1/*- 2 * Copyright (c) 2007-2009 Sam Leffler, Errno Consulting 3 * Copyright (c) 2007-2008 Marvell Semiconductor, Inc. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer, 11 * without modification. 12 * 2. Redistributions in binary form must reproduce at minimum a disclaimer 13 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any 14 * redistribution must be conditioned upon including a substantially 15 * similar Disclaimer requirement for further binary redistribution. 16 * 17 * NO WARRANTY 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY 21 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, 23 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 26 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 28 * THE POSSIBILITY OF SUCH DAMAGES. 29 */ 30 31#include <sys/cdefs.h> 32__FBSDID("$FreeBSD: stable/11/sys/dev/mwl/if_mwl.c 344969 2019-03-09 12:54:10Z avos $"); 33 34/* 35 * Driver for the Marvell 88W8363 Wireless LAN controller. 36 */ 37 38#include "opt_inet.h" 39#include "opt_mwl.h" 40#include "opt_wlan.h" 41 42#include <sys/param.h> 43#include <sys/systm.h> 44#include <sys/sysctl.h> 45#include <sys/mbuf.h> 46#include <sys/malloc.h> 47#include <sys/lock.h> 48#include <sys/mutex.h> 49#include <sys/kernel.h> 50#include <sys/socket.h> 51#include <sys/sockio.h> 52#include <sys/errno.h> 53#include <sys/callout.h> 54#include <sys/bus.h> 55#include <sys/endian.h> 56#include <sys/kthread.h> 57#include <sys/taskqueue.h> 58 59#include <machine/bus.h> 60 61#include <net/if.h> 62#include <net/if_var.h> 63#include <net/if_dl.h> 64#include <net/if_media.h> 65#include <net/if_types.h> 66#include <net/if_arp.h> 67#include <net/ethernet.h> 68#include <net/if_llc.h> 69 70#include <net/bpf.h> 71 72#include <net80211/ieee80211_var.h> 73#include <net80211/ieee80211_input.h> 74#include <net80211/ieee80211_regdomain.h> 75 76#ifdef INET 77#include <netinet/in.h> 78#include <netinet/if_ether.h> 79#endif /* INET */ 80 81#include <dev/mwl/if_mwlvar.h> 82#include <dev/mwl/mwldiag.h> 83 84/* idiomatic shorthands: MS = mask+shift, SM = shift+mask */ 85#define MS(v,x) (((v) & x) >> x##_S) 86#define SM(v,x) (((v) << x##_S) & x) 87 88static struct ieee80211vap *mwl_vap_create(struct ieee80211com *, 89 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 90 const uint8_t [IEEE80211_ADDR_LEN], 91 const uint8_t [IEEE80211_ADDR_LEN]); 92static void mwl_vap_delete(struct ieee80211vap *); 93static int mwl_setupdma(struct mwl_softc *); 94static int mwl_hal_reset(struct mwl_softc *sc); 95static int mwl_init(struct mwl_softc *); 96static void mwl_parent(struct ieee80211com *); 97static int mwl_reset(struct ieee80211vap *, u_long); 98static void mwl_stop(struct mwl_softc *); 99static void mwl_start(struct mwl_softc *); 100static int mwl_transmit(struct ieee80211com *, struct mbuf *); 101static int mwl_raw_xmit(struct ieee80211_node *, struct mbuf *, 102 const struct ieee80211_bpf_params *); 103static int mwl_media_change(struct ifnet *); 104static void mwl_watchdog(void *); 105static int mwl_ioctl(struct ieee80211com *, u_long, void *); 106static void mwl_radar_proc(void *, int); 107static void mwl_chanswitch_proc(void *, int); 108static void mwl_bawatchdog_proc(void *, int); 109static int mwl_key_alloc(struct ieee80211vap *, 110 struct ieee80211_key *, 111 ieee80211_keyix *, ieee80211_keyix *); 112static int mwl_key_delete(struct ieee80211vap *, 113 const struct ieee80211_key *); 114static int mwl_key_set(struct ieee80211vap *, 115 const struct ieee80211_key *); 116static int _mwl_key_set(struct ieee80211vap *, 117 const struct ieee80211_key *, 118 const uint8_t mac[IEEE80211_ADDR_LEN]); 119static int mwl_mode_init(struct mwl_softc *); 120static void mwl_update_mcast(struct ieee80211com *); 121static void mwl_update_promisc(struct ieee80211com *); 122static void mwl_updateslot(struct ieee80211com *); 123static int mwl_beacon_setup(struct ieee80211vap *); 124static void mwl_beacon_update(struct ieee80211vap *, int); 125#ifdef MWL_HOST_PS_SUPPORT 126static void mwl_update_ps(struct ieee80211vap *, int); 127static int mwl_set_tim(struct ieee80211_node *, int); 128#endif 129static int mwl_dma_setup(struct mwl_softc *); 130static void mwl_dma_cleanup(struct mwl_softc *); 131static struct ieee80211_node *mwl_node_alloc(struct ieee80211vap *, 132 const uint8_t [IEEE80211_ADDR_LEN]); 133static void mwl_node_cleanup(struct ieee80211_node *); 134static void mwl_node_drain(struct ieee80211_node *); 135static void mwl_node_getsignal(const struct ieee80211_node *, 136 int8_t *, int8_t *); 137static void mwl_node_getmimoinfo(const struct ieee80211_node *, 138 struct ieee80211_mimo_info *); 139static int mwl_rxbuf_init(struct mwl_softc *, struct mwl_rxbuf *); 140static void mwl_rx_proc(void *, int); 141static void mwl_txq_init(struct mwl_softc *sc, struct mwl_txq *, int); 142static int mwl_tx_setup(struct mwl_softc *, int, int); 143static int mwl_wme_update(struct ieee80211com *); 144static void mwl_tx_cleanupq(struct mwl_softc *, struct mwl_txq *); 145static void mwl_tx_cleanup(struct mwl_softc *); 146static uint16_t mwl_calcformat(uint8_t rate, const struct ieee80211_node *); 147static int mwl_tx_start(struct mwl_softc *, struct ieee80211_node *, 148 struct mwl_txbuf *, struct mbuf *); 149static void mwl_tx_proc(void *, int); 150static int mwl_chan_set(struct mwl_softc *, struct ieee80211_channel *); 151static void mwl_draintxq(struct mwl_softc *); 152static void mwl_cleartxq(struct mwl_softc *, struct ieee80211vap *); 153static int mwl_recv_action(struct ieee80211_node *, 154 const struct ieee80211_frame *, 155 const uint8_t *, const uint8_t *); 156static int mwl_addba_request(struct ieee80211_node *, 157 struct ieee80211_tx_ampdu *, int dialogtoken, 158 int baparamset, int batimeout); 159static int mwl_addba_response(struct ieee80211_node *, 160 struct ieee80211_tx_ampdu *, int status, 161 int baparamset, int batimeout); 162static void mwl_addba_stop(struct ieee80211_node *, 163 struct ieee80211_tx_ampdu *); 164static int mwl_startrecv(struct mwl_softc *); 165static MWL_HAL_APMODE mwl_getapmode(const struct ieee80211vap *, 166 struct ieee80211_channel *); 167static int mwl_setapmode(struct ieee80211vap *, struct ieee80211_channel*); 168static void mwl_scan_start(struct ieee80211com *); 169static void mwl_scan_end(struct ieee80211com *); 170static void mwl_set_channel(struct ieee80211com *); 171static int mwl_peerstadb(struct ieee80211_node *, 172 int aid, int staid, MWL_HAL_PEERINFO *pi); 173static int mwl_localstadb(struct ieee80211vap *); 174static int mwl_newstate(struct ieee80211vap *, enum ieee80211_state, int); 175static int allocstaid(struct mwl_softc *sc, int aid); 176static void delstaid(struct mwl_softc *sc, int staid); 177static void mwl_newassoc(struct ieee80211_node *, int); 178static void mwl_agestations(void *); 179static int mwl_setregdomain(struct ieee80211com *, 180 struct ieee80211_regdomain *, int, 181 struct ieee80211_channel []); 182static void mwl_getradiocaps(struct ieee80211com *, int, int *, 183 struct ieee80211_channel []); 184static int mwl_getchannels(struct mwl_softc *); 185 186static void mwl_sysctlattach(struct mwl_softc *); 187static void mwl_announce(struct mwl_softc *); 188 189SYSCTL_NODE(_hw, OID_AUTO, mwl, CTLFLAG_RD, 0, "Marvell driver parameters"); 190 191static int mwl_rxdesc = MWL_RXDESC; /* # rx desc's to allocate */ 192SYSCTL_INT(_hw_mwl, OID_AUTO, rxdesc, CTLFLAG_RW, &mwl_rxdesc, 193 0, "rx descriptors allocated"); 194static int mwl_rxbuf = MWL_RXBUF; /* # rx buffers to allocate */ 195SYSCTL_INT(_hw_mwl, OID_AUTO, rxbuf, CTLFLAG_RWTUN, &mwl_rxbuf, 196 0, "rx buffers allocated"); 197static int mwl_txbuf = MWL_TXBUF; /* # tx buffers to allocate */ 198SYSCTL_INT(_hw_mwl, OID_AUTO, txbuf, CTLFLAG_RWTUN, &mwl_txbuf, 199 0, "tx buffers allocated"); 200static int mwl_txcoalesce = 8; /* # tx packets to q before poking f/w*/ 201SYSCTL_INT(_hw_mwl, OID_AUTO, txcoalesce, CTLFLAG_RWTUN, &mwl_txcoalesce, 202 0, "tx buffers to send at once"); 203static int mwl_rxquota = MWL_RXBUF; /* # max buffers to process */ 204SYSCTL_INT(_hw_mwl, OID_AUTO, rxquota, CTLFLAG_RWTUN, &mwl_rxquota, 205 0, "max rx buffers to process per interrupt"); 206static int mwl_rxdmalow = 3; /* # min buffers for wakeup */ 207SYSCTL_INT(_hw_mwl, OID_AUTO, rxdmalow, CTLFLAG_RWTUN, &mwl_rxdmalow, 208 0, "min free rx buffers before restarting traffic"); 209 210#ifdef MWL_DEBUG 211static int mwl_debug = 0; 212SYSCTL_INT(_hw_mwl, OID_AUTO, debug, CTLFLAG_RWTUN, &mwl_debug, 213 0, "control debugging printfs"); 214enum { 215 MWL_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 216 MWL_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 217 MWL_DEBUG_RECV = 0x00000004, /* basic recv operation */ 218 MWL_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 219 MWL_DEBUG_RESET = 0x00000010, /* reset processing */ 220 MWL_DEBUG_BEACON = 0x00000020, /* beacon handling */ 221 MWL_DEBUG_INTR = 0x00000040, /* ISR */ 222 MWL_DEBUG_TX_PROC = 0x00000080, /* tx ISR proc */ 223 MWL_DEBUG_RX_PROC = 0x00000100, /* rx ISR proc */ 224 MWL_DEBUG_KEYCACHE = 0x00000200, /* key cache management */ 225 MWL_DEBUG_STATE = 0x00000400, /* 802.11 state transitions */ 226 MWL_DEBUG_NODE = 0x00000800, /* node management */ 227 MWL_DEBUG_RECV_ALL = 0x00001000, /* trace all frames (beacons) */ 228 MWL_DEBUG_TSO = 0x00002000, /* TSO processing */ 229 MWL_DEBUG_AMPDU = 0x00004000, /* BA stream handling */ 230 MWL_DEBUG_ANY = 0xffffffff 231}; 232#define IS_BEACON(wh) \ 233 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK|IEEE80211_FC0_SUBTYPE_MASK)) == \ 234 (IEEE80211_FC0_TYPE_MGT|IEEE80211_FC0_SUBTYPE_BEACON)) 235#define IFF_DUMPPKTS_RECV(sc, wh) \ 236 ((sc->sc_debug & MWL_DEBUG_RECV) && \ 237 ((sc->sc_debug & MWL_DEBUG_RECV_ALL) || !IS_BEACON(wh))) 238#define IFF_DUMPPKTS_XMIT(sc) \ 239 (sc->sc_debug & MWL_DEBUG_XMIT) 240 241#define DPRINTF(sc, m, fmt, ...) do { \ 242 if (sc->sc_debug & (m)) \ 243 printf(fmt, __VA_ARGS__); \ 244} while (0) 245#define KEYPRINTF(sc, hk, mac) do { \ 246 if (sc->sc_debug & MWL_DEBUG_KEYCACHE) \ 247 mwl_keyprint(sc, __func__, hk, mac); \ 248} while (0) 249static void mwl_printrxbuf(const struct mwl_rxbuf *bf, u_int ix); 250static void mwl_printtxbuf(const struct mwl_txbuf *bf, u_int qnum, u_int ix); 251#else 252#define IFF_DUMPPKTS_RECV(sc, wh) 0 253#define IFF_DUMPPKTS_XMIT(sc) 0 254#define DPRINTF(sc, m, fmt, ...) do { (void )sc; } while (0) 255#define KEYPRINTF(sc, k, mac) do { (void )sc; } while (0) 256#endif 257 258static MALLOC_DEFINE(M_MWLDEV, "mwldev", "mwl driver dma buffers"); 259 260/* 261 * Each packet has fixed front matter: a 2-byte length 262 * of the payload, followed by a 4-address 802.11 header 263 * (regardless of the actual header and always w/o any 264 * QoS header). The payload then follows. 265 */ 266struct mwltxrec { 267 uint16_t fwlen; 268 struct ieee80211_frame_addr4 wh; 269} __packed; 270 271/* 272 * Read/Write shorthands for accesses to BAR 0. Note 273 * that all BAR 1 operations are done in the "hal" and 274 * there should be no reference to them here. 275 */ 276#ifdef MWL_DEBUG 277static __inline uint32_t 278RD4(struct mwl_softc *sc, bus_size_t off) 279{ 280 return bus_space_read_4(sc->sc_io0t, sc->sc_io0h, off); 281} 282#endif 283 284static __inline void 285WR4(struct mwl_softc *sc, bus_size_t off, uint32_t val) 286{ 287 bus_space_write_4(sc->sc_io0t, sc->sc_io0h, off, val); 288} 289 290int 291mwl_attach(uint16_t devid, struct mwl_softc *sc) 292{ 293 struct ieee80211com *ic = &sc->sc_ic; 294 struct mwl_hal *mh; 295 int error = 0; 296 297 DPRINTF(sc, MWL_DEBUG_ANY, "%s: devid 0x%x\n", __func__, devid); 298 299 /* 300 * Setup the RX free list lock early, so it can be consistently 301 * removed. 302 */ 303 MWL_RXFREE_INIT(sc); 304 305 mh = mwl_hal_attach(sc->sc_dev, devid, 306 sc->sc_io1h, sc->sc_io1t, sc->sc_dmat); 307 if (mh == NULL) { 308 device_printf(sc->sc_dev, "unable to attach HAL\n"); 309 error = EIO; 310 goto bad; 311 } 312 sc->sc_mh = mh; 313 /* 314 * Load firmware so we can get setup. We arbitrarily 315 * pick station firmware; we'll re-load firmware as 316 * needed so setting up the wrong mode isn't a big deal. 317 */ 318 if (mwl_hal_fwload(mh, NULL) != 0) { 319 device_printf(sc->sc_dev, "unable to setup builtin firmware\n"); 320 error = EIO; 321 goto bad1; 322 } 323 if (mwl_hal_gethwspecs(mh, &sc->sc_hwspecs) != 0) { 324 device_printf(sc->sc_dev, "unable to fetch h/w specs\n"); 325 error = EIO; 326 goto bad1; 327 } 328 error = mwl_getchannels(sc); 329 if (error != 0) 330 goto bad1; 331 332 sc->sc_txantenna = 0; /* h/w default */ 333 sc->sc_rxantenna = 0; /* h/w default */ 334 sc->sc_invalid = 0; /* ready to go, enable int handling */ 335 sc->sc_ageinterval = MWL_AGEINTERVAL; 336 337 /* 338 * Allocate tx+rx descriptors and populate the lists. 339 * We immediately push the information to the firmware 340 * as otherwise it gets upset. 341 */ 342 error = mwl_dma_setup(sc); 343 if (error != 0) { 344 device_printf(sc->sc_dev, "failed to setup descriptors: %d\n", 345 error); 346 goto bad1; 347 } 348 error = mwl_setupdma(sc); /* push to firmware */ 349 if (error != 0) /* NB: mwl_setupdma prints msg */ 350 goto bad1; 351 352 callout_init(&sc->sc_timer, 1); 353 callout_init_mtx(&sc->sc_watchdog, &sc->sc_mtx, 0); 354 mbufq_init(&sc->sc_snd, ifqmaxlen); 355 356 sc->sc_tq = taskqueue_create("mwl_taskq", M_NOWAIT, 357 taskqueue_thread_enqueue, &sc->sc_tq); 358 taskqueue_start_threads(&sc->sc_tq, 1, PI_NET, 359 "%s taskq", device_get_nameunit(sc->sc_dev)); 360 361 TASK_INIT(&sc->sc_rxtask, 0, mwl_rx_proc, sc); 362 TASK_INIT(&sc->sc_radartask, 0, mwl_radar_proc, sc); 363 TASK_INIT(&sc->sc_chanswitchtask, 0, mwl_chanswitch_proc, sc); 364 TASK_INIT(&sc->sc_bawatchdogtask, 0, mwl_bawatchdog_proc, sc); 365 366 /* NB: insure BK queue is the lowest priority h/w queue */ 367 if (!mwl_tx_setup(sc, WME_AC_BK, MWL_WME_AC_BK)) { 368 device_printf(sc->sc_dev, 369 "unable to setup xmit queue for %s traffic!\n", 370 ieee80211_wme_acnames[WME_AC_BK]); 371 error = EIO; 372 goto bad2; 373 } 374 if (!mwl_tx_setup(sc, WME_AC_BE, MWL_WME_AC_BE) || 375 !mwl_tx_setup(sc, WME_AC_VI, MWL_WME_AC_VI) || 376 !mwl_tx_setup(sc, WME_AC_VO, MWL_WME_AC_VO)) { 377 /* 378 * Not enough hardware tx queues to properly do WME; 379 * just punt and assign them all to the same h/w queue. 380 * We could do a better job of this if, for example, 381 * we allocate queues when we switch from station to 382 * AP mode. 383 */ 384 if (sc->sc_ac2q[WME_AC_VI] != NULL) 385 mwl_tx_cleanupq(sc, sc->sc_ac2q[WME_AC_VI]); 386 if (sc->sc_ac2q[WME_AC_BE] != NULL) 387 mwl_tx_cleanupq(sc, sc->sc_ac2q[WME_AC_BE]); 388 sc->sc_ac2q[WME_AC_BE] = sc->sc_ac2q[WME_AC_BK]; 389 sc->sc_ac2q[WME_AC_VI] = sc->sc_ac2q[WME_AC_BK]; 390 sc->sc_ac2q[WME_AC_VO] = sc->sc_ac2q[WME_AC_BK]; 391 } 392 TASK_INIT(&sc->sc_txtask, 0, mwl_tx_proc, sc); 393 394 ic->ic_softc = sc; 395 ic->ic_name = device_get_nameunit(sc->sc_dev); 396 /* XXX not right but it's not used anywhere important */ 397 ic->ic_phytype = IEEE80211_T_OFDM; 398 ic->ic_opmode = IEEE80211_M_STA; 399 ic->ic_caps = 400 IEEE80211_C_STA /* station mode supported */ 401 | IEEE80211_C_HOSTAP /* hostap mode */ 402 | IEEE80211_C_MONITOR /* monitor mode */ 403#if 0 404 | IEEE80211_C_IBSS /* ibss, nee adhoc, mode */ 405 | IEEE80211_C_AHDEMO /* adhoc demo mode */ 406#endif 407 | IEEE80211_C_MBSS /* mesh point link mode */ 408 | IEEE80211_C_WDS /* WDS supported */ 409 | IEEE80211_C_SHPREAMBLE /* short preamble supported */ 410 | IEEE80211_C_SHSLOT /* short slot time supported */ 411 | IEEE80211_C_WME /* WME/WMM supported */ 412 | IEEE80211_C_BURST /* xmit bursting supported */ 413 | IEEE80211_C_WPA /* capable of WPA1+WPA2 */ 414 | IEEE80211_C_BGSCAN /* capable of bg scanning */ 415 | IEEE80211_C_TXFRAG /* handle tx frags */ 416 | IEEE80211_C_TXPMGT /* capable of txpow mgt */ 417 | IEEE80211_C_DFS /* DFS supported */ 418 ; 419 420 ic->ic_htcaps = 421 IEEE80211_HTCAP_SMPS_ENA /* SM PS mode enabled */ 422 | IEEE80211_HTCAP_CHWIDTH40 /* 40MHz channel width */ 423 | IEEE80211_HTCAP_SHORTGI20 /* short GI in 20MHz */ 424 | IEEE80211_HTCAP_SHORTGI40 /* short GI in 40MHz */ 425 | IEEE80211_HTCAP_RXSTBC_2STREAM/* 1-2 spatial streams */ 426#if MWL_AGGR_SIZE == 7935 427 | IEEE80211_HTCAP_MAXAMSDU_7935 /* max A-MSDU length */ 428#else 429 | IEEE80211_HTCAP_MAXAMSDU_3839 /* max A-MSDU length */ 430#endif 431#if 0 432 | IEEE80211_HTCAP_PSMP /* PSMP supported */ 433 | IEEE80211_HTCAP_40INTOLERANT /* 40MHz intolerant */ 434#endif 435 /* s/w capabilities */ 436 | IEEE80211_HTC_HT /* HT operation */ 437 | IEEE80211_HTC_AMPDU /* tx A-MPDU */ 438 | IEEE80211_HTC_AMSDU /* tx A-MSDU */ 439 | IEEE80211_HTC_SMPS /* SMPS available */ 440 ; 441 442 /* 443 * Mark h/w crypto support. 444 * XXX no way to query h/w support. 445 */ 446 ic->ic_cryptocaps |= IEEE80211_CRYPTO_WEP 447 | IEEE80211_CRYPTO_AES_CCM 448 | IEEE80211_CRYPTO_TKIP 449 | IEEE80211_CRYPTO_TKIPMIC 450 ; 451 /* 452 * Transmit requires space in the packet for a special 453 * format transmit record and optional padding between 454 * this record and the payload. Ask the net80211 layer 455 * to arrange this when encapsulating packets so we can 456 * add it efficiently. 