if_iwm.c revision 330221
1/* $OpenBSD: if_iwm.c,v 1.42 2015/05/30 02:49:23 deraadt Exp $ */ 2 3/* 4 * Copyright (c) 2014 genua mbh <info@genua.de> 5 * Copyright (c) 2014 Fixup Software Ltd. 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20/*- 21 * Based on BSD-licensed source modules in the Linux iwlwifi driver, 22 * which were used as the reference documentation for this implementation. 23 * 24 * Driver version we are currently based off of is 25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd) 26 * 27 *********************************************************************** 28 * 29 * This file is provided under a dual BSD/GPLv2 license. When using or 30 * redistributing this file, you may do so under either license. 31 * 32 * GPL LICENSE SUMMARY 33 * 34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved. 35 * 36 * This program is free software; you can redistribute it and/or modify 37 * it under the terms of version 2 of the GNU General Public License as 38 * published by the Free Software Foundation. 39 * 40 * This program is distributed in the hope that it will be useful, but 41 * WITHOUT ANY WARRANTY; without even the implied warranty of 42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 43 * General Public License for more details. 44 * 45 * You should have received a copy of the GNU General Public License 46 * along with this program; if not, write to the Free Software 47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 48 * USA 49 * 50 * The full GNU General Public License is included in this distribution 51 * in the file called COPYING. 52 * 53 * Contact Information: 54 * Intel Linux Wireless <ilw@linux.intel.com> 55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 56 * 57 * 58 * BSD LICENSE 59 * 60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved. 61 * All rights reserved. 62 * 63 * Redistribution and use in source and binary forms, with or without 64 * modification, are permitted provided that the following conditions 65 * are met: 66 * 67 * * Redistributions of source code must retain the above copyright 68 * notice, this list of conditions and the following disclaimer. 69 * * Redistributions in binary form must reproduce the above copyright 70 * notice, this list of conditions and the following disclaimer in 71 * the documentation and/or other materials provided with the 72 * distribution. 73 * * Neither the name Intel Corporation nor the names of its 74 * contributors may be used to endorse or promote products derived 75 * from this software without specific prior written permission. 76 * 77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 88 */ 89 90/*- 91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 92 * 93 * Permission to use, copy, modify, and distribute this software for any 94 * purpose with or without fee is hereby granted, provided that the above 95 * copyright notice and this permission notice appear in all copies. 96 * 97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 104 */ 105#include <sys/cdefs.h> 106__FBSDID("$FreeBSD: stable/11/sys/dev/iwm/if_iwm.c 330221 2018-03-01 06:53:37Z eadler $"); 107 108#include "opt_wlan.h" 109 110#include <sys/param.h> 111#include <sys/bus.h> 112#include <sys/conf.h> 113#include <sys/endian.h> 114#include <sys/firmware.h> 115#include <sys/kernel.h> 116#include <sys/malloc.h> 117#include <sys/mbuf.h> 118#include <sys/mutex.h> 119#include <sys/module.h> 120#include <sys/proc.h> 121#include <sys/rman.h> 122#include <sys/socket.h> 123#include <sys/sockio.h> 124#include <sys/sysctl.h> 125#include <sys/linker.h> 126 127#include <machine/bus.h> 128#include <machine/endian.h> 129#include <machine/resource.h> 130 131#include <dev/pci/pcivar.h> 132#include <dev/pci/pcireg.h> 133 134#include <net/bpf.h> 135 136#include <net/if.h> 137#include <net/if_var.h> 138#include <net/if_arp.h> 139#include <net/if_dl.h> 140#include <net/if_media.h> 141#include <net/if_types.h> 142 143#include <netinet/in.h> 144#include <netinet/in_systm.h> 145#include <netinet/if_ether.h> 146#include <netinet/ip.h> 147 148#include <net80211/ieee80211_var.h> 149#include <net80211/ieee80211_regdomain.h> 150#include <net80211/ieee80211_ratectl.h> 151#include <net80211/ieee80211_radiotap.h> 152 153#include <dev/iwm/if_iwmreg.h> 154#include <dev/iwm/if_iwmvar.h> 155#include <dev/iwm/if_iwm_config.h> 156#include <dev/iwm/if_iwm_debug.h> 157#include <dev/iwm/if_iwm_notif_wait.h> 158#include <dev/iwm/if_iwm_util.h> 159#include <dev/iwm/if_iwm_binding.h> 160#include <dev/iwm/if_iwm_phy_db.h> 161#include <dev/iwm/if_iwm_mac_ctxt.h> 162#include <dev/iwm/if_iwm_phy_ctxt.h> 163#include <dev/iwm/if_iwm_time_event.h> 164#include <dev/iwm/if_iwm_power.h> 165#include <dev/iwm/if_iwm_scan.h> 166#include <dev/iwm/if_iwm_sta.h> 167 168#include <dev/iwm/if_iwm_pcie_trans.h> 169#include <dev/iwm/if_iwm_led.h> 170#include <dev/iwm/if_iwm_fw.h> 171 172/* From DragonflyBSD */ 173#define mtodoff(m, t, off) ((t)((m)->m_data + (off))) 174 175const uint8_t iwm_nvm_channels[] = { 176 /* 2.4 GHz */ 177 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 178 /* 5 GHz */ 179 36, 40, 44, 48, 52, 56, 60, 64, 180 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 181 149, 153, 157, 161, 165 182}; 183_Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS, 184 "IWM_NUM_CHANNELS is too small"); 185 186const uint8_t iwm_nvm_channels_8000[] = { 187 /* 2.4 GHz */ 188 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 189 /* 5 GHz */ 190 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 191 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 192 149, 153, 157, 161, 165, 169, 173, 177, 181 193}; 194_Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000, 195 "IWM_NUM_CHANNELS_8000 is too small"); 196 197#define IWM_NUM_2GHZ_CHANNELS 14 198#define IWM_N_HW_ADDR_MASK 0xF 199 200/* 201 * XXX For now, there's simply a fixed set of rate table entries 202 * that are populated. 203 */ 204const struct iwm_rate { 205 uint8_t rate; 206 uint8_t plcp; 207} iwm_rates[] = { 208 { 2, IWM_RATE_1M_PLCP }, 209 { 4, IWM_RATE_2M_PLCP }, 210 { 11, IWM_RATE_5M_PLCP }, 211 { 22, IWM_RATE_11M_PLCP }, 212 { 12, IWM_RATE_6M_PLCP }, 213 { 18, IWM_RATE_9M_PLCP }, 214 { 24, IWM_RATE_12M_PLCP }, 215 { 36, IWM_RATE_18M_PLCP }, 216 { 48, IWM_RATE_24M_PLCP }, 217 { 72, IWM_RATE_36M_PLCP }, 218 { 96, IWM_RATE_48M_PLCP }, 219 { 108, IWM_RATE_54M_PLCP }, 220}; 221#define IWM_RIDX_CCK 0 222#define IWM_RIDX_OFDM 4 223#define IWM_RIDX_MAX (nitems(iwm_rates)-1) 224#define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM) 225#define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM) 226 227struct iwm_nvm_section { 228 uint16_t length; 229 uint8_t *data; 230}; 231 232#define IWM_MVM_UCODE_ALIVE_TIMEOUT hz 233#define IWM_MVM_UCODE_CALIB_TIMEOUT (2*hz) 234 235struct iwm_mvm_alive_data { 236 int valid; 237 uint32_t scd_base_addr; 238}; 239 240static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t); 241static int iwm_firmware_store_section(struct iwm_softc *, 242 enum iwm_ucode_type, 243 const uint8_t *, size_t); 244static int iwm_set_default_calib(struct iwm_softc *, const void *); 245static void iwm_fw_info_free(struct iwm_fw_info *); 246static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type); 247static int iwm_alloc_fwmem(struct iwm_softc *); 248static int iwm_alloc_sched(struct iwm_softc *); 249static int iwm_alloc_kw(struct iwm_softc *); 250static int iwm_alloc_ict(struct iwm_softc *); 251static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 252static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 253static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 254static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *, 255 int); 256static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 257static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 258static void iwm_enable_interrupts(struct iwm_softc *); 259static void iwm_restore_interrupts(struct iwm_softc *); 260static void iwm_disable_interrupts(struct iwm_softc *); 261static void iwm_ict_reset(struct iwm_softc *); 262static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *); 263static void iwm_stop_device(struct iwm_softc *); 264static void iwm_mvm_nic_config(struct iwm_softc *); 265static int iwm_nic_rx_init(struct iwm_softc *); 266static int iwm_nic_tx_init(struct iwm_softc *); 267static int iwm_nic_init(struct iwm_softc *); 268static int iwm_trans_pcie_fw_alive(struct iwm_softc *, uint32_t); 269static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t, 270 uint16_t, uint8_t *, uint16_t *); 271static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *, 272 uint16_t *, uint32_t); 273static uint32_t iwm_eeprom_channel_flags(uint16_t); 274static void iwm_add_channel_band(struct iwm_softc *, 275 struct ieee80211_channel[], int, int *, int, size_t, 276 const uint8_t[]); 277static void iwm_init_channel_map(struct ieee80211com *, int, int *, 278 struct ieee80211_channel[]); 279static struct iwm_nvm_data * 280 iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *, 281 const uint16_t *, const uint16_t *, 282 const uint16_t *, const uint16_t *, 283 const uint16_t *); 284static void iwm_free_nvm_data(struct iwm_nvm_data *); 285static void iwm_set_hw_address_family_8000(struct iwm_softc *, 286 struct iwm_nvm_data *, 287 const uint16_t *, 288 const uint16_t *); 289static int iwm_get_sku(const struct iwm_softc *, const uint16_t *, 290 const uint16_t *); 291static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *); 292static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *, 293 const uint16_t *); 294static int iwm_get_n_hw_addrs(const struct iwm_softc *, 295 const uint16_t *); 296static void iwm_set_radio_cfg(const struct iwm_softc *, 297 struct iwm_nvm_data *, uint32_t); 298static struct iwm_nvm_data * 299 iwm_parse_nvm_sections(struct iwm_softc *, struct iwm_nvm_section *); 300static int iwm_nvm_init(struct iwm_softc *); 301static int iwm_pcie_load_section(struct iwm_softc *, uint8_t, 302 const struct iwm_fw_desc *); 303static int iwm_pcie_load_firmware_chunk(struct iwm_softc *, uint32_t, 304 bus_addr_t, uint32_t); 305static int iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc, 306 const struct iwm_fw_sects *, 307 int, int *); 308static int iwm_pcie_load_cpu_sections(struct iwm_softc *, 309 const struct iwm_fw_sects *, 310 int, int *); 311static int iwm_pcie_load_given_ucode_8000(struct iwm_softc *, 312 const struct iwm_fw_sects *); 313static int iwm_pcie_load_given_ucode(struct iwm_softc *, 314 const struct iwm_fw_sects *); 315static int iwm_start_fw(struct iwm_softc *, const struct iwm_fw_sects *); 316static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t); 317static int iwm_send_phy_cfg_cmd(struct iwm_softc *); 318static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *, 319 enum iwm_ucode_type); 320static int iwm_run_init_mvm_ucode(struct iwm_softc *, int); 321static int iwm_rx_addbuf(struct iwm_softc *, int, int); 322static int iwm_mvm_get_signal_strength(struct iwm_softc *, 323 struct iwm_rx_phy_info *); 324static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *, 325 struct iwm_rx_packet *); 326static int iwm_get_noise(struct iwm_softc *sc, 327 const struct iwm_mvm_statistics_rx_non_phy *); 328static boolean_t iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct mbuf *, 329 uint32_t, boolean_t); 330static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *, 331 struct iwm_rx_packet *, 332 struct iwm_node *); 333static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *); 334static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *); 335#if 0 336static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t, 337 uint16_t); 338#endif 339static const struct iwm_rate * 340 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *, 341 struct mbuf *, struct iwm_tx_cmd *); 342static int iwm_tx(struct iwm_softc *, struct mbuf *, 343 struct ieee80211_node *, int); 344static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *, 345 const struct ieee80211_bpf_params *); 346static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_vap *); 347static int iwm_auth(struct ieee80211vap *, struct iwm_softc *); 348static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *); 349static int iwm_release(struct iwm_softc *, struct iwm_node *); 350static struct ieee80211_node * 351 iwm_node_alloc(struct ieee80211vap *, 352 const uint8_t[IEEE80211_ADDR_LEN]); 353static void iwm_setrates(struct iwm_softc *, struct iwm_node *); 354static int iwm_media_change(struct ifnet *); 355static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int); 356static void iwm_endscan_cb(void *, int); 357static void iwm_mvm_fill_sf_command(struct iwm_softc *, 358 struct iwm_sf_cfg_cmd *, 359 struct ieee80211_node *); 360static int iwm_mvm_sf_config(struct iwm_softc *, enum iwm_sf_state); 361static int iwm_send_bt_init_conf(struct iwm_softc *); 362static boolean_t iwm_mvm_is_lar_supported(struct iwm_softc *); 363static boolean_t iwm_mvm_is_wifi_mcc_supported(struct iwm_softc *); 364static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *); 365static void iwm_mvm_tt_tx_backoff(struct iwm_softc *, uint32_t); 366static int iwm_init_hw(struct iwm_softc *); 367static void iwm_init(struct iwm_softc *); 368static void iwm_start(struct iwm_softc *); 369static void iwm_stop(struct iwm_softc *); 370static void iwm_watchdog(void *); 371static void iwm_parent(struct ieee80211com *); 372#ifdef IWM_DEBUG 373static const char * 374 iwm_desc_lookup(uint32_t); 375static void iwm_nic_error(struct iwm_softc *); 376static void iwm_nic_umac_error(struct iwm_softc *); 377#endif 378static void iwm_handle_rxb(struct iwm_softc *, struct mbuf *); 379static void iwm_notif_intr(struct iwm_softc *); 380static void iwm_intr(void *); 381static int iwm_attach(device_t); 382static int iwm_is_valid_ether_addr(uint8_t *); 383static void iwm_preinit(void *); 384static int iwm_detach_local(struct iwm_softc *sc, int); 385static void iwm_init_task(void *); 386static void iwm_radiotap_attach(struct iwm_softc *); 387static struct ieee80211vap * 388 iwm_vap_create(struct ieee80211com *, 389 const char [IFNAMSIZ], int, 390 enum ieee80211_opmode, int, 391 const uint8_t [IEEE80211_ADDR_LEN], 392 const uint8_t [IEEE80211_ADDR_LEN]); 393static void iwm_vap_delete(struct ieee80211vap *); 394static void iwm_scan_start(struct ieee80211com *); 395static void iwm_scan_end(struct ieee80211com *); 396static void iwm_update_mcast(struct ieee80211com *); 397static void iwm_set_channel(struct ieee80211com *); 398static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long); 399static void iwm_scan_mindwell(struct ieee80211_scan_state *); 400static int iwm_detach(device_t); 401 402static int iwm_lar_disable = 0; 403TUNABLE_INT("hw.iwm.lar.disable", &iwm_lar_disable); 404 405/* 406 * Firmware parser. 407 */ 408 409static int 410iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen) 411{ 412 const struct iwm_fw_cscheme_list *l = (const void *)data; 413 414 if (dlen < sizeof(*l) || 415 dlen < sizeof(l->size) + l->size * sizeof(*l->cs)) 416 return EINVAL; 417 418 /* we don't actually store anything for now, always use s/w crypto */ 419 420 return 0; 421} 422 423static int 424iwm_firmware_store_section(struct iwm_softc *sc, 425 enum iwm_ucode_type type, const uint8_t *data, size_t dlen) 426{ 427 struct iwm_fw_sects *fws; 428 struct iwm_fw_desc *fwone; 429 430 if (type >= IWM_UCODE_TYPE_MAX) 431 return EINVAL; 432 if (dlen < sizeof(uint32_t)) 433 return EINVAL; 434 435 fws = &sc->sc_fw.fw_sects[type]; 436 if (fws->fw_count >= IWM_UCODE_SECTION_MAX) 437 return EINVAL; 438 439 fwone = &fws->fw_sect[fws->fw_count]; 440 441 /* first 32bit are device load offset */ 442 memcpy(&fwone->offset, data, sizeof(uint32_t)); 443 444 /* rest is data */ 445 fwone->data = data + sizeof(uint32_t); 446 fwone->len = dlen - sizeof(uint32_t); 447 448 fws->fw_count++; 449 450 return 0; 451} 452 453#define IWM_DEFAULT_SCAN_CHANNELS 40 454 455/* iwlwifi: iwl-drv.c */ 456struct iwm_tlv_calib_data { 457 uint32_t ucode_type; 458 struct iwm_tlv_calib_ctrl calib; 459} __packed; 460 461static int 462iwm_set_default_calib(struct iwm_softc *sc, const void *data) 463{ 464 const struct iwm_tlv_calib_data *def_calib = data; 465 uint32_t ucode_type = le32toh(def_calib->ucode_type); 466 467 if (ucode_type >= IWM_UCODE_TYPE_MAX) { 468 device_printf(sc->sc_dev, 469 "Wrong ucode_type %u for default " 470 "calibration.\n", ucode_type); 471 return EINVAL; 472 } 473 474 sc->sc_default_calib[ucode_type].flow_trigger = 475 def_calib->calib.flow_trigger; 476 sc->sc_default_calib[ucode_type].event_trigger = 477 def_calib->calib.event_trigger; 478 479 return 0; 480} 481 482static int 483iwm_set_ucode_api_flags(struct iwm_softc *sc, const uint8_t *data, 484 struct iwm_ucode_capabilities *capa) 485{ 486 const struct iwm_ucode_api *ucode_api = (const void *)data; 487 uint32_t api_index = le32toh(ucode_api->api_index); 488 uint32_t api_flags = le32toh(ucode_api->api_flags); 489 int i; 490 491 if (api_index >= howmany(IWM_NUM_UCODE_TLV_API, 32)) { 492 device_printf(sc->sc_dev, 493 "api flags index %d larger than supported by driver\n", 494 api_index); 495 /* don't return an error so we can load FW that has more bits */ 496 return 0; 497 } 498 499 for (i = 0; i < 32; i++) { 500 if (api_flags & (1U << i)) 501 setbit(capa->enabled_api, i + 32 * api_index); 502 } 503 504 return 0; 505} 506 507static int 508iwm_set_ucode_capabilities(struct iwm_softc *sc, const uint8_t *data, 509 struct iwm_ucode_capabilities *capa) 510{ 511 const struct iwm_ucode_capa *ucode_capa = (const void *)data; 512 uint32_t api_index = le32toh(ucode_capa->api_index); 513 uint32_t api_flags = le32toh(ucode_capa->api_capa); 514 int i; 515 516 if (api_index >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) { 517 device_printf(sc->sc_dev, 518 "capa flags index %d larger than supported by driver\n", 519 api_index); 520 /* don't return an error so we can load FW that has more bits */ 521 return 0; 522 } 523 524 for (i = 0; i < 32; i++) { 525 if (api_flags & (1U << i)) 526 setbit(capa->enabled_capa, i + 32 * api_index); 527 } 528 529 return 0; 530} 531 532static void 533iwm_fw_info_free(struct iwm_fw_info *fw) 534{ 535 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD); 536 fw->fw_fp = NULL; 537 /* don't touch fw->fw_status */ 538 memset(fw->fw_sects, 0, sizeof(fw->fw_sects)); 539} 540 541static int 542iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 543{ 544 struct iwm_fw_info *fw = &sc->sc_fw; 545 const struct iwm_tlv_ucode_header *uhdr; 546 const struct iwm_ucode_tlv *tlv; 547 struct iwm_ucode_capabilities *capa = &sc->ucode_capa; 548 enum iwm_ucode_tlv_type tlv_type; 549 const struct firmware *fwp; 550 const uint8_t *data; 551 uint32_t tlv_len; 552 uint32_t usniffer_img; 553 const uint8_t *tlv_data; 554 uint32_t paging_mem_size; 555 int num_of_cpus; 556 int error = 0; 557 size_t len; 558 559 if (fw->fw_status == IWM_FW_STATUS_DONE && 560 ucode_type != IWM_UCODE_INIT) 561 return 0; 562 563 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS) 564 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0); 565 fw->fw_status = IWM_FW_STATUS_INPROGRESS; 566 567 if (fw->fw_fp != NULL) 568 iwm_fw_info_free(fw); 569 570 /* 571 * Load firmware into driver memory. 572 * fw_fp will be set. 573 */ 574 IWM_UNLOCK(sc); 575 fwp = firmware_get(sc->cfg->fw_name); 576 IWM_LOCK(sc); 577 if (fwp == NULL) { 578 device_printf(sc->sc_dev, 579 "could not read firmware %s (error %d)\n", 580 sc->cfg->fw_name, error); 581 goto out; 582 } 583 fw->fw_fp = fwp; 584 585 /* (Re-)Initialize default values. */ 586 capa->flags = 0; 587 capa->max_probe_length = IWM_DEFAULT_MAX_PROBE_LENGTH; 588 capa->n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS; 589 memset(capa->enabled_capa, 0, sizeof(capa->enabled_capa)); 590 memset(capa->enabled_api, 0, sizeof(capa->enabled_api)); 591 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc)); 592 593 /* 594 * Parse firmware contents 595 */ 596 597 uhdr = (const void *)fw->fw_fp->data; 598 if (*(const uint32_t *)fw->fw_fp->data != 0 599 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) { 600 device_printf(sc->sc_dev, "invalid firmware %s\n", 601 sc->cfg->fw_name); 602 error = EINVAL; 603 goto out; 604 } 605 606 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%u.%u (API ver %u)", 607 IWM_UCODE_MAJOR(le32toh(uhdr->ver)), 608 IWM_UCODE_MINOR(le32toh(uhdr->ver)), 609 IWM_UCODE_API(le32toh(uhdr->ver))); 610 data = uhdr->data; 611 len = fw->fw_fp->datasize - sizeof(*uhdr); 612 613 while (len >= sizeof(*tlv)) { 614 len -= sizeof(*tlv); 615 tlv = (const void *)data; 616 617 tlv_len = le32toh(tlv->length); 618 tlv_type = le32toh(tlv->type); 619 tlv_data = tlv->data; 620 621 if (len < tlv_len) { 622 device_printf(sc->sc_dev, 623 "firmware too short: %zu bytes\n", 624 len); 625 error = EINVAL; 626 goto parse_out; 627 } 628 len -= roundup2(tlv_len, 4); 629 data += sizeof(tlv) + roundup2(tlv_len, 4); 630 631 switch ((int)tlv_type) { 632 case IWM_UCODE_TLV_PROBE_MAX_LEN: 633 if (tlv_len != sizeof(uint32_t)) { 634 device_printf(sc->sc_dev, 635 "%s: PROBE_MAX_LEN (%d) != sizeof(uint32_t)\n", 636 __func__, 637 (int) tlv_len); 638 error = EINVAL; 639 goto parse_out; 640 } 641 capa->max_probe_length = 642 le32_to_cpup((const uint32_t *)tlv_data); 643 /* limit it to something sensible */ 644 if (capa->max_probe_length > 645 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) { 646 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 647 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN " 648 "ridiculous\n", __func__); 649 error = EINVAL; 650 goto parse_out; 651 } 652 break; 653 case IWM_UCODE_TLV_PAN: 654 if (tlv_len) { 655 device_printf(sc->sc_dev, 656 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n", 657 __func__, 658 (int) tlv_len); 659 error = EINVAL; 660 goto parse_out; 661 } 662 capa->flags |= IWM_UCODE_TLV_FLAGS_PAN; 663 break; 664 case IWM_UCODE_TLV_FLAGS: 665 if (tlv_len < sizeof(uint32_t)) { 666 device_printf(sc->sc_dev, 667 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n", 668 __func__, 669 (int) tlv_len); 670 error = EINVAL; 671 goto parse_out; 672 } 673 if (tlv_len % sizeof(uint32_t)) { 674 device_printf(sc->sc_dev, 675 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) %% sizeof(uint32_t)\n", 676 __func__, 677 (int) tlv_len); 678 error = EINVAL; 679 goto parse_out; 680 } 681 /* 682 * Apparently there can be many flags, but Linux driver 683 * parses only the first one, and so do we. 684 * 685 * XXX: why does this override IWM_UCODE_TLV_PAN? 686 * Intentional or a bug? Observations from 687 * current firmware file: 688 * 1) TLV_PAN is parsed first 689 * 2) TLV_FLAGS contains TLV_FLAGS_PAN 690 * ==> this resets TLV_PAN to itself... hnnnk 691 */ 692 capa->flags = le32_to_cpup((const uint32_t *)tlv_data); 693 break; 694 case IWM_UCODE_TLV_CSCHEME: 695 if ((error = iwm_store_cscheme(sc, 696 tlv_data, tlv_len)) != 0) { 697 device_printf(sc->sc_dev, 698 "%s: iwm_store_cscheme(): returned %d\n", 699 __func__, 700 error); 701 goto parse_out; 702 } 703 break; 704 case IWM_UCODE_TLV_NUM_OF_CPU: 705 if (tlv_len != sizeof(uint32_t)) { 706 device_printf(sc->sc_dev, 707 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) != sizeof(uint32_t)\n", 708 __func__, 709 (int) tlv_len); 710 error = EINVAL; 711 goto parse_out; 712 } 713 num_of_cpus = le32_to_cpup((const uint32_t *)tlv_data); 714 if (num_of_cpus == 2) { 715 fw->fw_sects[IWM_UCODE_REGULAR].is_dual_cpus = 716 TRUE; 717 fw->fw_sects[IWM_UCODE_INIT].is_dual_cpus = 718 TRUE; 719 fw->fw_sects[IWM_UCODE_WOWLAN].is_dual_cpus = 720 TRUE; 721 } else if ((num_of_cpus > 2) || (num_of_cpus < 1)) { 722 device_printf(sc->sc_dev, 723 "%s: Driver supports only 1 or 2 CPUs\n", 724 __func__); 725 error = EINVAL; 726 goto parse_out; 727 } 728 break; 729 case IWM_UCODE_TLV_SEC_RT: 730 if ((error = iwm_firmware_store_section(sc, 731 IWM_UCODE_REGULAR, tlv_data, tlv_len)) != 0) { 732 device_printf(sc->sc_dev, 733 "%s: IWM_UCODE_REGULAR: iwm_firmware_store_section() failed; %d\n", 734 __func__, 735 error); 736 goto parse_out; 737 } 738 break; 739 case IWM_UCODE_TLV_SEC_INIT: 740 if ((error = iwm_firmware_store_section(sc, 741 IWM_UCODE_INIT, tlv_data, tlv_len)) != 0) { 742 device_printf(sc->sc_dev, 743 "%s: IWM_UCODE_INIT: iwm_firmware_store_section() failed; %d\n", 744 __func__, 745 error); 746 goto parse_out; 747 } 748 break; 749 case IWM_UCODE_TLV_SEC_WOWLAN: 750 if ((error = iwm_firmware_store_section(sc, 751 IWM_UCODE_WOWLAN, tlv_data, tlv_len)) != 0) { 752 device_printf(sc->sc_dev, 753 "%s: IWM_UCODE_WOWLAN: iwm_firmware_store_section() failed; %d\n", 754 __func__, 755 error); 756 goto parse_out; 757 } 758 break; 759 case IWM_UCODE_TLV_DEF_CALIB: 760 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) { 761 device_printf(sc->sc_dev, 762 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n", 763 __func__, 764 (int) tlv_len, 765 (int) sizeof(struct iwm_tlv_calib_data)); 766 error = EINVAL; 767 goto parse_out; 768 } 769 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) { 770 device_printf(sc->sc_dev, 771 "%s: iwm_set_default_calib() failed: %d\n", 772 __func__, 773 error); 774 goto parse_out; 775 } 776 break; 777 case IWM_UCODE_TLV_PHY_SKU: 778 if (tlv_len != sizeof(uint32_t)) { 779 error = EINVAL; 780 device_printf(sc->sc_dev, 781 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n", 782 __func__, 783 (int) tlv_len); 784 goto parse_out; 785 } 786 sc->sc_fw.phy_config = 787 le32_to_cpup((const uint32_t *)tlv_data); 788 sc->sc_fw.valid_tx_ant = (sc->sc_fw.phy_config & 789 IWM_FW_PHY_CFG_TX_CHAIN) >> 790 IWM_FW_PHY_CFG_TX_CHAIN_POS; 791 sc->sc_fw.valid_rx_ant = (sc->sc_fw.phy_config & 792 IWM_FW_PHY_CFG_RX_CHAIN) >> 793 IWM_FW_PHY_CFG_RX_CHAIN_POS; 794 break; 795 796 case IWM_UCODE_TLV_API_CHANGES_SET: { 797 if (tlv_len != sizeof(struct iwm_ucode_api)) { 798 error = EINVAL; 799 goto parse_out; 800 } 801 if (iwm_set_ucode_api_flags(sc, tlv_data, capa)) { 802 error = EINVAL; 803 goto parse_out; 804 } 805 break; 806 } 807 808 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: { 809 if (tlv_len != sizeof(struct iwm_ucode_capa)) { 810 error = EINVAL; 811 goto parse_out; 812 } 813 if (iwm_set_ucode_capabilities(sc, tlv_data, capa)) { 814 error = EINVAL; 815 goto parse_out; 816 } 817 break; 818 } 819 820 case 48: /* undocumented TLV */ 821 case IWM_UCODE_TLV_SDIO_ADMA_ADDR: 822 case IWM_UCODE_TLV_FW_GSCAN_CAPA: 823 /* ignore, not used by current driver */ 824 break; 825 826 case IWM_UCODE_TLV_SEC_RT_USNIFFER: 827 if ((error = iwm_firmware_store_section(sc, 828 IWM_UCODE_REGULAR_USNIFFER, tlv_data, 829 tlv_len)) != 0) 830 goto parse_out; 831 break; 832 833 case IWM_UCODE_TLV_PAGING: 834 if (tlv_len != sizeof(uint32_t)) { 835 error = EINVAL; 836 goto parse_out; 837 } 838 paging_mem_size = le32_to_cpup((const uint32_t *)tlv_data); 839 840 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV, 841 "%s: Paging: paging enabled (size = %u bytes)\n", 842 __func__, paging_mem_size); 843 if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) { 844 device_printf(sc->sc_dev, 845 "%s: Paging: driver supports up to %u bytes for paging image\n", 846 __func__, IWM_MAX_PAGING_IMAGE_SIZE); 847 error = EINVAL; 848 goto out; 849 } 850 if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) { 851 device_printf(sc->sc_dev, 852 "%s: Paging: image isn't multiple %u\n", 853 __func__, IWM_FW_PAGING_SIZE); 854 error = EINVAL; 855 goto out; 856 } 857 858 sc->sc_fw.fw_sects[IWM_UCODE_REGULAR].paging_mem_size = 859 paging_mem_size; 860 usniffer_img = IWM_UCODE_REGULAR_USNIFFER; 861 sc->sc_fw.fw_sects[usniffer_img].paging_mem_size = 862 paging_mem_size; 863 break; 864 865 case IWM_UCODE_TLV_N_SCAN_CHANNELS: 866 if (tlv_len != sizeof(uint32_t)) { 867 error = EINVAL; 868 goto parse_out; 869 } 870 capa->n_scan_channels = 871 le32_to_cpup((const uint32_t *)tlv_data); 872 break; 873 874 case IWM_UCODE_TLV_FW_VERSION: 875 if (tlv_len != sizeof(uint32_t) * 3) { 876 error = EINVAL; 877 goto parse_out; 878 } 879 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), 880 "%d.