if_wpi.c revision 282388
1/*- 2 * Copyright (c) 2006,2007 3 * Damien Bergamini <damien.bergamini@free.fr> 4 * Benjamin Close <Benjamin.Close@clearchain.com> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/cdefs.h> 20__FBSDID("$FreeBSD: head/sys/dev/wpi/if_wpi.c 282388 2015-05-03 23:21:16Z adrian $"); 21 22/* 23 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 24 * 25 * The 3945ABG network adapter doesn't use traditional hardware as 26 * many other adaptors do. Instead at run time the eeprom is set into a known 27 * state and told to load boot firmware. The boot firmware loads an init and a 28 * main binary firmware image into SRAM on the card via DMA. 29 * Once the firmware is loaded, the driver/hw then 30 * communicate by way of circular dma rings via the SRAM to the firmware. 31 * 32 * There is 6 memory rings. 1 command ring, 1 rx data ring & 4 tx data rings. 33 * The 4 tx data rings allow for prioritization QoS. 34 * 35 * The rx data ring consists of 32 dma buffers. Two registers are used to 36 * indicate where in the ring the driver and the firmware are up to. The 37 * driver sets the initial read index (reg1) and the initial write index (reg2), 38 * the firmware updates the read index (reg1) on rx of a packet and fires an 39 * interrupt. The driver then processes the buffers starting at reg1 indicating 40 * to the firmware which buffers have been accessed by updating reg2. At the 41 * same time allocating new memory for the processed buffer. 42 * 43 * A similar thing happens with the tx rings. The difference is the firmware 44 * stop processing buffers once the queue is full and until confirmation 45 * of a successful transmition (tx_done) has occurred. 46 * 47 * The command ring operates in the same manner as the tx queues. 48 * 49 * All communication direct to the card (ie eeprom) is classed as Stage1 50 * communication 51 * 52 * All communication via the firmware to the card is classed as State2. 53 * The firmware consists of 2 parts. A bootstrap firmware and a runtime 54 * firmware. The bootstrap firmware and runtime firmware are loaded 55 * from host memory via dma to the card then told to execute. From this point 56 * on the majority of communications between the driver and the card goes 57 * via the firmware. 58 */ 59 60#include "opt_wlan.h" 61#include "opt_wpi.h" 62 63#include <sys/param.h> 64#include <sys/sysctl.h> 65#include <sys/sockio.h> 66#include <sys/mbuf.h> 67#include <sys/kernel.h> 68#include <sys/socket.h> 69#include <sys/systm.h> 70#include <sys/malloc.h> 71#include <sys/queue.h> 72#include <sys/taskqueue.h> 73#include <sys/module.h> 74#include <sys/bus.h> 75#include <sys/endian.h> 76#include <sys/linker.h> 77#include <sys/firmware.h> 78 79#include <machine/bus.h> 80#include <machine/resource.h> 81#include <sys/rman.h> 82 83#include <dev/pci/pcireg.h> 84#include <dev/pci/pcivar.h> 85 86#include <net/bpf.h> 87#include <net/if.h> 88#include <net/if_var.h> 89#include <net/if_arp.h> 90#include <net/ethernet.h> 91#include <net/if_dl.h> 92#include <net/if_media.h> 93#include <net/if_types.h> 94 95#include <netinet/in.h> 96#include <netinet/in_systm.h> 97#include <netinet/in_var.h> 98#include <netinet/if_ether.h> 99#include <netinet/ip.h> 100 101#include <net80211/ieee80211_var.h> 102#include <net80211/ieee80211_radiotap.h> 103#include <net80211/ieee80211_regdomain.h> 104#include <net80211/ieee80211_ratectl.h> 105 106#include <dev/wpi/if_wpireg.h> 107#include <dev/wpi/if_wpivar.h> 108#include <dev/wpi/if_wpi_debug.h> 109 110struct wpi_ident { 111 uint16_t vendor; 112 uint16_t device; 113 uint16_t subdevice; 114 const char *name; 115}; 116 117static const struct wpi_ident wpi_ident_table[] = { 118 /* The below entries support ABG regardless of the subid */ 119 { 0x8086, 0x4222, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 120 { 0x8086, 0x4227, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 121 /* The below entries only support BG */ 122 { 0x8086, 0x4222, 0x1005, "Intel(R) PRO/Wireless 3945BG" }, 123 { 0x8086, 0x4222, 0x1034, "Intel(R) PRO/Wireless 3945BG" }, 124 { 0x8086, 0x4227, 0x1014, "Intel(R) PRO/Wireless 3945BG" }, 125 { 0x8086, 0x4222, 0x1044, "Intel(R) PRO/Wireless 3945BG" }, 126 { 0, 0, 0, NULL } 127}; 128 129static int wpi_probe(device_t); 130static int wpi_attach(device_t); 131static void wpi_radiotap_attach(struct wpi_softc *); 132static void wpi_sysctlattach(struct wpi_softc *); 133static void wpi_init_beacon(struct wpi_vap *); 134static struct ieee80211vap *wpi_vap_create(struct ieee80211com *, 135 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 136 const uint8_t [IEEE80211_ADDR_LEN], 137 const uint8_t [IEEE80211_ADDR_LEN]); 138static void wpi_vap_delete(struct ieee80211vap *); 139static int wpi_detach(device_t); 140static int wpi_shutdown(device_t); 141static int wpi_suspend(device_t); 142static int wpi_resume(device_t); 143static int wpi_nic_lock(struct wpi_softc *); 144static int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 145static void wpi_dma_map_addr(void *, bus_dma_segment_t *, int, int); 146static int wpi_dma_contig_alloc(struct wpi_softc *, struct wpi_dma_info *, 147 void **, bus_size_t, bus_size_t); 148static void wpi_dma_contig_free(struct wpi_dma_info *); 149static int wpi_alloc_shared(struct wpi_softc *); 150static void wpi_free_shared(struct wpi_softc *); 151static int wpi_alloc_fwmem(struct wpi_softc *); 152static void wpi_free_fwmem(struct wpi_softc *); 153static int wpi_alloc_rx_ring(struct wpi_softc *); 154static void wpi_update_rx_ring(struct wpi_softc *); 155static void wpi_reset_rx_ring(struct wpi_softc *); 156static void wpi_free_rx_ring(struct wpi_softc *); 157static int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 158 int); 159static void wpi_update_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 160static void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 161static void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 162static int wpi_read_eeprom(struct wpi_softc *, 163 uint8_t macaddr[IEEE80211_ADDR_LEN]); 164static uint32_t wpi_eeprom_channel_flags(struct wpi_eeprom_chan *); 165static void wpi_read_eeprom_band(struct wpi_softc *, int); 166static int wpi_read_eeprom_channels(struct wpi_softc *, int); 167static struct wpi_eeprom_chan *wpi_find_eeprom_channel(struct wpi_softc *, 168 struct ieee80211_channel *); 169static int wpi_setregdomain(struct ieee80211com *, 170 struct ieee80211_regdomain *, int, 171 struct ieee80211_channel[]); 172static int wpi_read_eeprom_group(struct wpi_softc *, int); 173static int wpi_add_node_entry_adhoc(struct wpi_softc *); 174static void wpi_node_free(struct ieee80211_node *); 175static struct ieee80211_node *wpi_node_alloc(struct ieee80211vap *, 176 const uint8_t mac[IEEE80211_ADDR_LEN]); 177static int wpi_newstate(struct ieee80211vap *, enum ieee80211_state, int); 178static void wpi_calib_timeout(void *); 179static void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 180 struct wpi_rx_data *); 181static void wpi_rx_statistics(struct wpi_softc *, struct wpi_rx_desc *, 182 struct wpi_rx_data *); 183static void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 184static void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 185static void wpi_notif_intr(struct wpi_softc *); 186static void wpi_wakeup_intr(struct wpi_softc *); 187#ifdef WPI_DEBUG 188static void wpi_debug_registers(struct wpi_softc *); 189#endif 190static void wpi_fatal_intr(struct wpi_softc *); 191static void wpi_intr(void *); 192static int wpi_cmd2(struct wpi_softc *, struct wpi_buf *); 193static int wpi_tx_data(struct wpi_softc *, struct mbuf *, 194 struct ieee80211_node *); 195static int wpi_tx_data_raw(struct wpi_softc *, struct mbuf *, 196 struct ieee80211_node *, 197 const struct ieee80211_bpf_params *); 198static int wpi_raw_xmit(struct ieee80211_node *, struct mbuf *, 199 const struct ieee80211_bpf_params *); 200static void wpi_start(struct ifnet *); 201static void wpi_start_task(void *, int); 202static void wpi_watchdog_rfkill(void *); 203static void wpi_scan_timeout(void *); 204static void wpi_tx_timeout(void *); 205static int wpi_ioctl(struct ifnet *, u_long, caddr_t); 206static int wpi_cmd(struct wpi_softc *, int, const void *, size_t, int); 207static int wpi_mrr_setup(struct wpi_softc *); 208static int wpi_add_node(struct wpi_softc *, struct ieee80211_node *); 209static int wpi_add_broadcast_node(struct wpi_softc *, int); 210static int wpi_add_ibss_node(struct wpi_softc *, struct ieee80211_node *); 211static void wpi_del_node(struct wpi_softc *, struct ieee80211_node *); 212static int wpi_updateedca(struct ieee80211com *); 213static void wpi_set_promisc(struct wpi_softc *); 214static void wpi_update_promisc(struct ifnet *); 215static void wpi_update_mcast(struct ifnet *); 216static void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 217static int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 218static void wpi_power_calibration(struct wpi_softc *); 219static int wpi_set_txpower(struct wpi_softc *, int); 220static int wpi_get_power_index(struct wpi_softc *, 221 struct wpi_power_group *, uint8_t, int, int); 222static int wpi_set_pslevel(struct wpi_softc *, uint8_t, int, int); 223static int wpi_send_btcoex(struct wpi_softc *); 224static int wpi_send_rxon(struct wpi_softc *, int, int); 225static int wpi_config(struct wpi_softc *); 226static uint16_t wpi_get_active_dwell_time(struct wpi_softc *, 227 struct ieee80211_channel *, uint8_t); 228static uint16_t wpi_limit_dwell(struct wpi_softc *, uint16_t); 229static uint16_t wpi_get_passive_dwell_time(struct wpi_softc *, 230 struct ieee80211_channel *); 231static uint32_t wpi_get_scan_pause_time(uint32_t, uint16_t); 232static int wpi_scan(struct wpi_softc *, struct ieee80211_channel *); 233static int wpi_auth(struct wpi_softc *, struct ieee80211vap *); 234static int wpi_config_beacon(struct wpi_vap *); 235static int wpi_setup_beacon(struct wpi_softc *, struct ieee80211_node *); 236static void wpi_update_beacon(struct ieee80211vap *, int); 237static void wpi_newassoc(struct ieee80211_node *, int); 238static int wpi_run(struct wpi_softc *, struct ieee80211vap *); 239static int wpi_load_key(struct ieee80211_node *, 240 const struct ieee80211_key *); 241static void wpi_load_key_cb(void *, struct ieee80211_node *); 242static int wpi_set_global_keys(struct ieee80211_node *); 243static int wpi_del_key(struct ieee80211_node *, 244 const struct ieee80211_key *); 245static void wpi_del_key_cb(void *, struct ieee80211_node *); 246static int wpi_process_key(struct ieee80211vap *, 247 const struct ieee80211_key *, int); 248static int wpi_key_set(struct ieee80211vap *, 249 const struct ieee80211_key *, 250 const uint8_t mac[IEEE80211_ADDR_LEN]); 251static int wpi_key_delete(struct ieee80211vap *, 252 const struct ieee80211_key *); 253static int wpi_post_alive(struct wpi_softc *); 254static int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 255static int wpi_load_firmware(struct wpi_softc *); 256static int wpi_read_firmware(struct wpi_softc *); 257static void wpi_unload_firmware(struct wpi_softc *); 258static int wpi_clock_wait(struct wpi_softc *); 259static int wpi_apm_init(struct wpi_softc *); 260static void wpi_apm_stop_master(struct wpi_softc *); 261static void wpi_apm_stop(struct wpi_softc *); 262static void wpi_nic_config(struct wpi_softc *); 263static int wpi_hw_init(struct wpi_softc *); 264static void wpi_hw_stop(struct wpi_softc *); 265static void wpi_radio_on(void *, int); 266static void wpi_radio_off(void *, int); 267static void wpi_init(void *); 268static void wpi_stop_locked(struct wpi_softc *); 269static void wpi_stop(struct wpi_softc *); 270static void wpi_scan_start(struct ieee80211com *); 271static void wpi_scan_end(struct ieee80211com *); 272static void wpi_set_channel(struct ieee80211com *); 273static void wpi_scan_curchan(struct ieee80211_scan_state *, unsigned long); 274static void wpi_scan_mindwell(struct ieee80211_scan_state *); 275static void wpi_hw_reset(void *, int); 276 277static device_method_t wpi_methods[] = { 278 /* Device interface */ 279 DEVMETHOD(device_probe, wpi_probe), 280 DEVMETHOD(device_attach, wpi_attach), 281 DEVMETHOD(device_detach, wpi_detach), 282 DEVMETHOD(device_shutdown, wpi_shutdown), 283 DEVMETHOD(device_suspend, wpi_suspend), 284 DEVMETHOD(device_resume, wpi_resume), 285 286 DEVMETHOD_END 287}; 288 289static driver_t wpi_driver = { 290 "wpi", 291 wpi_methods, 292 sizeof (struct wpi_softc) 293}; 294static devclass_t wpi_devclass; 295 296DRIVER_MODULE(wpi, pci, wpi_driver, wpi_devclass, NULL, NULL); 297 298MODULE_VERSION(wpi, 1); 299 300MODULE_DEPEND(wpi, pci, 1, 1, 1); 301MODULE_DEPEND(wpi, wlan, 1, 1, 1); 302MODULE_DEPEND(wpi, firmware, 1, 1, 1); 303 304static int 305wpi_probe(device_t dev) 306{ 307 const struct wpi_ident *ident; 308 309 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 310 if (pci_get_vendor(dev) == ident->vendor && 311 pci_get_device(dev) == ident->device) { 312 device_set_desc(dev, ident->name); 313 return (BUS_PROBE_DEFAULT); 314 } 315 } 316 return ENXIO; 317} 318 319static int 320wpi_attach(device_t dev) 321{ 322 struct wpi_softc *sc = (struct wpi_softc *)device_get_softc(dev); 323 struct ieee80211com *ic; 324 struct ifnet *ifp; 325 int i, error, rid; 326#ifdef WPI_DEBUG 327 int supportsa = 1; 328 const struct wpi_ident *ident; 329#endif 330 uint8_t macaddr[IEEE80211_ADDR_LEN]; 331 332 sc->sc_dev = dev; 333 334#ifdef WPI_DEBUG 335 error = resource_int_value(device_get_name(sc->sc_dev), 336 device_get_unit(sc->sc_dev), "debug", &(sc->sc_debug)); 337 if (error != 0) 338 sc->sc_debug = 0; 339#else 340 sc->sc_debug = 0; 341#endif 342 343 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 344 345 /* 346 * Get the offset of the PCI Express Capability Structure in PCI 347 * Configuration Space. 348 */ 349 error = pci_find_cap(dev, PCIY_EXPRESS, &sc->sc_cap_off); 350 if (error != 0) { 351 device_printf(dev, "PCIe capability structure not found!\n"); 352 return error; 353 } 354 355 /* 356 * Some card's only support 802.11b/g not a, check to see if 357 * this is one such card. A 0x0 in the subdevice table indicates 358 * the entire subdevice range is to be ignored. 359 */ 360#ifdef WPI_DEBUG 361 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 362 if (ident->subdevice && 363 pci_get_subdevice(dev) == ident->subdevice) { 364 supportsa = 0; 365 break; 366 } 367 } 368#endif 369 370 /* Clear device-specific "PCI retry timeout" register (41h). */ 371 pci_write_config(dev, 0x41, 0, 1); 372 373 /* Enable bus-mastering. */ 374 pci_enable_busmaster(dev); 375 376 rid = PCIR_BAR(0); 377 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 378 RF_ACTIVE); 379 if (sc->mem == NULL) { 380 device_printf(dev, "can't map mem space\n"); 381 return ENOMEM; 382 } 383 sc->sc_st = rman_get_bustag(sc->mem); 384 sc->sc_sh = rman_get_bushandle(sc->mem); 385 386 i = 1; 387 rid = 0; 388 if (pci_alloc_msi(dev, &i) == 0) 389 rid = 1; 390 /* Install interrupt handler. */ 391 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 392 (rid != 0 ? 0 : RF_SHAREABLE)); 393 if (sc->irq == NULL) { 394 device_printf(dev, "can't map interrupt\n"); 395 error = ENOMEM; 396 goto fail; 397 } 398 399 WPI_LOCK_INIT(sc); 400 WPI_TX_LOCK_INIT(sc); 401 WPI_RXON_LOCK_INIT(sc); 402 WPI_NT_LOCK_INIT(sc); 403 WPI_TXQ_LOCK_INIT(sc); 404 WPI_TXQ_STATE_LOCK_INIT(sc); 405 406 /* Allocate DMA memory for firmware transfers. */ 407 if ((error = wpi_alloc_fwmem(sc)) != 0) { 408 device_printf(dev, 409 "could not allocate memory for firmware, error %d\n", 410 error); 411 goto fail; 412 } 413 414 /* Allocate shared page. */ 415 if ((error = wpi_alloc_shared(sc)) != 0) { 416 device_printf(dev, "could not allocate shared page\n"); 417 goto fail; 418 } 419 420 /* Allocate TX rings - 4 for QoS purposes, 1 for commands. */ 421 for (i = 0; i < WPI_NTXQUEUES; i++) { 422 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 423 device_printf(dev, 424 "could not allocate TX ring %d, error %d\n", i, 425 error); 426 goto fail; 427 } 428 } 429 430 /* Allocate RX ring. */ 431 if ((error = wpi_alloc_rx_ring(sc)) != 0) { 432 device_printf(dev, "could not allocate RX ring, error %d\n", 433 error); 434 goto fail; 435 } 436 437 /* Clear pending interrupts. */ 438 WPI_WRITE(sc, WPI_INT, 0xffffffff); 439 440 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 441 if (ifp == NULL) { 442 device_printf(dev, "can not allocate ifnet structure\n"); 443 goto fail; 444 } 445 446 ic = ifp->if_l2com; 447 ic->ic_ifp = ifp; 448 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 449 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 450 451 /* Set device capabilities. */ 452 ic->ic_caps = 453 IEEE80211_C_STA /* station mode supported */ 454 | IEEE80211_C_IBSS /* IBSS mode supported */ 455 | IEEE80211_C_HOSTAP /* Host access point mode */ 456 | IEEE80211_C_MONITOR /* monitor mode supported */ 457 | IEEE80211_C_AHDEMO /* adhoc demo mode */ 458 | IEEE80211_C_BGSCAN /* capable of bg scanning */ 459 | IEEE80211_C_TXPMGT /* tx power management */ 460 | IEEE80211_C_SHSLOT /* short slot time supported */ 461 | IEEE80211_C_WPA /* 802.11i */ 462 | IEEE80211_C_SHPREAMBLE /* short preamble supported */ 463 | IEEE80211_C_WME /* 802.11e */ 464 | IEEE80211_C_PMGT /* Station-side power mgmt */ 465 ; 466 467 ic->ic_cryptocaps = 468 IEEE80211_CRYPTO_AES_CCM; 469 470 /* 471 * Read in the eeprom and also setup the channels for 472 * net80211. We don't set the rates as net80211 does this for us 473 */ 474 if ((error = wpi_read_eeprom(sc, macaddr)) != 0) { 475 device_printf(dev, "could not read EEPROM, error %d\n", 476 error); 477 goto fail; 478 } 479 480#ifdef WPI_DEBUG 481 if (bootverbose) { 482 device_printf(sc->sc_dev, "Regulatory Domain: %.4s\n", 483 sc->domain); 484 device_printf(sc->sc_dev, "Hardware Type: %c\n", 485 sc->type > 1 ? 'B': '?'); 486 device_printf(sc->sc_dev, "Hardware Revision: %c\n", 487 ((sc->rev & 0xf0) == 0xd0) ? 'D': '?'); 488 device_printf(sc->sc_dev, "SKU %s support 802.11a\n", 489 supportsa ? "does" : "does not"); 490 491 /* XXX hw_config uses the PCIDEV for the Hardware rev. Must 492 check what sc->rev really represents - benjsc 20070615 */ 493 } 494#endif 495 496 if_initname(ifp, device_get_name(dev), device_get_unit(dev)); 497 ifp->if_softc = sc; 498 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 499 ifp->if_init = wpi_init; 500 ifp->if_ioctl = wpi_ioctl; 501 ifp->if_start = wpi_start; 502 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 503 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 504 IFQ_SET_READY(&ifp->if_snd); 505 506 ieee80211_ifattach(ic, macaddr); 507 ic->ic_vap_create = wpi_vap_create; 508 ic->ic_vap_delete = wpi_vap_delete; 509 ic->ic_raw_xmit = wpi_raw_xmit; 510 ic->ic_node_alloc = wpi_node_alloc; 511 sc->sc_node_free = ic->ic_node_free; 512 ic->ic_node_free = wpi_node_free; 513 ic->ic_wme.wme_update = wpi_updateedca; 514 ic->ic_update_promisc = wpi_update_promisc; 515 ic->ic_update_mcast = wpi_update_mcast; 516 ic->ic_newassoc = wpi_newassoc; 517 ic->ic_scan_start = wpi_scan_start; 518 ic->ic_scan_end = wpi_scan_end; 519 ic->ic_set_channel = wpi_set_channel; 520 ic->ic_scan_curchan = wpi_scan_curchan; 521 ic->ic_scan_mindwell = wpi_scan_mindwell; 522 ic->ic_setregdomain = wpi_setregdomain; 523 524 wpi_radiotap_attach(sc); 525 526 callout_init_mtx(&sc->calib_to, &sc->rxon_mtx, 0); 527 callout_init_mtx(&sc->scan_timeout, &sc->rxon_mtx, 0); 528 callout_init_mtx(&sc->tx_timeout, &sc->txq_state_mtx, 0); 529 callout_init_mtx(&sc->watchdog_rfkill, &sc->sc_mtx, 0); 530 TASK_INIT(&sc->sc_reinittask, 0, wpi_hw_reset, sc); 531 TASK_INIT(&sc->sc_radiooff_task, 0, wpi_radio_off, sc); 532 TASK_INIT(&sc->sc_radioon_task, 0, wpi_radio_on, sc); 533 TASK_INIT(&sc->sc_start_task, 0, wpi_start_task, sc); 534 535 sc->sc_tq = taskqueue_create("wpi_taskq", M_WAITOK, 536 taskqueue_thread_enqueue, &sc->sc_tq); 537 error = taskqueue_start_threads(&sc->sc_tq, 1, 0, "wpi_taskq"); 538 if (error != 0) { 539 device_printf(dev, "can't start threads, error %d\n", error); 540 goto fail; 541 } 542 543 wpi_sysctlattach(sc); 544 545 /* 546 * Hook our interrupt after all initialization is complete. 