if_wpi.c revision 280085
1/*- 2 * Copyright (c) 2006,2007 3 * Damien Bergamini <damien.bergamini@free.fr> 4 * Benjamin Close <Benjamin.Close@clearchain.com> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/cdefs.h> 20__FBSDID("$FreeBSD: head/sys/dev/wpi/if_wpi.c 280085 2015-03-15 20:52:47Z adrian $"); 21 22/* 23 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 24 * 25 * The 3945ABG network adapter doesn't use traditional hardware as 26 * many other adaptors do. Instead at run time the eeprom is set into a known 27 * state and told to load boot firmware. The boot firmware loads an init and a 28 * main binary firmware image into SRAM on the card via DMA. 29 * Once the firmware is loaded, the driver/hw then 30 * communicate by way of circular dma rings via the SRAM to the firmware. 31 * 32 * There is 6 memory rings. 1 command ring, 1 rx data ring & 4 tx data rings. 33 * The 4 tx data rings allow for prioritization QoS. 34 * 35 * The rx data ring consists of 32 dma buffers. Two registers are used to 36 * indicate where in the ring the driver and the firmware are up to. The 37 * driver sets the initial read index (reg1) and the initial write index (reg2), 38 * the firmware updates the read index (reg1) on rx of a packet and fires an 39 * interrupt. The driver then processes the buffers starting at reg1 indicating 40 * to the firmware which buffers have been accessed by updating reg2. At the 41 * same time allocating new memory for the processed buffer. 42 * 43 * A similar thing happens with the tx rings. The difference is the firmware 44 * stop processing buffers once the queue is full and until confirmation 45 * of a successful transmition (tx_done) has occurred. 46 * 47 * The command ring operates in the same manner as the tx queues. 48 * 49 * All communication direct to the card (ie eeprom) is classed as Stage1 50 * communication 51 * 52 * All communication via the firmware to the card is classed as State2. 53 * The firmware consists of 2 parts. A bootstrap firmware and a runtime 54 * firmware. The bootstrap firmware and runtime firmware are loaded 55 * from host memory via dma to the card then told to execute. From this point 56 * on the majority of communications between the driver and the card goes 57 * via the firmware. 58 */ 59 60#include "opt_wlan.h" 61#include "opt_wpi.h" 62 63#include <sys/param.h> 64#include <sys/sysctl.h> 65#include <sys/sockio.h> 66#include <sys/mbuf.h> 67#include <sys/kernel.h> 68#include <sys/socket.h> 69#include <sys/systm.h> 70#include <sys/malloc.h> 71#include <sys/queue.h> 72#include <sys/taskqueue.h> 73#include <sys/module.h> 74#include <sys/bus.h> 75#include <sys/endian.h> 76#include <sys/linker.h> 77#include <sys/firmware.h> 78 79#include <machine/bus.h> 80#include <machine/resource.h> 81#include <sys/rman.h> 82 83#include <dev/pci/pcireg.h> 84#include <dev/pci/pcivar.h> 85 86#include <net/bpf.h> 87#include <net/if.h> 88#include <net/if_var.h> 89#include <net/if_arp.h> 90#include <net/ethernet.h> 91#include <net/if_dl.h> 92#include <net/if_media.h> 93#include <net/if_types.h> 94 95#include <netinet/in.h> 96#include <netinet/in_systm.h> 97#include <netinet/in_var.h> 98#include <netinet/if_ether.h> 99#include <netinet/ip.h> 100 101#include <net80211/ieee80211_var.h> 102#include <net80211/ieee80211_radiotap.h> 103#include <net80211/ieee80211_regdomain.h> 104#include <net80211/ieee80211_ratectl.h> 105 106#include <dev/wpi/if_wpireg.h> 107#include <dev/wpi/if_wpivar.h> 108#include <dev/wpi/if_wpi_debug.h> 109 110struct wpi_ident { 111 uint16_t vendor; 112 uint16_t device; 113 uint16_t subdevice; 114 const char *name; 115}; 116 117static const struct wpi_ident wpi_ident_table[] = { 118 /* The below entries support ABG regardless of the subid */ 119 { 0x8086, 0x4222, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 120 { 0x8086, 0x4227, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 121 /* The below entries only support BG */ 122 { 0x8086, 0x4222, 0x1005, "Intel(R) PRO/Wireless 3945BG" }, 123 { 0x8086, 0x4222, 0x1034, "Intel(R) PRO/Wireless 3945BG" }, 124 { 0x8086, 0x4227, 0x1014, "Intel(R) PRO/Wireless 3945BG" }, 125 { 0x8086, 0x4222, 0x1044, "Intel(R) PRO/Wireless 3945BG" }, 126 { 0, 0, 0, NULL } 127}; 128 129static int wpi_probe(device_t); 130static int wpi_attach(device_t); 131static void wpi_radiotap_attach(struct wpi_softc *); 132static void wpi_sysctlattach(struct wpi_softc *); 133static void wpi_init_beacon(struct wpi_vap *); 134static struct ieee80211vap *wpi_vap_create(struct ieee80211com *, 135 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 136 const uint8_t [IEEE80211_ADDR_LEN], 137 const uint8_t [IEEE80211_ADDR_LEN]); 138static void wpi_vap_delete(struct ieee80211vap *); 139static int wpi_detach(device_t); 140static int wpi_shutdown(device_t); 141static int wpi_suspend(device_t); 142static int wpi_resume(device_t); 143static int wpi_nic_lock(struct wpi_softc *); 144static int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 145static void wpi_dma_map_addr(void *, bus_dma_segment_t *, int, int); 146static int wpi_dma_contig_alloc(struct wpi_softc *, struct wpi_dma_info *, 147 void **, bus_size_t, bus_size_t); 148static void wpi_dma_contig_free(struct wpi_dma_info *); 149static int wpi_alloc_shared(struct wpi_softc *); 150static void wpi_free_shared(struct wpi_softc *); 151static int wpi_alloc_fwmem(struct wpi_softc *); 152static void wpi_free_fwmem(struct wpi_softc *); 153static int wpi_alloc_rx_ring(struct wpi_softc *); 154static void wpi_update_rx_ring(struct wpi_softc *); 155static void wpi_reset_rx_ring(struct wpi_softc *); 156static void wpi_free_rx_ring(struct wpi_softc *); 157static int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 158 int); 159static void wpi_update_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 160static void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 161static void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 162static int wpi_read_eeprom(struct wpi_softc *, 163 uint8_t macaddr[IEEE80211_ADDR_LEN]); 164static uint32_t wpi_eeprom_channel_flags(struct wpi_eeprom_chan *); 165static void wpi_read_eeprom_band(struct wpi_softc *, int); 166static int wpi_read_eeprom_channels(struct wpi_softc *, int); 167static struct wpi_eeprom_chan *wpi_find_eeprom_channel(struct wpi_softc *, 168 struct ieee80211_channel *); 169static int wpi_setregdomain(struct ieee80211com *, 170 struct ieee80211_regdomain *, int, 171 struct ieee80211_channel[]); 172static int wpi_read_eeprom_group(struct wpi_softc *, int); 173static int wpi_add_node_entry_adhoc(struct wpi_softc *); 174static void wpi_node_free(struct ieee80211_node *); 175static struct ieee80211_node *wpi_node_alloc(struct ieee80211vap *, 176 const uint8_t mac[IEEE80211_ADDR_LEN]); 177static int wpi_newstate(struct ieee80211vap *, enum ieee80211_state, int); 178static void wpi_calib_timeout(void *); 179static void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 180 struct wpi_rx_data *); 181static void wpi_rx_statistics(struct wpi_softc *, struct wpi_rx_desc *, 182 struct wpi_rx_data *); 183static void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 184static void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 185static void wpi_notif_intr(struct wpi_softc *); 186static void wpi_wakeup_intr(struct wpi_softc *); 187static void wpi_fatal_intr(struct wpi_softc *); 188static void wpi_intr(void *); 189static int wpi_cmd2(struct wpi_softc *, struct wpi_buf *); 190static int wpi_tx_data(struct wpi_softc *, struct mbuf *, 191 struct ieee80211_node *); 192static int wpi_tx_data_raw(struct wpi_softc *, struct mbuf *, 193 struct ieee80211_node *, 194 const struct ieee80211_bpf_params *); 195static int wpi_raw_xmit(struct ieee80211_node *, struct mbuf *, 196 const struct ieee80211_bpf_params *); 197static void wpi_start(struct ifnet *); 198static void wpi_start_locked(struct ifnet *); 199static void wpi_start_task(void *, int); 200static void wpi_watchdog_rfkill(void *); 201static void wpi_watchdog(void *); 202static int wpi_ioctl(struct ifnet *, u_long, caddr_t); 203static int wpi_cmd(struct wpi_softc *, int, const void *, size_t, int); 204static int wpi_mrr_setup(struct wpi_softc *); 205static int wpi_add_node(struct wpi_softc *, struct ieee80211_node *); 206static int wpi_add_broadcast_node(struct wpi_softc *, int); 207static int wpi_add_ibss_node(struct wpi_softc *, struct ieee80211_node *); 208static void wpi_del_node(struct wpi_softc *, struct ieee80211_node *); 209static int wpi_updateedca(struct ieee80211com *); 210static void wpi_set_promisc(struct wpi_softc *); 211static void wpi_update_promisc(struct ifnet *); 212static void wpi_update_mcast(struct ifnet *); 213static void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 214static int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 215static void wpi_power_calibration(struct wpi_softc *); 216static int wpi_set_txpower(struct wpi_softc *, int); 217static int wpi_get_power_index(struct wpi_softc *, 218 struct wpi_power_group *, struct ieee80211_channel *, int); 219static int wpi_set_pslevel(struct wpi_softc *, uint8_t, int, int); 220static int wpi_send_btcoex(struct wpi_softc *); 221static int wpi_send_rxon(struct wpi_softc *, int, int); 222static int wpi_config(struct wpi_softc *); 223static uint16_t wpi_get_active_dwell_time(struct wpi_softc *, 224 struct ieee80211_channel *, uint8_t); 225static uint16_t wpi_limit_dwell(struct wpi_softc *, uint16_t); 226static uint16_t wpi_get_passive_dwell_time(struct wpi_softc *, 227 struct ieee80211_channel *); 228static int wpi_scan(struct wpi_softc *, struct ieee80211_channel *); 229static int wpi_auth(struct wpi_softc *, struct ieee80211vap *); 230static int wpi_config_beacon(struct wpi_vap *); 231static int wpi_setup_beacon(struct wpi_softc *, struct ieee80211_node *); 232static void wpi_update_beacon(struct ieee80211vap *, int); 233static void wpi_newassoc(struct ieee80211_node *, int); 234static int wpi_run(struct wpi_softc *, struct ieee80211vap *); 235static int wpi_key_alloc(struct ieee80211vap *, struct ieee80211_key *, 236 ieee80211_keyix *, ieee80211_keyix *); 237static int wpi_key_set(struct ieee80211vap *, 238 const struct ieee80211_key *, 239 const uint8_t mac[IEEE80211_ADDR_LEN]); 240static int wpi_key_delete(struct ieee80211vap *, 241 const struct ieee80211_key *); 242static int wpi_post_alive(struct wpi_softc *); 243static int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 244static int wpi_load_firmware(struct wpi_softc *); 245static int wpi_read_firmware(struct wpi_softc *); 246static void wpi_unload_firmware(struct wpi_softc *); 247static int wpi_clock_wait(struct wpi_softc *); 248static int wpi_apm_init(struct wpi_softc *); 249static void wpi_apm_stop_master(struct wpi_softc *); 250static void wpi_apm_stop(struct wpi_softc *); 251static void wpi_nic_config(struct wpi_softc *); 252static int wpi_hw_init(struct wpi_softc *); 253static void wpi_hw_stop(struct wpi_softc *); 254static void wpi_radio_on(void *, int); 255static void wpi_radio_off(void *, int); 256static void wpi_init_locked(struct wpi_softc *); 257static void wpi_init(void *); 258static void wpi_stop_locked(struct wpi_softc *); 259static void wpi_stop(struct wpi_softc *); 260static void wpi_scan_start(struct ieee80211com *); 261static void wpi_scan_end(struct ieee80211com *); 262static void wpi_set_channel(struct ieee80211com *); 263static void wpi_scan_curchan(struct ieee80211_scan_state *, unsigned long); 264static void wpi_scan_mindwell(struct ieee80211_scan_state *); 265static void wpi_hw_reset(void *, int); 266 267static device_method_t wpi_methods[] = { 268 /* Device interface */ 269 DEVMETHOD(device_probe, wpi_probe), 270 DEVMETHOD(device_attach, wpi_attach), 271 DEVMETHOD(device_detach, wpi_detach), 272 DEVMETHOD(device_shutdown, wpi_shutdown), 273 DEVMETHOD(device_suspend, wpi_suspend), 274 DEVMETHOD(device_resume, wpi_resume), 275 276 DEVMETHOD_END 277}; 278 279static driver_t wpi_driver = { 280 "wpi", 281 wpi_methods, 282 sizeof (struct wpi_softc) 283}; 284static devclass_t wpi_devclass; 285 286DRIVER_MODULE(wpi, pci, wpi_driver, wpi_devclass, NULL, NULL); 287 288MODULE_VERSION(wpi, 1); 289 290MODULE_DEPEND(wpi, pci, 1, 1, 1); 291MODULE_DEPEND(wpi, wlan, 1, 1, 1); 292MODULE_DEPEND(wpi, firmware, 1, 1, 1); 293 294static int 295wpi_probe(device_t dev) 296{ 297 const struct wpi_ident *ident; 298 299 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 300 if (pci_get_vendor(dev) == ident->vendor && 301 pci_get_device(dev) == ident->device) { 302 device_set_desc(dev, ident->name); 303 return (BUS_PROBE_DEFAULT); 304 } 305 } 306 return ENXIO; 307} 308 309static int 310wpi_attach(device_t dev) 311{ 312 struct wpi_softc *sc = (struct wpi_softc *)device_get_softc(dev); 313 struct ieee80211com *ic; 314 struct ifnet *ifp; 315 int i, error, rid; 316#ifdef WPI_DEBUG 317 int supportsa = 1; 318 const struct wpi_ident *ident; 319#endif 320 uint8_t macaddr[IEEE80211_ADDR_LEN]; 321 322 sc->sc_dev = dev; 323 324#ifdef WPI_DEBUG 325 error = resource_int_value(device_get_name(sc->sc_dev), 326 device_get_unit(sc->sc_dev), "debug", &(sc->sc_debug)); 327 if (error != 0) 328 sc->sc_debug = 0; 329#else 330 sc->sc_debug = 0; 331#endif 332 333 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 334 335 /* 336 * Get the offset of the PCI Express Capability Structure in PCI 337 * Configuration Space. 338 */ 339 error = pci_find_cap(dev, PCIY_EXPRESS, &sc->sc_cap_off); 340 if (error != 0) { 341 device_printf(dev, "PCIe capability structure not found!\n"); 342 return error; 343 } 344 345 /* 346 * Some card's only support 802.11b/g not a, check to see if 347 * this is one such card. A 0x0 in the subdevice table indicates 348 * the entire subdevice range is to be ignored. 349 */ 350#ifdef WPI_DEBUG 351 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 352 if (ident->subdevice && 353 pci_get_subdevice(dev) == ident->subdevice) { 354 supportsa = 0; 355 break; 356 } 357 } 358#endif 359 360 /* Clear device-specific "PCI retry timeout" register (41h). */ 361 pci_write_config(dev, 0x41, 0, 1); 362 363 /* Enable bus-mastering. */ 364 pci_enable_busmaster(dev); 365 366 rid = PCIR_BAR(0); 367 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 368 RF_ACTIVE); 369 if (sc->mem == NULL) { 370 device_printf(dev, "can't map mem space\n"); 371 error = ENOMEM; 372 return error; 373 } 374 sc->sc_st = rman_get_bustag(sc->mem); 375 sc->sc_sh = rman_get_bushandle(sc->mem); 376 377 i = 1; 378 rid = 0; 379 if (pci_alloc_msi(dev, &i) == 0) 380 rid = 1; 381 /* Install interrupt handler. */ 382 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 383 (rid != 0 ? 0 : RF_SHAREABLE)); 384 if (sc->irq == NULL) { 385 device_printf(dev, "can't map interrupt\n"); 386 error = ENOMEM; 387 goto fail; 388 } 389 390 WPI_LOCK_INIT(sc); 391 WPI_NT_LOCK_INIT(sc); 392 WPI_TXQ_LOCK_INIT(sc); 393 394 /* Allocate DMA memory for firmware transfers. */ 395 if ((error = wpi_alloc_fwmem(sc)) != 0) { 396 device_printf(dev, 397 "could not allocate memory for firmware, error %d\n", 398 error); 399 goto fail; 400 } 401 402 /* Allocate shared page. */ 403 if ((error = wpi_alloc_shared(sc)) != 0) { 404 device_printf(dev, "could not allocate shared page\n"); 405 goto fail; 406 } 407 408 /* Allocate TX rings - 4 for QoS purposes, 1 for commands. */ 409 for (i = 0; i < WPI_NTXQUEUES; i++) { 410 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 411 device_printf(dev, 412 "could not allocate TX ring %d, error %d\n", i, 413 error); 414 goto fail; 415 } 416 } 417 418 /* Allocate RX ring. */ 419 if ((error = wpi_alloc_rx_ring(sc)) != 0) { 420 device_printf(dev, "could not allocate RX ring, error %d\n", 421 error); 422 goto fail; 423 } 424 425 /* Clear pending interrupts. */ 426 WPI_WRITE(sc, WPI_INT, 0xffffffff); 427 428 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 429 if (ifp == NULL) { 430 device_printf(dev, "can not allocate ifnet structure\n"); 431 goto fail; 432 } 433 434 ic = ifp->if_l2com; 435 ic->ic_ifp = ifp; 436 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 437 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 438 439 /* Set device capabilities. */ 440 ic->ic_caps = 441 IEEE80211_C_STA /* station mode supported */ 442 | IEEE80211_C_IBSS /* IBSS mode supported */ 443 | IEEE80211_C_MONITOR /* monitor mode supported */ 444 | IEEE80211_C_AHDEMO /* adhoc demo mode */ 445 | IEEE80211_C_BGSCAN /* capable of bg scanning */ 446 | IEEE80211_C_TXPMGT /* tx power management */ 447 | IEEE80211_C_SHSLOT /* short slot time supported */ 448 | IEEE80211_C_WPA /* 802.11i */ 449 | IEEE80211_C_SHPREAMBLE /* short preamble supported */ 450#if 0 451 | IEEE80211_C_HOSTAP /* Host access point mode */ 452#endif 453 | IEEE80211_C_WME /* 802.11e */ 454 | IEEE80211_C_PMGT /* Station-side power mgmt */ 455 ; 456 457 ic->ic_cryptocaps = 458 IEEE80211_CRYPTO_AES_CCM; 459 460 /* 461 * Read in the eeprom and also setup the channels for 462 * net80211. We don't set the rates as net80211 does this for us 463 */ 464 if ((error = wpi_read_eeprom(sc, macaddr)) != 0) { 465 device_printf(dev, "could not read EEPROM, error %d\n", 466 error); 467 goto fail; 468 } 469 470#ifdef WPI_DEBUG 471 if (bootverbose) { 472 device_printf(sc->sc_dev, "Regulatory Domain: %.4s\n", 473 sc->domain); 474 device_printf(sc->sc_dev, "Hardware Type: %c\n", 475 sc->type > 1 ? 'B': '?'); 476 device_printf(sc->sc_dev, "Hardware Revision: %c\n", 477 ((sc->rev & 0xf0) == 0xd0) ? 'D': '?'); 478 device_printf(sc->sc_dev, "SKU %s support 802.11a\n", 479 supportsa ? "does" : "does not"); 480 481 /* XXX hw_config uses the PCIDEV for the Hardware rev. Must 482 check what sc->rev really represents - benjsc 20070615 */ 483 } 484#endif 485 486 if_initname(ifp, device_get_name(dev), device_get_unit(dev)); 487 ifp->if_softc = sc; 488 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 489 ifp->if_init = wpi_init; 490 ifp->if_ioctl = wpi_ioctl; 491 ifp->if_start = wpi_start; 492 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 493 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 494 IFQ_SET_READY(&ifp->if_snd); 495 496 ieee80211_ifattach(ic, macaddr); 497 ic->ic_vap_create = wpi_vap_create; 498 ic->ic_vap_delete = wpi_vap_delete; 499 ic->ic_raw_xmit = wpi_raw_xmit; 500 ic->ic_node_alloc = wpi_node_alloc; 501 sc->sc_node_free = ic->ic_node_free; 502 ic->ic_node_free = wpi_node_free; 503 ic->ic_wme.wme_update = wpi_updateedca; 504 ic->ic_update_promisc = wpi_update_promisc; 505 ic->ic_update_mcast = wpi_update_mcast; 506 ic->ic_newassoc = wpi_newassoc; 507 ic->ic_scan_start = wpi_scan_start; 508 ic->ic_scan_end = wpi_scan_end; 509 ic->ic_set_channel = wpi_set_channel; 510 sc->sc_scan_curchan = ic->ic_scan_curchan; 511 ic->ic_scan_curchan = wpi_scan_curchan; 512 ic->ic_scan_mindwell = wpi_scan_mindwell; 513 ic->ic_setregdomain = wpi_setregdomain; 514 515 wpi_radiotap_attach(sc); 516 517 callout_init_mtx(&sc->calib_to, &sc->sc_mtx, 0); 518 callout_init_mtx(&sc->watchdog_to, &sc->sc_mtx, 0); 519 callout_init_mtx(&sc->watchdog_rfkill, &sc->sc_mtx, 0); 520 TASK_INIT(&sc->sc_reinittask, 0, wpi_hw_reset, sc); 521 TASK_INIT(&sc->sc_radiooff_task, 0, wpi_radio_off, sc); 522 TASK_INIT(&sc->sc_radioon_task, 0, wpi_radio_on, sc); 523 TASK_INIT(&sc->sc_start_task, 0, wpi_start_task, sc); 524 525 wpi_sysctlattach(sc); 526 527 /* 528 * Hook our interrupt after all initialization is complete. 