%d.%d", 881 le32toh(((const uint32_t *)tlv_data)[0]), 882 le32toh(((const uint32_t *)tlv_data)[1]), 883 le32toh(((const uint32_t *)tlv_data)[2])); 884 break; 885 886 case IWM_UCODE_TLV_FW_MEM_SEG: 887 break; 888 889 default: 890 device_printf(sc->sc_dev, 891 "%s: unknown firmware section %d, abort\n", 892 __func__, tlv_type); 893 error = EINVAL; 894 goto parse_out; 895 } 896 } 897 898 KASSERT(error == 0, ("unhandled error")); 899 900 parse_out: 901 if (error) { 902 device_printf(sc->sc_dev, "firmware parse error %d, " 903 "section type %d\n", error, tlv_type); 904 } 905 906 out: 907 if (error) { 908 fw->fw_status = IWM_FW_STATUS_NONE; 909 if (fw->fw_fp != NULL) 910 iwm_fw_info_free(fw); 911 } else 912 fw->fw_status = IWM_FW_STATUS_DONE; 913 wakeup(&sc->sc_fw); 914 915 return error; 916} 917 918/* 919 * DMA resource routines 920 */ 921 922/* fwmem is used to load firmware onto the card */ 923static int 924iwm_alloc_fwmem(struct iwm_softc *sc) 925{ 926 /* Must be aligned on a 16-byte boundary. */ 927 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, 928 IWM_FH_MEM_TB_MAX_LENGTH, 16); 929} 930 931/* tx scheduler rings. not used? */ 932static int 933iwm_alloc_sched(struct iwm_softc *sc) 934{ 935 /* TX scheduler rings must be aligned on a 1KB boundary. */ 936 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma, 937 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024); 938} 939 940/* keep-warm page is used internally by the card. see iwl-fh.h for more info */ 941static int 942iwm_alloc_kw(struct iwm_softc *sc) 943{ 944 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096); 945} 946 947/* interrupt cause table */ 948static int 949iwm_alloc_ict(struct iwm_softc *sc) 950{ 951 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, 952 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT); 953} 954 955static int 956iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 957{ 958 bus_size_t size; 959 int i, error; 960 961 ring->cur = 0; 962 963 /* Allocate RX descriptors (256-byte aligned). */ 964 size = IWM_RX_RING_COUNT * sizeof(uint32_t); 965 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 966 if (error != 0) { 967 device_printf(sc->sc_dev, 968 "could not allocate RX ring DMA memory\n"); 969 goto fail; 970 } 971 ring->desc = ring->desc_dma.vaddr; 972 973 /* Allocate RX status area (16-byte aligned). */ 974 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma, 975 sizeof(*ring->stat), 16); 976 if (error != 0) { 977 device_printf(sc->sc_dev, 978 "could not allocate RX status DMA memory\n"); 979 goto fail; 980 } 981 ring->stat = ring->stat_dma.vaddr; 982 983 /* Create RX buffer DMA tag. */ 984 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 985 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 986 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat); 987 if (error != 0) { 988 device_printf(sc->sc_dev, 989 "%s: could not create RX buf DMA tag, error %d\n", 990 __func__, error); 991 goto fail; 992 } 993 994 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */ 995 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map); 996 if (error != 0) { 997 device_printf(sc->sc_dev, 998 "%s: could not create RX buf DMA map, error %d\n", 999 __func__, error); 1000 goto fail; 1001 } 1002 /* 1003 * Allocate and map RX buffers. 1004 */ 1005 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 1006 struct iwm_rx_data *data = &ring->data[i]; 1007 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1008 if (error != 0) { 1009 device_printf(sc->sc_dev, 1010 "%s: could not create RX buf DMA map, error %d\n", 1011 __func__, error); 1012 goto fail; 1013 } 1014 data->m = NULL; 1015 1016 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) { 1017 goto fail; 1018 } 1019 } 1020 return 0; 1021 1022fail: iwm_free_rx_ring(sc, ring); 1023 return error; 1024} 1025 1026static void 1027iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1028{ 1029 /* Reset the ring state */ 1030 ring->cur = 0; 1031 1032 /* 1033 * The hw rx ring index in shared memory must also be cleared, 1034 * otherwise the discrepancy can cause reprocessing chaos. 1035 */ 1036 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1037} 1038 1039static void 1040iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1041{ 1042 int i; 1043 1044 iwm_dma_contig_free(&ring->desc_dma); 1045 iwm_dma_contig_free(&ring->stat_dma); 1046 1047 for (i = 0; i < IWM_RX_RING_COUNT; i++) { 1048 struct iwm_rx_data *data = &ring->data[i]; 1049 1050 if (data->m != NULL) { 1051 bus_dmamap_sync(ring->data_dmat, data->map, 1052 BUS_DMASYNC_POSTREAD); 1053 bus_dmamap_unload(ring->data_dmat, data->map); 1054 m_freem(data->m); 1055 data->m = NULL; 1056 } 1057 if (data->map != NULL) { 1058 bus_dmamap_destroy(ring->data_dmat, data->map); 1059 data->map = NULL; 1060 } 1061 } 1062 if (ring->spare_map != NULL) { 1063 bus_dmamap_destroy(ring->data_dmat, ring->spare_map); 1064 ring->spare_map = NULL; 1065 } 1066 if (ring->data_dmat != NULL) { 1067 bus_dma_tag_destroy(ring->data_dmat); 1068 ring->data_dmat = NULL; 1069 } 1070} 1071 1072static int 1073iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid) 1074{ 1075 bus_addr_t paddr; 1076 bus_size_t size; 1077 size_t maxsize; 1078 int nsegments; 1079 int i, error; 1080 1081 ring->qid = qid; 1082 ring->queued = 0; 1083 ring->cur = 0; 1084 1085 /* Allocate TX descriptors (256-byte aligned). */ 1086 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd); 1087 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 1088 if (error != 0) { 1089 device_printf(sc->sc_dev, 1090 "could not allocate TX ring DMA memory\n"); 1091 goto fail; 1092 } 1093 ring->desc = ring->desc_dma.vaddr; 1094 1095 /* 1096 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need 1097 * to allocate commands space for other rings. 1098 */ 1099 if (qid > IWM_MVM_CMD_QUEUE) 1100 return 0; 1101 1102 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd); 1103 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4); 1104 if (error != 0) { 1105 device_printf(sc->sc_dev, 1106 "could not allocate TX cmd DMA memory\n"); 1107 goto fail; 1108 } 1109 ring->cmd = ring->cmd_dma.vaddr; 1110 1111 /* FW commands may require more mapped space than packets. */ 1112 if (qid == IWM_MVM_CMD_QUEUE) { 1113 maxsize = IWM_RBUF_SIZE; 1114 nsegments = 1; 1115 } else { 1116 maxsize = MCLBYTES; 1117 nsegments = IWM_MAX_SCATTER - 2; 1118 } 1119 1120 error = bus_dma_tag_create(sc->sc_dmat, 1, 0, 1121 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize, 1122 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat); 1123 if (error != 0) { 1124 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n"); 1125 goto fail; 1126 } 1127 1128 paddr = ring->cmd_dma.paddr; 1129 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1130 struct iwm_tx_data *data = &ring->data[i]; 1131 1132 data->cmd_paddr = paddr; 1133 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header) 1134 + offsetof(struct iwm_tx_cmd, scratch); 1135 paddr += sizeof(struct iwm_device_cmd); 1136 1137 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1138 if (error != 0) { 1139 device_printf(sc->sc_dev, 1140 "could not create TX buf DMA map\n"); 1141 goto fail; 1142 } 1143 } 1144 KASSERT(paddr == ring->cmd_dma.paddr + size, 1145 ("invalid physical address")); 1146 return 0; 1147 1148fail: iwm_free_tx_ring(sc, ring); 1149 return error; 1150} 1151 1152static void 1153iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1154{ 1155 int i; 1156 1157 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1158 struct iwm_tx_data *data = &ring->data[i]; 1159 1160 if (data->m != NULL) { 1161 bus_dmamap_sync(ring->data_dmat, data->map, 1162 BUS_DMASYNC_POSTWRITE); 1163 bus_dmamap_unload(ring->data_dmat, data->map); 1164 m_freem(data->m); 1165 data->m = NULL; 1166 } 1167 } 1168 /* Clear TX descriptors. */ 1169 memset(ring->desc, 0, ring->desc_dma.size); 1170 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1171 BUS_DMASYNC_PREWRITE); 1172 sc->qfullmsk &= ~(1 << ring->qid); 1173 ring->queued = 0; 1174 ring->cur = 0; 1175 1176 if (ring->qid == IWM_MVM_CMD_QUEUE && sc->cmd_hold_nic_awake) 1177 iwm_pcie_clear_cmd_in_flight(sc); 1178} 1179 1180static void 1181iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1182{ 1183 int i; 1184 1185 iwm_dma_contig_free(&ring->desc_dma); 1186 iwm_dma_contig_free(&ring->cmd_dma); 1187 1188 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1189 struct iwm_tx_data *data = &ring->data[i]; 1190 1191 if (data->m != NULL) { 1192 bus_dmamap_sync(ring->data_dmat, data->map, 1193 BUS_DMASYNC_POSTWRITE); 1194 bus_dmamap_unload(ring->data_dmat, data->map); 1195 m_freem(data->m); 1196 data->m = NULL; 1197 } 1198 if (data->map != NULL) { 1199 bus_dmamap_destroy(ring->data_dmat, data->map); 1200 data->map = NULL; 1201 } 1202 } 1203 if (ring->data_dmat != NULL) { 1204 bus_dma_tag_destroy(ring->data_dmat); 1205 ring->data_dmat = NULL; 1206 } 1207} 1208 1209/* 1210 * High-level hardware frobbing routines 1211 */ 1212 1213static void 1214iwm_enable_interrupts(struct iwm_softc *sc) 1215{ 1216 sc->sc_intmask = IWM_CSR_INI_SET_MASK; 1217 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1218} 1219 1220static void 1221iwm_restore_interrupts(struct iwm_softc *sc) 1222{ 1223 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1224} 1225 1226static void 1227iwm_disable_interrupts(struct iwm_softc *sc) 1228{ 1229 /* disable interrupts */ 1230 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 1231 1232 /* acknowledge all interrupts */ 1233 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1234 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0); 1235} 1236 1237static void 1238iwm_ict_reset(struct iwm_softc *sc) 1239{ 1240 iwm_disable_interrupts(sc); 1241 1242 /* Reset ICT table. */ 1243 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE); 1244 sc->ict_cur = 0; 1245 1246 /* Set physical address of ICT table (4KB aligned). */ 1247 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG, 1248 IWM_CSR_DRAM_INT_TBL_ENABLE 1249 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER 1250 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK 1251 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT); 1252 1253 /* Switch to ICT interrupt mode in driver. */ 1254 sc->sc_flags |= IWM_FLAG_USE_ICT; 1255 1256 /* Re-enable interrupts. */ 1257 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1258 iwm_enable_interrupts(sc); 1259} 1260 1261/* iwlwifi pcie/trans.c */ 1262 1263/* 1264 * Since this .. hard-resets things, it's time to actually 1265 * mark the first vap (if any) as having no mac context. 1266 * It's annoying, but since the driver is potentially being 1267 * stop/start'ed whilst active (thanks openbsd port!) we 1268 * have to correctly track this. 1269 */ 1270static void 1271iwm_stop_device(struct iwm_softc *sc) 1272{ 1273 struct ieee80211com *ic = &sc->sc_ic; 1274 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1275 int chnl, qid; 1276 uint32_t mask = 0; 1277 1278 /* tell the device to stop sending interrupts */ 1279 iwm_disable_interrupts(sc); 1280 1281 /* 1282 * FreeBSD-local: mark the first vap as not-uploaded, 1283 * so the next transition through auth/assoc 1284 * will correctly populate the MAC context. 1285 */ 1286 if (vap) { 1287 struct iwm_vap *iv = IWM_VAP(vap); 1288 iv->phy_ctxt = NULL; 1289 iv->is_uploaded = 0; 1290 } 1291 1292 /* device going down, Stop using ICT table */ 1293 sc->sc_flags &= ~IWM_FLAG_USE_ICT; 1294 1295 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */ 1296 1297 if (iwm_nic_lock(sc)) { 1298 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1299 1300 /* Stop each Tx DMA channel */ 1301 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1302 IWM_WRITE(sc, 1303 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0); 1304 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl); 1305 } 1306 1307 /* Wait for DMA channels to be idle */ 1308 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask, 1309 5000)) { 1310 device_printf(sc->sc_dev, 1311 "Failing on timeout while stopping DMA channel: [0x%08x]\n", 1312 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG)); 1313 } 1314 iwm_nic_unlock(sc); 1315 } 1316 iwm_pcie_rx_stop(sc); 1317 1318 /* Stop RX ring. */ 1319 iwm_reset_rx_ring(sc, &sc->rxq); 1320 1321 /* Reset all TX rings. */ 1322 for (qid = 0; qid < nitems(sc->txq); qid++) 1323 iwm_reset_tx_ring(sc, &sc->txq[qid]); 1324 1325 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 1326 /* Power-down device's busmaster DMA clocks */ 1327 if (iwm_nic_lock(sc)) { 1328 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, 1329 IWM_APMG_CLK_VAL_DMA_CLK_RQT); 1330 iwm_nic_unlock(sc); 1331 } 1332 DELAY(5); 1333 } 1334 1335 /* Make sure (redundant) we've released our request to stay awake */ 1336 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 1337 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1338 1339 /* Stop the device, and put it in low power state */ 1340 iwm_apm_stop(sc); 1341 1342 /* Upon stop, the APM issues an interrupt if HW RF kill is set. 1343 * Clean again the interrupt here 1344 */ 1345 iwm_disable_interrupts(sc); 1346 /* stop and reset the on-board processor */ 1347 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET); 1348 1349 /* 1350 * Even if we stop the HW, we still want the RF kill 1351 * interrupt 1352 */ 1353 iwm_enable_rfkill_int(sc); 1354 iwm_check_rfkill(sc); 1355} 1356 1357/* iwlwifi: mvm/ops.c */ 1358static void 1359iwm_mvm_nic_config(struct iwm_softc *sc) 1360{ 1361 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash; 1362 uint32_t reg_val = 0; 1363 uint32_t phy_config = iwm_mvm_get_phy_config(sc); 1364 1365 radio_cfg_type = (phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >> 1366 IWM_FW_PHY_CFG_RADIO_TYPE_POS; 1367 radio_cfg_step = (phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >> 1368 IWM_FW_PHY_CFG_RADIO_STEP_POS; 1369 radio_cfg_dash = (phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >> 1370 IWM_FW_PHY_CFG_RADIO_DASH_POS; 1371 1372 /* SKU control */ 1373 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) << 1374 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP; 1375 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) << 1376 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH; 1377 1378 /* radio configuration */ 1379 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE; 1380 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP; 1381 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH; 1382 1383 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val); 1384 1385 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1386 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type, 1387 radio_cfg_step, radio_cfg_dash); 1388 1389 /* 1390 * W/A : NIC is stuck in a reset state after Early PCIe power off 1391 * (PCIe power is lost before PERST# is asserted), causing ME FW 1392 * to lose ownership and not being able to obtain it back. 1393 */ 1394 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 1395 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG, 1396 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS, 1397 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS); 1398 } 1399} 1400 1401static int 1402iwm_nic_rx_init(struct iwm_softc *sc) 1403{ 1404 /* 1405 * Initialize RX ring. This is from the iwn driver. 1406 */ 1407 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 1408 1409 /* Stop Rx DMA */ 1410 iwm_pcie_rx_stop(sc); 1411 1412 if (!iwm_nic_lock(sc)) 1413 return EBUSY; 1414 1415 /* reset and flush pointers */ 1416 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0); 1417 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0); 1418 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0); 1419 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0); 1420 1421 /* Set physical address of RX ring (256-byte aligned). */ 1422 IWM_WRITE(sc, 1423 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8); 1424 1425 /* Set physical address of RX status (16-byte aligned). */ 1426 IWM_WRITE(sc, 1427 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4); 1428 1429 /* Enable Rx DMA 1430 * XXX 5000 HW isn't supported by the iwm(4) driver. 1431 * IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY is set because of HW bug in 1432 * the credit mechanism in 5000 HW RX FIFO 1433 * Direct rx interrupts to hosts 1434 * Rx buffer size 4 or 8k or 12k 1435 * RB timeout 0x10 1436 * 256 RBDs 1437 */ 1438 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 1439 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL | 1440 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */ 1441 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL | 1442 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K | 1443 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) | 1444 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS); 1445 1446 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF); 1447 1448 /* W/A for interrupt coalescing bug in 7260 and 3160 */ 1449 if (sc->cfg->host_interrupt_operation_mode) 1450 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE); 1451 1452 /* 1453 * Thus sayeth el jefe (iwlwifi) via a comment: 1454 * 1455 * This value should initially be 0 (before preparing any 1456 * RBs), should be 8 after preparing the first 8 RBs (for example) 1457 */ 1458 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8); 1459 1460 iwm_nic_unlock(sc); 1461 1462 return 0; 1463} 1464 1465static int 1466iwm_nic_tx_init(struct iwm_softc *sc) 1467{ 1468 int qid; 1469 1470 if (!iwm_nic_lock(sc)) 1471 return EBUSY; 1472 1473 /* Deactivate TX scheduler. */ 1474 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 1475 1476 /* Set physical address of "keep warm" page (16-byte aligned). */ 1477 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4); 1478 1479 /* Initialize TX rings. */ 1480 for (qid = 0; qid < nitems(sc->txq); qid++) { 1481 struct iwm_tx_ring *txq = &sc->txq[qid]; 1482 1483 /* Set physical address of TX ring (256-byte aligned). */ 1484 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid), 1485 txq->desc_dma.paddr >> 8); 1486 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 1487 "%s: loading ring %d descriptors (%p) at %lx\n", 1488 __func__, 1489 qid, txq->desc, 1490 (unsigned long) (txq->desc_dma.paddr >> 8)); 1491 } 1492 1493 iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE); 1494 1495 iwm_nic_unlock(sc); 1496 1497 return 0; 1498} 1499 1500static int 1501iwm_nic_init(struct iwm_softc *sc) 1502{ 1503 int error; 1504 1505 iwm_apm_init(sc); 1506 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 1507 iwm_set_pwr(sc); 1508 1509 iwm_mvm_nic_config(sc); 1510 1511 if ((error = iwm_nic_rx_init(sc)) != 0) 1512 return error; 1513 1514 /* 1515 * Ditto for TX, from iwn 1516 */ 1517 if ((error = iwm_nic_tx_init(sc)) != 0) 1518 return error; 1519 1520 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 1521 "%s: shadow registers enabled\n", __func__); 1522 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff); 1523 1524 return 0; 1525} 1526 1527int 1528iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo) 1529{ 1530 if (!iwm_nic_lock(sc)) { 1531 device_printf(sc->sc_dev, 1532 "%s: cannot enable txq %d\n", 1533 __func__, 1534 qid); 1535 return EBUSY; 1536 } 1537 1538 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0); 1539 1540 if (qid == IWM_MVM_CMD_QUEUE) { 1541 /* unactivate before configuration */ 1542 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1543 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) 1544 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN)); 1545 1546 iwm_nic_unlock(sc); 1547 1548 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid)); 1549 1550 if (!iwm_nic_lock(sc)) { 1551 device_printf(sc->sc_dev, 1552 "%s: cannot enable txq %d\n", __func__, qid); 1553 return EBUSY; 1554 } 1555 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0); 1556 iwm_nic_unlock(sc); 1557 1558 iwm_write_mem32(sc, sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0); 1559 /* Set scheduler window size and frame limit. */ 1560 iwm_write_mem32(sc, 1561 sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) + 1562 sizeof(uint32_t), 1563 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) & 1564 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) | 1565 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) & 1566 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK)); 1567 1568 if (!iwm_nic_lock(sc)) { 1569 device_printf(sc->sc_dev, 1570 "%s: cannot enable txq %d\n", __func__, qid); 1571 return EBUSY; 1572 } 1573 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 1574 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) | 1575 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) | 1576 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) | 1577 IWM_SCD_QUEUE_STTS_REG_MSK); 1578 } else { 1579 struct iwm_scd_txq_cfg_cmd cmd; 1580 int error; 1581 1582 iwm_nic_unlock(sc); 1583 1584 memset(&cmd, 0, sizeof(cmd)); 1585 cmd.scd_queue = qid; 1586 cmd.enable = 1; 1587 cmd.sta_id = sta_id; 1588 cmd.tx_fifo = fifo; 1589 cmd.aggregate = 0; 1590 cmd.window = IWM_FRAME_LIMIT; 1591 1592 error = iwm_mvm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC, 1593 sizeof(cmd), &cmd); 1594 if (error) { 1595 device_printf(sc->sc_dev, 1596 "cannot enable txq %d\n", qid); 1597 return error; 1598 } 1599 1600 if (!iwm_nic_lock(sc)) 1601 return EBUSY; 1602 } 1603 1604 iwm_write_prph(sc, IWM_SCD_EN_CTRL, 1605 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid); 1606 1607 iwm_nic_unlock(sc); 1608 1609 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n", 1610 __func__, qid, fifo); 1611 1612 return 0; 1613} 1614 1615static int 1616iwm_trans_pcie_fw_alive(struct iwm_softc *sc, uint32_t scd_base_addr) 1617{ 1618 int error, chnl; 1619 1620 int clear_dwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND - 1621 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) / sizeof(uint32_t); 