457 */ 458 ic->ic_headroom = sizeof(struct mwltxrec) - 459 sizeof(struct ieee80211_frame); 460 461 IEEE80211_ADDR_COPY(ic->ic_macaddr, sc->sc_hwspecs.macAddr); 462 463 /* call MI attach routine. */ 464 ieee80211_ifattach(ic); 465 ic->ic_setregdomain = mwl_setregdomain; 466 ic->ic_getradiocaps = mwl_getradiocaps; 467 /* override default methods */ 468 ic->ic_raw_xmit = mwl_raw_xmit; 469 ic->ic_newassoc = mwl_newassoc; 470 ic->ic_updateslot = mwl_updateslot; 471 ic->ic_update_mcast = mwl_update_mcast; 472 ic->ic_update_promisc = mwl_update_promisc; 473 ic->ic_wme.wme_update = mwl_wme_update; 474 ic->ic_transmit = mwl_transmit; 475 ic->ic_ioctl = mwl_ioctl; 476 ic->ic_parent = mwl_parent; 477 478 ic->ic_node_alloc = mwl_node_alloc; 479 sc->sc_node_cleanup = ic->ic_node_cleanup; 480 ic->ic_node_cleanup = mwl_node_cleanup; 481 sc->sc_node_drain = ic->ic_node_drain; 482 ic->ic_node_drain = mwl_node_drain; 483 ic->ic_node_getsignal = mwl_node_getsignal; 484 ic->ic_node_getmimoinfo = mwl_node_getmimoinfo; 485 486 ic->ic_scan_start = mwl_scan_start; 487 ic->ic_scan_end = mwl_scan_end; 488 ic->ic_set_channel = mwl_set_channel; 489 490 sc->sc_recv_action = ic->ic_recv_action; 491 ic->ic_recv_action = mwl_recv_action; 492 sc->sc_addba_request = ic->ic_addba_request; 493 ic->ic_addba_request = mwl_addba_request; 494 sc->sc_addba_response = ic->ic_addba_response; 495 ic->ic_addba_response = mwl_addba_response; 496 sc->sc_addba_stop = ic->ic_addba_stop; 497 ic->ic_addba_stop = mwl_addba_stop; 498 499 ic->ic_vap_create = mwl_vap_create; 500 ic->ic_vap_delete = mwl_vap_delete; 501 502 ieee80211_radiotap_attach(ic, 503 &sc->sc_tx_th.wt_ihdr, sizeof(sc->sc_tx_th), 504 MWL_TX_RADIOTAP_PRESENT, 505 &sc->sc_rx_th.wr_ihdr, sizeof(sc->sc_rx_th), 506 MWL_RX_RADIOTAP_PRESENT); 507 /* 508 * Setup dynamic sysctl's now that country code and 509 * regdomain are available from the hal. 510 */ 511 mwl_sysctlattach(sc); 512 513 if (bootverbose) 514 ieee80211_announce(ic); 515 mwl_announce(sc); 516 return 0; 517bad2: 518 mwl_dma_cleanup(sc); 519bad1: 520 mwl_hal_detach(mh); 521bad: 522 MWL_RXFREE_DESTROY(sc); 523 sc->sc_invalid = 1; 524 return error; 525} 526 527int 528mwl_detach(struct mwl_softc *sc) 529{ 530 struct ieee80211com *ic = &sc->sc_ic; 531 532 MWL_LOCK(sc); 533 mwl_stop(sc); 534 MWL_UNLOCK(sc); 535 /* 536 * NB: the order of these is important: 537 * o call the 802.11 layer before detaching the hal to 538 * insure callbacks into the driver to delete global 539 * key cache entries can be handled 540 * o reclaim the tx queue data structures after calling 541 * the 802.11 layer as we'll get called back to reclaim 542 * node state and potentially want to use them 543 * o to cleanup the tx queues the hal is called, so detach 544 * it last 545 * Other than that, it's straightforward... 546 */ 547 ieee80211_ifdetach(ic); 548 callout_drain(&sc->sc_watchdog); 549 mwl_dma_cleanup(sc); 550 MWL_RXFREE_DESTROY(sc); 551 mwl_tx_cleanup(sc); 552 mwl_hal_detach(sc->sc_mh); 553 mbufq_drain(&sc->sc_snd); 554 555 return 0; 556} 557 558/* 559 * MAC address handling for multiple BSS on the same radio. 560 * The first vap uses the MAC address from the EEPROM. For 561 * subsequent vap's we set the U/L bit (bit 1) in the MAC 562 * address and use the next six bits as an index. 563 */ 564static void 565assign_address(struct mwl_softc *sc, uint8_t mac[IEEE80211_ADDR_LEN], int clone) 566{ 567 int i; 568 569 if (clone && mwl_hal_ismbsscapable(sc->sc_mh)) { 570 /* NB: we only do this if h/w supports multiple bssid */ 571 for (i = 0; i < 32; i++) 572 if ((sc->sc_bssidmask & (1<<i)) == 0) 573 break; 574 if (i != 0) 575 mac[0] |= (i << 2)|0x2; 576 } else 577 i = 0; 578 sc->sc_bssidmask |= 1<<i; 579 if (i == 0) 580 sc->sc_nbssid0++; 581} 582 583static void 584reclaim_address(struct mwl_softc *sc, const uint8_t mac[IEEE80211_ADDR_LEN]) 585{ 586 int i = mac[0] >> 2; 587 if (i != 0 || --sc->sc_nbssid0 == 0) 588 sc->sc_bssidmask &= ~(1<<i); 589} 590 591static struct ieee80211vap * 592mwl_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 593 enum ieee80211_opmode opmode, int flags, 594 const uint8_t bssid[IEEE80211_ADDR_LEN], 595 const uint8_t mac0[IEEE80211_ADDR_LEN]) 596{ 597 struct mwl_softc *sc = ic->ic_softc; 598 struct mwl_hal *mh = sc->sc_mh; 599 struct ieee80211vap *vap, *apvap; 600 struct mwl_hal_vap *hvap; 601 struct mwl_vap *mvp; 602 uint8_t mac[IEEE80211_ADDR_LEN]; 603 604 IEEE80211_ADDR_COPY(mac, mac0); 605 switch (opmode) { 606 case IEEE80211_M_HOSTAP: 607 case IEEE80211_M_MBSS: 608 if ((flags & IEEE80211_CLONE_MACADDR) == 0) 609 assign_address(sc, mac, flags & IEEE80211_CLONE_BSSID); 610 hvap = mwl_hal_newvap(mh, MWL_HAL_AP, mac); 611 if (hvap == NULL) { 612 if ((flags & IEEE80211_CLONE_MACADDR) == 0) 613 reclaim_address(sc, mac); 614 return NULL; 615 } 616 break; 617 case IEEE80211_M_STA: 618 if ((flags & IEEE80211_CLONE_MACADDR) == 0) 619 assign_address(sc, mac, flags & IEEE80211_CLONE_BSSID); 620 hvap = mwl_hal_newvap(mh, MWL_HAL_STA, mac); 621 if (hvap == NULL) { 622 if ((flags & IEEE80211_CLONE_MACADDR) == 0) 623 reclaim_address(sc, mac); 624 return NULL; 625 } 626 /* no h/w beacon miss support; always use s/w */ 627 flags |= IEEE80211_CLONE_NOBEACONS; 628 break; 629 case IEEE80211_M_WDS: 630 hvap = NULL; /* NB: we use associated AP vap */ 631 if (sc->sc_napvaps == 0) 632 return NULL; /* no existing AP vap */ 633 break; 634 case IEEE80211_M_MONITOR: 635 hvap = NULL; 636 break; 637 case IEEE80211_M_IBSS: 638 case IEEE80211_M_AHDEMO: 639 default: 640 return NULL; 641 } 642 643 mvp = malloc(sizeof(struct mwl_vap), M_80211_VAP, M_WAITOK | M_ZERO); 644 mvp->mv_hvap = hvap; 645 if (opmode == IEEE80211_M_WDS) { 646 /* 647 * WDS vaps must have an associated AP vap; find one. 648 * XXX not right. 649 */ 650 TAILQ_FOREACH(apvap, &ic->ic_vaps, iv_next) 651 if (apvap->iv_opmode == IEEE80211_M_HOSTAP) { 652 mvp->mv_ap_hvap = MWL_VAP(apvap)->mv_hvap; 653 break; 654 } 655 KASSERT(mvp->mv_ap_hvap != NULL, ("no ap vap")); 656 } 657 vap = &mvp->mv_vap; 658 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 659 /* override with driver methods */ 660 mvp->mv_newstate = vap->iv_newstate; 661 vap->iv_newstate = mwl_newstate; 662 vap->iv_max_keyix = 0; /* XXX */ 663 vap->iv_key_alloc = mwl_key_alloc; 664 vap->iv_key_delete = mwl_key_delete; 665 vap->iv_key_set = mwl_key_set; 666#ifdef MWL_HOST_PS_SUPPORT 667 if (opmode == IEEE80211_M_HOSTAP || opmode == IEEE80211_M_MBSS) { 668 vap->iv_update_ps = mwl_update_ps; 669 mvp->mv_set_tim = vap->iv_set_tim; 670 vap->iv_set_tim = mwl_set_tim; 671 } 672#endif 673 vap->iv_reset = mwl_reset; 674 vap->iv_update_beacon = mwl_beacon_update; 675 676 /* override max aid so sta's cannot assoc when we're out of sta id's */ 677 vap->iv_max_aid = MWL_MAXSTAID; 678 /* override default A-MPDU rx parameters */ 679 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K; 680 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_4; 681 682 /* complete setup */ 683 ieee80211_vap_attach(vap, mwl_media_change, ieee80211_media_status, 684 mac); 685 686 switch (vap->iv_opmode) { 687 case IEEE80211_M_HOSTAP: 688 case IEEE80211_M_MBSS: 689 case IEEE80211_M_STA: 690 /* 691 * Setup sta db entry for local address. 692 */ 693 mwl_localstadb(vap); 694 if (vap->iv_opmode == IEEE80211_M_HOSTAP || 695 vap->iv_opmode == IEEE80211_M_MBSS) 696 sc->sc_napvaps++; 697 else 698 sc->sc_nstavaps++; 699 break; 700 case IEEE80211_M_WDS: 701 sc->sc_nwdsvaps++; 702 break; 703 default: 704 break; 705 } 706 /* 707 * Setup overall operating mode. 708 */ 709 if (sc->sc_napvaps) 710 ic->ic_opmode = IEEE80211_M_HOSTAP; 711 else if (sc->sc_nstavaps) 712 ic->ic_opmode = IEEE80211_M_STA; 713 else 714 ic->ic_opmode = opmode; 715 716 return vap; 717} 718 719static void 720mwl_vap_delete(struct ieee80211vap *vap) 721{ 722 struct mwl_vap *mvp = MWL_VAP(vap); 723 struct mwl_softc *sc = vap->iv_ic->ic_softc; 724 struct mwl_hal *mh = sc->sc_mh; 725 struct mwl_hal_vap *hvap = mvp->mv_hvap; 726 enum ieee80211_opmode opmode = vap->iv_opmode; 727 728 /* XXX disallow ap vap delete if WDS still present */ 729 if (sc->sc_running) { 730 /* quiesce h/w while we remove the vap */ 731 mwl_hal_intrset(mh, 0); /* disable interrupts */ 732 } 733 ieee80211_vap_detach(vap); 734 switch (opmode) { 735 case IEEE80211_M_HOSTAP: 736 case IEEE80211_M_MBSS: 737 case IEEE80211_M_STA: 738 KASSERT(hvap != NULL, ("no hal vap handle")); 739 (void) mwl_hal_delstation(hvap, vap->iv_myaddr); 740 mwl_hal_delvap(hvap); 741 if (opmode == IEEE80211_M_HOSTAP || opmode == IEEE80211_M_MBSS) 742 sc->sc_napvaps--; 743 else 744 sc->sc_nstavaps--; 745 /* XXX don't do it for IEEE80211_CLONE_MACADDR */ 746 reclaim_address(sc, vap->iv_myaddr); 747 break; 748 case IEEE80211_M_WDS: 749 sc->sc_nwdsvaps--; 750 break; 751 default: 752 break; 753 } 754 mwl_cleartxq(sc, vap); 755 free(mvp, M_80211_VAP); 756 if (sc->sc_running) 757 mwl_hal_intrset(mh, sc->sc_imask); 758} 759 760void 761mwl_suspend(struct mwl_softc *sc) 762{ 763 764 MWL_LOCK(sc); 765 mwl_stop(sc); 766 MWL_UNLOCK(sc); 767} 768 769void 770mwl_resume(struct mwl_softc *sc) 771{ 772 int error = EDOOFUS; 773 774 MWL_LOCK(sc); 775 if (sc->sc_ic.ic_nrunning > 0) 776 error = mwl_init(sc); 777 MWL_UNLOCK(sc); 778 779 if (error == 0) 780 ieee80211_start_all(&sc->sc_ic); /* start all vap's */ 781} 782 783void 784mwl_shutdown(void *arg) 785{ 786 struct mwl_softc *sc = arg; 787 788 MWL_LOCK(sc); 789 mwl_stop(sc); 790 MWL_UNLOCK(sc); 791} 792 793/* 794 * Interrupt handler. Most of the actual processing is deferred. 795 */ 796void 797mwl_intr(void *arg) 798{ 799 struct mwl_softc *sc = arg; 800 struct mwl_hal *mh = sc->sc_mh; 801 uint32_t status; 802 803 if (sc->sc_invalid) { 804 /* 805 * The hardware is not ready/present, don't touch anything. 806 * Note this can happen early on if the IRQ is shared. 807 */ 808 DPRINTF(sc, MWL_DEBUG_ANY, "%s: invalid; ignored\n", __func__); 809 return; 810 } 811 /* 812 * Figure out the reason(s) for the interrupt. 813 */ 814 mwl_hal_getisr(mh, &status); /* NB: clears ISR too */ 815 if (status == 0) /* must be a shared irq */ 816 return; 817 818 DPRINTF(sc, MWL_DEBUG_INTR, "%s: status 0x%x imask 0x%x\n", 819 __func__, status, sc->sc_imask); 820 if (status & MACREG_A2HRIC_BIT_RX_RDY) 821 taskqueue_enqueue(sc->sc_tq, &sc->sc_rxtask); 822 if (status & MACREG_A2HRIC_BIT_TX_DONE) 823 taskqueue_enqueue(sc->sc_tq, &sc->sc_txtask); 824 if (status & MACREG_A2HRIC_BIT_BA_WATCHDOG) 825 taskqueue_enqueue(sc->sc_tq, &sc->sc_bawatchdogtask); 826 if (status & MACREG_A2HRIC_BIT_OPC_DONE) 827 mwl_hal_cmddone(mh); 828 if (status & MACREG_A2HRIC_BIT_MAC_EVENT) { 829 ; 830 } 831 if (status & MACREG_A2HRIC_BIT_ICV_ERROR) { 832 /* TKIP ICV error */ 833 sc->sc_stats.mst_rx_badtkipicv++; 834 } 835 if (status & MACREG_A2HRIC_BIT_QUEUE_EMPTY) { 836 /* 11n aggregation queue is empty, re-fill */ 837 ; 838 } 839 if (status & MACREG_A2HRIC_BIT_QUEUE_FULL) { 840 ; 841 } 842 if (status & MACREG_A2HRIC_BIT_RADAR_DETECT) { 843 /* radar detected, process event */ 844 taskqueue_enqueue(sc->sc_tq, &sc->sc_radartask); 845 } 846 if (status & MACREG_A2HRIC_BIT_CHAN_SWITCH) { 847 /* DFS channel switch */ 848 taskqueue_enqueue(sc->sc_tq, &sc->sc_chanswitchtask); 849 } 850} 851 852static void 853mwl_radar_proc(void *arg, int pending) 854{ 855 struct mwl_softc *sc = arg; 856 struct ieee80211com *ic = &sc->sc_ic; 857 858 DPRINTF(sc, MWL_DEBUG_ANY, "%s: radar detected, pending %u\n", 859 __func__, pending); 860 861 sc->sc_stats.mst_radardetect++; 862 /* XXX stop h/w BA streams? */ 863 864 IEEE80211_LOCK(ic); 865 ieee80211_dfs_notify_radar(ic, ic->ic_curchan); 866 IEEE80211_UNLOCK(ic); 867} 868 869static void 870mwl_chanswitch_proc(void *arg, int pending) 871{ 872 struct mwl_softc *sc = arg; 873 struct ieee80211com *ic = &sc->sc_ic; 874 875 DPRINTF(sc, MWL_DEBUG_ANY, "%s: channel switch notice, pending %u\n", 876 __func__, pending); 877 878 IEEE80211_LOCK(ic); 879 sc->sc_csapending = 0; 880 ieee80211_csa_completeswitch(ic); 881 IEEE80211_UNLOCK(ic); 882} 883 884static void 885mwl_bawatchdog(const MWL_HAL_BASTREAM *sp) 886{ 887 struct ieee80211_node *ni = sp->data[0]; 888 889 /* send DELBA and drop the stream */ 890 ieee80211_ampdu_stop(ni, sp->data[1], IEEE80211_REASON_UNSPECIFIED); 891} 892 893static void 894mwl_bawatchdog_proc(void *arg, int pending) 895{ 896 struct mwl_softc *sc = arg; 897 struct mwl_hal *mh = sc->sc_mh; 898 const MWL_HAL_BASTREAM *sp; 899 uint8_t bitmap, n; 900 901 sc->sc_stats.mst_bawatchdog++; 902 903 if (mwl_hal_getwatchdogbitmap(mh, &bitmap) != 0) { 904 DPRINTF(sc, MWL_DEBUG_AMPDU, 905 "%s: could not get bitmap\n", __func__); 906 sc->sc_stats.mst_bawatchdog_failed++; 907 return; 908 } 909 DPRINTF(sc, MWL_DEBUG_AMPDU, "%s: bitmap 0x%x\n", __func__, bitmap); 910 if (bitmap == 0xff) { 911 n = 0; 912 /* disable all ba streams */ 913 for (bitmap = 0; bitmap < 8; bitmap++) { 914 sp = mwl_hal_bastream_lookup(mh, bitmap); 915 if (sp != NULL) { 916 mwl_bawatchdog(sp); 917 n++; 918 } 919 } 920 if (n == 0) { 921 DPRINTF(sc, MWL_DEBUG_AMPDU, 922 "%s: no BA streams found\n", __func__); 923 sc->sc_stats.mst_bawatchdog_empty++; 924 } 925 } else if (bitmap != 0xaa) { 926 /* disable a single ba stream */ 927 sp = mwl_hal_bastream_lookup(mh, bitmap); 928 if (sp != NULL) { 929 mwl_bawatchdog(sp); 930 } else { 931 DPRINTF(sc, MWL_DEBUG_AMPDU, 932 "%s: no BA stream %d\n", __func__, bitmap); 933 sc->sc_stats.mst_bawatchdog_notfound++; 934 } 935 } 936} 937 938/* 939 * Convert net80211 channel to a HAL channel. 940 */ 941static void 942mwl_mapchan(MWL_HAL_CHANNEL *hc, const struct ieee80211_channel *chan) 943{ 944 hc->channel = chan->ic_ieee; 945 946 *(uint32_t *)&hc->channelFlags = 0; 947 if (IEEE80211_IS_CHAN_2GHZ(chan)) 948 hc->channelFlags.FreqBand = MWL_FREQ_BAND_2DOT4GHZ; 949 else if (IEEE80211_IS_CHAN_5GHZ(chan)) 950 hc->channelFlags.FreqBand = MWL_FREQ_BAND_5GHZ; 951 if (IEEE80211_IS_CHAN_HT40(chan)) { 952 hc->channelFlags.ChnlWidth = MWL_CH_40_MHz_WIDTH; 953 if (IEEE80211_IS_CHAN_HT40U(chan)) 954 hc->channelFlags.ExtChnlOffset = MWL_EXT_CH_ABOVE_CTRL_CH; 955 else 956 hc->channelFlags.ExtChnlOffset = MWL_EXT_CH_BELOW_CTRL_CH; 957 } else 958 hc->channelFlags.ChnlWidth = MWL_CH_20_MHz_WIDTH; 959 /* XXX 10MHz channels */ 960} 961 962/* 963 * Inform firmware of our tx/rx dma setup. The BAR 0 964 * writes below are for compatibility with older firmware. 965 * For current firmware we send this information with a 966 * cmd block via mwl_hal_sethwdma. 967 */ 968static int 969mwl_setupdma(struct mwl_softc *sc) 970{ 971 int error, i; 972 973 sc->sc_hwdma.rxDescRead = sc->sc_rxdma.dd_desc_paddr; 974 WR4(sc, sc->sc_hwspecs.rxDescRead, sc->sc_hwdma.rxDescRead); 975 WR4(sc, sc->sc_hwspecs.rxDescWrite, sc->sc_hwdma.rxDescRead); 976 977 for (i = 0; i < MWL_NUM_TX_QUEUES-MWL_NUM_ACK_QUEUES; i++) { 978 struct mwl_txq *txq = &sc->sc_txq[i]; 979 sc->sc_hwdma.wcbBase[i] = txq->dma.dd_desc_paddr; 980 WR4(sc, sc->sc_hwspecs.wcbBase[i], sc->sc_hwdma.wcbBase[i]); 981 } 982 sc->sc_hwdma.maxNumTxWcb = mwl_txbuf; 983 sc->sc_hwdma.maxNumWCB = MWL_NUM_TX_QUEUES-MWL_NUM_ACK_QUEUES; 984 985 error = mwl_hal_sethwdma(sc->sc_mh, &sc->sc_hwdma); 986 if (error != 0) { 987 device_printf(sc->sc_dev, 988 "unable to setup tx/rx dma; hal status %u\n", error); 989 /* XXX */ 990 } 991 return error; 992} 993 994/* 995 * Inform firmware of tx rate parameters. 996 * Called after a channel change. 997 */ 998static int 999mwl_setcurchanrates(struct mwl_softc *sc) 1000{ 1001 struct ieee80211com *ic = &sc->sc_ic; 1002 const struct ieee80211_rateset *rs; 1003 MWL_HAL_TXRATE rates; 1004 1005 memset(&rates, 0, sizeof(rates)); 1006 rs = ieee80211_get_suprates(ic, ic->ic_curchan); 1007 /* rate used to send management frames */ 1008 rates.MgtRate = rs->rs_rates[0] & IEEE80211_RATE_VAL; 1009 /* rate used to send multicast frames */ 1010 rates.McastRate = rates.MgtRate; 1011 1012 return mwl_hal_settxrate_auto(sc->sc_mh, &rates); 1013} 1014 1015/* 1016 * Inform firmware of tx rate parameters. Called whenever 1017 * user-settable params change and after a channel change. 1018 */ 1019static int 1020mwl_setrates(struct ieee80211vap *vap) 1021{ 1022 struct mwl_vap *mvp = MWL_VAP(vap); 1023 struct ieee80211_node *ni = vap->iv_bss; 1024 const struct ieee80211_txparam *tp = ni->ni_txparms; 1025 MWL_HAL_TXRATE rates; 1026 1027 KASSERT(vap->iv_state == IEEE80211_S_RUN, ("state %d", vap->iv_state)); 1028 1029 /* 1030 * Update the h/w rate map. 1031 * NB: 0x80 for MCS is passed through unchanged 1032 */ 1033 memset(&rates, 0, sizeof(rates)); 1034 /* rate used to send management frames */ 1035 rates.MgtRate = tp->mgmtrate; 1036 /* rate used to send multicast frames */ 1037 rates.McastRate = tp->mcastrate; 1038 1039 /* while here calculate EAPOL fixed rate cookie */ 1040 mvp->mv_eapolformat = htole16(mwl_calcformat(rates.MgtRate, ni)); 1041 1042 return mwl_hal_settxrate(mvp->mv_hvap, 1043 tp->ucastrate != IEEE80211_FIXED_RATE_NONE ? 1044 RATE_FIXED : RATE_AUTO, &rates); 1045} 1046 1047/* 1048 * Setup a fixed xmit rate cookie for EAPOL frames. 1049 */ 1050static void 1051mwl_seteapolformat(struct ieee80211vap *vap) 1052{ 1053 struct mwl_vap *mvp = MWL_VAP(vap); 1054 struct ieee80211_node *ni = vap->iv_bss; 1055 enum ieee80211_phymode mode; 1056 uint8_t rate; 1057 1058 KASSERT(vap->iv_state == IEEE80211_S_RUN, ("state %d", vap->iv_state)); 1059 1060 mode = ieee80211_chan2mode(ni->ni_chan); 1061 /* 1062 * Use legacy rates when operating a mixed HT+non-HT bss. 1063 * NB: this may violate POLA for sta and wds vap's. 1064 */ 1065 if (mode == IEEE80211_MODE_11NA && 1066 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 1067 rate = vap->iv_txparms[IEEE80211_MODE_11A].mgmtrate; 1068 else if (mode == IEEE80211_MODE_11NG && 1069 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 1070 rate = vap->iv_txparms[IEEE80211_MODE_11G].mgmtrate; 1071 else 1072 rate = vap->iv_txparms[mode].mgmtrate; 1073 1074 mvp->mv_eapolformat = htole16(mwl_calcformat(rate, ni)); 1075} 1076 1077/* 1078 * Map SKU+country code to region code for radar bin'ing. 1079 */ 1080static int 1081mwl_map2regioncode(const struct ieee80211_regdomain *rd) 1082{ 1083 switch (rd->regdomain) { 1084 case SKU_FCC: 1085 case SKU_FCC3: 1086 return DOMAIN_CODE_FCC; 1087 case SKU_CA: 1088 return DOMAIN_CODE_IC; 1089 case SKU_ETSI: 1090 case SKU_ETSI2: 1091 case SKU_ETSI3: 1092 if (rd->country == CTRY_SPAIN) 1093 return DOMAIN_CODE_SPAIN; 1094 if (rd->country == CTRY_FRANCE || rd->country == CTRY_FRANCE2) 1095 return DOMAIN_CODE_FRANCE; 1096 /* XXX force 1.3.1 radar type */ 1097 return DOMAIN_CODE_ETSI_131; 1098 case SKU_JAPAN: 1099 return DOMAIN_CODE_MKK; 1100 case SKU_ROW: 1101 return DOMAIN_CODE_DGT; /* Taiwan */ 1102 case SKU_APAC: 1103 case SKU_APAC2: 1104 case SKU_APAC3: 1105 return DOMAIN_CODE_AUS; /* Australia */ 1106 } 1107 /* XXX KOREA? */ 1108 return DOMAIN_CODE_FCC; /* XXX? */ 1109} 1110 1111static int 1112mwl_hal_reset(struct mwl_softc *sc) 1113{ 1114 struct ieee80211com *ic = &sc->sc_ic; 1115 struct mwl_hal *mh = sc->sc_mh; 1116 1117 mwl_hal_setantenna(mh, WL_ANTENNATYPE_RX, sc->sc_rxantenna); 1118 mwl_hal_setantenna(mh, WL_ANTENNATYPE_TX, sc->sc_txantenna); 1119 mwl_hal_setradio(mh, 1, WL_AUTO_PREAMBLE); 1120 mwl_hal_setwmm(sc->sc_mh, (ic->ic_flags & IEEE80211_F_WME) != 0); 1121 mwl_chan_set(sc, ic->ic_curchan); 1122 /* NB: RF/RA performance tuned for indoor mode */ 1123 mwl_hal_setrateadaptmode(mh, 0); 1124 mwl_hal_setoptimizationlevel(mh, 1125 (ic->ic_flags & IEEE80211_F_BURST) != 0); 1126 1127 mwl_hal_setregioncode(mh, mwl_map2regioncode(&ic->ic_regdomain)); 1128 1129 mwl_hal_setaggampduratemode(mh, 1, 80); /* XXX */ 1130 mwl_hal_setcfend(mh, 0); /* XXX */ 1131 1132 return 1; 1133} 1134 1135static int 1136mwl_init(struct mwl_softc *sc) 1137{ 1138 struct mwl_hal *mh = sc->sc_mh; 1139 int error = 0; 1140 1141 MWL_LOCK_ASSERT(sc); 1142 1143 /* 1144 * Stop anything previously setup. This is safe 1145 * whether this is the first time through or not. 1146 */ 1147 mwl_stop(sc); 1148 1149 /* 1150 * Push vap-independent state to the firmware. 