529 */ 530 error = bus_setup_intr(dev, sc->irq, INTR_TYPE_NET | INTR_MPSAFE, 531 NULL, wpi_intr, sc, &sc->sc_ih); 532 if (error != 0) { 533 device_printf(dev, "can't establish interrupt, error %d\n", 534 error); 535 goto fail; 536 } 537 538 if (bootverbose) 539 ieee80211_announce(ic); 540 541#ifdef WPI_DEBUG 542 if (sc->sc_debug & WPI_DEBUG_HW) 543 ieee80211_announce_channels(ic); 544#endif 545 546 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 547 return 0; 548 549fail: wpi_detach(dev); 550 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 551 return error; 552} 553 554/* 555 * Attach the interface to 802.11 radiotap. 556 */ 557static void 558wpi_radiotap_attach(struct wpi_softc *sc) 559{ 560 struct ifnet *ifp = sc->sc_ifp; 561 struct ieee80211com *ic = ifp->if_l2com; 562 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 563 ieee80211_radiotap_attach(ic, 564 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 565 WPI_TX_RADIOTAP_PRESENT, 566 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 567 WPI_RX_RADIOTAP_PRESENT); 568 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 569} 570 571static void 572wpi_sysctlattach(struct wpi_softc *sc) 573{ 574#ifdef WPI_DEBUG 575 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev); 576 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev); 577 578 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, 579 "debug", CTLFLAG_RW, &sc->sc_debug, sc->sc_debug, 580 "control debugging printfs"); 581#endif 582} 583 584static void 585wpi_init_beacon(struct wpi_vap *wvp) 586{ 587 struct wpi_buf *bcn = &wvp->wv_bcbuf; 588 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 589 590 cmd->id = WPI_ID_BROADCAST; 591 cmd->ofdm_mask = 0xff; 592 cmd->cck_mask = 0x0f; 593 cmd->lifetime = htole32(WPI_LIFETIME_INFINITE); 594 cmd->flags = htole32(WPI_TX_AUTO_SEQ | WPI_TX_INSERT_TSTAMP); 595 596 bcn->code = WPI_CMD_SET_BEACON; 597 bcn->ac = WPI_CMD_QUEUE_NUM; 598 bcn->size = sizeof(struct wpi_cmd_beacon); 599} 600 601static struct ieee80211vap * 602wpi_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 603 enum ieee80211_opmode opmode, int flags, 604 const uint8_t bssid[IEEE80211_ADDR_LEN], 605 const uint8_t mac[IEEE80211_ADDR_LEN]) 606{ 607 struct wpi_vap *wvp; 608 struct ieee80211vap *vap; 609 610 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 611 return NULL; 612 613 wvp = (struct wpi_vap *) malloc(sizeof(struct wpi_vap), 614 M_80211_VAP, M_NOWAIT | M_ZERO); 615 if (wvp == NULL) 616 return NULL; 617 vap = &wvp->wv_vap; 618 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 619 620 if (opmode == IEEE80211_M_IBSS) 621 wpi_init_beacon(wvp); 622 623 /* Override with driver methods. */ 624 vap->iv_key_alloc = wpi_key_alloc; 625 vap->iv_key_set = wpi_key_set; 626 vap->iv_key_delete = wpi_key_delete; 627 wvp->wv_newstate = vap->iv_newstate; 628 vap->iv_newstate = wpi_newstate; 629 vap->iv_update_beacon = wpi_update_beacon; 630 631 ieee80211_ratectl_init(vap); 632 /* Complete setup. */ 633 ieee80211_vap_attach(vap, ieee80211_media_change, 634 ieee80211_media_status); 635 ic->ic_opmode = opmode; 636 return vap; 637} 638 639static void 640wpi_vap_delete(struct ieee80211vap *vap) 641{ 642 struct wpi_vap *wvp = WPI_VAP(vap); 643 struct wpi_buf *bcn = &wvp->wv_bcbuf; 644 enum ieee80211_opmode opmode = vap->iv_opmode; 645 646 ieee80211_ratectl_deinit(vap); 647 ieee80211_vap_detach(vap); 648 649 if (opmode == IEEE80211_M_IBSS) { 650 if (bcn->m != NULL) 651 m_freem(bcn->m); 652 } 653 654 free(wvp, M_80211_VAP); 655} 656 657static int 658wpi_detach(device_t dev) 659{ 660 struct wpi_softc *sc = device_get_softc(dev); 661 struct ifnet *ifp = sc->sc_ifp; 662 struct ieee80211com *ic; 663 int qid; 664 665 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 666 667 if (ifp != NULL) { 668 ic = ifp->if_l2com; 669 670 ieee80211_draintask(ic, &sc->sc_reinittask); 671 ieee80211_draintask(ic, &sc->sc_radiooff_task); 672 ieee80211_draintask(ic, &sc->sc_radioon_task); 673 ieee80211_draintask(ic, &sc->sc_start_task); 674 675 wpi_stop(sc); 676 677 callout_drain(&sc->watchdog_to); 678 callout_drain(&sc->watchdog_rfkill); 679 callout_drain(&sc->calib_to); 680 ieee80211_ifdetach(ic); 681 } 682 683 /* Uninstall interrupt handler. */ 684 if (sc->irq != NULL) { 685 bus_teardown_intr(dev, sc->irq, sc->sc_ih); 686 bus_release_resource(dev, SYS_RES_IRQ, rman_get_rid(sc->irq), 687 sc->irq); 688 pci_release_msi(dev); 689 } 690 691 if (sc->txq[0].data_dmat) { 692 /* Free DMA resources. */ 693 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 694 wpi_free_tx_ring(sc, &sc->txq[qid]); 695 696 wpi_free_rx_ring(sc); 697 wpi_free_shared(sc); 698 } 699 700 if (sc->fw_dma.tag) 701 wpi_free_fwmem(sc); 702 703 if (sc->mem != NULL) 704 bus_release_resource(dev, SYS_RES_MEMORY, 705 rman_get_rid(sc->mem), sc->mem); 706 707 if (ifp != NULL) 708 if_free(ifp); 709 710 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 711 WPI_TXQ_LOCK_DESTROY(sc); 712 WPI_NT_LOCK_DESTROY(sc); 713 WPI_LOCK_DESTROY(sc); 714 return 0; 715} 716 717static int 718wpi_shutdown(device_t dev) 719{ 720 struct wpi_softc *sc = device_get_softc(dev); 721 722 wpi_stop(sc); 723 return 0; 724} 725 726static int 727wpi_suspend(device_t dev) 728{ 729 struct wpi_softc *sc = device_get_softc(dev); 730 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 731 732 ieee80211_suspend_all(ic); 733 return 0; 734} 735 736static int 737wpi_resume(device_t dev) 738{ 739 struct wpi_softc *sc = device_get_softc(dev); 740 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 741 742 /* Clear device-specific "PCI retry timeout" register (41h). */ 743 pci_write_config(dev, 0x41, 0, 1); 744 745 ieee80211_resume_all(ic); 746 return 0; 747} 748 749/* 750 * Grab exclusive access to NIC memory. 751 */ 752static int 753wpi_nic_lock(struct wpi_softc *sc) 754{ 755 int ntries; 756 757 /* Request exclusive access to NIC. */ 758 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 759 760 /* Spin until we actually get the lock. */ 761 for (ntries = 0; ntries < 1000; ntries++) { 762 if ((WPI_READ(sc, WPI_GP_CNTRL) & 763 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 764 WPI_GP_CNTRL_MAC_ACCESS_ENA) 765 return 0; 766 DELAY(10); 767 } 768 769 device_printf(sc->sc_dev, "could not lock memory\n"); 770 771 return ETIMEDOUT; 772} 773 774/* 775 * Release lock on NIC memory. 776 */ 777static __inline void 778wpi_nic_unlock(struct wpi_softc *sc) 779{ 780 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 781} 782 783static __inline uint32_t 784wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 785{ 786 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 787 WPI_BARRIER_READ_WRITE(sc); 788 return WPI_READ(sc, WPI_PRPH_RDATA); 789} 790 791static __inline void 792wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 793{ 794 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 795 WPI_BARRIER_WRITE(sc); 796 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 797} 798 799static __inline void 800wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 801{ 802 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 803} 804 805static __inline void 806wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 807{ 808 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 809} 810 811static __inline void 812wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 813 const uint32_t *data, int count) 814{ 815 for (; count > 0; count--, data++, addr += 4) 816 wpi_prph_write(sc, addr, *data); 817} 818 819static __inline uint32_t 820wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 821{ 822 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 823 WPI_BARRIER_READ_WRITE(sc); 824 return WPI_READ(sc, WPI_MEM_RDATA); 825} 826 827static __inline void 828wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 829 int count) 830{ 831 for (; count > 0; count--, addr += 4) 832 *data++ = wpi_mem_read(sc, addr); 833} 834 835static int 836wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 837{ 838 uint8_t *out = data; 839 uint32_t val; 840 int error, ntries; 841 842 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 843 844 if ((error = wpi_nic_lock(sc)) != 0) 845 return error; 846 847 for (; count > 0; count -= 2, addr++) { 848 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 849 for (ntries = 0; ntries < 10; ntries++) { 850 val = WPI_READ(sc, WPI_EEPROM); 851 if (val & WPI_EEPROM_READ_VALID) 852 break; 853 DELAY(5); 854 } 855 if (ntries == 10) { 856 device_printf(sc->sc_dev, 857 "timeout reading ROM at 0x%x\n", addr); 858 return ETIMEDOUT; 859 } 860 *out++= val >> 16; 861 if (count > 1) 862 *out ++= val >> 24; 863 } 864 865 wpi_nic_unlock(sc); 866 867 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 868 869 return 0; 870} 871 872static void 873wpi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 874{ 875 if (error != 0) 876 return; 877 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 878 *(bus_addr_t *)arg = segs[0].ds_addr; 879} 880 881/* 882 * Allocates a contiguous block of dma memory of the requested size and 883 * alignment. 884 */ 885static int 886wpi_dma_contig_alloc(struct wpi_softc *sc, struct wpi_dma_info *dma, 887 void **kvap, bus_size_t size, bus_size_t alignment) 888{ 889 int error; 890 891 dma->tag = NULL; 892 dma->size = size; 893 894 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment, 895 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 896 1, size, BUS_DMA_NOWAIT, NULL, NULL, &dma->tag); 897 if (error != 0) 898 goto fail; 899 900 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 901 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 902 if (error != 0) 903 goto fail; 904 905 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 906 wpi_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 907 if (error != 0) 908 goto fail; 909 910 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 911 912 if (kvap != NULL) 913 *kvap = dma->vaddr; 914 915 return 0; 916 917fail: wpi_dma_contig_free(dma); 918 return error; 919} 920 921static void 922wpi_dma_contig_free(struct wpi_dma_info *dma) 923{ 924 if (dma->vaddr != NULL) { 925 bus_dmamap_sync(dma->tag, dma->map, 926 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 927 bus_dmamap_unload(dma->tag, dma->map); 928 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 929 dma->vaddr = NULL; 930 } 931 if (dma->tag != NULL) { 932 bus_dma_tag_destroy(dma->tag); 933 dma->tag = NULL; 934 } 935} 936 937/* 938 * Allocate a shared page between host and NIC. 939 */ 940static int 941wpi_alloc_shared(struct wpi_softc *sc) 942{ 943 /* Shared buffer must be aligned on a 4KB boundary. */ 944 return wpi_dma_contig_alloc(sc, &sc->shared_dma, 945 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 946} 947 948static void 949wpi_free_shared(struct wpi_softc *sc) 950{ 951 wpi_dma_contig_free(&sc->shared_dma); 952} 953 954/* 955 * Allocate DMA-safe memory for firmware transfer. 956 */ 957static int 958wpi_alloc_fwmem(struct wpi_softc *sc) 959{ 960 /* Must be aligned on a 16-byte boundary. */ 961 return wpi_dma_contig_alloc(sc, &sc->fw_dma, NULL, 962 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 963} 964 965static void 966wpi_free_fwmem(struct wpi_softc *sc) 967{ 968 wpi_dma_contig_free(&sc->fw_dma); 969} 970 971static int 972wpi_alloc_rx_ring(struct wpi_softc *sc) 973{ 974 struct wpi_rx_ring *ring = &sc->rxq; 975 bus_size_t size; 976 int i, error; 977 978 ring->cur = 0; 979 ring->update = 0; 980 981 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 982 983 /* Allocate RX descriptors (16KB aligned.) */ 984 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 985 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, 986 (void **)&ring->desc, size, WPI_RING_DMA_ALIGN); 987 if (error != 0) { 988 device_printf(sc->sc_dev, 989 "%s: could not allocate RX ring DMA memory, error %d\n", 990 __func__, error); 991 goto fail; 992 } 993 994 /* Create RX buffer DMA tag. */ 995 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 996 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 997 MJUMPAGESIZE, 1, MJUMPAGESIZE, BUS_DMA_NOWAIT, NULL, NULL, 998 &ring->data_dmat); 999 if (error != 0) { 1000 device_printf(sc->sc_dev, 1001 "%s: could not create RX buf DMA tag, error %d\n", 1002 __func__, error); 1003 goto fail; 1004 } 1005 1006 /* 1007 * Allocate and map RX buffers. 1008 */ 1009 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1010 struct wpi_rx_data *data = &ring->data[i]; 1011 bus_addr_t paddr; 1012 1013 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1014 if (error != 0) { 1015 device_printf(sc->sc_dev, 1016 "%s: could not create RX buf DMA map, error %d\n", 1017 __func__, error); 1018 goto fail; 1019 } 1020 1021 data->m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1022 if (data->m == NULL) { 1023 device_printf(sc->sc_dev, 1024 "%s: could not allocate RX mbuf\n", __func__); 1025 error = ENOBUFS; 1026 goto fail; 1027 } 1028 1029 error = bus_dmamap_load(ring->data_dmat, data->map, 1030 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1031 &paddr, BUS_DMA_NOWAIT); 1032 if (error != 0 && error != EFBIG) { 1033 device_printf(sc->sc_dev, 1034 "%s: can't map mbuf (error %d)\n", __func__, 1035 error); 1036 goto fail; 1037 } 1038 1039 /* Set physical address of RX buffer. */ 1040 ring->desc[i] = htole32(paddr); 1041 } 1042 1043 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1044 BUS_DMASYNC_PREWRITE); 1045 1046 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1047 1048 return 0; 1049 1050fail: wpi_free_rx_ring(sc); 1051 1052 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1053 1054 return error; 1055} 1056 1057static void 1058wpi_update_rx_ring(struct wpi_softc *sc) 1059{ 1060 struct wpi_rx_ring *ring = &sc->rxq; 1061 1062 if (ring->update != 0) { 1063 /* Wait for INT_WAKEUP event. */ 1064 return; 1065 } 1066 1067 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1068 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s: wakeup request\n", 1069 __func__); 1070 1071 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1072 ring->update = 1; 1073 } else 1074 WPI_WRITE(sc, WPI_FH_RX_WPTR, ring->cur & ~7); 1075} 1076 1077static void 1078wpi_reset_rx_ring(struct wpi_softc *sc) 1079{ 1080 struct wpi_rx_ring *ring = &sc->rxq; 1081 int ntries; 1082 1083 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1084 1085 if (wpi_nic_lock(sc) == 0) { 1086 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 1087 for (ntries = 0; ntries < 1000; ntries++) { 1088 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 1089 WPI_FH_RX_STATUS_IDLE) 1090 break; 1091 DELAY(10); 1092 } 1093#ifdef WPI_DEBUG 1094 if (ntries == 1000) { 1095 device_printf(sc->sc_dev, 1096 "timeout resetting Rx ring\n"); 1097 } 1098#endif 1099 wpi_nic_unlock(sc); 1100 } 1101 1102 ring->cur = 0; 1103 ring->update = 0; 1104} 1105 1106static void 1107wpi_free_rx_ring(struct wpi_softc *sc) 1108{ 1109 struct wpi_rx_ring *ring = &sc->rxq; 1110 int i; 1111 1112 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1113 1114 wpi_dma_contig_free(&ring->desc_dma); 1115 1116 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1117 struct wpi_rx_data *data = &ring->data[i]; 1118 1119 if (data->m != NULL) { 1120 bus_dmamap_sync(ring->data_dmat, data->map, 1121 BUS_DMASYNC_POSTREAD); 1122 bus_dmamap_unload(ring->data_dmat, data->map); 1123 m_freem(data->m); 1124 data->m = NULL; 1125 } 1126 if (data->map != NULL) 1127 bus_dmamap_destroy(ring->data_dmat, data->map); 1128 } 1129 if (ring->data_dmat != NULL) { 1130 bus_dma_tag_destroy(ring->data_dmat); 1131 ring->data_dmat = NULL; 1132 } 1133} 1134 1135static int 1136wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 1137{ 1138 bus_addr_t paddr; 1139 bus_size_t size; 1140 int i, error; 1141 1142 ring->qid = qid; 1143 ring->queued = 0; 1144 ring->cur = 0; 1145 ring->update = 0; 1146 1147 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1148 1149 /* Allocate TX descriptors (16KB aligned.) */ 1150 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 1151 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc, 1152 size, WPI_RING_DMA_ALIGN); 1153 if (error != 0) { 1154 device_printf(sc->sc_dev, 1155 "%s: could not allocate TX ring DMA memory, error %d\n", 1156 __func__, error); 1157 goto fail; 1158 } 1159 1160 /* Update shared area with ring physical address. */ 1161 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 1162 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 1163 BUS_DMASYNC_PREWRITE); 1164 1165 /* 1166 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 1167 * to allocate commands space for other rings. 1168 * XXX Do we really need to allocate descriptors for other rings? 1169 */ 1170 if (qid > WPI_CMD_QUEUE_NUM) 1171 return 0; 1172 1173 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 1174 error = wpi_dma_contig_alloc(sc, &ring->cmd_dma, (void **)&ring->cmd, 1175 size, 4); 1176 if (error != 0) { 1177 device_printf(sc->sc_dev, 1178 "%s: could not allocate TX cmd DMA memory, error %d\n", 1179 __func__, error); 1180 goto fail; 1181 } 1182 1183 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1184 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1185 WPI_MAX_SCATTER - 1, MCLBYTES, BUS_DMA_NOWAIT, NULL, NULL, 1186 &ring->data_dmat); 1187 if (error != 0) { 1188 device_printf(sc->sc_dev, 1189 "%s: could not create TX buf DMA tag, error %d\n", 1190 __func__, error); 1191 goto fail; 1192 } 1193 1194 paddr = ring->cmd_dma.paddr; 1195 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1196 struct wpi_tx_data *data = &ring->data[i]; 1197 1198 data->cmd_paddr = paddr; 1199 paddr += sizeof (struct wpi_tx_cmd); 1200 1201 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1202 if (error != 0) { 1203 device_printf(sc->sc_dev, 1204 "%s: could not create TX buf DMA map, error %d\n", 1205 __func__, error); 1206 goto fail; 1207 } 1208 } 1209 1210 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1211 1212 return 0; 1213 1214fail: wpi_free_tx_ring(sc, ring); 1215 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1216 return error; 1217} 1218 1219static void 1220wpi_update_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1221{ 1222 if (ring->update != 0) { 1223 /* Wait for INT_WAKEUP event. */ 1224 return; 1225 } 1226 1227 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1228 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s (%d): requesting wakeup\n", 1229 __func__, ring->qid); 1230 1231 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1232 ring->update = 1; 1233 } else 1234 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1235} 1236 1237static void 1238wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1239{ 1240 int i; 1241 1242 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1243 1244 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1245 struct wpi_tx_data *data = &ring->data[i]; 1246 1247 if (data->m != NULL) { 1248 bus_dmamap_sync(ring->data_dmat, data->map, 1249 BUS_DMASYNC_POSTWRITE); 1250 bus_dmamap_unload(ring->data_dmat, data->map); 1251 m_freem(data->m); 1252 data->m = NULL; 1253 } 1254 } 1255 /* Clear TX descriptors. */ 1256 memset(ring->desc, 0, ring->desc_dma.size); 1257 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1258 BUS_DMASYNC_PREWRITE); 1259 sc->qfullmsk &= ~(1 << ring->qid); 1260 ring->queued = 0; 1261 ring->cur = 0; 1262 ring->update = 0; 1263} 1264 1265static void 1266wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1267{ 1268 int i; 1269 1270 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1271 1272 wpi_dma_contig_free(&ring->desc_dma); 1273 wpi_dma_contig_free(&ring->cmd_dma); 1274 1275 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1276 struct wpi_tx_data *data = &ring->data[i]; 1277 1278 if (data->m != NULL) { 1279 bus_dmamap_sync(ring->data_dmat, data->map, 1280 BUS_DMASYNC_POSTWRITE); 1281 bus_dmamap_unload(ring->data_dmat, data->map); 1282 m_freem(data->m); 1283 } 1284 if (data->map != NULL) 1285 bus_dmamap_destroy(ring->data_dmat, data->map); 1286 } 1287 if (ring->data_dmat != NULL) { 1288 bus_dma_tag_destroy(ring->data_dmat); 1289 ring->data_dmat = NULL; 1290 } 1291} 1292 1293/* 1294 * Extract various information from EEPROM. 