1622 1623 if (!iwm_nic_lock(sc)) 1624 return EBUSY; 1625 1626 iwm_ict_reset(sc); 1627 1628 sc->scd_base_addr = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR); 1629 if (scd_base_addr != 0 && 1630 scd_base_addr != sc->scd_base_addr) { 1631 device_printf(sc->sc_dev, 1632 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n", 1633 __func__, sc->scd_base_addr, scd_base_addr); 1634 } 1635 1636 iwm_nic_unlock(sc); 1637 1638 /* reset context data, TX status and translation data */ 1639 error = iwm_write_mem(sc, 1640 sc->scd_base_addr + IWM_SCD_CONTEXT_MEM_LOWER_BOUND, 1641 NULL, clear_dwords); 1642 if (error) 1643 return EBUSY; 1644 1645 if (!iwm_nic_lock(sc)) 1646 return EBUSY; 1647 1648 /* Set physical address of TX scheduler rings (1KB aligned). */ 1649 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10); 1650 1651 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0); 1652 1653 iwm_nic_unlock(sc); 1654 1655 /* enable command channel */ 1656 error = iwm_enable_txq(sc, 0 /* unused */, IWM_MVM_CMD_QUEUE, 7); 1657 if (error) 1658 return error; 1659 1660 if (!iwm_nic_lock(sc)) 1661 return EBUSY; 1662 1663 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff); 1664 1665 /* Enable DMA channels. */ 1666 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 1667 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 1668 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 1669 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE); 1670 } 1671 1672 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG, 1673 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN); 1674 1675 iwm_nic_unlock(sc); 1676 1677 /* Enable L1-Active */ 1678 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 1679 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG, 1680 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS); 1681 } 1682 1683 return error; 1684} 1685 1686/* 1687 * NVM read access and content parsing. We do not support 1688 * external NVM or writing NVM. 1689 * iwlwifi/mvm/nvm.c 1690 */ 1691 1692/* Default NVM size to read */ 1693#define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024) 1694 1695#define IWM_NVM_WRITE_OPCODE 1 1696#define IWM_NVM_READ_OPCODE 0 1697 1698/* load nvm chunk response */ 1699enum { 1700 IWM_READ_NVM_CHUNK_SUCCEED = 0, 1701 IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS = 1 1702}; 1703 1704static int 1705iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section, 1706 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len) 1707{ 1708 struct iwm_nvm_access_cmd nvm_access_cmd = { 1709 .offset = htole16(offset), 1710 .length = htole16(length), 1711 .type = htole16(section), 1712 .op_code = IWM_NVM_READ_OPCODE, 1713 }; 1714 struct iwm_nvm_access_resp *nvm_resp; 1715 struct iwm_rx_packet *pkt; 1716 struct iwm_host_cmd cmd = { 1717 .id = IWM_NVM_ACCESS_CMD, 1718 .flags = IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL, 1719 .data = { &nvm_access_cmd, }, 1720 }; 1721 int ret, bytes_read, offset_read; 1722 uint8_t *resp_data; 1723 1724 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd); 1725 1726 ret = iwm_send_cmd(sc, &cmd); 1727 if (ret) { 1728 device_printf(sc->sc_dev, 1729 "Could not send NVM_ACCESS command (error=%d)\n", ret); 1730 return ret; 1731 } 1732 1733 pkt = cmd.resp_pkt; 1734 1735 /* Extract NVM response */ 1736 nvm_resp = (void *)pkt->data; 1737 ret = le16toh(nvm_resp->status); 1738 bytes_read = le16toh(nvm_resp->length); 1739 offset_read = le16toh(nvm_resp->offset); 1740 resp_data = nvm_resp->data; 1741 if (ret) { 1742 if ((offset != 0) && 1743 (ret == IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS)) { 1744 /* 1745 * meaning of NOT_VALID_ADDRESS: 1746 * driver try to read chunk from address that is 1747 * multiple of 2K and got an error since addr is empty. 1748 * meaning of (offset != 0): driver already 1749 * read valid data from another chunk so this case 1750 * is not an error. 1751 */ 1752 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1753 "NVM access command failed on offset 0x%x since that section size is multiple 2K\n", 1754 offset); 1755 *len = 0; 1756 ret = 0; 1757 } else { 1758 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1759 "NVM access command failed with status %d\n", ret); 1760 ret = EIO; 1761 } 1762 goto exit; 1763 } 1764 1765 if (offset_read != offset) { 1766 device_printf(sc->sc_dev, 1767 "NVM ACCESS response with invalid offset %d\n", 1768 offset_read); 1769 ret = EINVAL; 1770 goto exit; 1771 } 1772 1773 if (bytes_read > length) { 1774 device_printf(sc->sc_dev, 1775 "NVM ACCESS response with too much data " 1776 "(%d bytes requested, %d bytes received)\n", 1777 length, bytes_read); 1778 ret = EINVAL; 1779 goto exit; 1780 } 1781 1782 /* Write data to NVM */ 1783 memcpy(data + offset, resp_data, bytes_read); 1784 *len = bytes_read; 1785 1786 exit: 1787 iwm_free_resp(sc, &cmd); 1788 return ret; 1789} 1790 1791/* 1792 * Reads an NVM section completely. 1793 * NICs prior to 7000 family don't have a real NVM, but just read 1794 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited 1795 * by uCode, we need to manually check in this case that we don't 1796 * overflow and try to read more than the EEPROM size. 1797 * For 7000 family NICs, we supply the maximal size we can read, and 1798 * the uCode fills the response with as much data as we can, 1799 * without overflowing, so no check is needed. 1800 */ 1801static int 1802iwm_nvm_read_section(struct iwm_softc *sc, 1803 uint16_t section, uint8_t *data, uint16_t *len, uint32_t size_read) 1804{ 1805 uint16_t seglen, length, offset = 0; 1806 int ret; 1807 1808 /* Set nvm section read length */ 1809 length = IWM_NVM_DEFAULT_CHUNK_SIZE; 1810 1811 seglen = length; 1812 1813 /* Read the NVM until exhausted (reading less than requested) */ 1814 while (seglen == length) { 1815 /* Check no memory assumptions fail and cause an overflow */ 1816 if ((size_read + offset + length) > 1817 sc->cfg->eeprom_size) { 1818 device_printf(sc->sc_dev, 1819 "EEPROM size is too small for NVM\n"); 1820 return ENOBUFS; 1821 } 1822 1823 ret = iwm_nvm_read_chunk(sc, section, offset, length, data, &seglen); 1824 if (ret) { 1825 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1826 "Cannot read NVM from section %d offset %d, length %d\n", 1827 section, offset, length); 1828 return ret; 1829 } 1830 offset += seglen; 1831 } 1832 1833 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 1834 "NVM section %d read completed\n", section); 1835 *len = offset; 1836 return 0; 1837} 1838 1839/* 1840 * BEGIN IWM_NVM_PARSE 1841 */ 1842 1843/* iwlwifi/iwl-nvm-parse.c */ 1844 1845/* NVM offsets (in words) definitions */ 1846enum iwm_nvm_offsets { 1847 /* NVM HW-Section offset (in words) definitions */ 1848 IWM_HW_ADDR = 0x15, 1849 1850/* NVM SW-Section offset (in words) definitions */ 1851 IWM_NVM_SW_SECTION = 0x1C0, 1852 IWM_NVM_VERSION = 0, 1853 IWM_RADIO_CFG = 1, 1854 IWM_SKU = 2, 1855 IWM_N_HW_ADDRS = 3, 1856 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION, 1857 1858/* NVM calibration section offset (in words) definitions */ 1859 IWM_NVM_CALIB_SECTION = 0x2B8, 1860 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION 1861}; 1862 1863enum iwm_8000_nvm_offsets { 1864 /* NVM HW-Section offset (in words) definitions */ 1865 IWM_HW_ADDR0_WFPM_8000 = 0x12, 1866 IWM_HW_ADDR1_WFPM_8000 = 0x16, 1867 IWM_HW_ADDR0_PCIE_8000 = 0x8A, 1868 IWM_HW_ADDR1_PCIE_8000 = 0x8E, 1869 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1, 1870 1871 /* NVM SW-Section offset (in words) definitions */ 1872 IWM_NVM_SW_SECTION_8000 = 0x1C0, 1873 IWM_NVM_VERSION_8000 = 0, 1874 IWM_RADIO_CFG_8000 = 0, 1875 IWM_SKU_8000 = 2, 1876 IWM_N_HW_ADDRS_8000 = 3, 1877 1878 /* NVM REGULATORY -Section offset (in words) definitions */ 1879 IWM_NVM_CHANNELS_8000 = 0, 1880 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7, 1881 IWM_NVM_LAR_OFFSET_8000 = 0x507, 1882 IWM_NVM_LAR_ENABLED_8000 = 0x7, 1883 1884 /* NVM calibration section offset (in words) definitions */ 1885 IWM_NVM_CALIB_SECTION_8000 = 0x2B8, 1886 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000 1887}; 1888 1889/* SKU Capabilities (actual values from NVM definition) */ 1890enum nvm_sku_bits { 1891 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0), 1892 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1), 1893 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2), 1894 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3), 1895}; 1896 1897/* radio config bits (actual values from NVM definition) */ 1898#define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */ 1899#define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */ 1900#define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */ 1901#define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */ 1902#define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */ 1903#define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */ 1904 1905#define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF) 1906#define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF) 1907#define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF) 1908#define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF) 1909#define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF) 1910#define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF) 1911 1912#define DEFAULT_MAX_TX_POWER 16 1913 1914/** 1915 * enum iwm_nvm_channel_flags - channel flags in NVM 1916 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo 1917 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel 1918 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed 1919 * @IWM_NVM_CHANNEL_RADAR: radar detection required 1920 * XXX cannot find this (DFS) flag in iwm-nvm-parse.c 1921 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate 1922 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?) 1923 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?) 1924 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?) 1925 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?) 1926 */ 1927enum iwm_nvm_channel_flags { 1928 IWM_NVM_CHANNEL_VALID = (1 << 0), 1929 IWM_NVM_CHANNEL_IBSS = (1 << 1), 1930 IWM_NVM_CHANNEL_ACTIVE = (1 << 3), 1931 IWM_NVM_CHANNEL_RADAR = (1 << 4), 1932 IWM_NVM_CHANNEL_DFS = (1 << 7), 1933 IWM_NVM_CHANNEL_WIDE = (1 << 8), 1934 IWM_NVM_CHANNEL_40MHZ = (1 << 9), 1935 IWM_NVM_CHANNEL_80MHZ = (1 << 10), 1936 IWM_NVM_CHANNEL_160MHZ = (1 << 11), 1937}; 1938 1939/* 1940 * Translate EEPROM flags to net80211. 1941 */ 1942static uint32_t 1943iwm_eeprom_channel_flags(uint16_t ch_flags) 1944{ 1945 uint32_t nflags; 1946 1947 nflags = 0; 1948 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0) 1949 nflags |= IEEE80211_CHAN_PASSIVE; 1950 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0) 1951 nflags |= IEEE80211_CHAN_NOADHOC; 1952 if (ch_flags & IWM_NVM_CHANNEL_RADAR) { 1953 nflags |= IEEE80211_CHAN_DFS; 1954 /* Just in case. */ 1955 nflags |= IEEE80211_CHAN_NOADHOC; 1956 } 1957 1958 return (nflags); 1959} 1960 1961static void 1962iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[], 1963 int maxchans, int *nchans, int ch_idx, size_t ch_num, 1964 const uint8_t bands[]) 1965{ 1966 const uint16_t * const nvm_ch_flags = sc->nvm_data->nvm_ch_flags; 1967 uint32_t nflags; 1968 uint16_t ch_flags; 1969 uint8_t ieee; 1970 int error; 1971 1972 for (; ch_idx < ch_num; ch_idx++) { 1973 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx); 1974 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 1975 ieee = iwm_nvm_channels[ch_idx]; 1976 else 1977 ieee = iwm_nvm_channels_8000[ch_idx]; 1978 1979 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) { 1980 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 1981 "Ch. %d Flags %x [%sGHz] - No traffic\n", 1982 ieee, ch_flags, 1983 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 1984 "5.2" : "2.4"); 1985 continue; 1986 } 1987 1988 nflags = iwm_eeprom_channel_flags(ch_flags); 1989 error = ieee80211_add_channel(chans, maxchans, nchans, 1990 ieee, 0, 0, nflags, bands); 1991 if (error != 0) 1992 break; 1993 1994 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, 1995 "Ch. %d Flags %x [%sGHz] - Added\n", 1996 ieee, ch_flags, 1997 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ? 1998 "5.2" : "2.4"); 1999 } 2000} 2001 2002static void 2003iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans, 2004 struct ieee80211_channel chans[]) 2005{ 2006 struct iwm_softc *sc = ic->ic_softc; 2007 struct iwm_nvm_data *data = sc->nvm_data; 2008 uint8_t bands[IEEE80211_MODE_BYTES]; 2009 size_t ch_num; 2010 2011 memset(bands, 0, sizeof(bands)); 2012 /* 1-13: 11b/g channels. */ 2013 setbit(bands, IEEE80211_MODE_11B); 2014 setbit(bands, IEEE80211_MODE_11G); 2015 iwm_add_channel_band(sc, chans, maxchans, nchans, 0, 2016 IWM_NUM_2GHZ_CHANNELS - 1, bands); 2017 2018 /* 14: 11b channel only. */ 2019 clrbit(bands, IEEE80211_MODE_11G); 2020 iwm_add_channel_band(sc, chans, maxchans, nchans, 2021 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands); 2022 2023 if (data->sku_cap_band_52GHz_enable) { 2024 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 2025 ch_num = nitems(iwm_nvm_channels); 2026 else 2027 ch_num = nitems(iwm_nvm_channels_8000); 2028 memset(bands, 0, sizeof(bands)); 2029 setbit(bands, IEEE80211_MODE_11A); 2030 iwm_add_channel_band(sc, chans, maxchans, nchans, 2031 IWM_NUM_2GHZ_CHANNELS, ch_num, bands); 2032 } 2033} 2034 2035static void 2036iwm_set_hw_address_family_8000(struct iwm_softc *sc, struct iwm_nvm_data *data, 2037 const uint16_t *mac_override, const uint16_t *nvm_hw) 2038{ 2039 const uint8_t *hw_addr; 2040 2041 if (mac_override) { 2042 static const uint8_t reserved_mac[] = { 2043 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00 2044 }; 2045 2046 hw_addr = (const uint8_t *)(mac_override + 2047 IWM_MAC_ADDRESS_OVERRIDE_8000); 2048 2049 /* 2050 * Store the MAC address from MAO section. 2051 * No byte swapping is required in MAO section 2052 */ 2053 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr); 2054 2055 /* 2056 * Force the use of the OTP MAC address in case of reserved MAC 2057 * address in the NVM, or if address is given but invalid. 2058 */ 2059 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) && 2060 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) && 2061 iwm_is_valid_ether_addr(data->hw_addr) && 2062 !IEEE80211_IS_MULTICAST(data->hw_addr)) 2063 return; 2064 2065 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2066 "%s: mac address from nvm override section invalid\n", 2067 __func__); 2068 } 2069 2070 if (nvm_hw) { 2071 /* read the mac address from WFMP registers */ 2072 uint32_t mac_addr0 = 2073 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0)); 2074 uint32_t mac_addr1 = 2075 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1)); 2076 2077 hw_addr = (const uint8_t *)&mac_addr0; 2078 data->hw_addr[0] = hw_addr[3]; 2079 data->hw_addr[1] = hw_addr[2]; 2080 data->hw_addr[2] = hw_addr[1]; 2081 data->hw_addr[3] = hw_addr[0]; 2082 2083 hw_addr = (const uint8_t *)&mac_addr1; 2084 data->hw_addr[4] = hw_addr[1]; 2085 data->hw_addr[5] = hw_addr[0]; 2086 2087 return; 2088 } 2089 2090 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__); 2091 memset(data->hw_addr, 0, sizeof(data->hw_addr)); 2092} 2093 2094static int 2095iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2096 const uint16_t *phy_sku) 2097{ 2098 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2099 return le16_to_cpup(nvm_sw + IWM_SKU); 2100 2101 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000)); 2102} 2103 2104static int 2105iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2106{ 2107 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2108 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION); 2109 else 2110 return le32_to_cpup((const uint32_t *)(nvm_sw + 2111 IWM_NVM_VERSION_8000)); 2112} 2113 2114static int 2115iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw, 2116 const uint16_t *phy_sku) 2117{ 2118 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2119 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG); 2120 2121 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000)); 2122} 2123 2124static int 2125iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw) 2126{ 2127 int n_hw_addr; 2128 2129 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) 2130 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS); 2131 2132 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000)); 2133 2134 return n_hw_addr & IWM_N_HW_ADDR_MASK; 2135} 2136 2137static void 2138iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data, 2139 uint32_t radio_cfg) 2140{ 2141 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2142 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg); 2143 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg); 2144 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg); 2145 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg); 2146 return; 2147 } 2148 2149 /* set the radio configuration for family 8000 */ 2150 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg); 2151 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg); 2152 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg); 2153 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg); 2154 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg); 2155 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg); 2156} 2157 2158static int 2159iwm_set_hw_address(struct iwm_softc *sc, struct iwm_nvm_data *data, 2160 const uint16_t *nvm_hw, const uint16_t *mac_override) 2161{ 2162#ifdef notyet /* for FAMILY 9000 */ 2163 if (cfg->mac_addr_from_csr) { 2164 iwm_set_hw_address_from_csr(sc, data); 2165 } else 2166#endif 2167 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2168 const uint8_t *hw_addr = (const uint8_t *)(nvm_hw + IWM_HW_ADDR); 2169 2170 /* The byte order is little endian 16 bit, meaning 214365 */ 2171 data->hw_addr[0] = hw_addr[1]; 2172 data->hw_addr[1] = hw_addr[0]; 2173 data->hw_addr[2] = hw_addr[3]; 2174 data->hw_addr[3] = hw_addr[2]; 2175 data->hw_addr[4] = hw_addr[5]; 2176 data->hw_addr[5] = hw_addr[4]; 2177 } else { 2178 iwm_set_hw_address_family_8000(sc, data, mac_override, nvm_hw); 2179 } 2180 2181 if (!iwm_is_valid_ether_addr(data->hw_addr)) { 2182 device_printf(sc->sc_dev, "no valid mac address was found\n"); 2183 return EINVAL; 2184 } 2185 2186 return 0; 2187} 2188 2189static struct iwm_nvm_data * 2190iwm_parse_nvm_data(struct iwm_softc *sc, 2191 const uint16_t *nvm_hw, const uint16_t *nvm_sw, 2192 const uint16_t *nvm_calib, const uint16_t *mac_override, 2193 const uint16_t *phy_sku, const uint16_t *regulatory) 2194{ 2195 struct iwm_nvm_data *data; 2196 uint32_t sku, radio_cfg; 2197 uint16_t lar_config; 2198 2199 if (sc->cfg->device_family != IWM_DEVICE_FAMILY_8000) { 2200 data = malloc(sizeof(*data) + 2201 IWM_NUM_CHANNELS * sizeof(uint16_t), 2202 M_DEVBUF, M_NOWAIT | M_ZERO); 2203 } else { 2204 data = malloc(sizeof(*data) + 2205 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t), 2206 M_DEVBUF, M_NOWAIT | M_ZERO); 2207 } 2208 if (!data) 2209 return NULL; 2210 2211 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw); 2212 2213 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku); 2214 iwm_set_radio_cfg(sc, data, radio_cfg); 2215 2216 sku = iwm_get_sku(sc, nvm_sw, phy_sku); 2217 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ; 2218 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ; 2219 data->sku_cap_11n_enable = 0; 2220 2221 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw); 2222 2223 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 2224 uint16_t lar_offset = data->nvm_version < 0xE39 ? 2225 IWM_NVM_LAR_OFFSET_8000_OLD : 2226 IWM_NVM_LAR_OFFSET_8000; 2227 2228 lar_config = le16_to_cpup(regulatory + lar_offset); 2229 data->lar_enabled = !!(lar_config & 2230 IWM_NVM_LAR_ENABLED_8000); 2231 } 2232 2233 /* If no valid mac address was found - bail out */ 2234 if (iwm_set_hw_address(sc, data, nvm_hw, mac_override)) { 2235 free(data, M_DEVBUF); 2236 return NULL; 2237 } 2238 2239 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 2240 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS], 2241 IWM_NUM_CHANNELS * sizeof(uint16_t)); 2242 } else { 2243 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000], 2244 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t)); 2245 } 2246 2247 return data; 2248} 2249 2250static void 2251iwm_free_nvm_data(struct iwm_nvm_data *data) 2252{ 2253 if (data != NULL) 2254 free(data, M_DEVBUF); 2255} 2256 2257static struct iwm_nvm_data * 2258iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections) 2259{ 2260 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku; 2261 2262 /* Checking for required sections */ 2263 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) { 2264 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2265 !sections[sc->cfg->nvm_hw_section_num].data) { 2266 device_printf(sc->sc_dev, 2267 "Can't parse empty OTP/NVM sections\n"); 2268 return NULL; 2269 } 2270 } else if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 2271 /* SW and REGULATORY sections are mandatory */ 2272 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 2273 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) { 2274 device_printf(sc->sc_dev, 2275 "Can't parse empty OTP/NVM sections\n"); 2276 return NULL; 2277 } 2278 /* MAC_OVERRIDE or at least HW section must exist */ 2279 if (!sections[sc->cfg->nvm_hw_section_num].data && 2280 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) { 2281 device_printf(sc->sc_dev, 2282 "Can't parse mac_address, empty sections\n"); 2283 return NULL; 2284 } 2285 2286 /* PHY_SKU section is mandatory in B0 */ 2287 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) { 2288 device_printf(sc->sc_dev, 2289 "Can't parse phy_sku in B0, empty sections\n"); 2290 return NULL; 2291 } 2292 } else { 2293 panic("unknown device family %d\n", sc->cfg->device_family); 2294 } 2295 2296 hw = (const uint16_t *) sections[sc->cfg->nvm_hw_section_num].data; 2297 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data; 2298 calib = (const uint16_t *) 2299 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data; 2300 regulatory = (const uint16_t *) 2301 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data; 2302 mac_override = (const uint16_t *) 2303 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data; 2304 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data; 2305 2306 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override, 2307 phy_sku, regulatory); 2308} 2309 2310static int 2311iwm_nvm_init(struct iwm_softc *sc) 2312{ 2313 struct iwm_nvm_section nvm_sections[IWM_NVM_MAX_NUM_SECTIONS]; 2314 int i, ret, section; 2315 uint32_t size_read = 0; 2316 uint8_t *nvm_buffer, *temp; 2317 uint16_t len; 2318 2319 memset(nvm_sections, 0, sizeof(nvm_sections)); 2320 2321 if (sc->cfg->nvm_hw_section_num >= IWM_NVM_MAX_NUM_SECTIONS) 2322 return EINVAL; 2323 2324 /* load NVM values from nic */ 2325 /* Read From FW NVM */ 2326 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, "Read from NVM\n"); 2327 2328 nvm_buffer = malloc(sc->cfg->eeprom_size, M_DEVBUF, M_NOWAIT | M_ZERO); 2329 if (!nvm_buffer) 2330 return ENOMEM; 2331 for (section = 0; section < IWM_NVM_MAX_NUM_SECTIONS; section++) { 2332 /* we override the constness for initial read */ 2333 ret = iwm_nvm_read_section(sc, section, nvm_buffer, 2334 &len, size_read); 2335 if (ret) 2336 continue; 2337 size_read += len; 2338 temp = malloc(len, M_DEVBUF, M_NOWAIT); 2339 if (!temp) { 2340 ret = ENOMEM; 2341 break; 2342 } 2343 memcpy(temp, nvm_buffer, len); 2344 2345 nvm_sections[section].data = temp; 2346 nvm_sections[section].length = len; 2347 } 2348 if (!size_read) 2349 device_printf(sc->sc_dev, "OTP is blank\n"); 2350 free(nvm_buffer, M_DEVBUF); 2351 2352 sc->nvm_data = iwm_parse_nvm_sections(sc, nvm_sections); 2353 if (!sc->nvm_data) 2354 return EINVAL; 2355 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET, 2356 "nvm version = %x\n", sc->nvm_data->nvm_version); 2357 2358 for (i = 0; i < IWM_NVM_MAX_NUM_SECTIONS; i++) { 2359 if (nvm_sections[i].data != NULL) 2360 free(nvm_sections[i].data, M_DEVBUF); 2361 } 2362 2363 return 0; 2364} 2365 2366static int 2367iwm_pcie_load_section(struct iwm_softc *sc, uint8_t section_num, 2368 const struct iwm_fw_desc *section) 2369{ 2370 struct iwm_dma_info *dma = &sc->fw_dma; 2371 uint8_t *v_addr; 2372 bus_addr_t p_addr; 2373 uint32_t offset, chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, section->len); 2374 int ret = 0; 2375 2376 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2377 "%s: [%d] uCode section being loaded...