if_wpi.c revision 280111
1/*- 2 * Copyright (c) 2006,2007 3 * Damien Bergamini <damien.bergamini@free.fr> 4 * Benjamin Close <Benjamin.Close@clearchain.com> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/cdefs.h> 20__FBSDID("$FreeBSD: head/sys/dev/wpi/if_wpi.c 280111 2015-03-15 21:24:11Z adrian $"); 21 22/* 23 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 24 * 25 * The 3945ABG network adapter doesn't use traditional hardware as 26 * many other adaptors do. Instead at run time the eeprom is set into a known 27 * state and told to load boot firmware. The boot firmware loads an init and a 28 * main binary firmware image into SRAM on the card via DMA. 29 * Once the firmware is loaded, the driver/hw then 30 * communicate by way of circular dma rings via the SRAM to the firmware. 31 * 32 * There is 6 memory rings. 1 command ring, 1 rx data ring & 4 tx data rings. 33 * The 4 tx data rings allow for prioritization QoS. 34 * 35 * The rx data ring consists of 32 dma buffers. Two registers are used to 36 * indicate where in the ring the driver and the firmware are up to. The 37 * driver sets the initial read index (reg1) and the initial write index (reg2), 38 * the firmware updates the read index (reg1) on rx of a packet and fires an 39 * interrupt. The driver then processes the buffers starting at reg1 indicating 40 * to the firmware which buffers have been accessed by updating reg2. At the 41 * same time allocating new memory for the processed buffer. 42 * 43 * A similar thing happens with the tx rings. The difference is the firmware 44 * stop processing buffers once the queue is full and until confirmation 45 * of a successful transmition (tx_done) has occurred. 46 * 47 * The command ring operates in the same manner as the tx queues. 48 * 49 * All communication direct to the card (ie eeprom) is classed as Stage1 50 * communication 51 * 52 * All communication via the firmware to the card is classed as State2. 53 * The firmware consists of 2 parts. A bootstrap firmware and a runtime 54 * firmware. The bootstrap firmware and runtime firmware are loaded 55 * from host memory via dma to the card then told to execute. From this point 56 * on the majority of communications between the driver and the card goes 57 * via the firmware. 58 */ 59 60#include "opt_wlan.h" 61#include "opt_wpi.h" 62 63#include <sys/param.h> 64#include <sys/sysctl.h> 65#include <sys/sockio.h> 66#include <sys/mbuf.h> 67#include <sys/kernel.h> 68#include <sys/socket.h> 69#include <sys/systm.h> 70#include <sys/malloc.h> 71#include <sys/queue.h> 72#include <sys/taskqueue.h> 73#include <sys/module.h> 74#include <sys/bus.h> 75#include <sys/endian.h> 76#include <sys/linker.h> 77#include <sys/firmware.h> 78 79#include <machine/bus.h> 80#include <machine/resource.h> 81#include <sys/rman.h> 82 83#include <dev/pci/pcireg.h> 84#include <dev/pci/pcivar.h> 85 86#include <net/bpf.h> 87#include <net/if.h> 88#include <net/if_var.h> 89#include <net/if_arp.h> 90#include <net/ethernet.h> 91#include <net/if_dl.h> 92#include <net/if_media.h> 93#include <net/if_types.h> 94 95#include <netinet/in.h> 96#include <netinet/in_systm.h> 97#include <netinet/in_var.h> 98#include <netinet/if_ether.h> 99#include <netinet/ip.h> 100 101#include <net80211/ieee80211_var.h> 102#include <net80211/ieee80211_radiotap.h> 103#include <net80211/ieee80211_regdomain.h> 104#include <net80211/ieee80211_ratectl.h> 105 106#include <dev/wpi/if_wpireg.h> 107#include <dev/wpi/if_wpivar.h> 108#include <dev/wpi/if_wpi_debug.h> 109 110struct wpi_ident { 111 uint16_t vendor; 112 uint16_t device; 113 uint16_t subdevice; 114 const char *name; 115}; 116 117static const struct wpi_ident wpi_ident_table[] = { 118 /* The below entries support ABG regardless of the subid */ 119 { 0x8086, 0x4222, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 120 { 0x8086, 0x4227, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 121 /* The below entries only support BG */ 122 { 0x8086, 0x4222, 0x1005, "Intel(R) PRO/Wireless 3945BG" }, 123 { 0x8086, 0x4222, 0x1034, "Intel(R) PRO/Wireless 3945BG" }, 124 { 0x8086, 0x4227, 0x1014, "Intel(R) PRO/Wireless 3945BG" }, 125 { 0x8086, 0x4222, 0x1044, "Intel(R) PRO/Wireless 3945BG" }, 126 { 0, 0, 0, NULL } 127}; 128 129static int wpi_probe(device_t); 130static int wpi_attach(device_t); 131static void wpi_radiotap_attach(struct wpi_softc *); 132static void wpi_sysctlattach(struct wpi_softc *); 133static void wpi_init_beacon(struct wpi_vap *); 134static struct ieee80211vap *wpi_vap_create(struct ieee80211com *, 135 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 136 const uint8_t [IEEE80211_ADDR_LEN], 137 const uint8_t [IEEE80211_ADDR_LEN]); 138static void wpi_vap_delete(struct ieee80211vap *); 139static int wpi_detach(device_t); 140static int wpi_shutdown(device_t); 141static int wpi_suspend(device_t); 142static int wpi_resume(device_t); 143static int wpi_nic_lock(struct wpi_softc *); 144static int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 145static void wpi_dma_map_addr(void *, bus_dma_segment_t *, int, int); 146static int wpi_dma_contig_alloc(struct wpi_softc *, struct wpi_dma_info *, 147 void **, bus_size_t, bus_size_t); 148static void wpi_dma_contig_free(struct wpi_dma_info *); 149static int wpi_alloc_shared(struct wpi_softc *); 150static void wpi_free_shared(struct wpi_softc *); 151static int wpi_alloc_fwmem(struct wpi_softc *); 152static void wpi_free_fwmem(struct wpi_softc *); 153static int wpi_alloc_rx_ring(struct wpi_softc *); 154static void wpi_update_rx_ring(struct wpi_softc *); 155static void wpi_reset_rx_ring(struct wpi_softc *); 156static void wpi_free_rx_ring(struct wpi_softc *); 157static int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 158 int); 159static void wpi_update_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 160static void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 161static void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 162static int wpi_read_eeprom(struct wpi_softc *, 163 uint8_t macaddr[IEEE80211_ADDR_LEN]); 164static uint32_t wpi_eeprom_channel_flags(struct wpi_eeprom_chan *); 165static void wpi_read_eeprom_band(struct wpi_softc *, int); 166static int wpi_read_eeprom_channels(struct wpi_softc *, int); 167static struct wpi_eeprom_chan *wpi_find_eeprom_channel(struct wpi_softc *, 168 struct ieee80211_channel *); 169static int wpi_setregdomain(struct ieee80211com *, 170 struct ieee80211_regdomain *, int, 171 struct ieee80211_channel[]); 172static int wpi_read_eeprom_group(struct wpi_softc *, int); 173static int wpi_add_node_entry_adhoc(struct wpi_softc *); 174static void wpi_node_free(struct ieee80211_node *); 175static struct ieee80211_node *wpi_node_alloc(struct ieee80211vap *, 176 const uint8_t mac[IEEE80211_ADDR_LEN]); 177static int wpi_newstate(struct ieee80211vap *, enum ieee80211_state, int); 178static void wpi_calib_timeout(void *); 179static void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 180 struct wpi_rx_data *); 181static void wpi_rx_statistics(struct wpi_softc *, struct wpi_rx_desc *, 182 struct wpi_rx_data *); 183static void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 184static void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 185static void wpi_notif_intr(struct wpi_softc *); 186static void wpi_wakeup_intr(struct wpi_softc *); 187#ifdef WPI_DEBUG 188static void wpi_debug_registers(struct wpi_softc *); 189#endif 190static void wpi_fatal_intr(struct wpi_softc *); 191static void wpi_intr(void *); 192static int wpi_cmd2(struct wpi_softc *, struct wpi_buf *); 193static int wpi_tx_data(struct wpi_softc *, struct mbuf *, 194 struct ieee80211_node *); 195static int wpi_tx_data_raw(struct wpi_softc *, struct mbuf *, 196 struct ieee80211_node *, 197 const struct ieee80211_bpf_params *); 198static int wpi_raw_xmit(struct ieee80211_node *, struct mbuf *, 199 const struct ieee80211_bpf_params *); 200static void wpi_start(struct ifnet *); 201static void wpi_start_task(void *, int); 202static void wpi_watchdog_rfkill(void *); 203static void wpi_scan_timeout(void *); 204static void wpi_tx_timeout(void *); 205static int wpi_ioctl(struct ifnet *, u_long, caddr_t); 206static int wpi_cmd(struct wpi_softc *, int, const void *, size_t, int); 207static int wpi_mrr_setup(struct wpi_softc *); 208static int wpi_add_node(struct wpi_softc *, struct ieee80211_node *); 209static int wpi_add_broadcast_node(struct wpi_softc *, int); 210static int wpi_add_ibss_node(struct wpi_softc *, struct ieee80211_node *); 211static void wpi_del_node(struct wpi_softc *, struct ieee80211_node *); 212static int wpi_updateedca(struct ieee80211com *); 213static void wpi_set_promisc(struct wpi_softc *); 214static void wpi_update_promisc(struct ifnet *); 215static void wpi_update_mcast(struct ifnet *); 216static void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 217static int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 218static void wpi_power_calibration(struct wpi_softc *); 219static int wpi_set_txpower(struct wpi_softc *, int); 220static int wpi_get_power_index(struct wpi_softc *, 221 struct wpi_power_group *, struct ieee80211_channel *, int); 222static int wpi_set_pslevel(struct wpi_softc *, uint8_t, int, int); 223static int wpi_send_btcoex(struct wpi_softc *); 224static int wpi_send_rxon(struct wpi_softc *, int, int); 225static int wpi_config(struct wpi_softc *); 226static uint16_t wpi_get_active_dwell_time(struct wpi_softc *, 227 struct ieee80211_channel *, uint8_t); 228static uint16_t wpi_limit_dwell(struct wpi_softc *, uint16_t); 229static uint16_t wpi_get_passive_dwell_time(struct wpi_softc *, 230 struct ieee80211_channel *); 231static int wpi_scan(struct wpi_softc *, struct ieee80211_channel *); 232static int wpi_auth(struct wpi_softc *, struct ieee80211vap *); 233static int wpi_config_beacon(struct wpi_vap *); 234static int wpi_setup_beacon(struct wpi_softc *, struct ieee80211_node *); 235static void wpi_update_beacon(struct ieee80211vap *, int); 236static void wpi_newassoc(struct ieee80211_node *, int); 237static int wpi_run(struct wpi_softc *, struct ieee80211vap *); 238static int wpi_load_key(struct ieee80211_node *, 239 const struct ieee80211_key *); 240static void wpi_load_key_cb(void *, struct ieee80211_node *); 241static int wpi_set_global_keys(struct ieee80211_node *); 242static int wpi_del_key(struct ieee80211_node *, 243 const struct ieee80211_key *); 244static void wpi_del_key_cb(void *, struct ieee80211_node *); 245static int wpi_process_key(struct ieee80211vap *, 246 const struct ieee80211_key *, int); 247static int wpi_key_set(struct ieee80211vap *, 248 const struct ieee80211_key *, 249 const uint8_t mac[IEEE80211_ADDR_LEN]); 250static int wpi_key_delete(struct ieee80211vap *, 251 const struct ieee80211_key *); 252static int wpi_post_alive(struct wpi_softc *); 253static int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 254static int wpi_load_firmware(struct wpi_softc *); 255static int wpi_read_firmware(struct wpi_softc *); 256static void wpi_unload_firmware(struct wpi_softc *); 257static int wpi_clock_wait(struct wpi_softc *); 258static int wpi_apm_init(struct wpi_softc *); 259static void wpi_apm_stop_master(struct wpi_softc *); 260static void wpi_apm_stop(struct wpi_softc *); 261static void wpi_nic_config(struct wpi_softc *); 262static int wpi_hw_init(struct wpi_softc *); 263static void wpi_hw_stop(struct wpi_softc *); 264static void wpi_radio_on(void *, int); 265static void wpi_radio_off(void *, int); 266static void wpi_init(void *); 267static void wpi_stop_locked(struct wpi_softc *); 268static void wpi_stop(struct wpi_softc *); 269static void wpi_scan_start(struct ieee80211com *); 270static void wpi_scan_end(struct ieee80211com *); 271static void wpi_set_channel(struct ieee80211com *); 272static void wpi_scan_curchan(struct ieee80211_scan_state *, unsigned long); 273static void wpi_scan_mindwell(struct ieee80211_scan_state *); 274static void wpi_hw_reset(void *, int); 275 276static device_method_t wpi_methods[] = { 277 /* Device interface */ 278 DEVMETHOD(device_probe, wpi_probe), 279 DEVMETHOD(device_attach, wpi_attach), 280 DEVMETHOD(device_detach, wpi_detach), 281 DEVMETHOD(device_shutdown, wpi_shutdown), 282 DEVMETHOD(device_suspend, wpi_suspend), 283 DEVMETHOD(device_resume, wpi_resume), 284 285 DEVMETHOD_END 286}; 287 288static driver_t wpi_driver = { 289 "wpi", 290 wpi_methods, 291 sizeof (struct wpi_softc) 292}; 293static devclass_t wpi_devclass; 294 295DRIVER_MODULE(wpi, pci, wpi_driver, wpi_devclass, NULL, NULL); 296 297MODULE_VERSION(wpi, 1); 298 299MODULE_DEPEND(wpi, pci, 1, 1, 1); 300MODULE_DEPEND(wpi, wlan, 1, 1, 1); 301MODULE_DEPEND(wpi, firmware, 1, 1, 1); 302 303static int 304wpi_probe(device_t dev) 305{ 306 const struct wpi_ident *ident; 307 308 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 309 if (pci_get_vendor(dev) == ident->vendor && 310 pci_get_device(dev) == ident->device) { 311 device_set_desc(dev, ident->name); 312 return (BUS_PROBE_DEFAULT); 313 } 314 } 315 return ENXIO; 316} 317 318static int 319wpi_attach(device_t dev) 320{ 321 struct wpi_softc *sc = (struct wpi_softc *)device_get_softc(dev); 322 struct ieee80211com *ic; 323 struct ifnet *ifp; 324 int i, error, rid; 325#ifdef WPI_DEBUG 326 int supportsa = 1; 327 const struct wpi_ident *ident; 328#endif 329 uint8_t macaddr[IEEE80211_ADDR_LEN]; 330 331 sc->sc_dev = dev; 332 333#ifdef WPI_DEBUG 334 error = resource_int_value(device_get_name(sc->sc_dev), 335 device_get_unit(sc->sc_dev), "debug", &(sc->sc_debug)); 336 if (error != 0) 337 sc->sc_debug = 0; 338#else 339 sc->sc_debug = 0; 340#endif 341 342 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 343 344 /* 345 * Get the offset of the PCI Express Capability Structure in PCI 346 * Configuration Space. 347 */ 348 error = pci_find_cap(dev, PCIY_EXPRESS, &sc->sc_cap_off); 349 if (error != 0) { 350 device_printf(dev, "PCIe capability structure not found!\n"); 351 return error; 352 } 353 354 /* 355 * Some card's only support 802.11b/g not a, check to see if 356 * this is one such card. A 0x0 in the subdevice table indicates 357 * the entire subdevice range is to be ignored. 358 */ 359#ifdef WPI_DEBUG 360 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 361 if (ident->subdevice && 362 pci_get_subdevice(dev) == ident->subdevice) { 363 supportsa = 0; 364 break; 365 } 366 } 367#endif 368 369 /* Clear device-specific "PCI retry timeout" register (41h). */ 370 pci_write_config(dev, 0x41, 0, 1); 371 372 /* Enable bus-mastering. */ 373 pci_enable_busmaster(dev); 374 375 rid = PCIR_BAR(0); 376 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 377 RF_ACTIVE); 378 if (sc->mem == NULL) { 379 device_printf(dev, "can't map mem space\n"); 380 return ENOMEM; 381 } 382 sc->sc_st = rman_get_bustag(sc->mem); 383 sc->sc_sh = rman_get_bushandle(sc->mem); 384 385 i = 1; 386 rid = 0; 387 if (pci_alloc_msi(dev, &i) == 0) 388 rid = 1; 389 /* Install interrupt handler. */ 390 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 391 (rid != 0 ? 0 : RF_SHAREABLE)); 392 if (sc->irq == NULL) { 393 device_printf(dev, "can't map interrupt\n"); 394 error = ENOMEM; 395 goto fail; 396 } 397 398 WPI_LOCK_INIT(sc); 399 WPI_RXON_LOCK_INIT(sc); 400 WPI_NT_LOCK_INIT(sc); 401 WPI_TXQ_LOCK_INIT(sc); 402 403 /* Allocate DMA memory for firmware transfers. */ 404 if ((error = wpi_alloc_fwmem(sc)) != 0) { 405 device_printf(dev, 406 "could not allocate memory for firmware, error %d\n", 407 error); 408 goto fail; 409 } 410 411 /* Allocate shared page. */ 412 if ((error = wpi_alloc_shared(sc)) != 0) { 413 device_printf(dev, "could not allocate shared page\n"); 414 goto fail; 415 } 416 417 /* Allocate TX rings - 4 for QoS purposes, 1 for commands. */ 418 for (i = 0; i < WPI_NTXQUEUES; i++) { 419 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 420 device_printf(dev, 421 "could not allocate TX ring %d, error %d\n", i, 422 error); 423 goto fail; 424 } 425 } 426 427 /* Allocate RX ring. */ 428 if ((error = wpi_alloc_rx_ring(sc)) != 0) { 429 device_printf(dev, "could not allocate RX ring, error %d\n", 430 error); 431 goto fail; 432 } 433 434 /* Clear pending interrupts. */ 435 WPI_WRITE(sc, WPI_INT, 0xffffffff); 436 437 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 438 if (ifp == NULL) { 439 device_printf(dev, "can not allocate ifnet structure\n"); 440 goto fail; 441 } 442 443 ic = ifp->if_l2com; 444 ic->ic_ifp = ifp; 445 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 446 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 447 448 /* Set device capabilities. */ 449 ic->ic_caps = 450 IEEE80211_C_STA /* station mode supported */ 451 | IEEE80211_C_IBSS /* IBSS mode supported */ 452 | IEEE80211_C_HOSTAP /* Host access point mode */ 453 | IEEE80211_C_MONITOR /* monitor mode supported */ 454 | IEEE80211_C_AHDEMO /* adhoc demo mode */ 455 | IEEE80211_C_BGSCAN /* capable of bg scanning */ 456 | IEEE80211_C_TXPMGT /* tx power management */ 457 | IEEE80211_C_SHSLOT /* short slot time supported */ 458 | IEEE80211_C_WPA /* 802.11i */ 459 | IEEE80211_C_SHPREAMBLE /* short preamble supported */ 460 | IEEE80211_C_WME /* 802.11e */ 461 | IEEE80211_C_PMGT /* Station-side power mgmt */ 462 ; 463 464 ic->ic_cryptocaps = 465 IEEE80211_CRYPTO_AES_CCM; 466 467 /* 468 * Read in the eeprom and also setup the channels for 469 * net80211. We don't set the rates as net80211 does this for us 470 */ 471 if ((error = wpi_read_eeprom(sc, macaddr)) != 0) { 472 device_printf(dev, "could not read EEPROM, error %d\n", 473 error); 474 goto fail; 475 } 476 477#ifdef WPI_DEBUG 478 if (bootverbose) { 479 device_printf(sc->sc_dev, "Regulatory Domain: %.4s\n", 480 sc->domain); 481 device_printf(sc->sc_dev, "Hardware Type: %c\n", 482 sc->type > 1 ? 'B': '?'); 483 device_printf(sc->sc_dev, "Hardware Revision: %c\n", 484 ((sc->rev & 0xf0) == 0xd0) ? 'D': '?'); 485 device_printf(sc->sc_dev, "SKU %s support 802.11a\n", 486 supportsa ? "does" : "does not"); 487 488 /* XXX hw_config uses the PCIDEV for the Hardware rev. Must 489 check what sc->rev really represents - benjsc 20070615 */ 490 } 491#endif 492 493 if_initname(ifp, device_get_name(dev), device_get_unit(dev)); 494 ifp->if_softc = sc; 495 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 496 ifp->if_init = wpi_init; 497 ifp->if_ioctl = wpi_ioctl; 498 ifp->if_start = wpi_start; 499 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 500 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 501 IFQ_SET_READY(&ifp->if_snd); 502 503 ieee80211_ifattach(ic, macaddr); 504 ic->ic_vap_create = wpi_vap_create; 505 ic->ic_vap_delete = wpi_vap_delete; 506 ic->ic_raw_xmit = wpi_raw_xmit; 507 ic->ic_node_alloc = wpi_node_alloc; 508 sc->sc_node_free = ic->ic_node_free; 509 ic->ic_node_free = wpi_node_free; 510 ic->ic_wme.wme_update = wpi_updateedca; 511 ic->ic_update_promisc = wpi_update_promisc; 512 ic->ic_update_mcast = wpi_update_mcast; 513 ic->ic_newassoc = wpi_newassoc; 514 ic->ic_scan_start = wpi_scan_start; 515 ic->ic_scan_end = wpi_scan_end; 516 ic->ic_set_channel = wpi_set_channel; 517 sc->sc_scan_curchan = ic->ic_scan_curchan; 518 ic->ic_scan_curchan = wpi_scan_curchan; 519 ic->ic_scan_mindwell = wpi_scan_mindwell; 520 ic->ic_setregdomain = wpi_setregdomain; 521 522 wpi_radiotap_attach(sc); 523 524 callout_init_mtx(&sc->calib_to, &sc->rxon_mtx, 0); 525 callout_init_mtx(&sc->scan_timeout, &sc->rxon_mtx, 0); 526 callout_init_mtx(&sc->tx_timeout, &sc->sc_mtx, 0); 527 callout_init_mtx(&sc->watchdog_rfkill, &sc->sc_mtx, 0); 528 TASK_INIT(&sc->sc_reinittask, 0, wpi_hw_reset, sc); 529 TASK_INIT(&sc->sc_radiooff_task, 0, wpi_radio_off, sc); 530 TASK_INIT(&sc->sc_radioon_task, 0, wpi_radio_on, sc); 531 TASK_INIT(&sc->sc_start_task, 0, wpi_start_task, sc); 532 533 wpi_sysctlattach(sc); 534 535 /* 536 * Hook our interrupt after all initialization is complete. 537 */ 538 error = bus_setup_intr(dev, sc->irq, INTR_TYPE_NET | INTR_MPSAFE, 539 NULL, wpi_intr, sc, &sc->sc_ih); 540 if (error != 0) { 541 device_printf(dev, "can't establish interrupt, error %d\n", 542 error); 543 goto fail; 544 } 545 546 if (bootverbose) 547 ieee80211_announce(ic); 548 549#ifdef WPI_DEBUG 550 if (sc->sc_debug & WPI_DEBUG_HW) 551 ieee80211_announce_channels(ic); 552#endif 553 554 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 555 return 0; 556 557fail: wpi_detach(dev); 558 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 559 return error; 560} 561 562/* 563 * Attach the interface to 802.11 radiotap. 