1295 */ 1296static int 1297wpi_read_eeprom(struct wpi_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN]) 1298{ 1299#define WPI_CHK(res) do { \ 1300 if ((error = res) != 0) \ 1301 goto fail; \ 1302} while (0) 1303 int error, i; 1304 1305 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1306 1307 /* Adapter has to be powered on for EEPROM access to work. */ 1308 if ((error = wpi_apm_init(sc)) != 0) { 1309 device_printf(sc->sc_dev, 1310 "%s: could not power ON adapter, error %d\n", __func__, 1311 error); 1312 return error; 1313 } 1314 1315 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 1316 device_printf(sc->sc_dev, "bad EEPROM signature\n"); 1317 error = EIO; 1318 goto fail; 1319 } 1320 /* Clear HW ownership of EEPROM. */ 1321 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 1322 1323 /* Read the hardware capabilities, revision and SKU type. */ 1324 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_SKU_CAP, &sc->cap, 1325 sizeof(sc->cap))); 1326 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 1327 sizeof(sc->rev))); 1328 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1329 sizeof(sc->type))); 1330 1331 sc->rev = le16toh(sc->rev); 1332 DPRINTF(sc, WPI_DEBUG_EEPROM, "cap=%x rev=%x type=%x\n", sc->cap, 1333 sc->rev, sc->type); 1334 1335 /* Read the regulatory domain (4 ASCII characters.) */ 1336 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, sc->domain, 1337 sizeof(sc->domain))); 1338 1339 /* Read MAC address. */ 1340 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_MAC, macaddr, 1341 IEEE80211_ADDR_LEN)); 1342 1343 /* Read the list of authorized channels. */ 1344 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 1345 WPI_CHK(wpi_read_eeprom_channels(sc, i)); 1346 1347 /* Read the list of TX power groups. */ 1348 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 1349 WPI_CHK(wpi_read_eeprom_group(sc, i)); 1350 1351fail: wpi_apm_stop(sc); /* Power OFF adapter. */ 1352 1353 DPRINTF(sc, WPI_DEBUG_TRACE, error ? TRACE_STR_END_ERR : TRACE_STR_END, 1354 __func__); 1355 1356 return error; 1357#undef WPI_CHK 1358} 1359 1360/* 1361 * Translate EEPROM flags to net80211. 1362 */ 1363static uint32_t 1364wpi_eeprom_channel_flags(struct wpi_eeprom_chan *channel) 1365{ 1366 uint32_t nflags; 1367 1368 nflags = 0; 1369 if ((channel->flags & WPI_EEPROM_CHAN_ACTIVE) == 0) 1370 nflags |= IEEE80211_CHAN_PASSIVE; 1371 if ((channel->flags & WPI_EEPROM_CHAN_IBSS) == 0) 1372 nflags |= IEEE80211_CHAN_NOADHOC; 1373 if (channel->flags & WPI_EEPROM_CHAN_RADAR) { 1374 nflags |= IEEE80211_CHAN_DFS; 1375 /* XXX apparently IBSS may still be marked */ 1376 nflags |= IEEE80211_CHAN_NOADHOC; 1377 } 1378 1379 return nflags; 1380} 1381 1382static void 1383wpi_read_eeprom_band(struct wpi_softc *sc, int n) 1384{ 1385 struct ifnet *ifp = sc->sc_ifp; 1386 struct ieee80211com *ic = ifp->if_l2com; 1387 struct wpi_eeprom_chan *channels = sc->eeprom_channels[n]; 1388 const struct wpi_chan_band *band = &wpi_bands[n]; 1389 struct ieee80211_channel *c; 1390 uint8_t chan; 1391 int i, nflags; 1392 1393 for (i = 0; i < band->nchan; i++) { 1394 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) { 1395 DPRINTF(sc, WPI_DEBUG_EEPROM, 1396 "Channel Not Valid: %d, band %d\n", 1397 band->chan[i],n); 1398 continue; 1399 } 1400 1401 chan = band->chan[i]; 1402 nflags = wpi_eeprom_channel_flags(&channels[i]); 1403 1404 c = &ic->ic_channels[ic->ic_nchans++]; 1405 c->ic_ieee = chan; 1406 c->ic_maxregpower = channels[i].maxpwr; 1407 c->ic_maxpower = 2*c->ic_maxregpower; 1408 1409 if (n == 0) { /* 2GHz band */ 1410 c->ic_freq = ieee80211_ieee2mhz(chan, 1411 IEEE80211_CHAN_G); 1412 1413 /* G =>'s B is supported */ 1414 c->ic_flags = IEEE80211_CHAN_B | nflags; 1415 c = &ic->ic_channels[ic->ic_nchans++]; 1416 c[0] = c[-1]; 1417 c->ic_flags = IEEE80211_CHAN_G | nflags; 1418 } else { /* 5GHz band */ 1419 c->ic_freq = ieee80211_ieee2mhz(chan, 1420 IEEE80211_CHAN_A); 1421 1422 c->ic_flags = IEEE80211_CHAN_A | nflags; 1423 } 1424 1425 /* Save maximum allowed TX power for this channel. */ 1426 sc->maxpwr[chan] = channels[i].maxpwr; 1427 1428 DPRINTF(sc, WPI_DEBUG_EEPROM, 1429 "adding chan %d (%dMHz) flags=0x%x maxpwr=%d passive=%d," 1430 " offset %d\n", chan, c->ic_freq, 1431 channels[i].flags, sc->maxpwr[chan], 1432 IEEE80211_IS_CHAN_PASSIVE(c), ic->ic_nchans); 1433 } 1434} 1435 1436/** 1437 * Read the eeprom to find out what channels are valid for the given 1438 * band and update net80211 with what we find. 1439 */ 1440static int 1441wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 1442{ 1443 struct ifnet *ifp = sc->sc_ifp; 1444 struct ieee80211com *ic = ifp->if_l2com; 1445 const struct wpi_chan_band *band = &wpi_bands[n]; 1446 int error; 1447 1448 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1449 1450 error = wpi_read_prom_data(sc, band->addr, &sc->eeprom_channels[n], 1451 band->nchan * sizeof (struct wpi_eeprom_chan)); 1452 if (error != 0) { 1453 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1454 return error; 1455 } 1456 1457 wpi_read_eeprom_band(sc, n); 1458 1459 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans); 1460 1461 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1462 1463 return 0; 1464} 1465 1466static struct wpi_eeprom_chan * 1467wpi_find_eeprom_channel(struct wpi_softc *sc, struct ieee80211_channel *c) 1468{ 1469 int i, j; 1470 1471 for (j = 0; j < WPI_CHAN_BANDS_COUNT; j++) 1472 for (i = 0; i < wpi_bands[j].nchan; i++) 1473 if (wpi_bands[j].chan[i] == c->ic_ieee) 1474 return &sc->eeprom_channels[j][i]; 1475 1476 return NULL; 1477} 1478 1479/* 1480 * Enforce flags read from EEPROM. 1481 */ 1482static int 1483wpi_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd, 1484 int nchan, struct ieee80211_channel chans[]) 1485{ 1486 struct ifnet *ifp = ic->ic_ifp; 1487 struct wpi_softc *sc = ifp->if_softc; 1488 int i; 1489 1490 for (i = 0; i < nchan; i++) { 1491 struct ieee80211_channel *c = &chans[i]; 1492 struct wpi_eeprom_chan *channel; 1493 1494 channel = wpi_find_eeprom_channel(sc, c); 1495 if (channel == NULL) { 1496 if_printf(ic->ic_ifp, 1497 "%s: invalid channel %u freq %u/0x%x\n", 1498 __func__, c->ic_ieee, c->ic_freq, c->ic_flags); 1499 return EINVAL; 1500 } 1501 c->ic_flags |= wpi_eeprom_channel_flags(channel); 1502 } 1503 1504 return 0; 1505} 1506 1507static int 1508wpi_read_eeprom_group(struct wpi_softc *sc, int n) 1509{ 1510 struct wpi_power_group *group = &sc->groups[n]; 1511 struct wpi_eeprom_group rgroup; 1512 int i, error; 1513 1514 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1515 1516 if ((error = wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, 1517 &rgroup, sizeof rgroup)) != 0) { 1518 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1519 return error; 1520 } 1521 1522 /* Save TX power group information. */ 1523 group->chan = rgroup.chan; 1524 group->maxpwr = rgroup.maxpwr; 1525 /* Retrieve temperature at which the samples were taken. */ 1526 group->temp = (int16_t)le16toh(rgroup.temp); 1527 1528 DPRINTF(sc, WPI_DEBUG_EEPROM, 1529 "power group %d: chan=%d maxpwr=%d temp=%d\n", n, group->chan, 1530 group->maxpwr, group->temp); 1531 1532 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 1533 group->samples[i].index = rgroup.samples[i].index; 1534 group->samples[i].power = rgroup.samples[i].power; 1535 1536 DPRINTF(sc, WPI_DEBUG_EEPROM, 1537 "\tsample %d: index=%d power=%d\n", i, 1538 group->samples[i].index, group->samples[i].power); 1539 } 1540 1541 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1542 1543 return 0; 1544} 1545 1546static int 1547wpi_add_node_entry_adhoc(struct wpi_softc *sc) 1548{ 1549 int newid = WPI_ID_IBSS_MIN; 1550 1551 for (; newid <= WPI_ID_IBSS_MAX; newid++) { 1552 if ((sc->nodesmsk & (1 << newid)) == 0) { 1553 sc->nodesmsk |= 1 << newid; 1554 return newid; 1555 } 1556 } 1557 1558 return WPI_ID_UNDEFINED; 1559} 1560 1561static __inline int 1562wpi_add_node_entry_sta(struct wpi_softc *sc) 1563{ 1564 sc->nodesmsk |= 1 << WPI_ID_BSS; 1565 1566 return WPI_ID_BSS; 1567} 1568 1569static __inline int 1570wpi_check_node_entry(struct wpi_softc *sc, uint8_t id) 1571{ 1572 if (id == WPI_ID_UNDEFINED) 1573 return 0; 1574 1575 return (sc->nodesmsk >> id) & 1; 1576} 1577 1578static __inline void 1579wpi_clear_node_table(struct wpi_softc *sc) 1580{ 1581 sc->nodesmsk = 0; 1582} 1583 1584static __inline void 1585wpi_del_node_entry(struct wpi_softc *sc, uint8_t id) 1586{ 1587 sc->nodesmsk &= ~(1 << id); 1588} 1589 1590static struct ieee80211_node * 1591wpi_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1592{ 1593 struct wpi_node *wn; 1594 1595 wn = malloc(sizeof (struct wpi_node), M_80211_NODE, 1596 M_NOWAIT | M_ZERO); 1597 1598 if (wn == NULL) 1599 return NULL; 1600 1601 wn->id = WPI_ID_UNDEFINED; 1602 1603 return &wn->ni; 1604} 1605 1606static void 1607wpi_node_free(struct ieee80211_node *ni) 1608{ 1609 struct ieee80211com *ic = ni->ni_ic; 1610 struct wpi_softc *sc = ic->ic_ifp->if_softc; 1611 struct wpi_node *wn = WPI_NODE(ni); 1612 1613 if (wn->id != WPI_ID_UNDEFINED) { 1614 WPI_NT_LOCK(sc); 1615 if (wpi_check_node_entry(sc, wn->id)) { 1616 wpi_del_node_entry(sc, wn->id); 1617 wpi_del_node(sc, ni); 1618 } 1619 WPI_NT_UNLOCK(sc); 1620 } 1621 1622 sc->sc_node_free(ni); 1623} 1624 1625/** 1626 * Called by net80211 when ever there is a change to 80211 state machine 1627 */ 1628static int 1629wpi_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1630{ 1631 struct wpi_vap *wvp = WPI_VAP(vap); 1632 struct ieee80211com *ic = vap->iv_ic; 1633 struct ifnet *ifp = ic->ic_ifp; 1634 struct wpi_softc *sc = ifp->if_softc; 1635 int error = 0; 1636 1637 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1638 1639 DPRINTF(sc, WPI_DEBUG_STATE, "%s: %s -> %s\n", __func__, 1640 ieee80211_state_name[vap->iv_state], 1641 ieee80211_state_name[nstate]); 1642 1643 IEEE80211_UNLOCK(ic); 1644 WPI_LOCK(sc); 1645 switch (nstate) { 1646 case IEEE80211_S_SCAN: 1647 if ((vap->iv_opmode == IEEE80211_M_IBSS || 1648 vap->iv_opmode == IEEE80211_M_AHDEMO) && 1649 (sc->rxon.filter & htole32(WPI_FILTER_BSS))) { 1650 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1651 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 1652 device_printf(sc->sc_dev, 1653 "%s: could not send RXON\n", __func__); 1654 } 1655 } 1656 break; 1657 1658 case IEEE80211_S_ASSOC: 1659 if (vap->iv_state != IEEE80211_S_RUN) 1660 break; 1661 /* FALLTHROUGH */ 1662 case IEEE80211_S_AUTH: 1663 /* 1664 * The node must be registered in the firmware before auth. 1665 * Also the associd must be cleared on RUN -> ASSOC 1666 * transitions. 1667 */ 1668 if ((error = wpi_auth(sc, vap)) != 0) { 1669 device_printf(sc->sc_dev, 1670 "%s: could not move to AUTH state, error %d\n", 1671 __func__, error); 1672 } 1673 break; 1674 1675 case IEEE80211_S_RUN: 1676 /* 1677 * RUN -> RUN transition; Just restart the timers. 1678 */ 1679 if (vap->iv_state == IEEE80211_S_RUN) { 1680 wpi_calib_timeout(sc); 1681 break; 1682 } 1683 1684 /* 1685 * !RUN -> RUN requires setting the association id 1686 * which is done with a firmware cmd. We also defer 1687 * starting the timers until that work is done. 1688 */ 1689 if ((error = wpi_run(sc, vap)) != 0) { 1690 device_printf(sc->sc_dev, 1691 "%s: could not move to RUN state\n", __func__); 1692 } 1693 break; 1694 1695 default: 1696 break; 1697 } 1698 WPI_UNLOCK(sc); 1699 IEEE80211_LOCK(ic); 1700 if (error != 0) { 1701 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1702 return error; 1703 } 1704 1705 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1706 1707 return wvp->wv_newstate(vap, nstate, arg); 1708} 1709 1710static void 1711wpi_calib_timeout(void *arg) 1712{ 1713 struct wpi_softc *sc = arg; 1714 struct ifnet *ifp = sc->sc_ifp; 1715 struct ieee80211com *ic = ifp->if_l2com; 1716 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1717 1718 if (vap->iv_state != IEEE80211_S_RUN) 1719 return; 1720 1721 wpi_power_calibration(sc); 1722 1723 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 1724} 1725 1726static __inline uint8_t 1727rate2plcp(const uint8_t rate) 1728{ 1729 switch (rate) { 1730 case 12: return 0xd; 1731 case 18: return 0xf; 1732 case 24: return 0x5; 1733 case 36: return 0x7; 1734 case 48: return 0x9; 1735 case 72: return 0xb; 1736 case 96: return 0x1; 1737 case 108: return 0x3; 1738 case 2: return 10; 1739 case 4: return 20; 1740 case 11: return 55; 1741 case 22: return 110; 1742 default: return 0; 1743 } 1744} 1745 1746static __inline uint8_t 1747plcp2rate(const uint8_t plcp) 1748{ 1749 switch (plcp) { 1750 case 0xd: return 12; 1751 case 0xf: return 18; 1752 case 0x5: return 24; 1753 case 0x7: return 36; 1754 case 0x9: return 48; 1755 case 0xb: return 72; 1756 case 0x1: return 96; 1757 case 0x3: return 108; 1758 case 10: return 2; 1759 case 20: return 4; 1760 case 55: return 11; 1761 case 110: return 22; 1762 default: return 0; 1763 } 1764} 1765 1766/* Quickly determine if a given rate is CCK or OFDM. */ 1767#define WPI_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1768 1769static void 1770wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1771 struct wpi_rx_data *data) 1772{ 1773 struct ifnet *ifp = sc->sc_ifp; 1774 const struct ieee80211_cipher *cip = NULL; 1775 struct ieee80211com *ic = ifp->if_l2com; 1776 struct wpi_rx_ring *ring = &sc->rxq; 1777 struct wpi_rx_stat *stat; 1778 struct wpi_rx_head *head; 1779 struct wpi_rx_tail *tail; 1780 struct ieee80211_frame *wh; 1781 struct ieee80211_node *ni; 1782 struct mbuf *m, *m1; 1783 bus_addr_t paddr; 1784 uint32_t flags; 1785 uint16_t len; 1786 int error; 1787 1788 stat = (struct wpi_rx_stat *)(desc + 1); 1789 1790 if (stat->len > WPI_STAT_MAXLEN) { 1791 device_printf(sc->sc_dev, "invalid RX statistic header\n"); 1792 goto fail1; 1793 } 1794 1795 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 1796 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1797 len = le16toh(head->len); 1798 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + len); 1799 flags = le32toh(tail->flags); 1800 1801 DPRINTF(sc, WPI_DEBUG_RECV, "%s: idx %d len %d stat len %u rssi %d" 1802 " rate %x chan %d tstamp %ju\n", __func__, ring->cur, 1803 le32toh(desc->len), len, (int8_t)stat->rssi, 1804 head->plcp, head->chan, (uintmax_t)le64toh(tail->tstamp)); 1805 1806 /* Discard frames with a bad FCS early. */ 1807 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1808 DPRINTF(sc, WPI_DEBUG_RECV, "%s: RX flags error %x\n", 1809 __func__, flags); 1810 goto fail1; 1811 } 1812 /* Discard frames that are too short. */ 1813 if (len < sizeof (*wh)) { 1814 DPRINTF(sc, WPI_DEBUG_RECV, "%s: frame too short: %d\n", 1815 __func__, len); 1816 goto fail1; 1817 } 1818 1819 m1 = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1820 if (m1 == NULL) { 1821 DPRINTF(sc, WPI_DEBUG_ANY, "%s: no mbuf to restock ring\n", 1822 __func__); 1823 goto fail1; 1824 } 1825 bus_dmamap_unload(ring->data_dmat, data->map); 1826 1827 error = bus_dmamap_load(ring->data_dmat, data->map, mtod(m1, void *), 1828 MJUMPAGESIZE, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 1829 if (error != 0 && error != EFBIG) { 1830 device_printf(sc->sc_dev, 1831 "%s: bus_dmamap_load failed, error %d\n", __func__, error); 1832 m_freem(m1); 1833 1834 /* Try to reload the old mbuf. */ 1835 error = bus_dmamap_load(ring->data_dmat, data->map, 1836 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1837 &paddr, BUS_DMA_NOWAIT); 1838 if (error != 0 && error != EFBIG) { 1839 panic("%s: could not load old RX mbuf", __func__); 1840 } 1841 /* Physical address may have changed. */ 1842 ring->desc[ring->cur] = htole32(paddr); 1843 bus_dmamap_sync(ring->data_dmat, ring->desc_dma.map, 1844 BUS_DMASYNC_PREWRITE); 1845 goto fail1; 1846 } 1847 1848 m = data->m; 1849 data->m = m1; 1850 /* Update RX descriptor. */ 1851 ring->desc[ring->cur] = htole32(paddr); 1852 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1853 BUS_DMASYNC_PREWRITE); 1854 1855 /* Finalize mbuf. */ 1856 m->m_pkthdr.rcvif = ifp; 1857 m->m_data = (caddr_t)(head + 1); 1858 m->m_pkthdr.len = m->m_len = len; 1859 1860 /* Grab a reference to the source node. */ 1861 wh = mtod(m, struct ieee80211_frame *); 1862 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 1863 1864 if (ni != NULL) 1865 cip = ni->ni_ucastkey.wk_cipher; 1866 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1867 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1868 cip != NULL && cip->ic_cipher == IEEE80211_CIPHER_AES_CCM) { 1869 if ((flags & WPI_RX_CIPHER_MASK) != WPI_RX_CIPHER_CCMP) 1870 goto fail2; 1871 1872 /* Check whether decryption was successful or not. */ 1873 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1874 DPRINTF(sc, WPI_DEBUG_RECV, 1875 "CCMP decryption failed 0x%x\n", flags); 1876 goto fail2; 1877 } 1878 m->m_flags |= M_WEP; 1879 } 1880 1881 if (ieee80211_radiotap_active(ic)) { 1882 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1883 1884 tap->wr_flags = 0; 1885 if (head->flags & htole16(WPI_STAT_FLAG_SHPREAMBLE)) 1886 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1887 tap->wr_dbm_antsignal = (int8_t)(stat->rssi + WPI_RSSI_OFFSET); 1888 tap->wr_dbm_antnoise = WPI_RSSI_OFFSET; 1889 tap->wr_tsft = tail->tstamp; 1890 tap->wr_antenna = (le16toh(head->flags) >> 4) & 0xf; 1891 tap->wr_rate = plcp2rate(head->plcp); 1892 } 1893 1894 WPI_UNLOCK(sc); 1895 1896 /* Send the frame to the 802.11 layer. */ 1897 if (ni != NULL) { 1898 (void)ieee80211_input(ni, m, stat->rssi, WPI_RSSI_OFFSET); 1899 /* Node is no longer needed. */ 1900 ieee80211_free_node(ni); 1901 } else 1902 (void)ieee80211_input_all(ic, m, stat->rssi, WPI_RSSI_OFFSET); 1903 1904 WPI_LOCK(sc); 1905 1906 return; 1907 1908fail2: ieee80211_free_node(ni); 1909 m_freem(m); 1910 1911fail1: if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1912} 1913 1914static void 1915wpi_rx_statistics(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1916 struct wpi_rx_data *data) 1917{ 1918 /* Ignore */ 1919} 1920 1921static void 1922wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1923{ 1924 struct ifnet *ifp = sc->sc_ifp; 1925 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1926 struct wpi_tx_data *data = &ring->data[desc->idx]; 1927 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1928 struct mbuf *m; 1929 struct ieee80211_node *ni; 1930 struct ieee80211vap *vap; 1931 struct ieee80211com *ic; 1932 int ackfailcnt = stat->ackfailcnt / 2; /* wpi_mrr_setup() */ 1933 int status = le32toh(stat->status); 1934 1935 KASSERT(data->ni != NULL, ("no node")); 1936 1937 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1938 1939 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: " 1940 "qid %d idx %d retries %d btkillcnt %d rate %x duration %d " 1941 "status %x\n", __func__, desc->qid, desc->idx, ackfailcnt, 1942 stat->btkillcnt, stat->rate, le32toh(stat->duration), status); 1943 1944 /* Unmap and free mbuf. */ 1945 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTWRITE); 1946 bus_dmamap_unload(ring->data_dmat, data->map); 1947 m = data->m, data->m = NULL; 1948 ni = data->ni, data->ni = NULL; 1949 vap = ni->ni_vap; 1950 ic = vap->iv_ic; 1951 1952 /* 1953 * Update rate control statistics for the node. 1954 */ 1955 WPI_UNLOCK(sc); 1956 if ((status & 0xff) != 1) { 1957 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1958 ieee80211_ratectl_tx_complete(vap, ni, 1959 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL); 1960 } else { 1961 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 1962 ieee80211_ratectl_tx_complete(vap, ni, 1963 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL); 1964 } 1965 1966 ieee80211_tx_complete(ni, m, (status & 0xff) != 1); 1967 WPI_LOCK(sc); 1968 1969 sc->sc_tx_timer = 0; 1970 if (--ring->queued < WPI_TX_RING_LOMARK) { 1971 sc->qfullmsk &= ~(1 << ring->qid); 1972 if (sc->qfullmsk == 0 && 1973 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) { 1974 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1975 ieee80211_runtask(ic, &sc->sc_start_task); 1976 } 1977 } 1978 1979 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1980} 1981 1982/* 1983 * Process a "command done" firmware notification. This is where we wakeup 1984 * processes waiting for a synchronous command completion. 