547 */ 548 error = bus_setup_intr(dev, sc->irq, INTR_TYPE_NET | INTR_MPSAFE, 549 NULL, wpi_intr, sc, &sc->sc_ih); 550 if (error != 0) { 551 device_printf(dev, "can't establish interrupt, error %d\n", 552 error); 553 goto fail; 554 } 555 556 if (bootverbose) 557 ieee80211_announce(ic); 558 559#ifdef WPI_DEBUG 560 if (sc->sc_debug & WPI_DEBUG_HW) 561 ieee80211_announce_channels(ic); 562#endif 563 564 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 565 return 0; 566 567fail: wpi_detach(dev); 568 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 569 return error; 570} 571 572/* 573 * Attach the interface to 802.11 radiotap. 574 */ 575static void 576wpi_radiotap_attach(struct wpi_softc *sc) 577{ 578 struct ifnet *ifp = sc->sc_ifp; 579 struct ieee80211com *ic = ifp->if_l2com; 580 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 581 ieee80211_radiotap_attach(ic, 582 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 583 WPI_TX_RADIOTAP_PRESENT, 584 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 585 WPI_RX_RADIOTAP_PRESENT); 586 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 587} 588 589static void 590wpi_sysctlattach(struct wpi_softc *sc) 591{ 592#ifdef WPI_DEBUG 593 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev); 594 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev); 595 596 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, 597 "debug", CTLFLAG_RW, &sc->sc_debug, sc->sc_debug, 598 "control debugging printfs"); 599#endif 600} 601 602static void 603wpi_init_beacon(struct wpi_vap *wvp) 604{ 605 struct wpi_buf *bcn = &wvp->wv_bcbuf; 606 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 607 608 cmd->id = WPI_ID_BROADCAST; 609 cmd->ofdm_mask = 0xff; 610 cmd->cck_mask = 0x0f; 611 cmd->lifetime = htole32(WPI_LIFETIME_INFINITE); 612 cmd->flags = htole32(WPI_TX_AUTO_SEQ | WPI_TX_INSERT_TSTAMP); 613 614 bcn->code = WPI_CMD_SET_BEACON; 615 bcn->ac = WPI_CMD_QUEUE_NUM; 616 bcn->size = sizeof(struct wpi_cmd_beacon); 617} 618 619static struct ieee80211vap * 620wpi_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 621 enum ieee80211_opmode opmode, int flags, 622 const uint8_t bssid[IEEE80211_ADDR_LEN], 623 const uint8_t mac[IEEE80211_ADDR_LEN]) 624{ 625 struct wpi_vap *wvp; 626 struct ieee80211vap *vap; 627 628 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 629 return NULL; 630 631 wvp = (struct wpi_vap *) malloc(sizeof(struct wpi_vap), 632 M_80211_VAP, M_NOWAIT | M_ZERO); 633 if (wvp == NULL) 634 return NULL; 635 vap = &wvp->wv_vap; 636 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 637 638 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) { 639 WPI_VAP_LOCK_INIT(wvp); 640 wpi_init_beacon(wvp); 641 } 642 643 /* Override with driver methods. */ 644 vap->iv_key_set = wpi_key_set; 645 vap->iv_key_delete = wpi_key_delete; 646 wvp->wv_newstate = vap->iv_newstate; 647 vap->iv_newstate = wpi_newstate; 648 vap->iv_update_beacon = wpi_update_beacon; 649 vap->iv_max_aid = WPI_ID_IBSS_MAX - WPI_ID_IBSS_MIN + 1; 650 651 ieee80211_ratectl_init(vap); 652 /* Complete setup. */ 653 ieee80211_vap_attach(vap, ieee80211_media_change, 654 ieee80211_media_status); 655 ic->ic_opmode = opmode; 656 return vap; 657} 658 659static void 660wpi_vap_delete(struct ieee80211vap *vap) 661{ 662 struct wpi_vap *wvp = WPI_VAP(vap); 663 struct wpi_buf *bcn = &wvp->wv_bcbuf; 664 enum ieee80211_opmode opmode = vap->iv_opmode; 665 666 ieee80211_ratectl_deinit(vap); 667 ieee80211_vap_detach(vap); 668 669 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) { 670 if (bcn->m != NULL) 671 m_freem(bcn->m); 672 673 WPI_VAP_LOCK_DESTROY(wvp); 674 } 675 676 free(wvp, M_80211_VAP); 677} 678 679static int 680wpi_detach(device_t dev) 681{ 682 struct wpi_softc *sc = device_get_softc(dev); 683 struct ifnet *ifp = sc->sc_ifp; 684 struct ieee80211com *ic; 685 int qid; 686 687 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 688 689 if (ifp != NULL) { 690 ic = ifp->if_l2com; 691 692 ieee80211_draintask(ic, &sc->sc_radioon_task); 693 ieee80211_draintask(ic, &sc->sc_start_task); 694 695 wpi_stop(sc); 696 697 taskqueue_drain_all(sc->sc_tq); 698 taskqueue_free(sc->sc_tq); 699 700 callout_drain(&sc->watchdog_rfkill); 701 callout_drain(&sc->tx_timeout); 702 callout_drain(&sc->scan_timeout); 703 callout_drain(&sc->calib_to); 704 ieee80211_ifdetach(ic); 705 } 706 707 /* Uninstall interrupt handler. */ 708 if (sc->irq != NULL) { 709 bus_teardown_intr(dev, sc->irq, sc->sc_ih); 710 bus_release_resource(dev, SYS_RES_IRQ, rman_get_rid(sc->irq), 711 sc->irq); 712 pci_release_msi(dev); 713 } 714 715 if (sc->txq[0].data_dmat) { 716 /* Free DMA resources. */ 717 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 718 wpi_free_tx_ring(sc, &sc->txq[qid]); 719 720 wpi_free_rx_ring(sc); 721 wpi_free_shared(sc); 722 } 723 724 if (sc->fw_dma.tag) 725 wpi_free_fwmem(sc); 726 727 if (sc->mem != NULL) 728 bus_release_resource(dev, SYS_RES_MEMORY, 729 rman_get_rid(sc->mem), sc->mem); 730 731 if (ifp != NULL) 732 if_free(ifp); 733 734 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 735 WPI_TXQ_STATE_LOCK_DESTROY(sc); 736 WPI_TXQ_LOCK_DESTROY(sc); 737 WPI_NT_LOCK_DESTROY(sc); 738 WPI_RXON_LOCK_DESTROY(sc); 739 WPI_TX_LOCK_DESTROY(sc); 740 WPI_LOCK_DESTROY(sc); 741 return 0; 742} 743 744static int 745wpi_shutdown(device_t dev) 746{ 747 struct wpi_softc *sc = device_get_softc(dev); 748 749 wpi_stop(sc); 750 return 0; 751} 752 753static int 754wpi_suspend(device_t dev) 755{ 756 struct wpi_softc *sc = device_get_softc(dev); 757 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 758 759 ieee80211_suspend_all(ic); 760 return 0; 761} 762 763static int 764wpi_resume(device_t dev) 765{ 766 struct wpi_softc *sc = device_get_softc(dev); 767 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 768 769 /* Clear device-specific "PCI retry timeout" register (41h). */ 770 pci_write_config(dev, 0x41, 0, 1); 771 772 ieee80211_resume_all(ic); 773 return 0; 774} 775 776/* 777 * Grab exclusive access to NIC memory. 778 */ 779static int 780wpi_nic_lock(struct wpi_softc *sc) 781{ 782 int ntries; 783 784 /* Request exclusive access to NIC. */ 785 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 786 787 /* Spin until we actually get the lock. */ 788 for (ntries = 0; ntries < 1000; ntries++) { 789 if ((WPI_READ(sc, WPI_GP_CNTRL) & 790 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 791 WPI_GP_CNTRL_MAC_ACCESS_ENA) 792 return 0; 793 DELAY(10); 794 } 795 796 device_printf(sc->sc_dev, "could not lock memory\n"); 797 798 return ETIMEDOUT; 799} 800 801/* 802 * Release lock on NIC memory. 803 */ 804static __inline void 805wpi_nic_unlock(struct wpi_softc *sc) 806{ 807 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 808} 809 810static __inline uint32_t 811wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 812{ 813 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 814 WPI_BARRIER_READ_WRITE(sc); 815 return WPI_READ(sc, WPI_PRPH_RDATA); 816} 817 818static __inline void 819wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 820{ 821 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 822 WPI_BARRIER_WRITE(sc); 823 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 824} 825 826static __inline void 827wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 828{ 829 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 830} 831 832static __inline void 833wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 834{ 835 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 836} 837 838static __inline void 839wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 840 const uint32_t *data, int count) 841{ 842 for (; count > 0; count--, data++, addr += 4) 843 wpi_prph_write(sc, addr, *data); 844} 845 846static __inline uint32_t 847wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 848{ 849 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 850 WPI_BARRIER_READ_WRITE(sc); 851 return WPI_READ(sc, WPI_MEM_RDATA); 852} 853 854static __inline void 855wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 856 int count) 857{ 858 for (; count > 0; count--, addr += 4) 859 *data++ = wpi_mem_read(sc, addr); 860} 861 862static int 863wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 864{ 865 uint8_t *out = data; 866 uint32_t val; 867 int error, ntries; 868 869 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 870 871 if ((error = wpi_nic_lock(sc)) != 0) 872 return error; 873 874 for (; count > 0; count -= 2, addr++) { 875 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 876 for (ntries = 0; ntries < 10; ntries++) { 877 val = WPI_READ(sc, WPI_EEPROM); 878 if (val & WPI_EEPROM_READ_VALID) 879 break; 880 DELAY(5); 881 } 882 if (ntries == 10) { 883 device_printf(sc->sc_dev, 884 "timeout reading ROM at 0x%x\n", addr); 885 return ETIMEDOUT; 886 } 887 *out++= val >> 16; 888 if (count > 1) 889 *out ++= val >> 24; 890 } 891 892 wpi_nic_unlock(sc); 893 894 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 895 896 return 0; 897} 898 899static void 900wpi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 901{ 902 if (error != 0) 903 return; 904 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 905 *(bus_addr_t *)arg = segs[0].ds_addr; 906} 907 908/* 909 * Allocates a contiguous block of dma memory of the requested size and 910 * alignment. 911 */ 912static int 913wpi_dma_contig_alloc(struct wpi_softc *sc, struct wpi_dma_info *dma, 914 void **kvap, bus_size_t size, bus_size_t alignment) 915{ 916 int error; 917 918 dma->tag = NULL; 919 dma->size = size; 920 921 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment, 922 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 923 1, size, BUS_DMA_NOWAIT, NULL, NULL, &dma->tag); 924 if (error != 0) 925 goto fail; 926 927 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 928 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 929 if (error != 0) 930 goto fail; 931 932 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 933 wpi_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 934 if (error != 0) 935 goto fail; 936 937 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 938 939 if (kvap != NULL) 940 *kvap = dma->vaddr; 941 942 return 0; 943 944fail: wpi_dma_contig_free(dma); 945 return error; 946} 947 948static void 949wpi_dma_contig_free(struct wpi_dma_info *dma) 950{ 951 if (dma->vaddr != NULL) { 952 bus_dmamap_sync(dma->tag, dma->map, 953 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 954 bus_dmamap_unload(dma->tag, dma->map); 955 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 956 dma->vaddr = NULL; 957 } 958 if (dma->tag != NULL) { 959 bus_dma_tag_destroy(dma->tag); 960 dma->tag = NULL; 961 } 962} 963 964/* 965 * Allocate a shared page between host and NIC. 966 */ 967static int 968wpi_alloc_shared(struct wpi_softc *sc) 969{ 970 /* Shared buffer must be aligned on a 4KB boundary. */ 971 return wpi_dma_contig_alloc(sc, &sc->shared_dma, 972 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 973} 974 975static void 976wpi_free_shared(struct wpi_softc *sc) 977{ 978 wpi_dma_contig_free(&sc->shared_dma); 979} 980 981/* 982 * Allocate DMA-safe memory for firmware transfer. 983 */ 984static int 985wpi_alloc_fwmem(struct wpi_softc *sc) 986{ 987 /* Must be aligned on a 16-byte boundary. */ 988 return wpi_dma_contig_alloc(sc, &sc->fw_dma, NULL, 989 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 990} 991 992static void 993wpi_free_fwmem(struct wpi_softc *sc) 994{ 995 wpi_dma_contig_free(&sc->fw_dma); 996} 997 998static int 999wpi_alloc_rx_ring(struct wpi_softc *sc) 1000{ 1001 struct wpi_rx_ring *ring = &sc->rxq; 1002 bus_size_t size; 1003 int i, error; 1004 1005 ring->cur = 0; 1006 ring->update = 0; 1007 1008 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1009 1010 /* Allocate RX descriptors (16KB aligned.) */ 1011 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 1012 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, 1013 (void **)&ring->desc, size, WPI_RING_DMA_ALIGN); 1014 if (error != 0) { 1015 device_printf(sc->sc_dev, 1016 "%s: could not allocate RX ring DMA memory, error %d\n", 1017 __func__, error); 1018 goto fail; 1019 } 1020 1021 /* Create RX buffer DMA tag. */ 1022 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1023 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 1024 MJUMPAGESIZE, 1, MJUMPAGESIZE, BUS_DMA_NOWAIT, NULL, NULL, 1025 &ring->data_dmat); 1026 if (error != 0) { 1027 device_printf(sc->sc_dev, 1028 "%s: could not create RX buf DMA tag, error %d\n", 1029 __func__, error); 1030 goto fail; 1031 } 1032 1033 /* 1034 * Allocate and map RX buffers. 1035 */ 1036 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1037 struct wpi_rx_data *data = &ring->data[i]; 1038 bus_addr_t paddr; 1039 1040 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1041 if (error != 0) { 1042 device_printf(sc->sc_dev, 1043 "%s: could not create RX buf DMA map, error %d\n", 1044 __func__, error); 1045 goto fail; 1046 } 1047 1048 data->m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1049 if (data->m == NULL) { 1050 device_printf(sc->sc_dev, 1051 "%s: could not allocate RX mbuf\n", __func__); 1052 error = ENOBUFS; 1053 goto fail; 1054 } 1055 1056 error = bus_dmamap_load(ring->data_dmat, data->map, 1057 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1058 &paddr, BUS_DMA_NOWAIT); 1059 if (error != 0 && error != EFBIG) { 1060 device_printf(sc->sc_dev, 1061 "%s: can't map mbuf (error %d)\n", __func__, 1062 error); 1063 goto fail; 1064 } 1065 1066 /* Set physical address of RX buffer. */ 1067 ring->desc[i] = htole32(paddr); 1068 } 1069 1070 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1071 BUS_DMASYNC_PREWRITE); 1072 1073 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1074 1075 return 0; 1076 1077fail: wpi_free_rx_ring(sc); 1078 1079 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1080 1081 return error; 1082} 1083 1084static void 1085wpi_update_rx_ring(struct wpi_softc *sc) 1086{ 1087 struct wpi_rx_ring *ring = &sc->rxq; 1088 1089 if (ring->update != 0) { 1090 /* Wait for INT_WAKEUP event. */ 1091 return; 1092 } 1093 1094 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1095 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s: wakeup request\n", 1096 __func__); 1097 1098 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1099 ring->update = 1; 1100 } else 1101 WPI_WRITE(sc, WPI_FH_RX_WPTR, ring->cur & ~7); 1102} 1103 1104static void 1105wpi_reset_rx_ring(struct wpi_softc *sc) 1106{ 1107 struct wpi_rx_ring *ring = &sc->rxq; 1108 int ntries; 1109 1110 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1111 1112 if (wpi_nic_lock(sc) == 0) { 1113 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 1114 for (ntries = 0; ntries < 1000; ntries++) { 1115 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 1116 WPI_FH_RX_STATUS_IDLE) 1117 break; 1118 DELAY(10); 1119 } 1120 wpi_nic_unlock(sc); 1121 } 1122 1123 ring->cur = 0; 1124 ring->update = 0; 1125} 1126 1127static void 1128wpi_free_rx_ring(struct wpi_softc *sc) 1129{ 1130 struct wpi_rx_ring *ring = &sc->rxq; 1131 int i; 1132 1133 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1134 1135 wpi_dma_contig_free(&ring->desc_dma); 1136 1137 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1138 struct wpi_rx_data *data = &ring->data[i]; 1139 1140 if (data->m != NULL) { 1141 bus_dmamap_sync(ring->data_dmat, data->map, 1142 BUS_DMASYNC_POSTREAD); 1143 bus_dmamap_unload(ring->data_dmat, data->map); 1144 m_freem(data->m); 1145 data->m = NULL; 1146 } 1147 if (data->map != NULL) 1148 bus_dmamap_destroy(ring->data_dmat, data->map); 1149 } 1150 if (ring->data_dmat != NULL) { 1151 bus_dma_tag_destroy(ring->data_dmat); 1152 ring->data_dmat = NULL; 1153 } 1154} 1155 1156static int 1157wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 1158{ 1159 bus_addr_t paddr; 1160 bus_size_t size; 1161 int i, error; 1162 1163 ring->qid = qid; 1164 ring->queued = 0; 1165 ring->cur = 0; 1166 ring->update = 0; 1167 1168 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1169 1170 /* Allocate TX descriptors (16KB aligned.) */ 1171 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 1172 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc, 1173 size, WPI_RING_DMA_ALIGN); 1174 if (error != 0) { 1175 device_printf(sc->sc_dev, 1176 "%s: could not allocate TX ring DMA memory, error %d\n", 1177 __func__, error); 1178 goto fail; 1179 } 1180 1181 /* Update shared area with ring physical address. */ 1182 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 1183 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 1184 BUS_DMASYNC_PREWRITE); 1185 1186 /* 1187 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 1188 * to allocate commands space for other rings. 1189 * XXX Do we really need to allocate descriptors for other rings? 1190 */ 1191 if (qid > WPI_CMD_QUEUE_NUM) { 1192 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1193 return 0; 1194 } 1195 1196 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 1197 error = wpi_dma_contig_alloc(sc, &ring->cmd_dma, (void **)&ring->cmd, 1198 size, 4); 1199 if (error != 0) { 1200 device_printf(sc->sc_dev, 1201 "%s: could not allocate TX cmd DMA memory, error %d\n", 1202 __func__, error); 1203 goto fail; 1204 } 1205 1206 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1207 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1208 WPI_MAX_SCATTER - 1, MCLBYTES, BUS_DMA_NOWAIT, NULL, NULL, 1209 &ring->data_dmat); 1210 if (error != 0) { 1211 device_printf(sc->sc_dev, 1212 "%s: could not create TX buf DMA tag, error %d\n", 1213 __func__, error); 1214 goto fail; 1215 } 1216 1217 paddr = ring->cmd_dma.paddr; 1218 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1219 struct wpi_tx_data *data = &ring->data[i]; 1220 1221 data->cmd_paddr = paddr; 1222 paddr += sizeof (struct wpi_tx_cmd); 1223 1224 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1225 if (error != 0) { 1226 device_printf(sc->sc_dev, 1227 "%s: could not create TX buf DMA map, error %d\n", 1228 __func__, error); 1229 goto fail; 1230 } 1231 } 1232 1233 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1234 1235 return 0; 1236 1237fail: wpi_free_tx_ring(sc, ring); 1238 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1239 return error; 1240} 1241 1242static void 1243wpi_update_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1244{ 1245 if (ring->update != 0) { 1246 /* Wait for INT_WAKEUP event. */ 1247 return; 1248 } 1249 1250 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1251 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s (%d): requesting wakeup\n", 1252 __func__, ring->qid); 1253 1254 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1255 ring->update = 1; 1256 } else 1257 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1258} 1259 1260static void 1261wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1262{ 1263 int i; 1264 1265 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1266 1267 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1268 struct wpi_tx_data *data = &ring->data[i]; 1269 1270 if (data->m != NULL) { 1271 bus_dmamap_sync(ring->data_dmat, data->map, 1272 BUS_DMASYNC_POSTWRITE); 1273 bus_dmamap_unload(ring->data_dmat, data->map); 1274 m_freem(data->m); 1275 data->m = NULL; 1276 } 1277 } 1278 /* Clear TX descriptors. */ 1279 memset(ring->desc, 0, ring->desc_dma.size); 1280 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1281 BUS_DMASYNC_PREWRITE); 1282 sc->qfullmsk &= ~(1 << ring->qid); 1283 ring->queued = 0; 1284 ring->cur = 0; 1285 ring->update = 0; 1286} 1287 1288static void 1289wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1290{ 1291 int i; 1292 1293 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1294 1295 wpi_dma_contig_free(&ring->desc_dma); 1296 wpi_dma_contig_free(&ring->cmd_dma); 1297 1298 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1299 struct wpi_tx_data *data = &ring->data[i]; 1300 1301 if (data->m != NULL) { 1302 bus_dmamap_sync(ring->data_dmat, data->map, 1303 BUS_DMASYNC_POSTWRITE); 1304 bus_dmamap_unload(ring->data_dmat, data->map); 1305 m_freem(data->m); 1306 } 1307 if (data->map != NULL) 1308 bus_dmamap_destroy(ring->data_dmat, data->map); 1309 } 1310 if (ring->data_dmat != NULL) { 1311 bus_dma_tag_destroy(ring->data_dmat); 1312 ring->data_dmat = NULL; 1313 } 1314} 1315 1316/* 1317 * Extract various information from EEPROM. 