564 */ 565static void 566wpi_radiotap_attach(struct wpi_softc *sc) 567{ 568 struct ifnet *ifp = sc->sc_ifp; 569 struct ieee80211com *ic = ifp->if_l2com; 570 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 571 ieee80211_radiotap_attach(ic, 572 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 573 WPI_TX_RADIOTAP_PRESENT, 574 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 575 WPI_RX_RADIOTAP_PRESENT); 576 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 577} 578 579static void 580wpi_sysctlattach(struct wpi_softc *sc) 581{ 582#ifdef WPI_DEBUG 583 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev); 584 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev); 585 586 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, 587 "debug", CTLFLAG_RW, &sc->sc_debug, sc->sc_debug, 588 "control debugging printfs"); 589#endif 590} 591 592static void 593wpi_init_beacon(struct wpi_vap *wvp) 594{ 595 struct wpi_buf *bcn = &wvp->wv_bcbuf; 596 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 597 598 cmd->id = WPI_ID_BROADCAST; 599 cmd->ofdm_mask = 0xff; 600 cmd->cck_mask = 0x0f; 601 cmd->lifetime = htole32(WPI_LIFETIME_INFINITE); 602 cmd->flags = htole32(WPI_TX_AUTO_SEQ | WPI_TX_INSERT_TSTAMP); 603 604 bcn->code = WPI_CMD_SET_BEACON; 605 bcn->ac = WPI_CMD_QUEUE_NUM; 606 bcn->size = sizeof(struct wpi_cmd_beacon); 607} 608 609static struct ieee80211vap * 610wpi_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 611 enum ieee80211_opmode opmode, int flags, 612 const uint8_t bssid[IEEE80211_ADDR_LEN], 613 const uint8_t mac[IEEE80211_ADDR_LEN]) 614{ 615 struct wpi_vap *wvp; 616 struct ieee80211vap *vap; 617 618 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 619 return NULL; 620 621 wvp = (struct wpi_vap *) malloc(sizeof(struct wpi_vap), 622 M_80211_VAP, M_NOWAIT | M_ZERO); 623 if (wvp == NULL) 624 return NULL; 625 vap = &wvp->wv_vap; 626 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 627 628 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) { 629 WPI_VAP_LOCK_INIT(wvp); 630 wpi_init_beacon(wvp); 631 } 632 633 /* Override with driver methods. */ 634 vap->iv_key_set = wpi_key_set; 635 vap->iv_key_delete = wpi_key_delete; 636 wvp->wv_newstate = vap->iv_newstate; 637 vap->iv_newstate = wpi_newstate; 638 vap->iv_update_beacon = wpi_update_beacon; 639 vap->iv_max_aid = WPI_ID_IBSS_MAX - WPI_ID_IBSS_MIN + 1; 640 641 ieee80211_ratectl_init(vap); 642 /* Complete setup. */ 643 ieee80211_vap_attach(vap, ieee80211_media_change, 644 ieee80211_media_status); 645 ic->ic_opmode = opmode; 646 return vap; 647} 648 649static void 650wpi_vap_delete(struct ieee80211vap *vap) 651{ 652 struct wpi_vap *wvp = WPI_VAP(vap); 653 struct wpi_buf *bcn = &wvp->wv_bcbuf; 654 enum ieee80211_opmode opmode = vap->iv_opmode; 655 656 ieee80211_ratectl_deinit(vap); 657 ieee80211_vap_detach(vap); 658 659 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) { 660 if (bcn->m != NULL) 661 m_freem(bcn->m); 662 663 WPI_VAP_LOCK_DESTROY(wvp); 664 } 665 666 free(wvp, M_80211_VAP); 667} 668 669static int 670wpi_detach(device_t dev) 671{ 672 struct wpi_softc *sc = device_get_softc(dev); 673 struct ifnet *ifp = sc->sc_ifp; 674 struct ieee80211com *ic; 675 int qid; 676 677 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 678 679 if (ifp != NULL) { 680 ic = ifp->if_l2com; 681 682 ieee80211_draintask(ic, &sc->sc_reinittask); 683 ieee80211_draintask(ic, &sc->sc_radiooff_task); 684 ieee80211_draintask(ic, &sc->sc_radioon_task); 685 ieee80211_draintask(ic, &sc->sc_start_task); 686 687 wpi_stop(sc); 688 689 callout_drain(&sc->watchdog_rfkill); 690 callout_drain(&sc->tx_timeout); 691 callout_drain(&sc->scan_timeout); 692 callout_drain(&sc->calib_to); 693 ieee80211_ifdetach(ic); 694 } 695 696 /* Uninstall interrupt handler. */ 697 if (sc->irq != NULL) { 698 bus_teardown_intr(dev, sc->irq, sc->sc_ih); 699 bus_release_resource(dev, SYS_RES_IRQ, rman_get_rid(sc->irq), 700 sc->irq); 701 pci_release_msi(dev); 702 } 703 704 if (sc->txq[0].data_dmat) { 705 /* Free DMA resources. */ 706 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 707 wpi_free_tx_ring(sc, &sc->txq[qid]); 708 709 wpi_free_rx_ring(sc); 710 wpi_free_shared(sc); 711 } 712 713 if (sc->fw_dma.tag) 714 wpi_free_fwmem(sc); 715 716 if (sc->mem != NULL) 717 bus_release_resource(dev, SYS_RES_MEMORY, 718 rman_get_rid(sc->mem), sc->mem); 719 720 if (ifp != NULL) 721 if_free(ifp); 722 723 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 724 WPI_TXQ_LOCK_DESTROY(sc); 725 WPI_NT_LOCK_DESTROY(sc); 726 WPI_RXON_LOCK_DESTROY(sc); 727 WPI_LOCK_DESTROY(sc); 728 return 0; 729} 730 731static int 732wpi_shutdown(device_t dev) 733{ 734 struct wpi_softc *sc = device_get_softc(dev); 735 736 wpi_stop(sc); 737 return 0; 738} 739 740static int 741wpi_suspend(device_t dev) 742{ 743 struct wpi_softc *sc = device_get_softc(dev); 744 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 745 746 ieee80211_suspend_all(ic); 747 return 0; 748} 749 750static int 751wpi_resume(device_t dev) 752{ 753 struct wpi_softc *sc = device_get_softc(dev); 754 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 755 756 /* Clear device-specific "PCI retry timeout" register (41h). */ 757 pci_write_config(dev, 0x41, 0, 1); 758 759 ieee80211_resume_all(ic); 760 return 0; 761} 762 763/* 764 * Grab exclusive access to NIC memory. 765 */ 766static int 767wpi_nic_lock(struct wpi_softc *sc) 768{ 769 int ntries; 770 771 /* Request exclusive access to NIC. */ 772 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 773 774 /* Spin until we actually get the lock. */ 775 for (ntries = 0; ntries < 1000; ntries++) { 776 if ((WPI_READ(sc, WPI_GP_CNTRL) & 777 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 778 WPI_GP_CNTRL_MAC_ACCESS_ENA) 779 return 0; 780 DELAY(10); 781 } 782 783 device_printf(sc->sc_dev, "could not lock memory\n"); 784 785 return ETIMEDOUT; 786} 787 788/* 789 * Release lock on NIC memory. 790 */ 791static __inline void 792wpi_nic_unlock(struct wpi_softc *sc) 793{ 794 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 795} 796 797static __inline uint32_t 798wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 799{ 800 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 801 WPI_BARRIER_READ_WRITE(sc); 802 return WPI_READ(sc, WPI_PRPH_RDATA); 803} 804 805static __inline void 806wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 807{ 808 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 809 WPI_BARRIER_WRITE(sc); 810 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 811} 812 813static __inline void 814wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 815{ 816 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 817} 818 819static __inline void 820wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 821{ 822 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 823} 824 825static __inline void 826wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 827 const uint32_t *data, int count) 828{ 829 for (; count > 0; count--, data++, addr += 4) 830 wpi_prph_write(sc, addr, *data); 831} 832 833static __inline uint32_t 834wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 835{ 836 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 837 WPI_BARRIER_READ_WRITE(sc); 838 return WPI_READ(sc, WPI_MEM_RDATA); 839} 840 841static __inline void 842wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 843 int count) 844{ 845 for (; count > 0; count--, addr += 4) 846 *data++ = wpi_mem_read(sc, addr); 847} 848 849static int 850wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 851{ 852 uint8_t *out = data; 853 uint32_t val; 854 int error, ntries; 855 856 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 857 858 if ((error = wpi_nic_lock(sc)) != 0) 859 return error; 860 861 for (; count > 0; count -= 2, addr++) { 862 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 863 for (ntries = 0; ntries < 10; ntries++) { 864 val = WPI_READ(sc, WPI_EEPROM); 865 if (val & WPI_EEPROM_READ_VALID) 866 break; 867 DELAY(5); 868 } 869 if (ntries == 10) { 870 device_printf(sc->sc_dev, 871 "timeout reading ROM at 0x%x\n", addr); 872 return ETIMEDOUT; 873 } 874 *out++= val >> 16; 875 if (count > 1) 876 *out ++= val >> 24; 877 } 878 879 wpi_nic_unlock(sc); 880 881 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 882 883 return 0; 884} 885 886static void 887wpi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 888{ 889 if (error != 0) 890 return; 891 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 892 *(bus_addr_t *)arg = segs[0].ds_addr; 893} 894 895/* 896 * Allocates a contiguous block of dma memory of the requested size and 897 * alignment. 898 */ 899static int 900wpi_dma_contig_alloc(struct wpi_softc *sc, struct wpi_dma_info *dma, 901 void **kvap, bus_size_t size, bus_size_t alignment) 902{ 903 int error; 904 905 dma->tag = NULL; 906 dma->size = size; 907 908 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment, 909 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 910 1, size, BUS_DMA_NOWAIT, NULL, NULL, &dma->tag); 911 if (error != 0) 912 goto fail; 913 914 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 915 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 916 if (error != 0) 917 goto fail; 918 919 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 920 wpi_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 921 if (error != 0) 922 goto fail; 923 924 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 925 926 if (kvap != NULL) 927 *kvap = dma->vaddr; 928 929 return 0; 930 931fail: wpi_dma_contig_free(dma); 932 return error; 933} 934 935static void 936wpi_dma_contig_free(struct wpi_dma_info *dma) 937{ 938 if (dma->vaddr != NULL) { 939 bus_dmamap_sync(dma->tag, dma->map, 940 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 941 bus_dmamap_unload(dma->tag, dma->map); 942 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 943 dma->vaddr = NULL; 944 } 945 if (dma->tag != NULL) { 946 bus_dma_tag_destroy(dma->tag); 947 dma->tag = NULL; 948 } 949} 950 951/* 952 * Allocate a shared page between host and NIC. 953 */ 954static int 955wpi_alloc_shared(struct wpi_softc *sc) 956{ 957 /* Shared buffer must be aligned on a 4KB boundary. */ 958 return wpi_dma_contig_alloc(sc, &sc->shared_dma, 959 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 960} 961 962static void 963wpi_free_shared(struct wpi_softc *sc) 964{ 965 wpi_dma_contig_free(&sc->shared_dma); 966} 967 968/* 969 * Allocate DMA-safe memory for firmware transfer. 970 */ 971static int 972wpi_alloc_fwmem(struct wpi_softc *sc) 973{ 974 /* Must be aligned on a 16-byte boundary. */ 975 return wpi_dma_contig_alloc(sc, &sc->fw_dma, NULL, 976 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 977} 978 979static void 980wpi_free_fwmem(struct wpi_softc *sc) 981{ 982 wpi_dma_contig_free(&sc->fw_dma); 983} 984 985static int 986wpi_alloc_rx_ring(struct wpi_softc *sc) 987{ 988 struct wpi_rx_ring *ring = &sc->rxq; 989 bus_size_t size; 990 int i, error; 991 992 ring->cur = 0; 993 ring->update = 0; 994 995 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 996 997 /* Allocate RX descriptors (16KB aligned.) */ 998 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 999 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, 1000 (void **)&ring->desc, size, WPI_RING_DMA_ALIGN); 1001 if (error != 0) { 1002 device_printf(sc->sc_dev, 1003 "%s: could not allocate RX ring DMA memory, error %d\n", 1004 __func__, error); 1005 goto fail; 1006 } 1007 1008 /* Create RX buffer DMA tag. */ 1009 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1010 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 1011 MJUMPAGESIZE, 1, MJUMPAGESIZE, BUS_DMA_NOWAIT, NULL, NULL, 1012 &ring->data_dmat); 1013 if (error != 0) { 1014 device_printf(sc->sc_dev, 1015 "%s: could not create RX buf DMA tag, error %d\n", 1016 __func__, error); 1017 goto fail; 1018 } 1019 1020 /* 1021 * Allocate and map RX buffers. 1022 */ 1023 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1024 struct wpi_rx_data *data = &ring->data[i]; 1025 bus_addr_t paddr; 1026 1027 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1028 if (error != 0) { 1029 device_printf(sc->sc_dev, 1030 "%s: could not create RX buf DMA map, error %d\n", 1031 __func__, error); 1032 goto fail; 1033 } 1034 1035 data->m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1036 if (data->m == NULL) { 1037 device_printf(sc->sc_dev, 1038 "%s: could not allocate RX mbuf\n", __func__); 1039 error = ENOBUFS; 1040 goto fail; 1041 } 1042 1043 error = bus_dmamap_load(ring->data_dmat, data->map, 1044 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1045 &paddr, BUS_DMA_NOWAIT); 1046 if (error != 0 && error != EFBIG) { 1047 device_printf(sc->sc_dev, 1048 "%s: can't map mbuf (error %d)\n", __func__, 1049 error); 1050 goto fail; 1051 } 1052 1053 /* Set physical address of RX buffer. */ 1054 ring->desc[i] = htole32(paddr); 1055 } 1056 1057 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1058 BUS_DMASYNC_PREWRITE); 1059 1060 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1061 1062 return 0; 1063 1064fail: wpi_free_rx_ring(sc); 1065 1066 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1067 1068 return error; 1069} 1070 1071static void 1072wpi_update_rx_ring(struct wpi_softc *sc) 1073{ 1074 struct wpi_rx_ring *ring = &sc->rxq; 1075 1076 if (ring->update != 0) { 1077 /* Wait for INT_WAKEUP event. */ 1078 return; 1079 } 1080 1081 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1082 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s: wakeup request\n", 1083 __func__); 1084 1085 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1086 ring->update = 1; 1087 } else 1088 WPI_WRITE(sc, WPI_FH_RX_WPTR, ring->cur & ~7); 1089} 1090 1091static void 1092wpi_reset_rx_ring(struct wpi_softc *sc) 1093{ 1094 struct wpi_rx_ring *ring = &sc->rxq; 1095 int ntries; 1096 1097 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1098 1099 if (wpi_nic_lock(sc) == 0) { 1100 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 1101 for (ntries = 0; ntries < 1000; ntries++) { 1102 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 1103 WPI_FH_RX_STATUS_IDLE) 1104 break; 1105 DELAY(10); 1106 } 1107 wpi_nic_unlock(sc); 1108 } 1109 1110 ring->cur = 0; 1111 ring->update = 0; 1112} 1113 1114static void 1115wpi_free_rx_ring(struct wpi_softc *sc) 1116{ 1117 struct wpi_rx_ring *ring = &sc->rxq; 1118 int i; 1119 1120 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1121 1122 wpi_dma_contig_free(&ring->desc_dma); 1123 1124 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1125 struct wpi_rx_data *data = &ring->data[i]; 1126 1127 if (data->m != NULL) { 1128 bus_dmamap_sync(ring->data_dmat, data->map, 1129 BUS_DMASYNC_POSTREAD); 1130 bus_dmamap_unload(ring->data_dmat, data->map); 1131 m_freem(data->m); 1132 data->m = NULL; 1133 } 1134 if (data->map != NULL) 1135 bus_dmamap_destroy(ring->data_dmat, data->map); 1136 } 1137 if (ring->data_dmat != NULL) { 1138 bus_dma_tag_destroy(ring->data_dmat); 1139 ring->data_dmat = NULL; 1140 } 1141} 1142 1143static int 1144wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 1145{ 1146 bus_addr_t paddr; 1147 bus_size_t size; 1148 int i, error; 1149 1150 ring->qid = qid; 1151 ring->queued = 0; 1152 ring->cur = 0; 1153 ring->update = 0; 1154 1155 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1156 1157 /* Allocate TX descriptors (16KB aligned.) */ 1158 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 1159 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc, 1160 size, WPI_RING_DMA_ALIGN); 1161 if (error != 0) { 1162 device_printf(sc->sc_dev, 1163 "%s: could not allocate TX ring DMA memory, error %d\n", 1164 __func__, error); 1165 goto fail; 1166 } 1167 1168 /* Update shared area with ring physical address. */ 1169 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 1170 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 1171 BUS_DMASYNC_PREWRITE); 1172 1173 /* 1174 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 1175 * to allocate commands space for other rings. 1176 * XXX Do we really need to allocate descriptors for other rings? 1177 */ 1178 if (qid > WPI_CMD_QUEUE_NUM) { 1179 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1180 return 0; 1181 } 1182 1183 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 1184 error = wpi_dma_contig_alloc(sc, &ring->cmd_dma, (void **)&ring->cmd, 1185 size, 4); 1186 if (error != 0) { 1187 device_printf(sc->sc_dev, 1188 "%s: could not allocate TX cmd DMA memory, error %d\n", 1189 __func__, error); 1190 goto fail; 1191 } 1192 1193 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1194 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1195 WPI_MAX_SCATTER - 1, MCLBYTES, BUS_DMA_NOWAIT, NULL, NULL, 1196 &ring->data_dmat); 1197 if (error != 0) { 1198 device_printf(sc->sc_dev, 1199 "%s: could not create TX buf DMA tag, error %d\n", 1200 __func__, error); 1201 goto fail; 1202 } 1203 1204 paddr = ring->cmd_dma.paddr; 1205 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1206 struct wpi_tx_data *data = &ring->data[i]; 1207 1208 data->cmd_paddr = paddr; 1209 paddr += sizeof (struct wpi_tx_cmd); 1210 1211 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1212 if (error != 0) { 1213 device_printf(sc->sc_dev, 1214 "%s: could not create TX buf DMA map, error %d\n", 1215 __func__, error); 1216 goto fail; 1217 } 1218 } 1219 1220 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1221 1222 return 0; 1223 1224fail: wpi_free_tx_ring(sc, ring); 1225 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1226 return error; 1227} 1228 1229static void 1230wpi_update_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1231{ 1232 if (ring->update != 0) { 1233 /* Wait for INT_WAKEUP event. */ 1234 return; 1235 } 1236 1237 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1238 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s (%d): requesting wakeup\n", 1239 __func__, ring->qid); 1240 1241 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1242 ring->update = 1; 1243 } else 1244 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1245} 1246 1247static void 1248wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1249{ 1250 int i; 1251 1252 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1253 1254 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1255 struct wpi_tx_data *data = &ring->data[i]; 1256 1257 if (data->m != NULL) { 1258 bus_dmamap_sync(ring->data_dmat, data->map, 1259 BUS_DMASYNC_POSTWRITE); 1260 bus_dmamap_unload(ring->data_dmat, data->map); 1261 m_freem(data->m); 1262 data->m = NULL; 1263 } 1264 } 1265 /* Clear TX descriptors. */ 1266 memset(ring->desc, 0, ring->desc_dma.size); 1267 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1268 BUS_DMASYNC_PREWRITE); 1269 sc->qfullmsk &= ~(1 << ring->qid); 1270 ring->queued = 0; 1271 ring->cur = 0; 1272 ring->update = 0; 1273} 1274 1275static void 1276wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1277{ 1278 int i; 1279 1280 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1281 1282 wpi_dma_contig_free(&ring->desc_dma); 1283 wpi_dma_contig_free(&ring->cmd_dma); 1284 1285 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1286 struct wpi_tx_data *data = &ring->data[i]; 1287 1288 if (data->m != NULL) { 1289 bus_dmamap_sync(ring->data_dmat, data->map, 1290 BUS_DMASYNC_POSTWRITE); 1291 bus_dmamap_unload(ring->data_dmat, data->map); 1292 m_freem(data->m); 1293 } 1294 if (data->map != NULL) 1295 bus_dmamap_destroy(ring->data_dmat, data->map); 1296 } 1297 if (ring->data_dmat != NULL) { 1298 bus_dma_tag_destroy(ring->data_dmat); 1299 ring->data_dmat = NULL; 1300 } 1301} 1302 1303/* 1304 * Extract various information from EEPROM. 