1985 */ 1986static void 1987wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1988{ 1989 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 1990 struct wpi_tx_data *data; 1991 1992 DPRINTF(sc, WPI_DEBUG_CMD, "cmd notification qid=%x idx=%d flags=%x " 1993 "type=%s len=%d\n", desc->qid, desc->idx, 1994 desc->flags, wpi_cmd_str(desc->type), 1995 le32toh(desc->len)); 1996 1997 if ((desc->qid & WPI_RX_DESC_QID_MSK) != WPI_CMD_QUEUE_NUM) 1998 return; /* Not a command ack. */ 1999 2000 KASSERT(ring->queued == 0, ("ring->queued must be 0")); 2001 2002 data = &ring->data[desc->idx]; 2003 2004 /* If the command was mapped in an mbuf, free it. */ 2005 if (data->m != NULL) { 2006 bus_dmamap_sync(ring->data_dmat, data->map, 2007 BUS_DMASYNC_POSTWRITE); 2008 bus_dmamap_unload(ring->data_dmat, data->map); 2009 m_freem(data->m); 2010 data->m = NULL; 2011 } 2012 2013 wakeup(&ring->cmd[desc->idx]); 2014} 2015 2016static void 2017wpi_notif_intr(struct wpi_softc *sc) 2018{ 2019 struct ifnet *ifp = sc->sc_ifp; 2020 struct ieee80211com *ic = ifp->if_l2com; 2021 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2022 int hw; 2023 2024 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 2025 BUS_DMASYNC_POSTREAD); 2026 2027 hw = le32toh(sc->shared->next); 2028 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 2029 2030 while (sc->rxq.cur != hw) { 2031 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 2032 2033 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 2034 struct wpi_rx_desc *desc; 2035 2036 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2037 BUS_DMASYNC_POSTREAD); 2038 desc = mtod(data->m, struct wpi_rx_desc *); 2039 2040 DPRINTF(sc, WPI_DEBUG_NOTIFY, 2041 "%s: cur=%d; qid %x idx %d flags %x type %d(%s) len %d\n", 2042 __func__, sc->rxq.cur, desc->qid, desc->idx, desc->flags, 2043 desc->type, wpi_cmd_str(desc->type), le32toh(desc->len)); 2044 2045 if (!(desc->qid & WPI_UNSOLICITED_RX_NOTIF)) { 2046 /* Reply to a command. */ 2047 wpi_cmd_done(sc, desc); 2048 } 2049 2050 switch (desc->type) { 2051 case WPI_RX_DONE: 2052 /* An 802.11 frame has been received. */ 2053 wpi_rx_done(sc, desc, data); 2054 2055 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2056 /* wpi_stop() was called. */ 2057 return; 2058 } 2059 2060 break; 2061 2062 case WPI_TX_DONE: 2063 /* An 802.11 frame has been transmitted. */ 2064 wpi_tx_done(sc, desc); 2065 break; 2066 2067 case WPI_RX_STATISTICS: 2068 case WPI_BEACON_STATISTICS: 2069 wpi_rx_statistics(sc, desc, data); 2070 break; 2071 2072 case WPI_BEACON_MISSED: 2073 { 2074 struct wpi_beacon_missed *miss = 2075 (struct wpi_beacon_missed *)(desc + 1); 2076 int misses; 2077 2078 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2079 BUS_DMASYNC_POSTREAD); 2080 misses = le32toh(miss->consecutive); 2081 2082 DPRINTF(sc, WPI_DEBUG_STATE, 2083 "%s: beacons missed %d/%d\n", __func__, misses, 2084 le32toh(miss->total)); 2085 2086 if (vap->iv_state == IEEE80211_S_RUN && 2087 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 2088 if (misses >= vap->iv_bmissthreshold) { 2089 WPI_UNLOCK(sc); 2090 ieee80211_beacon_miss(ic); 2091 WPI_LOCK(sc); 2092 } 2093 } 2094 break; 2095 } 2096 case WPI_UC_READY: 2097 { 2098 struct wpi_ucode_info *uc = 2099 (struct wpi_ucode_info *)(desc + 1); 2100 2101 /* The microcontroller is ready. */ 2102 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2103 BUS_DMASYNC_POSTREAD); 2104 DPRINTF(sc, WPI_DEBUG_RESET, 2105 "microcode alive notification version=%d.%d " 2106 "subtype=%x alive=%x\n", uc->major, uc->minor, 2107 uc->subtype, le32toh(uc->valid)); 2108 2109 if (le32toh(uc->valid) != 1) { 2110 device_printf(sc->sc_dev, 2111 "microcontroller initialization failed\n"); 2112 wpi_stop_locked(sc); 2113 } 2114 /* Save the address of the error log in SRAM. */ 2115 sc->errptr = le32toh(uc->errptr); 2116 break; 2117 } 2118 case WPI_STATE_CHANGED: 2119 { 2120 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2121 BUS_DMASYNC_POSTREAD); 2122 2123 uint32_t *status = (uint32_t *)(desc + 1); 2124 2125 DPRINTF(sc, WPI_DEBUG_STATE, "state changed to %x\n", 2126 le32toh(*status)); 2127 2128 if (le32toh(*status) & 1) { 2129 WPI_NT_LOCK(sc); 2130 wpi_clear_node_table(sc); 2131 WPI_NT_UNLOCK(sc); 2132 ieee80211_runtask(ic, &sc->sc_radiooff_task); 2133 return; 2134 } 2135 break; 2136 } 2137 case WPI_START_SCAN: 2138 { 2139 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2140 BUS_DMASYNC_POSTREAD); 2141#ifdef WPI_DEBUG 2142 struct wpi_start_scan *scan = 2143 (struct wpi_start_scan *)(desc + 1); 2144 DPRINTF(sc, WPI_DEBUG_SCAN, 2145 "%s: scanning channel %d status %x\n", 2146 __func__, scan->chan, le32toh(scan->status)); 2147#endif 2148 break; 2149 } 2150 case WPI_STOP_SCAN: 2151 { 2152 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2153 BUS_DMASYNC_POSTREAD); 2154#ifdef WPI_DEBUG 2155 struct wpi_stop_scan *scan = 2156 (struct wpi_stop_scan *)(desc + 1); 2157 DPRINTF(sc, WPI_DEBUG_SCAN, 2158 "scan finished nchan=%d status=%d chan=%d\n", 2159 scan->nchan, scan->status, scan->chan); 2160#endif 2161 sc->sc_scan_timer = 0; 2162 WPI_UNLOCK(sc); 2163 ieee80211_scan_next(vap); 2164 WPI_LOCK(sc); 2165 break; 2166 } 2167 } 2168 } 2169 2170 /* Tell the firmware what we have processed. */ 2171 wpi_update_rx_ring(sc); 2172} 2173 2174/* 2175 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up 2176 * from power-down sleep mode. 2177 */ 2178static void 2179wpi_wakeup_intr(struct wpi_softc *sc) 2180{ 2181 int qid; 2182 2183 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 2184 "%s: ucode wakeup from power-down sleep\n", __func__); 2185 2186 /* Wakeup RX and TX rings. */ 2187 if (sc->rxq.update) { 2188 sc->rxq.update = 0; 2189 wpi_update_rx_ring(sc); 2190 } 2191 WPI_TXQ_LOCK(sc); 2192 for (qid = 0; qid < WPI_DRV_NTXQUEUES; qid++) { 2193 struct wpi_tx_ring *ring = &sc->txq[qid]; 2194 2195 if (ring->update) { 2196 ring->update = 0; 2197 wpi_update_tx_ring(sc, ring); 2198 } 2199 } 2200 WPI_TXQ_UNLOCK(sc); 2201 2202 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 2203} 2204 2205/* 2206 * Dump the error log of the firmware when a firmware panic occurs. Although 2207 * we can't debug the firmware because it is neither open source nor free, it 2208 * can help us to identify certain classes of problems. 2209 */ 2210static void 2211wpi_fatal_intr(struct wpi_softc *sc) 2212{ 2213 struct wpi_fw_dump dump; 2214 uint32_t i, offset, count; 2215 const uint32_t size_errmsg = 2216 (sizeof (wpi_fw_errmsg) / sizeof ((wpi_fw_errmsg)[0])); 2217 2218 /* Check that the error log address is valid. */ 2219 if (sc->errptr < WPI_FW_DATA_BASE || 2220 sc->errptr + sizeof (dump) > 2221 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 2222 printf("%s: bad firmware error log address 0x%08x\n", __func__, 2223 sc->errptr); 2224 return; 2225 } 2226 if (wpi_nic_lock(sc) != 0) { 2227 printf("%s: could not read firmware error log\n", __func__); 2228 return; 2229 } 2230 /* Read number of entries in the log. */ 2231 count = wpi_mem_read(sc, sc->errptr); 2232 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 2233 printf("%s: invalid count field (count = %u)\n", __func__, 2234 count); 2235 wpi_nic_unlock(sc); 2236 return; 2237 } 2238 /* Skip "count" field. */ 2239 offset = sc->errptr + sizeof (uint32_t); 2240 printf("firmware error log (count = %u):\n", count); 2241 for (i = 0; i < count; i++) { 2242 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 2243 sizeof (dump) / sizeof (uint32_t)); 2244 2245 printf(" error type = \"%s\" (0x%08X)\n", 2246 (dump.desc < size_errmsg) ? 2247 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 2248 dump.desc); 2249 printf(" error data = 0x%08X\n", 2250 dump.data); 2251 printf(" branch link = 0x%08X%08X\n", 2252 dump.blink[0], dump.blink[1]); 2253 printf(" interrupt link = 0x%08X%08X\n", 2254 dump.ilink[0], dump.ilink[1]); 2255 printf(" time = %u\n", dump.time); 2256 2257 offset += sizeof (dump); 2258 } 2259 wpi_nic_unlock(sc); 2260 /* Dump driver status (TX and RX rings) while we're here. */ 2261 printf("driver status:\n"); 2262 WPI_TXQ_LOCK(sc); 2263 for (i = 0; i < WPI_DRV_NTXQUEUES; i++) { 2264 struct wpi_tx_ring *ring = &sc->txq[i]; 2265 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 2266 i, ring->qid, ring->cur, ring->queued); 2267 } 2268 WPI_TXQ_UNLOCK(sc); 2269 printf(" rx ring: cur=%d\n", sc->rxq.cur); 2270} 2271 2272static void 2273wpi_intr(void *arg) 2274{ 2275 struct wpi_softc *sc = arg; 2276 struct ifnet *ifp = sc->sc_ifp; 2277 uint32_t r1, r2; 2278 2279 WPI_LOCK(sc); 2280 2281 /* Disable interrupts. */ 2282 WPI_WRITE(sc, WPI_INT_MASK, 0); 2283 2284 r1 = WPI_READ(sc, WPI_INT); 2285 2286 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 2287 goto end; /* Hardware gone! */ 2288 2289 r2 = WPI_READ(sc, WPI_FH_INT); 2290 2291 DPRINTF(sc, WPI_DEBUG_INTR, "%s: reg1=0x%08x reg2=0x%08x\n", __func__, 2292 r1, r2); 2293 2294 if (r1 == 0 && r2 == 0) 2295 goto done; /* Interrupt not for us. */ 2296 2297 /* Acknowledge interrupts. */ 2298 WPI_WRITE(sc, WPI_INT, r1); 2299 WPI_WRITE(sc, WPI_FH_INT, r2); 2300 2301 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 2302 struct ieee80211com *ic = ifp->if_l2com; 2303 2304 device_printf(sc->sc_dev, "fatal firmware error\n"); 2305 wpi_fatal_intr(sc); 2306 DPRINTF(sc, WPI_DEBUG_HW, 2307 "(%s)\n", (r1 & WPI_INT_SW_ERR) ? "(Software Error)" : 2308 "(Hardware Error)"); 2309 ieee80211_runtask(ic, &sc->sc_reinittask); 2310 goto end; 2311 } 2312 2313 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 2314 (r2 & WPI_FH_INT_RX)) 2315 wpi_notif_intr(sc); 2316 2317 if (r1 & WPI_INT_ALIVE) 2318 wakeup(sc); /* Firmware is alive. */ 2319 2320 if (r1 & WPI_INT_WAKEUP) 2321 wpi_wakeup_intr(sc); 2322 2323done: 2324 /* Re-enable interrupts. */ 2325 if (ifp->if_flags & IFF_UP) 2326 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 2327 2328end: WPI_UNLOCK(sc); 2329} 2330 2331static int 2332wpi_cmd2(struct wpi_softc *sc, struct wpi_buf *buf) 2333{ 2334 struct ieee80211_frame *wh; 2335 struct wpi_tx_cmd *cmd; 2336 struct wpi_tx_data *data; 2337 struct wpi_tx_desc *desc; 2338 struct wpi_tx_ring *ring; 2339 struct mbuf *m1; 2340 bus_dma_segment_t *seg, segs[WPI_MAX_SCATTER]; 2341 int error, i, hdrlen, nsegs, totlen, pad; 2342 2343 WPI_LOCK_ASSERT(sc); 2344 2345 WPI_TXQ_LOCK(sc); 2346 2347 KASSERT(buf->size <= sizeof(buf->data), ("buffer overflow")); 2348 2349 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2350 2351 if (sc->txq_active == 0) { 2352 /* wpi_stop() was called */ 2353 error = ENETDOWN; 2354 goto fail; 2355 } 2356 2357 wh = mtod(buf->m, struct ieee80211_frame *); 2358 hdrlen = ieee80211_anyhdrsize(wh); 2359 totlen = buf->m->m_pkthdr.len; 2360 2361 if (hdrlen & 3) { 2362 /* First segment length must be a multiple of 4. */ 2363 pad = 4 - (hdrlen & 3); 2364 } else 2365 pad = 0; 2366 2367 ring = &sc->txq[buf->ac]; 2368 desc = &ring->desc[ring->cur]; 2369 data = &ring->data[ring->cur]; 2370 2371 /* Prepare TX firmware command. */ 2372 cmd = &ring->cmd[ring->cur]; 2373 cmd->code = buf->code; 2374 cmd->flags = 0; 2375 cmd->qid = ring->qid; 2376 cmd->idx = ring->cur; 2377 2378 memcpy(cmd->data, buf->data, buf->size); 2379 2380 /* Save and trim IEEE802.11 header. */ 2381 memcpy((uint8_t *)(cmd->data + buf->size), wh, hdrlen); 2382 m_adj(buf->m, hdrlen); 2383 2384 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, buf->m, 2385 segs, &nsegs, BUS_DMA_NOWAIT); 2386 if (error != 0 && error != EFBIG) { 2387 device_printf(sc->sc_dev, 2388 "%s: can't map mbuf (error %d)\n", __func__, error); 2389 goto fail; 2390 } 2391 if (error != 0) { 2392 /* Too many DMA segments, linearize mbuf. */ 2393 m1 = m_collapse(buf->m, M_NOWAIT, WPI_MAX_SCATTER - 1); 2394 if (m1 == NULL) { 2395 device_printf(sc->sc_dev, 2396 "%s: could not defrag mbuf\n", __func__); 2397 error = ENOBUFS; 2398 goto fail; 2399 } 2400 buf->m = m1; 2401 2402 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, 2403 buf->m, segs, &nsegs, BUS_DMA_NOWAIT); 2404 if (error != 0) { 2405 device_printf(sc->sc_dev, 2406 "%s: can't map mbuf (error %d)\n", __func__, 2407 error); 2408 goto fail; 2409 } 2410 } 2411 2412 KASSERT(nsegs < WPI_MAX_SCATTER, 2413 ("too many DMA segments, nsegs (%d) should be less than %d", 2414 nsegs, WPI_MAX_SCATTER)); 2415 2416 data->m = buf->m; 2417 data->ni = buf->ni; 2418 2419 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n", 2420 __func__, ring->qid, ring->cur, totlen, nsegs); 2421 2422 /* Fill TX descriptor. */ 2423 desc->nsegs = WPI_PAD32(totlen + pad) << 4 | (1 + nsegs); 2424 /* First DMA segment is used by the TX command. */ 2425 desc->segs[0].addr = htole32(data->cmd_paddr); 2426 desc->segs[0].len = htole32(4 + buf->size + hdrlen + pad); 2427 /* Other DMA segments are for data payload. */ 2428 seg = &segs[0]; 2429 for (i = 1; i <= nsegs; i++) { 2430 desc->segs[i].addr = htole32(seg->ds_addr); 2431 desc->segs[i].len = htole32(seg->ds_len); 2432 seg++; 2433 } 2434 2435 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE); 2436 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2437 BUS_DMASYNC_PREWRITE); 2438 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2439 BUS_DMASYNC_PREWRITE); 2440 2441 /* Kick TX ring. */ 2442 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2443 wpi_update_tx_ring(sc, ring); 2444 2445 if (ring->qid < WPI_CMD_QUEUE_NUM) { 2446 /* Mark TX ring as full if we reach a certain threshold. */ 2447 if (++ring->queued > WPI_TX_RING_HIMARK) 2448 sc->qfullmsk |= 1 << ring->qid; 2449 2450 sc->sc_tx_timer = 5; 2451 } 2452 2453 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2454 2455 WPI_TXQ_UNLOCK(sc); 2456 2457 return 0; 2458 2459fail: m_freem(buf->m); 2460 2461 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2462 2463 WPI_TXQ_UNLOCK(sc); 2464 2465 return error; 2466} 2467 2468/* 2469 * Construct the data packet for a transmit buffer. 2470 */ 2471static int 2472wpi_tx_data(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2473{ 2474 const struct ieee80211_txparam *tp; 2475 struct ieee80211vap *vap = ni->ni_vap; 2476 struct ieee80211com *ic = ni->ni_ic; 2477 struct wpi_node *wn = WPI_NODE(ni); 2478 struct ieee80211_channel *chan; 2479 struct ieee80211_frame *wh; 2480 struct ieee80211_key *k = NULL; 2481 struct wpi_buf tx_data; 2482 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2483 uint32_t flags; 2484 uint16_t qos; 2485 uint8_t tid, type; 2486 int ac, error, swcrypt, rate, ismcast, totlen; 2487 2488 wh = mtod(m, struct ieee80211_frame *); 2489 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2490 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 2491 2492 /* Select EDCA Access Category and TX ring for this frame. */ 2493 if (IEEE80211_QOS_HAS_SEQ(wh)) { 2494 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0]; 2495 tid = qos & IEEE80211_QOS_TID; 2496 } else { 2497 qos = 0; 2498 tid = 0; 2499 } 2500 ac = M_WME_GETAC(m); 2501 2502 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC) ? 