1318 */ 1319static int 1320wpi_read_eeprom(struct wpi_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN]) 1321{ 1322#define WPI_CHK(res) do { \ 1323 if ((error = res) != 0) \ 1324 goto fail; \ 1325} while (0) 1326 int error, i; 1327 1328 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1329 1330 /* Adapter has to be powered on for EEPROM access to work. */ 1331 if ((error = wpi_apm_init(sc)) != 0) { 1332 device_printf(sc->sc_dev, 1333 "%s: could not power ON adapter, error %d\n", __func__, 1334 error); 1335 return error; 1336 } 1337 1338 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 1339 device_printf(sc->sc_dev, "bad EEPROM signature\n"); 1340 error = EIO; 1341 goto fail; 1342 } 1343 /* Clear HW ownership of EEPROM. */ 1344 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 1345 1346 /* Read the hardware capabilities, revision and SKU type. */ 1347 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_SKU_CAP, &sc->cap, 1348 sizeof(sc->cap))); 1349 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 1350 sizeof(sc->rev))); 1351 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1352 sizeof(sc->type))); 1353 1354 sc->rev = le16toh(sc->rev); 1355 DPRINTF(sc, WPI_DEBUG_EEPROM, "cap=%x rev=%x type=%x\n", sc->cap, 1356 sc->rev, sc->type); 1357 1358 /* Read the regulatory domain (4 ASCII characters.) */ 1359 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, sc->domain, 1360 sizeof(sc->domain))); 1361 1362 /* Read MAC address. */ 1363 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_MAC, macaddr, 1364 IEEE80211_ADDR_LEN)); 1365 1366 /* Read the list of authorized channels. */ 1367 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 1368 WPI_CHK(wpi_read_eeprom_channels(sc, i)); 1369 1370 /* Read the list of TX power groups. */ 1371 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 1372 WPI_CHK(wpi_read_eeprom_group(sc, i)); 1373 1374fail: wpi_apm_stop(sc); /* Power OFF adapter. */ 1375 1376 DPRINTF(sc, WPI_DEBUG_TRACE, error ? TRACE_STR_END_ERR : TRACE_STR_END, 1377 __func__); 1378 1379 return error; 1380#undef WPI_CHK 1381} 1382 1383/* 1384 * Translate EEPROM flags to net80211. 1385 */ 1386static uint32_t 1387wpi_eeprom_channel_flags(struct wpi_eeprom_chan *channel) 1388{ 1389 uint32_t nflags; 1390 1391 nflags = 0; 1392 if ((channel->flags & WPI_EEPROM_CHAN_ACTIVE) == 0) 1393 nflags |= IEEE80211_CHAN_PASSIVE; 1394 if ((channel->flags & WPI_EEPROM_CHAN_IBSS) == 0) 1395 nflags |= IEEE80211_CHAN_NOADHOC; 1396 if (channel->flags & WPI_EEPROM_CHAN_RADAR) { 1397 nflags |= IEEE80211_CHAN_DFS; 1398 /* XXX apparently IBSS may still be marked */ 1399 nflags |= IEEE80211_CHAN_NOADHOC; 1400 } 1401 1402 /* XXX HOSTAP uses WPI_MODE_IBSS */ 1403 if (nflags & IEEE80211_CHAN_NOADHOC) 1404 nflags |= IEEE80211_CHAN_NOHOSTAP; 1405 1406 return nflags; 1407} 1408 1409static void 1410wpi_read_eeprom_band(struct wpi_softc *sc, int n) 1411{ 1412 struct ifnet *ifp = sc->sc_ifp; 1413 struct ieee80211com *ic = ifp->if_l2com; 1414 struct wpi_eeprom_chan *channels = sc->eeprom_channels[n]; 1415 const struct wpi_chan_band *band = &wpi_bands[n]; 1416 struct ieee80211_channel *c; 1417 uint8_t chan; 1418 int i, nflags; 1419 1420 for (i = 0; i < band->nchan; i++) { 1421 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) { 1422 DPRINTF(sc, WPI_DEBUG_EEPROM, 1423 "Channel Not Valid: %d, band %d\n", 1424 band->chan[i],n); 1425 continue; 1426 } 1427 1428 chan = band->chan[i]; 1429 nflags = wpi_eeprom_channel_flags(&channels[i]); 1430 1431 c = &ic->ic_channels[ic->ic_nchans++]; 1432 c->ic_ieee = chan; 1433 c->ic_maxregpower = channels[i].maxpwr; 1434 c->ic_maxpower = 2*c->ic_maxregpower; 1435 1436 if (n == 0) { /* 2GHz band */ 1437 c->ic_freq = ieee80211_ieee2mhz(chan, 1438 IEEE80211_CHAN_G); 1439 1440 /* G =>'s B is supported */ 1441 c->ic_flags = IEEE80211_CHAN_B | nflags; 1442 c = &ic->ic_channels[ic->ic_nchans++]; 1443 c[0] = c[-1]; 1444 c->ic_flags = IEEE80211_CHAN_G | nflags; 1445 } else { /* 5GHz band */ 1446 c->ic_freq = ieee80211_ieee2mhz(chan, 1447 IEEE80211_CHAN_A); 1448 1449 c->ic_flags = IEEE80211_CHAN_A | nflags; 1450 } 1451 1452 /* Save maximum allowed TX power for this channel. */ 1453 sc->maxpwr[chan] = channels[i].maxpwr; 1454 1455 DPRINTF(sc, WPI_DEBUG_EEPROM, 1456 "adding chan %d (%dMHz) flags=0x%x maxpwr=%d passive=%d," 1457 " offset %d\n", chan, c->ic_freq, 1458 channels[i].flags, sc->maxpwr[chan], 1459 IEEE80211_IS_CHAN_PASSIVE(c), ic->ic_nchans); 1460 } 1461} 1462 1463/** 1464 * Read the eeprom to find out what channels are valid for the given 1465 * band and update net80211 with what we find. 1466 */ 1467static int 1468wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 1469{ 1470 struct ifnet *ifp = sc->sc_ifp; 1471 struct ieee80211com *ic = ifp->if_l2com; 1472 const struct wpi_chan_band *band = &wpi_bands[n]; 1473 int error; 1474 1475 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1476 1477 error = wpi_read_prom_data(sc, band->addr, &sc->eeprom_channels[n], 1478 band->nchan * sizeof (struct wpi_eeprom_chan)); 1479 if (error != 0) { 1480 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1481 return error; 1482 } 1483 1484 wpi_read_eeprom_band(sc, n); 1485 1486 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans); 1487 1488 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1489 1490 return 0; 1491} 1492 1493static struct wpi_eeprom_chan * 1494wpi_find_eeprom_channel(struct wpi_softc *sc, struct ieee80211_channel *c) 1495{ 1496 int i, j; 1497 1498 for (j = 0; j < WPI_CHAN_BANDS_COUNT; j++) 1499 for (i = 0; i < wpi_bands[j].nchan; i++) 1500 if (wpi_bands[j].chan[i] == c->ic_ieee) 1501 return &sc->eeprom_channels[j][i]; 1502 1503 return NULL; 1504} 1505 1506/* 1507 * Enforce flags read from EEPROM. 1508 */ 1509static int 1510wpi_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd, 1511 int nchan, struct ieee80211_channel chans[]) 1512{ 1513 struct ifnet *ifp = ic->ic_ifp; 1514 struct wpi_softc *sc = ifp->if_softc; 1515 int i; 1516 1517 for (i = 0; i < nchan; i++) { 1518 struct ieee80211_channel *c = &chans[i]; 1519 struct wpi_eeprom_chan *channel; 1520 1521 channel = wpi_find_eeprom_channel(sc, c); 1522 if (channel == NULL) { 1523 if_printf(ic->ic_ifp, 1524 "%s: invalid channel %u freq %u/0x%x\n", 1525 __func__, c->ic_ieee, c->ic_freq, c->ic_flags); 1526 return EINVAL; 1527 } 1528 c->ic_flags |= wpi_eeprom_channel_flags(channel); 1529 } 1530 1531 return 0; 1532} 1533 1534static int 1535wpi_read_eeprom_group(struct wpi_softc *sc, int n) 1536{ 1537 struct wpi_power_group *group = &sc->groups[n]; 1538 struct wpi_eeprom_group rgroup; 1539 int i, error; 1540 1541 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1542 1543 if ((error = wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, 1544 &rgroup, sizeof rgroup)) != 0) { 1545 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1546 return error; 1547 } 1548 1549 /* Save TX power group information. */ 1550 group->chan = rgroup.chan; 1551 group->maxpwr = rgroup.maxpwr; 1552 /* Retrieve temperature at which the samples were taken. */ 1553 group->temp = (int16_t)le16toh(rgroup.temp); 1554 1555 DPRINTF(sc, WPI_DEBUG_EEPROM, 1556 "power group %d: chan=%d maxpwr=%d temp=%d\n", n, group->chan, 1557 group->maxpwr, group->temp); 1558 1559 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 1560 group->samples[i].index = rgroup.samples[i].index; 1561 group->samples[i].power = rgroup.samples[i].power; 1562 1563 DPRINTF(sc, WPI_DEBUG_EEPROM, 1564 "\tsample %d: index=%d power=%d\n", i, 1565 group->samples[i].index, group->samples[i].power); 1566 } 1567 1568 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1569 1570 return 0; 1571} 1572 1573static int 1574wpi_add_node_entry_adhoc(struct wpi_softc *sc) 1575{ 1576 int newid = WPI_ID_IBSS_MIN; 1577 1578 for (; newid <= WPI_ID_IBSS_MAX; newid++) { 1579 if ((sc->nodesmsk & (1 << newid)) == 0) { 1580 sc->nodesmsk |= 1 << newid; 1581 return newid; 1582 } 1583 } 1584 1585 return WPI_ID_UNDEFINED; 1586} 1587 1588static __inline int 1589wpi_add_node_entry_sta(struct wpi_softc *sc) 1590{ 1591 sc->nodesmsk |= 1 << WPI_ID_BSS; 1592 1593 return WPI_ID_BSS; 1594} 1595 1596static __inline int 1597wpi_check_node_entry(struct wpi_softc *sc, uint8_t id) 1598{ 1599 if (id == WPI_ID_UNDEFINED) 1600 return 0; 1601 1602 return (sc->nodesmsk >> id) & 1; 1603} 1604 1605static __inline void 1606wpi_clear_node_table(struct wpi_softc *sc) 1607{ 1608 sc->nodesmsk = 0; 1609} 1610 1611static __inline void 1612wpi_del_node_entry(struct wpi_softc *sc, uint8_t id) 1613{ 1614 sc->nodesmsk &= ~(1 << id); 1615} 1616 1617static struct ieee80211_node * 1618wpi_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1619{ 1620 struct wpi_node *wn; 1621 1622 wn = malloc(sizeof (struct wpi_node), M_80211_NODE, 1623 M_NOWAIT | M_ZERO); 1624 1625 if (wn == NULL) 1626 return NULL; 1627 1628 wn->id = WPI_ID_UNDEFINED; 1629 1630 return &wn->ni; 1631} 1632 1633static void 1634wpi_node_free(struct ieee80211_node *ni) 1635{ 1636 struct ieee80211com *ic = ni->ni_ic; 1637 struct wpi_softc *sc = ic->ic_ifp->if_softc; 1638 struct wpi_node *wn = WPI_NODE(ni); 1639 1640 if (wn->id != WPI_ID_UNDEFINED) { 1641 WPI_NT_LOCK(sc); 1642 if (wpi_check_node_entry(sc, wn->id)) { 1643 wpi_del_node_entry(sc, wn->id); 1644 wpi_del_node(sc, ni); 1645 } 1646 WPI_NT_UNLOCK(sc); 1647 } 1648 1649 sc->sc_node_free(ni); 1650} 1651 1652static __inline int 1653wpi_check_bss_filter(struct wpi_softc *sc) 1654{ 1655 return (sc->rxon.filter & htole32(WPI_FILTER_BSS)) != 0; 1656} 1657 1658/** 1659 * Called by net80211 when ever there is a change to 80211 state machine 1660 */ 1661static int 1662wpi_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1663{ 1664 struct wpi_vap *wvp = WPI_VAP(vap); 1665 struct ieee80211com *ic = vap->iv_ic; 1666 struct ifnet *ifp = ic->ic_ifp; 1667 struct wpi_softc *sc = ifp->if_softc; 1668 int error = 0; 1669 1670 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1671 1672 DPRINTF(sc, WPI_DEBUG_STATE, "%s: %s -> %s\n", __func__, 1673 ieee80211_state_name[vap->iv_state], 1674 ieee80211_state_name[nstate]); 1675 1676 if (vap->iv_state == IEEE80211_S_RUN && nstate < IEEE80211_S_RUN) { 1677 if ((error = wpi_set_pslevel(sc, 0, 0, 1)) != 0) { 1678 device_printf(sc->sc_dev, 1679 "%s: could not set power saving level\n", 1680 __func__); 1681 return error; 1682 } 1683 1684 wpi_set_led(sc, WPI_LED_LINK, 1, 0); 1685 } 1686 1687 switch (nstate) { 1688 case IEEE80211_S_SCAN: 1689 WPI_RXON_LOCK(sc); 1690 if (wpi_check_bss_filter(sc) != 0) { 1691 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1692 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 1693 device_printf(sc->sc_dev, 1694 "%s: could not send RXON\n", __func__); 1695 } 1696 } 1697 WPI_RXON_UNLOCK(sc); 1698 break; 1699 1700 case IEEE80211_S_ASSOC: 1701 if (vap->iv_state != IEEE80211_S_RUN) 1702 break; 1703 /* FALLTHROUGH */ 1704 case IEEE80211_S_AUTH: 1705 /* 1706 * The node must be registered in the firmware before auth. 1707 * Also the associd must be cleared on RUN -> ASSOC 1708 * transitions. 1709 */ 1710 if ((error = wpi_auth(sc, vap)) != 0) { 1711 device_printf(sc->sc_dev, 1712 "%s: could not move to AUTH state, error %d\n", 1713 __func__, error); 1714 } 1715 break; 1716 1717 case IEEE80211_S_RUN: 1718 /* 1719 * RUN -> RUN transition; Just restart the timers. 1720 */ 1721 if (vap->iv_state == IEEE80211_S_RUN) { 1722 WPI_RXON_LOCK(sc); 1723 wpi_calib_timeout(sc); 1724 WPI_RXON_UNLOCK(sc); 1725 break; 1726 } 1727 1728 /* 1729 * !RUN -> RUN requires setting the association id 1730 * which is done with a firmware cmd. We also defer 1731 * starting the timers until that work is done. 1732 */ 1733 if ((error = wpi_run(sc, vap)) != 0) { 1734 device_printf(sc->sc_dev, 1735 "%s: could not move to RUN state\n", __func__); 1736 } 1737 break; 1738 1739 default: 1740 break; 1741 } 1742 if (error != 0) { 1743 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1744 return error; 1745 } 1746 1747 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1748 1749 return wvp->wv_newstate(vap, nstate, arg); 1750} 1751 1752static void 1753wpi_calib_timeout(void *arg) 1754{ 1755 struct wpi_softc *sc = arg; 1756 1757 if (wpi_check_bss_filter(sc) == 0) 1758 return; 1759 1760 wpi_power_calibration(sc); 1761 1762 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 1763} 1764 1765static __inline uint8_t 1766rate2plcp(const uint8_t rate) 1767{ 1768 switch (rate) { 1769 case 12: return 0xd; 1770 case 18: return 0xf; 1771 case 24: return 0x5; 1772 case 36: return 0x7; 1773 case 48: return 0x9; 1774 case 72: return 0xb; 1775 case 96: return 0x1; 1776 case 108: return 0x3; 1777 case 2: return 10; 1778 case 4: return 20; 1779 case 11: return 55; 1780 case 22: return 110; 1781 default: return 0; 1782 } 1783} 1784 1785static __inline uint8_t 1786plcp2rate(const uint8_t plcp) 1787{ 1788 switch (plcp) { 1789 case 0xd: return 12; 1790 case 0xf: return 18; 1791 case 0x5: return 24; 1792 case 0x7: return 36; 1793 case 0x9: return 48; 1794 case 0xb: return 72; 1795 case 0x1: return 96; 1796 case 0x3: return 108; 1797 case 10: return 2; 1798 case 20: return 4; 1799 case 55: return 11; 1800 case 110: return 22; 1801 default: return 0; 1802 } 1803} 1804 1805/* Quickly determine if a given rate is CCK or OFDM. */ 1806#define WPI_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1807 1808static void 1809wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1810 struct wpi_rx_data *data) 1811{ 1812 struct ifnet *ifp = sc->sc_ifp; 1813 struct ieee80211com *ic = ifp->if_l2com; 1814 struct wpi_rx_ring *ring = &sc->rxq; 1815 struct wpi_rx_stat *stat; 1816 struct wpi_rx_head *head; 1817 struct wpi_rx_tail *tail; 1818 struct ieee80211_frame *wh; 1819 struct ieee80211_node *ni; 1820 struct mbuf *m, *m1; 1821 bus_addr_t paddr; 1822 uint32_t flags; 1823 uint16_t len; 1824 int error; 1825 1826 stat = (struct wpi_rx_stat *)(desc + 1); 1827 1828 if (stat->len > WPI_STAT_MAXLEN) { 1829 device_printf(sc->sc_dev, "invalid RX statistic header\n"); 1830 goto fail1; 1831 } 1832 1833 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 1834 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1835 len = le16toh(head->len); 1836 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + len); 1837 flags = le32toh(tail->flags); 1838 1839 DPRINTF(sc, WPI_DEBUG_RECV, "%s: idx %d len %d stat len %u rssi %d" 1840 " rate %x chan %d tstamp %ju\n", __func__, ring->cur, 1841 le32toh(desc->len), len, (int8_t)stat->rssi, 1842 head->plcp, head->chan, (uintmax_t)le64toh(tail->tstamp)); 1843 1844 /* Discard frames with a bad FCS early. */ 1845 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1846 DPRINTF(sc, WPI_DEBUG_RECV, "%s: RX flags error %x\n", 1847 __func__, flags); 1848 goto fail1; 1849 } 1850 /* Discard frames that are too short. */ 1851 if (len < sizeof (*wh)) { 1852 DPRINTF(sc, WPI_DEBUG_RECV, "%s: frame too short: %d\n", 1853 __func__, len); 1854 goto fail1; 1855 } 1856 1857 m1 = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1858 if (m1 == NULL) { 1859 DPRINTF(sc, WPI_DEBUG_ANY, "%s: no mbuf to restock ring\n", 1860 __func__); 1861 goto fail1; 1862 } 1863 bus_dmamap_unload(ring->data_dmat, data->map); 1864 1865 error = bus_dmamap_load(ring->data_dmat, data->map, mtod(m1, void *), 1866 MJUMPAGESIZE, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 1867 if (error != 0 && error != EFBIG) { 1868 device_printf(sc->sc_dev, 1869 "%s: bus_dmamap_load failed, error %d\n", __func__, error); 1870 m_freem(m1); 1871 1872 /* Try to reload the old mbuf. */ 1873 error = bus_dmamap_load(ring->data_dmat, data->map, 1874 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1875 &paddr, BUS_DMA_NOWAIT); 1876 if (error != 0 && error != EFBIG) { 1877 panic("%s: could not load old RX mbuf", __func__); 1878 } 1879 /* Physical address may have changed. */ 1880 ring->desc[ring->cur] = htole32(paddr); 1881 bus_dmamap_sync(ring->data_dmat, ring->desc_dma.map, 1882 BUS_DMASYNC_PREWRITE); 1883 goto fail1; 1884 } 1885 1886 m = data->m; 1887 data->m = m1; 1888 /* Update RX descriptor. */ 1889 ring->desc[ring->cur] = htole32(paddr); 1890 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1891 BUS_DMASYNC_PREWRITE); 1892 1893 /* Finalize mbuf. */ 1894 m->m_pkthdr.rcvif = ifp; 1895 m->m_data = (caddr_t)(head + 1); 1896 m->m_pkthdr.len = m->m_len = len; 1897 1898 /* Grab a reference to the source node. */ 1899 wh = mtod(m, struct ieee80211_frame *); 1900 1901 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1902 (flags & WPI_RX_CIPHER_MASK) == WPI_RX_CIPHER_CCMP) { 1903 /* Check whether decryption was successful or not. */ 1904 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1905 DPRINTF(sc, WPI_DEBUG_RECV, 1906 "CCMP decryption failed 0x%x\n", flags); 1907 goto fail2; 1908 } 1909 m->m_flags |= M_WEP; 1910 } 1911 1912 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 1913 1914 if (ieee80211_radiotap_active(ic)) { 1915 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1916 1917 tap->wr_flags = 0; 1918 if (head->flags & htole16(WPI_STAT_FLAG_SHPREAMBLE)) 1919 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1920 tap->wr_dbm_antsignal = (int8_t)(stat->rssi + WPI_RSSI_OFFSET); 1921 tap->wr_dbm_antnoise = WPI_RSSI_OFFSET; 1922 tap->wr_tsft = tail->tstamp; 1923 tap->wr_antenna = (le16toh(head->flags) >> 4) & 0xf; 1924 tap->wr_rate = plcp2rate(head->plcp); 1925 } 1926 1927 WPI_UNLOCK(sc); 1928 1929 /* Send the frame to the 802.11 layer. */ 1930 if (ni != NULL) { 1931 (void)ieee80211_input(ni, m, stat->rssi, WPI_RSSI_OFFSET); 1932 /* Node is no longer needed. */ 1933 ieee80211_free_node(ni); 1934 } else 1935 (void)ieee80211_input_all(ic, m, stat->rssi, WPI_RSSI_OFFSET); 1936 1937 WPI_LOCK(sc); 1938 1939 return; 1940 1941fail2: m_freem(m); 1942 1943fail1: if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1944} 1945 1946static void 1947wpi_rx_statistics(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1948 struct wpi_rx_data *data) 1949{ 1950 /* Ignore */ 1951} 1952 1953static void 1954wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1955{ 1956 struct ifnet *ifp = sc->sc_ifp; 1957 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1958 struct wpi_tx_data *data = &ring->data[desc->idx]; 1959 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1960 struct mbuf *m; 1961 struct ieee80211_node *ni; 1962 struct ieee80211vap *vap; 1963 struct ieee80211com *ic; 1964 uint32_t status = le32toh(stat->status); 1965 int ackfailcnt = stat->ackfailcnt / WPI_NTRIES_DEFAULT; 1966 1967 KASSERT(data->ni != NULL, ("no node")); 1968 KASSERT(data->m != NULL, ("no mbuf")); 1969 1970 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1971 1972 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: " 1973 "qid %d idx %d retries %d btkillcnt %d rate %x duration %d " 1974 "status %x\n", __func__, desc->qid, desc->idx, stat->ackfailcnt, 1975 stat->btkillcnt, stat->rate, le32toh(stat->duration), status); 1976 1977 /* Unmap and free mbuf. */ 1978 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTWRITE); 1979 bus_dmamap_unload(ring->data_dmat, data->map); 1980 m = data->m, data->m = NULL; 1981 ni = data->ni, data->ni = NULL; 1982 vap = ni->ni_vap; 1983 ic = vap->iv_ic; 1984 1985 /* 1986 * Update rate control statistics for the node. 1987 */ 1988 if (status & WPI_TX_STATUS_FAIL) { 1989 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1990 ieee80211_ratectl_tx_complete(vap, ni, 1991 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL); 1992 } else { 1993 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 1994 ieee80211_ratectl_tx_complete(vap, ni, 1995 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL); 1996 } 1997 1998 ieee80211_tx_complete(ni, m, (status & WPI_TX_STATUS_FAIL) != 0); 1999 2000 WPI_TXQ_STATE_LOCK(sc); 2001 ring->queued -= 1; 2002 if (ring->queued > 0) { 2003 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, sc); 2004 2005 if (sc->qfullmsk != 0 && 2006 ring->queued < WPI_TX_RING_LOMARK) { 2007 sc->qfullmsk &= ~(1 << ring->qid); 2008 IF_LOCK(&ifp->if_snd); 2009 if (sc->qfullmsk == 0 && 2010 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) { 2011 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2012 IF_UNLOCK(&ifp->if_snd); 2013 ieee80211_runtask(ic, &sc->sc_start_task); 2014 } else 2015 IF_UNLOCK(&ifp->if_snd); 2016 } 2017 } else 2018 callout_stop(&sc->tx_timeout); 2019 WPI_TXQ_STATE_UNLOCK(sc); 2020 2021 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2022} 2023 2024/* 2025 * Process a "command done" firmware notification. This is where we wakeup 2026 * processes waiting for a synchronous command completion. 