if_wpi.c revision 280104
1/*- 2 * Copyright (c) 2006,2007 3 * Damien Bergamini <damien.bergamini@free.fr> 4 * Benjamin Close <Benjamin.Close@clearchain.com> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/cdefs.h> 20__FBSDID("$FreeBSD: head/sys/dev/wpi/if_wpi.c 280104 2015-03-15 21:17:58Z adrian $"); 21 22/* 23 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 24 * 25 * The 3945ABG network adapter doesn't use traditional hardware as 26 * many other adaptors do. Instead at run time the eeprom is set into a known 27 * state and told to load boot firmware. The boot firmware loads an init and a 28 * main binary firmware image into SRAM on the card via DMA. 29 * Once the firmware is loaded, the driver/hw then 30 * communicate by way of circular dma rings via the SRAM to the firmware. 31 * 32 * There is 6 memory rings. 1 command ring, 1 rx data ring & 4 tx data rings. 33 * The 4 tx data rings allow for prioritization QoS. 34 * 35 * The rx data ring consists of 32 dma buffers. Two registers are used to 36 * indicate where in the ring the driver and the firmware are up to. The 37 * driver sets the initial read index (reg1) and the initial write index (reg2), 38 * the firmware updates the read index (reg1) on rx of a packet and fires an 39 * interrupt. The driver then processes the buffers starting at reg1 indicating 40 * to the firmware which buffers have been accessed by updating reg2. At the 41 * same time allocating new memory for the processed buffer. 42 * 43 * A similar thing happens with the tx rings. The difference is the firmware 44 * stop processing buffers once the queue is full and until confirmation 45 * of a successful transmition (tx_done) has occurred. 46 * 47 * The command ring operates in the same manner as the tx queues. 48 * 49 * All communication direct to the card (ie eeprom) is classed as Stage1 50 * communication 51 * 52 * All communication via the firmware to the card is classed as State2. 53 * The firmware consists of 2 parts. A bootstrap firmware and a runtime 54 * firmware. The bootstrap firmware and runtime firmware are loaded 55 * from host memory via dma to the card then told to execute. From this point 56 * on the majority of communications between the driver and the card goes 57 * via the firmware. 58 */ 59 60#include "opt_wlan.h" 61#include "opt_wpi.h" 62 63#include <sys/param.h> 64#include <sys/sysctl.h> 65#include <sys/sockio.h> 66#include <sys/mbuf.h> 67#include <sys/kernel.h> 68#include <sys/socket.h> 69#include <sys/systm.h> 70#include <sys/malloc.h> 71#include <sys/queue.h> 72#include <sys/taskqueue.h> 73#include <sys/module.h> 74#include <sys/bus.h> 75#include <sys/endian.h> 76#include <sys/linker.h> 77#include <sys/firmware.h> 78 79#include <machine/bus.h> 80#include <machine/resource.h> 81#include <sys/rman.h> 82 83#include <dev/pci/pcireg.h> 84#include <dev/pci/pcivar.h> 85 86#include <net/bpf.h> 87#include <net/if.h> 88#include <net/if_var.h> 89#include <net/if_arp.h> 90#include <net/ethernet.h> 91#include <net/if_dl.h> 92#include <net/if_media.h> 93#include <net/if_types.h> 94 95#include <netinet/in.h> 96#include <netinet/in_systm.h> 97#include <netinet/in_var.h> 98#include <netinet/if_ether.h> 99#include <netinet/ip.h> 100 101#include <net80211/ieee80211_var.h> 102#include <net80211/ieee80211_radiotap.h> 103#include <net80211/ieee80211_regdomain.h> 104#include <net80211/ieee80211_ratectl.h> 105 106#include <dev/wpi/if_wpireg.h> 107#include <dev/wpi/if_wpivar.h> 108#include <dev/wpi/if_wpi_debug.h> 109 110struct wpi_ident { 111 uint16_t vendor; 112 uint16_t device; 113 uint16_t subdevice; 114 const char *name; 115}; 116 117static const struct wpi_ident wpi_ident_table[] = { 118 /* The below entries support ABG regardless of the subid */ 119 { 0x8086, 0x4222, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 120 { 0x8086, 0x4227, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 121 /* The below entries only support BG */ 122 { 0x8086, 0x4222, 0x1005, "Intel(R) PRO/Wireless 3945BG" }, 123 { 0x8086, 0x4222, 0x1034, "Intel(R) PRO/Wireless 3945BG" }, 124 { 0x8086, 0x4227, 0x1014, "Intel(R) PRO/Wireless 3945BG" }, 125 { 0x8086, 0x4222, 0x1044, "Intel(R) PRO/Wireless 3945BG" }, 126 { 0, 0, 0, NULL } 127}; 128 129static int wpi_probe(device_t); 130static int wpi_attach(device_t); 131static void wpi_radiotap_attach(struct wpi_softc *); 132static void wpi_sysctlattach(struct wpi_softc *); 133static void wpi_init_beacon(struct wpi_vap *); 134static struct ieee80211vap *wpi_vap_create(struct ieee80211com *, 135 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 136 const uint8_t [IEEE80211_ADDR_LEN], 137 const uint8_t [IEEE80211_ADDR_LEN]); 138static void wpi_vap_delete(struct ieee80211vap *); 139static int wpi_detach(device_t); 140static int wpi_shutdown(device_t); 141static int wpi_suspend(device_t); 142static int wpi_resume(device_t); 143static int wpi_nic_lock(struct wpi_softc *); 144static int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 145static void wpi_dma_map_addr(void *, bus_dma_segment_t *, int, int); 146static int wpi_dma_contig_alloc(struct wpi_softc *, struct wpi_dma_info *, 147 void **, bus_size_t, bus_size_t); 148static void wpi_dma_contig_free(struct wpi_dma_info *); 149static int wpi_alloc_shared(struct wpi_softc *); 150static void wpi_free_shared(struct wpi_softc *); 151static int wpi_alloc_fwmem(struct wpi_softc *); 152static void wpi_free_fwmem(struct wpi_softc *); 153static int wpi_alloc_rx_ring(struct wpi_softc *); 154static void wpi_update_rx_ring(struct wpi_softc *); 155static void wpi_reset_rx_ring(struct wpi_softc *); 156static void wpi_free_rx_ring(struct wpi_softc *); 157static int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 158 int); 159static void wpi_update_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 160static void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 161static void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 162static int wpi_read_eeprom(struct wpi_softc *, 163 uint8_t macaddr[IEEE80211_ADDR_LEN]); 164static uint32_t wpi_eeprom_channel_flags(struct wpi_eeprom_chan *); 165static void wpi_read_eeprom_band(struct wpi_softc *, int); 166static int wpi_read_eeprom_channels(struct wpi_softc *, int); 167static struct wpi_eeprom_chan *wpi_find_eeprom_channel(struct wpi_softc *, 168 struct ieee80211_channel *); 169static int wpi_setregdomain(struct ieee80211com *, 170 struct ieee80211_regdomain *, int, 171 struct ieee80211_channel[]); 172static int wpi_read_eeprom_group(struct wpi_softc *, int); 173static int wpi_add_node_entry_adhoc(struct wpi_softc *); 174static void wpi_node_free(struct ieee80211_node *); 175static struct ieee80211_node *wpi_node_alloc(struct ieee80211vap *, 176 const uint8_t mac[IEEE80211_ADDR_LEN]); 177static int wpi_newstate(struct ieee80211vap *, enum ieee80211_state, int); 178static void wpi_calib_timeout(void *); 179static void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 180 struct wpi_rx_data *); 181static void wpi_rx_statistics(struct wpi_softc *, struct wpi_rx_desc *, 182 struct wpi_rx_data *); 183static void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 184static void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 185static void wpi_notif_intr(struct wpi_softc *); 186static void wpi_wakeup_intr(struct wpi_softc *); 187#ifdef WPI_DEBUG 188static void wpi_debug_registers(struct wpi_softc *); 189#endif 190static void wpi_fatal_intr(struct wpi_softc *); 191static void wpi_intr(void *); 192static int wpi_cmd2(struct wpi_softc *, struct wpi_buf *); 193static int wpi_tx_data(struct wpi_softc *, struct mbuf *, 194 struct ieee80211_node *); 195static int wpi_tx_data_raw(struct wpi_softc *, struct mbuf *, 196 struct ieee80211_node *, 197 const struct ieee80211_bpf_params *); 198static int wpi_raw_xmit(struct ieee80211_node *, struct mbuf *, 199 const struct ieee80211_bpf_params *); 200static void wpi_start(struct ifnet *); 201static void wpi_start_task(void *, int); 202static void wpi_watchdog_rfkill(void *); 203static void wpi_watchdog(void *); 204static int wpi_ioctl(struct ifnet *, u_long, caddr_t); 205static int wpi_cmd(struct wpi_softc *, int, const void *, size_t, int); 206static int wpi_mrr_setup(struct wpi_softc *); 207static int wpi_add_node(struct wpi_softc *, struct ieee80211_node *); 208static int wpi_add_broadcast_node(struct wpi_softc *, int); 209static int wpi_add_ibss_node(struct wpi_softc *, struct ieee80211_node *); 210static void wpi_del_node(struct wpi_softc *, struct ieee80211_node *); 211static int wpi_updateedca(struct ieee80211com *); 212static void wpi_set_promisc(struct wpi_softc *); 213static void wpi_update_promisc(struct ifnet *); 214static void wpi_update_mcast(struct ifnet *); 215static void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 216static int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 217static void wpi_power_calibration(struct wpi_softc *); 218static int wpi_set_txpower(struct wpi_softc *, int); 219static int wpi_get_power_index(struct wpi_softc *, 220 struct wpi_power_group *, struct ieee80211_channel *, int); 221static int wpi_set_pslevel(struct wpi_softc *, uint8_t, int, int); 222static int wpi_send_btcoex(struct wpi_softc *); 223static int wpi_send_rxon(struct wpi_softc *, int, int); 224static int wpi_config(struct wpi_softc *); 225static uint16_t wpi_get_active_dwell_time(struct wpi_softc *, 226 struct ieee80211_channel *, uint8_t); 227static uint16_t wpi_limit_dwell(struct wpi_softc *, uint16_t); 228static uint16_t wpi_get_passive_dwell_time(struct wpi_softc *, 229 struct ieee80211_channel *); 230static int wpi_scan(struct wpi_softc *, struct ieee80211_channel *); 231static int wpi_auth(struct wpi_softc *, struct ieee80211vap *); 232static int wpi_config_beacon(struct wpi_vap *); 233static int wpi_setup_beacon(struct wpi_softc *, struct ieee80211_node *); 234static void wpi_update_beacon(struct ieee80211vap *, int); 235static void wpi_newassoc(struct ieee80211_node *, int); 236static int wpi_run(struct wpi_softc *, struct ieee80211vap *); 237static int wpi_load_key(struct ieee80211_node *, 238 const struct ieee80211_key *); 239static void wpi_load_key_cb(void *, struct ieee80211_node *); 240static int wpi_set_global_keys(struct ieee80211_node *); 241static int wpi_del_key(struct ieee80211_node *, 242 const struct ieee80211_key *); 243static void wpi_del_key_cb(void *, struct ieee80211_node *); 244static int wpi_process_key(struct ieee80211vap *, 245 const struct ieee80211_key *, int); 246static int wpi_key_set(struct ieee80211vap *, 247 const struct ieee80211_key *, 248 const uint8_t mac[IEEE80211_ADDR_LEN]); 249static int wpi_key_delete(struct ieee80211vap *, 250 const struct ieee80211_key *); 251static int wpi_post_alive(struct wpi_softc *); 252static int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 253static int wpi_load_firmware(struct wpi_softc *); 254static int wpi_read_firmware(struct wpi_softc *); 255static void wpi_unload_firmware(struct wpi_softc *); 256static int wpi_clock_wait(struct wpi_softc *); 257static int wpi_apm_init(struct wpi_softc *); 258static void wpi_apm_stop_master(struct wpi_softc *); 259static void wpi_apm_stop(struct wpi_softc *); 260static void wpi_nic_config(struct wpi_softc *); 261static int wpi_hw_init(struct wpi_softc *); 262static void wpi_hw_stop(struct wpi_softc *); 263static void wpi_radio_on(void *, int); 264static void wpi_radio_off(void *, int); 265static void wpi_init(void *); 266static void wpi_stop_locked(struct wpi_softc *); 267static void wpi_stop(struct wpi_softc *); 268static void wpi_scan_start(struct ieee80211com *); 269static void wpi_scan_end(struct ieee80211com *); 270static void wpi_set_channel(struct ieee80211com *); 271static void wpi_scan_curchan(struct ieee80211_scan_state *, unsigned long); 272static void wpi_scan_mindwell(struct ieee80211_scan_state *); 273static void wpi_hw_reset(void *, int); 274 275static device_method_t wpi_methods[] = { 276 /* Device interface */ 277 DEVMETHOD(device_probe, wpi_probe), 278 DEVMETHOD(device_attach, wpi_attach), 279 DEVMETHOD(device_detach, wpi_detach), 280 DEVMETHOD(device_shutdown, wpi_shutdown), 281 DEVMETHOD(device_suspend, wpi_suspend), 282 DEVMETHOD(device_resume, wpi_resume), 283 284 DEVMETHOD_END 285}; 286 287static driver_t wpi_driver = { 288 "wpi", 289 wpi_methods, 290 sizeof (struct wpi_softc) 291}; 292static devclass_t wpi_devclass; 293 294DRIVER_MODULE(wpi, pci, wpi_driver, wpi_devclass, NULL, NULL); 295 296MODULE_VERSION(wpi, 1); 297 298MODULE_DEPEND(wpi, pci, 1, 1, 1); 299MODULE_DEPEND(wpi, wlan, 1, 1, 1); 300MODULE_DEPEND(wpi, firmware, 1, 1, 1); 301 302static int 303wpi_probe(device_t dev) 304{ 305 const struct wpi_ident *ident; 306 307 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 308 if (pci_get_vendor(dev) == ident->vendor && 309 pci_get_device(dev) == ident->device) { 310 device_set_desc(dev, ident->name); 311 return (BUS_PROBE_DEFAULT); 312 } 313 } 314 return ENXIO; 315} 316 317static int 318wpi_attach(device_t dev) 319{ 320 struct wpi_softc *sc = (struct wpi_softc *)device_get_softc(dev); 321 struct ieee80211com *ic; 322 struct ifnet *ifp; 323 int i, error, rid; 324#ifdef WPI_DEBUG 325 int supportsa = 1; 326 const struct wpi_ident *ident; 327#endif 328 uint8_t macaddr[IEEE80211_ADDR_LEN]; 329 330 sc->sc_dev = dev; 331 332#ifdef WPI_DEBUG 333 error = resource_int_value(device_get_name(sc->sc_dev), 334 device_get_unit(sc->sc_dev), "debug", &(sc->sc_debug)); 335 if (error != 0) 336 sc->sc_debug = 0; 337#else 338 sc->sc_debug = 0; 339#endif 340 341 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 342 343 /* 344 * Get the offset of the PCI Express Capability Structure in PCI 345 * Configuration Space. 346 */ 347 error = pci_find_cap(dev, PCIY_EXPRESS, &sc->sc_cap_off); 348 if (error != 0) { 349 device_printf(dev, "PCIe capability structure not found!\n"); 350 return error; 351 } 352 353 /* 354 * Some card's only support 802.11b/g not a, check to see if 355 * this is one such card. A 0x0 in the subdevice table indicates 356 * the entire subdevice range is to be ignored. 357 */ 358#ifdef WPI_DEBUG 359 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 360 if (ident->subdevice && 361 pci_get_subdevice(dev) == ident->subdevice) { 362 supportsa = 0; 363 break; 364 } 365 } 366#endif 367 368 /* Clear device-specific "PCI retry timeout" register (41h). */ 369 pci_write_config(dev, 0x41, 0, 1); 370 371 /* Enable bus-mastering. */ 372 pci_enable_busmaster(dev); 373 374 rid = PCIR_BAR(0); 375 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 376 RF_ACTIVE); 377 if (sc->mem == NULL) { 378 device_printf(dev, "can't map mem space\n"); 379 return ENOMEM; 380 } 381 sc->sc_st = rman_get_bustag(sc->mem); 382 sc->sc_sh = rman_get_bushandle(sc->mem); 383 384 i = 1; 385 rid = 0; 386 if (pci_alloc_msi(dev, &i) == 0) 387 rid = 1; 388 /* Install interrupt handler. */ 389 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 390 (rid != 0 ? 0 : RF_SHAREABLE)); 391 if (sc->irq == NULL) { 392 device_printf(dev, "can't map interrupt\n"); 393 error = ENOMEM; 394 goto fail; 395 } 396 397 WPI_LOCK_INIT(sc); 398 WPI_NT_LOCK_INIT(sc); 399 WPI_TXQ_LOCK_INIT(sc); 400 401 /* Allocate DMA memory for firmware transfers. */ 402 if ((error = wpi_alloc_fwmem(sc)) != 0) { 403 device_printf(dev, 404 "could not allocate memory for firmware, error %d\n", 405 error); 406 goto fail; 407 } 408 409 /* Allocate shared page. */ 410 if ((error = wpi_alloc_shared(sc)) != 0) { 411 device_printf(dev, "could not allocate shared page\n"); 412 goto fail; 413 } 414 415 /* Allocate TX rings - 4 for QoS purposes, 1 for commands. */ 416 for (i = 0; i < WPI_NTXQUEUES; i++) { 417 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 418 device_printf(dev, 419 "could not allocate TX ring %d, error %d\n", i, 420 error); 421 goto fail; 422 } 423 } 424 425 /* Allocate RX ring. */ 426 if ((error = wpi_alloc_rx_ring(sc)) != 0) { 427 device_printf(dev, "could not allocate RX ring, error %d\n", 428 error); 429 goto fail; 430 } 431 432 /* Clear pending interrupts. */ 433 WPI_WRITE(sc, WPI_INT, 0xffffffff); 434 435 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 436 if (ifp == NULL) { 437 device_printf(dev, "can not allocate ifnet structure\n"); 438 goto fail; 439 } 440 441 ic = ifp->if_l2com; 442 ic->ic_ifp = ifp; 443 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 444 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 445 446 /* Set device capabilities. */ 447 ic->ic_caps = 448 IEEE80211_C_STA /* station mode supported */ 449 | IEEE80211_C_IBSS /* IBSS mode supported */ 450 | IEEE80211_C_MONITOR /* monitor mode supported */ 451 | IEEE80211_C_AHDEMO /* adhoc demo mode */ 452 | IEEE80211_C_BGSCAN /* capable of bg scanning */ 453 | IEEE80211_C_TXPMGT /* tx power management */ 454 | IEEE80211_C_SHSLOT /* short slot time supported */ 455 | IEEE80211_C_WPA /* 802.11i */ 456 | IEEE80211_C_SHPREAMBLE /* short preamble supported */ 457#if 0 458 | IEEE80211_C_HOSTAP /* Host access point mode */ 459#endif 460 | IEEE80211_C_WME /* 802.11e */ 461 | IEEE80211_C_PMGT /* Station-side power mgmt */ 462 ; 463 464 ic->ic_cryptocaps = 465 IEEE80211_CRYPTO_AES_CCM; 466 467 /* 468 * Read in the eeprom and also setup the channels for 469 * net80211. We don't set the rates as net80211 does this for us 470 */ 471 if ((error = wpi_read_eeprom(sc, macaddr)) != 0) { 472 device_printf(dev, "could not read EEPROM, error %d\n", 473 error); 474 goto fail; 475 } 476 477#ifdef WPI_DEBUG 478 if (bootverbose) { 479 device_printf(sc->sc_dev, "Regulatory Domain: %.4s\n", 480 sc->domain); 481 device_printf(sc->sc_dev, "Hardware Type: %c\n", 482 sc->type > 1 ? 'B': '?'); 483 device_printf(sc->sc_dev, "Hardware Revision: %c\n", 484 ((sc->rev & 0xf0) == 0xd0) ? 'D': '?'); 485 device_printf(sc->sc_dev, "SKU %s support 802.11a\n", 486 supportsa ? "does" : "does not"); 487 488 /* XXX hw_config uses the PCIDEV for the Hardware rev. Must 489 check what sc->rev really represents - benjsc 20070615 */ 490 } 491#endif 492 493 if_initname(ifp, device_get_name(dev), device_get_unit(dev)); 494 ifp->if_softc = sc; 495 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 496 ifp->if_init = wpi_init; 497 ifp->if_ioctl = wpi_ioctl; 498 ifp->if_start = wpi_start; 499 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 500 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 501 IFQ_SET_READY(&ifp->if_snd); 502 503 ieee80211_ifattach(ic, macaddr); 504 ic->ic_vap_create = wpi_vap_create; 505 ic->ic_vap_delete = wpi_vap_delete; 506 ic->ic_raw_xmit = wpi_raw_xmit; 507 ic->ic_node_alloc = wpi_node_alloc; 508 sc->sc_node_free = ic->ic_node_free; 509 ic->ic_node_free = wpi_node_free; 510 ic->ic_wme.wme_update = wpi_updateedca; 511 ic->ic_update_promisc = wpi_update_promisc; 512 ic->ic_update_mcast = wpi_update_mcast; 513 ic->ic_newassoc = wpi_newassoc; 514 ic->ic_scan_start = wpi_scan_start; 515 ic->ic_scan_end = wpi_scan_end; 516 ic->ic_set_channel = wpi_set_channel; 517 sc->sc_scan_curchan = ic->ic_scan_curchan; 518 ic->ic_scan_curchan = wpi_scan_curchan; 519 ic->ic_scan_mindwell = wpi_scan_mindwell; 520 ic->ic_setregdomain = wpi_setregdomain; 521 522 wpi_radiotap_attach(sc); 523 524 callout_init_mtx(&sc->calib_to, &sc->sc_mtx, 0); 525 callout_init_mtx(&sc->watchdog_to, &sc->sc_mtx, 0); 526 callout_init_mtx(&sc->watchdog_rfkill, &sc->sc_mtx, 0); 527 TASK_INIT(&sc->sc_reinittask, 0, wpi_hw_reset, sc); 528 TASK_INIT(&sc->sc_radiooff_task, 0, wpi_radio_off, sc); 529 TASK_INIT(&sc->sc_radioon_task, 0, wpi_radio_on, sc); 530 TASK_INIT(&sc->sc_start_task, 0, wpi_start_task, sc); 531 532 wpi_sysctlattach(sc); 533 534 /* 535 * Hook our interrupt after all initialization is complete. 536 */ 537 error = bus_setup_intr(dev, sc->irq, INTR_TYPE_NET | INTR_MPSAFE, 538 NULL, wpi_intr, sc, &sc->sc_ih); 539 if (error != 0) { 540 device_printf(dev, "can't establish interrupt, error %d\n", 541 error); 542 goto fail; 543 } 544 545 if (bootverbose) 546 ieee80211_announce(ic); 547 548#ifdef WPI_DEBUG 549 if (sc->sc_debug & WPI_DEBUG_HW) 550 ieee80211_announce_channels(ic); 551#endif 552 553 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 554 return 0; 555 556fail: wpi_detach(dev); 557 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 558 return error; 559} 560 561/* 562 * Attach the interface to 802.11 radiotap. 