1151 */ 1152 if (!mwl_hal_reset(sc)) { 1153 device_printf(sc->sc_dev, "unable to reset hardware\n"); 1154 return EIO; 1155 } 1156 1157 /* 1158 * Setup recv (once); transmit is already good to go. 1159 */ 1160 error = mwl_startrecv(sc); 1161 if (error != 0) { 1162 device_printf(sc->sc_dev, "unable to start recv logic\n"); 1163 return error; 1164 } 1165 1166 /* 1167 * Enable interrupts. 1168 */ 1169 sc->sc_imask = MACREG_A2HRIC_BIT_RX_RDY 1170 | MACREG_A2HRIC_BIT_TX_DONE 1171 | MACREG_A2HRIC_BIT_OPC_DONE 1172#if 0 1173 | MACREG_A2HRIC_BIT_MAC_EVENT 1174#endif 1175 | MACREG_A2HRIC_BIT_ICV_ERROR 1176 | MACREG_A2HRIC_BIT_RADAR_DETECT 1177 | MACREG_A2HRIC_BIT_CHAN_SWITCH 1178#if 0 1179 | MACREG_A2HRIC_BIT_QUEUE_EMPTY 1180#endif 1181 | MACREG_A2HRIC_BIT_BA_WATCHDOG 1182 | MACREQ_A2HRIC_BIT_TX_ACK 1183 ; 1184 1185 sc->sc_running = 1; 1186 mwl_hal_intrset(mh, sc->sc_imask); 1187 callout_reset(&sc->sc_watchdog, hz, mwl_watchdog, sc); 1188 1189 return 0; 1190} 1191 1192static void 1193mwl_stop(struct mwl_softc *sc) 1194{ 1195 1196 MWL_LOCK_ASSERT(sc); 1197 if (sc->sc_running) { 1198 /* 1199 * Shutdown the hardware and driver. 1200 */ 1201 sc->sc_running = 0; 1202 callout_stop(&sc->sc_watchdog); 1203 sc->sc_tx_timer = 0; 1204 mwl_draintxq(sc); 1205 } 1206} 1207 1208static int 1209mwl_reset_vap(struct ieee80211vap *vap, int state) 1210{ 1211 struct mwl_hal_vap *hvap = MWL_VAP(vap)->mv_hvap; 1212 struct ieee80211com *ic = vap->iv_ic; 1213 1214 if (state == IEEE80211_S_RUN) 1215 mwl_setrates(vap); 1216 /* XXX off by 1? */ 1217 mwl_hal_setrtsthreshold(hvap, vap->iv_rtsthreshold); 1218 /* XXX auto? 20/40 split? */ 1219 mwl_hal_sethtgi(hvap, (vap->iv_flags_ht & 1220 (IEEE80211_FHT_SHORTGI20|IEEE80211_FHT_SHORTGI40)) ? 1 : 0); 1221 mwl_hal_setnprot(hvap, ic->ic_htprotmode == IEEE80211_PROT_NONE ? 1222 HTPROTECT_NONE : HTPROTECT_AUTO); 1223 /* XXX txpower cap */ 1224 1225 /* re-setup beacons */ 1226 if (state == IEEE80211_S_RUN && 1227 (vap->iv_opmode == IEEE80211_M_HOSTAP || 1228 vap->iv_opmode == IEEE80211_M_MBSS || 1229 vap->iv_opmode == IEEE80211_M_IBSS)) { 1230 mwl_setapmode(vap, vap->iv_bss->ni_chan); 1231 mwl_hal_setnprotmode(hvap, 1232 MS(ic->ic_curhtprotmode, IEEE80211_HTINFO_OPMODE)); 1233 return mwl_beacon_setup(vap); 1234 } 1235 return 0; 1236} 1237 1238/* 1239 * Reset the hardware w/o losing operational state. 1240 * Used to reset or reload hardware state for a vap. 1241 */ 1242static int 1243mwl_reset(struct ieee80211vap *vap, u_long cmd) 1244{ 1245 struct mwl_hal_vap *hvap = MWL_VAP(vap)->mv_hvap; 1246 int error = 0; 1247 1248 if (hvap != NULL) { /* WDS, MONITOR, etc. */ 1249 struct ieee80211com *ic = vap->iv_ic; 1250 struct mwl_softc *sc = ic->ic_softc; 1251 struct mwl_hal *mh = sc->sc_mh; 1252 1253 /* XXX handle DWDS sta vap change */ 1254 /* XXX do we need to disable interrupts? */ 1255 mwl_hal_intrset(mh, 0); /* disable interrupts */ 1256 error = mwl_reset_vap(vap, vap->iv_state); 1257 mwl_hal_intrset(mh, sc->sc_imask); 1258 } 1259 return error; 1260} 1261 1262/* 1263 * Allocate a tx buffer for sending a frame. The 1264 * packet is assumed to have the WME AC stored so 1265 * we can use it to select the appropriate h/w queue. 1266 */ 1267static struct mwl_txbuf * 1268mwl_gettxbuf(struct mwl_softc *sc, struct mwl_txq *txq) 1269{ 1270 struct mwl_txbuf *bf; 1271 1272 /* 1273 * Grab a TX buffer and associated resources. 1274 */ 1275 MWL_TXQ_LOCK(txq); 1276 bf = STAILQ_FIRST(&txq->free); 1277 if (bf != NULL) { 1278 STAILQ_REMOVE_HEAD(&txq->free, bf_list); 1279 txq->nfree--; 1280 } 1281 MWL_TXQ_UNLOCK(txq); 1282 if (bf == NULL) 1283 DPRINTF(sc, MWL_DEBUG_XMIT, 1284 "%s: out of xmit buffers on q %d\n", __func__, txq->qnum); 1285 return bf; 1286} 1287 1288/* 1289 * Return a tx buffer to the queue it came from. Note there 1290 * are two cases because we must preserve the order of buffers 1291 * as it reflects the fixed order of descriptors in memory 1292 * (the firmware pre-fetches descriptors so we cannot reorder). 1293 */ 1294static void 1295mwl_puttxbuf_head(struct mwl_txq *txq, struct mwl_txbuf *bf) 1296{ 1297 bf->bf_m = NULL; 1298 bf->bf_node = NULL; 1299 MWL_TXQ_LOCK(txq); 1300 STAILQ_INSERT_HEAD(&txq->free, bf, bf_list); 1301 txq->nfree++; 1302 MWL_TXQ_UNLOCK(txq); 1303} 1304 1305static void 1306mwl_puttxbuf_tail(struct mwl_txq *txq, struct mwl_txbuf *bf) 1307{ 1308 bf->bf_m = NULL; 1309 bf->bf_node = NULL; 1310 MWL_TXQ_LOCK(txq); 1311 STAILQ_INSERT_TAIL(&txq->free, bf, bf_list); 1312 txq->nfree++; 1313 MWL_TXQ_UNLOCK(txq); 1314} 1315 1316static int 1317mwl_transmit(struct ieee80211com *ic, struct mbuf *m) 1318{ 1319 struct mwl_softc *sc = ic->ic_softc; 1320 int error; 1321 1322 MWL_LOCK(sc); 1323 if (!sc->sc_running) { 1324 MWL_UNLOCK(sc); 1325 return (ENXIO); 1326 } 1327 error = mbufq_enqueue(&sc->sc_snd, m); 1328 if (error) { 1329 MWL_UNLOCK(sc); 1330 return (error); 1331 } 1332 mwl_start(sc); 1333 MWL_UNLOCK(sc); 1334 return (0); 1335} 1336 1337static void 1338mwl_start(struct mwl_softc *sc) 1339{ 1340 struct ieee80211_node *ni; 1341 struct mwl_txbuf *bf; 1342 struct mbuf *m; 1343 struct mwl_txq *txq = NULL; /* XXX silence gcc */ 1344 int nqueued; 1345 1346 MWL_LOCK_ASSERT(sc); 1347 if (!sc->sc_running || sc->sc_invalid) 1348 return; 1349 nqueued = 0; 1350 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 1351 /* 1352 * Grab the node for the destination. 1353 */ 1354 ni = (struct ieee80211_node *) m->m_pkthdr.rcvif; 1355 KASSERT(ni != NULL, ("no node")); 1356 m->m_pkthdr.rcvif = NULL; /* committed, clear ref */ 1357 /* 1358 * Grab a TX buffer and associated resources. 1359 * We honor the classification by the 802.11 layer. 1360 */ 1361 txq = sc->sc_ac2q[M_WME_GETAC(m)]; 1362 bf = mwl_gettxbuf(sc, txq); 1363 if (bf == NULL) { 1364 m_freem(m); 1365 ieee80211_free_node(ni); 1366#ifdef MWL_TX_NODROP 1367 sc->sc_stats.mst_tx_qstop++; 1368 break; 1369#else 1370 DPRINTF(sc, MWL_DEBUG_XMIT, 1371 "%s: tail drop on q %d\n", __func__, txq->qnum); 1372 sc->sc_stats.mst_tx_qdrop++; 1373 continue; 1374#endif /* MWL_TX_NODROP */ 1375 } 1376 1377 /* 1378 * Pass the frame to the h/w for transmission. 1379 */ 1380 if (mwl_tx_start(sc, ni, bf, m)) { 1381 if_inc_counter(ni->ni_vap->iv_ifp, 1382 IFCOUNTER_OERRORS, 1); 1383 mwl_puttxbuf_head(txq, bf); 1384 ieee80211_free_node(ni); 1385 continue; 1386 } 1387 nqueued++; 1388 if (nqueued >= mwl_txcoalesce) { 1389 /* 1390 * Poke the firmware to process queued frames; 1391 * see below about (lack of) locking. 1392 */ 1393 nqueued = 0; 1394 mwl_hal_txstart(sc->sc_mh, 0/*XXX*/); 1395 } 1396 } 1397 if (nqueued) { 1398 /* 1399 * NB: We don't need to lock against tx done because 1400 * this just prods the firmware to check the transmit 1401 * descriptors. The firmware will also start fetching 1402 * descriptors by itself if it notices new ones are 1403 * present when it goes to deliver a tx done interrupt 1404 * to the host. So if we race with tx done processing 1405 * it's ok. Delivering the kick here rather than in 1406 * mwl_tx_start is an optimization to avoid poking the 1407 * firmware for each packet. 1408 * 1409 * NB: the queue id isn't used so 0 is ok. 1410 */ 1411 mwl_hal_txstart(sc->sc_mh, 0/*XXX*/); 1412 } 1413} 1414 1415static int 1416mwl_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 1417 const struct ieee80211_bpf_params *params) 1418{ 1419 struct ieee80211com *ic = ni->ni_ic; 1420 struct mwl_softc *sc = ic->ic_softc; 1421 struct mwl_txbuf *bf; 1422 struct mwl_txq *txq; 1423 1424 if (!sc->sc_running || sc->sc_invalid) { 1425 m_freem(m); 1426 return ENETDOWN; 1427 } 1428 /* 1429 * Grab a TX buffer and associated resources. 1430 * Note that we depend on the classification 1431 * by the 802.11 layer to get to the right h/w 1432 * queue. Management frames must ALWAYS go on 1433 * queue 1 but we cannot just force that here 1434 * because we may receive non-mgt frames. 1435 */ 1436 txq = sc->sc_ac2q[M_WME_GETAC(m)]; 1437 bf = mwl_gettxbuf(sc, txq); 1438 if (bf == NULL) { 1439 sc->sc_stats.mst_tx_qstop++; 1440 m_freem(m); 1441 return ENOBUFS; 1442 } 1443 /* 1444 * Pass the frame to the h/w for transmission. 1445 */ 1446 if (mwl_tx_start(sc, ni, bf, m)) { 1447 mwl_puttxbuf_head(txq, bf); 1448 1449 return EIO; /* XXX */ 1450 } 1451 /* 1452 * NB: We don't need to lock against tx done because 1453 * this just prods the firmware to check the transmit 1454 * descriptors. The firmware will also start fetching 1455 * descriptors by itself if it notices new ones are 1456 * present when it goes to deliver a tx done interrupt 1457 * to the host. So if we race with tx done processing 1458 * it's ok. Delivering the kick here rather than in 1459 * mwl_tx_start is an optimization to avoid poking the 1460 * firmware for each packet. 1461 * 1462 * NB: the queue id isn't used so 0 is ok. 1463 */ 1464 mwl_hal_txstart(sc->sc_mh, 0/*XXX*/); 1465 return 0; 1466} 1467 1468static int 1469mwl_media_change(struct ifnet *ifp) 1470{ 1471 struct ieee80211vap *vap = ifp->if_softc; 1472 int error; 1473 1474 error = ieee80211_media_change(ifp); 1475 /* NB: only the fixed rate can change and that doesn't need a reset */ 1476 if (error == ENETRESET) { 1477 mwl_setrates(vap); 1478 error = 0; 1479 } 1480 return error; 1481} 1482 1483#ifdef MWL_DEBUG 1484static void 1485mwl_keyprint(struct mwl_softc *sc, const char *tag, 1486 const MWL_HAL_KEYVAL *hk, const uint8_t mac[IEEE80211_ADDR_LEN]) 1487{ 1488 static const char *ciphers[] = { 1489 "WEP", 1490 "TKIP", 1491 "AES-CCM", 1492 }; 1493 int i, n; 1494 1495 printf("%s: [%u] %-7s", tag, hk->keyIndex, ciphers[hk->keyTypeId]); 1496 for (i = 0, n = hk->keyLen; i < n; i++) 1497 printf(" %02x", hk->key.aes[i]); 1498 printf(" mac %s", ether_sprintf(mac)); 1499 if (hk->keyTypeId == KEY_TYPE_ID_TKIP) { 1500 printf(" %s", "rxmic"); 1501 for (i = 0; i < sizeof(hk->key.tkip.rxMic); i++) 1502 printf(" %02x", hk->key.tkip.rxMic[i]); 1503 printf(" txmic"); 1504 for (i = 0; i < sizeof(hk->key.tkip.txMic); i++) 1505 printf(" %02x", hk->key.tkip.txMic[i]); 1506 } 1507 printf(" flags 0x%x\n", hk->keyFlags); 1508} 1509#endif 1510 1511/* 1512 * Allocate a key cache slot for a unicast key. The 1513 * firmware handles key allocation and every station is 1514 * guaranteed key space so we are always successful. 1515 */ 1516static int 1517mwl_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, 1518 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) 1519{ 1520 struct mwl_softc *sc = vap->iv_ic->ic_softc; 1521 1522 if (k->wk_keyix != IEEE80211_KEYIX_NONE || 1523 (k->wk_flags & IEEE80211_KEY_GROUP)) { 1524 if (!(&vap->iv_nw_keys[0] <= k && 1525 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { 1526 /* should not happen */ 1527 DPRINTF(sc, MWL_DEBUG_KEYCACHE, 1528 "%s: bogus group key\n", __func__); 1529 return 0; 1530 } 1531 /* give the caller what they requested */ 1532 *keyix = *rxkeyix = k - vap->iv_nw_keys; 1533 } else { 1534 /* 1535 * Firmware handles key allocation. 1536 */ 1537 *keyix = *rxkeyix = 0; 1538 } 1539 return 1; 1540} 1541 1542/* 1543 * Delete a key entry allocated by mwl_key_alloc. 1544 */ 1545static int 1546mwl_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 1547{ 1548 struct mwl_softc *sc = vap->iv_ic->ic_softc; 1549 struct mwl_hal_vap *hvap = MWL_VAP(vap)->mv_hvap; 1550 MWL_HAL_KEYVAL hk; 1551 const uint8_t bcastaddr[IEEE80211_ADDR_LEN] = 1552 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1553 1554 if (hvap == NULL) { 1555 if (vap->iv_opmode != IEEE80211_M_WDS) { 1556 /* XXX monitor mode? */ 1557 DPRINTF(sc, MWL_DEBUG_KEYCACHE, 1558 "%s: no hvap for opmode %d\n", __func__, 1559 vap->iv_opmode); 1560 return 0; 1561 } 1562 hvap = MWL_VAP(vap)->mv_ap_hvap; 1563 } 1564 1565 DPRINTF(sc, MWL_DEBUG_KEYCACHE, "%s: delete key %u\n", 1566 __func__, k->wk_keyix); 1567 1568 memset(&hk, 0, sizeof(hk)); 1569 hk.keyIndex = k->wk_keyix; 1570 switch (k->wk_cipher->ic_cipher) { 1571 case IEEE80211_CIPHER_WEP: 1572 hk.keyTypeId = KEY_TYPE_ID_WEP; 1573 break; 1574 case IEEE80211_CIPHER_TKIP: 1575 hk.keyTypeId = KEY_TYPE_ID_TKIP; 1576 break; 1577 case IEEE80211_CIPHER_AES_CCM: 1578 hk.keyTypeId = KEY_TYPE_ID_AES; 1579 break; 1580 default: 1581 /* XXX should not happen */ 1582 DPRINTF(sc, MWL_DEBUG_KEYCACHE, "%s: unknown cipher %d\n", 1583 __func__, k->wk_cipher->ic_cipher); 1584 return 0; 1585 } 1586 return (mwl_hal_keyreset(hvap, &hk, bcastaddr) == 0); /*XXX*/ 1587} 1588 1589static __inline int 1590addgroupflags(MWL_HAL_KEYVAL *hk, const struct ieee80211_key *k) 1591{ 1592 if (k->wk_flags & IEEE80211_KEY_GROUP) { 1593 if (k->wk_flags & IEEE80211_KEY_XMIT) 1594 hk->keyFlags |= KEY_FLAG_TXGROUPKEY; 1595 if (k->wk_flags & IEEE80211_KEY_RECV) 1596 hk->keyFlags |= KEY_FLAG_RXGROUPKEY; 1597 return 1; 1598 } else 1599 return 0; 1600} 1601 1602/* 1603 * Set the key cache contents for the specified key. Key cache 1604 * slot(s) must already have been allocated by mwl_key_alloc. 1605 */ 1606static int 1607mwl_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k) 1608{ 1609 return (_mwl_key_set(vap, k, k->wk_macaddr)); 1610} 1611 1612static int 1613_mwl_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k, 1614 const uint8_t mac[IEEE80211_ADDR_LEN]) 1615{ 1616#define GRPXMIT (IEEE80211_KEY_XMIT | IEEE80211_KEY_GROUP) 1617/* NB: static wep keys are marked GROUP+tx/rx; GTK will be tx or rx */ 1618#define IEEE80211_IS_STATICKEY(k) \ 1619 (((k)->wk_flags & (GRPXMIT|IEEE80211_KEY_RECV)) == \ 1620 (GRPXMIT|IEEE80211_KEY_RECV)) 1621 struct mwl_softc *sc = vap->iv_ic->ic_softc; 1622 struct mwl_hal_vap *hvap = MWL_VAP(vap)->mv_hvap; 1623 const struct ieee80211_cipher *cip = k->wk_cipher; 1624 const uint8_t *macaddr; 1625 MWL_HAL_KEYVAL hk; 1626 1627 KASSERT((k->wk_flags & IEEE80211_KEY_SWCRYPT) == 0, 1628 ("s/w crypto set?")); 1629 1630 if (hvap == NULL) { 1631 if (vap->iv_opmode != IEEE80211_M_WDS) { 1632 /* XXX monitor mode? */ 1633 DPRINTF(sc, MWL_DEBUG_KEYCACHE, 1634 "%s: no hvap for opmode %d\n", __func__, 1635 vap->iv_opmode); 1636 return 0; 1637 } 1638 hvap = MWL_VAP(vap)->mv_ap_hvap; 1639 } 1640 memset(&hk, 0, sizeof(hk)); 1641 hk.keyIndex = k->wk_keyix; 1642 switch (cip->ic_cipher) { 1643 case IEEE80211_CIPHER_WEP: 1644 hk.keyTypeId = KEY_TYPE_ID_WEP; 1645 hk.keyLen = k->wk_keylen; 1646 if (k->wk_keyix == vap->iv_def_txkey) 1647 hk.keyFlags = KEY_FLAG_WEP_TXKEY; 1648 if (!IEEE80211_IS_STATICKEY(k)) { 1649 /* NB: WEP is never used for the PTK */ 1650 (void) addgroupflags(&hk, k); 1651 } 1652 break; 1653 case IEEE80211_CIPHER_TKIP: 1654 hk.keyTypeId = KEY_TYPE_ID_TKIP; 1655 hk.key.tkip.tsc.high = (uint32_t)(k->wk_keytsc >> 16); 1656 hk.key.tkip.tsc.low = (uint16_t)k->wk_keytsc; 1657 hk.keyFlags = KEY_FLAG_TSC_VALID | KEY_FLAG_MICKEY_VALID; 1658 hk.keyLen = k->wk_keylen + IEEE80211_MICBUF_SIZE; 1659 if (!addgroupflags(&hk, k)) 1660 hk.keyFlags |= KEY_FLAG_PAIRWISE; 1661 break; 1662 case IEEE80211_CIPHER_AES_CCM: 1663 hk.keyTypeId = KEY_TYPE_ID_AES; 1664 hk.keyLen = k->wk_keylen; 1665 if (!addgroupflags(&hk, k)) 1666 hk.keyFlags |= KEY_FLAG_PAIRWISE; 1667 break; 1668 default: 1669 /* XXX should not happen */ 1670 DPRINTF(sc, MWL_DEBUG_KEYCACHE, "%s: unknown cipher %d\n", 1671 __func__, k->wk_cipher->ic_cipher); 1672 return 0; 1673 } 1674 /* 1675 * NB: tkip mic keys get copied here too; the layout 1676 * just happens to match that in ieee80211_key. 1677 */ 1678 memcpy(hk.key.aes, k->wk_key, hk.keyLen); 1679 1680 /* 1681 * Locate address of sta db entry for writing key; 1682 * the convention unfortunately is somewhat different 1683 * than how net80211, hostapd, and wpa_supplicant think. 1684 */ 1685 if (vap->iv_opmode == IEEE80211_M_STA) { 1686 /* 1687 * NB: keys plumbed before the sta reaches AUTH state 1688 * will be discarded or written to the wrong sta db 1689 * entry because iv_bss is meaningless. This is ok 1690 * (right now) because we handle deferred plumbing of 1691 * WEP keys when the sta reaches AUTH state. 1692 */ 1693 macaddr = vap->iv_bss->ni_bssid; 1694 if ((k->wk_flags & IEEE80211_KEY_GROUP) == 0) { 1695 /* XXX plumb to local sta db too for static key wep */ 1696 mwl_hal_keyset(hvap, &hk, vap->iv_myaddr); 1697 } 1698 } else if (vap->iv_opmode == IEEE80211_M_WDS && 1699 vap->iv_state != IEEE80211_S_RUN) { 1700 /* 1701 * Prior to RUN state a WDS vap will not it's BSS node 1702 * setup so we will plumb the key to the wrong mac 1703 * address (it'll be our local address). Workaround 1704 * this for the moment by grabbing the correct address. 1705 */ 1706 macaddr = vap->iv_des_bssid; 1707 } else if ((k->wk_flags & GRPXMIT) == GRPXMIT) 1708 macaddr = vap->iv_myaddr; 1709 else 1710 macaddr = mac; 1711 KEYPRINTF(sc, &hk, macaddr); 1712 return (mwl_hal_keyset(hvap, &hk, macaddr) == 0); 1713#undef IEEE80211_IS_STATICKEY 1714#undef GRPXMIT 1715} 1716 1717/* 1718 * Set the multicast filter contents into the hardware. 1719 * XXX f/w has no support; just defer to the os. 1720 */ 1721static void 1722mwl_setmcastfilter(struct mwl_softc *sc) 1723{ 1724#if 0 1725 struct ether_multi *enm; 1726 struct ether_multistep estep; 1727 uint8_t macs[IEEE80211_ADDR_LEN*MWL_HAL_MCAST_MAX];/* XXX stack use */ 1728 uint8_t *mp; 1729 int nmc; 1730 1731 mp = macs; 1732 nmc = 0; 1733 ETHER_FIRST_MULTI(estep, &sc->sc_ec, enm); 1734 while (enm != NULL) { 1735 /* XXX Punt on ranges. */ 1736 if (nmc == MWL_HAL_MCAST_MAX || 1737 !IEEE80211_ADDR_EQ(enm->enm_addrlo, enm->enm_addrhi)) { 1738 ifp->if_flags |= IFF_ALLMULTI; 1739 return; 1740 } 1741 IEEE80211_ADDR_COPY(mp, enm->enm_addrlo); 1742 mp += IEEE80211_ADDR_LEN, nmc++; 1743 ETHER_NEXT_MULTI(estep, enm); 1744 } 1745 ifp->if_flags &= ~IFF_ALLMULTI; 1746 mwl_hal_setmcast(sc->sc_mh, nmc, macs); 1747#endif 1748} 1749 1750static int 1751mwl_mode_init(struct mwl_softc *sc) 1752{ 1753 struct ieee80211com *ic = &sc->sc_ic; 1754 struct mwl_hal *mh = sc->sc_mh; 1755 1756 mwl_hal_setpromisc(mh, ic->ic_promisc > 0); 1757 mwl_setmcastfilter(sc); 1758 1759 return 0; 1760} 1761 1762/* 1763 * Callback from the 802.11 layer after a multicast state change. 1764 */ 1765static void 1766mwl_update_mcast(struct ieee80211com *ic) 1767{ 1768 struct mwl_softc *sc = ic->ic_softc; 1769 1770 mwl_setmcastfilter(sc); 1771} 1772 1773/* 1774 * Callback from the 802.11 layer after a promiscuous mode change. 1775 * Note this interface does not check the operating mode as this 1776 * is an internal callback and we are expected to honor the current 1777 * state (e.g. this is used for setting the interface in promiscuous 1778 * mode when operating in hostap mode to do ACS). 