\n", 2378 __func__, section_num); 2379 2380 v_addr = dma->vaddr; 2381 p_addr = dma->paddr; 2382 2383 for (offset = 0; offset < section->len; offset += chunk_sz) { 2384 uint32_t copy_size, dst_addr; 2385 int extended_addr = FALSE; 2386 2387 copy_size = MIN(chunk_sz, section->len - offset); 2388 dst_addr = section->offset + offset; 2389 2390 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 2391 dst_addr <= IWM_FW_MEM_EXTENDED_END) 2392 extended_addr = TRUE; 2393 2394 if (extended_addr) 2395 iwm_set_bits_prph(sc, IWM_LMPM_CHICK, 2396 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2397 2398 memcpy(v_addr, (const uint8_t *)section->data + offset, 2399 copy_size); 2400 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 2401 ret = iwm_pcie_load_firmware_chunk(sc, dst_addr, p_addr, 2402 copy_size); 2403 2404 if (extended_addr) 2405 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK, 2406 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 2407 2408 if (ret) { 2409 device_printf(sc->sc_dev, 2410 "%s: Could not load the [%d] uCode section\n", 2411 __func__, section_num); 2412 break; 2413 } 2414 } 2415 2416 return ret; 2417} 2418 2419/* 2420 * ucode 2421 */ 2422static int 2423iwm_pcie_load_firmware_chunk(struct iwm_softc *sc, uint32_t dst_addr, 2424 bus_addr_t phy_addr, uint32_t byte_cnt) 2425{ 2426 int ret; 2427 2428 sc->sc_fw_chunk_done = 0; 2429 2430 if (!iwm_nic_lock(sc)) 2431 return EBUSY; 2432 2433 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2434 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE); 2435 2436 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL), 2437 dst_addr); 2438 2439 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL), 2440 phy_addr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK); 2441 2442 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL), 2443 (iwm_get_dma_hi_addr(phy_addr) 2444 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt); 2445 2446 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL), 2447 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM | 2448 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX | 2449 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID); 2450 2451 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 2452 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 2453 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE | 2454 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD); 2455 2456 iwm_nic_unlock(sc); 2457 2458 /* wait up to 5s for this segment to load */ 2459 ret = 0; 2460 while (!sc->sc_fw_chunk_done) { 2461 ret = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz); 2462 if (ret) 2463 break; 2464 } 2465 2466 if (ret != 0) { 2467 device_printf(sc->sc_dev, 2468 "fw chunk addr 0x%x len %d failed to load\n", 2469 dst_addr, byte_cnt); 2470 return ETIMEDOUT; 2471 } 2472 2473 return 0; 2474} 2475 2476static int 2477iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc, 2478 const struct iwm_fw_sects *image, int cpu, int *first_ucode_section) 2479{ 2480 int shift_param; 2481 int i, ret = 0, sec_num = 0x1; 2482 uint32_t val, last_read_idx = 0; 2483 2484 if (cpu == 1) { 2485 shift_param = 0; 2486 *first_ucode_section = 0; 2487 } else { 2488 shift_param = 16; 2489 (*first_ucode_section)++; 2490 } 2491 2492 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) { 2493 last_read_idx = i; 2494 2495 /* 2496 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between 2497 * CPU1 to CPU2. 2498 * PAGING_SEPARATOR_SECTION delimiter - separate between 2499 * CPU2 non paged to CPU2 paging sec. 2500 */ 2501 if (!image->fw_sect[i].data || 2502 image->fw_sect[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION || 2503 image->fw_sect[i].offset == IWM_PAGING_SEPARATOR_SECTION) { 2504 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2505 "Break since Data not valid or Empty section, sec = %d\n", 2506 i); 2507 break; 2508 } 2509 ret = iwm_pcie_load_section(sc, i, &image->fw_sect[i]); 2510 if (ret) 2511 return ret; 2512 2513 /* Notify the ucode of the loaded section number and status */ 2514 if (iwm_nic_lock(sc)) { 2515 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS); 2516 val = val | (sec_num << shift_param); 2517 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val); 2518 sec_num = (sec_num << 1) | 0x1; 2519 iwm_nic_unlock(sc); 2520 } 2521 } 2522 2523 *first_ucode_section = last_read_idx; 2524 2525 iwm_enable_interrupts(sc); 2526 2527 if (iwm_nic_lock(sc)) { 2528 if (cpu == 1) 2529 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF); 2530 else 2531 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF); 2532 iwm_nic_unlock(sc); 2533 } 2534 2535 return 0; 2536} 2537 2538static int 2539iwm_pcie_load_cpu_sections(struct iwm_softc *sc, 2540 const struct iwm_fw_sects *image, int cpu, int *first_ucode_section) 2541{ 2542 int shift_param; 2543 int i, ret = 0; 2544 uint32_t last_read_idx = 0; 2545 2546 if (cpu == 1) { 2547 shift_param = 0; 2548 *first_ucode_section = 0; 2549 } else { 2550 shift_param = 16; 2551 (*first_ucode_section)++; 2552 } 2553 2554 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) { 2555 last_read_idx = i; 2556 2557 /* 2558 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between 2559 * CPU1 to CPU2. 2560 * PAGING_SEPARATOR_SECTION delimiter - separate between 2561 * CPU2 non paged to CPU2 paging sec. 2562 */ 2563 if (!image->fw_sect[i].data || 2564 image->fw_sect[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION || 2565 image->fw_sect[i].offset == IWM_PAGING_SEPARATOR_SECTION) { 2566 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2567 "Break since Data not valid or Empty section, sec = %d\n", 2568 i); 2569 break; 2570 } 2571 2572 ret = iwm_pcie_load_section(sc, i, &image->fw_sect[i]); 2573 if (ret) 2574 return ret; 2575 } 2576 2577 *first_ucode_section = last_read_idx; 2578 2579 return 0; 2580 2581} 2582 2583static int 2584iwm_pcie_load_given_ucode(struct iwm_softc *sc, 2585 const struct iwm_fw_sects *image) 2586{ 2587 int ret = 0; 2588 int first_ucode_section; 2589 2590 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n", 2591 image->is_dual_cpus ? "Dual" : "Single"); 2592 2593 /* load to FW the binary non secured sections of CPU1 */ 2594 ret = iwm_pcie_load_cpu_sections(sc, image, 1, &first_ucode_section); 2595 if (ret) 2596 return ret; 2597 2598 if (image->is_dual_cpus) { 2599 /* set CPU2 header address */ 2600 if (iwm_nic_lock(sc)) { 2601 iwm_write_prph(sc, 2602 IWM_LMPM_SECURE_UCODE_LOAD_CPU2_HDR_ADDR, 2603 IWM_LMPM_SECURE_CPU2_HDR_MEM_SPACE); 2604 iwm_nic_unlock(sc); 2605 } 2606 2607 /* load to FW the binary sections of CPU2 */ 2608 ret = iwm_pcie_load_cpu_sections(sc, image, 2, 2609 &first_ucode_section); 2610 if (ret) 2611 return ret; 2612 } 2613 2614 iwm_enable_interrupts(sc); 2615 2616 /* release CPU reset */ 2617 IWM_WRITE(sc, IWM_CSR_RESET, 0); 2618 2619 return 0; 2620} 2621 2622int 2623iwm_pcie_load_given_ucode_8000(struct iwm_softc *sc, 2624 const struct iwm_fw_sects *image) 2625{ 2626 int ret = 0; 2627 int first_ucode_section; 2628 2629 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n", 2630 image->is_dual_cpus ? "Dual" : "Single"); 2631 2632 /* configure the ucode to be ready to get the secured image */ 2633 /* release CPU reset */ 2634 if (iwm_nic_lock(sc)) { 2635 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET, 2636 IWM_RELEASE_CPU_RESET_BIT); 2637 iwm_nic_unlock(sc); 2638 } 2639 2640 /* load to FW the binary Secured sections of CPU1 */ 2641 ret = iwm_pcie_load_cpu_sections_8000(sc, image, 1, 2642 &first_ucode_section); 2643 if (ret) 2644 return ret; 2645 2646 /* load to FW the binary sections of CPU2 */ 2647 return iwm_pcie_load_cpu_sections_8000(sc, image, 2, 2648 &first_ucode_section); 2649} 2650 2651/* XXX Get rid of this definition */ 2652static inline void 2653iwm_enable_fw_load_int(struct iwm_softc *sc) 2654{ 2655 IWM_DPRINTF(sc, IWM_DEBUG_INTR, "Enabling FW load interrupt\n"); 2656 sc->sc_intmask = IWM_CSR_INT_BIT_FH_TX; 2657 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 2658} 2659 2660/* XXX Add proper rfkill support code */ 2661static int 2662iwm_start_fw(struct iwm_softc *sc, 2663 const struct iwm_fw_sects *fw) 2664{ 2665 int ret; 2666 2667 /* This may fail if AMT took ownership of the device */ 2668 if (iwm_prepare_card_hw(sc)) { 2669 device_printf(sc->sc_dev, 2670 "%s: Exit HW not ready\n", __func__); 2671 ret = EIO; 2672 goto out; 2673 } 2674 2675 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF); 2676 2677 iwm_disable_interrupts(sc); 2678 2679 /* make sure rfkill handshake bits are cleared */ 2680 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2681 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, 2682 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED); 2683 2684 /* clear (again), then enable host interrupts */ 2685 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF); 2686 2687 ret = iwm_nic_init(sc); 2688 if (ret) { 2689 device_printf(sc->sc_dev, "%s: Unable to init nic\n", __func__); 2690 goto out; 2691 } 2692 2693 /* 2694 * Now, we load the firmware and don't want to be interrupted, even 2695 * by the RF-Kill interrupt (hence mask all the interrupt besides the 2696 * FH_TX interrupt which is needed to load the firmware). If the 2697 * RF-Kill switch is toggled, we will find out after having loaded 2698 * the firmware and return the proper value to the caller. 2699 */ 2700 iwm_enable_fw_load_int(sc); 2701 2702 /* really make sure rfkill handshake bits are cleared */ 2703 /* maybe we should write a few times more? just to make sure */ 2704 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2705 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 2706 2707 /* Load the given image to the HW */ 2708 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 2709 ret = iwm_pcie_load_given_ucode_8000(sc, fw); 2710 else 2711 ret = iwm_pcie_load_given_ucode(sc, fw); 2712 2713 /* XXX re-check RF-Kill state */ 2714 2715out: 2716 return ret; 2717} 2718 2719static int 2720iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant) 2721{ 2722 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = { 2723 .valid = htole32(valid_tx_ant), 2724 }; 2725 2726 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD, 2727 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd); 2728} 2729 2730/* iwlwifi: mvm/fw.c */ 2731static int 2732iwm_send_phy_cfg_cmd(struct iwm_softc *sc) 2733{ 2734 struct iwm_phy_cfg_cmd phy_cfg_cmd; 2735 enum iwm_ucode_type ucode_type = sc->cur_ucode; 2736 2737 /* Set parameters */ 2738 phy_cfg_cmd.phy_cfg = htole32(iwm_mvm_get_phy_config(sc)); 2739 phy_cfg_cmd.calib_control.event_trigger = 2740 sc->sc_default_calib[ucode_type].event_trigger; 2741 phy_cfg_cmd.calib_control.flow_trigger = 2742 sc->sc_default_calib[ucode_type].flow_trigger; 2743 2744 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET, 2745 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg); 2746 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC, 2747 sizeof(phy_cfg_cmd), &phy_cfg_cmd); 2748} 2749 2750static int 2751iwm_alive_fn(struct iwm_softc *sc, struct iwm_rx_packet *pkt, void *data) 2752{ 2753 struct iwm_mvm_alive_data *alive_data = data; 2754 struct iwm_mvm_alive_resp_ver1 *palive1; 2755 struct iwm_mvm_alive_resp_ver2 *palive2; 2756 struct iwm_mvm_alive_resp *palive; 2757 2758 if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive1)) { 2759 palive1 = (void *)pkt->data; 2760 2761 sc->support_umac_log = FALSE; 2762 sc->error_event_table = 2763 le32toh(palive1->error_event_table_ptr); 2764 sc->log_event_table = 2765 le32toh(palive1->log_event_table_ptr); 2766 alive_data->scd_base_addr = le32toh(palive1->scd_base_ptr); 2767 2768 alive_data->valid = le16toh(palive1->status) == 2769 IWM_ALIVE_STATUS_OK; 2770 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2771 "Alive VER1 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n", 2772 le16toh(palive1->status), palive1->ver_type, 2773 palive1->ver_subtype, palive1->flags); 2774 } else if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive2)) { 2775 palive2 = (void *)pkt->data; 2776 sc->error_event_table = 2777 le32toh(palive2->error_event_table_ptr); 2778 sc->log_event_table = 2779 le32toh(palive2->log_event_table_ptr); 2780 alive_data->scd_base_addr = le32toh(palive2->scd_base_ptr); 2781 sc->umac_error_event_table = 2782 le32toh(palive2->error_info_addr); 2783 2784 alive_data->valid = le16toh(palive2->status) == 2785 IWM_ALIVE_STATUS_OK; 2786 if (sc->umac_error_event_table) 2787 sc->support_umac_log = TRUE; 2788 2789 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2790 "Alive VER2 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n", 2791 le16toh(palive2->status), palive2->ver_type, 2792 palive2->ver_subtype, palive2->flags); 2793 2794 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2795 "UMAC version: Major - 0x%x, Minor - 0x%x\n", 2796 palive2->umac_major, palive2->umac_minor); 2797 } else if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive)) { 2798 palive = (void *)pkt->data; 2799 2800 sc->error_event_table = 2801 le32toh(palive->error_event_table_ptr); 2802 sc->log_event_table = 2803 le32toh(palive->log_event_table_ptr); 2804 alive_data->scd_base_addr = le32toh(palive->scd_base_ptr); 2805 sc->umac_error_event_table = 2806 le32toh(palive->error_info_addr); 2807 2808 alive_data->valid = le16toh(palive->status) == 2809 IWM_ALIVE_STATUS_OK; 2810 if (sc->umac_error_event_table) 2811 sc->support_umac_log = TRUE; 2812 2813 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2814 "Alive VER3 ucode status 0x%04x revision 0x%01X 0x%01X flags 0x%01X\n", 2815 le16toh(palive->status), palive->ver_type, 2816 palive->ver_subtype, palive->flags); 2817 2818 IWM_DPRINTF(sc, IWM_DEBUG_RESET, 2819 "UMAC version: Major - 0x%x, Minor - 0x%x\n", 2820 le32toh(palive->umac_major), 2821 le32toh(palive->umac_minor)); 2822 } 2823 2824 return TRUE; 2825} 2826 2827static int 2828iwm_wait_phy_db_entry(struct iwm_softc *sc, 2829 struct iwm_rx_packet *pkt, void *data) 2830{ 2831 struct iwm_phy_db *phy_db = data; 2832 2833 if (pkt->hdr.code != IWM_CALIB_RES_NOTIF_PHY_DB) { 2834 if(pkt->hdr.code != IWM_INIT_COMPLETE_NOTIF) { 2835 device_printf(sc->sc_dev, "%s: Unexpected cmd: %d\n", 2836 __func__, pkt->hdr.code); 2837 } 2838 return TRUE; 2839 } 2840 2841 if (iwm_phy_db_set_section(phy_db, pkt)) { 2842 device_printf(sc->sc_dev, 2843 "%s: iwm_phy_db_set_section failed\n", __func__); 2844 } 2845 2846 return FALSE; 2847} 2848 2849static int 2850iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc, 2851 enum iwm_ucode_type ucode_type) 2852{ 2853 struct iwm_notification_wait alive_wait; 2854 struct iwm_mvm_alive_data alive_data; 2855 const struct iwm_fw_sects *fw; 2856 enum iwm_ucode_type old_type = sc->cur_ucode; 2857 int error; 2858 static const uint16_t alive_cmd[] = { IWM_MVM_ALIVE }; 2859 2860 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) { 2861 device_printf(sc->sc_dev, "iwm_read_firmware: failed %d\n", 2862 error); 2863 return error; 2864 } 2865 fw = &sc->sc_fw.fw_sects[ucode_type]; 2866 sc->cur_ucode = ucode_type; 2867 sc->ucode_loaded = FALSE; 2868 2869 memset(&alive_data, 0, sizeof(alive_data)); 2870 iwm_init_notification_wait(sc->sc_notif_wait, &alive_wait, 2871 alive_cmd, nitems(alive_cmd), 2872 iwm_alive_fn, &alive_data); 2873 2874 error = iwm_start_fw(sc, fw); 2875 if (error) { 2876 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error); 2877 sc->cur_ucode = old_type; 2878 iwm_remove_notification(sc->sc_notif_wait, &alive_wait); 2879 return error; 2880 } 2881 2882 /* 2883 * Some things may run in the background now, but we 2884 * just wait for the ALIVE notification here. 2885 */ 2886 IWM_UNLOCK(sc); 2887 error = iwm_wait_notification(sc->sc_notif_wait, &alive_wait, 2888 IWM_MVM_UCODE_ALIVE_TIMEOUT); 2889 IWM_LOCK(sc); 2890 if (error) { 2891 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 2892 uint32_t a = 0x5a5a5a5a, b = 0x5a5a5a5a; 2893 if (iwm_nic_lock(sc)) { 2894 a = iwm_read_prph(sc, IWM_SB_CPU_1_STATUS); 2895 b = iwm_read_prph(sc, IWM_SB_CPU_2_STATUS); 2896 iwm_nic_unlock(sc); 2897 } 2898 device_printf(sc->sc_dev, 2899 "SecBoot CPU1 Status: 0x%x, CPU2 Status: 0x%x\n", 2900 a, b); 2901 } 2902 sc->cur_ucode = old_type; 2903 return error; 2904 } 2905 2906 if (!alive_data.valid) { 2907 device_printf(sc->sc_dev, "%s: Loaded ucode is not valid\n", 2908 __func__); 2909 sc->cur_ucode = old_type; 2910 return EIO; 2911 } 2912 2913 iwm_trans_pcie_fw_alive(sc, alive_data.scd_base_addr); 2914 2915 /* 2916 * configure and operate fw paging mechanism. 2917 * driver configures the paging flow only once, CPU2 paging image 2918 * included in the IWM_UCODE_INIT image. 2919 */ 2920 if (fw->paging_mem_size) { 2921 error = iwm_save_fw_paging(sc, fw); 2922 if (error) { 2923 device_printf(sc->sc_dev, 2924 "%s: failed to save the FW paging image\n", 2925 __func__); 2926 return error; 2927 } 2928 2929 error = iwm_send_paging_cmd(sc, fw); 2930 if (error) { 2931 device_printf(sc->sc_dev, 2932 "%s: failed to send the paging cmd\n", __func__); 2933 iwm_free_fw_paging(sc); 2934 return error; 2935 } 2936 } 2937 2938 if (!error) 2939 sc->ucode_loaded = TRUE; 2940 return error; 2941} 2942 2943/* 2944 * mvm misc bits 2945 */ 2946 2947/* 2948 * follows iwlwifi/fw.c 2949 */ 2950static int 2951iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm) 2952{ 2953 struct iwm_notification_wait calib_wait; 2954 static const uint16_t init_complete[] = { 2955 IWM_INIT_COMPLETE_NOTIF, 2956 IWM_CALIB_RES_NOTIF_PHY_DB 2957 }; 2958 int ret; 2959 2960 /* do not operate with rfkill switch turned on */ 2961 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) { 2962 device_printf(sc->sc_dev, 2963 "radio is disabled by hardware switch\n"); 2964 return EPERM; 2965 } 2966 2967 iwm_init_notification_wait(sc->sc_notif_wait, 2968 &calib_wait, 2969 init_complete, 2970 nitems(init_complete), 2971 iwm_wait_phy_db_entry, 2972 sc->sc_phy_db); 2973 2974 /* Will also start the device */ 2975 ret = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_INIT); 2976 if (ret) { 2977 device_printf(sc->sc_dev, "Failed to start INIT ucode: %d\n", 2978 ret); 2979 goto error; 2980 } 2981 2982 if (justnvm) { 2983 /* Read nvm */ 2984 ret = iwm_nvm_init(sc); 2985 if (ret) { 2986 device_printf(sc->sc_dev, "failed to read nvm\n"); 2987 goto error; 2988 } 2989 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->nvm_data->hw_addr); 2990 goto error; 2991 } 2992 2993 ret = iwm_send_bt_init_conf(sc); 2994 if (ret) { 2995 device_printf(sc->sc_dev, 2996 "failed to send bt coex configuration: %d\n", ret); 2997 goto error; 2998 } 2999 3000 /* Init Smart FIFO. */ 3001 ret = iwm_mvm_sf_config(sc, IWM_SF_INIT_OFF); 3002 if (ret) 3003 goto error; 3004 3005 /* Send TX valid antennas before triggering calibrations */ 3006 ret = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc)); 3007 if (ret) { 3008 device_printf(sc->sc_dev, 3009 "failed to send antennas before calibration: %d\n", ret); 3010 goto error; 3011 } 3012 3013 /* 3014 * Send phy configurations command to init uCode 3015 * to start the 16.0 uCode init image internal calibrations. 3016 */ 3017 ret = iwm_send_phy_cfg_cmd(sc); 3018 if (ret) { 3019 device_printf(sc->sc_dev, 3020 "%s: Failed to run INIT calibrations: %d\n", 3021 __func__, ret); 3022 goto error; 3023 } 3024 3025 /* 3026 * Nothing to do but wait for the init complete notification 3027 * from the firmware. 3028 */ 3029 IWM_UNLOCK(sc); 3030 ret = iwm_wait_notification(sc->sc_notif_wait, &calib_wait, 3031 IWM_MVM_UCODE_CALIB_TIMEOUT); 3032 IWM_LOCK(sc); 3033 3034 3035 goto out; 3036 3037error: 3038 iwm_remove_notification(sc->sc_notif_wait, &calib_wait); 3039out: 3040 return ret; 3041} 3042 3043/* 3044 * receive side 3045 */ 3046 3047/* (re)stock rx ring, called at init-time and at runtime */ 3048static int 3049iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx) 3050{ 3051 struct iwm_rx_ring *ring = &sc->rxq; 3052 struct iwm_rx_data *data = &ring->data[idx]; 3053 struct mbuf *m; 3054 bus_dmamap_t dmamap; 3055 bus_dma_segment_t seg; 3056 int nsegs, error; 3057 3058 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE); 3059 if (m == NULL) 3060 return ENOBUFS; 3061 3062 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size; 3063 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m, 3064 &seg, &nsegs, BUS_DMA_NOWAIT); 3065 if (error != 0) { 3066 device_printf(sc->sc_dev, 3067 "%s: can't map mbuf, error %d\n", __func__, error); 3068 m_freem(m); 3069 return error; 3070 } 3071 3072 if (data->m != NULL) 3073 bus_dmamap_unload(ring->data_dmat, data->map); 3074 3075 /* Swap ring->spare_map with data->map */ 3076 dmamap = data->map; 3077 data->map = ring->spare_map; 3078 ring->spare_map = dmamap; 3079 3080 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD); 3081 data->m = m; 3082 3083 /* Update RX descriptor. */ 3084 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned")); 3085 ring->desc[idx] = htole32(seg.ds_addr >> 8); 3086 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3087 BUS_DMASYNC_PREWRITE); 3088 3089 return 0; 3090} 3091 3092/* iwlwifi: mvm/rx.c */ 3093/* 3094 * iwm_mvm_get_signal_strength - use new rx PHY INFO API 3095 * values are reported by the fw as positive values - need to negate 3096 * to obtain their dBM. Account for missing antennas by replacing 0 3097 * values by -256dBm: practically 0 power and a non-feasible 8 bit value. 3098 */ 3099static int 3100iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 3101{ 3102 int energy_a, energy_b, energy_c, max_energy; 3103 uint32_t val; 3104 3105 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]); 3106 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >> 3107 IWM_RX_INFO_ENERGY_ANT_A_POS; 3108 energy_a = energy_a ? -energy_a : -256; 3109 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >> 3110 IWM_RX_INFO_ENERGY_ANT_B_POS; 3111 energy_b = energy_b ? -energy_b : -256; 3112 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >> 3113 IWM_RX_INFO_ENERGY_ANT_C_POS; 3114 energy_c = energy_c ? -energy_c : -256; 3115 max_energy = MAX(energy_a, energy_b); 3116 max_energy = MAX(max_energy, energy_c); 3117 3118 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3119 "energy In A %d B %d C %d , and max %d\n", 3120 energy_a, energy_b, energy_c, max_energy); 3121 3122 return max_energy; 3123} 3124 3125static void 3126iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3127{ 3128 struct iwm_rx_phy_info *phy_info = (void *)pkt->data; 3129 3130 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n"); 3131 3132 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info)); 3133} 3134 3135/* 3136 * Retrieve the average noise (in dBm) among receivers. 3137 */ 3138static int 3139iwm_get_noise(struct iwm_softc *sc, 3140 const struct iwm_mvm_statistics_rx_non_phy *stats) 3141{ 3142 int i, total, nbant, noise; 3143 3144 total = nbant = noise = 0; 3145 for (i = 0; i < 3; i++) { 3146 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff; 3147 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n", 3148 __func__, 3149 i, 3150 noise); 3151 3152 if (noise) { 3153 total += noise; 3154 nbant++; 3155 } 3156 } 3157 3158 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n", 3159 __func__, nbant, total); 3160#if 0 3161 /* There should be at least one antenna but check anyway. */ 3162 return (nbant == 0) ? -127 : (total / nbant) - 107; 3163#else 3164 /* For now, just hard-code it to -96 to be safe */ 3165 return (-96); 3166#endif 3167} 3168 3169/* 3170 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler 3171 * 3172 * Handles the actual data of the Rx packet from the fw 3173 */ 3174static boolean_t 3175iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc, struct mbuf *m, uint32_t offset, 3176 boolean_t stolen) 3177{ 3178 struct ieee80211com *ic = &sc->sc_ic; 3179 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3180 struct ieee80211_frame *wh; 3181 struct ieee80211_node *ni; 3182 struct ieee80211_rx_stats rxs; 3183 struct iwm_rx_phy_info *phy_info; 3184 struct iwm_rx_mpdu_res_start *rx_res; 3185 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *, offset); 3186 uint32_t len; 3187 uint32_t rx_pkt_status; 3188 int rssi; 3189 3190 phy_info = &sc->sc_last_phy_info; 3191 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data; 3192 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res)); 3193 len = le16toh(rx_res->byte_count); 3194 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len)); 3195 3196 if (__predict_false(phy_info->cfg_phy_cnt > 20)) { 3197 device_printf(sc->sc_dev, 3198 "dsp size out of range [0,20]: %d\n", 3199 phy_info->cfg_phy_cnt); 3200 goto fail; 3201 } 3202 3203 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) || 3204 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) { 3205 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3206 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status); 3207 goto fail; 3208 } 3209 3210 rssi = iwm_mvm_get_signal_strength(sc, phy_info); 3211 3212 /* Map it to relative value */ 3213 rssi = rssi - sc->sc_noise; 3214 3215 /* replenish ring for the buffer we're going to feed to the sharks */ 3216 if (!stolen && iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) { 3217 device_printf(sc->sc_dev, "%s: unable to add more buffers\n", 3218 __func__); 3219 goto fail; 3220 } 3221 3222 m->m_data = pkt->data + sizeof(*rx_res); 3223 m->m_pkthdr.len = m->m_len = len; 3224 3225 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3226 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise); 3227 3228 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 3229 3230 IWM_DPRINTF(sc, IWM_DEBUG_RECV, 3231 "%s: phy_info: channel=%d, flags=0x%08x\n", 3232 __func__, 3233 le16toh(phy_info->channel), 3234 le16toh(phy_info->phy_flags)); 3235 3236 /* 3237 * Populate an RX state struct with the provided information. 