563 */ 564static void 565wpi_radiotap_attach(struct wpi_softc *sc) 566{ 567 struct ifnet *ifp = sc->sc_ifp; 568 struct ieee80211com *ic = ifp->if_l2com; 569 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 570 ieee80211_radiotap_attach(ic, 571 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 572 WPI_TX_RADIOTAP_PRESENT, 573 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 574 WPI_RX_RADIOTAP_PRESENT); 575 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 576} 577 578static void 579wpi_sysctlattach(struct wpi_softc *sc) 580{ 581#ifdef WPI_DEBUG 582 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev); 583 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev); 584 585 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, 586 "debug", CTLFLAG_RW, &sc->sc_debug, sc->sc_debug, 587 "control debugging printfs"); 588#endif 589} 590 591static void 592wpi_init_beacon(struct wpi_vap *wvp) 593{ 594 struct wpi_buf *bcn = &wvp->wv_bcbuf; 595 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 596 597 cmd->id = WPI_ID_BROADCAST; 598 cmd->ofdm_mask = 0xff; 599 cmd->cck_mask = 0x0f; 600 cmd->lifetime = htole32(WPI_LIFETIME_INFINITE); 601 cmd->flags = htole32(WPI_TX_AUTO_SEQ | WPI_TX_INSERT_TSTAMP); 602 603 bcn->code = WPI_CMD_SET_BEACON; 604 bcn->ac = WPI_CMD_QUEUE_NUM; 605 bcn->size = sizeof(struct wpi_cmd_beacon); 606} 607 608static struct ieee80211vap * 609wpi_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 610 enum ieee80211_opmode opmode, int flags, 611 const uint8_t bssid[IEEE80211_ADDR_LEN], 612 const uint8_t mac[IEEE80211_ADDR_LEN]) 613{ 614 struct wpi_vap *wvp; 615 struct ieee80211vap *vap; 616 617 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 618 return NULL; 619 620 wvp = (struct wpi_vap *) malloc(sizeof(struct wpi_vap), 621 M_80211_VAP, M_NOWAIT | M_ZERO); 622 if (wvp == NULL) 623 return NULL; 624 vap = &wvp->wv_vap; 625 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 626 627 if (opmode == IEEE80211_M_IBSS) { 628 WPI_VAP_LOCK_INIT(wvp); 629 wpi_init_beacon(wvp); 630 } 631 632 /* Override with driver methods. */ 633 vap->iv_key_set = wpi_key_set; 634 vap->iv_key_delete = wpi_key_delete; 635 wvp->wv_newstate = vap->iv_newstate; 636 vap->iv_newstate = wpi_newstate; 637 vap->iv_update_beacon = wpi_update_beacon; 638 639 ieee80211_ratectl_init(vap); 640 /* Complete setup. */ 641 ieee80211_vap_attach(vap, ieee80211_media_change, 642 ieee80211_media_status); 643 ic->ic_opmode = opmode; 644 return vap; 645} 646 647static void 648wpi_vap_delete(struct ieee80211vap *vap) 649{ 650 struct wpi_vap *wvp = WPI_VAP(vap); 651 struct wpi_buf *bcn = &wvp->wv_bcbuf; 652 enum ieee80211_opmode opmode = vap->iv_opmode; 653 654 ieee80211_ratectl_deinit(vap); 655 ieee80211_vap_detach(vap); 656 657 if (opmode == IEEE80211_M_IBSS) { 658 if (bcn->m != NULL) 659 m_freem(bcn->m); 660 661 WPI_VAP_LOCK_DESTROY(wvp); 662 } 663 664 free(wvp, M_80211_VAP); 665} 666 667static int 668wpi_detach(device_t dev) 669{ 670 struct wpi_softc *sc = device_get_softc(dev); 671 struct ifnet *ifp = sc->sc_ifp; 672 struct ieee80211com *ic; 673 int qid; 674 675 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 676 677 if (ifp != NULL) { 678 ic = ifp->if_l2com; 679 680 ieee80211_draintask(ic, &sc->sc_reinittask); 681 ieee80211_draintask(ic, &sc->sc_radiooff_task); 682 ieee80211_draintask(ic, &sc->sc_radioon_task); 683 ieee80211_draintask(ic, &sc->sc_start_task); 684 685 wpi_stop(sc); 686 687 callout_drain(&sc->watchdog_to); 688 callout_drain(&sc->watchdog_rfkill); 689 callout_drain(&sc->calib_to); 690 ieee80211_ifdetach(ic); 691 } 692 693 /* Uninstall interrupt handler. */ 694 if (sc->irq != NULL) { 695 bus_teardown_intr(dev, sc->irq, sc->sc_ih); 696 bus_release_resource(dev, SYS_RES_IRQ, rman_get_rid(sc->irq), 697 sc->irq); 698 pci_release_msi(dev); 699 } 700 701 if (sc->txq[0].data_dmat) { 702 /* Free DMA resources. */ 703 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 704 wpi_free_tx_ring(sc, &sc->txq[qid]); 705 706 wpi_free_rx_ring(sc); 707 wpi_free_shared(sc); 708 } 709 710 if (sc->fw_dma.tag) 711 wpi_free_fwmem(sc); 712 713 if (sc->mem != NULL) 714 bus_release_resource(dev, SYS_RES_MEMORY, 715 rman_get_rid(sc->mem), sc->mem); 716 717 if (ifp != NULL) 718 if_free(ifp); 719 720 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 721 WPI_TXQ_LOCK_DESTROY(sc); 722 WPI_NT_LOCK_DESTROY(sc); 723 WPI_LOCK_DESTROY(sc); 724 return 0; 725} 726 727static int 728wpi_shutdown(device_t dev) 729{ 730 struct wpi_softc *sc = device_get_softc(dev); 731 732 wpi_stop(sc); 733 return 0; 734} 735 736static int 737wpi_suspend(device_t dev) 738{ 739 struct wpi_softc *sc = device_get_softc(dev); 740 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 741 742 ieee80211_suspend_all(ic); 743 return 0; 744} 745 746static int 747wpi_resume(device_t dev) 748{ 749 struct wpi_softc *sc = device_get_softc(dev); 750 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 751 752 /* Clear device-specific "PCI retry timeout" register (41h). */ 753 pci_write_config(dev, 0x41, 0, 1); 754 755 ieee80211_resume_all(ic); 756 return 0; 757} 758 759/* 760 * Grab exclusive access to NIC memory. 761 */ 762static int 763wpi_nic_lock(struct wpi_softc *sc) 764{ 765 int ntries; 766 767 /* Request exclusive access to NIC. */ 768 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 769 770 /* Spin until we actually get the lock. */ 771 for (ntries = 0; ntries < 1000; ntries++) { 772 if ((WPI_READ(sc, WPI_GP_CNTRL) & 773 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 774 WPI_GP_CNTRL_MAC_ACCESS_ENA) 775 return 0; 776 DELAY(10); 777 } 778 779 device_printf(sc->sc_dev, "could not lock memory\n"); 780 781 return ETIMEDOUT; 782} 783 784/* 785 * Release lock on NIC memory. 786 */ 787static __inline void 788wpi_nic_unlock(struct wpi_softc *sc) 789{ 790 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 791} 792 793static __inline uint32_t 794wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 795{ 796 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 797 WPI_BARRIER_READ_WRITE(sc); 798 return WPI_READ(sc, WPI_PRPH_RDATA); 799} 800 801static __inline void 802wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 803{ 804 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 805 WPI_BARRIER_WRITE(sc); 806 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 807} 808 809static __inline void 810wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 811{ 812 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 813} 814 815static __inline void 816wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 817{ 818 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 819} 820 821static __inline void 822wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 823 const uint32_t *data, int count) 824{ 825 for (; count > 0; count--, data++, addr += 4) 826 wpi_prph_write(sc, addr, *data); 827} 828 829static __inline uint32_t 830wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 831{ 832 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 833 WPI_BARRIER_READ_WRITE(sc); 834 return WPI_READ(sc, WPI_MEM_RDATA); 835} 836 837static __inline void 838wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 839 int count) 840{ 841 for (; count > 0; count--, addr += 4) 842 *data++ = wpi_mem_read(sc, addr); 843} 844 845static int 846wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 847{ 848 uint8_t *out = data; 849 uint32_t val; 850 int error, ntries; 851 852 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 853 854 if ((error = wpi_nic_lock(sc)) != 0) 855 return error; 856 857 for (; count > 0; count -= 2, addr++) { 858 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 859 for (ntries = 0; ntries < 10; ntries++) { 860 val = WPI_READ(sc, WPI_EEPROM); 861 if (val & WPI_EEPROM_READ_VALID) 862 break; 863 DELAY(5); 864 } 865 if (ntries == 10) { 866 device_printf(sc->sc_dev, 867 "timeout reading ROM at 0x%x\n", addr); 868 return ETIMEDOUT; 869 } 870 *out++= val >> 16; 871 if (count > 1) 872 *out ++= val >> 24; 873 } 874 875 wpi_nic_unlock(sc); 876 877 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 878 879 return 0; 880} 881 882static void 883wpi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 884{ 885 if (error != 0) 886 return; 887 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 888 *(bus_addr_t *)arg = segs[0].ds_addr; 889} 890 891/* 892 * Allocates a contiguous block of dma memory of the requested size and 893 * alignment. 894 */ 895static int 896wpi_dma_contig_alloc(struct wpi_softc *sc, struct wpi_dma_info *dma, 897 void **kvap, bus_size_t size, bus_size_t alignment) 898{ 899 int error; 900 901 dma->tag = NULL; 902 dma->size = size; 903 904 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment, 905 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 906 1, size, BUS_DMA_NOWAIT, NULL, NULL, &dma->tag); 907 if (error != 0) 908 goto fail; 909 910 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 911 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 912 if (error != 0) 913 goto fail; 914 915 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 916 wpi_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 917 if (error != 0) 918 goto fail; 919 920 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 921 922 if (kvap != NULL) 923 *kvap = dma->vaddr; 924 925 return 0; 926 927fail: wpi_dma_contig_free(dma); 928 return error; 929} 930 931static void 932wpi_dma_contig_free(struct wpi_dma_info *dma) 933{ 934 if (dma->vaddr != NULL) { 935 bus_dmamap_sync(dma->tag, dma->map, 936 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 937 bus_dmamap_unload(dma->tag, dma->map); 938 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 939 dma->vaddr = NULL; 940 } 941 if (dma->tag != NULL) { 942 bus_dma_tag_destroy(dma->tag); 943 dma->tag = NULL; 944 } 945} 946 947/* 948 * Allocate a shared page between host and NIC. 949 */ 950static int 951wpi_alloc_shared(struct wpi_softc *sc) 952{ 953 /* Shared buffer must be aligned on a 4KB boundary. */ 954 return wpi_dma_contig_alloc(sc, &sc->shared_dma, 955 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 956} 957 958static void 959wpi_free_shared(struct wpi_softc *sc) 960{ 961 wpi_dma_contig_free(&sc->shared_dma); 962} 963 964/* 965 * Allocate DMA-safe memory for firmware transfer. 966 */ 967static int 968wpi_alloc_fwmem(struct wpi_softc *sc) 969{ 970 /* Must be aligned on a 16-byte boundary. */ 971 return wpi_dma_contig_alloc(sc, &sc->fw_dma, NULL, 972 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 973} 974 975static void 976wpi_free_fwmem(struct wpi_softc *sc) 977{ 978 wpi_dma_contig_free(&sc->fw_dma); 979} 980 981static int 982wpi_alloc_rx_ring(struct wpi_softc *sc) 983{ 984 struct wpi_rx_ring *ring = &sc->rxq; 985 bus_size_t size; 986 int i, error; 987 988 ring->cur = 0; 989 ring->update = 0; 990 991 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 992 993 /* Allocate RX descriptors (16KB aligned.) */ 994 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 995 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, 996 (void **)&ring->desc, size, WPI_RING_DMA_ALIGN); 997 if (error != 0) { 998 device_printf(sc->sc_dev, 999 "%s: could not allocate RX ring DMA memory, error %d\n", 1000 __func__, error); 1001 goto fail; 1002 } 1003 1004 /* Create RX buffer DMA tag. */ 1005 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1006 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 1007 MJUMPAGESIZE, 1, MJUMPAGESIZE, BUS_DMA_NOWAIT, NULL, NULL, 1008 &ring->data_dmat); 1009 if (error != 0) { 1010 device_printf(sc->sc_dev, 1011 "%s: could not create RX buf DMA tag, error %d\n", 1012 __func__, error); 1013 goto fail; 1014 } 1015 1016 /* 1017 * Allocate and map RX buffers. 1018 */ 1019 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1020 struct wpi_rx_data *data = &ring->data[i]; 1021 bus_addr_t paddr; 1022 1023 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1024 if (error != 0) { 1025 device_printf(sc->sc_dev, 1026 "%s: could not create RX buf DMA map, error %d\n", 1027 __func__, error); 1028 goto fail; 1029 } 1030 1031 data->m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1032 if (data->m == NULL) { 1033 device_printf(sc->sc_dev, 1034 "%s: could not allocate RX mbuf\n", __func__); 1035 error = ENOBUFS; 1036 goto fail; 1037 } 1038 1039 error = bus_dmamap_load(ring->data_dmat, data->map, 1040 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1041 &paddr, BUS_DMA_NOWAIT); 1042 if (error != 0 && error != EFBIG) { 1043 device_printf(sc->sc_dev, 1044 "%s: can't map mbuf (error %d)\n", __func__, 1045 error); 1046 goto fail; 1047 } 1048 1049 /* Set physical address of RX buffer. */ 1050 ring->desc[i] = htole32(paddr); 1051 } 1052 1053 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1054 BUS_DMASYNC_PREWRITE); 1055 1056 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1057 1058 return 0; 1059 1060fail: wpi_free_rx_ring(sc); 1061 1062 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1063 1064 return error; 1065} 1066 1067static void 1068wpi_update_rx_ring(struct wpi_softc *sc) 1069{ 1070 struct wpi_rx_ring *ring = &sc->rxq; 1071 1072 if (ring->update != 0) { 1073 /* Wait for INT_WAKEUP event. */ 1074 return; 1075 } 1076 1077 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1078 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s: wakeup request\n", 1079 __func__); 1080 1081 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1082 ring->update = 1; 1083 } else 1084 WPI_WRITE(sc, WPI_FH_RX_WPTR, ring->cur & ~7); 1085} 1086 1087static void 1088wpi_reset_rx_ring(struct wpi_softc *sc) 1089{ 1090 struct wpi_rx_ring *ring = &sc->rxq; 1091 int ntries; 1092 1093 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1094 1095 if (wpi_nic_lock(sc) == 0) { 1096 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 1097 for (ntries = 0; ntries < 1000; ntries++) { 1098 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 1099 WPI_FH_RX_STATUS_IDLE) 1100 break; 1101 DELAY(10); 1102 } 1103 wpi_nic_unlock(sc); 1104 } 1105 1106 ring->cur = 0; 1107 ring->update = 0; 1108} 1109 1110static void 1111wpi_free_rx_ring(struct wpi_softc *sc) 1112{ 1113 struct wpi_rx_ring *ring = &sc->rxq; 1114 int i; 1115 1116 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1117 1118 wpi_dma_contig_free(&ring->desc_dma); 1119 1120 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1121 struct wpi_rx_data *data = &ring->data[i]; 1122 1123 if (data->m != NULL) { 1124 bus_dmamap_sync(ring->data_dmat, data->map, 1125 BUS_DMASYNC_POSTREAD); 1126 bus_dmamap_unload(ring->data_dmat, data->map); 1127 m_freem(data->m); 1128 data->m = NULL; 1129 } 1130 if (data->map != NULL) 1131 bus_dmamap_destroy(ring->data_dmat, data->map); 1132 } 1133 if (ring->data_dmat != NULL) { 1134 bus_dma_tag_destroy(ring->data_dmat); 1135 ring->data_dmat = NULL; 1136 } 1137} 1138 1139static int 1140wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 1141{ 1142 bus_addr_t paddr; 1143 bus_size_t size; 1144 int i, error; 1145 1146 ring->qid = qid; 1147 ring->queued = 0; 1148 ring->cur = 0; 1149 ring->update = 0; 1150 1151 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1152 1153 /* Allocate TX descriptors (16KB aligned.) */ 1154 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 1155 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc, 1156 size, WPI_RING_DMA_ALIGN); 1157 if (error != 0) { 1158 device_printf(sc->sc_dev, 1159 "%s: could not allocate TX ring DMA memory, error %d\n", 1160 __func__, error); 1161 goto fail; 1162 } 1163 1164 /* Update shared area with ring physical address. */ 1165 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 1166 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 1167 BUS_DMASYNC_PREWRITE); 1168 1169 /* 1170 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 1171 * to allocate commands space for other rings. 1172 * XXX Do we really need to allocate descriptors for other rings? 1173 */ 1174 if (qid > WPI_CMD_QUEUE_NUM) { 1175 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1176 return 0; 1177 } 1178 1179 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 1180 error = wpi_dma_contig_alloc(sc, &ring->cmd_dma, (void **)&ring->cmd, 1181 size, 4); 1182 if (error != 0) { 1183 device_printf(sc->sc_dev, 1184 "%s: could not allocate TX cmd DMA memory, error %d\n", 1185 __func__, error); 1186 goto fail; 1187 } 1188 1189 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1190 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1191 WPI_MAX_SCATTER - 1, MCLBYTES, BUS_DMA_NOWAIT, NULL, NULL, 1192 &ring->data_dmat); 1193 if (error != 0) { 1194 device_printf(sc->sc_dev, 1195 "%s: could not create TX buf DMA tag, error %d\n", 1196 __func__, error); 1197 goto fail; 1198 } 1199 1200 paddr = ring->cmd_dma.paddr; 1201 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1202 struct wpi_tx_data *data = &ring->data[i]; 1203 1204 data->cmd_paddr = paddr; 1205 paddr += sizeof (struct wpi_tx_cmd); 1206 1207 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1208 if (error != 0) { 1209 device_printf(sc->sc_dev, 1210 "%s: could not create TX buf DMA map, error %d\n", 1211 __func__, error); 1212 goto fail; 1213 } 1214 } 1215 1216 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1217 1218 return 0; 1219 1220fail: wpi_free_tx_ring(sc, ring); 1221 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1222 return error; 1223} 1224 1225static void 1226wpi_update_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1227{ 1228 if (ring->update != 0) { 1229 /* Wait for INT_WAKEUP event. */ 1230 return; 1231 } 1232 1233 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1234 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s (%d): requesting wakeup\n", 1235 __func__, ring->qid); 1236 1237 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1238 ring->update = 1; 1239 } else 1240 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1241} 1242 1243static void 1244wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1245{ 1246 int i; 1247 1248 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1249 1250 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1251 struct wpi_tx_data *data = &ring->data[i]; 1252 1253 if (data->m != NULL) { 1254 bus_dmamap_sync(ring->data_dmat, data->map, 1255 BUS_DMASYNC_POSTWRITE); 1256 bus_dmamap_unload(ring->data_dmat, data->map); 1257 m_freem(data->m); 1258 data->m = NULL; 1259 } 1260 } 1261 /* Clear TX descriptors. */ 1262 memset(ring->desc, 0, ring->desc_dma.size); 1263 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1264 BUS_DMASYNC_PREWRITE); 1265 sc->qfullmsk &= ~(1 << ring->qid); 1266 ring->queued = 0; 1267 ring->cur = 0; 1268 ring->update = 0; 1269} 1270 1271static void 1272wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1273{ 1274 int i; 1275 1276 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1277 1278 wpi_dma_contig_free(&ring->desc_dma); 1279 wpi_dma_contig_free(&ring->cmd_dma); 1280 1281 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1282 struct wpi_tx_data *data = &ring->data[i]; 1283 1284 if (data->m != NULL) { 1285 bus_dmamap_sync(ring->data_dmat, data->map, 1286 BUS_DMASYNC_POSTWRITE); 1287 bus_dmamap_unload(ring->data_dmat, data->map); 1288 m_freem(data->m); 1289 } 1290 if (data->map != NULL) 1291 bus_dmamap_destroy(ring->data_dmat, data->map); 1292 } 1293 if (ring->data_dmat != NULL) { 1294 bus_dma_tag_destroy(ring->data_dmat); 1295 ring->data_dmat = NULL; 1296 } 1297} 1298 1299/* 1300 * Extract various information from EEPROM. 