if_iwm.c revision 330219
1/* $OpenBSD: if_iwm.c,v 1.42 2015/05/30 02:49:23 deraadt Exp $ */ 2 3/* 4 * Copyright (c) 2014 genua mbh <info@genua.de> 5 * Copyright (c) 2014 Fixup Software Ltd. 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20/*- 21 * Based on BSD-licensed source modules in the Linux iwlwifi driver, 22 * which were used as the reference documentation for this implementation. 23 * 24 * Driver version we are currently based off of is 25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd) 26 * 27 *********************************************************************** 28 * 29 * This file is provided under a dual BSD/GPLv2 license. When using or 30 * redistributing this file, you may do so under either license. 31 * 32 * GPL LICENSE SUMMARY 33 * 34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved. 35 * 36 * This program is free software; you can redistribute it and/or modify 37 * it under the terms of version 2 of the GNU General Public License as 38 * published by the Free Software Foundation. 39 * 40 * This program is distributed in the hope that it will be useful, but 41 * WITHOUT ANY WARRANTY; without even the implied warranty of 42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 43 * General Public License for more details. 44 * 45 * You should have received a copy of the GNU General Public License 46 * along with this program; if not, write to the Free Software 47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 48 * USA 49 * 50 * The full GNU General Public License is included in this distribution 51 * in the file called COPYING. 52 * 53 * Contact Information: 54 * Intel Linux Wireless <ilw@linux.intel.com> 55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 56 * 57 * 58 * BSD LICENSE 59 * 60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved. 61 * All rights reserved. 62 * 63 * Redistribution and use in source and binary forms, with or without 64 * modification, are permitted provided that the following conditions 65 * are met: 66 * 67 * * Redistributions of source code must retain the above copyright 68 * notice, this list of conditions and the following disclaimer. 69 * * Redistributions in binary form must reproduce the above copyright 70 * notice, this list of conditions and the following disclaimer in 71 * the documentation and/or other materials provided with the 72 * distribution. 73 * * Neither the name Intel Corporation nor the names of its 74 * contributors may be used to endorse or promote products derived 75 * from this software without specific prior written permission. 76 * 77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 88 */ 89 90/*- 91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 92 * 93 * Permission to use, copy, modify, and distribute this software for any 94 * purpose with or without fee is hereby granted, provided that the above 95 * copyright notice and this permission notice appear in all copies. 96 * 97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 104 */ 105#include <sys/cdefs.h> 106__FBSDID("$FreeBSD: stable/11/sys/dev/iwm/if_iwm.c 330219 2018-03-01 06:50:05Z eadler $"); 107 108#include "opt_wlan.h" 109 110#include <sys/param.h> 111#include <sys/bus.h> 112#include <sys/conf.h> 113#include <sys/endian.h> 114#include <sys/firmware.h> 115#include <sys/kernel.h> 116#include <sys/malloc.h> 117#include <sys/mbuf.h> 118#include <sys/mutex.h> 119#include <sys/module.h> 120#include <sys/proc.h> 121#include <sys/rman.h> 122#include <sys/socket.h> 123#include <sys/sockio.h> 124#include <sys/sysctl.h> 125#include <sys/linker.h> 126 127#include <machine/bus.h> 128#include <machine/endian.h> 129#include <machine/resource.h> 130 131#include <dev/pci/pcivar.h> 132#include <dev/pci/pcireg.h> 133 134#include <net/bpf.h> 135 136#include <net/if.h> 137#include <net/if_var.h> 138#include <net/if_arp.h> 139#include <net/if_dl.h> 140#include <net/if_media.h> 141#include <net/if_types.h> 142 143#include <netinet/in.h> 144#include <netinet/in_systm.h> 145#include <netinet/if_ether.h> 146#include <netinet/ip.h> 147 148#include <net80211/ieee80211_var.h> 149#include <net80211/ieee80211_regdomain.h> 150#include <net80211/ieee80211_ratectl.h> 151#include <net80211/ieee80211_radiotap.h> 152 153#include <dev/iwm/if_iwmreg.h> 154#include <dev/iwm/if_iwmvar.h> 155#include <dev/iwm/if_iwm_config.h> 156#include <dev/iwm/if_iwm_debug.h> 157#include <dev/iwm/if_iwm_notif_wait.h> 158#include <dev/iwm/if_iwm_util.h> 159#include <dev/iwm/if_iwm_binding.h> 160#include <dev/iwm/if_iwm_phy_db.h> 161#include <dev/iwm/if_iwm_mac_ctxt.h> 162#include <dev/iwm/if_iwm_phy_ctxt.h> 163#include <dev/iwm/if_iwm_time_event.h> 164#include <dev/iwm/if_iwm_power.h> 165#include <dev/iwm/if_iwm_scan.h> 166#include <dev/iwm/if_iwm_sta.h> 167 168#include <dev/iwm/if_iwm_pcie_trans.h> 169#include <dev/iwm/if_iwm_led.h> 170#include <dev/iwm/if_iwm_fw.h> 171 172/* From DragonflyBSD */ 173#define mtodoff(m, t, off) ((t)((m)->m_data + (off))) 174 175const uint8_t iwm_nvm_channels[] = { 176 /* 2.4 GHz */ 177 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 178 /* 5 GHz */ 179 36, 40, 44, 48, 52, 56, 60, 64, 180 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 181 149, 153, 157, 161, 165 182}; 183_Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS, 184 "IWM_NUM_CHANNELS is too small"); 185 186const uint8_t iwm_nvm_channels_8000[] = { 187 /* 2.4 GHz */ 188 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 189 /* 5 GHz */ 190 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 191 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 192 149, 153, 157, 161, 165, 169, 173, 177, 181 193}; 194_Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000, 195 "IWM_NUM_CHANNELS_8000 is too small"); 196 197#define IWM_NUM_2GHZ_CHANNELS 14 198#define IWM_N_HW_ADDR_MASK 0xF 199 200/* 201 * XXX For now, there's simply a fixed set of rate table entries 202 * that are populated. 203 */ 204const struct iwm_rate { 205 uint8_t rate; 206 uint8_t plcp; 207} iwm_rates[] = { 208 { 2, IWM_RATE_1M_PLCP }, 209 { 4, IWM_RATE_2M_PLCP }, 210 { 11, IWM_RATE_5M_PLCP }, 211 { 22, IWM_RATE_11M_PLCP }, 212 { 12, IWM_RATE_6M_PLCP }, 213 { 18, IWM_RATE_9M_PLCP }, 214 { 24, IWM_RATE_12M_PLCP }, 215 { 36, IWM_RATE_18M_PLCP }, 216 { 48, IWM_RATE_24M_PLCP }, 217 { 72, IWM_RATE_36M_PLCP }, 218 { 96, IWM_RATE_48M_PLCP }, 219 { 108, IWM_RATE_54M_PLCP }, 220}; 221#define IWM_RIDX_CCK 0 222#define IWM_RIDX_OFDM 4 223#define IWM_RIDX_MAX (nitems(iwm_rates)-1) 224#define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM) 225#define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM) 226 227struct iwm_nvm_section { 228 uint16_t length; 229 uint8_t *data; 230}; 231 232#define IWM_MVM_UCODE_ALIVE_TIMEOUT hz 233#define IWM_MVM_UCODE_CALIB_TIMEOUT (2*hz) 234 235struct iwm_mvm_alive_data { 236 int valid; 237 uint32_t scd_base_addr; 238}; 239 240static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t); 241static int iwm_firmware_store_section(struct iwm_softc *, 242 enum iwm_ucode_type, 243 const uint8_t *, size_t); 244static int iwm_set_default_calib(struct iwm_softc *, const void *); 245static void iwm_fw_info_free(struct iwm_fw_info *); 246static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type); 247static int iwm_alloc_fwmem(struct iwm_softc *); 248static int iwm_alloc_sched(struct iwm_softc *); 249static int iwm_alloc_kw(struct iwm_softc *); 250static int iwm_alloc_ict(struct iwm_softc *); 251static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 252static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 253static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 254static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *, 255 int); 256static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 257static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 258static void iwm_enable_interrupts(struct iwm_softc *); 259static void iwm_restore_interrupts(struct iwm_softc *); 260static void iwm_disable_interrupts(struct iwm_softc *); 261static void iwm_ict_reset(struct iwm_softc *); 262static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *); 263static void iwm_stop_device(struct iwm_softc *); 264static void iwm_mvm_nic_config(struct iwm_softc *); 265static int iwm_nic_rx_init(struct iwm_softc *); 266static int iwm_nic_tx_init(struct iwm_softc *); 267static int iwm_nic_init(struct iwm_softc *); 268static int iwm_trans_pcie_fw_alive(struct iwm_softc *, uint32_t); 269static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t, 270 uint16_t, uint8_t *, uint16_t *); 271static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *, 272 uint16_t *, uint32_t); 273static uint32_t iwm_eeprom_channel_flags(uint16_t); 274static void iwm_add_channel_band(struct iwm_softc *, 275 struct ieee80211_channel[], int, int *, int, size_t, 276 const uint8_t[]); 277static void iwm_init_channel_map(struct ieee80211com *, int, int *, 278 struct ieee80211_channel[]); 279static struct iwm_nvm_data * 280 iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *, 281 const uint16_t *, const uint16_t *, 282 const uint16_t *, const uint16_t *, 283 const uint16_t *); 284static void iwm_free_nvm_data(struct iwm_nvm_data *); 285static void iwm_set_hw_address_family_8000(struct iwm_softc *, 286 struct iwm_nvm_data *, 287 const uint16_t *, 288 const uint16_t *); 289static int iwm_get_sku(const struct iwm_softc *, const uint16_t *, 290 const uint16_t *); 291static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *); 292static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *, 293 const uint16_t *); 294static int iwm_get_n_hw_addrs(const struct iwm_softc *, 295 const uint16_t *); 296static void iwm_set_radio_cfg(const struct iwm_softc *, 297 struct iwm_nvm_data *, uint32_t); 298static struct iwm_nvm_data * 299 iwm_parse_nvm_sections(struct iwm_softc *, struct iwm_nvm_section *); 300static int iwm_nvm_init(struct iwm_softc *); 301static int iwm_pcie_load_section(struct iwm_softc *, uint8_t, 302 const struct iwm_fw_desc *); 303static int iwm_pcie_load_firmware_chunk(struct iwm_softc *, uint32_t, 304 bus_addr_t, uint32_t); 305static int iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc, 306 const struct iwm_fw_sects *, 307 int, int *); 308static int iwm_pcie_load_cpu_sections(struct iwm_softc *, 309 const struct iwm_fw_sects *, 310 int, int *); 311static int iwm_pcie_load_given_ucode_8000(struct iwm_softc *, 312 const struct iwm_fw_sects *); 313static int iwm_pcie_load_given_ucode(struct iwm_softc *, 314 const struct iwm_fw_sects *); 315static int iwm_start_fw(struct iwm_softc *, const struct iwm_fw_sects *); 316static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t); 317static int iwm_send_phy_cfg_cmd(struct iwm_softc *); 318static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *, 319 enum iwm_ucode_type); 320static int iwm_run_init_mvm_ucode(struct iwm_softc *, int); 321static int iwm_rx_addbuf(struct iwm_softc *, int, int); 322static int iwm_mvm_get_signal_strength(struct iwm_softc *, 323 struct iwm_rx_phy_info *); 324static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *, 325 struct iwm_rx_packet *); 326static int iwm_get_noise(struct iwm_softc *sc, 327 const struct iwm_mvm_statistics_rx_non_phy *); 328static boolean_t iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct mbuf *, 329 uint32_t, boolean_t); 330static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *, 331 struct iwm_rx_packet *, 332 struct iwm_node *); 333static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *); 334static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *); 335#if 0 336static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t, 337 uint16_t); 338#endif 339static const struct iwm_rate * 340 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *, 341 struct mbuf *, struct iwm_tx_cmd *); 342static int iwm_tx(struct iwm_softc *, struct mbuf *, 343 struct ieee80211_node *, int); 344static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *, 345 const struct ieee80211_bpf_params *); 346static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_vap *); 347static int iwm_auth(struct ieee80211vap *, struct iwm_softc *); 348static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *); 349static int iwm_release(struct iwm_softc *, struct iwm_node *); 350static struct ieee80211_node * 351 iwm_node_alloc(struct ieee80211vap *, 352 const uint8_t[IEEE80211_ADDR_LEN]); 353static void iwm_setrates(struct iwm_softc *, struct iwm_node *); 354static int iwm_media_change(struct ifnet *); 355static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int); 356static void iwm_endscan_cb(void *, int); 357static void iwm_mvm_fill_sf_command(struct iwm_softc *, 358 struct iwm_sf_cfg_cmd *, 359 struct ieee80211_node *); 360static int iwm_mvm_sf_config(struct iwm_softc *, enum iwm_sf_state); 361static int iwm_send_bt_init_conf(struct iwm_softc *); 362static boolean_t iwm_mvm_is_lar_supported(struct iwm_softc *); 363static boolean_t iwm_mvm_is_wifi_mcc_supported(struct iwm_softc *); 364static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *); 365static void iwm_mvm_tt_tx_backoff(struct iwm_softc *, uint32_t); 366static int iwm_init_hw(struct iwm_softc *); 367static void iwm_init(struct iwm_softc *); 368static void iwm_start(struct iwm_softc *); 369static void iwm_stop(struct iwm_softc *); 370static void iwm_watchdog(void *); 371static void iwm_parent(struct ieee80211com *); 372#ifdef IWM_DEBUG 373static const char * 374 iwm_desc_lookup(uint32_t); 375static void iwm_nic_error(struct iwm_softc *); 376static void iwm_nic_umac_error(struct iwm_softc *); 377#endif 378static void iwm_handle_rxb(struct iwm_softc *, struct mbuf *); 379static void iwm_notif_intr(struct iwm_softc *); 380static void iwm_intr(void *); 381static int iwm_attach(device_t); 382static int iwm_is_valid_ether_addr(uint8_t *); 383static void iwm_preinit(void *); 384static int iwm_detach_local(struct iwm_softc *sc, int); 385static void iwm_init_task(void *); 386static void iwm_radiotap_attach(struct iwm_softc *); 387static struct ieee80211vap * 388 iwm_vap_create(struct ieee80211com *, 389 const char [IFNAMSIZ], int, 390 enum ieee80211_opmode, int, 391 const uint8_t [IEEE80211_ADDR_LEN], 392 const uint8_t [IEEE80211_ADDR_LEN]); 393static void iwm_vap_delete(struct ieee80211vap *); 394static void iwm_scan_start(struct ieee80211com *); 395static void iwm_scan_end(struct ieee80211com *); 396static void iwm_update_mcast(struct ieee80211com *); 397static void iwm_set_channel(struct ieee80211com *); 398static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long); 399static void iwm_scan_mindwell(struct ieee80211_scan_state *); 400static int iwm_detach(device_t); 401 402static int iwm_lar_disable = 0; 403TUNABLE_INT("hw.iwm.lar.disable", &iwm_lar_disable); 404 405/* 406 * Firmware parser. 407 */ 408 409static int 410iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen) 411{ 412 const struct iwm_fw_cscheme_list *l = (const void *)data; 413 414 if (dlen < sizeof(*l) || 415 dlen < sizeof(l->size) + l->size * sizeof(*l->cs)) 416 return EINVAL; 417 418 /* we don't actually store anything for now, always use s/w crypto */ 419 420 return 0; 421} 422 423static int 424iwm_firmware_store_section(struct iwm_softc *sc, 425 enum iwm_ucode_type type, const uint8_t *data, size_t dlen) 426{ 427 struct iwm_fw_sects *fws; 428 struct iwm_fw_desc *fwone; 429 430 if (type >= IWM_UCODE_TYPE_MAX) 431 return EINVAL; 432 if (dlen < sizeof(uint32_t)) 433 return EINVAL; 434 435 fws = &sc->sc_fw.fw_sects[type]; 436 if (fws->fw_count >= IWM_UCODE_SECTION_MAX) 437 return EINVAL; 438 439 fwone = &fws->fw_sect[fws->fw_count]; 440 441 /* first 32bit are device load offset */ 442 memcpy(&fwone->offset, data, sizeof(uint32_t)); 443 444 /* rest is data */ 445 fwone->data = data + sizeof(uint32_t); 446 fwone->len = dlen - sizeof(uint32_t); 447 448 fws->fw_count++; 449 450 return 0; 451} 452 453#define IWM_DEFAULT_SCAN_CHANNELS 40 454 455/* iwlwifi: iwl-drv.c */ 456struct iwm_tlv_calib_data { 457 uint32_t ucode_type; 458 struct iwm_tlv_calib_ctrl calib; 459} __packed; 460 461static int 462iwm_set_default_calib(struct iwm_softc *sc, const void *data) 463{ 464 const struct iwm_tlv_calib_data *def_calib = data; 465 uint32_t ucode_type = le32toh(def_calib->ucode_type); 466 467 if (ucode_type >= IWM_UCODE_TYPE_MAX) { 468 device_printf(sc->sc_dev, 469 "Wrong ucode_type %u for default " 470 "calibration.\n", ucode_type); 471 return EINVAL; 472 } 473 474 sc->sc_default_calib[ucode_type].flow_trigger = 475 def_calib->calib.flow_trigger; 476 sc->sc_default_calib[ucode_type].event_trigger = 477 def_calib->calib.event_trigger; 478 479 return 0; 480} 481 482static int 483iwm_set_ucode_api_flags(struct iwm_softc *sc, const uint8_t *data, 484 struct iwm_ucode_capabilities *capa) 485{ 486 const struct iwm_ucode_api *ucode_api = (const void *)data; 487 uint32_t api_index = le32toh(ucode_api->api_index); 488 uint32_t api_flags = le32toh(ucode_api->api_flags); 489 int i; 490 491 if (api_index >= howmany(IWM_NUM_UCODE_TLV_API, 32)) { 492 device_printf(sc->sc_dev, 493 "api flags index %d larger than supported by driver\n", 494 api_index); 495 /* don't return an error so we can load FW that has more bits */ 496 return 0; 497 } 498 499 for (i = 0; i < 32; i++) { 500 if (api_flags & (1U << i)) 501 setbit(capa->enabled_api, i + 32 * api_index); 502 } 503 504 return 0; 505} 506 507static int 508iwm_set_ucode_capabilities(struct iwm_softc *sc, const uint8_t *data, 509 struct iwm_ucode_capabilities *capa) 510{ 511 const struct iwm_ucode_capa *ucode_capa = (const void *)data; 512 uint32_t api_index = le32toh(ucode_capa->api_index); 513 uint32_t api_flags = le32toh(ucode_capa->api_capa); 514 int i; 515 516 if (api_index >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) { 517 device_printf(sc->sc_dev, 518 "capa flags index %d larger than supported by driver\n", 519 api_index); 520 /* don't return an error so we can load FW that has more bits */ 521 return 0; 522 } 523 524 for (i = 0; i < 32; i++) { 525 if (api_flags & (1U << i)) 526 setbit(capa->enabled_capa, i + 32 * api_index); 527 } 528 529 return 0; 530} 531 532static void 533iwm_fw_info_free(struct iwm_fw_info *fw) 534{ 535 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD); 536 fw->fw_fp = NULL; 537 /* don't touch fw->fw_status */ 538 memset(fw->fw_sects, 0, sizeof(fw->fw_sects)); 539} 540 541static int 542iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 543{ 544 struct iwm_fw_info *fw = &sc->sc_fw; 545 const struct iwm_tlv_ucode_header *uhdr; 546 const struct iwm_ucode_tlv *tlv; 547 struct iwm_ucode_capabilities *capa = &sc->ucode_capa; 548 enum iwm_ucode_tlv_type tlv_type; 549 const struct firmware *fwp; 550 const uint8_t *data; 551 uint32_t tlv_len; 552 uint32_t usniffer_img; 553 const uint8_t *tlv_data; 554 uint32_t paging_mem_size; 555 int num_of_cpus; 556 int error = 0; 557 size_t len; 558 559 if (fw->fw_status == IWM_FW_STATUS_DONE && 560 ucode_type != IWM_UCODE_INIT) 561 return 0; 562 563 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS) 564 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0); 565 fw->fw_status = IWM_FW_STATUS_INPROGRESS; 566 567 if (fw->fw_fp != NULL) 568 iwm_fw_info_free(fw); 569 570 /* 571 * Load firmware into driver memory. 572 * fw_fp will be set. 573 */ 574 IWM_UNLOCK(sc); 575 fwp = firmware_get(sc->cfg->fw_name); 576 IWM_LOCK(sc); 577 if (fwp == NULL) { 578 device_printf(sc->sc_dev, 579 "could not read firmware %s (error %d)\n", 580 sc->cfg->fw_name, error); 581 goto out; 582 } 583 fw->fw_fp = fwp; 584 585 /* (Re-)Initialize default values. */ 586 capa->flags = 0; 587 capa->max_probe_length = IWM_DEFAULT_MAX_PROBE_LENGTH; 588 capa->n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS; 589 memset(capa->enabled_capa, 0, sizeof(capa->enabled_capa)); 590 memset(capa->enabled_api, 0, sizeof(capa->enabled_api)); 591 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc)); 592 593 /* 594 * Parse firmware contents 595 */ 596 597 uhdr = (const void *)fw->fw_fp->data; 598 if (*(const uint32_t *)fw->fw_fp->data != 0 599 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) { 600 device_printf(sc->sc_dev, "invalid firmware %s\n", 601 sc->cfg->fw_name); 602 error = EINVAL; 603 goto out; 604 } 605 606 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%u.%u (API ver %u)", 607 IWM_UCODE_MAJOR(le32toh(uhdr->ver)), 608 IWM_UCODE_MINOR(le32toh(uhdr->ver)), 609 IWM_UCODE_API(le32toh(uhdr->ver))); 610 data = uhdr->data; 611 len = fw->fw_fp->datasize - sizeof(*uhdr); 612 613 while (len >= sizeof(*tlv)) { 614 len -= sizeof(*tlv); 615 tlv = (const void *)data; 616 617 tlv_len = le32toh(tlv->length); 618 tlv_type = le32toh(tlv->type); 619 tlv_data = tlv->data; 620 621 if (len < tlv_len) { 622 device_printf(sc->sc_dev, 623 "firmware too short: %zu bytes\n", 624 len); 625 error = EINVAL; 626 goto parse_out; 627 } 628 len -= roundup2(tlv_len, 4); 629 data += sizeof(tlv) + roundup2(tlv_len, 4); 630 631 switch ((int)tlv_type) { 632 case IWM_UCODE_TLV_PROBE_MAX_LEN: 633 if (tlv_len != sizeof(uint32_t)) { 634 device_printf(sc->sc_dev, 635 "%s: PROBE_MAX_LEN (%d) != sizeof(uint32_t)\n", 636 __func__, 637 (int) tlv_len); 638 error = EINVAL; 639 goto parse_out; 640 } 641 capa->max_probe_length = 642 le32_to_cpup((const uint32_t *)tlv_data); 643 /* limit it to something sensible */ 644 if (capa->max_probe_length > 645 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) { 646 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 647 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN " 648 "ridiculous\n", __func__); 649 error = EINVAL; 650 goto parse_out; 651 } 652 break; 653 case IWM_UCODE_TLV_PAN: 654 if (tlv_len) { 655 device_printf(sc->sc_dev, 656 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n", 657 __func__, 658 (int) tlv_len); 659 error = EINVAL; 660 goto parse_out; 661 } 662 capa->flags |= IWM_UCODE_TLV_FLAGS_PAN; 663 break; 664 case IWM_UCODE_TLV_FLAGS: 665 if (tlv_len < sizeof(uint32_t)) { 666 device_printf(sc->sc_dev, 667 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n", 668 __func__, 669 (int) tlv_len); 670 error = EINVAL; 671 goto parse_out; 672 } 673 if (tlv_len % sizeof(uint32_t)) { 674 device_printf(sc->sc_dev, 675 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) %% sizeof(uint32_t)\n", 676 __func__, 677 (int) tlv_len); 678 error = EINVAL; 679 goto parse_out; 680 } 681 /* 682 * Apparently there can be many flags, but Linux driver 683 * parses only the first one, and so do we. 684 * 685 * XXX: why does this override IWM_UCODE_TLV_PAN? 686 * Intentional or a bug? Observations from 687 * current firmware file: 688 * 1) TLV_PAN is parsed first 689 * 2) TLV_FLAGS contains TLV_FLAGS_PAN 690 * ==> this resets TLV_PAN to itself... hnnnk 691 */ 692 capa->flags = le32_to_cpup((const uint32_t *)tlv_data); 693 break; 694 case IWM_UCODE_TLV_CSCHEME: 695 if ((error = iwm_store_cscheme(sc, 696 tlv_data, tlv_len)) != 0) { 697 device_printf(sc->sc_dev, 698 "%s: iwm_store_cscheme(): returned %d\n", 699 __func__, 700 error); 701 goto parse_out; 702 } 703 break; 704 case IWM_UCODE_TLV_NUM_OF_CPU: 705 if (tlv_len != sizeof(uint32_t)) { 706 device_printf(sc->sc_dev, 707 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) != sizeof(uint32_t)\n", 708 __func__, 709 (int) tlv_len); 710 error = EINVAL; 711 goto parse_out; 712 } 713 num_of_cpus = le32_to_cpup((const uint32_t *)tlv_data); 714 if (num_of_cpus == 2) { 715 fw->fw_sects[IWM_UCODE_REGULAR].is_dual_cpus = 716 TRUE; 717 fw->fw_sects[IWM_UCODE_INIT].is_dual_cpus = 718 TRUE; 719 fw->fw_sects[IWM_UCODE_WOWLAN].is_dual_cpus = 720 TRUE; 721 } else if ((num_of_cpus > 2) || (num_of_cpus < 1)) { 722 device_printf(sc->sc_dev, 723 "%s: Driver supports only 1 or 2 CPUs\n", 724 __func__); 725 error = EINVAL; 726 goto parse_out; 727 } 728 break; 729 case IWM_UCODE_TLV_SEC_RT: 730 if ((error = iwm_firmware_store_section(sc, 731 IWM_UCODE_REGULAR, tlv_data, tlv_len)) != 0) { 732 device_printf(sc->sc_dev, 733 "%s: IWM_UCODE_REGULAR: iwm_firmware_store_section() failed; %d\n", 734 __func__, 735 error); 736 goto parse_out; 737 } 738 break; 739 case IWM_UCODE_TLV_SEC_INIT: 740 if ((error = iwm_firmware_store_section(sc, 741 IWM_UCODE_INIT, tlv_data, tlv_len)) != 0) { 742 device_printf(sc->sc_dev, 743 "%s: IWM_UCODE_INIT: iwm_firmware_store_section() failed; %d\n", 744 __func__, 745 error); 746 goto parse_out; 747 } 748 break; 749 case IWM_UCODE_TLV_SEC_WOWLAN: 750 if ((error = iwm_firmware_store_section(sc, 751 IWM_UCODE_WOWLAN, tlv_data, tlv_len)) != 0) { 752 device_printf(sc->sc_dev, 753 "%s: IWM_UCODE_WOWLAN: iwm_firmware_store_section() failed; %d\n", 754 __func__, 755 error); 756 goto parse_out; 757 } 758 break; 759 case IWM_UCODE_TLV_DEF_CALIB: 760 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) { 761 device_printf(sc->sc_dev, 762 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n", 763 __func__, 764 (int) tlv_len, 765 (int) sizeof(struct iwm_tlv_calib_data)); 766 error = EINVAL; 767 goto parse_out; 768 } 769 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) { 770 device_printf(sc->sc_dev, 771 "%s: iwm_set_default_calib() failed: %d\n", 772 __func__, 773 error); 774 goto parse_out; 775 } 776 break; 777 case IWM_UCODE_TLV_PHY_SKU: 778 if (tlv_len != sizeof(uint32_t)) { 779 error = EINVAL; 780 device_printf(sc->sc_dev, 781 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n", 782 __func__, 783 (int) tlv_len); 784 goto parse_out; 785 } 786 sc->sc_fw.phy_config = 787 le32_to_cpup((const uint32_t *)tlv_data); 788 sc->sc_fw.valid_tx_ant = (sc->sc_fw.phy_config & 789 IWM_FW_PHY_CFG_TX_CHAIN) >> 790 IWM_FW_PHY_CFG_TX_CHAIN_POS; 791 sc->sc_fw.valid_rx_ant = (sc->sc_fw.phy_config & 792 IWM_FW_PHY_CFG_RX_CHAIN) >> 793 IWM_FW_PHY_CFG_RX_CHAIN_POS; 794 break; 795 796 case IWM_UCODE_TLV_API_CHANGES_SET: { 797 if (tlv_len != sizeof(struct iwm_ucode_api)) { 798 error = EINVAL; 799 goto parse_out; 800 } 801 if (iwm_set_ucode_api_flags(sc, tlv_data, capa)) { 802 error = EINVAL; 803 goto parse_out; 804 } 805 break; 806 } 807 808 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: { 809 if (tlv_len != sizeof(struct iwm_ucode_capa)) { 810 error = EINVAL; 811 goto parse_out; 812 } 813 if (iwm_set_ucode_capabilities(sc, tlv_data, capa)) { 814 error = EINVAL; 815 goto parse_out; 816 } 817 break; 818 } 819 820 case 48: /* undocumented TLV */ 821 case IWM_UCODE_TLV_SDIO_ADMA_ADDR: 822 case IWM_UCODE_TLV_FW_GSCAN_CAPA: 823 /* ignore, not used by current driver */ 824 break; 825 826 case IWM_UCODE_TLV_SEC_RT_USNIFFER: 827 if ((error = iwm_firmware_store_section(sc, 828 IWM_UCODE_REGULAR_USNIFFER, tlv_data, 829 tlv_len)) != 0) 830 goto parse_out; 831 break; 832 833 case IWM_UCODE_TLV_PAGING: 834 if (tlv_len != sizeof(uint32_t)) { 835 error = EINVAL; 836 goto parse_out; 837 } 838 paging_mem_size = le32_to_cpup((const uint32_t *)tlv_data); 839 840 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 841 "%s: Paging: paging enabled (size = %u bytes)\n", 842 __func__, paging_mem_size); 843 if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) { 844 device_printf(sc->sc_dev, 845 "%s: Paging: driver supports up to %u bytes for paging image\n", 846 __func__, IWM_MAX_PAGING_IMAGE_SIZE); 847 error = EINVAL; 848 goto out; 849 } 850 if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) { 851 device_printf(sc->sc_dev, 852 "%s: Paging: image isn't multiple %u\n", 853 __func__, IWM_FW_PAGING_SIZE); 854 error = EINVAL; 855 goto out; 856 } 857 858 sc->sc_fw.fw_sects[IWM_UCODE_REGULAR].paging_mem_size = 859 paging_mem_size; 860 usniffer_img = IWM_UCODE_REGULAR_USNIFFER; 861 sc->sc_fw.fw_sects[usniffer_img].paging_mem_size = 862 paging_mem_size; 863 break; 864 865 case IWM_UCODE_TLV_N_SCAN_CHANNELS: 866 if (tlv_len != sizeof(uint32_t)) { 867 error = EINVAL; 868 goto parse_out; 869 } 870 capa->n_scan_channels = 871 le32_to_cpup((const uint32_t *)tlv_data); 872 break; 873 874 case IWM_UCODE_TLV_FW_VERSION: 875 if (tlv_len != sizeof(uint32_t) * 3) { 876 error = EINVAL; 877 goto parse_out; 878 } 879 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), 880 "%d.