3238 */ 3239 bzero(&rxs, sizeof(rxs)); 3240 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; 3241 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 3242 rxs.c_ieee = le16toh(phy_info->channel); 3243 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) { 3244 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ); 3245 } else { 3246 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ); 3247 } 3248 3249 /* rssi is in 1/2db units */ 3250 rxs.rssi = rssi * 2; 3251 rxs.nf = sc->sc_noise; 3252 3253 if (ieee80211_radiotap_active_vap(vap)) { 3254 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap; 3255 3256 tap->wr_flags = 0; 3257 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE)) 3258 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3259 tap->wr_chan_freq = htole16(rxs.c_freq); 3260 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */ 3261 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 3262 tap->wr_dbm_antsignal = (int8_t)rssi; 3263 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise; 3264 tap->wr_tsft = phy_info->system_timestamp; 3265 switch (phy_info->rate) { 3266 /* CCK rates. */ 3267 case 10: tap->wr_rate = 2; break; 3268 case 20: tap->wr_rate = 4; break; 3269 case 55: tap->wr_rate = 11; break; 3270 case 110: tap->wr_rate = 22; break; 3271 /* OFDM rates. */ 3272 case 0xd: tap->wr_rate = 12; break; 3273 case 0xf: tap->wr_rate = 18; break; 3274 case 0x5: tap->wr_rate = 24; break; 3275 case 0x7: tap->wr_rate = 36; break; 3276 case 0x9: tap->wr_rate = 48; break; 3277 case 0xb: tap->wr_rate = 72; break; 3278 case 0x1: tap->wr_rate = 96; break; 3279 case 0x3: tap->wr_rate = 108; break; 3280 /* Unknown rate: should not happen. */ 3281 default: tap->wr_rate = 0; 3282 } 3283 } 3284 3285 IWM_UNLOCK(sc); 3286 if (ni != NULL) { 3287 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m); 3288 ieee80211_input_mimo(ni, m, &rxs); 3289 ieee80211_free_node(ni); 3290 } else { 3291 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m); 3292 ieee80211_input_mimo_all(ic, m, &rxs); 3293 } 3294 IWM_LOCK(sc); 3295 3296 return TRUE; 3297 3298fail: counter_u64_add(ic->ic_ierrors, 1); 3299 return FALSE; 3300} 3301 3302static int 3303iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 3304 struct iwm_node *in) 3305{ 3306 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data; 3307 struct ieee80211_node *ni = &in->in_ni; 3308 struct ieee80211vap *vap = ni->ni_vap; 3309 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK; 3310 int failack = tx_resp->failure_frame; 3311 3312 KASSERT(tx_resp->frame_count == 1, ("too many frames")); 3313 3314 /* Update rate control statistics. */ 3315 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n", 3316 __func__, 3317 (int) le16toh(tx_resp->status.status), 3318 (int) le16toh(tx_resp->status.sequence), 3319 tx_resp->frame_count, 3320 tx_resp->bt_kill_count, 3321 tx_resp->failure_rts, 3322 tx_resp->failure_frame, 3323 le32toh(tx_resp->initial_rate), 3324 (int) le16toh(tx_resp->wireless_media_time)); 3325 3326 if (status != IWM_TX_STATUS_SUCCESS && 3327 status != IWM_TX_STATUS_DIRECT_DONE) { 3328 ieee80211_ratectl_tx_complete(vap, ni, 3329 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL); 3330 return (1); 3331 } else { 3332 ieee80211_ratectl_tx_complete(vap, ni, 3333 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL); 3334 return (0); 3335 } 3336} 3337 3338static void 3339iwm_mvm_rx_tx_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3340{ 3341 struct iwm_cmd_header *cmd_hdr = &pkt->hdr; 3342 int idx = cmd_hdr->idx; 3343 int qid = cmd_hdr->qid; 3344 struct iwm_tx_ring *ring = &sc->txq[qid]; 3345 struct iwm_tx_data *txd = &ring->data[idx]; 3346 struct iwm_node *in = txd->in; 3347 struct mbuf *m = txd->m; 3348 int status; 3349 3350 KASSERT(txd->done == 0, ("txd not done")); 3351 KASSERT(txd->in != NULL, ("txd without node")); 3352 KASSERT(txd->m != NULL, ("txd without mbuf")); 3353 3354 sc->sc_tx_timer = 0; 3355 3356 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in); 3357 3358 /* Unmap and free mbuf. */ 3359 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE); 3360 bus_dmamap_unload(ring->data_dmat, txd->map); 3361 3362 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3363 "free txd %p, in %p\n", txd, txd->in); 3364 txd->done = 1; 3365 txd->m = NULL; 3366 txd->in = NULL; 3367 3368 ieee80211_tx_complete(&in->in_ni, m, status); 3369 3370 if (--ring->queued < IWM_TX_RING_LOMARK) { 3371 sc->qfullmsk &= ~(1 << ring->qid); 3372 if (sc->qfullmsk == 0) { 3373 iwm_start(sc); 3374 } 3375 } 3376} 3377 3378/* 3379 * transmit side 3380 */ 3381 3382/* 3383 * Process a "command done" firmware notification. This is where we wakeup 3384 * processes waiting for a synchronous command completion. 3385 * from if_iwn 3386 */ 3387static void 3388iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 3389{ 3390 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE]; 3391 struct iwm_tx_data *data; 3392 3393 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) { 3394 return; /* Not a command ack. */ 3395 } 3396 3397 /* XXX wide commands? */ 3398 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 3399 "cmd notification type 0x%x qid %d idx %d\n", 3400 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx); 3401 3402 data = &ring->data[pkt->hdr.idx]; 3403 3404 /* If the command was mapped in an mbuf, free it. */ 3405 if (data->m != NULL) { 3406 bus_dmamap_sync(ring->data_dmat, data->map, 3407 BUS_DMASYNC_POSTWRITE); 3408 bus_dmamap_unload(ring->data_dmat, data->map); 3409 m_freem(data->m); 3410 data->m = NULL; 3411 } 3412 wakeup(&ring->desc[pkt->hdr.idx]); 3413 3414 if (((pkt->hdr.idx + ring->queued) % IWM_TX_RING_COUNT) != ring->cur) { 3415 device_printf(sc->sc_dev, 3416 "%s: Some HCMDs skipped?: idx=%d queued=%d cur=%d\n", 3417 __func__, pkt->hdr.idx, ring->queued, ring->cur); 3418 /* XXX call iwm_force_nmi() */ 3419 } 3420 3421 KASSERT(ring->queued > 0, ("ring->queued is empty?")); 3422 ring->queued--; 3423 if (ring->queued == 0) 3424 iwm_pcie_clear_cmd_in_flight(sc); 3425} 3426 3427#if 0 3428/* 3429 * necessary only for block ack mode 3430 */ 3431void 3432iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id, 3433 uint16_t len) 3434{ 3435 struct iwm_agn_scd_bc_tbl *scd_bc_tbl; 3436 uint16_t w_val; 3437 3438 scd_bc_tbl = sc->sched_dma.vaddr; 3439 3440 len += 8; /* magic numbers came naturally from paris */ 3441 len = roundup(len, 4) / 4; 3442 3443 w_val = htole16(sta_id << 12 | len); 3444 3445 /* Update TX scheduler. */ 3446 scd_bc_tbl[qid].tfd_offset[idx] = w_val; 3447 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3448 BUS_DMASYNC_PREWRITE); 3449 3450 /* I really wonder what this is ?!? */ 3451 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) { 3452 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val; 3453 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map, 3454 BUS_DMASYNC_PREWRITE); 3455 } 3456} 3457#endif 3458 3459/* 3460 * Take an 802.11 (non-n) rate, find the relevant rate 3461 * table entry. return the index into in_ridx[]. 3462 * 3463 * The caller then uses that index back into in_ridx 3464 * to figure out the rate index programmed /into/ 3465 * the firmware for this given node. 3466 */ 3467static int 3468iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in, 3469 uint8_t rate) 3470{ 3471 int i; 3472 uint8_t r; 3473 3474 for (i = 0; i < nitems(in->in_ridx); i++) { 3475 r = iwm_rates[in->in_ridx[i]].rate; 3476 if (rate == r) 3477 return (i); 3478 } 3479 3480 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3481 "%s: couldn't find an entry for rate=%d\n", 3482 __func__, 3483 rate); 3484 3485 /* XXX Return the first */ 3486 /* XXX TODO: have it return the /lowest/ */ 3487 return (0); 3488} 3489 3490static int 3491iwm_tx_rateidx_global_lookup(struct iwm_softc *sc, uint8_t rate) 3492{ 3493 int i; 3494 3495 for (i = 0; i < nitems(iwm_rates); i++) { 3496 if (iwm_rates[i].rate == rate) 3497 return (i); 3498 } 3499 /* XXX error? */ 3500 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3501 "%s: couldn't find an entry for rate=%d\n", 3502 __func__, 3503 rate); 3504 return (0); 3505} 3506 3507/* 3508 * Fill in the rate related information for a transmit command. 3509 */ 3510static const struct iwm_rate * 3511iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in, 3512 struct mbuf *m, struct iwm_tx_cmd *tx) 3513{ 3514 struct ieee80211_node *ni = &in->in_ni; 3515 struct ieee80211_frame *wh; 3516 const struct ieee80211_txparam *tp = ni->ni_txparms; 3517 const struct iwm_rate *rinfo; 3518 int type; 3519 int ridx, rate_flags; 3520 3521 wh = mtod(m, struct ieee80211_frame *); 3522 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3523 3524 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT; 3525 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY; 3526 3527 if (type == IEEE80211_FC0_TYPE_MGT) { 3528 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3529 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3530 "%s: MGT (%d)\n", __func__, tp->mgmtrate); 3531 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3532 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mcastrate); 3533 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3534 "%s: MCAST (%d)\n", __func__, tp->mcastrate); 3535 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 3536 ridx = iwm_tx_rateidx_global_lookup(sc, tp->ucastrate); 3537 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3538 "%s: FIXED_RATE (%d)\n", __func__, tp->ucastrate); 3539 } else if (m->m_flags & M_EAPOL) { 3540 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3541 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 3542 "%s: EAPOL\n", __func__); 3543 } else if (type == IEEE80211_FC0_TYPE_DATA) { 3544 int i; 3545 3546 /* for data frames, use RS table */ 3547 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DATA\n", __func__); 3548 /* XXX pass pktlen */ 3549 (void) ieee80211_ratectl_rate(ni, NULL, 0); 3550 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate); 3551 ridx = in->in_ridx[i]; 3552 3553 /* This is the index into the programmed table */ 3554 tx->initial_rate_index = i; 3555 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE); 3556 3557 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3558 "%s: start with i=%d, txrate %d\n", 3559 __func__, i, iwm_rates[ridx].rate); 3560 } else { 3561 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate); 3562 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DEFAULT (%d)\n", 3563 __func__, tp->mgmtrate); 3564 } 3565 3566 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE, 3567 "%s: frame type=%d txrate %d\n", 3568 __func__, type, iwm_rates[ridx].rate); 3569 3570 rinfo = &iwm_rates[ridx]; 3571 3572 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n", 3573 __func__, ridx, 3574 rinfo->rate, 3575 !! (IWM_RIDX_IS_CCK(ridx)) 3576 ); 3577 3578 /* XXX TODO: hard-coded TX antenna? */ 3579 rate_flags = 1 << IWM_RATE_MCS_ANT_POS; 3580 if (IWM_RIDX_IS_CCK(ridx)) 3581 rate_flags |= IWM_RATE_MCS_CCK_MSK; 3582 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp); 3583 3584 return rinfo; 3585} 3586 3587#define TB0_SIZE 16 3588static int 3589iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac) 3590{ 3591 struct ieee80211com *ic = &sc->sc_ic; 3592 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3593 struct iwm_node *in = IWM_NODE(ni); 3594 struct iwm_tx_ring *ring; 3595 struct iwm_tx_data *data; 3596 struct iwm_tfd *desc; 3597 struct iwm_device_cmd *cmd; 3598 struct iwm_tx_cmd *tx; 3599 struct ieee80211_frame *wh; 3600 struct ieee80211_key *k = NULL; 3601 struct mbuf *m1; 3602 const struct iwm_rate *rinfo; 3603 uint32_t flags; 3604 u_int hdrlen; 3605 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER]; 3606 int nsegs; 3607 uint8_t tid, type; 3608 int i, totlen, error, pad; 3609 3610 wh = mtod(m, struct ieee80211_frame *); 3611 hdrlen = ieee80211_anyhdrsize(wh); 3612 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3613 tid = 0; 3614 ring = &sc->txq[ac]; 3615 desc = &ring->desc[ring->cur]; 3616 memset(desc, 0, sizeof(*desc)); 3617 data = &ring->data[ring->cur]; 3618 3619 /* Fill out iwm_tx_cmd to send to the firmware */ 3620 cmd = &ring->cmd[ring->cur]; 3621 cmd->hdr.code = IWM_TX_CMD; 3622 cmd->hdr.flags = 0; 3623 cmd->hdr.qid = ring->qid; 3624 cmd->hdr.idx = ring->cur; 3625 3626 tx = (void *)cmd->data; 3627 memset(tx, 0, sizeof(*tx)); 3628 3629 rinfo = iwm_tx_fill_cmd(sc, in, m, tx); 3630 3631 /* Encrypt the frame if need be. */ 3632 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 3633 /* Retrieve key for TX && do software encryption. */ 3634 k = ieee80211_crypto_encap(ni, m); 3635 if (k == NULL) { 3636 m_freem(m); 3637 return (ENOBUFS); 3638 } 3639 /* 802.11 header may have moved. */ 3640 wh = mtod(m, struct ieee80211_frame *); 3641 } 3642 3643 if (ieee80211_radiotap_active_vap(vap)) { 3644 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap; 3645 3646 tap->wt_flags = 0; 3647 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 3648 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 3649 tap->wt_rate = rinfo->rate; 3650 if (k != NULL) 3651 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 3652 ieee80211_radiotap_tx(vap, m); 3653 } 3654 3655 3656 totlen = m->m_pkthdr.len; 3657 3658 flags = 0; 3659 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3660 flags |= IWM_TX_CMD_FLG_ACK; 3661 } 3662 3663 if (type == IEEE80211_FC0_TYPE_DATA 3664 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) 3665 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3666 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE; 3667 } 3668 3669 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3670 type != IEEE80211_FC0_TYPE_DATA) 3671 tx->sta_id = sc->sc_aux_sta.sta_id; 3672 else 3673 tx->sta_id = IWM_STATION_ID; 3674 3675 if (type == IEEE80211_FC0_TYPE_MGT) { 3676 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 3677 3678 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 3679 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 3680 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC); 3681 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) { 3682 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3683 } else { 3684 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT); 3685 } 3686 } else { 3687 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE); 3688 } 3689 3690 if (hdrlen & 3) { 3691 /* First segment length must be a multiple of 4. */ 3692 flags |= IWM_TX_CMD_FLG_MH_PAD; 3693 pad = 4 - (hdrlen & 3); 3694 } else 3695 pad = 0; 3696 3697 tx->driver_txop = 0; 3698 tx->next_frame_len = 0; 3699 3700 tx->len = htole16(totlen); 3701 tx->tid_tspec = tid; 3702 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE); 3703 3704 /* Set physical address of "scratch area". */ 3705 tx->dram_lsb_ptr = htole32(data->scratch_paddr); 3706 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr); 3707 3708 /* Copy 802.11 header in TX command. */ 3709 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 3710 3711 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL; 3712 3713 tx->sec_ctl = 0; 3714 tx->tx_flags |= htole32(flags); 3715 3716 /* Trim 802.11 header. */ 3717 m_adj(m, hdrlen); 3718 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3719 segs, &nsegs, BUS_DMA_NOWAIT); 3720 if (error != 0) { 3721 if (error != EFBIG) { 3722 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3723 error); 3724 m_freem(m); 3725 return error; 3726 } 3727 /* Too many DMA segments, linearize mbuf. */ 3728 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2); 3729 if (m1 == NULL) { 3730 device_printf(sc->sc_dev, 3731 "%s: could not defrag mbuf\n", __func__); 3732 m_freem(m); 3733 return (ENOBUFS); 3734 } 3735 m = m1; 3736 3737 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, 3738 segs, &nsegs, BUS_DMA_NOWAIT); 3739 if (error != 0) { 3740 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 3741 error); 3742 m_freem(m); 3743 return error; 3744 } 3745 } 3746 data->m = m; 3747 data->in = in; 3748 data->done = 0; 3749 3750 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3751 "sending txd %p, in %p\n", data, data->in); 3752 KASSERT(data->in != NULL, ("node is NULL")); 3753 3754 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3755 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n", 3756 ring->qid, ring->cur, totlen, nsegs, 3757 le32toh(tx->tx_flags), 3758 le32toh(tx->rate_n_flags), 3759 tx->initial_rate_index 3760 ); 3761 3762 /* Fill TX descriptor. */ 3763 desc->num_tbs = 2 + nsegs; 3764 3765 desc->tbs[0].lo = htole32(data->cmd_paddr); 3766 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3767 (TB0_SIZE << 4); 3768 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE); 3769 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) | 3770 ((sizeof(struct iwm_cmd_header) + sizeof(*tx) 3771 + hdrlen + pad - TB0_SIZE) << 4); 3772 3773 /* Other DMA segments are for data payload. */ 3774 for (i = 0; i < nsegs; i++) { 3775 seg = &segs[i]; 3776 desc->tbs[i+2].lo = htole32(seg->ds_addr); 3777 desc->tbs[i+2].hi_n_len = \ 3778 htole16(iwm_get_dma_hi_addr(seg->ds_addr)) 3779 | ((seg->ds_len) << 4); 3780 } 3781 3782 bus_dmamap_sync(ring->data_dmat, data->map, 3783 BUS_DMASYNC_PREWRITE); 3784 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map, 3785 BUS_DMASYNC_PREWRITE); 3786 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3787 BUS_DMASYNC_PREWRITE); 3788 3789#if 0 3790 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len)); 3791#endif 3792 3793 /* Kick TX ring. */ 3794 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT; 3795 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 3796 3797 /* Mark TX ring as full if we reach a certain threshold. */ 3798 if (++ring->queued > IWM_TX_RING_HIMARK) { 3799 sc->qfullmsk |= 1 << ring->qid; 3800 } 3801 3802 return 0; 3803} 3804 3805static int 3806iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3807 const struct ieee80211_bpf_params *params) 3808{ 3809 struct ieee80211com *ic = ni->ni_ic; 3810 struct iwm_softc *sc = ic->ic_softc; 3811 int error = 0; 3812 3813 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3814 "->%s begin\n", __func__); 3815 3816 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 3817 m_freem(m); 3818 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, 3819 "<-%s not RUNNING\n", __func__); 3820 return (ENETDOWN); 3821 } 3822 3823 IWM_LOCK(sc); 3824 /* XXX fix this */ 3825 if (params == NULL) { 3826 error = iwm_tx(sc, m, ni, 0); 3827 } else { 3828 error = iwm_tx(sc, m, ni, 0); 3829 } 3830 sc->sc_tx_timer = 5; 3831 IWM_UNLOCK(sc); 3832 3833 return (error); 3834} 3835 3836/* 3837 * mvm/tx.c 3838 */ 3839 3840/* 3841 * Note that there are transports that buffer frames before they reach 3842 * the firmware. This means that after flush_tx_path is called, the 3843 * queue might not be empty. The race-free way to handle this is to: 3844 * 1) set the station as draining 3845 * 2) flush the Tx path 3846 * 3) wait for the transport queues to be empty 3847 */ 3848int 3849iwm_mvm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags) 3850{ 3851 int ret; 3852 struct iwm_tx_path_flush_cmd flush_cmd = { 3853 .queues_ctl = htole32(tfd_msk), 3854 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH), 3855 }; 3856 3857 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags, 3858 sizeof(flush_cmd), &flush_cmd); 3859 if (ret) 3860 device_printf(sc->sc_dev, 3861 "Flushing tx queue failed: %d\n", ret); 3862 return ret; 3863} 3864 3865/* 3866 * BEGIN mvm/quota.c 3867 */ 3868 3869static int 3870iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_vap *ivp) 3871{ 3872 struct iwm_time_quota_cmd cmd; 3873 int i, idx, ret, num_active_macs, quota, quota_rem; 3874 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, }; 3875 int n_ifs[IWM_MAX_BINDINGS] = {0, }; 3876 uint16_t id; 3877 3878 memset(&cmd, 0, sizeof(cmd)); 3879 3880 /* currently, PHY ID == binding ID */ 3881 if (ivp) { 3882 id = ivp->phy_ctxt->id; 3883 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id")); 3884 colors[id] = ivp->phy_ctxt->color; 3885 3886 if (1) 3887 n_ifs[id] = 1; 3888 } 3889 3890 /* 3891 * The FW's scheduling session consists of 3892 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments 3893 * equally between all the bindings that require quota 3894 */ 3895 num_active_macs = 0; 3896 for (i = 0; i < IWM_MAX_BINDINGS; i++) { 3897 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID); 3898 num_active_macs += n_ifs[i]; 3899 } 3900 3901 quota = 0; 3902 quota_rem = 0; 3903 if (num_active_macs) { 3904 quota = IWM_MVM_MAX_QUOTA / num_active_macs; 3905 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs; 3906 } 3907 3908 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) { 3909 if (colors[i] < 0) 3910 continue; 3911 3912 cmd.quotas[idx].id_and_color = 3913 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i])); 3914 3915 if (n_ifs[i] <= 0) { 3916 cmd.quotas[idx].quota = htole32(0); 3917 cmd.quotas[idx].max_duration = htole32(0); 3918 } else { 3919 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]); 3920 cmd.quotas[idx].max_duration = htole32(0); 3921 } 3922 idx++; 3923 } 3924 3925 /* Give the remainder of the session to the first binding */ 3926 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem); 3927 3928 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC, 3929 sizeof(cmd), &cmd); 3930 if (ret) 3931 device_printf(sc->sc_dev, 3932 "%s: Failed to send quota: %d\n", __func__, ret); 3933 return ret; 3934} 3935 3936/* 3937 * END mvm/quota.c 3938 */ 3939 3940/* 3941 * ieee80211 routines 3942 */ 3943 3944/* 3945 * Change to AUTH state in 80211 state machine. Roughly matches what 3946 * Linux does in bss_info_changed(). 3947 */ 3948static int 3949iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc) 3950{ 3951 struct ieee80211_node *ni; 3952 struct iwm_node *in; 3953 struct iwm_vap *iv = IWM_VAP(vap); 3954 uint32_t duration; 3955 int error; 3956 3957 /* 3958 * XXX i have a feeling that the vap node is being 3959 * freed from underneath us. Grr. 3960 */ 3961 ni = ieee80211_ref_node(vap->iv_bss); 3962 in = IWM_NODE(ni); 3963 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE, 3964 "%s: called; vap=%p, bss ni=%p\n", 3965 __func__, 3966 vap, 3967 ni); 3968 3969 in->in_assoc = 0; 3970 3971 /* 3972 * Firmware bug - it'll crash if the beacon interval is less 3973 * than 16. We can't avoid connecting at all, so refuse the 3974 * station state change, this will cause net80211 to abandon 3975 * attempts to connect to this AP, and eventually wpa_s will 3976 * blacklist the AP... 3977 */ 3978 if (ni->ni_intval < 16) { 3979 device_printf(sc->sc_dev, 3980 "AP %s beacon interval is %d, refusing due to firmware bug!\n", 3981 ether_sprintf(ni->ni_bssid), ni->ni_intval); 3982 error = EINVAL; 3983 goto out; 3984 } 3985 3986 error = iwm_mvm_sf_config(sc, IWM_SF_FULL_ON); 3987 if (error != 0) 3988 return error; 3989 3990 error = iwm_allow_mcast(vap, sc); 3991 if (error) { 3992 device_printf(sc->sc_dev, 3993 "%s: failed to set multicast\n", __func__); 3994 goto out; 3995 } 3996 3997 /* 3998 * This is where it deviates from what Linux does. 3999 * 4000 * Linux iwlwifi doesn't reset the nic each time, nor does it 4001 * call ctxt_add() here. Instead, it adds it during vap creation, 4002 * and always does a mac_ctx_changed(). 4003 * 4004 * The openbsd port doesn't attempt to do that - it reset things 4005 * at odd states and does the add here. 4006 * 4007 * So, until the state handling is fixed (ie, we never reset 4008 * the NIC except for a firmware failure, which should drag 4009 * the NIC back to IDLE, re-setup and re-add all the mac/phy 4010 * contexts that are required), let's do a dirty hack here. 4011 */ 4012 if (iv->is_uploaded) { 4013 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4014 device_printf(sc->sc_dev, 4015 "%s: failed to update MAC\n", __func__); 4016 goto out; 4017 } 4018 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 4019 in->in_ni.ni_chan, 1, 1)) != 0) { 4020 device_printf(sc->sc_dev, 4021 "%s: failed update phy ctxt\n", __func__); 4022 goto out; 4023 } 4024 iv->phy_ctxt = &sc->sc_phyctxt[0]; 4025 4026 if ((error = iwm_mvm_binding_add_vif(sc, iv)) != 0) { 4027 device_printf(sc->sc_dev, 4028 "%s: binding update cmd\n", __func__); 4029 goto out; 4030 } 4031 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 4032 device_printf(sc->sc_dev, 4033 "%s: failed to update sta\n", __func__); 4034 goto out; 4035 } 4036 } else { 4037 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) { 4038 device_printf(sc->sc_dev, 4039 "%s: failed to add MAC\n", __func__); 4040 goto out; 4041 } 4042 if ((error = iwm_mvm_power_update_mac(sc)) != 0) { 4043 device_printf(sc->sc_dev, 4044 "%s: failed to update power management\n", 4045 __func__); 4046 goto out; 4047 } 4048 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0], 4049 in->in_ni.ni_chan, 1, 1)) != 0) { 4050 device_printf(sc->sc_dev, 4051 "%s: failed add phy ctxt!