device_set_desc(dev, iwm_devices[i].name); 5789 return (BUS_PROBE_DEFAULT); 5790 } 5791 } 5792 5793 return (ENXIO); 5794} 5795 5796static int 5797iwm_dev_check(device_t dev) 5798{ 5799 struct iwm_softc *sc; 5800 5801 sc = device_get_softc(dev); 5802 5803 switch (pci_get_device(dev)) { 5804 case PCI_PRODUCT_INTEL_WL_3160_1: 5805 case PCI_PRODUCT_INTEL_WL_3160_2: 5806 sc->cfg = &iwm3160_cfg; 5807 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5808 return (0); 5809 case PCI_PRODUCT_INTEL_WL_3165_1: 5810 case PCI_PRODUCT_INTEL_WL_3165_2: 5811 sc->cfg = &iwm3165_cfg; 5812 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5813 return (0); 5814 case PCI_PRODUCT_INTEL_WL_7260_1: 5815 case PCI_PRODUCT_INTEL_WL_7260_2: 5816 sc->cfg = &iwm7260_cfg; 5817 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5818 return (0); 5819 case PCI_PRODUCT_INTEL_WL_7265_1: 5820 case PCI_PRODUCT_INTEL_WL_7265_2: 5821 sc->cfg = &iwm7265_cfg; 5822 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 5823 return (0); 5824 case PCI_PRODUCT_INTEL_WL_8260_1: 5825 case PCI_PRODUCT_INTEL_WL_8260_2: 5826 sc->cfg = &iwm8260_cfg; 5827 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000; 5828 return (0); 5829 default: 5830 device_printf(dev, "unknown adapter type\n"); 5831 return ENXIO; 5832 } 5833} 5834 5835/* PCI registers */ 5836#define PCI_CFG_RETRY_TIMEOUT 0x041 5837 5838static int 5839iwm_pci_attach(device_t dev) 5840{ 5841 struct iwm_softc *sc; 5842 int count, error, rid; 5843 uint16_t reg; 5844 5845 sc = device_get_softc(dev); 5846 5847 /* We disable the RETRY_TIMEOUT register (0x41) to keep 5848 * PCI Tx retries from interfering with C3 CPU state */ 5849 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 5850 5851 /* Enable bus-mastering and hardware bug workaround. */ 5852 pci_enable_busmaster(dev); 5853 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg)); 5854 /* if !MSI */ 5855 if (reg & PCIM_STATUS_INTxSTATE) { 5856 reg &= ~PCIM_STATUS_INTxSTATE; 5857 } 5858 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg)); 5859 5860 rid = PCIR_BAR(0); 5861 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 5862 RF_ACTIVE); 5863 if (sc->sc_mem == NULL) { 5864 device_printf(sc->sc_dev, "can't map mem space\n"); 5865 return (ENXIO); 5866 } 5867 sc->sc_st = rman_get_bustag(sc->sc_mem); 5868 sc->sc_sh = rman_get_bushandle(sc->sc_mem); 5869 5870 /* Install interrupt handler. */ 5871 count = 1; 5872 rid = 0; 5873 if (pci_alloc_msi(dev, &count) == 0) 5874 rid = 1; 5875 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 5876 (rid != 0 ? 0 : RF_SHAREABLE)); 5877 if (sc->sc_irq == NULL) { 5878 device_printf(dev, "can't map interrupt\n"); 5879 return (ENXIO); 5880 } 5881 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE, 5882 NULL, iwm_intr, sc, &sc->sc_ih); 5883 if (sc->sc_ih == NULL) { 5884 device_printf(dev, "can't establish interrupt"); 5885 return (ENXIO); 5886 } 5887 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev); 5888 5889 return (0); 5890} 5891 5892static void 5893iwm_pci_detach(device_t dev) 5894{ 5895 struct iwm_softc *sc = device_get_softc(dev); 5896 5897 if (sc->sc_irq != NULL) { 5898 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih); 5899 bus_release_resource(dev, SYS_RES_IRQ, 5900 