%d.%d", 881 le32toh(((const uint32_t *)tlv_data)[0]), 882 le32toh(((const uint32_t *)tlv_data)[1]), 883 le32toh(((const uint32_t *)tlv_data)[2])); 884 break; 885 886 case IWM_UCODE_TLV_FW_MEM_SEG: 887 break; 888 889 default: 890 device_printf(sc->sc_dev, 891 "%s: unknown firmware section %d, abort\n", 892 __func__, tlv_type); 893 error = EINVAL; 894 goto parse_out; 895 } 896 } 897 898 KASSERT(error == 0, ("unhandled error")); 899 900 parse_out: 901 if (error) { 902 device_printf(sc->sc_dev, "firmware parse error %d, " 903 "section type %d\n", error, tlv_type); 904 } 905 906 out: 907 if (error) { 908 fw->fw_status = IWM_FW_STATUS_NONE; 909 if (fw->fw_fp != NULL) 910 iwm_fw_info_free(fw); 911 } else 912 fw->fw_status = IWM_FW_STATUS_DONE; 913 wakeup(&sc->sc_fw); 914 915 return error; 916} 917 918/* 919 * DMA resource routines 920 */ 921 922/* fwmem is used to load firmware onto the card */ 923static int 924iwm_alloc_fwmem(struct iwm_softc *sc) 925{ 926 /* Must be aligned on a 16-byte boundary. */ 927 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, 928 IWM_FH_MEM_TB_MAX_LENGTH, 16); 929} 930 931/* tx scheduler rings. not used? */ 932static int 933iwm_alloc_sched(struct iwm_softc *sc) 934{ 935 /* TX scheduler rings must be aligned on a 1KB boundary. */ 936 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma, 937 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024); 938} 939 940/* keep-warm page is used internally by the card. see iwl-fh.h for more info */ 941static int 942iwm_alloc_kw(struct iwm_softc *sc) 943{ 944 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096); 945} 946 947/* interrupt cause table */ 948static int 949iwm_alloc_ict(struct iwm_softc *sc) 950{ 951 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, 952 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT); 953} 954 955static int 956iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 957{ 958 bus_size_t size; 959 int i, error; 960 961 ring->cur = 0; 962 963 /* Allocate RX descriptors (256-byte aligned). */ 964 size = IWM_RX_RING_COUNT * sizeof(uint32_t); 965 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 966 if (error != 0) { 967 device_printf(sc->sc_dev, 968 "could not allocate RX ring DMA memory\n"); 969 goto fail; 970 } 971 ring->desc = ring->desc_dma.vaddr; 972 973 /* Allocate RX status area (16-byte aligned). */ 974 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma, 975 sizeof(*ring->stat), 16); 976 if (error != 0) { 977 device_printf(sc->sc_dev, 978 "could not allocate RX status DMA memory\n"); 979 goto fail; 980 } 981 ring->stat = ring->stat_dma.vaddr; 982 983 /* Create RX buffer DMA tag. */ 984 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 985 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 986 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat); 987 if (error != 0) { 988 device_printf(sc->sc_dev, 989 "%s: could not create RX buf DMA tag, error %d\n", 990 __func__, error); 991 goto fail; 992 } 993 994 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */ 995 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map); 996 if (error != 0) { 997 device_printf(sc->sc_dev, 998 "%s: could not create RX buf DMA map, error %d\n", 999 __func__, error); 1000 goto fail; 1001 } 1002 /* 1003 * Allocate and map RX buffers. 1004 */ 1005 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 1006 struct iwm_rx_data *data = &ring->data[i]; 1007 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1008 if (error != 0) { 1009 device_printf(sc->sc_dev, 1010 "%s: could not create RX buf DMA map, error %d\n", 1011 __func__, error); 1012 goto fail; 1013 } 1014 data->m = NULL; 1015 1016 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) { 1017 goto fail; 1018 } 1019 } 1020 return 0; 1021 1022fail: iwm_free_rx_ring(sc, ring); 1023 return error; 1024} 1025 1026static void 1027iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1028{ 1029 /* Reset the ring state */ 1030 ring->cur = 0; 1031 1032 /* 1033 * The hw rx ring index in shared memory must also be cleared, 1034 * otherwise the discrepancy can cause reprocessing chaos. 1035 */ 1036 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1037} 1038 1039static void 1040iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1041{ 1042 int i; 1043 1044 iwm_dma_contig_free(&ring->desc_dma); 1045 iwm_dma_contig_free(&ring->stat_dma); 1046 1047 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 1048 struct iwm_rx_data *data = &ring->data[i]; 1049 1050 if (data->m != NULL) { 1051 bus_dmamap_sync(ring->data_dmat, data->map, 1052 BUS_DMASYNC_POSTREAD); 1053 bus_dmamap_unload(ring->data_dmat, data->map); 1054 m_freem(data->m); 1055 data->m = NULL; 1056 } 1057 if (data->map != NULL) { 1058 bus_dmamap_destroy(ring->data_dmat, data->map); 1059 data->map = NULL; 1060 } 1061 } 1062 if (ring->spare_map != NULL) { 1063 bus_dmamap_destroy(ring->data_dmat, ring->spare_map); 1064 ring->spare_map = NULL; 1065 } 1066 if (ring->data_dmat != NULL) { 1067 bus_dma_tag_destroy(ring->data_dmat); 1068 ring->data_dmat = NULL; 1069 } 1070} 1071 1072static int 1073iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid) 1074{ 1075 bus_addr_t paddr; 1076 bus_size_t size; 1077 size_t maxsize; 1078 int nsegments; 1079 int i, error; 1080 1081 ring->qid = qid; 1082 ring->queued = 0; 1083 ring->cur = 0; 1084 1085 /* Allocate TX descriptors (256-byte aligned). */ 1086 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd); 1087 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 1088 if (error != 0) { 1089 device_printf(sc->sc_dev, 1090 "could not allocate TX ring DMA memory\n"); 1091 goto fail; 1092 } 1093 ring->desc = ring->desc_dma.vaddr; 1094 1095 /* 1096 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need 1097 * to allocate commands space for other rings. 1098 */ 1099 if (qid > IWM_MVM_CMD_QUEUE) 1100 return 0; 1101 1102 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd); 1103 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4); 1104 if (error != 0) { 1105 device_printf(sc->sc_dev, 1106 "could not allocate TX cmd DMA memory\n"); 1107 goto fail; 1108 } 1109 ring->cmd = ring->cmd_dma.vaddr; 1110 1111 /* FW commands may require more mapped space than packets. */ 1112 if (qid == IWM_MVM_CMD_QUEUE) { 1113 maxsize = IWM_RBUF_SIZE; 1114 nsegments = 1; 1115 } else { 1116 maxsize = MCLBYTES; 1117 nsegments = IWM_MAX_SCATTER - 2; 1118 } 1119 1120 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 1121 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize, 1122 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat); 1123 if (error != 0) { 1124 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n"); 1125 goto fail; 1126 } 1127 1128 paddr = ring->cmd_dma.paddr; 1129 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1130 struct iwm_tx_data *data = &ring->data[i]; 1131 1132 data->cmd_paddr = paddr; 1133 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header) 1134 + offsetof(struct iwm_tx_cmd, scratch); 1135 paddr += sizeof(struct iwm_device_cmd); 1136 1137 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1138 if (error != 0) { 1139 device_printf(sc->sc_dev, 1140 "could not create TX buf DMA map\n"); 1141 goto fail; 1142 } 1143 } 1144 KASSERT(paddr == ring->cmd_dma.paddr + size, 1145 ("invalid physical address")); 1146 return 0; 1147 1148fail: iwm_free_tx_ring(sc, ring); 1149 return error; 1150} 1151 1152static void 1153iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1154{ 1155 int i; 1156 1157 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1158 struct iwm_tx_data *data = &ring->data[i]; 1159 1160 if (data->m != NULL) { 1161 bus_dmamap_sync(ring->data_dmat, data->map, 1162 BUS_DMASYNC_POSTWRITE); 1163 bus_dmamap_unload(ring->data_dmat, data->map); 1164 m_freem(data->m); 1165 data->m = NULL; 1166 } 1167 } 1168 /* Clear TX descriptors. */ 1169 memset(ring->desc, 0, ring->desc_dma.size); 1170 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1171 BUS_DMASYNC_PREWRITE); 1172 sc->qfullmsk &= ~(1 << ring->qid); 1173 ring->queued = 0; 1174 ring->cur = 0; 1175 1176 if (ring->qid == IWM_MVM_CMD_QUEUE && sc->cmd_hold_nic_awake) 1177 iwm_pcie_clear_cmd_in_flight(sc); 1178} 1179 1180static void 1181iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1182{ 1183 int i; 1184 1185 iwm_dma_contig_free(&ring->desc_dma); 1186 iwm_dma_contig_free(&ring->cmd_dma); 1187 1188 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1189 struct iwm_tx_data *data = &ring->data[i]; 1190 1191 if (data->m != NULL) { 1192 bus_dmamap_sync(ring->data_dmat, data->map, 1193 BUS_DMASYNC_POSTWRITE); 1194 bus_dmamap_unload(ring->data_dmat, data->map); 1195 m_freem(data->m); 1196 data->m = NULL; 1197 } 1198 if (data->map != NULL) { 1199 bus_dmamap_destroy(ring->data_dmat, data->map); 1200 data->map = NULL; 1201 } 1202 } 1203 if (ring->data_dmat != NULL) { 1204 bus_dma_tag_destroy(ring->data_dmat); 1205 ring->data_dmat = NULL; 1206 } 1207} 1208 1209/* 1210 * High-level hardware frobbing routines 1211 */ 1212 1213static void 1214iwm_enable_interrupts(struct iwm_softc *sc) 1215{ 1216 sc->sc_intmask = IWM_CSR_INI_SET_MASK; 1217 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1218} 1219 1220static void 1221iwm_restore_interrupts(struct iwm_softc *sc) 1222{ 1223 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1224} 1225 1226static void 1227iwm_disable_interrupts(struct iwm_softc *sc) 1228{ 1229 /* disable interrupts */ 1230 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 1231 1232 /* acknowledge all interrupts */ 1233 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1234 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0); 1235} 1236 1237static void 1238iwm_ict_reset(struct iwm_softc *sc) 1239{ 1240 iwm_disable_interrupts(sc); 1241 1242 /* Reset ICT table. */ 1243 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE); 1244 sc->ict_cur = 0; 1245 1246 /* Set physical address of ICT table (4KB aligned). */ 1247 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG, 1248 IWM_CSR_DRAM_INT_TBL_ENABLE 1249 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER 1250 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK 1251 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT); 1252 1253 /* Switch to ICT interrupt mode in driver. */ 1254 sc->sc_flags |= IWM_FLAG_USE_ICT; 1255 1256 /* Re-enable interrupts. */ 1257 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1258 iwm_enable_interrupts(sc); 1259} 1260 1261/* iwlwifi pcie/trans.c */ 1262 1263/* 1264 * Since this .. hard-resets things, it's time to actually 1265 * mark the first vap (if any) as having no mac context. 1266 * It's annoying, but since the driver is potentially being 1267 * stop/start'ed whilst active (thanks openbsd port!) we 1268 * have to correctly track this. 1269 */ 1270static void 1271iwm_stop_device(struct iwm_softc *sc) 1272{ 1273 struct ieee80211com *ic = &sc->sc_ic; 1274 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1275 int chnl, qid; 1276 uint32_t mask = 0; 1277 1278 /* tell the device to stop sending interrupts */ 1279 iwm_disable_interrupts(sc); 1280 1281 /* 1282 * FreeBSD-local: mark the first vap as not-uploaded, 1283 * so the next transition through auth/assoc 1284 * will correctly populate the MAC context. 1285 */ 1286 if (vap) { 1287 struct iwm_vap *iv = IWM_VAP(vap); 1288 iv->phy_ctxt = NULL; 1289 iv->is_uploaded = 0; 1290 } 1291 1292 /* device going down, Stop using ICT table */ 1293 sc->sc_flags &= ~IWM_FLAG_USE_ICT; 1294 1295 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */ 1296 1297 if (iwm_nic_lock(sc)) { 1298 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1299 1300 /* Stop each Tx DMA channel */ 1301 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1302 IWM_WRITE(sc, 1303 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0); 1304 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl); 1305 } 1306 1307 /* Wait for DMA channels to be idle */ 1308 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask, 1309 5000)) { 1310 device_printf(sc->sc_dev, 1311 "Failing on timeout while stopping DMA channel: [0x%08x]\n", 1312 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG)); 1313 } 1314 iwm_nic_unlock(sc); 1315 } 1316 iwm_pcie_rx_stop(sc); 1317 1318 /* Stop RX ring. */ 1319 iwm_reset_rx_ring(sc, &sc->rxq); 1320 1321 /* Reset all TX rings. */ 1322 for (qid = 0; qid < nitems(sc->txq); qid++) 1323 iwm_reset_tx_ring(sc, &sc->txq[qid]); 1324 1325 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 1326 /* Power-down device's busmaster DMA clocks */ 1327 if (iwm_nic_lock(sc)) { 1328 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, 1329 IWM_APMG_CLK_VAL_DMA_CLK_RQT); 1330 iwm_nic_unlock(sc); 1331 } 1332 DELAY(5); 1333 } 1334 1335 /* Make sure (redundant) we've released our request to stay awake */ 1336 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 1337 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1338 1339 /* Stop the device, and put it in low power state */ 1340 iwm_apm_stop(sc); 1341 1342 /* Upon stop, the APM issues an interrupt if HW RF kill is set. 1343 * Clean again the interrupt here 1344 */ 1345 iwm_disable_interrupts(sc); 1346 /* stop and reset the on-board processor */ 1347 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET); 1348 1349 /* 1350 * Even if we stop the HW, we still want the RF kill 1351 * interrupt 1352 */ 1353 iwm_enable_rfkill_int(sc); 1354 iwm_check_rfkill(sc); 1355} 1356 1357/* iwlwifi: mvm/ops.c */ 1358static void 1359iwm_mvm_nic_config(struct iwm_softc *sc) 1360{ 1361 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash; 1362 uint32_t reg_val = 0; 1363 uint32_t phy_config = iwm_mvm_get_phy_config(sc); 1364 1365 radio_cfg_type = (phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >> 1366 IWM_FW_PHY_CFG_RADIO_TYPE_POS; 1367 radio_cfg_step = (phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >> 1368 IWM_FW_PHY_CFG_RADIO_STEP_POS; 1369 radio_cfg_dash = (phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >> 1370 IWM_FW_PHY_CFG_RADIO_DASH_POS; 1371 1372 /* SKU control */ 1373 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) << 1374 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP; 1375 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) << 1376 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH; 1377 1378 /* radio configuration */ 1379 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE; 1380 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP; 1381 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH; 1382 1383 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val); 1384 1385 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1386 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type, 1387 radio_cfg_step, radio_cfg_dash); 1388 1389 /* 1390 * W/A : NIC is stuck in a reset state after Early PCIe power off 1391 * (PCIe power is lost before PERST# is asserted), causing ME FW 1392 * to lose ownership and not being able to obtain it back. 1393 */ 1394 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 1395 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG, 1396 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS, 1397 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS); 1398 } 1399} 1400 1401static int 1402iwm_nic_rx_init(struct iwm_softc *sc) 1403{ 1404 /* 1405 * Initialize RX ring. This is from the iwn driver. 1406 */ 1407 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1408 1409 /* Stop Rx DMA */ 1410 iwm_pcie_rx_stop(sc); 1411 1412 if (!iwm_nic_lock(sc)) 1413 return EBUSY; 1414 1415 /* reset and flush pointers */ 1416 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0); 1417 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0); 1418 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0); 1419 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0); 1420 1421 /* Set physical address of RX ring (256-byte aligned). */ 1422 IWM_WRITE(sc, 1423 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8); 1424 1425 /* Set physical address of RX status (16-byte aligned). */ 1426 IWM_WRITE(sc, 1427 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4); 1428 1429 /* Enable Rx DMA 1430 * XXX 5000 HW isn't supported by the iwm(4) driver. 1431 * IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY is set because of HW bug in 1432 * the credit mechanism in 5000 HW RX FIFO 1433 * Direct rx interrupts to hosts 1434 * Rx buffer size 4 or 8k or 12k 1435 * RB timeout 0x10 1436 * 256 RBDs 1437 */ 1438 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 1439 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL | 1440 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */ 1441 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL | 1442 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K | 1443 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) | 1444 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS); 1445 1446 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF); 1447 1448 /* W/A for interrupt coalescing bug in 7260 and 3160 */ 1449 if (sc->cfg->host_interrupt_operation_mode) 1450 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE); 1451 1452 /* 1453 * Thus sayeth el jefe (iwlwifi) via a comment: 1454 * 1455 * This value should initially be 0 (before preparing any 1456 * RBs), should be 8 after preparing the first 8 RBs (for example) 1457 */ 1458 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8); 1459 1460 iwm_nic_unlock(sc); 1461 1462 return 0; 1463} 1464 1465static int 1466iwm_nic_tx_init(struct iwm_softc *sc) 1467{ 1468 int qid; 1469 1470 if (!iwm_nic_lock(sc)) 1471 return EBUSY; 1472 1473 /* Deactivate TX scheduler. */ 1474 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1475 1476 /* Set physical address of "keep warm" page (16-byte aligned). */ 1477 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4); 1478 1479 /* Initialize TX rings. */ 1480 for (qid = 0; qid < nitems(sc->txq); qid++) { 1481 struct iwm_tx_ring *txq = &sc->txq[qid]; 1482 1483 /* Set physical address of TX ring (256-byte aligned). */ 1484 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid), 1485 txq->desc_dma.paddr >> 8); 1486 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 1487 "%s: loading ring %d descriptors (%p) at %lx\n", 1488 __func__, 1489 qid, txq->desc, 1490 (unsigned long) (txq->desc_dma.paddr >> 8)); 1491 } 1492 1493 iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE); 1494 1495 iwm_nic_unlock(sc); 1496 1497 return 0; 1498} 1499 1500static int 1501iwm_nic_init(struct iwm_softc *sc) 1502{ 1503 int error; 1504 1505 iwm_apm_init(sc); 1506 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 1507 iwm_set_pwr(sc); 1508 1509 iwm_mvm_nic_config(sc); 1510 1511 if ((error = iwm_nic_rx_init(sc)) != 0) 1512 return error; 1513 1514 /* 1515 * Ditto for TX, from iwn 1516 */ 1517 if ((error = iwm_nic_tx_init(sc)) != 0) 1518 return error; 1519 1520 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1521 "%s: shadow registers enabled\n", __func__); 1522 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff); 1523 1524 return 0; 1525} 1526 1527int 1528iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo) 1529{ 1530 if (!iwm_nic_lock(sc)) { 1531 device_printf(sc->sc_dev, 1532 "%s: cannot enable txq %d\n", 1533 __func__, 1534 qid); 1535 return EBUSY; 1536 } 1537 1538 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0); 1539 1540 if (qid == IWM_MVM_CMD_QUEUE) { 1541 /* unactivate before configuration */ 1542 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1543 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) 1544 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN)); 1545 1546 iwm_nic_unlock(sc); 1547 1548 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid)); 1549 1550 if (!iwm_nic_lock(sc)) { 1551 device_printf(sc->sc_dev, 1552 "%s: cannot enable txq %d\n", __func__, qid); 1553 return EBUSY; 1554 } 1555 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0); 1556 iwm_nic_unlock(sc); 1557 1558 iwm_write_mem32(sc, sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0); 1559 /* Set scheduler window size and frame limit. */ 1560 iwm_write_mem32(sc, 1561 sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) + 1562 sizeof(uint32_t), 1563 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) & 1564 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) | 1565 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) & 1566 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK)); 1567 1568 if (!iwm_nic_lock(sc)) { 1569 device_printf(sc->sc_dev, 1570 "%s: cannot enable txq %d\n", __func__, qid); 1571 return EBUSY; 1572 } 1573 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1574 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) | 1575 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) | 1576 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) | 1577 IWM_SCD_QUEUE_STTS_REG_MSK); 1578 } else { 1579 struct iwm_scd_txq_cfg_cmd cmd; 1580 int error; 1581 1582 iwm_nic_unlock(sc); 1583 1584 memset(&cmd, 0, sizeof(cmd)); 1585 cmd.scd_queue = qid; 1586 cmd.enable = 1; 1587 cmd.sta_id = sta_id; 1588 cmd.tx_fifo = fifo; 1589 cmd.aggregate = 0; 1590 cmd.window = IWM_FRAME_LIMIT; 1591 1592 error = iwm_mvm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC, 1593 sizeof(cmd), &cmd); 1594 if (error) { 1595 device_printf(sc->sc_dev, 1596 "cannot enable txq %d\n", qid); 1597 return error; 1598 } 1599 1600 if (!iwm_nic_lock(sc)) 1601 return EBUSY; 1602 } 1603 1604 iwm_write_prph(sc, IWM_SCD_EN_CTRL, 1605 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid); 1606 1607 iwm_nic_unlock(sc); 1608 1609 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n", 1610 __func__, qid, fifo); 1611 1612 return 0; 1613} 1614 1615static int 1616iwm_trans_pcie_fw_alive(struct iwm_softc *sc, uint32_t scd_base_addr) 1617{ 1618 int error, chnl; 1619 1620 int clear_dwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND - 1621 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) / sizeof(uint32_t); 