\n", __func__); 4052 error = ETIMEDOUT; 4053 goto out; 4054 } 4055 iv->phy_ctxt = &sc->sc_phyctxt[0]; 4056 4057 if ((error = iwm_mvm_binding_add_vif(sc, iv)) != 0) { 4058 device_printf(sc->sc_dev, 4059 "%s: binding add cmd\n", __func__); 4060 goto out; 4061 } 4062 if ((error = iwm_mvm_add_sta(sc, in)) != 0) { 4063 device_printf(sc->sc_dev, 4064 "%s: failed to add sta\n", __func__); 4065 goto out; 4066 } 4067 } 4068 4069 /* 4070 * Prevent the FW from wandering off channel during association 4071 * by "protecting" the session with a time event. 4072 */ 4073 /* XXX duration is in units of TU, not MS */ 4074 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS; 4075 iwm_mvm_protect_session(sc, iv, duration, 500 /* XXX magic number */); 4076 DELAY(100); 4077 4078 error = 0; 4079out: 4080 ieee80211_free_node(ni); 4081 return (error); 4082} 4083 4084static int 4085iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc) 4086{ 4087 struct iwm_node *in = IWM_NODE(vap->iv_bss); 4088 int error; 4089 4090 if ((error = iwm_mvm_update_sta(sc, in)) != 0) { 4091 device_printf(sc->sc_dev, 4092 "%s: failed to update STA\n", __func__); 4093 return error; 4094 } 4095 4096 in->in_assoc = 1; 4097 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4098 device_printf(sc->sc_dev, 4099 "%s: failed to update MAC\n", __func__); 4100 return error; 4101 } 4102 4103 return 0; 4104} 4105 4106static int 4107iwm_release(struct iwm_softc *sc, struct iwm_node *in) 4108{ 4109 uint32_t tfd_msk; 4110 4111 /* 4112 * Ok, so *technically* the proper set of calls for going 4113 * from RUN back to SCAN is: 4114 * 4115 * iwm_mvm_power_mac_disable(sc, in); 4116 * iwm_mvm_mac_ctxt_changed(sc, vap); 4117 * iwm_mvm_rm_sta(sc, in); 4118 * iwm_mvm_update_quotas(sc, NULL); 4119 * iwm_mvm_mac_ctxt_changed(sc, in); 4120 * iwm_mvm_binding_remove_vif(sc, IWM_VAP(in->in_ni.ni_vap)); 4121 * iwm_mvm_mac_ctxt_remove(sc, in); 4122 * 4123 * However, that freezes the device not matter which permutations 4124 * and modifications are attempted. Obviously, this driver is missing 4125 * something since it works in the Linux driver, but figuring out what 4126 * is missing is a little more complicated. Now, since we're going 4127 * back to nothing anyway, we'll just do a complete device reset. 4128 * Up your's, device! 4129 */ 4130 /* 4131 * Just using 0xf for the queues mask is fine as long as we only 4132 * get here from RUN state. 4133 */ 4134 tfd_msk = 0xf; 4135 mbufq_drain(&sc->sc_snd); 4136 iwm_mvm_flush_tx_path(sc, tfd_msk, IWM_CMD_SYNC); 4137 /* 4138 * We seem to get away with just synchronously sending the 4139 * IWM_TXPATH_FLUSH command. 4140 */ 4141// iwm_trans_wait_tx_queue_empty(sc, tfd_msk); 4142 iwm_stop_device(sc); 4143 iwm_init_hw(sc); 4144 if (in) 4145 in->in_assoc = 0; 4146 return 0; 4147 4148#if 0 4149 int error; 4150 4151 iwm_mvm_power_mac_disable(sc, in); 4152 4153 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4154 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error); 4155 return error; 4156 } 4157 4158 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) { 4159 device_printf(sc->sc_dev, "sta remove fail %d\n", error); 4160 return error; 4161 } 4162 error = iwm_mvm_rm_sta(sc, in); 4163 in->in_assoc = 0; 4164 iwm_mvm_update_quotas(sc, NULL); 4165 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 4166 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error); 4167 return error; 4168 } 4169 iwm_mvm_binding_remove_vif(sc, IWM_VAP(in->in_ni.ni_vap)); 4170 4171 iwm_mvm_mac_ctxt_remove(sc, in); 4172 4173 return error; 4174#endif 4175} 4176 4177static struct ieee80211_node * 4178iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 4179{ 4180 return malloc(sizeof (struct iwm_node), M_80211_NODE, 4181 M_NOWAIT | M_ZERO); 4182} 4183 4184uint8_t 4185iwm_ridx2rate(struct ieee80211_rateset *rs, int ridx) 4186{ 4187 int i; 4188 uint8_t rval; 4189 4190 for (i = 0; i < rs->rs_nrates; i++) { 4191 rval = (rs->rs_rates[i] & IEEE80211_RATE_VAL); 4192 if (rval == iwm_rates[ridx].rate) 4193 return rs->rs_rates[i]; 4194 } 4195 4196 return 0; 4197} 4198 4199static void 4200iwm_setrates(struct iwm_softc *sc, struct iwm_node *in) 4201{ 4202 struct ieee80211_node *ni = &in->in_ni; 4203 struct iwm_lq_cmd *lq = &in->in_lq; 4204 int nrates = ni->ni_rates.rs_nrates; 4205 int i, ridx, tab = 0; 4206// int txant = 0; 4207 4208 if (nrates > nitems(lq->rs_table)) { 4209 device_printf(sc->sc_dev, 4210 "%s: node supports %d rates, driver handles " 4211 "only %zu\n", __func__, nrates, nitems(lq->rs_table)); 4212 return; 4213 } 4214 if (nrates == 0) { 4215 device_printf(sc->sc_dev, 4216 "%s: node supports 0 rates, odd!\n", __func__); 4217 return; 4218 } 4219 4220 /* 4221 * XXX .. and most of iwm_node is not initialised explicitly; 4222 * it's all just 0x0 passed to the firmware. 4223 */ 4224 4225 /* first figure out which rates we should support */ 4226 /* XXX TODO: this isn't 11n aware /at all/ */ 4227 memset(&in->in_ridx, -1, sizeof(in->in_ridx)); 4228 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4229 "%s: nrates=%d\n", __func__, nrates); 4230 4231 /* 4232 * Loop over nrates and populate in_ridx from the highest 4233 * rate to the lowest rate. Remember, in_ridx[] has 4234 * IEEE80211_RATE_MAXSIZE entries! 4235 */ 4236 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) { 4237 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL; 4238 4239 /* Map 802.11 rate to HW rate index. */ 4240 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++) 4241 if (iwm_rates[ridx].rate == rate) 4242 break; 4243 if (ridx > IWM_RIDX_MAX) { 4244 device_printf(sc->sc_dev, 4245 "%s: WARNING: device rate for %d not found!\n", 4246 __func__, rate); 4247 } else { 4248 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4249 "%s: rate: i: %d, rate=%d, ridx=%d\n", 4250 __func__, 4251 i, 4252 rate, 4253 ridx); 4254 in->in_ridx[i] = ridx; 4255 } 4256 } 4257 4258 /* then construct a lq_cmd based on those */ 4259 memset(lq, 0, sizeof(*lq)); 4260 lq->sta_id = IWM_STATION_ID; 4261 4262 /* For HT, always enable RTS/CTS to avoid excessive retries. */ 4263 if (ni->ni_flags & IEEE80211_NODE_HT) 4264 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK; 4265 4266 /* 4267 * are these used? (we don't do SISO or MIMO) 4268 * need to set them to non-zero, though, or we get an error. 4269 */ 4270 lq->single_stream_ant_msk = 1; 4271 lq->dual_stream_ant_msk = 1; 4272 4273 /* 4274 * Build the actual rate selection table. 4275 * The lowest bits are the rates. Additionally, 4276 * CCK needs bit 9 to be set. The rest of the bits 4277 * we add to the table select the tx antenna 4278 * Note that we add the rates in the highest rate first 4279 * (opposite of ni_rates). 4280 */ 4281 /* 4282 * XXX TODO: this should be looping over the min of nrates 4283 * and LQ_MAX_RETRY_NUM. Sigh. 4284 */ 4285 for (i = 0; i < nrates; i++) { 4286 int nextant; 4287 4288#if 0 4289 if (txant == 0) 4290 txant = iwm_mvm_get_valid_tx_ant(sc); 4291 nextant = 1<<(ffs(txant)-1); 4292 txant &= ~nextant; 4293#else 4294 nextant = iwm_mvm_get_valid_tx_ant(sc); 4295#endif 4296 /* 4297 * Map the rate id into a rate index into 4298 * our hardware table containing the 4299 * configuration to use for this rate. 4300 */ 4301 ridx = in->in_ridx[i]; 4302 tab = iwm_rates[ridx].plcp; 4303 tab |= nextant << IWM_RATE_MCS_ANT_POS; 4304 if (IWM_RIDX_IS_CCK(ridx)) 4305 tab |= IWM_RATE_MCS_CCK_MSK; 4306 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, 4307 "station rate i=%d, rate=%d, hw=%x\n", 4308 i, iwm_rates[ridx].rate, tab); 4309 lq->rs_table[i] = htole32(tab); 4310 } 4311 /* then fill the rest with the lowest possible rate */ 4312 for (i = nrates; i < nitems(lq->rs_table); i++) { 4313 KASSERT(tab != 0, ("invalid tab")); 4314 lq->rs_table[i] = htole32(tab); 4315 } 4316} 4317 4318static int 4319iwm_media_change(struct ifnet *ifp) 4320{ 4321 struct ieee80211vap *vap = ifp->if_softc; 4322 struct ieee80211com *ic = vap->iv_ic; 4323 struct iwm_softc *sc = ic->ic_softc; 4324 int error; 4325 4326 error = ieee80211_media_change(ifp); 4327 if (error != ENETRESET) 4328 return error; 4329 4330 IWM_LOCK(sc); 4331 if (ic->ic_nrunning > 0) { 4332 iwm_stop(sc); 4333 iwm_init(sc); 4334 } 4335 IWM_UNLOCK(sc); 4336 return error; 4337} 4338 4339 4340static int 4341iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 4342{ 4343 struct iwm_vap *ivp = IWM_VAP(vap); 4344 struct ieee80211com *ic = vap->iv_ic; 4345 struct iwm_softc *sc = ic->ic_softc; 4346 struct iwm_node *in; 4347 int error; 4348 4349 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4350 "switching state %s -> %s\n", 4351 ieee80211_state_name[vap->iv_state], 4352 ieee80211_state_name[nstate]); 4353 IEEE80211_UNLOCK(ic); 4354 IWM_LOCK(sc); 4355 4356 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state) 4357 iwm_led_blink_stop(sc); 4358 4359 /* disable beacon filtering if we're hopping out of RUN */ 4360 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) { 4361 iwm_mvm_disable_beacon_filter(sc); 4362 4363 if (((in = IWM_NODE(vap->iv_bss)) != NULL)) 4364 in->in_assoc = 0; 4365 4366 if (nstate == IEEE80211_S_INIT) { 4367 IWM_UNLOCK(sc); 4368 IEEE80211_LOCK(ic); 4369 error = ivp->iv_newstate(vap, nstate, arg); 4370 IEEE80211_UNLOCK(ic); 4371 IWM_LOCK(sc); 4372 iwm_release(sc, NULL); 4373 IWM_UNLOCK(sc); 4374 IEEE80211_LOCK(ic); 4375 return error; 4376 } 4377 4378 /* 4379 * It's impossible to directly go RUN->SCAN. If we iwm_release() 4380 * above then the card will be completely reinitialized, 4381 * so the driver must do everything necessary to bring the card 4382 * from INIT to SCAN. 4383 * 4384 * Additionally, upon receiving deauth frame from AP, 4385 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH 4386 * state. This will also fail with this driver, so bring the FSM 4387 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well. 4388 * 4389 * XXX TODO: fix this for FreeBSD! 4390 */ 4391 if (nstate == IEEE80211_S_SCAN || 4392 nstate == IEEE80211_S_AUTH || 4393 nstate == IEEE80211_S_ASSOC) { 4394 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4395 "Force transition to INIT; MGT=%d\n", arg); 4396 IWM_UNLOCK(sc); 4397 IEEE80211_LOCK(ic); 4398 /* Always pass arg as -1 since we can't Tx right now. */ 4399 /* 4400 * XXX arg is just ignored anyway when transitioning 4401 * to IEEE80211_S_INIT. 4402 */ 4403 vap->iv_newstate(vap, IEEE80211_S_INIT, -1); 4404 IWM_DPRINTF(sc, IWM_DEBUG_STATE, 4405 "Going INIT->SCAN\n"); 4406 nstate = IEEE80211_S_SCAN; 4407 IEEE80211_UNLOCK(ic); 4408 IWM_LOCK(sc); 4409 } 4410 } 4411 4412 switch (nstate) { 4413 case IEEE80211_S_INIT: 4414 case IEEE80211_S_SCAN: 4415 if (vap->iv_state == IEEE80211_S_AUTH || 4416 vap->iv_state == IEEE80211_S_ASSOC) { 4417 int myerr; 4418 IWM_UNLOCK(sc); 4419 IEEE80211_LOCK(ic); 4420 myerr = ivp->iv_newstate(vap, nstate, arg); 4421 IEEE80211_UNLOCK(ic); 4422 IWM_LOCK(sc); 4423 error = iwm_mvm_rm_sta(sc, vap, FALSE); 4424 if (error) { 4425 device_printf(sc->sc_dev, 4426 "%s: Failed to remove station: %d\n", 4427 __func__, error); 4428 } 4429 error = iwm_mvm_mac_ctxt_changed(sc, vap); 4430 if (error) { 4431 device_printf(sc->sc_dev, 4432 "%s: Failed to change mac context: %d\n", 4433 __func__, error); 4434 } 4435 error = iwm_mvm_binding_remove_vif(sc, ivp); 4436 if (error) { 4437 device_printf(sc->sc_dev, 4438 "%s: Failed to remove channel ctx: %d\n", 4439 __func__, error); 4440 } 4441 ivp->phy_ctxt = NULL; 4442 IWM_UNLOCK(sc); 4443 IEEE80211_LOCK(ic); 4444 return myerr; 4445 } 4446 break; 4447 4448 case IEEE80211_S_AUTH: 4449 if ((error = iwm_auth(vap, sc)) != 0) { 4450 device_printf(sc->sc_dev, 4451 "%s: could not move to auth state: %d\n", 4452 __func__, error); 4453 break; 4454 } 4455 break; 4456 4457 case IEEE80211_S_ASSOC: 4458 if ((error = iwm_assoc(vap, sc)) != 0) { 4459 device_printf(sc->sc_dev, 4460 "%s: failed to associate: %d\n", __func__, 4461 error); 4462 break; 4463 } 4464 break; 4465 4466 case IEEE80211_S_RUN: 4467 { 4468 struct iwm_host_cmd cmd = { 4469 .id = IWM_LQ_CMD, 4470 .len = { sizeof(in->in_lq), }, 4471 .flags = IWM_CMD_SYNC, 4472 }; 4473 4474 /* Update the association state, now we have it all */ 4475 /* (eg associd comes in at this point */ 4476 error = iwm_assoc(vap, sc); 4477 if (error != 0) { 4478 device_printf(sc->sc_dev, 4479 "%s: failed to update association state: %d\n", 4480 __func__, 4481 error); 4482 break; 4483 } 4484 4485 in = IWM_NODE(vap->iv_bss); 4486 iwm_mvm_enable_beacon_filter(sc, in); 4487 iwm_mvm_power_update_mac(sc); 4488 iwm_mvm_update_quotas(sc, ivp); 4489 iwm_setrates(sc, in); 4490 4491 cmd.data[0] = &in->in_lq; 4492 if ((error = iwm_send_cmd(sc, &cmd)) != 0) { 4493 device_printf(sc->sc_dev, 4494 "%s: IWM_LQ_CMD failed\n", __func__); 4495 } 4496 4497 iwm_mvm_led_enable(sc); 4498 break; 4499 } 4500 4501 default: 4502 break; 4503 } 4504 IWM_UNLOCK(sc); 4505 IEEE80211_LOCK(ic); 4506 4507 return (ivp->iv_newstate(vap, nstate, arg)); 4508} 4509 4510void 4511iwm_endscan_cb(void *arg, int pending) 4512{ 4513 struct iwm_softc *sc = arg; 4514 struct ieee80211com *ic = &sc->sc_ic; 4515 4516 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE, 4517 "%s: scan ended\n", 4518 __func__); 4519 4520 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps)); 4521} 4522 4523/* 4524 * Aging and idle timeouts for the different possible scenarios 4525 * in default configuration 4526 */ 4527static const uint32_t 4528iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4529 { 4530 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF), 4531 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF) 4532 }, 4533 { 4534 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF), 4535 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF) 4536 }, 4537 { 4538 htole32(IWM_SF_MCAST_AGING_TIMER_DEF), 4539 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF) 4540 }, 4541 { 4542 htole32(IWM_SF_BA_AGING_TIMER_DEF), 4543 htole32(IWM_SF_BA_IDLE_TIMER_DEF) 4544 }, 4545 { 4546 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF), 4547 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF) 4548 }, 4549}; 4550 4551/* 4552 * Aging and idle timeouts for the different possible scenarios 4553 * in single BSS MAC configuration. 4554 */ 4555static const uint32_t 4556iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 4557 { 4558 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER), 4559 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER) 4560 }, 4561 { 4562 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER), 4563 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER) 4564 }, 4565 { 4566 htole32(IWM_SF_MCAST_AGING_TIMER), 4567 htole32(IWM_SF_MCAST_IDLE_TIMER) 4568 }, 4569 { 4570 htole32(IWM_SF_BA_AGING_TIMER), 4571 htole32(IWM_SF_BA_IDLE_TIMER) 4572 }, 4573 { 4574 htole32(IWM_SF_TX_RE_AGING_TIMER), 4575 htole32(IWM_SF_TX_RE_IDLE_TIMER) 4576 }, 4577}; 4578 4579static void 4580iwm_mvm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd, 4581 struct ieee80211_node *ni) 4582{ 4583 int i, j, watermark; 4584 4585 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN); 4586 4587 /* 4588 * If we are in association flow - check antenna configuration 4589 * capabilities of the AP station, and choose the watermark accordingly. 4590 */ 4591 if (ni) { 4592 if (ni->ni_flags & IEEE80211_NODE_HT) { 4593#ifdef notyet 4594 if (ni->ni_rxmcs[2] != 0) 4595 watermark = IWM_SF_W_MARK_MIMO3; 4596 else if (ni->ni_rxmcs[1] != 0) 4597 watermark = IWM_SF_W_MARK_MIMO2; 4598 else 4599#endif 4600 watermark = IWM_SF_W_MARK_SISO; 4601 } else { 4602 watermark = IWM_SF_W_MARK_LEGACY; 4603 } 4604 /* default watermark value for unassociated mode. */ 4605 } else { 4606 watermark = IWM_SF_W_MARK_MIMO2; 4607 } 4608 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark); 4609 4610 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) { 4611 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) { 4612 sf_cmd->long_delay_timeouts[i][j] = 4613 htole32(IWM_SF_LONG_DELAY_AGING_TIMER); 4614 } 4615 } 4616 4617 if (ni) { 4618 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout, 4619 sizeof(iwm_sf_full_timeout)); 4620 } else { 4621 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def, 4622 sizeof(iwm_sf_full_timeout_def)); 4623 } 4624} 4625 4626static int 4627iwm_mvm_sf_config(struct iwm_softc *sc, enum iwm_sf_state new_state) 4628{ 4629 struct ieee80211com *ic = &sc->sc_ic; 4630 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4631 struct iwm_sf_cfg_cmd sf_cmd = { 4632 .state = htole32(IWM_SF_FULL_ON), 4633 }; 4634 int ret = 0; 4635 4636 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 4637 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF); 4638 4639 switch (new_state) { 4640 case IWM_SF_UNINIT: 4641 case IWM_SF_INIT_OFF: 4642 iwm_mvm_fill_sf_command(sc, &sf_cmd, NULL); 4643 break; 4644 case IWM_SF_FULL_ON: 4645 iwm_mvm_fill_sf_command(sc, &sf_cmd, vap->iv_bss); 4646 break; 4647 default: 4648 IWM_DPRINTF(sc, IWM_DEBUG_PWRSAVE, 4649 "Invalid state: %d. not sending Smart Fifo cmd\n", 4650 new_state); 4651 return EINVAL; 4652 } 4653 4654 ret = iwm_mvm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC, 4655 sizeof(sf_cmd), &sf_cmd); 4656 return ret; 4657} 4658 4659static int 4660iwm_send_bt_init_conf(struct iwm_softc *sc) 4661{ 4662 struct iwm_bt_coex_cmd bt_cmd; 4663 4664 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI); 4665 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET); 4666 4667 return iwm_mvm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd), 4668 &bt_cmd); 4669} 4670 4671static boolean_t 4672iwm_mvm_is_lar_supported(struct iwm_softc *sc) 4673{ 4674 boolean_t nvm_lar = sc->nvm_data->lar_enabled; 4675 boolean_t tlv_lar = fw_has_capa(&sc->ucode_capa, 4676 IWM_UCODE_TLV_CAPA_LAR_SUPPORT); 4677 4678 if (iwm_lar_disable) 4679 return FALSE; 4680 4681 /* 4682 * Enable LAR only if it is supported by the FW (TLV) && 4683 * enabled in the NVM 4684 */ 4685 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 4686 return nvm_lar && tlv_lar; 4687 else 4688 return tlv_lar; 4689} 4690 4691static boolean_t 4692iwm_mvm_is_wifi_mcc_supported(struct iwm_softc *sc) 4693{ 4694 return fw_has_api(&sc->ucode_capa, 4695 IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) || 4696 fw_has_capa(&sc->ucode_capa, 4697 IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC); 4698} 4699 4700static int 4701iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2) 4702{ 4703 struct iwm_mcc_update_cmd mcc_cmd; 4704 struct iwm_host_cmd hcmd = { 4705 .id = IWM_MCC_UPDATE_CMD, 4706 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB), 4707 .data = { &mcc_cmd }, 4708 }; 4709 int ret; 4710#ifdef IWM_DEBUG 4711 struct iwm_rx_packet *pkt; 4712 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL; 4713 struct iwm_mcc_update_resp *mcc_resp; 4714 int n_channels; 4715 uint16_t mcc; 4716#endif 4717 int resp_v2 = fw_has_capa(&sc->ucode_capa, 4718 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2); 4719 4720 if (!iwm_mvm_is_lar_supported(sc)) { 4721 IWM_DPRINTF(sc, IWM_DEBUG_LAR, "%s: no LAR support\n", 4722 __func__); 4723 return 0; 4724 } 4725 4726 memset(&mcc_cmd, 0, sizeof(mcc_cmd)); 4727 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]); 4728 if (iwm_mvm_is_wifi_mcc_supported(sc)) 4729 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT; 4730 else 4731 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW; 4732 4733 if (resp_v2) 4734 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd); 4735 else 4736 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1); 4737 4738 IWM_DPRINTF(sc, IWM_DEBUG_LAR, 4739 "send MCC update to FW with '%c%c' src = %d\n", 4740 alpha2[0], alpha2[1], mcc_cmd.source_id); 4741 4742 ret = iwm_send_cmd(sc, &hcmd); 4743 if (ret) 4744 return ret; 4745 4746#ifdef IWM_DEBUG 4747 pkt = hcmd.resp_pkt; 4748 4749 /* Extract MCC response */ 4750 if (resp_v2) { 4751 mcc_resp = (void *)pkt->data; 4752 mcc = mcc_resp->mcc; 4753 n_channels = le32toh(mcc_resp->n_channels); 4754 } else { 4755 mcc_resp_v1 = (void *)pkt->data; 4756 mcc = mcc_resp_v1->mcc; 4757 n_channels = le32toh(mcc_resp_v1->n_channels); 4758 } 4759 4760 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */ 4761 if (mcc == 0) 4762 mcc = 0x3030; /* "00" - world */ 4763 4764 IWM_DPRINTF(sc, IWM_DEBUG_LAR, 4765 "regulatory domain '%c%c' (%d channels available)\n", 4766 mcc >> 8, mcc & 0xff, n_channels); 4767#endif 4768 iwm_free_resp(sc, &hcmd); 4769 4770 return 0; 4771} 4772 4773static void 4774iwm_mvm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff) 4775{ 4776 struct iwm_host_cmd cmd = { 4777 .id = IWM_REPLY_THERMAL_MNG_BACKOFF, 4778 .len = { sizeof(uint32_t), }, 4779 .data = { &backoff, }, 4780 }; 4781 4782 if (iwm_send_cmd(sc, &cmd) != 0) { 4783 device_printf(sc->sc_dev, 4784 "failed to change thermal tx backoff\n"); 4785 } 4786} 4787 4788static int 4789iwm_init_hw(struct iwm_softc *sc) 4790{ 4791 struct ieee80211com *ic = &sc->sc_ic; 4792 int error, i, ac; 4793 4794 if ((error = iwm_start_hw(sc)) != 0) { 4795 printf("iwm_start_hw: failed %d\n", error); 4796 return error; 4797 } 4798 4799 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) { 4800 printf("iwm_run_init_mvm_ucode: failed %d\n", error); 4801 return error; 4802 } 4803 4804 /* 4805 * should stop and start HW since that INIT 4806 * image just loaded 4807 */ 4808 iwm_stop_device(sc); 4809 sc->sc_ps_disabled = FALSE; 4810 if ((error = iwm_start_hw(sc)) != 0) { 4811 device_printf(sc->sc_dev, "could not initialize hardware\n"); 4812 return error; 4813 } 4814 4815 /* omstart, this time with the regular firmware */ 4816 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_REGULAR); 4817 if (error) { 4818 device_printf(sc->sc_dev, "could not load firmware\n"); 4819 goto error; 4820 } 4821 4822 if ((error = iwm_send_bt_init_conf(sc)) != 0) { 4823 device_printf(sc->sc_dev, "bt init conf failed\n"); 4824 goto error; 4825 } 4826 4827 error = iwm_send_tx_ant_cfg(sc, iwm_mvm_get_valid_tx_ant(sc)); 4828 if (error != 0) { 4829 device_printf(sc->sc_dev, "antenna config failed\n"); 4830 goto error; 4831 } 4832 4833 /* Send phy db control command and then phy db calibration */ 4834 if ((error = iwm_send_phy_db_data(sc->sc_phy_db)) != 0) 4835 goto error; 4836 4837 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) { 4838 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n"); 4839 goto error; 4840 } 4841 4842 /* Add auxiliary station for scanning */ 4843 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) { 4844 device_printf(sc->sc_dev, "add_aux_sta failed\n"); 4845 goto error; 4846 } 4847 4848 for (i = 0; i < IWM_NUM_PHY_CTX; i++) { 4849 /* 4850 * The channel used here isn't relevant as it's 4851 * going to be overwritten in the other flows. 