rman_get_rid(sc->sc_irq), sc->sc_irq); 5901 pci_release_msi(dev); 5902 } 5903 if (sc->sc_mem != NULL) 5904 bus_release_resource(dev, SYS_RES_MEMORY, 5905 rman_get_rid(sc->sc_mem), sc->sc_mem); 5906} 5907 5908 5909 5910static int 5911iwm_attach(device_t dev) 5912{ 5913 struct iwm_softc *sc = device_get_softc(dev); 5914 struct ieee80211com *ic = &sc->sc_ic; 5915 int error; 5916 int txq_i, i; 5917 5918 sc->sc_dev = dev; 5919 sc->sc_attached = 1; 5920 IWM_LOCK_INIT(sc); 5921 mbufq_init(&sc->sc_snd, ifqmaxlen); 5922 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0); 5923 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0); 5924 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc); 5925 5926 sc->sc_notif_wait = iwm_notification_wait_init(sc); 5927 if (sc->sc_notif_wait == NULL) { 5928 device_printf(dev, "failed to init notification wait struct\n"); 5929 goto fail; 5930 } 5931 5932 /* Init phy db */ 5933 sc->sc_phy_db = iwm_phy_db_init(sc); 5934 if (!sc->sc_phy_db) { 5935 device_printf(dev, "Cannot init phy_db\n"); 5936 goto fail; 5937 } 5938 5939 /* PCI attach */ 5940 error = iwm_pci_attach(dev); 5941 if (error != 0) 5942 goto fail; 5943 5944 sc->sc_wantresp = -1; 5945 5946 /* Check device type */ 5947 error = iwm_dev_check(dev); 5948 if (error != 0) 5949 goto fail; 5950 5951 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV); 5952 /* 5953 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have 5954 * changed, and now the revision step also includes bit 0-1 (no more 5955 * "dash" value). To keep hw_rev backwards compatible - we'll store it 5956 * in the old format. 5957 */ 5958 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 5959 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) | 5960 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2); 5961 5962 if (iwm_prepare_card_hw(sc) != 0) { 5963 device_printf(dev, "could not initialize hardware\n"); 5964 goto fail; 5965 } 5966 5967 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 5968 int ret; 5969 uint32_t hw_step; 5970 5971 /* 5972 * In order to recognize C step the driver should read the 5973 * chip version id located at the AUX bus MISC address. 5974 */ 5975 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, 5976 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE); 5977 DELAY(2); 5978 5979 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL, 5980 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 5981 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 5982 25000); 5983 if (!ret) { 5984 device_printf(sc->sc_dev, 5985 "Failed to wake up the nic\n"); 5986 goto fail; 5987 } 5988 5989 if (iwm_nic_lock(sc)) { 5990 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG); 5991 hw_step |= IWM_ENABLE_WFPM; 5992 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step); 5993 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG); 5994 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF; 5995 if (hw_step == 0x3) 5996 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) | 5997 (IWM_SILICON_C_STEP << 2); 5998 iwm_nic_unlock(sc); 5999 } else { 6000 device_printf(sc->sc_dev, "Failed to lock the nic\n"); 6001 goto fail; 6002 } 6003 } 6004 6005 /* special-case 7265D, it has the same PCI IDs. */ 6006 if (sc->cfg == &iwm7265_cfg && 6007 (sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK) == IWM_CSR_HW_REV_TYPE_7265D) { 6008 sc->cfg = &iwm7265d_cfg; 6009 } 6010 6011 /* Allocate DMA memory for firmware transfers. */ 6012 if ((error = iwm_alloc_fwmem(sc)) != 0) { 6013 device_printf(dev, "could not allocate memory for firmware\n"); 6014 goto fail; 6015 } 6016 6017 /* Allocate "Keep Warm" page. */ 6018 if ((error = iwm_alloc_kw(sc)) != 0) { 6019 device_printf(dev, "could not allocate keep warm page\n"); 6020 goto fail; 6021 } 6022 6023 /* We use ICT interrupts */ 6024 if ((error = iwm_alloc_ict(sc)) != 0) { 6025 device_printf(dev, "could not allocate ICT table\n"); 6026 goto fail; 6027 } 6028 6029 /* Allocate TX scheduler "rings". */ 6030 if ((error = iwm_alloc_sched(sc)) != 0) { 6031 device_printf(dev, "could not allocate TX scheduler rings\n"); 6032 goto fail; 6033 } 6034 6035 /* Allocate TX rings */ 6036 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) { 6037 if ((error = iwm_alloc_tx_ring(sc, 6038 &sc->txq[txq_i], txq_i)) != 0) { 6039 device_printf(dev, 6040 "could not allocate TX ring %d\n", 6041 txq_i); 6042 goto fail; 6043 } 6044 } 6045 6046 /* Allocate RX ring. */ 6047 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) { 6048 device_printf(dev, "could not allocate RX ring\n"); 6049 goto fail; 6050 } 6051 6052 /* Clear pending interrupts. */ 6053 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff); 6054 6055 ic->ic_softc = sc; 6056 ic->ic_name = device_get_nameunit(sc->sc_dev); 6057 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 6058 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 6059 6060 /* Set device capabilities. */ 6061 ic->ic_caps = 6062 IEEE80211_C_STA | 6063 IEEE80211_C_WPA | /* WPA/RSN */ 6064 IEEE80211_C_WME | 6065 IEEE80211_C_SHSLOT | /* short slot time supported */ 6066 IEEE80211_C_SHPREAMBLE /* short preamble supported */ 6067// IEEE80211_C_BGSCAN /* capable of bg scanning */ 6068 ; 6069 for (i = 0; i < nitems(sc->sc_phyctxt); i++) { 6070 sc->sc_phyctxt[i].id = i; 6071 sc->sc_phyctxt[i].color = 0; 6072 sc->sc_phyctxt[i].ref = 0; 6073 sc->sc_phyctxt[i].channel = NULL; 6074 } 6075 6076 /* Default noise floor */ 6077 sc->sc_noise = -96; 6078 6079 /* Max RSSI */ 6080 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM; 6081 6082 sc->sc_preinit_hook.ich_func = iwm_preinit; 6083 sc->sc_preinit_hook.ich_arg = sc; 6084 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) { 6085 device_printf(dev, "config_intrhook_establish failed\n"); 6086 goto fail; 6087 } 6088 6089#ifdef IWM_DEBUG 6090 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev), 6091 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug", 6092 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging"); 6093#endif 6094 6095 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6096 "<-%s\n", __func__); 6097 6098 return 0; 6099 6100 /* Free allocated memory if something failed during attachment. */ 6101fail: 6102 iwm_detach_local(sc, 0); 6103 6104 return ENXIO; 6105} 6106 6107static int 6108iwm_is_valid_ether_addr(uint8_t *addr) 6109{ 6110 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 }; 6111 6112 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr)) 6113 return (FALSE); 6114 6115 return (TRUE); 