1622 1623 if (!iwm_nic_lock(sc)) 1624 return EBUSY; 1625 1626 iwm_ict_reset(sc); 1627 1628 sc->scd_base_addr = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR); 1629 if (scd_base_addr != 0 && 1630 scd_base_addr != sc->scd_base_addr) { 1631 device_printf(sc->sc_dev, 1632 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n", 1633 __func__, sc->scd_base_addr, scd_base_addr); 1634 } 1635 1636 iwm_nic_unlock(sc); 1637 1638 /* reset context data, TX status and translation data */ 1639 error = iwm_write_mem(sc, 1640 sc->scd_base_addr + IWM_SCD_CONTEXT_MEM_LOWER_BOUND, 1641 NULL, clear_dwords); 1642 if (error) 1643 return EBUSY; 1644 1645 if (!iwm_nic_lock(sc)) 1646 return EBUSY; 1647 1648 /* Set physical address of TX scheduler rings (1KB aligned). */ 1649 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10); 1650 1651 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0); 1652 1653 iwm_nic_unlock(sc); 1654 1655 /* enable command channel */ 1656 error = iwm_enable_txq(sc, 0 /* unused */, IWM_MVM_CMD_QUEUE, 7); 1657 if (error) 1658 return error; 1659 1660 if (!iwm_nic_lock(sc)) 1661 return EBUSY; 1662 1663 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff); 1664 1665 /* Enable DMA channels. */ 1666 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1667 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 1668 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 1669 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE); 1670 } 1671 1672 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG, 1673 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN); 1674 1675 iwm_nic_unlock(sc); 1676 1677 /* Enable L1-Active */ 1678 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 1679 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG, 1680 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS); 1681 } 1682 1683 return error; 1684} 1685 1686/* 1687 * NVM read access and content parsing. We do not support 1688 * external NVM or writing NVM. 1689 * iwlwifi/mvm/nvm.c 1690 */ 1691 1692/* Default NVM size to read */ 1693#define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024) 1694 1695#define IWM_NVM_WRITE_OPCODE 1 1696#define IWM_NVM_READ_OPCODE 0 1697 1698/* load nvm chunk response */ 1699enum { 1700 IWM_READ_NVM_CHUNK_SUCCEED = 0, 1701 IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS = 1 1702}; 1703 1704static int 1705iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section, 1706 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len) 1707{ 1708 struct iwm_nvm_access_cmd nvm_access_cmd = { 1709 .offset = htole16(offset), 1710 .length = htole16(length), 1711 .type = htole16(section), 1712 .op_code = IWM_NVM_READ_OPCODE, 1713 }; 1714 struct iwm_nvm_access_resp *nvm_resp; 1715 struct iwm_rx_packet *pkt; 1716 struct iwm_host_cmd cmd = { 1717 .id = IWM_NVM_ACCESS_CMD, 1718 .flags = IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL, 1719 .data = { &nvm_access_cmd, }, 1720 }; 1721 int ret, bytes_read, offset_read; 1722 uint8_t *resp_data; 1723 1724 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd); 1725 1726 ret = iwm_send_cmd(sc, &cmd); 1727 if (ret) { 1728 device_printf(sc->sc_dev, 1729 "Could not send NVM_ACCESS command (error=%d)\n", ret); 1730 return ret; 1731 } 1732 1733 pkt = cmd.resp_pkt; 1734 1735 /* Extract NVM response */ 1736 nvm_resp = (void *)pkt->data; 1737 ret = le16toh(nvm_resp->status); 1738 bytes_read = le16toh(nvm_resp->length); 1739 offset_read = le16toh(nvm_resp->offset); 1740 resp_data = nvm_resp->data; 1741 if (ret) { 1742 if ((offset != 0) && 1743 (ret == IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS)) { 1744 /* 1745 * meaning of NOT_VALID_ADDRESS: 1746 * driver try to read chunk from address that is 1747 * multiple of 2K and got an error since addr is empty. 1748 * meaning of (offset != 0): driver already 1749 * read valid data from another chunk so this case 1750 * is not an error. 1751 */ 1752 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1753 "NVM access command failed on offset 0x%x since that section size is multiple 2K\n", 1754 offset); 1755 *len = 0; 1756 ret = 0; 1757 } else { 1758 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1759 "NVM access command failed with status %d\n", ret); 1760 ret = EIO; 1761 } 1762 goto exit; 1763 } 1764 1765 if (offset_read != offset) { 1766 device_printf(sc->sc_dev, 1767 "NVM ACCESS response with invalid offset %d\n", 1768 offset_read); 1769 ret = EINVAL; 1770 goto exit; 1771 } 1772 1773 if (bytes_read > length) { 1774 device_printf(sc->sc_dev, 1775 "NVM ACCESS response with too much data " 1776 "(%d bytes requested, %d bytes received)\n", 1777 length, bytes_read); 1778 ret = EINVAL; 1779 goto exit; 1780 } 1781 1782 /* Write data to NVM */ 1783 memcpy(data + offset, resp_data, bytes_read); 1784 *len = bytes_read; 1785 1786 exit: 1787 iwm_free_resp(sc, &cmd); 1788 return ret; 1789} 1790 1791/* 1792 * Reads an NVM section completely. 1793 * NICs prior to 7000 family don't have a real NVM, but just read 1794 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited 1795 * by uCode, we need to manually check in this case that we don't 1796 * overflow and try to read more than the EEPROM size. 1797 * For 7000 family NICs, we supply the maximal size we can read, and 1798 * the uCode fills the response with as much data as we can, 1799 * without overflowing, so no check is needed. 1800 */ 1801static int 1802iwm_nvm_read_section(struct iwm_softc *sc, 1803 uint16_t section, uint8_t *data, uint16_t *len, uint32_t size_read) 1804{ 1805 uint16_t seglen, length, offset = 0; 1806 int ret; 1807 1808 /* Set nvm section read length */ 1809 length = IWM_NVM_DEFAULT_CHUNK_SIZE; 1810 1811 seglen = length; 1812 1813 /* Read the NVM until exhausted (reading less than requested) */ 1814 while (seglen == length) { 1815 /* Check no memory assumptions fail and cause an overflow */ 1816 if ((size_read + offset + length) > 1817 sc->cfg->eeprom_size) { 1818 device_printf(sc->sc_dev, 1819 "EEPROM size is too small for NVM\n"); 1820 return ENOBUFS; 1821 } 1822 1823 ret = iwm_nvm_read_chunk(sc, section, offset, length, data, &seglen); 1824 if (ret) { 1825 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1826 "Cannot read NVM from section %d offset %d, length %d\n", 1827 section, offset, length); 1828 return ret; 1829 } 1830 offset += seglen; 1831 } 1832 1833 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1834 "NVM section %d read completed\n", section); 1835 *len = offset; 1836 return 0; 1837} 1838 1839/* 1840 * BEGIN IWM_NVM_PARSE 1841 */ 1842 1843/* iwlwifi/iwl-nvm-parse.c */ 1844 1845/* NVM offsets (in words) definitions */ 1846enum iwm_nvm_offsets { 1847 /* NVM HW-Section offset (in words) definitions */ 1848 IWM_HW_ADDR = 0x15, 1849 1850/* NVM SW-Section offset (in words) definitions */ 1851 IWM_NVM_SW_SECTION = 0x1C0, 1852 IWM_NVM_VERSION = 0, 1853 IWM_RADIO_CFG = 1, 1854 IWM_SKU = 2, 1855 IWM_N_HW_ADDRS = 3, 1856 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION, 1857 1858/* NVM calibration section offset (in words) definitions */ 1859 IWM_NVM_CALIB_SECTION = 0x2B8, 1860 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION 1861}; 1862 1863enum iwm_8000_nvm_offsets { 1864 /* NVM HW-Section offset (in words) definitions */ 1865 IWM_HW_ADDR0_WFPM_8000 = 0x12, 1866 IWM_HW_ADDR1_WFPM_8000 = 0x16, 1867 IWM_HW_ADDR0_PCIE_8000 = 0x8A, 1868 IWM_HW_ADDR1_PCIE_8000 = 0x8E, 1869 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1, 1870 1871 /* NVM SW-Section offset (in words) definitions */ 1872 IWM_NVM_SW_SECTION_8000 = 0x1C0, 1873 IWM_NVM_VERSION_8000 = 0, 1874 IWM_RADIO_CFG_8000 = 0, 1875 IWM_SKU_8000 = 2, 1876 IWM_N_HW_ADDRS_8000 = 3, 1877 1878 /* NVM REGULATORY -Section offset (in words) definitions */ 1879 IWM_NVM_CHANNELS_8000 = 0, 1880 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7, 1881 IWM_NVM_LAR_OFFSET_8000 = 0x507, 1882 IWM_NVM_LAR_ENABLED_8000 = 0x7, 1883 1884 /* NVM calibration section offset (in words) definitions */ 1885 IWM_NVM_CALIB_SECTION_8000 = 0x2B8, 1886 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000 1887}; 1888 1889/* SKU Capabilities (actual values from NVM definition) */ 1890enum nvm_sku_bits { 1891 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0), 1892 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1), 1893 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2), 1894 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3), 1895}; 1896 1897/* radio config bits (actual values from NVM definition) */ 1898#define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */ 1899#define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */ 1900#define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */ 1901#define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */ 1902#define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */ 1903#define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */ 1904 1905#define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF) 1906#define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF) 1907#define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF) 1908#define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF) 1909#define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF) 1910#define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF) 1911 1912#define DEFAULT_MAX_TX_POWER 16 1913 1914/** 1915 * enum iwm_nvm_channel_flags - channel flags in NVM 1916 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo 1917 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel 1918 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed 1919 * @IWM_NVM_CHANNEL_RADAR: radar detection required 1920 * XXX cannot find this (DFS) flag in iwm-nvm-parse.c 1921 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate 1922 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?) 1923 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?) 1924 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?) 1925 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?) 1926 */ 1927enum iwm_nvm_channel_flags { 1928 IWM_NVM_CHANNEL_VALID = (1 << 0), 1929 IWM_NVM_CHANNEL_IBSS = (1 << 1), 1930 IWM_NVM_CHANNEL_ACTIVE = (1 << 3), 1931 IWM_NVM_CHANNEL_RADAR = (1 << 4), 1932 IWM_NVM_CHANNEL_DFS = (1 << 7), 1933 IWM_NVM_CHANNEL_WIDE = (1 << 8), 1934 IWM_NVM_CHANNEL_40MHZ = (1 << 9), 1935 IWM_NVM_CHANNEL_80MHZ = (1 << 10), 1936 IWM_NVM_CHANNEL_160MHZ = (1 << 11), 1937}; 1938 1939/* 1940 * Translate EEPROM flags to net80211. 1941 */ 1942static uint32_t 1943iwm_eeprom_channel_flags(uint16_t ch_flags) 1944{ 1945 uint32_t nflags; 1946 1947 nflags = 0; 1948 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0) 1949 nflags |= IEEE80211_CHAN_PASSIVE; 1950 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0) 1951 nflags |= IEEE80211_CHAN_NOADHOC; 1952 if (ch_flags & IWM_NVM_CHANNEL_RADAR) { 1953 nflags |= IEEE80211_CHAN_DFS; 1954 /* Just in case. */ 1955 nflags |= IEEE80211_CHAN_NOADHOC; 1956 } 1957 1958 return (nflags); 1959} 1960 1961static void 1962iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[], 1963 int maxchans, int *nchans, int ch_idx, size_t ch_num, 1964 const uint8_t bands[]) 1965{ 1966 const uint16_t * const nvm_ch_flags = sc->nvm_data->nvm_ch_flags; 1967 uint32_t nflags; 1968 uint16_t ch_flags; 1969 uint8_t ieee; 1970 int error; 1971 1972 for (; ch_idx < ch_num; ch_idx++) { 1973 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx); 1974 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 1975 ieee = iwm_nvm_channels[ch_idx]; 1976 else 1977 ieee = iwm_nvm_channels_8000[ch_idx]; 1978 1979 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) { 1980 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 1981 "Ch. %d Flags %x [%sGHz] - No traffic\n", 1982 ieee, ch_flags, 1983 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 1984 "5.2" : "2.4"); 1985 continue; 1986 } 1987 1988 nflags = iwm_eeprom_channel_flags(ch_flags); 1989 error = ieee80211_add_channel(chans, maxchans, nchans, 1990 ieee, 0, 0, nflags, bands); 1991 if (error != 0) 1992 break; 1993 1994 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 1995 "Ch. %d Flags %x [%sGHz] - Added\n", 1996 ieee, ch_flags, 1997 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 1998 "5.2" : "2.4"); 1999 } 2000} 2001 2002static void 2003iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans, 2004 struct ieee80211_channel chans[]) 2005{ 2006 struct iwm_softc *sc = ic->ic_softc; 2007 struct iwm_nvm_data *data = sc->nvm_data; 2008 uint8_t bands[IEEE80211_MODE_BYTES]; 2009 size_t ch_num; 2010 2011 memset(bands, 0, sizeof(bands)); 2012 /* 1-13: 11b/g channels. */ 2013 setbit(bands, IEEE80211_MODE_11B); 2014 setbit(bands, IEEE80211_MODE_11G); 2015 iwm_add_channel_band(sc, chans, maxchans, nchans, 0, 2016 IWM_NUM_2GHZ_CHANNELS - 1, bands); 2017 2018 /* 14: 11b channel only. */ 2019 clrbit(bands, IEEE80211_MODE_11G); 2020 iwm_add_channel_band(sc, chans, maxchans, nchans, 2021 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands); 2022 2023 if (data->sku_cap_band_52GHz_enable) { 2024 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 2025 ch_num = nitems(iwm_nvm_channels); 2026 else 2027 ch_num = nitems(iwm_nvm_channels_8000); 2028 memset(bands, 0, sizeof(bands)); 2029 setbit(bands, IEEE80211_MODE_11A); 2030 iwm_add_channel_band(sc, chans, maxchans, nchans, 2031 IWM_NUM_2GHZ_CHANNELS, ch_num, bands); 2032 } 2033} 2034 2035static void 2036iwm_set_hw_address_family_8000(struct iwm_softc *sc, struct iwm_nvm_data *data, 2037 const uint16_t *mac_override, const uint16_t *nvm_hw) 2038{ 2039 const uint8_t *hw_addr; 2040 2041 if (mac_override) { 2042 static const uint8_t reserved_mac[] = { 2043 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00 2044 }; 2045 2046 hw_addr = (const uint8_t *)(mac_override + 2047 IWM_MAC_ADDRESS_OVERRIDE_8000); 2048 2049 /* 2050 * Store the MAC address from MAO section. 2051 * No byte swapping is required in MAO section 2052 */ 2053 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr); 2054 2055 /* 2056 * Force the use of the OTP MAC address in case of reserved MAC 2057 * address in the NVM, or if address is given but invalid. 2058 */ 2059 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) && 2060 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) && 2061 iwm_is_valid_ether_addr(data->hw_addr) && 2062 !IEEE80211_IS_MULTICAST(data->hw_addr)) 2063 return; 2064 2065 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2066 "%s: mac address from nvm override section invalid\n", 2067 __func__); 2068 } 2069 2070 if (nvm_hw) { 2071 /* read the mac address from WFMP registers */ 2072 uint32_t mac_addr0 = 2073 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0)); 2074 uint32_t mac_addr1 = 2075 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1)); 2076 2077 hw_addr = (const uint8_t *)&mac_addr0; 2078 data->hw_addr[0] = hw_addr[3]; 2079 data->hw_addr[1] = hw_addr[2]; 2080 data->hw_addr[2] = hw_addr[1]; 2081 data->hw_addr[3] = hw_addr[0]; 2082 2083 hw_addr = (const uint8_t *)&mac_addr1; 2084 data->hw_addr[4] = hw_addr[1]; 2085 data->hw_addr[5] = hw_addr[0]; 2086 2087 return; 2088 } 2089 2090 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__); 2091 memset(data->hw_addr, 0, sizeof(data->hw_addr)); 2092} 2093 2094static int 2095iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2096 const uint16_t *phy_sku) 2097{ 2098 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2099 return le16_to_cpup(nvm_sw + IWM_SKU); 2100 2101 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000)); 2102} 2103 2104static int 2105iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2106{ 2107 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2108 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION); 2109 else 2110 return le32_to_cpup((const uint32_t *)(nvm_sw + 2111 IWM_NVM_VERSION_8000)); 2112} 2113 2114static int 2115iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2116 const uint16_t *phy_sku) 2117{ 2118 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2119 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG); 2120 2121 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000)); 2122} 2123 2124static int 2125iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2126{ 2127 int n_hw_addr; 2128 2129 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2130 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS); 2131 2132 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000)); 2133 2134 return n_hw_addr & IWM_N_HW_ADDR_MASK; 2135} 2136 2137static void 2138iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data, 2139 uint32_t radio_cfg) 2140{ 2141 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2142 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg); 2143 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg); 2144 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg); 2145 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg); 2146 return; 2147 } 2148 2149 /* set the radio configuration for family 8000 */ 2150 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg); 2151 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg); 2152 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg); 2153 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg); 2154 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg); 2155 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg); 2156} 2157 2158static int 2159iwm_set_hw_address(struct iwm_softc *sc, struct iwm_nvm_data *data, 2160 const uint16_t *nvm_hw, const uint16_t *mac_override) 2161{ 2162#ifdef notyet /* for FAMILY 9000 */ 2163 if (cfg->mac_addr_from_csr) { 2164 iwm_set_hw_address_from_csr(sc, data); 2165 } else 2166#endif 2167 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2168 const uint8_t *hw_addr = (const uint8_t *)(nvm_hw + IWM_HW_ADDR); 2169 2170 /* The byte order is little endian 16 bit, meaning 214365 */ 2171 data->hw_addr[0] = hw_addr[1]; 2172 data->hw_addr[1] = hw_addr[0]; 2173 data->hw_addr[2] = hw_addr[3]; 2174 data->hw_addr[3] = hw_addr[2]; 2175 data->hw_addr[4] = hw_addr[5]; 2176 data->hw_addr[5] = hw_addr[4]; 2177 } else { 2178 iwm_set_hw_address_family_8000(sc, data, mac_override, nvm_hw); 2179 } 2180 2181 if (!iwm_is_valid_ether_addr(data->hw_addr)) { 2182 device_printf(sc->sc_dev, "no valid mac address was found\n"); 2183 return EINVAL; 2184 } 2185 2186 return 0; 2187} 2188 2189static struct iwm_nvm_data * 2190iwm_parse_nvm_data(struct iwm_softc *sc, 2191 const uint16_t *nvm_hw, const uint16_t *nvm_sw, 2192 const uint16_t *nvm_calib, const uint16_t *mac_override, 2193 const uint16_t *phy_sku, const uint16_t *regulatory) 2194{ 2195 struct iwm_nvm_data *data; 2196 uint32_t sku, radio_cfg; 2197 uint16_t lar_config; 2198 2199 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2200 data = malloc(sizeof(*data) + 2201 IWM_NUM_CHANNELS * sizeof(uint16_t), 2202 M_DEVBUF, M_NOWAIT | M_ZERO); 2203 } else { 2204 data = malloc(sizeof(*data) + 2205 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t), 2206 M_DEVBUF, M_NOWAIT | M_ZERO); 2207 } 2208 if (!data) 2209 return NULL; 2210 2211 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw); 2212 2213 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku); 2214 iwm_set_radio_cfg(sc, data, radio_cfg); 2215 2216 sku = iwm_get_sku(sc, nvm_sw, phy_sku); 2217 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ; 2218 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ; 2219 data->sku_cap_11n_enable = 0; 2220 2221 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw); 2222 2223 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 2224 uint16_t lar_offset = data->nvm_version < 0xE39 ? 2225 IWM_NVM_LAR_OFFSET_8000_OLD : 2226 IWM_NVM_LAR_OFFSET_8000; 2227 2228 lar_config = le16_to_cpup(regulatory + lar_offset); 2229 data->lar_enabled = !!(lar_config & 2230 IWM_NVM_LAR_ENABLED_8000); 2231 } 2232 2233 /* If no valid mac address was found - bail out */ 2234 if (iwm_set_hw_address(sc, data, nvm_hw, mac_override)) { 2235 free(data, M_DEVBUF); 2236 return NULL; 2237 } 2238 2239 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 2240 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS], 2241 IWM_NUM_CHANNELS * sizeof(uint16_t)); 2242 } else { 2243 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000], 2244 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t)); 2245 } 2246 2247 return data; 2248} 2249 2250static void 2251iwm_free_nvm_data(struct iwm_nvm_data *data) 2252{ 2253 if (data != NULL) 2254 free(data, M_DEVBUF); 2255} 2256 2257static struct iwm_nvm_data * 2258iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections) 2259{ 2260 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku; 2261 2262 /* Checking for required sections */ 2263 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 2264 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2265 !sections[sc->cfg->nvm_hw_section_num].data) { 2266 device_printf(sc->sc_dev, 2267 "Can't parse empty OTP/NVM sections\n"); 2268 return NULL; 2269 } 2270 } else if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 2271 /* SW and REGULATORY sections are mandatory */ 2272 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2273 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) { 2274 device_printf(sc->sc_dev, 2275 "Can't parse empty OTP/NVM sections\n"); 2276 return NULL; 2277 } 2278 /* MAC_OVERRIDE or at least HW section must exist */ 2279 if (!sections[sc->cfg->nvm_hw_section_num].data && 2280 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) { 2281 device_printf(sc->sc_dev, 2282 "Can't parse mac_address, empty sections\n"); 2283 return NULL; 2284 } 2285 2286 /* PHY_SKU section is mandatory in B0 */ 2287 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) { 2288 device_printf(sc->sc_dev, 2289 "Can't parse phy_sku in B0, empty sections\n"); 2290 return NULL; 2291 } 2292 } else { 2293 panic("unknown device family %d\n", sc->cfg->device_family); 2294 } 2295 2296 hw = (const uint16_t *) sections[sc->cfg->nvm_hw_section_num].data; 2297 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data; 2298 calib = (const uint16_t *) 2299 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data; 2300 regulatory = (const uint16_t *) 2301 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data; 2302 mac_override = (const uint16_t *) 2303 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data; 2304 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data; 2305 2306 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override, 2307 phy_sku, regulatory); 2308} 2309 2310static int 2311iwm_nvm_init(struct iwm_softc *sc) 2312{ 2313 struct iwm_nvm_section nvm_sections[IWM_NVM_MAX_NUM_SECTIONS]; 2314 int i, ret, section; 2315 uint32_t size_read = 0; 2316 uint8_t *nvm_buffer, *temp; 2317 uint16_t len; 2318 2319 memset(nvm_sections, 0, sizeof(nvm_sections)); 2320 2321 if (sc->cfg->nvm_hw_section_num >= IWM_NVM_MAX_NUM_SECTIONS) 2322 return EINVAL; 2323 2324 /* load NVM values from nic */ 2325 /* Read From FW NVM */ 2326 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, "Read from NVM\n"); 2327 2328 nvm_buffer = malloc(sc->cfg->eeprom_size, M_DEVBUF, M_NOWAIT | M_ZERO); 2329 if (!nvm_buffer) 2330 return ENOMEM; 2331 for (section = 0; section < IWM_NVM_MAX_NUM_SECTIONS; section++) { 2332 /* we override the constness for initial read */ 2333 ret = iwm_nvm_read_section(sc, section, nvm_buffer, 2334 &len, size_read); 2335 if (ret) 2336 continue; 2337 size_read += len; 2338 temp = malloc(len, M_DEVBUF, M_NOWAIT); 2339 if (!temp) { 2340 ret = ENOMEM; 2341 break; 2342 } 2343 memcpy(temp, nvm_buffer, len); 2344 2345 nvm_sections[section].data = temp; 2346 nvm_sections[section].length = len; 2347 } 2348 if (!size_read) 2349 device_printf(sc->sc_dev, "OTP is blank\n"); 2350 free(nvm_buffer, M_DEVBUF); 2351 2352 sc->nvm_data = iwm_parse_nvm_sections(sc, nvm_sections); 2353 if (!sc->nvm_data) 2354 return EINVAL; 2355 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 2356 "nvm version = %x\n", sc->nvm_data->nvm_version); 2357 2358 for (i = 0; i < IWM_NVM_MAX_NUM_SECTIONS; i++) { 2359 if (nvm_sections[i].data != NULL) 2360 free(nvm_sections[i].data, M_DEVBUF); 2361 } 2362 2363 return 0; 2364} 2365 2366static int 2367iwm_pcie_load_section(struct iwm_softc *sc, uint8_t section_num, 2368 const struct iwm_fw_desc *section) 2369{ 2370 struct iwm_dma_info *dma = &sc->fw_dma; 2371 uint8_t *v_addr; 2372 bus_addr_t p_addr; 2373 uint32_t offset, chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, section->len); 2374 int ret = 0; 2375 2376 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2377 "%s: [%d] uCode section being loaded...