1305 */ 1306static int 1307wpi_read_eeprom(struct wpi_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN]) 1308{ 1309#define WPI_CHK(res) do { \ 1310 if ((error = res) != 0) \ 1311 goto fail; \ 1312} while (0) 1313 int error, i; 1314 1315 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1316 1317 /* Adapter has to be powered on for EEPROM access to work. */ 1318 if ((error = wpi_apm_init(sc)) != 0) { 1319 device_printf(sc->sc_dev, 1320 "%s: could not power ON adapter, error %d\n", __func__, 1321 error); 1322 return error; 1323 } 1324 1325 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 1326 device_printf(sc->sc_dev, "bad EEPROM signature\n"); 1327 error = EIO; 1328 goto fail; 1329 } 1330 /* Clear HW ownership of EEPROM. */ 1331 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 1332 1333 /* Read the hardware capabilities, revision and SKU type. */ 1334 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_SKU_CAP, &sc->cap, 1335 sizeof(sc->cap))); 1336 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 1337 sizeof(sc->rev))); 1338 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1339 sizeof(sc->type))); 1340 1341 sc->rev = le16toh(sc->rev); 1342 DPRINTF(sc, WPI_DEBUG_EEPROM, "cap=%x rev=%x type=%x\n", sc->cap, 1343 sc->rev, sc->type); 1344 1345 /* Read the regulatory domain (4 ASCII characters.) */ 1346 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, sc->domain, 1347 sizeof(sc->domain))); 1348 1349 /* Read MAC address. */ 1350 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_MAC, macaddr, 1351 IEEE80211_ADDR_LEN)); 1352 1353 /* Read the list of authorized channels. */ 1354 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 1355 WPI_CHK(wpi_read_eeprom_channels(sc, i)); 1356 1357 /* Read the list of TX power groups. */ 1358 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 1359 WPI_CHK(wpi_read_eeprom_group(sc, i)); 1360 1361fail: wpi_apm_stop(sc); /* Power OFF adapter. */ 1362 1363 DPRINTF(sc, WPI_DEBUG_TRACE, error ? TRACE_STR_END_ERR : TRACE_STR_END, 1364 __func__); 1365 1366 return error; 1367#undef WPI_CHK 1368} 1369 1370/* 1371 * Translate EEPROM flags to net80211. 1372 */ 1373static uint32_t 1374wpi_eeprom_channel_flags(struct wpi_eeprom_chan *channel) 1375{ 1376 uint32_t nflags; 1377 1378 nflags = 0; 1379 if ((channel->flags & WPI_EEPROM_CHAN_ACTIVE) == 0) 1380 nflags |= IEEE80211_CHAN_PASSIVE; 1381 if ((channel->flags & WPI_EEPROM_CHAN_IBSS) == 0) 1382 nflags |= IEEE80211_CHAN_NOADHOC; 1383 if (channel->flags & WPI_EEPROM_CHAN_RADAR) { 1384 nflags |= IEEE80211_CHAN_DFS; 1385 /* XXX apparently IBSS may still be marked */ 1386 nflags |= IEEE80211_CHAN_NOADHOC; 1387 } 1388 1389 /* XXX HOSTAP uses WPI_MODE_IBSS */ 1390 if (nflags & IEEE80211_CHAN_NOADHOC) 1391 nflags |= IEEE80211_CHAN_NOHOSTAP; 1392 1393 return nflags; 1394} 1395 1396static void 1397wpi_read_eeprom_band(struct wpi_softc *sc, int n) 1398{ 1399 struct ifnet *ifp = sc->sc_ifp; 1400 struct ieee80211com *ic = ifp->if_l2com; 1401 struct wpi_eeprom_chan *channels = sc->eeprom_channels[n]; 1402 const struct wpi_chan_band *band = &wpi_bands[n]; 1403 struct ieee80211_channel *c; 1404 uint8_t chan; 1405 int i, nflags; 1406 1407 for (i = 0; i < band->nchan; i++) { 1408 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) { 1409 DPRINTF(sc, WPI_DEBUG_EEPROM, 1410 "Channel Not Valid: %d, band %d\n", 1411 band->chan[i],n); 1412 continue; 1413 } 1414 1415 chan = band->chan[i]; 1416 nflags = wpi_eeprom_channel_flags(&channels[i]); 1417 1418 c = &ic->ic_channels[ic->ic_nchans++]; 1419 c->ic_ieee = chan; 1420 c->ic_maxregpower = channels[i].maxpwr; 1421 c->ic_maxpower = 2*c->ic_maxregpower; 1422 1423 if (n == 0) { /* 2GHz band */ 1424 c->ic_freq = ieee80211_ieee2mhz(chan, 1425 IEEE80211_CHAN_G); 1426 1427 /* G =>'s B is supported */ 1428 c->ic_flags = IEEE80211_CHAN_B | nflags; 1429 c = &ic->ic_channels[ic->ic_nchans++]; 1430 c[0] = c[-1]; 1431 c->ic_flags = IEEE80211_CHAN_G | nflags; 1432 } else { /* 5GHz band */ 1433 c->ic_freq = ieee80211_ieee2mhz(chan, 1434 IEEE80211_CHAN_A); 1435 1436 c->ic_flags = IEEE80211_CHAN_A | nflags; 1437 } 1438 1439 /* Save maximum allowed TX power for this channel. */ 1440 sc->maxpwr[chan] = channels[i].maxpwr; 1441 1442 DPRINTF(sc, WPI_DEBUG_EEPROM, 1443 "adding chan %d (%dMHz) flags=0x%x maxpwr=%d passive=%d," 1444 " offset %d\n", chan, c->ic_freq, 1445 channels[i].flags, sc->maxpwr[chan], 1446 IEEE80211_IS_CHAN_PASSIVE(c), ic->ic_nchans); 1447 } 1448} 1449 1450/** 1451 * Read the eeprom to find out what channels are valid for the given 1452 * band and update net80211 with what we find. 1453 */ 1454static int 1455wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 1456{ 1457 struct ifnet *ifp = sc->sc_ifp; 1458 struct ieee80211com *ic = ifp->if_l2com; 1459 const struct wpi_chan_band *band = &wpi_bands[n]; 1460 int error; 1461 1462 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1463 1464 error = wpi_read_prom_data(sc, band->addr, &sc->eeprom_channels[n], 1465 band->nchan * sizeof (struct wpi_eeprom_chan)); 1466 if (error != 0) { 1467 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1468 return error; 1469 } 1470 1471 wpi_read_eeprom_band(sc, n); 1472 1473 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans); 1474 1475 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1476 1477 return 0; 1478} 1479 1480static struct wpi_eeprom_chan * 1481wpi_find_eeprom_channel(struct wpi_softc *sc, struct ieee80211_channel *c) 1482{ 1483 int i, j; 1484 1485 for (j = 0; j < WPI_CHAN_BANDS_COUNT; j++) 1486 for (i = 0; i < wpi_bands[j].nchan; i++) 1487 if (wpi_bands[j].chan[i] == c->ic_ieee) 1488 return &sc->eeprom_channels[j][i]; 1489 1490 return NULL; 1491} 1492 1493/* 1494 * Enforce flags read from EEPROM. 1495 */ 1496static int 1497wpi_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd, 1498 int nchan, struct ieee80211_channel chans[]) 1499{ 1500 struct ifnet *ifp = ic->ic_ifp; 1501 struct wpi_softc *sc = ifp->if_softc; 1502 int i; 1503 1504 for (i = 0; i < nchan; i++) { 1505 struct ieee80211_channel *c = &chans[i]; 1506 struct wpi_eeprom_chan *channel; 1507 1508 channel = wpi_find_eeprom_channel(sc, c); 1509 if (channel == NULL) { 1510 if_printf(ic->ic_ifp, 1511 "%s: invalid channel %u freq %u/0x%x\n", 1512 __func__, c->ic_ieee, c->ic_freq, c->ic_flags); 1513 return EINVAL; 1514 } 1515 c->ic_flags |= wpi_eeprom_channel_flags(channel); 1516 } 1517 1518 return 0; 1519} 1520 1521static int 1522wpi_read_eeprom_group(struct wpi_softc *sc, int n) 1523{ 1524 struct wpi_power_group *group = &sc->groups[n]; 1525 struct wpi_eeprom_group rgroup; 1526 int i, error; 1527 1528 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1529 1530 if ((error = wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, 1531 &rgroup, sizeof rgroup)) != 0) { 1532 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1533 return error; 1534 } 1535 1536 /* Save TX power group information. */ 1537 group->chan = rgroup.chan; 1538 group->maxpwr = rgroup.maxpwr; 1539 /* Retrieve temperature at which the samples were taken. */ 1540 group->temp = (int16_t)le16toh(rgroup.temp); 1541 1542 DPRINTF(sc, WPI_DEBUG_EEPROM, 1543 "power group %d: chan=%d maxpwr=%d temp=%d\n", n, group->chan, 1544 group->maxpwr, group->temp); 1545 1546 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 1547 group->samples[i].index = rgroup.samples[i].index; 1548 group->samples[i].power = rgroup.samples[i].power; 1549 1550 DPRINTF(sc, WPI_DEBUG_EEPROM, 1551 "\tsample %d: index=%d power=%d\n", i, 1552 group->samples[i].index, group->samples[i].power); 1553 } 1554 1555 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1556 1557 return 0; 1558} 1559 1560static int 1561wpi_add_node_entry_adhoc(struct wpi_softc *sc) 1562{ 1563 int newid = WPI_ID_IBSS_MIN; 1564 1565 for (; newid <= WPI_ID_IBSS_MAX; newid++) { 1566 if ((sc->nodesmsk & (1 << newid)) == 0) { 1567 sc->nodesmsk |= 1 << newid; 1568 return newid; 1569 } 1570 } 1571 1572 return WPI_ID_UNDEFINED; 1573} 1574 1575static __inline int 1576wpi_add_node_entry_sta(struct wpi_softc *sc) 1577{ 1578 sc->nodesmsk |= 1 << WPI_ID_BSS; 1579 1580 return WPI_ID_BSS; 1581} 1582 1583static __inline int 1584wpi_check_node_entry(struct wpi_softc *sc, uint8_t id) 1585{ 1586 if (id == WPI_ID_UNDEFINED) 1587 return 0; 1588 1589 return (sc->nodesmsk >> id) & 1; 1590} 1591 1592static __inline void 1593wpi_clear_node_table(struct wpi_softc *sc) 1594{ 1595 sc->nodesmsk = 0; 1596} 1597 1598static __inline void 1599wpi_del_node_entry(struct wpi_softc *sc, uint8_t id) 1600{ 1601 sc->nodesmsk &= ~(1 << id); 1602} 1603 1604static struct ieee80211_node * 1605wpi_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1606{ 1607 struct wpi_node *wn; 1608 1609 wn = malloc(sizeof (struct wpi_node), M_80211_NODE, 1610 M_NOWAIT | M_ZERO); 1611 1612 if (wn == NULL) 1613 return NULL; 1614 1615 wn->id = WPI_ID_UNDEFINED; 1616 1617 return &wn->ni; 1618} 1619 1620static void 1621wpi_node_free(struct ieee80211_node *ni) 1622{ 1623 struct ieee80211com *ic = ni->ni_ic; 1624 struct wpi_softc *sc = ic->ic_ifp->if_softc; 1625 struct wpi_node *wn = WPI_NODE(ni); 1626 1627 if (wn->id != WPI_ID_UNDEFINED) { 1628 WPI_NT_LOCK(sc); 1629 if (wpi_check_node_entry(sc, wn->id)) { 1630 wpi_del_node_entry(sc, wn->id); 1631 wpi_del_node(sc, ni); 1632 } 1633 WPI_NT_UNLOCK(sc); 1634 } 1635 1636 sc->sc_node_free(ni); 1637} 1638 1639/** 1640 * Called by net80211 when ever there is a change to 80211 state machine 1641 */ 1642static int 1643wpi_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1644{ 1645 struct wpi_vap *wvp = WPI_VAP(vap); 1646 struct ieee80211com *ic = vap->iv_ic; 1647 struct ifnet *ifp = ic->ic_ifp; 1648 struct wpi_softc *sc = ifp->if_softc; 1649 int error = 0; 1650 1651 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1652 1653 DPRINTF(sc, WPI_DEBUG_STATE, "%s: %s -> %s\n", __func__, 1654 ieee80211_state_name[vap->iv_state], 1655 ieee80211_state_name[nstate]); 1656 1657 switch (nstate) { 1658 case IEEE80211_S_SCAN: 1659 WPI_RXON_LOCK(sc); 1660 if ((sc->rxon.filter & htole32(WPI_FILTER_BSS)) && 1661 vap->iv_opmode != IEEE80211_M_STA) { 1662 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1663 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 1664 device_printf(sc->sc_dev, 1665 "%s: could not send RXON\n", __func__); 1666 } 1667 } 1668 WPI_RXON_UNLOCK(sc); 1669 break; 1670 1671 case IEEE80211_S_ASSOC: 1672 if (vap->iv_state != IEEE80211_S_RUN) 1673 break; 1674 /* FALLTHROUGH */ 1675 case IEEE80211_S_AUTH: 1676 /* 1677 * The node must be registered in the firmware before auth. 1678 * Also the associd must be cleared on RUN -> ASSOC 1679 * transitions. 1680 */ 1681 if ((error = wpi_auth(sc, vap)) != 0) { 1682 device_printf(sc->sc_dev, 1683 "%s: could not move to AUTH state, error %d\n", 1684 __func__, error); 1685 } 1686 break; 1687 1688 case IEEE80211_S_RUN: 1689 /* 1690 * RUN -> RUN transition; Just restart the timers. 1691 */ 1692 if (vap->iv_state == IEEE80211_S_RUN) { 1693 WPI_RXON_LOCK(sc); 1694 wpi_calib_timeout(sc); 1695 WPI_RXON_UNLOCK(sc); 1696 break; 1697 } 1698 1699 /* 1700 * !RUN -> RUN requires setting the association id 1701 * which is done with a firmware cmd. We also defer 1702 * starting the timers until that work is done. 1703 */ 1704 if ((error = wpi_run(sc, vap)) != 0) { 1705 device_printf(sc->sc_dev, 1706 "%s: could not move to RUN state\n", __func__); 1707 } 1708 break; 1709 1710 default: 1711 break; 1712 } 1713 if (error != 0) { 1714 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1715 return error; 1716 } 1717 1718 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1719 1720 return wvp->wv_newstate(vap, nstate, arg); 1721} 1722 1723static void 1724wpi_calib_timeout(void *arg) 1725{ 1726 struct wpi_softc *sc = arg; 1727 1728 if (!(sc->rxon.filter & htole32(WPI_FILTER_BSS))) 1729 return; 1730 1731 wpi_power_calibration(sc); 1732 1733 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 1734} 1735 1736static __inline uint8_t 1737rate2plcp(const uint8_t rate) 1738{ 1739 switch (rate) { 1740 case 12: return 0xd; 1741 case 18: return 0xf; 1742 case 24: return 0x5; 1743 case 36: return 0x7; 1744 case 48: return 0x9; 1745 case 72: return 0xb; 1746 case 96: return 0x1; 1747 case 108: return 0x3; 1748 case 2: return 10; 1749 case 4: return 20; 1750 case 11: return 55; 1751 case 22: return 110; 1752 default: return 0; 1753 } 1754} 1755 1756static __inline uint8_t 1757plcp2rate(const uint8_t plcp) 1758{ 1759 switch (plcp) { 1760 case 0xd: return 12; 1761 case 0xf: return 18; 1762 case 0x5: return 24; 1763 case 0x7: return 36; 1764 case 0x9: return 48; 1765 case 0xb: return 72; 1766 case 0x1: return 96; 1767 case 0x3: return 108; 1768 case 10: return 2; 1769 case 20: return 4; 1770 case 55: return 11; 1771 case 110: return 22; 1772 default: return 0; 1773 } 1774} 1775 1776/* Quickly determine if a given rate is CCK or OFDM. */ 1777#define WPI_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1778 1779static void 1780wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1781 struct wpi_rx_data *data) 1782{ 1783 struct ifnet *ifp = sc->sc_ifp; 1784 struct ieee80211com *ic = ifp->if_l2com; 1785 struct wpi_rx_ring *ring = &sc->rxq; 1786 struct wpi_rx_stat *stat; 1787 struct wpi_rx_head *head; 1788 struct wpi_rx_tail *tail; 1789 struct ieee80211_frame *wh; 1790 struct ieee80211_node *ni; 1791 struct mbuf *m, *m1; 1792 bus_addr_t paddr; 1793 uint32_t flags; 1794 uint16_t len; 1795 int error; 1796 1797 stat = (struct wpi_rx_stat *)(desc + 1); 1798 1799 if (stat->len > WPI_STAT_MAXLEN) { 1800 device_printf(sc->sc_dev, "invalid RX statistic header\n"); 1801 goto fail1; 1802 } 1803 1804 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 1805 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1806 len = le16toh(head->len); 1807 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + len); 1808 flags = le32toh(tail->flags); 1809 1810 DPRINTF(sc, WPI_DEBUG_RECV, "%s: idx %d len %d stat len %u rssi %d" 1811 " rate %x chan %d tstamp %ju\n", __func__, ring->cur, 1812 le32toh(desc->len), len, (int8_t)stat->rssi, 1813 head->plcp, head->chan, (uintmax_t)le64toh(tail->tstamp)); 1814 1815 /* Discard frames with a bad FCS early. */ 1816 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1817 DPRINTF(sc, WPI_DEBUG_RECV, "%s: RX flags error %x\n", 1818 __func__, flags); 1819 goto fail1; 1820 } 1821 /* Discard frames that are too short. */ 1822 if (len < sizeof (*wh)) { 1823 DPRINTF(sc, WPI_DEBUG_RECV, "%s: frame too short: %d\n", 1824 __func__, len); 1825 goto fail1; 1826 } 1827 1828 m1 = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1829 if (m1 == NULL) { 1830 DPRINTF(sc, WPI_DEBUG_ANY, "%s: no mbuf to restock ring\n", 1831 __func__); 1832 goto fail1; 1833 } 1834 bus_dmamap_unload(ring->data_dmat, data->map); 1835 1836 error = bus_dmamap_load(ring->data_dmat, data->map, mtod(m1, void *), 1837 MJUMPAGESIZE, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 1838 if (error != 0 && error != EFBIG) { 1839 device_printf(sc->sc_dev, 1840 "%s: bus_dmamap_load failed, error %d\n", __func__, error); 1841 m_freem(m1); 1842 1843 /* Try to reload the old mbuf. */ 1844 error = bus_dmamap_load(ring->data_dmat, data->map, 1845 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1846 &paddr, BUS_DMA_NOWAIT); 1847 if (error != 0 && error != EFBIG) { 1848 panic("%s: could not load old RX mbuf", __func__); 1849 } 1850 /* Physical address may have changed. */ 1851 ring->desc[ring->cur] = htole32(paddr); 1852 bus_dmamap_sync(ring->data_dmat, ring->desc_dma.map, 1853 BUS_DMASYNC_PREWRITE); 1854 goto fail1; 1855 } 1856 1857 m = data->m; 1858 data->m = m1; 1859 /* Update RX descriptor. */ 1860 ring->desc[ring->cur] = htole32(paddr); 1861 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1862 BUS_DMASYNC_PREWRITE); 1863 1864 /* Finalize mbuf. */ 1865 m->m_pkthdr.rcvif = ifp; 1866 m->m_data = (caddr_t)(head + 1); 1867 m->m_pkthdr.len = m->m_len = len; 1868 1869 /* Grab a reference to the source node. */ 1870 wh = mtod(m, struct ieee80211_frame *); 1871 1872 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1873 (flags & WPI_RX_CIPHER_MASK) == WPI_RX_CIPHER_CCMP) { 1874 /* Check whether decryption was successful or not. */ 1875 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1876 DPRINTF(sc, WPI_DEBUG_RECV, 1877 "CCMP decryption failed 0x%x\n", flags); 1878 goto fail2; 1879 } 1880 m->m_flags |= M_WEP; 1881 } 1882 1883 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 1884 1885 if (ieee80211_radiotap_active(ic)) { 1886 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1887 1888 tap->wr_flags = 0; 1889 if (head->flags & htole16(WPI_STAT_FLAG_SHPREAMBLE)) 1890 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1891 tap->wr_dbm_antsignal = (int8_t)(stat->rssi + WPI_RSSI_OFFSET); 1892 tap->wr_dbm_antnoise = WPI_RSSI_OFFSET; 1893 tap->wr_tsft = tail->tstamp; 1894 tap->wr_antenna = (le16toh(head->flags) >> 4) & 0xf; 1895 tap->wr_rate = plcp2rate(head->plcp); 1896 } 1897 1898 WPI_UNLOCK(sc); 1899 1900 /* Send the frame to the 802.11 layer. */ 1901 if (ni != NULL) { 1902 (void)ieee80211_input(ni, m, stat->rssi, WPI_RSSI_OFFSET); 1903 /* Node is no longer needed. */ 1904 ieee80211_free_node(ni); 1905 } else 1906 (void)ieee80211_input_all(ic, m, stat->rssi, WPI_RSSI_OFFSET); 1907 1908 WPI_LOCK(sc); 1909 1910 return; 1911 1912fail2: m_freem(m); 1913 1914fail1: if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1915} 1916 1917static void 1918wpi_rx_statistics(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1919 struct wpi_rx_data *data) 1920{ 1921 /* Ignore */ 1922} 1923 1924static void 1925wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1926{ 1927 struct ifnet *ifp = sc->sc_ifp; 1928 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1929 struct wpi_tx_data *data = &ring->data[desc->idx]; 1930 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1931 struct mbuf *m; 1932 struct ieee80211_node *ni; 1933 struct ieee80211vap *vap; 1934 struct ieee80211com *ic; 1935 int ackfailcnt = stat->ackfailcnt / 2; /* wpi_mrr_setup() */ 1936 int status = le32toh(stat->status); 1937 1938 KASSERT(data->ni != NULL, ("no node")); 1939 KASSERT(data->m != NULL, ("no mbuf")); 1940 1941 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1942 1943 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: " 1944 "qid %d idx %d retries %d btkillcnt %d rate %x duration %d " 1945 "status %x\n", __func__, desc->qid, desc->idx, ackfailcnt, 1946 stat->btkillcnt, stat->rate, le32toh(stat->duration), status); 1947 1948 /* Unmap and free mbuf. */ 1949 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTWRITE); 1950 bus_dmamap_unload(ring->data_dmat, data->map); 1951 m = data->m, data->m = NULL; 1952 ni = data->ni, data->ni = NULL; 1953 vap = ni->ni_vap; 1954 ic = vap->iv_ic; 1955 1956 /* 1957 * Update rate control statistics for the node. 1958 */ 1959 WPI_UNLOCK(sc); 1960 if ((status & 0xff) != 1) { 1961 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1962 ieee80211_ratectl_tx_complete(vap, ni, 1963 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL); 1964 } else { 1965 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 1966 ieee80211_ratectl_tx_complete(vap, ni, 1967 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL); 1968 } 1969 1970 ieee80211_tx_complete(ni, m, (status & 0xff) != 1); 1971 WPI_LOCK(sc); 1972 1973 ring->queued -= 1; 1974 if (ring->queued > 0) { 1975 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, sc); 1976 1977 if (sc->qfullmsk != 0 && 1978 ring->queued < WPI_TX_RING_LOMARK) { 1979 sc->qfullmsk &= ~(1 << ring->qid); 1980 IF_LOCK(&ifp->if_snd); 1981 if (sc->qfullmsk == 0 && 1982 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) { 1983 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1984 IF_UNLOCK(&ifp->if_snd); 1985 ieee80211_runtask(ic, &sc->sc_start_task); 1986 } else 1987 IF_UNLOCK(&ifp->if_snd); 1988 } 1989 } else 1990 callout_stop(&sc->tx_timeout); 1991 1992 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1993} 1994 1995/* 1996 * Process a "command done" firmware notification. This is where we wakeup 1997 * processes waiting for a synchronous command completion. 