1779 */ 1780static void 1781mwl_update_promisc(struct ieee80211com *ic) 1782{ 1783 struct mwl_softc *sc = ic->ic_softc; 1784 1785 mwl_hal_setpromisc(sc->sc_mh, ic->ic_promisc > 0); 1786} 1787 1788/* 1789 * Callback from the 802.11 layer to update the slot time 1790 * based on the current setting. We use it to notify the 1791 * firmware of ERP changes and the f/w takes care of things 1792 * like slot time and preamble. 1793 */ 1794static void 1795mwl_updateslot(struct ieee80211com *ic) 1796{ 1797 struct mwl_softc *sc = ic->ic_softc; 1798 struct mwl_hal *mh = sc->sc_mh; 1799 int prot; 1800 1801 /* NB: can be called early; suppress needless cmds */ 1802 if (!sc->sc_running) 1803 return; 1804 1805 /* 1806 * Calculate the ERP flags. The firwmare will use 1807 * this to carry out the appropriate measures. 1808 */ 1809 prot = 0; 1810 if (IEEE80211_IS_CHAN_ANYG(ic->ic_curchan)) { 1811 if ((ic->ic_flags & IEEE80211_F_SHSLOT) == 0) 1812 prot |= IEEE80211_ERP_NON_ERP_PRESENT; 1813 if (ic->ic_flags & IEEE80211_F_USEPROT) 1814 prot |= IEEE80211_ERP_USE_PROTECTION; 1815 if (ic->ic_flags & IEEE80211_F_USEBARKER) 1816 prot |= IEEE80211_ERP_LONG_PREAMBLE; 1817 } 1818 1819 DPRINTF(sc, MWL_DEBUG_RESET, 1820 "%s: chan %u MHz/flags 0x%x %s slot, (prot 0x%x ic_flags 0x%x)\n", 1821 __func__, ic->ic_curchan->ic_freq, ic->ic_curchan->ic_flags, 1822 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", prot, 1823 ic->ic_flags); 1824 1825 mwl_hal_setgprot(mh, prot); 1826} 1827 1828/* 1829 * Setup the beacon frame. 1830 */ 1831static int 1832mwl_beacon_setup(struct ieee80211vap *vap) 1833{ 1834 struct mwl_hal_vap *hvap = MWL_VAP(vap)->mv_hvap; 1835 struct ieee80211_node *ni = vap->iv_bss; 1836 struct mbuf *m; 1837 1838 m = ieee80211_beacon_alloc(ni); 1839 if (m == NULL) 1840 return ENOBUFS; 1841 mwl_hal_setbeacon(hvap, mtod(m, const void *), m->m_len); 1842 m_free(m); 1843 1844 return 0; 1845} 1846 1847/* 1848 * Update the beacon frame in response to a change. 1849 */ 1850static void 1851mwl_beacon_update(struct ieee80211vap *vap, int item) 1852{ 1853 struct mwl_hal_vap *hvap = MWL_VAP(vap)->mv_hvap; 1854 struct ieee80211com *ic = vap->iv_ic; 1855 1856 KASSERT(hvap != NULL, ("no beacon")); 1857 switch (item) { 1858 case IEEE80211_BEACON_ERP: 1859 mwl_updateslot(ic); 1860 break; 1861 case IEEE80211_BEACON_HTINFO: 1862 mwl_hal_setnprotmode(hvap, 1863 MS(ic->ic_curhtprotmode, IEEE80211_HTINFO_OPMODE)); 1864 break; 1865 case IEEE80211_BEACON_CAPS: 1866 case IEEE80211_BEACON_WME: 1867 case IEEE80211_BEACON_APPIE: 1868 case IEEE80211_BEACON_CSA: 1869 break; 1870 case IEEE80211_BEACON_TIM: 1871 /* NB: firmware always forms TIM */ 1872 return; 1873 } 1874 /* XXX retain beacon frame and update */ 1875 mwl_beacon_setup(vap); 1876} 1877 1878static void 1879mwl_load_cb(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 1880{ 1881 bus_addr_t *paddr = (bus_addr_t*) arg; 1882 KASSERT(error == 0, ("error %u on bus_dma callback", error)); 1883 *paddr = segs->ds_addr; 1884} 1885 1886#ifdef MWL_HOST_PS_SUPPORT 1887/* 1888 * Handle power save station occupancy changes. 1889 */ 1890static void 1891mwl_update_ps(struct ieee80211vap *vap, int nsta) 1892{ 1893 struct mwl_vap *mvp = MWL_VAP(vap); 1894 1895 if (nsta == 0 || mvp->mv_last_ps_sta == 0) 1896 mwl_hal_setpowersave_bss(mvp->mv_hvap, nsta); 1897 mvp->mv_last_ps_sta = nsta; 1898} 1899 1900/* 1901 * Handle associated station power save state changes. 1902 */ 1903static int 1904mwl_set_tim(struct ieee80211_node *ni, int set) 1905{ 1906 struct ieee80211vap *vap = ni->ni_vap; 1907 struct mwl_vap *mvp = MWL_VAP(vap); 1908 1909 if (mvp->mv_set_tim(ni, set)) { /* NB: state change */ 1910 mwl_hal_setpowersave_sta(mvp->mv_hvap, 1911 IEEE80211_AID(ni->ni_associd), set); 1912 return 1; 1913 } else 1914 return 0; 1915} 1916#endif /* MWL_HOST_PS_SUPPORT */ 1917 1918static int 1919mwl_desc_setup(struct mwl_softc *sc, const char *name, 1920 struct mwl_descdma *dd, 1921 int nbuf, size_t bufsize, int ndesc, size_t descsize) 1922{ 1923 uint8_t *ds; 1924 int error; 1925 1926 DPRINTF(sc, MWL_DEBUG_RESET, 1927 "%s: %s DMA: %u bufs (%ju) %u desc/buf (%ju)\n", 1928 __func__, name, nbuf, (uintmax_t) bufsize, 1929 ndesc, (uintmax_t) descsize); 1930 1931 dd->dd_name = name; 1932 dd->dd_desc_len = nbuf * ndesc * descsize; 1933 1934 /* 1935 * Setup DMA descriptor area. 1936 */ 1937 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), /* parent */ 1938 PAGE_SIZE, 0, /* alignment, bounds */ 1939 BUS_SPACE_MAXADDR_32BIT, /* lowaddr */ 1940 BUS_SPACE_MAXADDR, /* highaddr */ 1941 NULL, NULL, /* filter, filterarg */ 1942 dd->dd_desc_len, /* maxsize */ 1943 1, /* nsegments */ 1944 dd->dd_desc_len, /* maxsegsize */ 1945 BUS_DMA_ALLOCNOW, /* flags */ 1946 NULL, /* lockfunc */ 1947 NULL, /* lockarg */ 1948 &dd->dd_dmat); 1949 if (error != 0) { 1950 device_printf(sc->sc_dev, "cannot allocate %s DMA tag\n", dd->dd_name); 1951 return error; 1952 } 1953 1954 /* allocate descriptors */ 1955 error = bus_dmamem_alloc(dd->dd_dmat, (void**) &dd->dd_desc, 1956 BUS_DMA_NOWAIT | BUS_DMA_COHERENT, 1957 &dd->dd_dmamap); 1958 if (error != 0) { 1959 device_printf(sc->sc_dev, "unable to alloc memory for %u %s descriptors, " 1960 "error %u\n", nbuf * ndesc, dd->dd_name, error); 1961 goto fail1; 1962 } 1963 1964 error = bus_dmamap_load(dd->dd_dmat, dd->dd_dmamap, 1965 dd->dd_desc, dd->dd_desc_len, 1966 mwl_load_cb, &dd->dd_desc_paddr, 1967 BUS_DMA_NOWAIT); 1968 if (error != 0) { 1969 device_printf(sc->sc_dev, "unable to map %s descriptors, error %u\n", 1970 dd->dd_name, error); 1971 goto fail2; 1972 } 1973 1974 ds = dd->dd_desc; 1975 memset(ds, 0, dd->dd_desc_len); 1976 DPRINTF(sc, MWL_DEBUG_RESET, 1977 "%s: %s DMA map: %p (%lu) -> 0x%jx (%lu)\n", 1978 __func__, dd->dd_name, ds, (u_long) dd->dd_desc_len, 1979 (uintmax_t) dd->dd_desc_paddr, /*XXX*/ (u_long) dd->dd_desc_len); 1980 1981 return 0; 1982fail2: 1983 bus_dmamem_free(dd->dd_dmat, dd->dd_desc, dd->dd_dmamap); 1984fail1: 1985 bus_dma_tag_destroy(dd->dd_dmat); 1986 memset(dd, 0, sizeof(*dd)); 1987 return error; 1988#undef DS2PHYS 1989} 1990 1991static void 1992mwl_desc_cleanup(struct mwl_softc *sc, struct mwl_descdma *dd) 1993{ 1994 bus_dmamap_unload(dd->dd_dmat, dd->dd_dmamap); 1995 bus_dmamem_free(dd->dd_dmat, dd->dd_desc, dd->dd_dmamap); 1996 bus_dma_tag_destroy(dd->dd_dmat); 1997 1998 memset(dd, 0, sizeof(*dd)); 1999} 2000 2001/* 2002 * Construct a tx q's free list. The order of entries on 2003 * the list must reflect the physical layout of tx descriptors 2004 * because the firmware pre-fetches descriptors. 2005 * 2006 * XXX might be better to use indices into the buffer array. 2007 */ 2008static void 2009mwl_txq_reset(struct mwl_softc *sc, struct mwl_txq *txq) 2010{ 2011 struct mwl_txbuf *bf; 2012 int i; 2013 2014 bf = txq->dma.dd_bufptr; 2015 STAILQ_INIT(&txq->free); 2016 for (i = 0; i < mwl_txbuf; i++, bf++) 2017 STAILQ_INSERT_TAIL(&txq->free, bf, bf_list); 2018 txq->nfree = i; 2019} 2020 2021#define DS2PHYS(_dd, _ds) \ 2022 ((_dd)->dd_desc_paddr + ((caddr_t)(_ds) - (caddr_t)(_dd)->dd_desc)) 2023 2024static int 2025mwl_txdma_setup(struct mwl_softc *sc, struct mwl_txq *txq) 2026{ 2027 int error, bsize, i; 2028 struct mwl_txbuf *bf; 2029 struct mwl_txdesc *ds; 2030 2031 error = mwl_desc_setup(sc, "tx", &txq->dma, 2032 mwl_txbuf, sizeof(struct mwl_txbuf), 2033 MWL_TXDESC, sizeof(struct mwl_txdesc)); 2034 if (error != 0) 2035 return error; 2036 2037 /* allocate and setup tx buffers */ 2038 bsize = mwl_txbuf * sizeof(struct mwl_txbuf); 2039 bf = malloc(bsize, M_MWLDEV, M_NOWAIT | M_ZERO); 2040 if (bf == NULL) { 2041 device_printf(sc->sc_dev, "malloc of %u tx buffers failed\n", 2042 mwl_txbuf); 2043 return ENOMEM; 2044 } 2045 txq->dma.dd_bufptr = bf; 2046 2047 ds = txq->dma.dd_desc; 2048 for (i = 0; i < mwl_txbuf; i++, bf++, ds += MWL_TXDESC) { 2049 bf->bf_desc = ds; 2050 bf->bf_daddr = DS2PHYS(&txq->dma, ds); 2051 error = bus_dmamap_create(sc->sc_dmat, BUS_DMA_NOWAIT, 2052 &bf->bf_dmamap); 2053 if (error != 0) { 2054 device_printf(sc->sc_dev, "unable to create dmamap for tx " 2055 "buffer %u, error %u\n", i, error); 2056 return error; 2057 } 2058 } 2059 mwl_txq_reset(sc, txq); 2060 return 0; 2061} 2062 2063static void 2064mwl_txdma_cleanup(struct mwl_softc *sc, struct mwl_txq *txq) 2065{ 2066 struct mwl_txbuf *bf; 2067 int i; 2068 2069 bf = txq->dma.dd_bufptr; 2070 for (i = 0; i < mwl_txbuf; i++, bf++) { 2071 KASSERT(bf->bf_m == NULL, ("mbuf on free list")); 2072 KASSERT(bf->bf_node == NULL, ("node on free list")); 2073 if (bf->bf_dmamap != NULL) 2074 bus_dmamap_destroy(sc->sc_dmat, bf->bf_dmamap); 2075 } 2076 STAILQ_INIT(&txq->free); 2077 txq->nfree = 0; 2078 if (txq->dma.dd_bufptr != NULL) { 2079 free(txq->dma.dd_bufptr, M_MWLDEV); 2080 txq->dma.dd_bufptr = NULL; 2081 } 2082 if (txq->dma.dd_desc_len != 0) 2083 mwl_desc_cleanup(sc, &txq->dma); 2084} 2085 2086static int 2087mwl_rxdma_setup(struct mwl_softc *sc) 2088{ 2089 int error, jumbosize, bsize, i; 2090 struct mwl_rxbuf *bf; 2091 struct mwl_jumbo *rbuf; 2092 struct mwl_rxdesc *ds; 2093 caddr_t data; 2094 2095 error = mwl_desc_setup(sc, "rx", &sc->sc_rxdma, 2096 mwl_rxdesc, sizeof(struct mwl_rxbuf), 2097 1, sizeof(struct mwl_rxdesc)); 2098 if (error != 0) 2099 return error; 2100 2101 /* 2102 * Receive is done to a private pool of jumbo buffers. 2103 * This allows us to attach to mbuf's and avoid re-mapping 2104 * memory on each rx we post. We allocate a large chunk 2105 * of memory and manage it in the driver. The mbuf free 2106 * callback method is used to reclaim frames after sending 2107 * them up the stack. By default we allocate 2x the number of 2108 * rx descriptors configured so we have some slop to hold 2109 * us while frames are processed. 2110 */ 2111 if (mwl_rxbuf < 2*mwl_rxdesc) { 2112 device_printf(sc->sc_dev, 2113 "too few rx dma buffers (%d); increasing to %d\n", 2114 mwl_rxbuf, 2*mwl_rxdesc); 2115 mwl_rxbuf = 2*mwl_rxdesc; 2116 } 2117 jumbosize = roundup(MWL_AGGR_SIZE, PAGE_SIZE); 2118 sc->sc_rxmemsize = mwl_rxbuf*jumbosize; 2119 2120 error = bus_dma_tag_create(sc->sc_dmat, /* parent */ 2121 PAGE_SIZE, 0, /* alignment, bounds */ 2122 BUS_SPACE_MAXADDR_32BIT, /* lowaddr */ 2123 BUS_SPACE_MAXADDR, /* highaddr */ 2124 NULL, NULL, /* filter, filterarg */ 2125 sc->sc_rxmemsize, /* maxsize */ 2126 1, /* nsegments */ 2127 sc->sc_rxmemsize, /* maxsegsize */ 2128 BUS_DMA_ALLOCNOW, /* flags */ 2129 NULL, /* lockfunc */ 2130 NULL, /* lockarg */ 2131 &sc->sc_rxdmat); 2132 if (error != 0) { 2133 device_printf(sc->sc_dev, "could not create rx DMA tag\n"); 2134 return error; 2135 } 2136 2137 error = bus_dmamem_alloc(sc->sc_rxdmat, (void**) &sc->sc_rxmem, 2138 BUS_DMA_NOWAIT | BUS_DMA_COHERENT, 2139 &sc->sc_rxmap); 2140 if (error != 0) { 2141 device_printf(sc->sc_dev, "could not alloc %ju bytes of rx DMA memory\n", 2142 (uintmax_t) sc->sc_rxmemsize); 2143 return error; 2144 } 2145 2146 error = bus_dmamap_load(sc->sc_rxdmat, sc->sc_rxmap, 2147 sc->sc_rxmem, sc->sc_rxmemsize, 2148 mwl_load_cb, &sc->sc_rxmem_paddr, 2149 BUS_DMA_NOWAIT); 2150 if (error != 0) { 2151 device_printf(sc->sc_dev, "could not load rx DMA map\n"); 2152 return error; 2153 } 2154 2155 /* 2156 * Allocate rx buffers and set them up. 2157 */ 2158 bsize = mwl_rxdesc * sizeof(struct mwl_rxbuf); 2159 bf = malloc(bsize, M_MWLDEV, M_NOWAIT | M_ZERO); 2160 if (bf == NULL) { 2161 device_printf(sc->sc_dev, "malloc of %u rx buffers failed\n", bsize); 2162 return error; 2163 } 2164 sc->sc_rxdma.dd_bufptr = bf; 2165 2166 STAILQ_INIT(&sc->sc_rxbuf); 2167 ds = sc->sc_rxdma.dd_desc; 2168 for (i = 0; i < mwl_rxdesc; i++, bf++, ds++) { 2169 bf->bf_desc = ds; 2170 bf->bf_daddr = DS2PHYS(&sc->sc_rxdma, ds); 2171 /* pre-assign dma buffer */ 2172 bf->bf_data = ((uint8_t *)sc->sc_rxmem) + (i*jumbosize); 2173 /* NB: tail is intentional to preserve descriptor order */ 2174 STAILQ_INSERT_TAIL(&sc->sc_rxbuf, bf, bf_list); 2175 } 2176 2177 /* 2178 * Place remainder of dma memory buffers on the free list. 2179 */ 2180 SLIST_INIT(&sc->sc_rxfree); 2181 for (; i < mwl_rxbuf; i++) { 2182 data = ((uint8_t *)sc->sc_rxmem) + (i*jumbosize); 2183 rbuf = MWL_JUMBO_DATA2BUF(data); 2184 SLIST_INSERT_HEAD(&sc->sc_rxfree, rbuf, next); 2185 sc->sc_nrxfree++; 2186 } 2187 return 0; 2188} 2189#undef DS2PHYS 2190 2191static void 2192mwl_rxdma_cleanup(struct mwl_softc *sc) 2193{ 2194 if (sc->sc_rxmem_paddr != 0) { 2195 bus_dmamap_unload(sc->sc_rxdmat, sc->sc_rxmap); 2196 sc->sc_rxmem_paddr = 0; 2197 } 2198 if (sc->sc_rxmem != NULL) { 2199 bus_dmamem_free(sc->sc_rxdmat, sc->sc_rxmem, sc->sc_rxmap); 2200 sc->sc_rxmem = NULL; 2201 } 2202 if (sc->sc_rxdma.dd_bufptr != NULL) { 2203 free(sc->sc_rxdma.dd_bufptr, M_MWLDEV); 2204 sc->sc_rxdma.dd_bufptr = NULL; 2205 } 2206 if (sc->sc_rxdma.dd_desc_len != 0) 2207 mwl_desc_cleanup(sc, &sc->sc_rxdma); 2208} 2209 2210static int 2211mwl_dma_setup(struct mwl_softc *sc) 2212{ 2213 int error, i; 2214 2215 error = mwl_rxdma_setup(sc); 2216 if (error != 0) { 2217 mwl_rxdma_cleanup(sc); 2218 return error; 2219 } 2220 2221 for (i = 0; i < MWL_NUM_TX_QUEUES; i++) { 2222 error = mwl_txdma_setup(sc, &sc->sc_txq[i]); 2223 if (error != 0) { 2224 mwl_dma_cleanup(sc); 2225 return error; 2226 } 2227 } 2228 return 0; 2229} 2230 2231static void 2232mwl_dma_cleanup(struct mwl_softc *sc) 2233{ 2234 int i; 2235 2236 for (i = 0; i < MWL_NUM_TX_QUEUES; i++) 2237 mwl_txdma_cleanup(sc, &sc->sc_txq[i]); 2238 mwl_rxdma_cleanup(sc); 2239} 2240 2241static struct ieee80211_node * 2242mwl_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2243{ 2244 struct ieee80211com *ic = vap->iv_ic; 2245 struct mwl_softc *sc = ic->ic_softc; 2246 const size_t space = sizeof(struct mwl_node); 2247 struct mwl_node *mn; 2248 2249 mn = malloc(space, M_80211_NODE, M_NOWAIT|M_ZERO); 2250 if (mn == NULL) { 2251 /* XXX stat+msg */ 2252 return NULL; 2253 } 2254 DPRINTF(sc, MWL_DEBUG_NODE, "%s: mn %p\n", __func__, mn); 2255 return &mn->mn_node; 2256} 2257 2258static void 2259mwl_node_cleanup(struct ieee80211_node *ni) 2260{ 2261 struct ieee80211com *ic = ni->ni_ic; 2262 struct mwl_softc *sc = ic->ic_softc; 2263 struct mwl_node *mn = MWL_NODE(ni); 2264 2265 DPRINTF(sc, MWL_DEBUG_NODE, "%s: ni %p ic %p staid %d\n", 2266 __func__, ni, ni->ni_ic, mn->mn_staid); 2267 2268 if (mn->mn_staid != 0) { 2269 struct ieee80211vap *vap = ni->ni_vap; 2270 2271 if (mn->mn_hvap != NULL) { 2272 if (vap->iv_opmode == IEEE80211_M_STA) 2273 mwl_hal_delstation(mn->mn_hvap, vap->iv_myaddr); 2274 else 2275 mwl_hal_delstation(mn->mn_hvap, ni->ni_macaddr); 2276 } 2277 /* 2278 * NB: legacy WDS peer sta db entry is installed using 2279 * the associate ap's hvap; use it again to delete it. 2280 * XXX can vap be NULL? 2281 */ 2282 else if (vap->iv_opmode == IEEE80211_M_WDS && 2283 MWL_VAP(vap)->mv_ap_hvap != NULL) 2284 mwl_hal_delstation(MWL_VAP(vap)->mv_ap_hvap, 2285 ni->ni_macaddr); 2286 delstaid(sc, mn->mn_staid); 2287 mn->mn_staid = 0; 2288 } 2289 sc->sc_node_cleanup(ni); 2290} 2291 2292/* 2293 * Reclaim rx dma buffers from packets sitting on the ampdu 2294 * reorder queue for a station. We replace buffers with a 2295 * system cluster (if available). 2296 */ 2297static void 2298mwl_ampdu_rxdma_reclaim(struct ieee80211_rx_ampdu *rap) 2299{ 2300#if 0 2301 int i, n, off; 2302 struct mbuf *m; 2303 void *cl; 2304 2305 n = rap->rxa_qframes; 2306 for (i = 0; i < rap->rxa_wnd && n > 0; i++) { 2307 m = rap->rxa_m[i]; 2308 if (m == NULL) 2309 continue; 2310 n--; 2311 /* our dma buffers have a well-known free routine */ 2312 if ((m->m_flags & M_EXT) == 0 || 2313 m->m_ext.ext_free != mwl_ext_free) 2314 continue; 2315 /* 2316 * Try to allocate a cluster and move the data. 2317 */ 2318 off = m->m_data - m->m_ext.ext_buf; 2319 if (off + m->m_pkthdr.len > MCLBYTES) { 2320 /* XXX no AMSDU for now */ 2321 continue; 2322 } 2323 cl = pool_cache_get_paddr(&mclpool_cache, 0, 2324 &m->m_ext.ext_paddr); 2325 if (cl != NULL) { 2326 /* 2327 * Copy the existing data to the cluster, remove 2328 * the rx dma buffer, and attach the cluster in 2329 * its place. Note we preserve the offset to the 2330 * data so frames being bridged can still prepend 2331 * their headers without adding another mbuf. 2332 */ 2333 memcpy((caddr_t) cl + off, m->m_data, m->m_pkthdr.len); 2334 MEXTREMOVE(m); 2335 MEXTADD(m, cl, MCLBYTES, 0, NULL, &mclpool_cache); 2336 /* setup mbuf like _MCLGET does */ 2337 m->m_flags |= M_CLUSTER | M_EXT_RW; 2338 _MOWNERREF(m, M_EXT | M_CLUSTER); 2339 /* NB: m_data is clobbered by MEXTADDR, adjust */ 2340 m->m_data += off; 2341 } 2342 } 2343#endif 2344} 2345 2346/* 2347 * Callback to reclaim resources. We first let the 2348 * net80211 layer do it's thing, then if we are still 2349 * blocked by a lack of rx dma buffers we walk the ampdu 2350 * reorder q's to reclaim buffers by copying to a system 2351 * cluster. 2352 */ 2353static void 2354mwl_node_drain(struct ieee80211_node *ni) 2355{ 2356 struct ieee80211com *ic = ni->ni_ic; 2357 struct mwl_softc *sc = ic->ic_softc; 2358 struct mwl_node *mn = MWL_NODE(ni); 2359 2360 DPRINTF(sc, MWL_DEBUG_NODE, "%s: ni %p vap %p staid %d\n", 2361 __func__, ni, ni->ni_vap, mn->mn_staid); 2362 2363 /* NB: call up first to age out ampdu q's */ 2364 sc->sc_node_drain(ni); 2365 2366 /* XXX better to not check low water mark? */ 2367 if (sc->sc_rxblocked && mn->mn_staid != 0 && 2368 (ni->ni_flags & IEEE80211_NODE_HT)) { 2369 uint8_t tid; 2370 /* 2371 * Walk the reorder q and reclaim rx dma buffers by copying 2372 * the packet contents into clusters. 2373 */ 2374 for (tid = 0; tid < WME_NUM_TID; tid++) { 2375 struct ieee80211_rx_ampdu *rap; 2376 2377 rap = &ni->ni_rx_ampdu[tid]; 2378 if ((rap->rxa_flags & IEEE80211_AGGR_XCHGPEND) == 0) 2379 continue; 2380 if (rap->rxa_qframes) 2381 mwl_ampdu_rxdma_reclaim(rap); 2382 } 2383 } 2384} 2385 2386static void 2387mwl_node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise) 2388{ 2389 *rssi = ni->ni_ic->ic_node_getrssi(ni); 2390#ifdef MWL_ANT_INFO_SUPPORT 2391#if 0 2392 /* XXX need to smooth data */ 2393 *noise = -MWL_NODE_CONST(ni)->mn_ai.nf; 2394#else 2395 *noise = -95; /* XXX */ 2396#endif 2397#else 2398 *noise = -95; /* XXX */ 2399#endif 2400} 2401 2402/* 2403 * Convert Hardware per-antenna rssi info to common format: 2404 * Let a1, a2, a3 represent the amplitudes per chain 2405 * Let amax represent max[a1, a2, a3] 2406 * Rssi1_dBm = RSSI_dBm + 20*log10(a1/amax) 2407 * Rssi1_dBm = RSSI_dBm + 20*log10(a1) - 20*log10(amax) 2408 * We store a table that is 4*20*log10(idx) - the extra 4 is to store or 2409 * maintain some extra precision. 