\n", 2378 __func__, section_num); 2379 2380 v_addr = dma->vaddr; 2381 p_addr = dma->paddr; 2382 2383 for (offset = 0; offset < section->len; offset += chunk_sz) { 2384 uint32_t copy_size, dst_addr; 2385 int extended_addr = FALSE; 2386 2387 copy_size = MIN(chunk_sz, section->len - offset); 2388 dst_addr = section->offset + offset; 2389 2390 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 2391 dst_addr <= IWM_FW_MEM_EXTENDED_END) 2392 extended_addr = TRUE; 2393 2394 if (extended_addr) 2395 iwm_set_bits_prph(sc, IWM_LMPM_CHICK, 2396 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2397 2398 memcpy(v_addr, (const uint8_t *)section->data + offset, 2399 copy_size); 2400 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 2401 ret = iwm_pcie_load_firmware_chunk(sc, dst_addr, p_addr, 2402 copy_size); 2403 2404 if (extended_addr) 2405 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK, 2406 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2407 2408 if (ret) { 2409 device_printf(sc->sc_dev, 2410 "%s: Could not load the [%d] uCode section\n", 2411 __func__, section_num); 2412 break; 2413 } 2414 } 2415 2416 return ret; 2417} 2418 2419/* 2420 * ucode 2421 */ 2422static int 2423iwm_pcie_load_firmware_chunk(struct iwm_softc *sc, uint32_t dst_addr, 2424 bus_addr_t phy_addr, uint32_t byte_cnt) 2425{ 2426 int ret; 2427 2428 sc->sc_fw_chunk_done = 0; 2429 2430 if (!iwm_nic_lock(sc)) 2431 return EBUSY; 2432 2433 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2434 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE); 2435 2436 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL), 2437 dst_addr); 2438 2439 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL), 2440 phy_addr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK); 2441 2442 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL), 2443 (iwm_get_dma_hi_addr(phy_addr) 2444 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt); 2445 2446 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL), 2447 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM | 2448 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX | 2449 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID); 2450 2451 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2452 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 2453 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE | 2454 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD); 2455 2456 iwm_nic_unlock(sc); 2457 2458 /* wait up to 5s for this segment to load */ 2459 ret = 0; 2460 while (!sc->sc_fw_chunk_done) { 2461 ret = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz); 2462 if (ret) 2463 break; 2464 } 2465 2466 if (ret != 0) { 2467 device_printf(sc->sc_dev, 2468 "fw chunk addr 0x%x len %d failed to load\n", 2469 dst_addr, byte_cnt); 2470 return ETIMEDOUT; 2471 } 2472 2473 return 0; 2474} 2475 2476static int 2477iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc, 2478 const struct iwm_fw_sects *image, int cpu, int *first_ucode_section) 2479{ 2480 int shift_param; 2481 int i, ret = 0, sec_num = 0x1; 2482 uint32_t val, last_read_idx = 0; 2483 2484 if (cpu == 1) { 2485 shift_param = 0; 2486 *first_ucode_section = 0; 2487 } else { 2488 shift_param = 16; 2489 (*first_ucode_section)++; 2490 } 2491 2492 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) { 2493 last_read_idx = i; 2494 2495 /* 2496 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between 2497 * CPU1 to CPU2. 2498 * PAGING_SEPARATOR_SECTION delimiter - separate between 2499 * CPU2 non paged to CPU2 paging sec. 2500 */ 2501 if (!image->fw_sect[i].data || 2502 image->fw_sect[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION || 2503 image->fw_sect[i].offset == IWM_PAGING_SEPARATOR_SECTION) { 2504 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2505 "Break since Data not valid or Empty section, sec = %d\n", 2506 i); 2507 break; 2508 } 2509 ret = iwm_pcie_load_section(sc, i, &image->fw_sect[i]); 2510 if (ret) 2511 return ret; 2512 2513 /* Notify the ucode of the loaded section number and status */ 2514 if (iwm_nic_lock(sc)) { 2515 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS); 2516 val = val | (sec_num << shift_param); 2517 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val); 2518 sec_num = (sec_num << 1) | 0x1; 2519 iwm_nic_unlock(sc); 2520 } 2521 } 2522 2523 *first_ucode_section = last_read_idx; 2524 2525 iwm_enable_interrupts(sc); 2526 2527 if (iwm_nic_lock(sc)) { 2528 if (cpu == 1) 2529 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF); 2530 else 2531 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF); 2532 iwm_nic_unlock(sc); 2533 } 2534 2535 return 0; 2536} 2537 2538static int 2539iwm_pcie_load_cpu_sections(struct iwm_softc *sc, 2540 const struct iwm_fw_sects *image, int cpu, int *first_ucode_section) 2541{ 2542 int shift_param; 2543 int i, ret = 0; 2544 uint32_t last_read_idx = 0; 2545 2546 if (cpu == 1) { 2547 shift_param = 0; 2548 *first_ucode_section = 0; 2549 } else { 2550 shift_param = 16; 2551 (*first_ucode_section)++; 2552 } 2553 2554 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) { 2555 last_read_idx = i; 2556 2557 /* 2558 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between 2559 * CPU1 to CPU2. 2560 * PAGING_SEPARATOR_SECTION delimiter - separate between 2561 * CPU2 non paged to CPU2 paging sec. 2562 */ 2563 if (!image->fw_sect[i].data || 2564 image->fw_sect[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION || 2565 image->fw_sect[i].offset == IWM_PAGING_SEPARATOR_SECTION) { 2566 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2567 "Break since Data not valid or Empty section, sec = %d\n", 2568 i); 2569 break; 2570 } 2571 2572 ret = iwm_pcie_load_section(sc, i, &image->fw_sect[i]); 2573 if (ret) 2574 return ret; 2575 } 2576 2577 *first_ucode_section = last_read_idx; 2578 2579 return 0; 2580 2581} 2582 2583static int 2584iwm_pcie_load_given_ucode(struct iwm_softc *sc, 2585 const struct iwm_fw_sects *image) 2586{ 2587 int ret = 0; 2588 int first_ucode_section; 2589 2590 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n", 2591 image->is_dual_cpus ? "Dual" : "Single"); 2592 2593 /* load to FW the binary non secured sections of CPU1 */ 2594 ret = iwm_pcie_load_cpu_sections(sc, image, 1, &first_ucode_section); 2595 if (ret) 2596 return ret; 2597 2598 if (image->is_dual_cpus) { 2599 /* set CPU2 header address */ 2600 if (iwm_nic_lock(sc)) { 2601 iwm_write_prph(sc, 2602 IWM_LMPM_SECURE_UCODE_LOAD_CPU2_HDR_ADDR, 2603 IWM_LMPM_SECURE_CPU2_HDR_MEM_SPACE); 2604 iwm_nic_unlock(sc); 2605 } 2606 2607 /* load to FW the binary sections of CPU2 */ 2608 ret = iwm_pcie_load_cpu_sections(sc, image, 2, 2609 &first_ucode_section); 2610 if (ret) 2611 return ret; 2612 } 2613 2614 iwm_enable_interrupts(sc); 2615 2616 /* release CPU reset */ 2617 IWM_WRITE(sc, IWM_CSR_RESET, 0); 2618 2619 return 0; 2620} 2621 2622int 2623iwm_pcie_load_given_ucode_8000(struct iwm_softc *sc, 2624 const struct iwm_fw_sects *image) 2625{ 2626 int ret = 0; 2627 int first_ucode_section; 2628 2629 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n", 2630 image->is_dual_cpus ? "Dual" : "Single"); 2631 2632 /* configure the ucode to be ready to get the secured image */ 2633 /* release CPU reset */ 2634 if (iwm_nic_lock(sc)) { 2635 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET, 2636 IWM_RELEASE_CPU_RESET_BIT); 2637 iwm_nic_unlock(sc); 2638 } 2639 2640 /* load to FW the binary Secured sections of CPU1 */ 2641 ret = iwm_pcie_load_cpu_sections_8000(sc, image, 1, 2642 &first_ucode_section); 2643 if (ret) 2644 return ret; 2645 2646 /* load to FW the binary sections of CPU2 */ 2647 return iwm_pcie_load_cpu_sections_8000(sc, image, 2, 2648 &first_ucode_section); 2649} 2650 2651/* XXX Get rid of this definition */ 2652static inline void 2653iwm_enable_fw_load_int(struct iwm_softc *sc) 2654{ 2655 IWM_DPRINTF(sc, IWM_DEBUG_INTR, "Enabling FW load interrupt\n"); 2656 sc->sc_intmask = IWM_CSR_INT_BIT_FH_TX; 2657 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 2658} 2659 2660/* XXX Add proper rfkill support code */ 2661static int 2662iwm_start_fw(struct iwm_softc *sc, 2663 const struct iwm_fw_sects *fw) 2664{ 2665 int ret; 2666 2667 /* This may fail if AMT took ownership of the device */ 2668 if (iwm_prepare_card_hw(sc)) { 2669 device_printf(sc->sc_dev, 2670 "%s: Exit HW not ready\n", __func__); 2671 ret = EIO; 2672 goto out; 2673 } 2674 2675 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF); 2676 2677 iwm_disable_interrupts(sc); 2678 2679 /* make sure rfkill handshake bits are cleared */ 2680 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2681 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, 2682 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED); 2683 2684 /* clear (again), then enable host interrupts */ 2685 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF); 2686 2687 ret = iwm_nic_init(sc); 2688 if (ret) { 2689 device_printf(sc->sc_dev, "%s: Unable to init nic\n", __func__); 2690 goto out; 2691 } 2692 2693 /* 2694 * Now, we load the firmware and don't want to be interrupted, even 2695 * by the RF-Kill interrupt (hence mask all the interrupt besides the 2696 * FH_TX interrupt which is needed to load the firmware). If the 2697 * RF-Kill switch is toggled, we will find out after having loaded 2698 * the firmware and return the proper value to the caller. 2699 */ 2700 iwm_enable_fw_load_int(sc); 2701 2702 /* really make sure rfkill handshake bits are cleared */ 2703 /* maybe we should write a few times more? just to make sure */ 2704 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2705 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2706 2707 /* Load the given image to the HW */ 2708 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 2709 ret = iwm_pcie_load_given_ucode_8000(sc, fw); 2710 else 2711 ret = iwm_pcie_load_given_ucode(sc, fw); 2712 2713 /* XXX re-check RF-Kill state */ 2714 2715out: 2716 return ret; 2717} 2718 2719static int 2720iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant) 2721{ 2722 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = { 2723 .valid = htole32(valid_tx_ant), 2724 }; 2725 2726 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD, 2727 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd); 2728} 2729 2730/* iwlwifi: mvm/fw.c */ 2731static int 2732iwm_send_phy_cfg_cmd(struct iwm_softc *sc) 2733{ 2734 struct iwm_phy_cfg_cmd phy_cfg_cmd; 2735 enum iwm_ucode_type ucode_type = sc->cur_ucode; 2736 2737 /* Set parameters */ 2738 phy_cfg_cmd.phy_cfg = htole32(iwm_mvm_get_phy_config(sc)); 2739 phy_cfg_cmd.calib_control.event_trigger = 2740 sc->sc_default_calib[ucode_type].event_trigger; 2741 phy_cfg_cmd.calib_control.flow_trigger = 2742 sc->sc_default_calib[ucode_type].flow_trigger; 2743 2744 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET, 2745 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg); 2746 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC, 2747 sizeof(phy_cfg_cmd), &phy_cfg_cmd); 2748} 2749 2750static int 2751iwm_alive_fn(struct iwm_softc *sc, struct iwm_rx_packet *pkt, void *data) 2752{ 2753 struct iwm_mvm_alive_data *alive_data = data; 2754 struct iwm_mvm_alive_resp_ver1 *palive1; 2755 struct iwm_mvm_alive_resp_ver2 *palive2; 2756 struct iwm_mvm_alive_resp *palive; 2757 2758 if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive1)) { 2759 palive1 = (void *)pkt->data; 2760 2761 sc->support_umac_log = FALSE; 2762 sc->error_event_table = 2763 le32toh(palive1->error_event_table_ptr); 2764 sc->log_event_table = 2765 le32toh(palive1->log_event_table_ptr); 2766 alive_data->scd_base_addr = le32toh(palive1->scd_base_ptr); 2767 2768 alive_data->valid = le16toh(palive1->status) == 2769 IWM_ALIVE_STATUS_OK; 2770 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2771 "Alive VER1 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n", 2772 le16toh(palive1->status), palive1->ver_type, 2773 palive1->ver_subtype, palive1->flags); 2774 } else if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive2)) { 2775 palive2 = (void *)pkt->data; 2776 sc->error_event_table = 2777 le32toh(palive2->error_event_table_ptr); 2778 sc->log_event_table = 2779 le32toh(palive2->log_event_table_ptr); 2780 alive_data->scd_base_addr = le32toh(palive2->scd_base_ptr); 2781 sc->umac_error_event_table = 2782 le32toh(palive2->error_info_addr); 2783 2784 alive_data->valid = le16toh(palive2->status) == 2785 IWM_ALIVE_STATUS_OK; 2786 if (sc->umac_error_event_table) 2787 sc->support_umac_log = TRUE; 2788 2789 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2790 "Alive VER2 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n", 2791 le16toh(palive2->status), palive2->ver_type, 2792 palive2->ver_subtype, palive2->flags); 2793 2794 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2795 "UMAC version: Major - 0x%x, Minor - 0x%x\n", 2796 palive2->umac_major, palive2->umac_minor); 2797 } else if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive)) { 2798 palive = (void *)pkt->data; 2799 2800 sc->error_event_table = 2801 le32toh(palive->error_event_table_ptr); 2802 sc->log_event_table = 2803 le32toh(palive->log_event_table_ptr); 2804 alive_data->scd_base_addr = le32toh(palive->scd_base_ptr); 2805 sc->umac_error_event_table = 2806 le32toh(palive->error_info_addr); 2807 2808 alive_data->valid = le16toh(palive->status) == 2809 IWM_ALIVE_STATUS_OK; 2810 if (sc->umac_error_event_table) 2811 sc->support_umac_log = TRUE; 2812 2813 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2814 "Alive VER3 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n", 2815 le16toh(palive->status), palive->ver_type, 2816 palive->ver_subtype, palive->flags); 2817 2818 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2819 "UMAC version: Major - 0x%x, Minor - 0x%x\n", 2820 le32toh(palive->umac_major), 2821 le32toh(palive->umac_minor)); 2822 } 2823 2824 return TRUE; 2825} 2826 2827static int 2828iwm_wait_phy_db_entry(struct iwm_softc *sc, 2829 struct iwm_rx_packet *pkt, void *data) 2830{ 2831 struct iwm_phy_db *phy_db = data; 2832 2833 if (pkt->hdr.code != IWM_CALIB_RES_NOTIF_PHY_DB) { 2834 if(pkt->hdr.code != IWM_INIT_COMPLETE_NOTIF) { 2835 device_printf(sc->sc_dev, "%s: Unexpected cmd: %d\n", 2836 __func__, pkt->hdr.code); 2837 } 2838 return TRUE; 2839 } 2840 2841 if (iwm_phy_db_set_section(phy_db, pkt)) { 2842 device_printf(sc->sc_dev, 2843 "%s: iwm_phy_db_set_section failed\n", __func__); 2844 } 2845 2846 return FALSE; 2847} 2848 2849static int 2850iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc, 2851 enum iwm_ucode_type ucode_type) 2852{ 2853 struct iwm_notification_wait alive_wait; 2854 struct iwm_mvm_alive_data alive_data; 2855 const struct iwm_fw_sects *fw; 2856 enum iwm_ucode_type old_type = sc->cur_ucode; 2857 int error; 2858 static const uint16_t alive_cmd[] = { IWM_MVM_ALIVE }; 2859 2860 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) { 2861 device_printf(sc->sc_dev, "iwm_read_firmware: failed %d\n", 2862 error); 2863 return error; 2864 } 2865 fw = &sc->sc_fw.fw_sects[ucode_type]; 2866 sc->cur_ucode = ucode_type; 2867 sc->ucode_loaded = FALSE; 2868 2869 memset(&alive_data, 0, sizeof(alive_data)); 2870 iwm_init_notification_wait(sc->sc_notif_wait, &alive_wait, 2871 alive_cmd, nitems(alive_cmd), 2872 iwm_alive_fn, &alive_data); 2873 2874 error = iwm_start_fw(sc, fw); 2875 if (error) { 2876 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error); 2877 sc->cur_ucode = old_type; 2878 iwm_remove_notification(sc->sc_notif_wait, &alive_wait); 2879 return error; 2880 } 2881 2882 /* 2883 * Some things may run in the background now, but we 2884 * just wait for the ALIVE notification here. 2885 */ 2886 IWM_UNLOCK(sc); 2887 error = iwm_wait_notification(sc->sc_notif_wait, &alive_wait, 2888 IWM_MVM_UCODE_ALIVE_TIMEOUT); 2889 IWM_LOCK(sc); 2890 if (error) { 2891 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 2892 uint32_t a = 0x5a5a5a5a, b = 0x5a5a5a5a; 2893 if (iwm_nic_lock(sc)) { 2894 a = iwm_read_prph(sc, IWM_SB_CPU_1_STATUS); 2895 b = iwm_read_prph(sc, IWM_SB_CPU_2_STATUS); 2896 iwm_nic_unlock(sc); 2897 } 2898 device_printf(sc->sc_dev, 2899 "SecBoot CPU1 Status: 0x%x, CPU2 Status: 0x%x\n", 2900 a, b); 2901 } 2902 sc->cur_ucode = old_type; 2903 return error; 2904 } 2905 2906 if (!alive_data.valid) { 2907 device_printf(sc->sc_dev, "%s: Loaded ucode is not valid\n", 2908 __func__); 2909 sc->cur_ucode = old_type; 2910 return EIO; 2911 } 2912 2913 iwm_trans_pcie_fw_alive(sc, alive_data.scd_base_addr); 2914 2915 /* 2916 * configure and operate fw paging mechanism. 2917 * driver configures the paging flow only once, CPU2 paging image 2918 * included in the IWM_UCODE_INIT image. 2919 */ 2920 if (fw->paging_mem_size) { 2921 error = iwm_save_fw_paging(sc, fw); 2922 if (error) { 2923 device_printf(sc->sc_dev, 2924 "%s: failed to save the FW paging image\n", 2925 __func__); 2926 return error; 2927 } 2928 2929 error = iwm_send_paging_cmd(sc, fw); 2930 if (error) { 2931 device_printf(sc->sc_dev, 2932 "%s: failed to send the paging cmd\n", __func__); 2933 iwm_free_fw_paging(sc); 2934 return error; 2935 } 2936 } 2937 2938 if (!error) 2939 sc->ucode_loaded = TRUE; 2940 return error; 2941} 2942 2943/* 2944 * mvm misc bits 2945 */ 2946 2947/* 2948 * follows iwlwifi/fw.c 2949 */ 2950static int 2951iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm) 2952{ 2953 struct iwm_notification_wait calib_wait; 2954 static const uint16_t init_complete[] = { 2955 IWM_INIT_COMPLETE_NOTIF, 2956 IWM_CALIB_RES_NOTIF_PHY_DB 2957 }; 2958 int ret; 2959 2960 /* do not operate with rfkill switch turned on */ 2961 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) { 2962 device_printf(sc->sc_dev, 2963 "radio is disabled by hardware switch\n"); 2964 return EPERM; 2965 } 2966 2967 iwm_init_notification_wait(sc->sc_notif_wait, 2968 &calib_wait, 2969 init_complete, 2970 nitems(init_complete), 2971 iwm_wait_phy_db_entry, 2972 sc->sc_phy_db); 2973 2974 /* Will also start the device */ 2975 ret = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_INIT); 2976 if (ret) { 2977 device_printf(sc->sc_dev, "Failed to start INIT ucode: %d\n", 2978 ret); 2979 goto error; 2980 } 2981 2982 if (justnvm) { 2983 /* Read nvm */ 2984 ret = iwm_nvm_init(sc); 2985 if (ret) { 2986 device_printf(sc->sc_dev, "failed to read nvm\n"); 2987 goto error; 2988 } 2989 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->nvm_data->hw_addr); 2990 goto error; 2991 } 2992 2993 ret = iwm_send_bt_init_conf(sc); 2994 if (ret) { 2995 device_printf(sc->sc_dev, 2996 "failed to send bt coex configuration: %d\n", ret); 2997 goto error; 2998 } 2999 3000 /* Init Smart FIFO. */ 3001 ret = iwm_mvm_sf_config(sc, IWM_SF_INIT_OFF); 3002 if (ret) 3003 goto error; 3004 3005 /* Send TX valid antennas before triggering calibrations */ 3006 ret = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc)); 3007 if (ret) { 3008 device_printf(sc->sc_dev, 3009 "failed to send antennas before calibration: %d\n", ret); 3010 goto error; 3011 } 3012 3013 /* 3014 * Send phy configurations command to init uCode 3015 * to start the 16.0 uCode init image internal calibrations. 3016 */ 3017 ret = iwm_send_phy_cfg_cmd(sc); 3018 if (ret) { 3019 device_printf(sc->sc_dev, 3020 "%s: Failed to run INIT calibrations: %d\n", 3021 __func__, ret); 3022 goto error; 3023 } 3024 3025 /* 3026 * Nothing to do but wait for the init complete notification 3027 * from the firmware. 3028 */ 3029 IWM_UNLOCK(sc); 3030 ret = iwm_wait_notification(sc->sc_notif_wait, &calib_wait, 3031 IWM_MVM_UCODE_CALIB_TIMEOUT); 3032 IWM_LOCK(sc); 3033 3034 3035 goto out; 3036 3037error: 3038 iwm_remove_notification(sc->sc_notif_wait, &calib_wait); 3039out: 3040 return ret; 3041} 3042 3043/* 3044 * receive side 3045 */ 3046 3047/* (re)stock rx ring, called at init-time and at runtime */ 3048static int 3049iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx) 3050{ 3051 struct iwm_rx_ring *ring = &sc->rxq; 3052 struct iwm_rx_data *data = &ring->data[idx]; 3053 struct mbuf *m; 3054 bus_dmamap_t dmamap; 3055 bus_dma_segment_t seg; 3056 int nsegs, error; 3057 3058 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE); 3059 if (m == NULL) 3060 return ENOBUFS; 3061 3062 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size; 3063 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m, 3064 &seg, &nsegs, BUS_DMA_NOWAIT); 3065 if (error != 0) { 3066 device_printf(sc->sc_dev, 3067 "%s: can't map mbuf, error %d\n", __func__, error); 3068 m_freem(m); 3069 return error; 3070 } 3071 3072 if (data->m != NULL) 3073 bus_dmamap_unload(ring->data_dmat, data->map); 3074 3075 /* Swap ring->spare_map with data->map */ 3076 dmamap = data->map; 3077 data->map = ring->spare_map; 3078 ring->spare_map = dmamap; 3079 3080 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD); 3081 data->m = m; 3082 3083 /* Update RX descriptor. */ 3084 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned")); 3085 ring->desc[idx] = htole32(seg.ds_addr >> 8); 3086 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3087 BUS_DMASYNC_PREWRITE); 3088 3089 return 0; 3090} 3091 3092/* iwlwifi: mvm/rx.c */ 3093/* 3094 * iwm_mvm_get_signal_strength - use new rx PHY INFO API 3095 * values are reported by the fw as positive values - need to negate 3096 * to obtain their dBM. Account for missing antennas by replacing 0 3097 * values by -256dBm: practically 0 power and a non-feasible 8 bit value. 3098 */ 3099static int 3100iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 3101{ 3102 int energy_a, energy_b, energy_c, max_energy; 3103 uint32_t val; 3104 3105 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]); 3106 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >> 3107 IWM_RX_INFO_ENERGY_ANT_A_POS; 3108 energy_a = energy_a ? -energy_a : -256; 3109 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >> 3110 IWM_RX_INFO_ENERGY_ANT_B_POS; 3111 energy_b = energy_b ? -energy_b : -256; 3112 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >> 3113 IWM_RX_INFO_ENERGY_ANT_C_POS; 3114 energy_c = energy_c ? -energy_c : -256; 3115 max_energy = MAX(energy_a, energy_b); 3116 max_energy = MAX(max_energy, energy_c); 3117 3118 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3119 "energy In A %d B %d C %d , and max %d\n", 3120 energy_a, energy_b, energy_c, max_energy); 3121 3122 return max_energy; 3123} 3124 3125static void 3126iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3127{ 3128 struct iwm_rx_phy_info *phy_info = (void *)pkt->data; 3129 3130 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n"); 3131 3132 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info)); 3133} 3134 3135/* 3136 * Retrieve the average noise (in dBm) among receivers. 3137 */ 3138static int 3139iwm_get_noise(struct iwm_softc *sc, 3140 const struct iwm_mvm_statistics_rx_non_phy *stats) 3141{ 3142 int i, total, nbant, noise; 3143 3144 total = nbant = noise = 0; 3145 for (i = 0; i < 3; i++) { 3146 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff; 3147 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n", 3148 __func__, 3149 i, 3150 noise); 3151 3152 if (noise) { 3153 total += noise; 3154 nbant++; 3155 } 3156 } 3157 3158 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n", 3159 __func__, nbant, total); 3160#if 0 3161 /* There should be at least one antenna but check anyway. */ 3162 return (nbant == 0) ? -127 : (total / nbant) - 107; 3163#else 3164 /* For now, just hard-code it to -96 to be safe */ 3165 return (-96); 3166#endif 3167} 3168 3169/* 3170 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler 3171 * 3172 * Handles the actual data of the Rx packet from the fw 3173 */ 3174static boolean_t 3175iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc, struct mbuf *m, uint32_t offset, 3176 boolean_t stolen) 3177{ 3178 struct ieee80211com *ic = &sc->sc_ic; 3179 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3180 struct ieee80211_frame *wh; 3181 struct ieee80211_node *ni; 3182 struct ieee80211_rx_stats rxs; 3183 struct iwm_rx_phy_info *phy_info; 3184 struct iwm_rx_mpdu_res_start *rx_res; 3185 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *, offset); 3186 uint32_t len; 3187 uint32_t rx_pkt_status; 3188 int rssi; 3189 3190 phy_info = &sc->sc_last_phy_info; 3191 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data; 3192 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res)); 3193 len = le16toh(rx_res->byte_count); 3194 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len)); 3195 3196 if (__predict_false(phy_info->cfg_phy_cnt > 20)) { 3197 device_printf(sc->sc_dev, 3198 "dsp size out of range [0,20]: %d\n", 3199 phy_info->cfg_phy_cnt); 3200 goto fail; 3201 } 3202 3203 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) || 3204 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) { 3205 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3206 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status); 3207 goto fail; 3208 } 3209 3210 rssi = iwm_mvm_get_signal_strength(sc, phy_info); 3211 3212 /* Map it to relative value */ 3213 rssi = rssi - sc->sc_noise; 3214 3215 /* replenish ring for the buffer we're going to feed to the sharks */ 3216 if (!stolen && iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) { 3217 device_printf(sc->sc_dev, "%s: unable to add more buffers\n", 3218 __func__); 3219 goto fail; 3220 } 3221 3222 m->m_data = pkt->data + sizeof(*rx_res); 3223 m->m_pkthdr.len = m->m_len = len; 3224 3225 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3226 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise); 3227 3228 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 3229 3230 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3231 "%s: phy_info: channel=%d, flags=0x%08x\n", 3232 __func__, 3233 le16toh(phy_info->channel), 3234 le16toh(phy_info->phy_flags)); 3235 3236 /* 3237 * Populate an RX state struct with the provided information. 