if_wpi.c revision 280050
1/*- 2 * Copyright (c) 2006,2007 3 * Damien Bergamini <damien.bergamini@free.fr> 4 * Benjamin Close <Benjamin.Close@clearchain.com> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/cdefs.h> 20__FBSDID("$FreeBSD: head/sys/dev/wpi/if_wpi.c 280050 2015-03-15 20:09:47Z adrian $"); 21 22/* 23 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 24 * 25 * The 3945ABG network adapter doesn't use traditional hardware as 26 * many other adaptors do. Instead at run time the eeprom is set into a known 27 * state and told to load boot firmware. The boot firmware loads an init and a 28 * main binary firmware image into SRAM on the card via DMA. 29 * Once the firmware is loaded, the driver/hw then 30 * communicate by way of circular dma rings via the SRAM to the firmware. 31 * 32 * There is 6 memory rings. 1 command ring, 1 rx data ring & 4 tx data rings. 33 * The 4 tx data rings allow for prioritization QoS. 34 * 35 * The rx data ring consists of 32 dma buffers. Two registers are used to 36 * indicate where in the ring the driver and the firmware are up to. The 37 * driver sets the initial read index (reg1) and the initial write index (reg2), 38 * the firmware updates the read index (reg1) on rx of a packet and fires an 39 * interrupt. The driver then processes the buffers starting at reg1 indicating 40 * to the firmware which buffers have been accessed by updating reg2. At the 41 * same time allocating new memory for the processed buffer. 42 * 43 * A similar thing happens with the tx rings. The difference is the firmware 44 * stop processing buffers once the queue is full and until confirmation 45 * of a successful transmition (tx_done) has occurred. 46 * 47 * The command ring operates in the same manner as the tx queues. 48 * 49 * All communication direct to the card (ie eeprom) is classed as Stage1 50 * communication 51 * 52 * All communication via the firmware to the card is classed as State2. 53 * The firmware consists of 2 parts. A bootstrap firmware and a runtime 54 * firmware. The bootstrap firmware and runtime firmware are loaded 55 * from host memory via dma to the card then told to execute. From this point 56 * on the majority of communications between the driver and the card goes 57 * via the firmware. 58 */ 59 60#include "opt_wlan.h" 61#include "opt_wpi.h" 62 63#include <sys/param.h> 64#include <sys/sysctl.h> 65#include <sys/sockio.h> 66#include <sys/mbuf.h> 67#include <sys/kernel.h> 68#include <sys/socket.h> 69#include <sys/systm.h> 70#include <sys/malloc.h> 71#include <sys/queue.h> 72#include <sys/taskqueue.h> 73#include <sys/module.h> 74#include <sys/bus.h> 75#include <sys/endian.h> 76#include <sys/linker.h> 77#include <sys/firmware.h> 78 79#include <machine/bus.h> 80#include <machine/resource.h> 81#include <sys/rman.h> 82 83#include <dev/pci/pcireg.h> 84#include <dev/pci/pcivar.h> 85 86#include <net/bpf.h> 87#include <net/if.h> 88#include <net/if_var.h> 89#include <net/if_arp.h> 90#include <net/ethernet.h> 91#include <net/if_dl.h> 92#include <net/if_media.h> 93#include <net/if_types.h> 94 95#include <netinet/in.h> 96#include <netinet/in_systm.h> 97#include <netinet/in_var.h> 98#include <netinet/if_ether.h> 99#include <netinet/ip.h> 100 101#include <net80211/ieee80211_var.h> 102#include <net80211/ieee80211_radiotap.h> 103#include <net80211/ieee80211_regdomain.h> 104#include <net80211/ieee80211_ratectl.h> 105 106#include <dev/wpi/if_wpireg.h> 107#include <dev/wpi/if_wpivar.h> 108#include <dev/wpi/if_wpi_debug.h> 109 110struct wpi_ident { 111 uint16_t vendor; 112 uint16_t device; 113 uint16_t subdevice; 114 const char *name; 115}; 116 117static const struct wpi_ident wpi_ident_table[] = { 118 /* The below entries support ABG regardless of the subid */ 119 { 0x8086, 0x4222, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 120 { 0x8086, 0x4227, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 121 /* The below entries only support BG */ 122 { 0x8086, 0x4222, 0x1005, "Intel(R) PRO/Wireless 3945BG" }, 123 { 0x8086, 0x4222, 0x1034, "Intel(R) PRO/Wireless 3945BG" }, 124 { 0x8086, 0x4227, 0x1014, "Intel(R) PRO/Wireless 3945BG" }, 125 { 0x8086, 0x4222, 0x1044, "Intel(R) PRO/Wireless 3945BG" }, 126 { 0, 0, 0, NULL } 127}; 128 129static int wpi_probe(device_t); 130static int wpi_attach(device_t); 131static void wpi_radiotap_attach(struct wpi_softc *); 132static void wpi_sysctlattach(struct wpi_softc *); 133static struct ieee80211vap *wpi_vap_create(struct ieee80211com *, 134 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 135 const uint8_t [IEEE80211_ADDR_LEN], 136 const uint8_t [IEEE80211_ADDR_LEN]); 137static void wpi_vap_delete(struct ieee80211vap *); 138static int wpi_detach(device_t); 139static int wpi_shutdown(device_t); 140static int wpi_suspend(device_t); 141static int wpi_resume(device_t); 142static int wpi_nic_lock(struct wpi_softc *); 143static int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 144static void wpi_dma_map_addr(void *, bus_dma_segment_t *, int, int); 145static int wpi_dma_contig_alloc(struct wpi_softc *, struct wpi_dma_info *, 146 void **, bus_size_t, bus_size_t); 147static void wpi_dma_contig_free(struct wpi_dma_info *); 148static int wpi_alloc_shared(struct wpi_softc *); 149static void wpi_free_shared(struct wpi_softc *); 150static int wpi_alloc_fwmem(struct wpi_softc *); 151static void wpi_free_fwmem(struct wpi_softc *); 152static int wpi_alloc_rx_ring(struct wpi_softc *); 153static void wpi_update_rx_ring(struct wpi_softc *); 154static void wpi_reset_rx_ring(struct wpi_softc *); 155static void wpi_free_rx_ring(struct wpi_softc *); 156static int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 157 int); 158static void wpi_update_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 159static void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 160static void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 161static int wpi_read_eeprom(struct wpi_softc *, 162 uint8_t macaddr[IEEE80211_ADDR_LEN]); 163static uint32_t wpi_eeprom_channel_flags(struct wpi_eeprom_chan *); 164static void wpi_read_eeprom_band(struct wpi_softc *, int); 165static int wpi_read_eeprom_channels(struct wpi_softc *, int); 166static struct wpi_eeprom_chan *wpi_find_eeprom_channel(struct wpi_softc *, 167 struct ieee80211_channel *); 168static int wpi_setregdomain(struct ieee80211com *, 169 struct ieee80211_regdomain *, int, 170 struct ieee80211_channel[]); 171static int wpi_read_eeprom_group(struct wpi_softc *, int); 172static void wpi_node_free(struct ieee80211_node *); 173static struct ieee80211_node *wpi_node_alloc(struct ieee80211vap *, 174 const uint8_t mac[IEEE80211_ADDR_LEN]); 175static int wpi_newstate(struct ieee80211vap *, enum ieee80211_state, int); 176static void wpi_calib_timeout(void *); 177static void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 178 struct wpi_rx_data *); 179static void wpi_rx_statistics(struct wpi_softc *, struct wpi_rx_desc *, 180 struct wpi_rx_data *); 181static void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 182static void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 183static void wpi_notif_intr(struct wpi_softc *); 184static void wpi_wakeup_intr(struct wpi_softc *); 185static void wpi_fatal_intr(struct wpi_softc *); 186static void wpi_intr(void *); 187static int wpi_cmd2(struct wpi_softc *, struct wpi_buf *); 188static int wpi_tx_data(struct wpi_softc *, struct mbuf *, 189 struct ieee80211_node *); 190static int wpi_tx_data_raw(struct wpi_softc *, struct mbuf *, 191 struct ieee80211_node *, 192 const struct ieee80211_bpf_params *); 193static int wpi_raw_xmit(struct ieee80211_node *, struct mbuf *, 194 const struct ieee80211_bpf_params *); 195static void wpi_start(struct ifnet *); 196static void wpi_start_locked(struct ifnet *); 197static void wpi_watchdog_rfkill(void *); 198static void wpi_watchdog(void *); 199static int wpi_ioctl(struct ifnet *, u_long, caddr_t); 200static int wpi_cmd(struct wpi_softc *, int, const void *, size_t, int); 201static int wpi_mrr_setup(struct wpi_softc *); 202static int wpi_add_node(struct wpi_softc *, struct ieee80211_node *); 203static int wpi_add_broadcast_node(struct wpi_softc *, int); 204static int wpi_add_ibss_node(struct wpi_softc *, struct ieee80211_node *); 205static void wpi_del_node(struct wpi_softc *, struct ieee80211_node *); 206static int wpi_updateedca(struct ieee80211com *); 207static void wpi_set_promisc(struct wpi_softc *); 208static void wpi_update_promisc(struct ifnet *); 209static void wpi_update_mcast(struct ifnet *); 210static void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 211static int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 212static void wpi_power_calibration(struct wpi_softc *); 213static int wpi_set_txpower(struct wpi_softc *, int); 214static int wpi_get_power_index(struct wpi_softc *, 215 struct wpi_power_group *, struct ieee80211_channel *, int); 216static int wpi_set_pslevel(struct wpi_softc *, uint8_t, int, int); 217static int wpi_send_btcoex(struct wpi_softc *); 218static int wpi_send_rxon(struct wpi_softc *, int, int); 219static int wpi_config(struct wpi_softc *); 220static uint16_t wpi_get_active_dwell_time(struct wpi_softc *, 221 struct ieee80211_channel *, uint8_t); 222static uint16_t wpi_limit_dwell(struct wpi_softc *, uint16_t); 223static uint16_t wpi_get_passive_dwell_time(struct wpi_softc *, 224 struct ieee80211_channel *); 225static int wpi_scan(struct wpi_softc *, struct ieee80211_channel *); 226static int wpi_auth(struct wpi_softc *, struct ieee80211vap *); 227static void wpi_update_beacon(struct ieee80211vap *, int); 228static int wpi_setup_beacon(struct wpi_softc *, struct ieee80211_node *); 229static int wpi_run(struct wpi_softc *, struct ieee80211vap *); 230static int wpi_key_alloc(struct ieee80211vap *, struct ieee80211_key *, 231 ieee80211_keyix *, ieee80211_keyix *); 232static int wpi_key_set(struct ieee80211vap *, 233 const struct ieee80211_key *, 234 const uint8_t mac[IEEE80211_ADDR_LEN]); 235static int wpi_key_delete(struct ieee80211vap *, 236 const struct ieee80211_key *); 237static int wpi_post_alive(struct wpi_softc *); 238static int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 239static int wpi_load_firmware(struct wpi_softc *); 240static int wpi_read_firmware(struct wpi_softc *); 241static void wpi_unload_firmware(struct wpi_softc *); 242static int wpi_clock_wait(struct wpi_softc *); 243static int wpi_apm_init(struct wpi_softc *); 244static void wpi_apm_stop_master(struct wpi_softc *); 245static void wpi_apm_stop(struct wpi_softc *); 246static void wpi_nic_config(struct wpi_softc *); 247static int wpi_hw_init(struct wpi_softc *); 248static void wpi_hw_stop(struct wpi_softc *); 249static void wpi_radio_on(void *, int); 250static void wpi_radio_off(void *, int); 251static void wpi_init_locked(struct wpi_softc *); 252static void wpi_init(void *); 253static void wpi_stop_locked(struct wpi_softc *); 254static void wpi_stop(struct wpi_softc *); 255static void wpi_scan_start(struct ieee80211com *); 256static void wpi_scan_end(struct ieee80211com *); 257static void wpi_set_channel(struct ieee80211com *); 258static void wpi_scan_curchan(struct ieee80211_scan_state *, unsigned long); 259static void wpi_scan_mindwell(struct ieee80211_scan_state *); 260static void wpi_hw_reset(void *, int); 261 262static device_method_t wpi_methods[] = { 263 /* Device interface */ 264 DEVMETHOD(device_probe, wpi_probe), 265 DEVMETHOD(device_attach, wpi_attach), 266 DEVMETHOD(device_detach, wpi_detach), 267 DEVMETHOD(device_shutdown, wpi_shutdown), 268 DEVMETHOD(device_suspend, wpi_suspend), 269 DEVMETHOD(device_resume, wpi_resume), 270 271 DEVMETHOD_END 272}; 273 274static driver_t wpi_driver = { 275 "wpi", 276 wpi_methods, 277 sizeof (struct wpi_softc) 278}; 279static devclass_t wpi_devclass; 280 281DRIVER_MODULE(wpi, pci, wpi_driver, wpi_devclass, NULL, NULL); 282 283MODULE_VERSION(wpi, 1); 284 285MODULE_DEPEND(wpi, pci, 1, 1, 1); 286MODULE_DEPEND(wpi, wlan, 1, 1, 1); 287MODULE_DEPEND(wpi, firmware, 1, 1, 1); 288 289static int 290wpi_probe(device_t dev) 291{ 292 const struct wpi_ident *ident; 293 294 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 295 if (pci_get_vendor(dev) == ident->vendor && 296 pci_get_device(dev) == ident->device) { 297 device_set_desc(dev, ident->name); 298 return (BUS_PROBE_DEFAULT); 299 } 300 } 301 return ENXIO; 302} 303 304static int 305wpi_attach(device_t dev) 306{ 307 struct wpi_softc *sc = (struct wpi_softc *)device_get_softc(dev); 308 struct ieee80211com *ic; 309 struct ifnet *ifp; 310 int i, error, rid, supportsa = 1; 311 const struct wpi_ident *ident; 312 uint8_t macaddr[IEEE80211_ADDR_LEN]; 313 314 sc->sc_dev = dev; 315 316#ifdef WPI_DEBUG 317 error = resource_int_value(device_get_name(sc->sc_dev), 318 device_get_unit(sc->sc_dev), "debug", &(sc->sc_debug)); 319 if (error != 0) 320 sc->sc_debug = 0; 321#else 322 sc->sc_debug = 0; 323#endif 324 325 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 326 327 /* 328 * Get the offset of the PCI Express Capability Structure in PCI 329 * Configuration Space. 330 */ 331 error = pci_find_cap(dev, PCIY_EXPRESS, &sc->sc_cap_off); 332 if (error != 0) { 333 device_printf(dev, "PCIe capability structure not found!\n"); 334 return error; 335 } 336 337 /* 338 * Some card's only support 802.11b/g not a, check to see if 339 * this is one such card. A 0x0 in the subdevice table indicates 340 * the entire subdevice range is to be ignored. 341 */ 342 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 343 if (ident->subdevice && 344 pci_get_subdevice(dev) == ident->subdevice) { 345 supportsa = 0; 346 break; 347 } 348 } 349 350 /* Clear device-specific "PCI retry timeout" register (41h). */ 351 pci_write_config(dev, 0x41, 0, 1); 352 353 /* Enable bus-mastering. */ 354 pci_enable_busmaster(dev); 355 356 rid = PCIR_BAR(0); 357 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 358 RF_ACTIVE); 359 if (sc->mem == NULL) { 360 device_printf(dev, "can't map mem space\n"); 361 error = ENOMEM; 362 return error; 363 } 364 sc->sc_st = rman_get_bustag(sc->mem); 365 sc->sc_sh = rman_get_bushandle(sc->mem); 366 367 i = 1; 368 rid = 0; 369 if (pci_alloc_msi(dev, &i) == 0) 370 rid = 1; 371 /* Install interrupt handler. */ 372 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 373 (rid != 0 ? 0 : RF_SHAREABLE)); 374 if (sc->irq == NULL) { 375 device_printf(dev, "can't map interrupt\n"); 376 error = ENOMEM; 377 goto fail; 378 } 379 380 WPI_LOCK_INIT(sc); 381 382 sc->sc_unr = new_unrhdr(WPI_ID_IBSS_MIN, WPI_ID_IBSS_MAX, &sc->sc_mtx); 383 384 /* Allocate DMA memory for firmware transfers. */ 385 if ((error = wpi_alloc_fwmem(sc)) != 0) { 386 device_printf(dev, 387 "could not allocate memory for firmware, error %d\n", 388 error); 389 goto fail; 390 } 391 392 /* Allocate shared page. */ 393 if ((error = wpi_alloc_shared(sc)) != 0) { 394 device_printf(dev, "could not allocate shared page\n"); 395 goto fail; 396 } 397 398 /* Allocate TX rings - 4 for QoS purposes, 1 for commands. */ 399 for (i = 0; i < WPI_NTXQUEUES; i++) { 400 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 401 device_printf(dev, 402 "could not allocate TX ring %d, error %d\n", i, 403 error); 404 goto fail; 405 } 406 } 407 408 /* Allocate RX ring. */ 409 if ((error = wpi_alloc_rx_ring(sc)) != 0) { 410 device_printf(dev, "could not allocate RX ring, error %d\n", 411 error); 412 goto fail; 413 } 414 415 /* Clear pending interrupts. */ 416 WPI_WRITE(sc, WPI_INT, 0xffffffff); 417 418 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 419 if (ifp == NULL) { 420 device_printf(dev, "can not allocate ifnet structure\n"); 421 goto fail; 422 } 423 424 ic = ifp->if_l2com; 425 ic->ic_ifp = ifp; 426 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 427 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 428 429 /* Set device capabilities. */ 430 ic->ic_caps = 431 IEEE80211_C_STA /* station mode supported */ 432 | IEEE80211_C_IBSS /* IBSS mode supported */ 433 | IEEE80211_C_MONITOR /* monitor mode supported */ 434 | IEEE80211_C_AHDEMO /* adhoc demo mode */ 435 | IEEE80211_C_BGSCAN /* capable of bg scanning */ 436 | IEEE80211_C_TXPMGT /* tx power management */ 437 | IEEE80211_C_SHSLOT /* short slot time supported */ 438 | IEEE80211_C_WPA /* 802.11i */ 439 | IEEE80211_C_SHPREAMBLE /* short preamble supported */ 440#if 0 441 | IEEE80211_C_HOSTAP /* Host access point mode */ 442#endif 443 | IEEE80211_C_WME /* 802.11e */ 444 | IEEE80211_C_PMGT /* Station-side power mgmt */ 445 ; 446 447 ic->ic_cryptocaps = 448 IEEE80211_CRYPTO_AES_CCM; 449 450 /* 451 * Read in the eeprom and also setup the channels for 452 * net80211. We don't set the rates as net80211 does this for us 453 */ 454 if ((error = wpi_read_eeprom(sc, macaddr)) != 0) { 455 device_printf(dev, "could not read EEPROM, error %d\n", 456 error); 457 goto fail; 458 } 459 460#ifdef WPI_DEBUG 461 if (bootverbose) { 462 device_printf(sc->sc_dev, "Regulatory Domain: %.4s\n", sc->domain); 463 device_printf(sc->sc_dev, "Hardware Type: %c\n", 464 sc->type > 1 ? 'B': '?'); 465 device_printf(sc->sc_dev, "Hardware Revision: %c\n", 466 ((le16toh(sc->rev) & 0xf0) == 0xd0) ? 'D': '?'); 467 device_printf(sc->sc_dev, "SKU %s support 802.11a\n", 468 supportsa ? "does" : "does not"); 469 470 /* XXX hw_config uses the PCIDEV for the Hardware rev. Must check 471 what sc->rev really represents - benjsc 20070615 */ 472 } 473#endif 474 475 if_initname(ifp, device_get_name(dev), device_get_unit(dev)); 476 ifp->if_softc = sc; 477 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 478 ifp->if_init = wpi_init; 479 ifp->if_ioctl = wpi_ioctl; 480 ifp->if_start = wpi_start; 481 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 482 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 483 IFQ_SET_READY(&ifp->if_snd); 484 485 ieee80211_ifattach(ic, macaddr); 486 ic->ic_vap_create = wpi_vap_create; 487 ic->ic_vap_delete = wpi_vap_delete; 488 ic->ic_raw_xmit = wpi_raw_xmit; 489 ic->ic_node_alloc = wpi_node_alloc; 490 sc->sc_node_free = ic->ic_node_free; 491 ic->ic_node_free = wpi_node_free; 492 ic->ic_wme.wme_update = wpi_updateedca; 493 ic->ic_update_promisc = wpi_update_promisc; 494 ic->ic_update_mcast = wpi_update_mcast; 495 ic->ic_scan_start = wpi_scan_start; 496 ic->ic_scan_end = wpi_scan_end; 497 ic->ic_set_channel = wpi_set_channel; 498 sc->sc_scan_curchan = ic->ic_scan_curchan; 499 ic->ic_scan_curchan = wpi_scan_curchan; 500 ic->ic_scan_mindwell = wpi_scan_mindwell; 501 ic->ic_setregdomain = wpi_setregdomain; 502 503 wpi_radiotap_attach(sc); 504 505 callout_init_mtx(&sc->calib_to, &sc->sc_mtx, 0); 506 callout_init_mtx(&sc->watchdog_to, &sc->sc_mtx, 0); 507 callout_init_mtx(&sc->watchdog_rfkill, &sc->sc_mtx, 0); 508 TASK_INIT(&sc->sc_reinittask, 0, wpi_hw_reset, sc); 509 TASK_INIT(&sc->sc_radiooff_task, 0, wpi_radio_off, sc); 510 TASK_INIT(&sc->sc_radioon_task, 0, wpi_radio_on, sc); 511 512 wpi_sysctlattach(sc); 513 514 /* 515 * Hook our interrupt after all initialization is complete. 