2410 * 2411 * Values are stored in .5 db format capped at 127. 2412 */ 2413static void 2414mwl_node_getmimoinfo(const struct ieee80211_node *ni, 2415 struct ieee80211_mimo_info *mi) 2416{ 2417#define CVT(_dst, _src) do { \ 2418 (_dst) = rssi + ((logdbtbl[_src] - logdbtbl[rssi_max]) >> 2); \ 2419 (_dst) = (_dst) > 64 ? 127 : ((_dst) << 1); \ 2420} while (0) 2421 static const int8_t logdbtbl[32] = { 2422 0, 0, 24, 38, 48, 56, 62, 68, 2423 72, 76, 80, 83, 86, 89, 92, 94, 2424 96, 98, 100, 102, 104, 106, 107, 109, 2425 110, 112, 113, 115, 116, 117, 118, 119 2426 }; 2427 const struct mwl_node *mn = MWL_NODE_CONST(ni); 2428 uint8_t rssi = mn->mn_ai.rsvd1/2; /* XXX */ 2429 uint32_t rssi_max; 2430 2431 rssi_max = mn->mn_ai.rssi_a; 2432 if (mn->mn_ai.rssi_b > rssi_max) 2433 rssi_max = mn->mn_ai.rssi_b; 2434 if (mn->mn_ai.rssi_c > rssi_max) 2435 rssi_max = mn->mn_ai.rssi_c; 2436 2437 CVT(mi->rssi[0], mn->mn_ai.rssi_a); 2438 CVT(mi->rssi[1], mn->mn_ai.rssi_b); 2439 CVT(mi->rssi[2], mn->mn_ai.rssi_c); 2440 2441 mi->noise[0] = mn->mn_ai.nf_a; 2442 mi->noise[1] = mn->mn_ai.nf_b; 2443 mi->noise[2] = mn->mn_ai.nf_c; 2444#undef CVT 2445} 2446 2447static __inline void * 2448mwl_getrxdma(struct mwl_softc *sc) 2449{ 2450 struct mwl_jumbo *buf; 2451 void *data; 2452 2453 /* 2454 * Allocate from jumbo pool. 2455 */ 2456 MWL_RXFREE_LOCK(sc); 2457 buf = SLIST_FIRST(&sc->sc_rxfree); 2458 if (buf == NULL) { 2459 DPRINTF(sc, MWL_DEBUG_ANY, 2460 "%s: out of rx dma buffers\n", __func__); 2461 sc->sc_stats.mst_rx_nodmabuf++; 2462 data = NULL; 2463 } else { 2464 SLIST_REMOVE_HEAD(&sc->sc_rxfree, next); 2465 sc->sc_nrxfree--; 2466 data = MWL_JUMBO_BUF2DATA(buf); 2467 } 2468 MWL_RXFREE_UNLOCK(sc); 2469 return data; 2470} 2471 2472static __inline void 2473mwl_putrxdma(struct mwl_softc *sc, void *data) 2474{ 2475 struct mwl_jumbo *buf; 2476 2477 /* XXX bounds check data */ 2478 MWL_RXFREE_LOCK(sc); 2479 buf = MWL_JUMBO_DATA2BUF(data); 2480 SLIST_INSERT_HEAD(&sc->sc_rxfree, buf, next); 2481 sc->sc_nrxfree++; 2482 MWL_RXFREE_UNLOCK(sc); 2483} 2484 2485static int 2486mwl_rxbuf_init(struct mwl_softc *sc, struct mwl_rxbuf *bf) 2487{ 2488 struct mwl_rxdesc *ds; 2489 2490 ds = bf->bf_desc; 2491 if (bf->bf_data == NULL) { 2492 bf->bf_data = mwl_getrxdma(sc); 2493 if (bf->bf_data == NULL) { 2494 /* mark descriptor to be skipped */ 2495 ds->RxControl = EAGLE_RXD_CTRL_OS_OWN; 2496 /* NB: don't need PREREAD */ 2497 MWL_RXDESC_SYNC(sc, ds, BUS_DMASYNC_PREWRITE); 2498 sc->sc_stats.mst_rxbuf_failed++; 2499 return ENOMEM; 2500 } 2501 } 2502 /* 2503 * NB: DMA buffer contents is known to be unmodified 2504 * so there's no need to flush the data cache. 2505 */ 2506 2507 /* 2508 * Setup descriptor. 2509 */ 2510 ds->QosCtrl = 0; 2511 ds->RSSI = 0; 2512 ds->Status = EAGLE_RXD_STATUS_IDLE; 2513 ds->Channel = 0; 2514 ds->PktLen = htole16(MWL_AGGR_SIZE); 2515 ds->SQ2 = 0; 2516 ds->pPhysBuffData = htole32(MWL_JUMBO_DMA_ADDR(sc, bf->bf_data)); 2517 /* NB: don't touch pPhysNext, set once */ 2518 ds->RxControl = EAGLE_RXD_CTRL_DRIVER_OWN; 2519 MWL_RXDESC_SYNC(sc, ds, BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); 2520 2521 return 0; 2522} 2523 2524static void 2525mwl_ext_free(struct mbuf *m, void *data, void *arg) 2526{ 2527 struct mwl_softc *sc = arg; 2528 2529 /* XXX bounds check data */ 2530 mwl_putrxdma(sc, data); 2531 /* 2532 * If we were previously blocked by a lack of rx dma buffers 2533 * check if we now have enough to restart rx interrupt handling. 2534 * NB: we know we are called at splvm which is above splnet. 2535 */ 2536 if (sc->sc_rxblocked && sc->sc_nrxfree > mwl_rxdmalow) { 2537 sc->sc_rxblocked = 0; 2538 mwl_hal_intrset(sc->sc_mh, sc->sc_imask); 2539 } 2540} 2541 2542struct mwl_frame_bar { 2543 u_int8_t i_fc[2]; 2544 u_int8_t i_dur[2]; 2545 u_int8_t i_ra[IEEE80211_ADDR_LEN]; 2546 u_int8_t i_ta[IEEE80211_ADDR_LEN]; 2547 /* ctl, seq, FCS */ 2548} __packed; 2549 2550/* 2551 * Like ieee80211_anyhdrsize, but handles BAR frames 2552 * specially so the logic below to piece the 802.11 2553 * header together works. 2554 */ 2555static __inline int 2556mwl_anyhdrsize(const void *data) 2557{ 2558 const struct ieee80211_frame *wh = data; 2559 2560 if ((wh->i_fc[0]&IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) { 2561 switch (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) { 2562 case IEEE80211_FC0_SUBTYPE_CTS: 2563 case IEEE80211_FC0_SUBTYPE_ACK: 2564 return sizeof(struct ieee80211_frame_ack); 2565 case IEEE80211_FC0_SUBTYPE_BAR: 2566 return sizeof(struct mwl_frame_bar); 2567 } 2568 return sizeof(struct ieee80211_frame_min); 2569 } else 2570 return ieee80211_hdrsize(data); 2571} 2572 2573static void 2574mwl_handlemicerror(struct ieee80211com *ic, const uint8_t *data) 2575{ 2576 const struct ieee80211_frame *wh; 2577 struct ieee80211_node *ni; 2578 2579 wh = (const struct ieee80211_frame *)(data + sizeof(uint16_t)); 2580 ni = ieee80211_find_rxnode(ic, (const struct ieee80211_frame_min *) wh); 2581 if (ni != NULL) { 2582 ieee80211_notify_michael_failure(ni->ni_vap, wh, 0); 2583 ieee80211_free_node(ni); 2584 } 2585} 2586 2587/* 2588 * Convert hardware signal strength to rssi. The value 2589 * provided by the device has the noise floor added in; 2590 * we need to compensate for this but we don't have that 2591 * so we use a fixed value. 2592 * 2593 * The offset of 8 is good for both 2.4 and 5GHz. The LNA 2594 * offset is already set as part of the initial gain. This 2595 * will give at least +/- 3dB for 2.4GHz and +/- 5dB for 5GHz. 2596 */ 2597static __inline int 2598cvtrssi(uint8_t ssi) 2599{ 2600 int rssi = (int) ssi + 8; 2601 /* XXX hack guess until we have a real noise floor */ 2602 rssi = 2*(87 - rssi); /* NB: .5 dBm units */ 2603 return (rssi < 0 ? 0 : rssi > 127 ? 127 : rssi); 2604} 2605 2606static void 2607mwl_rx_proc(void *arg, int npending) 2608{ 2609 struct mwl_softc *sc = arg; 2610 struct ieee80211com *ic = &sc->sc_ic; 2611 struct mwl_rxbuf *bf; 2612 struct mwl_rxdesc *ds; 2613 struct mbuf *m; 2614 struct ieee80211_qosframe *wh; 2615 struct ieee80211_node *ni; 2616 struct mwl_node *mn; 2617 int off, len, hdrlen, pktlen, rssi, ntodo; 2618 uint8_t *data, status; 2619 void *newdata; 2620 int16_t nf; 2621 2622 DPRINTF(sc, MWL_DEBUG_RX_PROC, "%s: pending %u rdptr 0x%x wrptr 0x%x\n", 2623 __func__, npending, RD4(sc, sc->sc_hwspecs.rxDescRead), 2624 RD4(sc, sc->sc_hwspecs.rxDescWrite)); 2625 nf = -96; /* XXX */ 2626 bf = sc->sc_rxnext; 2627 for (ntodo = mwl_rxquota; ntodo > 0; ntodo--) { 2628 if (bf == NULL) 2629 bf = STAILQ_FIRST(&sc->sc_rxbuf); 2630 ds = bf->bf_desc; 2631 data = bf->bf_data; 2632 if (data == NULL) { 2633 /* 2634 * If data allocation failed previously there 2635 * will be no buffer; try again to re-populate it. 2636 * Note the firmware will not advance to the next 2637 * descriptor with a dma buffer so we must mimic 2638 * this or we'll get out of sync. 2639 */ 2640 DPRINTF(sc, MWL_DEBUG_ANY, 2641 "%s: rx buf w/o dma memory\n", __func__); 2642 (void) mwl_rxbuf_init(sc, bf); 2643 sc->sc_stats.mst_rx_dmabufmissing++; 2644 break; 2645 } 2646 MWL_RXDESC_SYNC(sc, ds, 2647 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 2648 if (ds->RxControl != EAGLE_RXD_CTRL_DMA_OWN) 2649 break; 2650#ifdef MWL_DEBUG 2651 if (sc->sc_debug & MWL_DEBUG_RECV_DESC) 2652 mwl_printrxbuf(bf, 0); 2653#endif 2654 status = ds->Status; 2655 if (status & EAGLE_RXD_STATUS_DECRYPT_ERR_MASK) { 2656 counter_u64_add(ic->ic_ierrors, 1); 2657 sc->sc_stats.mst_rx_crypto++; 2658 /* 2659 * NB: Check EAGLE_RXD_STATUS_GENERAL_DECRYPT_ERR 2660 * for backwards compatibility. 2661 */ 2662 if (status != EAGLE_RXD_STATUS_GENERAL_DECRYPT_ERR && 2663 (status & EAGLE_RXD_STATUS_TKIP_MIC_DECRYPT_ERR)) { 2664 /* 2665 * MIC error, notify upper layers. 2666 */ 2667 bus_dmamap_sync(sc->sc_rxdmat, sc->sc_rxmap, 2668 BUS_DMASYNC_POSTREAD); 2669 mwl_handlemicerror(ic, data); 2670 sc->sc_stats.mst_rx_tkipmic++; 2671 } 2672 /* XXX too painful to tap packets */ 2673 goto rx_next; 2674 } 2675 /* 2676 * Sync the data buffer. 2677 */ 2678 len = le16toh(ds->PktLen); 2679 bus_dmamap_sync(sc->sc_rxdmat, sc->sc_rxmap, BUS_DMASYNC_POSTREAD); 2680 /* 2681 * The 802.11 header is provided all or in part at the front; 2682 * use it to calculate the true size of the header that we'll 2683 * construct below. We use this to figure out where to copy 2684 * payload prior to constructing the header. 2685 */ 2686 hdrlen = mwl_anyhdrsize(data + sizeof(uint16_t)); 2687 off = sizeof(uint16_t) + sizeof(struct ieee80211_frame_addr4); 2688 2689 /* calculate rssi early so we can re-use for each aggregate */ 2690 rssi = cvtrssi(ds->RSSI); 2691 2692 pktlen = hdrlen + (len - off); 2693 /* 2694 * NB: we know our frame is at least as large as 2695 * IEEE80211_MIN_LEN because there is a 4-address 2696 * frame at the front. Hence there's no need to 2697 * vet the packet length. If the frame in fact 2698 * is too small it should be discarded at the 2699 * net80211 layer. 2700 */ 2701 2702 /* 2703 * Attach dma buffer to an mbuf. We tried 2704 * doing this based on the packet size (i.e. 2705 * copying small packets) but it turns out to 2706 * be a net loss. The tradeoff might be system 2707 * dependent (cache architecture is important). 2708 */ 2709 MGETHDR(m, M_NOWAIT, MT_DATA); 2710 if (m == NULL) { 2711 DPRINTF(sc, MWL_DEBUG_ANY, 2712 "%s: no rx mbuf\n", __func__); 2713 sc->sc_stats.mst_rx_nombuf++; 2714 goto rx_next; 2715 } 2716 /* 2717 * Acquire the replacement dma buffer before 2718 * processing the frame. If we're out of dma 2719 * buffers we disable rx interrupts and wait 2720 * for the free pool to reach mlw_rxdmalow buffers 2721 * before starting to do work again. If the firmware 2722 * runs out of descriptors then it will toss frames 2723 * which is better than our doing it as that can 2724 * starve our processing. It is also important that 2725 * we always process rx'd frames in case they are 2726 * A-MPDU as otherwise the host's view of the BA 2727 * window may get out of sync with the firmware. 2728 */ 2729 newdata = mwl_getrxdma(sc); 2730 if (newdata == NULL) { 2731 /* NB: stat+msg in mwl_getrxdma */ 2732 m_free(m); 2733 /* disable RX interrupt and mark state */ 2734 mwl_hal_intrset(sc->sc_mh, 2735 sc->sc_imask &~ MACREG_A2HRIC_BIT_RX_RDY); 2736 sc->sc_rxblocked = 1; 2737 ieee80211_drain(ic); 2738 /* XXX check rxblocked and immediately start again? */ 2739 goto rx_stop; 2740 } 2741 bf->bf_data = newdata; 2742 /* 2743 * Attach the dma buffer to the mbuf; 2744 * mwl_rxbuf_init will re-setup the rx 2745 * descriptor using the replacement dma 2746 * buffer we just installed above. 2747 */ 2748 MEXTADD(m, data, MWL_AGGR_SIZE, mwl_ext_free, 2749 data, sc, 0, EXT_NET_DRV); 2750 m->m_data += off - hdrlen; 2751 m->m_pkthdr.len = m->m_len = pktlen; 2752 /* NB: dma buffer assumed read-only */ 2753 2754 /* 2755 * Piece 802.11 header together. 2756 */ 2757 wh = mtod(m, struct ieee80211_qosframe *); 2758 /* NB: don't need to do this sometimes but ... */ 2759 /* XXX special case so we can memcpy after m_devget? */ 2760 ovbcopy(data + sizeof(uint16_t), wh, hdrlen); 2761 if (IEEE80211_QOS_HAS_SEQ(wh)) 2762 *(uint16_t *)ieee80211_getqos(wh) = ds->QosCtrl; 2763 /* 2764 * The f/w strips WEP header but doesn't clear 2765 * the WEP bit; mark the packet with M_WEP so 2766 * net80211 will treat the data as decrypted. 2767 * While here also clear the PWR_MGT bit since 2768 * power save is handled by the firmware and 2769 * passing this up will potentially cause the 2770 * upper layer to put a station in power save 2771 * (except when configured with MWL_HOST_PS_SUPPORT). 2772 */ 2773 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) 2774 m->m_flags |= M_WEP; 2775#ifdef MWL_HOST_PS_SUPPORT 2776 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2777#else 2778 wh->i_fc[1] &= ~(IEEE80211_FC1_PROTECTED | 2779 IEEE80211_FC1_PWR_MGT); 2780#endif 2781 2782 if (ieee80211_radiotap_active(ic)) { 2783 struct mwl_rx_radiotap_header *tap = &sc->sc_rx_th; 2784 2785 tap->wr_flags = 0; 2786 tap->wr_rate = ds->Rate; 2787 tap->wr_antsignal = rssi + nf; 2788 tap->wr_antnoise = nf; 2789 } 2790 if (IFF_DUMPPKTS_RECV(sc, wh)) { 2791 ieee80211_dump_pkt(ic, mtod(m, caddr_t), 2792 len, ds->Rate, rssi); 2793 } 2794 /* dispatch */ 2795 ni = ieee80211_find_rxnode(ic, 2796 (const struct ieee80211_frame_min *) wh); 2797 if (ni != NULL) { 2798 mn = MWL_NODE(ni); 2799#ifdef MWL_ANT_INFO_SUPPORT 2800 mn->mn_ai.rssi_a = ds->ai.rssi_a; 2801 mn->mn_ai.rssi_b = ds->ai.rssi_b; 2802 mn->mn_ai.rssi_c = ds->ai.rssi_c; 2803 mn->mn_ai.rsvd1 = rssi; 2804#endif 2805 /* tag AMPDU aggregates for reorder processing */ 2806 if (ni->ni_flags & IEEE80211_NODE_HT) 2807 m->m_flags |= M_AMPDU; 2808 (void) ieee80211_input(ni, m, rssi, nf); 2809 ieee80211_free_node(ni); 2810 } else 2811 (void) ieee80211_input_all(ic, m, rssi, nf); 2812rx_next: 2813 /* NB: ignore ENOMEM so we process more descriptors */ 2814 (void) mwl_rxbuf_init(sc, bf); 2815 bf = STAILQ_NEXT(bf, bf_list); 2816 } 2817rx_stop: 2818 sc->sc_rxnext = bf; 2819 2820 if (mbufq_first(&sc->sc_snd) != NULL) { 2821 /* NB: kick fw; the tx thread may have been preempted */ 2822 mwl_hal_txstart(sc->sc_mh, 0); 2823 mwl_start(sc); 2824 } 2825} 2826 2827static void 2828mwl_txq_init(struct mwl_softc *sc, struct mwl_txq *txq, int qnum) 2829{ 2830 struct mwl_txbuf *bf, *bn; 2831 struct mwl_txdesc *ds; 2832 2833 MWL_TXQ_LOCK_INIT(sc, txq); 2834 txq->qnum = qnum; 2835 txq->txpri = 0; /* XXX */ 2836#if 0 2837 /* NB: q setup by mwl_txdma_setup XXX */ 2838 STAILQ_INIT(&txq->free); 2839#endif 2840 STAILQ_FOREACH(bf, &txq->free, bf_list) { 2841 bf->bf_txq = txq; 2842 2843 ds = bf->bf_desc; 2844 bn = STAILQ_NEXT(bf, bf_list); 2845 if (bn == NULL) 2846 bn = STAILQ_FIRST(&txq->free); 2847 ds->pPhysNext = htole32(bn->bf_daddr); 2848 } 2849 STAILQ_INIT(&txq->active); 2850} 2851 2852/* 2853 * Setup a hardware data transmit queue for the specified 2854 * access control. We record the mapping from ac's 2855 * to h/w queues for use by mwl_tx_start. 2856 */ 2857static int 2858mwl_tx_setup(struct mwl_softc *sc, int ac, int mvtype) 2859{ 2860 struct mwl_txq *txq; 2861 2862 if (ac >= nitems(sc->sc_ac2q)) { 2863 device_printf(sc->sc_dev, "AC %u out of range, max %zu!\n", 2864 ac, nitems(sc->sc_ac2q)); 2865 return 0; 2866 } 2867 if (mvtype >= MWL_NUM_TX_QUEUES) { 2868 device_printf(sc->sc_dev, "mvtype %u out of range, max %u!\n", 2869 mvtype, MWL_NUM_TX_QUEUES); 2870 return 0; 2871 } 2872 txq = &sc->sc_txq[mvtype]; 2873 mwl_txq_init(sc, txq, mvtype); 2874 sc->sc_ac2q[ac] = txq; 2875 return 1; 2876} 2877 2878/* 2879 * Update WME parameters for a transmit queue. 2880 */ 2881static int 2882mwl_txq_update(struct mwl_softc *sc, int ac) 2883{ 2884#define MWL_EXPONENT_TO_VALUE(v) ((1<<v)-1) 2885 struct ieee80211com *ic = &sc->sc_ic; 2886 struct mwl_txq *txq = sc->sc_ac2q[ac]; 2887 struct wmeParams *wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac]; 2888 struct mwl_hal *mh = sc->sc_mh; 2889 int aifs, cwmin, cwmax, txoplim; 2890 2891 aifs = wmep->wmep_aifsn; 2892 /* XXX in sta mode need to pass log values for cwmin/max */ 2893 cwmin = MWL_EXPONENT_TO_VALUE(wmep->wmep_logcwmin); 2894 cwmax = MWL_EXPONENT_TO_VALUE(wmep->wmep_logcwmax); 2895 txoplim = wmep->wmep_txopLimit; /* NB: units of 32us */ 2896 2897 if (mwl_hal_setedcaparams(mh, txq->qnum, cwmin, cwmax, aifs, txoplim)) { 2898 device_printf(sc->sc_dev, "unable to update hardware queue " 2899 "parameters for %s traffic!\n", 2900 ieee80211_wme_acnames[ac]); 2901 return 0; 2902 } 2903 return 1; 2904#undef MWL_EXPONENT_TO_VALUE 2905} 2906 2907/* 2908 * Callback from the 802.11 layer to update WME parameters. 2909 */ 2910static int 2911mwl_wme_update(struct ieee80211com *ic) 2912{ 2913 struct mwl_softc *sc = ic->ic_softc; 2914 2915 return !mwl_txq_update(sc, WME_AC_BE) || 2916 !mwl_txq_update(sc, WME_AC_BK) || 2917 !mwl_txq_update(sc, WME_AC_VI) || 2918 !mwl_txq_update(sc, WME_AC_VO) ? EIO : 0; 2919} 2920 2921/* 2922 * Reclaim resources for a setup queue. 2923 */ 2924static void 2925mwl_tx_cleanupq(struct mwl_softc *sc, struct mwl_txq *txq) 2926{ 2927 /* XXX hal work? */ 2928 MWL_TXQ_LOCK_DESTROY(txq); 2929} 2930 2931/* 2932 * Reclaim all tx queue resources. 2933 */ 2934static void 2935mwl_tx_cleanup(struct mwl_softc *sc) 2936{ 2937 int i; 2938 2939 for (i = 0; i < MWL_NUM_TX_QUEUES; i++) 2940 mwl_tx_cleanupq(sc, &sc->sc_txq[i]); 2941} 2942 2943static int 2944mwl_tx_dmasetup(struct mwl_softc *sc, struct mwl_txbuf *bf, struct mbuf *m0) 2945{ 2946 struct mbuf *m; 2947 int error; 2948 2949 /* 2950 * Load the DMA map so any coalescing is done. This 2951 * also calculates the number of descriptors we need. 2952 */ 2953 error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, bf->bf_dmamap, m0, 2954 bf->bf_segs, &bf->bf_nseg, 2955 BUS_DMA_NOWAIT); 2956 if (error == EFBIG) { 2957 /* XXX packet requires too many descriptors */ 2958 bf->bf_nseg = MWL_TXDESC+1; 2959 } else if (error != 0) { 2960 sc->sc_stats.mst_tx_busdma++; 2961 m_freem(m0); 2962 return error; 2963 } 2964 /* 2965 * Discard null packets and check for packets that 2966 * require too many TX descriptors. We try to convert 2967 * the latter to a cluster. 2968 */ 2969 if (error == EFBIG) { /* too many desc's, linearize */ 2970 sc->sc_stats.mst_tx_linear++; 2971#if MWL_TXDESC > 1 2972 m = m_collapse(m0, M_NOWAIT, MWL_TXDESC); 2973#else 2974 m = m_defrag(m0, M_NOWAIT); 2975#endif 2976 if (m == NULL) { 2977 m_freem(m0); 2978 sc->sc_stats.mst_tx_nombuf++; 2979 return ENOMEM; 2980 } 2981 m0 = m; 2982 error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, bf->bf_dmamap, m0, 2983 bf->bf_segs, &bf->bf_nseg, 2984 BUS_DMA_NOWAIT); 2985 if (error != 0) { 2986 sc->sc_stats.mst_tx_busdma++; 2987 m_freem(m0); 2988 return error; 2989 } 2990 KASSERT(bf->bf_nseg <= MWL_TXDESC, 2991 ("too many segments after defrag; nseg %u", bf->bf_nseg)); 2992 } else if (bf->bf_nseg == 0) { /* null packet, discard */ 2993 sc->sc_stats.mst_tx_nodata++; 2994 m_freem(m0); 2995 return EIO; 2996 } 2997 DPRINTF(sc, MWL_DEBUG_XMIT, "%s: m %p len %u\n", 2998 __func__, m0, m0->m_pkthdr.len); 2999 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, BUS_DMASYNC_PREWRITE); 3000 bf->bf_m = m0; 3001 3002 return 0; 3003} 3004 3005static __inline int 3006mwl_cvtlegacyrate(int rate) 3007{ 3008 switch (rate) { 3009 case 2: return 0; 3010 case 4: return 1; 3011 case 11: return 2; 3012 case 22: return 3; 3013 case 44: return 4; 3014 case 12: return 5; 3015 case 18: return 6; 3016 case 24: return 7; 3017 case 36: return 8; 3018 case 48: return 9; 3019 case 72: return 10; 3020 case 96: return 11; 3021 case 108:return 12; 3022 } 3023 return 0; 3024} 3025 3026/* 3027 * Calculate fixed tx rate information per client state; 3028 * this value is suitable for writing to the Format field 3029 * of a tx descriptor. 