1301 */ 1302static int 1303wpi_read_eeprom(struct wpi_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN]) 1304{ 1305#define WPI_CHK(res) do { \ 1306 if ((error = res) != 0) \ 1307 goto fail; \ 1308} while (0) 1309 int error, i; 1310 1311 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1312 1313 /* Adapter has to be powered on for EEPROM access to work. */ 1314 if ((error = wpi_apm_init(sc)) != 0) { 1315 device_printf(sc->sc_dev, 1316 "%s: could not power ON adapter, error %d\n", __func__, 1317 error); 1318 return error; 1319 } 1320 1321 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 1322 device_printf(sc->sc_dev, "bad EEPROM signature\n"); 1323 error = EIO; 1324 goto fail; 1325 } 1326 /* Clear HW ownership of EEPROM. */ 1327 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 1328 1329 /* Read the hardware capabilities, revision and SKU type. */ 1330 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_SKU_CAP, &sc->cap, 1331 sizeof(sc->cap))); 1332 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 1333 sizeof(sc->rev))); 1334 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1335 sizeof(sc->type))); 1336 1337 sc->rev = le16toh(sc->rev); 1338 DPRINTF(sc, WPI_DEBUG_EEPROM, "cap=%x rev=%x type=%x\n", sc->cap, 1339 sc->rev, sc->type); 1340 1341 /* Read the regulatory domain (4 ASCII characters.) */ 1342 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, sc->domain, 1343 sizeof(sc->domain))); 1344 1345 /* Read MAC address. */ 1346 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_MAC, macaddr, 1347 IEEE80211_ADDR_LEN)); 1348 1349 /* Read the list of authorized channels. */ 1350 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 1351 WPI_CHK(wpi_read_eeprom_channels(sc, i)); 1352 1353 /* Read the list of TX power groups. */ 1354 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 1355 WPI_CHK(wpi_read_eeprom_group(sc, i)); 1356 1357fail: wpi_apm_stop(sc); /* Power OFF adapter. */ 1358 1359 DPRINTF(sc, WPI_DEBUG_TRACE, error ? TRACE_STR_END_ERR : TRACE_STR_END, 1360 __func__); 1361 1362 return error; 1363#undef WPI_CHK 1364} 1365 1366/* 1367 * Translate EEPROM flags to net80211. 1368 */ 1369static uint32_t 1370wpi_eeprom_channel_flags(struct wpi_eeprom_chan *channel) 1371{ 1372 uint32_t nflags; 1373 1374 nflags = 0; 1375 if ((channel->flags & WPI_EEPROM_CHAN_ACTIVE) == 0) 1376 nflags |= IEEE80211_CHAN_PASSIVE; 1377 if ((channel->flags & WPI_EEPROM_CHAN_IBSS) == 0) 1378 nflags |= IEEE80211_CHAN_NOADHOC; 1379 if (channel->flags & WPI_EEPROM_CHAN_RADAR) { 1380 nflags |= IEEE80211_CHAN_DFS; 1381 /* XXX apparently IBSS may still be marked */ 1382 nflags |= IEEE80211_CHAN_NOADHOC; 1383 } 1384 1385 return nflags; 1386} 1387 1388static void 1389wpi_read_eeprom_band(struct wpi_softc *sc, int n) 1390{ 1391 struct ifnet *ifp = sc->sc_ifp; 1392 struct ieee80211com *ic = ifp->if_l2com; 1393 struct wpi_eeprom_chan *channels = sc->eeprom_channels[n]; 1394 const struct wpi_chan_band *band = &wpi_bands[n]; 1395 struct ieee80211_channel *c; 1396 uint8_t chan; 1397 int i, nflags; 1398 1399 for (i = 0; i < band->nchan; i++) { 1400 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) { 1401 DPRINTF(sc, WPI_DEBUG_EEPROM, 1402 "Channel Not Valid: %d, band %d\n", 1403 band->chan[i],n); 1404 continue; 1405 } 1406 1407 chan = band->chan[i]; 1408 nflags = wpi_eeprom_channel_flags(&channels[i]); 1409 1410 c = &ic->ic_channels[ic->ic_nchans++]; 1411 c->ic_ieee = chan; 1412 c->ic_maxregpower = channels[i].maxpwr; 1413 c->ic_maxpower = 2*c->ic_maxregpower; 1414 1415 if (n == 0) { /* 2GHz band */ 1416 c->ic_freq = ieee80211_ieee2mhz(chan, 1417 IEEE80211_CHAN_G); 1418 1419 /* G =>'s B is supported */ 1420 c->ic_flags = IEEE80211_CHAN_B | nflags; 1421 c = &ic->ic_channels[ic->ic_nchans++]; 1422 c[0] = c[-1]; 1423 c->ic_flags = IEEE80211_CHAN_G | nflags; 1424 } else { /* 5GHz band */ 1425 c->ic_freq = ieee80211_ieee2mhz(chan, 1426 IEEE80211_CHAN_A); 1427 1428 c->ic_flags = IEEE80211_CHAN_A | nflags; 1429 } 1430 1431 /* Save maximum allowed TX power for this channel. */ 1432 sc->maxpwr[chan] = channels[i].maxpwr; 1433 1434 DPRINTF(sc, WPI_DEBUG_EEPROM, 1435 "adding chan %d (%dMHz) flags=0x%x maxpwr=%d passive=%d," 1436 " offset %d\n", chan, c->ic_freq, 1437 channels[i].flags, sc->maxpwr[chan], 1438 IEEE80211_IS_CHAN_PASSIVE(c), ic->ic_nchans); 1439 } 1440} 1441 1442/** 1443 * Read the eeprom to find out what channels are valid for the given 1444 * band and update net80211 with what we find. 1445 */ 1446static int 1447wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 1448{ 1449 struct ifnet *ifp = sc->sc_ifp; 1450 struct ieee80211com *ic = ifp->if_l2com; 1451 const struct wpi_chan_band *band = &wpi_bands[n]; 1452 int error; 1453 1454 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1455 1456 error = wpi_read_prom_data(sc, band->addr, &sc->eeprom_channels[n], 1457 band->nchan * sizeof (struct wpi_eeprom_chan)); 1458 if (error != 0) { 1459 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1460 return error; 1461 } 1462 1463 wpi_read_eeprom_band(sc, n); 1464 1465 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans); 1466 1467 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1468 1469 return 0; 1470} 1471 1472static struct wpi_eeprom_chan * 1473wpi_find_eeprom_channel(struct wpi_softc *sc, struct ieee80211_channel *c) 1474{ 1475 int i, j; 1476 1477 for (j = 0; j < WPI_CHAN_BANDS_COUNT; j++) 1478 for (i = 0; i < wpi_bands[j].nchan; i++) 1479 if (wpi_bands[j].chan[i] == c->ic_ieee) 1480 return &sc->eeprom_channels[j][i]; 1481 1482 return NULL; 1483} 1484 1485/* 1486 * Enforce flags read from EEPROM. 1487 */ 1488static int 1489wpi_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd, 1490 int nchan, struct ieee80211_channel chans[]) 1491{ 1492 struct ifnet *ifp = ic->ic_ifp; 1493 struct wpi_softc *sc = ifp->if_softc; 1494 int i; 1495 1496 for (i = 0; i < nchan; i++) { 1497 struct ieee80211_channel *c = &chans[i]; 1498 struct wpi_eeprom_chan *channel; 1499 1500 channel = wpi_find_eeprom_channel(sc, c); 1501 if (channel == NULL) { 1502 if_printf(ic->ic_ifp, 1503 "%s: invalid channel %u freq %u/0x%x\n", 1504 __func__, c->ic_ieee, c->ic_freq, c->ic_flags); 1505 return EINVAL; 1506 } 1507 c->ic_flags |= wpi_eeprom_channel_flags(channel); 1508 } 1509 1510 return 0; 1511} 1512 1513static int 1514wpi_read_eeprom_group(struct wpi_softc *sc, int n) 1515{ 1516 struct wpi_power_group *group = &sc->groups[n]; 1517 struct wpi_eeprom_group rgroup; 1518 int i, error; 1519 1520 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1521 1522 if ((error = wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, 1523 &rgroup, sizeof rgroup)) != 0) { 1524 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1525 return error; 1526 } 1527 1528 /* Save TX power group information. */ 1529 group->chan = rgroup.chan; 1530 group->maxpwr = rgroup.maxpwr; 1531 /* Retrieve temperature at which the samples were taken. */ 1532 group->temp = (int16_t)le16toh(rgroup.temp); 1533 1534 DPRINTF(sc, WPI_DEBUG_EEPROM, 1535 "power group %d: chan=%d maxpwr=%d temp=%d\n", n, group->chan, 1536 group->maxpwr, group->temp); 1537 1538 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 1539 group->samples[i].index = rgroup.samples[i].index; 1540 group->samples[i].power = rgroup.samples[i].power; 1541 1542 DPRINTF(sc, WPI_DEBUG_EEPROM, 1543 "\tsample %d: index=%d power=%d\n", i, 1544 group->samples[i].index, group->samples[i].power); 1545 } 1546 1547 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1548 1549 return 0; 1550} 1551 1552static int 1553wpi_add_node_entry_adhoc(struct wpi_softc *sc) 1554{ 1555 int newid = WPI_ID_IBSS_MIN; 1556 1557 for (; newid <= WPI_ID_IBSS_MAX; newid++) { 1558 if ((sc->nodesmsk & (1 << newid)) == 0) { 1559 sc->nodesmsk |= 1 << newid; 1560 return newid; 1561 } 1562 } 1563 1564 return WPI_ID_UNDEFINED; 1565} 1566 1567static __inline int 1568wpi_add_node_entry_sta(struct wpi_softc *sc) 1569{ 1570 sc->nodesmsk |= 1 << WPI_ID_BSS; 1571 1572 return WPI_ID_BSS; 1573} 1574 1575static __inline int 1576wpi_check_node_entry(struct wpi_softc *sc, uint8_t id) 1577{ 1578 if (id == WPI_ID_UNDEFINED) 1579 return 0; 1580 1581 return (sc->nodesmsk >> id) & 1; 1582} 1583 1584static __inline void 1585wpi_clear_node_table(struct wpi_softc *sc) 1586{ 1587 sc->nodesmsk = 0; 1588} 1589 1590static __inline void 1591wpi_del_node_entry(struct wpi_softc *sc, uint8_t id) 1592{ 1593 sc->nodesmsk &= ~(1 << id); 1594} 1595 1596static struct ieee80211_node * 1597wpi_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1598{ 1599 struct wpi_node *wn; 1600 1601 wn = malloc(sizeof (struct wpi_node), M_80211_NODE, 1602 M_NOWAIT | M_ZERO); 1603 1604 if (wn == NULL) 1605 return NULL; 1606 1607 wn->id = WPI_ID_UNDEFINED; 1608 1609 return &wn->ni; 1610} 1611 1612static void 1613wpi_node_free(struct ieee80211_node *ni) 1614{ 1615 struct ieee80211com *ic = ni->ni_ic; 1616 struct wpi_softc *sc = ic->ic_ifp->if_softc; 1617 struct wpi_node *wn = WPI_NODE(ni); 1618 1619 if (wn->id != WPI_ID_UNDEFINED) { 1620 WPI_NT_LOCK(sc); 1621 if (wpi_check_node_entry(sc, wn->id)) { 1622 wpi_del_node_entry(sc, wn->id); 1623 wpi_del_node(sc, ni); 1624 } 1625 WPI_NT_UNLOCK(sc); 1626 } 1627 1628 sc->sc_node_free(ni); 1629} 1630 1631/** 1632 * Called by net80211 when ever there is a change to 80211 state machine 1633 */ 1634static int 1635wpi_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1636{ 1637 struct wpi_vap *wvp = WPI_VAP(vap); 1638 struct ieee80211com *ic = vap->iv_ic; 1639 struct ifnet *ifp = ic->ic_ifp; 1640 struct wpi_softc *sc = ifp->if_softc; 1641 int error = 0; 1642 1643 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1644 1645 DPRINTF(sc, WPI_DEBUG_STATE, "%s: %s -> %s\n", __func__, 1646 ieee80211_state_name[vap->iv_state], 1647 ieee80211_state_name[nstate]); 1648 1649 IEEE80211_UNLOCK(ic); 1650 WPI_LOCK(sc); 1651 switch (nstate) { 1652 case IEEE80211_S_SCAN: 1653 if ((vap->iv_opmode == IEEE80211_M_IBSS || 1654 vap->iv_opmode == IEEE80211_M_AHDEMO) && 1655 (sc->rxon.filter & htole32(WPI_FILTER_BSS))) { 1656 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1657 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 1658 device_printf(sc->sc_dev, 1659 "%s: could not send RXON\n", __func__); 1660 } 1661 } 1662 break; 1663 1664 case IEEE80211_S_ASSOC: 1665 if (vap->iv_state != IEEE80211_S_RUN) 1666 break; 1667 /* FALLTHROUGH */ 1668 case IEEE80211_S_AUTH: 1669 /* 1670 * The node must be registered in the firmware before auth. 1671 * Also the associd must be cleared on RUN -> ASSOC 1672 * transitions. 1673 */ 1674 if ((error = wpi_auth(sc, vap)) != 0) { 1675 device_printf(sc->sc_dev, 1676 "%s: could not move to AUTH state, error %d\n", 1677 __func__, error); 1678 } 1679 break; 1680 1681 case IEEE80211_S_RUN: 1682 /* 1683 * RUN -> RUN transition; Just restart the timers. 1684 */ 1685 if (vap->iv_state == IEEE80211_S_RUN) { 1686 wpi_calib_timeout(sc); 1687 break; 1688 } 1689 1690 /* 1691 * !RUN -> RUN requires setting the association id 1692 * which is done with a firmware cmd. We also defer 1693 * starting the timers until that work is done. 1694 */ 1695 if ((error = wpi_run(sc, vap)) != 0) { 1696 device_printf(sc->sc_dev, 1697 "%s: could not move to RUN state\n", __func__); 1698 } 1699 break; 1700 1701 default: 1702 break; 1703 } 1704 WPI_UNLOCK(sc); 1705 IEEE80211_LOCK(ic); 1706 if (error != 0) { 1707 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1708 return error; 1709 } 1710 1711 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1712 1713 return wvp->wv_newstate(vap, nstate, arg); 1714} 1715 1716static void 1717wpi_calib_timeout(void *arg) 1718{ 1719 struct wpi_softc *sc = arg; 1720 struct ifnet *ifp = sc->sc_ifp; 1721 struct ieee80211com *ic = ifp->if_l2com; 1722 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1723 1724 if (vap->iv_state != IEEE80211_S_RUN) 1725 return; 1726 1727 wpi_power_calibration(sc); 1728 1729 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 1730} 1731 1732static __inline uint8_t 1733rate2plcp(const uint8_t rate) 1734{ 1735 switch (rate) { 1736 case 12: return 0xd; 1737 case 18: return 0xf; 1738 case 24: return 0x5; 1739 case 36: return 0x7; 1740 case 48: return 0x9; 1741 case 72: return 0xb; 1742 case 96: return 0x1; 1743 case 108: return 0x3; 1744 case 2: return 10; 1745 case 4: return 20; 1746 case 11: return 55; 1747 case 22: return 110; 1748 default: return 0; 1749 } 1750} 1751 1752static __inline uint8_t 1753plcp2rate(const uint8_t plcp) 1754{ 1755 switch (plcp) { 1756 case 0xd: return 12; 1757 case 0xf: return 18; 1758 case 0x5: return 24; 1759 case 0x7: return 36; 1760 case 0x9: return 48; 1761 case 0xb: return 72; 1762 case 0x1: return 96; 1763 case 0x3: return 108; 1764 case 10: return 2; 1765 case 20: return 4; 1766 case 55: return 11; 1767 case 110: return 22; 1768 default: return 0; 1769 } 1770} 1771 1772/* Quickly determine if a given rate is CCK or OFDM. */ 1773#define WPI_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1774 1775static void 1776wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1777 struct wpi_rx_data *data) 1778{ 1779 struct ifnet *ifp = sc->sc_ifp; 1780 struct ieee80211com *ic = ifp->if_l2com; 1781 struct wpi_rx_ring *ring = &sc->rxq; 1782 struct wpi_rx_stat *stat; 1783 struct wpi_rx_head *head; 1784 struct wpi_rx_tail *tail; 1785 struct ieee80211_frame *wh; 1786 struct ieee80211_node *ni; 1787 struct mbuf *m, *m1; 1788 bus_addr_t paddr; 1789 uint32_t flags; 1790 uint16_t len; 1791 int error; 1792 1793 stat = (struct wpi_rx_stat *)(desc + 1); 1794 1795 if (stat->len > WPI_STAT_MAXLEN) { 1796 device_printf(sc->sc_dev, "invalid RX statistic header\n"); 1797 goto fail1; 1798 } 1799 1800 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 1801 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1802 len = le16toh(head->len); 1803 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + len); 1804 flags = le32toh(tail->flags); 1805 1806 DPRINTF(sc, WPI_DEBUG_RECV, "%s: idx %d len %d stat len %u rssi %d" 1807 " rate %x chan %d tstamp %ju\n", __func__, ring->cur, 1808 le32toh(desc->len), len, (int8_t)stat->rssi, 1809 head->plcp, head->chan, (uintmax_t)le64toh(tail->tstamp)); 1810 1811 /* Discard frames with a bad FCS early. */ 1812 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1813 DPRINTF(sc, WPI_DEBUG_RECV, "%s: RX flags error %x\n", 1814 __func__, flags); 1815 goto fail1; 1816 } 1817 /* Discard frames that are too short. */ 1818 if (len < sizeof (*wh)) { 1819 DPRINTF(sc, WPI_DEBUG_RECV, "%s: frame too short: %d\n", 1820 __func__, len); 1821 goto fail1; 1822 } 1823 1824 m1 = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1825 if (m1 == NULL) { 1826 DPRINTF(sc, WPI_DEBUG_ANY, "%s: no mbuf to restock ring\n", 1827 __func__); 1828 goto fail1; 1829 } 1830 bus_dmamap_unload(ring->data_dmat, data->map); 1831 1832 error = bus_dmamap_load(ring->data_dmat, data->map, mtod(m1, void *), 1833 MJUMPAGESIZE, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 1834 if (error != 0 && error != EFBIG) { 1835 device_printf(sc->sc_dev, 1836 "%s: bus_dmamap_load failed, error %d\n", __func__, error); 1837 m_freem(m1); 1838 1839 /* Try to reload the old mbuf. */ 1840 error = bus_dmamap_load(ring->data_dmat, data->map, 1841 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1842 &paddr, BUS_DMA_NOWAIT); 1843 if (error != 0 && error != EFBIG) { 1844 panic("%s: could not load old RX mbuf", __func__); 1845 } 1846 /* Physical address may have changed. */ 1847 ring->desc[ring->cur] = htole32(paddr); 1848 bus_dmamap_sync(ring->data_dmat, ring->desc_dma.map, 1849 BUS_DMASYNC_PREWRITE); 1850 goto fail1; 1851 } 1852 1853 m = data->m; 1854 data->m = m1; 1855 /* Update RX descriptor. */ 1856 ring->desc[ring->cur] = htole32(paddr); 1857 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1858 BUS_DMASYNC_PREWRITE); 1859 1860 /* Finalize mbuf. */ 1861 m->m_pkthdr.rcvif = ifp; 1862 m->m_data = (caddr_t)(head + 1); 1863 m->m_pkthdr.len = m->m_len = len; 1864 1865 /* Grab a reference to the source node. */ 1866 wh = mtod(m, struct ieee80211_frame *); 1867 1868 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1869 (flags & WPI_RX_CIPHER_MASK) == WPI_RX_CIPHER_CCMP) { 1870 /* Check whether decryption was successful or not. */ 1871 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1872 DPRINTF(sc, WPI_DEBUG_RECV, 1873 "CCMP decryption failed 0x%x\n", flags); 1874 goto fail2; 1875 } 1876 m->m_flags |= M_WEP; 1877 } 1878 1879 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 1880 1881 if (ieee80211_radiotap_active(ic)) { 1882 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1883 1884 tap->wr_flags = 0; 1885 if (head->flags & htole16(WPI_STAT_FLAG_SHPREAMBLE)) 1886 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1887 tap->wr_dbm_antsignal = (int8_t)(stat->rssi + WPI_RSSI_OFFSET); 1888 tap->wr_dbm_antnoise = WPI_RSSI_OFFSET; 1889 tap->wr_tsft = tail->tstamp; 1890 tap->wr_antenna = (le16toh(head->flags) >> 4) & 0xf; 1891 tap->wr_rate = plcp2rate(head->plcp); 1892 } 1893 1894 WPI_UNLOCK(sc); 1895 1896 /* Send the frame to the 802.11 layer. */ 1897 if (ni != NULL) { 1898 (void)ieee80211_input(ni, m, stat->rssi, WPI_RSSI_OFFSET); 1899 /* Node is no longer needed. */ 1900 ieee80211_free_node(ni); 1901 } else 1902 (void)ieee80211_input_all(ic, m, stat->rssi, WPI_RSSI_OFFSET); 1903 1904 WPI_LOCK(sc); 1905 1906 return; 1907 1908fail2: m_freem(m); 1909 1910fail1: if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1911} 1912 1913static void 1914wpi_rx_statistics(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1915 struct wpi_rx_data *data) 1916{ 1917 /* Ignore */ 1918} 1919 1920static void 1921wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1922{ 1923 struct ifnet *ifp = sc->sc_ifp; 1924 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1925 struct wpi_tx_data *data = &ring->data[desc->idx]; 1926 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1927 struct mbuf *m; 1928 struct ieee80211_node *ni; 1929 struct ieee80211vap *vap; 1930 struct ieee80211com *ic; 1931 int ackfailcnt = stat->ackfailcnt / 2; /* wpi_mrr_setup() */ 1932 int status = le32toh(stat->status); 1933 1934 KASSERT(data->ni != NULL, ("no node")); 1935 KASSERT(data->m != NULL, ("no mbuf")); 1936 1937 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1938 1939 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: " 1940 "qid %d idx %d retries %d btkillcnt %d rate %x duration %d " 1941 "status %x\n", __func__, desc->qid, desc->idx, ackfailcnt, 1942 stat->btkillcnt, stat->rate, le32toh(stat->duration), status); 1943 1944 /* Unmap and free mbuf. */ 1945 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTWRITE); 1946 bus_dmamap_unload(ring->data_dmat, data->map); 1947 m = data->m, data->m = NULL; 1948 ni = data->ni, data->ni = NULL; 1949 vap = ni->ni_vap; 1950 ic = vap->iv_ic; 1951 1952 /* 1953 * Update rate control statistics for the node. 1954 */ 1955 WPI_UNLOCK(sc); 1956 if ((status & 0xff) != 1) { 1957 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1958 ieee80211_ratectl_tx_complete(vap, ni, 1959 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL); 1960 } else { 1961 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 1962 ieee80211_ratectl_tx_complete(vap, ni, 1963 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL); 1964 } 1965 1966 ieee80211_tx_complete(ni, m, (status & 0xff) != 1); 1967 WPI_LOCK(sc); 1968 1969 sc->sc_tx_timer = 0; 1970 if (--ring->queued < WPI_TX_RING_LOMARK) { 1971 sc->qfullmsk &= ~(1 << ring->qid); 1972 IF_LOCK(&ifp->if_snd); 1973 if (sc->qfullmsk == 0 && 1974 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) { 1975 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1976 IF_UNLOCK(&ifp->if_snd); 1977 ieee80211_runtask(ic, &sc->sc_start_task); 1978 } else 1979 IF_UNLOCK(&ifp->if_snd); 1980 } 1981 1982 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1983} 1984 1985/* 1986 * Process a "command done" firmware notification. This is where we wakeup 1987 * processes waiting for a synchronous command completion. 