516 */ 517 error = bus_setup_intr(dev, sc->irq, INTR_TYPE_NET | INTR_MPSAFE, 518 NULL, wpi_intr, sc, &sc->sc_ih); 519 if (error != 0) { 520 device_printf(dev, "can't establish interrupt, error %d\n", 521 error); 522 goto fail; 523 } 524 525 if (bootverbose) 526 ieee80211_announce(ic); 527 528#ifdef WPI_DEBUG 529 if (sc->sc_debug & WPI_DEBUG_HW) 530 ieee80211_announce_channels(ic); 531#endif 532 533 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 534 return 0; 535 536fail: wpi_detach(dev); 537 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 538 return error; 539} 540 541/* 542 * Attach the interface to 802.11 radiotap. 543 */ 544static void 545wpi_radiotap_attach(struct wpi_softc *sc) 546{ 547 struct ifnet *ifp = sc->sc_ifp; 548 struct ieee80211com *ic = ifp->if_l2com; 549 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 550 ieee80211_radiotap_attach(ic, 551 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 552 WPI_TX_RADIOTAP_PRESENT, 553 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 554 WPI_RX_RADIOTAP_PRESENT); 555 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 556} 557 558static void 559wpi_sysctlattach(struct wpi_softc *sc) 560{ 561#ifdef WPI_DEBUG 562 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev); 563 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev); 564 565 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, 566 "debug", CTLFLAG_RW, &sc->sc_debug, sc->sc_debug, 567 "control debugging printfs"); 568#endif 569} 570 571static struct ieee80211vap * 572wpi_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 573 enum ieee80211_opmode opmode, int flags, 574 const uint8_t bssid[IEEE80211_ADDR_LEN], 575 const uint8_t mac[IEEE80211_ADDR_LEN]) 576{ 577 struct wpi_vap *wvp; 578 struct wpi_buf *bcn; 579 struct ieee80211vap *vap; 580 581 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 582 return NULL; 583 584 wvp = (struct wpi_vap *) malloc(sizeof(struct wpi_vap), 585 M_80211_VAP, M_NOWAIT | M_ZERO); 586 if (wvp == NULL) 587 return NULL; 588 vap = &wvp->vap; 589 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 590 591 bcn = &wvp->wv_bcbuf; 592 bcn->data = NULL; 593 594 /* Override with driver methods. */ 595 wvp->newstate = vap->iv_newstate; 596 vap->iv_key_alloc = wpi_key_alloc; 597 vap->iv_key_set = wpi_key_set; 598 vap->iv_key_delete = wpi_key_delete; 599 vap->iv_newstate = wpi_newstate; 600 vap->iv_update_beacon = wpi_update_beacon; 601 602 ieee80211_ratectl_init(vap); 603 /* Complete setup. */ 604 ieee80211_vap_attach(vap, ieee80211_media_change, ieee80211_media_status); 605 ic->ic_opmode = opmode; 606 return vap; 607} 608 609static void 610wpi_vap_delete(struct ieee80211vap *vap) 611{ 612 struct wpi_vap *wvp = WPI_VAP(vap); 613 struct wpi_buf *bcn = &wvp->wv_bcbuf; 614 615 ieee80211_ratectl_deinit(vap); 616 ieee80211_vap_detach(vap); 617 618 if (bcn->data != NULL) 619 free(bcn->data, M_DEVBUF); 620 free(wvp, M_80211_VAP); 621} 622 623static int 624wpi_detach(device_t dev) 625{ 626 struct wpi_softc *sc = device_get_softc(dev); 627 struct ifnet *ifp = sc->sc_ifp; 628 struct ieee80211com *ic; 629 int qid; 630 631 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 632 633 if (ifp != NULL) { 634 ic = ifp->if_l2com; 635 636 ieee80211_draintask(ic, &sc->sc_reinittask); 637 ieee80211_draintask(ic, &sc->sc_radiooff_task); 638 639 wpi_stop(sc); 640 641 callout_drain(&sc->watchdog_to); 642 callout_drain(&sc->watchdog_rfkill); 643 callout_drain(&sc->calib_to); 644 ieee80211_ifdetach(ic); 645 } 646 647 /* Uninstall interrupt handler. */ 648 if (sc->irq != NULL) { 649 bus_teardown_intr(dev, sc->irq, sc->sc_ih); 650 bus_release_resource(dev, SYS_RES_IRQ, rman_get_rid(sc->irq), 651 sc->irq); 652 pci_release_msi(dev); 653 } 654 655 if (sc->txq[0].data_dmat) { 656 /* Free DMA resources. */ 657 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 658 wpi_free_tx_ring(sc, &sc->txq[qid]); 659 660 wpi_free_rx_ring(sc); 661 wpi_free_shared(sc); 662 } 663 664 if (sc->fw_dma.tag) 665 wpi_free_fwmem(sc); 666 667 if (sc->mem != NULL) 668 bus_release_resource(dev, SYS_RES_MEMORY, 669 rman_get_rid(sc->mem), sc->mem); 670 671 if (ifp != NULL) 672 if_free(ifp); 673 674 delete_unrhdr(sc->sc_unr); 675 676 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 677 WPI_LOCK_DESTROY(sc); 678 return 0; 679} 680 681static int 682wpi_shutdown(device_t dev) 683{ 684 struct wpi_softc *sc = device_get_softc(dev); 685 686 wpi_stop(sc); 687 return 0; 688} 689 690static int 691wpi_suspend(device_t dev) 692{ 693 struct wpi_softc *sc = device_get_softc(dev); 694 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 695 696 ieee80211_suspend_all(ic); 697 return 0; 698} 699 700static int 701wpi_resume(device_t dev) 702{ 703 struct wpi_softc *sc = device_get_softc(dev); 704 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 705 706 /* Clear device-specific "PCI retry timeout" register (41h). */ 707 pci_write_config(dev, 0x41, 0, 1); 708 709 ieee80211_resume_all(ic); 710 return 0; 711} 712 713/* 714 * Grab exclusive access to NIC memory. 715 */ 716static int 717wpi_nic_lock(struct wpi_softc *sc) 718{ 719 int ntries; 720 721 /* Request exclusive access to NIC. */ 722 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 723 724 /* Spin until we actually get the lock. */ 725 for (ntries = 0; ntries < 1000; ntries++) { 726 if ((WPI_READ(sc, WPI_GP_CNTRL) & 727 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 728 WPI_GP_CNTRL_MAC_ACCESS_ENA) 729 return 0; 730 DELAY(10); 731 } 732 733 device_printf(sc->sc_dev, "could not lock memory\n"); 734 735 return ETIMEDOUT; 736} 737 738/* 739 * Release lock on NIC memory. 740 */ 741static __inline void 742wpi_nic_unlock(struct wpi_softc *sc) 743{ 744 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 745} 746 747static __inline uint32_t 748wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 749{ 750 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 751 WPI_BARRIER_READ_WRITE(sc); 752 return WPI_READ(sc, WPI_PRPH_RDATA); 753} 754 755static __inline void 756wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 757{ 758 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 759 WPI_BARRIER_WRITE(sc); 760 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 761} 762 763static __inline void 764wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 765{ 766 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 767} 768 769static __inline void 770wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 771{ 772 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 773} 774 775static __inline void 776wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 777 const uint32_t *data, int count) 778{ 779 for (; count > 0; count--, data++, addr += 4) 780 wpi_prph_write(sc, addr, *data); 781} 782 783static __inline uint32_t 784wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 785{ 786 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 787 WPI_BARRIER_READ_WRITE(sc); 788 return WPI_READ(sc, WPI_MEM_RDATA); 789} 790 791static __inline void 792wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 793 int count) 794{ 795 for (; count > 0; count--, addr += 4) 796 *data++ = wpi_mem_read(sc, addr); 797} 798 799static int 800wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 801{ 802 uint8_t *out = data; 803 uint32_t val; 804 int error, ntries; 805 806 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 807 808 if ((error = wpi_nic_lock(sc)) != 0) 809 return error; 810 811 for (; count > 0; count -= 2, addr++) { 812 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 813 for (ntries = 0; ntries < 10; ntries++) { 814 val = WPI_READ(sc, WPI_EEPROM); 815 if (val & WPI_EEPROM_READ_VALID) 816 break; 817 DELAY(5); 818 } 819 if (ntries == 10) { 820 device_printf(sc->sc_dev, 821 "timeout reading ROM at 0x%x\n", addr); 822 return ETIMEDOUT; 823 } 824 *out++= val >> 16; 825 if (count > 1) 826 *out ++= val >> 24; 827 } 828 829 wpi_nic_unlock(sc); 830 831 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 832 833 return 0; 834} 835 836static void 837wpi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 838{ 839 if (error != 0) 840 return; 841 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 842 *(bus_addr_t *)arg = segs[0].ds_addr; 843} 844 845/* 846 * Allocates a contiguous block of dma memory of the requested size and 847 * alignment. 848 */ 849static int 850wpi_dma_contig_alloc(struct wpi_softc *sc, struct wpi_dma_info *dma, 851 void **kvap, bus_size_t size, bus_size_t alignment) 852{ 853 int error; 854 855 dma->tag = NULL; 856 dma->size = size; 857 858 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment, 859 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 860 1, size, BUS_DMA_NOWAIT, NULL, NULL, &dma->tag); 861 if (error != 0) 862 goto fail; 863 864 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 865 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 866 if (error != 0) 867 goto fail; 868 869 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 870 wpi_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 871 if (error != 0) 872 goto fail; 873 874 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 875 876 if (kvap != NULL) 877 *kvap = dma->vaddr; 878 879 return 0; 880 881fail: wpi_dma_contig_free(dma); 882 return error; 883} 884 885static void 886wpi_dma_contig_free(struct wpi_dma_info *dma) 887{ 888 if (dma->vaddr != NULL) { 889 bus_dmamap_sync(dma->tag, dma->map, 890 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 891 bus_dmamap_unload(dma->tag, dma->map); 892 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 893 dma->vaddr = NULL; 894 } 895 if (dma->tag != NULL) { 896 bus_dma_tag_destroy(dma->tag); 897 dma->tag = NULL; 898 } 899} 900 901/* 902 * Allocate a shared page between host and NIC. 903 */ 904static int 905wpi_alloc_shared(struct wpi_softc *sc) 906{ 907 /* Shared buffer must be aligned on a 4KB boundary. */ 908 return wpi_dma_contig_alloc(sc, &sc->shared_dma, 909 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 910} 911 912static void 913wpi_free_shared(struct wpi_softc *sc) 914{ 915 wpi_dma_contig_free(&sc->shared_dma); 916} 917 918/* 919 * Allocate DMA-safe memory for firmware transfer. 920 */ 921static int 922wpi_alloc_fwmem(struct wpi_softc *sc) 923{ 924 /* Must be aligned on a 16-byte boundary. */ 925 return wpi_dma_contig_alloc(sc, &sc->fw_dma, NULL, 926 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 927} 928 929static void 930wpi_free_fwmem(struct wpi_softc *sc) 931{ 932 wpi_dma_contig_free(&sc->fw_dma); 933} 934 935static int 936wpi_alloc_rx_ring(struct wpi_softc *sc) 937{ 938 struct wpi_rx_ring *ring = &sc->rxq; 939 bus_size_t size; 940 int i, error; 941 942 ring->cur = 0; 943 ring->update = 0; 944 945 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 946 947 /* Allocate RX descriptors (16KB aligned.) */ 948 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 949 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, 950 (void **)&ring->desc, size, WPI_RING_DMA_ALIGN); 951 if (error != 0) { 952 device_printf(sc->sc_dev, 953 "%s: could not allocate RX ring DMA memory, error %d\n", 954 __func__, error); 955 goto fail; 956 } 957 958 /* Create RX buffer DMA tag. */ 959 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 960 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 961 MJUMPAGESIZE, 1, MJUMPAGESIZE, BUS_DMA_NOWAIT, NULL, NULL, 962 &ring->data_dmat); 963 if (error != 0) { 964 device_printf(sc->sc_dev, 965 "%s: could not create RX buf DMA tag, error %d\n", 966 __func__, error); 967 goto fail; 968 } 969 970 /* 971 * Allocate and map RX buffers. 972 */ 973 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 974 struct wpi_rx_data *data = &ring->data[i]; 975 bus_addr_t paddr; 976 977 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 978 if (error != 0) { 979 device_printf(sc->sc_dev, 980 "%s: could not create RX buf DMA map, error %d\n", 981 __func__, error); 982 goto fail; 983 } 984 985 data->m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 986 if (data->m == NULL) { 987 device_printf(sc->sc_dev, 988 "%s: could not allocate RX mbuf\n", __func__); 989 error = ENOBUFS; 990 goto fail; 991 } 992 993 error = bus_dmamap_load(ring->data_dmat, data->map, 994 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 995 &paddr, BUS_DMA_NOWAIT); 996 if (error != 0 && error != EFBIG) { 997 device_printf(sc->sc_dev, 998 "%s: can't map mbuf (error %d)\n", __func__, 999 error); 1000 goto fail; 1001 } 1002 1003 /* Set physical address of RX buffer. */ 1004 ring->desc[i] = htole32(paddr); 1005 } 1006 1007 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1008 BUS_DMASYNC_PREWRITE); 1009 1010 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1011 1012 return 0; 1013 1014fail: wpi_free_rx_ring(sc); 1015 1016 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1017 1018 return error; 1019} 1020 1021static void 1022wpi_update_rx_ring(struct wpi_softc *sc) 1023{ 1024 struct wpi_rx_ring *ring = &sc->rxq; 1025 1026 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1027 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s: wakeup request\n", 1028 __func__); 1029 1030 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1031 ring->update = 1; 1032 } else 1033 WPI_WRITE(sc, WPI_FH_RX_WPTR, ring->cur & ~7); 1034} 1035 1036static void 1037wpi_reset_rx_ring(struct wpi_softc *sc) 1038{ 1039 struct wpi_rx_ring *ring = &sc->rxq; 1040 int ntries; 1041 1042 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1043 1044 if (wpi_nic_lock(sc) == 0) { 1045 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 1046 for (ntries = 0; ntries < 1000; ntries++) { 1047 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 1048 WPI_FH_RX_STATUS_IDLE) 1049 break; 1050 DELAY(10); 1051 } 1052#ifdef WPI_DEBUG 1053 if (ntries == 1000) { 1054 device_printf(sc->sc_dev, 1055 "timeout resetting Rx ring\n"); 1056 } 1057#endif 1058 wpi_nic_unlock(sc); 1059 } 1060 1061 ring->cur = 0; 1062 ring->update = 0; 1063} 1064 1065static void 1066wpi_free_rx_ring(struct wpi_softc *sc) 1067{ 1068 struct wpi_rx_ring *ring = &sc->rxq; 1069 int i; 1070 1071 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1072 1073 wpi_dma_contig_free(&ring->desc_dma); 1074 1075 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1076 struct wpi_rx_data *data = &ring->data[i]; 1077 1078 if (data->m != NULL) { 1079 bus_dmamap_sync(ring->data_dmat, data->map, 1080 BUS_DMASYNC_POSTREAD); 1081 bus_dmamap_unload(ring->data_dmat, data->map); 1082 m_freem(data->m); 1083 data->m = NULL; 1084 } 1085 if (data->map != NULL) 1086 bus_dmamap_destroy(ring->data_dmat, data->map); 1087 } 1088 if (ring->data_dmat != NULL) { 1089 bus_dma_tag_destroy(ring->data_dmat); 1090 ring->data_dmat = NULL; 1091 } 1092} 1093 1094static int 1095wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 1096{ 1097 bus_addr_t paddr; 1098 bus_size_t size; 1099 int i, error; 1100 1101 ring->qid = qid; 1102 ring->queued = 0; 1103 ring->cur = 0; 1104 ring->update = 0; 1105 1106 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1107 1108 /* Allocate TX descriptors (16KB aligned.) */ 1109 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 1110 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc, 1111 size, WPI_RING_DMA_ALIGN); 1112 if (error != 0) { 1113 device_printf(sc->sc_dev, 1114 "%s: could not allocate TX ring DMA memory, error %d\n", 1115 __func__, error); 1116 goto fail; 1117 } 1118 1119 /* Update shared area with ring physical address. */ 1120 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 1121 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 1122 BUS_DMASYNC_PREWRITE); 1123 1124 /* 1125 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 1126 * to allocate commands space for other rings. 1127 * XXX Do we really need to allocate descriptors for other rings? 1128 */ 1129 if (qid > 4) 1130 return 0; 1131 1132 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 1133 error = wpi_dma_contig_alloc(sc, &ring->cmd_dma, (void **)&ring->cmd, 1134 size, 4); 1135 if (error != 0) { 1136 device_printf(sc->sc_dev, 1137 "%s: could not allocate TX cmd DMA memory, error %d\n", 1138 __func__, error); 1139 goto fail; 1140 } 1141 1142 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1143 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1144 WPI_MAX_SCATTER - 1, MCLBYTES, BUS_DMA_NOWAIT, NULL, NULL, 1145 &ring->data_dmat); 1146 if (error != 0) { 1147 device_printf(sc->sc_dev, 1148 "%s: could not create TX buf DMA tag, error %d\n", 1149 __func__, error); 1150 goto fail; 1151 } 1152 1153 paddr = ring->cmd_dma.paddr; 1154 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1155 struct wpi_tx_data *data = &ring->data[i]; 1156 1157 data->cmd_paddr = paddr; 1158 paddr += sizeof (struct wpi_tx_cmd); 1159 1160 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1161 if (error != 0) { 1162 device_printf(sc->sc_dev, 1163 "%s: could not create TX buf DMA map, error %d\n", 1164 __func__, error); 1165 goto fail; 1166 } 1167 } 1168 1169 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1170 1171 return 0; 1172 1173fail: wpi_free_tx_ring(sc, ring); 1174 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1175 return error; 1176} 1177 1178static void 1179wpi_update_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1180{ 1181 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1182 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s (%d): requesting wakeup\n", 1183 __func__, ring->qid); 1184 1185 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1186 ring->update = 1; 1187 } else 1188 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1189} 1190 1191static void 1192wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1193{ 1194 int i; 1195 1196 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1197 1198 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1199 struct wpi_tx_data *data = &ring->data[i]; 1200 1201 if (data->m != NULL) { 1202 bus_dmamap_sync(ring->data_dmat, data->map, 1203 BUS_DMASYNC_POSTWRITE); 1204 bus_dmamap_unload(ring->data_dmat, data->map); 1205 m_freem(data->m); 1206 data->m = NULL; 1207 } 1208 } 1209 /* Clear TX descriptors. */ 1210 memset(ring->desc, 0, ring->desc_dma.size); 1211 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1212 BUS_DMASYNC_PREWRITE); 1213 sc->qfullmsk &= ~(1 << ring->qid); 1214 ring->queued = 0; 1215 ring->cur = 0; 1216 ring->update = 0; 1217} 1218 1219static void 1220wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1221{ 1222 int i; 1223 1224 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1225 1226 wpi_dma_contig_free(&ring->desc_dma); 1227 wpi_dma_contig_free(&ring->cmd_dma); 1228 1229 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1230 struct wpi_tx_data *data = &ring->data[i]; 1231 1232 if (data->m != NULL) { 1233 bus_dmamap_sync(ring->data_dmat, data->map, 1234 BUS_DMASYNC_POSTWRITE); 1235 bus_dmamap_unload(ring->data_dmat, data->map); 1236 m_freem(data->m); 1237 } 1238 if (data->map != NULL) 1239 bus_dmamap_destroy(ring->data_dmat, data->map); 1240 } 1241 if (ring->data_dmat != NULL) { 1242 bus_dma_tag_destroy(ring->data_dmat); 1243 ring->data_dmat = NULL; 1244 } 1245} 1246 1247/* 1248 * Extract various information from EEPROM. 