2027 */ 2028static void 2029wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 2030{ 2031 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 2032 struct wpi_tx_data *data; 2033 2034 DPRINTF(sc, WPI_DEBUG_CMD, "cmd notification qid %x idx %d flags %x " 2035 "type %s len %d\n", desc->qid, desc->idx, 2036 desc->flags, wpi_cmd_str(desc->type), 2037 le32toh(desc->len)); 2038 2039 if ((desc->qid & WPI_RX_DESC_QID_MSK) != WPI_CMD_QUEUE_NUM) 2040 return; /* Not a command ack. */ 2041 2042 KASSERT(ring->queued == 0, ("ring->queued must be 0")); 2043 2044 data = &ring->data[desc->idx]; 2045 2046 /* If the command was mapped in an mbuf, free it. */ 2047 if (data->m != NULL) { 2048 bus_dmamap_sync(ring->data_dmat, data->map, 2049 BUS_DMASYNC_POSTWRITE); 2050 bus_dmamap_unload(ring->data_dmat, data->map); 2051 m_freem(data->m); 2052 data->m = NULL; 2053 } 2054 2055 wakeup(&ring->cmd[desc->idx]); 2056} 2057 2058static void 2059wpi_notif_intr(struct wpi_softc *sc) 2060{ 2061 struct ifnet *ifp = sc->sc_ifp; 2062 struct ieee80211com *ic = ifp->if_l2com; 2063 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2064 uint32_t hw; 2065 2066 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 2067 BUS_DMASYNC_POSTREAD); 2068 2069 hw = le32toh(sc->shared->next); 2070 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 2071 2072 while (sc->rxq.cur != hw) { 2073 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 2074 2075 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 2076 struct wpi_rx_desc *desc; 2077 2078 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2079 BUS_DMASYNC_POSTREAD); 2080 desc = mtod(data->m, struct wpi_rx_desc *); 2081 2082 DPRINTF(sc, WPI_DEBUG_NOTIFY, 2083 "%s: cur=%d; qid %x idx %d flags %x type %d(%s) len %d\n", 2084 __func__, sc->rxq.cur, desc->qid, desc->idx, desc->flags, 2085 desc->type, wpi_cmd_str(desc->type), le32toh(desc->len)); 2086 2087 if (!(desc->qid & WPI_UNSOLICITED_RX_NOTIF)) { 2088 /* Reply to a command. */ 2089 wpi_cmd_done(sc, desc); 2090 } 2091 2092 switch (desc->type) { 2093 case WPI_RX_DONE: 2094 /* An 802.11 frame has been received. */ 2095 wpi_rx_done(sc, desc, data); 2096 2097 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2098 /* wpi_stop() was called. */ 2099 return; 2100 } 2101 2102 break; 2103 2104 case WPI_TX_DONE: 2105 /* An 802.11 frame has been transmitted. */ 2106 wpi_tx_done(sc, desc); 2107 break; 2108 2109 case WPI_RX_STATISTICS: 2110 case WPI_BEACON_STATISTICS: 2111 wpi_rx_statistics(sc, desc, data); 2112 break; 2113 2114 case WPI_BEACON_MISSED: 2115 { 2116 struct wpi_beacon_missed *miss = 2117 (struct wpi_beacon_missed *)(desc + 1); 2118 uint32_t expected, misses, received; 2119 2120 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2121 BUS_DMASYNC_POSTREAD); 2122 2123 misses = le32toh(miss->consecutive); 2124 expected = le32toh(miss->expected); 2125 received = le32toh(miss->received); 2126 2127 DPRINTF(sc, WPI_DEBUG_BMISS, 2128 "%s: beacons missed %d/%d\n", __func__, misses, 2129 le32toh(miss->total)); 2130 2131 if (vap->iv_state == IEEE80211_S_RUN && 2132 (ic->ic_flags & IEEE80211_F_SCAN) == 0 && 2133 (misses >= vap->iv_bmissthreshold || 2134 (received == 0 && 2135 expected >= vap->iv_bmissthreshold))) 2136 ieee80211_beacon_miss(ic); 2137 2138 break; 2139 } 2140 case WPI_UC_READY: 2141 { 2142 struct wpi_ucode_info *uc = 2143 (struct wpi_ucode_info *)(desc + 1); 2144 2145 /* The microcontroller is ready. */ 2146 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2147 BUS_DMASYNC_POSTREAD); 2148 DPRINTF(sc, WPI_DEBUG_RESET, 2149 "microcode alive notification version=%d.%d " 2150 "subtype=%x alive=%x\n", uc->major, uc->minor, 2151 uc->subtype, le32toh(uc->valid)); 2152 2153 if (le32toh(uc->valid) != 1) { 2154 device_printf(sc->sc_dev, 2155 "microcontroller initialization failed\n"); 2156 wpi_stop_locked(sc); 2157 } 2158 /* Save the address of the error log in SRAM. */ 2159 sc->errptr = le32toh(uc->errptr); 2160 break; 2161 } 2162 case WPI_STATE_CHANGED: 2163 { 2164 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2165 BUS_DMASYNC_POSTREAD); 2166 2167 uint32_t *status = (uint32_t *)(desc + 1); 2168 2169 DPRINTF(sc, WPI_DEBUG_STATE, "state changed to %x\n", 2170 le32toh(*status)); 2171 2172 if (le32toh(*status) & 1) { 2173 WPI_NT_LOCK(sc); 2174 wpi_clear_node_table(sc); 2175 WPI_NT_UNLOCK(sc); 2176 taskqueue_enqueue(sc->sc_tq, 2177 &sc->sc_radiooff_task); 2178 return; 2179 } 2180 break; 2181 } 2182 case WPI_START_SCAN: 2183 { 2184 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2185 BUS_DMASYNC_POSTREAD); 2186#ifdef WPI_DEBUG 2187 struct wpi_start_scan *scan = 2188 (struct wpi_start_scan *)(desc + 1); 2189 DPRINTF(sc, WPI_DEBUG_SCAN, 2190 "%s: scanning channel %d status %x\n", 2191 __func__, scan->chan, le32toh(scan->status)); 2192#endif 2193 break; 2194 } 2195 case WPI_STOP_SCAN: 2196 { 2197 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2198 BUS_DMASYNC_POSTREAD); 2199#ifdef WPI_DEBUG 2200 struct wpi_stop_scan *scan = 2201 (struct wpi_stop_scan *)(desc + 1); 2202 DPRINTF(sc, WPI_DEBUG_SCAN, 2203 "scan finished nchan=%d status=%d chan=%d\n", 2204 scan->nchan, scan->status, scan->chan); 2205#endif 2206 WPI_RXON_LOCK(sc); 2207 callout_stop(&sc->scan_timeout); 2208 WPI_RXON_UNLOCK(sc); 2209 ieee80211_scan_next(vap); 2210 break; 2211 } 2212 } 2213 2214 if (sc->rxq.cur % 8 == 0) { 2215 /* Tell the firmware what we have processed. */ 2216 wpi_update_rx_ring(sc); 2217 } 2218 } 2219} 2220 2221/* 2222 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up 2223 * from power-down sleep mode. 2224 */ 2225static void 2226wpi_wakeup_intr(struct wpi_softc *sc) 2227{ 2228 int qid; 2229 2230 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 2231 "%s: ucode wakeup from power-down sleep\n", __func__); 2232 2233 /* Wakeup RX and TX rings. */ 2234 if (sc->rxq.update) { 2235 sc->rxq.update = 0; 2236 wpi_update_rx_ring(sc); 2237 } 2238 WPI_TXQ_LOCK(sc); 2239 for (qid = 0; qid < WPI_DRV_NTXQUEUES; qid++) { 2240 struct wpi_tx_ring *ring = &sc->txq[qid]; 2241 2242 if (ring->update) { 2243 ring->update = 0; 2244 wpi_update_tx_ring(sc, ring); 2245 } 2246 } 2247 WPI_TXQ_UNLOCK(sc); 2248 2249 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 2250} 2251 2252/* 2253 * This function prints firmware registers 2254 */ 2255#ifdef WPI_DEBUG 2256static void 2257wpi_debug_registers(struct wpi_softc *sc) 2258{ 2259#define COUNTOF(array) (sizeof(array) / sizeof(array[0])) 2260 int i; 2261 static const uint32_t csr_tbl[] = { 2262 WPI_HW_IF_CONFIG, 2263 WPI_INT, 2264 WPI_INT_MASK, 2265 WPI_FH_INT, 2266 WPI_GPIO_IN, 2267 WPI_RESET, 2268 WPI_GP_CNTRL, 2269 WPI_EEPROM, 2270 WPI_EEPROM_GP, 2271 WPI_GIO, 2272 WPI_UCODE_GP1, 2273 WPI_UCODE_GP2, 2274 WPI_GIO_CHICKEN, 2275 WPI_ANA_PLL, 2276 WPI_DBG_HPET_MEM, 2277 }; 2278 static const uint32_t prph_tbl[] = { 2279 WPI_APMG_CLK_CTRL, 2280 WPI_APMG_PS, 2281 WPI_APMG_PCI_STT, 2282 WPI_APMG_RFKILL, 2283 }; 2284 2285 DPRINTF(sc, WPI_DEBUG_REGISTER,"%s","\n"); 2286 2287 for (i = 0; i < COUNTOF(csr_tbl); i++) { 2288 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2289 wpi_get_csr_string(csr_tbl[i]), WPI_READ(sc, csr_tbl[i])); 2290 2291 if ((i + 1) % 2 == 0) 2292 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2293 } 2294 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n\n"); 2295 2296 if (wpi_nic_lock(sc) == 0) { 2297 for (i = 0; i < COUNTOF(prph_tbl); i++) { 2298 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2299 wpi_get_prph_string(prph_tbl[i]), 2300 wpi_prph_read(sc, prph_tbl[i])); 2301 2302 if ((i + 1) % 2 == 0) 2303 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2304 } 2305 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2306 wpi_nic_unlock(sc); 2307 } else { 2308 DPRINTF(sc, WPI_DEBUG_REGISTER, 2309 "Cannot access internal registers.\n"); 2310 } 2311#undef COUNTOF 2312} 2313#endif 2314 2315/* 2316 * Dump the error log of the firmware when a firmware panic occurs. Although 2317 * we can't debug the firmware because it is neither open source nor free, it 2318 * can help us to identify certain classes of problems. 2319 */ 2320static void 2321wpi_fatal_intr(struct wpi_softc *sc) 2322{ 2323 struct wpi_fw_dump dump; 2324 uint32_t i, offset, count; 2325 const uint32_t size_errmsg = 2326 (sizeof (wpi_fw_errmsg) / sizeof ((wpi_fw_errmsg)[0])); 2327 2328 /* Check that the error log address is valid. */ 2329 if (sc->errptr < WPI_FW_DATA_BASE || 2330 sc->errptr + sizeof (dump) > 2331 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 2332 printf("%s: bad firmware error log address 0x%08x\n", __func__, 2333 sc->errptr); 2334 return; 2335 } 2336 if (wpi_nic_lock(sc) != 0) { 2337 printf("%s: could not read firmware error log\n", __func__); 2338 return; 2339 } 2340 /* Read number of entries in the log. */ 2341 count = wpi_mem_read(sc, sc->errptr); 2342 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 2343 printf("%s: invalid count field (count = %u)\n", __func__, 2344 count); 2345 wpi_nic_unlock(sc); 2346 return; 2347 } 2348 /* Skip "count" field. */ 2349 offset = sc->errptr + sizeof (uint32_t); 2350 printf("firmware error log (count = %u):\n", count); 2351 for (i = 0; i < count; i++) { 2352 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 2353 sizeof (dump) / sizeof (uint32_t)); 2354 2355 printf(" error type = \"%s\" (0x%08X)\n", 2356 (dump.desc < size_errmsg) ? 2357 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 2358 dump.desc); 2359 printf(" error data = 0x%08X\n", 2360 dump.data); 2361 printf(" branch link = 0x%08X%08X\n", 2362 dump.blink[0], dump.blink[1]); 2363 printf(" interrupt link = 0x%08X%08X\n", 2364 dump.ilink[0], dump.ilink[1]); 2365 printf(" time = %u\n", dump.time); 2366 2367 offset += sizeof (dump); 2368 } 2369 wpi_nic_unlock(sc); 2370 /* Dump driver status (TX and RX rings) while we're here. */ 2371 printf("driver status:\n"); 2372 WPI_TXQ_LOCK(sc); 2373 for (i = 0; i < WPI_DRV_NTXQUEUES; i++) { 2374 struct wpi_tx_ring *ring = &sc->txq[i]; 2375 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 2376 i, ring->qid, ring->cur, ring->queued); 2377 } 2378 WPI_TXQ_UNLOCK(sc); 2379 printf(" rx ring: cur=%d\n", sc->rxq.cur); 2380} 2381 2382static void 2383wpi_intr(void *arg) 2384{ 2385 struct wpi_softc *sc = arg; 2386 struct ifnet *ifp = sc->sc_ifp; 2387 uint32_t r1, r2; 2388 2389 WPI_LOCK(sc); 2390 2391 /* Disable interrupts. */ 2392 WPI_WRITE(sc, WPI_INT_MASK, 0); 2393 2394 r1 = WPI_READ(sc, WPI_INT); 2395 2396 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 2397 goto end; /* Hardware gone! */ 2398 2399 r2 = WPI_READ(sc, WPI_FH_INT); 2400 2401 DPRINTF(sc, WPI_DEBUG_INTR, "%s: reg1=0x%08x reg2=0x%08x\n", __func__, 2402 r1, r2); 2403 2404 if (r1 == 0 && r2 == 0) 2405 goto done; /* Interrupt not for us. */ 2406 2407 /* Acknowledge interrupts. */ 2408 WPI_WRITE(sc, WPI_INT, r1); 2409 WPI_WRITE(sc, WPI_FH_INT, r2); 2410 2411 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 2412 device_printf(sc->sc_dev, "fatal firmware error\n"); 2413#ifdef WPI_DEBUG 2414 wpi_debug_registers(sc); 2415#endif 2416 wpi_fatal_intr(sc); 2417 DPRINTF(sc, WPI_DEBUG_HW, 2418 "(%s)\n", (r1 & WPI_INT_SW_ERR) ? "(Software Error)" : 2419 "(Hardware Error)"); 2420 taskqueue_enqueue(sc->sc_tq, &sc->sc_reinittask); 2421 goto end; 2422 } 2423 2424 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 2425 (r2 & WPI_FH_INT_RX)) 2426 wpi_notif_intr(sc); 2427 2428 if (r1 & WPI_INT_ALIVE) 2429 wakeup(sc); /* Firmware is alive. */ 2430 2431 if (r1 & WPI_INT_WAKEUP) 2432 wpi_wakeup_intr(sc); 2433 2434done: 2435 /* Re-enable interrupts. */ 2436 if (ifp->if_flags & IFF_UP) 2437 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 2438 2439end: WPI_UNLOCK(sc); 2440} 2441 2442static int 2443wpi_cmd2(struct wpi_softc *sc, struct wpi_buf *buf) 2444{ 2445 struct ifnet *ifp = sc->sc_ifp; 2446 struct ieee80211_frame *wh; 2447 struct wpi_tx_cmd *cmd; 2448 struct wpi_tx_data *data; 2449 struct wpi_tx_desc *desc; 2450 struct wpi_tx_ring *ring; 2451 struct mbuf *m1; 2452 bus_dma_segment_t *seg, segs[WPI_MAX_SCATTER]; 2453 int error, i, hdrlen, nsegs, totlen, pad; 2454 2455 WPI_TXQ_LOCK(sc); 2456 2457 KASSERT(buf->size <= sizeof(buf->data), ("buffer overflow")); 2458 2459 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2460 2461 if (sc->txq_active == 0) { 2462 /* wpi_stop() was called */ 2463 error = ENETDOWN; 2464 goto fail; 2465 } 2466 2467 wh = mtod(buf->m, struct ieee80211_frame *); 2468 hdrlen = ieee80211_anyhdrsize(wh); 2469 totlen = buf->m->m_pkthdr.len; 2470 2471 if (hdrlen & 3) { 2472 /* First segment length must be a multiple of 4. */ 2473 pad = 4 - (hdrlen & 3); 2474 } else 2475 pad = 0; 2476 2477 ring = &sc->txq[buf->ac]; 2478 desc = &ring->desc[ring->cur]; 2479 data = &ring->data[ring->cur]; 2480 2481 /* Prepare TX firmware command. */ 2482 cmd = &ring->cmd[ring->cur]; 2483 cmd->code = buf->code; 2484 cmd->flags = 0; 2485 cmd->qid = ring->qid; 2486 cmd->idx = ring->cur; 2487 2488 memcpy(cmd->data, buf->data, buf->size); 2489 2490 /* Save and trim IEEE802.11 header. */ 2491 memcpy((uint8_t *)(cmd->data + buf->size), wh, hdrlen); 2492 m_adj(buf->m, hdrlen); 2493 2494 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, buf->m, 2495 segs, &nsegs, BUS_DMA_NOWAIT); 2496 if (error != 0 && error != EFBIG) { 2497 device_printf(sc->sc_dev, 2498 "%s: can't map mbuf (error %d)\n", __func__, error); 2499 goto fail; 2500 } 2501 if (error != 0) { 2502 /* Too many DMA segments, linearize mbuf. */ 2503 m1 = m_collapse(buf->m, M_NOWAIT, WPI_MAX_SCATTER - 1); 2504 if (m1 == NULL) { 2505 device_printf(sc->sc_dev, 2506 "%s: could not defrag mbuf\n", __func__); 2507 error = ENOBUFS; 2508 goto fail; 2509 } 2510 buf->m = m1; 2511 2512 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, 2513 buf->m, segs, &nsegs, BUS_DMA_NOWAIT); 2514 if (error != 0) { 2515 device_printf(sc->sc_dev, 2516 "%s: can't map mbuf (error %d)\n", __func__, 2517 error); 2518 goto fail; 2519 } 2520 } 2521 2522 KASSERT(nsegs < WPI_MAX_SCATTER, 2523 ("too many DMA segments, nsegs (%d) should be less than %d", 2524 nsegs, WPI_MAX_SCATTER)); 2525 2526 data->m = buf->m; 2527 data->ni = buf->ni; 2528 2529 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n", 2530 __func__, ring->qid, ring->cur, totlen, nsegs); 2531 2532 /* Fill TX descriptor. */ 2533 desc->nsegs = WPI_PAD32(totlen + pad) << 4 | (1 + nsegs); 2534 /* First DMA segment is used by the TX command. */ 2535 desc->segs[0].addr = htole32(data->cmd_paddr); 2536 desc->segs[0].len = htole32(4 + buf->size + hdrlen + pad); 2537 /* Other DMA segments are for data payload. */ 2538 seg = &segs[0]; 2539 for (i = 1; i <= nsegs; i++) { 2540 desc->segs[i].addr = htole32(seg->ds_addr); 2541 desc->segs[i].len = htole32(seg->ds_len); 2542 seg++; 2543 } 2544 2545 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE); 2546 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2547 BUS_DMASYNC_PREWRITE); 2548 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2549 BUS_DMASYNC_PREWRITE); 2550 2551 /* Kick TX ring. */ 2552 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2553 wpi_update_tx_ring(sc, ring); 2554 2555 if (ring->qid < WPI_CMD_QUEUE_NUM) { 2556 /* Mark TX ring as full if we reach a certain threshold. */ 2557 WPI_TXQ_STATE_LOCK(sc); 2558 if (++ring->queued > WPI_TX_RING_HIMARK) { 2559 sc->qfullmsk |= 1 << ring->qid; 2560 2561 IF_LOCK(&ifp->if_snd); 2562 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 2563 IF_UNLOCK(&ifp->if_snd); 2564 } 2565 2566 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, sc); 2567 WPI_TXQ_STATE_UNLOCK(sc); 2568 } 2569 2570 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2571 2572 WPI_TXQ_UNLOCK(sc); 2573 2574 return 0; 2575 2576fail: m_freem(buf->m); 2577 2578 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2579 2580 WPI_TXQ_UNLOCK(sc); 2581 2582 return error; 2583} 2584 2585/* 2586 * Construct the data packet for a transmit buffer. 2587 */ 2588static int 2589wpi_tx_data(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2590{ 2591 const struct ieee80211_txparam *tp; 2592 struct ieee80211vap *vap = ni->ni_vap; 2593 struct ieee80211com *ic = ni->ni_ic; 2594 struct wpi_node *wn = WPI_NODE(ni); 2595 struct ieee80211_channel *chan; 2596 struct ieee80211_frame *wh; 2597 struct ieee80211_key *k = NULL; 2598 struct wpi_buf tx_data; 2599 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2600 uint32_t flags; 2601 uint16_t qos; 2602 uint8_t tid, type; 2603 int ac, error, swcrypt, rate, ismcast, totlen; 2604 2605 wh = mtod(m, struct ieee80211_frame *); 2606 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2607 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 2608 2609 /* Select EDCA Access Category and TX ring for this frame. */ 2610 if (IEEE80211_QOS_HAS_SEQ(wh)) { 2611 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0]; 2612 tid = qos & IEEE80211_QOS_TID; 2613 } else { 2614 qos = 0; 2615 tid = 0; 2616 } 2617 ac = M_WME_GETAC(m); 2618 2619 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC) ? 2620 ni->ni_chan : ic->ic_curchan; 2621 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2622 2623 /* Choose a TX rate index. */ 2624 if (type == IEEE80211_FC0_TYPE_MGT) 2625 rate = tp->mgmtrate; 2626 else if (ismcast) 2627 rate = tp->mcastrate; 2628 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2629 rate = tp->ucastrate; 2630 else if (m->m_flags & M_EAPOL) 2631 rate = tp->mgmtrate; 2632 else { 2633 /* XXX pass pktlen */ 2634 (void) ieee80211_ratectl_rate(ni, NULL, 0); 2635 rate = ni->ni_txrate; 2636 } 2637 2638 /* Encrypt the frame if need be. */ 2639 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2640 /* Retrieve key for TX. */ 2641 k = ieee80211_crypto_encap(ni, m); 2642 if (k == NULL) { 2643 error = ENOBUFS; 2644 goto fail; 2645 } 2646 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2647 2648 /* 802.11 header may have moved. */ 2649 wh = mtod(m, struct ieee80211_frame *); 2650 } 2651 totlen = m->m_pkthdr.len; 2652 2653 if (ieee80211_radiotap_active_vap(vap)) { 2654 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2655 2656 tap->wt_flags = 0; 2657 tap->wt_rate = rate; 2658 if (k != NULL) 2659 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2660 2661 ieee80211_radiotap_tx(vap, m); 2662 } 2663 2664 flags = 0; 2665 if (!ismcast) { 2666 /* Unicast frame, check if an ACK is expected. */ 2667 if (!qos || (qos & IEEE80211_QOS_ACKPOLICY) != 2668 IEEE80211_QOS_ACKPOLICY_NOACK) 2669 flags |= WPI_TX_NEED_ACK; 2670 } 2671 2672 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) 2673 flags |= WPI_TX_MORE_FRAG; /* Cannot happen yet. */ 2674 2675 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 2676 if (!ismcast) { 2677 /* NB: Group frames are sent using CCK in 802.11b/g. */ 2678 if (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) { 2679 flags |= WPI_TX_NEED_RTS; 2680 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 2681 WPI_RATE_IS_OFDM(rate)) { 2682 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 2683 flags |= WPI_TX_NEED_CTS; 2684 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 2685 flags |= WPI_TX_NEED_RTS; 2686 } 2687 2688 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2689 flags |= WPI_TX_FULL_TXOP; 2690 } 2691 2692 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2693 if (type == IEEE80211_FC0_TYPE_MGT) { 2694 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2695 2696 /* Tell HW to set timestamp in probe responses. */ 2697 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2698 flags |= WPI_TX_INSERT_TSTAMP; 2699 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2700 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2701 tx->timeout = htole16(3); 2702 else 2703 tx->timeout = htole16(2); 2704 } 2705 2706 if (ismcast || type != IEEE80211_FC0_TYPE_DATA) 2707 tx->id = WPI_ID_BROADCAST; 2708 else { 2709 if (wn->id == WPI_ID_UNDEFINED) { 2710 device_printf(sc->sc_dev, 2711 "%s: undefined node id\n", __func__); 2712 error = EINVAL; 2713 goto fail; 2714 } 2715 2716 tx->id = wn->id; 2717 } 2718 2719 if (k != NULL && !swcrypt) { 2720 switch (k->wk_cipher->ic_cipher) { 2721 case IEEE80211_CIPHER_AES_CCM: 2722 tx->security = WPI_CIPHER_CCMP; 2723 break; 2724 2725 default: 2726 break; 2727 } 2728 2729 memcpy(tx->key, k->wk_key, k->wk_keylen); 2730 } 2731 2732 tx->len = htole16(totlen); 2733 tx->flags = htole32(flags); 2734 tx->plcp = rate2plcp(rate); 2735 tx->tid = tid; 2736 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2737 tx->ofdm_mask = 0xff; 2738 tx->cck_mask = 0x0f; 2739 tx->rts_ntries = 7; 2740 tx->data_ntries = tp->maxretry; 2741 2742 tx_data.ni = ni; 2743 tx_data.m = m; 2744 tx_data.size = sizeof(struct wpi_cmd_data); 2745 tx_data.code = WPI_CMD_TX_DATA; 2746 tx_data.ac = ac; 2747 2748 return wpi_cmd2(sc, &tx_data); 2749 2750fail: m_freem(m); 2751 return error; 2752} 2753 2754static int 2755wpi_tx_data_raw(struct wpi_softc *sc, struct mbuf *m, 2756 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) 2757{ 2758 struct ieee80211vap *vap = ni->ni_vap; 2759 struct ieee80211_key *k = NULL; 2760 struct ieee80211_frame *wh; 2761 struct wpi_buf tx_data; 2762 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2763 uint32_t flags; 2764 uint8_t type; 2765 int ac, rate, swcrypt, totlen; 2766 2767 wh = mtod(m, struct ieee80211_frame *); 2768 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2769 2770 ac = params->ibp_pri & 3; 2771 2772 /* Choose a TX rate index. */ 2773 rate = params->ibp_rate0; 2774 2775 flags = 0; 2776 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 2777 flags |= WPI_TX_NEED_ACK; 2778 if (params->ibp_flags & IEEE80211_BPF_RTS) 2779 flags |= WPI_TX_NEED_RTS; 2780 if (params->ibp_flags & IEEE80211_BPF_CTS) 2781 flags |= WPI_TX_NEED_CTS; 2782 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2783 flags |= WPI_TX_FULL_TXOP; 2784 2785 /* Encrypt the frame if need be. */ 2786 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { 2787 /* Retrieve key for TX. */ 2788 k = ieee80211_crypto_encap(ni, m); 2789 if (k == NULL) { 2790 m_freem(m); 2791 return ENOBUFS; 2792 } 2793 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2794 2795 /* 802.11 header may have moved. */ 2796 wh = mtod(m, struct ieee80211_frame *); 2797 } 2798 totlen = m->m_pkthdr.len; 2799 2800 if (ieee80211_radiotap_active_vap(vap)) { 2801 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2802 2803 tap->wt_flags = 0; 2804 tap->wt_rate = rate; 2805 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) 2806 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2807 2808 ieee80211_radiotap_tx(vap, m); 2809 } 2810 2811 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2812 if (type == IEEE80211_FC0_TYPE_MGT) { 2813 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2814 2815 /* Tell HW to set timestamp in probe responses. */ 2816 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2817 flags |= WPI_TX_INSERT_TSTAMP; 2818 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2819 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2820 tx->timeout = htole16(3); 2821 else 2822 tx->timeout = htole16(2); 2823 } 2824 2825 if (k != NULL && !swcrypt) { 2826 switch (k->wk_cipher->ic_cipher) { 2827 case IEEE80211_CIPHER_AES_CCM: 2828 tx->security = WPI_CIPHER_CCMP; 2829 break; 2830 2831 default: 2832 break; 2833 } 2834 2835 memcpy(tx->key, k->wk_key, k->wk_keylen); 2836 } 2837 2838 tx->len = htole16(totlen); 2839 tx->flags = htole32(flags); 2840 tx->plcp = rate2plcp(rate); 2841 tx->id = WPI_ID_BROADCAST; 2842 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2843 tx->rts_ntries = params->ibp_try1; 2844 tx->data_ntries = params->ibp_try0; 2845 2846 tx_data.ni = ni; 2847 tx_data.m = m; 2848 tx_data.size = sizeof(struct wpi_cmd_data); 2849 tx_data.code = WPI_CMD_TX_DATA; 2850 tx_data.ac = ac; 2851 2852 return wpi_cmd2(sc, &tx_data); 2853} 2854 2855static int 2856wpi_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 2857 const struct ieee80211_bpf_params *params) 2858{ 2859 struct ieee80211com *ic = ni->ni_ic; 2860 struct ifnet *ifp = ic->ic_ifp; 2861 struct wpi_softc *sc = ifp->if_softc; 2862 int error = 0; 2863 2864 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2865 2866 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2867 ieee80211_free_node(ni); 2868 m_freem(m); 2869 return ENETDOWN; 2870 } 2871 2872 WPI_TX_LOCK(sc); 2873 if (params == NULL) { 2874 /* 2875 * Legacy path; interpret frame contents to decide 2876 * precisely how to send the frame. 2877 */ 2878 error = wpi_tx_data(sc, m, ni); 2879 } else { 2880 /* 2881 * Caller supplied explicit parameters to use in 2882 * sending the frame. 2883 */ 2884 error = wpi_tx_data_raw(sc, m, ni, params); 2885 } 2886 WPI_TX_UNLOCK(sc); 2887 2888 if (error != 0) { 2889 /* NB: m is reclaimed on tx failure */ 2890 ieee80211_free_node(ni); 2891 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2892 2893 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2894 2895 return error; 2896 } 2897 2898 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2899 2900 return 0; 2901} 2902 2903/** 2904 * Process data waiting to be sent on the IFNET output queue 2905 */ 2906static void 2907wpi_start(struct ifnet *ifp) 2908{ 2909 struct wpi_softc *sc = ifp->if_softc; 2910 struct ieee80211_node *ni; 2911 struct mbuf *m; 2912 2913 WPI_TX_LOCK(sc); 2914 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: called\n", __func__); 2915 2916 for (;;) { 2917 IF_LOCK(&ifp->if_snd); 2918 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 || 2919 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) { 2920 IF_UNLOCK(&ifp->if_snd); 2921 break; 2922 } 2923 IF_UNLOCK(&ifp->if_snd); 2924 2925 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 2926 if (m == NULL) 2927 break; 2928 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 2929 if (wpi_tx_data(sc, m, ni) != 0) { 2930 ieee80211_free_node(ni); 2931 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2932 } 2933 } 2934 2935 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: done\n", __func__); 2936 WPI_TX_UNLOCK(sc); 2937} 2938 2939static void 2940wpi_start_task(void *arg0, int pending) 2941{ 2942 struct wpi_softc *sc = arg0; 2943 struct ifnet *ifp = sc->sc_ifp; 2944 2945 wpi_start(ifp); 2946} 2947 2948static void 2949wpi_watchdog_rfkill(void *arg) 2950{ 2951 struct wpi_softc *sc = arg; 2952 struct ifnet *ifp = sc->sc_ifp; 2953 struct ieee80211com *ic = ifp->if_l2com; 2954 2955 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "RFkill Watchdog: tick\n"); 2956 2957 /* No need to lock firmware memory. */ 2958 if ((wpi_prph_read(sc, WPI_APMG_RFKILL) & 0x1) == 0) { 2959 /* Radio kill switch is still off. */ 2960 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 2961 sc); 2962 } else 2963 ieee80211_runtask(ic, &sc->sc_radioon_task); 2964} 2965 2966static void 2967wpi_scan_timeout(void *arg) 2968{ 2969 struct wpi_softc *sc = arg; 2970 struct ifnet *ifp = sc->sc_ifp; 2971 2972 if_printf(ifp, "scan timeout\n"); 2973 taskqueue_enqueue(sc->sc_tq, &sc->sc_reinittask); 2974} 2975 2976static void 2977wpi_tx_timeout(void *arg) 2978{ 2979 struct wpi_softc *sc = arg; 2980 struct ifnet *ifp = sc->sc_ifp; 2981 2982 if_printf(ifp, "device timeout\n"); 2983 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2984 taskqueue_enqueue(sc->sc_tq, &sc->sc_reinittask); 2985} 2986 2987static int 2988wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2989{ 2990 struct wpi_softc *sc = ifp->if_softc; 2991 struct ieee80211com *ic = ifp->if_l2com; 2992 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2993 struct ifreq *ifr = (struct ifreq *) data; 2994 int error = 0; 2995 2996 switch (cmd) { 2997 case SIOCGIFADDR: 2998 error = ether_ioctl(ifp, cmd, data); 2999 break; 3000 case SIOCSIFFLAGS: 3001 if (ifp->if_flags & IFF_UP) { 3002 wpi_init(sc); 3003 3004 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 && 3005 vap != NULL) 3006 ieee80211_stop(vap); 3007 } else if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) 3008 wpi_stop(sc); 3009 break; 3010 case SIOCGIFMEDIA: 3011 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3012 break; 3013 default: 3014 error = EINVAL; 3015 break; 3016 } 3017 return error; 3018} 3019 3020/* 3021 * Send a command to the firmware. 3022 */ 3023static int 3024wpi_cmd(struct wpi_softc *sc, int code, const void *buf, size_t size, 3025 int async) 3026{ 3027 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 3028 struct wpi_tx_desc *desc; 3029 struct wpi_tx_data *data; 3030 struct wpi_tx_cmd *cmd; 3031 struct mbuf *m; 3032 bus_addr_t paddr; 3033 int totlen, error; 3034 3035 WPI_TXQ_LOCK(sc); 3036 3037 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3038 3039 if (sc->txq_active == 0) { 3040 /* wpi_stop() was called */ 3041 error = 0; 3042 goto fail; 3043 } 3044 3045 if (async == 0) 3046 WPI_LOCK_ASSERT(sc); 3047 3048 DPRINTF(sc, WPI_DEBUG_CMD, "%s: cmd %s size %zu async %d\n", 3049 __func__, wpi_cmd_str(code), size, async); 3050 3051 desc = &ring->desc[ring->cur]; 3052 data = &ring->data[ring->cur]; 3053 totlen = 4 + size; 3054 3055 if (size > sizeof cmd->data) { 3056 /* Command is too large to fit in a descriptor. */ 3057 if (totlen > MCLBYTES) { 3058 error = EINVAL; 3059 goto fail; 3060 } 3061 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 3062 if (m == NULL) { 3063 error = ENOMEM; 3064 goto fail; 3065 } 3066 cmd = mtod(m, struct wpi_tx_cmd *); 3067 error = bus_dmamap_load(ring->data_dmat, data->map, cmd, 3068 totlen, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 3069 if (error != 0) { 3070 m_freem(m); 3071 goto fail; 3072 } 3073 data->m = m; 3074 } else { 3075 cmd = &ring->cmd[ring->cur]; 3076 paddr = data->cmd_paddr; 3077 } 3078 3079 cmd->code = code; 3080 cmd->flags = 0; 3081 cmd->qid = ring->qid; 3082 cmd->idx = ring->cur; 3083 memcpy(cmd->data, buf, size); 3084 3085 desc->nsegs = 1 + (WPI_PAD32(size) << 4); 3086 desc->segs[0].addr = htole32(paddr); 3087 desc->segs[0].len = htole32(totlen); 3088 3089 if (size > sizeof cmd->data) { 3090 bus_dmamap_sync(ring->data_dmat, data->map, 3091 BUS_DMASYNC_PREWRITE); 3092 } else { 3093 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 3094 BUS_DMASYNC_PREWRITE); 3095 } 3096 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3097 BUS_DMASYNC_PREWRITE); 3098 3099 /* Kick command ring. */ 3100 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 3101 wpi_update_tx_ring(sc, ring); 3102 3103 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3104 3105 WPI_TXQ_UNLOCK(sc); 3106 3107 if (async) 3108 return 0; 3109 3110 return mtx_sleep(cmd, &sc->sc_mtx, PCATCH, "wpicmd", hz); 3111 3112fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3113 3114 WPI_TXQ_UNLOCK(sc); 3115 3116 return error; 3117} 3118 3119/* 3120 * Configure HW multi-rate retries. 3121 */ 3122static int 3123wpi_mrr_setup(struct wpi_softc *sc) 3124{ 3125 struct ifnet *ifp = sc->sc_ifp; 3126 struct ieee80211com *ic = ifp->if_l2com; 3127 struct wpi_mrr_setup mrr; 3128 int i, error; 3129 3130 /* CCK rates (not used with 802.11a). */ 3131 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 3132 mrr.rates[i].flags = 0; 3133 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3134 /* Fallback to the immediate lower CCK rate (if any.) */ 3135 mrr.rates[i].next = 3136 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 3137 /* Try twice at this rate before falling back to "next". */ 3138 mrr.rates[i].ntries = WPI_NTRIES_DEFAULT; 3139 } 3140 /* OFDM rates (not used with 802.11b). */ 3141 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 3142 mrr.rates[i].flags = 0; 3143 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3144 /* Fallback to the immediate lower rate (if any.) */ 3145 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 3146 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 3147 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 3148 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 3149 i - 1; 3150 /* Try twice at this rate before falling back to "next". */ 3151 mrr.rates[i].ntries = WPI_NTRIES_DEFAULT; 3152 } 3153 /* Setup MRR for control frames. */ 3154 mrr.which = htole32(WPI_MRR_CTL); 3155 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3156 if (error != 0) { 3157 device_printf(sc->sc_dev, 3158 "could not setup MRR for control frames\n"); 3159 return error; 3160 } 3161 /* Setup MRR for data frames. */ 3162 mrr.which = htole32(WPI_MRR_DATA); 3163 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3164 if (error != 0) { 3165 device_printf(sc->sc_dev, 3166 "could not setup MRR for data frames\n"); 3167 return error; 3168 } 3169 return 0; 3170} 3171 3172static int 3173wpi_add_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3174{ 3175 struct ieee80211com *ic = ni->ni_ic; 3176 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap); 3177 struct wpi_node *wn = WPI_NODE(ni); 3178 struct wpi_node_info node; 3179 int error; 3180 3181 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3182 3183 if (wn->id == WPI_ID_UNDEFINED) 3184 return EINVAL; 3185 3186 memset(&node, 0, sizeof node); 3187 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3188 node.id = wn->id; 3189 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3190 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3191 node.action = htole32(WPI_ACTION_SET_RATE); 3192 node.antenna = WPI_ANTENNA_BOTH; 3193 3194 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding node %d (%s)\n", __func__, 3195 wn->id, ether_sprintf(ni->ni_macaddr)); 3196 3197 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 3198 if (error != 0) { 3199 device_printf(sc->sc_dev, 3200 "%s: wpi_cmd() call failed with error code %d\n", __func__, 3201 error); 3202 return error; 3203 } 3204 3205 if (wvp->wv_gtk != 0) { 3206 error = wpi_set_global_keys(ni); 3207 if (error != 0) { 3208 device_printf(sc->sc_dev, 3209 "%s: error while setting global keys\n", __func__); 3210 return ENXIO; 3211 } 3212 } 3213 3214 return 0; 3215} 3216 3217/* 3218 * Broadcast node is used to send group-addressed and management frames. 3219 */ 3220static int 3221wpi_add_broadcast_node(struct wpi_softc *sc, int async) 3222{ 3223 struct ifnet *ifp = sc->sc_ifp; 3224 struct ieee80211com *ic = ifp->if_l2com; 3225 struct wpi_node_info node; 3226 3227 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3228 3229 memset(&node, 0, sizeof node); 3230 IEEE80211_ADDR_COPY(node.macaddr, ifp->if_broadcastaddr); 3231 node.id = WPI_ID_BROADCAST; 3232 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3233 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3234 node.action = htole32(WPI_ACTION_SET_RATE); 3235 node.antenna = WPI_ANTENNA_BOTH; 3236 3237 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding broadcast node\n", __func__); 3238 3239 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, async); 3240} 3241 3242static int 3243wpi_add_sta_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3244{ 3245 struct wpi_node *wn = WPI_NODE(ni); 3246 int error; 3247 3248 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3249 3250 wn->id = wpi_add_node_entry_sta(sc); 3251 3252 if ((error = wpi_add_node(sc, ni)) != 0) { 3253 wpi_del_node_entry(sc, wn->id); 3254 wn->id = WPI_ID_UNDEFINED; 3255 return error; 3256 } 3257 3258 return 0; 3259} 3260 3261static int 3262wpi_add_ibss_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3263{ 3264 struct wpi_node *wn = WPI_NODE(ni); 3265 int error; 3266 3267 KASSERT(wn->id == WPI_ID_UNDEFINED, 3268 ("the node %d was added before", wn->id)); 3269 3270 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3271 3272 if ((wn->id = wpi_add_node_entry_adhoc(sc)) == WPI_ID_UNDEFINED) { 3273 device_printf(sc->sc_dev, "%s: h/w table is full\n", __func__); 3274 return ENOMEM; 3275 } 3276 3277 if ((error = wpi_add_node(sc, ni)) != 0) { 3278 wpi_del_node_entry(sc, wn->id); 3279 wn->id = WPI_ID_UNDEFINED; 3280 return error; 3281 } 3282 3283 return 0; 3284} 3285 3286static void 3287wpi_del_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3288{ 3289 struct wpi_node *wn = WPI_NODE(ni); 3290 struct wpi_cmd_del_node node; 3291 int error; 3292 3293 KASSERT(wn->id != WPI_ID_UNDEFINED, ("undefined node id passed")); 3294 3295 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3296 3297 memset(&node, 0, sizeof node); 3298 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3299 node.count = 1; 3300 3301 DPRINTF(sc, WPI_DEBUG_NODE, "%s: deleting node %d (%s)\n", __func__, 3302 wn->id, ether_sprintf(ni->ni_macaddr)); 3303 3304 error = wpi_cmd(sc, WPI_CMD_DEL_NODE, &node, sizeof node, 1); 3305 if (error != 0) { 3306 device_printf(sc->sc_dev, 3307 "%s: could not delete node %u, error %d\n", __func__, 3308 wn->id, error); 3309 } 3310} 3311 3312static int 3313wpi_updateedca(struct ieee80211com *ic) 3314{ 3315#define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 3316 struct wpi_softc *sc = ic->ic_ifp->if_softc; 3317 struct wpi_edca_params cmd; 3318 int aci, error; 3319 3320 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3321 3322 memset(&cmd, 0, sizeof cmd); 3323 cmd.flags = htole32(WPI_EDCA_UPDATE); 3324 for (aci = 0; aci < WME_NUM_AC; aci++) { 3325 const struct wmeParams *ac = 3326 &ic->ic_wme.wme_chanParams.cap_wmeParams[aci]; 3327 cmd.ac[aci].aifsn = ac->wmep_aifsn; 3328 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->wmep_logcwmin)); 3329 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->wmep_logcwmax)); 3330 cmd.ac[aci].txoplimit = 3331 htole16(IEEE80211_TXOP_TO_US(ac->wmep_txopLimit)); 3332 3333 DPRINTF(sc, WPI_DEBUG_EDCA, 3334 "setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 3335 "txoplimit=%d\n", aci, cmd.ac[aci].aifsn, 3336 cmd.ac[aci].cwmin, cmd.ac[aci].cwmax, 3337 cmd.ac[aci].txoplimit); 3338 } 3339 error = wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 3340 3341 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3342 3343 return error; 3344#undef WPI_EXP2 3345} 3346 3347static void 3348wpi_set_promisc(struct wpi_softc *sc) 3349{ 3350 struct ifnet *ifp = sc->sc_ifp; 3351 struct ieee80211com *ic = ifp->if_l2com; 3352 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3353 uint32_t promisc_filter; 3354 3355 promisc_filter = WPI_FILTER_CTL; 3356 if (vap != NULL && vap->iv_opmode != IEEE80211_M_HOSTAP) 3357 promisc_filter |= WPI_FILTER_PROMISC; 3358 3359 if (ifp->if_flags & IFF_PROMISC) 3360 sc->rxon.filter |= htole32(promisc_filter); 3361 else 3362 sc->rxon.filter &= ~htole32(promisc_filter); 3363} 3364 3365static void 3366wpi_update_promisc(struct ifnet *ifp) 3367{ 3368 struct wpi_softc *sc = ifp->if_softc; 3369 3370 WPI_RXON_LOCK(sc); 3371 wpi_set_promisc(sc); 3372 3373 if (wpi_send_rxon(sc, 1, 1) != 0) { 3374 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3375 __func__); 3376 } 3377 WPI_RXON_UNLOCK(sc); 3378} 3379 3380static void 3381wpi_update_mcast(struct ifnet *ifp) 3382{ 3383 /* Ignore */ 3384} 3385 3386static void 3387wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 3388{ 3389 struct wpi_cmd_led led; 3390 3391 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3392 3393 led.which = which; 3394 led.unit = htole32(100000); /* on/off in unit of 100ms */ 3395 led.off = off; 3396 led.on = on; 3397 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 3398} 3399 3400static int 3401wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 3402{ 3403 struct wpi_cmd_timing cmd; 3404 uint64_t val, mod; 3405 3406 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3407 3408 memset(&cmd, 0, sizeof cmd); 3409 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t)); 3410 cmd.bintval = htole16(ni->ni_intval); 3411 cmd.lintval = htole16(10); 3412 3413 /* Compute remaining time until next beacon. */ 3414 val = (uint64_t)ni->ni_intval * IEEE80211_DUR_TU; 3415 mod = le64toh(cmd.tstamp) % val; 3416 cmd.binitval = htole32((uint32_t)(val - mod)); 3417 3418 DPRINTF(sc, WPI_DEBUG_RESET, "timing bintval=%u tstamp=%ju, init=%u\n", 3419 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod)); 3420 3421 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 3422} 3423 3424/* 3425 * This function is called periodically (every 60 seconds) to adjust output 3426 * power to temperature changes. 3427 */ 3428static void 3429wpi_power_calibration(struct wpi_softc *sc) 3430{ 3431 int temp; 3432 3433 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3434 3435 /* Update sensor data. */ 3436 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 3437 DPRINTF(sc, WPI_DEBUG_TEMP, "Temp in calibration is: %d\n", temp); 3438 3439 /* Sanity-check read value. */ 3440 if (temp < -260 || temp > 25) { 3441 /* This can't be correct, ignore. */ 3442 DPRINTF(sc, WPI_DEBUG_TEMP, 3443 "out-of-range temperature reported: %d\n", temp); 3444 return; 3445 } 3446 3447 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d->%d\n", sc->temp, temp); 3448 3449 /* Adjust Tx power if need be. */ 3450 if (abs(temp - sc->temp) <= 6) 3451 return; 3452 3453 sc->temp = temp; 3454 3455 if (wpi_set_txpower(sc, 1) != 0) { 3456 /* just warn, too bad for the automatic calibration... */ 3457 device_printf(sc->sc_dev,"could not adjust Tx power\n"); 3458 } 3459} 3460 3461/* 3462 * Set TX power for current channel. 