1988 */ 1989static void 1990wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1991{ 1992 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 1993 struct wpi_tx_data *data; 1994 1995 DPRINTF(sc, WPI_DEBUG_CMD, "cmd notification qid %x idx %d flags %x " 1996 "type %s len %d\n", desc->qid, desc->idx, 1997 desc->flags, wpi_cmd_str(desc->type), 1998 le32toh(desc->len)); 1999 2000 if ((desc->qid & WPI_RX_DESC_QID_MSK) != WPI_CMD_QUEUE_NUM) 2001 return; /* Not a command ack. */ 2002 2003 KASSERT(ring->queued == 0, ("ring->queued must be 0")); 2004 2005 data = &ring->data[desc->idx]; 2006 2007 /* If the command was mapped in an mbuf, free it. */ 2008 if (data->m != NULL) { 2009 bus_dmamap_sync(ring->data_dmat, data->map, 2010 BUS_DMASYNC_POSTWRITE); 2011 bus_dmamap_unload(ring->data_dmat, data->map); 2012 m_freem(data->m); 2013 data->m = NULL; 2014 } 2015 2016 wakeup(&ring->cmd[desc->idx]); 2017} 2018 2019static void 2020wpi_notif_intr(struct wpi_softc *sc) 2021{ 2022 struct ifnet *ifp = sc->sc_ifp; 2023 struct ieee80211com *ic = ifp->if_l2com; 2024 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2025 int hw; 2026 2027 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 2028 BUS_DMASYNC_POSTREAD); 2029 2030 hw = le32toh(sc->shared->next); 2031 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 2032 2033 while (sc->rxq.cur != hw) { 2034 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 2035 2036 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 2037 struct wpi_rx_desc *desc; 2038 2039 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2040 BUS_DMASYNC_POSTREAD); 2041 desc = mtod(data->m, struct wpi_rx_desc *); 2042 2043 DPRINTF(sc, WPI_DEBUG_NOTIFY, 2044 "%s: cur=%d; qid %x idx %d flags %x type %d(%s) len %d\n", 2045 __func__, sc->rxq.cur, desc->qid, desc->idx, desc->flags, 2046 desc->type, wpi_cmd_str(desc->type), le32toh(desc->len)); 2047 2048 if (!(desc->qid & WPI_UNSOLICITED_RX_NOTIF)) { 2049 /* Reply to a command. */ 2050 wpi_cmd_done(sc, desc); 2051 } 2052 2053 switch (desc->type) { 2054 case WPI_RX_DONE: 2055 /* An 802.11 frame has been received. */ 2056 wpi_rx_done(sc, desc, data); 2057 2058 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2059 /* wpi_stop() was called. */ 2060 return; 2061 } 2062 2063 break; 2064 2065 case WPI_TX_DONE: 2066 /* An 802.11 frame has been transmitted. */ 2067 wpi_tx_done(sc, desc); 2068 break; 2069 2070 case WPI_RX_STATISTICS: 2071 case WPI_BEACON_STATISTICS: 2072 wpi_rx_statistics(sc, desc, data); 2073 break; 2074 2075 case WPI_BEACON_MISSED: 2076 { 2077 struct wpi_beacon_missed *miss = 2078 (struct wpi_beacon_missed *)(desc + 1); 2079 int misses; 2080 2081 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2082 BUS_DMASYNC_POSTREAD); 2083 misses = le32toh(miss->consecutive); 2084 2085 DPRINTF(sc, WPI_DEBUG_STATE, 2086 "%s: beacons missed %d/%d\n", __func__, misses, 2087 le32toh(miss->total)); 2088 2089 if (vap->iv_state == IEEE80211_S_RUN && 2090 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 2091 if (misses >= vap->iv_bmissthreshold) { 2092 WPI_UNLOCK(sc); 2093 ieee80211_beacon_miss(ic); 2094 WPI_LOCK(sc); 2095 } 2096 } 2097 break; 2098 } 2099 case WPI_UC_READY: 2100 { 2101 struct wpi_ucode_info *uc = 2102 (struct wpi_ucode_info *)(desc + 1); 2103 2104 /* The microcontroller is ready. */ 2105 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2106 BUS_DMASYNC_POSTREAD); 2107 DPRINTF(sc, WPI_DEBUG_RESET, 2108 "microcode alive notification version=%d.%d " 2109 "subtype=%x alive=%x\n", uc->major, uc->minor, 2110 uc->subtype, le32toh(uc->valid)); 2111 2112 if (le32toh(uc->valid) != 1) { 2113 device_printf(sc->sc_dev, 2114 "microcontroller initialization failed\n"); 2115 wpi_stop_locked(sc); 2116 } 2117 /* Save the address of the error log in SRAM. */ 2118 sc->errptr = le32toh(uc->errptr); 2119 break; 2120 } 2121 case WPI_STATE_CHANGED: 2122 { 2123 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2124 BUS_DMASYNC_POSTREAD); 2125 2126 uint32_t *status = (uint32_t *)(desc + 1); 2127 2128 DPRINTF(sc, WPI_DEBUG_STATE, "state changed to %x\n", 2129 le32toh(*status)); 2130 2131 if (le32toh(*status) & 1) { 2132 WPI_NT_LOCK(sc); 2133 wpi_clear_node_table(sc); 2134 WPI_NT_UNLOCK(sc); 2135 ieee80211_runtask(ic, &sc->sc_radiooff_task); 2136 return; 2137 } 2138 break; 2139 } 2140 case WPI_START_SCAN: 2141 { 2142 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2143 BUS_DMASYNC_POSTREAD); 2144#ifdef WPI_DEBUG 2145 struct wpi_start_scan *scan = 2146 (struct wpi_start_scan *)(desc + 1); 2147 DPRINTF(sc, WPI_DEBUG_SCAN, 2148 "%s: scanning channel %d status %x\n", 2149 __func__, scan->chan, le32toh(scan->status)); 2150#endif 2151 break; 2152 } 2153 case WPI_STOP_SCAN: 2154 { 2155 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2156 BUS_DMASYNC_POSTREAD); 2157#ifdef WPI_DEBUG 2158 struct wpi_stop_scan *scan = 2159 (struct wpi_stop_scan *)(desc + 1); 2160 DPRINTF(sc, WPI_DEBUG_SCAN, 2161 "scan finished nchan=%d status=%d chan=%d\n", 2162 scan->nchan, scan->status, scan->chan); 2163#endif 2164 sc->sc_scan_timer = 0; 2165 WPI_UNLOCK(sc); 2166 ieee80211_scan_next(vap); 2167 WPI_LOCK(sc); 2168 break; 2169 } 2170 } 2171 } 2172 2173 /* Tell the firmware what we have processed. */ 2174 wpi_update_rx_ring(sc); 2175} 2176 2177/* 2178 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up 2179 * from power-down sleep mode. 2180 */ 2181static void 2182wpi_wakeup_intr(struct wpi_softc *sc) 2183{ 2184 int qid; 2185 2186 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 2187 "%s: ucode wakeup from power-down sleep\n", __func__); 2188 2189 /* Wakeup RX and TX rings. */ 2190 if (sc->rxq.update) { 2191 sc->rxq.update = 0; 2192 wpi_update_rx_ring(sc); 2193 } 2194 WPI_TXQ_LOCK(sc); 2195 for (qid = 0; qid < WPI_DRV_NTXQUEUES; qid++) { 2196 struct wpi_tx_ring *ring = &sc->txq[qid]; 2197 2198 if (ring->update) { 2199 ring->update = 0; 2200 wpi_update_tx_ring(sc, ring); 2201 } 2202 } 2203 WPI_TXQ_UNLOCK(sc); 2204 2205 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 2206} 2207 2208/* 2209 * This function prints firmware registers 2210 */ 2211#ifdef WPI_DEBUG 2212static void 2213wpi_debug_registers(struct wpi_softc *sc) 2214{ 2215#define COUNTOF(array) (sizeof(array) / sizeof(array[0])) 2216 int i; 2217 static const uint32_t csr_tbl[] = { 2218 WPI_HW_IF_CONFIG, 2219 WPI_INT, 2220 WPI_INT_MASK, 2221 WPI_FH_INT, 2222 WPI_GPIO_IN, 2223 WPI_RESET, 2224 WPI_GP_CNTRL, 2225 WPI_EEPROM, 2226 WPI_EEPROM_GP, 2227 WPI_GIO, 2228 WPI_UCODE_GP1, 2229 WPI_UCODE_GP2, 2230 WPI_GIO_CHICKEN, 2231 WPI_ANA_PLL, 2232 WPI_DBG_HPET_MEM, 2233 }; 2234 static const uint32_t prph_tbl[] = { 2235 WPI_APMG_CLK_CTRL, 2236 WPI_APMG_PS, 2237 WPI_APMG_PCI_STT, 2238 WPI_APMG_RFKILL, 2239 }; 2240 2241 DPRINTF(sc, WPI_DEBUG_REGISTER,"%s","\n"); 2242 2243 for (i = 0; i < COUNTOF(csr_tbl); i++) { 2244 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2245 wpi_get_csr_string(csr_tbl[i]), WPI_READ(sc, csr_tbl[i])); 2246 2247 if ((i + 1) % 2 == 0) 2248 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2249 } 2250 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n\n"); 2251 2252 if (wpi_nic_lock(sc) == 0) { 2253 for (i = 0; i < COUNTOF(prph_tbl); i++) { 2254 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2255 wpi_get_prph_string(prph_tbl[i]), 2256 wpi_prph_read(sc, prph_tbl[i])); 2257 2258 if ((i + 1) % 2 == 0) 2259 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2260 } 2261 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2262 wpi_nic_unlock(sc); 2263 } else { 2264 DPRINTF(sc, WPI_DEBUG_REGISTER, 2265 "Cannot access internal registers.\n"); 2266 } 2267#undef COUNTOF 2268} 2269#endif 2270 2271/* 2272 * Dump the error log of the firmware when a firmware panic occurs. Although 2273 * we can't debug the firmware because it is neither open source nor free, it 2274 * can help us to identify certain classes of problems. 2275 */ 2276static void 2277wpi_fatal_intr(struct wpi_softc *sc) 2278{ 2279 struct wpi_fw_dump dump; 2280 uint32_t i, offset, count; 2281 const uint32_t size_errmsg = 2282 (sizeof (wpi_fw_errmsg) / sizeof ((wpi_fw_errmsg)[0])); 2283 2284 /* Check that the error log address is valid. */ 2285 if (sc->errptr < WPI_FW_DATA_BASE || 2286 sc->errptr + sizeof (dump) > 2287 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 2288 printf("%s: bad firmware error log address 0x%08x\n", __func__, 2289 sc->errptr); 2290 return; 2291 } 2292 if (wpi_nic_lock(sc) != 0) { 2293 printf("%s: could not read firmware error log\n", __func__); 2294 return; 2295 } 2296 /* Read number of entries in the log. */ 2297 count = wpi_mem_read(sc, sc->errptr); 2298 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 2299 printf("%s: invalid count field (count = %u)\n", __func__, 2300 count); 2301 wpi_nic_unlock(sc); 2302 return; 2303 } 2304 /* Skip "count" field. */ 2305 offset = sc->errptr + sizeof (uint32_t); 2306 printf("firmware error log (count = %u):\n", count); 2307 for (i = 0; i < count; i++) { 2308 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 2309 sizeof (dump) / sizeof (uint32_t)); 2310 2311 printf(" error type = \"%s\" (0x%08X)\n", 2312 (dump.desc < size_errmsg) ? 2313 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 2314 dump.desc); 2315 printf(" error data = 0x%08X\n", 2316 dump.data); 2317 printf(" branch link = 0x%08X%08X\n", 2318 dump.blink[0], dump.blink[1]); 2319 printf(" interrupt link = 0x%08X%08X\n", 2320 dump.ilink[0], dump.ilink[1]); 2321 printf(" time = %u\n", dump.time); 2322 2323 offset += sizeof (dump); 2324 } 2325 wpi_nic_unlock(sc); 2326 /* Dump driver status (TX and RX rings) while we're here. */ 2327 printf("driver status:\n"); 2328 WPI_TXQ_LOCK(sc); 2329 for (i = 0; i < WPI_DRV_NTXQUEUES; i++) { 2330 struct wpi_tx_ring *ring = &sc->txq[i]; 2331 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 2332 i, ring->qid, ring->cur, ring->queued); 2333 } 2334 WPI_TXQ_UNLOCK(sc); 2335 printf(" rx ring: cur=%d\n", sc->rxq.cur); 2336} 2337 2338static void 2339wpi_intr(void *arg) 2340{ 2341 struct wpi_softc *sc = arg; 2342 struct ifnet *ifp = sc->sc_ifp; 2343 uint32_t r1, r2; 2344 2345 WPI_LOCK(sc); 2346 2347 /* Disable interrupts. */ 2348 WPI_WRITE(sc, WPI_INT_MASK, 0); 2349 2350 r1 = WPI_READ(sc, WPI_INT); 2351 2352 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 2353 goto end; /* Hardware gone! */ 2354 2355 r2 = WPI_READ(sc, WPI_FH_INT); 2356 2357 DPRINTF(sc, WPI_DEBUG_INTR, "%s: reg1=0x%08x reg2=0x%08x\n", __func__, 2358 r1, r2); 2359 2360 if (r1 == 0 && r2 == 0) 2361 goto done; /* Interrupt not for us. */ 2362 2363 /* Acknowledge interrupts. */ 2364 WPI_WRITE(sc, WPI_INT, r1); 2365 WPI_WRITE(sc, WPI_FH_INT, r2); 2366 2367 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 2368 struct ieee80211com *ic = ifp->if_l2com; 2369 2370 device_printf(sc->sc_dev, "fatal firmware error\n"); 2371#ifdef WPI_DEBUG 2372 wpi_debug_registers(sc); 2373#endif 2374 wpi_fatal_intr(sc); 2375 DPRINTF(sc, WPI_DEBUG_HW, 2376 "(%s)\n", (r1 & WPI_INT_SW_ERR) ? "(Software Error)" : 2377 "(Hardware Error)"); 2378 ieee80211_runtask(ic, &sc->sc_reinittask); 2379 goto end; 2380 } 2381 2382 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 2383 (r2 & WPI_FH_INT_RX)) 2384 wpi_notif_intr(sc); 2385 2386 if (r1 & WPI_INT_ALIVE) 2387 wakeup(sc); /* Firmware is alive. */ 2388 2389 if (r1 & WPI_INT_WAKEUP) 2390 wpi_wakeup_intr(sc); 2391 2392done: 2393 /* Re-enable interrupts. */ 2394 if (ifp->if_flags & IFF_UP) 2395 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 2396 2397end: WPI_UNLOCK(sc); 2398} 2399 2400static int 2401wpi_cmd2(struct wpi_softc *sc, struct wpi_buf *buf) 2402{ 2403 struct ieee80211_frame *wh; 2404 struct wpi_tx_cmd *cmd; 2405 struct wpi_tx_data *data; 2406 struct wpi_tx_desc *desc; 2407 struct wpi_tx_ring *ring; 2408 struct mbuf *m1; 2409 bus_dma_segment_t *seg, segs[WPI_MAX_SCATTER]; 2410 int error, i, hdrlen, nsegs, totlen, pad; 2411 2412 WPI_TXQ_LOCK(sc); 2413 2414 KASSERT(buf->size <= sizeof(buf->data), ("buffer overflow")); 2415 2416 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2417 2418 if (sc->txq_active == 0) { 2419 /* wpi_stop() was called */ 2420 error = ENETDOWN; 2421 goto fail; 2422 } 2423 2424 wh = mtod(buf->m, struct ieee80211_frame *); 2425 hdrlen = ieee80211_anyhdrsize(wh); 2426 totlen = buf->m->m_pkthdr.len; 2427 2428 if (hdrlen & 3) { 2429 /* First segment length must be a multiple of 4. */ 2430 pad = 4 - (hdrlen & 3); 2431 } else 2432 pad = 0; 2433 2434 ring = &sc->txq[buf->ac]; 2435 desc = &ring->desc[ring->cur]; 2436 data = &ring->data[ring->cur]; 2437 2438 /* Prepare TX firmware command. */ 2439 cmd = &ring->cmd[ring->cur]; 2440 cmd->code = buf->code; 2441 cmd->flags = 0; 2442 cmd->qid = ring->qid; 2443 cmd->idx = ring->cur; 2444 2445 memcpy(cmd->data, buf->data, buf->size); 2446 2447 /* Save and trim IEEE802.11 header. */ 2448 memcpy((uint8_t *)(cmd->data + buf->size), wh, hdrlen); 2449 m_adj(buf->m, hdrlen); 2450 2451 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, buf->m, 2452 segs, &nsegs, BUS_DMA_NOWAIT); 2453 if (error != 0 && error != EFBIG) { 2454 device_printf(sc->sc_dev, 2455 "%s: can't map mbuf (error %d)\n", __func__, error); 2456 goto fail; 2457 } 2458 if (error != 0) { 2459 /* Too many DMA segments, linearize mbuf. */ 2460 m1 = m_collapse(buf->m, M_NOWAIT, WPI_MAX_SCATTER - 1); 2461 if (m1 == NULL) { 2462 device_printf(sc->sc_dev, 2463 "%s: could not defrag mbuf\n", __func__); 2464 error = ENOBUFS; 2465 goto fail; 2466 } 2467 buf->m = m1; 2468 2469 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, 2470 buf->m, segs, &nsegs, BUS_DMA_NOWAIT); 2471 if (error != 0) { 2472 device_printf(sc->sc_dev, 2473 "%s: can't map mbuf (error %d)\n", __func__, 2474 error); 2475 goto fail; 2476 } 2477 } 2478 2479 KASSERT(nsegs < WPI_MAX_SCATTER, 2480 ("too many DMA segments, nsegs (%d) should be less than %d", 2481 nsegs, WPI_MAX_SCATTER)); 2482 2483 data->m = buf->m; 2484 data->ni = buf->ni; 2485 2486 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n", 2487 __func__, ring->qid, ring->cur, totlen, nsegs); 2488 2489 /* Fill TX descriptor. */ 2490 desc->nsegs = WPI_PAD32(totlen + pad) << 4 | (1 + nsegs); 2491 /* First DMA segment is used by the TX command. */ 2492 desc->segs[0].addr = htole32(data->cmd_paddr); 2493 desc->segs[0].len = htole32(4 + buf->size + hdrlen + pad); 2494 /* Other DMA segments are for data payload. */ 2495 seg = &segs[0]; 2496 for (i = 1; i <= nsegs; i++) { 2497 desc->segs[i].addr = htole32(seg->ds_addr); 2498 desc->segs[i].len = htole32(seg->ds_len); 2499 seg++; 2500 } 2501 2502 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE); 2503 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2504 BUS_DMASYNC_PREWRITE); 2505 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2506 BUS_DMASYNC_PREWRITE); 2507 2508 /* Kick TX ring. */ 2509 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2510 wpi_update_tx_ring(sc, ring); 2511 2512 if (ring->qid < WPI_CMD_QUEUE_NUM) { 2513 /* Mark TX ring as full if we reach a certain threshold. */ 2514 if (++ring->queued > WPI_TX_RING_HIMARK) 2515 sc->qfullmsk |= 1 << ring->qid; 2516 2517 sc->sc_tx_timer = 5; 2518 } 2519 2520 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2521 2522 WPI_TXQ_UNLOCK(sc); 2523 2524 return 0; 2525 2526fail: m_freem(buf->m); 2527 2528 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2529 2530 WPI_TXQ_UNLOCK(sc); 2531 2532 return error; 2533} 2534 2535/* 2536 * Construct the data packet for a transmit buffer. 2537 */ 2538static int 2539wpi_tx_data(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2540{ 2541 const struct ieee80211_txparam *tp; 2542 struct ieee80211vap *vap = ni->ni_vap; 2543 struct ieee80211com *ic = ni->ni_ic; 2544 struct wpi_node *wn = WPI_NODE(ni); 2545 struct ieee80211_channel *chan; 2546 struct ieee80211_frame *wh; 2547 struct ieee80211_key *k = NULL; 2548 struct wpi_buf tx_data; 2549 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2550 uint32_t flags; 2551 uint16_t qos; 2552 uint8_t tid, type; 2553 int ac, error, swcrypt, rate, ismcast, totlen; 2554 2555 wh = mtod(m, struct ieee80211_frame *); 2556 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2557 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 2558 2559 /* Select EDCA Access Category and TX ring for this frame. */ 2560 if (IEEE80211_QOS_HAS_SEQ(wh)) { 2561 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0]; 2562 tid = qos & IEEE80211_QOS_TID; 2563 } else { 2564 qos = 0; 2565 tid = 0; 2566 } 2567 ac = M_WME_GETAC(m); 2568 2569 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC) ? 2570 ni->ni_chan : ic->ic_curchan; 2571 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2572 2573 /* Choose a TX rate index. */ 2574 if (type == IEEE80211_FC0_TYPE_MGT) 2575 rate = tp->mgmtrate; 2576 else if (ismcast) 2577 rate = tp->mcastrate; 2578 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2579 rate = tp->ucastrate; 2580 else if (m->m_flags & M_EAPOL) 2581 rate = tp->mgmtrate; 2582 else { 2583 /* XXX pass pktlen */ 2584 (void) ieee80211_ratectl_rate(ni, NULL, 0); 2585 rate = ni->ni_txrate; 2586 } 2587 2588 /* Encrypt the frame if need be. */ 2589 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2590 /* Retrieve key for TX. */ 2591 k = ieee80211_crypto_encap(ni, m); 2592 if (k == NULL) { 2593 error = ENOBUFS; 2594 goto fail; 2595 } 2596 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2597 2598 /* 802.11 header may have moved. */ 2599 wh = mtod(m, struct ieee80211_frame *); 2600 } 2601 totlen = m->m_pkthdr.len; 2602 2603 if (ieee80211_radiotap_active_vap(vap)) { 2604 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2605 2606 tap->wt_flags = 0; 2607 tap->wt_rate = rate; 2608 if (k != NULL) 2609 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2610 2611 ieee80211_radiotap_tx(vap, m); 2612 } 2613 2614 flags = 0; 2615 if (!ismcast) { 2616 /* Unicast frame, check if an ACK is expected. */ 2617 if (!qos || (qos & IEEE80211_QOS_ACKPOLICY) != 2618 IEEE80211_QOS_ACKPOLICY_NOACK) 2619 flags |= WPI_TX_NEED_ACK; 2620 } 2621 2622 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) 2623 flags |= WPI_TX_MORE_FRAG; /* Cannot happen yet. */ 2624 2625 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 2626 if (!ismcast) { 2627 /* NB: Group frames are sent using CCK in 802.11b/g. */ 2628 if (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) { 2629 flags |= WPI_TX_NEED_RTS; 2630 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 2631 WPI_RATE_IS_OFDM(rate)) { 2632 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 2633 flags |= WPI_TX_NEED_CTS; 2634 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 2635 flags |= WPI_TX_NEED_RTS; 2636 } 2637 2638 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2639 flags |= WPI_TX_FULL_TXOP; 2640 } 2641 2642 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2643 if (type == IEEE80211_FC0_TYPE_MGT) { 2644 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2645 2646 /* Tell HW to set timestamp in probe responses. */ 2647 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2648 flags |= WPI_TX_INSERT_TSTAMP; 2649 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2650 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2651 tx->timeout = htole16(3); 2652 else 2653 tx->timeout = htole16(2); 2654 } 2655 2656 if (ismcast || type != IEEE80211_FC0_TYPE_DATA) 2657 tx->id = WPI_ID_BROADCAST; 2658 else { 2659 if (wn->id == WPI_ID_UNDEFINED) { 2660 device_printf(sc->sc_dev, 2661 "%s: undefined node id\n", __func__); 2662 error = EINVAL; 2663 goto fail; 2664 } 2665 2666 tx->id = wn->id; 2667 } 2668 2669 if (type != IEEE80211_FC0_TYPE_MGT) 2670 tx->data_ntries = tp->maxretry; 2671 2672 if (k != NULL && !swcrypt) { 2673 switch (k->wk_cipher->ic_cipher) { 2674 case IEEE80211_CIPHER_AES_CCM: 2675 tx->security = WPI_CIPHER_CCMP; 2676 break; 2677 2678 default: 2679 break; 2680 } 2681 2682 memcpy(tx->key, k->wk_key, k->wk_keylen); 2683 } 2684 2685 tx->len = htole16(totlen); 2686 tx->flags = htole32(flags); 2687 tx->plcp = rate2plcp(rate); 2688 tx->tid = tid; 2689 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2690 tx->ofdm_mask = 0xff; 2691 tx->cck_mask = 0x0f; 2692 tx->rts_ntries = 7; 2693 2694 tx_data.ni = ni; 2695 tx_data.m = m; 2696 tx_data.size = sizeof(struct wpi_cmd_data); 2697 tx_data.code = WPI_CMD_TX_DATA; 2698 tx_data.ac = ac; 2699 2700 return wpi_cmd2(sc, &tx_data); 2701 2702fail: m_freem(m); 2703 return error; 2704} 2705 2706static int 2707wpi_tx_data_raw(struct wpi_softc *sc, struct mbuf *m, 2708 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) 2709{ 2710 struct ieee80211vap *vap = ni->ni_vap; 2711 struct ieee80211_key *k = NULL; 2712 struct ieee80211_frame *wh; 2713 struct wpi_buf tx_data; 2714 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2715 uint32_t flags; 2716 uint8_t type; 2717 int ac, rate, swcrypt, totlen; 2718 2719 wh = mtod(m, struct ieee80211_frame *); 2720 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2721 2722 ac = params->ibp_pri & 3; 2723 2724 /* Choose a TX rate index. */ 2725 rate = params->ibp_rate0; 2726 2727 flags = 0; 2728 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 2729 flags |= WPI_TX_NEED_ACK; 2730 if (params->ibp_flags & IEEE80211_BPF_RTS) 2731 flags |= WPI_TX_NEED_RTS; 2732 if (params->ibp_flags & IEEE80211_BPF_CTS) 2733 flags |= WPI_TX_NEED_CTS; 2734 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2735 flags |= WPI_TX_FULL_TXOP; 2736 2737 /* Encrypt the frame if need be. */ 2738 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { 2739 /* Retrieve key for TX. */ 2740 k = ieee80211_crypto_encap(ni, m); 2741 if (k == NULL) { 2742 m_freem(m); 2743 return ENOBUFS; 2744 } 2745 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2746 2747 /* 802.11 header may have moved. */ 2748 wh = mtod(m, struct ieee80211_frame *); 2749 } 2750 totlen = m->m_pkthdr.len; 2751 2752 if (ieee80211_radiotap_active_vap(vap)) { 2753 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2754 2755 tap->wt_flags = 0; 2756 tap->wt_rate = rate; 2757 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) 2758 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2759 2760 ieee80211_radiotap_tx(vap, m); 2761 } 2762 2763 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2764 if (type == IEEE80211_FC0_TYPE_MGT) { 2765 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2766 2767 /* Tell HW to set timestamp in probe responses. */ 2768 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2769 flags |= WPI_TX_INSERT_TSTAMP; 2770 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2771 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2772 tx->timeout = htole16(3); 2773 else 2774 tx->timeout = htole16(2); 2775 } 2776 2777 if (k != NULL && !swcrypt) { 2778 switch (k->wk_cipher->ic_cipher) { 2779 case IEEE80211_CIPHER_AES_CCM: 2780 tx->security = WPI_CIPHER_CCMP; 2781 break; 2782 2783 default: 2784 break; 2785 } 2786 2787 memcpy(tx->key, k->wk_key, k->wk_keylen); 2788 } 2789 2790 tx->len = htole16(totlen); 2791 tx->flags = htole32(flags); 2792 tx->plcp = rate2plcp(rate); 2793 tx->id = WPI_ID_BROADCAST; 2794 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2795 tx->rts_ntries = params->ibp_try1; 2796 tx->data_ntries = params->ibp_try0; 2797 2798 tx_data.ni = ni; 2799 tx_data.m = m; 2800 tx_data.size = sizeof(struct wpi_cmd_data); 2801 tx_data.code = WPI_CMD_TX_DATA; 2802 tx_data.ac = ac; 2803 2804 return wpi_cmd2(sc, &tx_data); 2805} 2806 2807static int 2808wpi_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 2809 const struct ieee80211_bpf_params *params) 2810{ 2811 struct ieee80211com *ic = ni->ni_ic; 2812 struct ifnet *ifp = ic->ic_ifp; 2813 struct wpi_softc *sc = ifp->if_softc; 2814 int error = 0; 2815 2816 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2817 2818 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2819 ieee80211_free_node(ni); 2820 m_freem(m); 2821 return ENETDOWN; 2822 } 2823 2824 WPI_LOCK(sc); 2825 if (params == NULL) { 2826 /* 2827 * Legacy path; interpret frame contents to decide 2828 * precisely how to send the frame. 2829 */ 2830 error = wpi_tx_data(sc, m, ni); 2831 } else { 2832 /* 2833 * Caller supplied explicit parameters to use in 2834 * sending the frame. 2835 */ 2836 error = wpi_tx_data_raw(sc, m, ni, params); 2837 } 2838 WPI_UNLOCK(sc); 2839 2840 if (error != 0) { 2841 /* NB: m is reclaimed on tx failure */ 2842 ieee80211_free_node(ni); 2843 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2844 2845 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2846 2847 return error; 2848 } 2849 2850 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2851 2852 return 0; 2853} 2854 2855/** 2856 * Process data waiting to be sent on the IFNET output queue 2857 */ 2858static void 2859wpi_start(struct ifnet *ifp) 2860{ 2861 struct wpi_softc *sc = ifp->if_softc; 2862 struct ieee80211_node *ni; 2863 struct mbuf *m; 2864 2865 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: called\n", __func__); 2866 2867 IF_LOCK(&ifp->if_snd); 2868 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 || 2869 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) { 2870 IF_UNLOCK(&ifp->if_snd); 2871 return; 2872 } 2873 IF_UNLOCK(&ifp->if_snd); 2874 2875 WPI_LOCK(sc); 2876 for (;;) { 2877 if (sc->qfullmsk != 0) { 2878 IF_LOCK(&ifp->if_snd); 2879 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 2880 IF_UNLOCK(&ifp->if_snd); 2881 break; 2882 } 2883 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 2884 if (m == NULL) 2885 break; 2886 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 2887 if (wpi_tx_data(sc, m, ni) != 0) { 2888 WPI_UNLOCK(sc); 2889 ieee80211_free_node(ni); 2890 WPI_LOCK(sc); 2891 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2892 } 2893 } 2894 WPI_UNLOCK(sc); 2895 2896 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: done\n", __func__); 2897} 2898 2899static void 2900wpi_start_task(void *arg0, int pending) 2901{ 2902 struct wpi_softc *sc = arg0; 2903 struct ifnet *ifp = sc->sc_ifp; 2904 2905 wpi_start(ifp); 2906} 2907 2908static void 2909wpi_watchdog_rfkill(void *arg) 2910{ 2911 struct wpi_softc *sc = arg; 2912 struct ifnet *ifp = sc->sc_ifp; 2913 struct ieee80211com *ic = ifp->if_l2com; 2914 2915 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "RFkill Watchdog: tick\n"); 2916 2917 /* No need to lock firmware memory. */ 2918 if ((wpi_prph_read(sc, WPI_APMG_RFKILL) & 0x1) == 0) { 2919 /* Radio kill switch is still off. */ 2920 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 2921 sc); 2922 } else 2923 ieee80211_runtask(ic, &sc->sc_radioon_task); 2924} 2925 2926/** 2927 * Called every second, wpi_watchdog used by the watch dog timer 2928 * to check that the card is still alive 2929 */ 2930static void 2931wpi_watchdog(void *arg) 2932{ 2933 struct wpi_softc *sc = arg; 2934 struct ifnet *ifp = sc->sc_ifp; 2935 struct ieee80211com *ic = ifp->if_l2com; 2936 2937 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "Watchdog: tick\n"); 2938 2939 if (sc->sc_tx_timer > 0) { 2940 if (--sc->sc_tx_timer == 0) { 2941 if_printf(ifp, "device timeout\n"); 2942 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2943 ieee80211_runtask(ic, &sc->sc_reinittask); 2944 } 2945 } 2946 2947 if (sc->sc_scan_timer > 0) { 2948 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2949 if (--sc->sc_scan_timer == 0 && vap != NULL) { 2950 if_printf(ifp, "scan timeout\n"); 2951 ieee80211_cancel_scan(vap); 2952 ieee80211_runtask(ic, &sc->sc_reinittask); 2953 } 2954 } 2955 2956 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 2957 callout_reset(&sc->watchdog_to, hz, wpi_watchdog, sc); 2958} 2959 2960static int 2961wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2962{ 2963 struct wpi_softc *sc = ifp->if_softc; 2964 struct ieee80211com *ic = ifp->if_l2com; 2965 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2966 struct ifreq *ifr = (struct ifreq *) data; 2967 int error = 0; 2968 2969 switch (cmd) { 2970 case SIOCGIFADDR: 2971 error = ether_ioctl(ifp, cmd, data); 2972 break; 2973 case SIOCSIFFLAGS: 2974 if (ifp->if_flags & IFF_UP) { 2975 wpi_init(sc); 2976 2977 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 && 2978 vap != NULL) 2979 ieee80211_stop(vap); 2980 } else if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) 2981 wpi_stop(sc); 2982 break; 2983 case SIOCGIFMEDIA: 2984 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 2985 break; 2986 default: 2987 error = EINVAL; 2988 break; 2989 } 2990 return error; 2991} 2992 2993/* 2994 * Send a command to the firmware. 2995 */ 2996static int 2997wpi_cmd(struct wpi_softc *sc, int code, const void *buf, size_t size, 2998 int async) 2999{ 3000 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 3001 struct wpi_tx_desc *desc; 3002 struct wpi_tx_data *data; 3003 struct wpi_tx_cmd *cmd; 3004 struct mbuf *m; 3005 bus_addr_t paddr; 3006 int totlen, error; 3007 3008 WPI_TXQ_LOCK(sc); 3009 3010 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3011 3012 if (sc->txq_active == 0) { 3013 /* wpi_stop() was called */ 3014 error = 0; 3015 goto fail; 3016 } 3017 3018 if (async == 0) 3019 WPI_LOCK_ASSERT(sc); 3020 3021 DPRINTF(sc, WPI_DEBUG_CMD, "%s: cmd %s size %zu async %d\n", 3022 __func__, wpi_cmd_str(code), size, async); 3023 3024 desc = &ring->desc[ring->cur]; 3025 data = &ring->data[ring->cur]; 3026 totlen = 4 + size; 3027 3028 if (size > sizeof cmd->data) { 3029 /* Command is too large to fit in a descriptor. */ 3030 if (totlen > MCLBYTES) { 3031 error = EINVAL; 3032 goto fail; 3033 } 3034 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 3035 if (m == NULL) { 3036 error = ENOMEM; 3037 goto fail; 3038 } 3039 cmd = mtod(m, struct wpi_tx_cmd *); 3040 error = bus_dmamap_load(ring->data_dmat, data->map, cmd, 3041 totlen, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 3042 if (error != 0) { 3043 m_freem(m); 3044 goto fail; 3045 } 3046 data->m = m; 3047 } else { 3048 cmd = &ring->cmd[ring->cur]; 3049 paddr = data->cmd_paddr; 3050 } 3051 3052 cmd->code = code; 3053 cmd->flags = 0; 3054 cmd->qid = ring->qid; 3055 cmd->idx = ring->cur; 3056 memcpy(cmd->data, buf, size); 3057 3058 desc->nsegs = 1 + (WPI_PAD32(size) << 4); 3059 desc->segs[0].addr = htole32(paddr); 3060 desc->segs[0].len = htole32(totlen); 3061 3062 if (size > sizeof cmd->data) { 3063 bus_dmamap_sync(ring->data_dmat, data->map, 3064 BUS_DMASYNC_PREWRITE); 3065 } else { 3066 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 3067 BUS_DMASYNC_PREWRITE); 3068 } 3069 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3070 BUS_DMASYNC_PREWRITE); 3071 3072 /* Kick command ring. */ 3073 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 3074 wpi_update_tx_ring(sc, ring); 3075 3076 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3077 3078 WPI_TXQ_UNLOCK(sc); 3079 3080 if (async) 3081 return 0; 3082 3083 return mtx_sleep(cmd, &sc->sc_mtx, PCATCH, "wpicmd", hz); 3084 3085fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3086 3087 WPI_TXQ_UNLOCK(sc); 3088 3089 return error; 3090} 3091 3092/* 3093 * Configure HW multi-rate retries. 3094 */ 3095static int 3096wpi_mrr_setup(struct wpi_softc *sc) 3097{ 3098 struct ifnet *ifp = sc->sc_ifp; 3099 struct ieee80211com *ic = ifp->if_l2com; 3100 struct wpi_mrr_setup mrr; 3101 int i, error; 3102 3103 /* CCK rates (not used with 802.11a). */ 3104 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 3105 mrr.rates[i].flags = 0; 3106 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3107 /* Fallback to the immediate lower CCK rate (if any.) */ 3108 mrr.rates[i].next = 3109 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 3110 /* Try one time at this rate before falling back to "next". */ 3111 mrr.rates[i].ntries = 1; 3112 } 3113 /* OFDM rates (not used with 802.11b). */ 3114 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 3115 mrr.rates[i].flags = 0; 3116 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3117 /* Fallback to the immediate lower rate (if any.) */ 3118 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 3119 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 3120 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 3121 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 3122 i - 1; 3123 /* Try one time at this rate before falling back to "next". */ 3124 mrr.rates[i].ntries = 1; 3125 } 3126 /* Setup MRR for control frames. */ 3127 mrr.which = htole32(WPI_MRR_CTL); 3128 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3129 if (error != 0) { 3130 device_printf(sc->sc_dev, 3131 "could not setup MRR for control frames\n"); 3132 return error; 3133 } 3134 /* Setup MRR for data frames. */ 3135 mrr.which = htole32(WPI_MRR_DATA); 3136 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3137 if (error != 0) { 3138 device_printf(sc->sc_dev, 3139 "could not setup MRR for data frames\n"); 3140 return error; 3141 } 3142 return 0; 3143} 3144 3145static int 3146wpi_add_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3147{ 3148 struct ieee80211com *ic = ni->ni_ic; 3149 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap); 3150 struct wpi_node *wn = WPI_NODE(ni); 3151 struct wpi_node_info node; 3152 int error; 3153 3154 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3155 3156 if (wn->id == WPI_ID_UNDEFINED) 3157 return EINVAL; 3158 3159 memset(&node, 0, sizeof node); 3160 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3161 node.id = wn->id; 3162 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3163 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3164 node.action = htole32(WPI_ACTION_SET_RATE); 3165 node.antenna = WPI_ANTENNA_BOTH; 3166 3167 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding node %d (%s)\n", __func__, 3168 wn->id, ether_sprintf(ni->ni_macaddr)); 3169 3170 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 3171 if (error != 0) { 3172 device_printf(sc->sc_dev, 3173 "%s: wpi_cmd() call failed with error code %d\n", __func__, 3174 error); 3175 return error; 3176 } 3177 3178 if (wvp->wv_gtk != 0) { 3179 error = wpi_set_global_keys(ni); 3180 if (error != 0) { 3181 device_printf(sc->sc_dev, 3182 "%s: error while setting global keys\n", __func__); 3183 return ENXIO; 3184 } 3185 } 3186 3187 return 0; 3188} 3189 3190/* 3191 * Broadcast node is used to send group-addressed and management frames. 3192 */ 3193static int 3194wpi_add_broadcast_node(struct wpi_softc *sc, int async) 3195{ 3196 struct ifnet *ifp = sc->sc_ifp; 3197 struct ieee80211com *ic = ifp->if_l2com; 3198 struct wpi_node_info node; 3199 3200 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3201 3202 memset(&node, 0, sizeof node); 3203 IEEE80211_ADDR_COPY(node.macaddr, ifp->if_broadcastaddr); 3204 node.id = WPI_ID_BROADCAST; 3205 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3206 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3207 node.action = htole32(WPI_ACTION_SET_RATE); 3208 node.antenna = WPI_ANTENNA_BOTH; 3209 3210 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding broadcast node\n", __func__); 3211 3212 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, async); 3213} 3214 3215static int 3216wpi_add_sta_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3217{ 3218 struct wpi_node *wn = WPI_NODE(ni); 3219 int error; 3220 3221 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3222 3223 wn->id = wpi_add_node_entry_sta(sc); 3224 3225 if ((error = wpi_add_node(sc, ni)) != 0) { 3226 wpi_del_node_entry(sc, wn->id); 3227 wn->id = WPI_ID_UNDEFINED; 3228 return error; 3229 } 3230 3231 return 0; 3232} 3233 3234static int 3235wpi_add_ibss_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3236{ 3237 struct wpi_node *wn = WPI_NODE(ni); 3238 int error; 3239 3240 KASSERT(wn->id == WPI_ID_UNDEFINED, 3241 ("the node %d was added before", wn->id)); 3242 3243 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3244 3245 if ((wn->id = wpi_add_node_entry_adhoc(sc)) == WPI_ID_UNDEFINED) { 3246 device_printf(sc->sc_dev, "%s: h/w table is full\n", __func__); 3247 return ENOMEM; 3248 } 3249 3250 if ((error = wpi_add_node(sc, ni)) != 0) { 3251 wpi_del_node_entry(sc, wn->id); 3252 wn->id = WPI_ID_UNDEFINED; 3253 return error; 3254 } 3255 3256 return 0; 3257} 3258 3259static void 3260wpi_del_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3261{ 3262 struct wpi_node *wn = WPI_NODE(ni); 3263 struct wpi_cmd_del_node node; 3264 int error; 3265 3266 KASSERT(wn->id != WPI_ID_UNDEFINED, ("undefined node id passed")); 3267 3268 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3269 3270 memset(&node, 0, sizeof node); 3271 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3272 node.count = 1; 3273 3274 DPRINTF(sc, WPI_DEBUG_NODE, "%s: deleting node %d (%s)\n", __func__, 3275 wn->id, ether_sprintf(ni->ni_macaddr)); 3276 3277 error = wpi_cmd(sc, WPI_CMD_DEL_NODE, &node, sizeof node, 1); 3278 if (error != 0) { 3279 device_printf(sc->sc_dev, 3280 "%s: could not delete node %u, error %d\n", __func__, 3281 wn->id, error); 3282 } 3283} 3284 3285static int 3286wpi_updateedca(struct ieee80211com *ic) 3287{ 3288#define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 3289 struct wpi_softc *sc = ic->ic_ifp->if_softc; 3290 struct wpi_edca_params cmd; 3291 int aci, error; 3292 3293 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3294 3295 memset(&cmd, 0, sizeof cmd); 3296 cmd.flags = htole32(WPI_EDCA_UPDATE); 3297 for (aci = 0; aci < WME_NUM_AC; aci++) { 3298 const struct wmeParams *ac = 3299 &ic->ic_wme.wme_chanParams.cap_wmeParams[aci]; 3300 cmd.ac[aci].aifsn = ac->wmep_aifsn; 3301 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->wmep_logcwmin)); 3302 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->wmep_logcwmax)); 3303 cmd.ac[aci].txoplimit = 3304 htole16(IEEE80211_TXOP_TO_US(ac->wmep_txopLimit)); 3305 3306 DPRINTF(sc, WPI_DEBUG_EDCA, 3307 "setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 3308 "txoplimit=%d\n", aci, cmd.ac[aci].aifsn, 3309 cmd.ac[aci].cwmin, cmd.ac[aci].cwmax, 3310 cmd.ac[aci].txoplimit); 3311 } 3312 error = wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 3313 3314 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3315 3316 return error; 3317#undef WPI_EXP2 3318} 3319 3320static void 3321wpi_set_promisc(struct wpi_softc *sc) 3322{ 3323 struct ifnet *ifp = sc->sc_ifp; 3324 uint32_t promisc_filter; 3325 3326 promisc_filter = WPI_FILTER_PROMISC | WPI_FILTER_CTL; 3327 3328 if (ifp->if_flags & IFF_PROMISC) 3329 sc->rxon.filter |= htole32(promisc_filter); 3330 else 3331 sc->rxon.filter &= ~htole32(promisc_filter); 3332} 3333 3334static void 3335wpi_update_promisc(struct ifnet *ifp) 3336{ 3337 struct wpi_softc *sc = ifp->if_softc; 3338 3339 WPI_LOCK(sc); 3340 wpi_set_promisc(sc); 3341 3342 if (wpi_send_rxon(sc, 1, 1) != 0) { 3343 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3344 __func__); 3345 } 3346 WPI_UNLOCK(sc); 3347} 3348 3349static void 3350wpi_update_mcast(struct ifnet *ifp) 3351{ 3352 /* Ignore */ 3353} 3354 3355static void 3356wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 3357{ 3358 struct wpi_cmd_led led; 3359 3360 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3361 3362 led.which = which; 3363 led.unit = htole32(100000); /* on/off in unit of 100ms */ 3364 led.off = off; 3365 led.on = on; 3366 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 3367} 3368 3369static int 3370wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 3371{ 3372 struct wpi_cmd_timing cmd; 3373 uint64_t val, mod; 3374 3375 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3376 3377 memset(&cmd, 0, sizeof cmd); 3378 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t)); 3379 cmd.bintval = htole16(ni->ni_intval); 3380 cmd.lintval = htole16(10); 3381 3382 /* Compute remaining time until next beacon. */ 3383 val = (uint64_t)ni->ni_intval * IEEE80211_DUR_TU; 3384 mod = le64toh(cmd.tstamp) % val; 3385 cmd.binitval = htole32((uint32_t)(val - mod)); 3386 3387 DPRINTF(sc, WPI_DEBUG_RESET, "timing bintval=%u tstamp=%ju, init=%u\n", 3388 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod)); 3389 3390 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 3391} 3392 3393/* 3394 * This function is called periodically (every 60 seconds) to adjust output 3395 * power to temperature changes. 3396 */ 3397static void 3398wpi_power_calibration(struct wpi_softc *sc) 3399{ 3400 int temp; 3401 3402 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3403 3404 /* Update sensor data. */ 3405 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 3406 DPRINTF(sc, WPI_DEBUG_TEMP, "Temp in calibration is: %d\n", temp); 3407 3408 /* Sanity-check read value. */ 3409 if (temp < -260 || temp > 25) { 3410 /* This can't be correct, ignore. */ 3411 DPRINTF(sc, WPI_DEBUG_TEMP, 3412 "out-of-range temperature reported: %d\n", temp); 3413 return; 3414 } 3415 3416 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d->%d\n", sc->temp, temp); 3417 3418 /* Adjust Tx power if need be. */ 3419 if (abs(temp - sc->temp) <= 6) 3420 return; 3421 3422 sc->temp = temp; 3423 3424 if (wpi_set_txpower(sc, 1) != 0) { 3425 /* just warn, too bad for the automatic calibration... */ 3426 device_printf(sc->sc_dev,"could not adjust Tx power\n"); 3427 } 3428} 3429 3430/* 3431 * Set TX power for current channel. 