1249 */ 1250static int 1251wpi_read_eeprom(struct wpi_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN]) 1252{ 1253#define WPI_CHK(res) do { \ 1254 if ((error = res) != 0) \ 1255 goto fail; \ 1256} while (0) 1257 int error, i; 1258 1259 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1260 1261 /* Adapter has to be powered on for EEPROM access to work. */ 1262 if ((error = wpi_apm_init(sc)) != 0) { 1263 device_printf(sc->sc_dev, 1264 "%s: could not power ON adapter, error %d\n", __func__, 1265 error); 1266 return error; 1267 } 1268 1269 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 1270 device_printf(sc->sc_dev, "bad EEPROM signature\n"); 1271 error = EIO; 1272 goto fail; 1273 } 1274 /* Clear HW ownership of EEPROM. */ 1275 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 1276 1277 /* Read the hardware capabilities, revision and SKU type. */ 1278 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_SKU_CAP, &sc->cap, 1279 sizeof(sc->cap))); 1280 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 1281 sizeof(sc->rev))); 1282 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1283 sizeof(sc->type))); 1284 1285 DPRINTF(sc, WPI_DEBUG_EEPROM, "cap=%x rev=%x type=%x\n", sc->cap, le16toh(sc->rev), 1286 sc->type); 1287 1288 /* Read the regulatory domain (4 ASCII characters.) */ 1289 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, sc->domain, 1290 sizeof(sc->domain))); 1291 1292 /* Read MAC address. */ 1293 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_MAC, macaddr, 1294 IEEE80211_ADDR_LEN)); 1295 1296 /* Read the list of authorized channels. */ 1297 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 1298 WPI_CHK(wpi_read_eeprom_channels(sc, i)); 1299 1300 /* Read the list of TX power groups. */ 1301 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 1302 WPI_CHK(wpi_read_eeprom_group(sc, i)); 1303 1304fail: wpi_apm_stop(sc); /* Power OFF adapter. */ 1305 1306 DPRINTF(sc, WPI_DEBUG_TRACE, error ? TRACE_STR_END_ERR : TRACE_STR_END, 1307 __func__); 1308 1309 return error; 1310#undef WPI_CHK 1311} 1312 1313/* 1314 * Translate EEPROM flags to net80211. 1315 */ 1316static uint32_t 1317wpi_eeprom_channel_flags(struct wpi_eeprom_chan *channel) 1318{ 1319 uint32_t nflags; 1320 1321 nflags = 0; 1322 if ((channel->flags & WPI_EEPROM_CHAN_ACTIVE) == 0) 1323 nflags |= IEEE80211_CHAN_PASSIVE; 1324 if ((channel->flags & WPI_EEPROM_CHAN_IBSS) == 0) 1325 nflags |= IEEE80211_CHAN_NOADHOC; 1326 if (channel->flags & WPI_EEPROM_CHAN_RADAR) { 1327 nflags |= IEEE80211_CHAN_DFS; 1328 /* XXX apparently IBSS may still be marked */ 1329 nflags |= IEEE80211_CHAN_NOADHOC; 1330 } 1331 1332 return nflags; 1333} 1334 1335static void 1336wpi_read_eeprom_band(struct wpi_softc *sc, int n) 1337{ 1338 struct ifnet *ifp = sc->sc_ifp; 1339 struct ieee80211com *ic = ifp->if_l2com; 1340 struct wpi_eeprom_chan *channels = sc->eeprom_channels[n]; 1341 const struct wpi_chan_band *band = &wpi_bands[n]; 1342 struct ieee80211_channel *c; 1343 uint8_t chan; 1344 int i, nflags; 1345 1346 for (i = 0; i < band->nchan; i++) { 1347 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) { 1348 DPRINTF(sc, WPI_DEBUG_HW, 1349 "Channel Not Valid: %d, band %d\n", 1350 band->chan[i],n); 1351 continue; 1352 } 1353 1354 chan = band->chan[i]; 1355 nflags = wpi_eeprom_channel_flags(&channels[i]); 1356 1357 c = &ic->ic_channels[ic->ic_nchans++]; 1358 c->ic_ieee = chan; 1359 c->ic_maxregpower = channels[i].maxpwr; 1360 c->ic_maxpower = 2*c->ic_maxregpower; 1361 1362 if (n == 0) { /* 2GHz band */ 1363 c->ic_freq = ieee80211_ieee2mhz(chan, IEEE80211_CHAN_G); 1364 /* G =>'s B is supported */ 1365 c->ic_flags = IEEE80211_CHAN_B | nflags; 1366 c = &ic->ic_channels[ic->ic_nchans++]; 1367 c[0] = c[-1]; 1368 c->ic_flags = IEEE80211_CHAN_G | nflags; 1369 } else { /* 5GHz band */ 1370 c->ic_freq = ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A); 1371 c->ic_flags = IEEE80211_CHAN_A | nflags; 1372 } 1373 1374 /* Save maximum allowed TX power for this channel. */ 1375 sc->maxpwr[chan] = channels[i].maxpwr; 1376 1377 DPRINTF(sc, WPI_DEBUG_EEPROM, 1378 "adding chan %d (%dMHz) flags=0x%x maxpwr=%d passive=%d," 1379 " offset %d\n", chan, c->ic_freq, 1380 channels[i].flags, sc->maxpwr[chan], 1381 IEEE80211_IS_CHAN_PASSIVE(c), ic->ic_nchans); 1382 } 1383} 1384 1385/** 1386 * Read the eeprom to find out what channels are valid for the given 1387 * band and update net80211 with what we find. 1388 */ 1389static int 1390wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 1391{ 1392 struct ifnet *ifp = sc->sc_ifp; 1393 struct ieee80211com *ic = ifp->if_l2com; 1394 const struct wpi_chan_band *band = &wpi_bands[n]; 1395 int error; 1396 1397 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1398 1399 error = wpi_read_prom_data(sc, band->addr, &sc->eeprom_channels[n], 1400 band->nchan * sizeof (struct wpi_eeprom_chan)); 1401 if (error != 0) { 1402 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1403 return error; 1404 } 1405 1406 wpi_read_eeprom_band(sc, n); 1407 1408 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans); 1409 1410 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1411 1412 return 0; 1413} 1414 1415static struct wpi_eeprom_chan * 1416wpi_find_eeprom_channel(struct wpi_softc *sc, struct ieee80211_channel *c) 1417{ 1418 int i, j; 1419 1420 for (j = 0; j < WPI_CHAN_BANDS_COUNT; j++) 1421 for (i = 0; i < wpi_bands[j].nchan; i++) 1422 if (wpi_bands[j].chan[i] == c->ic_ieee) 1423 return &sc->eeprom_channels[j][i]; 1424 1425 return NULL; 1426} 1427 1428/* 1429 * Enforce flags read from EEPROM. 1430 */ 1431static int 1432wpi_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd, 1433 int nchan, struct ieee80211_channel chans[]) 1434{ 1435 struct ifnet *ifp = ic->ic_ifp; 1436 struct wpi_softc *sc = ifp->if_softc; 1437 int i; 1438 1439 for (i = 0; i < nchan; i++) { 1440 struct ieee80211_channel *c = &chans[i]; 1441 struct wpi_eeprom_chan *channel; 1442 1443 channel = wpi_find_eeprom_channel(sc, c); 1444 if (channel == NULL) { 1445 if_printf(ic->ic_ifp, 1446 "%s: invalid channel %u freq %u/0x%x\n", 1447 __func__, c->ic_ieee, c->ic_freq, c->ic_flags); 1448 return EINVAL; 1449 } 1450 c->ic_flags |= wpi_eeprom_channel_flags(channel); 1451 } 1452 1453 return 0; 1454} 1455 1456static int 1457wpi_read_eeprom_group(struct wpi_softc *sc, int n) 1458{ 1459 struct wpi_power_group *group = &sc->groups[n]; 1460 struct wpi_eeprom_group rgroup; 1461 int i, error; 1462 1463 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1464 1465 if ((error = wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, 1466 &rgroup, sizeof rgroup)) != 0) { 1467 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1468 return error; 1469 } 1470 1471 /* Save TX power group information. */ 1472 group->chan = rgroup.chan; 1473 group->maxpwr = rgroup.maxpwr; 1474 /* Retrieve temperature at which the samples were taken. */ 1475 group->temp = (int16_t)le16toh(rgroup.temp); 1476 1477 DPRINTF(sc, WPI_DEBUG_EEPROM, 1478 "power group %d: chan=%d maxpwr=%d temp=%d\n", n, group->chan, 1479 group->maxpwr, group->temp); 1480 1481 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 1482 group->samples[i].index = rgroup.samples[i].index; 1483 group->samples[i].power = rgroup.samples[i].power; 1484 1485 DPRINTF(sc, WPI_DEBUG_EEPROM, 1486 "\tsample %d: index=%d power=%d\n", i, 1487 group->samples[i].index, group->samples[i].power); 1488 } 1489 1490 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1491 1492 return 0; 1493} 1494 1495static struct ieee80211_node * 1496wpi_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1497{ 1498 struct wpi_node *wn; 1499 1500 wn = malloc(sizeof (struct wpi_node), M_80211_NODE, 1501 M_NOWAIT | M_ZERO); 1502 1503 if (wn == NULL) 1504 return NULL; 1505 1506 wn->id = WPI_ID_UNDEFINED; 1507 1508 return &wn->ni; 1509} 1510 1511static void 1512wpi_node_free(struct ieee80211_node *ni) 1513{ 1514 struct ieee80211com *ic = ni->ni_ic; 1515 struct wpi_softc *sc = ic->ic_ifp->if_softc; 1516 struct wpi_node *wn = (struct wpi_node *)ni; 1517 1518 if (wn->id >= WPI_ID_IBSS_MIN && wn->id <= WPI_ID_IBSS_MAX) { 1519 free_unr(sc->sc_unr, wn->id); 1520 1521 WPI_LOCK(sc); 1522 if (sc->rxon.filter & htole32(WPI_FILTER_BSS)) 1523 wpi_del_node(sc, ni); 1524 WPI_UNLOCK(sc); 1525 } 1526 1527 sc->sc_node_free(ni); 1528} 1529 1530/** 1531 * Called by net80211 when ever there is a change to 80211 state machine 1532 */ 1533static int 1534wpi_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1535{ 1536 struct wpi_vap *wvp = WPI_VAP(vap); 1537 struct ieee80211com *ic = vap->iv_ic; 1538 struct ifnet *ifp = ic->ic_ifp; 1539 struct wpi_softc *sc = ifp->if_softc; 1540 int error = 0; 1541 1542 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1543 1544 DPRINTF(sc, WPI_DEBUG_STATE, "%s: %s -> %s\n", __func__, 1545 ieee80211_state_name[vap->iv_state], 1546 ieee80211_state_name[nstate]); 1547 1548 IEEE80211_UNLOCK(ic); 1549 WPI_LOCK(sc); 1550 switch (nstate) { 1551 case IEEE80211_S_SCAN: 1552 if ((vap->iv_opmode == IEEE80211_M_IBSS || 1553 vap->iv_opmode == IEEE80211_M_AHDEMO) && 1554 (sc->rxon.filter & htole32(WPI_FILTER_BSS))) { 1555 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1556 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 1557 device_printf(sc->sc_dev, 1558 "%s: could not send RXON\n", __func__); 1559 } 1560 } 1561 break; 1562 1563 case IEEE80211_S_ASSOC: 1564 if (vap->iv_state != IEEE80211_S_RUN) 1565 break; 1566 /* FALLTHROUGH */ 1567 case IEEE80211_S_AUTH: 1568 /* 1569 * The node must be registered in the firmware before auth. 1570 * Also the associd must be cleared on RUN -> ASSOC 1571 * transitions. 1572 */ 1573 if ((error = wpi_auth(sc, vap)) != 0) { 1574 device_printf(sc->sc_dev, 1575 "%s: could not move to AUTH state, error %d\n", 1576 __func__, error); 1577 } 1578 break; 1579 1580 case IEEE80211_S_RUN: 1581 /* 1582 * RUN -> RUN transition; Just restart the timers. 1583 */ 1584 if (vap->iv_state == IEEE80211_S_RUN) { 1585 wpi_calib_timeout(sc); 1586 break; 1587 } 1588 1589 /* 1590 * !RUN -> RUN requires setting the association id 1591 * which is done with a firmware cmd. We also defer 1592 * starting the timers until that work is done. 1593 */ 1594 if ((error = wpi_run(sc, vap)) != 0) { 1595 device_printf(sc->sc_dev, 1596 "%s: could not move to RUN state\n", __func__); 1597 } 1598 break; 1599 1600 default: 1601 break; 1602 } 1603 WPI_UNLOCK(sc); 1604 IEEE80211_LOCK(ic); 1605 if (error != 0) { 1606 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1607 return error; 1608 } 1609 1610 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1611 1612 return wvp->newstate(vap, nstate, arg); 1613} 1614 1615static void 1616wpi_calib_timeout(void *arg) 1617{ 1618 struct wpi_softc *sc = arg; 1619 struct ifnet *ifp = sc->sc_ifp; 1620 struct ieee80211com *ic = ifp->if_l2com; 1621 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1622 1623 if (vap->iv_state != IEEE80211_S_RUN) 1624 return; 1625 1626 wpi_power_calibration(sc); 1627 1628 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 1629} 1630 1631static __inline uint8_t 1632rate2plcp(const uint8_t rate) 1633{ 1634 switch (rate) { 1635 case 12: return 0xd; 1636 case 18: return 0xf; 1637 case 24: return 0x5; 1638 case 36: return 0x7; 1639 case 48: return 0x9; 1640 case 72: return 0xb; 1641 case 96: return 0x1; 1642 case 108: return 0x3; 1643 case 2: return 10; 1644 case 4: return 20; 1645 case 11: return 55; 1646 case 22: return 110; 1647 default: return 0; 1648 } 1649} 1650 1651static __inline uint8_t 1652plcp2rate(const uint8_t plcp) 1653{ 1654 switch (plcp) { 1655 case 0xd: return 12; 1656 case 0xf: return 18; 1657 case 0x5: return 24; 1658 case 0x7: return 36; 1659 case 0x9: return 48; 1660 case 0xb: return 72; 1661 case 0x1: return 96; 1662 case 0x3: return 108; 1663 case 10: return 2; 1664 case 20: return 4; 1665 case 55: return 11; 1666 case 110: return 22; 1667 default: return 0; 1668 } 1669} 1670 1671/* Quickly determine if a given rate is CCK or OFDM. */ 1672#define WPI_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1673 1674static void 1675wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1676 struct wpi_rx_data *data) 1677{ 1678 struct ifnet *ifp = sc->sc_ifp; 1679 const struct ieee80211_cipher *cip = NULL; 1680 struct ieee80211com *ic = ifp->if_l2com; 1681 struct wpi_rx_ring *ring = &sc->rxq; 1682 struct wpi_rx_stat *stat; 1683 struct wpi_rx_head *head; 1684 struct wpi_rx_tail *tail; 1685 struct ieee80211_frame *wh; 1686 struct ieee80211_node *ni; 1687 struct mbuf *m, *m1; 1688 bus_addr_t paddr; 1689 uint32_t flags; 1690 uint16_t len; 1691 int error; 1692 1693 stat = (struct wpi_rx_stat *)(desc + 1); 1694 1695 if (stat->len > WPI_STAT_MAXLEN) { 1696 device_printf(sc->sc_dev, "invalid RX statistic header\n"); 1697 goto fail1; 1698 } 1699 1700 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 1701 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1702 len = le16toh(head->len); 1703 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + len); 1704 flags = le32toh(tail->flags); 1705 1706 DPRINTF(sc, WPI_DEBUG_RECV, "%s: idx %d len %d stat len %u rssi %d" 1707 " rate %x chan %d tstamp %ju\n", __func__, ring->cur, 1708 le32toh(desc->len), len, (int8_t)stat->rssi, 1709 head->plcp, head->chan, (uintmax_t)le64toh(tail->tstamp)); 1710 1711 /* Discard frames with a bad FCS early. */ 1712 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1713 DPRINTF(sc, WPI_DEBUG_RECV, "%s: RX flags error %x\n", 1714 __func__, flags); 1715 goto fail1; 1716 } 1717 /* Discard frames that are too short. */ 1718 if (len < sizeof (*wh)) { 1719 DPRINTF(sc, WPI_DEBUG_RECV, "%s: frame too short: %d\n", 1720 __func__, len); 1721 goto fail1; 1722 } 1723 1724 m1 = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1725 if (m1 == NULL) { 1726 DPRINTF(sc, WPI_DEBUG_ANY, "%s: no mbuf to restock ring\n", 1727 __func__); 1728 goto fail1; 1729 } 1730 bus_dmamap_unload(ring->data_dmat, data->map); 1731 1732 error = bus_dmamap_load(ring->data_dmat, data->map, mtod(m1, void *), 1733 MJUMPAGESIZE, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 1734 if (error != 0 && error != EFBIG) { 1735 device_printf(sc->sc_dev, 1736 "%s: bus_dmamap_load failed, error %d\n", __func__, error); 1737 m_freem(m1); 1738 1739 /* Try to reload the old mbuf. */ 1740 error = bus_dmamap_load(ring->data_dmat, data->map, 1741 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1742 &paddr, BUS_DMA_NOWAIT); 1743 if (error != 0 && error != EFBIG) { 1744 panic("%s: could not load old RX mbuf", __func__); 1745 } 1746 /* Physical address may have changed. */ 1747 ring->desc[ring->cur] = htole32(paddr); 1748 bus_dmamap_sync(ring->data_dmat, ring->desc_dma.map, 1749 BUS_DMASYNC_PREWRITE); 1750 goto fail1; 1751 } 1752 1753 m = data->m; 1754 data->m = m1; 1755 /* Update RX descriptor. */ 1756 ring->desc[ring->cur] = htole32(paddr); 1757 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1758 BUS_DMASYNC_PREWRITE); 1759 1760 /* Finalize mbuf. */ 1761 m->m_pkthdr.rcvif = ifp; 1762 m->m_data = (caddr_t)(head + 1); 1763 m->m_pkthdr.len = m->m_len = len; 1764 1765 /* Grab a reference to the source node. */ 1766 wh = mtod(m, struct ieee80211_frame *); 1767 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 1768 1769 if (ni != NULL) 1770 cip = ni->ni_ucastkey.wk_cipher; 1771 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1772 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1773 cip != NULL && cip->ic_cipher == IEEE80211_CIPHER_AES_CCM) { 1774 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) 1775 goto fail2; 1776 1777 /* Check whether decryption was successful or not. */ 1778 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1779 DPRINTF(sc, WPI_DEBUG_RECV, 1780 "CCMP decryption failed 0x%x\n", flags); 1781 goto fail2; 1782 } 1783 m->m_flags |= M_WEP; 1784 } 1785 1786 if (ieee80211_radiotap_active(ic)) { 1787 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1788 1789 tap->wr_flags = 0; 1790 if (head->flags & htole16(WPI_STAT_FLAG_SHPREAMBLE)) 1791 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1792 tap->wr_dbm_antsignal = (int8_t)(stat->rssi - WPI_RSSI_OFFSET); 1793 tap->wr_dbm_antnoise = (int8_t)le16toh(stat->noise); 1794 tap->wr_tsft = tail->tstamp; 1795 tap->wr_antenna = (le16toh(head->flags) >> 4) & 0xf; 1796 tap->wr_rate = plcp2rate(head->plcp); 1797 } 1798 1799 WPI_UNLOCK(sc); 1800 1801 /* Send the frame to the 802.11 layer. */ 1802 if (ni != NULL) { 1803 (void)ieee80211_input(ni, m, stat->rssi, -WPI_RSSI_OFFSET); 1804 /* Node is no longer needed. */ 1805 ieee80211_free_node(ni); 1806 } else 1807 (void)ieee80211_input_all(ic, m, stat->rssi, -WPI_RSSI_OFFSET); 1808 1809 WPI_LOCK(sc); 1810 1811 return; 1812 1813fail2: ieee80211_free_node(ni); 1814 m_freem(m); 1815 1816fail1: if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1817} 1818 1819static void 1820wpi_rx_statistics(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1821 struct wpi_rx_data *data) 1822{ 1823 /* Ignore */ 1824} 1825 1826static void 1827wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1828{ 1829 struct ifnet *ifp = sc->sc_ifp; 1830 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1831 struct wpi_tx_data *data = &ring->data[desc->idx]; 1832 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1833 struct mbuf *m; 1834 struct ieee80211_node *ni; 1835 struct ieee80211vap *vap; 1836 int ackfailcnt = stat->ackfailcnt; 1837 int status = le32toh(stat->status); 1838 1839 KASSERT(data->ni != NULL, ("no node")); 1840 1841 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1842 1843 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: " 1844 "qid %d idx %d retries %d btkillcnt %d rate %x duration %d " 1845 "status %x\n", __func__, desc->qid, desc->idx, ackfailcnt, 1846 stat->btkillcnt, stat->rate, le32toh(stat->duration), status); 1847 1848 /* Unmap and free mbuf. */ 1849 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTWRITE); 1850 bus_dmamap_unload(ring->data_dmat, data->map); 1851 m = data->m, data->m = NULL; 1852 ni = data->ni, data->ni = NULL; 1853 vap = ni->ni_vap; 1854 1855 /* 1856 * Update rate control statistics for the node. 1857 */ 1858 WPI_UNLOCK(sc); 1859 if ((status & 0xff) != 1) { 1860 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1861 ieee80211_ratectl_tx_complete(vap, ni, 1862 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL); 1863 } else { 1864 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 1865 ieee80211_ratectl_tx_complete(vap, ni, 1866 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL); 1867 } 1868 1869 ieee80211_tx_complete(ni, m, (status & 0xff) != 1); 1870 WPI_LOCK(sc); 1871 1872 sc->sc_tx_timer = 0; 1873 if (--ring->queued < WPI_TX_RING_LOMARK) { 1874 sc->qfullmsk &= ~(1 << ring->qid); 1875 if (sc->qfullmsk == 0 && 1876 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) { 1877 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1878 wpi_start_locked(ifp); 1879 } 1880 } 1881 1882 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1883} 1884 1885/* 1886 * Process a "command done" firmware notification. This is where we wakeup 1887 * processes waiting for a synchronous command completion. 