3463 */ 3464static int 3465wpi_set_txpower(struct wpi_softc *sc, int async) 3466{ 3467 struct wpi_power_group *group; 3468 struct wpi_cmd_txpower cmd; 3469 uint8_t chan; 3470 int idx, is_chan_5ghz, i; 3471 3472 /* Retrieve current channel from last RXON. */ 3473 chan = sc->rxon.chan; 3474 is_chan_5ghz = (sc->rxon.flags & htole32(WPI_RXON_24GHZ)) == 0; 3475 3476 /* Find the TX power group to which this channel belongs. */ 3477 if (is_chan_5ghz) { 3478 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 3479 if (chan <= group->chan) 3480 break; 3481 } else 3482 group = &sc->groups[0]; 3483 3484 memset(&cmd, 0, sizeof cmd); 3485 cmd.band = is_chan_5ghz ? WPI_BAND_5GHZ : WPI_BAND_2GHZ; 3486 cmd.chan = htole16(chan); 3487 3488 /* Set TX power for all OFDM and CCK rates. */ 3489 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 3490 /* Retrieve TX power for this channel/rate. */ 3491 idx = wpi_get_power_index(sc, group, chan, is_chan_5ghz, i); 3492 3493 cmd.rates[i].plcp = wpi_ridx_to_plcp[i]; 3494 3495 if (is_chan_5ghz) { 3496 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 3497 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 3498 } else { 3499 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 3500 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 3501 } 3502 DPRINTF(sc, WPI_DEBUG_TEMP, 3503 "chan %d/ridx %d: power index %d\n", chan, i, idx); 3504 } 3505 3506 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 3507} 3508 3509/* 3510 * Determine Tx power index for a given channel/rate combination. 3511 * This takes into account the regulatory information from EEPROM and the 3512 * current temperature. 3513 */ 3514static int 3515wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 3516 uint8_t chan, int is_chan_5ghz, int ridx) 3517{ 3518/* Fixed-point arithmetic division using a n-bit fractional part. */ 3519#define fdivround(a, b, n) \ 3520 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 3521 3522/* Linear interpolation. */ 3523#define interpolate(x, x1, y1, x2, y2, n) \ 3524 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 3525 3526 struct wpi_power_sample *sample; 3527 int pwr, idx; 3528 3529 /* Default TX power is group maximum TX power minus 3dB. */ 3530 pwr = group->maxpwr / 2; 3531 3532 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 3533 switch (ridx) { 3534 case WPI_RIDX_OFDM36: 3535 pwr -= is_chan_5ghz ? 5 : 0; 3536 break; 3537 case WPI_RIDX_OFDM48: 3538 pwr -= is_chan_5ghz ? 10 : 7; 3539 break; 3540 case WPI_RIDX_OFDM54: 3541 pwr -= is_chan_5ghz ? 12 : 9; 3542 break; 3543 } 3544 3545 /* Never exceed the channel maximum allowed TX power. */ 3546 pwr = min(pwr, sc->maxpwr[chan]); 3547 3548 /* Retrieve TX power index into gain tables from samples. */ 3549 for (sample = group->samples; sample < &group->samples[3]; sample++) 3550 if (pwr > sample[1].power) 3551 break; 3552 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 3553 idx = interpolate(pwr, sample[0].power, sample[0].index, 3554 sample[1].power, sample[1].index, 19); 3555 3556 /*- 3557 * Adjust power index based on current temperature: 3558 * - if cooler than factory-calibrated: decrease output power 3559 * - if warmer than factory-calibrated: increase output power 3560 */ 3561 idx -= (sc->temp - group->temp) * 11 / 100; 3562 3563 /* Decrease TX power for CCK rates (-5dB). */ 3564 if (ridx >= WPI_RIDX_CCK1) 3565 idx += 10; 3566 3567 /* Make sure idx stays in a valid range. */ 3568 if (idx < 0) 3569 return 0; 3570 if (idx > WPI_MAX_PWR_INDEX) 3571 return WPI_MAX_PWR_INDEX; 3572 return idx; 3573 3574#undef interpolate 3575#undef fdivround 3576} 3577 3578/* 3579 * Set STA mode power saving level (between 0 and 5). 3580 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 3581 */ 3582static int 3583wpi_set_pslevel(struct wpi_softc *sc, uint8_t dtim, int level, int async) 3584{ 3585 struct wpi_pmgt_cmd cmd; 3586 const struct wpi_pmgt *pmgt; 3587 uint32_t max, skip_dtim; 3588 uint32_t reg; 3589 int i; 3590 3591 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 3592 "%s: dtim=%d, level=%d, async=%d\n", 3593 __func__, dtim, level, async); 3594 3595 /* Select which PS parameters to use. */ 3596 if (dtim <= 10) 3597 pmgt = &wpi_pmgt[0][level]; 3598 else 3599 pmgt = &wpi_pmgt[1][level]; 3600 3601 memset(&cmd, 0, sizeof cmd); 3602 if (level != 0) /* not CAM */ 3603 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 3604 /* Retrieve PCIe Active State Power Management (ASPM). */ 3605 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 3606 if (!(reg & 0x1)) /* L0s Entry disabled. */ 3607 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 3608 3609 cmd.rxtimeout = htole32(pmgt->rxtimeout * IEEE80211_DUR_TU); 3610 cmd.txtimeout = htole32(pmgt->txtimeout * IEEE80211_DUR_TU); 3611 3612 if (dtim == 0) { 3613 dtim = 1; 3614 skip_dtim = 0; 3615 } else 3616 skip_dtim = pmgt->skip_dtim; 3617 3618 if (skip_dtim != 0) { 3619 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 3620 max = pmgt->intval[4]; 3621 if (max == (uint32_t)-1) 3622 max = dtim * (skip_dtim + 1); 3623 else if (max > dtim) 3624 max = (max / dtim) * dtim; 3625 } else 3626 max = dtim; 3627 3628 for (i = 0; i < 5; i++) 3629 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 3630 3631 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 3632} 3633 3634static int 3635wpi_send_btcoex(struct wpi_softc *sc) 3636{ 3637 struct wpi_bluetooth cmd; 3638 3639 memset(&cmd, 0, sizeof cmd); 3640 cmd.flags = WPI_BT_COEX_MODE_4WIRE; 3641 cmd.lead_time = WPI_BT_LEAD_TIME_DEF; 3642 cmd.max_kill = WPI_BT_MAX_KILL_DEF; 3643 DPRINTF(sc, WPI_DEBUG_RESET, "%s: configuring bluetooth coexistence\n", 3644 __func__); 3645 return wpi_cmd(sc, WPI_CMD_BT_COEX, &cmd, sizeof(cmd), 0); 3646} 3647 3648static int 3649wpi_send_rxon(struct wpi_softc *sc, int assoc, int async) 3650{ 3651 int error; 3652 3653 if (async) 3654 WPI_RXON_LOCK_ASSERT(sc); 3655 3656 if (assoc && wpi_check_bss_filter(sc) != 0) { 3657 struct wpi_assoc rxon_assoc; 3658 3659 rxon_assoc.flags = sc->rxon.flags; 3660 rxon_assoc.filter = sc->rxon.filter; 3661 rxon_assoc.ofdm_mask = sc->rxon.ofdm_mask; 3662 rxon_assoc.cck_mask = sc->rxon.cck_mask; 3663 rxon_assoc.reserved = 0; 3664 3665 error = wpi_cmd(sc, WPI_CMD_RXON_ASSOC, &rxon_assoc, 3666 sizeof (struct wpi_assoc), async); 3667 if (error != 0) { 3668 device_printf(sc->sc_dev, 3669 "RXON_ASSOC command failed, error %d\n", error); 3670 return error; 3671 } 3672 } else { 3673 if (async) { 3674 WPI_NT_LOCK(sc); 3675 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3676 sizeof (struct wpi_rxon), async); 3677 if (error == 0) 3678 wpi_clear_node_table(sc); 3679 WPI_NT_UNLOCK(sc); 3680 } else { 3681 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3682 sizeof (struct wpi_rxon), async); 3683 if (error == 0) 3684 wpi_clear_node_table(sc); 3685 } 3686 3687 if (error != 0) { 3688 device_printf(sc->sc_dev, 3689 "RXON command failed, error %d\n", error); 3690 return error; 3691 } 3692 3693 /* Add broadcast node. */ 3694 error = wpi_add_broadcast_node(sc, async); 3695 if (error != 0) { 3696 device_printf(sc->sc_dev, 3697 "could not add broadcast node, error %d\n", error); 3698 return error; 3699 } 3700 } 3701 3702 /* Configuration has changed, set Tx power accordingly. */ 3703 if ((error = wpi_set_txpower(sc, async)) != 0) { 3704 device_printf(sc->sc_dev, 3705 "%s: could not set TX power, error %d\n", __func__, error); 3706 return error; 3707 } 3708 3709 return 0; 3710} 3711 3712/** 3713 * Configure the card to listen to a particular channel, this transisions the 3714 * card in to being able to receive frames from remote devices. 3715 */ 3716static int 3717wpi_config(struct wpi_softc *sc) 3718{ 3719 struct ifnet *ifp = sc->sc_ifp; 3720 struct ieee80211com *ic = ifp->if_l2com; 3721 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3722 struct ieee80211_channel *c = ic->ic_curchan; 3723 int error; 3724 3725 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3726 3727 /* Set power saving level to CAM during initialization. */ 3728 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 3729 device_printf(sc->sc_dev, 3730 "%s: could not set power saving level\n", __func__); 3731 return error; 3732 } 3733 3734 /* Configure bluetooth coexistence. */ 3735 if ((error = wpi_send_btcoex(sc)) != 0) { 3736 device_printf(sc->sc_dev, 3737 "could not configure bluetooth coexistence\n"); 3738 return error; 3739 } 3740 3741 /* Configure adapter. */ 3742 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 3743 IEEE80211_ADDR_COPY(sc->rxon.myaddr, vap->iv_myaddr); 3744 3745 /* Set default channel. */ 3746 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 3747 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 3748 if (IEEE80211_IS_CHAN_2GHZ(c)) 3749 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 3750 3751 sc->rxon.filter = WPI_FILTER_MULTICAST; 3752 switch (ic->ic_opmode) { 3753 case IEEE80211_M_STA: 3754 sc->rxon.mode = WPI_MODE_STA; 3755 break; 3756 case IEEE80211_M_IBSS: 3757 sc->rxon.mode = WPI_MODE_IBSS; 3758 sc->rxon.filter |= WPI_FILTER_BEACON; 3759 break; 3760 case IEEE80211_M_HOSTAP: 3761 /* XXX workaround for beaconing */ 3762 sc->rxon.mode = WPI_MODE_IBSS; 3763 sc->rxon.filter |= WPI_FILTER_ASSOC | WPI_FILTER_PROMISC; 3764 break; 3765 case IEEE80211_M_AHDEMO: 3766 /* XXX workaround for passive channels selection */ 3767 sc->rxon.mode = WPI_MODE_HOSTAP; 3768 break; 3769 case IEEE80211_M_MONITOR: 3770 sc->rxon.mode = WPI_MODE_MONITOR; 3771 break; 3772 default: 3773 device_printf(sc->sc_dev, "unknown opmode %d\n", 3774 ic->ic_opmode); 3775 return EINVAL; 3776 } 3777 sc->rxon.filter = htole32(sc->rxon.filter); 3778 wpi_set_promisc(sc); 3779 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 3780 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 3781 3782 /* XXX Current configuration may be unusable. */ 3783 if (IEEE80211_IS_CHAN_NOADHOC(c) && sc->rxon.mode == WPI_MODE_IBSS) { 3784 device_printf(sc->sc_dev, 3785 "%s: invalid channel (%d) selected for IBSS mode\n", 3786 __func__, ieee80211_chan2ieee(ic, c)); 3787 return EINVAL; 3788 } 3789 3790 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) { 3791 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3792 __func__); 3793 return error; 3794 } 3795 3796 /* Setup rate scalling. */ 3797 if ((error = wpi_mrr_setup(sc)) != 0) { 3798 device_printf(sc->sc_dev, "could not setup MRR, error %d\n", 3799 error); 3800 return error; 3801 } 3802 3803 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3804 3805 return 0; 3806} 3807 3808static uint16_t 3809wpi_get_active_dwell_time(struct wpi_softc *sc, 3810 struct ieee80211_channel *c, uint8_t n_probes) 3811{ 3812 /* No channel? Default to 2GHz settings. */ 3813 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) { 3814 return (WPI_ACTIVE_DWELL_TIME_2GHZ + 3815 WPI_ACTIVE_DWELL_FACTOR_2GHZ * (n_probes + 1)); 3816 } 3817 3818 /* 5GHz dwell time. */ 3819 return (WPI_ACTIVE_DWELL_TIME_5GHZ + 3820 WPI_ACTIVE_DWELL_FACTOR_5GHZ * (n_probes + 1)); 3821} 3822 3823/* 3824 * Limit the total dwell time. 3825 * 3826 * Returns the dwell time in milliseconds. 3827 */ 3828static uint16_t 3829wpi_limit_dwell(struct wpi_softc *sc, uint16_t dwell_time) 3830{ 3831 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3832 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3833 int bintval = 0; 3834 3835 /* bintval is in TU (1.024mS) */ 3836 if (vap != NULL) 3837 bintval = vap->iv_bss->ni_intval; 3838 3839 /* 3840 * If it's non-zero, we should calculate the minimum of 3841 * it and the DWELL_BASE. 3842 * 3843 * XXX Yes, the math should take into account that bintval 3844 * is 1.024mS, not 1mS.. 3845 */ 3846 if (bintval > 0) { 3847 DPRINTF(sc, WPI_DEBUG_SCAN, "%s: bintval=%d\n", __func__, 3848 bintval); 3849 return (MIN(dwell_time, bintval - WPI_CHANNEL_TUNE_TIME * 2)); 3850 } 3851 3852 /* No association context? Default. */ 3853 return dwell_time; 3854} 3855 3856static uint16_t 3857wpi_get_passive_dwell_time(struct wpi_softc *sc, struct ieee80211_channel *c) 3858{ 3859 uint16_t passive; 3860 3861 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) 3862 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_2GHZ; 3863 else 3864 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_5GHZ; 3865 3866 /* Clamp to the beacon interval if we're associated. */ 3867 return (wpi_limit_dwell(sc, passive)); 3868} 3869 3870static uint32_t 3871wpi_get_scan_pause_time(uint32_t time, uint16_t bintval) 3872{ 3873 uint32_t mod = (time % bintval) * IEEE80211_DUR_TU; 3874 uint32_t nbeacons = time / bintval; 3875 3876 if (mod > WPI_PAUSE_MAX_TIME) 3877 mod = WPI_PAUSE_MAX_TIME; 3878 3879 return WPI_PAUSE_SCAN(nbeacons, mod); 3880} 3881 3882/* 3883 * Send a scan request to the firmware. 3884 */ 3885static int 3886wpi_scan(struct wpi_softc *sc, struct ieee80211_channel *c) 3887{ 3888 struct ifnet *ifp = sc->sc_ifp; 3889 struct ieee80211com *ic = ifp->if_l2com; 3890 struct ieee80211_scan_state *ss = ic->ic_scan; 3891 struct ieee80211vap *vap = ss->ss_vap; 3892 struct wpi_scan_hdr *hdr; 3893 struct wpi_cmd_data *tx; 3894 struct wpi_scan_essid *essids; 3895 struct wpi_scan_chan *chan; 3896 struct ieee80211_frame *wh; 3897 struct ieee80211_rateset *rs; 3898 uint16_t dwell_active, dwell_passive; 3899 uint8_t *buf, *frm; 3900 int bgscan, bintval, buflen, error, i, nssid; 3901 3902 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3903 3904 /* 3905 * We are absolutely not allowed to send a scan command when another 3906 * scan command is pending. 3907 */ 3908 if (callout_pending(&sc->scan_timeout)) { 3909 device_printf(sc->sc_dev, "%s: called whilst scanning!\n", 3910 __func__); 3911 error = EAGAIN; 3912 goto fail; 3913 } 3914 3915 bgscan = wpi_check_bss_filter(sc); 3916 bintval = vap->iv_bss->ni_intval; 3917 if (bgscan != 0 && 3918 bintval < WPI_QUIET_TIME_DEFAULT + WPI_CHANNEL_TUNE_TIME * 2) { 3919 error = EOPNOTSUPP; 3920 goto fail; 3921 } 3922 3923 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 3924 if (buf == NULL) { 3925 device_printf(sc->sc_dev, 3926 "%s: could not allocate buffer for scan command\n", 3927 __func__); 3928 error = ENOMEM; 3929 goto fail; 3930 } 3931 hdr = (struct wpi_scan_hdr *)buf; 3932 3933 /* 3934 * Move to the next channel if no packets are received within 10 msecs 3935 * after sending the probe request. 3936 */ 3937 hdr->quiet_time = htole16(WPI_QUIET_TIME_DEFAULT); 3938 hdr->quiet_threshold = htole16(1); 3939 3940 if (bgscan != 0) { 3941 /* 3942 * Max needs to be greater than active and passive and quiet! 3943 * It's also in microseconds! 3944 */ 3945 hdr->max_svc = htole32(250 * IEEE80211_DUR_TU); 3946 hdr->pause_svc = htole32(wpi_get_scan_pause_time(100, 3947 bintval)); 3948 } 3949 3950 hdr->filter = htole32(WPI_FILTER_MULTICAST | WPI_FILTER_BEACON); 3951 3952 tx = (struct wpi_cmd_data *)(hdr + 1); 3953 tx->flags = htole32(WPI_TX_AUTO_SEQ); 3954 tx->id = WPI_ID_BROADCAST; 3955 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 3956 3957 if (IEEE80211_IS_CHAN_5GHZ(c)) { 3958 /* Send probe requests at 6Mbps. */ 3959 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_OFDM6]; 3960 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 3961 } else { 3962 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 3963 /* Send probe requests at 1Mbps. */ 3964 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3965 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 3966 } 3967 3968 essids = (struct wpi_scan_essid *)(tx + 1); 3969 nssid = MIN(ss->ss_nssid, WPI_SCAN_MAX_ESSIDS); 3970 for (i = 0; i < nssid; i++) { 3971 essids[i].id = IEEE80211_ELEMID_SSID; 3972 essids[i].len = MIN(ss->ss_ssid[i].len, IEEE80211_NWID_LEN); 3973 memcpy(essids[i].data, ss->ss_ssid[i].ssid, essids[i].len); 3974#ifdef WPI_DEBUG 3975 if (sc->sc_debug & WPI_DEBUG_SCAN) { 3976 printf("Scanning Essid: "); 3977 ieee80211_print_essid(essids[i].data, essids[i].len); 3978 printf("\n"); 3979 } 3980#endif 3981 } 3982 3983 /* 3984 * Build a probe request frame. Most of the following code is a 3985 * copy & paste of what is done in net80211. 3986 */ 3987 wh = (struct ieee80211_frame *)(essids + WPI_SCAN_MAX_ESSIDS); 3988 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3989 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 3990 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3991 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 3992 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 3993 IEEE80211_ADDR_COPY(wh->i_addr3, ifp->if_broadcastaddr); 3994 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 3995 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 3996 3997 frm = (uint8_t *)(wh + 1); 3998 frm = ieee80211_add_ssid(frm, NULL, 0); 3999 frm = ieee80211_add_rates(frm, rs); 4000 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 4001 frm = ieee80211_add_xrates(frm, rs); 4002 4003 /* Set length of probe request. */ 4004 tx->len = htole16(frm - (uint8_t *)wh); 4005 4006 /* 4007 * Construct information about the channel that we 4008 * want to scan. The firmware expects this to be directly 4009 * after the scan probe request 4010 */ 4011 chan = (struct wpi_scan_chan *)frm; 4012 chan->chan = htole16(ieee80211_chan2ieee(ic, c)); 4013 chan->flags = 0; 4014 if (nssid) { 4015 hdr->crc_threshold = WPI_SCAN_CRC_TH_DEFAULT; 4016 chan->flags |= WPI_CHAN_NPBREQS(nssid); 4017 } else 4018 hdr->crc_threshold = WPI_SCAN_CRC_TH_NEVER; 4019 4020 if (!IEEE80211_IS_CHAN_PASSIVE(c)) 4021 chan->flags |= WPI_CHAN_ACTIVE; 4022 4023 /* 4024 * Calculate the active/passive dwell times. 