3238 */ 3239 bzero(&rxs, sizeof(rxs)); 3240 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; 3241 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 3242 rxs.c_ieee = le16toh(phy_info->channel); 3243 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) { 3244 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ); 3245 } else { 3246 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ); 3247 } 3248 3249 /* rssi is in 1/2db units */ 3250 rxs.rssi = rssi * 2; 3251 rxs.nf = sc->sc_noise; 3252 3253 if (ieee80211_radiotap_active_vap(vap)) { 3254 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap; 3255 3256 tap->wr_flags = 0; 3257 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE)) 3258 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3259 tap->wr_chan_freq = htole16(rxs.c_freq); 3260 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */ 3261 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 3262 tap->wr_dbm_antsignal = (int8_t)rssi; 3263 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise; 3264 tap->wr_tsft = phy_info->system_timestamp; 3265 switch (phy_info->rate) { 3266 /* CCK rates. */ 3267 case 10: tap->wr_rate = 2; break; 3268 case 20: tap->wr_rate = 4; break; 3269 case 55: tap->wr_rate = 11; break; 3270 case 110: tap->wr_rate = 22; break; 3271 /* OFDM rates. */ 3272 case 0xd: tap->wr_rate = 12; break; 3273 case 0xf: tap->wr_rate = 18; break; 3274 case 0x5: tap->wr_rate = 24; break; 3275 case 0x7: tap->wr_rate = 36; break; 3276 case 0x9: tap->wr_rate = 48; break; 3277 case 0xb: tap->wr_rate = 72; break; 3278 case 0x1: tap->wr_rate = 96; break; 3279 case 0x3: tap->wr_rate = 108; break; 3280 /* Unknown rate: should not happen. */ 3281 default: tap->wr_rate = 0; 3282 } 3283 } 3284 3285 IWM_UNLOCK(sc); 3286 if (ni != NULL) { 3287 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m); 3288 ieee80211_input_mimo(ni, m, &rxs); 3289 ieee80211_free_node(ni); 3290 } else { 3291 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m); 3292 ieee80211_input_mimo_all(ic, m, &rxs); 3293 } 3294 IWM_LOCK(sc); 3295 3296 return TRUE; 3297 3298fail: counter_u64_add(ic->ic_ierrors, 1); 3299 return FALSE; 3300} 3301 3302static int 3303iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 3304 struct iwm_node *in) 3305{ 3306 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data; 3307 struct ieee80211_node *ni = &in->in_ni; 3308 struct ieee80211vap *vap = ni->ni_vap; 3309 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK; 3310 int failack = tx_resp->failure_frame; 3311 3312 KASSERT(tx_resp->frame_count == 1, ("too many frames")); 3313 3314 /* Update rate control statistics. */ 3315 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n", 3316 __func__, 3317 (int) le16toh(tx_resp->status.status), 3318 (int) le16toh(tx_resp->status.sequence), 3319 tx_resp->frame_count, 3320 tx_resp->bt_kill_count, 3321 tx_resp->failure_rts, 3322 tx_resp->failure_frame, 3323 le32toh(tx_resp->initial_rate), 3324 (int) le16toh(tx_resp->wireless_media_time)); 3325 3326 if (status != IWM_TX_STATUS_SUCCESS && 3327 status != IWM_TX_STATUS_DIRECT_DONE) { 3328 ieee80211_ratectl_tx_complete(vap, ni, 3329 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL); 3330 return (1); 3331 } else { 3332 ieee80211_ratectl_tx_complete(vap, ni, 3333 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL); 3334 return (0); 3335 } 3336} 3337 3338static void 3339iwm_mvm_rx_tx_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3340{ 3341 struct iwm_cmd_header *cmd_hdr = &pkt->hdr; 3342 int idx = cmd_hdr->idx; 3343 int qid = cmd_hdr->qid; 3344 struct iwm_tx_ring *ring = &sc->txq[qid]; 3345 struct iwm_tx_data *txd = &ring->data[idx]; 3346 struct iwm_node *in = txd->in; 3347 struct mbuf *m = txd->m; 3348 int status; 3349 3350 KASSERT(txd->done == 0, ("txd not done")); 3351 KASSERT(txd->in != NULL, ("txd without node")); 3352 KASSERT(txd->m != NULL, ("txd without mbuf")); 3353 3354 sc->sc_tx_timer = 0; 3355 3356 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in); 3357 3358 /* Unmap and free mbuf. */ 3359 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE); 3360 bus_dmamap_unload(ring->data_dmat, txd->map); 3361 3362 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3363 "free txd %p, in %p\n", txd, txd->in); 3364 txd->done = 1; 3365 txd->m = NULL; 3366 txd->in = NULL; 3367 3368 ieee80211_tx_complete(&in->in_ni, m, status); 3369 3370 if (--ring->queued < IWM_TX_RING_LOMARK) { 3371 sc->qfullmsk &= ~(1 << ring->qid); 3372 if (sc->qfullmsk == 0) { 3373 iwm_start(sc); 3374 } 3375 } 3376} 3377 3378/* 3379 * transmit side 3380 */ 3381 3382/* 3383 * Process a "command done" firmware notification. This is where we wakeup 3384 * processes waiting for a synchronous command completion. 3385 * from if_iwn 3386 */ 3387static void 3388iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3389{ 3390 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE]; 3391 struct iwm_tx_data *data; 3392 3393 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) { 3394 return; /* Not a command ack. */ 3395 } 3396 3397 /* XXX wide commands? */ 3398 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 3399 "cmd notification type 0x%x qid %d idx %d\n", 3400 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx); 3401 3402 data = &ring->data[pkt->hdr.idx]; 3403 3404 /* If the command was mapped in an mbuf, free it. */ 3405 if (data->m != NULL) { 3406 bus_dmamap_sync(ring->data_dmat, data->map, 3407 BUS_DMASYNC_POSTWRITE); 3408 bus_dmamap_unload(ring->data_dmat, data->map); 3409 m_freem(data->m); 3410 data->m = NULL; 3411 } 3412 wakeup(&ring->desc[pkt->hdr.idx]); 3413 3414 if (((pkt->hdr.idx + ring->queued) % IWM_TX_RING_COUNT) != ring->cur) { 3415 device_printf(sc->sc_dev, 3416 "%s: Some HCMDs skipped?: idx=%d queued=%d cur=%d\n", 3417 __func__, pkt->hdr.idx, ring->queued, ring->cur); 3418 /* XXX call iwm_force_nmi() */ 3419 } 3420 3421 KASSERT(ring->queued > 0, ("ring->queued is empty?")); 3422 ring->queued--; 3423 if (ring->queued == 0) 3424 iwm_pcie_clear_cmd_in_flight(sc); 3425} 3426 3427#if 0 3428/* 3429 * necessary only for block ack mode 3430 */ 3431void 3432iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id, 3433 uint16_t len) 3434{ 3435 struct iwm_agn_scd_bc_tbl *scd_bc_tbl; 3436 uint16_t w_val; 3437 3438 scd_bc_tbl = sc->sched_dma.vaddr; 3439 3440 len += 8; /* magic numbers came naturally from paris */ 3441 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE) 3442 len = roundup(len, 4) / 4; 3443 3444 w_val = htole16(sta_id << 12 | len); 3445 3446 /* Update TX scheduler. */ 3447 scd_bc_tbl[qid].tfd_offset[idx] = w_val; 3448 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3449 BUS_DMASYNC_PREWRITE); 3450 3451 /* I really wonder what this is ?!? */ 3452 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) { 3453 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val; 3454 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3455 BUS_DMASYNC_PREWRITE); 3456 } 3457} 3458#endif 3459 3460/* 3461 * Take an 802.11 (non-n) rate, find the relevant rate 3462 * table entry. return the index into in_ridx[]. 3463 * 3464 * The caller then uses that index back into in_ridx 3465 * to figure out the rate index programmed /into/ 3466 * the firmware for this given node. 3467 */ 3468static int 3469iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in, 3470 uint8_t rate) 3471{ 3472 int i; 3473 uint8_t r; 3474 3475 for (i = 0; i < nitems(in->in_ridx); i++) { 3476 r = iwm_rates[in->in_ridx[i]].rate; 3477 if (rate == r) 3478 return (i); 3479 } 3480 3481 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3482 "%s: couldn't find an entry for rate=%d\n", 3483 __func__, 3484 rate); 3485 3486 /* XXX Return the first */ 3487 /* XXX TODO: have it return the /lowest/ */ 3488 return (0); 3489} 3490 3491static int 3492iwm_tx_rateidx_global_lookup(struct iwm_softc *sc, uint8_t rate) 3493{ 3494 int i; 3495 3496 for (i = 0; i < nitems(iwm_rates); i++) { 3497 if (iwm_rates[i].rate == rate) 3498 return (i); 3499 } 3500 /* XXX error? */ 3501 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3502 "%s: couldn't find an entry for rate=%d\n", 3503 __func__, 3504 rate); 3505 return (0); 3506} 3507 3508/* 3509 * Fill in the rate related information for a transmit command. 3510 */ 3511static const struct iwm_rate * 3512iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in, 3513 struct mbuf *m, struct iwm_tx_cmd *tx) 3514{ 3515 struct ieee80211_node *ni = &in->in_ni; 3516 struct ieee80211_frame *wh; 3517 const struct ieee80211_txparam *tp = ni->ni_txparms; 3518 const struct iwm_rate *rinfo; 3519 int type; 3520 int ridx, rate_flags; 3521 3522 wh = mtod(m, struct ieee80211_frame *); 3523 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3524 3525 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT; 3526 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY; 3527 3528 if (type == IEEE80211_FC0_TYPE_MGT) { 3529 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3530 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3531 "%s: MGT (%d)\n", __func__, tp->mgmtrate); 3532 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3533 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mcastrate); 3534 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3535 "%s: MCAST (%d)\n", __func__, tp->mcastrate); 3536 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 3537 ridx = iwm_tx_rateidx_global_lookup(sc, tp->ucastrate); 3538 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3539 "%s: FIXED_RATE (%d)\n", __func__, tp->ucastrate); 3540 } else if (m->m_flags & M_EAPOL) { 3541 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3542 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3543 "%s: EAPOL\n", __func__); 3544 } else if (type == IEEE80211_FC0_TYPE_DATA) { 3545 int i; 3546 3547 /* for data frames, use RS table */ 3548 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DATA\n", __func__); 3549 /* XXX pass pktlen */ 3550 (void) ieee80211_ratectl_rate(ni, NULL, 0); 3551 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate); 3552 ridx = in->in_ridx[i]; 3553 3554 /* This is the index into the programmed table */ 3555 tx->initial_rate_index = i; 3556 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE); 3557 3558 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3559 "%s: start with i=%d, txrate %d\n", 3560 __func__, i, iwm_rates[ridx].rate); 3561 } else { 3562 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3563 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DEFAULT (%d)\n", 3564 __func__, tp->mgmtrate); 3565 } 3566 3567 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3568 "%s: frame type=%d txrate %d\n", 3569 __func__, type, iwm_rates[ridx].rate); 3570 3571 rinfo = &iwm_rates[ridx]; 3572 3573 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n", 3574 __func__, ridx, 3575 rinfo->rate, 3576 !! (IWM_RIDX_IS_CCK(ridx)) 3577 ); 3578 3579 /* XXX TODO: hard-coded TX antenna? */ 3580 rate_flags = 1 << IWM_RATE_MCS_ANT_POS; 3581 if (IWM_RIDX_IS_CCK(ridx)) 3582 rate_flags |= IWM_RATE_MCS_CCK_MSK; 3583 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp); 3584 3585 return rinfo; 3586} 3587 3588#define TB0_SIZE 16 3589static int 3590iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac) 3591{ 3592 struct ieee80211com *ic = &sc->sc_ic; 3593 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3594 struct iwm_node *in = IWM_NODE(ni); 3595 struct iwm_tx_ring *ring; 3596 struct iwm_tx_data *data; 3597 struct iwm_tfd *desc; 3598 struct iwm_device_cmd *cmd; 3599 struct iwm_tx_cmd *tx; 3600 struct ieee80211_frame *wh; 3601 struct ieee80211_key *k = NULL; 3602 struct mbuf *m1; 3603 const struct iwm_rate *rinfo; 3604 uint32_t flags; 3605 u_int hdrlen; 3606 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER]; 3607 int nsegs; 3608 uint8_t tid, type; 3609 int i, totlen, error, pad; 3610 3611 wh = mtod(m, struct ieee80211_frame *); 3612 hdrlen = ieee80211_anyhdrsize(wh); 3613 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3614 tid = 0; 3615 ring = &sc->txq[ac]; 3616 desc = &ring->desc[ring->cur]; 3617 memset(desc, 0, sizeof(*desc)); 3618 data = &ring->data[ring->cur]; 3619 3620 /* Fill out iwm_tx_cmd to send to the firmware */ 3621 cmd = &ring->cmd[ring->cur]; 3622 cmd->hdr.code = IWM_TX_CMD; 3623 cmd->hdr.flags = 0; 3624 cmd->hdr.qid = ring->qid; 3625 cmd->hdr.idx = ring->cur; 3626 3627 tx = (void *)cmd->data; 3628 memset(tx, 0, sizeof(*tx)); 3629 3630 rinfo = iwm_tx_fill_cmd(sc, in, m, tx); 3631 3632 /* Encrypt the frame if need be. */ 3633 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 3634 /* Retrieve key for TX && do software encryption. */ 3635 k = ieee80211_crypto_encap(ni, m); 3636 if (k == NULL) { 3637 m_freem(m); 3638 return (ENOBUFS); 3639 } 3640 /* 802.11 header may have moved. */ 3641 wh = mtod(m, struct ieee80211_frame *); 3642 } 3643 3644 if (ieee80211_radiotap_active_vap(vap)) { 3645 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap; 3646 3647 tap->wt_flags = 0; 3648 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 3649 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 3650 tap->wt_rate = rinfo->rate; 3651 if (k != NULL) 3652 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 3653 ieee80211_radiotap_tx(vap, m); 3654 } 3655 3656 3657 totlen = m->m_pkthdr.len; 3658 3659 flags = 0; 3660 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3661 flags |= IWM_TX_CMD_FLG_ACK; 3662 } 3663 3664 if (type == IEEE80211_FC0_TYPE_DATA 3665 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) 3666 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3667 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE; 3668 } 3669 3670 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3671 type != IEEE80211_FC0_TYPE_DATA) 3672 tx->sta_id = sc->sc_aux_sta.sta_id; 3673 else 3674 tx->sta_id = IWM_STATION_ID; 3675 3676 if (type == IEEE80211_FC0_TYPE_MGT) { 3677 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 3678 3679 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 3680 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 3681 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC); 3682 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) { 3683 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3684 } else { 3685 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT); 3686 } 3687 } else { 3688 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3689 } 3690 3691 if (hdrlen & 3) { 3692 /* First segment length must be a multiple of 4. */ 3693 flags |= IWM_TX_CMD_FLG_MH_PAD; 3694 pad = 4 - (hdrlen & 3); 3695 } else 3696 pad = 0; 3697 3698 tx->driver_txop = 0; 3699 tx->next_frame_len = 0; 3700 3701 tx->len = htole16(totlen); 3702 tx->tid_tspec = tid; 3703 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE); 3704 3705 /* Set physical address of "scratch area". */ 3706 tx->dram_lsb_ptr = htole32(data->scratch_paddr); 3707 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr); 3708 3709 /* Copy 802.11 header in TX command. */ 3710 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 3711 3712 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL; 3713 3714 tx->sec_ctl = 0; 3715 tx->tx_flags |= htole32(flags); 3716 3717 /* Trim 802.11 header. */ 3718 m_adj(m, hdrlen); 3719 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3720 segs, &nsegs, BUS_DMA_NOWAIT); 3721 if (error != 0) { 3722 if (error != EFBIG) { 3723 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3724 error); 3725 m_freem(m); 3726 return error; 3727 } 3728 /* Too many DMA segments, linearize mbuf. */ 3729 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2); 3730 if (m1 == NULL) { 3731 device_printf(sc->sc_dev, 3732 "%s: could not defrag mbuf\n", __func__); 3733 m_freem(m); 3734 return (ENOBUFS); 3735 } 3736 m = m1; 3737 3738 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3739 segs, &nsegs, BUS_DMA_NOWAIT); 3740 if (error != 0) { 3741 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3742 error); 3743 m_freem(m); 3744 return error; 3745 } 3746 } 3747 data->m = m; 3748 data->in = in; 3749 data->done = 0; 3750 3751 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3752 "sending txd %p, in %p\n", data, data->in); 3753 KASSERT(data->in != NULL, ("node is NULL")); 3754 3755 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3756 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n", 3757 ring->qid, ring->cur, totlen, nsegs, 3758 le32toh(tx->tx_flags), 3759 le32toh(tx->rate_n_flags), 3760 tx->initial_rate_index 3761 ); 3762 3763 /* Fill TX descriptor. */ 3764 desc->num_tbs = 2 + nsegs; 3765 3766 desc->tbs[0].lo = htole32(data->cmd_paddr); 3767 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3768 (TB0_SIZE << 4); 3769 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE); 3770 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3771 ((sizeof(struct iwm_cmd_header) + sizeof(*tx) 3772 + hdrlen + pad - TB0_SIZE) << 4); 3773 3774 /* Other DMA segments are for data payload. */ 3775 for (i = 0; i < nsegs; i++) { 3776 seg = &segs[i]; 3777 desc->tbs[i+2].lo = htole32(seg->ds_addr); 3778 desc->tbs[i+2].hi_n_len = \ 3779 htole16(iwm_get_dma_hi_addr(seg->ds_addr)) 3780 | ((seg->ds_len) << 4); 3781 } 3782 3783 bus_dmamap_sync(ring->data_dmat, data->map, 3784 BUS_DMASYNC_PREWRITE); 3785 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map, 3786 BUS_DMASYNC_PREWRITE); 3787 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3788 BUS_DMASYNC_PREWRITE); 3789 3790#if 0 3791 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len)); 3792#endif 3793 3794 /* Kick TX ring. */ 3795 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT; 3796 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 3797 3798 /* Mark TX ring as full if we reach a certain threshold. */ 3799 if (++ring->queued > IWM_TX_RING_HIMARK) { 3800 sc->qfullmsk |= 1 << ring->qid; 3801 } 3802 3803 return 0; 3804} 3805 3806static int 3807iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3808 const struct ieee80211_bpf_params *params) 3809{ 3810 struct ieee80211com *ic = ni->ni_ic; 3811 struct iwm_softc *sc = ic->ic_softc; 3812 int error = 0; 3813 3814 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3815 "->%s begin\n", __func__); 3816 3817 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 3818 m_freem(m); 3819 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3820 "<-%s not RUNNING\n", __func__); 3821 return (ENETDOWN); 3822 } 3823 3824 IWM_LOCK(sc); 3825 /* XXX fix this */ 3826 if (params == NULL) { 3827 error = iwm_tx(sc, m, ni, 0); 3828 } else { 3829 error = iwm_tx(sc, m, ni, 0); 3830 } 3831 sc->sc_tx_timer = 5; 3832 IWM_UNLOCK(sc); 3833 3834 return (error); 3835} 3836 3837/* 3838 * mvm/tx.c 3839 */ 3840 3841/* 3842 * Note that there are transports that buffer frames before they reach 3843 * the firmware. This means that after flush_tx_path is called, the 3844 * queue might not be empty. The race-free way to handle this is to: 3845 * 1) set the station as draining 3846 * 2) flush the Tx path 3847 * 3) wait for the transport queues to be empty 3848 */ 3849int 3850iwm_mvm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags) 3851{ 3852 int ret; 3853 struct iwm_tx_path_flush_cmd flush_cmd = { 3854 .queues_ctl = htole32(tfd_msk), 3855 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH), 3856 }; 3857 3858 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags, 3859 sizeof(flush_cmd), &flush_cmd); 3860 if (ret) 3861 device_printf(sc->sc_dev, 3862 "Flushing tx queue failed: %d\n", ret); 3863 return ret; 3864} 3865 3866/* 3867 * BEGIN mvm/quota.c 3868 */ 3869 3870static int 3871iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_vap *ivp) 3872{ 3873 struct iwm_time_quota_cmd cmd; 3874 int i, idx, ret, num_active_macs, quota, quota_rem; 3875 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, }; 3876 int n_ifs[IWM_MAX_BINDINGS] = {0, }; 3877 uint16_t id; 3878 3879 memset(&cmd, 0, sizeof(cmd)); 3880 3881 /* currently, PHY ID == binding ID */ 3882 if (ivp) { 3883 id = ivp->phy_ctxt->id; 3884 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id")); 3885 colors[id] = ivp->phy_ctxt->color; 3886 3887 if (1) 3888 n_ifs[id] = 1; 3889 } 3890 3891 /* 3892 * The FW's scheduling session consists of 3893 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments 3894 * equally between all the bindings that require quota 3895 */ 3896 num_active_macs = 0; 3897 for (i = 0; i < IWM_MAX_BINDINGS; i++) { 3898 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID); 3899 num_active_macs += n_ifs[i]; 3900 } 3901 3902 quota = 0; 3903 quota_rem = 0; 3904 if (num_active_macs) { 3905 quota = IWM_MVM_MAX_QUOTA / num_active_macs; 3906 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs; 3907 } 3908 3909 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) { 3910 if (colors[i] < 0) 3911 continue; 3912 3913 cmd.quotas[idx].id_and_color = 3914 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i])); 3915 3916 if (n_ifs[i] <= 0) { 3917 cmd.quotas[idx].quota = htole32(0); 3918 cmd.quotas[idx].max_duration = htole32(0); 3919 } else { 3920 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]); 3921 cmd.quotas[idx].max_duration = htole32(0); 3922 } 3923 idx++; 3924 } 3925 3926 /* Give the remainder of the session to the first binding */ 3927 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem); 3928 3929 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC, 3930 sizeof(cmd), &cmd); 3931 if (ret) 3932 device_printf(sc->sc_dev, 3933 "%s: Failed to send quota: %d\n", __func__, ret); 3934 return ret; 3935} 3936 3937/* 3938 * END mvm/quota.c 3939 */ 3940 3941/* 3942 * ieee80211 routines 3943 */ 3944 3945/* 3946 * Change to AUTH state in 80211 state machine. Roughly matches what 3947 * Linux does in bss_info_changed(). 3948 */ 3949static int 3950iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc) 3951{ 3952 struct ieee80211_node *ni; 3953 struct iwm_node *in; 3954 struct iwm_vap *iv = IWM_VAP(vap); 3955 uint32_t duration; 3956 int error; 3957 3958 /* 3959 * XXX i have a feeling that the vap node is being 3960 * freed from underneath us. Grr. 3961 */ 3962 ni = ieee80211_ref_node(vap->iv_bss); 3963 in = IWM_NODE(ni); 3964 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE, 3965 "%s: called; vap=%p, bss ni=%p\n", 3966 __func__, 3967 vap, 3968 ni); 3969 3970 in->in_assoc = 0; 3971 3972 /* 3973 * Firmware bug - it'll crash if the beacon interval is less 3974 * than 16. We can't avoid connecting at all, so refuse the 3975 * station state change, this will cause net80211 to abandon 3976 * attempts to connect to this AP, and eventually wpa_s will 3977 * blacklist the AP... 3978 */ 3979 if (ni->ni_intval < 16) { 3980 device_printf(sc->sc_dev, 3981 "AP %s beacon interval is %d, refusing due to firmware bug!\n", 3982 ether_sprintf(ni->ni_bssid), ni->ni_intval); 3983 error = EINVAL; 3984 goto out; 3985 } 3986 3987 error = iwm_mvm_sf_config(sc, IWM_SF_FULL_ON); 3988 if (error != 0) 3989 return error; 3990 3991 error = iwm_allow_mcast(vap, sc); 3992 if (error) { 3993 device_printf(sc->sc_dev, 3994 "%s: failed to set multicast\n", __func__); 3995 goto out; 3996 } 3997 3998 /* 3999 * This is where it deviates from what Linux does. 4000 * 4001 * Linux iwlwifi doesn't reset the nic each time, nor does it 4002 * call ctxt_add() here. Instead, it adds it during vap creation, 4003 * and always does a mac_ctx_changed(). 4004 * 4005 * The openbsd port doesn't attempt to do that - it reset things 4006 * at odd states and does the add here. 4007 * 4008 * So, until the state handling is fixed (ie, we never reset 4009 * the NIC except for a firmware failure, which should drag 4010 * the NIC back to IDLE, re-setup and re-add all the mac/phy 4011 * contexts that are required), let's do a dirty hack here. 4012 */ 4013 if (iv->is_uploaded) { 4014 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4015 device_printf(sc->sc_dev, 4016 "%s: failed to update MAC\n", __func__); 4017 goto out; 4018 } 4019 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 4020 in->in_ni.ni_chan, 1, 1)) != 0) { 4021 device_printf(sc->sc_dev, 4022 "%s: failed update phy ctxt\n", __func__); 4023 goto out; 4024 } 4025 iv->phy_ctxt = &sc->sc_phyctxt[0]; 4026 4027 if ((error = iwm_mvm_binding_add_vif(sc, iv)) != 0) { 4028 device_printf(sc->sc_dev, 4029 "%s: binding update cmd\n", __func__); 4030 goto out; 4031 } 4032 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 4033 device_printf(sc->sc_dev, 4034 "%s: failed to update sta\n", __func__); 4035 goto out; 4036 } 4037 } else { 4038 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) { 4039 device_printf(sc->sc_dev, 4040 "%s: failed to add MAC\n", __func__); 4041 goto out; 4042 } 4043 if ((error = iwm_mvm_power_update_mac(sc)) != 0) { 4044 device_printf(sc->sc_dev, 4045 "%s: failed to update power management\n", 4046 __func__); 4047 goto out; 4048 } 4049 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 4050 in->in_ni.ni_chan, 1, 1)) != 0) { 4051 device_printf(sc->sc_dev, 4052 "%s: failed add phy ctxt!