1888 */ 1889static void 1890wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1891{ 1892 struct wpi_tx_ring *ring = &sc->txq[4]; 1893 struct wpi_tx_data *data; 1894 1895 DPRINTF(sc, WPI_DEBUG_CMD, "cmd notification qid=%x idx=%d flags=%x " 1896 "type=%s len=%d\n", desc->qid, desc->idx, 1897 desc->flags, wpi_cmd_str(desc->type), 1898 le32toh(desc->len)); 1899 1900 if ((desc->qid & 7) != 4) 1901 return; /* Not a command ack. */ 1902 1903 data = &ring->data[desc->idx]; 1904 1905 /* If the command was mapped in an mbuf, free it. */ 1906 if (data->m != NULL) { 1907 bus_dmamap_sync(ring->data_dmat, data->map, 1908 BUS_DMASYNC_POSTWRITE); 1909 bus_dmamap_unload(ring->data_dmat, data->map); 1910 m_freem(data->m); 1911 data->m = NULL; 1912 } 1913 1914 sc->flags &= ~WPI_FLAG_BUSY; 1915 wakeup(&ring->cmd[desc->idx]); 1916} 1917 1918static void 1919wpi_notif_intr(struct wpi_softc *sc) 1920{ 1921 struct ifnet *ifp = sc->sc_ifp; 1922 struct ieee80211com *ic = ifp->if_l2com; 1923 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1924 int hw; 1925 1926 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 1927 BUS_DMASYNC_POSTREAD); 1928 1929 hw = le32toh(sc->shared->next); 1930 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 1931 1932 while (sc->rxq.cur != hw) { 1933 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 1934 1935 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1936 struct wpi_rx_desc *desc; 1937 1938 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 1939 BUS_DMASYNC_POSTREAD); 1940 desc = mtod(data->m, struct wpi_rx_desc *); 1941 1942 DPRINTF(sc, WPI_DEBUG_NOTIFY, 1943 "%s: cur=%d; qid %x idx %d flags %x type %d(%s) len %d\n", 1944 __func__, sc->rxq.cur, desc->qid, desc->idx, desc->flags, 1945 desc->type, wpi_cmd_str(desc->type), le32toh(desc->len)); 1946 1947 if (!(desc->qid & 0x80)) /* Reply to a command. */ 1948 wpi_cmd_done(sc, desc); 1949 1950 switch (desc->type) { 1951 case WPI_RX_DONE: 1952 /* An 802.11 frame has been received. */ 1953 wpi_rx_done(sc, desc, data); 1954 break; 1955 1956 case WPI_TX_DONE: 1957 /* An 802.11 frame has been transmitted. */ 1958 wpi_tx_done(sc, desc); 1959 break; 1960 1961 case WPI_RX_STATISTICS: 1962 case WPI_BEACON_STATISTICS: 1963 wpi_rx_statistics(sc, desc, data); 1964 break; 1965 1966 case WPI_BEACON_MISSED: 1967 { 1968 struct wpi_beacon_missed *miss = 1969 (struct wpi_beacon_missed *)(desc + 1); 1970 int misses; 1971 1972 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 1973 BUS_DMASYNC_POSTREAD); 1974 misses = le32toh(miss->consecutive); 1975 1976 DPRINTF(sc, WPI_DEBUG_STATE, 1977 "%s: beacons missed %d/%d\n", __func__, misses, 1978 le32toh(miss->total)); 1979 1980 if (vap->iv_state == IEEE80211_S_RUN && 1981 (ic->ic_flags & IEEE80211_S_SCAN) == 0) { 1982 if (misses >= vap->iv_bmissthreshold) { 1983 WPI_UNLOCK(sc); 1984 ieee80211_beacon_miss(ic); 1985 WPI_LOCK(sc); 1986 } 1987 } 1988 break; 1989 } 1990 case WPI_UC_READY: 1991 { 1992 struct wpi_ucode_info *uc = 1993 (struct wpi_ucode_info *)(desc + 1); 1994 1995 /* The microcontroller is ready. */ 1996 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 1997 BUS_DMASYNC_POSTREAD); 1998 DPRINTF(sc, WPI_DEBUG_RESET, 1999 "microcode alive notification version=%d.%d " 2000 "subtype=%x alive=%x\n", uc->major, uc->minor, 2001 uc->subtype, le32toh(uc->valid)); 2002 2003 if (le32toh(uc->valid) != 1) { 2004 device_printf(sc->sc_dev, 2005 "microcontroller initialization failed\n"); 2006 wpi_stop_locked(sc); 2007 } 2008 /* Save the address of the error log in SRAM. */ 2009 sc->errptr = le32toh(uc->errptr); 2010 break; 2011 } 2012 case WPI_STATE_CHANGED: 2013 { 2014 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2015 BUS_DMASYNC_POSTREAD); 2016 2017 uint32_t *status = (uint32_t *)(desc + 1); 2018 2019 DPRINTF(sc, WPI_DEBUG_STATE, "state changed to %x\n", 2020 le32toh(*status)); 2021 2022 if (le32toh(*status) & 1) { 2023 ieee80211_runtask(ic, &sc->sc_radiooff_task); 2024 return; 2025 } 2026 break; 2027 } 2028 case WPI_START_SCAN: 2029 { 2030 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2031 BUS_DMASYNC_POSTREAD); 2032#ifdef WPI_DEBUG 2033 struct wpi_start_scan *scan = 2034 (struct wpi_start_scan *)(desc + 1); 2035 DPRINTF(sc, WPI_DEBUG_SCAN, 2036 "%s: scanning channel %d status %x\n", 2037 __func__, scan->chan, le32toh(scan->status)); 2038#endif 2039 break; 2040 } 2041 case WPI_STOP_SCAN: 2042 { 2043 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2044 BUS_DMASYNC_POSTREAD); 2045#ifdef WPI_DEBUG 2046 struct wpi_stop_scan *scan = 2047 (struct wpi_stop_scan *)(desc + 1); 2048 DPRINTF(sc, WPI_DEBUG_SCAN, 2049 "scan finished nchan=%d status=%d chan=%d\n", 2050 scan->nchan, scan->status, scan->chan); 2051#endif 2052 sc->sc_scan_timer = 0; 2053 WPI_UNLOCK(sc); 2054 ieee80211_scan_next(vap); 2055 WPI_LOCK(sc); 2056 break; 2057 } 2058 } 2059 } 2060 2061 /* Tell the firmware what we have processed. */ 2062 wpi_update_rx_ring(sc); 2063} 2064 2065/* 2066 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up 2067 * from power-down sleep mode. 2068 */ 2069static void 2070wpi_wakeup_intr(struct wpi_softc *sc) 2071{ 2072 int qid; 2073 2074 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 2075 "%s: ucode wakeup from power-down sleep\n", __func__); 2076 2077 /* Wakeup RX and TX rings. */ 2078 if (sc->rxq.update) { 2079 sc->rxq.update = 0; 2080 wpi_update_rx_ring(sc); 2081 } 2082 for (qid = 0; qid < WPI_NTXQUEUES; qid++) { 2083 struct wpi_tx_ring *ring = &sc->txq[qid]; 2084 2085 if (ring->update) { 2086 ring->update = 0; 2087 wpi_update_tx_ring(sc, ring); 2088 } 2089 } 2090 2091 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 2092} 2093 2094/* 2095 * Dump the error log of the firmware when a firmware panic occurs. Although 2096 * we can't debug the firmware because it is neither open source nor free, it 2097 * can help us to identify certain classes of problems. 2098 */ 2099static void 2100wpi_fatal_intr(struct wpi_softc *sc) 2101{ 2102 struct wpi_fw_dump dump; 2103 uint32_t i, offset, count; 2104 const uint32_t size_errmsg = 2105 (sizeof (wpi_fw_errmsg) / sizeof ((wpi_fw_errmsg)[0])); 2106 2107 /* Check that the error log address is valid. */ 2108 if (sc->errptr < WPI_FW_DATA_BASE || 2109 sc->errptr + sizeof (dump) > 2110 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 2111 printf("%s: bad firmware error log address 0x%08x\n", __func__, 2112 sc->errptr); 2113 return; 2114 } 2115 if (wpi_nic_lock(sc) != 0) { 2116 printf("%s: could not read firmware error log\n", __func__); 2117 return; 2118 } 2119 /* Read number of entries in the log. */ 2120 count = wpi_mem_read(sc, sc->errptr); 2121 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 2122 printf("%s: invalid count field (count = %u)\n", __func__, 2123 count); 2124 wpi_nic_unlock(sc); 2125 return; 2126 } 2127 /* Skip "count" field. */ 2128 offset = sc->errptr + sizeof (uint32_t); 2129 printf("firmware error log (count = %u):\n", count); 2130 for (i = 0; i < count; i++) { 2131 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 2132 sizeof (dump) / sizeof (uint32_t)); 2133 2134 printf(" error type = \"%s\" (0x%08X)\n", 2135 (dump.desc < size_errmsg) ? 2136 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 2137 dump.desc); 2138 printf(" error data = 0x%08X\n", 2139 dump.data); 2140 printf(" branch link = 0x%08X%08X\n", 2141 dump.blink[0], dump.blink[1]); 2142 printf(" interrupt link = 0x%08X%08X\n", 2143 dump.ilink[0], dump.ilink[1]); 2144 printf(" time = %u\n", dump.time); 2145 2146 offset += sizeof (dump); 2147 } 2148 wpi_nic_unlock(sc); 2149 /* Dump driver status (TX and RX rings) while we're here. */ 2150 printf("driver status:\n"); 2151 for (i = 0; i < WPI_NTXQUEUES; i++) { 2152 struct wpi_tx_ring *ring = &sc->txq[i]; 2153 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 2154 i, ring->qid, ring->cur, ring->queued); 2155 } 2156 printf(" rx ring: cur=%d\n", sc->rxq.cur); 2157} 2158 2159static void 2160wpi_intr(void *arg) 2161{ 2162 struct wpi_softc *sc = arg; 2163 struct ifnet *ifp = sc->sc_ifp; 2164 uint32_t r1, r2; 2165 2166 WPI_LOCK(sc); 2167 2168 /* Disable interrupts. */ 2169 WPI_WRITE(sc, WPI_INT_MASK, 0); 2170 2171 r1 = WPI_READ(sc, WPI_INT); 2172 2173 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) { 2174 WPI_UNLOCK(sc); 2175 return; /* Hardware gone! */ 2176 } 2177 2178 r2 = WPI_READ(sc, WPI_FH_INT); 2179 2180 DPRINTF(sc, WPI_DEBUG_INTR, "%s: reg1=0x%08x reg2=0x%08x\n", __func__, 2181 r1, r2); 2182 2183 if (r1 == 0 && r2 == 0) 2184 goto done; /* Interrupt not for us. */ 2185 2186 /* Acknowledge interrupts. */ 2187 WPI_WRITE(sc, WPI_INT, r1); 2188 WPI_WRITE(sc, WPI_FH_INT, r2); 2189 2190 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 2191 struct ieee80211com *ic = ifp->if_l2com; 2192 2193 device_printf(sc->sc_dev, "fatal firmware error\n"); 2194 wpi_fatal_intr(sc); 2195 DPRINTF(sc, WPI_DEBUG_HW, 2196 "(%s)\n", (r1 & WPI_INT_SW_ERR) ? "(Software Error)" : 2197 "(Hardware Error)"); 2198 ieee80211_runtask(ic, &sc->sc_reinittask); 2199 sc->flags &= ~WPI_FLAG_BUSY; 2200 WPI_UNLOCK(sc); 2201 return; 2202 } 2203 2204 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 2205 (r2 & WPI_FH_INT_RX)) 2206 wpi_notif_intr(sc); 2207 2208 if (r1 & WPI_INT_ALIVE) 2209 wakeup(sc); /* Firmware is alive. */ 2210 2211 if (r1 & WPI_INT_WAKEUP) 2212 wpi_wakeup_intr(sc); 2213 2214done: 2215 /* Re-enable interrupts. */ 2216 if (ifp->if_flags & IFF_UP) 2217 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 2218 2219 WPI_UNLOCK(sc); 2220} 2221 2222static int 2223wpi_cmd2(struct wpi_softc *sc, struct wpi_buf *buf) 2224{ 2225 struct ieee80211_frame *wh; 2226 struct wpi_tx_cmd *cmd; 2227 struct wpi_tx_data *data; 2228 struct wpi_tx_desc *desc; 2229 struct wpi_tx_ring *ring; 2230 struct mbuf *m1; 2231 bus_dma_segment_t *seg, segs[WPI_MAX_SCATTER]; 2232 int error, i, hdrlen, nsegs, totlen, pad; 2233 2234 WPI_LOCK_ASSERT(sc); 2235 2236 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2237 2238 wh = mtod(buf->m, struct ieee80211_frame *); 2239 hdrlen = ieee80211_anyhdrsize(wh); 2240 totlen = buf->m->m_pkthdr.len; 2241 2242 if (hdrlen & 3) { 2243 /* First segment length must be a multiple of 4. */ 2244 pad = 4 - (hdrlen & 3); 2245 } else 2246 pad = 0; 2247 2248 ring = &sc->txq[buf->ac]; 2249 desc = &ring->desc[ring->cur]; 2250 data = &ring->data[ring->cur]; 2251 2252 /* Prepare TX firmware command. */ 2253 cmd = &ring->cmd[ring->cur]; 2254 cmd->code = buf->code; 2255 cmd->flags = 0; 2256 cmd->qid = ring->qid; 2257 cmd->idx = ring->cur; 2258 2259 memcpy(cmd->data, buf->data, buf->size); 2260 2261 /* Save and trim IEEE802.11 header. */ 2262 memcpy((uint8_t *)(cmd->data + buf->size), wh, hdrlen); 2263 m_adj(buf->m, hdrlen); 2264 2265 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, buf->m, 2266 segs, &nsegs, BUS_DMA_NOWAIT); 2267 if (error != 0 && error != EFBIG) { 2268 device_printf(sc->sc_dev, 2269 "%s: can't map mbuf (error %d)\n", __func__, error); 2270 m_freem(buf->m); 2271 return error; 2272 } 2273 if (error != 0) { 2274 /* Too many DMA segments, linearize mbuf. */ 2275 m1 = m_collapse(buf->m, M_NOWAIT, WPI_MAX_SCATTER - 1); 2276 if (m1 == NULL) { 2277 device_printf(sc->sc_dev, 2278 "%s: could not defrag mbuf\n", __func__); 2279 m_freem(buf->m); 2280 return ENOBUFS; 2281 } 2282 buf->m = m1; 2283 2284 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, 2285 buf->m, segs, &nsegs, BUS_DMA_NOWAIT); 2286 if (error != 0) { 2287 device_printf(sc->sc_dev, 2288 "%s: can't map mbuf (error %d)\n", __func__, error); 2289 m_freem(buf->m); 2290 return error; 2291 } 2292 } 2293 2294 KASSERT(nsegs < WPI_MAX_SCATTER, 2295 ("too many DMA segments, nsegs (%d) should be less than %d", 2296 nsegs, WPI_MAX_SCATTER)); 2297 2298 data->m = buf->m; 2299 data->ni = buf->ni; 2300 2301 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n", 2302 __func__, ring->qid, ring->cur, totlen, nsegs); 2303 2304 /* Fill TX descriptor. */ 2305 desc->nsegs = WPI_PAD32(totlen + pad) << 4 | (1 + nsegs); 2306 /* First DMA segment is used by the TX command. */ 2307 desc->segs[0].addr = htole32(data->cmd_paddr); 2308 desc->segs[0].len = htole32(4 + buf->size + hdrlen + pad); 2309 /* Other DMA segments are for data payload. */ 2310 seg = &segs[0]; 2311 for (i = 1; i <= nsegs; i++) { 2312 desc->segs[i].addr = htole32(seg->ds_addr); 2313 desc->segs[i].len = htole32(seg->ds_len); 2314 seg++; 2315 } 2316 2317 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE); 2318 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2319 BUS_DMASYNC_PREWRITE); 2320 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2321 BUS_DMASYNC_PREWRITE); 2322 2323 /* Kick TX ring. */ 2324 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2325 wpi_update_tx_ring(sc, ring); 2326 2327 /* Mark TX ring as full if we reach a certain threshold. */ 2328 if (++ring->queued > WPI_TX_RING_HIMARK) 2329 sc->qfullmsk |= 1 << ring->qid; 2330 2331 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2332 2333 return 0; 2334} 2335 2336/* 2337 * Construct the data packet for a transmit buffer. 2338 */ 2339static int 2340wpi_tx_data(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2341{ 2342 const struct ieee80211_txparam *tp; 2343 struct ieee80211vap *vap = ni->ni_vap; 2344 struct ieee80211com *ic = ni->ni_ic; 2345 struct wpi_node *wn = (void *)ni; 2346 struct ieee80211_channel *chan; 2347 struct ieee80211_frame *wh; 2348 struct ieee80211_key *k = NULL; 2349 struct wpi_cmd_data tx; 2350 struct wpi_buf tx_data; 2351 uint32_t flags; 2352 uint16_t qos; 2353 uint8_t tid, type; 2354 int ac, error, rate, ismcast, totlen; 2355 2356 wh = mtod(m, struct ieee80211_frame *); 2357 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2358 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 2359 2360 /* Select EDCA Access Category and TX ring for this frame. */ 2361 if (IEEE80211_QOS_HAS_SEQ(wh)) { 2362 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0]; 2363 tid = qos & IEEE80211_QOS_TID; 2364 } else { 2365 qos = 0; 2366 tid = 0; 2367 } 2368 ac = M_WME_GETAC(m); 2369 2370 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC) ? 2371 ni->ni_chan : ic->ic_curchan; 2372 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2373 2374 /* Choose a TX rate index. */ 2375 if (type == IEEE80211_FC0_TYPE_MGT) 2376 rate = tp->mgmtrate; 2377 else if (ismcast) 2378 rate = tp->mcastrate; 2379 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2380 rate = tp->ucastrate; 2381 else if (m->m_flags & M_EAPOL) 2382 rate = tp->mgmtrate; 2383 else { 2384 /* XXX pass pktlen */ 2385 (void) ieee80211_ratectl_rate(ni, NULL, 0); 2386 rate = ni->ni_txrate; 2387 } 2388 2389 /* Encrypt the frame if need be. */ 2390 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2391 /* Retrieve key for TX. */ 2392 k = ieee80211_crypto_encap(ni, m); 2393 if (k == NULL) { 2394 error = ENOBUFS; 2395 goto fail; 2396 } 2397 /* 802.11 header may have moved. */ 2398 wh = mtod(m, struct ieee80211_frame *); 2399 } 2400 totlen = m->m_pkthdr.len; 2401 2402 if (ieee80211_radiotap_active_vap(vap)) { 2403 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2404 2405 tap->wt_flags = 0; 2406 tap->wt_rate = rate; 2407 if (k != NULL) 2408 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2409 2410 ieee80211_radiotap_tx(vap, m); 2411 } 2412 2413 flags = 0; 2414 if (!ismcast) { 2415 /* Unicast frame, check if an ACK is expected. */ 2416 if (!qos || (qos & IEEE80211_QOS_ACKPOLICY) != 2417 IEEE80211_QOS_ACKPOLICY_NOACK) 2418 flags |= WPI_TX_NEED_ACK; 2419 } 2420 2421 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) 2422 flags |= WPI_TX_MORE_FRAG; /* Cannot happen yet. */ 2423 2424 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 2425 if (!ismcast) { 2426 /* NB: Group frames are sent using CCK in 802.11b/g. */ 2427 if (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) { 2428 flags |= WPI_TX_NEED_RTS; 2429 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 2430 WPI_RATE_IS_OFDM(rate)) { 2431 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 2432 flags |= WPI_TX_NEED_CTS; 2433 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 2434 flags |= WPI_TX_NEED_RTS; 2435 } 2436 2437 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2438 flags |= WPI_TX_FULL_TXOP; 2439 } 2440 2441 memset(&tx, 0, sizeof (struct wpi_cmd_data)); 2442 if (type == IEEE80211_FC0_TYPE_MGT) { 2443 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2444 2445 /* Tell HW to set timestamp in probe responses. */ 2446 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2447 flags |= WPI_TX_INSERT_TSTAMP; 2448 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2449 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2450 tx.timeout = htole16(3); 2451 else 2452 tx.timeout = htole16(2); 2453 } 2454 2455 if (ismcast || type != IEEE80211_FC0_TYPE_DATA) 2456 tx.id = WPI_ID_BROADCAST; 2457 else { 2458 if (wn->id == WPI_ID_UNDEFINED && 2459 (vap->iv_opmode == IEEE80211_M_IBSS || 2460 vap->iv_opmode == IEEE80211_M_AHDEMO)) { 2461 error = wpi_add_ibss_node(sc, ni); 2462 if (error != 0) { 2463 device_printf(sc->sc_dev, 2464 "%s: could not add IBSS node, error %d\n", 2465 __func__, error); 2466 goto fail; 2467 } 2468 } 2469 2470 if (wn->id == WPI_ID_UNDEFINED) { 2471 device_printf(sc->sc_dev, 2472 "%s: undefined node id\n", __func__); 2473 error = EINVAL; 2474 goto fail; 2475 } 2476 2477 tx.id = wn->id; 2478 } 2479 2480 if (type != IEEE80211_FC0_TYPE_MGT) 2481 tx.data_ntries = tp->maxretry; 2482 2483 tx.len = htole16(totlen); 2484 tx.flags = htole32(flags); 2485 tx.plcp = rate2plcp(rate); 2486 tx.tid = tid; 2487 tx.lifetime = htole32(WPI_LIFETIME_INFINITE); 2488 tx.ofdm_mask = 0xff; 2489 tx.cck_mask = 0x0f; 2490 tx.rts_ntries = 7; 2491 2492 if (k != NULL && k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) { 2493 if (!