6116} 6117 6118static int 6119iwm_update_edca(struct ieee80211com *ic) 6120{ 6121 struct iwm_softc *sc = ic->ic_softc; 6122 6123 device_printf(sc->sc_dev, "%s: called\n", __func__); 6124 return (0); 6125} 6126 6127static void 6128iwm_preinit(void *arg) 6129{ 6130 struct iwm_softc *sc = arg; 6131 device_t dev = sc->sc_dev; 6132 struct ieee80211com *ic = &sc->sc_ic; 6133 int error; 6134 6135 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6136 "->%s\n", __func__); 6137 6138 IWM_LOCK(sc); 6139 if ((error = iwm_start_hw(sc)) != 0) { 6140 device_printf(dev, "could not initialize hardware\n"); 6141 IWM_UNLOCK(sc); 6142 goto fail; 6143 } 6144 6145 error = iwm_run_init_mvm_ucode(sc, 1); 6146 iwm_stop_device(sc); 6147 if (error) { 6148 IWM_UNLOCK(sc); 6149 goto fail; 6150 } 6151 device_printf(dev, 6152 "hw rev 0x%x, fw ver %s, address %s\n", 6153 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK, 6154 sc->sc_fwver, ether_sprintf(sc->nvm_data->hw_addr)); 6155 6156 /* not all hardware can do 5GHz band */ 6157 if (!sc->nvm_data->sku_cap_band_52GHz_enable) 6158 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0, 6159 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A])); 6160 IWM_UNLOCK(sc); 6161 6162 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 6163 ic->ic_channels); 6164 6165 /* 6166 * At this point we've committed - if we fail to do setup, 6167 * we now also have to tear down the net80211 state. 6168 */ 6169 ieee80211_ifattach(ic); 6170 ic->ic_vap_create = iwm_vap_create; 6171 ic->ic_vap_delete = iwm_vap_delete; 6172 ic->ic_raw_xmit = iwm_raw_xmit; 6173 ic->ic_node_alloc = iwm_node_alloc; 6174 ic->ic_scan_start = iwm_scan_start; 6175 ic->ic_scan_end = iwm_scan_end; 6176 ic->ic_update_mcast = iwm_update_mcast; 6177 ic->ic_getradiocaps = iwm_init_channel_map; 6178 ic->ic_set_channel = iwm_set_channel; 6179 ic->ic_scan_curchan = iwm_scan_curchan; 6180 ic->ic_scan_mindwell = iwm_scan_mindwell; 6181 ic->ic_wme.wme_update = iwm_update_edca; 6182 ic->ic_parent = iwm_parent; 6183 ic->ic_transmit = iwm_transmit; 6184 iwm_radiotap_attach(sc); 6185 if (bootverbose) 6186 ieee80211_announce(ic); 6187 6188 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6189 "<-%s\n", __func__); 6190 config_intrhook_disestablish(&sc->sc_preinit_hook); 6191 6192 return; 6193fail: 6194 config_intrhook_disestablish(&sc->sc_preinit_hook); 6195 iwm_detach_local(sc, 0); 6196} 6197 6198/* 6199 * Attach the interface to 802.11 radiotap. 6200 */ 6201static void 6202iwm_radiotap_attach(struct iwm_softc *sc) 6203{ 6204 struct ieee80211com *ic = &sc->sc_ic; 6205 6206 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6207 "->%s begin\n", __func__); 6208 ieee80211_radiotap_attach(ic, 6209 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 6210 IWM_TX_RADIOTAP_PRESENT, 6211 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 6212 IWM_RX_RADIOTAP_PRESENT); 6213 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6214 "->%s end\n", __func__); 6215} 6216 6217static struct ieee80211vap * 6218iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 6219 enum ieee80211_opmode opmode, int flags, 6220 const uint8_t bssid[IEEE80211_ADDR_LEN], 6221 const uint8_t mac[IEEE80211_ADDR_LEN]) 6222{ 6223 struct iwm_vap *ivp; 6224 struct