\n", __func__); 4053 error = ETIMEDOUT; 4054 goto out; 4055 } 4056 iv->phy_ctxt = &sc->sc_phyctxt[0]; 4057 4058 if ((error = iwm_mvm_binding_add_vif(sc, iv)) != 0) { 4059 device_printf(sc->sc_dev, 4060 "%s: binding add cmd\n", __func__); 4061 goto out; 4062 } 4063 if ((error = iwm_mvm_add_sta(sc, in)) != 0) { 4064 device_printf(sc->sc_dev, 4065 "%s: failed to add sta\n", __func__); 4066 goto out; 4067 } 4068 } 4069 4070 /* 4071 * Prevent the FW from wandering off channel during association 4072 * by "protecting" the session with a time event. 4073 */ 4074 /* XXX duration is in units of TU, not MS */ 4075 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS; 4076 iwm_mvm_protect_session(sc, iv, duration, 500 /* XXX magic number */); 4077 DELAY(100); 4078 4079 error = 0; 4080out: 4081 ieee80211_free_node(ni); 4082 return (error); 4083} 4084 4085static int 4086iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc) 4087{ 4088 struct iwm_node *in = IWM_NODE(vap->iv_bss); 4089 int error; 4090 4091 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 4092 device_printf(sc->sc_dev, 4093 "%s: failed to update STA\n", __func__); 4094 return error; 4095 } 4096 4097 in->in_assoc = 1; 4098 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4099 device_printf(sc->sc_dev, 4100 "%s: failed to update MAC\n", __func__); 4101 return error; 4102 } 4103 4104 return 0; 4105} 4106 4107static int 4108iwm_release(struct iwm_softc *sc, struct iwm_node *in) 4109{ 4110 uint32_t tfd_msk; 4111 4112 /* 4113 * Ok, so *technically* the proper set of calls for going 4114 * from RUN back to SCAN is: 4115 * 4116 * iwm_mvm_power_mac_disable(sc, in); 4117 * iwm_mvm_mac_ctxt_changed(sc, vap); 4118 * iwm_mvm_rm_sta(sc, in); 4119 * iwm_mvm_update_quotas(sc, NULL); 4120 * iwm_mvm_mac_ctxt_changed(sc, in); 4121 * iwm_mvm_binding_remove_vif(sc, IWM_VAP(in->in_ni.ni_vap)); 4122 * iwm_mvm_mac_ctxt_remove(sc, in); 4123 * 4124 * However, that freezes the device not matter which permutations 4125 * and modifications are attempted. Obviously, this driver is missing 4126 * something since it works in the Linux driver, but figuring out what 4127 * is missing is a little more complicated. Now, since we're going 4128 * back to nothing anyway, we'll just do a complete device reset. 4129 * Up your's, device! 4130 */ 4131 /* 4132 * Just using 0xf for the queues mask is fine as long as we only 4133 * get here from RUN state. 4134 */ 4135 tfd_msk = 0xf; 4136 mbufq_drain(&sc->sc_snd); 4137 iwm_mvm_flush_tx_path(sc, tfd_msk, IWM_CMD_SYNC); 4138 /* 4139 * We seem to get away with just synchronously sending the 4140 * IWM_TXPATH_FLUSH command. 4141 */ 4142// iwm_trans_wait_tx_queue_empty(sc, tfd_msk); 4143 iwm_stop_device(sc); 4144 iwm_init_hw(sc); 4145 if (in) 4146 in->in_assoc = 0; 4147 return 0; 4148 4149#if 0 4150 int error; 4151 4152 iwm_mvm_power_mac_disable(sc, in); 4153 4154 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4155 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error); 4156 return error; 4157 } 4158 4159 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) { 4160 device_printf(sc->sc_dev, "sta remove fail %d\n", error); 4161 return error; 4162 } 4163 error = iwm_mvm_rm_sta(sc, in); 4164 in->in_assoc = 0; 4165 iwm_mvm_update_quotas(sc, NULL); 4166 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4167 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error); 4168 return error; 4169 } 4170 iwm_mvm_binding_remove_vif(sc, IWM_VAP(in->in_ni.ni_vap)); 4171 4172 iwm_mvm_mac_ctxt_remove(sc, in); 4173 4174 return error; 4175#endif 4176} 4177 4178static struct ieee80211_node * 4179iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 4180{ 4181 return malloc(sizeof (struct iwm_node), M_80211_NODE, 4182 M_NOWAIT | M_ZERO); 4183} 4184 4185uint8_t 4186iwm_ridx2rate(struct ieee80211_rateset *rs, int ridx) 4187{ 4188 int i; 4189 uint8_t rval; 4190 4191 for (i = 0; i < rs->rs_nrates; i++) { 4192 rval = (rs->rs_rates[i] & IEEE80211_RATE_VAL); 4193 if (rval == iwm_rates[ridx].rate) 4194 return rs->rs_rates[i]; 4195 } 4196 4197 return 0; 4198} 4199 4200static void 4201iwm_setrates(struct iwm_softc *sc, struct iwm_node *in) 4202{ 4203 struct ieee80211_node *ni = &in->in_ni; 4204 struct iwm_lq_cmd *lq = &in->in_lq; 4205 int nrates = ni->ni_rates.rs_nrates; 4206 int i, ridx, tab = 0; 4207// int txant = 0; 4208 4209 if (nrates > nitems(lq->rs_table)) { 4210 device_printf(sc->sc_dev, 4211 "%s: node supports %d rates, driver handles " 4212 "only %zu\n", __func__, nrates, nitems(lq->rs_table)); 4213 return; 4214 } 4215 if (nrates == 0) { 4216 device_printf(sc->sc_dev, 4217 "%s: node supports 0 rates, odd!\n", __func__); 4218 return; 4219 } 4220 4221 /* 4222 * XXX .. and most of iwm_node is not initialised explicitly; 4223 * it's all just 0x0 passed to the firmware. 4224 */ 4225 4226 /* first figure out which rates we should support */ 4227 /* XXX TODO: this isn't 11n aware /at all/ */ 4228 memset(&in->in_ridx, -1, sizeof(in->in_ridx)); 4229 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4230 "%s: nrates=%d\n", __func__, nrates); 4231 4232 /* 4233 * Loop over nrates and populate in_ridx from the highest 4234 * rate to the lowest rate. Remember, in_ridx[] has 4235 * IEEE80211_RATE_MAXSIZE entries! 4236 */ 4237 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) { 4238 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL; 4239 4240 /* Map 802.11 rate to HW rate index. */ 4241 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++) 4242 if (iwm_rates[ridx].rate == rate) 4243 break; 4244 if (ridx > IWM_RIDX_MAX) { 4245 device_printf(sc->sc_dev, 4246 "%s: WARNING: device rate for %d not found!\n", 4247 __func__, rate); 4248 } else { 4249 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4250 "%s: rate: i: %d, rate=%d, ridx=%d\n", 4251 __func__, 4252 i, 4253 rate, 4254 ridx); 4255 in->in_ridx[i] = ridx; 4256 } 4257 } 4258 4259 /* then construct a lq_cmd based on those */ 4260 memset(lq, 0, sizeof(*lq)); 4261 lq->sta_id = IWM_STATION_ID; 4262 4263 /* For HT, always enable RTS/CTS to avoid excessive retries. */ 4264 if (ni->ni_flags & IEEE80211_NODE_HT) 4265 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK; 4266 4267 /* 4268 * are these used? (we don't do SISO or MIMO) 4269 * need to set them to non-zero, though, or we get an error. 4270 */ 4271 lq->single_stream_ant_msk = 1; 4272 lq->dual_stream_ant_msk = 1; 4273 4274 /* 4275 * Build the actual rate selection table. 4276 * The lowest bits are the rates. Additionally, 4277 * CCK needs bit 9 to be set. The rest of the bits 4278 * we add to the table select the tx antenna 4279 * Note that we add the rates in the highest rate first 4280 * (opposite of ni_rates). 4281 */ 4282 /* 4283 * XXX TODO: this should be looping over the min of nrates 4284 * and LQ_MAX_RETRY_NUM. Sigh. 4285 */ 4286 for (i = 0; i < nrates; i++) { 4287 int nextant; 4288 4289#if 0 4290 if (txant == 0) 4291 txant = iwm_mvm_get_valid_tx_ant(sc); 4292 nextant = 1<<(ffs(txant)-1); 4293 txant &= ~nextant; 4294#else 4295 nextant = iwm_mvm_get_valid_tx_ant(sc); 4296#endif 4297 /* 4298 * Map the rate id into a rate index into 4299 * our hardware table containing the 4300 * configuration to use for this rate. 4301 */ 4302 ridx = in->in_ridx[i]; 4303 tab = iwm_rates[ridx].plcp; 4304 tab |= nextant << IWM_RATE_MCS_ANT_POS; 4305 if (IWM_RIDX_IS_CCK(ridx)) 4306 tab |= IWM_RATE_MCS_CCK_MSK; 4307 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4308 "station rate i=%d, rate=%d, hw=%x\n", 4309 i, iwm_rates[ridx].rate, tab); 4310 lq->rs_table[i] = htole32(tab); 4311 } 4312 /* then fill the rest with the lowest possible rate */ 4313 for (i = nrates; i < nitems(lq->rs_table); i++) { 4314 KASSERT(tab != 0, ("invalid tab")); 4315 lq->rs_table[i] = htole32(tab); 4316 } 4317} 4318 4319static int 4320iwm_media_change(struct ifnet *ifp) 4321{ 4322 struct ieee80211vap *vap = ifp->if_softc; 4323 struct ieee80211com *ic = vap->iv_ic; 4324 struct iwm_softc *sc = ic->ic_softc; 4325 int error; 4326 4327 error = ieee80211_media_change(ifp); 4328 if (error != ENETRESET) 4329 return error; 4330 4331 IWM_LOCK(sc); 4332 if (ic->ic_nrunning > 0) { 4333 iwm_stop(sc); 4334 iwm_init(sc); 4335 } 4336 IWM_UNLOCK(sc); 4337 return error; 4338} 4339 4340 4341static int 4342iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 4343{ 4344 struct iwm_vap *ivp = IWM_VAP(vap); 4345 struct ieee80211com *ic = vap->iv_ic; 4346 struct iwm_softc *sc = ic->ic_softc; 4347 struct iwm_node *in; 4348 int error; 4349 4350 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4351 "switching state %s -> %s\n", 4352 ieee80211_state_name[vap->iv_state], 4353 ieee80211_state_name[nstate]); 4354 IEEE80211_UNLOCK(ic); 4355 IWM_LOCK(sc); 4356 4357 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state) 4358 iwm_led_blink_stop(sc); 4359 4360 /* disable beacon filtering if we're hopping out of RUN */ 4361 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) { 4362 iwm_mvm_disable_beacon_filter(sc); 4363 4364 if (((in = IWM_NODE(vap->iv_bss)) != NULL)) 4365 in->in_assoc = 0; 4366 4367 if (nstate == IEEE80211_S_INIT) { 4368 IWM_UNLOCK(sc); 4369 IEEE80211_LOCK(ic); 4370 error = ivp->iv_newstate(vap, nstate, arg); 4371 IEEE80211_UNLOCK(ic); 4372 IWM_LOCK(sc); 4373 iwm_release(sc, NULL); 4374 IWM_UNLOCK(sc); 4375 IEEE80211_LOCK(ic); 4376 return error; 4377 } 4378 4379 /* 4380 * It's impossible to directly go RUN->SCAN. If we iwm_release() 4381 * above then the card will be completely reinitialized, 4382 * so the driver must do everything necessary to bring the card 4383 * from INIT to SCAN. 4384 * 4385 * Additionally, upon receiving deauth frame from AP, 4386 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH 4387 * state. This will also fail with this driver, so bring the FSM 4388 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well. 4389 * 4390 * XXX TODO: fix this for FreeBSD! 4391 */ 4392 if (nstate == IEEE80211_S_SCAN || 4393 nstate == IEEE80211_S_AUTH || 4394 nstate == IEEE80211_S_ASSOC) { 4395 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4396 "Force transition to INIT; MGT=%d\n", arg); 4397 IWM_UNLOCK(sc); 4398 IEEE80211_LOCK(ic); 4399 /* Always pass arg as -1 since we can't Tx right now. */ 4400 /* 4401 * XXX arg is just ignored anyway when transitioning 4402 * to IEEE80211_S_INIT. 4403 */ 4404 vap->iv_newstate(vap, IEEE80211_S_INIT, -1); 4405 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4406 "Going INIT->SCAN\n"); 4407 nstate = IEEE80211_S_SCAN; 4408 IEEE80211_UNLOCK(ic); 4409 IWM_LOCK(sc); 4410 } 4411 } 4412 4413 switch (nstate) { 4414 case IEEE80211_S_INIT: 4415 case IEEE80211_S_SCAN: 4416 if (vap->iv_state == IEEE80211_S_AUTH || 4417 vap->iv_state == IEEE80211_S_ASSOC) { 4418 int myerr; 4419 IWM_UNLOCK(sc); 4420 IEEE80211_LOCK(ic); 4421 myerr = ivp->iv_newstate(vap, nstate, arg); 4422 IEEE80211_UNLOCK(ic); 4423 IWM_LOCK(sc); 4424 error = iwm_mvm_rm_sta(sc, vap, FALSE); 4425 if (error) { 4426 device_printf(sc->sc_dev, 4427 "%s: Failed to remove station: %d\n", 4428 __func__, error); 4429 } 4430 error = iwm_mvm_mac_ctxt_changed(sc, vap); 4431 if (error) { 4432 device_printf(sc->sc_dev, 4433 "%s: Failed to change mac context: %d\n", 4434 __func__, error); 4435 } 4436 error = iwm_mvm_binding_remove_vif(sc, ivp); 4437 if (error) { 4438 device_printf(sc->sc_dev, 4439 "%s: Failed to remove channel ctx: %d\n", 4440 __func__, error); 4441 } 4442 ivp->phy_ctxt = NULL; 4443 IWM_UNLOCK(sc); 4444 IEEE80211_LOCK(ic); 4445 return myerr; 4446 } 4447 break; 4448 4449 case IEEE80211_S_AUTH: 4450 if ((error = iwm_auth(vap, sc)) != 0) { 4451 device_printf(sc->sc_dev, 4452 "%s: could not move to auth state: %d\n", 4453 __func__, error); 4454 break; 4455 } 4456 break; 4457 4458 case IEEE80211_S_ASSOC: 4459 if ((error = iwm_assoc(vap, sc)) != 0) { 4460 device_printf(sc->sc_dev, 4461 "%s: failed to associate: %d\n", __func__, 4462 error); 4463 break; 4464 } 4465 break; 4466 4467 case IEEE80211_S_RUN: 4468 { 4469 struct iwm_host_cmd cmd = { 4470 .id = IWM_LQ_CMD, 4471 .len = { sizeof(in->in_lq), }, 4472 .flags = IWM_CMD_SYNC, 4473 }; 4474 4475 /* Update the association state, now we have it all */ 4476 /* (eg associd comes in at this point */ 4477 error = iwm_assoc(vap, sc); 4478 if (error != 0) { 4479 device_printf(sc->sc_dev, 4480 "%s: failed to update association state: %d\n", 4481 __func__, 4482 error); 4483 break; 4484 } 4485 4486 in = IWM_NODE(vap->iv_bss); 4487 iwm_mvm_enable_beacon_filter(sc, in); 4488 iwm_mvm_power_update_mac(sc); 4489 iwm_mvm_update_quotas(sc, ivp); 4490 iwm_setrates(sc, in); 4491 4492 cmd.data[0] = &in->in_lq; 4493 if ((error = iwm_send_cmd(sc, &cmd)) != 0) { 4494 device_printf(sc->sc_dev, 4495 "%s: IWM_LQ_CMD failed\n", __func__); 4496 } 4497 4498 iwm_mvm_led_enable(sc); 4499 break; 4500 } 4501 4502 default: 4503 break; 4504 } 4505 IWM_UNLOCK(sc); 4506 IEEE80211_LOCK(ic); 4507 4508 return (ivp->iv_newstate(vap, nstate, arg)); 4509} 4510 4511void 4512iwm_endscan_cb(void *arg, int pending) 4513{ 4514 struct iwm_softc *sc = arg; 4515 struct ieee80211com *ic = &sc->sc_ic; 4516 4517 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE, 4518 "%s: scan ended\n", 4519 __func__); 4520 4521 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps)); 4522} 4523 4524/* 4525 * Aging and idle timeouts for the different possible scenarios 4526 * in default configuration 4527 */ 4528static const uint32_t 4529iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4530 { 4531 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF), 4532 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF) 4533 }, 4534 { 4535 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF), 4536 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF) 4537 }, 4538 { 4539 htole32(IWM_SF_MCAST_AGING_TIMER_DEF), 4540 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF) 4541 }, 4542 { 4543 htole32(IWM_SF_BA_AGING_TIMER_DEF), 4544 htole32(IWM_SF_BA_IDLE_TIMER_DEF) 4545 }, 4546 { 4547 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF), 4548 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF) 4549 }, 4550}; 4551 4552/* 4553 * Aging and idle timeouts for the different possible scenarios 4554 * in single BSS MAC configuration. 4555 */ 4556static const uint32_t 4557iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4558 { 4559 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER), 4560 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER) 4561 }, 4562 { 4563 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER), 4564 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER) 4565 }, 4566 { 4567 htole32(IWM_SF_MCAST_AGING_TIMER), 4568 htole32(IWM_SF_MCAST_IDLE_TIMER) 4569 }, 4570 { 4571 htole32(IWM_SF_BA_AGING_TIMER), 4572 htole32(IWM_SF_BA_IDLE_TIMER) 4573 }, 4574 { 4575 htole32(IWM_SF_TX_RE_AGING_TIMER), 4576 htole32(IWM_SF_TX_RE_IDLE_TIMER) 4577 }, 4578}; 4579 4580static void 4581iwm_mvm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd, 4582 struct ieee80211_node *ni) 4583{ 4584 int i, j, watermark; 4585 4586 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN); 4587 4588 /* 4589 * If we are in association flow - check antenna configuration 4590 * capabilities of the AP station, and choose the watermark accordingly. 4591 */ 4592 if (ni) { 4593 if (ni->ni_flags & IEEE80211_NODE_HT) { 4594#ifdef notyet 4595 if (ni->ni_rxmcs[2] != 0) 4596 watermark = IWM_SF_W_MARK_MIMO3; 4597 else if (ni->ni_rxmcs[1] != 0) 4598 watermark = IWM_SF_W_MARK_MIMO2; 4599 else 4600#endif 4601 watermark = IWM_SF_W_MARK_SISO; 4602 } else { 4603 watermark = IWM_SF_W_MARK_LEGACY; 4604 } 4605 /* default watermark value for unassociated mode. */ 4606 } else { 4607 watermark = IWM_SF_W_MARK_MIMO2; 4608 } 4609 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark); 4610 4611 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) { 4612 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) { 4613 sf_cmd->long_delay_timeouts[i][j] = 4614 htole32(IWM_SF_LONG_DELAY_AGING_TIMER); 4615 } 4616 } 4617 4618 if (ni) { 4619 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout, 4620 sizeof(iwm_sf_full_timeout)); 4621 } else { 4622 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def, 4623 sizeof(iwm_sf_full_timeout_def)); 4624 } 4625} 4626 4627static int 4628iwm_mvm_sf_config(struct iwm_softc *sc, enum iwm_sf_state new_state) 4629{ 4630 struct ieee80211com *ic = &sc->sc_ic; 4631 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4632 struct iwm_sf_cfg_cmd sf_cmd = { 4633 .state = htole32(IWM_SF_FULL_ON), 4634 }; 4635 int ret = 0; 4636 4637 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 4638 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF); 4639 4640 switch (new_state) { 4641 case IWM_SF_UNINIT: 4642 case IWM_SF_INIT_OFF: 4643 iwm_mvm_fill_sf_command(sc, &sf_cmd, NULL); 4644 break; 4645 case IWM_SF_FULL_ON: 4646 iwm_mvm_fill_sf_command(sc, &sf_cmd, vap->iv_bss); 4647 break; 4648 default: 4649 IWM_DPRINTF(sc, IWM_DEBUG_PWRSAVE, 4650 "Invalid state: %d. not sending Smart Fifo cmd\n", 4651 new_state); 4652 return EINVAL; 4653 } 4654 4655 ret = iwm_mvm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC, 4656 sizeof(sf_cmd), &sf_cmd); 4657 return ret; 4658} 4659 4660static int 4661iwm_send_bt_init_conf(struct iwm_softc *sc) 4662{ 4663 struct iwm_bt_coex_cmd bt_cmd; 4664 4665 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI); 4666 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET); 4667 4668 return iwm_mvm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd), 4669 &bt_cmd); 4670} 4671 4672static boolean_t 4673iwm_mvm_is_lar_supported(struct iwm_softc *sc) 4674{ 4675 boolean_t nvm_lar = sc->nvm_data->lar_enabled; 4676 boolean_t tlv_lar = fw_has_capa(&sc->ucode_capa, 4677 IWM_UCODE_TLV_CAPA_LAR_SUPPORT); 4678 4679 if (iwm_lar_disable) 4680 return FALSE; 4681 4682 /* 4683 * Enable LAR only if it is supported by the FW (TLV) && 4684 * enabled in the NVM 4685 */ 4686 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 4687 return nvm_lar && tlv_lar; 4688 else 4689 return tlv_lar; 4690} 4691 4692static boolean_t 4693iwm_mvm_is_wifi_mcc_supported(struct iwm_softc *sc) 4694{ 4695 return fw_has_api(&sc->ucode_capa, 4696 IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) || 4697 fw_has_capa(&sc->ucode_capa, 4698 IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC); 4699} 4700 4701static int 4702iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2) 4703{ 4704 struct iwm_mcc_update_cmd mcc_cmd; 4705 struct iwm_host_cmd hcmd = { 4706 .id = IWM_MCC_UPDATE_CMD, 4707 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB), 4708 .data = { &mcc_cmd }, 4709 }; 4710 int ret; 4711#ifdef IWM_DEBUG 4712 struct iwm_rx_packet *pkt; 4713 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL; 4714 struct iwm_mcc_update_resp *mcc_resp; 4715 int n_channels; 4716 uint16_t mcc; 4717#endif 4718 int resp_v2 = fw_has_capa(&sc->ucode_capa, 4719 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2); 4720 4721 if (!iwm_mvm_is_lar_supported(sc)) { 4722 IWM_DPRINTF(sc, IWM_DEBUG_LAR, "%s: no LAR support\n", 4723 __func__); 4724 return 0; 4725 } 4726 4727 memset(&mcc_cmd, 0, sizeof(mcc_cmd)); 4728 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]); 4729 if (iwm_mvm_is_wifi_mcc_supported(sc)) 4730 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT; 4731 else 4732 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW; 4733 4734 if (resp_v2) 4735 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd); 4736 else 4737 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1); 4738 4739 IWM_DPRINTF(sc, IWM_DEBUG_LAR, 4740 "send MCC update to FW with '%c%c' src = %d\n", 4741 alpha2[0], alpha2[1], mcc_cmd.source_id); 4742 4743 ret = iwm_send_cmd(sc, &hcmd); 4744 if (ret) 4745 return ret; 4746 4747#ifdef IWM_DEBUG 4748 pkt = hcmd.resp_pkt; 4749 4750 /* Extract MCC response */ 4751 if (resp_v2) { 4752 mcc_resp = (void *)pkt->data; 4753 mcc = mcc_resp->mcc; 4754 n_channels = le32toh(mcc_resp->n_channels); 4755 } else { 4756 mcc_resp_v1 = (void *)pkt->data; 4757 mcc = mcc_resp_v1->mcc; 4758 n_channels = le32toh(mcc_resp_v1->n_channels); 4759 } 4760 4761 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */ 4762 if (mcc == 0) 4763 mcc = 0x3030; /* "00" - world */ 4764 4765 IWM_DPRINTF(sc, IWM_DEBUG_LAR, 4766 "regulatory domain '%c%c' (%d channels available)\n", 4767 mcc >> 8, mcc & 0xff, n_channels); 4768#endif 4769 iwm_free_resp(sc, &hcmd); 4770 4771 return 0; 4772} 4773 4774static void 4775iwm_mvm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff) 4776{ 4777 struct iwm_host_cmd cmd = { 4778 .id = IWM_REPLY_THERMAL_MNG_BACKOFF, 4779 .len = { sizeof(uint32_t), }, 4780 .data = { &backoff, }, 4781 }; 4782 4783 if (iwm_send_cmd(sc, &cmd) != 0) { 4784 device_printf(sc->sc_dev, 4785 "failed to change thermal tx backoff\n"); 4786 } 4787} 4788 4789static int 4790iwm_init_hw(struct iwm_softc *sc) 4791{ 4792 struct ieee80211com *ic = &sc->sc_ic; 4793 int error, i, ac; 4794 4795 if ((error = iwm_start_hw(sc)) != 0) { 4796 printf("iwm_start_hw: failed %d\n", error); 4797 return error; 4798 } 4799 4800 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) { 4801 printf("iwm_run_init_mvm_ucode: failed %d\n", error); 4802 return error; 4803 } 4804 4805 /* 4806 * should stop and start HW since that INIT 4807 * image just loaded 4808 */ 4809 iwm_stop_device(sc); 4810 sc->sc_ps_disabled = FALSE; 4811 if ((error = iwm_start_hw(sc)) != 0) { 4812 device_printf(sc->sc_dev, "could not initialize hardware\n"); 4813 return error; 4814 } 4815 4816 /* omstart, this time with the regular firmware */ 4817 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_REGULAR); 4818 if (error) { 4819 device_printf(sc->sc_dev, "could not load firmware\n"); 4820 goto error; 4821 } 4822 4823 if ((error = iwm_send_bt_init_conf(sc)) != 0) { 4824 device_printf(sc->sc_dev, "bt init conf failed\n"); 4825 goto error; 4826 } 4827 4828 error = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc)); 4829 if (error != 0) { 4830 device_printf(sc->sc_dev, "antenna config failed\n"); 4831 goto error; 4832 } 4833 4834 /* Send phy db control command and then phy db calibration */ 4835 if ((error = iwm_send_phy_db_data(sc->sc_phy_db)) != 0) 4836 goto error; 4837 4838 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) { 4839 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n"); 4840 goto error; 4841 } 4842 4843 /* Add auxiliary station for scanning */ 4844 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) { 4845 device_printf(sc->sc_dev, "add_aux_sta failed\n"); 4846 goto error; 4847 } 4848 4849 for (i = 0; i < IWM_NUM_PHY_CTX; i++) { 4850 /* 4851 * The channel used here isn't relevant as it's 4852 * going to be overwritten in the other flows. 