(k->wk_flags & IEEE80211_KEY_SWCRYPT)) { 2494 tx.security = WPI_CIPHER_CCMP; 2495 memcpy(tx.key, k->wk_key, k->wk_keylen); 2496 } 2497 } 2498 2499 tx_data.data = &tx; 2500 tx_data.ni = ni; 2501 tx_data.m = m; 2502 tx_data.size = sizeof(tx); 2503 tx_data.code = WPI_CMD_TX_DATA; 2504 tx_data.ac = ac; 2505 2506 return wpi_cmd2(sc, &tx_data); 2507 2508fail: m_freem(m); 2509 return error; 2510} 2511 2512static int 2513wpi_tx_data_raw(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 2514 const struct ieee80211_bpf_params *params) 2515{ 2516 struct ieee80211vap *vap = ni->ni_vap; 2517 struct ieee80211_frame *wh; 2518 struct wpi_cmd_data tx; 2519 struct wpi_buf tx_data; 2520 uint32_t flags; 2521 uint8_t type; 2522 int ac, rate, totlen; 2523 2524 wh = mtod(m, struct ieee80211_frame *); 2525 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2526 totlen = m->m_pkthdr.len; 2527 2528 ac = params->ibp_pri & 3; 2529 2530 /* Choose a TX rate index. */ 2531 rate = params->ibp_rate0; 2532 2533 flags = 0; 2534 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 2535 flags |= WPI_TX_NEED_ACK; 2536 if (params->ibp_flags & IEEE80211_BPF_RTS) 2537 flags |= WPI_TX_NEED_RTS; 2538 if (params->ibp_flags & IEEE80211_BPF_CTS) 2539 flags |= WPI_TX_NEED_CTS; 2540 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2541 flags |= WPI_TX_FULL_TXOP; 2542 2543 if (ieee80211_radiotap_active_vap(vap)) { 2544 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2545 2546 tap->wt_flags = 0; 2547 tap->wt_rate = rate; 2548 2549 ieee80211_radiotap_tx(vap, m); 2550 } 2551 2552 memset(&tx, 0, sizeof (struct wpi_cmd_data)); 2553 if (type == IEEE80211_FC0_TYPE_MGT) { 2554 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2555 2556 /* Tell HW to set timestamp in probe responses. */ 2557 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2558 flags |= WPI_TX_INSERT_TSTAMP; 2559 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2560 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2561 tx.timeout = htole16(3); 2562 else 2563 tx.timeout = htole16(2); 2564 } 2565 2566 tx.len = htole16(totlen); 2567 tx.flags = htole32(flags); 2568 tx.plcp = rate2plcp(rate); 2569 tx.id = WPI_ID_BROADCAST; 2570 tx.lifetime = htole32(WPI_LIFETIME_INFINITE); 2571 tx.rts_ntries = params->ibp_try1; 2572 tx.data_ntries = params->ibp_try0; 2573 2574 tx_data.data = &tx; 2575 tx_data.ni = ni; 2576 tx_data.m = m; 2577 tx_data.size = sizeof(tx); 2578 tx_data.code = WPI_CMD_TX_DATA; 2579 tx_data.ac = ac; 2580 2581 return wpi_cmd2(sc, &tx_data); 2582} 2583 2584static int 2585wpi_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 2586 const struct ieee80211_bpf_params *params) 2587{ 2588 struct ieee80211com *ic = ni->ni_ic; 2589 struct ifnet *ifp = ic->ic_ifp; 2590 struct wpi_softc *sc = ifp->if_softc; 2591 int error = 0; 2592 2593 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2594 2595 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2596 ieee80211_free_node(ni); 2597 m_freem(m); 2598 return ENETDOWN; 2599 } 2600 2601 WPI_LOCK(sc); 2602 if (params == NULL) { 2603 /* 2604 * Legacy path; interpret frame contents to decide 2605 * precisely how to send the frame. 2606 */ 2607 error = wpi_tx_data(sc, m, ni); 2608 } else { 2609 /* 2610 * Caller supplied explicit parameters to use in 2611 * sending the frame. 2612 */ 2613 error = wpi_tx_data_raw(sc, m, ni, params); 2614 } 2615 WPI_UNLOCK(sc); 2616 2617 if (error != 0) { 2618 /* NB: m is reclaimed on tx failure */ 2619 ieee80211_free_node(ni); 2620 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2621 2622 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2623 2624 return error; 2625 } 2626 2627 sc->sc_tx_timer = 5; 2628 2629 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2630 2631 return 0; 2632} 2633 2634/** 2635 * Process data waiting to be sent on the IFNET output queue 2636 */ 2637static void 2638wpi_start(struct ifnet *ifp) 2639{ 2640 struct wpi_softc *sc = ifp->if_softc; 2641 2642 WPI_LOCK(sc); 2643 wpi_start_locked(ifp); 2644 WPI_UNLOCK(sc); 2645} 2646 2647static void 2648wpi_start_locked(struct ifnet *ifp) 2649{ 2650 struct wpi_softc *sc = ifp->if_softc; 2651 struct ieee80211_node *ni; 2652 struct mbuf *m; 2653 2654 WPI_LOCK_ASSERT(sc); 2655 2656 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: called\n", __func__); 2657 2658 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 || 2659 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) 2660 return; 2661 2662 for (;;) { 2663 if (sc->qfullmsk != 0) { 2664 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 2665 break; 2666 } 2667 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 2668 if (m == NULL) 2669 break; 2670 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 2671 if (wpi_tx_data(sc, m, ni) != 0) { 2672 WPI_UNLOCK(sc); 2673 ieee80211_free_node(ni); 2674 WPI_LOCK(sc); 2675 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2676 } else 2677 sc->sc_tx_timer = 5; 2678 } 2679 2680 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: done\n", __func__); 2681} 2682 2683static void 2684wpi_watchdog_rfkill(void *arg) 2685{ 2686 struct wpi_softc *sc = arg; 2687 struct ifnet *ifp = sc->sc_ifp; 2688 struct ieee80211com *ic = ifp->if_l2com; 2689 2690 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "RFkill Watchdog: tick\n"); 2691 2692 /* No need to lock firmware memory. */ 2693 if ((wpi_prph_read(sc, WPI_APMG_RFKILL) & 0x1) == 0) { 2694 /* Radio kill switch is still off. */ 2695 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 2696 sc); 2697 } else 2698 ieee80211_runtask(ic, &sc->sc_radioon_task); 2699} 2700 2701/** 2702 * Called every second, wpi_watchdog used by the watch dog timer 2703 * to check that the card is still alive 2704 */ 2705static void 2706wpi_watchdog(void *arg) 2707{ 2708 struct wpi_softc *sc = arg; 2709 struct ifnet *ifp = sc->sc_ifp; 2710 struct ieee80211com *ic = ifp->if_l2com; 2711 2712 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "Watchdog: tick\n"); 2713 2714 if (sc->sc_tx_timer > 0) { 2715 if (--sc->sc_tx_timer == 0) { 2716 if_printf(ifp, "device timeout\n"); 2717 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2718 ieee80211_runtask(ic, &sc->sc_reinittask); 2719 } 2720 } 2721 2722 if (sc->sc_scan_timer > 0) { 2723 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2724 if (--sc->sc_scan_timer == 0 && vap != NULL) { 2725 if_printf(ifp, "scan timeout\n"); 2726 ieee80211_cancel_scan(vap); 2727 ieee80211_runtask(ic, &sc->sc_reinittask); 2728 } 2729 } 2730 2731 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 2732 callout_reset(&sc->watchdog_to, hz, wpi_watchdog, sc); 2733} 2734 2735static int 2736wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2737{ 2738 struct wpi_softc *sc = ifp->if_softc; 2739 struct ieee80211com *ic = ifp->if_l2com; 2740 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2741 struct ifreq *ifr = (struct ifreq *) data; 2742 int error = 0, startall = 0, stop = 0; 2743 2744 switch (cmd) { 2745 case SIOCGIFADDR: 2746 error = ether_ioctl(ifp, cmd, data); 2747 break; 2748 case SIOCSIFFLAGS: 2749 WPI_LOCK(sc); 2750 if (ifp->if_flags & IFF_UP) { 2751 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2752 wpi_init_locked(sc); 2753 if (WPI_READ(sc, WPI_GP_CNTRL) & 2754 WPI_GP_CNTRL_RFKILL) 2755 startall = 1; 2756 else 2757 stop = 1; 2758 } 2759 } else if (ifp->if_drv_flags & IFF_DRV_RUNNING) 2760 wpi_stop_locked(sc); 2761 WPI_UNLOCK(sc); 2762 if (startall) 2763 ieee80211_start_all(ic); 2764 else if (vap != NULL && stop) 2765 ieee80211_stop(vap); 2766 break; 2767 case SIOCGIFMEDIA: 2768 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 2769 break; 2770 default: 2771 error = EINVAL; 2772 break; 2773 } 2774 return error; 2775} 2776 2777/* 2778 * Send a command to the firmware. 2779 */ 2780static int 2781wpi_cmd(struct wpi_softc *sc, int code, const void *buf, size_t size, 2782 int async) 2783{ 2784 struct wpi_tx_ring *ring = &sc->txq[4]; 2785 struct wpi_tx_desc *desc; 2786 struct wpi_tx_data *data; 2787 struct wpi_tx_cmd *cmd; 2788 struct mbuf *m; 2789 bus_addr_t paddr; 2790 int totlen, error; 2791 2792 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2793 2794 if (async == 0) 2795 WPI_LOCK_ASSERT(sc); 2796 2797 DPRINTF(sc, WPI_DEBUG_CMD, "wpi_cmd %s size %zu async %d\n", 2798 wpi_cmd_str(code), size, async); 2799 2800 if (sc->flags & WPI_FLAG_BUSY) { 2801 device_printf(sc->sc_dev, "%s: cmd %d not sent, busy\n", 2802 __func__, code); 2803 return EAGAIN; 2804 } 2805 sc->flags |= WPI_FLAG_BUSY; 2806 2807 desc = &ring->desc[ring->cur]; 2808 data = &ring->data[ring->cur]; 2809 totlen = 4 + size; 2810 2811 if (size > sizeof cmd->data) { 2812 /* Command is too large to fit in a descriptor. */ 2813 if (totlen > MCLBYTES) 2814 return EINVAL; 2815 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 2816 if (m == NULL) 2817 return ENOMEM; 2818 cmd = mtod(m, struct wpi_tx_cmd *); 2819 error = bus_dmamap_load(ring->data_dmat, data->map, cmd, 2820 totlen, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 2821 if (error != 0) { 2822 m_freem(m); 2823 return error; 2824 } 2825 data->m = m; 2826 } else { 2827 cmd = &ring->cmd[ring->cur]; 2828 paddr = data->cmd_paddr; 2829 } 2830 2831 cmd->code = code; 2832 cmd->flags = 0; 2833 cmd->qid = ring->qid; 2834 cmd->idx = ring->cur; 2835 memcpy(cmd->data, buf, size); 2836 2837 desc->nsegs = 1 + (WPI_PAD32(size) << 4); 2838 desc->segs[0].addr = htole32(paddr); 2839 desc->segs[0].len = htole32(totlen); 2840 2841 if (size > sizeof cmd->data) { 2842 bus_dmamap_sync(ring->data_dmat, data->map, 2843 BUS_DMASYNC_PREWRITE); 2844 } else { 2845 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2846 BUS_DMASYNC_PREWRITE); 2847 } 2848 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2849 BUS_DMASYNC_PREWRITE); 2850 2851 /* Kick command ring. */ 2852 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2853 wpi_update_tx_ring(sc, ring); 2854 2855 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2856 2857 if (async) { 2858 sc->flags &= ~WPI_FLAG_BUSY; 2859 return 0; 2860 } 2861 2862 return msleep(cmd, &sc->sc_mtx, PCATCH, "wpicmd", hz); 2863} 2864 2865/* 2866 * Configure HW multi-rate retries. 2867 */ 2868static int 2869wpi_mrr_setup(struct wpi_softc *sc) 2870{ 2871 struct ifnet *ifp = sc->sc_ifp; 2872 struct ieee80211com *ic = ifp->if_l2com; 2873 struct wpi_mrr_setup mrr; 2874 int i, error; 2875 2876 /* CCK rates (not used with 802.11a). */ 2877 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 2878 mrr.rates[i].flags = 0; 2879 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 2880 /* Fallback to the immediate lower CCK rate (if any.) */ 2881 mrr.rates[i].next = 2882 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 2883 /* Try one time at this rate before falling back to "next". */ 2884 mrr.rates[i].ntries = 1; 2885 } 2886 /* OFDM rates (not used with 802.11b). */ 2887 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 2888 mrr.rates[i].flags = 0; 2889 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 2890 /* Fallback to the immediate lower rate (if any.) */ 2891 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 2892 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 2893 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 2894 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 2895 i - 1; 2896 /* Try one time at this rate before falling back to "next". */ 2897 mrr.rates[i].ntries = 1; 2898 } 2899 /* Setup MRR for control frames. */ 2900 mrr.which = htole32(WPI_MRR_CTL); 2901 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2902 if (error != 0) { 2903 device_printf(sc->sc_dev, 2904 "could not setup MRR for control frames\n"); 2905 return error; 2906 } 2907 /* Setup MRR for data frames. */ 2908 mrr.which = htole32(WPI_MRR_DATA); 2909 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 2910 if (error != 0) { 2911 device_printf(sc->sc_dev, 2912 "could not setup MRR for data frames\n"); 2913 return error; 2914 } 2915 return 0; 2916} 2917 2918static int 2919wpi_add_node(struct wpi_softc *sc, struct ieee80211_node *ni) 2920{ 2921 struct ieee80211com *ic = ni->ni_ic; 2922 struct wpi_node *wn = (void *)ni; 2923 struct wpi_node_info node; 2924 2925 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 2926 2927 if (wn->id == WPI_ID_UNDEFINED) 2928 return EINVAL; 2929 2930 memset(&node, 0, sizeof node); 2931 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 2932 node.id = wn->id; 2933 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2934 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 2935 node.action = htole32(WPI_ACTION_SET_RATE); 2936 node.antenna = WPI_ANTENNA_BOTH; 2937 2938 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 2939} 2940 2941/* 2942 * Broadcast node is used to send group-addressed and management frames. 2943 */ 2944static int 2945wpi_add_broadcast_node(struct wpi_softc *sc, int async) 2946{ 2947 struct ifnet *ifp = sc->sc_ifp; 2948 struct ieee80211com *ic = ifp->if_l2com; 2949 struct wpi_node_info node; 2950 2951 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 2952 2953 memset(&node, 0, sizeof node); 2954 IEEE80211_ADDR_COPY(node.macaddr, ifp->if_broadcastaddr); 2955 node.id = WPI_ID_BROADCAST; 2956 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2957 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 2958 node.action = htole32(WPI_ACTION_SET_RATE); 2959 node.antenna = WPI_ANTENNA_BOTH; 2960 2961 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, async); 2962} 2963 2964static int 2965wpi_add_ibss_node(struct wpi_softc *sc, struct ieee80211_node *ni) 2966{ 2967 struct wpi_node *wn = (void *)ni; 2968 2969 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 2970 2971 if (wn->id != WPI_ID_UNDEFINED) 2972 return EINVAL; 2973 2974 wn->id = alloc_unrl(sc->sc_unr); 2975 2976 if (wn->id == (uint8_t)-1) 2977 return ENOBUFS; 2978 2979 return wpi_add_node(sc, ni); 2980} 2981 2982static void 2983wpi_del_node(struct wpi_softc *sc, struct ieee80211_node *ni) 2984{ 2985 struct wpi_node *wn = (void *)ni; 2986 struct wpi_cmd_del_node node; 2987 int error; 2988 2989 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 2990 2991 if (wn->id == WPI_ID_UNDEFINED) { 2992 device_printf(sc->sc_dev, "%s: undefined node id passed\n", 2993 __func__); 2994 return; 2995 } 2996 2997 memset(&node, 0, sizeof node); 2998 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 2999 node.count = 1; 3000 3001 error = wpi_cmd(sc, WPI_CMD_DEL_NODE, &node, sizeof node, 1); 3002 if (error != 0) { 3003 device_printf(sc->sc_dev, 3004 "%s: could not delete node %u, error %d\n", __func__, 3005 wn->id, error); 3006 } 3007} 3008 3009static int 3010wpi_updateedca(struct ieee80211com *ic) 3011{ 3012#define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 3013 struct wpi_softc *sc = ic->ic_ifp->if_softc; 3014 struct wpi_edca_params cmd; 3015 int aci, error; 3016 3017 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3018 3019 memset(&cmd, 0, sizeof cmd); 3020 cmd.flags = htole32(WPI_EDCA_UPDATE); 3021 for (aci = 0; aci < WME_NUM_AC; aci++) { 3022 const struct wmeParams *ac = 3023 &ic->ic_wme.wme_chanParams.cap_wmeParams[aci]; 3024 cmd.ac[aci].aifsn = ac->wmep_aifsn; 3025 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->wmep_logcwmin)); 3026 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->wmep_logcwmax)); 3027 cmd.ac[aci].txoplimit = 3028 htole16(IEEE80211_TXOP_TO_US(ac->wmep_txopLimit)); 3029 3030 DPRINTF(sc, WPI_DEBUG_EDCA, 3031 "setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 3032 "txoplimit=%d\n", aci, cmd.ac[aci].aifsn, 3033 cmd.ac[aci].cwmin, cmd.ac[aci].cwmax, 3034 cmd.ac[aci].txoplimit); 3035 } 3036 IEEE80211_UNLOCK(ic); 3037 WPI_LOCK(sc); 3038 error = wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 3039 WPI_UNLOCK(sc); 3040 IEEE80211_LOCK(ic); 3041 3042 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3043 3044 return error; 3045#undef WPI_EXP2 3046} 3047 3048static void 3049wpi_set_promisc(struct wpi_softc *sc) 3050{ 3051 struct ifnet *ifp = sc->sc_ifp; 3052 uint32_t promisc_filter; 3053 3054 promisc_filter = WPI_FILTER_PROMISC | WPI_FILTER_CTL; 3055 3056 if (ifp->if_flags & IFF_PROMISC) 3057 sc->rxon.filter |= htole32(promisc_filter); 3058 else 3059 sc->rxon.filter &= ~htole32(promisc_filter); 3060} 3061 3062static void 3063wpi_update_promisc(struct ifnet *ifp) 3064{ 3065 struct wpi_softc *sc = ifp->if_softc; 3066 3067 wpi_set_promisc(sc); 3068 3069 WPI_LOCK(sc); 3070 if (wpi_send_rxon(sc, 1, 1) != 0) { 3071 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3072 __func__); 3073 } 3074 WPI_UNLOCK(sc); 3075} 3076 3077static void 3078wpi_update_mcast(struct ifnet *ifp) 3079{ 3080 /* Ignore */ 3081} 3082 3083static void 3084wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 3085{ 3086 struct wpi_cmd_led led; 3087 3088 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3089 3090 led.which = which; 3091 led.unit = htole32(100000); /* on/off in unit of 100ms */ 3092 led.off = off; 3093 led.on = on; 3094 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 3095} 3096 3097static int 3098wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 3099{ 3100 struct wpi_cmd_timing cmd; 3101 uint64_t val, mod; 3102 3103 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3104 3105 memset(&cmd, 0, sizeof cmd); 3106 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t)); 3107 cmd.bintval = htole16(ni->ni_intval); 3108 cmd.lintval = htole16(10); 3109 3110 /* Compute remaining time until next beacon. */ 3111 val = (uint64_t)ni->ni_intval * IEEE80211_DUR_TU; 3112 mod = le64toh(cmd.tstamp) % val; 3113 cmd.binitval = htole32((uint32_t)(val - mod)); 3114 3115 DPRINTF(sc, WPI_DEBUG_RESET, "timing bintval=%u tstamp=%ju, init=%u\n", 3116 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod)); 3117 3118 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 3119} 3120 3121/* 3122 * This function is called periodically (every 60 seconds) to adjust output 3123 * power to temperature changes. 