2503 ni->ni_chan : ic->ic_curchan; 2504 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2505 2506 /* Choose a TX rate index. */ 2507 if (type == IEEE80211_FC0_TYPE_MGT) 2508 rate = tp->mgmtrate; 2509 else if (ismcast) 2510 rate = tp->mcastrate; 2511 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2512 rate = tp->ucastrate; 2513 else if (m->m_flags & M_EAPOL) 2514 rate = tp->mgmtrate; 2515 else { 2516 /* XXX pass pktlen */ 2517 (void) ieee80211_ratectl_rate(ni, NULL, 0); 2518 rate = ni->ni_txrate; 2519 } 2520 2521 /* Encrypt the frame if need be. */ 2522 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2523 /* Retrieve key for TX. */ 2524 k = ieee80211_crypto_encap(ni, m); 2525 if (k == NULL) { 2526 error = ENOBUFS; 2527 goto fail; 2528 } 2529 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2530 2531 /* 802.11 header may have moved. */ 2532 wh = mtod(m, struct ieee80211_frame *); 2533 } 2534 totlen = m->m_pkthdr.len; 2535 2536 if (ieee80211_radiotap_active_vap(vap)) { 2537 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2538 2539 tap->wt_flags = 0; 2540 tap->wt_rate = rate; 2541 if (k != NULL) 2542 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2543 2544 ieee80211_radiotap_tx(vap, m); 2545 } 2546 2547 flags = 0; 2548 if (!ismcast) { 2549 /* Unicast frame, check if an ACK is expected. */ 2550 if (!qos || (qos & IEEE80211_QOS_ACKPOLICY) != 2551 IEEE80211_QOS_ACKPOLICY_NOACK) 2552 flags |= WPI_TX_NEED_ACK; 2553 } 2554 2555 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) 2556 flags |= WPI_TX_MORE_FRAG; /* Cannot happen yet. */ 2557 2558 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 2559 if (!ismcast) { 2560 /* NB: Group frames are sent using CCK in 802.11b/g. */ 2561 if (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) { 2562 flags |= WPI_TX_NEED_RTS; 2563 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 2564 WPI_RATE_IS_OFDM(rate)) { 2565 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 2566 flags |= WPI_TX_NEED_CTS; 2567 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 2568 flags |= WPI_TX_NEED_RTS; 2569 } 2570 2571 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2572 flags |= WPI_TX_FULL_TXOP; 2573 } 2574 2575 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2576 if (type == IEEE80211_FC0_TYPE_MGT) { 2577 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2578 2579 /* Tell HW to set timestamp in probe responses. */ 2580 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2581 flags |= WPI_TX_INSERT_TSTAMP; 2582 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2583 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2584 tx->timeout = htole16(3); 2585 else 2586 tx->timeout = htole16(2); 2587 } 2588 2589 if (ismcast || type != IEEE80211_FC0_TYPE_DATA) 2590 tx->id = WPI_ID_BROADCAST; 2591 else { 2592 if (wn->id == WPI_ID_UNDEFINED) { 2593 device_printf(sc->sc_dev, 2594 "%s: undefined node id\n", __func__); 2595 error = EINVAL; 2596 goto fail; 2597 } 2598 2599 tx->id = wn->id; 2600 } 2601 2602 if (type != IEEE80211_FC0_TYPE_MGT) 2603 tx->data_ntries = tp->maxretry; 2604 2605 if (k != NULL && !swcrypt) { 2606 switch (k->wk_cipher->ic_cipher) { 2607 case IEEE80211_CIPHER_AES_CCM: 2608 tx->security = WPI_CIPHER_CCMP; 2609 break; 2610 2611 default: 2612 break; 2613 } 2614 2615 memcpy(tx->key, k->wk_key, k->wk_keylen); 2616 } 2617 2618 tx->len = htole16(totlen); 2619 tx->flags = htole32(flags); 2620 tx->plcp = rate2plcp(rate); 2621 tx->tid = tid; 2622 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2623 tx->ofdm_mask = 0xff; 2624 tx->cck_mask = 0x0f; 2625 tx->rts_ntries = 7; 2626 2627 tx_data.ni = ni; 2628 tx_data.m = m; 2629 tx_data.size = sizeof(struct wpi_cmd_data); 2630 tx_data.code = WPI_CMD_TX_DATA; 2631 tx_data.ac = ac; 2632 2633 return wpi_cmd2(sc, &tx_data); 2634 2635fail: m_freem(m); 2636 return error; 2637} 2638 2639static int 2640wpi_tx_data_raw(struct wpi_softc *sc, struct mbuf *m, 2641 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) 2642{ 2643 struct ieee80211vap *vap = ni->ni_vap; 2644 struct ieee80211_frame *wh; 2645 struct wpi_buf tx_data; 2646 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2647 uint32_t flags; 2648 uint8_t type; 2649 int ac, rate, totlen; 2650 2651 wh = mtod(m, struct ieee80211_frame *); 2652 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2653 totlen = m->m_pkthdr.len; 2654 2655 ac = params->ibp_pri & 3; 2656 2657 /* Choose a TX rate index. */ 2658 rate = params->ibp_rate0; 2659 2660 flags = 0; 2661 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 2662 flags |= WPI_TX_NEED_ACK; 2663 if (params->ibp_flags & IEEE80211_BPF_RTS) 2664 flags |= WPI_TX_NEED_RTS; 2665 if (params->ibp_flags & IEEE80211_BPF_CTS) 2666 flags |= WPI_TX_NEED_CTS; 2667 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2668 flags |= WPI_TX_FULL_TXOP; 2669 2670 if (ieee80211_radiotap_active_vap(vap)) { 2671 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2672 2673 tap->wt_flags = 0; 2674 tap->wt_rate = rate; 2675 2676 ieee80211_radiotap_tx(vap, m); 2677 } 2678 2679 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2680 if (type == IEEE80211_FC0_TYPE_MGT) { 2681 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2682 2683 /* Tell HW to set timestamp in probe responses. */ 2684 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2685 flags |= WPI_TX_INSERT_TSTAMP; 2686 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2687 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2688 tx->timeout = htole16(3); 2689 else 2690 tx->timeout = htole16(2); 2691 } 2692 2693 tx->len = htole16(totlen); 2694 tx->flags = htole32(flags); 2695 tx->plcp = rate2plcp(rate); 2696 tx->id = WPI_ID_BROADCAST; 2697 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2698 tx->rts_ntries = params->ibp_try1; 2699 tx->data_ntries = params->ibp_try0; 2700 2701 tx_data.ni = ni; 2702 tx_data.m = m; 2703 tx_data.size = sizeof(struct wpi_cmd_data); 2704 tx_data.code = WPI_CMD_TX_DATA; 2705 tx_data.ac = ac; 2706 2707 return wpi_cmd2(sc, &tx_data); 2708} 2709 2710static int 2711wpi_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 2712 const struct ieee80211_bpf_params *params) 2713{ 2714 struct ieee80211com *ic = ni->ni_ic; 2715 struct ifnet *ifp = ic->ic_ifp; 2716 struct wpi_softc *sc = ifp->if_softc; 2717 int error = 0; 2718 2719 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2720 2721 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2722 ieee80211_free_node(ni); 2723 m_freem(m); 2724 return ENETDOWN; 2725 } 2726 2727 WPI_LOCK(sc); 2728 if (params == NULL) { 2729 /* 2730 * Legacy path; interpret frame contents to decide 2731 * precisely how to send the frame. 2732 */ 2733 error = wpi_tx_data(sc, m, ni); 2734 } else { 2735 /* 2736 * Caller supplied explicit parameters to use in 2737 * sending the frame. 2738 */ 2739 error = wpi_tx_data_raw(sc, m, ni, params); 2740 } 2741 WPI_UNLOCK(sc); 2742 2743 if (error != 0) { 2744 /* NB: m is reclaimed on tx failure */ 2745 ieee80211_free_node(ni); 2746 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2747 2748 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2749 2750 return error; 2751 } 2752 2753 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2754 2755 return 0; 2756} 2757 2758/** 2759 * Process data waiting to be sent on the IFNET output queue 2760 */ 2761static void 2762wpi_start(struct ifnet *ifp) 2763{ 2764 struct wpi_softc *sc = ifp->if_softc; 2765 2766 WPI_LOCK(sc); 2767 wpi_start_locked(ifp); 2768 WPI_UNLOCK(sc); 2769} 2770 2771static void 2772wpi_start_locked(struct ifnet *ifp) 2773{ 2774 struct wpi_softc *sc = ifp->if_softc; 2775 struct ieee80211_node *ni; 2776 struct mbuf *m; 2777 2778 WPI_LOCK_ASSERT(sc); 2779 2780 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: called\n", __func__); 2781 2782 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 || 2783 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) 2784 return; 2785 2786 for (;;) { 2787 if (sc->qfullmsk != 0) { 2788 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 2789 break; 2790 } 2791 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 2792 if (m == NULL) 2793 break; 2794 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 2795 if (wpi_tx_data(sc, m, ni) != 0) { 2796 WPI_UNLOCK(sc); 2797 ieee80211_free_node(ni); 2798 WPI_LOCK(sc); 2799 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2800 } 2801 } 2802 2803 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: done\n", __func__); 2804} 2805 2806static void 2807wpi_start_task(void *arg0, int pending) 2808{ 2809 struct wpi_softc *sc = arg0; 2810 struct ifnet *ifp = sc->sc_ifp; 2811 2812 wpi_start(ifp); 2813} 2814 2815static void 2816wpi_watchdog_rfkill(void *arg) 2817{ 2818 struct wpi_softc *sc = arg; 2819 struct ifnet *ifp = sc->sc_ifp; 2820 struct ieee80211com *ic = ifp->if_l2com; 2821 2822 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "RFkill Watchdog: tick\n"); 2823 2824 /* No need to lock firmware memory. */ 2825 if ((wpi_prph_read(sc, WPI_APMG_RFKILL) & 0x1) == 0) { 2826 /* Radio kill switch is still off. */ 2827 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 2828 sc); 2829 } else 2830 ieee80211_runtask(ic, &sc->sc_radioon_task); 2831} 2832 2833/** 2834 * Called every second, wpi_watchdog used by the watch dog timer 2835 * to check that the card is still alive 2836 */ 2837static void 2838wpi_watchdog(void *arg) 2839{ 2840 struct wpi_softc *sc = arg; 2841 struct ifnet *ifp = sc->sc_ifp; 2842 struct ieee80211com *ic = ifp->if_l2com; 2843 2844 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "Watchdog: tick\n"); 2845 2846 if (sc->sc_tx_timer > 0) { 2847 if (--sc->sc_tx_timer == 0) { 2848 if_printf(ifp, "device timeout\n"); 2849 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2850 ieee80211_runtask(ic, &sc->sc_reinittask); 2851 } 2852 } 2853 2854 if (sc->sc_scan_timer > 0) { 2855 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2856 if (--sc->sc_scan_timer == 0 && vap != NULL) { 2857 if_printf(ifp, "scan timeout\n"); 2858 ieee80211_cancel_scan(vap); 2859 ieee80211_runtask(ic, &sc->sc_reinittask); 2860 } 2861 } 2862 2863 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 2864 callout_reset(&sc->watchdog_to, hz, wpi_watchdog, sc); 2865} 2866 2867static int 2868wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2869{ 2870 struct wpi_softc *sc = ifp->if_softc; 2871 struct ieee80211com *ic = ifp->if_l2com; 2872 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2873 struct ifreq *ifr = (struct ifreq *) data; 2874 int error = 0, startall = 0, stop = 0; 2875 2876 switch (cmd) { 2877 case SIOCGIFADDR: 2878 error = ether_ioctl(ifp, cmd, data); 2879 break; 2880 case SIOCSIFFLAGS: 2881 WPI_LOCK(sc); 2882 if (ifp->if_flags & IFF_UP) { 2883 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2884 wpi_init_locked(sc); 2885 if (WPI_READ(sc, WPI_GP_CNTRL) & 2886 WPI_GP_CNTRL_RFKILL) 2887 startall = 1; 2888 else 2889 stop = 1; 2890 } 2891 } else if (ifp->if_drv_flags & IFF_DRV_RUNNING) 2892 wpi_stop_locked(sc); 2893 WPI_UNLOCK(sc); 2894 if (startall) 2895 ieee80211_start_all(ic); 2896 else if (vap != NULL && stop) 2897 ieee80211_stop(vap); 2898 break; 2899 case SIOCGIFMEDIA: 2900 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 2901 break; 2902 default: 2903 error = EINVAL; 2904 break; 2905 } 2906 return error; 2907} 2908 2909/* 2910 * Send a command to the firmware. 2911 */ 2912static int 2913wpi_cmd(struct wpi_softc *sc, int code, const void *buf, size_t size, 2914 int async) 2915{ 2916 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 2917 struct wpi_tx_desc *desc; 2918 struct wpi_tx_data *data; 2919 struct wpi_tx_cmd *cmd; 2920 struct mbuf *m; 2921 bus_addr_t paddr; 2922 int totlen, error; 2923 2924 WPI_TXQ_LOCK(sc); 2925 2926 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2927 2928 if (sc->txq_active == 0) { 2929 /* wpi_stop() was called */ 2930 error = 0; 2931 goto fail; 2932 } 2933 2934 if (async == 0) 2935 WPI_LOCK_ASSERT(sc); 2936 2937 DPRINTF(sc, WPI_DEBUG_CMD, "wpi_cmd %s size %zu async %d\n", 2938 wpi_cmd_str(code), size, async); 2939 2940 desc = &ring->desc[ring->cur]; 2941 data = &ring->data[ring->cur]; 2942 totlen = 4 + size; 2943 2944 if (size > sizeof cmd->data) { 2945 /* Command is too large to fit in a descriptor. */ 2946 if (totlen > MCLBYTES) { 2947 error = EINVAL; 2948 goto fail; 2949 } 2950 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 2951 if (m == NULL) { 2952 error = ENOMEM; 2953 goto fail; 2954 } 2955 cmd = mtod(m, struct wpi_tx_cmd *); 2956 error = bus_dmamap_load(ring->data_dmat, data->map, cmd, 2957 totlen, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 2958 if (error != 0) { 2959 m_freem(m); 2960 goto fail; 2961 } 2962 data->m = m; 2963 } else { 2964 cmd = &ring->cmd[ring->cur]; 2965 paddr = data->cmd_paddr; 2966 } 2967 2968 cmd->code = code; 2969 cmd->flags = 0; 2970 cmd->qid = ring->qid; 2971 cmd->idx = ring->cur; 2972 memcpy(cmd->data, buf, size); 2973 2974 desc->nsegs = 1 + (WPI_PAD32(size) << 4); 2975 desc->segs[0].addr = htole32(paddr); 2976 desc->segs[0].len = htole32(totlen); 2977 2978 if (size > sizeof cmd->data) { 2979 bus_dmamap_sync(ring->data_dmat, data->map, 2980 BUS_DMASYNC_PREWRITE); 2981 } else { 2982 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2983 BUS_DMASYNC_PREWRITE); 2984 } 2985 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2986 BUS_DMASYNC_PREWRITE); 2987 2988 /* Kick command ring. */ 2989 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2990 wpi_update_tx_ring(sc, ring); 2991 2992 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2993 2994 WPI_TXQ_UNLOCK(sc); 2995 2996 if (async) 2997 return 0; 2998 2999 return mtx_sleep(cmd, &sc->sc_mtx, PCATCH, "wpicmd", hz); 3000 3001fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3002 3003 WPI_TXQ_UNLOCK(sc); 3004 3005 return error; 3006} 3007 3008/* 3009 * Configure HW multi-rate retries. 3010 */ 3011static int 3012wpi_mrr_setup(struct wpi_softc *sc) 3013{ 3014 struct ifnet *ifp = sc->sc_ifp; 3015 struct ieee80211com *ic = ifp->if_l2com; 3016 struct wpi_mrr_setup mrr; 3017 int i, error; 3018 3019 /* CCK rates (not used with 802.11a). */ 3020 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 3021 mrr.rates[i].flags = 0; 3022 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3023 /* Fallback to the immediate lower CCK rate (if any.) */ 3024 mrr.rates[i].next = 3025 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 3026 /* Try one time at this rate before falling back to "next". */ 3027 mrr.rates[i].ntries = 1; 3028 } 3029 /* OFDM rates (not used with 802.11b). */ 3030 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 3031 mrr.rates[i].flags = 0; 3032 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3033 /* Fallback to the immediate lower rate (if any.) */ 3034 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 3035 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 3036 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 3037 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 3038 i - 1; 3039 /* Try one time at this rate before falling back to "next". */ 3040 mrr.rates[i].ntries = 1; 3041 } 3042 /* Setup MRR for control frames. */ 3043 mrr.which = htole32(WPI_MRR_CTL); 3044 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3045 if (error != 0) { 3046 device_printf(sc->sc_dev, 3047 "could not setup MRR for control frames\n"); 3048 return error; 3049 } 3050 /* Setup MRR for data frames. */ 3051 mrr.which = htole32(WPI_MRR_DATA); 3052 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3053 if (error != 0) { 3054 device_printf(sc->sc_dev, 3055 "could not setup MRR for data frames\n"); 3056 return error; 3057 } 3058 return 0; 3059} 3060 3061static int 3062wpi_add_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3063{ 3064 struct ieee80211com *ic = ni->ni_ic; 3065 struct wpi_node *wn = WPI_NODE(ni); 3066 struct wpi_node_info node; 3067 3068 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3069 3070 if (wn->id == WPI_ID_UNDEFINED) 3071 return EINVAL; 3072 3073 memset(&node, 0, sizeof node); 3074 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3075 node.id = wn->id; 3076 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3077 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3078 node.action = htole32(WPI_ACTION_SET_RATE); 3079 node.antenna = WPI_ANTENNA_BOTH; 3080 3081 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 3082} 3083 3084/* 3085 * Broadcast node is used to send group-addressed and management frames. 3086 */ 3087static int 3088wpi_add_broadcast_node(struct wpi_softc *sc, int async) 3089{ 3090 struct ifnet *ifp = sc->sc_ifp; 3091 struct ieee80211com *ic = ifp->if_l2com; 3092 struct wpi_node_info node; 3093 3094 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3095 3096 memset(&node, 0, sizeof node); 3097 IEEE80211_ADDR_COPY(node.macaddr, ifp->if_broadcastaddr); 3098 node.id = WPI_ID_BROADCAST; 3099 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3100 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3101 node.action = htole32(WPI_ACTION_SET_RATE); 3102 node.antenna = WPI_ANTENNA_BOTH; 3103 3104 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, async); 3105} 3106 3107static int 3108wpi_add_sta_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3109{ 3110 struct wpi_node *wn = WPI_NODE(ni); 3111 int error; 3112 3113 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3114 3115 wn->id = wpi_add_node_entry_sta(sc); 3116 3117 if ((error = wpi_add_node(sc, ni)) != 0) { 3118 wpi_del_node_entry(sc, wn->id); 3119 wn->id = WPI_ID_UNDEFINED; 3120 return error; 3121 } 3122 3123 return 0; 3124} 3125 3126static int 3127wpi_add_ibss_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3128{ 3129 struct wpi_node *wn = WPI_NODE(ni); 3130 int error; 3131 3132 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3133 3134 if (wn->id != WPI_ID_UNDEFINED) 3135 return EINVAL; 3136 3137 if ((wn->id = wpi_add_node_entry_adhoc(sc)) == WPI_ID_UNDEFINED) { 3138 device_printf(sc->sc_dev, "%s: h/w table is full\n", __func__); 3139 return ENOMEM; 3140 } 3141 3142 if ((error = wpi_add_node(sc, ni)) != 0) { 3143 wpi_del_node_entry(sc, wn->id); 3144 wn->id = WPI_ID_UNDEFINED; 3145 return error; 3146 } 3147 3148 return 0; 3149} 3150 3151static void 3152wpi_del_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3153{ 3154 struct wpi_node *wn = WPI_NODE(ni); 3155 struct wpi_cmd_del_node node; 3156 int error; 3157 3158 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3159 3160 if (wn->id == WPI_ID_UNDEFINED) { 3161 device_printf(sc->sc_dev, "%s: undefined node id passed\n", 3162 __func__); 3163 return; 3164 } 3165 3166 memset(&node, 0, sizeof node); 3167 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3168 node.count = 1; 3169 3170 error = wpi_cmd(sc, WPI_CMD_DEL_NODE, &node, sizeof node, 1); 3171 if (error != 0) { 3172 device_printf(sc->sc_dev, 3173 "%s: could not delete node %u, error %d\n", __func__, 3174 wn->id, error); 3175 } 3176} 3177 3178static int 3179wpi_updateedca(struct ieee80211com *ic) 3180{ 3181#define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 3182 struct wpi_softc *sc = ic->ic_ifp->if_softc; 3183 struct wpi_edca_params cmd; 3184 int aci, error; 3185 3186 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3187 3188 memset(&cmd, 0, sizeof cmd); 3189 cmd.flags = htole32(WPI_EDCA_UPDATE); 3190 for (aci = 0; aci < WME_NUM_AC; aci++) { 3191 const struct wmeParams *ac = 3192 &ic->ic_wme.wme_chanParams.cap_wmeParams[aci]; 3193 cmd.ac[aci].aifsn = ac->wmep_aifsn; 3194 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->wmep_logcwmin)); 3195 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->wmep_logcwmax)); 3196 cmd.ac[aci].txoplimit = 3197 htole16(IEEE80211_TXOP_TO_US(ac->wmep_txopLimit)); 3198 3199 DPRINTF(sc, WPI_DEBUG_EDCA, 3200 "setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 3201 "txoplimit=%d\n", aci, cmd.ac[aci].aifsn, 3202 cmd.ac[aci].cwmin, cmd.ac[aci].cwmax, 3203 cmd.ac[aci].txoplimit); 3204 } 3205 error = wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 3206 3207 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3208 3209 return error; 3210#undef WPI_EXP2 3211} 3212 3213static void 3214wpi_set_promisc(struct wpi_softc *sc) 3215{ 3216 struct ifnet *ifp = sc->sc_ifp; 3217 uint32_t promisc_filter; 3218 3219 promisc_filter = WPI_FILTER_PROMISC | WPI_FILTER_CTL; 3220 3221 if (ifp->if_flags & IFF_PROMISC) 3222 sc->rxon.filter |= htole32(promisc_filter); 3223 else 3224 sc->rxon.filter &= ~htole32(promisc_filter); 3225} 3226 3227static void 3228wpi_update_promisc(struct ifnet *ifp) 3229{ 3230 struct wpi_softc *sc = ifp->if_softc; 3231 3232 WPI_LOCK(sc); 3233 wpi_set_promisc(sc); 3234 3235 if (wpi_send_rxon(sc, 1, 1) != 0) { 3236 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3237 __func__); 3238 } 3239 WPI_UNLOCK(sc); 3240} 3241 3242static void 3243wpi_update_mcast(struct ifnet *ifp) 3244{ 3245 /* Ignore */ 3246} 3247 3248static void 3249wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 3250{ 3251 struct wpi_cmd_led led; 3252 3253 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3254 3255 led.which = which; 3256 led.unit = htole32(100000); /* on/off in unit of 100ms */ 3257 led.off = off; 3258 led.on = on; 3259 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 3260} 3261 3262static int 3263wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 3264{ 3265 struct wpi_cmd_timing cmd; 3266 uint64_t val, mod; 3267 3268 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3269 3270 memset(&cmd, 0, sizeof cmd); 3271 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t)); 3272 cmd.bintval = htole16(ni->ni_intval); 3273 cmd.lintval = htole16(10); 3274 3275 /* Compute remaining time until next beacon. */ 3276 val = (uint64_t)ni->ni_intval * IEEE80211_DUR_TU; 3277 mod = le64toh(cmd.tstamp) % val; 3278 cmd.binitval = htole32((uint32_t)(val - mod)); 3279 3280 DPRINTF(sc, WPI_DEBUG_RESET, "timing bintval=%u tstamp=%ju, init=%u\n", 3281 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod)); 3282 3283 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 3284} 3285 3286/* 3287 * This function is called periodically (every 60 seconds) to adjust output 3288 * power to temperature changes. 