3030 */ 3031static uint16_t 3032mwl_calcformat(uint8_t rate, const struct ieee80211_node *ni) 3033{ 3034 uint16_t fmt; 3035 3036 fmt = SM(3, EAGLE_TXD_ANTENNA) 3037 | (IEEE80211_IS_CHAN_HT40D(ni->ni_chan) ? 3038 EAGLE_TXD_EXTCHAN_LO : EAGLE_TXD_EXTCHAN_HI); 3039 if (rate & IEEE80211_RATE_MCS) { /* HT MCS */ 3040 fmt |= EAGLE_TXD_FORMAT_HT 3041 /* NB: 0x80 implicitly stripped from ucastrate */ 3042 | SM(rate, EAGLE_TXD_RATE); 3043 /* XXX short/long GI may be wrong; re-check */ 3044 if (IEEE80211_IS_CHAN_HT40(ni->ni_chan)) { 3045 fmt |= EAGLE_TXD_CHW_40 3046 | (ni->ni_htcap & IEEE80211_HTCAP_SHORTGI40 ? 3047 EAGLE_TXD_GI_SHORT : EAGLE_TXD_GI_LONG); 3048 } else { 3049 fmt |= EAGLE_TXD_CHW_20 3050 | (ni->ni_htcap & IEEE80211_HTCAP_SHORTGI20 ? 3051 EAGLE_TXD_GI_SHORT : EAGLE_TXD_GI_LONG); 3052 } 3053 } else { /* legacy rate */ 3054 fmt |= EAGLE_TXD_FORMAT_LEGACY 3055 | SM(mwl_cvtlegacyrate(rate), EAGLE_TXD_RATE) 3056 | EAGLE_TXD_CHW_20 3057 /* XXX iv_flags & IEEE80211_F_SHPREAMBLE? */ 3058 | (ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE ? 3059 EAGLE_TXD_PREAMBLE_SHORT : EAGLE_TXD_PREAMBLE_LONG); 3060 } 3061 return fmt; 3062} 3063 3064static int 3065mwl_tx_start(struct mwl_softc *sc, struct ieee80211_node *ni, struct mwl_txbuf *bf, 3066 struct mbuf *m0) 3067{ 3068 struct ieee80211com *ic = &sc->sc_ic; 3069 struct ieee80211vap *vap = ni->ni_vap; 3070 int error, iswep, ismcast; 3071 int hdrlen, copyhdrlen, pktlen; 3072 struct mwl_txdesc *ds; 3073 struct mwl_txq *txq; 3074 struct ieee80211_frame *wh; 3075 struct mwltxrec *tr; 3076 struct mwl_node *mn; 3077 uint16_t qos; 3078#if MWL_TXDESC > 1 3079 int i; 3080#endif 3081 3082 wh = mtod(m0, struct ieee80211_frame *); 3083 iswep = wh->i_fc[1] & IEEE80211_FC1_PROTECTED; 3084 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 3085 hdrlen = ieee80211_anyhdrsize(wh); 3086 copyhdrlen = hdrlen; 3087 pktlen = m0->m_pkthdr.len; 3088 if (IEEE80211_QOS_HAS_SEQ(wh)) { 3089 qos = *(uint16_t *)ieee80211_getqos(wh); 3090 if (IEEE80211_IS_DSTODS(wh)) 3091 copyhdrlen -= sizeof(qos); 3092 } else 3093 qos = 0; 3094 3095 if (iswep) { 3096 const struct ieee80211_cipher *cip; 3097 struct ieee80211_key *k; 3098 3099 /* 3100 * Construct the 802.11 header+trailer for an encrypted 3101 * frame. The only reason this can fail is because of an 3102 * unknown or unsupported cipher/key type. 3103 * 3104 * NB: we do this even though the firmware will ignore 3105 * what we've done for WEP and TKIP as we need the 3106 * ExtIV filled in for CCMP and this also adjusts 3107 * the headers which simplifies our work below. 3108 */ 3109 k = ieee80211_crypto_encap(ni, m0); 3110 if (k == NULL) { 3111 /* 3112 * This can happen when the key is yanked after the 3113 * frame was queued. Just discard the frame; the 3114 * 802.11 layer counts failures and provides 3115 * debugging/diagnostics. 3116 */ 3117 m_freem(m0); 3118 return EIO; 3119 } 3120 /* 3121 * Adjust the packet length for the crypto additions 3122 * done during encap and any other bits that the f/w 3123 * will add later on. 3124 */ 3125 cip = k->wk_cipher; 3126 pktlen += cip->ic_header + cip->ic_miclen + cip->ic_trailer; 3127 3128 /* packet header may have moved, reset our local pointer */ 3129 wh = mtod(m0, struct ieee80211_frame *); 3130 } 3131 3132 if (ieee80211_radiotap_active_vap(vap)) { 3133 sc->sc_tx_th.wt_flags = 0; /* XXX */ 3134 if (iswep) 3135 sc->sc_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_WEP; 3136#if 0 3137 sc->sc_tx_th.wt_rate = ds->DataRate; 3138#endif 3139 sc->sc_tx_th.wt_txpower = ni->ni_txpower; 3140 sc->sc_tx_th.wt_antenna = sc->sc_txantenna; 3141 3142 ieee80211_radiotap_tx(vap, m0); 3143 } 3144 /* 3145 * Copy up/down the 802.11 header; the firmware requires 3146 * we present a 2-byte payload length followed by a 3147 * 4-address header (w/o QoS), followed (optionally) by 3148 * any WEP/ExtIV header (but only filled in for CCMP). 3149 * We are assured the mbuf has sufficient headroom to 3150 * prepend in-place by the setup of ic_headroom in 3151 * mwl_attach. 3152 */ 3153 if (hdrlen < sizeof(struct mwltxrec)) { 3154 const int space = sizeof(struct mwltxrec) - hdrlen; 3155 if (M_LEADINGSPACE(m0) < space) { 3156 /* NB: should never happen */ 3157 device_printf(sc->sc_dev, 3158 "not enough headroom, need %d found %zd, " 3159 "m_flags 0x%x m_len %d\n", 3160 space, M_LEADINGSPACE(m0), m0->m_flags, m0->m_len); 3161 ieee80211_dump_pkt(ic, 3162 mtod(m0, const uint8_t *), m0->m_len, 0, -1); 3163 m_freem(m0); 3164 sc->sc_stats.mst_tx_noheadroom++; 3165 return EIO; 3166 } 3167 M_PREPEND(m0, space, M_NOWAIT); 3168 } 3169 tr = mtod(m0, struct mwltxrec *); 3170 if (wh != (struct ieee80211_frame *) &tr->wh) 3171 ovbcopy(wh, &tr->wh, hdrlen); 3172 /* 3173 * Note: the "firmware length" is actually the length 3174 * of the fully formed "802.11 payload". That is, it's 3175 * everything except for the 802.11 header. In particular 3176 * this includes all crypto material including the MIC! 3177 */ 3178 tr->fwlen = htole16(pktlen - hdrlen); 3179 3180 /* 3181 * Load the DMA map so any coalescing is done. This 3182 * also calculates the number of descriptors we need. 3183 */ 3184 error = mwl_tx_dmasetup(sc, bf, m0); 3185 if (error != 0) { 3186 /* NB: stat collected in mwl_tx_dmasetup */ 3187 DPRINTF(sc, MWL_DEBUG_XMIT, 3188 "%s: unable to setup dma\n", __func__); 3189 return error; 3190 } 3191 bf->bf_node = ni; /* NB: held reference */ 3192 m0 = bf->bf_m; /* NB: may have changed */ 3193 tr = mtod(m0, struct mwltxrec *); 3194 wh = (struct ieee80211_frame *)&tr->wh; 3195 3196 /* 3197 * Formulate tx descriptor. 3198 */ 3199 ds = bf->bf_desc; 3200 txq = bf->bf_txq; 3201 3202 ds->QosCtrl = qos; /* NB: already little-endian */ 3203#if MWL_TXDESC == 1 3204 /* 3205 * NB: multiframes should be zero because the descriptors 3206 * are initialized to zero. This should handle the case 3207 * where the driver is built with MWL_TXDESC=1 but we are 3208 * using firmware with multi-segment support. 3209 */ 3210 ds->PktPtr = htole32(bf->bf_segs[0].ds_addr); 3211 ds->PktLen = htole16(bf->bf_segs[0].ds_len); 3212#else 3213 ds->multiframes = htole32(bf->bf_nseg); 3214 ds->PktLen = htole16(m0->m_pkthdr.len); 3215 for (i = 0; i < bf->bf_nseg; i++) { 3216 ds->PktPtrArray[i] = htole32(bf->bf_segs[i].ds_addr); 3217 ds->PktLenArray[i] = htole16(bf->bf_segs[i].ds_len); 3218 } 3219#endif 3220 /* NB: pPhysNext, DataRate, and SapPktInfo setup once, don't touch */ 3221 ds->Format = 0; 3222 ds->pad = 0; 3223 ds->ack_wcb_addr = 0; 3224 3225 mn = MWL_NODE(ni); 3226 /* 3227 * Select transmit rate. 3228 */ 3229 switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 3230 case IEEE80211_FC0_TYPE_MGT: 3231 sc->sc_stats.mst_tx_mgmt++; 3232 /* fall thru... */ 3233 case IEEE80211_FC0_TYPE_CTL: 3234 /* NB: assign to BE q to avoid bursting */ 3235 ds->TxPriority = MWL_WME_AC_BE; 3236 break; 3237 case IEEE80211_FC0_TYPE_DATA: 3238 if (!ismcast) { 3239 const struct ieee80211_txparam *tp = ni->ni_txparms; 3240 /* 3241 * EAPOL frames get forced to a fixed rate and w/o 3242 * aggregation; otherwise check for any fixed rate 3243 * for the client (may depend on association state). 3244 */ 3245 if (m0->m_flags & M_EAPOL) { 3246 const struct mwl_vap *mvp = MWL_VAP_CONST(vap); 3247 ds->Format = mvp->mv_eapolformat; 3248 ds->pad = htole16( 3249 EAGLE_TXD_FIXED_RATE | EAGLE_TXD_DONT_AGGR); 3250 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 3251 /* XXX pre-calculate per node */ 3252 ds->Format = htole16( 3253 mwl_calcformat(tp->ucastrate, ni)); 3254 ds->pad = htole16(EAGLE_TXD_FIXED_RATE); 3255 } 3256 /* NB: EAPOL frames will never have qos set */ 3257 if (qos == 0) 3258 ds->TxPriority = txq->qnum; 3259#if MWL_MAXBA > 3 3260 else if (mwl_bastream_match(&mn->mn_ba[3], qos)) 3261 ds->TxPriority = mn->mn_ba[3].txq; 3262#endif 3263#if MWL_MAXBA > 2 3264 else if (mwl_bastream_match(&mn->mn_ba[2], qos)) 3265 ds->TxPriority = mn->mn_ba[2].txq; 3266#endif 3267#if MWL_MAXBA > 1 3268 else if (mwl_bastream_match(&mn->mn_ba[1], qos)) 3269 ds->TxPriority = mn->mn_ba[1].txq; 3270#endif 3271#if MWL_MAXBA > 0 3272 else if (mwl_bastream_match(&mn->mn_ba[0], qos)) 3273 ds->TxPriority = mn->mn_ba[0].txq; 3274#endif 3275 else 3276 ds->TxPriority = txq->qnum; 3277 } else 3278 ds->TxPriority = txq->qnum; 3279 break; 3280 default: 3281 device_printf(sc->sc_dev, "bogus frame type 0x%x (%s)\n", 3282 wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK, __func__); 3283 sc->sc_stats.mst_tx_badframetype++; 3284 m_freem(m0); 3285 return EIO; 3286 } 3287 3288 if (IFF_DUMPPKTS_XMIT(sc)) 3289 ieee80211_dump_pkt(ic, 3290 mtod(m0, const uint8_t *)+sizeof(uint16_t), 3291 m0->m_len - sizeof(uint16_t), ds->DataRate, -1); 3292 3293 MWL_TXQ_LOCK(txq); 3294 ds->Status = htole32(EAGLE_TXD_STATUS_FW_OWNED); 3295 STAILQ_INSERT_TAIL(&txq->active, bf, bf_list); 3296 MWL_TXDESC_SYNC(txq, ds, BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); 3297 3298 sc->sc_tx_timer = 5; 3299 MWL_TXQ_UNLOCK(txq); 3300 3301 return 0; 3302} 3303 3304static __inline int 3305mwl_cvtlegacyrix(int rix) 3306{ 3307 static const int ieeerates[] = 3308 { 2, 4, 11, 22, 44, 12, 18, 24, 36, 48, 72, 96, 108 }; 3309 return (rix < nitems(ieeerates) ? ieeerates[rix] : 0); 3310} 3311 3312/* 3313 * Process completed xmit descriptors from the specified queue. 3314 */ 3315static int 3316mwl_tx_processq(struct mwl_softc *sc, struct mwl_txq *txq) 3317{ 3318#define EAGLE_TXD_STATUS_MCAST \ 3319 (EAGLE_TXD_STATUS_MULTICAST_TX | EAGLE_TXD_STATUS_BROADCAST_TX) 3320 struct ieee80211com *ic = &sc->sc_ic; 3321 struct mwl_txbuf *bf; 3322 struct mwl_txdesc *ds; 3323 struct ieee80211_node *ni; 3324 struct mwl_node *an; 3325 int nreaped; 3326 uint32_t status; 3327 3328 DPRINTF(sc, MWL_DEBUG_TX_PROC, "%s: tx queue %u\n", __func__, txq->qnum); 3329 for (nreaped = 0;; nreaped++) { 3330 MWL_TXQ_LOCK(txq); 3331 bf = STAILQ_FIRST(&txq->active); 3332 if (bf == NULL) { 3333 MWL_TXQ_UNLOCK(txq); 3334 break; 3335 } 3336 ds = bf->bf_desc; 3337 MWL_TXDESC_SYNC(txq, ds, 3338 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 3339 if (ds->Status & htole32(EAGLE_TXD_STATUS_FW_OWNED)) { 3340 MWL_TXQ_UNLOCK(txq); 3341 break; 3342 } 3343 STAILQ_REMOVE_HEAD(&txq->active, bf_list); 3344 MWL_TXQ_UNLOCK(txq); 3345 3346#ifdef MWL_DEBUG 3347 if (sc->sc_debug & MWL_DEBUG_XMIT_DESC) 3348 mwl_printtxbuf(bf, txq->qnum, nreaped); 3349#endif 3350 ni = bf->bf_node; 3351 if (ni != NULL) { 3352 an = MWL_NODE(ni); 3353 status = le32toh(ds->Status); 3354 if (status & EAGLE_TXD_STATUS_OK) { 3355 uint16_t Format = le16toh(ds->Format); 3356 uint8_t txant = MS(Format, EAGLE_TXD_ANTENNA); 3357 3358 sc->sc_stats.mst_ant_tx[txant]++; 3359 if (status & EAGLE_TXD_STATUS_OK_RETRY) 3360 sc->sc_stats.mst_tx_retries++; 3361 if (status & EAGLE_TXD_STATUS_OK_MORE_RETRY) 3362 sc->sc_stats.mst_tx_mretries++; 3363 if (txq->qnum >= MWL_WME_AC_VO) 3364 ic->ic_wme.wme_hipri_traffic++; 3365 ni->ni_txrate = MS(Format, EAGLE_TXD_RATE); 3366 if ((Format & EAGLE_TXD_FORMAT_HT) == 0) { 3367 ni->ni_txrate = mwl_cvtlegacyrix( 3368 ni->ni_txrate); 3369 } else 3370 ni->ni_txrate |= IEEE80211_RATE_MCS; 3371 sc->sc_stats.mst_tx_rate = ni->ni_txrate; 3372 } else { 3373 if (status & EAGLE_TXD_STATUS_FAILED_LINK_ERROR) 3374 sc->sc_stats.mst_tx_linkerror++; 3375 if (status & EAGLE_TXD_STATUS_FAILED_XRETRY) 3376 sc->sc_stats.mst_tx_xretries++; 3377 if (status & EAGLE_TXD_STATUS_FAILED_AGING) 3378 sc->sc_stats.mst_tx_aging++; 3379 if (bf->bf_m->m_flags & M_FF) 3380 sc->sc_stats.mst_ff_txerr++; 3381 } 3382 if (bf->bf_m->m_flags & M_TXCB) 3383 /* XXX strip fw len in case header inspected */ 3384 m_adj(bf->bf_m, sizeof(uint16_t)); 3385 ieee80211_tx_complete(ni, bf->bf_m, 3386 (status & EAGLE_TXD_STATUS_OK) == 0); 3387 } else 3388 m_freem(bf->bf_m); 3389 ds->Status = htole32(EAGLE_TXD_STATUS_IDLE); 3390 3391 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, 3392 BUS_DMASYNC_POSTWRITE); 3393 bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap); 3394 3395 mwl_puttxbuf_tail(txq, bf); 3396 } 3397 return nreaped; 3398#undef EAGLE_TXD_STATUS_MCAST 3399} 3400 3401/* 3402 * Deferred processing of transmit interrupt; special-cased 3403 * for four hardware queues, 0-3. 3404 */ 3405static void 3406mwl_tx_proc(void *arg, int npending) 3407{ 3408 struct mwl_softc *sc = arg; 3409 int nreaped; 3410 3411 /* 3412 * Process each active queue. 3413 */ 3414 nreaped = 0; 3415 if (!STAILQ_EMPTY(&sc->sc_txq[0].active)) 3416 nreaped += mwl_tx_processq(sc, &sc->sc_txq[0]); 3417 if (!STAILQ_EMPTY(&sc->sc_txq[1].active)) 3418 nreaped += mwl_tx_processq(sc, &sc->sc_txq[1]); 3419 if (!STAILQ_EMPTY(&sc->sc_txq[2].active)) 3420 nreaped += mwl_tx_processq(sc, &sc->sc_txq[2]); 3421 if (!STAILQ_EMPTY(&sc->sc_txq[3].active)) 3422 nreaped += mwl_tx_processq(sc, &sc->sc_txq[3]); 3423 3424 if (nreaped != 0) { 3425 sc->sc_tx_timer = 0; 3426 if (mbufq_first(&sc->sc_snd) != NULL) { 3427 /* NB: kick fw; the tx thread may have been preempted */ 3428 mwl_hal_txstart(sc->sc_mh, 0); 3429 mwl_start(sc); 3430 } 3431 } 3432} 3433 3434static void 3435mwl_tx_draintxq(struct mwl_softc *sc, struct mwl_txq *txq) 3436{ 3437 struct ieee80211_node *ni; 3438 struct mwl_txbuf *bf; 3439 u_int ix; 3440 3441 /* 3442 * NB: this assumes output has been stopped and 3443 * we do not need to block mwl_tx_tasklet 3444 */ 3445 for (ix = 0;; ix++) { 3446 MWL_TXQ_LOCK(txq); 3447 bf = STAILQ_FIRST(&txq->active); 3448 if (bf == NULL) { 3449 MWL_TXQ_UNLOCK(txq); 3450 break; 3451 } 3452 STAILQ_REMOVE_HEAD(&txq->active, bf_list); 3453 MWL_TXQ_UNLOCK(txq); 3454#ifdef MWL_DEBUG 3455 if (sc->sc_debug & MWL_DEBUG_RESET) { 3456 struct ieee80211com *ic = &sc->sc_ic; 3457 const struct mwltxrec *tr = 3458 mtod(bf->bf_m, const struct mwltxrec *); 3459 mwl_printtxbuf(bf, txq->qnum, ix); 3460 ieee80211_dump_pkt(ic, (const uint8_t *)&tr->wh, 3461 bf->bf_m->m_len - sizeof(tr->fwlen), 0, -1); 3462 } 3463#endif /* MWL_DEBUG */ 3464 bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap); 3465 ni = bf->bf_node; 3466 if (ni != NULL) { 3467 /* 3468 * Reclaim node reference. 3469 */ 3470 ieee80211_free_node(ni); 3471 } 3472 m_freem(bf->bf_m); 3473 3474 mwl_puttxbuf_tail(txq, bf); 3475 } 3476} 3477 3478/* 3479 * Drain the transmit queues and reclaim resources. 3480 */ 3481static void 3482mwl_draintxq(struct mwl_softc *sc) 3483{ 3484 int i; 3485 3486 for (i = 0; i < MWL_NUM_TX_QUEUES; i++) 3487 mwl_tx_draintxq(sc, &sc->sc_txq[i]); 3488 sc->sc_tx_timer = 0; 3489} 3490 3491#ifdef MWL_DIAGAPI 3492/* 3493 * Reset the transmit queues to a pristine state after a fw download. 3494 */ 3495static void 3496mwl_resettxq(struct mwl_softc *sc) 3497{ 3498 int i; 3499 3500 for (i = 0; i < MWL_NUM_TX_QUEUES; i++) 3501 mwl_txq_reset(sc, &sc->sc_txq[i]); 3502} 3503#endif /* MWL_DIAGAPI */ 3504 3505/* 3506 * Clear the transmit queues of any frames submitted for the 3507 * specified vap. This is done when the vap is deleted so we 3508 * don't potentially reference the vap after it is gone. 3509 * Note we cannot remove the frames; we only reclaim the node 3510 * reference. 3511 */ 3512static void 3513mwl_cleartxq(struct mwl_softc *sc, struct ieee80211vap *vap) 3514{ 3515 struct mwl_txq *txq; 3516 struct mwl_txbuf *bf; 3517 int i; 3518 3519 for (i = 0; i < MWL_NUM_TX_QUEUES; i++) { 3520 txq = &sc->sc_txq[i]; 3521 MWL_TXQ_LOCK(txq); 3522 STAILQ_FOREACH(bf, &txq->active, bf_list) { 3523 struct ieee80211_node *ni = bf->bf_node; 3524 if (ni != NULL && ni->ni_vap == vap) { 3525 bf->bf_node = NULL; 3526 ieee80211_free_node(ni); 3527 } 3528 } 3529 MWL_TXQ_UNLOCK(txq); 3530 } 3531} 3532 3533static int 3534mwl_recv_action(struct ieee80211_node *ni, const struct ieee80211_frame *wh, 3535 const uint8_t *frm, const uint8_t *efrm) 3536{ 3537 struct mwl_softc *sc = ni->ni_ic->ic_softc; 3538 const struct ieee80211_action *ia; 3539 3540 ia = (const struct ieee80211_action *) frm; 3541 if (ia->ia_category == IEEE80211_ACTION_CAT_HT && 3542 ia->ia_action == IEEE80211_ACTION_HT_MIMOPWRSAVE) { 3543 const struct ieee80211_action_ht_mimopowersave *mps = 3544 (const struct ieee80211_action_ht_mimopowersave *) ia; 3545 3546 mwl_hal_setmimops(sc->sc_mh, ni->ni_macaddr, 3547 mps->am_control & IEEE80211_A_HT_MIMOPWRSAVE_ENA, 3548 MS(mps->am_control, IEEE80211_A_HT_MIMOPWRSAVE_MODE)); 3549 return 0; 3550 } else 3551 return sc->sc_recv_action(ni, wh, frm, efrm); 3552} 3553 3554static int 3555mwl_addba_request(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap, 3556 int dialogtoken, int baparamset, int batimeout) 3557{ 3558 struct mwl_softc *sc = ni->ni_ic->ic_softc; 3559 struct ieee80211vap *vap = ni->ni_vap; 3560 struct mwl_node *mn = MWL_NODE(ni); 3561 struct mwl_bastate *bas; 3562 3563 bas = tap->txa_private; 3564 if (bas == NULL) { 3565 const MWL_HAL_BASTREAM *sp; 3566 /* 3567 * Check for a free BA stream slot. 3568 */ 3569#if MWL_MAXBA > 3 3570 if (mn->mn_ba[3].bastream == NULL) 3571 bas = &mn->mn_ba[3]; 3572 else 3573#endif 3574#if MWL_MAXBA > 2 3575 if (mn->mn_ba[2].bastream == NULL) 3576 bas = &mn->mn_ba[2]; 3577 else 3578#endif 3579#if MWL_MAXBA > 1 3580 if (mn->mn_ba[1].bastream == NULL) 3581 bas = &mn->mn_ba[1]; 3582 else 3583#endif 3584#if MWL_MAXBA > 0 3585 if (mn->mn_ba[0].bastream == NULL) 3586 bas = &mn->mn_ba[0]; 3587 else 3588#endif 3589 { 3590 /* sta already has max BA streams */ 3591 /* XXX assign BA stream to highest priority tid */ 3592 DPRINTF(sc, MWL_DEBUG_AMPDU, 3593 "%s: already has max bastreams\n", __func__); 3594 sc->sc_stats.mst_ampdu_reject++; 3595 return 0; 3596 } 3597 /* NB: no held reference to ni */ 3598 sp = mwl_hal_bastream_alloc(MWL_VAP(vap)->mv_hvap, 3599 (baparamset & IEEE80211_BAPS_POLICY_IMMEDIATE) != 0, 3600 ni->ni_macaddr, tap->txa_tid, ni->ni_htparam, 3601 ni, tap); 3602 if (sp == NULL) { 3603 /* 3604 * No available stream, return 0 so no 3605 * a-mpdu aggregation will be done. 3606 */ 3607 DPRINTF(sc, MWL_DEBUG_AMPDU, 3608 "%s: no bastream available\n", __func__); 3609 sc->sc_stats.mst_ampdu_nostream++; 3610 return 0; 3611 } 3612 DPRINTF(sc, MWL_DEBUG_AMPDU, "%s: alloc bastream %p\n", 3613 __func__, sp); 3614 /* NB: qos is left zero so we won't match in mwl_tx_start */ 3615 bas->bastream = sp; 3616 tap->txa_private = bas; 3617 } 3618 /* fetch current seq# from the firmware; if available */ 3619 if (mwl_hal_bastream_get_seqno(sc->sc_mh, bas->bastream, 3620 vap->iv_opmode == IEEE80211_M_STA ? vap->iv_myaddr : ni->ni_macaddr, 3621 &tap->txa_start) != 0) 3622 tap->txa_start = 0; 3623 return sc->sc_addba_request(ni, tap, dialogtoken, baparamset, batimeout); 3624} 3625 3626static int 3627mwl_addba_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap, 3628 int code, int baparamset, int batimeout) 3629{ 3630 struct mwl_softc *sc = ni->ni_ic->ic_softc; 3631 struct mwl_bastate *bas; 3632 3633 bas = tap->txa_private; 3634 if (bas == NULL) { 3635 /* XXX should not happen */ 3636 DPRINTF(sc, MWL_DEBUG_AMPDU, 3637 "%s: no BA stream allocated, TID %d\n", 3638 __func__, tap->txa_tid); 3639 sc->sc_stats.mst_addba_nostream++; 3640 return 0; 3641 } 3642 if (code == IEEE80211_STATUS_SUCCESS) { 3643 struct ieee80211vap *vap = ni->ni_vap; 3644 int bufsiz, error; 3645 3646 /* 3647 * Tell the firmware to setup the BA stream; 3648 * we know resources are available because we 3649 * pre-allocated one before forming the request. 