4853 * For now use the first channel we have. 4854 */ 4855 if ((error = iwm_mvm_phy_ctxt_add(sc, 4856 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0) 4857 goto error; 4858 } 4859 4860 /* Initialize tx backoffs to the minimum. */ 4861 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 4862 iwm_mvm_tt_tx_backoff(sc, 0); 4863 4864 error = iwm_mvm_power_update_device(sc); 4865 if (error) 4866 goto error; 4867 4868 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0) 4869 goto error; 4870 4871 if (fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) { 4872 if ((error = iwm_mvm_config_umac_scan(sc)) != 0) 4873 goto error; 4874 } 4875 4876 /* Enable Tx queues. */ 4877 for (ac = 0; ac < WME_NUM_AC; ac++) { 4878 error = iwm_enable_txq(sc, IWM_STATION_ID, ac, 4879 iwm_mvm_ac_to_tx_fifo[ac]); 4880 if (error) 4881 goto error; 4882 } 4883 4884 if ((error = iwm_mvm_disable_beacon_filter(sc)) != 0) { 4885 device_printf(sc->sc_dev, "failed to disable beacon filter\n"); 4886 goto error; 4887 } 4888 4889 return 0; 4890 4891 error: 4892 iwm_stop_device(sc); 4893 return error; 4894} 4895 4896/* Allow multicast from our BSSID. */ 4897static int 4898iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc) 4899{ 4900 struct ieee80211_node *ni = vap->iv_bss; 4901 struct iwm_mcast_filter_cmd *cmd; 4902 size_t size; 4903 int error; 4904 4905 size = roundup(sizeof(*cmd), 4); 4906 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO); 4907 if (cmd == NULL) 4908 return ENOMEM; 4909 cmd->filter_own = 1; 4910 cmd->port_id = 0; 4911 cmd->count = 0; 4912 cmd->pass_all = 1; 4913 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid); 4914 4915 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD, 4916 IWM_CMD_SYNC, size, cmd); 4917 free(cmd, M_DEVBUF); 4918 4919 return (error); 4920} 4921 4922/* 4923 * ifnet interfaces 4924 */ 4925 4926static void 4927iwm_init(struct iwm_softc *sc) 4928{ 4929 int error; 4930 4931 if (sc->sc_flags & IWM_FLAG_HW_INITED) { 4932 return; 4933 } 4934 sc->sc_generation++; 4935 sc->sc_flags &= ~IWM_FLAG_STOPPED; 4936 4937 if ((error = iwm_init_hw(sc)) != 0) { 4938 printf("iwm_init_hw failed %d\n", error); 4939 iwm_stop(sc); 4940 return; 4941 } 4942 4943 /* 4944 * Ok, firmware loaded and we are jogging 4945 */ 4946 sc->sc_flags |= IWM_FLAG_HW_INITED; 4947 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 4948} 4949 4950static int 4951iwm_transmit(struct ieee80211com *ic, struct mbuf *m) 4952{ 4953 struct iwm_softc *sc; 4954 int error; 4955 4956 sc = ic->ic_softc; 4957 4958 IWM_LOCK(sc); 4959 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 4960 IWM_UNLOCK(sc); 4961 return (ENXIO); 4962 } 4963 error = mbufq_enqueue(&sc->sc_snd, m); 4964 if (error) { 4965 IWM_UNLOCK(sc); 4966 return (error); 4967 } 4968 iwm_start(sc); 4969 IWM_UNLOCK(sc); 4970 return (0); 4971} 4972 4973/* 4974 * Dequeue packets from sendq and call send. 4975 */ 4976static void 4977iwm_start(struct iwm_softc *sc) 4978{ 4979 struct ieee80211_node *ni; 4980 struct mbuf *m; 4981 int ac = 0; 4982 4983 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__); 4984 while (sc->qfullmsk == 0 && 4985 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 4986 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 4987 if (iwm_tx(sc, m, ni, ac) != 0) { 4988 if_inc_counter(ni->ni_vap->iv_ifp, 4989 IFCOUNTER_OERRORS, 1); 4990 ieee80211_free_node(ni); 4991 continue; 4992 } 4993 sc->sc_tx_timer = 15; 4994 } 4995 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__); 4996} 4997 4998static void 4999iwm_stop(struct iwm_softc *sc) 5000{ 5001 5002 sc->sc_flags &= ~IWM_FLAG_HW_INITED; 5003 sc->sc_flags |= IWM_FLAG_STOPPED; 5004 sc->sc_generation++; 5005 iwm_led_blink_stop(sc); 5006 sc->sc_tx_timer = 0; 5007 iwm_stop_device(sc); 5008 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 5009} 5010 5011static void 5012iwm_watchdog(void *arg) 5013{ 5014 struct iwm_softc *sc = arg; 5015 struct ieee80211com *ic = &sc->sc_ic; 5016 5017 if (sc->sc_tx_timer > 0) { 5018 if (--sc->sc_tx_timer == 0) { 5019 device_printf(sc->sc_dev, "device timeout\n"); 5020#ifdef IWM_DEBUG 5021 iwm_nic_error(sc); 5022#endif 5023 ieee80211_restart_all(ic); 5024 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 5025 return; 5026 } 5027 } 5028 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 5029} 5030 5031static void 5032iwm_parent(struct ieee80211com *ic) 5033{ 5034 struct iwm_softc *sc = ic->ic_softc; 5035 int startall = 0; 5036 5037 IWM_LOCK(sc); 5038 if (ic->ic_nrunning > 0) { 5039 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) { 5040 iwm_init(sc); 5041 startall = 1; 5042 } 5043 } else if (sc->sc_flags & IWM_FLAG_HW_INITED) 5044 iwm_stop(sc); 5045 IWM_UNLOCK(sc); 5046 if (startall) 5047 ieee80211_start_all(ic); 5048} 5049 5050/* 5051 * The interrupt side of things 5052 */ 5053 5054/* 5055 * error dumping routines are from iwlwifi/mvm/utils.c 5056 */ 5057 5058/* 5059 * Note: This structure is read from the device with IO accesses, 5060 * and the reading already does the endian conversion. As it is 5061 * read with uint32_t-sized accesses, any members with a different size 5062 * need to be ordered correctly though! 5063 */ 5064struct iwm_error_event_table { 5065 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 5066 uint32_t error_id; /* type of error */ 5067 uint32_t trm_hw_status0; /* TRM HW status */ 5068 uint32_t trm_hw_status1; /* TRM HW status */ 5069 uint32_t blink2; /* branch link */ 5070 uint32_t ilink1; /* interrupt link */ 5071 uint32_t ilink2; /* interrupt link */ 5072 uint32_t data1; /* error-specific data */ 5073 uint32_t data2; /* error-specific data */ 5074 uint32_t data3; /* error-specific data */ 5075 uint32_t bcon_time; /* beacon timer */ 5076 uint32_t tsf_low; /* network timestamp function timer */ 5077 uint32_t tsf_hi; /* network timestamp function timer */ 5078 uint32_t gp1; /* GP1 timer register */ 5079 uint32_t gp2; /* GP2 timer register */ 5080 uint32_t fw_rev_type; /* firmware revision type */ 5081 uint32_t major; /* uCode version major */ 5082 uint32_t minor; /* uCode version minor */ 5083 uint32_t hw_ver; /* HW Silicon version */ 5084 uint32_t brd_ver; /* HW board version */ 5085 uint32_t log_pc; /* log program counter */ 5086 uint32_t frame_ptr; /* frame pointer */ 5087 uint32_t stack_ptr; /* stack pointer */ 5088 uint32_t hcmd; /* last host command header */ 5089 uint32_t isr0; /* isr status register LMPM_NIC_ISR0: 5090 * rxtx_flag */ 5091 uint32_t isr1; /* isr status register LMPM_NIC_ISR1: 5092 * host_flag */ 5093 uint32_t isr2; /* isr status register LMPM_NIC_ISR2: 5094 * enc_flag */ 5095 uint32_t isr3; /* isr status register LMPM_NIC_ISR3: 5096 * time_flag */ 5097 uint32_t isr4; /* isr status register LMPM_NIC_ISR4: 5098 * wico interrupt */ 5099 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */ 5100 uint32_t wait_event; /* wait event() caller address */ 5101 uint32_t l2p_control; /* L2pControlField */ 5102 uint32_t l2p_duration; /* L2pDurationField */ 5103 uint32_t l2p_mhvalid; /* L2pMhValidBits */ 5104 uint32_t l2p_addr_match; /* L2pAddrMatchStat */ 5105 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on 5106 * (LMPM_PMG_SEL) */ 5107 uint32_t u_timestamp; /* indicate when the date and time of the 5108 * compilation */ 5109 uint32_t flow_handler; /* FH read/write pointers, RX credit */ 5110} __packed /* LOG_ERROR_TABLE_API_S_VER_3 */; 5111 5112/* 5113 * UMAC error struct - relevant starting from family 8000 chip. 5114 * Note: This structure is read from the device with IO accesses, 5115 * and the reading already does the endian conversion. As it is 5116 * read with u32-sized accesses, any members with a different size 5117 * need to be ordered correctly though! 5118 */ 5119struct iwm_umac_error_event_table { 5120 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 5121 uint32_t error_id; /* type of error */ 5122 uint32_t blink1; /* branch link */ 5123 uint32_t blink2; /* branch link */ 5124 uint32_t ilink1; /* interrupt link */ 5125 uint32_t ilink2; /* interrupt link */ 5126 uint32_t data1; /* error-specific data */ 5127 uint32_t data2; /* error-specific data */ 5128 uint32_t data3; /* error-specific data */ 5129 uint32_t umac_major; 5130 uint32_t umac_minor; 5131 uint32_t frame_pointer; /* core register 27*/ 5132 uint32_t stack_pointer; /* core register 28 */ 5133 uint32_t cmd_header; /* latest host cmd sent to UMAC */ 5134 uint32_t nic_isr_pref; /* ISR status register */ 5135} __packed; 5136 5137#define ERROR_START_OFFSET (1 * sizeof(uint32_t)) 5138#define ERROR_ELEM_SIZE (7 * sizeof(uint32_t)) 5139 5140#ifdef IWM_DEBUG 5141struct { 5142 const char *name; 5143 uint8_t num; 5144} advanced_lookup[] = { 5145 { "NMI_INTERRUPT_WDG", 0x34 }, 5146 { "SYSASSERT", 0x35 }, 5147 { "UCODE_VERSION_MISMATCH", 0x37 }, 5148 { "BAD_COMMAND", 0x38 }, 5149 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C }, 5150 { "FATAL_ERROR", 0x3D }, 5151 { "NMI_TRM_HW_ERR", 0x46 }, 5152 { "NMI_INTERRUPT_TRM", 0x4C }, 5153 { "NMI_INTERRUPT_BREAK_POINT", 0x54 }, 5154 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C }, 5155 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 }, 5156 { "NMI_INTERRUPT_HOST", 0x66 }, 5157 { "NMI_INTERRUPT_ACTION_PT", 0x7C }, 5158 { "NMI_INTERRUPT_UNKNOWN", 0x84 }, 5159 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 }, 5160 { "ADVANCED_SYSASSERT", 0 }, 5161}; 5162 5163static const char * 5164iwm_desc_lookup(uint32_t num) 5165{ 5166 int i; 5167 5168 for (i = 0; i < nitems(advanced_lookup) - 1; i++) 5169 if (advanced_lookup[i].num == num) 5170 return advanced_lookup[i].name; 5171 5172 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */ 5173 return advanced_lookup[i].name; 5174} 5175 5176static void 5177iwm_nic_umac_error(struct iwm_softc *sc) 5178{ 5179 struct iwm_umac_error_event_table table; 5180 uint32_t base; 5181 5182 base = sc->umac_error_event_table; 5183 5184 if (base < 0x800000) { 5185 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n", 5186 base); 5187 return; 5188 } 5189 5190 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 5191 device_printf(sc->sc_dev, "reading errlog failed\n"); 5192 return; 5193 } 5194 5195 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 5196 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n"); 5197 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 5198 sc->sc_flags, table.valid); 5199 } 5200 5201 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id, 5202 iwm_desc_lookup(table.error_id)); 5203 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1); 5204 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2); 5205 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n", 5206 table.ilink1); 5207 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n", 5208 table.ilink2); 5209 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1); 5210 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2); 5211 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3); 5212 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major); 5213 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor); 5214 device_printf(sc->sc_dev, "0x%08X | frame pointer\n", 5215 table.frame_pointer); 5216 device_printf(sc->sc_dev, "0x%08X | stack pointer\n", 5217 table.stack_pointer); 5218 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header); 5219 device_printf(sc->sc_dev, "0x%08X | isr status reg\n", 5220 table.nic_isr_pref); 5221} 5222 5223/* 5224 * Support for dumping the error log seemed like a good idea ... 5225 * but it's mostly hex junk and the only sensible thing is the 5226 * hw/ucode revision (which we know anyway). Since it's here, 5227 * I'll just leave it in, just in case e.g. the Intel guys want to 5228 * help us decipher some "ADVANCED_SYSASSERT" later. 5229 */ 5230static void 5231iwm_nic_error(struct iwm_softc *sc) 5232{ 5233 struct iwm_error_event_table table; 5234 uint32_t base; 5235 5236 device_printf(sc->sc_dev, "dumping device error log\n"); 5237 base = sc->error_event_table; 5238 if (base < 0x800000) { 5239 device_printf(sc->sc_dev, 5240 "Invalid error log pointer 0x%08x\n", base); 5241 return; 5242 } 5243 5244 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 5245 device_printf(sc->sc_dev, "reading errlog failed\n"); 5246 return; 5247 } 5248 5249 if (!table.valid) { 5250 device_printf(sc->sc_dev, "errlog not found, skipping\n"); 5251 return; 5252 } 5253 5254 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 5255 device_printf(sc->sc_dev, "Start Error Log Dump:\n"); 5256 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 5257 sc->sc_flags, table.valid); 5258 } 5259 5260 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id, 5261 iwm_desc_lookup(table.error_id)); 5262 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n", 5263 table.trm_hw_status0); 5264 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n", 5265 table.trm_hw_status1); 5266 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2); 5267 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1); 5268 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2); 5269 device_printf(sc->sc_dev, "%08X | data1\n", table.data1); 5270 device_printf(sc->sc_dev, "%08X | data2\n", table.data2); 5271 device_printf(sc->sc_dev, "%08X | data3\n", table.data3); 5272 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time); 5273 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low); 5274 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi); 5275 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1); 5276 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2); 5277 device_printf(sc->sc_dev, "%08X | uCode revision type\n", 5278 table.fw_rev_type); 5279 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major); 5280 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor); 5281 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver); 5282 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver); 5283 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd); 5284 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0); 5285 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1); 5286 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2); 5287 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3); 5288 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4); 5289 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id); 5290 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event); 5291 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control); 5292 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration); 5293 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid); 5294 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match); 5295 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel); 5296 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp); 5297 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler); 5298 5299 if (sc->umac_error_event_table) 5300 iwm_nic_umac_error(sc); 5301} 5302#endif 5303 5304static void 5305iwm_handle_rxb(struct iwm_softc *sc, struct mbuf *m) 5306{ 5307 struct ieee80211com *ic = &sc->sc_ic; 5308 struct iwm_cmd_response *cresp; 5309 struct mbuf *m1; 5310 uint32_t offset = 0; 5311 uint32_t maxoff = IWM_RBUF_SIZE; 5312 uint32_t nextoff; 5313 boolean_t stolen = FALSE; 5314 5315#define HAVEROOM(a) \ 5316 ((a) + sizeof(uint32_t) + sizeof(struct iwm_cmd_header) < maxoff) 5317 5318 while (HAVEROOM(offset)) { 5319 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *, 5320 offset); 5321 int qid, idx, code, len; 5322 5323 qid = pkt->hdr.qid; 5324 idx = pkt->hdr.idx; 5325 5326 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code); 5327 5328 /* 5329 * randomly get these from the firmware, no idea why. 5330 * they at least seem harmless, so just ignore them for now 5331 */ 5332 if ((pkt->hdr.code == 0 && (qid & ~0x80) == 0 && idx == 0) || 5333 pkt->len_n_flags == htole32(IWM_FH_RSCSR_FRAME_INVALID)) { 5334 break; 5335 } 5336 5337 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5338 "rx packet qid=%d idx=%d type=%x\n", 5339 qid & ~0x80, pkt->hdr.idx, code); 5340 5341 len = le32toh(pkt->len_n_flags) & IWM_FH_RSCSR_FRAME_SIZE_MSK; 5342 len += sizeof(uint32_t); /* account for status word */ 5343 nextoff = offset + roundup2(len, IWM_FH_RSCSR_FRAME_ALIGN); 5344 5345 iwm_notification_wait_notify(sc->sc_notif_wait, code, pkt); 5346 5347 switch (code) { 5348 case IWM_REPLY_RX_PHY_CMD: 5349 iwm_mvm_rx_rx_phy_cmd(sc, pkt); 5350 break; 5351 5352 case IWM_REPLY_RX_MPDU_CMD: { 5353 /* 5354 * If this is the last frame in the RX buffer, we 5355 * can directly feed the mbuf to the sharks here. 5356 */ 5357 struct iwm_rx_packet *nextpkt = mtodoff(m, 5358 struct iwm_rx_packet *, nextoff); 5359 if (!HAVEROOM(nextoff) || 5360 (nextpkt->hdr.code == 0 && 5361 (nextpkt->hdr.qid & ~0x80) == 0 && 5362 nextpkt->hdr.idx == 0) || 5363 (nextpkt->len_n_flags == 5364 htole32(IWM_FH_RSCSR_FRAME_INVALID))) { 5365 if (iwm_mvm_rx_rx_mpdu(sc, m, offset, stolen)) { 5366 stolen = FALSE; 5367 /* Make sure we abort the loop */ 5368 nextoff = maxoff; 5369 } 5370 break; 5371 } 5372 5373 /* 5374 * Use m_copym instead of m_split, because that 5375 * makes it easier to keep a valid rx buffer in 5376 * the ring, when iwm_mvm_rx_rx_mpdu() fails. 5377 * 5378 * We need to start m_copym() at offset 0, to get the 5379 * M_PKTHDR flag preserved. 5380 */ 5381 m1 = m_copym(m, 0, M_COPYALL, M_NOWAIT); 5382 if (m1) { 5383 if (iwm_mvm_rx_rx_mpdu(sc, m1, offset, stolen)) 5384 stolen = TRUE; 5385 else 5386 m_freem(m1); 5387 } 5388 break; 5389 } 5390 5391 case IWM_TX_CMD: 5392 iwm_mvm_rx_tx_cmd(sc, pkt); 5393 break; 5394 5395 case IWM_MISSED_BEACONS_NOTIFICATION: { 5396 struct iwm_missed_beacons_notif *resp; 5397 int missed; 5398 5399 /* XXX look at mac_id to determine interface ID */ 5400 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5401 5402 resp = (void *)pkt->data; 5403 missed = le32toh(resp->consec_missed_beacons); 5404 5405 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE, 5406 "%s: MISSED_BEACON: mac_id=%d, " 5407 "consec_since_last_rx=%d, consec=%d, num_expect=%d " 5408 "num_rx=%d\n", 5409 __func__, 5410 le32toh(resp->mac_id), 5411 le32toh(resp->consec_missed_beacons_since_last_rx), 5412 le32toh(resp->consec_missed_beacons), 5413 le32toh(resp->num_expected_beacons), 5414 le32toh(resp->num_recvd_beacons)); 5415 5416 /* Be paranoid */ 5417 if (vap == NULL) 5418 break; 5419 5420 /* XXX no net80211 locking? */ 5421 if (vap->iv_state == IEEE80211_S_RUN && 5422 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 5423 if (missed > vap->iv_bmissthreshold) { 5424 /* XXX bad locking; turn into task */ 5425 IWM_UNLOCK(sc); 5426 ieee80211_beacon_miss(ic); 5427 IWM_LOCK(sc); 5428 } 5429 } 5430 5431 break; 5432 } 5433 5434 case IWM_MFUART_LOAD_NOTIFICATION: 5435 break; 5436 5437 case IWM_MVM_ALIVE: 5438 break; 5439 5440 case IWM_CALIB_RES_NOTIF_PHY_DB: 5441 break; 5442 5443 case IWM_STATISTICS_NOTIFICATION: { 5444 struct iwm_notif_statistics *stats; 5445 stats = (void *)pkt->data; 5446 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats)); 5447 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general); 5448 break; 5449 } 5450 5451 case IWM_NVM_ACCESS_CMD: 5452 case IWM_MCC_UPDATE_CMD: 5453 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) { 5454 memcpy(sc->sc_cmd_resp, 5455 pkt, sizeof(sc->sc_cmd_resp)); 5456 } 5457 break; 5458 5459 case IWM_MCC_CHUB_UPDATE_CMD: { 5460 struct iwm_mcc_chub_notif *notif; 5461 notif = (void *)pkt->data; 5462 5463 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8; 5464 sc->sc_fw_mcc[1] = notif->mcc & 0xff; 5465 sc->sc_fw_mcc[2] = '\0'; 5466 IWM_DPRINTF(sc, IWM_DEBUG_LAR, 5467 "fw source %d sent CC '%s'\n", 5468 notif->source_id, sc->sc_fw_mcc); 5469 break; 5470 } 5471 5472 case IWM_DTS_MEASUREMENT_NOTIFICATION: 5473 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP, 5474 IWM_DTS_MEASUREMENT_NOTIF_WIDE): { 5475 struct iwm_dts_measurement_notif_v1 *notif; 5476 5477 if (iwm_rx_packet_payload_len(pkt) < sizeof(*notif)) { 5478 device_printf(sc->sc_dev, 5479 "Invalid DTS_MEASUREMENT_NOTIFICATION\n"); 5480 break; 5481 } 5482 notif = (void *)pkt->data; 5483 IWM_DPRINTF(sc, IWM_DEBUG_TEMP, 5484 "IWM_DTS_MEASUREMENT_NOTIFICATION - %d\n", 5485 notif->temp); 5486 break; 5487 } 5488 5489 case IWM_PHY_CONFIGURATION_CMD: 5490 case IWM_TX_ANT_CONFIGURATION_CMD: 5491 case IWM_ADD_STA: 5492 case IWM_MAC_CONTEXT_CMD: 5493 case IWM_REPLY_SF_CFG_CMD: 5494 case IWM_POWER_TABLE_CMD: 5495 case IWM_PHY_CONTEXT_CMD: 5496 case IWM_BINDING_CONTEXT_CMD: 5497 case IWM_TIME_EVENT_CMD: 5498 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD): 5499 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC): 5500 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_ABORT_UMAC): 5501 case IWM_SCAN_OFFLOAD_REQUEST_CMD: 5502 case IWM_SCAN_OFFLOAD_ABORT_CMD: 5503 case IWM_REPLY_BEACON_FILTERING_CMD: 5504 case IWM_MAC_PM_POWER_TABLE: 5505 case IWM_TIME_QUOTA_CMD: 5506 case IWM_REMOVE_STA: 5507 case IWM_TXPATH_FLUSH: 5508 case IWM_LQ_CMD: 5509 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, 5510 IWM_FW_PAGING_BLOCK_CMD): 5511 case IWM_BT_CONFIG: 5512 case IWM_REPLY_THERMAL_MNG_BACKOFF: 5513 cresp = (void *)pkt->data; 5514 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) { 5515 memcpy(sc->sc_cmd_resp, 5516 pkt, sizeof(*pkt)+sizeof(*cresp)); 5517 } 5518 break; 5519 5520 /* ignore */ 5521 case IWM_PHY_DB_CMD: 5522 break; 5523 5524 case IWM_INIT_COMPLETE_NOTIF: 5525 break; 5526 5527 case IWM_SCAN_OFFLOAD_COMPLETE: { 5528 struct iwm_periodic_scan_complete *notif; 5529 notif = (void *)pkt->data; 5530 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 5531 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 5532 ieee80211_runtask(ic, &sc->sc_es_task); 5533 } 5534 break; 5535 } 5536 5537 case IWM_SCAN_ITERATION_COMPLETE: { 5538 struct iwm_lmac_scan_complete_notif *notif; 5539 notif = (void *)pkt->data; 5540 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5541 break; 5542 } 5543 5544 case IWM_SCAN_COMPLETE_UMAC: { 5545 struct iwm_umac_scan_complete *notif; 5546 notif = (void *)pkt->data; 5547 5548 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 5549 "UMAC scan complete, status=0x%x\n", 5550 notif->status); 5551 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 5552 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 5553 ieee80211_runtask(ic, &sc->sc_es_task); 5554 } 5555 break; 5556 } 5557 5558 case IWM_SCAN_ITERATION_COMPLETE_UMAC: { 5559 struct iwm_umac_scan_iter_complete_notif *notif; 5560 notif = (void *)pkt->data; 5561 5562 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration " 5563 "complete, status=0x%x, %d channels scanned\n", 5564 notif->status, notif->scanned_channels); 5565 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5566 break; 5567 } 5568 5569 case IWM_REPLY_ERROR: { 5570 struct iwm_error_resp *resp; 5571 resp = (void *)pkt->data; 5572 5573 device_printf(sc->sc_dev, 5574 "firmware error 0x%x, cmd 0x%x\n", 5575 le32toh(resp->error_type), 5576 resp->cmd_id); 5577 break; 5578 } 5579 5580 case IWM_TIME_EVENT_NOTIFICATION: { 5581 struct iwm_time_event_notif *notif; 5582 notif = (void *)pkt->data; 5583 5584 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5585 "TE notif status = 0x%x action = 0x%x\n", 5586 notif->status, notif->action); 5587 break; 5588 } 5589 5590 case IWM_MCAST_FILTER_CMD: 5591 break; 5592 5593 case IWM_SCD_QUEUE_CFG: { 5594 struct iwm_scd_txq_cfg_rsp *rsp; 5595 rsp = (void *)pkt->data; 5596 5597 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 5598 "queue cfg token=0x%x sta_id=%d " 5599 "tid=%d scd_queue=%d\n", 5600 rsp->token, rsp->sta_id, rsp->tid, 5601 rsp->scd_queue); 5602 break; 5603 } 5604 5605 default: 5606 device_printf(sc->sc_dev, 5607 "frame %d/%d %x UNHANDLED (this should " 5608 "not happen)\n", qid & ~0x80, idx, 5609 pkt->len_n_flags); 5610 break; 5611 } 5612 5613 /* 5614 * Why test bit 0x80? The Linux driver: 5615 * 5616 * There is one exception: uCode sets bit 15 when it 5617 * originates the response/notification, i.e. when the 5618 * response/notification is not a direct response to a 5619 * command sent by the driver. For example, uCode issues 5620 * IWM_REPLY_RX when it sends a received frame to the driver; 5621 * it is not a direct response to any driver command. 5622 * 5623 * Ok, so since when is 7 == 15? Well, the Linux driver 5624 * uses a slightly different format for pkt->hdr, and "qid" 5625 * is actually the upper byte of a two-byte field. 5626 */ 5627 if (!(qid & (1 << 7))) 5628 iwm_cmd_done(sc, pkt); 5629 5630 offset = nextoff; 5631 } 5632 if (stolen) 5633 m_freem(m); 5634#undef HAVEROOM 5635} 5636 5637/* 5638 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt. 5639 * Basic structure from if_iwn 5640 */ 5641static void 5642iwm_notif_intr(struct iwm_softc *sc) 5643{ 5644 uint16_t hw; 5645 5646 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map, 5647 BUS_DMASYNC_POSTREAD); 5648 5649 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff; 5650 5651 /* 5652 * Process responses 5653 */ 5654 while (sc->rxq.cur != hw) { 5655 struct iwm_rx_ring *ring = &sc->rxq; 5656 struct iwm_rx_data *data = &ring->data[ring->cur]; 5657 5658 bus_dmamap_sync(ring->data_dmat, data->map, 5659 BUS_DMASYNC_POSTREAD); 5660 5661 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5662 "%s: hw = %d cur = %d\n", __func__, hw, ring->cur); 5663 iwm_handle_rxb(sc, data->m); 5664 5665 ring->cur = (ring->cur + 1) % IWM_RX_RING_COUNT; 5666 } 5667 5668 /* 5669 * Tell the firmware that it can reuse the ring entries that 5670 * we have just processed. 5671 * Seems like the hardware gets upset unless we align 5672 * the write by 8?? 