3289 */ 3290static void 3291wpi_power_calibration(struct wpi_softc *sc) 3292{ 3293 int temp; 3294 3295 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3296 3297 /* Update sensor data. */ 3298 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 3299 DPRINTF(sc, WPI_DEBUG_TEMP, "Temp in calibration is: %d\n", temp); 3300 3301 /* Sanity-check read value. */ 3302 if (temp < -260 || temp > 25) { 3303 /* This can't be correct, ignore. */ 3304 DPRINTF(sc, WPI_DEBUG_TEMP, 3305 "out-of-range temperature reported: %d\n", temp); 3306 return; 3307 } 3308 3309 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d->%d\n", sc->temp, temp); 3310 3311 /* Adjust Tx power if need be. */ 3312 if (abs(temp - sc->temp) <= 6) 3313 return; 3314 3315 sc->temp = temp; 3316 3317 if (wpi_set_txpower(sc, 1) != 0) { 3318 /* just warn, too bad for the automatic calibration... */ 3319 device_printf(sc->sc_dev,"could not adjust Tx power\n"); 3320 } 3321} 3322 3323/* 3324 * Set TX power for current channel. 3325 */ 3326static int 3327wpi_set_txpower(struct wpi_softc *sc, int async) 3328{ 3329 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3330 struct ieee80211_channel *ch; 3331 struct wpi_power_group *group; 3332 struct wpi_cmd_txpower cmd; 3333 uint8_t chan; 3334 int idx, i; 3335 3336 /* Retrieve current channel from last RXON. */ 3337 chan = sc->rxon.chan; 3338 ch = &ic->ic_channels[chan]; 3339 3340 /* Find the TX power group to which this channel belongs. */ 3341 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3342 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 3343 if (chan <= group->chan) 3344 break; 3345 } else 3346 group = &sc->groups[0]; 3347 3348 memset(&cmd, 0, sizeof cmd); 3349 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 3350 cmd.chan = htole16(chan); 3351 3352 /* Set TX power for all OFDM and CCK rates. */ 3353 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 3354 /* Retrieve TX power for this channel/rate. */ 3355 idx = wpi_get_power_index(sc, group, ch, i); 3356 3357 cmd.rates[i].plcp = wpi_ridx_to_plcp[i]; 3358 3359 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3360 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 3361 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 3362 } else { 3363 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 3364 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 3365 } 3366 DPRINTF(sc, WPI_DEBUG_TEMP, 3367 "chan %d/ridx %d: power index %d\n", chan, i, idx); 3368 } 3369 3370 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 3371} 3372 3373/* 3374 * Determine Tx power index for a given channel/rate combination. 3375 * This takes into account the regulatory information from EEPROM and the 3376 * current temperature. 3377 */ 3378static int 3379wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 3380 struct ieee80211_channel *c, int ridx) 3381{ 3382/* Fixed-point arithmetic division using a n-bit fractional part. */ 3383#define fdivround(a, b, n) \ 3384 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 3385 3386/* Linear interpolation. */ 3387#define interpolate(x, x1, y1, x2, y2, n) \ 3388 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 3389 3390 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3391 struct wpi_power_sample *sample; 3392 int pwr, idx; 3393 u_int chan; 3394 3395 /* Get channel number. */ 3396 chan = ieee80211_chan2ieee(ic, c); 3397 3398 /* Default TX power is group maximum TX power minus 3dB. */ 3399 pwr = group->maxpwr / 2; 3400 3401 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 3402 switch (ridx) { 3403 case WPI_RIDX_OFDM36: 3404 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 3405 break; 3406 case WPI_RIDX_OFDM48: 3407 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 3408 break; 3409 case WPI_RIDX_OFDM54: 3410 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 3411 break; 3412 } 3413 3414 /* Never exceed the channel maximum allowed TX power. */ 3415 pwr = min(pwr, sc->maxpwr[chan]); 3416 3417 /* Retrieve TX power index into gain tables from samples. */ 3418 for (sample = group->samples; sample < &group->samples[3]; sample++) 3419 if (pwr > sample[1].power) 3420 break; 3421 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 3422 idx = interpolate(pwr, sample[0].power, sample[0].index, 3423 sample[1].power, sample[1].index, 19); 3424 3425 /*- 3426 * Adjust power index based on current temperature: 3427 * - if cooler than factory-calibrated: decrease output power 3428 * - if warmer than factory-calibrated: increase output power 3429 */ 3430 idx -= (sc->temp - group->temp) * 11 / 100; 3431 3432 /* Decrease TX power for CCK rates (-5dB). */ 3433 if (ridx >= WPI_RIDX_CCK1) 3434 idx += 10; 3435 3436 /* Make sure idx stays in a valid range. */ 3437 if (idx < 0) 3438 return 0; 3439 if (idx > WPI_MAX_PWR_INDEX) 3440 return WPI_MAX_PWR_INDEX; 3441 return idx; 3442 3443#undef interpolate 3444#undef fdivround 3445} 3446 3447/* 3448 * Set STA mode power saving level (between 0 and 5). 3449 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 3450 */ 3451static int 3452wpi_set_pslevel(struct wpi_softc *sc, uint8_t dtim, int level, int async) 3453{ 3454 struct wpi_pmgt_cmd cmd; 3455 const struct wpi_pmgt *pmgt; 3456 uint32_t max, skip_dtim; 3457 uint32_t reg; 3458 int i; 3459 3460 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 3461 "%s: dtim=%d, level=%d, async=%d\n", 3462 __func__, dtim, level, async); 3463 3464 /* Select which PS parameters to use. */ 3465 if (dtim <= 10) 3466 pmgt = &wpi_pmgt[0][level]; 3467 else 3468 pmgt = &wpi_pmgt[1][level]; 3469 3470 memset(&cmd, 0, sizeof cmd); 3471 if (level != 0) /* not CAM */ 3472 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 3473 /* Retrieve PCIe Active State Power Management (ASPM). */ 3474 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 3475 if (!(reg & 0x1)) /* L0s Entry disabled. */ 3476 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 3477 3478 cmd.rxtimeout = htole32(pmgt->rxtimeout * IEEE80211_DUR_TU); 3479 cmd.txtimeout = htole32(pmgt->txtimeout * IEEE80211_DUR_TU); 3480 3481 if (dtim == 0) { 3482 dtim = 1; 3483 skip_dtim = 0; 3484 } else 3485 skip_dtim = pmgt->skip_dtim; 3486 3487 if (skip_dtim != 0) { 3488 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 3489 max = pmgt->intval[4]; 3490 if (max == (uint32_t)-1) 3491 max = dtim * (skip_dtim + 1); 3492 else if (max > dtim) 3493 max = (max / dtim) * dtim; 3494 } else 3495 max = dtim; 3496 3497 for (i = 0; i < 5; i++) 3498 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 3499 3500 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 3501} 3502 3503static int 3504wpi_send_btcoex(struct wpi_softc *sc) 3505{ 3506 struct wpi_bluetooth cmd; 3507 3508 memset(&cmd, 0, sizeof cmd); 3509 cmd.flags = WPI_BT_COEX_MODE_4WIRE; 3510 cmd.lead_time = WPI_BT_LEAD_TIME_DEF; 3511 cmd.max_kill = WPI_BT_MAX_KILL_DEF; 3512 DPRINTF(sc, WPI_DEBUG_RESET, "%s: configuring bluetooth coexistence\n", 3513 __func__); 3514 return wpi_cmd(sc, WPI_CMD_BT_COEX, &cmd, sizeof(cmd), 0); 3515} 3516 3517static int 3518wpi_send_rxon(struct wpi_softc *sc, int assoc, int async) 3519{ 3520 int error; 3521 3522 if (assoc && (sc->rxon.filter & htole32(WPI_FILTER_BSS))) { 3523 struct wpi_assoc rxon_assoc; 3524 3525 rxon_assoc.flags = sc->rxon.flags; 3526 rxon_assoc.filter = sc->rxon.filter; 3527 rxon_assoc.ofdm_mask = sc->rxon.ofdm_mask; 3528 rxon_assoc.cck_mask = sc->rxon.cck_mask; 3529 rxon_assoc.reserved = 0; 3530 3531 error = wpi_cmd(sc, WPI_CMD_RXON_ASSOC, &rxon_assoc, 3532 sizeof (struct wpi_assoc), async); 3533 } else { 3534 if (async) 3535 WPI_NT_LOCK(sc); 3536 3537 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3538 sizeof (struct wpi_rxon), async); 3539 3540 wpi_clear_node_table(sc); 3541 3542 if (async) 3543 WPI_NT_UNLOCK(sc); 3544 } 3545 if (error != 0) { 3546 device_printf(sc->sc_dev, "RXON command failed, error %d\n", 3547 error); 3548 return error; 3549 } 3550 3551 /* Configuration has changed, set Tx power accordingly. */ 3552 if ((error = wpi_set_txpower(sc, async)) != 0) { 3553 device_printf(sc->sc_dev, 3554 "%s: could not set TX power, error %d\n", __func__, error); 3555 return error; 3556 } 3557 3558 if (!(sc->rxon.filter & htole32(WPI_FILTER_BSS))) { 3559 /* Add broadcast node. */ 3560 error = wpi_add_broadcast_node(sc, async); 3561 if (error != 0) { 3562 device_printf(sc->sc_dev, 3563 "could not add broadcast node, error %d\n", error); 3564 return error; 3565 } 3566 } 3567 3568 return 0; 3569} 3570 3571/** 3572 * Configure the card to listen to a particular channel, this transisions the 3573 * card in to being able to receive frames from remote devices. 3574 */ 3575static int 3576wpi_config(struct wpi_softc *sc) 3577{ 3578 struct ifnet *ifp = sc->sc_ifp; 3579 struct ieee80211com *ic = ifp->if_l2com; 3580 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3581 uint32_t flags; 3582 int error; 3583 3584 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3585 3586 /* Set power saving level to CAM during initialization. */ 3587 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 3588 device_printf(sc->sc_dev, 3589 "%s: could not set power saving level\n", __func__); 3590 return error; 3591 } 3592 3593 /* Configure bluetooth coexistence. */ 3594 if ((error = wpi_send_btcoex(sc)) != 0) { 3595 device_printf(sc->sc_dev, 3596 "could not configure bluetooth coexistence\n"); 3597 return error; 3598 } 3599 3600 /* Configure adapter. */ 3601 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 3602 IEEE80211_ADDR_COPY(sc->rxon.myaddr, vap->iv_myaddr); 3603 3604 /* Set default channel. */ 3605 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 3606 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 3607 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) 3608 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 3609 3610 sc->rxon.filter = WPI_FILTER_MULTICAST; 3611 switch (ic->ic_opmode) { 3612 case IEEE80211_M_STA: 3613 sc->rxon.mode = WPI_MODE_STA; 3614 break; 3615 case IEEE80211_M_IBSS: 3616 sc->rxon.mode = WPI_MODE_IBSS; 3617 sc->rxon.filter |= WPI_FILTER_BEACON; 3618 break; 3619 /* XXX workaround for passive channels selection */ 3620 case IEEE80211_M_AHDEMO: 3621 case IEEE80211_M_HOSTAP: 3622 sc->rxon.mode = WPI_MODE_HOSTAP; 3623 break; 3624 case IEEE80211_M_MONITOR: 3625 sc->rxon.mode = WPI_MODE_MONITOR; 3626 break; 3627 default: 3628 device_printf(sc->sc_dev, "unknown opmode %d\n", 3629 ic->ic_opmode); 3630 return EINVAL; 3631 } 3632 sc->rxon.filter = htole32(sc->rxon.filter); 3633 wpi_set_promisc(sc); 3634 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 3635 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 3636 3637 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) { 3638 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3639 __func__); 3640 return error; 3641 } 3642 3643 /* Setup rate scalling. */ 3644 if ((error = wpi_mrr_setup(sc)) != 0) { 3645 device_printf(sc->sc_dev, "could not setup MRR, error %d\n", 3646 error); 3647 return error; 3648 } 3649 3650 /* Disable beacon notifications (unused). */ 3651 flags = WPI_STATISTICS_BEACON_DISABLE; 3652 error = wpi_cmd(sc, WPI_CMD_GET_STATISTICS, &flags, sizeof flags, 1); 3653 if (error != 0) { 3654 device_printf(sc->sc_dev, 3655 "could not disable beacon statistics, error %d\n", error); 3656 return error; 3657 } 3658 3659 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3660 3661 return 0; 3662} 3663 3664static uint16_t 3665wpi_get_active_dwell_time(struct wpi_softc *sc, 3666 struct ieee80211_channel *c, uint8_t n_probes) 3667{ 3668 /* No channel? Default to 2GHz settings. */ 3669 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) { 3670 return (WPI_ACTIVE_DWELL_TIME_2GHZ + 3671 WPI_ACTIVE_DWELL_FACTOR_2GHZ * (n_probes + 1)); 3672 } 3673 3674 /* 5GHz dwell time. */ 3675 return (WPI_ACTIVE_DWELL_TIME_5GHZ + 3676 WPI_ACTIVE_DWELL_FACTOR_5GHZ * (n_probes + 1)); 3677} 3678 3679/* 3680 * Limit the total dwell time to 85% of the beacon interval. 3681 * 3682 * Returns the dwell time in milliseconds. 3683 */ 3684static uint16_t 3685wpi_limit_dwell(struct wpi_softc *sc, uint16_t dwell_time) 3686{ 3687 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3688 struct ieee80211vap *vap = NULL; 3689 int bintval = 0; 3690 3691 /* bintval is in TU (1.024mS) */ 3692 if (! TAILQ_EMPTY(&ic->ic_vaps)) { 3693 vap = TAILQ_FIRST(&ic->ic_vaps); 3694 bintval = vap->iv_bss->ni_intval; 3695 } 3696 3697 /* 3698 * If it's non-zero, we should calculate the minimum of 3699 * it and the DWELL_BASE. 3700 * 3701 * XXX Yes, the math should take into account that bintval 3702 * is 1.024mS, not 1mS.. 3703 */ 3704 if (bintval > 0) { 3705 DPRINTF(sc, WPI_DEBUG_SCAN, "%s: bintval=%d\n", __func__, 3706 bintval); 3707 return (MIN(WPI_PASSIVE_DWELL_BASE, ((bintval * 85) / 100))); 3708 } 3709 3710 /* No association context? Default. */ 3711 return (WPI_PASSIVE_DWELL_BASE); 3712} 3713 3714static uint16_t 3715wpi_get_passive_dwell_time(struct wpi_softc *sc, struct ieee80211_channel *c) 3716{ 3717 uint16_t passive; 3718 3719 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) 3720 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_2GHZ; 3721 else 3722 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_5GHZ; 3723 3724 /* Clamp to the beacon interval if we're associated. */ 3725 return (wpi_limit_dwell(sc, passive)); 3726} 3727 3728/* 3729 * Send a scan request to the firmware. 3730 */ 3731static int 3732wpi_scan(struct wpi_softc *sc, struct ieee80211_channel *c) 3733{ 3734 struct ifnet *ifp = sc->sc_ifp; 3735 struct ieee80211com *ic = ifp->if_l2com; 3736 struct ieee80211_scan_state *ss = ic->ic_scan; 3737 struct ieee80211vap *vap = ss->ss_vap; 3738 struct wpi_scan_hdr *hdr; 3739 struct wpi_cmd_data *tx; 3740 struct wpi_scan_essid *essids; 3741 struct wpi_scan_chan *chan; 3742 struct ieee80211_frame *wh; 3743 struct ieee80211_rateset *rs; 3744 uint16_t dwell_active, dwell_passive; 3745 uint8_t *buf, *frm; 3746 int buflen, error, i, nssid; 3747 3748 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3749 3750 /* 3751 * We are absolutely not allowed to send a scan command when another 3752 * scan command is pending. 3753 */ 3754 if (sc->sc_scan_timer) { 3755 device_printf(sc->sc_dev, "%s: called whilst scanning!\n", 3756 __func__); 3757 3758 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3759 3760 return (EAGAIN); 3761 } 3762 3763 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 3764 if (buf == NULL) { 3765 device_printf(sc->sc_dev, 3766 "%s: could not allocate buffer for scan command\n", 3767 __func__); 3768 error = ENOMEM; 3769 goto fail; 3770 } 3771 hdr = (struct wpi_scan_hdr *)buf; 3772 3773 /* 3774 * Move to the next channel if no packets are received within 10 msecs 3775 * after sending the probe request. 3776 */ 3777 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 3778 hdr->quiet_threshold = htole16(1); /* min # of packets */ 3779 /* 3780 * Max needs to be greater than active and passive and quiet! 3781 * It's also in microseconds! 3782 */ 3783 hdr->max_svc = htole32(250 * IEEE80211_DUR_TU); 3784 hdr->pause_svc = htole32((4 << 24) | 3785 (100 * IEEE80211_DUR_TU)); /* Hardcode for now */ 3786 hdr->filter = htole32(WPI_FILTER_MULTICAST | WPI_FILTER_BEACON); 3787 3788 tx = (struct wpi_cmd_data *)(hdr + 1); 3789 tx->flags = htole32(WPI_TX_AUTO_SEQ); 3790 tx->id = WPI_ID_BROADCAST; 3791 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 3792 3793 if (IEEE80211_IS_CHAN_5GHZ(c)) { 3794 /* Send probe requests at 6Mbps. */ 3795 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_OFDM6]; 3796 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 3797 } else { 3798 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 3799 /* Send probe requests at 1Mbps. */ 3800 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3801 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 3802 } 3803 3804 essids = (struct wpi_scan_essid *)(tx + 1); 3805 nssid = MIN(ss->ss_nssid, WPI_SCAN_MAX_ESSIDS); 3806 for (i = 0; i < nssid; i++) { 3807 essids[i].id = IEEE80211_ELEMID_SSID; 3808 essids[i].len = MIN(ss->ss_ssid[i].len, IEEE80211_NWID_LEN); 3809 memcpy(essids[i].data, ss->ss_ssid[i].ssid, essids[i].len); 3810#ifdef WPI_DEBUG 3811 if (sc->sc_debug & WPI_DEBUG_SCAN) { 3812 printf("Scanning Essid: "); 3813 ieee80211_print_essid(essids[i].data, essids[i].len); 3814 printf("\n"); 3815 } 3816#endif 3817 } 3818 3819 /* 3820 * Build a probe request frame. Most of the following code is a 3821 * copy & paste of what is done in net80211. 3822 */ 3823 wh = (struct ieee80211_frame *)(essids + WPI_SCAN_MAX_ESSIDS); 3824 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3825 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 3826 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3827 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 3828 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 3829 IEEE80211_ADDR_COPY(wh->i_addr3, ifp->if_broadcastaddr); 3830 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 3831 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 3832 3833 frm = (uint8_t *)(wh + 1); 3834 frm = ieee80211_add_ssid(frm, NULL, 0); 3835 frm = ieee80211_add_rates(frm, rs); 3836 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 3837 frm = ieee80211_add_xrates(frm, rs); 3838 3839 /* Set length of probe request. */ 3840 tx->len = htole16(frm - (uint8_t *)wh); 3841 3842 /* 3843 * Construct information about the channel that we 3844 * want to scan. The firmware expects this to be directly 3845 * after the scan probe request 3846 */ 3847 chan = (struct wpi_scan_chan *)frm; 3848 chan->chan = htole16(ieee80211_chan2ieee(ic, c)); 3849 chan->flags = 0; 3850 if (nssid) { 3851 hdr->crc_threshold = WPI_SCAN_CRC_TH_DEFAULT; 3852 chan->flags |= WPI_CHAN_NPBREQS(nssid); 3853 } else 3854 hdr->crc_threshold = WPI_SCAN_CRC_TH_NEVER; 3855 3856 if (!IEEE80211_IS_CHAN_PASSIVE(c)) 3857 chan->flags |= WPI_CHAN_ACTIVE; 3858 3859 /* 3860 * Calculate the active/passive dwell times. 