4025 */ 4026 4027 dwell_active = wpi_get_active_dwell_time(sc, c, nssid); 4028 dwell_passive = wpi_get_passive_dwell_time(sc, c); 4029 4030 /* Make sure they're valid. */ 4031 if (dwell_active > dwell_passive) 4032 dwell_active = dwell_passive; 4033 4034 chan->active = htole16(dwell_active); 4035 chan->passive = htole16(dwell_passive); 4036 4037 chan->dsp_gain = 0x6e; /* Default level */ 4038 4039 if (IEEE80211_IS_CHAN_5GHZ(c)) 4040 chan->rf_gain = 0x3b; 4041 else 4042 chan->rf_gain = 0x28; 4043 4044 DPRINTF(sc, WPI_DEBUG_SCAN, "Scanning %u Passive: %d\n", 4045 chan->chan, IEEE80211_IS_CHAN_PASSIVE(c)); 4046 4047 hdr->nchan++; 4048 4049 if (hdr->nchan == 1 && sc->rxon.chan == chan->chan) { 4050 /* XXX Force probe request transmission. */ 4051 memcpy(chan + 1, chan, sizeof (struct wpi_scan_chan)); 4052 4053 chan++; 4054 4055 /* Reduce unnecessary delay. */ 4056 chan->flags = 0; 4057 chan->passive = chan->active = hdr->quiet_time; 4058 4059 hdr->nchan++; 4060 } 4061 4062 chan++; 4063 4064 buflen = (uint8_t *)chan - buf; 4065 hdr->len = htole16(buflen); 4066 4067 DPRINTF(sc, WPI_DEBUG_CMD, "sending scan command nchan=%d\n", 4068 hdr->nchan); 4069 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 4070 free(buf, M_DEVBUF); 4071 4072 if (error != 0) 4073 goto fail; 4074 4075 callout_reset(&sc->scan_timeout, 5*hz, wpi_scan_timeout, sc); 4076 4077 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4078 4079 return 0; 4080 4081fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 4082 4083 return error; 4084} 4085 4086static int 4087wpi_auth(struct wpi_softc *sc, struct ieee80211vap *vap) 4088{ 4089 struct ieee80211com *ic = vap->iv_ic; 4090 struct ieee80211_node *ni = vap->iv_bss; 4091 struct ieee80211_channel *c = ni->ni_chan; 4092 int error; 4093 4094 WPI_RXON_LOCK(sc); 4095 4096 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4097 4098 /* Update adapter configuration. */ 4099 sc->rxon.associd = 0; 4100 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 4101 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4102 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 4103 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4104 if (IEEE80211_IS_CHAN_2GHZ(c)) 4105 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4106 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4107 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4108 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4109 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4110 if (IEEE80211_IS_CHAN_A(c)) { 4111 sc->rxon.cck_mask = 0; 4112 sc->rxon.ofdm_mask = 0x15; 4113 } else if (IEEE80211_IS_CHAN_B(c)) { 4114 sc->rxon.cck_mask = 0x03; 4115 sc->rxon.ofdm_mask = 0; 4116 } else { 4117 /* Assume 802.11b/g. */ 4118 sc->rxon.cck_mask = 0x0f; 4119 sc->rxon.ofdm_mask = 0x15; 4120 } 4121 4122 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x cck %x ofdm %x\n", 4123 sc->rxon.chan, sc->rxon.flags, sc->rxon.cck_mask, 4124 sc->rxon.ofdm_mask); 4125 4126 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4127 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4128 __func__); 4129 } 4130 4131 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4132 4133 WPI_RXON_UNLOCK(sc); 4134 4135 return error; 4136} 4137 4138static int 4139wpi_config_beacon(struct wpi_vap *wvp) 4140{ 4141 struct ieee80211com *ic = wvp->wv_vap.iv_ic; 4142 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4143 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4144 struct wpi_softc *sc = ic->ic_ifp->if_softc; 4145 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 4146 struct ieee80211_tim_ie *tie; 4147 struct mbuf *m; 4148 uint8_t *ptr; 4149 int error; 4150 4151 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4152 4153 WPI_VAP_LOCK_ASSERT(wvp); 4154 4155 cmd->len = htole16(bcn->m->m_pkthdr.len); 4156 cmd->plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4157 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 4158 4159 /* XXX seems to be unused */ 4160 if (*(bo->bo_tim) == IEEE80211_ELEMID_TIM) { 4161 tie = (struct ieee80211_tim_ie *) bo->bo_tim; 4162 ptr = mtod(bcn->m, uint8_t *); 4163 4164 cmd->tim = htole16(bo->bo_tim - ptr); 4165 cmd->timsz = tie->tim_len; 4166 } 4167 4168 /* Necessary for recursion in ieee80211_beacon_update(). */ 4169 m = bcn->m; 4170 bcn->m = m_dup(m, M_NOWAIT); 4171 if (bcn->m == NULL) { 4172 device_printf(sc->sc_dev, 4173 "%s: could not copy beacon frame\n", __func__); 4174 error = ENOMEM; 4175 goto end; 4176 } 4177 4178 if ((error = wpi_cmd2(sc, bcn)) != 0) { 4179 device_printf(sc->sc_dev, 4180 "%s: could not update beacon frame, error %d", __func__, 4181 error); 4182 } 4183 4184 /* Restore mbuf. */ 4185end: bcn->m = m; 4186 4187 return error; 4188} 4189 4190static int 4191wpi_setup_beacon(struct wpi_softc *sc, struct ieee80211_node *ni) 4192{ 4193 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap); 4194 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4195 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4196 struct mbuf *m; 4197 int error; 4198 4199 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4200 4201 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4202 return EINVAL; 4203 4204 m = ieee80211_beacon_alloc(ni, bo); 4205 if (m == NULL) { 4206 device_printf(sc->sc_dev, 4207 "%s: could not allocate beacon frame\n", __func__); 4208 return ENOMEM; 4209 } 4210 4211 WPI_VAP_LOCK(wvp); 4212 if (bcn->m != NULL) 4213 m_freem(bcn->m); 4214 4215 bcn->m = m; 4216 4217 error = wpi_config_beacon(wvp); 4218 WPI_VAP_UNLOCK(wvp); 4219 4220 return error; 4221} 4222 4223static void 4224wpi_update_beacon(struct ieee80211vap *vap, int item) 4225{ 4226 struct wpi_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4227 struct wpi_vap *wvp = WPI_VAP(vap); 4228 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4229 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4230 struct ieee80211_node *ni = vap->iv_bss; 4231 int mcast = 0; 4232 4233 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4234 4235 WPI_VAP_LOCK(wvp); 4236 if (bcn->m == NULL) { 4237 bcn->m = ieee80211_beacon_alloc(ni, bo); 4238 if (bcn->m == NULL) { 4239 device_printf(sc->sc_dev, 4240 "%s: could not allocate beacon frame\n", __func__); 4241 4242 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, 4243 __func__); 4244 4245 WPI_VAP_UNLOCK(wvp); 4246 return; 4247 } 4248 } 4249 WPI_VAP_UNLOCK(wvp); 4250 4251 if (item == IEEE80211_BEACON_TIM) 4252 mcast = 1; /* TODO */ 4253 4254 setbit(bo->bo_flags, item); 4255 ieee80211_beacon_update(ni, bo, bcn->m, mcast); 4256 4257 WPI_VAP_LOCK(wvp); 4258 wpi_config_beacon(wvp); 4259 WPI_VAP_UNLOCK(wvp); 4260 4261 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4262} 4263 4264static void 4265wpi_newassoc(struct ieee80211_node *ni, int isnew) 4266{ 4267 struct ieee80211vap *vap = ni->ni_vap; 4268 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4269 struct wpi_node *wn = WPI_NODE(ni); 4270 int error; 4271 4272 WPI_NT_LOCK(sc); 4273 4274 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4275 4276 if (vap->iv_opmode != IEEE80211_M_STA && wn->id == WPI_ID_UNDEFINED) { 4277 if ((error = wpi_add_ibss_node(sc, ni)) != 0) { 4278 device_printf(sc->sc_dev, 4279 "%s: could not add IBSS node, error %d\n", 4280 __func__, error); 4281 } 4282 } 4283 WPI_NT_UNLOCK(sc); 4284} 4285 4286static int 4287wpi_run(struct wpi_softc *sc, struct ieee80211vap *vap) 4288{ 4289 struct ieee80211com *ic = vap->iv_ic; 4290 struct ieee80211_node *ni = vap->iv_bss; 4291 struct ieee80211_channel *c = ni->ni_chan; 4292 int error; 4293 4294 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4295 4296 if (vap->iv_opmode == IEEE80211_M_MONITOR) { 4297 /* Link LED blinks while monitoring. */ 4298 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 4299 return 0; 4300 } 4301 4302 /* XXX kernel panic workaround */ 4303 if (c == IEEE80211_CHAN_ANYC) { 4304 device_printf(sc->sc_dev, "%s: incomplete configuration\n", 4305 __func__); 4306 return EINVAL; 4307 } 4308 4309 if ((error = wpi_set_timing(sc, ni)) != 0) { 4310 device_printf(sc->sc_dev, 4311 "%s: could not set timing, error %d\n", __func__, error); 4312 return error; 4313 } 4314 4315 /* Update adapter configuration. */ 4316 WPI_RXON_LOCK(sc); 4317 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4318 sc->rxon.associd = htole16(IEEE80211_NODE_AID(ni)); 4319 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 4320 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4321 if (IEEE80211_IS_CHAN_2GHZ(c)) 4322 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4323 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4324 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4325 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4326 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4327 if (IEEE80211_IS_CHAN_A(c)) { 4328 sc->rxon.cck_mask = 0; 4329 sc->rxon.ofdm_mask = 0x15; 4330 } else if (IEEE80211_IS_CHAN_B(c)) { 4331 sc->rxon.cck_mask = 0x03; 4332 sc->rxon.ofdm_mask = 0; 4333 } else { 4334 /* Assume 802.11b/g. */ 4335 sc->rxon.cck_mask = 0x0f; 4336 sc->rxon.ofdm_mask = 0x15; 4337 } 4338 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 4339 4340 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x\n", 4341 sc->rxon.chan, sc->rxon.flags); 4342 4343 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4344 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4345 __func__); 4346 return error; 4347 } 4348 4349 /* Start periodic calibration timer. */ 4350 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 4351 4352 WPI_RXON_UNLOCK(sc); 4353 4354 if (vap->iv_opmode == IEEE80211_M_IBSS || 4355 vap->iv_opmode == IEEE80211_M_HOSTAP) { 4356 if ((error = wpi_setup_beacon(sc, ni)) != 0) { 4357 device_printf(sc->sc_dev, 4358 "%s: could not setup beacon, error %d\n", __func__, 4359 error); 4360 return error; 4361 } 4362 } 4363 4364 if (vap->iv_opmode == IEEE80211_M_STA) { 4365 /* Add BSS node. */ 4366 WPI_NT_LOCK(sc); 4367 error = wpi_add_sta_node(sc, ni); 4368 WPI_NT_UNLOCK(sc); 4369 if (error != 0) { 4370 device_printf(sc->sc_dev, 4371 "%s: could not add BSS node, error %d\n", __func__, 4372 error); 4373 return error; 4374 } 4375 } 4376 4377 /* Link LED always on while associated. */ 4378 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 4379 4380 /* Enable power-saving mode if requested by user. */ 4381 if ((vap->iv_flags & IEEE80211_F_PMGTON) && 4382 vap->iv_opmode != IEEE80211_M_IBSS) 4383 (void)wpi_set_pslevel(sc, 0, 3, 1); 4384 4385 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4386 4387 return 0; 4388} 4389 4390static int 4391wpi_load_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4392{ 4393 const struct ieee80211_cipher *cip = k->wk_cipher; 4394 struct ieee80211vap *vap = ni->ni_vap; 4395 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4396 struct wpi_node *wn = WPI_NODE(ni); 4397 struct wpi_node_info node; 4398 uint16_t kflags; 4399 int error; 4400 4401 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4402 4403 if (wpi_check_node_entry(sc, wn->id) == 0) { 4404 device_printf(sc->sc_dev, "%s: node does not exist\n", 4405 __func__); 4406 return 0; 4407 } 4408 4409 switch (cip->ic_cipher) { 4410 case IEEE80211_CIPHER_AES_CCM: 4411 kflags = WPI_KFLAG_CCMP; 4412 break; 4413 4414 default: 4415 device_printf(sc->sc_dev, "%s: unknown cipher %d\n", __func__, 4416 cip->ic_cipher); 4417 return 0; 4418 } 4419 4420 kflags |= WPI_KFLAG_KID(k->wk_keyix); 4421 if (k->wk_flags & IEEE80211_KEY_GROUP) 4422 kflags |= WPI_KFLAG_MULTICAST; 4423 4424 memset(&node, 0, sizeof node); 4425 node.id = wn->id; 4426 node.control = WPI_NODE_UPDATE; 4427 node.flags = WPI_FLAG_KEY_SET; 4428 node.kflags = htole16(kflags); 4429 memcpy(node.key, k->wk_key, k->wk_keylen); 4430again: 4431 DPRINTF(sc, WPI_DEBUG_KEY, 4432 "%s: setting %s key id %d for node %d (%s)\n", __func__, 4433 (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", k->wk_keyix, 4434 node.id, ether_sprintf(ni->ni_macaddr)); 4435 4436 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4437 if (error != 0) { 4438 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4439 error); 4440 return !error; 4441 } 4442 4443 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4444 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4445 kflags |= WPI_KFLAG_MULTICAST; 4446 node.kflags = htole16(kflags); 4447 4448 goto again; 4449 } 4450 4451 return 1; 4452} 4453 4454static void 4455wpi_load_key_cb(void *arg, struct ieee80211_node *ni) 4456{ 4457 const struct ieee80211_key *k = arg; 4458 struct ieee80211vap *vap = ni->ni_vap; 4459 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4460 struct wpi_node *wn = WPI_NODE(ni); 4461 int error; 4462 4463 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4464 return; 4465 4466 WPI_NT_LOCK(sc); 4467 error = wpi_load_key(ni, k); 4468 WPI_NT_UNLOCK(sc); 4469 4470 if (error == 0) { 4471 device_printf(sc->sc_dev, "%s: error while setting key\n", 4472 __func__); 4473 } 4474} 4475 4476static int 4477wpi_set_global_keys(struct ieee80211_node *ni) 4478{ 4479 struct ieee80211vap *vap = ni->ni_vap; 4480 struct ieee80211_key *wk = &vap->iv_nw_keys[0]; 4481 int error = 1; 4482 4483 for (; wk < &vap->iv_nw_keys[IEEE80211_WEP_NKID] && error; wk++) 4484 if (wk->wk_keyix != IEEE80211_KEYIX_NONE) 4485 error = wpi_load_key(ni, wk); 4486 4487 return !error; 4488} 4489 4490static int 4491wpi_del_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4492{ 4493 struct ieee80211vap *vap = ni->ni_vap; 4494 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4495 struct wpi_node *wn = WPI_NODE(ni); 4496 struct wpi_node_info node; 4497 uint16_t kflags; 4498 int error; 4499 4500 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4501 4502 if (wpi_check_node_entry(sc, wn->id) == 0) { 4503 DPRINTF(sc, WPI_DEBUG_KEY, "%s: node was removed\n", __func__); 4504 return 1; /* Nothing to do. */ 4505 } 4506 4507 kflags = WPI_KFLAG_KID(k->wk_keyix); 4508 if (k->wk_flags & IEEE80211_KEY_GROUP) 4509 kflags |= WPI_KFLAG_MULTICAST; 4510 4511 memset(&node, 0, sizeof node); 4512 node.id = wn->id; 4513 node.control = WPI_NODE_UPDATE; 4514 node.flags = WPI_FLAG_KEY_SET; 4515 node.kflags = htole16(kflags); 4516again: 4517 DPRINTF(sc, WPI_DEBUG_KEY, "%s: deleting %s key %d for node %d (%s)\n", 4518 __func__, (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", 4519 k->wk_keyix, node.id, ether_sprintf(ni->ni_macaddr)); 4520 4521 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4522 if (error != 0) { 4523 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4524 error); 4525 return !error; 4526 } 4527 4528 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4529 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4530 kflags |= WPI_KFLAG_MULTICAST; 4531 node.kflags = htole16(kflags); 4532 4533 goto again; 4534 } 4535 4536 return 1; 4537} 4538 4539static void 4540wpi_del_key_cb(void *arg, struct ieee80211_node *ni) 4541{ 4542 const struct ieee80211_key *k = arg; 4543 struct ieee80211vap *vap = ni->ni_vap; 4544 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4545 struct wpi_node *wn = WPI_NODE(ni); 4546 int error; 4547 4548 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4549 return; 4550 4551 WPI_NT_LOCK(sc); 4552 error = wpi_del_key(ni, k); 4553 WPI_NT_UNLOCK(sc); 4554 4555 if (error == 0) { 4556 device_printf(sc->sc_dev, "%s: error while deleting key\n", 4557 __func__); 4558 } 4559} 4560 4561static int 4562wpi_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k, 4563 int set) 4564{ 4565 struct ieee80211com *ic = vap->iv_ic; 4566 struct wpi_softc *sc = ic->ic_ifp->if_softc; 4567 struct wpi_vap *wvp = WPI_VAP(vap); 4568 struct ieee80211_node *ni; 4569 int error, ni_ref = 0; 4570 4571 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4572 4573 if (k->wk_flags & IEEE80211_KEY_SWCRYPT) { 4574 /* Not for us. */ 4575 return 1; 4576 } 4577 4578 if (!(k->wk_flags & IEEE80211_KEY_RECV)) { 4579 /* XMIT keys are handled in wpi_tx_data(). */ 4580 return 1; 4581 } 4582 4583 /* Handle group keys. */ 4584 if (&vap->iv_nw_keys[0] <= k && 4585 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4586 WPI_NT_LOCK(sc); 4587 if (set) 4588 wvp->wv_gtk |= WPI_VAP_KEY(k->wk_keyix); 4589 else 4590 wvp->wv_gtk &= ~WPI_VAP_KEY(k->wk_keyix); 4591 WPI_NT_UNLOCK(sc); 4592 4593 if (vap->iv_state == IEEE80211_S_RUN) { 4594 ieee80211_iterate_nodes(&ic->ic_sta, 4595 set ? wpi_load_key_cb : wpi_del_key_cb, 4596 __DECONST(void *, k)); 4597 } 4598 4599 return 1; 4600 } 4601 4602 switch (vap->iv_opmode) { 4603 case IEEE80211_M_STA: 4604 ni = vap->iv_bss; 4605 break; 4606 4607 case IEEE80211_M_IBSS: 4608 case IEEE80211_M_AHDEMO: 4609 case IEEE80211_M_HOSTAP: 4610 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, k->wk_macaddr); 4611 if (ni == NULL) 4612 return 0; /* should not happen */ 4613 4614 ni_ref = 1; 4615 break; 4616 4617 default: 4618 device_printf(sc->sc_dev, "%s: unknown opmode %d\n", __func__, 4619 vap->iv_opmode); 4620 return 0; 4621 } 4622 4623 WPI_NT_LOCK(sc); 4624 if (set) 4625 error = wpi_load_key(ni, k); 4626 else 4627 error = wpi_del_key(ni, k); 4628 WPI_NT_UNLOCK(sc); 4629 4630 if (ni_ref) 4631 ieee80211_node_decref(ni); 4632 4633 return error; 4634} 4635 4636static int 4637wpi_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k, 4638 const uint8_t mac[IEEE80211_ADDR_LEN]) 4639{ 4640 return wpi_process_key(vap, k, 1); 4641} 4642 4643static int 4644wpi_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 4645{ 4646 return wpi_process_key(vap, k, 0); 4647} 4648 4649/* 4650 * This function is called after the runtime firmware notifies us of its 4651 * readiness (called in a process context). 4652 */ 4653static int 4654wpi_post_alive(struct wpi_softc *sc) 4655{ 4656 int ntries, error; 4657 4658 /* Check (again) that the radio is not disabled. */ 4659 if ((error = wpi_nic_lock(sc)) != 0) 4660 return error; 4661 4662 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4663 4664 /* NB: Runtime firmware must be up and running. */ 4665 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 4666 device_printf(sc->sc_dev, 4667 "RF switch: radio disabled (%s)\n", __func__); 4668 wpi_nic_unlock(sc); 4669 return EPERM; /* :-) */ 4670 } 4671 wpi_nic_unlock(sc); 4672 4673 /* Wait for thermal sensor to calibrate. */ 4674 for (ntries = 0; ntries < 1000; ntries++) { 4675 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 4676 break; 4677 DELAY(10); 4678 } 4679 4680 if (ntries == 1000) { 4681 device_printf(sc->sc_dev, 4682 "timeout waiting for thermal sensor calibration\n"); 4683 return ETIMEDOUT; 4684 } 4685 4686 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d\n", sc->temp); 4687 return 0; 4688} 4689 4690/* 4691 * The firmware boot code is small and is intended to be copied directly into 4692 * the NIC internal memory (no DMA transfer). 4693 */ 4694static int 4695wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 4696{ 4697 int error, ntries; 4698 4699 DPRINTF(sc, WPI_DEBUG_HW, "Loading microcode size 0x%x\n", size); 4700 4701 size /= sizeof (uint32_t); 4702 4703 if ((error = wpi_nic_lock(sc)) != 0) 4704 return error; 4705 4706 /* Copy microcode image into NIC memory. */ 4707 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 4708 (const uint32_t *)ucode, size); 4709 4710 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 4711 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 4712 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 4713 4714 /* Start boot load now. */ 4715 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 4716 4717 /* Wait for transfer to complete. */ 4718 for (ntries = 0; ntries < 1000; ntries++) { 4719 uint32_t status = WPI_READ(sc, WPI_FH_TX_STATUS); 4720 DPRINTF(sc, WPI_DEBUG_HW, 4721 "firmware status=0x%x, val=0x%x, result=0x%x\n", status, 4722 WPI_FH_TX_STATUS_IDLE(6), 4723 status & WPI_FH_TX_STATUS_IDLE(6)); 4724 if (status & WPI_FH_TX_STATUS_IDLE(6)) { 4725 DPRINTF(sc, WPI_DEBUG_HW, 4726 "Status Match! - ntries = %d\n", ntries); 4727 break; 4728 } 4729 DELAY(10); 4730 } 4731 if (ntries == 1000) { 4732 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4733 __func__); 4734 wpi_nic_unlock(sc); 4735 return ETIMEDOUT; 4736 } 4737 4738 /* Enable boot after power up. */ 4739 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 4740 4741 wpi_nic_unlock(sc); 4742 return 0; 4743} 4744 4745static int 4746wpi_load_firmware(struct wpi_softc *sc) 4747{ 4748 struct wpi_fw_info *fw = &sc->fw; 4749 struct wpi_dma_info *dma = &sc->fw_dma; 4750 int error; 4751 4752 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4753 4754 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 4755 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 4756 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4757 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->init.text, fw->init.textsz); 4758 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4759 4760 /* Tell adapter where to find initialization sections. */ 4761 if ((error = wpi_nic_lock(sc)) != 0) 4762 return error; 4763 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4764 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 4765 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4766 dma->paddr + WPI_FW_DATA_MAXSZ); 4767 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 4768 wpi_nic_unlock(sc); 4769 4770 /* Load firmware boot code. */ 4771 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 4772 if (error != 0) { 4773 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4774 __func__); 4775 return error; 4776 } 4777 4778 /* Now press "execute". */ 4779 WPI_WRITE(sc, WPI_RESET, 0); 4780 4781 /* Wait at most one second for first alive notification. */ 4782 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 4783 device_printf(sc->sc_dev, 4784 "%s: timeout waiting for adapter to initialize, error %d\n", 4785 __func__, error); 4786 return error; 4787 } 4788 4789 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 4790 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 4791 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4792 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->main.text, fw->main.textsz); 4793 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4794 4795 /* Tell adapter where to find runtime sections. */ 4796 if ((error = wpi_nic_lock(sc)) != 0) 4797 return error; 4798 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4799 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 4800 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4801 dma->paddr + WPI_FW_DATA_MAXSZ); 4802 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 4803 WPI_FW_UPDATED | fw->main.textsz); 4804 wpi_nic_unlock(sc); 4805 4806 return 0; 4807} 4808 4809static int 4810wpi_read_firmware(struct wpi_softc *sc) 4811{ 4812 const struct firmware *fp; 4813 struct wpi_fw_info *fw = &sc->fw; 4814 const