ieee80211vap *vap; 6225 6226 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 6227 return NULL; 6228 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO); 6229 vap = &ivp->iv_vap; 6230 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 6231 vap->iv_bmissthreshold = 10; /* override default */ 6232 /* Override with driver methods. */ 6233 ivp->iv_newstate = vap->iv_newstate; 6234 vap->iv_newstate = iwm_newstate; 6235 6236 ieee80211_ratectl_init(vap); 6237 /* Complete setup. */ 6238 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status, 6239 mac); 6240 ic->ic_opmode = opmode; 6241 6242 return vap; 6243} 6244 6245static void 6246iwm_vap_delete(struct ieee80211vap *vap) 6247{ 6248 struct iwm_vap *ivp = IWM_VAP(vap); 6249 6250 ieee80211_ratectl_deinit(vap); 6251 ieee80211_vap_detach(vap); 6252 free(ivp, M_80211_VAP); 6253} 6254 6255static void 6256iwm_scan_start(struct ieee80211com *ic) 6257{ 6258 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6259 struct iwm_softc *sc = ic->ic_softc; 6260 int error; 6261 6262 IWM_LOCK(sc); 6263 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 6264 /* This should not be possible */ 6265 device_printf(sc->sc_dev, 6266 "%s: Previous scan not completed yet\n", __func__); 6267 } 6268 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) 6269 error = iwm_mvm_umac_scan(sc); 6270 else 6271 error = iwm_mvm_lmac_scan(sc); 6272 if (error != 0) { 6273 device_printf(sc->sc_dev, "could not initiate scan\n"); 6274 IWM_UNLOCK(sc); 6275 ieee80211_cancel_scan(vap); 6276 } else { 6277 sc->sc_flags |= IWM_FLAG_SCAN_RUNNING; 6278 iwm_led_blink_start(sc); 6279 IWM_UNLOCK(sc); 6280 } 6281} 6282 6283static void 6284iwm_scan_end(struct ieee80211com *ic) 6285{ 6286 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6287 struct iwm_softc *sc = ic->ic_softc; 6288 6289 IWM_LOCK(sc); 6290 iwm_led_blink_stop(sc); 6291 if (vap->iv_state == IEEE80211_S_RUN) 6292 iwm_mvm_led_enable(sc); 6293 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 6294 /* 6295 * Removing IWM_FLAG_SCAN_RUNNING now, is fine because 6296 * both iwm_scan_end and iwm_scan_start run in the ic->ic_tq 6297 * taskqueue. 6298 */ 6299 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 6300 iwm_mvm_scan_stop_wait(sc); 6301 } 6302 IWM_UNLOCK(sc); 6303 6304 /* 6305 * Make sure we don't race, if sc_es_task is still enqueued here. 6306 * This is to make sure that it won't call ieee80211_scan_done 6307 * when we have already started the next scan. 6308 */ 6309 taskqueue_cancel(ic->ic_tq, &sc->sc_es_task, NULL); 6310} 6311 6312static void 6313iwm_update_mcast(struct ieee80211com *ic) 6314{ 6315} 6316 6317static void 6318iwm_set_channel(struct ieee80211com *ic) 6319{ 6320} 6321 6322static void 6323iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 6324{ 6325} 6326 6327static void 6328iwm_scan_mindwell(struct ieee80211_scan_state *ss) 6329{ 6330 return; 6331} 6332 6333void 6334iwm_init_task(void *arg1) 6335{ 6336 struct iwm_softc *sc = arg1; 6337 6338 IWM_LOCK(sc); 6339 while (sc->sc_flags & IWM_FLAG_BUSY) 6340 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0); 6341 sc->sc_flags |= IWM_FLAG_BUSY; 6342 iwm_stop(sc); 6343 if (sc->sc_ic.ic_nrunning > 0) 6344 iwm_init(sc); 6345 sc->sc_flags &= ~IWM_FLAG_BUSY; 6346 wakeup(&sc->sc_flags); 6347 IWM_UNLOCK(sc); 6348} 6349 6350static int 6351iwm_resume(device_t dev) 6352{ 6353 struct iwm_softc *sc = device_get_softc(dev); 6354 int do_reinit = 0; 6355 6356 /* 6357 * We disable the RETRY_TIMEOUT register (0x41) to keep 6358 * PCI Tx retries from interfering with C3 CPU state. 