3861 */ 3862 3863 dwell_active = wpi_get_active_dwell_time(sc, c, nssid); 3864 dwell_passive = wpi_get_passive_dwell_time(sc, c); 3865 3866 /* Make sure they're valid. */ 3867 if (dwell_passive <= dwell_active) 3868 dwell_passive = dwell_active + 1; 3869 3870 chan->active = htole16(dwell_active); 3871 chan->passive = htole16(dwell_passive); 3872 3873 chan->dsp_gain = 0x6e; /* Default level */ 3874 3875 if (IEEE80211_IS_CHAN_5GHZ(c)) 3876 chan->rf_gain = 0x3b; 3877 else 3878 chan->rf_gain = 0x28; 3879 3880 DPRINTF(sc, WPI_DEBUG_SCAN, "Scanning %u Passive: %d\n", 3881 chan->chan, IEEE80211_IS_CHAN_PASSIVE(c)); 3882 3883 hdr->nchan++; 3884 chan++; 3885 3886 buflen = (uint8_t *)chan - buf; 3887 hdr->len = htole16(buflen); 3888 3889 DPRINTF(sc, WPI_DEBUG_CMD, "sending scan command nchan=%d\n", 3890 hdr->nchan); 3891 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 3892 free(buf, M_DEVBUF); 3893 3894 if (error != 0) 3895 goto fail; 3896 3897 sc->sc_scan_timer = 5; 3898 3899 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3900 3901 return 0; 3902 3903fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3904 3905 return error; 3906} 3907 3908static int 3909wpi_auth(struct wpi_softc *sc, struct ieee80211vap *vap) 3910{ 3911 struct ieee80211com *ic = vap->iv_ic; 3912 struct ieee80211_node *ni = vap->iv_bss; 3913 int error; 3914 3915 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3916 3917 /* Update adapter configuration. */ 3918 sc->rxon.associd = 0; 3919 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 3920 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 3921 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 3922 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 3923 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 3924 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 3925 if (ic->ic_flags & IEEE80211_F_SHSLOT) 3926 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 3927 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3928 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 3929 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) { 3930 sc->rxon.cck_mask = 0; 3931 sc->rxon.ofdm_mask = 0x15; 3932 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) { 3933 sc->rxon.cck_mask = 0x03; 3934 sc->rxon.ofdm_mask = 0; 3935 } else { 3936 /* Assume 802.11b/g. */ 3937 sc->rxon.cck_mask = 0x0f; 3938 sc->rxon.ofdm_mask = 0x15; 3939 } 3940 3941 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x cck %x ofdm %x\n", 3942 sc->rxon.chan, sc->rxon.flags, sc->rxon.cck_mask, 3943 sc->rxon.ofdm_mask); 3944 3945 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 3946 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3947 __func__); 3948 } 3949 3950 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3951 3952 return error; 3953} 3954 3955static int 3956wpi_config_beacon(struct wpi_vap *wvp) 3957{ 3958 struct ieee80211com *ic = wvp->wv_vap.iv_ic; 3959 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 3960 struct wpi_buf *bcn = &wvp->wv_bcbuf; 3961 struct wpi_softc *sc = ic->ic_ifp->if_softc; 3962 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 3963 struct ieee80211_tim_ie *tie; 3964 struct mbuf *m; 3965 uint8_t *ptr; 3966 int error; 3967 3968 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3969 3970 WPI_LOCK_ASSERT(sc); 3971 3972 cmd->len = htole16(bcn->m->m_pkthdr.len); 3973 cmd->plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3974 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3975 3976 /* XXX seems to be unused */ 3977 if (*(bo->bo_tim) == IEEE80211_ELEMID_TIM) { 3978 tie = (struct ieee80211_tim_ie *) bo->bo_tim; 3979 ptr = mtod(bcn->m, uint8_t *); 3980 3981 cmd->tim = htole16(bo->bo_tim - ptr); 3982 cmd->timsz = tie->tim_len; 3983 } 3984 3985 /* Necessary for recursion in ieee80211_beacon_update(). */ 3986 m = bcn->m; 3987 bcn->m = m_dup(m, M_NOWAIT); 3988 if (bcn->m == NULL) { 3989 device_printf(sc->sc_dev, 3990 "%s: could not copy beacon frame\n", __func__); 3991 error = ENOMEM; 3992 goto end; 3993 } 3994 3995 if ((error = wpi_cmd2(sc, bcn)) != 0) { 3996 device_printf(sc->sc_dev, 3997 "%s: could not update beacon frame, error %d", __func__, 3998 error); 3999 } 4000 4001 /* Restore mbuf. */ 4002end: bcn->m = m; 4003 4004 return error; 4005} 4006 4007static int 4008wpi_setup_beacon(struct wpi_softc *sc, struct ieee80211_node *ni) 4009{ 4010 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap); 4011 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4012 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4013 struct mbuf *m; 4014 int error; 4015 4016 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4017 4018 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4019 return EINVAL; 4020 4021 m = ieee80211_beacon_alloc(ni, bo); 4022 if (m == NULL) { 4023 device_printf(sc->sc_dev, 4024 "%s: could not allocate beacon frame\n", __func__); 4025 return ENOMEM; 4026 } 4027 4028 if (bcn->m != NULL) 4029 m_freem(bcn->m); 4030 4031 bcn->m = m; 4032 4033 error = wpi_config_beacon(wvp); 4034 4035 return error; 4036} 4037 4038static void 4039wpi_update_beacon(struct ieee80211vap *vap, int item) 4040{ 4041 struct wpi_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4042 struct wpi_vap *wvp = WPI_VAP(vap); 4043 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4044 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4045 struct ieee80211_node *ni = vap->iv_bss; 4046 int mcast = 0; 4047 4048 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4049 4050 WPI_LOCK(sc); 4051 if (bcn->m == NULL) { 4052 bcn->m = ieee80211_beacon_alloc(ni, bo); 4053 if (bcn->m == NULL) { 4054 device_printf(sc->sc_dev, 4055 "%s: could not allocate beacon frame\n", __func__); 4056 WPI_UNLOCK(sc); 4057 4058 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, 4059 __func__); 4060 4061 return; 4062 } 4063 } 4064 WPI_UNLOCK(sc); 4065 4066 if (item == IEEE80211_BEACON_TIM) 4067 mcast = 1; /* TODO */ 4068 4069 setbit(bo->bo_flags, item); 4070 ieee80211_beacon_update(ni, bo, bcn->m, mcast); 4071 4072 WPI_LOCK(sc); 4073 wpi_config_beacon(wvp); 4074 WPI_UNLOCK(sc); 4075 4076 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4077} 4078 4079static void 4080wpi_newassoc(struct ieee80211_node *ni, int isnew) 4081{ 4082 struct ieee80211vap *vap = ni->ni_vap; 4083 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4084 struct wpi_node *wn = WPI_NODE(ni); 4085 int error; 4086 4087 WPI_NT_LOCK(sc); 4088 4089 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4090 4091 if (vap->iv_opmode != IEEE80211_M_STA && wn->id == WPI_ID_UNDEFINED) { 4092 if ((error = wpi_add_ibss_node(sc, ni)) != 0) { 4093 device_printf(sc->sc_dev, 4094 "%s: could not add IBSS node, error %d\n", 4095 __func__, error); 4096 } 4097 } 4098 WPI_NT_UNLOCK(sc); 4099} 4100 4101static int 4102wpi_run(struct wpi_softc *sc, struct ieee80211vap *vap) 4103{ 4104 struct ieee80211com *ic = vap->iv_ic; 4105 struct ieee80211_node *ni = vap->iv_bss; 4106 int error; 4107 4108 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4109 4110 if (vap->iv_opmode == IEEE80211_M_MONITOR) { 4111 /* Link LED blinks while monitoring. */ 4112 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 4113 return 0; 4114 } 4115 4116 /* XXX kernel panic workaround */ 4117 if (ni->ni_chan == IEEE80211_CHAN_ANYC) { 4118 device_printf(sc->sc_dev, "%s: incomplete configuration\n", 4119 __func__); 4120 return EINVAL; 4121 } 4122 4123 if ((error = wpi_set_timing(sc, ni)) != 0) { 4124 device_printf(sc->sc_dev, 4125 "%s: could not set timing, error %d\n", __func__, error); 4126 return error; 4127 } 4128 4129 /* Update adapter configuration. */ 4130 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4131 sc->rxon.associd = htole16(IEEE80211_NODE_AID(ni)); 4132 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 4133 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4134 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 4135 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4136 /* Short preamble and slot time are negotiated when associating. */ 4137 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 4138 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4139 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4140 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4141 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4142 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) { 4143 sc->rxon.cck_mask = 0; 4144 sc->rxon.ofdm_mask = 0x15; 4145 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) { 4146 sc->rxon.cck_mask = 0x03; 4147 sc->rxon.ofdm_mask = 0; 4148 } else { 4149 /* Assume 802.11b/g. */ 4150 sc->rxon.cck_mask = 0x0f; 4151 sc->rxon.ofdm_mask = 0x15; 4152 } 4153 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 4154 4155 /* XXX put somewhere HC_QOS_SUPPORT_ASSOC + HC_IBSS_START */ 4156 4157 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x\n", 4158 sc->rxon.chan, sc->rxon.flags); 4159 4160 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4161 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4162 __func__); 4163 return error; 4164 } 4165 4166 if (vap->iv_opmode == IEEE80211_M_IBSS) { 4167 if ((error = wpi_setup_beacon(sc, ni)) != 0) { 4168 device_printf(sc->sc_dev, 4169 "%s: could not setup beacon, error %d\n", __func__, 4170 error); 4171 return error; 4172 } 4173 } 4174 4175 if (vap->iv_opmode == IEEE80211_M_STA) { 4176 /* Add BSS node. */ 4177 WPI_NT_LOCK(sc); 4178 error = wpi_add_sta_node(sc, ni); 4179 WPI_NT_UNLOCK(sc); 4180 if (error != 0) { 4181 device_printf(sc->sc_dev, 4182 "%s: could not add BSS node, error %d\n", __func__, 4183 error); 4184 return error; 4185 } 4186 } 4187 4188 /* Link LED always on while associated. */ 4189 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 4190 4191 /* Start periodic calibration timer. */ 4192 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 4193 4194 /* Enable power-saving mode if requested by user. */ 4195 if (vap->iv_flags & IEEE80211_F_PMGTON) 4196 (void)wpi_set_pslevel(sc, 0, 3, 1); 4197 else 4198 (void)wpi_set_pslevel(sc, 0, 0, 1); 4199 4200 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4201 4202 return 0; 4203} 4204 4205static int 4206wpi_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, 4207 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) 4208{ 4209 struct wpi_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4210 4211 if (!(&vap->iv_nw_keys[0] <= k && 4212 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { 4213 if (k->wk_flags & IEEE80211_KEY_GROUP) { 4214 /* should not happen */ 4215 DPRINTF(sc, WPI_DEBUG_KEY, "%s: bogus group key\n", 4216 __func__); 4217 return 0; 4218 } 4219 *keyix = 0; /* NB: use key index 0 for ucast key */ 4220 } else { 4221 *keyix = *rxkeyix = k - vap->iv_nw_keys; 4222 4223 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) 4224 k->wk_flags |= IEEE80211_KEY_SWCRYPT; 4225 } 4226 return 1; 4227} 4228 4229static int 4230wpi_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k, 4231 const uint8_t mac[IEEE80211_ADDR_LEN]) 4232{ 4233 const struct ieee80211_cipher *cip = k->wk_cipher; 4234 struct ieee80211com *ic = vap->iv_ic; 4235 struct ieee80211_node *ni = vap->iv_bss; 4236 struct wpi_softc *sc = ic->ic_ifp->if_softc; 4237 struct wpi_node *wn = WPI_NODE(ni); 4238 struct wpi_node_info node; 4239 uint16_t kflags; 4240 int error; 4241 4242 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4243 4244 switch (cip->ic_cipher) { 4245 case IEEE80211_CIPHER_AES_CCM: 4246 if (k->wk_flags & IEEE80211_KEY_GROUP) 4247 return 1; 4248 4249 kflags = WPI_KFLAG_CCMP; 4250 break; 4251 default: 4252 /* null_key_set() */ 4253 return 1; 4254 } 4255 4256 if (wn->id == WPI_ID_UNDEFINED) 4257 return 0; 4258 4259 kflags |= WPI_KFLAG_KID(k->wk_keyix); 4260 if (k->wk_flags & IEEE80211_KEY_GROUP) 4261 kflags |= WPI_KFLAG_MULTICAST; 4262 4263 memset(&node, 0, sizeof node); 4264 node.id = wn->id; 4265 node.control = WPI_NODE_UPDATE; 4266 node.flags = WPI_FLAG_KEY_SET; 4267 node.kflags = htole16(kflags); 4268 memcpy(node.key, k->wk_key, k->wk_keylen); 4269 4270 DPRINTF(sc, WPI_DEBUG_KEY, "set key id=%d for node %d\n", k->wk_keyix, 4271 node.id); 4272 4273 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4274 if (error != 0) { 4275 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4276 error); 4277 return 0; 4278 } 4279 4280 return 1; 4281} 4282 4283static int 4284wpi_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 4285{ 4286 const struct ieee80211_cipher *cip = k->wk_cipher; 4287 struct ieee80211com *ic = vap->iv_ic; 4288 struct ieee80211_node *ni = vap->iv_bss; 4289 struct wpi_softc *sc = ic->ic_ifp->if_softc; 4290 struct wpi_node *wn = WPI_NODE(ni); 4291 struct wpi_node_info node; 4292 4293 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4294 4295 switch (cip->ic_cipher) { 4296 case IEEE80211_CIPHER_AES_CCM: 4297 break; 4298 default: 4299 /* null_key_delete() */ 4300 return 1; 4301 } 4302 4303 if (vap->iv_state != IEEE80211_S_RUN || 4304 (k->wk_flags & IEEE80211_KEY_GROUP)) 4305 return 1; /* Nothing to do. */ 4306 4307 memset(&node, 0, sizeof node); 4308 node.id = wn->id; 4309 node.control = WPI_NODE_UPDATE; 4310 node.flags = WPI_FLAG_KEY_SET; 4311 4312 DPRINTF(sc, WPI_DEBUG_KEY, "delete keys for node %d\n", node.id); 4313 (void)wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4314 4315 return 1; 4316} 4317 4318/* 4319 * This function is called after the runtime firmware notifies us of its 4320 * readiness (called in a process context). 4321 */ 4322static int 4323wpi_post_alive(struct wpi_softc *sc) 4324{ 4325 int ntries, error; 4326 4327 /* Check (again) that the radio is not disabled. */ 4328 if ((error = wpi_nic_lock(sc)) != 0) 4329 return error; 4330 4331 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4332 4333 /* NB: Runtime firmware must be up and running. */ 4334 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 4335 device_printf(sc->sc_dev, 4336 "RF switch: radio disabled (%s)\n", __func__); 4337 wpi_nic_unlock(sc); 4338 return EPERM; /* :-) */ 4339 } 4340 wpi_nic_unlock(sc); 4341 4342 /* Wait for thermal sensor to calibrate. */ 4343 for (ntries = 0; ntries < 1000; ntries++) { 4344 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 4345 break; 4346 DELAY(10); 4347 } 4348 4349 if (ntries == 1000) { 4350 device_printf(sc->sc_dev, 4351 "timeout waiting for thermal sensor calibration\n"); 4352 return ETIMEDOUT; 4353 } 4354 4355 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d\n", sc->temp); 4356 return 0; 4357} 4358 4359/* 4360 * The firmware boot code is small and is intended to be copied directly into 4361 * the NIC internal memory (no DMA transfer). 4362 */ 4363static int 4364wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 4365{ 4366 int error, ntries; 4367 4368 DPRINTF(sc, WPI_DEBUG_HW, "Loading microcode size 0x%x\n", size); 4369 4370 size /= sizeof (uint32_t); 4371 4372 if ((error = wpi_nic_lock(sc)) != 0) 4373 return error; 4374 4375 /* Copy microcode image into NIC memory. */ 4376 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 4377 (const uint32_t *)ucode, size); 4378 4379 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 4380 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 4381 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 4382 4383 /* Start boot load now. */ 4384 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 4385 4386 /* Wait for transfer to complete. */ 4387 for (ntries = 0; ntries < 1000; ntries++) { 4388 uint32_t status = WPI_READ(sc, WPI_FH_TX_STATUS); 4389 DPRINTF(sc, WPI_DEBUG_HW, 4390 "firmware status=0x%x, val=0x%x, result=0x%x\n", status, 4391 WPI_FH_TX_STATUS_IDLE(6), 4392 status & WPI_FH_TX_STATUS_IDLE(6)); 4393 if (status & WPI_FH_TX_STATUS_IDLE(6)) { 4394 DPRINTF(sc, WPI_DEBUG_HW, 4395 "Status Match! - ntries = %d\n", ntries); 4396 break; 4397 } 4398 DELAY(10); 4399 } 4400 if (ntries == 1000) { 4401 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4402 __func__); 4403 wpi_nic_unlock(sc); 4404 return ETIMEDOUT; 4405 } 4406 4407 /* Enable boot after power up. */ 4408 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 4409 4410 wpi_nic_unlock(sc); 4411 return 0; 4412} 4413 4414static int 4415wpi_load_firmware(struct wpi_softc *sc) 4416{ 4417 struct wpi_fw_info *fw = &sc->fw; 4418 struct wpi_dma_info *dma = &sc->fw_dma; 4419 int error; 4420 4421 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4422 4423 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 4424 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 4425 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4426 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->init.text, fw->init.textsz); 4427 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4428 4429 /* Tell adapter where to find initialization sections. */ 4430 if ((error = wpi_nic_lock(sc)) != 0) 4431 return error; 4432 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4433 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 4434 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4435 dma->paddr + WPI_FW_DATA_MAXSZ); 4436 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 4437 wpi_nic_unlock(sc); 4438 4439 /* Load firmware boot code. */ 4440 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 4441 if (error != 0) { 4442 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4443 __func__); 4444 return error; 4445 } 4446 4447 /* Now press "execute". */ 4448 WPI_WRITE(sc, WPI_RESET, 0); 4449 4450 /* Wait at most one second for first alive notification. */ 4451 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 4452 device_printf(sc->sc_dev, 4453 "%s: timeout waiting for adapter to initialize, error %d\n", 4454 __func__, error); 4455 return error; 4456 } 4457 4458 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 4459 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 4460 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4461 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->main.text, fw->main.textsz); 4462 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4463 4464 /* Tell adapter where to find runtime sections. */ 4465 if ((error = wpi_nic_lock(sc)) != 0) 4466 return error; 4467 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4468 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 4469 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4470 dma->paddr + WPI_FW_DATA_MAXSZ); 4471 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 4472 WPI_FW_UPDATED | fw->main.textsz); 4473 wpi_nic_unlock(sc); 4474 4475 return 0; 4476} 4477 4478static int 4479wpi_read_firmware(struct wpi_softc *sc) 4480{ 4481 const struct firmware *fp; 4482 struct wpi_fw_info *fw = &sc->fw; 4483 const struct wpi_firmware_hdr *hdr; 4484 int error; 4485 4486 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4487 4488 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4489 "Attempting Loading Firmware from %s module\n", WPI_FW_NAME); 4490 4491 WPI_UNLOCK(sc); 4492 fp = firmware_get(WPI_FW_NAME); 4493 WPI_LOCK(sc); 4494 4495 if (fp == NULL) { 4496 device_printf(sc->sc_dev, 4497 "could not load firmware image '%s'\n", WPI_FW_NAME); 4498 return EINVAL; 4499 } 4500 4501 sc->fw_fp = fp; 4502 4503 if (fp->datasize < sizeof (struct wpi_firmware_hdr)) { 4504 device_printf(sc->sc_dev, 4505 "firmware file too short: %zu bytes\n", fp->datasize); 4506 error = EINVAL; 4507 goto fail; 4508 } 4509 4510 fw->size = fp->datasize; 4511 fw->data = (const uint8_t *)fp->data; 4512 4513 /* Extract firmware header information. */ 4514 hdr = (const struct wpi_firmware_hdr *)fw->data; 4515 4516 /* | RUNTIME FIRMWARE | INIT FIRMWARE | BOOT FW | 4517 |HDR|<--TEXT-->|<--DATA-->|<--TEXT-->|<--DATA-->|<--TEXT-->| */ 4518 4519 fw->main.textsz = le32toh(hdr->rtextsz); 4520 fw->main.datasz = le32toh(hdr->rdatasz); 4521 fw->init.textsz = le32toh(hdr->itextsz); 4522 fw->init.datasz = le32toh(hdr->idatasz); 4523 fw->boot.textsz = le32toh(hdr->btextsz); 4524 fw->boot.datasz = 0; 4525 4526 /* Sanity-check firmware header. */ 4527 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 4528 fw->main.datasz > WPI_FW_DATA_MAXSZ || 4529 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 4530 fw->init.datasz > WPI_FW_DATA_MAXSZ || 4531 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 4532 (fw->boot.textsz & 3) != 0) { 4533 device_printf(sc->sc_dev, "invalid firmware header\n"); 4534 error = EINVAL; 4535 goto fail; 4536 } 4537 4538 /* Check that all firmware sections fit. */ 4539 if (fw->size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 4540 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 4541 device_printf(sc->sc_dev, 4542 "firmware file too short: %zu bytes\n", fw->size); 4543 error = EINVAL; 4544 goto fail; 4545 } 4546 4547 /* Get pointers to firmware sections. */ 4548 fw->main.text = (const uint8_t *)(hdr + 1); 4549 fw->main.data = fw->main.text + fw->main.textsz; 4550 fw->init.text = fw->main.data + fw->main.datasz; 4551 fw->init.data = fw->init.text + fw->init.textsz; 4552 fw->boot.text = fw->init.data + fw->init.datasz; 4553 4554 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4555 "Firmware Version: Major %d, Minor %d, Driver %d, \n" 4556 "runtime (text: %u, data: %u) init (text: %u, data %u) " 4557 "boot (text %u)\n", hdr->major, hdr->minor, le32toh(hdr->driver), 4558 fw->main.textsz, fw->main.datasz, 4559 fw->init.textsz, fw->init.datasz, fw->boot.textsz); 4560 4561 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.text %p\n", fw->main.text); 4562 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.data %p\n", fw->main.data); 4563 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.text %p\n", fw->init.text); 4564 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.data %p\n", fw->init.data); 4565 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->boot.text %p\n", fw->boot.text); 4566 4567 return 0; 4568 4569fail: wpi_unload_firmware(sc); 4570 return error; 4571} 4572 4573/** 4574 * Free the referenced firmware image 4575 */ 4576static void 4577wpi_unload_firmware(struct wpi_softc *sc) 4578{ 4579 if (sc->fw_fp != NULL) { 4580 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD); 4581 sc->fw_fp = NULL; 4582 } 4583} 4584 4585static int 4586wpi_clock_wait(struct wpi_softc *sc) 4587{ 4588 int ntries; 4589 4590 /* Set "initialization complete" bit. */ 4591 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 4592 4593 /* Wait for clock stabilization. */ 4594 for (ntries = 0; ntries < 2500; ntries++) { 4595 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 4596 return 0; 4597 DELAY(100); 4598 } 4599 device_printf(sc->sc_dev, 4600 "%s: timeout waiting for clock stabilization\n", __func__); 4601 4602 return ETIMEDOUT; 4603} 4604 4605static int 4606wpi_apm_init(struct wpi_softc *sc) 4607{ 4608 uint32_t reg; 4609 int error; 4610 4611 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4612 4613 /* Disable L0s exit timer (NMI bug workaround). */ 4614 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_DIS_L0S_TIMER); 4615 /* Don't wait for ICH L0s (ICH bug workaround). */ 4616 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 4617 4618 /* Set FH wait threshold to max (HW bug under stress workaround). */ 4619 WPI_SETBITS(sc, WPI_DBG_HPET_MEM, 0xffff0000); 4620 4621 /* Retrieve PCIe Active State Power Management (ASPM). */ 4622 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 4623 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */ 4624 if (reg & 0x02) /* L1 Entry enabled. */ 4625 WPI_SETBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4626 else 4627 WPI_CLRBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4628 4629 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 4630 4631 /* Wait for clock stabilization before accessing prph. */ 4632 if ((error = wpi_clock_wait(sc)) != 0) 4633 return error; 4634 4635 if ((error = wpi_nic_lock(sc)) != 0) 4636 return error; 4637 /* Enable DMA and BSM (Bootstrap State Machine). */ 4638 wpi_prph_write(sc, WPI_APMG_CLK_EN, 4639 WPI_APMG_CLK_CTRL_DMA_CLK_RQT | WPI_APMG_CLK_CTRL_BSM_CLK_RQT); 4640 DELAY(20); 4641 /* Disable L1-Active. */ 4642 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 4643 /* ??? */ 4644 wpi_prph_clrbits(sc, WPI_APMG_PS, 0x00000E00); 4645 wpi_nic_unlock(sc); 4646 4647 return 0; 4648} 4649 4650static void 4651wpi_apm_stop_master(struct wpi_softc *sc) 4652{ 4653 int ntries; 4654 4655 /* Stop busmaster DMA activity. */ 4656 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 4657 4658 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 4659 WPI_GP_CNTRL_MAC_PS) 4660 return; /* Already asleep. */ 4661 4662 for (ntries = 0; ntries < 100; ntries++) { 4663 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 4664 return; 4665 DELAY(10); 4666 } 4667 device_printf(sc->sc_dev, "%s: timeout waiting for master\n", 4668 __func__); 4669} 4670 4671static void 4672wpi_apm_stop(struct wpi_softc *sc) 4673{ 4674 wpi_apm_stop_master(sc); 4675 4676 /* Reset the entire device. */ 4677 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 4678 DELAY(10); 4679 /* Clear "initialization complete" bit. */ 4680 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 4681} 4682 4683static void 4684wpi_nic_config(struct wpi_softc *sc) 4685{ 4686 uint32_t rev; 4687 4688 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4689 4690 /* voodoo from the Linux "driver".. */ 4691 rev = pci_read_config(sc->sc_dev, PCIR_REVID, 1); 4692 if ((rev & 0xc0) == 0x40) 4693 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 4694 else if (!(rev & 0x80)) 4695 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 4696 4697 if (sc->cap == 0x80) 4698 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 4699 4700 if ((sc->rev & 0xf0) == 0xd0) 4701 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 4702 else 4703 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 4704 4705 if (sc->type > 1) 4706 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 4707} 4708 4709static int 4710wpi_hw_init(struct wpi_softc *sc) 4711{ 4712 int chnl, ntries, error; 4713 4714 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4715 4716 /* Clear pending interrupts. */ 4717 WPI_WRITE(sc, WPI_INT, 0xffffffff); 4718 4719 if ((error = wpi_apm_init(sc)) != 0) { 4720 device_printf(sc->sc_dev, 4721 "%s: could not power ON adapter, error %d\n", __func__, 4722 error); 4723 return error; 4724 } 4725 4726 /* Select VMAIN power source. */ 4727 if ((error = wpi_nic_lock(sc)) != 0) 4728 return error; 4729 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 4730 wpi_nic_unlock(sc); 4731 /* Spin until VMAIN gets selected. */ 4732 for (ntries = 0; ntries < 5000; ntries++) { 4733 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 4734 break; 4735 DELAY(10); 4736 } 4737 if (ntries == 5000) { 4738 device_printf(sc->sc_dev, "timeout selecting power source\n"); 4739 return ETIMEDOUT; 4740 } 4741 4742 /* Perform adapter initialization. */ 4743 wpi_nic_config(sc); 4744 4745 /* Initialize RX ring. */ 4746 if ((error = wpi_nic_lock(sc)) != 0) 4747 return error; 4748 /* Set physical address of RX ring. */ 4749 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 4750 /* Set physical address of RX read pointer. */ 4751 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 4752 offsetof(struct wpi_shared, next)); 4753 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 4754 /* Enable RX. */ 4755 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 4756 WPI_FH_RX_CONFIG_DMA_ENA | 4757 WPI_FH_RX_CONFIG_RDRBD_ENA | 4758 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 4759 WPI_FH_RX_CONFIG_MAXFRAG | 4760 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 4761 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 4762 WPI_FH_RX_CONFIG_IRQ_TIMEOUT(1)); 4763 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 4764 wpi_nic_unlock(sc); 4765 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 4766 4767 /* Initialize TX rings. */ 4768 if ((error = wpi_nic_lock(sc)) != 0) 4769 return error; 4770 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 4771 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 4772 /* Enable all 6 TX rings. */ 4773 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 4774 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 4775 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 4776 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 4777 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 4778 /* Set physical address of TX rings. */ 4779 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 4780 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 4781 4782 /* Enable all DMA channels. */ 4783 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 4784 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 4785 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 4786 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 4787 } 4788 wpi_nic_unlock(sc); 4789 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 4790 4791 /* Clear "radio off" and "commands blocked" bits. */ 4792 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 4793 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 4794 4795 /* Clear pending interrupts. */ 4796 WPI_WRITE(sc, WPI_INT, 0xffffffff); 4797 /* Enable interrupts. */ 4798 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 4799 4800 /* _Really_ make sure "radio off" bit is cleared! */ 4801 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 4802 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 4803 4804 if ((error = wpi_load_firmware(sc)) != 0) { 4805 device_printf(sc->sc_dev, 4806 "%s: could not load firmware, error %d\n", __func__, 4807 error); 4808 return error; 4809 } 4810 /* Wait at most one second for firmware alive notification. */ 4811 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 4812 device_printf(sc->sc_dev, 4813 "%s: timeout waiting for adapter to initialize, error %d\n", 4814 __func__, error); 4815 return error; 4816 } 4817 4818 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4819 4820 /* Do post-firmware initialization. */ 4821 return wpi_post_alive(sc); 4822} 4823 4824static void 4825wpi_hw_stop(struct wpi_softc *sc) 4826{ 4827 int chnl, qid, ntries; 4828 4829 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4830 4831 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) 4832 wpi_nic_lock(sc); 4833 4834 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 4835 4836 /* Disable interrupts. */ 4837 WPI_WRITE(sc, WPI_INT_MASK, 0); 4838 WPI_WRITE(sc, WPI_INT, 0xffffffff); 4839 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 4840 4841 /* Make sure we no longer hold the NIC lock. */ 4842 wpi_nic_unlock(sc); 4843 4844 if (wpi_nic_lock(sc) == 0) { 4845 /* Stop TX scheduler. */ 4846 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 4847 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 4848 4849 /* Stop all DMA channels. */ 4850 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 4851 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 4852 for (ntries = 0; ntries < 200; ntries++) { 4853 if (WPI_READ(sc, WPI_FH_TX_STATUS) & 4854 WPI_FH_TX_STATUS_IDLE(chnl)) 4855 break; 4856 DELAY(10); 4857 } 4858 } 4859 wpi_nic_unlock(sc); 4860 } 4861 4862 /* Stop RX ring. */ 4863 wpi_reset_rx_ring(sc); 4864 4865 /* Reset all TX rings. */ 4866 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 4867 wpi_reset_tx_ring(sc, &sc->txq[qid]); 4868 4869 if (wpi_nic_lock(sc) == 0) { 4870 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 4871 WPI_APMG_CLK_CTRL_DMA_CLK_RQT); 4872 wpi_nic_unlock(sc); 4873 } 4874 DELAY(5); 4875 /* Power OFF adapter. */ 4876 wpi_apm_stop(sc); 4877} 4878 4879static void 4880wpi_radio_on(void *arg0, int pending) 4881{ 4882 struct wpi_softc *sc = arg0; 4883 struct ifnet *ifp = sc->sc_ifp; 4884 struct ieee80211com *ic = ifp->if_l2com; 4885 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4886 4887 device_printf(sc->sc_dev, "RF switch: radio enabled\n"); 4888 4889 if (vap != NULL) { 4890 wpi_init(sc); 4891 ieee80211_init(vap); 4892 } 4893 4894 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL) { 4895 WPI_LOCK(sc); 4896 callout_stop(&sc->watchdog_rfkill); 4897 WPI_UNLOCK(sc); 4898 } 4899} 4900 4901static void 4902wpi_radio_off(void *arg0, int pending) 4903{ 4904 struct wpi_softc *sc = arg0; 4905 struct ifnet *ifp = sc->sc_ifp; 4906 struct ieee80211com *ic = ifp->if_l2com; 4907 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4908 4909 device_printf(sc->sc_dev, "RF switch: radio disabled\n"); 4910 4911 wpi_stop(sc); 4912 if (vap != NULL) 4913 ieee80211_stop(vap); 4914 4915 WPI_LOCK(sc); 4916 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, sc); 4917 WPI_UNLOCK(sc); 4918} 4919 4920static void 4921wpi_init_locked(struct wpi_softc *sc) 4922{ 4923 struct ifnet *ifp = sc->sc_ifp; 4924 int error; 4925 4926 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4927 4928 WPI_LOCK_ASSERT(sc); 4929 4930 /* Check that the radio is not disabled by hardware switch. */ 4931 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 4932 device_printf(sc->sc_dev, 4933 "RF switch: radio disabled (%s)\n", __func__); 4934 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 4935 sc); 4936 return; 4937 } 4938 4939 /* Read firmware images from the filesystem. */ 4940 if ((error = wpi_read_firmware(sc)) != 0) { 4941 device_printf(sc->sc_dev, 4942 "%s: could not read firmware, error %d\n", __func__, 4943 error); 4944 goto fail; 4945 } 4946 4947 /* Initialize hardware and upload firmware. */ 4948 error = wpi_hw_init(sc); 4949 wpi_unload_firmware(sc); 4950 if (error != 0) { 4951 device_printf(sc->sc_dev, 4952 "%s: could not initialize hardware, error %d\n", __func__, 4953 error); 4954 goto fail; 4955 } 4956 4957 /* Configure adapter now that it is ready. */ 4958 sc->txq_active = 1; 4959 if ((error = wpi_config(sc)) != 0) { 4960 device_printf(sc->sc_dev, 4961 "%s: could not configure device, error %d\n", __func__, 4962 error); 4963 goto fail; 4964 } 4965 4966 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 4967 ifp->if_drv_flags |= IFF_DRV_RUNNING; 4968 4969 callout_reset(&sc->watchdog_to, hz, wpi_watchdog, sc); 4970 4971 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4972 4973 return; 4974 4975fail: wpi_stop_locked(sc); 4976 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 4977} 4978 4979static void 4980wpi_init(void *arg) 4981{ 4982 struct wpi_softc *sc = arg; 4983 struct ifnet *ifp = sc->sc_ifp; 4984 struct ieee80211com *ic = ifp->if_l2com; 4985 4986 WPI_LOCK(sc); 4987 wpi_init_locked(sc); 4988 WPI_UNLOCK(sc); 4989 4990 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4991 ieee80211_start_all(ic); 4992} 4993 4994static void 4995wpi_stop_locked(struct wpi_softc *sc) 4996{ 4997 struct ifnet *ifp = sc->sc_ifp; 4998 4999 WPI_LOCK_ASSERT(sc); 5000 5001 WPI_TXQ_LOCK(sc); 5002 sc->txq_active = 0; 5003 WPI_TXQ_UNLOCK(sc); 5004 5005 sc->sc_scan_timer = 0; 5006 sc->sc_tx_timer = 0; 5007 callout_stop(&sc->watchdog_to); 5008 callout_stop(&sc->calib_to); 5009 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 5010 5011 /* Power OFF hardware. */ 5012 wpi_hw_stop(sc); 5013} 5014 5015static void 5016wpi_stop(struct wpi_softc *sc) 5017{ 5018 WPI_LOCK(sc); 5019 wpi_stop_locked(sc); 5020 WPI_UNLOCK(sc); 5021} 5022 5023/* 5024 * Callback from net80211 to start a scan. 5025 */ 5026static void 5027wpi_scan_start(struct ieee80211com *ic) 5028{ 5029 struct wpi_softc *sc = ic->ic_ifp->if_softc; 5030 5031 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 5032} 5033 5034/* 5035 * Callback from net80211 to terminate a scan. 5036 */ 5037static void 5038wpi_scan_end(struct ieee80211com *ic) 5039{ 5040 struct ifnet *ifp = ic->ic_ifp; 5041 struct wpi_softc *sc = ifp->if_softc; 5042 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5043 5044 if (vap->iv_state == IEEE80211_S_RUN) 5045 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 5046} 5047 5048/** 5049 * Called by the net80211 framework to indicate to the driver 5050 * that the channel should be changed 5051 */ 5052static void 5053wpi_set_channel(struct ieee80211com *ic) 5054{ 5055 const struct ieee80211_channel *c = ic->ic_curchan; 5056 struct ifnet *ifp = ic->ic_ifp; 5057 struct wpi_softc *sc = ifp->if_softc; 5058 int error; 5059 5060 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5061 5062 WPI_LOCK(sc); 5063 sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq); 5064 sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags); 5065 sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq); 5066 sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags); 5067 5068 /* 5069 * Only need to set the channel in Monitor mode. AP scanning and auth 5070 * are already taken care of by their respective firmware commands. 5071 */ 5072 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 5073 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 5074 if (IEEE80211_IS_CHAN_2GHZ(c)) { 5075 sc->rxon.flags |= htole32(WPI_RXON_AUTO | 5076 WPI_RXON_24GHZ); 5077 } else { 5078 sc->rxon.flags &= ~htole32(WPI_RXON_AUTO | 5079 WPI_RXON_24GHZ); 5080 } 5081 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) 5082 device_printf(sc->sc_dev, 5083 "%s: error %d settting channel\n", __func__, 5084 error); 5085 } 5086 WPI_UNLOCK(sc); 5087} 5088 5089/** 5090 * Called by net80211 to indicate that we need to scan the current 5091 * channel. The channel is previously be set via the wpi_set_channel 5092 * callback. 5093 */ 5094static void 5095wpi_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 5096{ 5097 struct ieee80211vap *vap = ss->ss_vap; 5098 struct ieee80211com *ic = vap->iv_ic; 5099 struct wpi_softc *sc = ic->ic_ifp->if_softc; 5100 int error; 5101 5102 if (sc->rxon.chan != ieee80211_chan2ieee(ic, ic->ic_curchan)) { 5103 WPI_LOCK(sc); 5104 error = wpi_scan(sc, ic->ic_curchan); 5105 WPI_UNLOCK(sc); 5106 if (error != 0) 5107 ieee80211_cancel_scan(vap); 5108 } else { 5109 /* Send probe request when associated. */ 5110 sc->sc_scan_curchan(ss, maxdwell); 5111 } 5112} 5113 5114/** 5115 * Called by the net80211 framework to indicate 5116 * the minimum dwell time has been met, terminate the scan. 5117 * We don't actually terminate the scan as the firmware will notify 5118 * us when it's finished and we have no way to interrupt it. 5119 */ 5120static void 5121wpi_scan_mindwell(struct ieee80211_scan_state *ss) 5122{ 5123 /* NB: don't try to abort scan; wait for firmware to finish */ 5124} 5125 5126static void 5127wpi_hw_reset(void *arg, int pending) 5128{ 5129 struct wpi_softc *sc = arg; 5130 struct ifnet *ifp = sc->sc_ifp; 5131 struct ieee80211com *ic = ifp->if_l2com; 5132 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5133 5134 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5135 5136 wpi_stop(sc); 5137 if (vap != NULL) 5138 ieee80211_stop(vap); 5139 wpi_init(sc); 5140 if (vap != NULL) 5141 ieee80211_init(vap); 5142} 5143