1998 */ 1999static void 2000wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 2001{ 2002 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 2003 struct wpi_tx_data *data; 2004 2005 DPRINTF(sc, WPI_DEBUG_CMD, "cmd notification qid %x idx %d flags %x " 2006 "type %s len %d\n", desc->qid, desc->idx, 2007 desc->flags, wpi_cmd_str(desc->type), 2008 le32toh(desc->len)); 2009 2010 if ((desc->qid & WPI_RX_DESC_QID_MSK) != WPI_CMD_QUEUE_NUM) 2011 return; /* Not a command ack. */ 2012 2013 KASSERT(ring->queued == 0, ("ring->queued must be 0")); 2014 2015 data = &ring->data[desc->idx]; 2016 2017 /* If the command was mapped in an mbuf, free it. */ 2018 if (data->m != NULL) { 2019 bus_dmamap_sync(ring->data_dmat, data->map, 2020 BUS_DMASYNC_POSTWRITE); 2021 bus_dmamap_unload(ring->data_dmat, data->map); 2022 m_freem(data->m); 2023 data->m = NULL; 2024 } 2025 2026 wakeup(&ring->cmd[desc->idx]); 2027} 2028 2029static void 2030wpi_notif_intr(struct wpi_softc *sc) 2031{ 2032 struct ifnet *ifp = sc->sc_ifp; 2033 struct ieee80211com *ic = ifp->if_l2com; 2034 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2035 int hw; 2036 2037 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 2038 BUS_DMASYNC_POSTREAD); 2039 2040 hw = le32toh(sc->shared->next); 2041 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 2042 2043 while (sc->rxq.cur != hw) { 2044 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 2045 2046 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 2047 struct wpi_rx_desc *desc; 2048 2049 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2050 BUS_DMASYNC_POSTREAD); 2051 desc = mtod(data->m, struct wpi_rx_desc *); 2052 2053 DPRINTF(sc, WPI_DEBUG_NOTIFY, 2054 "%s: cur=%d; qid %x idx %d flags %x type %d(%s) len %d\n", 2055 __func__, sc->rxq.cur, desc->qid, desc->idx, desc->flags, 2056 desc->type, wpi_cmd_str(desc->type), le32toh(desc->len)); 2057 2058 if (!(desc->qid & WPI_UNSOLICITED_RX_NOTIF)) { 2059 /* Reply to a command. */ 2060 wpi_cmd_done(sc, desc); 2061 } 2062 2063 switch (desc->type) { 2064 case WPI_RX_DONE: 2065 /* An 802.11 frame has been received. */ 2066 wpi_rx_done(sc, desc, data); 2067 2068 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2069 /* wpi_stop() was called. */ 2070 return; 2071 } 2072 2073 break; 2074 2075 case WPI_TX_DONE: 2076 /* An 802.11 frame has been transmitted. */ 2077 wpi_tx_done(sc, desc); 2078 break; 2079 2080 case WPI_RX_STATISTICS: 2081 case WPI_BEACON_STATISTICS: 2082 wpi_rx_statistics(sc, desc, data); 2083 break; 2084 2085 case WPI_BEACON_MISSED: 2086 { 2087 struct wpi_beacon_missed *miss = 2088 (struct wpi_beacon_missed *)(desc + 1); 2089 int misses; 2090 2091 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2092 BUS_DMASYNC_POSTREAD); 2093 misses = le32toh(miss->consecutive); 2094 2095 DPRINTF(sc, WPI_DEBUG_STATE, 2096 "%s: beacons missed %d/%d\n", __func__, misses, 2097 le32toh(miss->total)); 2098 2099 if (vap->iv_state == IEEE80211_S_RUN && 2100 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 2101 if (misses >= vap->iv_bmissthreshold) { 2102 WPI_UNLOCK(sc); 2103 ieee80211_beacon_miss(ic); 2104 WPI_LOCK(sc); 2105 } 2106 } 2107 break; 2108 } 2109 case WPI_UC_READY: 2110 { 2111 struct wpi_ucode_info *uc = 2112 (struct wpi_ucode_info *)(desc + 1); 2113 2114 /* The microcontroller is ready. */ 2115 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2116 BUS_DMASYNC_POSTREAD); 2117 DPRINTF(sc, WPI_DEBUG_RESET, 2118 "microcode alive notification version=%d.%d " 2119 "subtype=%x alive=%x\n", uc->major, uc->minor, 2120 uc->subtype, le32toh(uc->valid)); 2121 2122 if (le32toh(uc->valid) != 1) { 2123 device_printf(sc->sc_dev, 2124 "microcontroller initialization failed\n"); 2125 wpi_stop_locked(sc); 2126 } 2127 /* Save the address of the error log in SRAM. */ 2128 sc->errptr = le32toh(uc->errptr); 2129 break; 2130 } 2131 case WPI_STATE_CHANGED: 2132 { 2133 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2134 BUS_DMASYNC_POSTREAD); 2135 2136 uint32_t *status = (uint32_t *)(desc + 1); 2137 2138 DPRINTF(sc, WPI_DEBUG_STATE, "state changed to %x\n", 2139 le32toh(*status)); 2140 2141 if (le32toh(*status) & 1) { 2142 WPI_NT_LOCK(sc); 2143 wpi_clear_node_table(sc); 2144 WPI_NT_UNLOCK(sc); 2145 ieee80211_runtask(ic, &sc->sc_radiooff_task); 2146 return; 2147 } 2148 break; 2149 } 2150 case WPI_START_SCAN: 2151 { 2152 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2153 BUS_DMASYNC_POSTREAD); 2154#ifdef WPI_DEBUG 2155 struct wpi_start_scan *scan = 2156 (struct wpi_start_scan *)(desc + 1); 2157 DPRINTF(sc, WPI_DEBUG_SCAN, 2158 "%s: scanning channel %d status %x\n", 2159 __func__, scan->chan, le32toh(scan->status)); 2160#endif 2161 break; 2162 } 2163 case WPI_STOP_SCAN: 2164 { 2165 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2166 BUS_DMASYNC_POSTREAD); 2167#ifdef WPI_DEBUG 2168 struct wpi_stop_scan *scan = 2169 (struct wpi_stop_scan *)(desc + 1); 2170 DPRINTF(sc, WPI_DEBUG_SCAN, 2171 "scan finished nchan=%d status=%d chan=%d\n", 2172 scan->nchan, scan->status, scan->chan); 2173#endif 2174 WPI_RXON_LOCK(sc); 2175 callout_stop(&sc->scan_timeout); 2176 WPI_RXON_UNLOCK(sc); 2177 WPI_UNLOCK(sc); 2178 ieee80211_scan_next(vap); 2179 WPI_LOCK(sc); 2180 break; 2181 } 2182 } 2183 } 2184 2185 /* Tell the firmware what we have processed. */ 2186 wpi_update_rx_ring(sc); 2187} 2188 2189/* 2190 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up 2191 * from power-down sleep mode. 2192 */ 2193static void 2194wpi_wakeup_intr(struct wpi_softc *sc) 2195{ 2196 int qid; 2197 2198 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 2199 "%s: ucode wakeup from power-down sleep\n", __func__); 2200 2201 /* Wakeup RX and TX rings. */ 2202 if (sc->rxq.update) { 2203 sc->rxq.update = 0; 2204 wpi_update_rx_ring(sc); 2205 } 2206 WPI_TXQ_LOCK(sc); 2207 for (qid = 0; qid < WPI_DRV_NTXQUEUES; qid++) { 2208 struct wpi_tx_ring *ring = &sc->txq[qid]; 2209 2210 if (ring->update) { 2211 ring->update = 0; 2212 wpi_update_tx_ring(sc, ring); 2213 } 2214 } 2215 WPI_TXQ_UNLOCK(sc); 2216 2217 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 2218} 2219 2220/* 2221 * This function prints firmware registers 2222 */ 2223#ifdef WPI_DEBUG 2224static void 2225wpi_debug_registers(struct wpi_softc *sc) 2226{ 2227#define COUNTOF(array) (sizeof(array) / sizeof(array[0])) 2228 int i; 2229 static const uint32_t csr_tbl[] = { 2230 WPI_HW_IF_CONFIG, 2231 WPI_INT, 2232 WPI_INT_MASK, 2233 WPI_FH_INT, 2234 WPI_GPIO_IN, 2235 WPI_RESET, 2236 WPI_GP_CNTRL, 2237 WPI_EEPROM, 2238 WPI_EEPROM_GP, 2239 WPI_GIO, 2240 WPI_UCODE_GP1, 2241 WPI_UCODE_GP2, 2242 WPI_GIO_CHICKEN, 2243 WPI_ANA_PLL, 2244 WPI_DBG_HPET_MEM, 2245 }; 2246 static const uint32_t prph_tbl[] = { 2247 WPI_APMG_CLK_CTRL, 2248 WPI_APMG_PS, 2249 WPI_APMG_PCI_STT, 2250 WPI_APMG_RFKILL, 2251 }; 2252 2253 DPRINTF(sc, WPI_DEBUG_REGISTER,"%s","\n"); 2254 2255 for (i = 0; i < COUNTOF(csr_tbl); i++) { 2256 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2257 wpi_get_csr_string(csr_tbl[i]), WPI_READ(sc, csr_tbl[i])); 2258 2259 if ((i + 1) % 2 == 0) 2260 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2261 } 2262 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n\n"); 2263 2264 if (wpi_nic_lock(sc) == 0) { 2265 for (i = 0; i < COUNTOF(prph_tbl); i++) { 2266 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2267 wpi_get_prph_string(prph_tbl[i]), 2268 wpi_prph_read(sc, prph_tbl[i])); 2269 2270 if ((i + 1) % 2 == 0) 2271 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2272 } 2273 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2274 wpi_nic_unlock(sc); 2275 } else { 2276 DPRINTF(sc, WPI_DEBUG_REGISTER, 2277 "Cannot access internal registers.\n"); 2278 } 2279#undef COUNTOF 2280} 2281#endif 2282 2283/* 2284 * Dump the error log of the firmware when a firmware panic occurs. Although 2285 * we can't debug the firmware because it is neither open source nor free, it 2286 * can help us to identify certain classes of problems. 2287 */ 2288static void 2289wpi_fatal_intr(struct wpi_softc *sc) 2290{ 2291 struct wpi_fw_dump dump; 2292 uint32_t i, offset, count; 2293 const uint32_t size_errmsg = 2294 (sizeof (wpi_fw_errmsg) / sizeof ((wpi_fw_errmsg)[0])); 2295 2296 /* Check that the error log address is valid. */ 2297 if (sc->errptr < WPI_FW_DATA_BASE || 2298 sc->errptr + sizeof (dump) > 2299 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 2300 printf("%s: bad firmware error log address 0x%08x\n", __func__, 2301 sc->errptr); 2302 return; 2303 } 2304 if (wpi_nic_lock(sc) != 0) { 2305 printf("%s: could not read firmware error log\n", __func__); 2306 return; 2307 } 2308 /* Read number of entries in the log. */ 2309 count = wpi_mem_read(sc, sc->errptr); 2310 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 2311 printf("%s: invalid count field (count = %u)\n", __func__, 2312 count); 2313 wpi_nic_unlock(sc); 2314 return; 2315 } 2316 /* Skip "count" field. */ 2317 offset = sc->errptr + sizeof (uint32_t); 2318 printf("firmware error log (count = %u):\n", count); 2319 for (i = 0; i < count; i++) { 2320 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 2321 sizeof (dump) / sizeof (uint32_t)); 2322 2323 printf(" error type = \"%s\" (0x%08X)\n", 2324 (dump.desc < size_errmsg) ? 2325 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 2326 dump.desc); 2327 printf(" error data = 0x%08X\n", 2328 dump.data); 2329 printf(" branch link = 0x%08X%08X\n", 2330 dump.blink[0], dump.blink[1]); 2331 printf(" interrupt link = 0x%08X%08X\n", 2332 dump.ilink[0], dump.ilink[1]); 2333 printf(" time = %u\n", dump.time); 2334 2335 offset += sizeof (dump); 2336 } 2337 wpi_nic_unlock(sc); 2338 /* Dump driver status (TX and RX rings) while we're here. */ 2339 printf("driver status:\n"); 2340 WPI_TXQ_LOCK(sc); 2341 for (i = 0; i < WPI_DRV_NTXQUEUES; i++) { 2342 struct wpi_tx_ring *ring = &sc->txq[i]; 2343 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 2344 i, ring->qid, ring->cur, ring->queued); 2345 } 2346 WPI_TXQ_UNLOCK(sc); 2347 printf(" rx ring: cur=%d\n", sc->rxq.cur); 2348} 2349 2350static void 2351wpi_intr(void *arg) 2352{ 2353 struct wpi_softc *sc = arg; 2354 struct ifnet *ifp = sc->sc_ifp; 2355 uint32_t r1, r2; 2356 2357 WPI_LOCK(sc); 2358 2359 /* Disable interrupts. */ 2360 WPI_WRITE(sc, WPI_INT_MASK, 0); 2361 2362 r1 = WPI_READ(sc, WPI_INT); 2363 2364 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 2365 goto end; /* Hardware gone! */ 2366 2367 r2 = WPI_READ(sc, WPI_FH_INT); 2368 2369 DPRINTF(sc, WPI_DEBUG_INTR, "%s: reg1=0x%08x reg2=0x%08x\n", __func__, 2370 r1, r2); 2371 2372 if (r1 == 0 && r2 == 0) 2373 goto done; /* Interrupt not for us. */ 2374 2375 /* Acknowledge interrupts. */ 2376 WPI_WRITE(sc, WPI_INT, r1); 2377 WPI_WRITE(sc, WPI_FH_INT, r2); 2378 2379 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 2380 struct ieee80211com *ic = ifp->if_l2com; 2381 2382 device_printf(sc->sc_dev, "fatal firmware error\n"); 2383#ifdef WPI_DEBUG 2384 wpi_debug_registers(sc); 2385#endif 2386 wpi_fatal_intr(sc); 2387 DPRINTF(sc, WPI_DEBUG_HW, 2388 "(%s)\n", (r1 & WPI_INT_SW_ERR) ? "(Software Error)" : 2389 "(Hardware Error)"); 2390 ieee80211_runtask(ic, &sc->sc_reinittask); 2391 goto end; 2392 } 2393 2394 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 2395 (r2 & WPI_FH_INT_RX)) 2396 wpi_notif_intr(sc); 2397 2398 if (r1 & WPI_INT_ALIVE) 2399 wakeup(sc); /* Firmware is alive. */ 2400 2401 if (r1 & WPI_INT_WAKEUP) 2402 wpi_wakeup_intr(sc); 2403 2404done: 2405 /* Re-enable interrupts. */ 2406 if (ifp->if_flags & IFF_UP) 2407 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 2408 2409end: WPI_UNLOCK(sc); 2410} 2411 2412static int 2413wpi_cmd2(struct wpi_softc *sc, struct wpi_buf *buf) 2414{ 2415 struct ifnet *ifp = sc->sc_ifp; 2416 struct ieee80211_frame *wh; 2417 struct wpi_tx_cmd *cmd; 2418 struct wpi_tx_data *data; 2419 struct wpi_tx_desc *desc; 2420 struct wpi_tx_ring *ring; 2421 struct mbuf *m1; 2422 bus_dma_segment_t *seg, segs[WPI_MAX_SCATTER]; 2423 int error, i, hdrlen, nsegs, totlen, pad; 2424 2425 WPI_TXQ_LOCK(sc); 2426 2427 KASSERT(buf->size <= sizeof(buf->data), ("buffer overflow")); 2428 2429 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2430 2431 if (sc->txq_active == 0) { 2432 /* wpi_stop() was called */ 2433 error = ENETDOWN; 2434 goto fail; 2435 } 2436 2437 wh = mtod(buf->m, struct ieee80211_frame *); 2438 hdrlen = ieee80211_anyhdrsize(wh); 2439 totlen = buf->m->m_pkthdr.len; 2440 2441 if (hdrlen & 3) { 2442 /* First segment length must be a multiple of 4. */ 2443 pad = 4 - (hdrlen & 3); 2444 } else 2445 pad = 0; 2446 2447 ring = &sc->txq[buf->ac]; 2448 desc = &ring->desc[ring->cur]; 2449 data = &ring->data[ring->cur]; 2450 2451 /* Prepare TX firmware command. */ 2452 cmd = &ring->cmd[ring->cur]; 2453 cmd->code = buf->code; 2454 cmd->flags = 0; 2455 cmd->qid = ring->qid; 2456 cmd->idx = ring->cur; 2457 2458 memcpy(cmd->data, buf->data, buf->size); 2459 2460 /* Save and trim IEEE802.11 header. */ 2461 memcpy((uint8_t *)(cmd->data + buf->size), wh, hdrlen); 2462 m_adj(buf->m, hdrlen); 2463 2464 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, buf->m, 2465 segs, &nsegs, BUS_DMA_NOWAIT); 2466 if (error != 0 && error != EFBIG) { 2467 device_printf(sc->sc_dev, 2468 "%s: can't map mbuf (error %d)\n", __func__, error); 2469 goto fail; 2470 } 2471 if (error != 0) { 2472 /* Too many DMA segments, linearize mbuf. */ 2473 m1 = m_collapse(buf->m, M_NOWAIT, WPI_MAX_SCATTER - 1); 2474 if (m1 == NULL) { 2475 device_printf(sc->sc_dev, 2476 "%s: could not defrag mbuf\n", __func__); 2477 error = ENOBUFS; 2478 goto fail; 2479 } 2480 buf->m = m1; 2481 2482 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, 2483 buf->m, segs, &nsegs, BUS_DMA_NOWAIT); 2484 if (error != 0) { 2485 device_printf(sc->sc_dev, 2486 "%s: can't map mbuf (error %d)\n", __func__, 2487 error); 2488 goto fail; 2489 } 2490 } 2491 2492 KASSERT(nsegs < WPI_MAX_SCATTER, 2493 ("too many DMA segments, nsegs (%d) should be less than %d", 2494 nsegs, WPI_MAX_SCATTER)); 2495 2496 data->m = buf->m; 2497 data->ni = buf->ni; 2498 2499 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n", 2500 __func__, ring->qid, ring->cur, totlen, nsegs); 2501 2502 /* Fill TX descriptor. */ 2503 desc->nsegs = WPI_PAD32(totlen + pad) << 4 | (1 + nsegs); 2504 /* First DMA segment is used by the TX command. */ 2505 desc->segs[0].addr = htole32(data->cmd_paddr); 2506 desc->segs[0].len = htole32(4 + buf->size + hdrlen + pad); 2507 /* Other DMA segments are for data payload. */ 2508 seg = &segs[0]; 2509 for (i = 1; i <= nsegs; i++) { 2510 desc->segs[i].addr = htole32(seg->ds_addr); 2511 desc->segs[i].len = htole32(seg->ds_len); 2512 seg++; 2513 } 2514 2515 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE); 2516 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2517 BUS_DMASYNC_PREWRITE); 2518 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2519 BUS_DMASYNC_PREWRITE); 2520 2521 /* Kick TX ring. */ 2522 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2523 wpi_update_tx_ring(sc, ring); 2524 2525 if (ring->qid < WPI_CMD_QUEUE_NUM) { 2526 /* Mark TX ring as full if we reach a certain threshold. */ 2527 if (++ring->queued > WPI_TX_RING_HIMARK) { 2528 sc->qfullmsk |= 1 << ring->qid; 2529 2530 IF_LOCK(&ifp->if_snd); 2531 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 2532 IF_UNLOCK(&ifp->if_snd); 2533 } 2534 2535 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, sc); 2536 } 2537 2538 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2539 2540 WPI_TXQ_UNLOCK(sc); 2541 2542 return 0; 2543 2544fail: m_freem(buf->m); 2545 2546 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2547 2548 WPI_TXQ_UNLOCK(sc); 2549 2550 return error; 2551} 2552 2553/* 2554 * Construct the data packet for a transmit buffer. 2555 */ 2556static int 2557wpi_tx_data(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2558{ 2559 const struct ieee80211_txparam *tp; 2560 struct ieee80211vap *vap = ni->ni_vap; 2561 struct ieee80211com *ic = ni->ni_ic; 2562 struct wpi_node *wn = WPI_NODE(ni); 2563 struct ieee80211_channel *chan; 2564 struct ieee80211_frame *wh; 2565 struct ieee80211_key *k = NULL; 2566 struct wpi_buf tx_data; 2567 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2568 uint32_t flags; 2569 uint16_t qos; 2570 uint8_t tid, type; 2571 int ac, error, swcrypt, rate, ismcast, totlen; 2572 2573 wh = mtod(m, struct ieee80211_frame *); 2574 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2575 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 2576 2577 /* Select EDCA Access Category and TX ring for this frame. */ 2578 if (IEEE80211_QOS_HAS_SEQ(wh)) { 2579 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0]; 2580 tid = qos & IEEE80211_QOS_TID; 2581 } else { 2582 qos = 0; 2583 tid = 0; 2584 } 2585 ac = M_WME_GETAC(m); 2586 2587 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC) ? 2588 ni->ni_chan : ic->ic_curchan; 2589 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2590 2591 /* Choose a TX rate index. */ 2592 if (type == IEEE80211_FC0_TYPE_MGT) 2593 rate = tp->mgmtrate; 2594 else if (ismcast) 2595 rate = tp->mcastrate; 2596 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2597 rate = tp->ucastrate; 2598 else if (m->m_flags & M_EAPOL) 2599 rate = tp->mgmtrate; 2600 else { 2601 /* XXX pass pktlen */ 2602 (void) ieee80211_ratectl_rate(ni, NULL, 0); 2603 rate = ni->ni_txrate; 2604 } 2605 2606 /* Encrypt the frame if need be. */ 2607 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2608 /* Retrieve key for TX. */ 2609 k = ieee80211_crypto_encap(ni, m); 2610 if (k == NULL) { 2611 error = ENOBUFS; 2612 goto fail; 2613 } 2614 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2615 2616 /* 802.11 header may have moved. */ 2617 wh = mtod(m, struct ieee80211_frame *); 2618 } 2619 totlen = m->m_pkthdr.len; 2620 2621 if (ieee80211_radiotap_active_vap(vap)) { 2622 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2623 2624 tap->wt_flags = 0; 2625 tap->wt_rate = rate; 2626 if (k != NULL) 2627 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2628 2629 ieee80211_radiotap_tx(vap, m); 2630 } 2631 2632 flags = 0; 2633 if (!ismcast) { 2634 /* Unicast frame, check if an ACK is expected. */ 2635 if (!qos || (qos & IEEE80211_QOS_ACKPOLICY) != 2636 IEEE80211_QOS_ACKPOLICY_NOACK) 2637 flags |= WPI_TX_NEED_ACK; 2638 } 2639 2640 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) 2641 flags |= WPI_TX_MORE_FRAG; /* Cannot happen yet. */ 2642 2643 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 2644 if (!ismcast) { 2645 /* NB: Group frames are sent using CCK in 802.11b/g. */ 2646 if (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) { 2647 flags |= WPI_TX_NEED_RTS; 2648 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 2649 WPI_RATE_IS_OFDM(rate)) { 2650 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 2651 flags |= WPI_TX_NEED_CTS; 2652 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 2653 flags |= WPI_TX_NEED_RTS; 2654 } 2655 2656 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2657 flags |= WPI_TX_FULL_TXOP; 2658 } 2659 2660 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2661 if (type == IEEE80211_FC0_TYPE_MGT) { 2662 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2663 2664 /* Tell HW to set timestamp in probe responses. */ 2665 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2666 flags |= WPI_TX_INSERT_TSTAMP; 2667 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2668 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2669 tx->timeout = htole16(3); 2670 else 2671 tx->timeout = htole16(2); 2672 } 2673 2674 if (ismcast || type != IEEE80211_FC0_TYPE_DATA) 2675 tx->id = WPI_ID_BROADCAST; 2676 else { 2677 if (wn->id == WPI_ID_UNDEFINED) { 2678 device_printf(sc->sc_dev, 2679 "%s: undefined node id\n", __func__); 2680 error = EINVAL; 2681 goto fail; 2682 } 2683 2684 tx->id = wn->id; 2685 } 2686 2687 if (type != IEEE80211_FC0_TYPE_MGT) 2688 tx->data_ntries = tp->maxretry; 2689 2690 if (k != NULL && !swcrypt) { 2691 switch (k->wk_cipher->ic_cipher) { 2692 case IEEE80211_CIPHER_AES_CCM: 2693 tx->security = WPI_CIPHER_CCMP; 2694 break; 2695 2696 default: 2697 break; 2698 } 2699 2700 memcpy(tx->key, k->wk_key, k->wk_keylen); 2701 } 2702 2703 tx->len = htole16(totlen); 2704 tx->flags = htole32(flags); 2705 tx->plcp = rate2plcp(rate); 2706 tx->tid = tid; 2707 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2708 tx->ofdm_mask = 0xff; 2709 tx->cck_mask = 0x0f; 2710 tx->rts_ntries = 7; 2711 2712 tx_data.ni = ni; 2713 tx_data.m = m; 2714 tx_data.size = sizeof(struct wpi_cmd_data); 2715 tx_data.code = WPI_CMD_TX_DATA; 2716 tx_data.ac = ac; 2717 2718 return wpi_cmd2(sc, &tx_data); 2719 2720fail: m_freem(m); 2721 