3432 */ 3433static int 3434wpi_set_txpower(struct wpi_softc *sc, int async) 3435{ 3436 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3437 struct ieee80211_channel *ch; 3438 struct wpi_power_group *group; 3439 struct wpi_cmd_txpower cmd; 3440 uint8_t chan; 3441 int idx, i; 3442 3443 /* Retrieve current channel from last RXON. */ 3444 chan = sc->rxon.chan; 3445 ch = &ic->ic_channels[chan]; 3446 3447 /* Find the TX power group to which this channel belongs. */ 3448 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3449 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 3450 if (chan <= group->chan) 3451 break; 3452 } else 3453 group = &sc->groups[0]; 3454 3455 memset(&cmd, 0, sizeof cmd); 3456 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 3457 cmd.chan = htole16(chan); 3458 3459 /* Set TX power for all OFDM and CCK rates. */ 3460 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 3461 /* Retrieve TX power for this channel/rate. */ 3462 idx = wpi_get_power_index(sc, group, ch, i); 3463 3464 cmd.rates[i].plcp = wpi_ridx_to_plcp[i]; 3465 3466 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3467 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 3468 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 3469 } else { 3470 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 3471 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 3472 } 3473 DPRINTF(sc, WPI_DEBUG_TEMP, 3474 "chan %d/ridx %d: power index %d\n", chan, i, idx); 3475 } 3476 3477 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 3478} 3479 3480/* 3481 * Determine Tx power index for a given channel/rate combination. 3482 * This takes into account the regulatory information from EEPROM and the 3483 * current temperature. 3484 */ 3485static int 3486wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 3487 struct ieee80211_channel *c, int ridx) 3488{ 3489/* Fixed-point arithmetic division using a n-bit fractional part. */ 3490#define fdivround(a, b, n) \ 3491 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 3492 3493/* Linear interpolation. */ 3494#define interpolate(x, x1, y1, x2, y2, n) \ 3495 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 3496 3497 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3498 struct wpi_power_sample *sample; 3499 int pwr, idx; 3500 u_int chan; 3501 3502 /* Get channel number. */ 3503 chan = ieee80211_chan2ieee(ic, c); 3504 3505 /* Default TX power is group maximum TX power minus 3dB. */ 3506 pwr = group->maxpwr / 2; 3507 3508 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 3509 switch (ridx) { 3510 case WPI_RIDX_OFDM36: 3511 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 3512 break; 3513 case WPI_RIDX_OFDM48: 3514 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 3515 break; 3516 case WPI_RIDX_OFDM54: 3517 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 3518 break; 3519 } 3520 3521 /* Never exceed the channel maximum allowed TX power. */ 3522 pwr = min(pwr, sc->maxpwr[chan]); 3523 3524 /* Retrieve TX power index into gain tables from samples. */ 3525 for (sample = group->samples; sample < &group->samples[3]; sample++) 3526 if (pwr > sample[1].power) 3527 break; 3528 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 3529 idx = interpolate(pwr, sample[0].power, sample[0].index, 3530 sample[1].power, sample[1].index, 19); 3531 3532 /*- 3533 * Adjust power index based on current temperature: 3534 * - if cooler than factory-calibrated: decrease output power 3535 * - if warmer than factory-calibrated: increase output power 3536 */ 3537 idx -= (sc->temp - group->temp) * 11 / 100; 3538 3539 /* Decrease TX power for CCK rates (-5dB). */ 3540 if (ridx >= WPI_RIDX_CCK1) 3541 idx += 10; 3542 3543 /* Make sure idx stays in a valid range. */ 3544 if (idx < 0) 3545 return 0; 3546 if (idx > WPI_MAX_PWR_INDEX) 3547 return WPI_MAX_PWR_INDEX; 3548 return idx; 3549 3550#undef interpolate 3551#undef fdivround 3552} 3553 3554/* 3555 * Set STA mode power saving level (between 0 and 5). 3556 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 3557 */ 3558static int 3559wpi_set_pslevel(struct wpi_softc *sc, uint8_t dtim, int level, int async) 3560{ 3561 struct wpi_pmgt_cmd cmd; 3562 const struct wpi_pmgt *pmgt; 3563 uint32_t max, skip_dtim; 3564 uint32_t reg; 3565 int i; 3566 3567 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 3568 "%s: dtim=%d, level=%d, async=%d\n", 3569 __func__, dtim, level, async); 3570 3571 /* Select which PS parameters to use. */ 3572 if (dtim <= 10) 3573 pmgt = &wpi_pmgt[0][level]; 3574 else 3575 pmgt = &wpi_pmgt[1][level]; 3576 3577 memset(&cmd, 0, sizeof cmd); 3578 if (level != 0) /* not CAM */ 3579 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 3580 /* Retrieve PCIe Active State Power Management (ASPM). */ 3581 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 3582 if (!(reg & 0x1)) /* L0s Entry disabled. */ 3583 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 3584 3585 cmd.rxtimeout = htole32(pmgt->rxtimeout * IEEE80211_DUR_TU); 3586 cmd.txtimeout = htole32(pmgt->txtimeout * IEEE80211_DUR_TU); 3587 3588 if (dtim == 0) { 3589 dtim = 1; 3590 skip_dtim = 0; 3591 } else 3592 skip_dtim = pmgt->skip_dtim; 3593 3594 if (skip_dtim != 0) { 3595 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 3596 max = pmgt->intval[4]; 3597 if (max == (uint32_t)-1) 3598 max = dtim * (skip_dtim + 1); 3599 else if (max > dtim) 3600 max = (max / dtim) * dtim; 3601 } else 3602 max = dtim; 3603 3604 for (i = 0; i < 5; i++) 3605 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 3606 3607 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 3608} 3609 3610static int 3611wpi_send_btcoex(struct wpi_softc *sc) 3612{ 3613 struct wpi_bluetooth cmd; 3614 3615 memset(&cmd, 0, sizeof cmd); 3616 cmd.flags = WPI_BT_COEX_MODE_4WIRE; 3617 cmd.lead_time = WPI_BT_LEAD_TIME_DEF; 3618 cmd.max_kill = WPI_BT_MAX_KILL_DEF; 3619 DPRINTF(sc, WPI_DEBUG_RESET, "%s: configuring bluetooth coexistence\n", 3620 __func__); 3621 return wpi_cmd(sc, WPI_CMD_BT_COEX, &cmd, sizeof(cmd), 0); 3622} 3623 3624static int 3625wpi_send_rxon(struct wpi_softc *sc, int assoc, int async) 3626{ 3627 int error; 3628 3629 if (assoc && (sc->rxon.filter & htole32(WPI_FILTER_BSS))) { 3630 struct wpi_assoc rxon_assoc; 3631 3632 rxon_assoc.flags = sc->rxon.flags; 3633 rxon_assoc.filter = sc->rxon.filter; 3634 rxon_assoc.ofdm_mask = sc->rxon.ofdm_mask; 3635 rxon_assoc.cck_mask = sc->rxon.cck_mask; 3636 rxon_assoc.reserved = 0; 3637 3638 error = wpi_cmd(sc, WPI_CMD_RXON_ASSOC, &rxon_assoc, 3639 sizeof (struct wpi_assoc), async); 3640 if (error != 0) { 3641 device_printf(sc->sc_dev, 3642 "RXON_ASSOC command failed, error %d\n", error); 3643 return error; 3644 } 3645 } else { 3646 if (async) { 3647 WPI_NT_LOCK(sc); 3648 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3649 sizeof (struct wpi_rxon), async); 3650 if (error == 0) 3651 wpi_clear_node_table(sc); 3652 WPI_NT_UNLOCK(sc); 3653 } else { 3654 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3655 sizeof (struct wpi_rxon), async); 3656 if (error == 0) 3657 wpi_clear_node_table(sc); 3658 } 3659 3660 if (error != 0) { 3661 device_printf(sc->sc_dev, 3662 "RXON command failed, error %d\n", error); 3663 return error; 3664 } 3665 3666 /* Add broadcast node. */ 3667 error = wpi_add_broadcast_node(sc, async); 3668 if (error != 0) { 3669 device_printf(sc->sc_dev, 3670 "could not add broadcast node, error %d\n", error); 3671 return error; 3672 } 3673 } 3674 3675 /* Configuration has changed, set Tx power accordingly. */ 3676 if ((error = wpi_set_txpower(sc, async)) != 0) { 3677 device_printf(sc->sc_dev, 3678 "%s: could not set TX power, error %d\n", __func__, error); 3679 return error; 3680 } 3681 3682 return 0; 3683} 3684 3685/** 3686 * Configure the card to listen to a particular channel, this transisions the 3687 * card in to being able to receive frames from remote devices. 3688 */ 3689static int 3690wpi_config(struct wpi_softc *sc) 3691{ 3692 struct ifnet *ifp = sc->sc_ifp; 3693 struct ieee80211com *ic = ifp->if_l2com; 3694 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3695 uint32_t flags; 3696 int error; 3697 3698 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3699 3700 /* Set power saving level to CAM during initialization. */ 3701 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 3702 device_printf(sc->sc_dev, 3703 "%s: could not set power saving level\n", __func__); 3704 return error; 3705 } 3706 3707 /* Configure bluetooth coexistence. */ 3708 if ((error = wpi_send_btcoex(sc)) != 0) { 3709 device_printf(sc->sc_dev, 3710 "could not configure bluetooth coexistence\n"); 3711 return error; 3712 } 3713 3714 /* Configure adapter. */ 3715 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 3716 IEEE80211_ADDR_COPY(sc->rxon.myaddr, vap->iv_myaddr); 3717 3718 /* Set default channel. */ 3719 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 3720 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 3721 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) 3722 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 3723 3724 sc->rxon.filter = WPI_FILTER_MULTICAST; 3725 switch (ic->ic_opmode) { 3726 case IEEE80211_M_STA: 3727 sc->rxon.mode = WPI_MODE_STA; 3728 break; 3729 case IEEE80211_M_IBSS: 3730 sc->rxon.mode = WPI_MODE_IBSS; 3731 sc->rxon.filter |= WPI_FILTER_BEACON; 3732 break; 3733 /* XXX workaround for passive channels selection */ 3734 case IEEE80211_M_AHDEMO: 3735 case IEEE80211_M_HOSTAP: 3736 sc->rxon.mode = WPI_MODE_HOSTAP; 3737 break; 3738 case IEEE80211_M_MONITOR: 3739 sc->rxon.mode = WPI_MODE_MONITOR; 3740 break; 3741 default: 3742 device_printf(sc->sc_dev, "unknown opmode %d\n", 3743 ic->ic_opmode); 3744 return EINVAL; 3745 } 3746 sc->rxon.filter = htole32(sc->rxon.filter); 3747 wpi_set_promisc(sc); 3748 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 3749 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 3750 3751 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) { 3752 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3753 __func__); 3754 return error; 3755 } 3756 3757 /* Setup rate scalling. */ 3758 if ((error = wpi_mrr_setup(sc)) != 0) { 3759 device_printf(sc->sc_dev, "could not setup MRR, error %d\n", 3760 error); 3761 return error; 3762 } 3763 3764 /* Disable beacon notifications (unused). */ 3765 flags = WPI_STATISTICS_BEACON_DISABLE; 3766 error = wpi_cmd(sc, WPI_CMD_GET_STATISTICS, &flags, sizeof flags, 1); 3767 if (error != 0) { 3768 device_printf(sc->sc_dev, 3769 "could not disable beacon statistics, error %d\n", error); 3770 return error; 3771 } 3772 3773 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3774 3775 return 0; 3776} 3777 3778static uint16_t 3779wpi_get_active_dwell_time(struct wpi_softc *sc, 3780 struct ieee80211_channel *c, uint8_t n_probes) 3781{ 3782 /* No channel? Default to 2GHz settings. */ 3783 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) { 3784 return (WPI_ACTIVE_DWELL_TIME_2GHZ + 3785 WPI_ACTIVE_DWELL_FACTOR_2GHZ * (n_probes + 1)); 3786 } 3787 3788 /* 5GHz dwell time. */ 3789 return (WPI_ACTIVE_DWELL_TIME_5GHZ + 3790 WPI_ACTIVE_DWELL_FACTOR_5GHZ * (n_probes + 1)); 3791} 3792 3793/* 3794 * Limit the total dwell time to 85% of the beacon interval. 3795 * 3796 * Returns the dwell time in milliseconds. 3797 */ 3798static uint16_t 3799wpi_limit_dwell(struct wpi_softc *sc, uint16_t dwell_time) 3800{ 3801 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3802 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3803 int bintval = 0; 3804 3805 /* bintval is in TU (1.024mS) */ 3806 if (vap != NULL) 3807 bintval = vap->iv_bss->ni_intval; 3808 3809 /* 3810 * If it's non-zero, we should calculate the minimum of 3811 * it and the DWELL_BASE. 3812 * 3813 * XXX Yes, the math should take into account that bintval 3814 * is 1.024mS, not 1mS.. 3815 */ 3816 if (bintval > 0) { 3817 DPRINTF(sc, WPI_DEBUG_SCAN, "%s: bintval=%d\n", __func__, 3818 bintval); 3819 return (MIN(WPI_PASSIVE_DWELL_BASE, ((bintval * 85) / 100))); 3820 } 3821 3822 /* No association context? Default. */ 3823 return (WPI_PASSIVE_DWELL_BASE); 3824} 3825 3826static uint16_t 3827wpi_get_passive_dwell_time(struct wpi_softc *sc, struct ieee80211_channel *c) 3828{ 3829 uint16_t passive; 3830 3831 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) 3832 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_2GHZ; 3833 else 3834 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_5GHZ; 3835 3836 /* Clamp to the beacon interval if we're associated. */ 3837 return (wpi_limit_dwell(sc, passive)); 3838} 3839 3840/* 3841 * Send a scan request to the firmware. 3842 */ 3843static int 3844wpi_scan(struct wpi_softc *sc, struct ieee80211_channel *c) 3845{ 3846 struct ifnet *ifp = sc->sc_ifp; 3847 struct ieee80211com *ic = ifp->if_l2com; 3848 struct ieee80211_scan_state *ss = ic->ic_scan; 3849 struct ieee80211vap *vap = ss->ss_vap; 3850 struct wpi_scan_hdr *hdr; 3851 struct wpi_cmd_data *tx; 3852 struct wpi_scan_essid *essids; 3853 struct wpi_scan_chan *chan; 3854 struct ieee80211_frame *wh; 3855 struct ieee80211_rateset *rs; 3856 uint16_t dwell_active, dwell_passive; 3857 uint8_t *buf, *frm; 3858 int buflen, error, i, nssid; 3859 3860 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3861 3862 /* 3863 * We are absolutely not allowed to send a scan command when another 3864 * scan command is pending. 3865 */ 3866 if (sc->sc_scan_timer) { 3867 device_printf(sc->sc_dev, "%s: called whilst scanning!\n", 3868 __func__); 3869 3870 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3871 3872 return (EAGAIN); 3873 } 3874 3875 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 3876 if (buf == NULL) { 3877 device_printf(sc->sc_dev, 3878 "%s: could not allocate buffer for scan command\n", 3879 __func__); 3880 error = ENOMEM; 3881 goto fail; 3882 } 3883 hdr = (struct wpi_scan_hdr *)buf; 3884 3885 /* 3886 * Move to the next channel if no packets are received within 10 msecs 3887 * after sending the probe request. 3888 */ 3889 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 3890 hdr->quiet_threshold = htole16(1); /* min # of packets */ 3891 /* 3892 * Max needs to be greater than active and passive and quiet! 3893 * It's also in microseconds! 3894 */ 3895 hdr->max_svc = htole32(250 * IEEE80211_DUR_TU); 3896 hdr->pause_svc = htole32((4 << 24) | 3897 (100 * IEEE80211_DUR_TU)); /* Hardcode for now */ 3898 hdr->filter = htole32(WPI_FILTER_MULTICAST | WPI_FILTER_BEACON); 3899 3900 tx = (struct wpi_cmd_data *)(hdr + 1); 3901 tx->flags = htole32(WPI_TX_AUTO_SEQ); 3902 tx->id = WPI_ID_BROADCAST; 3903 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 3904 3905 if (IEEE80211_IS_CHAN_5GHZ(c)) { 3906 /* Send probe requests at 6Mbps. */ 3907 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_OFDM6]; 3908 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 3909 } else { 3910 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 3911 /* Send probe requests at 1Mbps. */ 3912 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3913 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 3914 } 3915 3916 essids = (struct wpi_scan_essid *)(tx + 1); 3917 nssid = MIN(ss->ss_nssid, WPI_SCAN_MAX_ESSIDS); 3918 for (i = 0; i < nssid; i++) { 3919 essids[i].id = IEEE80211_ELEMID_SSID; 3920 essids[i].len = MIN(ss->ss_ssid[i].len, IEEE80211_NWID_LEN); 3921 memcpy(essids[i].data, ss->ss_ssid[i].ssid, essids[i].len); 3922#ifdef WPI_DEBUG 3923 if (sc->sc_debug & WPI_DEBUG_SCAN) { 3924 printf("Scanning Essid: "); 3925 ieee80211_print_essid(essids[i].data, essids[i].len); 3926 printf("\n"); 3927 } 3928#endif 3929 } 3930 3931 /* 3932 * Build a probe request frame. Most of the following code is a 3933 * copy & paste of what is done in net80211. 3934 */ 3935 wh = (struct ieee80211_frame *)(essids + WPI_SCAN_MAX_ESSIDS); 3936 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3937 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 3938 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3939 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 3940 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 3941 IEEE80211_ADDR_COPY(wh->i_addr3, ifp->if_broadcastaddr); 3942 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 3943 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 3944 3945 frm = (uint8_t *)(wh + 1); 3946 frm = ieee80211_add_ssid(frm, NULL, 0); 3947 frm = ieee80211_add_rates(frm, rs); 3948 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 3949 frm = ieee80211_add_xrates(frm, rs); 3950 3951 /* Set length of probe request. */ 3952 tx->len = htole16(frm - (uint8_t *)wh); 3953 3954 /* 3955 * Construct information about the channel that we 3956 * want to scan. The firmware expects this to be directly 3957 * after the scan probe request 3958 */ 3959 chan = (struct wpi_scan_chan *)frm; 3960 chan->chan = htole16(ieee80211_chan2ieee(ic, c)); 3961 chan->flags = 0; 3962 if (nssid) { 3963 hdr->crc_threshold = WPI_SCAN_CRC_TH_DEFAULT; 3964 chan->flags |= WPI_CHAN_NPBREQS(nssid); 3965 } else 3966 hdr->crc_threshold = WPI_SCAN_CRC_TH_NEVER; 3967 3968 if (!IEEE80211_IS_CHAN_PASSIVE(c)) 3969 chan->flags |= WPI_CHAN_ACTIVE; 3970 3971 /* 3972 * Calculate the active/passive dwell times. 