3650 */ 3651 bufsiz = MS(baparamset, IEEE80211_BAPS_BUFSIZ); 3652 if (bufsiz == 0) 3653 bufsiz = IEEE80211_AGGR_BAWMAX; 3654 error = mwl_hal_bastream_create(MWL_VAP(vap)->mv_hvap, 3655 bas->bastream, bufsiz, bufsiz, tap->txa_start); 3656 if (error != 0) { 3657 /* 3658 * Setup failed, return immediately so no a-mpdu 3659 * aggregation will be done. 3660 */ 3661 mwl_hal_bastream_destroy(sc->sc_mh, bas->bastream); 3662 mwl_bastream_free(bas); 3663 tap->txa_private = NULL; 3664 3665 DPRINTF(sc, MWL_DEBUG_AMPDU, 3666 "%s: create failed, error %d, bufsiz %d TID %d " 3667 "htparam 0x%x\n", __func__, error, bufsiz, 3668 tap->txa_tid, ni->ni_htparam); 3669 sc->sc_stats.mst_bacreate_failed++; 3670 return 0; 3671 } 3672 /* NB: cache txq to avoid ptr indirect */ 3673 mwl_bastream_setup(bas, tap->txa_tid, bas->bastream->txq); 3674 DPRINTF(sc, MWL_DEBUG_AMPDU, 3675 "%s: bastream %p assigned to txq %d TID %d bufsiz %d " 3676 "htparam 0x%x\n", __func__, bas->bastream, 3677 bas->txq, tap->txa_tid, bufsiz, ni->ni_htparam); 3678 } else { 3679 /* 3680 * Other side NAK'd us; return the resources. 3681 */ 3682 DPRINTF(sc, MWL_DEBUG_AMPDU, 3683 "%s: request failed with code %d, destroy bastream %p\n", 3684 __func__, code, bas->bastream); 3685 mwl_hal_bastream_destroy(sc->sc_mh, bas->bastream); 3686 mwl_bastream_free(bas); 3687 tap->txa_private = NULL; 3688 } 3689 /* NB: firmware sends BAR so we don't need to */ 3690 return sc->sc_addba_response(ni, tap, code, baparamset, batimeout); 3691} 3692 3693static void 3694mwl_addba_stop(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap) 3695{ 3696 struct mwl_softc *sc = ni->ni_ic->ic_softc; 3697 struct mwl_bastate *bas; 3698 3699 bas = tap->txa_private; 3700 if (bas != NULL) { 3701 DPRINTF(sc, MWL_DEBUG_AMPDU, "%s: destroy bastream %p\n", 3702 __func__, bas->bastream); 3703 mwl_hal_bastream_destroy(sc->sc_mh, bas->bastream); 3704 mwl_bastream_free(bas); 3705 tap->txa_private = NULL; 3706 } 3707 sc->sc_addba_stop(ni, tap); 3708} 3709 3710/* 3711 * Setup the rx data structures. This should only be 3712 * done once or we may get out of sync with the firmware. 3713 */ 3714static int 3715mwl_startrecv(struct mwl_softc *sc) 3716{ 3717 if (!sc->sc_recvsetup) { 3718 struct mwl_rxbuf *bf, *prev; 3719 struct mwl_rxdesc *ds; 3720 3721 prev = NULL; 3722 STAILQ_FOREACH(bf, &sc->sc_rxbuf, bf_list) { 3723 int error = mwl_rxbuf_init(sc, bf); 3724 if (error != 0) { 3725 DPRINTF(sc, MWL_DEBUG_RECV, 3726 "%s: mwl_rxbuf_init failed %d\n", 3727 __func__, error); 3728 return error; 3729 } 3730 if (prev != NULL) { 3731 ds = prev->bf_desc; 3732 ds->pPhysNext = htole32(bf->bf_daddr); 3733 } 3734 prev = bf; 3735 } 3736 if (prev != NULL) { 3737 ds = prev->bf_desc; 3738 ds->pPhysNext = 3739 htole32(STAILQ_FIRST(&sc->sc_rxbuf)->bf_daddr); 3740 } 3741 sc->sc_recvsetup = 1; 3742 } 3743 mwl_mode_init(sc); /* set filters, etc. */ 3744 return 0; 3745} 3746 3747static MWL_HAL_APMODE 3748mwl_getapmode(const struct ieee80211vap *vap, struct ieee80211_channel *chan) 3749{ 3750 MWL_HAL_APMODE mode; 3751 3752 if (IEEE80211_IS_CHAN_HT(chan)) { 3753 if (vap->iv_flags_ht & IEEE80211_FHT_PUREN) 3754 mode = AP_MODE_N_ONLY; 3755 else if (IEEE80211_IS_CHAN_5GHZ(chan)) 3756 mode = AP_MODE_AandN; 3757 else if (vap->iv_flags & IEEE80211_F_PUREG) 3758 mode = AP_MODE_GandN; 3759 else 3760 mode = AP_MODE_BandGandN; 3761 } else if (IEEE80211_IS_CHAN_ANYG(chan)) { 3762 if (vap->iv_flags & IEEE80211_F_PUREG) 3763 mode = AP_MODE_G_ONLY; 3764 else 3765 mode = AP_MODE_MIXED; 3766 } else if (IEEE80211_IS_CHAN_B(chan)) 3767 mode = AP_MODE_B_ONLY; 3768 else if (IEEE80211_IS_CHAN_A(chan)) 3769 mode = AP_MODE_A_ONLY; 3770 else 3771 mode = AP_MODE_MIXED; /* XXX should not happen? */ 3772 return mode; 3773} 3774 3775static int 3776mwl_setapmode(struct ieee80211vap *vap, struct ieee80211_channel *chan) 3777{ 3778 struct mwl_hal_vap *hvap = MWL_VAP(vap)->mv_hvap; 3779 return mwl_hal_setapmode(hvap, mwl_getapmode(vap, chan)); 3780} 3781 3782/* 3783 * Set/change channels. 3784 */ 3785static int 3786mwl_chan_set(struct mwl_softc *sc, struct ieee80211_channel *chan) 3787{ 3788 struct mwl_hal *mh = sc->sc_mh; 3789 struct ieee80211com *ic = &sc->sc_ic; 3790 MWL_HAL_CHANNEL hchan; 3791 int maxtxpow; 3792 3793 DPRINTF(sc, MWL_DEBUG_RESET, "%s: chan %u MHz/flags 0x%x\n", 3794 __func__, chan->ic_freq, chan->ic_flags); 3795 3796 /* 3797 * Convert to a HAL channel description with 3798 * the flags constrained to reflect the current 3799 * operating mode. 3800 */ 3801 mwl_mapchan(&hchan, chan); 3802 mwl_hal_intrset(mh, 0); /* disable interrupts */ 3803#if 0 3804 mwl_draintxq(sc); /* clear pending tx frames */ 3805#endif 3806 mwl_hal_setchannel(mh, &hchan); 3807 /* 3808 * Tx power is cap'd by the regulatory setting and 3809 * possibly a user-set limit. We pass the min of 3810 * these to the hal to apply them to the cal data 3811 * for this channel. 3812 * XXX min bound? 3813 */ 3814 maxtxpow = 2*chan->ic_maxregpower; 3815 if (maxtxpow > ic->ic_txpowlimit) 3816 maxtxpow = ic->ic_txpowlimit; 3817 mwl_hal_settxpower(mh, &hchan, maxtxpow / 2); 3818 /* NB: potentially change mcast/mgt rates */ 3819 mwl_setcurchanrates(sc); 3820 3821 /* 3822 * Update internal state. 3823 */ 3824 sc->sc_tx_th.wt_chan_freq = htole16(chan->ic_freq); 3825 sc->sc_rx_th.wr_chan_freq = htole16(chan->ic_freq); 3826 if (IEEE80211_IS_CHAN_A(chan)) { 3827 sc->sc_tx_th.wt_chan_flags = htole16(IEEE80211_CHAN_A); 3828 sc->sc_rx_th.wr_chan_flags = htole16(IEEE80211_CHAN_A); 3829 } else if (IEEE80211_IS_CHAN_ANYG(chan)) { 3830 sc->sc_tx_th.wt_chan_flags = htole16(IEEE80211_CHAN_G); 3831 sc->sc_rx_th.wr_chan_flags = htole16(IEEE80211_CHAN_G); 3832 } else { 3833 sc->sc_tx_th.wt_chan_flags = htole16(IEEE80211_CHAN_B); 3834 sc->sc_rx_th.wr_chan_flags = htole16(IEEE80211_CHAN_B); 3835 } 3836 sc->sc_curchan = hchan; 3837 mwl_hal_intrset(mh, sc->sc_imask); 3838 3839 return 0; 3840} 3841 3842static void 3843mwl_scan_start(struct ieee80211com *ic) 3844{ 3845 struct mwl_softc *sc = ic->ic_softc; 3846 3847 DPRINTF(sc, MWL_DEBUG_STATE, "%s\n", __func__); 3848} 3849 3850static void 3851mwl_scan_end(struct ieee80211com *ic) 3852{ 3853 struct mwl_softc *sc = ic->ic_softc; 3854 3855 DPRINTF(sc, MWL_DEBUG_STATE, "%s\n", __func__); 3856} 3857 3858static void 3859mwl_set_channel(struct ieee80211com *ic) 3860{ 3861 struct mwl_softc *sc = ic->ic_softc; 3862 3863 (void) mwl_chan_set(sc, ic->ic_curchan); 3864} 3865 3866/* 3867 * Handle a channel switch request. We inform the firmware 3868 * and mark the global state to suppress various actions. 3869 * NB: we issue only one request to the fw; we may be called 3870 * multiple times if there are multiple vap's. 3871 */ 3872static void 3873mwl_startcsa(struct ieee80211vap *vap) 3874{ 3875 struct ieee80211com *ic = vap->iv_ic; 3876 struct mwl_softc *sc = ic->ic_softc; 3877 MWL_HAL_CHANNEL hchan; 3878 3879 if (sc->sc_csapending) 3880 return; 3881 3882 mwl_mapchan(&hchan, ic->ic_csa_newchan); 3883 /* 1 =>'s quiet channel */ 3884 mwl_hal_setchannelswitchie(sc->sc_mh, &hchan, 1, ic->ic_csa_count); 3885 sc->sc_csapending = 1; 3886} 3887 3888/* 3889 * Plumb any static WEP key for the station. This is 3890 * necessary as we must propagate the key from the 3891 * global key table of the vap to each sta db entry. 3892 */ 3893static void 3894mwl_setanywepkey(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 3895{ 3896 if ((vap->iv_flags & (IEEE80211_F_PRIVACY|IEEE80211_F_WPA)) == 3897 IEEE80211_F_PRIVACY && 3898 vap->iv_def_txkey != IEEE80211_KEYIX_NONE && 3899 vap->iv_nw_keys[vap->iv_def_txkey].wk_keyix != IEEE80211_KEYIX_NONE) 3900 (void) _mwl_key_set(vap, &vap->iv_nw_keys[vap->iv_def_txkey], 3901 mac); 3902} 3903 3904static int 3905mwl_peerstadb(struct ieee80211_node *ni, int aid, int staid, MWL_HAL_PEERINFO *pi) 3906{ 3907#define WME(ie) ((const struct ieee80211_wme_info *) ie) 3908 struct ieee80211vap *vap = ni->ni_vap; 3909 struct mwl_hal_vap *hvap; 3910 int error; 3911 3912 if (vap->iv_opmode == IEEE80211_M_WDS) { 3913 /* 3914 * WDS vap's do not have a f/w vap; instead they piggyback 3915 * on an AP vap and we must install the sta db entry and 3916 * crypto state using that AP's handle (the WDS vap has none). 3917 */ 3918 hvap = MWL_VAP(vap)->mv_ap_hvap; 3919 } else 3920 hvap = MWL_VAP(vap)->mv_hvap; 3921 error = mwl_hal_newstation(hvap, ni->ni_macaddr, 3922 aid, staid, pi, 3923 ni->ni_flags & (IEEE80211_NODE_QOS | IEEE80211_NODE_HT), 3924 ni->ni_ies.wme_ie != NULL ? WME(ni->ni_ies.wme_ie)->wme_info : 0); 3925 if (error == 0) { 3926 /* 3927 * Setup security for this station. For sta mode this is 3928 * needed even though do the same thing on transition to 3929 * AUTH state because the call to mwl_hal_newstation 3930 * clobbers the crypto state we setup. 3931 */ 3932 mwl_setanywepkey(vap, ni->ni_macaddr); 3933 } 3934 return error; 3935#undef WME 3936} 3937 3938static void 3939mwl_setglobalkeys(struct ieee80211vap *vap) 3940{ 3941 struct ieee80211_key *wk; 3942 3943 wk = &vap->iv_nw_keys[0]; 3944 for (; wk < &vap->iv_nw_keys[IEEE80211_WEP_NKID]; wk++) 3945 if (wk->wk_keyix != IEEE80211_KEYIX_NONE) 3946 (void) _mwl_key_set(vap, wk, vap->iv_myaddr); 3947} 3948 3949/* 3950 * Convert a legacy rate set to a firmware bitmask. 3951 */ 3952static uint32_t 3953get_rate_bitmap(const struct ieee80211_rateset *rs) 3954{ 3955 uint32_t rates; 3956 int i; 3957 3958 rates = 0; 3959 for (i = 0; i < rs->rs_nrates; i++) 3960 switch (rs->rs_rates[i] & IEEE80211_RATE_VAL) { 3961 case 2: rates |= 0x001; break; 3962 case 4: rates |= 0x002; break; 3963 case 11: rates |= 0x004; break; 3964 case 22: rates |= 0x008; break; 3965 case 44: rates |= 0x010; break; 3966 case 12: rates |= 0x020; break; 3967 case 18: rates |= 0x040; break; 3968 case 24: rates |= 0x080; break; 3969 case 36: rates |= 0x100; break; 3970 case 48: rates |= 0x200; break; 3971 case 72: rates |= 0x400; break; 3972 case 96: rates |= 0x800; break; 3973 case 108: rates |= 0x1000; break; 3974 } 3975 return rates; 3976} 3977 3978/* 3979 * Construct an HT firmware bitmask from an HT rate set. 3980 */ 3981static uint32_t 3982get_htrate_bitmap(const struct ieee80211_htrateset *rs) 3983{ 3984 uint32_t rates; 3985 int i; 3986 3987 rates = 0; 3988 for (i = 0; i < rs->rs_nrates; i++) { 3989 if (rs->rs_rates[i] < 16) 3990 rates |= 1<<rs->rs_rates[i]; 3991 } 3992 return rates; 3993} 3994 3995/* 3996 * Craft station database entry for station. 3997 * NB: use host byte order here, the hal handles byte swapping. 3998 */ 3999static MWL_HAL_PEERINFO * 4000mkpeerinfo(MWL_HAL_PEERINFO *pi, const struct ieee80211_node *ni) 4001{ 4002 const struct ieee80211vap *vap = ni->ni_vap; 4003 4004 memset(pi, 0, sizeof(*pi)); 4005 pi->LegacyRateBitMap = get_rate_bitmap(&ni->ni_rates); 4006 pi->CapInfo = ni->ni_capinfo; 4007 if (ni->ni_flags & IEEE80211_NODE_HT) { 4008 /* HT capabilities, etc */ 4009 pi->HTCapabilitiesInfo = ni->ni_htcap; 4010 /* XXX pi.HTCapabilitiesInfo */ 4011 pi->MacHTParamInfo = ni->ni_htparam; 4012 pi->HTRateBitMap = get_htrate_bitmap(&ni->ni_htrates); 4013 pi->AddHtInfo.ControlChan = ni->ni_htctlchan; 4014 pi->AddHtInfo.AddChan = ni->ni_ht2ndchan; 4015 pi->AddHtInfo.OpMode = ni->ni_htopmode; 4016 pi->AddHtInfo.stbc = ni->ni_htstbc; 4017 4018 /* constrain according to local configuration */ 4019 if ((vap->iv_flags_ht & IEEE80211_FHT_SHORTGI40) == 0) 4020 pi->HTCapabilitiesInfo &= ~IEEE80211_HTCAP_SHORTGI40; 4021 if ((vap->iv_flags_ht & IEEE80211_FHT_SHORTGI20) == 0) 4022 pi->HTCapabilitiesInfo &= ~IEEE80211_HTCAP_SHORTGI20; 4023 if (ni->ni_chw != 40) 4024 pi->HTCapabilitiesInfo &= ~IEEE80211_HTCAP_CHWIDTH40; 4025 } 4026 return pi; 4027} 4028 4029/* 4030 * Re-create the local sta db entry for a vap to ensure 4031 * up to date WME state is pushed to the firmware. Because 4032 * this resets crypto state this must be followed by a 4033 * reload of any keys in the global key table. 4034 */ 4035static int 4036mwl_localstadb(struct ieee80211vap *vap) 4037{ 4038#define WME(ie) ((const struct ieee80211_wme_info *) ie) 4039 struct mwl_hal_vap *hvap = MWL_VAP(vap)->mv_hvap; 4040 struct ieee80211_node *bss; 4041 MWL_HAL_PEERINFO pi; 4042 int error; 4043 4044 switch (vap->iv_opmode) { 4045 case IEEE80211_M_STA: 4046 bss = vap->iv_bss; 4047 error = mwl_hal_newstation(hvap, vap->iv_myaddr, 0, 0, 4048 vap->iv_state == IEEE80211_S_RUN ? 4049 mkpeerinfo(&pi, bss) : NULL, 4050 (bss->ni_flags & (IEEE80211_NODE_QOS | IEEE80211_NODE_HT)), 4051 bss->ni_ies.wme_ie != NULL ? 4052 WME(bss->ni_ies.wme_ie)->wme_info : 0); 4053 if (error == 0) 4054 mwl_setglobalkeys(vap); 4055 break; 4056 case IEEE80211_M_HOSTAP: 4057 case IEEE80211_M_MBSS: 4058 error = mwl_hal_newstation(hvap, vap->iv_myaddr, 4059 0, 0, NULL, vap->iv_flags & IEEE80211_F_WME, 0); 4060 if (error == 0) 4061 mwl_setglobalkeys(vap); 4062 break; 4063 default: 4064 error = 0; 4065 break; 4066 } 4067 return error; 4068#undef WME 4069} 4070 4071static int 4072mwl_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 4073{ 4074 struct mwl_vap *mvp = MWL_VAP(vap); 4075 struct mwl_hal_vap *hvap = mvp->mv_hvap; 4076 struct ieee80211com *ic = vap->iv_ic; 4077 struct ieee80211_node *ni = NULL; 4078 struct mwl_softc *sc = ic->ic_softc; 4079 struct mwl_hal *mh = sc->sc_mh; 4080 enum ieee80211_state ostate = vap->iv_state; 4081 int error; 4082 4083 DPRINTF(sc, MWL_DEBUG_STATE, "%s: %s: %s -> %s\n", 4084 vap->iv_ifp->if_xname, __func__, 4085 ieee80211_state_name[ostate], ieee80211_state_name[nstate]); 4086 4087 callout_stop(&sc->sc_timer); 4088 /* 4089 * Clear current radar detection state. 4090 */ 4091 if (ostate == IEEE80211_S_CAC) { 4092 /* stop quiet mode radar detection */ 4093 mwl_hal_setradardetection(mh, DR_CHK_CHANNEL_AVAILABLE_STOP); 4094 } else if (sc->sc_radarena) { 4095 /* stop in-service radar detection */ 4096 mwl_hal_setradardetection(mh, DR_DFS_DISABLE); 4097 sc->sc_radarena = 0; 4098 } 4099 /* 4100 * Carry out per-state actions before doing net80211 work. 4101 */ 4102 if (nstate == IEEE80211_S_INIT) { 4103 /* NB: only ap+sta vap's have a fw entity */ 4104 if (hvap != NULL) 4105 mwl_hal_stop(hvap); 4106 } else if (nstate == IEEE80211_S_SCAN) { 4107 mwl_hal_start(hvap); 4108 /* NB: this disables beacon frames */ 4109 mwl_hal_setinframode(hvap); 4110 } else if (nstate == IEEE80211_S_AUTH) { 4111 /* 4112 * Must create a sta db entry in case a WEP key needs to 4113 * be plumbed. This entry will be overwritten if we 4114 * associate; otherwise it will be reclaimed on node free. 4115 */ 4116 ni = vap->iv_bss; 4117 MWL_NODE(ni)->mn_hvap = hvap; 4118 (void) mwl_peerstadb(ni, 0, 0, NULL); 4119 } else if (nstate == IEEE80211_S_CSA) { 4120 /* XXX move to below? */ 4121 if (vap->iv_opmode == IEEE80211_M_HOSTAP || 4122 vap->iv_opmode == IEEE80211_M_MBSS) 4123 mwl_startcsa(vap); 4124 } else if (nstate == IEEE80211_S_CAC) { 4125 /* XXX move to below? */ 4126 /* stop ap xmit and enable quiet mode radar detection */ 4127 mwl_hal_setradardetection(mh, DR_CHK_CHANNEL_AVAILABLE_START); 4128 } 4129 4130 /* 4131 * Invoke the parent method to do net80211 work. 4132 */ 4133 error = mvp->mv_newstate(vap, nstate, arg); 4134 4135 /* 4136 * Carry out work that must be done after net80211 runs; 4137 * this work requires up to date state (e.g. iv_bss). 4138 */ 4139 if (error == 0 && nstate == IEEE80211_S_RUN) { 4140 /* NB: collect bss node again, it may have changed */ 4141 ni = vap->iv_bss; 4142 4143 DPRINTF(sc, MWL_DEBUG_STATE, 4144 "%s: %s(RUN): iv_flags 0x%08x bintvl %d bssid %s " 4145 "capinfo 0x%04x chan %d\n", 4146 vap->iv_ifp->if_xname, __func__, vap->iv_flags, 4147 ni->ni_intval, ether_sprintf(ni->ni_bssid), ni->ni_capinfo, 4148 ieee80211_chan2ieee(ic, ic->ic_curchan)); 4149 4150 /* 4151 * Recreate local sta db entry to update WME/HT state. 4152 */ 4153 mwl_localstadb(vap); 4154 switch (vap->iv_opmode) { 4155 case IEEE80211_M_HOSTAP: 4156 case IEEE80211_M_MBSS: 4157 if (ostate == IEEE80211_S_CAC) { 4158 /* enable in-service radar detection */ 4159 mwl_hal_setradardetection(mh, 4160 DR_IN_SERVICE_MONITOR_START); 4161 sc->sc_radarena = 1; 4162 } 4163 /* 4164 * Allocate and setup the beacon frame 4165 * (and related state). 4166 */ 4167 error = mwl_reset_vap(vap, IEEE80211_S_RUN); 4168 if (error != 0) { 4169 DPRINTF(sc, MWL_DEBUG_STATE, 4170 "%s: beacon setup failed, error %d\n", 4171 __func__, error); 4172 goto bad; 4173 } 4174 /* NB: must be after setting up beacon */ 4175 mwl_hal_start(hvap); 4176 break; 4177 case IEEE80211_M_STA: 4178 DPRINTF(sc, MWL_DEBUG_STATE, "%s: %s: aid 0x%x\n", 4179 vap->iv_ifp->if_xname, __func__, ni->ni_associd); 4180 /* 4181 * Set state now that we're associated. 4182 */ 4183 mwl_hal_setassocid(hvap, ni->ni_bssid, ni->ni_associd); 4184 mwl_setrates(vap); 4185 mwl_hal_setrtsthreshold(hvap, vap->iv_rtsthreshold); 4186 if ((vap->iv_flags & IEEE80211_F_DWDS) && 4187 sc->sc_ndwdsvaps++ == 0) 4188 mwl_hal_setdwds(mh, 1); 4189 break; 4190 case IEEE80211_M_WDS: 4191 DPRINTF(sc, MWL_DEBUG_STATE, "%s: %s: bssid %s\n", 4192 vap->iv_ifp->if_xname, __func__, 4193 ether_sprintf(ni->ni_bssid)); 4194 mwl_seteapolformat(vap); 4195 break; 4196 default: 4197 break; 4198 } 4199 /* 4200 * Set CS mode according to operating channel; 4201 * this mostly an optimization for 5GHz. 4202 * 4203 * NB: must follow mwl_hal_start which resets csmode 4204 */ 4205 if (IEEE80211_IS_CHAN_5GHZ(ic->ic_bsschan)) 4206 mwl_hal_setcsmode(mh, CSMODE_AGGRESSIVE); 4207 else 4208 mwl_hal_setcsmode(mh, CSMODE_AUTO_ENA); 4209 /* 4210 * Start timer to prod firmware. 