return error; 2722} 2723 2724static int 2725wpi_tx_data_raw(struct wpi_softc *sc, struct mbuf *m, 2726 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) 2727{ 2728 struct ieee80211vap *vap = ni->ni_vap; 2729 struct ieee80211_key *k = NULL; 2730 struct ieee80211_frame *wh; 2731 struct wpi_buf tx_data; 2732 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2733 uint32_t flags; 2734 uint8_t type; 2735 int ac, rate, swcrypt, totlen; 2736 2737 wh = mtod(m, struct ieee80211_frame *); 2738 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2739 2740 ac = params->ibp_pri & 3; 2741 2742 /* Choose a TX rate index. */ 2743 rate = params->ibp_rate0; 2744 2745 flags = 0; 2746 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 2747 flags |= WPI_TX_NEED_ACK; 2748 if (params->ibp_flags & IEEE80211_BPF_RTS) 2749 flags |= WPI_TX_NEED_RTS; 2750 if (params->ibp_flags & IEEE80211_BPF_CTS) 2751 flags |= WPI_TX_NEED_CTS; 2752 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2753 flags |= WPI_TX_FULL_TXOP; 2754 2755 /* Encrypt the frame if need be. */ 2756 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { 2757 /* Retrieve key for TX. */ 2758 k = ieee80211_crypto_encap(ni, m); 2759 if (k == NULL) { 2760 m_freem(m); 2761 return ENOBUFS; 2762 } 2763 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2764 2765 /* 802.11 header may have moved. */ 2766 wh = mtod(m, struct ieee80211_frame *); 2767 } 2768 totlen = m->m_pkthdr.len; 2769 2770 if (ieee80211_radiotap_active_vap(vap)) { 2771 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2772 2773 tap->wt_flags = 0; 2774 tap->wt_rate = rate; 2775 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) 2776 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2777 2778 ieee80211_radiotap_tx(vap, m); 2779 } 2780 2781 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2782 if (type == IEEE80211_FC0_TYPE_MGT) { 2783 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2784 2785 /* Tell HW to set timestamp in probe responses. */ 2786 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2787 flags |= WPI_TX_INSERT_TSTAMP; 2788 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2789 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2790 tx->timeout = htole16(3); 2791 else 2792 tx->timeout = htole16(2); 2793 } 2794 2795 if (k != NULL && !swcrypt) { 2796 switch (k->wk_cipher->ic_cipher) { 2797 case IEEE80211_CIPHER_AES_CCM: 2798 tx->security = WPI_CIPHER_CCMP; 2799 break; 2800 2801 default: 2802 break; 2803 } 2804 2805 memcpy(tx->key, k->wk_key, k->wk_keylen); 2806 } 2807 2808 tx->len = htole16(totlen); 2809 tx->flags = htole32(flags); 2810 tx->plcp = rate2plcp(rate); 2811 tx->id = WPI_ID_BROADCAST; 2812 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2813 tx->rts_ntries = params->ibp_try1; 2814 tx->data_ntries = params->ibp_try0; 2815 2816 tx_data.ni = ni; 2817 tx_data.m = m; 2818 tx_data.size = sizeof(struct wpi_cmd_data); 2819 tx_data.code = WPI_CMD_TX_DATA; 2820 tx_data.ac = ac; 2821 2822 return wpi_cmd2(sc, &tx_data); 2823} 2824 2825static int 2826wpi_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 2827 const struct ieee80211_bpf_params *params) 2828{ 2829 struct ieee80211com *ic = ni->ni_ic; 2830 struct ifnet *ifp = ic->ic_ifp; 2831 struct wpi_softc *sc = ifp->if_softc; 2832 int error = 0; 2833 2834 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2835 2836 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2837 ieee80211_free_node(ni); 2838 m_freem(m); 2839 return ENETDOWN; 2840 } 2841 2842 WPI_LOCK(sc); 2843 if (params == NULL) { 2844 /* 2845 * Legacy path; interpret frame contents to decide 2846 * precisely how to send the frame. 2847 */ 2848 error = wpi_tx_data(sc, m, ni); 2849 } else { 2850 /* 2851 * Caller supplied explicit parameters to use in 2852 * sending the frame. 2853 */ 2854 error = wpi_tx_data_raw(sc, m, ni, params); 2855 } 2856 WPI_UNLOCK(sc); 2857 2858 if (error != 0) { 2859 /* NB: m is reclaimed on tx failure */ 2860 ieee80211_free_node(ni); 2861 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2862 2863 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2864 2865 return error; 2866 } 2867 2868 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2869 2870 return 0; 2871} 2872 2873/** 2874 * Process data waiting to be sent on the IFNET output queue 2875 */ 2876static void 2877wpi_start(struct ifnet *ifp) 2878{ 2879 struct wpi_softc *sc = ifp->if_softc; 2880 struct ieee80211_node *ni; 2881 struct mbuf *m; 2882 2883 WPI_LOCK(sc); 2884 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: called\n", __func__); 2885 2886 for (;;) { 2887 IF_LOCK(&ifp->if_snd); 2888 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 || 2889 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) { 2890 IF_UNLOCK(&ifp->if_snd); 2891 break; 2892 } 2893 IF_UNLOCK(&ifp->if_snd); 2894 2895 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 2896 if (m == NULL) 2897 break; 2898 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 2899 if (wpi_tx_data(sc, m, ni) != 0) { 2900 WPI_UNLOCK(sc); 2901 ieee80211_free_node(ni); 2902 WPI_LOCK(sc); 2903 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2904 } 2905 } 2906 2907 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: done\n", __func__); 2908 WPI_UNLOCK(sc); 2909} 2910 2911static void 2912wpi_start_task(void *arg0, int pending) 2913{ 2914 struct wpi_softc *sc = arg0; 2915 struct ifnet *ifp = sc->sc_ifp; 2916 2917 wpi_start(ifp); 2918} 2919 2920static void 2921wpi_watchdog_rfkill(void *arg) 2922{ 2923 struct wpi_softc *sc = arg; 2924 struct ifnet *ifp = sc->sc_ifp; 2925 struct ieee80211com *ic = ifp->if_l2com; 2926 2927 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "RFkill Watchdog: tick\n"); 2928 2929 /* No need to lock firmware memory. */ 2930 if ((wpi_prph_read(sc, WPI_APMG_RFKILL) & 0x1) == 0) { 2931 /* Radio kill switch is still off. */ 2932 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 2933 sc); 2934 } else 2935 ieee80211_runtask(ic, &sc->sc_radioon_task); 2936} 2937 2938static void 2939wpi_scan_timeout(void *arg) 2940{ 2941 struct wpi_softc *sc = arg; 2942 struct ifnet *ifp = sc->sc_ifp; 2943 struct ieee80211com *ic = ifp->if_l2com; 2944 2945 if_printf(ifp, "scan timeout\n"); 2946 ieee80211_runtask(ic, &sc->sc_reinittask); 2947} 2948 2949static void 2950wpi_tx_timeout(void *arg) 2951{ 2952 struct wpi_softc *sc = arg; 2953 struct ifnet *ifp = sc->sc_ifp; 2954 struct ieee80211com *ic = ifp->if_l2com; 2955 2956 if_printf(ifp, "device timeout\n"); 2957 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2958 ieee80211_runtask(ic, &sc->sc_reinittask); 2959} 2960 2961static int 2962wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2963{ 2964 struct wpi_softc *sc = ifp->if_softc; 2965 struct ieee80211com *ic = ifp->if_l2com; 2966 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2967 struct ifreq *ifr = (struct ifreq *) data; 2968 int error = 0; 2969 2970 switch (cmd) { 2971 case SIOCGIFADDR: 2972 error = ether_ioctl(ifp, cmd, data); 2973 break; 2974 case SIOCSIFFLAGS: 2975 if (ifp->if_flags & IFF_UP) { 2976 wpi_init(sc); 2977 2978 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 && 2979 vap != NULL) 2980 ieee80211_stop(vap); 2981 } else if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) 2982 wpi_stop(sc); 2983 break; 2984 case SIOCGIFMEDIA: 2985 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 2986 break; 2987 default: 2988 error = EINVAL; 2989 break; 2990 } 2991 return error; 2992} 2993 2994/* 2995 * Send a command to the firmware. 2996 */ 2997static int 2998wpi_cmd(struct wpi_softc *sc, int code, const void *buf, size_t size, 2999 int async) 3000{ 3001 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 3002 struct wpi_tx_desc *desc; 3003 struct wpi_tx_data *data; 3004 struct wpi_tx_cmd *cmd; 3005 struct mbuf *m; 3006 bus_addr_t paddr; 3007 int totlen, error; 3008 3009 WPI_TXQ_LOCK(sc); 3010 3011 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3012 3013 if (sc->txq_active == 0) { 3014 /* wpi_stop() was called */ 3015 error = 0; 3016 goto fail; 3017 } 3018 3019 if (async == 0) 3020 WPI_LOCK_ASSERT(sc); 3021 3022 DPRINTF(sc, WPI_DEBUG_CMD, "%s: cmd %s size %zu async %d\n", 3023 __func__, wpi_cmd_str(code), size, async); 3024 3025 desc = &ring->desc[ring->cur]; 3026 data = &ring->data[ring->cur]; 3027 totlen = 4 + size; 3028 3029 if (size > sizeof cmd->data) { 3030 /* Command is too large to fit in a descriptor. */ 3031 if (totlen > MCLBYTES) { 3032 error = EINVAL; 3033 goto fail; 3034 } 3035 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 3036 if (m == NULL) { 3037 error = ENOMEM; 3038 goto fail; 3039 } 3040 cmd = mtod(m, struct wpi_tx_cmd *); 3041 error = bus_dmamap_load(ring->data_dmat, data->map, cmd, 3042 totlen, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 3043 if (error != 0) { 3044 m_freem(m); 3045 goto fail; 3046 } 3047 data->m = m; 3048 } else { 3049 cmd = &ring->cmd[ring->cur]; 3050 paddr = data->cmd_paddr; 3051 } 3052 3053 cmd->code = code; 3054 cmd->flags = 0; 3055 cmd->qid = ring->qid; 3056 cmd->idx = ring->cur; 3057 memcpy(cmd->data, buf, size); 3058 3059 desc->nsegs = 1 + (WPI_PAD32(size) << 4); 3060 desc->segs[0].addr = htole32(paddr); 3061 desc->segs[0].len = htole32(totlen); 3062 3063 if (size > sizeof cmd->data) { 3064 bus_dmamap_sync(ring->data_dmat, data->map, 3065 BUS_DMASYNC_PREWRITE); 3066 } else { 3067 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 3068 BUS_DMASYNC_PREWRITE); 3069 } 3070 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3071 BUS_DMASYNC_PREWRITE); 3072 3073 /* Kick command ring. */ 3074 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 3075 wpi_update_tx_ring(sc, ring); 3076 3077 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3078 3079 WPI_TXQ_UNLOCK(sc); 3080 3081 if (async) 3082 return 0; 3083 3084 return mtx_sleep(cmd, &sc->sc_mtx, PCATCH, "wpicmd", hz); 3085 3086fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3087 3088 WPI_TXQ_UNLOCK(sc); 3089 3090 return error; 3091} 3092 3093/* 3094 * Configure HW multi-rate retries. 3095 */ 3096static int 3097wpi_mrr_setup(struct wpi_softc *sc) 3098{ 3099 struct ifnet *ifp = sc->sc_ifp; 3100 struct ieee80211com *ic = ifp->if_l2com; 3101 struct wpi_mrr_setup mrr; 3102 int i, error; 3103 3104 /* CCK rates (not used with 802.11a). */ 3105 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 3106 mrr.rates[i].flags = 0; 3107 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3108 /* Fallback to the immediate lower CCK rate (if any.) */ 3109 mrr.rates[i].next = 3110 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 3111 /* Try one time at this rate before falling back to "next". */ 3112 mrr.rates[i].ntries = 1; 3113 } 3114 /* OFDM rates (not used with 802.11b). */ 3115 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 3116 mrr.rates[i].flags = 0; 3117 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3118 /* Fallback to the immediate lower rate (if any.) */ 3119 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 3120 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 3121 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 3122 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 3123 i - 1; 3124 /* Try one time at this rate before falling back to "next". */ 3125 mrr.rates[i].ntries = 1; 3126 } 3127 /* Setup MRR for control frames. */ 3128 mrr.which = htole32(WPI_MRR_CTL); 3129 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3130 if (error != 0) { 3131 device_printf(sc->sc_dev, 3132 "could not setup MRR for control frames\n"); 3133 return error; 3134 } 3135 /* Setup MRR for data frames. */ 3136 mrr.which = htole32(WPI_MRR_DATA); 3137 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3138 if (error != 0) { 3139 device_printf(sc->sc_dev, 3140 "could not setup MRR for data frames\n"); 3141 return error; 3142 } 3143 return 0; 3144} 3145 3146static int 3147wpi_add_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3148{ 3149 struct ieee80211com *ic = ni->ni_ic; 3150 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap); 3151 struct wpi_node *wn = WPI_NODE(ni); 3152 struct wpi_node_info node; 3153 int error; 3154 3155 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3156 3157 if (wn->id == WPI_ID_UNDEFINED) 3158 return EINVAL; 3159 3160 memset(&node, 0, sizeof node); 3161 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3162 node.id = wn->id; 3163 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3164 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3165 node.action = htole32(WPI_ACTION_SET_RATE); 3166 node.antenna = WPI_ANTENNA_BOTH; 3167 3168 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding node %d (%s)\n", __func__, 3169 wn->id, ether_sprintf(ni->ni_macaddr)); 3170 3171 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 3172 if (error != 0) { 3173 device_printf(sc->sc_dev, 3174 "%s: wpi_cmd() call failed with error code %d\n", __func__, 3175 error); 3176 return error; 3177 } 3178 3179 if (wvp->wv_gtk != 0) { 3180 error = wpi_set_global_keys(ni); 3181 if (error != 0) { 3182 device_printf(sc->sc_dev, 3183 "%s: error while setting global keys\n", __func__); 3184 return ENXIO; 3185 } 3186 } 3187 3188 return 0; 3189} 3190 3191/* 3192 * Broadcast node is used to send group-addressed and management frames. 3193 */ 3194static int 3195wpi_add_broadcast_node(struct wpi_softc *sc, int async) 3196{ 3197 struct ifnet *ifp = sc->sc_ifp; 3198 struct ieee80211com *ic = ifp->if_l2com; 3199 struct wpi_node_info node; 3200 3201 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3202 3203 memset(&node, 0, sizeof node); 3204 IEEE80211_ADDR_COPY(node.macaddr, ifp->if_broadcastaddr); 3205 node.id = WPI_ID_BROADCAST; 3206 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3207 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3208 node.action = htole32(WPI_ACTION_SET_RATE); 3209 node.antenna = WPI_ANTENNA_BOTH; 3210 3211 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding broadcast node\n", __func__); 3212 3213 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, async); 3214} 3215 3216static int 3217wpi_add_sta_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3218{ 3219 struct wpi_node *wn = WPI_NODE(ni); 3220 int error; 3221 3222 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3223 3224 wn->id = wpi_add_node_entry_sta(sc); 3225 3226 if ((error = wpi_add_node(sc, ni)) != 0) { 3227 wpi_del_node_entry(sc, wn->id); 3228 wn->id = WPI_ID_UNDEFINED; 3229 return error; 3230 } 3231 3232 return 0; 3233} 3234 3235static int 3236wpi_add_ibss_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3237{ 3238 struct wpi_node *wn = WPI_NODE(ni); 3239 int error; 3240 3241 KASSERT(wn->id == WPI_ID_UNDEFINED, 3242 ("the node %d was added before", wn->id)); 3243 3244 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3245 3246 if ((wn->id = wpi_add_node_entry_adhoc(sc)) == WPI_ID_UNDEFINED) { 3247 device_printf(sc->sc_dev, "%s: h/w table is full\n", __func__); 3248 return ENOMEM; 3249 } 3250 3251 if ((error = wpi_add_node(sc, ni)) != 0) { 3252 wpi_del_node_entry(sc, wn->id); 3253 wn->id = WPI_ID_UNDEFINED; 3254 return error; 3255 } 3256 3257 return 0; 3258} 3259 3260static void 3261wpi_del_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3262{ 3263 struct wpi_node *wn = WPI_NODE(ni); 3264 struct wpi_cmd_del_node node; 3265 int error; 3266 3267 KASSERT(wn->id != WPI_ID_UNDEFINED, ("undefined node id passed")); 3268 3269 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3270 3271 memset(&node, 0, sizeof node); 3272 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3273 node.count = 1; 3274 3275 DPRINTF(sc, WPI_DEBUG_NODE, "%s: deleting node %d (%s)\n", __func__, 3276 wn->id, ether_sprintf(ni->ni_macaddr)); 3277 3278 error = wpi_cmd(sc, WPI_CMD_DEL_NODE, &node, sizeof node, 1); 3279 if (error != 0) { 3280 device_printf(sc->sc_dev, 3281 "%s: could not delete node %u, error %d\n", __func__, 3282 wn->id, error); 3283 } 3284} 3285 3286static int 3287wpi_updateedca(struct ieee80211com *ic) 3288{ 3289#define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 3290 struct wpi_softc *sc = ic->ic_ifp->if_softc; 3291 struct wpi_edca_params cmd; 3292 int aci, error; 3293 3294 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3295 3296 memset(&cmd, 0, sizeof cmd); 3297 cmd.flags = htole32(WPI_EDCA_UPDATE); 3298 for (aci = 0; aci < WME_NUM_AC; aci++) { 3299 const struct wmeParams *ac = 3300 &ic->ic_wme.wme_chanParams.cap_wmeParams[aci]; 3301 cmd.ac[aci].aifsn = ac->wmep_aifsn; 3302 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->wmep_logcwmin)); 3303 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->wmep_logcwmax)); 3304 cmd.ac[aci].txoplimit = 3305 htole16(IEEE80211_TXOP_TO_US(ac->wmep_txopLimit)); 3306 3307 DPRINTF(sc, WPI_DEBUG_EDCA, 3308 "setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 3309 "txoplimit=%d\n", aci, cmd.ac[aci].aifsn, 3310 cmd.ac[aci].cwmin, cmd.ac[aci].cwmax, 3311 cmd.ac[aci].txoplimit); 3312 } 3313 error = wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 3314 3315 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3316 3317 return error; 3318#undef WPI_EXP2 3319} 3320 3321static void 3322wpi_set_promisc(struct wpi_softc *sc) 3323{ 3324 struct ifnet *ifp = sc->sc_ifp; 3325 struct ieee80211com *ic = ifp->if_l2com; 3326 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3327 uint32_t promisc_filter; 3328 3329 promisc_filter = WPI_FILTER_CTL; 3330 if (vap != NULL && vap->iv_opmode != IEEE80211_M_HOSTAP) 3331 promisc_filter |= WPI_FILTER_PROMISC; 3332 3333 if (ifp->if_flags & IFF_PROMISC) 3334 sc->rxon.filter |= htole32(promisc_filter); 3335 else 3336 sc->rxon.filter &= ~htole32(promisc_filter); 3337} 3338 3339static void 3340wpi_update_promisc(struct ifnet *ifp) 3341{ 3342 struct wpi_softc *sc = ifp->if_softc; 3343 3344 WPI_RXON_LOCK(sc); 3345 wpi_set_promisc(sc); 3346 3347 if (wpi_send_rxon(sc, 1, 1) != 0) { 3348 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3349 __func__); 3350 } 3351 WPI_RXON_UNLOCK(sc); 3352} 3353 3354static void 3355wpi_update_mcast(struct ifnet *ifp) 3356{ 3357 /* Ignore */ 3358} 3359 3360static void 3361wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 3362{ 3363 struct wpi_cmd_led led; 3364 3365 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3366 3367 led.which = which; 3368 led.unit = htole32(100000); /* on/off in unit of 100ms */ 3369 led.off = off; 3370 led.on = on; 3371 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 3372} 3373 3374static int 3375wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 3376{ 3377 struct wpi_cmd_timing cmd; 3378 uint64_t val, mod; 3379 3380 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3381 3382 memset(&cmd, 0, sizeof cmd); 3383 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t)); 3384 cmd.bintval = htole16(ni->ni_intval); 3385 cmd.lintval = htole16(10); 3386 3387 /* Compute remaining time until next beacon. */ 3388 val = (uint64_t)ni->ni_intval * IEEE80211_DUR_TU; 3389 mod = le64toh(cmd.tstamp) % val; 3390 cmd.binitval = htole32((uint32_t)(val - mod)); 3391 3392 DPRINTF(sc, WPI_DEBUG_RESET, "timing bintval=%u tstamp=%ju, init=%u\n", 3393 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod)); 3394 3395 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 3396} 3397 3398/* 3399 * This function is called periodically (every 60 seconds) to adjust output 3400 * power to temperature changes. 3401 */ 3402static void 3403wpi_power_calibration(struct wpi_softc *sc) 3404{ 3405 int temp; 3406 3407 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3408 3409 /* Update sensor data. */ 3410 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 3411 DPRINTF(sc, WPI_DEBUG_TEMP, "Temp in calibration is: %d\n", temp); 3412 3413 /* Sanity-check read value. */ 3414 if (temp < -260 || temp > 25) { 3415 /* This can't be correct, ignore. */ 3416 DPRINTF(sc, WPI_DEBUG_TEMP, 3417 "out-of-range temperature reported: %d\n", temp); 3418 return; 3419 } 3420 3421 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d->%d\n", sc->temp, temp); 3422 3423 /* Adjust Tx power if need be. */ 3424 if (abs(temp - sc->temp) <= 6) 3425 return; 3426 3427 sc->temp = temp; 3428 3429 if (wpi_set_txpower(sc, 1) != 0) { 3430 /* just warn, too bad for the automatic calibration... */ 3431 device_printf(sc->sc_dev,"could not adjust Tx power\n"); 3432 } 3433} 3434 3435/* 3436 * Set TX power for current channel. 