4852 * For now use the first channel we have. 4853 */ 4854 if ((error = iwm_mvm_phy_ctxt_add(sc, 4855 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0) 4856 goto error; 4857 } 4858 4859 /* Initialize tx backoffs to the minimum. */ 4860 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) 4861 iwm_mvm_tt_tx_backoff(sc, 0); 4862 4863 error = iwm_mvm_power_update_device(sc); 4864 if (error) 4865 goto error; 4866 4867 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0) 4868 goto error; 4869 4870 if (fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) { 4871 if ((error = iwm_mvm_config_umac_scan(sc)) != 0) 4872 goto error; 4873 } 4874 4875 /* Enable Tx queues. */ 4876 for (ac = 0; ac < WME_NUM_AC; ac++) { 4877 error = iwm_enable_txq(sc, IWM_STATION_ID, ac, 4878 iwm_mvm_ac_to_tx_fifo[ac]); 4879 if (error) 4880 goto error; 4881 } 4882 4883 if ((error = iwm_mvm_disable_beacon_filter(sc)) != 0) { 4884 device_printf(sc->sc_dev, "failed to disable beacon filter\n"); 4885 goto error; 4886 } 4887 4888 return 0; 4889 4890 error: 4891 iwm_stop_device(sc); 4892 return error; 4893} 4894 4895/* Allow multicast from our BSSID. */ 4896static int 4897iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc) 4898{ 4899 struct ieee80211_node *ni = vap->iv_bss; 4900 struct iwm_mcast_filter_cmd *cmd; 4901 size_t size; 4902 int error; 4903 4904 size = roundup(sizeof(*cmd), 4); 4905 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO); 4906 if (cmd == NULL) 4907 return ENOMEM; 4908 cmd->filter_own = 1; 4909 cmd->port_id = 0; 4910 cmd->count = 0; 4911 cmd->pass_all = 1; 4912 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid); 4913 4914 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD, 4915 IWM_CMD_SYNC, size, cmd); 4916 free(cmd, M_DEVBUF); 4917 4918 return (error); 4919} 4920 4921/* 4922 * ifnet interfaces 4923 */ 4924 4925static void 4926iwm_init(struct iwm_softc *sc) 4927{ 4928 int error; 4929 4930 if (sc->sc_flags & IWM_FLAG_HW_INITED) { 4931 return; 4932 } 4933 sc->sc_generation++; 4934 sc->sc_flags &= ~IWM_FLAG_STOPPED; 4935 4936 if ((error = iwm_init_hw(sc)) != 0) { 4937 printf("iwm_init_hw failed %d\n", error); 4938 iwm_stop(sc); 4939 return; 4940 } 4941 4942 /* 4943 * Ok, firmware loaded and we are jogging 4944 */ 4945 sc->sc_flags |= IWM_FLAG_HW_INITED; 4946 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 4947} 4948 4949static int 4950iwm_transmit(struct ieee80211com *ic, struct mbuf *m) 4951{ 4952 struct iwm_softc *sc; 4953 int error; 4954 4955 sc = ic->ic_softc; 4956 4957 IWM_LOCK(sc); 4958 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) { 4959 IWM_UNLOCK(sc); 4960 return (ENXIO); 4961 } 4962 error = mbufq_enqueue(&sc->sc_snd, m); 4963 if (error) { 4964 IWM_UNLOCK(sc); 4965 return (error); 4966 } 4967 iwm_start(sc); 4968 IWM_UNLOCK(sc); 4969 return (0); 4970} 4971 4972/* 4973 * Dequeue packets from sendq and call send. 4974 */ 4975static void 4976iwm_start(struct iwm_softc *sc) 4977{ 4978 struct ieee80211_node *ni; 4979 struct mbuf *m; 4980 int ac = 0; 4981 4982 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__); 4983 while (sc->qfullmsk == 0 && 4984 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 4985 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 4986 if (iwm_tx(sc, m, ni, ac) != 0) { 4987 if_inc_counter(ni->ni_vap->iv_ifp, 4988 IFCOUNTER_OERRORS, 1); 4989 ieee80211_free_node(ni); 4990 continue; 4991 } 4992 sc->sc_tx_timer = 15; 4993 } 4994 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__); 4995} 4996 4997static void 4998iwm_stop(struct iwm_softc *sc) 4999{ 5000 5001 sc->sc_flags &= ~IWM_FLAG_HW_INITED; 5002 sc->sc_flags |= IWM_FLAG_STOPPED; 5003 sc->sc_generation++; 5004 iwm_led_blink_stop(sc); 5005 sc->sc_tx_timer = 0; 5006 iwm_stop_device(sc); 5007 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 5008} 5009 5010static void 5011iwm_watchdog(void *arg) 5012{ 5013 struct iwm_softc *sc = arg; 5014 struct ieee80211com *ic = &sc->sc_ic; 5015 5016 if (sc->sc_tx_timer > 0) { 5017 if (--sc->sc_tx_timer == 0) { 5018 device_printf(sc->sc_dev, "device timeout\n"); 5019#ifdef IWM_DEBUG 5020 iwm_nic_error(sc); 5021#endif 5022 ieee80211_restart_all(ic); 5023 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 5024 return; 5025 } 5026 } 5027 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc); 5028} 5029 5030static void 5031iwm_parent(struct ieee80211com *ic) 5032{ 5033 struct iwm_softc *sc = ic->ic_softc; 5034 int startall = 0; 5035 5036 IWM_LOCK(sc); 5037 if (ic->ic_nrunning > 0) { 5038 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) { 5039 iwm_init(sc); 5040 startall = 1; 5041 } 5042 } else if (sc->sc_flags & IWM_FLAG_HW_INITED) 5043 iwm_stop(sc); 5044 IWM_UNLOCK(sc); 5045 if (startall) 5046 ieee80211_start_all(ic); 5047} 5048 5049/* 5050 * The interrupt side of things 5051 */ 5052 5053/* 5054 * error dumping routines are from iwlwifi/mvm/utils.c 5055 */ 5056 5057/* 5058 * Note: This structure is read from the device with IO accesses, 5059 * and the reading already does the endian conversion. As it is 5060 * read with uint32_t-sized accesses, any members with a different size 5061 * need to be ordered correctly though! 5062 */ 5063struct iwm_error_event_table { 5064 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 5065 uint32_t error_id; /* type of error */ 5066 uint32_t trm_hw_status0; /* TRM HW status */ 5067 uint32_t trm_hw_status1; /* TRM HW status */ 5068 uint32_t blink2; /* branch link */ 5069 uint32_t ilink1; /* interrupt link */ 5070 uint32_t ilink2; /* interrupt link */ 5071 uint32_t data1; /* error-specific data */ 5072 uint32_t data2; /* error-specific data */ 5073 uint32_t data3; /* error-specific data */ 5074 uint32_t bcon_time; /* beacon timer */ 5075 uint32_t tsf_low; /* network timestamp function timer */ 5076 uint32_t tsf_hi; /* network timestamp function timer */ 5077 uint32_t gp1; /* GP1 timer register */ 5078 uint32_t gp2; /* GP2 timer register */ 5079 uint32_t fw_rev_type; /* firmware revision type */ 5080 uint32_t major; /* uCode version major */ 5081 uint32_t minor; /* uCode version minor */ 5082 uint32_t hw_ver; /* HW Silicon version */ 5083 uint32_t brd_ver; /* HW board version */ 5084 uint32_t log_pc; /* log program counter */ 5085 uint32_t frame_ptr; /* frame pointer */ 5086 uint32_t stack_ptr; /* stack pointer */ 5087 uint32_t hcmd; /* last host command header */ 5088 uint32_t isr0; /* isr status register LMPM_NIC_ISR0: 5089 * rxtx_flag */ 5090 uint32_t isr1; /* isr status register LMPM_NIC_ISR1: 5091 * host_flag */ 5092 uint32_t isr2; /* isr status register LMPM_NIC_ISR2: 5093 * enc_flag */ 5094 uint32_t isr3; /* isr status register LMPM_NIC_ISR3: 5095 * time_flag */ 5096 uint32_t isr4; /* isr status register LMPM_NIC_ISR4: 5097 * wico interrupt */ 5098 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */ 5099 uint32_t wait_event; /* wait event() caller address */ 5100 uint32_t l2p_control; /* L2pControlField */ 5101 uint32_t l2p_duration; /* L2pDurationField */ 5102 uint32_t l2p_mhvalid; /* L2pMhValidBits */ 5103 uint32_t l2p_addr_match; /* L2pAddrMatchStat */ 5104 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on 5105 * (LMPM_PMG_SEL) */ 5106 uint32_t u_timestamp; /* indicate when the date and time of the 5107 * compilation */ 5108 uint32_t flow_handler; /* FH read/write pointers, RX credit */ 5109} __packed /* LOG_ERROR_TABLE_API_S_VER_3 */; 5110 5111/* 5112 * UMAC error struct - relevant starting from family 8000 chip. 5113 * Note: This structure is read from the device with IO accesses, 5114 * and the reading already does the endian conversion. As it is 5115 * read with u32-sized accesses, any members with a different size 5116 * need to be ordered correctly though! 5117 */ 5118struct iwm_umac_error_event_table { 5119 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 5120 uint32_t error_id; /* type of error */ 5121 uint32_t blink1; /* branch link */ 5122 uint32_t blink2; /* branch link */ 5123 uint32_t ilink1; /* interrupt link */ 5124 uint32_t ilink2; /* interrupt link */ 5125 uint32_t data1; /* error-specific data */ 5126 uint32_t data2; /* error-specific data */ 5127 uint32_t data3; /* error-specific data */ 5128 uint32_t umac_major; 5129 uint32_t umac_minor; 5130 uint32_t frame_pointer; /* core register 27*/ 5131 uint32_t stack_pointer; /* core register 28 */ 5132 uint32_t cmd_header; /* latest host cmd sent to UMAC */ 5133 uint32_t nic_isr_pref; /* ISR status register */ 5134} __packed; 5135 5136#define ERROR_START_OFFSET (1 * sizeof(uint32_t)) 5137#define ERROR_ELEM_SIZE (7 * sizeof(uint32_t)) 5138 5139#ifdef IWM_DEBUG 5140struct { 5141 const char *name; 5142 uint8_t num; 5143} advanced_lookup[] = { 5144 { "NMI_INTERRUPT_WDG", 0x34 }, 5145 { "SYSASSERT", 0x35 }, 5146 { "UCODE_VERSION_MISMATCH", 0x37 }, 5147 { "BAD_COMMAND", 0x38 }, 5148 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C }, 5149 { "FATAL_ERROR", 0x3D }, 5150 { "NMI_TRM_HW_ERR", 0x46 }, 5151 { "NMI_INTERRUPT_TRM", 0x4C }, 5152 { "NMI_INTERRUPT_BREAK_POINT", 0x54 }, 5153 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C }, 5154 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 }, 5155 { "NMI_INTERRUPT_HOST", 0x66 }, 5156 { "NMI_INTERRUPT_ACTION_PT", 0x7C }, 5157 { "NMI_INTERRUPT_UNKNOWN", 0x84 }, 5158 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 }, 5159 { "ADVANCED_SYSASSERT", 0 }, 5160}; 5161 5162static const char * 5163iwm_desc_lookup(uint32_t num) 5164{ 5165 int i; 5166 5167 for (i = 0; i < nitems(advanced_lookup) - 1; i++) 5168 if (advanced_lookup[i].num == num) 5169 return advanced_lookup[i].name; 5170 5171 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */ 5172 return advanced_lookup[i].name; 5173} 5174 5175static void 5176iwm_nic_umac_error(struct iwm_softc *sc) 5177{ 5178 struct iwm_umac_error_event_table table; 5179 uint32_t base; 5180 5181 base = sc->umac_error_event_table; 5182 5183 if (base < 0x800000) { 5184 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n", 5185 base); 5186 return; 5187 } 5188 5189 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 5190 device_printf(sc->sc_dev, "reading errlog failed\n"); 5191 return; 5192 } 5193 5194 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 5195 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n"); 5196 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 5197 sc->sc_flags, table.valid); 5198 } 5199 5200 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id, 5201 iwm_desc_lookup(table.error_id)); 5202 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1); 5203 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2); 5204 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n", 5205 table.ilink1); 5206 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n", 5207 table.ilink2); 5208 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1); 5209 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2); 5210 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3); 5211 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major); 5212 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor); 5213 device_printf(sc->sc_dev, "0x%08X | frame pointer\n", 5214 table.frame_pointer); 5215 device_printf(sc->sc_dev, "0x%08X | stack pointer\n", 5216 table.stack_pointer); 5217 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header); 5218 device_printf(sc->sc_dev, "0x%08X | isr status reg\n", 5219 table.nic_isr_pref); 5220} 5221 5222/* 5223 * Support for dumping the error log seemed like a good idea ... 5224 * but it's mostly hex junk and the only sensible thing is the 5225 * hw/ucode revision (which we know anyway). Since it's here, 5226 * I'll just leave it in, just in case e.g. the Intel guys want to 5227 * help us decipher some "ADVANCED_SYSASSERT" later. 5228 */ 5229static void 5230iwm_nic_error(struct iwm_softc *sc) 5231{ 5232 struct iwm_error_event_table table; 5233 uint32_t base; 5234 5235 device_printf(sc->sc_dev, "dumping device error log\n"); 5236 base = sc->error_event_table; 5237 if (base < 0x800000) { 5238 device_printf(sc->sc_dev, 5239 "Invalid error log pointer 0x%08x\n", base); 5240 return; 5241 } 5242 5243 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 5244 device_printf(sc->sc_dev, "reading errlog failed\n"); 5245 return; 5246 } 5247 5248 if (!table.valid) { 5249 device_printf(sc->sc_dev, "errlog not found, skipping\n"); 5250 return; 5251 } 5252 5253 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 5254 device_printf(sc->sc_dev, "Start Error Log Dump:\n"); 5255 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n", 5256 sc->sc_flags, table.valid); 5257 } 5258 5259 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id, 5260 iwm_desc_lookup(table.error_id)); 5261 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n", 5262 table.trm_hw_status0); 5263 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n", 5264 table.trm_hw_status1); 5265 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2); 5266 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1); 5267 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2); 5268 device_printf(sc->sc_dev, "%08X | data1\n", table.data1); 5269 device_printf(sc->sc_dev, "%08X | data2\n", table.data2); 5270 device_printf(sc->sc_dev, "%08X | data3\n", table.data3); 5271 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time); 5272 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low); 5273 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi); 5274 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1); 5275 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2); 5276 device_printf(sc->sc_dev, "%08X | uCode revision type\n", 5277 table.fw_rev_type); 5278 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major); 5279 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor); 5280 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver); 5281 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver); 5282 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd); 5283 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0); 5284 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1); 5285 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2); 5286 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3); 5287 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4); 5288 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id); 5289 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event); 5290 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control); 5291 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration); 5292 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid); 5293 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match); 5294 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel); 5295 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp); 5296 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler); 5297 5298 if (sc->umac_error_event_table) 5299 iwm_nic_umac_error(sc); 5300} 5301#endif 5302 5303static void 5304iwm_handle_rxb(struct iwm_softc *sc, struct mbuf *m) 5305{ 5306 struct ieee80211com *ic = &sc->sc_ic; 5307 struct iwm_cmd_response *cresp; 5308 struct mbuf *m1; 5309 uint32_t offset = 0; 5310 uint32_t maxoff = IWM_RBUF_SIZE; 5311 uint32_t nextoff; 5312 boolean_t stolen = FALSE; 5313 5314#define HAVEROOM(a) \ 5315 ((a) + sizeof(uint32_t) + sizeof(struct iwm_cmd_header) < maxoff) 5316 5317 while (HAVEROOM(offset)) { 5318 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *, 5319 offset); 5320 int qid, idx, code, len; 5321 5322 qid = pkt->hdr.qid; 5323 idx = pkt->hdr.idx; 5324 5325 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code); 5326 5327 /* 5328 * randomly get these from the firmware, no idea why. 5329 * they at least seem harmless, so just ignore them for now 5330 */ 5331 if ((pkt->hdr.code == 0 && (qid & ~0x80) == 0 && idx == 0) || 5332 pkt->len_n_flags == htole32(IWM_FH_RSCSR_FRAME_INVALID)) { 5333 break; 5334 } 5335 5336 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5337 "rx packet qid=%d idx=%d type=%x\n", 5338 qid & ~0x80, pkt->hdr.idx, code); 5339 5340 len = iwm_rx_packet_len(pkt); 5341 len += sizeof(uint32_t); /* account for status word */ 5342 nextoff = offset + roundup2(len, IWM_FH_RSCSR_FRAME_ALIGN); 5343 5344 iwm_notification_wait_notify(sc->sc_notif_wait, code, pkt); 5345 5346 switch (code) { 5347 case IWM_REPLY_RX_PHY_CMD: 5348 iwm_mvm_rx_rx_phy_cmd(sc, pkt); 5349 break; 5350 5351 case IWM_REPLY_RX_MPDU_CMD: { 5352 /* 5353 * If this is the last frame in the RX buffer, we 5354 * can directly feed the mbuf to the sharks here. 5355 */ 5356 struct iwm_rx_packet *nextpkt = mtodoff(m, 5357 struct iwm_rx_packet *, nextoff); 5358 if (!HAVEROOM(nextoff) || 5359 (nextpkt->hdr.code == 0 && 5360 (nextpkt->hdr.qid & ~0x80) == 0 && 5361 nextpkt->hdr.idx == 0) || 5362 (nextpkt->len_n_flags == 5363 htole32(IWM_FH_RSCSR_FRAME_INVALID))) { 5364 if (iwm_mvm_rx_rx_mpdu(sc, m, offset, stolen)) { 5365 stolen = FALSE; 5366 /* Make sure we abort the loop */ 5367 nextoff = maxoff; 5368 } 5369 break; 5370 } 5371 5372 /* 5373 * Use m_copym instead of m_split, because that 5374 * makes it easier to keep a valid rx buffer in 5375 * the ring, when iwm_mvm_rx_rx_mpdu() fails. 5376 * 5377 * We need to start m_copym() at offset 0, to get the 5378 * M_PKTHDR flag preserved. 5379 */ 5380 m1 = m_copym(m, 0, M_COPYALL, M_NOWAIT); 5381 if (m1) { 5382 if (iwm_mvm_rx_rx_mpdu(sc, m1, offset, stolen)) 5383 stolen = TRUE; 5384 else 5385 m_freem(m1); 5386 } 5387 break; 5388 } 5389 5390 case IWM_TX_CMD: 5391 iwm_mvm_rx_tx_cmd(sc, pkt); 5392 break; 5393 5394 case IWM_MISSED_BEACONS_NOTIFICATION: { 5395 struct iwm_missed_beacons_notif *resp; 5396 int missed; 5397 5398 /* XXX look at mac_id to determine interface ID */ 5399 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5400 5401 resp = (void *)pkt->data; 5402 missed = le32toh(resp->consec_missed_beacons); 5403 5404 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE, 5405 "%s: MISSED_BEACON: mac_id=%d, " 5406 "consec_since_last_rx=%d, consec=%d, num_expect=%d " 5407 "num_rx=%d\n", 5408 __func__, 5409 le32toh(resp->mac_id), 5410 le32toh(resp->consec_missed_beacons_since_last_rx), 5411 le32toh(resp->consec_missed_beacons), 5412 le32toh(resp->num_expected_beacons), 5413 le32toh(resp->num_recvd_beacons)); 5414 5415 /* Be paranoid */ 5416 if (vap == NULL) 5417 break; 5418 5419 /* XXX no net80211 locking? */ 5420 if (vap->iv_state == IEEE80211_S_RUN && 5421 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 5422 if (missed > vap->iv_bmissthreshold) { 5423 /* XXX bad locking; turn into task */ 5424 IWM_UNLOCK(sc); 5425 ieee80211_beacon_miss(ic); 5426 IWM_LOCK(sc); 5427 } 5428 } 5429 5430 break; 5431 } 5432 5433 case IWM_MFUART_LOAD_NOTIFICATION: 5434 break; 5435 5436 case IWM_MVM_ALIVE: 5437 break; 5438 5439 case IWM_CALIB_RES_NOTIF_PHY_DB: 5440 break; 5441 5442 case IWM_STATISTICS_NOTIFICATION: { 5443 struct iwm_notif_statistics *stats; 5444 stats = (void *)pkt->data; 5445 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats)); 5446 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general); 5447 break; 5448 } 5449 5450 case IWM_NVM_ACCESS_CMD: 5451 case IWM_MCC_UPDATE_CMD: 5452 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) { 5453 memcpy(sc->sc_cmd_resp, 5454 pkt, sizeof(sc->sc_cmd_resp)); 5455 } 5456 break; 5457 5458 case IWM_MCC_CHUB_UPDATE_CMD: { 5459 struct iwm_mcc_chub_notif *notif; 5460 notif = (void *)pkt->data; 5461 5462 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8; 5463 sc->sc_fw_mcc[1] = notif->mcc & 0xff; 5464 sc->sc_fw_mcc[2] = '\0'; 5465 IWM_DPRINTF(sc, IWM_DEBUG_LAR, 5466 "fw source %d sent CC '%s'\n", 5467 notif->source_id, sc->sc_fw_mcc); 5468 break; 5469 } 5470 5471 case IWM_DTS_MEASUREMENT_NOTIFICATION: 5472 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP, 5473 IWM_DTS_MEASUREMENT_NOTIF_WIDE): { 5474 struct iwm_dts_measurement_notif_v1 *notif; 5475 5476 if (iwm_rx_packet_payload_len(pkt) < sizeof(*notif)) { 5477 device_printf(sc->sc_dev, 5478 "Invalid DTS_MEASUREMENT_NOTIFICATION\n"); 5479 break; 5480 } 5481 notif = (void *)pkt->data; 5482 IWM_DPRINTF(sc, IWM_DEBUG_TEMP, 5483 "IWM_DTS_MEASUREMENT_NOTIFICATION - %d\n", 5484 notif->temp); 5485 break; 5486 } 5487 5488 case IWM_PHY_CONFIGURATION_CMD: 5489 case IWM_TX_ANT_CONFIGURATION_CMD: 5490 case IWM_ADD_STA: 5491 case IWM_MAC_CONTEXT_CMD: 5492 case IWM_REPLY_SF_CFG_CMD: 5493 case IWM_POWER_TABLE_CMD: 5494 case IWM_PHY_CONTEXT_CMD: 5495 case IWM_BINDING_CONTEXT_CMD: 5496 case IWM_TIME_EVENT_CMD: 5497 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD): 5498 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC): 5499 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_ABORT_UMAC): 5500 case IWM_SCAN_OFFLOAD_REQUEST_CMD: 5501 case IWM_SCAN_OFFLOAD_ABORT_CMD: 5502 case IWM_REPLY_BEACON_FILTERING_CMD: 5503 case IWM_MAC_PM_POWER_TABLE: 5504 case IWM_TIME_QUOTA_CMD: 5505 case IWM_REMOVE_STA: 5506 case IWM_TXPATH_FLUSH: 5507 case IWM_LQ_CMD: 5508 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, 5509 IWM_FW_PAGING_BLOCK_CMD): 5510 case IWM_BT_CONFIG: 5511 case IWM_REPLY_THERMAL_MNG_BACKOFF: 5512 cresp = (void *)pkt->data; 5513 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) { 5514 memcpy(sc->sc_cmd_resp, 5515 pkt, sizeof(*pkt)+sizeof(*cresp)); 5516 } 5517 break; 5518 5519 /* ignore */ 5520 case IWM_PHY_DB_CMD: 5521 break; 5522 5523 case IWM_INIT_COMPLETE_NOTIF: 5524 break; 5525 5526 case IWM_SCAN_OFFLOAD_COMPLETE: { 5527 struct iwm_periodic_scan_complete *notif; 5528 notif = (void *)pkt->data; 5529 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 5530 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 5531 ieee80211_runtask(ic, &sc->sc_es_task); 5532 } 5533 break; 5534 } 5535 5536 case IWM_SCAN_ITERATION_COMPLETE: { 5537 struct iwm_lmac_scan_complete_notif *notif; 5538 notif = (void *)pkt->data; 5539 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5540 break; 5541 } 5542 5543 case IWM_SCAN_COMPLETE_UMAC: { 5544 struct iwm_umac_scan_complete *notif; 5545 notif = (void *)pkt->data; 5546 5547 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 5548 "UMAC scan complete, status=0x%x\n", 5549 notif->status); 5550 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 5551 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 5552 ieee80211_runtask(ic, &sc->sc_es_task); 5553 } 5554 break; 5555 } 5556 5557 case IWM_SCAN_ITERATION_COMPLETE_UMAC: { 5558 struct iwm_umac_scan_iter_complete_notif *notif; 5559 notif = (void *)pkt->data; 5560 5561 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration " 5562 "complete, status=0x%x, %d channels scanned\n", 5563 notif->status, notif->scanned_channels); 5564 ieee80211_runtask(&sc->sc_ic, &sc->sc_es_task); 5565 break; 5566 } 5567 5568 case IWM_REPLY_ERROR: { 5569 struct iwm_error_resp *resp; 5570 resp = (void *)pkt->data; 5571 5572 device_printf(sc->sc_dev, 5573 "firmware error 0x%x, cmd 0x%x\n", 5574 le32toh(resp->error_type), 5575 resp->cmd_id); 5576 break; 5577 } 5578 5579 case IWM_TIME_EVENT_NOTIFICATION: { 5580 struct iwm_time_event_notif *notif; 5581 notif = (void *)pkt->data; 5582 5583 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5584 "TE notif status = 0x%x action = 0x%x\n", 5585 notif->status, notif->action); 5586 break; 5587 } 5588 5589 /* 5590 * Firmware versions 21 and 22 generate some DEBUG_LOG_MSG 5591 * messages. Just ignore them for now. 5592 */ 5593 case IWM_DEBUG_LOG_MSG: 5594 break; 5595 5596 case IWM_MCAST_FILTER_CMD: 5597 break; 5598 5599 case IWM_SCD_QUEUE_CFG: { 5600 struct iwm_scd_txq_cfg_rsp *rsp; 5601 rsp = (void *)pkt->data; 5602 5603 IWM_DPRINTF(sc, IWM_DEBUG_CMD, 5604 "queue cfg token=0x%x sta_id=%d " 5605 "tid=%d scd_queue=%d\n", 5606 rsp->token, rsp->sta_id, rsp->tid, 5607 rsp->scd_queue); 5608 break; 5609 } 5610 5611 default: 5612 device_printf(sc->sc_dev, 5613 "frame %d/%d %x UNHANDLED (this should " 5614 "not happen)\n", qid & ~0x80, idx, 5615 pkt->len_n_flags); 5616 break; 5617 } 5618 5619 /* 5620 * Why test bit 0x80? The Linux driver: 5621 * 5622 * There is one exception: uCode sets bit 15 when it 5623 * originates the response/notification, i.e. when the 5624 * response/notification is not a direct response to a 5625 * command sent by the driver. For example, uCode issues 5626 * IWM_REPLY_RX when it sends a received frame to the driver; 5627 * it is not a direct response to any driver command. 5628 * 5629 * Ok, so since when is 7 == 15? Well, the Linux driver 5630 * uses a slightly different format for pkt->hdr, and "qid" 5631 * is actually the upper byte of a two-byte field. 5632 */ 5633 if (!(qid & (1 << 7))) 5634 iwm_cmd_done(sc, pkt); 5635 5636 offset = nextoff; 5637 } 5638 if (stolen) 5639 m_freem(m); 5640#undef HAVEROOM 5641} 5642 5643/* 5644 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt. 5645 * Basic structure from if_iwn 5646 */ 5647static void 5648iwm_notif_intr(struct iwm_softc *sc) 5649{ 5650 uint16_t hw; 5651 5652 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map, 5653 BUS_DMASYNC_POSTREAD); 5654 5655 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff; 5656 5657 /* 5658 * Process responses 5659 */ 5660 while (sc->rxq.cur != hw) { 5661 struct iwm_rx_ring *ring = &sc->rxq; 5662 struct iwm_rx_data *data = &ring->data[ring->cur]; 5663 5664 bus_dmamap_sync(ring->data_dmat, data->map, 5665 BUS_DMASYNC_POSTREAD); 5666 5667 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5668 "%s: hw = %d cur = %d\n", __func__, hw, ring->cur); 5669 iwm_handle_rxb(sc, data->m); 5670 5671 ring->cur = (ring->cur + 1) % IWM_RX_RING_COUNT; 5672 } 5673 5674 /* 5675 * Tell the firmware that it can reuse the ring entries that 5676 * we have just processed. 5677 * Seems like the hardware gets upset unless we align 5678 * the write by 8?? 