4211 */ 4212 if (sc->sc_ageinterval != 0) 4213 callout_reset(&sc->sc_timer, sc->sc_ageinterval*hz, 4214 mwl_agestations, sc); 4215 } else if (nstate == IEEE80211_S_SLEEP) { 4216 /* XXX set chip in power save */ 4217 } else if ((vap->iv_flags & IEEE80211_F_DWDS) && 4218 --sc->sc_ndwdsvaps == 0) 4219 mwl_hal_setdwds(mh, 0); 4220bad: 4221 return error; 4222} 4223 4224/* 4225 * Manage station id's; these are separate from AID's 4226 * as AID's may have values out of the range of possible 4227 * station id's acceptable to the firmware. 4228 */ 4229static int 4230allocstaid(struct mwl_softc *sc, int aid) 4231{ 4232 int staid; 4233 4234 if (!(0 < aid && aid < MWL_MAXSTAID) || isset(sc->sc_staid, aid)) { 4235 /* NB: don't use 0 */ 4236 for (staid = 1; staid < MWL_MAXSTAID; staid++) 4237 if (isclr(sc->sc_staid, staid)) 4238 break; 4239 } else 4240 staid = aid; 4241 setbit(sc->sc_staid, staid); 4242 return staid; 4243} 4244 4245static void 4246delstaid(struct mwl_softc *sc, int staid) 4247{ 4248 clrbit(sc->sc_staid, staid); 4249} 4250 4251/* 4252 * Setup driver-specific state for a newly associated node. 4253 * Note that we're called also on a re-associate, the isnew 4254 * param tells us if this is the first time or not. 4255 */ 4256static void 4257mwl_newassoc(struct ieee80211_node *ni, int isnew) 4258{ 4259 struct ieee80211vap *vap = ni->ni_vap; 4260 struct mwl_softc *sc = vap->iv_ic->ic_softc; 4261 struct mwl_node *mn = MWL_NODE(ni); 4262 MWL_HAL_PEERINFO pi; 4263 uint16_t aid; 4264 int error; 4265 4266 aid = IEEE80211_AID(ni->ni_associd); 4267 if (isnew) { 4268 mn->mn_staid = allocstaid(sc, aid); 4269 mn->mn_hvap = MWL_VAP(vap)->mv_hvap; 4270 } else { 4271 mn = MWL_NODE(ni); 4272 /* XXX reset BA stream? */ 4273 } 4274 DPRINTF(sc, MWL_DEBUG_NODE, "%s: mac %s isnew %d aid %d staid %d\n", 4275 __func__, ether_sprintf(ni->ni_macaddr), isnew, aid, mn->mn_staid); 4276 error = mwl_peerstadb(ni, aid, mn->mn_staid, mkpeerinfo(&pi, ni)); 4277 if (error != 0) { 4278 DPRINTF(sc, MWL_DEBUG_NODE, 4279 "%s: error %d creating sta db entry\n", 4280 __func__, error); 4281 /* XXX how to deal with error? */ 4282 } 4283} 4284 4285/* 4286 * Periodically poke the firmware to age out station state 4287 * (power save queues, pending tx aggregates). 4288 */ 4289static void 4290mwl_agestations(void *arg) 4291{ 4292 struct mwl_softc *sc = arg; 4293 4294 mwl_hal_setkeepalive(sc->sc_mh); 4295 if (sc->sc_ageinterval != 0) /* NB: catch dynamic changes */ 4296 callout_schedule(&sc->sc_timer, sc->sc_ageinterval*hz); 4297} 4298 4299static const struct mwl_hal_channel * 4300findhalchannel(const MWL_HAL_CHANNELINFO *ci, int ieee) 4301{ 4302 int i; 4303 4304 for (i = 0; i < ci->nchannels; i++) { 4305 const struct mwl_hal_channel *hc = &ci->channels[i]; 4306 if (hc->ieee == ieee) 4307 return hc; 4308 } 4309 return NULL; 4310} 4311 4312static int 4313mwl_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd, 4314 int nchan, struct ieee80211_channel chans[]) 4315{ 4316 struct mwl_softc *sc = ic->ic_softc; 4317 struct mwl_hal *mh = sc->sc_mh; 4318 const MWL_HAL_CHANNELINFO *ci; 4319 int i; 4320 4321 for (i = 0; i < nchan; i++) { 4322 struct ieee80211_channel *c = &chans[i]; 4323 const struct mwl_hal_channel *hc; 4324 4325 if (IEEE80211_IS_CHAN_2GHZ(c)) { 4326 mwl_hal_getchannelinfo(mh, MWL_FREQ_BAND_2DOT4GHZ, 4327 IEEE80211_IS_CHAN_HT40(c) ? 4328 MWL_CH_40_MHz_WIDTH : MWL_CH_20_MHz_WIDTH, &ci); 4329 } else if (IEEE80211_IS_CHAN_5GHZ(c)) { 4330 mwl_hal_getchannelinfo(mh, MWL_FREQ_BAND_5GHZ, 4331 IEEE80211_IS_CHAN_HT40(c) ? 4332 MWL_CH_40_MHz_WIDTH : MWL_CH_20_MHz_WIDTH, &ci); 4333 } else { 4334 device_printf(sc->sc_dev, 4335 "%s: channel %u freq %u/0x%x not 2.4/5GHz\n", 4336 __func__, c->ic_ieee, c->ic_freq, c->ic_flags); 4337 return EINVAL; 4338 } 4339 /* 4340 * Verify channel has cal data and cap tx power. 4341 */ 4342 hc = findhalchannel(ci, c->ic_ieee); 4343 if (hc != NULL) { 4344 if (c->ic_maxpower > 2*hc->maxTxPow) 4345 c->ic_maxpower = 2*hc->maxTxPow; 4346 goto next; 4347 } 4348 if (IEEE80211_IS_CHAN_HT40(c)) { 4349 /* 4350 * Look for the extension channel since the 4351 * hal table only has the primary channel. 4352 */ 4353 hc = findhalchannel(ci, c->ic_extieee); 4354 if (hc != NULL) { 4355 if (c->ic_maxpower > 2*hc->maxTxPow) 4356 c->ic_maxpower = 2*hc->maxTxPow; 4357 goto next; 4358 } 4359 } 4360 device_printf(sc->sc_dev, 4361 "%s: no cal data for channel %u ext %u freq %u/0x%x\n", 4362 __func__, c->ic_ieee, c->ic_extieee, 4363 c->ic_freq, c->ic_flags); 4364 return EINVAL; 4365 next: 4366 ; 4367 } 4368 return 0; 4369} 4370 4371#define IEEE80211_CHAN_HTG (IEEE80211_CHAN_HT|IEEE80211_CHAN_G) 4372#define IEEE80211_CHAN_HTA (IEEE80211_CHAN_HT|IEEE80211_CHAN_A) 4373 4374static void 4375addht40channels(struct ieee80211_channel chans[], int maxchans, int *nchans, 4376 const MWL_HAL_CHANNELINFO *ci, int flags) 4377{ 4378 int i, error; 4379 4380 for (i = 0; i < ci->nchannels; i++) { 4381 const struct mwl_hal_channel *hc = &ci->channels[i]; 4382 4383 error = ieee80211_add_channel_ht40(chans, maxchans, nchans, 4384 hc->ieee, hc->maxTxPow, flags); 4385 if (error != 0 && error != ENOENT) 4386 break; 4387 } 4388} 4389 4390static void 4391addchannels(struct ieee80211_channel chans[], int maxchans, int *nchans, 4392 const MWL_HAL_CHANNELINFO *ci, const uint8_t bands[]) 4393{ 4394 int i, error; 4395 4396 error = 0; 4397 for (i = 0; i < ci->nchannels && error == 0; i++) { 4398 const struct mwl_hal_channel *hc = &ci->channels[i]; 4399 4400 error = ieee80211_add_channel(chans, maxchans, nchans, 4401 hc->ieee, hc->freq, hc->maxTxPow, 0, bands); 4402 } 4403} 4404 4405static void 4406getchannels(struct mwl_softc *sc, int maxchans, int *nchans, 4407 struct ieee80211_channel chans[]) 4408{ 4409 const MWL_HAL_CHANNELINFO *ci; 4410 uint8_t bands[IEEE80211_MODE_BYTES]; 4411 4412 /* 4413 * Use the channel info from the hal to craft the 4414 * channel list. Note that we pass back an unsorted 4415 * list; the caller is required to sort it for us 4416 * (if desired). 4417 */ 4418 *nchans = 0; 4419 if (mwl_hal_getchannelinfo(sc->sc_mh, 4420 MWL_FREQ_BAND_2DOT4GHZ, MWL_CH_20_MHz_WIDTH, &ci) == 0) { 4421 memset(bands, 0, sizeof(bands)); 4422 setbit(bands, IEEE80211_MODE_11B); 4423 setbit(bands, IEEE80211_MODE_11G); 4424 setbit(bands, IEEE80211_MODE_11NG); 4425 addchannels(chans, maxchans, nchans, ci, bands); 4426 } 4427 if (mwl_hal_getchannelinfo(sc->sc_mh, 4428 MWL_FREQ_BAND_5GHZ, MWL_CH_20_MHz_WIDTH, &ci) == 0) { 4429 memset(bands, 0, sizeof(bands)); 4430 setbit(bands, IEEE80211_MODE_11A); 4431 setbit(bands, IEEE80211_MODE_11NA); 4432 addchannels(chans, maxchans, nchans, ci, bands); 4433 } 4434 if (mwl_hal_getchannelinfo(sc->sc_mh, 4435 MWL_FREQ_BAND_2DOT4GHZ, MWL_CH_40_MHz_WIDTH, &ci) == 0) 4436 addht40channels(chans, maxchans, nchans, ci, IEEE80211_CHAN_HTG); 4437 if (mwl_hal_getchannelinfo(sc->sc_mh, 4438 MWL_FREQ_BAND_5GHZ, MWL_CH_40_MHz_WIDTH, &ci) == 0) 4439 addht40channels(chans, maxchans, nchans, ci, IEEE80211_CHAN_HTA); 4440} 4441 4442static void 4443mwl_getradiocaps(struct ieee80211com *ic, 4444 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4445{ 4446 struct mwl_softc *sc = ic->ic_softc; 4447 4448 getchannels(sc, maxchans, nchans, chans); 4449} 4450 4451static int 4452mwl_getchannels(struct mwl_softc *sc) 4453{ 4454 struct ieee80211com *ic = &sc->sc_ic; 4455 4456 /* 4457 * Use the channel info from the hal to craft the 4458 * channel list for net80211. Note that we pass up 4459 * an unsorted list; net80211 will sort it for us. 4460 */ 4461 memset(ic->ic_channels, 0, sizeof(ic->ic_channels)); 4462 ic->ic_nchans = 0; 4463 getchannels(sc, IEEE80211_CHAN_MAX, &ic->ic_nchans, ic->ic_channels); 4464 4465 ic->ic_regdomain.regdomain = SKU_DEBUG; 4466 ic->ic_regdomain.country = CTRY_DEFAULT; 4467 ic->ic_regdomain.location = 'I'; 4468 ic->ic_regdomain.isocc[0] = ' '; /* XXX? */ 4469 ic->ic_regdomain.isocc[1] = ' '; 4470 return (ic->ic_nchans == 0 ? EIO : 0); 4471} 4472#undef IEEE80211_CHAN_HTA 4473#undef IEEE80211_CHAN_HTG 4474 4475#ifdef MWL_DEBUG 4476static void 4477mwl_printrxbuf(const struct mwl_rxbuf *bf, u_int ix) 4478{ 4479 const struct mwl_rxdesc *ds = bf->bf_desc; 4480 uint32_t status = le32toh(ds->Status); 4481 4482 printf("R[%2u] (DS.V:%p DS.P:0x%jx) NEXT:%08x DATA:%08x RC:%02x%s\n" 4483 " STAT:%02x LEN:%04x RSSI:%02x CHAN:%02x RATE:%02x QOS:%04x HT:%04x\n", 4484 ix, ds, (uintmax_t)bf->bf_daddr, le32toh(ds->pPhysNext), 4485 le32toh(ds->pPhysBuffData), ds->RxControl, 4486 ds->RxControl != EAGLE_RXD_CTRL_DRIVER_OWN ? 4487 "" : (status & EAGLE_RXD_STATUS_OK) ? " *" : " !", 4488 ds->Status, le16toh(ds->PktLen), ds->RSSI, ds->Channel, 4489 ds->Rate, le16toh(ds->QosCtrl), le16toh(ds->HtSig2)); 4490} 4491 4492static void 4493mwl_printtxbuf(const struct mwl_txbuf *bf, u_int qnum, u_int ix) 4494{ 4495 const struct mwl_txdesc *ds = bf->bf_desc; 4496 uint32_t status = le32toh(ds->Status); 4497 4498 printf("Q%u[%3u]", qnum, ix); 4499 printf(" (DS.V:%p DS.P:0x%jx)\n", ds, (uintmax_t)bf->bf_daddr); 4500 printf(" NEXT:%08x DATA:%08x LEN:%04x STAT:%08x%s\n", 4501 le32toh(ds->pPhysNext), 4502 le32toh(ds->PktPtr), le16toh(ds->PktLen), status, 4503 status & EAGLE_TXD_STATUS_USED ? 4504 "" : (status & 3) != 0 ? " *" : " !"); 4505 printf(" RATE:%02x PRI:%x QOS:%04x SAP:%08x FORMAT:%04x\n", 4506 ds->DataRate, ds->TxPriority, le16toh(ds->QosCtrl), 4507 le32toh(ds->SapPktInfo), le16toh(ds->Format)); 4508#if MWL_TXDESC > 1 4509 printf(" MULTIFRAMES:%u LEN:%04x %04x %04x %04x %04x %04x\n" 4510 , le32toh(ds->multiframes) 4511 , le16toh(ds->PktLenArray[0]), le16toh(ds->PktLenArray[1]) 4512 , le16toh(ds->PktLenArray[2]), le16toh(ds->PktLenArray[3]) 4513 , le16toh(ds->PktLenArray[4]), le16toh(ds->PktLenArray[5]) 4514 ); 4515 printf(" DATA:%08x %08x %08x %08x %08x %08x\n" 4516 , le32toh(ds->PktPtrArray[0]), le32toh(ds->PktPtrArray[1]) 4517 , le32toh(ds->PktPtrArray[2]), le32toh(ds->PktPtrArray[3]) 4518 , le32toh(ds->PktPtrArray[4]), le32toh(ds->PktPtrArray[5]) 4519 ); 4520#endif 4521#if 0 4522{ const uint8_t *cp = (const uint8_t *) ds; 4523 int i; 4524 for (i = 0; i < sizeof(struct mwl_txdesc); i++) { 4525 printf("%02x ", cp[i]); 4526 if (((i+1) % 16) == 0) 4527 printf("\n"); 4528 } 4529 printf("\n"); 4530} 4531#endif 4532} 4533#endif /* MWL_DEBUG */ 4534 4535#if 0 4536static void 4537mwl_txq_dump(struct mwl_txq *txq) 4538{ 4539 struct mwl_txbuf *bf; 4540 int i = 0; 4541 4542 MWL_TXQ_LOCK(txq); 4543 STAILQ_FOREACH(bf, &txq->active, bf_list) { 4544 struct mwl_txdesc *ds = bf->bf_desc; 4545 MWL_TXDESC_SYNC(txq, ds, 4546 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 4547#ifdef MWL_DEBUG 4548 mwl_printtxbuf(bf, txq->qnum, i); 4549#endif 4550 i++; 4551 } 4552 MWL_TXQ_UNLOCK(txq); 4553} 4554#endif 4555 4556static void 4557mwl_watchdog(void *arg) 4558{ 4559 struct mwl_softc *sc = arg; 4560 4561 callout_reset(&sc->sc_watchdog, hz, mwl_watchdog, sc); 4562 if (sc->sc_tx_timer == 0 || --sc->sc_tx_timer > 0) 4563 return; 4564 4565 if (sc->sc_running && !sc->sc_invalid) { 4566 if (mwl_hal_setkeepalive(sc->sc_mh)) 4567 device_printf(sc->sc_dev, 4568 "transmit timeout (firmware hung?)\n"); 4569 else 4570 device_printf(sc->sc_dev, 4571 "transmit timeout\n"); 4572#if 0 4573 mwl_reset(sc); 4574mwl_txq_dump(&sc->sc_txq[0]);/*XXX*/ 4575#endif 4576 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 4577 sc->sc_stats.mst_watchdog++; 4578 } 4579} 4580 4581#ifdef MWL_DIAGAPI 4582/* 4583 * Diagnostic interface to the HAL. This is used by various 4584 * tools to do things like retrieve register contents for 4585 * debugging. The mechanism is intentionally opaque so that 4586 * it can change frequently w/o concern for compatibility. 4587 */ 4588static int 4589mwl_ioctl_diag(struct mwl_softc *sc, struct mwl_diag *md) 4590{ 4591 struct mwl_hal *mh = sc->sc_mh; 4592 u_int id = md->md_id & MWL_DIAG_ID; 4593 void *indata = NULL; 4594 void *outdata = NULL; 4595 u_int32_t insize = md->md_in_size; 4596 u_int32_t outsize = md->md_out_size; 4597 int error = 0; 4598 4599 if (md->md_id & MWL_DIAG_IN) { 4600 /* 4601 * Copy in data. 4602 */ 4603 indata = malloc(insize, M_TEMP, M_NOWAIT); 4604 if (indata == NULL) { 4605 error = ENOMEM; 4606 goto bad; 4607 } 4608 error = copyin(md->md_in_data, indata, insize); 4609 if (error) 4610 goto bad; 4611 } 4612 if (md->md_id & MWL_DIAG_DYN) { 4613 /* 4614 * Allocate a buffer for the results (otherwise the HAL 4615 * returns a pointer to a buffer where we can read the 4616 * results). Note that we depend on the HAL leaving this 4617 * pointer for us to use below in reclaiming the buffer; 4618 * may want to be more defensive. 4619 */ 4620 outdata = malloc(outsize, M_TEMP, M_NOWAIT); 4621 if (outdata == NULL) { 4622 error = ENOMEM; 4623 goto bad; 4624 } 4625 } 4626 if (mwl_hal_getdiagstate(mh, id, indata, insize, &outdata, &outsize)) { 4627 if (outsize < md->md_out_size) 4628 md->md_out_size = outsize; 4629 if (outdata != NULL) 4630 error = copyout(outdata, md->md_out_data, 4631 md->md_out_size); 4632 } else { 4633 error = EINVAL; 4634 } 4635bad: 4636 if ((md->md_id & MWL_DIAG_IN) && indata != NULL) 4637 free(indata, M_TEMP); 4638 if ((md->md_id & MWL_DIAG_DYN) && outdata != NULL) 4639 free(outdata, M_TEMP); 4640 return error; 4641} 4642 4643static int 4644mwl_ioctl_reset(struct mwl_softc *sc, struct mwl_diag *md) 4645{ 4646 struct mwl_hal *mh = sc->sc_mh; 4647 int error; 4648 4649 MWL_LOCK_ASSERT(sc); 4650 4651 if (md->md_id == 0 && mwl_hal_fwload(mh, NULL) != 0) { 4652 device_printf(sc->sc_dev, "unable to load firmware\n"); 4653 return EIO; 4654 } 4655 if (mwl_hal_gethwspecs(mh, &sc->sc_hwspecs) != 0) { 4656 device_printf(sc->sc_dev, "unable to fetch h/w specs\n"); 4657 return EIO; 4658 } 4659 error = mwl_setupdma(sc); 4660 if (error != 0) { 4661 /* NB: mwl_setupdma prints a msg */ 4662 return error; 4663 } 4664 /* 4665 * Reset tx/rx data structures; after reload we must 4666 * re-start the driver's notion of the next xmit/recv. 4667 */ 4668 mwl_draintxq(sc); /* clear pending frames */ 4669 mwl_resettxq(sc); /* rebuild tx q lists */ 4670 sc->sc_rxnext = NULL; /* force rx to start at the list head */ 4671 return 0; 4672} 4673#endif /* MWL_DIAGAPI */ 4674 4675static void 4676mwl_parent(struct ieee80211com *ic) 4677{ 4678 struct mwl_softc *sc = ic->ic_softc; 4679 int startall = 0; 4680 4681 MWL_LOCK(sc); 4682 if (ic->ic_nrunning > 0) { 4683 if (sc->sc_running) { 4684 /* 4685 * To avoid rescanning another access point, 4686 * do not call mwl_init() here. Instead, 4687 * only reflect promisc mode settings. 4688 */ 4689 mwl_mode_init(sc); 4690 } else { 4691 /* 4692 * Beware of being called during attach/detach 4693 * to reset promiscuous mode. In that case we 4694 * will still be marked UP but not RUNNING. 4695 * However trying to re-init the interface 4696 * is the wrong thing to do as we've already 4697 * torn down much of our state. There's 4698 * probably a better way to deal with this. 4699 */ 4700 if (!sc->sc_invalid) { 4701 mwl_init(sc); /* XXX lose error */ 4702 startall = 1; 4703 } 4704 } 4705 } else 4706 mwl_stop(sc); 4707 MWL_UNLOCK(sc); 4708 if (startall) 4709 ieee80211_start_all(ic); 4710} 4711 4712static int 4713mwl_ioctl(struct ieee80211com *ic, u_long cmd, void *data) 4714{ 4715 struct mwl_softc *sc = ic->ic_softc; 4716 struct ifreq *ifr = data; 4717 int error = 0; 4718 4719 switch (cmd) { 4720 case SIOCGMVSTATS: 4721 mwl_hal_gethwstats(sc->sc_mh, &sc->sc_stats.hw_stats); 4722#if 0 4723 /* NB: embed these numbers to get a consistent view */ 4724 sc->sc_stats.mst_tx_packets = 4725 ifp->if_get_counter(ifp, IFCOUNTER_OPACKETS); 4726 sc->sc_stats.mst_rx_packets = 4727 ifp->if_get_counter(ifp, IFCOUNTER_IPACKETS); 4728#endif 4729 /* 4730 * NB: Drop the softc lock in case of a page fault; 4731 * we'll accept any potential inconsisentcy in the 4732 * statistics. The alternative is to copy the data 4733 * to a local structure. 4734 */ 4735 return (copyout(&sc->sc_stats, ifr_data_get_ptr(ifr), 4736 sizeof (sc->sc_stats))); 4737#ifdef MWL_DIAGAPI 4738 case SIOCGMVDIAG: 4739 /* XXX check privs */ 4740 return mwl_ioctl_diag(sc, (struct mwl_diag *) ifr); 4741 case SIOCGMVRESET: 4742 /* XXX check privs */ 4743 MWL_LOCK(sc); 4744 error = mwl_ioctl_reset(sc,(struct mwl_diag *) ifr); 4745 MWL_UNLOCK(sc); 4746 break; 4747#endif /* MWL_DIAGAPI */ 4748 default: 4749 error = ENOTTY; 4750 break; 4751 } 4752 return (error); 4753} 4754 4755#ifdef MWL_DEBUG 4756static int 4757mwl_sysctl_debug(SYSCTL_HANDLER_ARGS) 4758{ 4759 struct mwl_softc *sc = arg1; 4760 int debug, error; 4761 4762 debug = sc->sc_debug | (mwl_hal_getdebug(sc->sc_mh) << 24); 4763 error = sysctl_handle_int(oidp, &debug, 0, req); 4764 if (error || !req->newptr) 4765 return error; 4766 mwl_hal_setdebug(sc->sc_mh, debug >> 24); 4767 sc->sc_debug = debug & 0x00ffffff; 4768 return 0; 4769} 4770#endif /* MWL_DEBUG */ 4771 4772static void 4773mwl_sysctlattach(struct mwl_softc *sc) 4774{ 4775#ifdef MWL_DEBUG 4776 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev); 4777 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev); 4778 4779 sc->sc_debug = mwl_debug; 4780 SYSCTL_ADD_PROC(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, 4781 "debug", CTLTYPE_INT | CTLFLAG_RW, sc, 0, 4782 mwl_sysctl_debug, "I", "control debugging printfs"); 4783#endif 4784} 4785 4786/* 4787 * Announce various information on device/driver attach. 4788 */ 4789static void 4790mwl_announce(struct mwl_softc *sc) 4791{ 4792 4793 device_printf(sc->sc_dev, "Rev A%d hardware, v%d.%d.%d.%d firmware (regioncode %d)\n", 4794 sc->sc_hwspecs.hwVersion, 4795 (sc->sc_hwspecs.fwReleaseNumber>>24) & 0xff, 4796 (sc->sc_hwspecs.fwReleaseNumber>>16) & 0xff, 4797 (sc->sc_hwspecs.fwReleaseNumber>>8) & 0xff, 4798 (sc->sc_hwspecs.fwReleaseNumber>>0) & 0xff, 4799 sc->sc_hwspecs.regionCode); 4800 sc->sc_fwrelease = sc->sc_hwspecs.fwReleaseNumber; 4801 4802 if (bootverbose) { 4803 int i; 4804 for (i = 0; i <= WME_AC_VO; i++) { 4805 struct mwl_txq *txq = sc->sc_ac2q[i]; 4806 device_printf(sc->sc_dev, "Use hw queue %u for %s traffic\n", 4807 txq->qnum, ieee80211_wme_acnames[i]); 4808 } 4809 } 4810 if (bootverbose || mwl_rxdesc != MWL_RXDESC) 4811 device_printf(sc->sc_dev, "using %u rx descriptors\n", mwl_rxdesc); 4812 if (bootverbose || mwl_rxbuf != MWL_RXBUF) 4813 device_printf(sc->sc_dev, "using %u rx buffers\n", mwl_rxbuf); 4814 if (bootverbose || mwl_txbuf != MWL_TXBUF) 4815 device_printf(sc->sc_dev, "using %u tx buffers\n", mwl_txbuf); 4816 if (bootverbose && mwl_hal_ismbsscapable(sc->sc_mh)) 4817 device_printf(sc->sc_dev, "multi-bss support\n"); 4818#ifdef MWL_TX_NODROP 4819 if (bootverbose) 4820 device_printf(sc->sc_dev, "no tx drop\n"); 4821#endif 4822} 4823