3437 */ 3438static int 3439wpi_set_txpower(struct wpi_softc *sc, int async) 3440{ 3441 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3442 struct ieee80211_channel *ch; 3443 struct wpi_power_group *group; 3444 struct wpi_cmd_txpower cmd; 3445 uint8_t chan; 3446 int idx, i; 3447 3448 /* Retrieve current channel from last RXON. */ 3449 chan = sc->rxon.chan; 3450 ch = &ic->ic_channels[chan]; 3451 3452 /* Find the TX power group to which this channel belongs. */ 3453 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3454 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 3455 if (chan <= group->chan) 3456 break; 3457 } else 3458 group = &sc->groups[0]; 3459 3460 memset(&cmd, 0, sizeof cmd); 3461 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 3462 cmd.chan = htole16(chan); 3463 3464 /* Set TX power for all OFDM and CCK rates. */ 3465 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 3466 /* Retrieve TX power for this channel/rate. */ 3467 idx = wpi_get_power_index(sc, group, ch, i); 3468 3469 cmd.rates[i].plcp = wpi_ridx_to_plcp[i]; 3470 3471 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3472 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 3473 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 3474 } else { 3475 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 3476 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 3477 } 3478 DPRINTF(sc, WPI_DEBUG_TEMP, 3479 "chan %d/ridx %d: power index %d\n", chan, i, idx); 3480 } 3481 3482 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 3483} 3484 3485/* 3486 * Determine Tx power index for a given channel/rate combination. 3487 * This takes into account the regulatory information from EEPROM and the 3488 * current temperature. 3489 */ 3490static int 3491wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 3492 struct ieee80211_channel *c, int ridx) 3493{ 3494/* Fixed-point arithmetic division using a n-bit fractional part. */ 3495#define fdivround(a, b, n) \ 3496 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 3497 3498/* Linear interpolation. */ 3499#define interpolate(x, x1, y1, x2, y2, n) \ 3500 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 3501 3502 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3503 struct wpi_power_sample *sample; 3504 int pwr, idx; 3505 u_int chan; 3506 3507 /* Get channel number. */ 3508 chan = ieee80211_chan2ieee(ic, c); 3509 3510 /* Default TX power is group maximum TX power minus 3dB. */ 3511 pwr = group->maxpwr / 2; 3512 3513 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 3514 switch (ridx) { 3515 case WPI_RIDX_OFDM36: 3516 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 3517 break; 3518 case WPI_RIDX_OFDM48: 3519 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 3520 break; 3521 case WPI_RIDX_OFDM54: 3522 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 3523 break; 3524 } 3525 3526 /* Never exceed the channel maximum allowed TX power. */ 3527 pwr = min(pwr, sc->maxpwr[chan]); 3528 3529 /* Retrieve TX power index into gain tables from samples. */ 3530 for (sample = group->samples; sample < &group->samples[3]; sample++) 3531 if (pwr > sample[1].power) 3532 break; 3533 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 3534 idx = interpolate(pwr, sample[0].power, sample[0].index, 3535 sample[1].power, sample[1].index, 19); 3536 3537 /*- 3538 * Adjust power index based on current temperature: 3539 * - if cooler than factory-calibrated: decrease output power 3540 * - if warmer than factory-calibrated: increase output power 3541 */ 3542 idx -= (sc->temp - group->temp) * 11 / 100; 3543 3544 /* Decrease TX power for CCK rates (-5dB). */ 3545 if (ridx >= WPI_RIDX_CCK1) 3546 idx += 10; 3547 3548 /* Make sure idx stays in a valid range. */ 3549 if (idx < 0) 3550 return 0; 3551 if (idx > WPI_MAX_PWR_INDEX) 3552 return WPI_MAX_PWR_INDEX; 3553 return idx; 3554 3555#undef interpolate 3556#undef fdivround 3557} 3558 3559/* 3560 * Set STA mode power saving level (between 0 and 5). 3561 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 3562 */ 3563static int 3564wpi_set_pslevel(struct wpi_softc *sc, uint8_t dtim, int level, int async) 3565{ 3566 struct wpi_pmgt_cmd cmd; 3567 const struct wpi_pmgt *pmgt; 3568 uint32_t max, skip_dtim; 3569 uint32_t reg; 3570 int i; 3571 3572 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 3573 "%s: dtim=%d, level=%d, async=%d\n", 3574 __func__, dtim, level, async); 3575 3576 /* Select which PS parameters to use. */ 3577 if (dtim <= 10) 3578 pmgt = &wpi_pmgt[0][level]; 3579 else 3580 pmgt = &wpi_pmgt[1][level]; 3581 3582 memset(&cmd, 0, sizeof cmd); 3583 if (level != 0) /* not CAM */ 3584 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 3585 /* Retrieve PCIe Active State Power Management (ASPM). */ 3586 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 3587 if (!(reg & 0x1)) /* L0s Entry disabled. */ 3588 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 3589 3590 cmd.rxtimeout = htole32(pmgt->rxtimeout * IEEE80211_DUR_TU); 3591 cmd.txtimeout = htole32(pmgt->txtimeout * IEEE80211_DUR_TU); 3592 3593 if (dtim == 0) { 3594 dtim = 1; 3595 skip_dtim = 0; 3596 } else 3597 skip_dtim = pmgt->skip_dtim; 3598 3599 if (skip_dtim != 0) { 3600 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 3601 max = pmgt->intval[4]; 3602 if (max == (uint32_t)-1) 3603 max = dtim * (skip_dtim + 1); 3604 else if (max > dtim) 3605 max = (max / dtim) * dtim; 3606 } else 3607 max = dtim; 3608 3609 for (i = 0; i < 5; i++) 3610 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 3611 3612 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 3613} 3614 3615static int 3616wpi_send_btcoex(struct wpi_softc *sc) 3617{ 3618 struct wpi_bluetooth cmd; 3619 3620 memset(&cmd, 0, sizeof cmd); 3621 cmd.flags = WPI_BT_COEX_MODE_4WIRE; 3622 cmd.lead_time = WPI_BT_LEAD_TIME_DEF; 3623 cmd.max_kill = WPI_BT_MAX_KILL_DEF; 3624 DPRINTF(sc, WPI_DEBUG_RESET, "%s: configuring bluetooth coexistence\n", 3625 __func__); 3626 return wpi_cmd(sc, WPI_CMD_BT_COEX, &cmd, sizeof(cmd), 0); 3627} 3628 3629static int 3630wpi_send_rxon(struct wpi_softc *sc, int assoc, int async) 3631{ 3632 int error; 3633 3634 if (async) 3635 WPI_RXON_LOCK_ASSERT(sc); 3636 3637 if (assoc && (sc->rxon.filter & htole32(WPI_FILTER_BSS))) { 3638 struct wpi_assoc rxon_assoc; 3639 3640 rxon_assoc.flags = sc->rxon.flags; 3641 rxon_assoc.filter = sc->rxon.filter; 3642 rxon_assoc.ofdm_mask = sc->rxon.ofdm_mask; 3643 rxon_assoc.cck_mask = sc->rxon.cck_mask; 3644 rxon_assoc.reserved = 0; 3645 3646 error = wpi_cmd(sc, WPI_CMD_RXON_ASSOC, &rxon_assoc, 3647 sizeof (struct wpi_assoc), async); 3648 if (error != 0) { 3649 device_printf(sc->sc_dev, 3650 "RXON_ASSOC command failed, error %d\n", error); 3651 return error; 3652 } 3653 } else { 3654 if (async) { 3655 WPI_NT_LOCK(sc); 3656 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3657 sizeof (struct wpi_rxon), async); 3658 if (error == 0) 3659 wpi_clear_node_table(sc); 3660 WPI_NT_UNLOCK(sc); 3661 } else { 3662 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3663 sizeof (struct wpi_rxon), async); 3664 if (error == 0) 3665 wpi_clear_node_table(sc); 3666 } 3667 3668 if (error != 0) { 3669 device_printf(sc->sc_dev, 3670 "RXON command failed, error %d\n", error); 3671 return error; 3672 } 3673 3674 /* Add broadcast node. */ 3675 error = wpi_add_broadcast_node(sc, async); 3676 if (error != 0) { 3677 device_printf(sc->sc_dev, 3678 "could not add broadcast node, error %d\n", error); 3679 return error; 3680 } 3681 } 3682 3683 /* Configuration has changed, set Tx power accordingly. */ 3684 if ((error = wpi_set_txpower(sc, async)) != 0) { 3685 device_printf(sc->sc_dev, 3686 "%s: could not set TX power, error %d\n", __func__, error); 3687 return error; 3688 } 3689 3690 return 0; 3691} 3692 3693/** 3694 * Configure the card to listen to a particular channel, this transisions the 3695 * card in to being able to receive frames from remote devices. 3696 */ 3697static int 3698wpi_config(struct wpi_softc *sc) 3699{ 3700 struct ifnet *ifp = sc->sc_ifp; 3701 struct ieee80211com *ic = ifp->if_l2com; 3702 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3703 uint32_t flags; 3704 int error; 3705 3706 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3707 3708 /* Set power saving level to CAM during initialization. */ 3709 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 3710 device_printf(sc->sc_dev, 3711 "%s: could not set power saving level\n", __func__); 3712 return error; 3713 } 3714 3715 /* Configure bluetooth coexistence. */ 3716 if ((error = wpi_send_btcoex(sc)) != 0) { 3717 device_printf(sc->sc_dev, 3718 "could not configure bluetooth coexistence\n"); 3719 return error; 3720 } 3721 3722 /* Configure adapter. */ 3723 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 3724 IEEE80211_ADDR_COPY(sc->rxon.myaddr, vap->iv_myaddr); 3725 3726 /* Set default channel. */ 3727 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 3728 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 3729 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) 3730 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 3731 3732 sc->rxon.filter = WPI_FILTER_MULTICAST; 3733 switch (ic->ic_opmode) { 3734 case IEEE80211_M_STA: 3735 sc->rxon.mode = WPI_MODE_STA; 3736 break; 3737 case IEEE80211_M_IBSS: 3738 sc->rxon.mode = WPI_MODE_IBSS; 3739 sc->rxon.filter |= WPI_FILTER_BEACON; 3740 break; 3741 case IEEE80211_M_HOSTAP: 3742 /* XXX workaround for beaconing */ 3743 sc->rxon.mode = WPI_MODE_IBSS; 3744 sc->rxon.filter |= WPI_FILTER_ASSOC | WPI_FILTER_PROMISC; 3745 break; 3746 case IEEE80211_M_AHDEMO: 3747 /* XXX workaround for passive channels selection */ 3748 sc->rxon.mode = WPI_MODE_HOSTAP; 3749 break; 3750 case IEEE80211_M_MONITOR: 3751 sc->rxon.mode = WPI_MODE_MONITOR; 3752 break; 3753 default: 3754 device_printf(sc->sc_dev, "unknown opmode %d\n", 3755 ic->ic_opmode); 3756 return EINVAL; 3757 } 3758 sc->rxon.filter = htole32(sc->rxon.filter); 3759 wpi_set_promisc(sc); 3760 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 3761 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 3762 3763 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) { 3764 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3765 __func__); 3766 return error; 3767 } 3768 3769 /* Setup rate scalling. */ 3770 if ((error = wpi_mrr_setup(sc)) != 0) { 3771 device_printf(sc->sc_dev, "could not setup MRR, error %d\n", 3772 error); 3773 return error; 3774 } 3775 3776 /* Disable beacon notifications (unused). */ 3777 flags = WPI_STATISTICS_BEACON_DISABLE; 3778 error = wpi_cmd(sc, WPI_CMD_GET_STATISTICS, &flags, sizeof flags, 1); 3779 if (error != 0) { 3780 device_printf(sc->sc_dev, 3781 "could not disable beacon statistics, error %d\n", error); 3782 return error; 3783 } 3784 3785 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3786 3787 return 0; 3788} 3789 3790static uint16_t 3791wpi_get_active_dwell_time(struct wpi_softc *sc, 3792 struct ieee80211_channel *c, uint8_t n_probes) 3793{ 3794 /* No channel? Default to 2GHz settings. */ 3795 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) { 3796 return (WPI_ACTIVE_DWELL_TIME_2GHZ + 3797 WPI_ACTIVE_DWELL_FACTOR_2GHZ * (n_probes + 1)); 3798 } 3799 3800 /* 5GHz dwell time. */ 3801 return (WPI_ACTIVE_DWELL_TIME_5GHZ + 3802 WPI_ACTIVE_DWELL_FACTOR_5GHZ * (n_probes + 1)); 3803} 3804 3805/* 3806 * Limit the total dwell time to 85% of the beacon interval. 3807 * 3808 * Returns the dwell time in milliseconds. 3809 */ 3810static uint16_t 3811wpi_limit_dwell(struct wpi_softc *sc, uint16_t dwell_time) 3812{ 3813 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3814 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3815 int bintval = 0; 3816 3817 /* bintval is in TU (1.024mS) */ 3818 if (vap != NULL) 3819 bintval = vap->iv_bss->ni_intval; 3820 3821 /* 3822 * If it's non-zero, we should calculate the minimum of 3823 * it and the DWELL_BASE. 3824 * 3825 * XXX Yes, the math should take into account that bintval 3826 * is 1.024mS, not 1mS.. 3827 */ 3828 if (bintval > 0) { 3829 DPRINTF(sc, WPI_DEBUG_SCAN, "%s: bintval=%d\n", __func__, 3830 bintval); 3831 return (MIN(WPI_PASSIVE_DWELL_BASE, ((bintval * 85) / 100))); 3832 } 3833 3834 /* No association context? Default. */ 3835 return (WPI_PASSIVE_DWELL_BASE); 3836} 3837 3838static uint16_t 3839wpi_get_passive_dwell_time(struct wpi_softc *sc, struct ieee80211_channel *c) 3840{ 3841 uint16_t passive; 3842 3843 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) 3844 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_2GHZ; 3845 else 3846 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_5GHZ; 3847 3848 /* Clamp to the beacon interval if we're associated. */ 3849 return (wpi_limit_dwell(sc, passive)); 3850} 3851 3852/* 3853 * Send a scan request to the firmware. 3854 */ 3855static int 3856wpi_scan(struct wpi_softc *sc, struct ieee80211_channel *c) 3857{ 3858 struct ifnet *ifp = sc->sc_ifp; 3859 struct ieee80211com *ic = ifp->if_l2com; 3860 struct ieee80211_scan_state *ss = ic->ic_scan; 3861 struct ieee80211vap *vap = ss->ss_vap; 3862 struct wpi_scan_hdr *hdr; 3863 struct wpi_cmd_data *tx; 3864 struct wpi_scan_essid *essids; 3865 struct wpi_scan_chan *chan; 3866 struct ieee80211_frame *wh; 3867 struct ieee80211_rateset *rs; 3868 uint16_t dwell_active, dwell_passive; 3869 uint8_t *buf, *frm; 3870 int buflen, error, i, nssid; 3871 3872 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3873 3874 /* 3875 * We are absolutely not allowed to send a scan command when another 3876 * scan command is pending. 3877 */ 3878 if (callout_pending(&sc->scan_timeout)) { 3879 device_printf(sc->sc_dev, "%s: called whilst scanning!\n", 3880 __func__); 3881 3882 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3883 3884 return (EAGAIN); 3885 } 3886 3887 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 3888 if (buf == NULL) { 3889 device_printf(sc->sc_dev, 3890 "%s: could not allocate buffer for scan command\n", 3891 __func__); 3892 error = ENOMEM; 3893 goto fail; 3894 } 3895 hdr = (struct wpi_scan_hdr *)buf; 3896 3897 /* 3898 * Move to the next channel if no packets are received within 10 msecs 3899 * after sending the probe request. 3900 */ 3901 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 3902 hdr->quiet_threshold = htole16(1); /* min # of packets */ 3903 /* 3904 * Max needs to be greater than active and passive and quiet! 3905 * It's also in microseconds! 3906 */ 3907 hdr->max_svc = htole32(250 * IEEE80211_DUR_TU); 3908 hdr->pause_svc = htole32((4 << 24) | 3909 (100 * IEEE80211_DUR_TU)); /* Hardcode for now */ 3910 hdr->filter = htole32(WPI_FILTER_MULTICAST | WPI_FILTER_BEACON); 3911 3912 tx = (struct wpi_cmd_data *)(hdr + 1); 3913 tx->flags = htole32(WPI_TX_AUTO_SEQ); 3914 tx->id = WPI_ID_BROADCAST; 3915 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 3916 3917 if (IEEE80211_IS_CHAN_5GHZ(c)) { 3918 /* Send probe requests at 6Mbps. */ 3919 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_OFDM6]; 3920 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 3921 } else { 3922 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 3923 /* Send probe requests at 1Mbps. */ 3924 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3925 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 3926 } 3927 3928 essids = (struct wpi_scan_essid *)(tx + 1); 3929 nssid = MIN(ss->ss_nssid, WPI_SCAN_MAX_ESSIDS); 3930 for (i = 0; i < nssid; i++) { 3931 essids[i].id = IEEE80211_ELEMID_SSID; 3932 essids[i].len = MIN(ss->ss_ssid[i].len, IEEE80211_NWID_LEN); 3933 memcpy(essids[i].data, ss->ss_ssid[i].ssid, essids[i].len); 3934#ifdef WPI_DEBUG 3935 if (sc->sc_debug & WPI_DEBUG_SCAN) { 3936 printf("Scanning Essid: "); 3937 ieee80211_print_essid(essids[i].data, essids[i].len); 3938 printf("\n"); 3939 } 3940#endif 3941 } 3942 3943 /* 3944 * Build a probe request frame. Most of the following code is a 3945 * copy & paste of what is done in net80211. 3946 */ 3947 wh = (struct ieee80211_frame *)(essids + WPI_SCAN_MAX_ESSIDS); 3948 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3949 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 3950 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3951 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 3952 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 3953 IEEE80211_ADDR_COPY(wh->i_addr3, ifp->if_broadcastaddr); 3954 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 3955 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 3956 3957 frm = (uint8_t *)(wh + 1); 3958 frm = ieee80211_add_ssid(frm, NULL, 0); 3959 frm = ieee80211_add_rates(frm, rs); 3960 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 3961 frm = ieee80211_add_xrates(frm, rs); 3962 3963 /* Set length of probe request. */ 3964 tx->len = htole16(frm - (uint8_t *)wh); 3965 3966 /* 3967 * Construct information about the channel that we 3968 * want to scan. The firmware expects this to be directly 3969 * after the scan probe request 3970 */ 3971 chan = (struct wpi_scan_chan *)frm; 3972 chan->chan = htole16(ieee80211_chan2ieee(ic, c)); 3973 chan->flags = 0; 3974 if (nssid) { 3975 hdr->crc_threshold = WPI_SCAN_CRC_TH_DEFAULT; 3976 chan->flags |= WPI_CHAN_NPBREQS(nssid); 3977 } else 3978 hdr->crc_threshold = WPI_SCAN_CRC_TH_NEVER; 3979 3980 if (!IEEE80211_IS_CHAN_PASSIVE(c)) 3981 chan->flags |= WPI_CHAN_ACTIVE; 3982 3983 /* 3984 * Calculate the active/passive dwell times. 