3124 */ 3125static void 3126wpi_power_calibration(struct wpi_softc *sc) 3127{ 3128 int temp; 3129 3130 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3131 3132 /* Update sensor data. */ 3133 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 3134 DPRINTF(sc, WPI_DEBUG_TEMP, "Temp in calibration is: %d\n", temp); 3135 3136 /* Sanity-check read value. */ 3137 if (temp < -260 || temp > 25) { 3138 /* This can't be correct, ignore. */ 3139 DPRINTF(sc, WPI_DEBUG_TEMP, 3140 "out-of-range temperature reported: %d\n", temp); 3141 return; 3142 } 3143 3144 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d->%d\n", sc->temp, temp); 3145 3146 /* Adjust Tx power if need be. */ 3147 if (abs(temp - sc->temp) <= 6) 3148 return; 3149 3150 sc->temp = temp; 3151 3152 if (wpi_set_txpower(sc, 1) != 0) { 3153 /* just warn, too bad for the automatic calibration... */ 3154 device_printf(sc->sc_dev,"could not adjust Tx power\n"); 3155 } 3156} 3157 3158/* 3159 * Set TX power for current channel. 3160 */ 3161static int 3162wpi_set_txpower(struct wpi_softc *sc, int async) 3163{ 3164 struct ifnet *ifp = sc->sc_ifp; 3165 struct ieee80211com *ic = ifp->if_l2com; 3166 struct ieee80211_channel *ch; 3167 struct wpi_power_group *group; 3168 struct wpi_cmd_txpower cmd; 3169 uint8_t chan; 3170 int idx, i; 3171 3172 /* Retrieve current channel from last RXON. */ 3173 chan = sc->rxon.chan; 3174 ch = &ic->ic_channels[chan]; 3175 3176 /* Find the TX power group to which this channel belongs. */ 3177 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3178 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 3179 if (chan <= group->chan) 3180 break; 3181 } else 3182 group = &sc->groups[0]; 3183 3184 memset(&cmd, 0, sizeof cmd); 3185 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 3186 cmd.chan = htole16(chan); 3187 3188 /* Set TX power for all OFDM and CCK rates. */ 3189 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 3190 /* Retrieve TX power for this channel/rate. */ 3191 idx = wpi_get_power_index(sc, group, ch, i); 3192 3193 cmd.rates[i].plcp = wpi_ridx_to_plcp[i]; 3194 3195 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3196 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 3197 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 3198 } else { 3199 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 3200 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 3201 } 3202 DPRINTF(sc, WPI_DEBUG_TEMP, 3203 "chan %d/ridx %d: power index %d\n", chan, i, idx); 3204 } 3205 3206 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 3207} 3208 3209/* 3210 * Determine Tx power index for a given channel/rate combination. 3211 * This takes into account the regulatory information from EEPROM and the 3212 * current temperature. 3213 */ 3214static int 3215wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 3216 struct ieee80211_channel *c, int ridx) 3217{ 3218/* Fixed-point arithmetic division using a n-bit fractional part. */ 3219#define fdivround(a, b, n) \ 3220 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 3221 3222/* Linear interpolation. */ 3223#define interpolate(x, x1, y1, x2, y2, n) \ 3224 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 3225 3226 struct ifnet *ifp = sc->sc_ifp; 3227 struct ieee80211com *ic = ifp->if_l2com; 3228 struct wpi_power_sample *sample; 3229 int pwr, idx; 3230 u_int chan; 3231 3232 /* Get channel number. */ 3233 chan = ieee80211_chan2ieee(ic, c); 3234 3235 /* Default TX power is group maximum TX power minus 3dB. */ 3236 pwr = group->maxpwr / 2; 3237 3238 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 3239 switch (ridx) { 3240 case WPI_RIDX_OFDM36: 3241 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 3242 break; 3243 case WPI_RIDX_OFDM48: 3244 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 3245 break; 3246 case WPI_RIDX_OFDM54: 3247 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 3248 break; 3249 } 3250 3251 /* Never exceed the channel maximum allowed TX power. */ 3252 pwr = min(pwr, sc->maxpwr[chan]); 3253 3254 /* Retrieve TX power index into gain tables from samples. */ 3255 for (sample = group->samples; sample < &group->samples[3]; sample++) 3256 if (pwr > sample[1].power) 3257 break; 3258 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 3259 idx = interpolate(pwr, sample[0].power, sample[0].index, 3260 sample[1].power, sample[1].index, 19); 3261 3262 /*- 3263 * Adjust power index based on current temperature: 3264 * - if cooler than factory-calibrated: decrease output power 3265 * - if warmer than factory-calibrated: increase output power 3266 */ 3267 idx -= (sc->temp - group->temp) * 11 / 100; 3268 3269 /* Decrease TX power for CCK rates (-5dB). */ 3270 if (ridx >= WPI_RIDX_CCK1) 3271 idx += 10; 3272 3273 /* Make sure idx stays in a valid range. */ 3274 if (idx < 0) 3275 return 0; 3276 if (idx > WPI_MAX_PWR_INDEX) 3277 return WPI_MAX_PWR_INDEX; 3278 return idx; 3279 3280#undef interpolate 3281#undef fdivround 3282} 3283 3284/* 3285 * Set STA mode power saving level (between 0 and 5). 3286 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 3287 */ 3288static int 3289wpi_set_pslevel(struct wpi_softc *sc, uint8_t dtim, int level, int async) 3290{ 3291 struct wpi_pmgt_cmd cmd; 3292 const struct wpi_pmgt *pmgt; 3293 uint32_t max, skip_dtim; 3294 uint32_t reg; 3295 int i; 3296 3297 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 3298 "%s: dtim=%d, level=%d, async=%d\n", 3299 __func__, dtim, level, async); 3300 3301 /* Select which PS parameters to use. */ 3302 if (dtim <= 10) 3303 pmgt = &wpi_pmgt[0][level]; 3304 else 3305 pmgt = &wpi_pmgt[1][level]; 3306 3307 memset(&cmd, 0, sizeof cmd); 3308 if (level != 0) /* not CAM */ 3309 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 3310 /* Retrieve PCIe Active State Power Management (ASPM). */ 3311 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 3312 if (!(reg & 0x1)) /* L0s Entry disabled. */ 3313 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 3314 3315 cmd.rxtimeout = htole32(pmgt->rxtimeout * IEEE80211_DUR_TU); 3316 cmd.txtimeout = htole32(pmgt->txtimeout * IEEE80211_DUR_TU); 3317 3318 if (dtim == 0) { 3319 dtim = 1; 3320 skip_dtim = 0; 3321 } else 3322 skip_dtim = pmgt->skip_dtim; 3323 3324 if (skip_dtim != 0) { 3325 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 3326 max = pmgt->intval[4]; 3327 if (max == (uint32_t)-1) 3328 max = dtim * (skip_dtim + 1); 3329 else if (max > dtim) 3330 max = (max / dtim) * dtim; 3331 } else 3332 max = dtim; 3333 3334 for (i = 0; i < 5; i++) 3335 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 3336 3337 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 3338} 3339 3340static int 3341wpi_send_btcoex(struct wpi_softc *sc) 3342{ 3343 struct wpi_bluetooth cmd; 3344 3345 memset(&cmd, 0, sizeof cmd); 3346 cmd.flags = WPI_BT_COEX_MODE_4WIRE; 3347 cmd.lead_time = WPI_BT_LEAD_TIME_DEF; 3348 cmd.max_kill = WPI_BT_MAX_KILL_DEF; 3349 DPRINTF(sc, WPI_DEBUG_RESET, "%s: configuring bluetooth coexistence\n", 3350 __func__); 3351 return wpi_cmd(sc, WPI_CMD_BT_COEX, &cmd, sizeof(cmd), 0); 3352} 3353 3354static int 3355wpi_send_rxon(struct wpi_softc *sc, int assoc, int async) 3356{ 3357 int error; 3358 3359 if (assoc && (sc->rxon.filter & htole32(WPI_FILTER_BSS))) { 3360 struct wpi_assoc rxon_assoc; 3361 3362 rxon_assoc.flags = sc->rxon.flags; 3363 rxon_assoc.filter = sc->rxon.filter; 3364 rxon_assoc.ofdm_mask = sc->rxon.ofdm_mask; 3365 rxon_assoc.cck_mask = sc->rxon.cck_mask; 3366 rxon_assoc.reserved = 0; 3367 3368 error = wpi_cmd(sc, WPI_CMD_RXON_ASSOC, &rxon_assoc, 3369 sizeof (struct wpi_assoc), async); 3370 } else { 3371 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3372 sizeof (struct wpi_rxon), async); 3373 } 3374 if (error != 0) { 3375 device_printf(sc->sc_dev, "RXON command failed, error %d\n", 3376 error); 3377 return error; 3378 } 3379 3380 /* Configuration has changed, set Tx power accordingly. */ 3381 if ((error = wpi_set_txpower(sc, async)) != 0) { 3382 device_printf(sc->sc_dev, 3383 "%s: could not set TX power, error %d\n", __func__, error); 3384 return error; 3385 } 3386 3387 if (!(sc->rxon.filter & htole32(WPI_FILTER_BSS))) { 3388 /* Add broadcast node. */ 3389 error = wpi_add_broadcast_node(sc, async); 3390 if (error != 0) { 3391 device_printf(sc->sc_dev, 3392 "could not add broadcast node, error %d\n", error); 3393 return error; 3394 } 3395 } 3396 3397 return 0; 3398} 3399 3400/** 3401 * Configure the card to listen to a particular channel, this transisions the 3402 * card in to being able to receive frames from remote devices. 3403 */ 3404static int 3405wpi_config(struct wpi_softc *sc) 3406{ 3407 struct ifnet *ifp = sc->sc_ifp; 3408 struct ieee80211com *ic = ifp->if_l2com; 3409 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3410 uint32_t flags; 3411 int error; 3412 3413 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3414 3415 /* Set power saving level to CAM during initialization. */ 3416 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 3417 device_printf(sc->sc_dev, 3418 "%s: could not set power saving level\n", __func__); 3419 return error; 3420 } 3421 3422 /* Configure bluetooth coexistence. */ 3423 if ((error = wpi_send_btcoex(sc)) != 0) { 3424 device_printf(sc->sc_dev, 3425 "could not configure bluetooth coexistence\n"); 3426 return error; 3427 } 3428 3429 /* Configure adapter. */ 3430 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 3431 IEEE80211_ADDR_COPY(sc->rxon.myaddr, vap->iv_myaddr); 3432 3433 /* Set default channel. */ 3434 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 3435 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 3436 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) 3437 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 3438 3439 sc->rxon.filter = WPI_FILTER_MULTICAST; 3440 switch (ic->ic_opmode) { 3441 case IEEE80211_M_STA: 3442 sc->rxon.mode = WPI_MODE_STA; 3443 break; 3444 case IEEE80211_M_IBSS: 3445 sc->rxon.mode = WPI_MODE_IBSS; 3446 sc->rxon.filter |= WPI_FILTER_BEACON; 3447 break; 3448 /* XXX workaround for passive channels selection */ 3449 case IEEE80211_M_AHDEMO: 3450 case IEEE80211_M_HOSTAP: 3451 sc->rxon.mode = WPI_MODE_HOSTAP; 3452 break; 3453 case IEEE80211_M_MONITOR: 3454 sc->rxon.mode = WPI_MODE_MONITOR; 3455 break; 3456 default: 3457 device_printf(sc->sc_dev, "unknown opmode %d\n", ic->ic_opmode); 3458 return EINVAL; 3459 } 3460 sc->rxon.filter = htole32(sc->rxon.filter); 3461 wpi_set_promisc(sc); 3462 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 3463 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 3464 3465 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) { 3466 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3467 __func__); 3468 return error; 3469 } 3470 3471 /* Setup rate scalling. */ 3472 if ((error = wpi_mrr_setup(sc)) != 0) { 3473 device_printf(sc->sc_dev, "could not setup MRR, error %d\n", 3474 error); 3475 return error; 3476 } 3477 3478 /* Disable beacon notifications (unused). */ 3479 flags = WPI_STATISTICS_BEACON_DISABLE; 3480 error = wpi_cmd(sc, WPI_CMD_GET_STATISTICS, &flags, sizeof flags, 1); 3481 if (error != 0) { 3482 device_printf(sc->sc_dev, 3483 "could not disable beacon statistics, error %d\n", error); 3484 return error; 3485 } 3486 3487 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3488 3489 return 0; 3490} 3491 3492static uint16_t 3493wpi_get_active_dwell_time(struct wpi_softc *sc, 3494 struct ieee80211_channel *c, uint8_t n_probes) 3495{ 3496 /* No channel? Default to 2GHz settings. */ 3497 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) { 3498 return (WPI_ACTIVE_DWELL_TIME_2GHZ + 3499 WPI_ACTIVE_DWELL_FACTOR_2GHZ * (n_probes + 1)); 3500 } 3501 3502 /* 5GHz dwell time. */ 3503 return (WPI_ACTIVE_DWELL_TIME_5GHZ + 3504 WPI_ACTIVE_DWELL_FACTOR_5GHZ * (n_probes + 1)); 3505} 3506 3507/* 3508 * Limit the total dwell time to 85% of the beacon interval. 3509 * 3510 * Returns the dwell time in milliseconds. 3511 */ 3512static uint16_t 3513wpi_limit_dwell(struct wpi_softc *sc, uint16_t dwell_time) 3514{ 3515 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3516 struct ieee80211vap *vap = NULL; 3517 int bintval = 0; 3518 3519 /* bintval is in TU (1.024mS) */ 3520 if (! TAILQ_EMPTY(&ic->ic_vaps)) { 3521 vap = TAILQ_FIRST(&ic->ic_vaps); 3522 bintval = vap->iv_bss->ni_intval; 3523 } 3524 3525 /* 3526 * If it's non-zero, we should calculate the minimum of 3527 * it and the DWELL_BASE. 3528 * 3529 * XXX Yes, the math should take into account that bintval 3530 * is 1.024mS, not 1mS.. 3531 */ 3532 if (bintval > 0) { 3533 DPRINTF(sc, WPI_DEBUG_SCAN, "%s: bintval=%d\n", __func__, 3534 bintval); 3535 return (MIN(WPI_PASSIVE_DWELL_BASE, ((bintval * 85) / 100))); 3536 } 3537 3538 /* No association context? Default. */ 3539 return (WPI_PASSIVE_DWELL_BASE); 3540} 3541 3542static uint16_t 3543wpi_get_passive_dwell_time(struct wpi_softc *sc, struct ieee80211_channel *c) 3544{ 3545 uint16_t passive; 3546 3547 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) 3548 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_2GHZ; 3549 else 3550 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_5GHZ; 3551 3552 /* Clamp to the beacon interval if we're associated. */ 3553 return (wpi_limit_dwell(sc, passive)); 3554} 3555 3556/* 3557 * Send a scan request to the firmware. 3558 */ 3559static int 3560wpi_scan(struct wpi_softc *sc, struct ieee80211_channel *c) 3561{ 3562 struct ifnet *ifp = sc->sc_ifp; 3563 struct ieee80211com *ic = ifp->if_l2com; 3564 struct ieee80211_scan_state *ss = ic->ic_scan; 3565 struct ieee80211vap *vap = ss->ss_vap; 3566 struct wpi_scan_hdr *hdr; 3567 struct wpi_cmd_data *tx; 3568 struct wpi_scan_essid *essids; 3569 struct wpi_scan_chan *chan; 3570 struct ieee80211_frame *wh; 3571 struct ieee80211_rateset *rs; 3572 uint16_t dwell_active, dwell_passive; 3573 uint8_t *buf, *frm; 3574 int buflen, error, i, nssid; 3575 3576 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3577 3578 /* 3579 * We are absolutely not allowed to send a scan command when another 3580 * scan command is pending. 3581 */ 3582 if (sc->sc_scan_timer) { 3583 device_printf(sc->sc_dev, "%s: called whilst scanning!\n", 3584 __func__); 3585 return (EAGAIN); 3586 } 3587 3588 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 3589 if (buf == NULL) { 3590 device_printf(sc->sc_dev, 3591 "%s: could not allocate buffer for scan command\n", 3592 __func__); 3593 return ENOMEM; 3594 } 3595 hdr = (struct wpi_scan_hdr *)buf; 3596 3597 /* 3598 * Move to the next channel if no packets are received within 10 msecs 3599 * after sending the probe request. 3600 */ 3601 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 3602 hdr->quiet_threshold = htole16(1); /* min # of packets */ 3603 /* 3604 * Max needs to be greater than active and passive and quiet! 3605 * It's also in microseconds! 3606 */ 3607 hdr->max_svc = htole32(250 * IEEE80211_DUR_TU); 3608 hdr->pause_svc = htole32((4 << 24) | 3609 (100 * IEEE80211_DUR_TU)); /* Hardcode for now */ 3610 hdr->filter = htole32(WPI_FILTER_MULTICAST | WPI_FILTER_BEACON); 3611 3612 tx = (struct wpi_cmd_data *)(hdr + 1); 3613 tx->flags = htole32(WPI_TX_AUTO_SEQ); 3614 tx->id = WPI_ID_BROADCAST; 3615 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 3616 3617 if (IEEE80211_IS_CHAN_5GHZ(c)) { 3618 /* Send probe requests at 6Mbps. */ 3619 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_OFDM6]; 3620 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 3621 } else { 3622 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 3623 /* Send probe requests at 1Mbps. */ 3624 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3625 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 3626 } 3627 3628 essids = (struct wpi_scan_essid *)(tx + 1); 3629 nssid = MIN(ss->ss_nssid, WPI_SCAN_MAX_ESSIDS); 3630 for (i = 0; i < nssid; i++) { 3631 essids[i].id = IEEE80211_ELEMID_SSID; 3632 essids[i].len = MIN(ss->ss_ssid[i].len, IEEE80211_NWID_LEN); 3633 memcpy(essids[i].data, ss->ss_ssid[i].ssid, essids[i].len); 3634#ifdef WPI_DEBUG 3635 if (sc->sc_debug & WPI_DEBUG_SCAN) { 3636 printf("Scanning Essid: "); 3637 ieee80211_print_essid(essids[i].data, essids[i].len); 3638 printf("\n"); 3639 } 3640#endif 3641 } 3642 3643 /* 3644 * Build a probe request frame. Most of the following code is a 3645 * copy & paste of what is done in net80211. 3646 */ 3647 wh = (struct ieee80211_frame *)(essids + WPI_SCAN_MAX_ESSIDS); 3648 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3649 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 3650 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3651 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 3652 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 3653 IEEE80211_ADDR_COPY(wh->i_addr3, ifp->if_broadcastaddr); 3654 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 3655 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 3656 3657 frm = (uint8_t *)(wh + 1); 3658 frm = ieee80211_add_ssid(frm, NULL, 0); 3659 frm = ieee80211_add_rates(frm, rs); 3660 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 3661 frm = ieee80211_add_xrates(frm, rs); 3662 3663 /* Set length of probe request. */ 3664 tx->len = htole16(frm - (uint8_t *)wh); 3665 3666 /* 3667 * Construct information about the channel that we 3668 * want to scan. The firmware expects this to be directly 3669 * after the scan probe request 3670 */ 3671 chan = (struct wpi_scan_chan *)frm; 3672 chan->chan = htole16(ieee80211_chan2ieee(ic, c)); 3673 chan->flags = 0; 3674 if (nssid) { 3675 hdr->crc_threshold = WPI_SCAN_CRC_TH_DEFAULT; 3676 chan->flags |= WPI_CHAN_NPBREQS(nssid); 3677 } else 3678 hdr->crc_threshold = WPI_SCAN_CRC_TH_NEVER; 3679 3680 if (!IEEE80211_IS_CHAN_PASSIVE(c)) 3681 chan->flags |= WPI_CHAN_ACTIVE; 3682 3683 /* 3684 * Calculate the active/passive dwell times. 