5673 */ 5674 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1; 5675 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, rounddown2(hw, 8)); 5676} 5677 5678static void 5679iwm_intr(void *arg) 5680{ 5681 struct iwm_softc *sc = arg; 5682 int handled = 0; 5683 int r1, r2, rv = 0; 5684 int isperiodic = 0; 5685 5686 IWM_LOCK(sc); 5687 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 5688 5689 if (sc->sc_flags & IWM_FLAG_USE_ICT) { 5690 uint32_t *ict = sc->ict_dma.vaddr; 5691 int tmp; 5692 5693 tmp = htole32(ict[sc->ict_cur]); 5694 if (!tmp) 5695 goto out_ena; 5696 5697 /* 5698 * ok, there was something. keep plowing until we have all. 5699 */ 5700 r1 = r2 = 0; 5701 while (tmp) { 5702 r1 |= tmp; 5703 ict[sc->ict_cur] = 0; 5704 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT; 5705 tmp = htole32(ict[sc->ict_cur]); 5706 } 5707 5708 /* this is where the fun begins. don't ask */ 5709 if (r1 == 0xffffffff) 5710 r1 = 0; 5711 5712 /* i am not expected to understand this */ 5713 if (r1 & 0xc0000) 5714 r1 |= 0x8000; 5715 r1 = (0xff & r1) | ((0xff00 & r1) << 16); 5716 } else { 5717 r1 = IWM_READ(sc, IWM_CSR_INT); 5718 /* "hardware gone" (where, fishing?) */ 5719 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 5720 goto out; 5721 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS); 5722 } 5723 if (r1 == 0 && r2 == 0) { 5724 goto out_ena; 5725 } 5726 5727 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask); 5728 5729 /* Safely ignore these bits for debug checks below */ 5730 r1 &= ~(IWM_CSR_INT_BIT_ALIVE | IWM_CSR_INT_BIT_SCD); 5731 5732 if (r1 & IWM_CSR_INT_BIT_SW_ERR) { 5733 int i; 5734 struct ieee80211com *ic = &sc->sc_ic; 5735 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5736 5737#ifdef IWM_DEBUG 5738 iwm_nic_error(sc); 5739#endif 5740 /* Dump driver status (TX and RX rings) while we're here. */ 5741 device_printf(sc->sc_dev, "driver status:\n"); 5742 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) { 5743 struct iwm_tx_ring *ring = &sc->txq[i]; 5744 device_printf(sc->sc_dev, 5745 " tx ring %2d: qid=%-2d cur=%-3d " 5746 "queued=%-3d\n", 5747 i, ring->qid, ring->cur, ring->queued); 5748 } 5749 device_printf(sc->sc_dev, 5750 " rx ring: cur=%d\n", sc->rxq.cur); 5751 device_printf(sc->sc_dev, 5752 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state); 5753 5754 /* Don't stop the device; just do a VAP restart */ 5755 IWM_UNLOCK(sc); 5756 5757 if (vap == NULL) { 5758 printf("%s: null vap\n", __func__); 5759 return; 5760 } 5761 5762 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; " 5763 "restarting\n", __func__, vap->iv_state); 5764 5765 ieee80211_restart_all(ic); 5766 return; 5767 } 5768 5769 if (r1 & IWM_CSR_INT_BIT_HW_ERR) { 5770 handled |= IWM_CSR_INT_BIT_HW_ERR; 5771 device_printf(sc->sc_dev, "hardware error, stopping device\n"); 5772 iwm_stop(sc); 5773 rv = 1; 5774 goto out; 5775 } 5776 5777 /* firmware chunk loaded */ 5778 if (r1 & IWM_CSR_INT_BIT_FH_TX) { 5779 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK); 5780 handled |= IWM_CSR_INT_BIT_FH_TX; 5781 sc->sc_fw_chunk_done = 1; 5782 wakeup(&sc->sc_fw); 5783 } 5784 5785 if (r1 & IWM_CSR_INT_BIT_RF_KILL) { 5786 handled |= IWM_CSR_INT_BIT_RF_KILL; 5787 if (iwm_check_rfkill(sc)) { 5788 device_printf(sc->sc_dev, 5789 "%s: rfkill switch, disabling interface\n", 5790 __func__); 5791 iwm_stop(sc); 5792 } 5793 } 5794 5795 /* 5796 * The Linux driver uses periodic interrupts to avoid races. 5797 * We cargo-cult like it's going out of fashion. 5798 */ 5799 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) { 5800 handled |= IWM_CSR_INT_BIT_RX_PERIODIC; 5801 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC); 5802 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0) 5803 IWM_WRITE_1(sc, 5804 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS); 5805 isperiodic = 1; 5806 } 5807 5808 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) { 5809 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX); 5810 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK); 5811 5812 iwm_notif_intr(sc); 5813 5814 /* enable periodic interrupt, see above */ 5815 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic) 5816 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG, 5817 IWM_CSR_INT_PERIODIC_ENA); 5818 } 5819 5820 if (__predict_false(r1 & ~handled)) 5821 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5822 "%s: unhandled interrupts: %x\n", __func__, r1); 5823 rv = 1; 5824 5825 out_ena: 5826 iwm_restore_interrupts(sc); 5827 out: 5828 IWM_UNLOCK(sc); 5829 return; 5830} 5831 5832/* 5833 * Autoconf glue-sniffing 5834 */ 5835#define PCI_VENDOR_INTEL 0x8086 5836#define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3 5837#define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4 5838#define PCI_PRODUCT_INTEL_WL_3165_1 0x3165 5839#define PCI_PRODUCT_INTEL_WL_3165_2 0x3166 5840#define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1 5841#define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2 5842#define PCI_PRODUCT_INTEL_WL_7265_1 0x095a 5843#define PCI_PRODUCT_INTEL_WL_7265_2 0x095b 5844#define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3 5845#define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4 5846 5847static const struct iwm_devices { 5848 uint16_t device; 5849 const struct iwm_cfg *cfg; 5850} iwm_devices[] = { 5851 { PCI_PRODUCT_INTEL_WL_3160_1, &iwm3160_cfg }, 5852 { PCI_PRODUCT_INTEL_WL_3160_2, &iwm3160_cfg }, 5853 { PCI_PRODUCT_INTEL_WL_3165_1, &iwm3165_cfg }, 5854 { PCI_PRODUCT_INTEL_WL_3165_2, &iwm3165_cfg }, 5855 { PCI_PRODUCT_INTEL_WL_7260_1, &iwm7260_cfg }, 5856 { PCI_PRODUCT_INTEL_WL_7260_2, &iwm7260_cfg }, 5857 { PCI_PRODUCT_INTEL_WL_7265_1, &iwm7265_cfg }, 5858 { PCI_PRODUCT_INTEL_WL_7265_2, &iwm7265_cfg }, 5859 { PCI_PRODUCT_INTEL_WL_8260_1, &iwm8260_cfg }, 5860 { PCI_PRODUCT_INTEL_WL_8260_2, &iwm8260_cfg }, 5861}; 5862 5863static int 5864iwm_probe(device_t dev) 5865{ 5866 int i; 5867 5868 for (i = 0; i < nitems(iwm_devices); i++) { 5869 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL && 5870 pci_get_device(dev) == iwm_devices[i].device) { 5871 device_set_desc(dev, iwm_devices[i].cfg->name); 5872 return (BUS_PROBE_DEFAULT); 5873 } 5874 } 5875 5876 return (ENXIO); 5877} 5878 5879static int 5880iwm_dev_check(device_t dev) 5881{ 5882 struct iwm_softc *sc; 5883 uint16_t devid; 5884 int i; 5885 5886 sc = device_get_softc(dev); 5887 5888 devid = pci_get_device(dev); 5889 for (i = 0; i < nitems(iwm_devices); i++) { 5890 if (iwm_devices[i].device == devid) { 5891 sc->cfg = iwm_devices[i].cfg; 5892 return (0); 5893 } 5894 } 5895 device_printf(dev, "unknown adapter type\n"); 5896 return ENXIO; 5897} 5898 5899/* PCI registers */ 5900#define PCI_CFG_RETRY_TIMEOUT 0x041 5901 5902static int 5903iwm_pci_attach(device_t dev) 5904{ 5905 struct iwm_softc *sc; 5906 int count, error, rid; 5907 uint16_t reg; 5908 5909 sc = device_get_softc(dev); 5910 5911 /* We disable the RETRY_TIMEOUT register (0x41) to keep 5912 * PCI Tx retries from interfering with C3 CPU state */ 5913 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 5914 5915 /* Enable bus-mastering and hardware bug workaround. */ 5916 pci_enable_busmaster(dev); 5917 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg)); 5918 /* if !MSI */ 5919 if (reg & PCIM_STATUS_INTxSTATE) { 5920 reg &= ~PCIM_STATUS_INTxSTATE; 5921 } 5922 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg)); 5923 5924 rid = PCIR_BAR(0); 5925 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 5926 RF_ACTIVE); 5927 if (sc->sc_mem == NULL) { 5928 device_printf(sc->sc_dev, "can't map mem space\n"); 5929 return (ENXIO); 5930 } 5931 sc->sc_st = rman_get_bustag(sc->sc_mem); 5932 sc->sc_sh = rman_get_bushandle(sc->sc_mem); 5933 5934 /* Install interrupt handler. */ 5935 count = 1; 5936 rid = 0; 5937 if (pci_alloc_msi(dev, &count) == 0) 5938 rid = 1; 5939 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 5940 (rid != 0 ? 0 : RF_SHAREABLE)); 5941 if (sc->sc_irq == NULL) { 5942 device_printf(dev, "can't map interrupt\n"); 5943 return (ENXIO); 5944 } 5945 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE, 5946 NULL, iwm_intr, sc, &sc->sc_ih); 5947 if (sc->sc_ih == NULL) { 5948 device_printf(dev, "can't establish interrupt"); 5949 return (ENXIO); 5950 } 5951 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev); 5952 5953 return (0); 5954} 5955 5956static void 5957iwm_pci_detach(device_t dev) 5958{ 5959 struct iwm_softc *sc = device_get_softc(dev); 5960 5961 if (sc->sc_irq != NULL) { 5962 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih); 5963 bus_release_resource(dev, SYS_RES_IRQ, 5964 rman_get_rid(sc->sc_irq), sc->sc_irq); 5965 pci_release_msi(dev); 5966 } 5967 if (sc->sc_mem != NULL) 5968 bus_release_resource(dev, SYS_RES_MEMORY, 5969 rman_get_rid(sc->sc_mem), sc->sc_mem); 5970} 5971 5972 5973 5974static int 5975iwm_attach(device_t dev) 5976{ 5977 struct iwm_softc *sc = device_get_softc(dev); 5978 struct ieee80211com *ic = &sc->sc_ic; 5979 int error; 5980 int txq_i, i; 5981 5982 sc->sc_dev = dev; 5983 sc->sc_attached = 1; 5984 IWM_LOCK_INIT(sc); 5985 mbufq_init(&sc->sc_snd, ifqmaxlen); 5986 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0); 5987 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0); 5988 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc); 5989 5990 sc->sc_notif_wait = iwm_notification_wait_init(sc); 5991 if (sc->sc_notif_wait == NULL) { 5992 device_printf(dev, "failed to init notification wait struct\n"); 5993 goto fail; 5994 } 5995 5996 /* Init phy db */ 5997 sc->sc_phy_db = iwm_phy_db_init(sc); 5998 if (!sc->sc_phy_db) { 5999 device_printf(dev, "Cannot init phy_db\n"); 6000 goto fail; 6001 } 6002 6003 /* PCI attach */ 6004 error = iwm_pci_attach(dev); 6005 if (error != 0) 6006 goto fail; 6007 6008 sc->sc_wantresp = -1; 6009 6010 /* Check device type */ 6011 error = iwm_dev_check(dev); 6012 if (error != 0) 6013 goto fail; 6014 6015 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV); 6016 /* 6017 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have 6018 * changed, and now the revision step also includes bit 0-1 (no more 6019 * "dash" value). To keep hw_rev backwards compatible - we'll store it 6020 * in the old format. 6021 */ 6022 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 6023 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) | 6024 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2); 6025 6026 if (iwm_prepare_card_hw(sc) != 0) { 6027 device_printf(dev, "could not initialize hardware\n"); 6028 goto fail; 6029 } 6030 6031 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 6032 int ret; 6033 uint32_t hw_step; 6034 6035 /* 6036 * In order to recognize C step the driver should read the 6037 * chip version id located at the AUX bus MISC address. 6038 */ 6039 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, 6040 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE); 6041 DELAY(2); 6042 6043 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL, 6044 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 6045 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 6046 25000); 6047 if (!ret) { 6048 device_printf(sc->sc_dev, 6049 "Failed to wake up the nic\n"); 6050 goto fail; 6051 } 6052 6053 if (iwm_nic_lock(sc)) { 6054 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG); 6055 hw_step |= IWM_ENABLE_WFPM; 6056 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step); 6057 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG); 6058 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF; 6059 if (hw_step == 0x3) 6060 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) | 6061 (IWM_SILICON_C_STEP << 2); 6062 iwm_nic_unlock(sc); 6063 } else { 6064 device_printf(sc->sc_dev, "Failed to lock the nic\n"); 6065 goto fail; 6066 } 6067 } 6068 6069 /* special-case 7265D, it has the same PCI IDs. */ 6070 if (sc->cfg == &iwm7265_cfg && 6071 (sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK) == IWM_CSR_HW_REV_TYPE_7265D) { 6072 sc->cfg = &iwm7265d_cfg; 6073 } 6074 6075 /* Allocate DMA memory for firmware transfers. */ 6076 if ((error = iwm_alloc_fwmem(sc)) != 0) { 6077 device_printf(dev, "could not allocate memory for firmware\n"); 6078 goto fail; 6079 } 6080 6081 /* Allocate "Keep Warm" page. */ 6082 if ((error = iwm_alloc_kw(sc)) != 0) { 6083 device_printf(dev, "could not allocate keep warm page\n"); 6084 goto fail; 6085 } 6086 6087 /* We use ICT interrupts */ 6088 if ((error = iwm_alloc_ict(sc)) != 0) { 6089 device_printf(dev, "could not allocate ICT table\n"); 6090 goto fail; 6091 } 6092 6093 /* Allocate TX scheduler "rings". */ 6094 if ((error = iwm_alloc_sched(sc)) != 0) { 6095 device_printf(dev, "could not allocate TX scheduler rings\n"); 6096 goto fail; 6097 } 6098 6099 /* Allocate TX rings */ 6100 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) { 6101 if ((error = iwm_alloc_tx_ring(sc, 6102 &sc->txq[txq_i], txq_i)) != 0) { 6103 device_printf(dev, 6104 "could not allocate TX ring %d\n", 6105 txq_i); 6106 goto fail; 6107 } 6108 } 6109 6110 /* Allocate RX ring. */ 6111 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) { 6112 device_printf(dev, "could not allocate RX ring\n"); 6113 goto fail; 6114 } 6115 6116 /* Clear pending interrupts. */ 6117 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff); 6118 6119 ic->ic_softc = sc; 6120 ic->ic_name = device_get_nameunit(sc->sc_dev); 6121 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 6122 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 6123 6124 /* Set device capabilities. */ 6125 ic->ic_caps = 6126 IEEE80211_C_STA | 6127 IEEE80211_C_WPA | /* WPA/RSN */ 6128 IEEE80211_C_WME | 6129 IEEE80211_C_PMGT | 6130 IEEE80211_C_SHSLOT | /* short slot time supported */ 6131 IEEE80211_C_SHPREAMBLE /* short preamble supported */ 6132// IEEE80211_C_BGSCAN /* capable of bg scanning */ 6133 ; 6134 for (i = 0; i < nitems(sc->sc_phyctxt); i++) { 6135 sc->sc_phyctxt[i].id = i; 6136 sc->sc_phyctxt[i].color = 0; 6137 sc->sc_phyctxt[i].ref = 0; 6138 sc->sc_phyctxt[i].channel = NULL; 6139 } 6140 6141 /* Default noise floor */ 6142 sc->sc_noise = -96; 6143 6144 /* Max RSSI */ 6145 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM; 6146 6147 sc->sc_preinit_hook.ich_func = iwm_preinit; 6148 sc->sc_preinit_hook.ich_arg = sc; 6149 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) { 6150 device_printf(dev, "config_intrhook_establish failed\n"); 6151 goto fail; 6152 } 6153 6154#ifdef IWM_DEBUG 6155 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev), 6156 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug", 6157 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging"); 6158#endif 6159 6160 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6161 "<-%s\n", __func__); 6162 6163 return 0; 6164 6165 /* Free allocated memory if something failed during attachment. */ 6166fail: 6167 iwm_detach_local(sc, 0); 6168 6169 return ENXIO; 6170} 6171 6172static int 6173iwm_is_valid_ether_addr(uint8_t *addr) 6174{ 6175 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 }; 6176 6177 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr)) 6178 return (FALSE); 6179 6180 return (TRUE); 6181} 6182 6183static int 6184iwm_wme_update(struct ieee80211com *ic) 6185{ 6186#define IWM_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 6187 struct iwm_softc *sc = ic->ic_softc; 6188 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6189 struct iwm_vap *ivp = IWM_VAP(vap); 6190 struct iwm_node *in; 6191 struct wmeParams tmp[WME_NUM_AC]; 6192 int aci, error; 6193 6194 if (vap == NULL) 6195 return (0); 6196 6197 IEEE80211_LOCK(ic); 6198 for (aci = 0; aci < WME_NUM_AC; aci++) 6199 tmp[aci] = ic->ic_wme.wme_chanParams.cap_wmeParams[aci]; 6200 IEEE80211_UNLOCK(ic); 6201 6202 IWM_LOCK(sc); 6203 for (aci = 0; aci < WME_NUM_AC; aci++) { 6204 const struct wmeParams *ac = &tmp[aci]; 6205 ivp->queue_params[aci].aifsn = ac->wmep_aifsn; 6206 ivp->queue_params[aci].cw_min = IWM_EXP2(ac->wmep_logcwmin); 6207 ivp->queue_params[aci].cw_max = IWM_EXP2(ac->wmep_logcwmax); 6208 ivp->queue_params[aci].edca_txop = 6209 IEEE80211_TXOP_TO_US(ac->wmep_txopLimit); 6210 } 6211 ivp->have_wme = TRUE; 6212 if (ivp->is_uploaded && vap->iv_bss != NULL) { 6213 in = IWM_NODE(vap->iv_bss); 6214 if (in->in_assoc) { 6215 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 6216 device_printf(sc->sc_dev, 6217 "%s: failed to update MAC\n", __func__); 6218 } 6219 } 6220 } 6221 IWM_UNLOCK(sc); 6222 6223 return (0); 6224#undef IWM_EXP2 6225} 6226 6227static void 6228iwm_preinit(void *arg) 6229{ 6230 struct iwm_softc *sc = arg; 6231 device_t dev = sc->sc_dev; 6232 struct ieee80211com *ic = &sc->sc_ic; 6233 int error; 6234 6235 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6236 "->%s\n", __func__); 6237 6238 IWM_LOCK(sc); 6239 if ((error = iwm_start_hw(sc)) != 0) { 6240 device_printf(dev, "could not initialize hardware\n"); 6241 IWM_UNLOCK(sc); 6242 goto fail; 6243 } 6244 6245 error = iwm_run_init_mvm_ucode(sc, 1); 6246 iwm_stop_device(sc); 6247 if (error) { 6248 IWM_UNLOCK(sc); 6249 goto fail; 6250 } 6251 device_printf(dev, 6252 "hw rev 0x%x, fw ver %s, address %s\n", 6253 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK, 6254 sc->sc_fwver, ether_sprintf(sc->nvm_data->hw_addr)); 6255 6256 /* not all hardware can do 5GHz band */ 6257 if (!sc->nvm_data->sku_cap_band_52GHz_enable) 6258 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0, 6259 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A])); 6260 IWM_UNLOCK(sc); 6261 6262 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 6263 ic->ic_channels); 6264 6265 /* 6266 * At this point we've committed - if we fail to do setup, 6267 * we now also have to tear down the net80211 state. 6268 */ 6269 ieee80211_ifattach(ic); 6270 ic->ic_vap_create = iwm_vap_create; 6271 ic->ic_vap_delete = iwm_vap_delete; 6272 ic->ic_raw_xmit = iwm_raw_xmit; 6273 ic->ic_node_alloc = iwm_node_alloc; 6274 ic->ic_scan_start = iwm_scan_start; 6275 ic->ic_scan_end = iwm_scan_end; 6276 ic->ic_update_mcast = iwm_update_mcast; 6277 ic->ic_getradiocaps = iwm_init_channel_map; 6278 ic->ic_set_channel = iwm_set_channel; 6279 ic->ic_scan_curchan = iwm_scan_curchan; 6280 ic->ic_scan_mindwell = iwm_scan_mindwell; 6281 ic->ic_wme.wme_update = iwm_wme_update; 6282 ic->ic_parent = iwm_parent; 6283 ic->ic_transmit = iwm_transmit; 6284 iwm_radiotap_attach(sc); 6285 if (bootverbose) 6286 ieee80211_announce(ic); 6287 6288 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6289 "<-%s\n", __func__); 6290 config_intrhook_disestablish(&sc->sc_preinit_hook); 6291 6292 return; 6293fail: 6294 config_intrhook_disestablish(&sc->sc_preinit_hook); 6295 iwm_detach_local(sc, 0); 6296} 6297 6298/* 6299 * Attach the interface to 802.11 radiotap. 6300 */ 6301static void 6302iwm_radiotap_attach(struct iwm_softc *sc) 6303{ 6304 struct ieee80211com *ic = &sc->sc_ic; 6305 6306 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6307 "->%s begin\n", __func__); 6308 ieee80211_radiotap_attach(ic, 6309 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 6310 IWM_TX_RADIOTAP_PRESENT, 6311 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 6312 IWM_RX_RADIOTAP_PRESENT); 6313 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6314 "->%s end\n", __func__); 6315} 6316 6317static struct ieee80211vap * 6318iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 6319 enum ieee80211_opmode opmode, int flags, 6320 const uint8_t bssid[IEEE80211_ADDR_LEN], 6321 const uint8_t mac[IEEE80211_ADDR_LEN]) 6322{ 6323 struct iwm_vap *ivp; 6324 struct ieee80211vap *vap; 6325 6326 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 6327 return NULL; 6328 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO); 6329 vap = &ivp->iv_vap; 6330 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 6331 vap->iv_bmissthreshold = 10; /* override default */ 6332 /* Override with driver methods. */ 6333 ivp->iv_newstate = vap->iv_newstate; 6334 vap->iv_newstate = iwm_newstate; 6335 6336 ivp->id = IWM_DEFAULT_MACID; 6337 ivp->color = IWM_DEFAULT_COLOR; 6338 6339 ivp->have_wme = FALSE; 6340 6341 ieee80211_ratectl_init(vap); 6342 /* Complete setup. */ 6343 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status, 6344 mac); 6345 ic->ic_opmode = opmode; 6346 6347 return vap; 6348} 6349 6350static void 6351iwm_vap_delete(struct ieee80211vap *vap) 6352{ 6353 struct iwm_vap *ivp = IWM_VAP(vap); 6354 6355 ieee80211_ratectl_deinit(vap); 6356 ieee80211_vap_detach(vap); 6357 free(ivp, M_80211_VAP); 6358} 6359 6360static void 6361iwm_scan_start(struct ieee80211com *ic) 6362{ 6363 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6364 struct iwm_softc *sc = ic->ic_softc; 6365 int error; 6366 6367 IWM_LOCK(sc); 6368 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 6369 /* This should not be possible */ 6370 device_printf(sc->sc_dev, 6371 "%s: Previous scan not completed yet\n", __func__); 6372 } 6373 if (fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) 6374 error = iwm_mvm_umac_scan(sc); 6375 else 6376 error = iwm_mvm_lmac_scan(sc); 6377 if (error != 0) { 6378 device_printf(sc->sc_dev, "could not initiate scan\n"); 6379 IWM_UNLOCK(sc); 6380 ieee80211_cancel_scan(vap); 6381 } else { 6382 sc->sc_flags |= IWM_FLAG_SCAN_RUNNING; 6383 iwm_led_blink_start(sc); 6384 IWM_UNLOCK(sc); 6385 } 6386} 6387 6388static void 6389iwm_scan_end(struct ieee80211com *ic) 6390{ 6391 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6392 struct iwm_softc *sc = ic->ic_softc; 6393 6394 IWM_LOCK(sc); 6395 iwm_led_blink_stop(sc); 6396 if (vap->iv_state == IEEE80211_S_RUN) 6397 iwm_mvm_led_enable(sc); 6398 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 6399 /* 6400 * Removing IWM_FLAG_SCAN_RUNNING now, is fine because 6401 * both iwm_scan_end and iwm_scan_start run in the ic->ic_tq 6402 * taskqueue. 6403 */ 6404 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 6405 iwm_mvm_scan_stop_wait(sc); 6406 } 6407 IWM_UNLOCK(sc); 6408 6409 /* 6410 * Make sure we don't race, if sc_es_task is still enqueued here. 6411 * This is to make sure that it won't call ieee80211_scan_done 6412 * when we have already started the next scan. 6413 */ 6414 taskqueue_cancel(ic->ic_tq, &sc->sc_es_task, NULL); 6415} 6416 6417static void 6418iwm_update_mcast(struct ieee80211com *ic) 6419{ 6420} 6421 6422static void 6423iwm_set_channel(struct ieee80211com *ic) 6424{ 6425} 6426 6427static void 6428iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 6429{ 6430} 6431 6432static void 6433iwm_scan_mindwell(struct ieee80211_scan_state *ss) 6434{ 6435 return; 6436} 6437 6438void 6439iwm_init_task(void *arg1) 6440{ 6441 struct iwm_softc *sc = arg1; 6442 6443 IWM_LOCK(sc); 6444 while (sc->sc_flags & IWM_FLAG_BUSY) 6445 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0); 6446 sc->sc_flags |= IWM_FLAG_BUSY; 6447 iwm_stop(sc); 6448 if (sc->sc_ic.ic_nrunning > 0) 6449 iwm_init(sc); 6450 sc->sc_flags &= ~IWM_FLAG_BUSY; 6451 wakeup(&sc->sc_flags); 6452 IWM_UNLOCK(sc); 6453} 6454 6455static int 6456iwm_resume(device_t dev) 6457{ 6458 struct iwm_softc *sc = device_get_softc(dev); 6459 int do_reinit = 0; 6460 6461 /* 6462 * We disable the RETRY_TIMEOUT register (0x41) to keep 6463 * PCI Tx retries from interfering with C3 CPU state. 6464 */ 6465 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 6466 iwm_init_task(device_get_softc(dev)); 6467 6468 IWM_LOCK(sc); 6469 if (sc->sc_flags & IWM_FLAG_SCANNING) { 6470 sc->sc_flags &= ~IWM_FLAG_SCANNING; 6471 do_reinit = 1; 6472 } 6473 IWM_UNLOCK(sc); 6474 6475 if (do_reinit) 6476 ieee80211_resume_all(&sc->sc_ic); 6477 6478 return 0; 6479} 6480 6481static int 6482iwm_suspend(device_t dev) 6483{ 6484 int do_stop = 0; 6485 struct iwm_softc *sc = device_get_softc(dev); 6486 6487 do_stop = !! (sc->sc_ic.ic_nrunning > 0); 6488 6489 ieee80211_suspend_all(&sc->sc_ic); 6490 6491 if (do_stop) { 6492 IWM_LOCK(sc); 6493 iwm_stop(sc); 6494 sc->sc_flags |= IWM_FLAG_SCANNING; 6495 IWM_UNLOCK(sc); 6496 } 6497 6498 return (0); 6499} 6500 6501static int 6502iwm_detach_local(struct iwm_softc *sc, int do_net80211) 6503{ 6504 struct iwm_fw_info *fw = &sc->sc_fw; 6505 device_t dev = sc->sc_dev; 6506 int i; 6507 6508 if (!sc->sc_attached) 6509 return 0; 6510 sc->sc_attached = 0; 6511 6512 if (do_net80211) 6513 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task); 6514 6515 callout_drain(&sc->sc_led_blink_to); 6516 callout_drain(&sc->sc_watchdog_to); 6517 iwm_stop_device(sc); 6518 if (do_net80211) { 6519 ieee80211_ifdetach(&sc->sc_ic); 6520 } 6521 6522 iwm_phy_db_free(sc->sc_phy_db); 6523 sc->sc_phy_db = NULL; 6524 6525 iwm_free_nvm_data(sc->nvm_data); 6526 6527 /* Free descriptor rings */ 6528 iwm_free_rx_ring(sc, &sc->rxq); 6529 for (i = 0; i < nitems(sc->txq); i++) 6530 iwm_free_tx_ring(sc, &sc->txq[i]); 6531 6532 /* Free firmware */ 6533 if (fw->fw_fp != NULL) 6534 iwm_fw_info_free(fw); 6535 6536 /* Free scheduler */ 6537 iwm_dma_contig_free(&sc->sched_dma); 6538 iwm_dma_contig_free(&sc->ict_dma); 6539 iwm_dma_contig_free(&sc->kw_dma); 6540 iwm_dma_contig_free(&sc->fw_dma); 6541 6542 iwm_free_fw_paging(sc); 6543 6544 /* Finished with the hardware - detach things */ 6545 iwm_pci_detach(dev); 6546 6547 if (sc->sc_notif_wait != NULL) { 6548 iwm_notification_wait_free(sc->sc_notif_wait); 6549 sc->sc_notif_wait = NULL; 6550 } 6551 6552 mbufq_drain(&sc->sc_snd); 6553 IWM_LOCK_DESTROY(sc); 6554 6555 return (0); 6556} 6557 6558static int 6559iwm_detach(device_t dev) 6560{ 6561 struct iwm_softc *sc = device_get_softc(dev); 6562 6563 return (iwm_detach_local(sc, 1)); 6564} 6565 6566static device_method_t iwm_pci_methods[] = { 6567 /* Device interface */ 6568 DEVMETHOD(device_probe, iwm_probe), 6569 DEVMETHOD(device_attach, iwm_attach), 6570 DEVMETHOD(device_detach, iwm_detach), 6571 DEVMETHOD(device_suspend, iwm_suspend), 6572 DEVMETHOD(device_resume, iwm_resume), 6573 6574 DEVMETHOD_END 6575}; 6576 6577static driver_t iwm_pci_driver = { 6578 "iwm", 6579 iwm_pci_methods, 6580 sizeof (struct iwm_softc) 6581}; 6582 6583static devclass_t iwm_devclass; 6584 6585DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL); 6586MODULE_DEPEND(iwm, firmware, 1, 1, 1); 6587MODULE_DEPEND(iwm, pci, 1, 1, 1); 6588MODULE_DEPEND(iwm, wlan, 1, 1, 1); 6589