3985 */ 3986 3987 dwell_active = wpi_get_active_dwell_time(sc, c, nssid); 3988 dwell_passive = wpi_get_passive_dwell_time(sc, c); 3989 3990 /* Make sure they're valid. */ 3991 if (dwell_passive <= dwell_active) 3992 dwell_passive = dwell_active + 1; 3993 3994 chan->active = htole16(dwell_active); 3995 chan->passive = htole16(dwell_passive); 3996 3997 chan->dsp_gain = 0x6e; /* Default level */ 3998 3999 if (IEEE80211_IS_CHAN_5GHZ(c)) 4000 chan->rf_gain = 0x3b; 4001 else 4002 chan->rf_gain = 0x28; 4003 4004 DPRINTF(sc, WPI_DEBUG_SCAN, "Scanning %u Passive: %d\n", 4005 chan->chan, IEEE80211_IS_CHAN_PASSIVE(c)); 4006 4007 hdr->nchan++; 4008 chan++; 4009 4010 buflen = (uint8_t *)chan - buf; 4011 hdr->len = htole16(buflen); 4012 4013 DPRINTF(sc, WPI_DEBUG_CMD, "sending scan command nchan=%d\n", 4014 hdr->nchan); 4015 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 4016 free(buf, M_DEVBUF); 4017 4018 if (error != 0) 4019 goto fail; 4020 4021 callout_reset(&sc->scan_timeout, 5*hz, wpi_scan_timeout, sc); 4022 4023 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4024 4025 return 0; 4026 4027fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 4028 4029 return error; 4030} 4031 4032static int 4033wpi_auth(struct wpi_softc *sc, struct ieee80211vap *vap) 4034{ 4035 struct ieee80211com *ic = vap->iv_ic; 4036 struct ieee80211_node *ni = vap->iv_bss; 4037 int error; 4038 4039 WPI_RXON_LOCK(sc); 4040 4041 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4042 4043 /* Update adapter configuration. */ 4044 sc->rxon.associd = 0; 4045 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 4046 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4047 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 4048 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4049 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 4050 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4051 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4052 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4053 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4054 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4055 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) { 4056 sc->rxon.cck_mask = 0; 4057 sc->rxon.ofdm_mask = 0x15; 4058 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) { 4059 sc->rxon.cck_mask = 0x03; 4060 sc->rxon.ofdm_mask = 0; 4061 } else { 4062 /* Assume 802.11b/g. */ 4063 sc->rxon.cck_mask = 0x0f; 4064 sc->rxon.ofdm_mask = 0x15; 4065 } 4066 4067 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x cck %x ofdm %x\n", 4068 sc->rxon.chan, sc->rxon.flags, sc->rxon.cck_mask, 4069 sc->rxon.ofdm_mask); 4070 4071 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4072 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4073 __func__); 4074 } 4075 4076 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4077 4078 WPI_RXON_UNLOCK(sc); 4079 4080 return error; 4081} 4082 4083static int 4084wpi_config_beacon(struct wpi_vap *wvp) 4085{ 4086 struct ieee80211com *ic = wvp->wv_vap.iv_ic; 4087 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4088 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4089 struct wpi_softc *sc = ic->ic_ifp->if_softc; 4090 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 4091 struct ieee80211_tim_ie *tie; 4092 struct mbuf *m; 4093 uint8_t *ptr; 4094 int error; 4095 4096 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4097 4098 WPI_VAP_LOCK_ASSERT(wvp); 4099 4100 cmd->len = htole16(bcn->m->m_pkthdr.len); 4101 cmd->plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4102 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 4103 4104 /* XXX seems to be unused */ 4105 if (*(bo->bo_tim) == IEEE80211_ELEMID_TIM) { 4106 tie = (struct ieee80211_tim_ie *) bo->bo_tim; 4107 ptr = mtod(bcn->m, uint8_t *); 4108 4109 cmd->tim = htole16(bo->bo_tim - ptr); 4110 cmd->timsz = tie->tim_len; 4111 } 4112 4113 /* Necessary for recursion in ieee80211_beacon_update(). */ 4114 m = bcn->m; 4115 bcn->m = m_dup(m, M_NOWAIT); 4116 if (bcn->m == NULL) { 4117 device_printf(sc->sc_dev, 4118 "%s: could not copy beacon frame\n", __func__); 4119 error = ENOMEM; 4120 goto end; 4121 } 4122 4123 if ((error = wpi_cmd2(sc, bcn)) != 0) { 4124 device_printf(sc->sc_dev, 4125 "%s: could not update beacon frame, error %d", __func__, 4126 error); 4127 } 4128 4129 /* Restore mbuf. */ 4130end: bcn->m = m; 4131 4132 return error; 4133} 4134 4135static int 4136wpi_setup_beacon(struct wpi_softc *sc, struct ieee80211_node *ni) 4137{ 4138 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap); 4139 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4140 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4141 struct mbuf *m; 4142 int error; 4143 4144 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4145 4146 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4147 return EINVAL; 4148 4149 m = ieee80211_beacon_alloc(ni, bo); 4150 if (m == NULL) { 4151 device_printf(sc->sc_dev, 4152 "%s: could not allocate beacon frame\n", __func__); 4153 return ENOMEM; 4154 } 4155 4156 WPI_VAP_LOCK(wvp); 4157 if (bcn->m != NULL) 4158 m_freem(bcn->m); 4159 4160 bcn->m = m; 4161 4162 error = wpi_config_beacon(wvp); 4163 WPI_VAP_UNLOCK(wvp); 4164 4165 return error; 4166} 4167 4168static void 4169wpi_update_beacon(struct ieee80211vap *vap, int item) 4170{ 4171 struct wpi_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4172 struct wpi_vap *wvp = WPI_VAP(vap); 4173 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4174 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4175 struct ieee80211_node *ni = vap->iv_bss; 4176 int mcast = 0; 4177 4178 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4179 4180 WPI_VAP_LOCK(wvp); 4181 if (bcn->m == NULL) { 4182 bcn->m = ieee80211_beacon_alloc(ni, bo); 4183 if (bcn->m == NULL) { 4184 device_printf(sc->sc_dev, 4185 "%s: could not allocate beacon frame\n", __func__); 4186 4187 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, 4188 __func__); 4189 4190 WPI_VAP_UNLOCK(wvp); 4191 return; 4192 } 4193 } 4194 WPI_VAP_UNLOCK(wvp); 4195 4196 if (item == IEEE80211_BEACON_TIM) 4197 mcast = 1; /* TODO */ 4198 4199 setbit(bo->bo_flags, item); 4200 ieee80211_beacon_update(ni, bo, bcn->m, mcast); 4201 4202 WPI_VAP_LOCK(wvp); 4203 wpi_config_beacon(wvp); 4204 WPI_VAP_UNLOCK(wvp); 4205 4206 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4207} 4208 4209static void 4210wpi_newassoc(struct ieee80211_node *ni, int isnew) 4211{ 4212 struct ieee80211vap *vap = ni->ni_vap; 4213 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4214 struct wpi_node *wn = WPI_NODE(ni); 4215 int error; 4216 4217 WPI_NT_LOCK(sc); 4218 4219 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4220 4221 if (vap->iv_opmode != IEEE80211_M_STA && wn->id == WPI_ID_UNDEFINED) { 4222 if ((error = wpi_add_ibss_node(sc, ni)) != 0) { 4223 device_printf(sc->sc_dev, 4224 "%s: could not add IBSS node, error %d\n", 4225 __func__, error); 4226 } 4227 } 4228 WPI_NT_UNLOCK(sc); 4229} 4230 4231static int 4232wpi_run(struct wpi_softc *sc, struct ieee80211vap *vap) 4233{ 4234 struct ieee80211com *ic = vap->iv_ic; 4235 struct ieee80211_node *ni = vap->iv_bss; 4236 int error; 4237 4238 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4239 4240 if (vap->iv_opmode == IEEE80211_M_MONITOR) { 4241 /* Link LED blinks while monitoring. */ 4242 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 4243 return 0; 4244 } 4245 4246 /* XXX kernel panic workaround */ 4247 if (ni->ni_chan == IEEE80211_CHAN_ANYC) { 4248 device_printf(sc->sc_dev, "%s: incomplete configuration\n", 4249 __func__); 4250 return EINVAL; 4251 } 4252 4253 if ((error = wpi_set_timing(sc, ni)) != 0) { 4254 device_printf(sc->sc_dev, 4255 "%s: could not set timing, error %d\n", __func__, error); 4256 return error; 4257 } 4258 4259 /* Update adapter configuration. */ 4260 WPI_RXON_LOCK(sc); 4261 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4262 sc->rxon.associd = htole16(IEEE80211_NODE_AID(ni)); 4263 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 4264 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4265 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 4266 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4267 /* Short preamble and slot time are negotiated when associating. */ 4268 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 4269 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4270 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4271 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4272 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4273 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) { 4274 sc->rxon.cck_mask = 0; 4275 sc->rxon.ofdm_mask = 0x15; 4276 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) { 4277 sc->rxon.cck_mask = 0x03; 4278 sc->rxon.ofdm_mask = 0; 4279 } else { 4280 /* Assume 802.11b/g. */ 4281 sc->rxon.cck_mask = 0x0f; 4282 sc->rxon.ofdm_mask = 0x15; 4283 } 4284 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 4285 4286 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x\n", 4287 sc->rxon.chan, sc->rxon.flags); 4288 4289 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4290 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4291 __func__); 4292 return error; 4293 } 4294 4295 /* Start periodic calibration timer. */ 4296 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 4297 4298 WPI_RXON_UNLOCK(sc); 4299 4300 if (vap->iv_opmode == IEEE80211_M_IBSS || 4301 vap->iv_opmode == IEEE80211_M_HOSTAP) { 4302 if ((error = wpi_setup_beacon(sc, ni)) != 0) { 4303 device_printf(sc->sc_dev, 4304 "%s: could not setup beacon, error %d\n", __func__, 4305 error); 4306 return error; 4307 } 4308 } 4309 4310 if (vap->iv_opmode == IEEE80211_M_STA) { 4311 /* Add BSS node. */ 4312 WPI_NT_LOCK(sc); 4313 error = wpi_add_sta_node(sc, ni); 4314 WPI_NT_UNLOCK(sc); 4315 if (error != 0) { 4316 device_printf(sc->sc_dev, 4317 "%s: could not add BSS node, error %d\n", __func__, 4318 error); 4319 return error; 4320 } 4321 } 4322 4323 /* Link LED always on while associated. */ 4324 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 4325 4326 /* Enable power-saving mode if requested by user. */ 4327 if ((vap->iv_flags & IEEE80211_F_PMGTON) && 4328 vap->iv_opmode != IEEE80211_M_IBSS) 4329 (void)wpi_set_pslevel(sc, 0, 3, 1); 4330 else 4331 (void)wpi_set_pslevel(sc, 0, 0, 1); 4332 4333 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4334 4335 return 0; 4336} 4337 4338static int 4339wpi_load_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4340{ 4341 const struct ieee80211_cipher *cip = k->wk_cipher; 4342 struct ieee80211vap *vap = ni->ni_vap; 4343 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4344 struct wpi_node *wn = WPI_NODE(ni); 4345 struct wpi_node_info node; 4346 uint16_t kflags; 4347 int error; 4348 4349 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4350 4351 if (wpi_check_node_entry(sc, wn->id) == 0) { 4352 device_printf(sc->sc_dev, "%s: node does not exist\n", 4353 __func__); 4354 return 0; 4355 } 4356 4357 switch (cip->ic_cipher) { 4358 case IEEE80211_CIPHER_AES_CCM: 4359 kflags = WPI_KFLAG_CCMP; 4360 break; 4361 4362 default: 4363 device_printf(sc->sc_dev, "%s: unknown cipher %d\n", __func__, 4364 cip->ic_cipher); 4365 return 0; 4366 } 4367 4368 kflags |= WPI_KFLAG_KID(k->wk_keyix); 4369 if (k->wk_flags & IEEE80211_KEY_GROUP) 4370 kflags |= WPI_KFLAG_MULTICAST; 4371 4372 memset(&node, 0, sizeof node); 4373 node.id = wn->id; 4374 node.control = WPI_NODE_UPDATE; 4375 node.flags = WPI_FLAG_KEY_SET; 4376 node.kflags = htole16(kflags); 4377 memcpy(node.key, k->wk_key, k->wk_keylen); 4378again: 4379 DPRINTF(sc, WPI_DEBUG_KEY, 4380 "%s: setting %s key id %d for node %d (%s)\n", __func__, 4381 (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", k->wk_keyix, 4382 node.id, ether_sprintf(ni->ni_macaddr)); 4383 4384 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4385 if (error != 0) { 4386 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4387 error); 4388 return !error; 4389 } 4390 4391 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4392 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4393 kflags |= WPI_KFLAG_MULTICAST; 4394 node.kflags = htole16(kflags); 4395 4396 goto again; 4397 } 4398 4399 return 1; 4400} 4401 4402static void 4403wpi_load_key_cb(void *arg, struct ieee80211_node *ni) 4404{ 4405 const struct ieee80211_key *k = arg; 4406 struct ieee80211vap *vap = ni->ni_vap; 4407 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4408 struct wpi_node *wn = WPI_NODE(ni); 4409 int error; 4410 4411 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4412 return; 4413 4414 WPI_NT_LOCK(sc); 4415 error = wpi_load_key(ni, k); 4416 WPI_NT_UNLOCK(sc); 4417 4418 if (error == 0) { 4419 device_printf(sc->sc_dev, "%s: error while setting key\n", 4420 __func__); 4421 } 4422} 4423 4424static int 4425wpi_set_global_keys(struct ieee80211_node *ni) 4426{ 4427 struct ieee80211vap *vap = ni->ni_vap; 4428 struct ieee80211_key *wk = &vap->iv_nw_keys[0]; 4429 int error = 1; 4430 4431 for (; wk < &vap->iv_nw_keys[IEEE80211_WEP_NKID] && error; wk++) 4432 if (wk->wk_keyix != IEEE80211_KEYIX_NONE) 4433 error = wpi_load_key(ni, wk); 4434 4435 return !error; 4436} 4437 4438static int 4439wpi_del_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4440{ 4441 struct ieee80211vap *vap = ni->ni_vap; 4442 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4443 struct wpi_node *wn = WPI_NODE(ni); 4444 struct wpi_node_info node; 4445 uint16_t kflags; 4446 int error; 4447 4448 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4449 4450 if (wpi_check_node_entry(sc, wn->id) == 0) { 4451 DPRINTF(sc, WPI_DEBUG_KEY, "%s: node was removed\n", __func__); 4452 return 1; /* Nothing to do. */ 4453 } 4454 4455 kflags = WPI_KFLAG_KID(k->wk_keyix); 4456 if (k->wk_flags & IEEE80211_KEY_GROUP) 4457 kflags |= WPI_KFLAG_MULTICAST; 4458 4459 memset(&node, 0, sizeof node); 4460 node.id = wn->id; 4461 node.control = WPI_NODE_UPDATE; 4462 node.flags = WPI_FLAG_KEY_SET; 4463 node.kflags = htole16(kflags); 4464again: 4465 DPRINTF(sc, WPI_DEBUG_KEY, "%s: deleting %s key %d for node %d (%s)\n", 4466 __func__, (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", 4467 k->wk_keyix, node.id, ether_sprintf(ni->ni_macaddr)); 4468 4469 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4470 if (error != 0) { 4471 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4472 error); 4473 return !error; 4474 } 4475 4476 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4477 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4478 kflags |= WPI_KFLAG_MULTICAST; 4479 node.kflags = htole16(kflags); 4480 4481 goto again; 4482 } 4483 4484 return 1; 4485} 4486 4487static void 4488wpi_del_key_cb(void *arg, struct ieee80211_node *ni) 4489{ 4490 const struct ieee80211_key *k = arg; 4491 struct ieee80211vap *vap = ni->ni_vap; 4492 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4493 struct wpi_node *wn = WPI_NODE(ni); 4494 int error; 4495 4496 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4497 return; 4498 4499 WPI_NT_LOCK(sc); 4500 error = wpi_del_key(ni, k); 4501 WPI_NT_UNLOCK(sc); 4502 4503 if (error == 0) { 4504 device_printf(sc->sc_dev, "%s: error while deleting key\n", 4505 __func__); 4506 } 4507} 4508 4509static int 4510wpi_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k, 4511 int set) 4512{ 4513 struct ieee80211com *ic = vap->iv_ic; 4514 struct wpi_softc *sc = ic->ic_ifp->if_softc; 4515 struct wpi_vap *wvp = WPI_VAP(vap); 4516 struct ieee80211_node *ni; 4517 int error, ni_ref = 0; 4518 4519 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4520 4521 if (k->wk_flags & IEEE80211_KEY_SWCRYPT) { 4522 /* Not for us. */ 4523 return 1; 4524 } 4525 4526 if (!(k->wk_flags & IEEE80211_KEY_RECV)) { 4527 /* XMIT keys are handled in wpi_tx_data(). */ 4528 return 1; 4529 } 4530 4531 /* Handle group keys. */ 4532 if (&vap->iv_nw_keys[0] <= k && 4533 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4534 WPI_NT_LOCK(sc); 4535 if (set) 4536 wvp->wv_gtk |= WPI_VAP_KEY(k->wk_keyix); 4537 else 4538 wvp->wv_gtk &= ~WPI_VAP_KEY(k->wk_keyix); 4539 WPI_NT_UNLOCK(sc); 4540 4541 if (vap->iv_state == IEEE80211_S_RUN) { 4542 ieee80211_iterate_nodes(&ic->ic_sta, 4543 set ? wpi_load_key_cb : wpi_del_key_cb, (void *)k); 4544 } 4545 4546 return 1; 4547 } 4548 4549 switch (vap->iv_opmode) { 4550 case IEEE80211_M_STA: 4551 ni = vap->iv_bss; 4552 break; 4553 4554 case IEEE80211_M_IBSS: 4555 case IEEE80211_M_AHDEMO: 4556 case IEEE80211_M_HOSTAP: 4557 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, k->wk_macaddr); 4558 if (ni == NULL) 4559 return 0; /* should not happen */ 4560 4561 ni_ref = 1; 4562 break; 4563 4564 default: 4565 device_printf(sc->sc_dev, "%s: unknown opmode %d\n", __func__, 4566 vap->iv_opmode); 4567 return 0; 4568 } 4569 4570 WPI_NT_LOCK(sc); 4571 if (set) 4572 error = wpi_load_key(ni, k); 4573 else 4574 error = wpi_del_key(ni, k); 4575 WPI_NT_UNLOCK(sc); 4576 4577 if (ni_ref) 4578 ieee80211_node_decref(ni); 4579 4580 return error; 4581} 4582 4583static int 4584wpi_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k, 4585 const uint8_t mac[IEEE80211_ADDR_LEN]) 4586{ 4587 return wpi_process_key(vap, k, 1); 4588} 4589 4590static int 4591wpi_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 4592{ 4593 return wpi_process_key(vap, k, 0); 4594} 4595 4596/* 4597 * This function is called after the runtime firmware notifies us of its 4598 * readiness (called in a process context). 4599 */ 4600static int 4601wpi_post_alive(struct wpi_softc *sc) 4602{ 4603 int ntries, error; 4604 4605 /* Check (again) that the radio is not disabled. */ 4606 if ((error = wpi_nic_lock(sc)) != 0) 4607 return error; 4608 4609 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4610 4611 /* NB: Runtime firmware must be up and running. */ 4612 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 4613 device_printf(sc->sc_dev, 4614 "RF switch: radio disabled (%s)\n", __func__); 4615 wpi_nic_unlock(sc); 4616 return EPERM; /* :-) */ 4617 } 4618 wpi_nic_unlock(sc); 4619 4620 /* Wait for thermal sensor to calibrate. */ 4621 for (ntries = 0; ntries < 1000; ntries++) { 4622 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 4623 break; 4624 DELAY(10); 4625 } 4626 4627 if (ntries == 1000) { 4628 device_printf(sc->sc_dev, 4629 "timeout waiting for thermal sensor calibration\n"); 4630 return ETIMEDOUT; 4631 } 4632 4633 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d\n", sc->temp); 4634 return 0; 4635} 4636 4637/* 4638 * The firmware boot code is small and is intended to be copied directly into 4639 * the NIC internal memory (no DMA transfer). 4640 */ 4641static int 4642wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 4643{ 4644 int error, ntries; 4645 4646 DPRINTF(sc, WPI_DEBUG_HW, "Loading microcode size 0x%x\n", size); 4647 4648 size /= sizeof (uint32_t); 4649 4650 if ((error = wpi_nic_lock(sc)) != 0) 4651 return error; 4652 4653 /* Copy microcode image into NIC memory. */ 4654 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 4655 (const uint32_t *)ucode, size); 4656 4657 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 4658 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 4659 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 4660 4661 /* Start boot load now. */ 4662 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 4663 4664 /* Wait for transfer to complete. */ 4665 for (ntries = 0; ntries < 1000; ntries++) { 4666 uint32_t status = WPI_READ(sc, WPI_FH_TX_STATUS); 4667 DPRINTF(sc, WPI_DEBUG_HW, 4668 "firmware status=0x%x, val=0x%x, result=0x%x\n", status, 4669 WPI_FH_TX_STATUS_IDLE(6), 4670 status & WPI_FH_TX_STATUS_IDLE(6)); 4671 if (status & WPI_FH_TX_STATUS_IDLE(6)) { 4672 DPRINTF(sc, WPI_DEBUG_HW, 4673 "Status Match! - ntries = %d\n", ntries); 4674 break; 4675 } 4676 DELAY(10); 4677 } 4678 if (ntries == 1000) { 4679 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4680 __func__); 4681 wpi_nic_unlock(sc); 4682 return ETIMEDOUT; 4683 } 4684 4685 /* Enable boot after power up. */ 4686 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 4687 4688 wpi_nic_unlock(sc); 4689 return 0; 4690} 4691 4692static int 4693wpi_load_firmware(struct wpi_softc *sc) 4694{ 4695 struct wpi_fw_info *fw = &sc->fw; 4696 struct wpi_dma_info *dma = &sc->fw_dma; 4697 int error; 4698 4699 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4700 4701 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 4702 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 4703 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4704 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->init.text, fw->init.textsz); 4705 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4706 4707 /* Tell adapter where to find initialization sections. */ 4708 if ((error = wpi_nic_lock(sc)) != 0) 4709 return error; 4710 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4711 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 4712 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4713 dma->paddr + WPI_FW_DATA_MAXSZ); 4714 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 4715 wpi_nic_unlock(sc); 4716 4717 /* Load firmware boot code. */ 4718 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 4719 if (error != 0) { 4720 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4721 __func__); 4722 return error; 4723 } 4724 4725 /* Now press "execute". */ 4726 WPI_WRITE(sc, WPI_RESET, 0); 4727 4728 /* Wait at most one second for first alive notification. */ 4729 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 4730 device_printf(sc->sc_dev, 4731 "%s: timeout waiting for adapter to initialize, error %d\n", 4732 __func__, error); 4733 return error; 4734 } 4735 4736 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 4737 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 4738 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4739 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->main.text, fw->main.textsz); 4740 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4741 4742 /* Tell adapter where to find runtime sections. */ 4743 if ((error = wpi_nic_lock(sc)) != 0) 4744 return error; 4745 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4746 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 4747 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4748 dma->paddr + WPI_FW_DATA_MAXSZ); 4749 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 4750 WPI_FW_UPDATED | fw->main.textsz); 4751 wpi_nic_unlock(sc); 4752 4753 return 0; 4754} 4755 4756static int 4757wpi_read_firmware(struct wpi_softc *sc) 4758{ 4759 const struct firmware *fp; 4760 struct wpi_fw_info *fw = &sc->fw; 4761 const struct wpi_firmware_hdr *hdr; 4762 int error; 4763 4764 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4765 4766 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4767 "Attempting Loading Firmware