struct wpi_firmware_hdr *hdr; 4815 int error; 4816 4817 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4818 4819 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4820 "Attempting Loading Firmware from %s module\n", WPI_FW_NAME); 4821 4822 WPI_UNLOCK(sc); 4823 fp = firmware_get(WPI_FW_NAME); 4824 WPI_LOCK(sc); 4825 4826 if (fp == NULL) { 4827 device_printf(sc->sc_dev, 4828 "could not load firmware image '%s'\n", WPI_FW_NAME); 4829 return EINVAL; 4830 } 4831 4832 sc->fw_fp = fp; 4833 4834 if (fp->datasize < sizeof (struct wpi_firmware_hdr)) { 4835 device_printf(sc->sc_dev, 4836 "firmware file too short: %zu bytes\n", fp->datasize); 4837 error = EINVAL; 4838 goto fail; 4839 } 4840 4841 fw->size = fp->datasize; 4842 fw->data = (const uint8_t *)fp->data; 4843 4844 /* Extract firmware header information. */ 4845 hdr = (const struct wpi_firmware_hdr *)fw->data; 4846 4847 /* | RUNTIME FIRMWARE | INIT FIRMWARE | BOOT FW | 4848 |HDR|<--TEXT-->|<--DATA-->|<--TEXT-->|<--DATA-->|<--TEXT-->| */ 4849 4850 fw->main.textsz = le32toh(hdr->rtextsz); 4851 fw->main.datasz = le32toh(hdr->rdatasz); 4852 fw->init.textsz = le32toh(hdr->itextsz); 4853 fw->init.datasz = le32toh(hdr->idatasz); 4854 fw->boot.textsz = le32toh(hdr->btextsz); 4855 fw->boot.datasz = 0; 4856 4857 /* Sanity-check firmware header. */ 4858 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 4859 fw->main.datasz > WPI_FW_DATA_MAXSZ || 4860 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 4861 fw->init.datasz > WPI_FW_DATA_MAXSZ || 4862 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 4863 (fw->boot.textsz & 3) != 0) { 4864 device_printf(sc->sc_dev, "invalid firmware header\n"); 4865 error = EINVAL; 4866 goto fail; 4867 } 4868 4869 /* Check that all firmware sections fit. */ 4870 if (fw->size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 4871 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 4872 device_printf(sc->sc_dev, 4873 "firmware file too short: %zu bytes\n", fw->size); 4874 error = EINVAL; 4875 goto fail; 4876 } 4877 4878 /* Get pointers to firmware sections. */ 4879 fw->main.text = (const uint8_t *)(hdr + 1); 4880 fw->main.data = fw->main.text + fw->main.textsz; 4881 fw->init.text = fw->main.data + fw->main.datasz; 4882 fw->init.data = fw->init.text + fw->init.textsz; 4883 fw->boot.text = fw->init.data + fw->init.datasz; 4884 4885 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4886 "Firmware Version: Major %d, Minor %d, Driver %d, \n" 4887 "runtime (text: %u, data: %u) init (text: %u, data %u) " 4888 "boot (text %u)\n", hdr->major, hdr->minor, le32toh(hdr->driver), 4889 fw->main.textsz, fw->main.datasz, 4890 fw->init.textsz, fw->init.datasz, fw->boot.textsz); 4891 4892 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.text %p\n", fw->main.text); 4893 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.data %p\n", fw->main.data); 4894 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.text %p\n", fw->init.text); 4895 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.data %p\n", fw->init.data); 4896 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->boot.text %p\n", fw->boot.text); 4897 4898 return 0; 4899 4900fail: wpi_unload_firmware(sc); 4901 return error; 4902} 4903 4904/** 4905 * Free the referenced firmware image 4906 */ 4907static void 4908wpi_unload_firmware(struct wpi_softc *sc) 4909{ 4910 if (sc->fw_fp != NULL) { 4911 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD); 4912 sc->fw_fp = NULL; 4913 } 4914} 4915 4916static int 4917wpi_clock_wait(struct wpi_softc *sc) 4918{ 4919 int ntries; 4920 4921 /* Set "initialization complete" bit. */ 4922 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 4923 4924 /* Wait for clock stabilization. */ 4925 for (ntries = 0; ntries < 2500; ntries++) { 4926 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 4927 return 0; 4928 DELAY(100); 4929 } 4930 device_printf(sc->sc_dev, 4931 "%s: timeout waiting for clock stabilization\n", __func__); 4932 4933 return ETIMEDOUT; 4934} 4935 4936static int 4937wpi_apm_init(struct wpi_softc *sc) 4938{ 4939 uint32_t reg; 4940 int error; 4941 4942 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4943 4944 /* Disable L0s exit timer (NMI bug workaround). */ 4945 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_DIS_L0S_TIMER); 4946 /* Don't wait for ICH L0s (ICH bug workaround). */ 4947 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 4948 4949 /* Set FH wait threshold to max (HW bug under stress workaround). */ 4950 WPI_SETBITS(sc, WPI_DBG_HPET_MEM, 0xffff0000); 4951 4952 /* Retrieve PCIe Active State Power Management (ASPM). */ 4953 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 4954 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */ 4955 if (reg & 0x02) /* L1 Entry enabled. */ 4956 WPI_SETBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4957 else 4958 WPI_CLRBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4959 4960 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 4961 4962 /* Wait for clock stabilization before accessing prph. */ 4963 if ((error = wpi_clock_wait(sc)) != 0) 4964 return error; 4965 4966 if ((error = wpi_nic_lock(sc)) != 0) 4967 return error; 4968 /* Cleanup. */ 4969 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 0x00000400); 4970 wpi_prph_clrbits(sc, WPI_APMG_PS, 0x00000200); 4971 4972 /* Enable DMA and BSM (Bootstrap State Machine). */ 4973 wpi_prph_write(sc, WPI_APMG_CLK_EN, 4974 WPI_APMG_CLK_CTRL_DMA_CLK_RQT | WPI_APMG_CLK_CTRL_BSM_CLK_RQT); 4975 DELAY(20); 4976 /* Disable L1-Active. */ 4977 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 4978 wpi_nic_unlock(sc); 4979 4980 return 0; 4981} 4982 4983static void 4984wpi_apm_stop_master(struct wpi_softc *sc) 4985{ 4986 int ntries; 4987 4988 /* Stop busmaster DMA activity. */ 4989 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 4990 4991 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 4992 WPI_GP_CNTRL_MAC_PS) 4993 return; /* Already asleep. */ 4994 4995 for (ntries = 0; ntries < 100; ntries++) { 4996 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 4997 return; 4998 DELAY(10); 4999 } 5000 device_printf(sc->sc_dev, "%s: timeout waiting for master\n", 5001 __func__); 5002} 5003 5004static void 5005wpi_apm_stop(struct wpi_softc *sc) 5006{ 5007 wpi_apm_stop_master(sc); 5008 5009 /* Reset the entire device. */ 5010 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 5011 DELAY(10); 5012 /* Clear "initialization complete" bit. */ 5013 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 5014} 5015 5016static void 5017wpi_nic_config(struct wpi_softc *sc) 5018{ 5019 uint32_t rev; 5020 5021 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5022 5023 /* voodoo from the Linux "driver".. */ 5024 rev = pci_read_config(sc->sc_dev, PCIR_REVID, 1); 5025 if ((rev & 0xc0) == 0x40) 5026 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 5027 else if (!(rev & 0x80)) 5028 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 5029 5030 if (sc->cap == 0x80) 5031 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 5032 5033 if ((sc->rev & 0xf0) == 0xd0) 5034 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 5035 else 5036 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 5037 5038 if (sc->type > 1) 5039 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 5040} 5041 5042static int 5043wpi_hw_init(struct wpi_softc *sc) 5044{ 5045 int chnl, ntries, error; 5046 5047 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 5048 5049 /* Clear pending interrupts. */ 5050 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5051 5052 if ((error = wpi_apm_init(sc)) != 0) { 5053 device_printf(sc->sc_dev, 5054 "%s: could not power ON adapter, error %d\n", __func__, 5055 error); 5056 return error; 5057 } 5058 5059 /* Select VMAIN power source. */ 5060 if ((error = wpi_nic_lock(sc)) != 0) 5061 return error; 5062 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 5063 wpi_nic_unlock(sc); 5064 /* Spin until VMAIN gets selected. */ 5065 for (ntries = 0; ntries < 5000; ntries++) { 5066 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 5067 break; 5068 DELAY(10); 5069 } 5070 if (ntries == 5000) { 5071 device_printf(sc->sc_dev, "timeout selecting power source\n"); 5072 return ETIMEDOUT; 5073 } 5074 5075 /* Perform adapter initialization. */ 5076 wpi_nic_config(sc); 5077 5078 /* Initialize RX ring. */ 5079 if ((error = wpi_nic_lock(sc)) != 0) 5080 return error; 5081 /* Set physical address of RX ring. */ 5082 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 5083 /* Set physical address of RX read pointer. */ 5084 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 5085 offsetof(struct wpi_shared, next)); 5086 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 5087 /* Enable RX. */ 5088 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 5089 WPI_FH_RX_CONFIG_DMA_ENA | 5090 WPI_FH_RX_CONFIG_RDRBD_ENA | 5091 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 5092 WPI_FH_RX_CONFIG_MAXFRAG | 5093 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 5094 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 5095 WPI_FH_RX_CONFIG_IRQ_TIMEOUT(1)); 5096 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 5097 wpi_nic_unlock(sc); 5098 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 5099 5100 /* Initialize TX rings. */ 5101 if ((error = wpi_nic_lock(sc)) != 0) 5102 return error; 5103 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 5104 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 5105 /* Enable all 6 TX rings. */ 5106 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 5107 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 5108 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 5109 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 5110 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 5111 /* Set physical address of TX rings. */ 5112 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 5113 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 5114 5115 /* Enable all DMA channels. */ 5116 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5117 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 5118 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 5119 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 5120 } 5121 wpi_nic_unlock(sc); 5122 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 5123 5124 /* Clear "radio off" and "commands blocked" bits. */ 5125 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5126 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 5127 5128 /* Clear pending interrupts. */ 5129 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5130 /* Enable interrupts. */ 5131 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 5132 5133 /* _Really_ make sure "radio off" bit is cleared! */ 5134 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5135 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5136 5137 if ((error = wpi_load_firmware(sc)) != 0) { 5138 device_printf(sc->sc_dev, 5139 "%s: could not load firmware, error %d\n", __func__, 5140 error); 5141 return error; 5142 } 5143 /* Wait at most one second for firmware alive notification. */ 5144 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 5145 device_printf(sc->sc_dev, 5146 "%s: timeout waiting for adapter to initialize, error %d\n", 5147 __func__, error); 5148 return error; 5149 } 5150 5151 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5152 5153 /* Do post-firmware initialization. */ 5154 return wpi_post_alive(sc); 5155} 5156 5157static void 5158wpi_hw_stop(struct wpi_softc *sc) 5159{ 5160 int chnl, qid, ntries; 5161 5162 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5163 5164 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) 5165 wpi_nic_lock(sc); 5166 5167 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 5168 5169 /* Disable interrupts. */ 5170 WPI_WRITE(sc, WPI_INT_MASK, 0); 5171 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5172 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 5173 5174 /* Make sure we no longer hold the NIC lock. */ 5175 wpi_nic_unlock(sc); 5176 5177 if (wpi_nic_lock(sc) == 0) { 5178 /* Stop TX scheduler. */ 5179 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 5180 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 5181 5182 /* Stop all DMA channels. */ 5183 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5184 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 5185 for (ntries = 0; ntries < 200; ntries++) { 5186 if (WPI_READ(sc, WPI_FH_TX_STATUS) & 5187 WPI_FH_TX_STATUS_IDLE(chnl)) 5188 break; 5189 DELAY(10); 5190 } 5191 } 5192 wpi_nic_unlock(sc); 5193 } 5194 5195 /* Stop RX ring. */ 5196 wpi_reset_rx_ring(sc); 5197 5198 /* Reset all TX rings. */ 5199 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 5200 wpi_reset_tx_ring(sc, &sc->txq[qid]); 5201 5202 if (wpi_nic_lock(sc) == 0) { 5203 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 5204 WPI_APMG_CLK_CTRL_DMA_CLK_RQT); 5205 wpi_nic_unlock(sc); 5206 } 5207 DELAY(5); 5208 /* Power OFF adapter. */ 5209 wpi_apm_stop(sc); 5210} 5211 5212static void 5213wpi_radio_on(void *arg0, int pending) 5214{ 5215 struct wpi_softc *sc = arg0; 5216 struct ifnet *ifp = sc->sc_ifp; 5217 struct ieee80211com *ic = ifp->if_l2com; 5218 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5219 5220 device_printf(sc->sc_dev, "RF switch: radio enabled\n"); 5221 5222 if (vap != NULL) { 5223 wpi_init(sc); 5224 ieee80211_init(vap); 5225 } 5226 5227 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL) { 5228 WPI_LOCK(sc); 5229 callout_stop(&sc->watchdog_rfkill); 5230 WPI_UNLOCK(sc); 5231 } 5232} 5233 5234static void 5235wpi_radio_off(void *arg0, int pending) 5236{ 5237 struct wpi_softc *sc = arg0; 5238 struct ifnet *ifp = sc->sc_ifp; 5239 struct ieee80211com *ic = ifp->if_l2com; 5240 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5241 5242 device_printf(sc->sc_dev, "RF switch: radio disabled\n"); 5243 5244 wpi_stop(sc); 5245 if (vap != NULL) 5246 ieee80211_stop(vap); 5247 5248 WPI_LOCK(sc); 5249 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, sc); 5250 WPI_UNLOCK(sc); 5251} 5252 5253static void 5254wpi_init(void *arg) 5255{ 5256 struct wpi_softc *sc = arg; 5257 struct ifnet *ifp = sc->sc_ifp; 5258 struct ieee80211com *ic = ifp->if_l2com; 5259 int error; 5260 5261 WPI_LOCK(sc); 5262 5263 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 5264 5265 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) 5266 goto end; 5267 5268 /* Check that the radio is not disabled by hardware switch. */ 5269 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 5270 device_printf(sc->sc_dev, 5271 "RF switch: radio disabled (%s)\n", __func__); 5272 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 5273 sc); 5274 goto end; 5275 } 5276 5277 /* Read firmware images from the filesystem. */ 5278 if ((error = wpi_read_firmware(sc)) != 0) { 5279 device_printf(sc->sc_dev, 5280 "%s: could not read firmware, error %d\n", __func__, 5281 error); 5282 goto fail; 5283 } 5284 5285 /* Initialize hardware and upload firmware. */ 5286 error = wpi_hw_init(sc); 5287 wpi_unload_firmware(sc); 5288 if (error != 0) { 5289 device_printf(sc->sc_dev, 5290 "%s: could not initialize hardware, error %d\n", __func__, 5291 error); 5292 goto fail; 5293 } 5294 5295 /* Configure adapter now that it is ready. */ 5296 sc->txq_active = 1; 5297 if ((error = wpi_config(sc)) != 0) { 5298 device_printf(sc->sc_dev, 5299 "%s: could not configure device, error %d\n", __func__, 5300 error); 5301 goto fail; 5302 } 5303 5304 IF_LOCK(&ifp->if_snd); 5305 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 5306 ifp->if_drv_flags |= IFF_DRV_RUNNING; 5307 IF_UNLOCK(&ifp->if_snd); 5308 5309 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5310 5311 WPI_UNLOCK(sc); 5312 5313 ieee80211_start_all(ic); 5314 5315 return; 5316 5317fail: wpi_stop_locked(sc); 5318end: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 5319 WPI_UNLOCK(sc); 5320} 5321 5322static void 5323wpi_stop_locked(struct wpi_softc *sc) 5324{ 5325 struct ifnet *ifp = sc->sc_ifp; 5326 5327 WPI_LOCK_ASSERT(sc); 5328 5329 WPI_TXQ_LOCK(sc); 5330 sc->txq_active = 0; 5331 WPI_TXQ_UNLOCK(sc); 5332 5333 WPI_TXQ_STATE_LOCK(sc); 5334 callout_stop(&sc->tx_timeout); 5335 WPI_TXQ_STATE_UNLOCK(sc); 5336 5337 WPI_RXON_LOCK(sc); 5338 callout_stop(&sc->scan_timeout); 5339 callout_stop(&sc->calib_to); 5340 WPI_RXON_UNLOCK(sc); 5341 5342 IF_LOCK(&ifp->if_snd); 5343 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 5344 IF_UNLOCK(&ifp->if_snd); 5345 5346 /* Power OFF hardware. */ 5347 wpi_hw_stop(sc); 5348} 5349 5350static void 5351wpi_stop(struct wpi_softc *sc) 5352{ 5353 WPI_LOCK(sc); 5354 wpi_stop_locked(sc); 5355 WPI_UNLOCK(sc); 5356} 5357 5358/* 5359 * Callback from net80211 to start a scan. 5360 */ 5361static void 5362wpi_scan_start(struct ieee80211com *ic) 5363{ 5364 struct wpi_softc *sc = ic->ic_ifp->if_softc; 5365 5366 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 5367} 5368 5369/* 5370 * Callback from net80211 to terminate a scan. 5371 */ 5372static void 5373wpi_scan_end(struct ieee80211com *ic) 5374{ 5375 struct ifnet *ifp = ic->ic_ifp; 5376 struct wpi_softc *sc = ifp->if_softc; 5377 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5378 5379 if (vap->iv_state == IEEE80211_S_RUN) 5380 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 5381} 5382 5383/** 5384 * Called by the net80211 framework to indicate to the driver 5385 * that the channel should be changed 5386 */ 5387static void 5388wpi_set_channel(struct ieee80211com *ic) 5389{ 5390 const struct ieee80211_channel *c = ic->ic_curchan; 5391 struct ifnet *ifp = ic->ic_ifp; 5392 struct wpi_softc *sc = ifp->if_softc; 5393 int error; 5394 5395 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5396 5397 WPI_LOCK(sc); 5398 sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq); 5399 sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags); 5400 WPI_UNLOCK(sc); 5401 WPI_TX_LOCK(sc); 5402 sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq); 5403 sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags); 5404 WPI_TX_UNLOCK(sc); 5405 5406 /* 5407 * Only need to set the channel in Monitor mode. AP scanning and auth 5408 * are already taken care of by their respective firmware commands. 5409 */ 5410 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 5411 WPI_RXON_LOCK(sc); 5412 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 5413 if (IEEE80211_IS_CHAN_2GHZ(c)) { 5414 sc->rxon.flags |= htole32(WPI_RXON_AUTO | 5415 WPI_RXON_24GHZ); 5416 } else { 5417 sc->rxon.flags &= ~htole32(WPI_RXON_AUTO | 5418 WPI_RXON_24GHZ); 5419 } 5420 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) 5421 device_printf(sc->sc_dev, 5422 "%s: error %d setting channel\n", __func__, 5423 error); 5424 WPI_RXON_UNLOCK(sc); 5425 } 5426} 5427 5428/** 5429 * Called by net80211 to indicate that we need to scan the current 5430 * channel. The channel is previously be set via the wpi_set_channel 5431 * callback. 5432 */ 5433static void 5434wpi_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 5435{ 5436 struct ieee80211vap *vap = ss->ss_vap; 5437 struct ieee80211com *ic = vap->iv_ic; 5438 struct wpi_softc *sc = ic->ic_ifp->if_softc; 5439 int error; 5440 5441 WPI_RXON_LOCK(sc); 5442 error = wpi_scan(sc, ic->ic_curchan); 5443 WPI_RXON_UNLOCK(sc); 5444 if (error != 0) 5445 ieee80211_cancel_scan(vap); 5446} 5447 5448/** 5449 * Called by the net80211 framework to indicate 5450 * the minimum dwell time has been met, terminate the scan. 5451 * We don't actually terminate the scan as the firmware will notify 5452 * us when it's finished and we have no way to interrupt it. 5453 */ 5454static void 5455wpi_scan_mindwell(struct ieee80211_scan_state *ss) 5456{ 5457 /* NB: don't try to abort scan; wait for firmware to finish */ 5458} 5459 5460static void 5461wpi_hw_reset(void *arg, int pending) 5462{ 5463 struct wpi_softc *sc = arg; 5464 struct ifnet *ifp = sc->sc_ifp; 5465 struct ieee80211com *ic = ifp->if_l2com; 5466 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5467 5468 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5469 5470 if (vap != NULL && (ic->ic_flags & IEEE80211_F_SCAN)) 5471 ieee80211_cancel_scan(vap); 5472 5473 wpi_stop(sc); 5474 if (vap != NULL) 5475 ieee80211_stop(vap); 5476 wpi_init(sc); 5477 if (vap != NULL) 5478 ieee80211_init(vap); 5479} 5480