5679 */ 5680 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1; 5681 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, rounddown2(hw, 8)); 5682} 5683 5684static void 5685iwm_intr(void *arg) 5686{ 5687 struct iwm_softc *sc = arg; 5688 int handled = 0; 5689 int r1, r2, rv = 0; 5690 int isperiodic = 0; 5691 5692 IWM_LOCK(sc); 5693 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 5694 5695 if (sc->sc_flags & IWM_FLAG_USE_ICT) { 5696 uint32_t *ict = sc->ict_dma.vaddr; 5697 int tmp; 5698 5699 tmp = htole32(ict[sc->ict_cur]); 5700 if (!tmp) 5701 goto out_ena; 5702 5703 /* 5704 * ok, there was something. keep plowing until we have all. 5705 */ 5706 r1 = r2 = 0; 5707 while (tmp) { 5708 r1 |= tmp; 5709 ict[sc->ict_cur] = 0; 5710 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT; 5711 tmp = htole32(ict[sc->ict_cur]); 5712 } 5713 5714 /* this is where the fun begins. don't ask */ 5715 if (r1 == 0xffffffff) 5716 r1 = 0; 5717 5718 /* i am not expected to understand this */ 5719 if (r1 & 0xc0000) 5720 r1 |= 0x8000; 5721 r1 = (0xff & r1) | ((0xff00 & r1) << 16); 5722 } else { 5723 r1 = IWM_READ(sc, IWM_CSR_INT); 5724 /* "hardware gone" (where, fishing?) */ 5725 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 5726 goto out; 5727 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS); 5728 } 5729 if (r1 == 0 && r2 == 0) { 5730 goto out_ena; 5731 } 5732 5733 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask); 5734 5735 /* Safely ignore these bits for debug checks below */ 5736 r1 &= ~(IWM_CSR_INT_BIT_ALIVE | IWM_CSR_INT_BIT_SCD); 5737 5738 if (r1 & IWM_CSR_INT_BIT_SW_ERR) { 5739 int i; 5740 struct ieee80211com *ic = &sc->sc_ic; 5741 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5742 5743#ifdef IWM_DEBUG 5744 iwm_nic_error(sc); 5745#endif 5746 /* Dump driver status (TX and RX rings) while we're here. */ 5747 device_printf(sc->sc_dev, "driver status:\n"); 5748 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) { 5749 struct iwm_tx_ring *ring = &sc->txq[i]; 5750 device_printf(sc->sc_dev, 5751 " tx ring %2d: qid=%-2d cur=%-3d " 5752 "queued=%-3d\n", 5753 i, ring->qid, ring->cur, ring->queued); 5754 } 5755 device_printf(sc->sc_dev, 5756 " rx ring: cur=%d\n", sc->rxq.cur); 5757 device_printf(sc->sc_dev, 5758 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state); 5759 5760 /* Don't stop the device; just do a VAP restart */ 5761 IWM_UNLOCK(sc); 5762 5763 if (vap == NULL) { 5764 printf("%s: null vap\n", __func__); 5765 return; 5766 } 5767 5768 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; " 5769 "restarting\n", __func__, vap->iv_state); 5770 5771 ieee80211_restart_all(ic); 5772 return; 5773 } 5774 5775 if (r1 & IWM_CSR_INT_BIT_HW_ERR) { 5776 handled |= IWM_CSR_INT_BIT_HW_ERR; 5777 device_printf(sc->sc_dev, "hardware error, stopping device\n"); 5778 iwm_stop(sc); 5779 rv = 1; 5780 goto out; 5781 } 5782 5783 /* firmware chunk loaded */ 5784 if (r1 & IWM_CSR_INT_BIT_FH_TX) { 5785 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK); 5786 handled |= IWM_CSR_INT_BIT_FH_TX; 5787 sc->sc_fw_chunk_done = 1; 5788 wakeup(&sc->sc_fw); 5789 } 5790 5791 if (r1 & IWM_CSR_INT_BIT_RF_KILL) { 5792 handled |= IWM_CSR_INT_BIT_RF_KILL; 5793 if (iwm_check_rfkill(sc)) { 5794 device_printf(sc->sc_dev, 5795 "%s: rfkill switch, disabling interface\n", 5796 __func__); 5797 iwm_stop(sc); 5798 } 5799 } 5800 5801 /* 5802 * The Linux driver uses periodic interrupts to avoid races. 5803 * We cargo-cult like it's going out of fashion. 5804 */ 5805 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) { 5806 handled |= IWM_CSR_INT_BIT_RX_PERIODIC; 5807 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC); 5808 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0) 5809 IWM_WRITE_1(sc, 5810 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS); 5811 isperiodic = 1; 5812 } 5813 5814 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) { 5815 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX); 5816 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK); 5817 5818 iwm_notif_intr(sc); 5819 5820 /* enable periodic interrupt, see above */ 5821 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic) 5822 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG, 5823 IWM_CSR_INT_PERIODIC_ENA); 5824 } 5825 5826 if (__predict_false(r1 & ~handled)) 5827 IWM_DPRINTF(sc, IWM_DEBUG_INTR, 5828 "%s: unhandled interrupts: %x\n", __func__, r1); 5829 rv = 1; 5830 5831 out_ena: 5832 iwm_restore_interrupts(sc); 5833 out: 5834 IWM_UNLOCK(sc); 5835 return; 5836} 5837 5838/* 5839 * Autoconf glue-sniffing 5840 */ 5841#define PCI_VENDOR_INTEL 0x8086 5842#define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3 5843#define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4 5844#define PCI_PRODUCT_INTEL_WL_3165_1 0x3165 5845#define PCI_PRODUCT_INTEL_WL_3165_2 0x3166 5846#define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1 5847#define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2 5848#define PCI_PRODUCT_INTEL_WL_7265_1 0x095a 5849#define PCI_PRODUCT_INTEL_WL_7265_2 0x095b 5850#define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3 5851#define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4 5852 5853static const struct iwm_devices { 5854 uint16_t device; 5855 const struct iwm_cfg *cfg; 5856} iwm_devices[] = { 5857 { PCI_PRODUCT_INTEL_WL_3160_1, &iwm3160_cfg }, 5858 { PCI_PRODUCT_INTEL_WL_3160_2, &iwm3160_cfg }, 5859 { PCI_PRODUCT_INTEL_WL_3165_1, &iwm3165_cfg }, 5860 { PCI_PRODUCT_INTEL_WL_3165_2, &iwm3165_cfg }, 5861 { PCI_PRODUCT_INTEL_WL_7260_1, &iwm7260_cfg }, 5862 { PCI_PRODUCT_INTEL_WL_7260_2, &iwm7260_cfg }, 5863 { PCI_PRODUCT_INTEL_WL_7265_1, &iwm7265_cfg }, 5864 { PCI_PRODUCT_INTEL_WL_7265_2, &iwm7265_cfg }, 5865 { PCI_PRODUCT_INTEL_WL_8260_1, &iwm8260_cfg }, 5866 { PCI_PRODUCT_INTEL_WL_8260_2, &iwm8260_cfg }, 5867}; 5868 5869static int 5870iwm_probe(device_t dev) 5871{ 5872 int i; 5873 5874 for (i = 0; i < nitems(iwm_devices); i++) { 5875 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL && 5876 pci_get_device(dev) == iwm_devices[i].device) { 5877 device_set_desc(dev, iwm_devices[i].cfg->name); 5878 return (BUS_PROBE_DEFAULT); 5879 } 5880 } 5881 5882 return (ENXIO); 5883} 5884 5885static int 5886iwm_dev_check(device_t dev) 5887{ 5888 struct iwm_softc *sc; 5889 uint16_t devid; 5890 int i; 5891 5892 sc = device_get_softc(dev); 5893 5894 devid = pci_get_device(dev); 5895 for (i = 0; i < nitems(iwm_devices); i++) { 5896 if (iwm_devices[i].device == devid) { 5897 sc->cfg = iwm_devices[i].cfg; 5898 return (0); 5899 } 5900 } 5901 device_printf(dev, "unknown adapter type\n"); 5902 return ENXIO; 5903} 5904 5905/* PCI registers */ 5906#define PCI_CFG_RETRY_TIMEOUT 0x041 5907 5908static int 5909iwm_pci_attach(device_t dev) 5910{ 5911 struct iwm_softc *sc; 5912 int count, error, rid; 5913 uint16_t reg; 5914 5915 sc = device_get_softc(dev); 5916 5917 /* We disable the RETRY_TIMEOUT register (0x41) to keep 5918 * PCI Tx retries from interfering with C3 CPU state */ 5919 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 5920 5921 /* Enable bus-mastering and hardware bug workaround. */ 5922 pci_enable_busmaster(dev); 5923 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg)); 5924 /* if !MSI */ 5925 if (reg & PCIM_STATUS_INTxSTATE) { 5926 reg &= ~PCIM_STATUS_INTxSTATE; 5927 } 5928 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg)); 5929 5930 rid = PCIR_BAR(0); 5931 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 5932 RF_ACTIVE); 5933 if (sc->sc_mem == NULL) { 5934 device_printf(sc->sc_dev, "can't map mem space\n"); 5935 return (ENXIO); 5936 } 5937 sc->sc_st = rman_get_bustag(sc->sc_mem); 5938 sc->sc_sh = rman_get_bushandle(sc->sc_mem); 5939 5940 /* Install interrupt handler. */ 5941 count = 1; 5942 rid = 0; 5943 if (pci_alloc_msi(dev, &count) == 0) 5944 rid = 1; 5945 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 5946 (rid != 0 ? 0 : RF_SHAREABLE)); 5947 if (sc->sc_irq == NULL) { 5948 device_printf(dev, "can't map interrupt\n"); 5949 return (ENXIO); 5950 } 5951 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE, 5952 NULL, iwm_intr, sc, &sc->sc_ih); 5953 if (sc->sc_ih == NULL) { 5954 device_printf(dev, "can't establish interrupt"); 5955 return (ENXIO); 5956 } 5957 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev); 5958 5959 return (0); 5960} 5961 5962static void 5963iwm_pci_detach(device_t dev) 5964{ 5965 struct iwm_softc *sc = device_get_softc(dev); 5966 5967 if (sc->sc_irq != NULL) { 5968 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih); 5969 bus_release_resource(dev, SYS_RES_IRQ, 5970 rman_get_rid(sc->sc_irq), sc->sc_irq); 5971 pci_release_msi(dev); 5972 } 5973 if (sc->sc_mem != NULL) 5974 bus_release_resource(dev, SYS_RES_MEMORY, 5975 rman_get_rid(sc->sc_mem), sc->sc_mem); 5976} 5977 5978 5979 5980static int 5981iwm_attach(device_t dev) 5982{ 5983 struct iwm_softc *sc = device_get_softc(dev); 5984 struct ieee80211com *ic = &sc->sc_ic; 5985 int error; 5986 int txq_i, i; 5987 5988 sc->sc_dev = dev; 5989 sc->sc_attached = 1; 5990 IWM_LOCK_INIT(sc); 5991 mbufq_init(&sc->sc_snd, ifqmaxlen); 5992 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0); 5993 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0); 5994 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc); 5995 5996 sc->sc_notif_wait = iwm_notification_wait_init(sc); 5997 if (sc->sc_notif_wait == NULL) { 5998 device_printf(dev, "failed to init notification wait struct\n"); 5999 goto fail; 6000 } 6001 6002 /* Init phy db */ 6003 sc->sc_phy_db = iwm_phy_db_init(sc); 6004 if (!sc->sc_phy_db) { 6005 device_printf(dev, "Cannot init phy_db\n"); 6006 goto fail; 6007 } 6008 6009 /* PCI attach */ 6010 error = iwm_pci_attach(dev); 6011 if (error != 0) 6012 goto fail; 6013 6014 sc->sc_wantresp = -1; 6015 6016 /* Check device type */ 6017 error = iwm_dev_check(dev); 6018 if (error != 0) 6019 goto fail; 6020 6021 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV); 6022 /* 6023 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have 6024 * changed, and now the revision step also includes bit 0-1 (no more 6025 * "dash" value). To keep hw_rev backwards compatible - we'll store it 6026 * in the old format. 6027 */ 6028 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) 6029 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) | 6030 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2); 6031 6032 if (iwm_prepare_card_hw(sc) != 0) { 6033 device_printf(dev, "could not initialize hardware\n"); 6034 goto fail; 6035 } 6036 6037 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_8000) { 6038 int ret; 6039 uint32_t hw_step; 6040 6041 /* 6042 * In order to recognize C step the driver should read the 6043 * chip version id located at the AUX bus MISC address. 6044 */ 6045 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, 6046 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE); 6047 DELAY(2); 6048 6049 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL, 6050 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 6051 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 6052 25000); 6053 if (!ret) { 6054 device_printf(sc->sc_dev, 6055 "Failed to wake up the nic\n"); 6056 goto fail; 6057 } 6058 6059 if (iwm_nic_lock(sc)) { 6060 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG); 6061 hw_step |= IWM_ENABLE_WFPM; 6062 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step); 6063 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG); 6064 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF; 6065 if (hw_step == 0x3) 6066 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) | 6067 (IWM_SILICON_C_STEP << 2); 6068 iwm_nic_unlock(sc); 6069 } else { 6070 device_printf(sc->sc_dev, "Failed to lock the nic\n"); 6071 goto fail; 6072 } 6073 } 6074 6075 /* special-case 7265D, it has the same PCI IDs. */ 6076 if (sc->cfg == &iwm7265_cfg && 6077 (sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK) == IWM_CSR_HW_REV_TYPE_7265D) { 6078 sc->cfg = &iwm7265d_cfg; 6079 } 6080 6081 /* Allocate DMA memory for firmware transfers. */ 6082 if ((error = iwm_alloc_fwmem(sc)) != 0) { 6083 device_printf(dev, "could not allocate memory for firmware\n"); 6084 goto fail; 6085 } 6086 6087 /* Allocate "Keep Warm" page. */ 6088 if ((error = iwm_alloc_kw(sc)) != 0) { 6089 device_printf(dev, "could not allocate keep warm page\n"); 6090 goto fail; 6091 } 6092 6093 /* We use ICT interrupts */ 6094 if ((error = iwm_alloc_ict(sc)) != 0) { 6095 device_printf(dev, "could not allocate ICT table\n"); 6096 goto fail; 6097 } 6098 6099 /* Allocate TX scheduler "rings". */ 6100 if ((error = iwm_alloc_sched(sc)) != 0) { 6101 device_printf(dev, "could not allocate TX scheduler rings\n"); 6102 goto fail; 6103 } 6104 6105 /* Allocate TX rings */ 6106 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) { 6107 if ((error = iwm_alloc_tx_ring(sc, 6108 &sc->txq[txq_i], txq_i)) != 0) { 6109 device_printf(dev, 6110 "could not allocate TX ring %d\n", 6111 txq_i); 6112 goto fail; 6113 } 6114 } 6115 6116 /* Allocate RX ring. */ 6117 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) { 6118 device_printf(dev, "could not allocate RX ring\n"); 6119 goto fail; 6120 } 6121 6122 /* Clear pending interrupts. */ 6123 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff); 6124 6125 ic->ic_softc = sc; 6126 ic->ic_name = device_get_nameunit(sc->sc_dev); 6127 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 6128 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 6129 6130 /* Set device capabilities. */ 6131 ic->ic_caps = 6132 IEEE80211_C_STA | 6133 IEEE80211_C_WPA | /* WPA/RSN */ 6134 IEEE80211_C_WME | 6135 IEEE80211_C_PMGT | 6136 IEEE80211_C_SHSLOT | /* short slot time supported */ 6137 IEEE80211_C_SHPREAMBLE /* short preamble supported */ 6138// IEEE80211_C_BGSCAN /* capable of bg scanning */ 6139 ; 6140 for (i = 0; i < nitems(sc->sc_phyctxt); i++) { 6141 sc->sc_phyctxt[i].id = i; 6142 sc->sc_phyctxt[i].color = 0; 6143 sc->sc_phyctxt[i].ref = 0; 6144 sc->sc_phyctxt[i].channel = NULL; 6145 } 6146 6147 /* Default noise floor */ 6148 sc->sc_noise = -96; 6149 6150 /* Max RSSI */ 6151 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM; 6152 6153 sc->sc_preinit_hook.ich_func = iwm_preinit; 6154 sc->sc_preinit_hook.ich_arg = sc; 6155 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) { 6156 device_printf(dev, "config_intrhook_establish failed\n"); 6157 goto fail; 6158 } 6159 6160#ifdef IWM_DEBUG 6161 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev), 6162 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug", 6163 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging"); 6164#endif 6165 6166 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6167 "<-%s\n", __func__); 6168 6169 return 0; 6170 6171 /* Free allocated memory if something failed during attachment. */ 6172fail: 6173 iwm_detach_local(sc, 0); 6174 6175 return ENXIO; 6176} 6177 6178static int 6179iwm_is_valid_ether_addr(uint8_t *addr) 6180{ 6181 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 }; 6182 6183 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr)) 6184 return (FALSE); 6185 6186 return (TRUE); 6187} 6188 6189static int 6190iwm_wme_update(struct ieee80211com *ic) 6191{ 6192#define IWM_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 6193 struct iwm_softc *sc = ic->ic_softc; 6194 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6195 struct iwm_vap *ivp = IWM_VAP(vap); 6196 struct iwm_node *in; 6197 struct wmeParams tmp[WME_NUM_AC]; 6198 int aci, error; 6199 6200 if (vap == NULL) 6201 return (0); 6202 6203 IEEE80211_LOCK(ic); 6204 for (aci = 0; aci < WME_NUM_AC; aci++) 6205 tmp[aci] = ic->ic_wme.wme_chanParams.cap_wmeParams[aci]; 6206 IEEE80211_UNLOCK(ic); 6207 6208 IWM_LOCK(sc); 6209 for (aci = 0; aci < WME_NUM_AC; aci++) { 6210 const struct wmeParams *ac = &tmp[aci]; 6211 ivp->queue_params[aci].aifsn = ac->wmep_aifsn; 6212 ivp->queue_params[aci].cw_min = IWM_EXP2(ac->wmep_logcwmin); 6213 ivp->queue_params[aci].cw_max = IWM_EXP2(ac->wmep_logcwmax); 6214 ivp->queue_params[aci].edca_txop = 6215 IEEE80211_TXOP_TO_US(ac->wmep_txopLimit); 6216 } 6217 ivp->have_wme = TRUE; 6218 if (ivp->is_uploaded && vap->iv_bss != NULL) { 6219 in = IWM_NODE(vap->iv_bss); 6220 if (in->in_assoc) { 6221 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) { 6222 device_printf(sc->sc_dev, 6223 "%s: failed to update MAC\n", __func__); 6224 } 6225 } 6226 } 6227 IWM_UNLOCK(sc); 6228 6229 return (0); 6230#undef IWM_EXP2 6231} 6232 6233static void 6234iwm_preinit(void *arg) 6235{ 6236 struct iwm_softc *sc = arg; 6237 device_t dev = sc->sc_dev; 6238 struct ieee80211com *ic = &sc->sc_ic; 6239 int error; 6240 6241 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6242 "->%s\n", __func__); 6243 6244 IWM_LOCK(sc); 6245 if ((error = iwm_start_hw(sc)) != 0) { 6246 device_printf(dev, "could not initialize hardware\n"); 6247 IWM_UNLOCK(sc); 6248 goto fail; 6249 } 6250 6251 error = iwm_run_init_mvm_ucode(sc, 1); 6252 iwm_stop_device(sc); 6253 if (error) { 6254 IWM_UNLOCK(sc); 6255 goto fail; 6256 } 6257 device_printf(dev, 6258 "hw rev 0x%x, fw ver %s, address %s\n", 6259 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK, 6260 sc->sc_fwver, ether_sprintf(sc->nvm_data->hw_addr)); 6261 6262 /* not all hardware can do 5GHz band */ 6263 if (!sc->nvm_data->sku_cap_band_52GHz_enable) 6264 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0, 6265 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A])); 6266 IWM_UNLOCK(sc); 6267 6268 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 6269 ic->ic_channels); 6270 6271 /* 6272 * At this point we've committed - if we fail to do setup, 6273 * we now also have to tear down the net80211 state. 6274 */ 6275 ieee80211_ifattach(ic); 6276 ic->ic_vap_create = iwm_vap_create; 6277 ic->ic_vap_delete = iwm_vap_delete; 6278 ic->ic_raw_xmit = iwm_raw_xmit; 6279 ic->ic_node_alloc = iwm_node_alloc; 6280 ic->ic_scan_start = iwm_scan_start; 6281 ic->ic_scan_end = iwm_scan_end; 6282 ic->ic_update_mcast = iwm_update_mcast; 6283 ic->ic_getradiocaps = iwm_init_channel_map; 6284 ic->ic_set_channel = iwm_set_channel; 6285 ic->ic_scan_curchan = iwm_scan_curchan; 6286 ic->ic_scan_mindwell = iwm_scan_mindwell; 6287 ic->ic_wme.wme_update = iwm_wme_update; 6288 ic->ic_parent = iwm_parent; 6289 ic->ic_transmit = iwm_transmit; 6290 iwm_radiotap_attach(sc); 6291 if (bootverbose) 6292 ieee80211_announce(ic); 6293 6294 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6295 "<-%s\n", __func__); 6296 config_intrhook_disestablish(&sc->sc_preinit_hook); 6297 6298 return; 6299fail: 6300 config_intrhook_disestablish(&sc->sc_preinit_hook); 6301 iwm_detach_local(sc, 0); 6302} 6303 6304/* 6305 * Attach the interface to 802.11 radiotap. 6306 */ 6307static void 6308iwm_radiotap_attach(struct iwm_softc *sc) 6309{ 6310 struct ieee80211com *ic = &sc->sc_ic; 6311 6312 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6313 "->%s begin\n", __func__); 6314 ieee80211_radiotap_attach(ic, 6315 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 6316 IWM_TX_RADIOTAP_PRESENT, 6317 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 6318 IWM_RX_RADIOTAP_PRESENT); 6319 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE, 6320 "->%s end\n", __func__); 6321} 6322 6323static struct ieee80211vap * 6324iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 6325 enum ieee80211_opmode opmode, int flags, 6326 const uint8_t bssid[IEEE80211_ADDR_LEN], 6327 const uint8_t mac[IEEE80211_ADDR_LEN]) 6328{ 6329 struct iwm_vap *ivp; 6330 struct ieee80211vap *vap; 6331 6332 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 6333 return NULL; 6334 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO); 6335 vap = &ivp->iv_vap; 6336 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 6337 vap->iv_bmissthreshold = 10; /* override default */ 6338 /* Override with driver methods. */ 6339 ivp->iv_newstate = vap->iv_newstate; 6340 vap->iv_newstate = iwm_newstate; 6341 6342 ivp->id = IWM_DEFAULT_MACID; 6343 ivp->color = IWM_DEFAULT_COLOR; 6344 6345 ivp->have_wme = FALSE; 6346 6347 ieee80211_ratectl_init(vap); 6348 /* Complete setup. */ 6349 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status, 6350 mac); 6351 ic->ic_opmode = opmode; 6352 6353 return vap; 6354} 6355 6356static void 6357iwm_vap_delete(struct ieee80211vap *vap) 6358{ 6359 struct iwm_vap *ivp = IWM_VAP(vap); 6360 6361 ieee80211_ratectl_deinit(vap); 6362 ieee80211_vap_detach(vap); 6363 free(ivp, M_80211_VAP); 6364} 6365 6366static void 6367iwm_scan_start(struct ieee80211com *ic) 6368{ 6369 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6370 struct iwm_softc *sc = ic->ic_softc; 6371 int error; 6372 6373 IWM_LOCK(sc); 6374 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 6375 /* This should not be possible */ 6376 device_printf(sc->sc_dev, 6377 "%s: Previous scan not completed yet\n", __func__); 6378 } 6379 if (fw_has_capa(&sc->ucode_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) 6380 error = iwm_mvm_umac_scan(sc); 6381 else 6382 error = iwm_mvm_lmac_scan(sc); 6383 if (error != 0) { 6384 device_printf(sc->sc_dev, "could not initiate scan\n"); 6385 IWM_UNLOCK(sc); 6386 ieee80211_cancel_scan(vap); 6387 } else { 6388 sc->sc_flags |= IWM_FLAG_SCAN_RUNNING; 6389 iwm_led_blink_start(sc); 6390 IWM_UNLOCK(sc); 6391 } 6392} 6393 6394static void 6395iwm_scan_end(struct ieee80211com *ic) 6396{ 6397 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6398 struct iwm_softc *sc = ic->ic_softc; 6399 6400 IWM_LOCK(sc); 6401 iwm_led_blink_stop(sc); 6402 if (vap->iv_state == IEEE80211_S_RUN) 6403 iwm_mvm_led_enable(sc); 6404 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) { 6405 /* 6406 * Removing IWM_FLAG_SCAN_RUNNING now, is fine because 6407 * both iwm_scan_end and iwm_scan_start run in the ic->ic_tq 6408 * taskqueue. 6409 */ 6410 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING; 6411 iwm_mvm_scan_stop_wait(sc); 6412 } 6413 IWM_UNLOCK(sc); 6414 6415 /* 6416 * Make sure we don't race, if sc_es_task is still enqueued here. 6417 * This is to make sure that it won't call ieee80211_scan_done 6418 * when we have already started the next scan. 6419 */ 6420 taskqueue_cancel(ic->ic_tq, &sc->sc_es_task, NULL); 6421} 6422 6423static void 6424iwm_update_mcast(struct ieee80211com *ic) 6425{ 6426} 6427 6428static void 6429iwm_set_channel(struct ieee80211com *ic) 6430{ 6431} 6432 6433static void 6434iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 6435{ 6436} 6437 6438static void 6439iwm_scan_mindwell(struct ieee80211_scan_state *ss) 6440{ 6441 return; 6442} 6443 6444void 6445iwm_init_task(void *arg1) 6446{ 6447 struct iwm_softc *sc = arg1; 6448 6449 IWM_LOCK(sc); 6450 while (sc->sc_flags & IWM_FLAG_BUSY) 6451 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0); 6452 sc->sc_flags |= IWM_FLAG_BUSY; 6453 iwm_stop(sc); 6454 if (sc->sc_ic.ic_nrunning > 0) 6455 iwm_init(sc); 6456 sc->sc_flags &= ~IWM_FLAG_BUSY; 6457 wakeup(&sc->sc_flags); 6458 IWM_UNLOCK(sc); 6459} 6460 6461static int 6462iwm_resume(device_t dev) 6463{ 6464 struct iwm_softc *sc = device_get_softc(dev); 6465 int do_reinit = 0; 6466 6467 /* 6468 * We disable the RETRY_TIMEOUT register (0x41) to keep 6469 * PCI Tx retries from interfering with C3 CPU state. 6470 */ 6471 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1); 6472 iwm_init_task(device_get_softc(dev)); 6473 6474 IWM_LOCK(sc); 6475 if (sc->sc_flags & IWM_FLAG_SCANNING) { 6476 sc->sc_flags &= ~IWM_FLAG_SCANNING; 6477 do_reinit = 1; 6478 } 6479 IWM_UNLOCK(sc); 6480 6481 if (do_reinit) 6482 ieee80211_resume_all(&sc->sc_ic); 6483 6484 return 0; 6485} 6486 6487static int 6488iwm_suspend(device_t dev) 6489{ 6490 int do_stop = 0; 6491 struct iwm_softc *sc = device_get_softc(dev); 6492 6493 do_stop = !! (sc->sc_ic.ic_nrunning > 0); 6494 6495 ieee80211_suspend_all(&sc->sc_ic); 6496 6497 if (do_stop) { 6498 IWM_LOCK(sc); 6499 iwm_stop(sc); 6500 sc->sc_flags |= IWM_FLAG_SCANNING; 6501 IWM_UNLOCK(sc); 6502 } 6503 6504 return (0); 6505} 6506 6507static int 6508iwm_detach_local(struct iwm_softc *sc, int do_net80211) 6509{ 6510 struct iwm_fw_info *fw = &sc->sc_fw; 6511 device_t dev = sc->sc_dev; 6512 int i; 6513 6514 if (!sc->sc_attached) 6515 return 0; 6516 sc->sc_attached = 0; 6517 6518 if (do_net80211) 6519 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task); 6520 6521 callout_drain(&sc->sc_led_blink_to); 6522 callout_drain(&sc->sc_watchdog_to); 6523 iwm_stop_device(sc); 6524 if (do_net80211) { 6525 ieee80211_ifdetach(&sc->sc_ic); 6526 } 6527 6528 iwm_phy_db_free(sc->sc_phy_db); 6529 sc->sc_phy_db = NULL; 6530 6531 iwm_free_nvm_data(sc->nvm_data); 6532 6533 /* Free descriptor rings */ 6534 iwm_free_rx_ring(sc, &sc->rxq); 6535 for (i = 0; i < nitems(sc->txq); i++) 6536 iwm_free_tx_ring(sc, &sc->txq[i]); 6537 6538 /* Free firmware */ 6539 if (fw->fw_fp != NULL) 6540 iwm_fw_info_free(fw); 6541 6542 /* Free scheduler */ 6543 iwm_dma_contig_free(&sc->sched_dma); 6544 iwm_dma_contig_free(&sc->ict_dma); 6545 iwm_dma_contig_free(&sc->kw_dma); 6546 iwm_dma_contig_free(&sc->fw_dma); 6547 6548 iwm_free_fw_paging(sc); 6549 6550 /* Finished with the hardware - detach things */ 6551 iwm_pci_detach(dev); 6552 6553 if (sc->sc_notif_wait != NULL) { 6554 iwm_notification_wait_free(sc->sc_notif_wait); 6555 sc->sc_notif_wait = NULL; 6556 } 6557 6558 mbufq_drain(&sc->sc_snd); 6559 IWM_LOCK_DESTROY(sc); 6560 6561 return (0); 6562} 6563 6564static int 6565iwm_detach(device_t dev) 6566{ 6567 struct iwm_softc *sc = device_get_softc(dev); 6568 6569 return (iwm_detach_local(sc, 1)); 6570} 6571 6572static device_method_t iwm_pci_methods[] = { 6573 /* Device interface */ 6574 DEVMETHOD(device_probe, iwm_probe), 6575 DEVMETHOD(device_attach, iwm_attach), 6576 DEVMETHOD(device_detach, iwm_detach), 6577 DEVMETHOD(device_suspend, iwm_suspend), 6578 DEVMETHOD(device_resume, iwm_resume), 6579 6580 DEVMETHOD_END 6581}; 6582 6583static driver_t iwm_pci_driver = { 6584 "iwm", 6585 iwm_pci_methods, 6586 sizeof (struct iwm_softc) 6587}; 6588 6589static devclass_t iwm_devclass; 6590 6591DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL); 6592MODULE_DEPEND(iwm, firmware, 1, 1, 1); 6593MODULE_DEPEND(iwm, pci, 1, 1, 1); 6594MODULE_DEPEND(iwm, wlan, 1, 1, 1); 6595