from %s module\n", WPI_FW_NAME); 4768 4769 WPI_UNLOCK(sc); 4770 fp = firmware_get(WPI_FW_NAME); 4771 WPI_LOCK(sc); 4772 4773 if (fp == NULL) { 4774 device_printf(sc->sc_dev, 4775 "could not load firmware image '%s'\n", WPI_FW_NAME); 4776 return EINVAL; 4777 } 4778 4779 sc->fw_fp = fp; 4780 4781 if (fp->datasize < sizeof (struct wpi_firmware_hdr)) { 4782 device_printf(sc->sc_dev, 4783 "firmware file too short: %zu bytes\n", fp->datasize); 4784 error = EINVAL; 4785 goto fail; 4786 } 4787 4788 fw->size = fp->datasize; 4789 fw->data = (const uint8_t *)fp->data; 4790 4791 /* Extract firmware header information. */ 4792 hdr = (const struct wpi_firmware_hdr *)fw->data; 4793 4794 /* | RUNTIME FIRMWARE | INIT FIRMWARE | BOOT FW | 4795 |HDR|<--TEXT-->|<--DATA-->|<--TEXT-->|<--DATA-->|<--TEXT-->| */ 4796 4797 fw->main.textsz = le32toh(hdr->rtextsz); 4798 fw->main.datasz = le32toh(hdr->rdatasz); 4799 fw->init.textsz = le32toh(hdr->itextsz); 4800 fw->init.datasz = le32toh(hdr->idatasz); 4801 fw->boot.textsz = le32toh(hdr->btextsz); 4802 fw->boot.datasz = 0; 4803 4804 /* Sanity-check firmware header. */ 4805 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 4806 fw->main.datasz > WPI_FW_DATA_MAXSZ || 4807 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 4808 fw->init.datasz > WPI_FW_DATA_MAXSZ || 4809 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 4810 (fw->boot.textsz & 3) != 0) { 4811 device_printf(sc->sc_dev, "invalid firmware header\n"); 4812 error = EINVAL; 4813 goto fail; 4814 } 4815 4816 /* Check that all firmware sections fit. */ 4817 if (fw->size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 4818 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 4819 device_printf(sc->sc_dev, 4820 "firmware file too short: %zu bytes\n", fw->size); 4821 error = EINVAL; 4822 goto fail; 4823 } 4824 4825 /* Get pointers to firmware sections. */ 4826 fw->main.text = (const uint8_t *)(hdr + 1); 4827 fw->main.data = fw->main.text + fw->main.textsz; 4828 fw->init.text = fw->main.data + fw->main.datasz; 4829 fw->init.data = fw->init.text + fw->init.textsz; 4830 fw->boot.text = fw->init.data + fw->init.datasz; 4831 4832 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4833 "Firmware Version: Major %d, Minor %d, Driver %d, \n" 4834 "runtime (text: %u, data: %u) init (text: %u, data %u) " 4835 "boot (text %u)\n", hdr->major, hdr->minor, le32toh(hdr->driver), 4836 fw->main.textsz, fw->main.datasz, 4837 fw->init.textsz, fw->init.datasz, fw->boot.textsz); 4838 4839 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.text %p\n", fw->main.text); 4840 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.data %p\n", fw->main.data); 4841 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.text %p\n", fw->init.text); 4842 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.data %p\n", fw->init.data); 4843 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->boot.text %p\n", fw->boot.text); 4844 4845 return 0; 4846 4847fail: wpi_unload_firmware(sc); 4848 return error; 4849} 4850 4851/** 4852 * Free the referenced firmware image 4853 */ 4854static void 4855wpi_unload_firmware(struct wpi_softc *sc) 4856{ 4857 if (sc->fw_fp != NULL) { 4858 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD); 4859 sc->fw_fp = NULL; 4860 } 4861} 4862 4863static int 4864wpi_clock_wait(struct wpi_softc *sc) 4865{ 4866 int ntries; 4867 4868 /* Set "initialization complete" bit. */ 4869 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 4870 4871 /* Wait for clock stabilization. */ 4872 for (ntries = 0; ntries < 2500; ntries++) { 4873 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 4874 return 0; 4875 DELAY(100); 4876 } 4877 device_printf(sc->sc_dev, 4878 "%s: timeout waiting for clock stabilization\n", __func__); 4879 4880 return ETIMEDOUT; 4881} 4882 4883static int 4884wpi_apm_init(struct wpi_softc *sc) 4885{ 4886 uint32_t reg; 4887 int error; 4888 4889 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4890 4891 /* Disable L0s exit timer (NMI bug workaround). */ 4892 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_DIS_L0S_TIMER); 4893 /* Don't wait for ICH L0s (ICH bug workaround). */ 4894 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 4895 4896 /* Set FH wait threshold to max (HW bug under stress workaround). */ 4897 WPI_SETBITS(sc, WPI_DBG_HPET_MEM, 0xffff0000); 4898 4899 /* Cleanup. */ 4900 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 0x00000400); 4901 wpi_prph_clrbits(sc, WPI_APMG_PS, 0x00000E00); 4902 4903 /* Retrieve PCIe Active State Power Management (ASPM). */ 4904 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 4905 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */ 4906 if (reg & 0x02) /* L1 Entry enabled. */ 4907 WPI_SETBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4908 else 4909 WPI_CLRBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4910 4911 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 4912 4913 /* Wait for clock stabilization before accessing prph. */ 4914 if ((error = wpi_clock_wait(sc)) != 0) 4915 return error; 4916 4917 if ((error = wpi_nic_lock(sc)) != 0) 4918 return error; 4919 /* Enable DMA and BSM (Bootstrap State Machine). */ 4920 wpi_prph_write(sc, WPI_APMG_CLK_EN, 4921 WPI_APMG_CLK_CTRL_DMA_CLK_RQT | WPI_APMG_CLK_CTRL_BSM_CLK_RQT); 4922 DELAY(20); 4923 /* Disable L1-Active. */ 4924 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 4925 wpi_nic_unlock(sc); 4926 4927 return 0; 4928} 4929 4930static void 4931wpi_apm_stop_master(struct wpi_softc *sc) 4932{ 4933 int ntries; 4934 4935 /* Stop busmaster DMA activity. */ 4936 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 4937 4938 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 4939 WPI_GP_CNTRL_MAC_PS) 4940 return; /* Already asleep. */ 4941 4942 for (ntries = 0; ntries < 100; ntries++) { 4943 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 4944 return; 4945 DELAY(10); 4946 } 4947 device_printf(sc->sc_dev, "%s: timeout waiting for master\n", 4948 __func__); 4949} 4950 4951static void 4952wpi_apm_stop(struct wpi_softc *sc) 4953{ 4954 wpi_apm_stop_master(sc); 4955 4956 /* Reset the entire device. */ 4957 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 4958 DELAY(10); 4959 /* Clear "initialization complete" bit. */ 4960 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 4961} 4962 4963static void 4964wpi_nic_config(struct wpi_softc *sc) 4965{ 4966 uint32_t rev; 4967 4968 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4969 4970 /* voodoo from the Linux "driver".. */ 4971 rev = pci_read_config(sc->sc_dev, PCIR_REVID, 1); 4972 if ((rev & 0xc0) == 0x40) 4973 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 4974 else if (!(rev & 0x80)) 4975 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 4976 4977 if (sc->cap == 0x80) 4978 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 4979 4980 if ((sc->rev & 0xf0) == 0xd0) 4981 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 4982 else 4983 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 4984 4985 if (sc->type > 1) 4986 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 4987} 4988 4989static int 4990wpi_hw_init(struct wpi_softc *sc) 4991{ 4992 int chnl, ntries, error; 4993 4994 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4995 4996 /* Clear pending interrupts. */ 4997 WPI_WRITE(sc, WPI_INT, 0xffffffff); 4998 4999 if ((error = wpi_apm_init(sc)) != 0) { 5000 device_printf(sc->sc_dev, 5001 "%s: could not power ON adapter, error %d\n", __func__, 5002 error); 5003 return error; 5004 } 5005 5006 /* Select VMAIN power source. */ 5007 if ((error = wpi_nic_lock(sc)) != 0) 5008 return error; 5009 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 5010 wpi_nic_unlock(sc); 5011 /* Spin until VMAIN gets selected. */ 5012 for (ntries = 0; ntries < 5000; ntries++) { 5013 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 5014 break; 5015 DELAY(10); 5016 } 5017 if (ntries == 5000) { 5018 device_printf(sc->sc_dev, "timeout selecting power source\n"); 5019 return ETIMEDOUT; 5020 } 5021 5022 /* Perform adapter initialization. */ 5023 wpi_nic_config(sc); 5024 5025 /* Initialize RX ring. */ 5026 if ((error = wpi_nic_lock(sc)) != 0) 5027 return error; 5028 /* Set physical address of RX ring. */ 5029 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 5030 /* Set physical address of RX read pointer. */ 5031 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 5032 offsetof(struct wpi_shared, next)); 5033 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 5034 /* Enable RX. */ 5035 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 5036 WPI_FH_RX_CONFIG_DMA_ENA | 5037 WPI_FH_RX_CONFIG_RDRBD_ENA | 5038 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 5039 WPI_FH_RX_CONFIG_MAXFRAG | 5040 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 5041 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 5042 WPI_FH_RX_CONFIG_IRQ_TIMEOUT(1)); 5043 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 5044 wpi_nic_unlock(sc); 5045 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 5046 5047 /* Initialize TX rings. */ 5048 if ((error = wpi_nic_lock(sc)) != 0) 5049 return error; 5050 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 5051 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 5052 /* Enable all 6 TX rings. */ 5053 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 5054 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 5055 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 5056 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 5057 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 5058 /* Set physical address of TX rings. */ 5059 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 5060 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 5061 5062 /* Enable all DMA channels. */ 5063 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5064 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 5065 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 5066 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 5067 } 5068 wpi_nic_unlock(sc); 5069 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 5070 5071 /* Clear "radio off" and "commands blocked" bits. */ 5072 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5073 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 5074 5075 /* Clear pending interrupts. */ 5076 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5077 /* Enable interrupts. */ 5078 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 5079 5080 /* _Really_ make sure "radio off" bit is cleared! */ 5081 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5082 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5083 5084 if ((error = wpi_load_firmware(sc)) != 0) { 5085 device_printf(sc->sc_dev, 5086 "%s: could not load firmware, error %d\n", __func__, 5087 error); 5088 return error; 5089 } 5090 /* Wait at most one second for firmware alive notification. */ 5091 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 5092 device_printf(sc->sc_dev, 5093 "%s: timeout waiting for adapter to initialize, error %d\n", 5094 __func__, error); 5095 return error; 5096 } 5097 5098 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5099 5100 /* Do post-firmware initialization. */ 5101 return wpi_post_alive(sc); 5102} 5103 5104static void 5105wpi_hw_stop(struct wpi_softc *sc) 5106{ 5107 int chnl, qid, ntries; 5108 5109 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5110 5111 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) 5112 wpi_nic_lock(sc); 5113 5114 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 5115 5116 /* Disable interrupts. */ 5117 WPI_WRITE(sc, WPI_INT_MASK, 0); 5118 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5119 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 5120 5121 /* Make sure we no longer hold the NIC lock. */ 5122 wpi_nic_unlock(sc); 5123 5124 if (wpi_nic_lock(sc) == 0) { 5125 /* Stop TX scheduler. */ 5126 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 5127 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 5128 5129 /* Stop all DMA channels. */ 5130 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5131 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 5132 for (ntries = 0; ntries < 200; ntries++) { 5133 if (WPI_READ(sc, WPI_FH_TX_STATUS) & 5134 WPI_FH_TX_STATUS_IDLE(chnl)) 5135 break; 5136 DELAY(10); 5137 } 5138 } 5139 wpi_nic_unlock(sc); 5140 } 5141 5142 /* Stop RX ring. */ 5143 wpi_reset_rx_ring(sc); 5144 5145 /* Reset all TX rings. */ 5146 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 5147 wpi_reset_tx_ring(sc, &sc->txq[qid]); 5148 5149 if (wpi_nic_lock(sc) == 0) { 5150 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 5151 WPI_APMG_CLK_CTRL_DMA_CLK_RQT); 5152 wpi_nic_unlock(sc); 5153 } 5154 DELAY(5); 5155 /* Power OFF adapter. */ 5156 wpi_apm_stop(sc); 5157} 5158 5159static void 5160wpi_radio_on(void *arg0, int pending) 5161{ 5162 struct wpi_softc *sc = arg0; 5163 struct ifnet *ifp = sc->sc_ifp; 5164 struct ieee80211com *ic = ifp->if_l2com; 5165 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5166 5167 device_printf(sc->sc_dev, "RF switch: radio enabled\n"); 5168 5169 if (vap != NULL) { 5170 wpi_init(sc); 5171 ieee80211_init(vap); 5172 } 5173 5174 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL) { 5175 WPI_LOCK(sc); 5176 callout_stop(&sc->watchdog_rfkill); 5177 WPI_UNLOCK(sc); 5178 } 5179} 5180 5181static void 5182wpi_radio_off(void *arg0, int pending) 5183{ 5184 struct wpi_softc *sc = arg0; 5185 struct ifnet *ifp = sc->sc_ifp; 5186 struct ieee80211com *ic = ifp->if_l2com; 5187 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5188 5189 device_printf(sc->sc_dev, "RF switch: radio disabled\n"); 5190 5191 wpi_stop(sc); 5192 if (vap != NULL) 5193 ieee80211_stop(vap); 5194 5195 WPI_LOCK(sc); 5196 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, sc); 5197 WPI_UNLOCK(sc); 5198} 5199 5200static void 5201wpi_init(void *arg) 5202{ 5203 struct wpi_softc *sc = arg; 5204 struct ifnet *ifp = sc->sc_ifp; 5205 struct ieee80211com *ic = ifp->if_l2com; 5206 int error; 5207 5208 WPI_LOCK(sc); 5209 5210 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 5211 5212 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) 5213 goto end; 5214 5215 /* Check that the radio is not disabled by hardware switch. */ 5216 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 5217 device_printf(sc->sc_dev, 5218 "RF switch: radio disabled (%s)\n", __func__); 5219 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 5220 sc); 5221 goto end; 5222 } 5223 5224 /* Read firmware images from the filesystem. */ 5225 if ((error = wpi_read_firmware(sc)) != 0) { 5226 device_printf(sc->sc_dev, 5227 "%s: could not read firmware, error %d\n", __func__, 5228 error); 5229 goto fail; 5230 } 5231 5232 /* Initialize hardware and upload firmware. */ 5233 error = wpi_hw_init(sc); 5234 wpi_unload_firmware(sc); 5235 if (error != 0) { 5236 device_printf(sc->sc_dev, 5237 "%s: could not initialize hardware, error %d\n", __func__, 5238 error); 5239 goto fail; 5240 } 5241 5242 /* Configure adapter now that it is ready. */ 5243 sc->txq_active = 1; 5244 if ((error = wpi_config(sc)) != 0) { 5245 device_printf(sc->sc_dev, 5246 "%s: could not configure device, error %d\n", __func__, 5247 error); 5248 goto fail; 5249 } 5250 5251 IF_LOCK(&ifp->if_snd); 5252 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 5253 ifp->if_drv_flags |= IFF_DRV_RUNNING; 5254 IF_UNLOCK(&ifp->if_snd); 5255 5256 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5257 5258 WPI_UNLOCK(sc); 5259 5260 ieee80211_start_all(ic); 5261 5262 return; 5263 5264fail: wpi_stop_locked(sc); 5265end: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 5266 WPI_UNLOCK(sc); 5267} 5268 5269static void 5270wpi_stop_locked(struct wpi_softc *sc) 5271{ 5272 struct ifnet *ifp = sc->sc_ifp; 5273 5274 WPI_LOCK_ASSERT(sc); 5275 5276 WPI_TXQ_LOCK(sc); 5277 sc->txq_active = 0; 5278 WPI_TXQ_UNLOCK(sc); 5279 5280 callout_stop(&sc->tx_timeout); 5281 5282 WPI_RXON_LOCK(sc); 5283 callout_stop(&sc->scan_timeout); 5284 callout_stop(&sc->calib_to); 5285 WPI_RXON_UNLOCK(sc); 5286 5287 IF_LOCK(&ifp->if_snd); 5288 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 5289 IF_UNLOCK(&ifp->if_snd); 5290 5291 /* Power OFF hardware. */ 5292 wpi_hw_stop(sc); 5293} 5294 5295static void 5296wpi_stop(struct wpi_softc *sc) 5297{ 5298 WPI_LOCK(sc); 5299 wpi_stop_locked(sc); 5300 WPI_UNLOCK(sc); 5301} 5302 5303/* 5304 * Callback from net80211 to start a scan. 5305 */ 5306static void 5307wpi_scan_start(struct ieee80211com *ic) 5308{ 5309 struct wpi_softc *sc = ic->ic_ifp->if_softc; 5310 5311 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 5312} 5313 5314/* 5315 * Callback from net80211 to terminate a scan. 5316 */ 5317static void 5318wpi_scan_end(struct ieee80211com *ic) 5319{ 5320 struct ifnet *ifp = ic->ic_ifp; 5321 struct wpi_softc *sc = ifp->if_softc; 5322 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5323 5324 if (vap->iv_state == IEEE80211_S_RUN) 5325 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 5326} 5327 5328/** 5329 * Called by the net80211 framework to indicate to the driver 5330 * that the channel should be changed 5331 */ 5332static void 5333wpi_set_channel(struct ieee80211com *ic) 5334{ 5335 const struct ieee80211_channel *c = ic->ic_curchan; 5336 struct ifnet *ifp = ic->ic_ifp; 5337 struct wpi_softc *sc = ifp->if_softc; 5338 int error; 5339 5340 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5341 5342 WPI_LOCK(sc); 5343 sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq); 5344 sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags); 5345 sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq); 5346 sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags); 5347 WPI_UNLOCK(sc); 5348 5349 /* 5350 * Only need to set the channel in Monitor mode. AP scanning and auth 5351 * are already taken care of by their respective firmware commands. 5352 */ 5353 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 5354 WPI_RXON_LOCK(sc); 5355 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 5356 if (IEEE80211_IS_CHAN_2GHZ(c)) { 5357 sc->rxon.flags |= htole32(WPI_RXON_AUTO | 5358 WPI_RXON_24GHZ); 5359 } else { 5360 sc->rxon.flags &= ~htole32(WPI_RXON_AUTO | 5361 WPI_RXON_24GHZ); 5362 } 5363 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) 5364 device_printf(sc->sc_dev, 5365 "%s: error %d setting channel\n", __func__, 5366 error); 5367 WPI_RXON_UNLOCK(sc); 5368 } 5369} 5370 5371/** 5372 * Called by net80211 to indicate that we need to scan the current 5373 * channel. The channel is previously be set via the wpi_set_channel 5374 * callback. 5375 */ 5376static void 5377wpi_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 5378{ 5379 struct ieee80211vap *vap = ss->ss_vap; 5380 struct ieee80211com *ic = vap->iv_ic; 5381 struct wpi_softc *sc = ic->ic_ifp->if_softc; 5382 int error; 5383 5384 WPI_RXON_LOCK(sc); 5385 if (sc->rxon.chan != ieee80211_chan2ieee(ic, ic->ic_curchan)) { 5386 error = wpi_scan(sc, ic->ic_curchan); 5387 WPI_RXON_UNLOCK(sc); 5388 if (error != 0) 5389 ieee80211_cancel_scan(vap); 5390 } else { 5391 WPI_RXON_UNLOCK(sc); 5392 /* Send probe request when associated. */ 5393 sc->sc_scan_curchan(ss, maxdwell); 5394 } 5395} 5396 5397/** 5398 * Called by the net80211 framework to indicate 5399 * the minimum dwell time has been met, terminate the scan. 5400 * We don't actually terminate the scan as the firmware will notify 5401 * us when it's finished and we have no way to interrupt it. 5402 */ 5403static void 5404wpi_scan_mindwell(struct ieee80211_scan_state *ss) 5405{ 5406 /* NB: don't try to abort scan; wait for firmware to finish */ 5407} 5408 5409static void 5410wpi_hw_reset(void *arg, int pending) 5411{ 5412 struct wpi_softc *sc = arg; 5413 struct ifnet *ifp = sc->sc_ifp; 5414 struct ieee80211com *ic = ifp->if_l2com; 5415 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5416 5417 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5418 5419 if (vap != NULL && (ic->ic_flags & IEEE80211_F_SCAN)) 5420 ieee80211_cancel_scan(vap); 5421 5422 wpi_stop(sc); 5423 if (vap != NULL) 5424 ieee80211_stop(vap); 5425 wpi_init(sc); 5426 if (vap != NULL) 5427 ieee80211_init(vap); 5428} 5429