6359 */ 6360 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 6361 iwm_init_task(device_get_softc(dev)); 6362 6363 IWM_LOCK(sc); 6364 if (sc->sc_flags & IWM_FLAG_SCANNING) { 6365 sc->sc_flags &= ~IWM_FLAG_SCANNING; 6366 do_reinit = 1; 6367 } 6368 IWM_UNLOCK(sc); 6369 6370 if (do_reinit) 6371 ieee80211_resume_all(&sc->sc_ic); 6372 6373 return 0; 6374} 6375 6376static int 6377iwm_suspend(device_t dev) 6378{ 6379 int do_stop = 0; 6380 struct iwm_softc *sc = device_get_softc(dev); 6381 6382 do_stop = !! (sc->sc_ic.ic_nrunning > 0); 6383 6384 ieee80211_suspend_all(&sc->sc_ic); 6385 6386 if (do_stop) { 6387 IWM_LOCK(sc); 6388 iwm_stop(sc); 6389 sc->sc_flags |= IWM_FLAG_SCANNING; 6390 IWM_UNLOCK(sc); 6391 } 6392 6393 return (0); 6394} 6395 6396static int 6397iwm_detach_local(struct iwm_softc *sc, int do_net80211) 6398{ 6399 struct iwm_fw_info *fw = &sc->sc_fw; 6400 device_t dev = sc->sc_dev; 6401 int i; 6402 6403 if (!sc->sc_attached) 6404 return 0; 6405 sc->sc_attached = 0; 6406 6407 if (do_net80211) 6408 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task); 6409 6410 callout_drain(&sc->sc_led_blink_to); 6411 callout_drain(&sc->sc_watchdog_to); 6412 iwm_stop_device(sc); 6413 if (do_net80211) { 6414 ieee80211_ifdetach(&sc->sc_ic); 6415 } 6416 6417 iwm_phy_db_free(sc->sc_phy_db); 6418 sc->sc_phy_db = NULL; 6419 6420 iwm_free_nvm_data(sc->nvm_data); 6421 6422 /* Free descriptor rings */ 6423 iwm_free_rx_ring(sc, &sc->rxq); 6424 for (i = 0; i < nitems(sc->txq); i++) 6425 iwm_free_tx_ring(sc, &sc->txq[i]); 6426 6427 /* Free firmware */ 6428 if (fw->fw_fp != NULL) 6429 iwm_fw_info_free(fw); 6430 6431 /* Free scheduler */ 6432 iwm_dma_contig_free(&sc->sched_dma); 6433 iwm_dma_contig_free(&sc->ict_dma); 6434 iwm_dma_contig_free(&sc->kw_dma); 6435 iwm_dma_contig_free(&sc->fw_dma); 6436 6437 /* Finished with the hardware - detach things */ 6438 iwm_pci_detach(dev); 6439 6440 if (sc->sc_notif_wait != NULL) { 6441 iwm_notification_wait_free(sc->sc_notif_wait); 6442 sc->sc_notif_wait = NULL; 6443 } 6444 6445 mbufq_drain(&sc->sc_snd); 6446 IWM_LOCK_DESTROY(sc); 6447 6448 return (0); 6449} 6450 6451static int 6452iwm_detach(device_t dev) 6453{ 6454 struct iwm_softc *sc = device_get_softc(dev); 6455 6456 return (iwm_detach_local(sc, 1)); 6457} 6458 6459static device_method_t iwm_pci_methods[] = { 6460 /* Device interface */ 6461 DEVMETHOD(device_probe, iwm_probe), 6462 DEVMETHOD(device_attach, iwm_attach), 6463 DEVMETHOD(device_detach, iwm_detach), 6464 DEVMETHOD(device_suspend, iwm_suspend), 6465 DEVMETHOD(device_resume, iwm_resume), 6466 6467 DEVMETHOD_END 6468}; 6469 6470static driver_t iwm_pci_driver = { 6471 "iwm", 6472 iwm_pci_methods, 6473 sizeof (struct iwm_softc) 6474}; 6475 6476static devclass_t iwm_devclass; 6477 6478DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL); 6479MODULE_DEPEND(iwm, firmware, 1, 1, 1); 6480MODULE_DEPEND(iwm, pci, 1, 1, 1); 6481MODULE_DEPEND(iwm, wlan, 1, 1, 1); 6482