3973 */ 3974 3975 dwell_active = wpi_get_active_dwell_time(sc, c, nssid); 3976 dwell_passive = wpi_get_passive_dwell_time(sc, c); 3977 3978 /* Make sure they're valid. */ 3979 if (dwell_passive <= dwell_active) 3980 dwell_passive = dwell_active + 1; 3981 3982 chan->active = htole16(dwell_active); 3983 chan->passive = htole16(dwell_passive); 3984 3985 chan->dsp_gain = 0x6e; /* Default level */ 3986 3987 if (IEEE80211_IS_CHAN_5GHZ(c)) 3988 chan->rf_gain = 0x3b; 3989 else 3990 chan->rf_gain = 0x28; 3991 3992 DPRINTF(sc, WPI_DEBUG_SCAN, "Scanning %u Passive: %d\n", 3993 chan->chan, IEEE80211_IS_CHAN_PASSIVE(c)); 3994 3995 hdr->nchan++; 3996 chan++; 3997 3998 buflen = (uint8_t *)chan - buf; 3999 hdr->len = htole16(buflen); 4000 4001 DPRINTF(sc, WPI_DEBUG_CMD, "sending scan command nchan=%d\n", 4002 hdr->nchan); 4003 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 4004 free(buf, M_DEVBUF); 4005 4006 if (error != 0) 4007 goto fail; 4008 4009 sc->sc_scan_timer = 5; 4010 4011 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4012 4013 return 0; 4014 4015fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 4016 4017 return error; 4018} 4019 4020static int 4021wpi_auth(struct wpi_softc *sc, struct ieee80211vap *vap) 4022{ 4023 struct ieee80211com *ic = vap->iv_ic; 4024 struct ieee80211_node *ni = vap->iv_bss; 4025 int error; 4026 4027 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4028 4029 /* Update adapter configuration. */ 4030 sc->rxon.associd = 0; 4031 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 4032 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4033 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 4034 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4035 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 4036 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4037 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4038 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4039 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4040 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4041 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) { 4042 sc->rxon.cck_mask = 0; 4043 sc->rxon.ofdm_mask = 0x15; 4044 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) { 4045 sc->rxon.cck_mask = 0x03; 4046 sc->rxon.ofdm_mask = 0; 4047 } else { 4048 /* Assume 802.11b/g. */ 4049 sc->rxon.cck_mask = 0x0f; 4050 sc->rxon.ofdm_mask = 0x15; 4051 } 4052 4053 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x cck %x ofdm %x\n", 4054 sc->rxon.chan, sc->rxon.flags, sc->rxon.cck_mask, 4055 sc->rxon.ofdm_mask); 4056 4057 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4058 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4059 __func__); 4060 } 4061 4062 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4063 4064 return error; 4065} 4066 4067static int 4068wpi_config_beacon(struct wpi_vap *wvp) 4069{ 4070 struct ieee80211com *ic = wvp->wv_vap.iv_ic; 4071 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4072 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4073 struct wpi_softc *sc = ic->ic_ifp->if_softc; 4074 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 4075 struct ieee80211_tim_ie *tie; 4076 struct mbuf *m; 4077 uint8_t *ptr; 4078 int error; 4079 4080 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4081 4082 WPI_VAP_LOCK_ASSERT(wvp); 4083 4084 cmd->len = htole16(bcn->m->m_pkthdr.len); 4085 cmd->plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4086 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 4087 4088 /* XXX seems to be unused */ 4089 if (*(bo->bo_tim) == IEEE80211_ELEMID_TIM) { 4090 tie = (struct ieee80211_tim_ie *) bo->bo_tim; 4091 ptr = mtod(bcn->m, uint8_t *); 4092 4093 cmd->tim = htole16(bo->bo_tim - ptr); 4094 cmd->timsz = tie->tim_len; 4095 } 4096 4097 /* Necessary for recursion in ieee80211_beacon_update(). */ 4098 m = bcn->m; 4099 bcn->m = m_dup(m, M_NOWAIT); 4100 if (bcn->m == NULL) { 4101 device_printf(sc->sc_dev, 4102 "%s: could not copy beacon frame\n", __func__); 4103 error = ENOMEM; 4104 goto end; 4105 } 4106 4107 if ((error = wpi_cmd2(sc, bcn)) != 0) { 4108 device_printf(sc->sc_dev, 4109 "%s: could not update beacon frame, error %d", __func__, 4110 error); 4111 } 4112 4113 /* Restore mbuf. */ 4114end: bcn->m = m; 4115 4116 return error; 4117} 4118 4119static int 4120wpi_setup_beacon(struct wpi_softc *sc, struct ieee80211_node *ni) 4121{ 4122 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap); 4123 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4124 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4125 struct mbuf *m; 4126 int error; 4127 4128 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4129 4130 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4131 return EINVAL; 4132 4133 m = ieee80211_beacon_alloc(ni, bo); 4134 if (m == NULL) { 4135 device_printf(sc->sc_dev, 4136 "%s: could not allocate beacon frame\n", __func__); 4137 return ENOMEM; 4138 } 4139 4140 WPI_VAP_LOCK(wvp); 4141 if (bcn->m != NULL) 4142 m_freem(bcn->m); 4143 4144 bcn->m = m; 4145 4146 error = wpi_config_beacon(wvp); 4147 WPI_VAP_UNLOCK(wvp); 4148 4149 return error; 4150} 4151 4152static void 4153wpi_update_beacon(struct ieee80211vap *vap, int item) 4154{ 4155 struct wpi_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4156 struct wpi_vap *wvp = WPI_VAP(vap); 4157 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4158 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4159 struct ieee80211_node *ni = vap->iv_bss; 4160 int mcast = 0; 4161 4162 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4163 4164 WPI_VAP_LOCK(wvp); 4165 if (bcn->m == NULL) { 4166 bcn->m = ieee80211_beacon_alloc(ni, bo); 4167 if (bcn->m == NULL) { 4168 device_printf(sc->sc_dev, 4169 "%s: could not allocate beacon frame\n", __func__); 4170 4171 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, 4172 __func__); 4173 4174 WPI_VAP_UNLOCK(wvp); 4175 return; 4176 } 4177 } 4178 WPI_VAP_UNLOCK(wvp); 4179 4180 if (item == IEEE80211_BEACON_TIM) 4181 mcast = 1; /* TODO */ 4182 4183 setbit(bo->bo_flags, item); 4184 ieee80211_beacon_update(ni, bo, bcn->m, mcast); 4185 4186 WPI_VAP_LOCK(wvp); 4187 wpi_config_beacon(wvp); 4188 WPI_VAP_UNLOCK(wvp); 4189 4190 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4191} 4192 4193static void 4194wpi_newassoc(struct ieee80211_node *ni, int isnew) 4195{ 4196 struct ieee80211vap *vap = ni->ni_vap; 4197 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4198 struct wpi_node *wn = WPI_NODE(ni); 4199 int error; 4200 4201 WPI_NT_LOCK(sc); 4202 4203 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4204 4205 if (vap->iv_opmode != IEEE80211_M_STA && wn->id == WPI_ID_UNDEFINED) { 4206 if ((error = wpi_add_ibss_node(sc, ni)) != 0) { 4207 device_printf(sc->sc_dev, 4208 "%s: could not add IBSS node, error %d\n", 4209 __func__, error); 4210 } 4211 } 4212 WPI_NT_UNLOCK(sc); 4213} 4214 4215static int 4216wpi_run(struct wpi_softc *sc, struct ieee80211vap *vap) 4217{ 4218 struct ieee80211com *ic = vap->iv_ic; 4219 struct ieee80211_node *ni = vap->iv_bss; 4220 int error; 4221 4222 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4223 4224 if (vap->iv_opmode == IEEE80211_M_MONITOR) { 4225 /* Link LED blinks while monitoring. */ 4226 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 4227 return 0; 4228 } 4229 4230 /* XXX kernel panic workaround */ 4231 if (ni->ni_chan == IEEE80211_CHAN_ANYC) { 4232 device_printf(sc->sc_dev, "%s: incomplete configuration\n", 4233 __func__); 4234 return EINVAL; 4235 } 4236 4237 if ((error = wpi_set_timing(sc, ni)) != 0) { 4238 device_printf(sc->sc_dev, 4239 "%s: could not set timing, error %d\n", __func__, error); 4240 return error; 4241 } 4242 4243 /* Update adapter configuration. */ 4244 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4245 sc->rxon.associd = htole16(IEEE80211_NODE_AID(ni)); 4246 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 4247 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4248 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 4249 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4250 /* Short preamble and slot time are negotiated when associating. */ 4251 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 4252 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4253 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4254 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4255 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4256 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) { 4257 sc->rxon.cck_mask = 0; 4258 sc->rxon.ofdm_mask = 0x15; 4259 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) { 4260 sc->rxon.cck_mask = 0x03; 4261 sc->rxon.ofdm_mask = 0; 4262 } else { 4263 /* Assume 802.11b/g. */ 4264 sc->rxon.cck_mask = 0x0f; 4265 sc->rxon.ofdm_mask = 0x15; 4266 } 4267 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 4268 4269 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x\n", 4270 sc->rxon.chan, sc->rxon.flags); 4271 4272 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4273 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4274 __func__); 4275 return error; 4276 } 4277 4278 if (vap->iv_opmode == IEEE80211_M_IBSS) { 4279 if ((error = wpi_setup_beacon(sc, ni)) != 0) { 4280 device_printf(sc->sc_dev, 4281 "%s: could not setup beacon, error %d\n", __func__, 4282 error); 4283 return error; 4284 } 4285 } 4286 4287 if (vap->iv_opmode == IEEE80211_M_STA) { 4288 /* Add BSS node. */ 4289 WPI_NT_LOCK(sc); 4290 error = wpi_add_sta_node(sc, ni); 4291 WPI_NT_UNLOCK(sc); 4292 if (error != 0) { 4293 device_printf(sc->sc_dev, 4294 "%s: could not add BSS node, error %d\n", __func__, 4295 error); 4296 return error; 4297 } 4298 } 4299 4300 /* Link LED always on while associated. */ 4301 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 4302 4303 /* Start periodic calibration timer. */ 4304 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 4305 4306 /* Enable power-saving mode if requested by user. */ 4307 if ((vap->iv_flags & IEEE80211_F_PMGTON) && 4308 vap->iv_opmode != IEEE80211_M_IBSS) 4309 (void)wpi_set_pslevel(sc, 0, 3, 1); 4310 else 4311 (void)wpi_set_pslevel(sc, 0, 0, 1); 4312 4313 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4314 4315 return 0; 4316} 4317 4318static int 4319wpi_load_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4320{ 4321 const struct ieee80211_cipher *cip = k->wk_cipher; 4322 struct ieee80211vap *vap = ni->ni_vap; 4323 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4324 struct wpi_node *wn = WPI_NODE(ni); 4325 struct wpi_node_info node; 4326 uint16_t kflags; 4327 int error; 4328 4329 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4330 4331 if (wpi_check_node_entry(sc, wn->id) == 0) { 4332 device_printf(sc->sc_dev, "%s: node does not exist\n", 4333 __func__); 4334 return 0; 4335 } 4336 4337 switch (cip->ic_cipher) { 4338 case IEEE80211_CIPHER_AES_CCM: 4339 kflags = WPI_KFLAG_CCMP; 4340 break; 4341 4342 default: 4343 device_printf(sc->sc_dev, "%s: unknown cipher %d\n", __func__, 4344 cip->ic_cipher); 4345 return 0; 4346 } 4347 4348 kflags |= WPI_KFLAG_KID(k->wk_keyix); 4349 if (k->wk_flags & IEEE80211_KEY_GROUP) 4350 kflags |= WPI_KFLAG_MULTICAST; 4351 4352 memset(&node, 0, sizeof node); 4353 node.id = wn->id; 4354 node.control = WPI_NODE_UPDATE; 4355 node.flags = WPI_FLAG_KEY_SET; 4356 node.kflags = htole16(kflags); 4357 memcpy(node.key, k->wk_key, k->wk_keylen); 4358again: 4359 DPRINTF(sc, WPI_DEBUG_KEY, 4360 "%s: setting %s key id %d for node %d (%s)\n", __func__, 4361 (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", k->wk_keyix, 4362 node.id, ether_sprintf(ni->ni_macaddr)); 4363 4364 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4365 if (error != 0) { 4366 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4367 error); 4368 return !error; 4369 } 4370 4371 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4372 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4373 kflags |= WPI_KFLAG_MULTICAST; 4374 node.kflags = htole16(kflags); 4375 4376 goto again; 4377 } 4378 4379 return 1; 4380} 4381 4382static void 4383wpi_load_key_cb(void *arg, struct ieee80211_node *ni) 4384{ 4385 const struct ieee80211_key *k = arg; 4386 struct ieee80211vap *vap = ni->ni_vap; 4387 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4388 struct wpi_node *wn = WPI_NODE(ni); 4389 int error; 4390 4391 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4392 return; 4393 4394 WPI_NT_LOCK(sc); 4395 error = wpi_load_key(ni, k); 4396 WPI_NT_UNLOCK(sc); 4397 4398 if (error == 0) { 4399 device_printf(sc->sc_dev, "%s: error while setting key\n", 4400 __func__); 4401 } 4402} 4403 4404static int 4405wpi_set_global_keys(struct ieee80211_node *ni) 4406{ 4407 struct ieee80211vap *vap = ni->ni_vap; 4408 struct ieee80211_key *wk = &vap->iv_nw_keys[0]; 4409 int error = 1; 4410 4411 for (; wk < &vap->iv_nw_keys[IEEE80211_WEP_NKID] && error; wk++) 4412 if (wk->wk_keyix != IEEE80211_KEYIX_NONE) 4413 error = wpi_load_key(ni, wk); 4414 4415 return !error; 4416} 4417 4418static int 4419wpi_del_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4420{ 4421 struct ieee80211vap *vap = ni->ni_vap; 4422 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4423 struct wpi_node *wn = WPI_NODE(ni); 4424 struct wpi_node_info node; 4425 uint16_t kflags; 4426 int error; 4427 4428 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4429 4430 if (wpi_check_node_entry(sc, wn->id) == 0) { 4431 DPRINTF(sc, WPI_DEBUG_KEY, "%s: node was removed\n", __func__); 4432 return 1; /* Nothing to do. */ 4433 } 4434 4435 kflags = WPI_KFLAG_KID(k->wk_keyix); 4436 if (k->wk_flags & IEEE80211_KEY_GROUP) 4437 kflags |= WPI_KFLAG_MULTICAST; 4438 4439 memset(&node, 0, sizeof node); 4440 node.id = wn->id; 4441 node.control = WPI_NODE_UPDATE; 4442 node.flags = WPI_FLAG_KEY_SET; 4443 node.kflags = htole16(kflags); 4444again: 4445 DPRINTF(sc, WPI_DEBUG_KEY, "%s: deleting %s key %d for node %d (%s)\n", 4446 __func__, (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", 4447 k->wk_keyix, node.id, ether_sprintf(ni->ni_macaddr)); 4448 4449 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4450 if (error != 0) { 4451 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4452 error); 4453 return !error; 4454 } 4455 4456 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4457 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4458 kflags |= WPI_KFLAG_MULTICAST; 4459 node.kflags = htole16(kflags); 4460 4461 goto again; 4462 } 4463 4464 return 1; 4465} 4466 4467static void 4468wpi_del_key_cb(void *arg, struct ieee80211_node *ni) 4469{ 4470 const struct ieee80211_key *k = arg; 4471 struct ieee80211vap *vap = ni->ni_vap; 4472 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4473 struct wpi_node *wn = WPI_NODE(ni); 4474 int error; 4475 4476 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4477 return; 4478 4479 WPI_NT_LOCK(sc); 4480 error = wpi_del_key(ni, k); 4481 WPI_NT_UNLOCK(sc); 4482 4483 if (error == 0) { 4484 device_printf(sc->sc_dev, "%s: error while deleting key\n", 4485 __func__); 4486 } 4487} 4488 4489static int 4490wpi_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k, 4491 int set) 4492{ 4493 struct ieee80211com *ic = vap->iv_ic; 4494 struct wpi_softc *sc = ic->ic_ifp->if_softc; 4495 struct wpi_vap *wvp = WPI_VAP(vap); 4496 struct ieee80211_node *ni; 4497 int error, ni_ref = 0; 4498 4499 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4500 4501 if (k->wk_flags & IEEE80211_KEY_SWCRYPT) { 4502 /* Not for us. */ 4503 return 1; 4504 } 4505 4506 if (!(k->wk_flags & IEEE80211_KEY_RECV)) { 4507 /* XMIT keys are handled in wpi_tx_data(). */ 4508 return 1; 4509 } 4510 4511 /* Handle group keys. */ 4512 if (&vap->iv_nw_keys[0] <= k && 4513 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4514 WPI_NT_LOCK(sc); 4515 if (set) 4516 wvp->wv_gtk |= WPI_VAP_KEY(k->wk_keyix); 4517 else 4518 wvp->wv_gtk &= ~WPI_VAP_KEY(k->wk_keyix); 4519 WPI_NT_UNLOCK(sc); 4520 4521 if (vap->iv_state == IEEE80211_S_RUN) { 4522 ieee80211_iterate_nodes(&ic->ic_sta, 4523 set ? wpi_load_key_cb : wpi_del_key_cb, (void *)k); 4524 } 4525 4526 return 1; 4527 } 4528 4529 switch (vap->iv_opmode) { 4530 case IEEE80211_M_STA: 4531 ni = vap->iv_bss; 4532 break; 4533 4534 case IEEE80211_M_IBSS: 4535 case IEEE80211_M_AHDEMO: 4536 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, k->wk_macaddr); 4537 if (ni == NULL) 4538 return 0; /* should not happen */ 4539 4540 ni_ref = 1; 4541 break; 4542 4543 default: 4544 device_printf(sc->sc_dev, "%s: unknown opmode %d\n", __func__, 4545 vap->iv_opmode); 4546 return 0; 4547 } 4548 4549 WPI_NT_LOCK(sc); 4550 if (set) 4551 error = wpi_load_key(ni, k); 4552 else 4553 error = wpi_del_key(ni, k); 4554 WPI_NT_UNLOCK(sc); 4555 4556 if (ni_ref) 4557 ieee80211_node_decref(ni); 4558 4559 return error; 4560} 4561 4562static int 4563wpi_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k, 4564 const uint8_t mac[IEEE80211_ADDR_LEN]) 4565{ 4566 return wpi_process_key(vap, k, 1); 4567} 4568 4569static int 4570wpi_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 4571{ 4572 return wpi_process_key(vap, k, 0); 4573} 4574 4575/* 4576 * This function is called after the runtime firmware notifies us of its 4577 * readiness (called in a process context). 4578 */ 4579static int 4580wpi_post_alive(struct wpi_softc *sc) 4581{ 4582 int ntries, error; 4583 4584 /* Check (again) that the radio is not disabled. */ 4585 if ((error = wpi_nic_lock(sc)) != 0) 4586 return error; 4587 4588 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4589 4590 /* NB: Runtime firmware must be up and running. */ 4591 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 4592 device_printf(sc->sc_dev, 4593 "RF switch: radio disabled (%s)\n", __func__); 4594 wpi_nic_unlock(sc); 4595 return EPERM; /* :-) */ 4596 } 4597 wpi_nic_unlock(sc); 4598 4599 /* Wait for thermal sensor to calibrate. */ 4600 for (ntries = 0; ntries < 1000; ntries++) { 4601 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 4602 break; 4603 DELAY(10); 4604 } 4605 4606 if (ntries == 1000) { 4607 device_printf(sc->sc_dev, 4608 "timeout waiting for thermal sensor calibration\n"); 4609 return ETIMEDOUT; 4610 } 4611 4612 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d\n", sc->temp); 4613 return 0; 4614} 4615 4616/* 4617 * The firmware boot code is small and is intended to be copied directly into 4618 * the NIC internal memory (no DMA transfer). 4619 */ 4620static int 4621wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 4622{ 4623 int error, ntries; 4624 4625 DPRINTF(sc, WPI_DEBUG_HW, "Loading microcode size 0x%x\n", size); 4626 4627 size /= sizeof (uint32_t); 4628 4629 if ((error = wpi_nic_lock(sc)) != 0) 4630 return error; 4631 4632 /* Copy microcode image into NIC memory. */ 4633 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 4634 (const uint32_t *)ucode, size); 4635 4636 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 4637 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 4638 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 4639 4640 /* Start boot load now. */ 4641 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 4642 4643 /* Wait for transfer to complete. */ 4644 for (ntries = 0; ntries < 1000; ntries++) { 4645 uint32_t status = WPI_READ(sc, WPI_FH_TX_STATUS); 4646 DPRINTF(sc, WPI_DEBUG_HW, 4647 "firmware status=0x%x, val=0x%x, result=0x%x\n", status, 4648 WPI_FH_TX_STATUS_IDLE(6), 4649 status & WPI_FH_TX_STATUS_IDLE(6)); 4650 if (status & WPI_FH_TX_STATUS_IDLE(6)) { 4651 DPRINTF(sc, WPI_DEBUG_HW, 4652 "Status Match! - ntries = %d\n", ntries); 4653 break; 4654 } 4655 DELAY(10); 4656 } 4657 if (ntries == 1000) { 4658 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4659 __func__); 4660 wpi_nic_unlock(sc); 4661 return ETIMEDOUT; 4662 } 4663 4664 /* Enable boot after power up. */ 4665 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 4666 4667 wpi_nic_unlock(sc); 4668 return 0; 4669} 4670 4671static int 4672wpi_load_firmware(struct wpi_softc *sc) 4673{ 4674 struct wpi_fw_info *fw = &sc->fw; 4675 struct wpi_dma_info *dma = &sc->fw_dma; 4676 int error; 4677 4678 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4679 4680 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 4681 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 4682 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4683 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->init.text, fw->init.textsz); 4684 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4685 4686 /* Tell adapter where to find initialization sections. */ 4687 if ((error = wpi_nic_lock(sc)) != 0) 4688 return error; 4689 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4690 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 4691 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4692 dma->paddr + WPI_FW_DATA_MAXSZ); 4693 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 4694 wpi_nic_unlock(sc); 4695 4696 /* Load firmware boot code. */ 4697 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 4698 if (error != 0) { 4699 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4700 __func__); 4701 return error; 4702 } 4703 4704 /* Now press "execute". */ 4705 WPI_WRITE(sc, WPI_RESET, 0); 4706 4707 /* Wait at most one second for first alive notification. */ 4708 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 4709 device_printf(sc->sc_dev, 4710 "%s: timeout waiting for adapter to initialize, error %d\n", 4711 __func__, error); 4712 return error; 4713 } 4714 4715 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 4716 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 4717 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4718 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->main.text, fw->main.textsz); 4719 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4720 4721 /* Tell adapter where to find runtime sections. */ 4722 if ((error = wpi_nic_lock(sc)) != 0) 4723 return error; 4724 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4725 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 4726 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4727 dma->paddr + WPI_FW_DATA_MAXSZ); 4728 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 4729 WPI_FW_UPDATED | fw->main.textsz); 4730 wpi_nic_unlock(sc); 4731 4732 return 0; 4733} 4734 4735static int 4736wpi_read_firmware(struct wpi_softc *sc) 4737{ 4738 const struct firmware *fp; 4739 struct wpi_fw_info *fw = &sc->fw; 4740 const struct wpi_firmware_hdr *hdr; 4741 int error; 4742 4743 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4744 4745 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4746 "Attempting Loading Firmware from %s module\n", WPI_FW_NAME); 4747 4748 WPI_UNLOCK(sc); 4749 fp = firmware_get(WPI_FW_NAME); 4750 WPI_LOCK(sc); 4751 4752 if (fp == NULL) { 4753 device_printf(sc->sc_dev, 4754 "could not load firmware image '%s'\n", WPI_FW_NAME); 4755 return EINVAL; 4756 } 4757 4758 sc->fw_fp = fp; 4759 4760 if (fp->datasize < sizeof (struct wpi_firmware_hdr)) { 4761 device_printf(sc->sc_dev, 4762 "firmware file too short: %zu bytes\n", fp->datasize); 4763 error = EINVAL; 4764 goto fail; 4765 } 4766 4767 fw->size = fp->datasize; 4768 fw->data = (const uint8_t *)fp->data; 4769 4770 /* Extract firmware header information. */ 4771 hdr = (const struct wpi_firmware_hdr *)fw->data; 4772 4773 /* | RUNTIME FIRMWARE | INIT FIRMWARE | BOOT FW | 4774 |HDR|<--TEXT-->|<--DATA-->|<--TEXT-->|<--DATA-->|<--TEXT-->| */ 4775 4776 fw->main.textsz = le32toh(hdr->rtextsz); 4777 fw->main.datasz = le32toh(hdr->rdatasz); 4778 fw->init.textsz = le32toh(hdr->itextsz); 4779 fw->init.datasz = le32toh(hdr->idatasz); 4780 fw->boot.textsz = le32toh(hdr->btextsz); 4781 fw->boot.datasz = 0; 4782 4783 /* Sanity-check firmware header. */ 4784 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 4785 fw->main.datasz > WPI_FW_DATA_MAXSZ || 4786 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 4787 fw->init.datasz > WPI_FW_DATA_MAXSZ || 4788 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 4789 (fw->boot.textsz & 3) != 0) { 4790 device_printf(sc->sc_dev, "invalid firmware header\n"); 4791 error = EINVAL; 4792 goto fail; 4793 } 4794 4795 /* Check that all firmware sections fit. */ 4796 if (fw->size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 4797 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 4798 device_printf(sc->sc_dev, 4799 "firmware file too short: %zu bytes\n", fw->size); 4800 error = EINVAL; 4801 goto fail; 4802 } 4803 4804 /* Get pointers to firmware sections. */ 4805 fw->main.text = (const uint8_t *)(hdr + 1); 4806 fw->main.data = fw->main.text + fw->main.textsz; 4807 fw->init.text = fw->main.data + fw->main.datasz; 4808 fw->init.data = fw->init.text + fw->init.textsz; 4809 fw->boot.text = fw->init.data + fw->init.datasz; 4810 4811 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4812 "Firmware Version: Major %d, Minor %d, Driver %d, \n" 4813 "runtime (text: %u, data: %u) init (text: %u, data %u) " 4814 "boot (text %u)\n", hdr->major, hdr->minor, le32toh(hdr->driver), 4815 fw->main.textsz, fw->main.datasz, 4816 fw->init.textsz, fw->init.datasz, fw->boot.textsz); 4817 4818 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.text %p\n", fw->main.text); 4819 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.data %p\n", fw->main.data); 4820 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.text %p\n", fw->init.text); 4821 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.data %p\n", fw->init.data); 4822 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->boot.text %p\n", fw->boot.text); 4823 4824 return 0; 4825 4826fail: wpi_unload_firmware(sc); 4827 return error; 4828} 4829 4830/** 4831 * Free the referenced firmware image 4832 */ 4833static void 4834wpi_unload_firmware(struct wpi_softc *sc) 4835{ 4836 if (sc->fw_fp != NULL) { 4837 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD); 4838 sc->fw_fp = NULL; 4839 } 4840} 4841 4842static int 4843wpi_clock_wait(struct wpi_softc *sc) 4844{ 4845 int ntries; 4846 4847 /* Set "initialization complete" bit. */ 4848 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 4849 4850 /* Wait for clock stabilization. */ 4851 for (ntries = 0; ntries < 2500; ntries++) { 4852 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 4853 return 0; 4854 DELAY(100); 4855 } 4856 device_printf(sc->sc_dev, 4857 "%s: timeout waiting for clock stabilization\n", __func__); 4858 4859 return ETIMEDOUT; 4860} 4861 4862static int 4863wpi_apm_init(struct wpi_softc *sc) 4864{ 4865 uint32_t reg; 4866 int error; 4867 4868 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4869 4870 /* Disable L0s exit timer (NMI bug workaround). */ 4871 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_DIS_L0S_TIMER); 4872 /* Don't wait for ICH L0s (ICH bug workaround). */ 4873 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 4874 4875 /* Set FH wait threshold to max (HW bug under stress workaround). */ 4876 WPI_SETBITS(sc, WPI_DBG_HPET_MEM, 0xffff0000); 4877 4878 /* Cleanup. */ 4879 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 0x00000400); 4880 wpi_prph_clrbits(sc, WPI_APMG_PS, 0x00000E00); 4881 4882 /* Retrieve PCIe Active State Power Management (ASPM). */ 4883 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 4884 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */ 4885 if (reg & 0x02) /* L1 Entry enabled. */ 4886 WPI_SETBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4887 else 4888 WPI_CLRBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4889 4890 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 4891 4892 /* Wait for clock stabilization before accessing prph. */ 4893 if ((error = wpi_clock_wait(sc)) != 0) 4894 return error; 4895 4896 if ((error = wpi_nic_lock(sc)) != 0) 4897 return error; 4898 /* Enable DMA and BSM (Bootstrap State Machine). */ 4899 wpi_prph_write(sc, WPI_APMG_CLK_EN, 4900 WPI_APMG_CLK_CTRL_DMA_CLK_RQT | WPI_APMG_CLK_CTRL_BSM_CLK_RQT); 4901 DELAY(20); 4902 /* Disable L1-Active. */ 4903 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 4904 wpi_nic_unlock(sc); 4905 4906 return 0; 4907} 4908 4909static void 4910wpi_apm_stop_master(struct wpi_softc *sc) 4911{ 4912 int ntries; 4913 4914 /* Stop busmaster DMA activity. */ 4915 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 4916 4917 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 4918 WPI_GP_CNTRL_MAC_PS) 4919 return; /* Already asleep. */ 4920 4921 for (ntries = 0; ntries < 100; ntries++) { 4922 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 4923 return; 4924 DELAY(10); 4925 } 4926 device_printf(sc->sc_dev, "%s: timeout waiting for master\n", 4927 __func__); 4928} 4929 4930static void 4931wpi_apm_stop(struct wpi_softc *sc) 4932{ 4933 wpi_apm_stop_master(sc); 4934 4935 /* Reset the entire device. */ 4936 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 4937 DELAY(10); 4938 /* Clear "initialization complete" bit. */ 4939 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 4940} 4941 4942static void 4943wpi_nic_config(struct wpi_softc *sc) 4944{ 4945 uint32_t rev; 4946 4947 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4948 4949 /* voodoo from the Linux "driver".. */ 4950 rev = pci_read_config(sc->sc_dev, PCIR_REVID, 1); 4951 if ((rev & 0xc0) == 0x40) 4952 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 4953 else if (!(rev & 0x80)) 4954 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 4955 4956 if (sc->cap == 0x80) 4957 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 4958 4959 if ((sc->rev & 0xf0) == 0xd0) 4960 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 4961 else 4962 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 4963 4964 if (sc->type > 1) 4965 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 4966} 4967 4968static int 4969wpi_hw_init(struct wpi_softc *sc) 4970{ 4971 int chnl, ntries, error; 4972 4973 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4974 4975 /* Clear pending interrupts. */ 4976 WPI_WRITE(sc, WPI_INT, 0xffffffff); 4977 4978 if ((error = wpi_apm_init(sc)) != 0) { 4979 device_printf(sc->sc_dev, 4980 "%s: could not power ON adapter, error %d\n", __func__, 4981 error); 4982 return error; 4983 } 4984 4985 /* Select VMAIN power source. */ 4986 if ((error = wpi_nic_lock(sc)) != 0) 4987 return error; 4988 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 4989 wpi_nic_unlock(sc); 4990 /* Spin until VMAIN gets selected. */ 4991 for (ntries = 0; ntries < 5000; ntries++) { 4992 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 4993 break; 4994 DELAY(10); 4995 } 4996 if (ntries == 5000) { 4997 device_printf(sc->sc_dev, "timeout selecting power source\n"); 4998 return ETIMEDOUT; 4999 } 5000 5001 /* Perform adapter initialization. */ 5002 wpi_nic_config(sc); 5003 5004 /* Initialize RX ring. */ 5005 if ((error = wpi_nic_lock(sc)) != 0) 5006 return error; 5007 /* Set physical address of RX ring. */ 5008 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 5009 /* Set physical address of RX read pointer. */ 5010 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 5011 offsetof(struct wpi_shared, next)); 5012 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 5013 /* Enable RX. */ 5014 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 5015 WPI_FH_RX_CONFIG_DMA_ENA | 5016 WPI_FH_RX_CONFIG_RDRBD_ENA | 5017 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 5018 WPI_FH_RX_CONFIG_MAXFRAG | 5019 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 5020 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 5021 WPI_FH_RX_CONFIG_IRQ_TIMEOUT(1)); 5022 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 5023 wpi_nic_unlock(sc); 5024 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 5025 5026 /* Initialize TX rings. */ 5027 if ((error = wpi_nic_lock(sc)) != 0) 5028 return error; 5029 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 5030 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 5031 /* Enable all 6 TX rings. */ 5032 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 5033 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 5034 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 5035 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 5036 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 5037 /* Set physical address of TX rings. */ 5038 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 5039 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 5040 5041 /* Enable all DMA channels. */ 5042 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5043 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 5044 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 5045 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 5046 } 5047 wpi_nic_unlock(sc); 5048 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 5049 5050 /* Clear "radio off" and "commands blocked" bits. */ 5051 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5052 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 5053 5054 /* Clear pending interrupts. */ 5055 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5056 /* Enable interrupts. */ 5057 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 5058 5059 /* _Really_ make sure "radio off" bit is cleared! */ 5060 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5061 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5062 5063 if ((error = wpi_load_firmware(sc)) != 0) { 5064 device_printf(sc->sc_dev, 5065 "%s: could not load firmware, error %d\n", __func__, 5066 error); 5067 return error; 5068 } 5069 /* Wait at most one second for firmware alive notification. */ 5070 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 5071 device_printf(sc->sc_dev, 5072 "%s: timeout waiting for adapter to initialize, error %d\n", 5073 __func__, error); 5074 return error; 5075 } 5076 5077 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5078 5079 /* Do post-firmware initialization. */ 5080 return wpi_post_alive(sc); 5081} 5082 5083static void 5084wpi_hw_stop(struct wpi_softc *sc) 5085{ 5086 int chnl, qid, ntries; 5087 5088 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5089 5090 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) 5091 wpi_nic_lock(sc); 5092 5093 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 5094 5095 /* Disable interrupts. */ 5096 WPI_WRITE(sc, WPI_INT_MASK, 0); 5097 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5098 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 5099 5100 /* Make sure we no longer hold the NIC lock. */ 5101 wpi_nic_unlock(sc); 5102 5103 if (wpi_nic_lock(sc) == 0) { 5104 /* Stop TX scheduler. */ 5105 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 5106 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 5107 5108 /* Stop all DMA channels. */ 5109 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5110 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 5111 for (ntries = 0; ntries < 200; ntries++) { 5112 if (WPI_READ(sc, WPI_FH_TX_STATUS) & 5113 WPI_FH_TX_STATUS_IDLE(chnl)) 5114 break; 5115 DELAY(10); 5116 } 5117 } 5118 wpi_nic_unlock(sc); 5119 } 5120 5121 /* Stop RX ring. */ 5122 wpi_reset_rx_ring(sc); 5123 5124 /* Reset all TX rings. */ 5125 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 5126 wpi_reset_tx_ring(sc, &sc->txq[qid]); 5127 5128 if (wpi_nic_lock(sc) == 0) { 5129 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 5130 WPI_APMG_CLK_CTRL_DMA_CLK_RQT); 5131 wpi_nic_unlock(sc); 5132 } 5133 DELAY(5); 5134 /* Power OFF adapter. */ 5135 wpi_apm_stop(sc); 5136} 5137 5138static void 5139wpi_radio_on(void *arg0, int pending) 5140{ 5141 struct wpi_softc *sc = arg0; 5142 struct ifnet *ifp = sc->sc_ifp; 5143 struct ieee80211com *ic = ifp->if_l2com; 5144 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5145 5146 device_printf(sc->sc_dev, "RF switch: radio enabled\n"); 5147 5148 if (vap != NULL) { 5149 wpi_init(sc); 5150 ieee80211_init(vap); 5151 } 5152 5153 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL) { 5154 WPI_LOCK(sc); 5155 callout_stop(&sc->watchdog_rfkill); 5156 WPI_UNLOCK(sc); 5157 } 5158} 5159 5160static void 5161wpi_radio_off(void *arg0, int pending) 5162{ 5163 struct wpi_softc *sc = arg0; 5164 struct ifnet *ifp = sc->sc_ifp; 5165 struct ieee80211com *ic = ifp->if_l2com; 5166 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5167 5168 device_printf(sc->sc_dev, "RF switch: radio disabled\n"); 5169 5170 wpi_stop(sc); 5171 if (vap != NULL) 5172 ieee80211_stop(vap); 5173 5174 WPI_LOCK(sc); 5175 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, sc); 5176 WPI_UNLOCK(sc); 5177} 5178 5179static void 5180wpi_init(void *arg) 5181{ 5182 struct wpi_softc *sc = arg; 5183 struct ifnet *ifp = sc->sc_ifp; 5184 struct ieee80211com *ic = ifp->if_l2com; 5185 int error; 5186 5187 WPI_LOCK(sc); 5188 5189 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 5190 5191 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) 5192 goto end; 5193 5194 /* Check that the radio is not disabled by hardware switch. */ 5195 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 5196 device_printf(sc->sc_dev, 5197 "RF switch: radio disabled (%s)\n", __func__); 5198 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 5199 sc); 5200 goto end; 5201 } 5202 5203 /* Read firmware images from the filesystem. */ 5204 if ((error = wpi_read_firmware(sc)) != 0) { 5205 device_printf(sc->sc_dev, 5206 "%s: could not read firmware, error %d\n", __func__, 5207 error); 5208 goto fail; 5209 } 5210 5211 /* Initialize hardware and upload firmware. */ 5212 error = wpi_hw_init(sc); 5213 wpi_unload_firmware(sc); 5214 if (error != 0) { 5215 device_printf(sc->sc_dev, 5216 "%s: could not initialize hardware, error %d\n", __func__, 5217 error); 5218 goto fail; 5219 } 5220 5221 /* Configure adapter now that it is ready. */ 5222 sc->txq_active = 1; 5223 if ((error = wpi_config(sc)) != 0) { 5224 device_printf(sc->sc_dev, 5225 "%s: could not configure device, error %d\n", __func__, 5226 error); 5227 goto fail; 5228 } 5229 5230 IF_LOCK(&ifp->if_snd); 5231 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 5232 ifp->if_drv_flags |= IFF_DRV_RUNNING; 5233 IF_UNLOCK(&ifp->if_snd); 5234 5235 callout_reset(&sc->watchdog_to, hz, wpi_watchdog, sc); 5236 5237 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5238 5239 WPI_UNLOCK(sc); 5240 5241 ieee80211_start_all(ic); 5242 5243 return; 5244 5245fail: wpi_stop_locked(sc); 5246end: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 5247 WPI_UNLOCK(sc); 5248} 5249 5250static void 5251wpi_stop_locked(struct wpi_softc *sc) 5252{ 5253 struct ifnet *ifp = sc->sc_ifp; 5254 5255 WPI_LOCK_ASSERT(sc); 5256 5257 WPI_TXQ_LOCK(sc); 5258 sc->txq_active = 0; 5259 WPI_TXQ_UNLOCK(sc); 5260 5261 sc->sc_scan_timer = 0; 5262 sc->sc_tx_timer = 0; 5263 callout_stop(&sc->watchdog_to); 5264 callout_stop(&sc->calib_to); 5265 5266 IF_LOCK(&ifp->if_snd); 5267 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 5268 IF_UNLOCK(&ifp->if_snd); 5269 5270 /* Power OFF hardware. */ 5271 wpi_hw_stop(sc); 5272} 5273 5274static void 5275wpi_stop(struct wpi_softc *sc) 5276{ 5277 WPI_LOCK(sc); 5278 wpi_stop_locked(sc); 5279 WPI_UNLOCK(sc); 5280} 5281 5282/* 5283 * Callback from net80211 to start a scan. 5284 */ 5285static void 5286wpi_scan_start(struct ieee80211com *ic) 5287{ 5288 struct wpi_softc *sc = ic->ic_ifp->if_softc; 5289 5290 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 5291} 5292 5293/* 5294 * Callback from net80211 to terminate a scan. 5295 */ 5296static void 5297wpi_scan_end(struct ieee80211com *ic) 5298{ 5299 struct ifnet *ifp = ic->ic_ifp; 5300 struct wpi_softc *sc = ifp->if_softc; 5301 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5302 5303 if (vap->iv_state == IEEE80211_S_RUN) 5304 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 5305} 5306 5307/** 5308 * Called by the net80211 framework to indicate to the driver 5309 * that the channel should be changed 5310 */ 5311static void 5312wpi_set_channel(struct ieee80211com *ic) 5313{ 5314 const struct ieee80211_channel *c = ic->ic_curchan; 5315 struct ifnet *ifp = ic->ic_ifp; 5316 struct wpi_softc *sc = ifp->if_softc; 5317 int error; 5318 5319 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5320 5321 WPI_LOCK(sc); 5322 sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq); 5323 sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags); 5324 sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq); 5325 sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags); 5326 5327 /* 5328 * Only need to set the channel in Monitor mode. AP scanning and auth 5329 * are already taken care of by their respective firmware commands. 5330 */ 5331 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 5332 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 5333 if (IEEE80211_IS_CHAN_2GHZ(c)) { 5334 sc->rxon.flags |= htole32(WPI_RXON_AUTO | 5335 WPI_RXON_24GHZ); 5336 } else { 5337 sc->rxon.flags &= ~htole32(WPI_RXON_AUTO | 5338 WPI_RXON_24GHZ); 5339 } 5340 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) 5341 device_printf(sc->sc_dev, 5342 "%s: error %d setting channel\n", __func__, 5343 error); 5344 } 5345 WPI_UNLOCK(sc); 5346} 5347 5348/** 5349 * Called by net80211 to indicate that we need to scan the current 5350 * channel. The channel is previously be set via the wpi_set_channel 5351 * callback. 5352 */ 5353static void 5354wpi_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 5355{ 5356 struct ieee80211vap *vap = ss->ss_vap; 5357 struct ieee80211com *ic = vap->iv_ic; 5358 struct wpi_softc *sc = ic->ic_ifp->if_softc; 5359 int error; 5360 5361 if (sc->rxon.chan != ieee80211_chan2ieee(ic, ic->ic_curchan)) { 5362 WPI_LOCK(sc); 5363 error = wpi_scan(sc, ic->ic_curchan); 5364 WPI_UNLOCK(sc); 5365 if (error != 0) 5366 ieee80211_cancel_scan(vap); 5367 } else { 5368 /* Send probe request when associated. */ 5369 sc->sc_scan_curchan(ss, maxdwell); 5370 } 5371} 5372 5373/** 5374 * Called by the net80211 framework to indicate 5375 * the minimum dwell time has been met, terminate the scan. 5376 * We don't actually terminate the scan as the firmware will notify 5377 * us when it's finished and we have no way to interrupt it. 5378 */ 5379static void 5380wpi_scan_mindwell(struct ieee80211_scan_state *ss) 5381{ 5382 /* NB: don't try to abort scan; wait for firmware to finish */ 5383} 5384 5385static void 5386wpi_hw_reset(void *arg, int pending) 5387{ 5388 struct wpi_softc *sc = arg; 5389 struct ifnet *ifp = sc->sc_ifp; 5390 struct ieee80211com *ic = ifp->if_l2com; 5391 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5392 5393 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5394 5395 wpi_stop(sc); 5396 if (vap != NULL) 5397 ieee80211_stop(vap); 5398 wpi_init(sc); 5399 if (vap != NULL) 5400 ieee80211_init(vap); 5401} 5402