3685 */ 3686 3687 dwell_active = wpi_get_active_dwell_time(sc, c, nssid); 3688 dwell_passive = wpi_get_passive_dwell_time(sc, c); 3689 3690 /* Make sure they're valid. */ 3691 if (dwell_passive <= dwell_active) 3692 dwell_passive = dwell_active + 1; 3693 3694 chan->active = htole16(dwell_active); 3695 chan->passive = htole16(dwell_passive); 3696 3697 chan->dsp_gain = 0x6e; /* Default level */ 3698 3699 if (IEEE80211_IS_CHAN_5GHZ(c)) 3700 chan->rf_gain = 0x3b; 3701 else 3702 chan->rf_gain = 0x28; 3703 3704 DPRINTF(sc, WPI_DEBUG_SCAN, "Scanning %u Passive: %d\n", 3705 chan->chan, IEEE80211_IS_CHAN_PASSIVE(c)); 3706 3707 hdr->nchan++; 3708 chan++; 3709 3710 buflen = (uint8_t *)chan - buf; 3711 hdr->len = htole16(buflen); 3712 3713 DPRINTF(sc, WPI_DEBUG_CMD, "sending scan command nchan=%d\n", 3714 hdr->nchan); 3715 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 3716 free(buf, M_DEVBUF); 3717 3718 sc->sc_scan_timer = 5; 3719 3720 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3721 3722 return error; 3723} 3724 3725static int 3726wpi_auth(struct wpi_softc *sc, struct ieee80211vap *vap) 3727{ 3728 struct ieee80211com *ic = vap->iv_ic; 3729 struct ieee80211_node *ni = vap->iv_bss; 3730 int error; 3731 3732 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3733 3734 /* Update adapter configuration. */ 3735 sc->rxon.associd = 0; 3736 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 3737 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 3738 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 3739 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 3740 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 3741 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 3742 if (ic->ic_flags & IEEE80211_F_SHSLOT) 3743 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 3744 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3745 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 3746 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) { 3747 sc->rxon.cck_mask = 0; 3748 sc->rxon.ofdm_mask = 0x15; 3749 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) { 3750 sc->rxon.cck_mask = 0x03; 3751 sc->rxon.ofdm_mask = 0; 3752 } else { 3753 /* Assume 802.11b/g. */ 3754 sc->rxon.cck_mask = 0x0f; 3755 sc->rxon.ofdm_mask = 0x15; 3756 } 3757 3758 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x cck %x ofdm %x\n", 3759 sc->rxon.chan, sc->rxon.flags, sc->rxon.cck_mask, 3760 sc->rxon.ofdm_mask); 3761 3762 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 3763 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3764 __func__); 3765 } 3766 3767 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3768 3769 return error; 3770} 3771 3772static int 3773wpi_setup_beacon(struct wpi_softc *sc, struct ieee80211_node *ni) 3774{ 3775 struct ifnet *ifp = sc->sc_ifp; 3776 struct ieee80211com *ic = ifp->if_l2com; 3777 struct ieee80211vap *vap = ni->ni_vap; 3778 struct wpi_vap *wvp = WPI_VAP(vap); 3779 struct wpi_buf *bcn = &wvp->wv_bcbuf; 3780 struct ieee80211_beacon_offsets bo; 3781 struct wpi_cmd_beacon *cmd; 3782 struct mbuf *m; 3783 int totlen; 3784 3785 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3786 3787 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 3788 return EINVAL; 3789 3790 m = ieee80211_beacon_alloc(ni, &bo); 3791 if (m == NULL) { 3792 device_printf(sc->sc_dev, 3793 "%s: could not allocate beacon frame\n", __func__); 3794 return ENOMEM; 3795 } 3796 totlen = m->m_pkthdr.len; 3797 3798 if (bcn->data == NULL) { 3799 cmd = malloc(sizeof(struct wpi_cmd_beacon), M_DEVBUF, 3800 M_NOWAIT | M_ZERO); 3801 3802 if (cmd == NULL) { 3803 device_printf(sc->sc_dev, 3804 "could not allocate buffer for beacon command\n"); 3805 m_freem(m); 3806 return ENOMEM; 3807 } 3808 3809 cmd->id = WPI_ID_BROADCAST; 3810 cmd->ofdm_mask = 0xff; 3811 cmd->cck_mask = 0x0f; 3812 cmd->lifetime = htole32(WPI_LIFETIME_INFINITE); 3813 cmd->flags = htole32(WPI_TX_AUTO_SEQ | WPI_TX_INSERT_TSTAMP); 3814 3815 bcn->data = cmd; 3816 bcn->ni = NULL; 3817 bcn->code = WPI_CMD_SET_BEACON; 3818 bcn->ac = 4; 3819 bcn->size = sizeof(struct wpi_cmd_beacon); 3820 } else 3821 cmd = bcn->data; 3822 3823 cmd->len = htole16(totlen); 3824 cmd->plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3825 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3826 3827 /* NB: m will be freed in wpi_cmd_done() */ 3828 bcn->m = m; 3829 3830 return wpi_cmd2(sc, bcn); 3831} 3832 3833static void 3834wpi_update_beacon(struct ieee80211vap *vap, int item) 3835{ 3836 struct ieee80211_node *ni = vap->iv_bss; 3837 struct ifnet *ifp = vap->iv_ifp; 3838 struct wpi_softc *sc = ifp->if_softc; 3839 int error; 3840 3841 WPI_LOCK(sc); 3842 if ((error = wpi_setup_beacon(sc, ni)) != 0) { 3843 device_printf(sc->sc_dev, 3844 "%s: could not update beacon frame, error %d", __func__, 3845 error); 3846 } 3847 WPI_UNLOCK(sc); 3848} 3849 3850static int 3851wpi_run(struct wpi_softc *sc, struct ieee80211vap *vap) 3852{ 3853 struct ieee80211com *ic = vap->iv_ic; 3854 struct ieee80211_node *ni = vap->iv_bss; 3855 int error; 3856 3857 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3858 3859 if (vap->iv_opmode == IEEE80211_M_MONITOR) { 3860 /* Link LED blinks while monitoring. */ 3861 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 3862 return 0; 3863 } 3864 3865 /* XXX kernel panic workaround */ 3866 if (ni->ni_chan == IEEE80211_CHAN_ANYC) { 3867 device_printf(sc->sc_dev, "%s: incomplete configuration\n", 3868 __func__); 3869 return EINVAL; 3870 } 3871 3872 if ((error = wpi_set_timing(sc, ni)) != 0) { 3873 device_printf(sc->sc_dev, 3874 "%s: could not set timing, error %d\n", __func__, error); 3875 return error; 3876 } 3877 3878 /* Update adapter configuration. */ 3879 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 3880 sc->rxon.associd = htole16(IEEE80211_NODE_AID(ni)); 3881 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 3882 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 3883 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 3884 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 3885 /* Short preamble and slot time are negotiated when associating. */ 3886 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 3887 if (ic->ic_flags & IEEE80211_F_SHSLOT) 3888 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 3889 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3890 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 3891 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) { 3892 sc->rxon.cck_mask = 0; 3893 sc->rxon.ofdm_mask = 0x15; 3894 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) { 3895 sc->rxon.cck_mask = 0x03; 3896 sc->rxon.ofdm_mask = 0; 3897 } else { 3898 /* Assume 802.11b/g. */ 3899 sc->rxon.cck_mask = 0x0f; 3900 sc->rxon.ofdm_mask = 0x15; 3901 } 3902 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 3903 3904 /* XXX put somewhere HC_QOS_SUPPORT_ASSOC + HC_IBSS_START */ 3905 3906 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x\n", 3907 sc->rxon.chan, sc->rxon.flags); 3908 3909 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 3910 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3911 __func__); 3912 return error; 3913 } 3914 3915 if (vap->iv_opmode == IEEE80211_M_IBSS) { 3916 if ((error = wpi_setup_beacon(sc, ni)) != 0) { 3917 device_printf(sc->sc_dev, 3918 "%s: could not setup beacon, error %d\n", __func__, 3919 error); 3920 return error; 3921 } 3922 } 3923 3924 if (vap->iv_opmode == IEEE80211_M_STA) { 3925 /* Add BSS node. */ 3926 ((struct wpi_node *)ni)->id = WPI_ID_BSS; 3927 if ((error = wpi_add_node(sc, ni)) != 0) { 3928 device_printf(sc->sc_dev, 3929 "%s: could not add BSS node, error %d\n", __func__, 3930 error); 3931 return error; 3932 } 3933 } 3934 3935 /* Link LED always on while associated. */ 3936 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 3937 3938 /* Start periodic calibration timer. */ 3939 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 3940 3941 /* Enable power-saving mode if requested by user. */ 3942 if (vap->iv_flags & IEEE80211_F_PMGTON) 3943 (void)wpi_set_pslevel(sc, 0, 3, 1); 3944 else 3945 (void)wpi_set_pslevel(sc, 0, 0, 1); 3946 3947 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3948 3949 return 0; 3950} 3951 3952static int 3953wpi_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, 3954 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) 3955{ 3956 struct ifnet *ifp = vap->iv_ifp; 3957 struct wpi_softc *sc = ifp->if_softc; 3958 3959 if (!(&vap->iv_nw_keys[0] <= k && 3960 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { 3961 if (k->wk_flags & IEEE80211_KEY_GROUP) { 3962 /* should not happen */ 3963 DPRINTF(sc, WPI_DEBUG_KEY, "%s: bogus group key\n", 3964 __func__); 3965 return 0; 3966 } 3967 *keyix = 0; /* NB: use key index 0 for ucast key */ 3968 } else { 3969 *keyix = *rxkeyix = k - vap->iv_nw_keys; 3970 3971 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) 3972 k->wk_flags |= IEEE80211_KEY_SWCRYPT; 3973 } 3974 return 1; 3975} 3976 3977static int 3978wpi_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k, 3979 const uint8_t mac[IEEE80211_ADDR_LEN]) 3980{ 3981 const struct ieee80211_cipher *cip = k->wk_cipher; 3982 struct ieee80211com *ic = vap->iv_ic; 3983 struct ieee80211_node *ni = vap->iv_bss; 3984 struct wpi_softc *sc = ic->ic_ifp->if_softc; 3985 struct wpi_node *wn = (void *)ni; 3986 struct wpi_node_info node; 3987 uint16_t kflags; 3988 int error; 3989 3990 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3991 3992 switch (cip->ic_cipher) { 3993 case IEEE80211_CIPHER_AES_CCM: 3994 if (k->wk_flags & IEEE80211_KEY_GROUP) 3995 return 1; 3996 3997 kflags = WPI_KFLAG_CCMP; 3998 break; 3999 default: 4000 /* null_key_set() */ 4001 return 1; 4002 } 4003 4004 if (wn->id == WPI_ID_UNDEFINED) 4005 return 0; 4006 4007 kflags |= WPI_KFLAG_KID(k->wk_keyix); 4008 if (k->wk_flags & IEEE80211_KEY_GROUP) 4009 kflags |= WPI_KFLAG_MULTICAST; 4010 4011 memset(&node, 0, sizeof node); 4012 node.id = wn->id; 4013 node.control = WPI_NODE_UPDATE; 4014 node.flags = WPI_FLAG_KEY_SET; 4015 node.kflags = htole16(kflags); 4016 memcpy(node.key, k->wk_key, k->wk_keylen); 4017 4018 DPRINTF(sc, WPI_DEBUG_KEY, "set key id=%d for node %d\n", k->wk_keyix, 4019 node.id); 4020 4021 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4022 if (error != 0) { 4023 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4024 error); 4025 return 0; 4026 } 4027 4028 return 1; 4029} 4030 4031static int 4032wpi_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 4033{ 4034 const struct ieee80211_cipher *cip = k->wk_cipher; 4035 struct ieee80211com *ic = vap->iv_ic; 4036 struct ieee80211_node *ni = vap->iv_bss; 4037 struct wpi_softc *sc = ic->ic_ifp->if_softc; 4038 struct wpi_node *wn = (void *)ni; 4039 struct wpi_node_info node; 4040 4041 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4042 4043 switch (cip->ic_cipher) { 4044 case IEEE80211_CIPHER_AES_CCM: 4045 break; 4046 default: 4047 /* null_key_delete() */ 4048 return 1; 4049 } 4050 4051 if (vap->iv_state != IEEE80211_S_RUN || 4052 (k->wk_flags & IEEE80211_KEY_GROUP)) 4053 return 1; /* Nothing to do. */ 4054 4055 memset(&node, 0, sizeof node); 4056 node.id = wn->id; 4057 node.control = WPI_NODE_UPDATE; 4058 node.flags = WPI_FLAG_KEY_SET; 4059 4060 DPRINTF(sc, WPI_DEBUG_KEY, "delete keys for node %d\n", node.id); 4061 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4062 4063 return 1; 4064} 4065 4066/* 4067 * This function is called after the runtime firmware notifies us of its 4068 * readiness (called in a process context). 4069 */ 4070static int 4071wpi_post_alive(struct wpi_softc *sc) 4072{ 4073 int ntries, error; 4074 4075 /* Check (again) that the radio is not disabled. */ 4076 if ((error = wpi_nic_lock(sc)) != 0) 4077 return error; 4078 4079 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4080 4081 /* NB: Runtime firmware must be up and running. */ 4082 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 4083 device_printf(sc->sc_dev, 4084 "RF switch: radio disabled (%s)\n", __func__); 4085 wpi_nic_unlock(sc); 4086 return EPERM; /* :-) */ 4087 } 4088 wpi_nic_unlock(sc); 4089 4090 /* Wait for thermal sensor to calibrate. */ 4091 for (ntries = 0; ntries < 1000; ntries++) { 4092 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 4093 break; 4094 DELAY(10); 4095 } 4096 4097 if (ntries == 1000) { 4098 device_printf(sc->sc_dev, 4099 "timeout waiting for thermal sensor calibration\n"); 4100 return ETIMEDOUT; 4101 } 4102 4103 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d\n", sc->temp); 4104 return 0; 4105} 4106 4107/* 4108 * The firmware boot code is small and is intended to be copied directly into 4109 * the NIC internal memory (no DMA transfer). 4110 */ 4111static int 4112wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 4113{ 4114 int error, ntries; 4115 4116 DPRINTF(sc, WPI_DEBUG_HW, "Loading microcode size 0x%x\n", size); 4117 4118 size /= sizeof (uint32_t); 4119 4120 if ((error = wpi_nic_lock(sc)) != 0) 4121 return error; 4122 4123 /* Copy microcode image into NIC memory. */ 4124 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 4125 (const uint32_t *)ucode, size); 4126 4127 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 4128 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 4129 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 4130 4131 /* Start boot load now. */ 4132 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 4133 4134 /* Wait for transfer to complete. */ 4135 for (ntries = 0; ntries < 1000; ntries++) { 4136 uint32_t status = WPI_READ(sc, WPI_FH_TX_STATUS); 4137 DPRINTF(sc, WPI_DEBUG_HW, 4138 "firmware status=0x%x, val=0x%x, result=0x%x\n", status, 4139 WPI_FH_TX_STATUS_IDLE(6), 4140 status & WPI_FH_TX_STATUS_IDLE(6)); 4141 if (status & WPI_FH_TX_STATUS_IDLE(6)) { 4142 DPRINTF(sc, WPI_DEBUG_HW, 4143 "Status Match! - ntries = %d\n", ntries); 4144 break; 4145 } 4146 DELAY(10); 4147 } 4148 if (ntries == 1000) { 4149 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4150 __func__); 4151 wpi_nic_unlock(sc); 4152 return ETIMEDOUT; 4153 } 4154 4155 /* Enable boot after power up. */ 4156 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 4157 4158 wpi_nic_unlock(sc); 4159 return 0; 4160} 4161 4162static int 4163wpi_load_firmware(struct wpi_softc *sc) 4164{ 4165 struct wpi_fw_info *fw = &sc->fw; 4166 struct wpi_dma_info *dma = &sc->fw_dma; 4167 int error; 4168 4169 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4170 4171 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 4172 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 4173 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4174 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->init.text, fw->init.textsz); 4175 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4176 4177 /* Tell adapter where to find initialization sections. */ 4178 if ((error = wpi_nic_lock(sc)) != 0) 4179 return error; 4180 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4181 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 4182 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4183 dma->paddr + WPI_FW_DATA_MAXSZ); 4184 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 4185 wpi_nic_unlock(sc); 4186 4187 /* Load firmware boot code. */ 4188 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 4189 if (error != 0) { 4190 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4191 __func__); 4192 return error; 4193 } 4194 4195 /* Now press "execute". */ 4196 WPI_WRITE(sc, WPI_RESET, 0); 4197 4198 /* Wait at most one second for first alive notification. */ 4199 if ((error = msleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 4200 device_printf(sc->sc_dev, 4201 "%s: timeout waiting for adapter to initialize, error %d\n", 4202 __func__, error); 4203 return error; 4204 } 4205 4206 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 4207 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 4208 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4209 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->main.text, fw->main.textsz); 4210 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4211 4212 /* Tell adapter where to find runtime sections. */ 4213 if ((error = wpi_nic_lock(sc)) != 0) 4214 return error; 4215 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4216 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 4217 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4218 dma->paddr + WPI_FW_DATA_MAXSZ); 4219 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 4220 WPI_FW_UPDATED | fw->main.textsz); 4221 wpi_nic_unlock(sc); 4222 4223 return 0; 4224} 4225 4226static int 4227wpi_read_firmware(struct wpi_softc *sc) 4228{ 4229 const struct firmware *fp; 4230 struct wpi_fw_info *fw = &sc->fw; 4231 const struct wpi_firmware_hdr *hdr; 4232 int error; 4233 4234 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4235 4236 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4237 "Attempting Loading Firmware from %s module\n", WPI_FW_NAME); 4238 4239 WPI_UNLOCK(sc); 4240 fp = firmware_get(WPI_FW_NAME); 4241 WPI_LOCK(sc); 4242 4243 if (fp == NULL) { 4244 device_printf(sc->sc_dev, 4245 "could not load firmware image '%s'\n", WPI_FW_NAME); 4246 return EINVAL; 4247 } 4248 4249 sc->fw_fp = fp; 4250 4251 if (fp->datasize < sizeof (struct wpi_firmware_hdr)) { 4252 device_printf(sc->sc_dev, 4253 "firmware file too short: %zu bytes\n", fp->datasize); 4254 error = EINVAL; 4255 goto fail; 4256 } 4257 4258 fw->size = fp->datasize; 4259 fw->data = (const uint8_t *)fp->data; 4260 4261 /* Extract firmware header information. */ 4262 hdr = (const struct wpi_firmware_hdr *)fw->data; 4263 4264 /* | RUNTIME FIRMWARE | INIT FIRMWARE | BOOT FW | 4265 |HDR|<--TEXT-->|<--DATA-->|<--TEXT-->|<--DATA-->|<--TEXT-->| */ 4266 4267 fw->main.textsz = le32toh(hdr->rtextsz); 4268 fw->main.datasz = le32toh(hdr->rdatasz); 4269 fw->init.textsz = le32toh(hdr->itextsz); 4270 fw->init.datasz = le32toh(hdr->idatasz); 4271 fw->boot.textsz = le32toh(hdr->btextsz); 4272 fw->boot.datasz = 0; 4273 4274 /* Sanity-check firmware header. */ 4275 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 4276 fw->main.datasz > WPI_FW_DATA_MAXSZ || 4277 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 4278 fw->init.datasz > WPI_FW_DATA_MAXSZ || 4279 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 4280 (fw->boot.textsz & 3) != 0) { 4281 device_printf(sc->sc_dev, "invalid firmware header\n"); 4282 error = EINVAL; 4283 goto fail; 4284 } 4285 4286 /* Check that all firmware sections fit. */ 4287 if (fw->size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 4288 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 4289 device_printf(sc->sc_dev, 4290 "firmware file too short: %zu bytes\n", fw->size); 4291 error = EINVAL; 4292 goto fail; 4293 } 4294 4295 /* Get pointers to firmware sections. */ 4296 fw->main.text = (const uint8_t *)(hdr + 1); 4297 fw->main.data = fw->main.text + fw->main.textsz; 4298 fw->init.text = fw->main.data + fw->main.datasz; 4299 fw->init.data = fw->init.text + fw->init.textsz; 4300 fw->boot.text = fw->init.data + fw->init.datasz; 4301 4302 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4303 "Firmware Version: Major %d, Minor %d, Driver %d, \n" 4304 "runtime (text: %u, data: %u) init (text: %u, data %u) boot (text %u)\n", 4305 hdr->major, hdr->minor, le32toh(hdr->driver), 4306 fw->main.textsz, fw->main.datasz, 4307 fw->init.textsz, fw->init.datasz, fw->boot.textsz); 4308 4309 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.text %p\n", fw->main.text); 4310 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.data %p\n", fw->main.data); 4311 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.text %p\n", fw->init.text); 4312 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.data %p\n", fw->init.data); 4313 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->boot.text %p\n", fw->boot.text); 4314 4315 return 0; 4316 4317fail: wpi_unload_firmware(sc); 4318 return error; 4319} 4320 4321/** 4322 * Free the referenced firmware image 4323 */ 4324static void 4325wpi_unload_firmware(struct wpi_softc *sc) 4326{ 4327 if (sc->fw_fp != NULL) { 4328 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD); 4329 sc->fw_fp = NULL; 4330 } 4331} 4332 4333static int 4334wpi_clock_wait(struct wpi_softc *sc) 4335{ 4336 int ntries; 4337 4338 /* Set "initialization complete" bit. */ 4339 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 4340 4341 /* Wait for clock stabilization. */ 4342 for (ntries = 0; ntries < 2500; ntries++) { 4343 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 4344 return 0; 4345 DELAY(100); 4346 } 4347 device_printf(sc->sc_dev, 4348 "%s: timeout waiting for clock stabilization\n", __func__); 4349 4350 return ETIMEDOUT; 4351} 4352 4353static int 4354wpi_apm_init(struct wpi_softc *sc) 4355{ 4356 uint32_t reg; 4357 int error; 4358 4359 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4360 4361 /* Disable L0s exit timer (NMI bug workaround). */ 4362 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_DIS_L0S_TIMER); 4363 /* Don't wait for ICH L0s (ICH bug workaround). */ 4364 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 4365 4366 /* Set FH wait threshold to max (HW bug under stress workaround). */ 4367 WPI_SETBITS(sc, WPI_DBG_HPET_MEM, 0xffff0000); 4368 4369 /* Retrieve PCIe Active State Power Management (ASPM). */ 4370 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 4371 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */ 4372 if (reg & 0x02) /* L1 Entry enabled. */ 4373 WPI_SETBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4374 else 4375 WPI_CLRBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4376 4377 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 4378 4379 /* Wait for clock stabilization before accessing prph. */ 4380 if ((error = wpi_clock_wait(sc)) != 0) 4381 return error; 4382 4383 if ((error = wpi_nic_lock(sc)) != 0) 4384 return error; 4385 /* Enable DMA and BSM (Bootstrap State Machine). */ 4386 wpi_prph_write(sc, WPI_APMG_CLK_EN, 4387 WPI_APMG_CLK_CTRL_DMA_CLK_RQT | WPI_APMG_CLK_CTRL_BSM_CLK_RQT); 4388 DELAY(20); 4389 /* Disable L1-Active. */ 4390 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 4391 /* ??? */ 4392 wpi_prph_clrbits(sc, WPI_APMG_PS, 0x00000E00); 4393 wpi_nic_unlock(sc); 4394 4395 return 0; 4396} 4397 4398static void 4399wpi_apm_stop_master(struct wpi_softc *sc) 4400{ 4401 int ntries; 4402 4403 /* Stop busmaster DMA activity. */ 4404 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 4405 4406 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 4407 WPI_GP_CNTRL_MAC_PS) 4408 return; /* Already asleep. */ 4409 4410 for (ntries = 0; ntries < 100; ntries++) { 4411 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 4412 return; 4413 DELAY(10); 4414 } 4415 device_printf(sc->sc_dev, "%s: timeout waiting for master\n", __func__); 4416} 4417 4418static void 4419wpi_apm_stop(struct wpi_softc *sc) 4420{ 4421 wpi_apm_stop_master(sc); 4422 4423 /* Reset the entire device. */ 4424 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 4425 DELAY(10); 4426 /* Clear "initialization complete" bit. */ 4427 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 4428} 4429 4430static void 4431wpi_nic_config(struct wpi_softc *sc) 4432{ 4433 uint32_t rev; 4434 4435 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4436 4437 /* voodoo from the Linux "driver".. */ 4438 rev = pci_read_config(sc->sc_dev, PCIR_REVID, 1); 4439 if ((rev & 0xc0) == 0x40) 4440 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 4441 else if (!(rev & 0x80)) 4442 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 4443 4444 if (sc->cap == 0x80) 4445 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 4446 4447 if ((le16toh(sc->rev) & 0xf0) == 0xd0) 4448 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 4449 else 4450 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 4451 4452 if (sc->type > 1) 4453 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 4454} 4455 4456static int 4457wpi_hw_init(struct wpi_softc *sc) 4458{ 4459 int chnl, ntries, error; 4460 4461 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4462 4463 /* Clear pending interrupts. */ 4464 WPI_WRITE(sc, WPI_INT, 0xffffffff); 4465 4466 if ((error = wpi_apm_init(sc)) != 0) { 4467 device_printf(sc->sc_dev, 4468 "%s: could not power ON adapter, error %d\n", __func__, 4469 error); 4470 return error; 4471 } 4472 4473 /* Select VMAIN power source. */ 4474 if ((error = wpi_nic_lock(sc)) != 0) 4475 return error; 4476 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 4477 wpi_nic_unlock(sc); 4478 /* Spin until VMAIN gets selected. */ 4479 for (ntries = 0; ntries < 5000; ntries++) { 4480 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 4481 break; 4482 DELAY(10); 4483 } 4484 if (ntries == 5000) { 4485 device_printf(sc->sc_dev, "timeout selecting power source\n"); 4486 return ETIMEDOUT; 4487 } 4488 4489 /* Perform adapter initialization. */ 4490 wpi_nic_config(sc); 4491 4492 /* Initialize RX ring. */ 4493 if ((error = wpi_nic_lock(sc)) != 0) 4494 return error; 4495 /* Set physical address of RX ring. */ 4496 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 4497 /* Set physical address of RX read pointer. */ 4498 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 4499 offsetof(struct wpi_shared, next)); 4500 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 4501 /* Enable RX. */ 4502 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 4503 WPI_FH_RX_CONFIG_DMA_ENA | 4504 WPI_FH_RX_CONFIG_RDRBD_ENA | 4505 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 4506 WPI_FH_RX_CONFIG_MAXFRAG | 4507 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 4508 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 4509 WPI_FH_RX_CONFIG_IRQ_TIMEOUT(1)); 4510 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 4511 wpi_nic_unlock(sc); 4512 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 4513 4514 /* Initialize TX rings. */ 4515 if ((error = wpi_nic_lock(sc)) != 0) 4516 return error; 4517 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 4518 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 4519 /* Enable all 6 TX rings. */ 4520 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 4521 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 4522 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 4523 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 4524 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 4525 /* Set physical address of TX rings. */ 4526 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 4527 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 4528 4529 /* Enable all DMA channels. */ 4530 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 4531 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 4532 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 4533 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 4534 } 4535 wpi_nic_unlock(sc); 4536 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 4537 4538 /* Clear "radio off" and "commands blocked" bits. */ 4539 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 4540 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 4541 4542 /* Clear pending interrupts. */ 4543 WPI_WRITE(sc, WPI_INT, 0xffffffff); 4544 /* Enable interrupts. */ 4545 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 4546 4547 /* _Really_ make sure "radio off" bit is cleared! */ 4548 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 4549 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 4550 4551 if ((error = wpi_load_firmware(sc)) != 0) { 4552 device_printf(sc->sc_dev, 4553 "%s: could not load firmware, error %d\n", __func__, 4554 error); 4555 return error; 4556 } 4557 /* Wait at most one second for firmware alive notification. */ 4558 if ((error = msleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 4559 device_printf(sc->sc_dev, 4560 "%s: timeout waiting for adapter to initialize, error %d\n", 4561 __func__, error); 4562 return error; 4563 } 4564 4565 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4566 4567 /* Do post-firmware initialization. */ 4568 return wpi_post_alive(sc); 4569} 4570 4571static void 4572wpi_hw_stop(struct wpi_softc *sc) 4573{ 4574 int chnl, qid, ntries; 4575 4576 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4577 4578 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) 4579 wpi_nic_lock(sc); 4580 4581 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 4582 4583 /* Disable interrupts. */ 4584 WPI_WRITE(sc, WPI_INT_MASK, 0); 4585 WPI_WRITE(sc, WPI_INT, 0xffffffff); 4586 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 4587 4588 /* Make sure we no longer hold the NIC lock. */ 4589 wpi_nic_unlock(sc); 4590 4591 if (wpi_nic_lock(sc) == 0) { 4592 /* Stop TX scheduler. */ 4593 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 4594 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 4595 4596 /* Stop all DMA channels. */ 4597 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 4598 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 4599 for (ntries = 0; ntries < 200; ntries++) { 4600 if (WPI_READ(sc, WPI_FH_TX_STATUS) & 4601 WPI_FH_TX_STATUS_IDLE(chnl)) 4602 break; 4603 DELAY(10); 4604 } 4605 } 4606 wpi_nic_unlock(sc); 4607 } 4608 4609 /* Stop RX ring. */ 4610 wpi_reset_rx_ring(sc); 4611 4612 /* Reset all TX rings. */ 4613 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 4614 wpi_reset_tx_ring(sc, &sc->txq[qid]); 4615 4616 if (wpi_nic_lock(sc) == 0) { 4617 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 4618 WPI_APMG_CLK_CTRL_DMA_CLK_RQT); 4619 wpi_nic_unlock(sc); 4620 } 4621 DELAY(5); 4622 /* Power OFF adapter. */ 4623 wpi_apm_stop(sc); 4624} 4625 4626static void 4627wpi_radio_on(void *arg0, int pending) 4628{ 4629 struct wpi_softc *sc = arg0; 4630 struct ifnet *ifp = sc->sc_ifp; 4631 struct ieee80211com *ic = ifp->if_l2com; 4632 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4633 4634 device_printf(sc->sc_dev, "RF switch: radio enabled\n"); 4635 4636 if (vap != NULL) { 4637 wpi_init(sc); 4638 ieee80211_init(vap); 4639 } 4640 4641 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL) { 4642 WPI_LOCK(sc); 4643 callout_stop(&sc->watchdog_rfkill); 4644 WPI_UNLOCK(sc); 4645 } 4646} 4647 4648static void 4649wpi_radio_off(void *arg0, int pending) 4650{ 4651 struct wpi_softc *sc = arg0; 4652 struct ifnet *ifp = sc->sc_ifp; 4653 struct ieee80211com *ic = ifp->if_l2com; 4654 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4655 4656 device_printf(sc->sc_dev, "RF switch: radio disabled\n"); 4657 4658 wpi_stop(sc); 4659 if (vap != NULL) 4660 ieee80211_stop(vap); 4661 4662 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, sc); 4663} 4664 4665static void 4666wpi_init_locked(struct wpi_softc *sc) 4667{ 4668 struct ifnet *ifp = sc->sc_ifp; 4669 int error; 4670 4671 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4672 4673 WPI_LOCK_ASSERT(sc); 4674 4675 /* Check that the radio is not disabled by hardware switch. */ 4676 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 4677 device_printf(sc->sc_dev, 4678 "RF switch: radio disabled (%s)\n", __func__); 4679 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 4680 sc); 4681 return; 4682 } 4683 4684 /* Read firmware images from the filesystem. */ 4685 if ((error = wpi_read_firmware(sc)) != 0) { 4686 device_printf(sc->sc_dev, 4687 "%s: could not read firmware, error %d\n", __func__, 4688 error); 4689 goto fail; 4690 } 4691 4692 /* Initialize hardware and upload firmware. */ 4693 error = wpi_hw_init(sc); 4694 wpi_unload_firmware(sc); 4695 if (error != 0) { 4696 device_printf(sc->sc_dev, 4697 "%s: could not initialize hardware, error %d\n", __func__, 4698 error); 4699 goto fail; 4700 } 4701 4702 /* Configure adapter now that it is ready. */ 4703 if ((error = wpi_config(sc)) != 0) { 4704 device_printf(sc->sc_dev, 4705 "%s: could not configure device, error %d\n", __func__, 4706 error); 4707 goto fail; 4708 } 4709 4710 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 4711 ifp->if_drv_flags |= IFF_DRV_RUNNING; 4712 4713 callout_reset(&sc->watchdog_to, hz, wpi_watchdog, sc); 4714 4715 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4716 4717 return; 4718 4719fail: wpi_stop_locked(sc); 4720 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 4721} 4722 4723static void 4724wpi_init(void *arg) 4725{ 4726 struct wpi_softc *sc = arg; 4727 struct ifnet *ifp = sc->sc_ifp; 4728 struct ieee80211com *ic = ifp->if_l2com; 4729 4730 WPI_LOCK(sc); 4731 wpi_init_locked(sc); 4732 WPI_UNLOCK(sc); 4733 4734 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4735 ieee80211_start_all(ic); 4736} 4737 4738static void 4739wpi_stop_locked(struct wpi_softc *sc) 4740{ 4741 struct ifnet *ifp = sc->sc_ifp; 4742 4743 WPI_LOCK_ASSERT(sc); 4744 4745 sc->sc_scan_timer = 0; 4746 sc->sc_tx_timer = 0; 4747 callout_stop(&sc->watchdog_to); 4748 callout_stop(&sc->calib_to); 4749 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 4750 4751 /* Power OFF hardware. */ 4752 wpi_hw_stop(sc); 4753} 4754 4755static void 4756wpi_stop(struct wpi_softc *sc) 4757{ 4758 WPI_LOCK(sc); 4759 wpi_stop_locked(sc); 4760 WPI_UNLOCK(sc); 4761} 4762 4763/* 4764 * Callback from net80211 to start a scan. 4765 */ 4766static void 4767wpi_scan_start(struct ieee80211com *ic) 4768{ 4769 struct ifnet *ifp = ic->ic_ifp; 4770 struct wpi_softc *sc = ifp->if_softc; 4771 4772 WPI_LOCK(sc); 4773 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 4774 WPI_UNLOCK(sc); 4775} 4776 4777/* 4778 * Callback from net80211 to terminate a scan. 4779 */ 4780static void 4781wpi_scan_end(struct ieee80211com *ic) 4782{ 4783 struct ifnet *ifp = ic->ic_ifp; 4784 struct wpi_softc *sc = ifp->if_softc; 4785 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4786 4787 if (vap->iv_state == IEEE80211_S_RUN) { 4788 WPI_LOCK(sc); 4789 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 4790 WPI_UNLOCK(sc); 4791 } 4792} 4793 4794/** 4795 * Called by the net80211 framework to indicate to the driver 4796 * that the channel should be changed 4797 */ 4798static void 4799wpi_set_channel(struct ieee80211com *ic) 4800{ 4801 const struct ieee80211_channel *c = ic->ic_curchan; 4802 struct ifnet *ifp = ic->ic_ifp; 4803 struct wpi_softc *sc = ifp->if_softc; 4804 int error; 4805 4806 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4807 4808 WPI_LOCK(sc); 4809 sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq); 4810 sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags); 4811 sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq); 4812 sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags); 4813 4814 /* 4815 * Only need to set the channel in Monitor mode. AP scanning and auth 4816 * are already taken care of by their respective firmware commands. 4817 */ 4818 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 4819 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 4820 if (IEEE80211_IS_CHAN_2GHZ(c)) { 4821 sc->rxon.flags |= htole32(WPI_RXON_AUTO | 4822 WPI_RXON_24GHZ); 4823 } else { 4824 sc->rxon.flags &= ~htole32(WPI_RXON_AUTO | 4825 WPI_RXON_24GHZ); 4826 } 4827 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) 4828 device_printf(sc->sc_dev, 4829 "%s: error %d settting channel\n", __func__, 4830 error); 4831 } 4832 WPI_UNLOCK(sc); 4833} 4834 4835/** 4836 * Called by net80211 to indicate that we need to scan the current 4837 * channel. The channel is previously be set via the wpi_set_channel 4838 * callback. 4839 */ 4840static void 4841wpi_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 4842{ 4843 struct ieee80211vap *vap = ss->ss_vap; 4844 struct ieee80211com *ic = vap->iv_ic; 4845 struct ifnet *ifp = ic->ic_ifp; 4846 struct wpi_softc *sc = ifp->if_softc; 4847 int error; 4848 4849 if (sc->rxon.chan != ieee80211_chan2ieee(ic, ic->ic_curchan)) { 4850 WPI_LOCK(sc); 4851 error = wpi_scan(sc, ic->ic_curchan); 4852 WPI_UNLOCK(sc); 4853 if (error != 0) 4854 ieee80211_cancel_scan(vap); 4855 } else { 4856 /* Send probe request when associated. */ 4857 sc->sc_scan_curchan(ss, maxdwell); 4858 } 4859} 4860 4861/** 4862 * Called by the net80211 framework to indicate 4863 * the minimum dwell time has been met, terminate the scan. 4864 * We don't actually terminate the scan as the firmware will notify 4865 * us when it's finished and we have no way to interrupt it. 4866 */ 4867static void 4868wpi_scan_mindwell(struct ieee80211_scan_state *ss) 4869{ 4870 /* NB: don't try to abort scan; wait for firmware to finish */ 4871} 4872 4873static void 4874wpi_hw_reset(void *arg, int pending) 4875{ 4876 struct wpi_softc *sc = arg; 4877 struct ifnet *ifp = sc->sc_ifp; 4878 struct ieee80211com *ic = ifp->if_l2com; 4879 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4880 4881 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4882 4883 wpi_stop(sc); 4884 if (vap != NULL) 4885 ieee80211_stop(vap); 4886 wpi_init(sc); 4887 if (vap != NULL) 4888 ieee80211_init(vap); 4889} 4890