if_wpi.c revision 280112
1/*- 2 * Copyright (c) 2006,2007 3 * Damien Bergamini <damien.bergamini@free.fr> 4 * Benjamin Close <Benjamin.Close@clearchain.com> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/cdefs.h> 20__FBSDID("$FreeBSD: head/sys/dev/wpi/if_wpi.c 280112 2015-03-15 21:25:06Z adrian $"); 21 22/* 23 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 24 * 25 * The 3945ABG network adapter doesn't use traditional hardware as 26 * many other adaptors do. Instead at run time the eeprom is set into a known 27 * state and told to load boot firmware. The boot firmware loads an init and a 28 * main binary firmware image into SRAM on the card via DMA. 29 * Once the firmware is loaded, the driver/hw then 30 * communicate by way of circular dma rings via the SRAM to the firmware. 31 * 32 * There is 6 memory rings. 1 command ring, 1 rx data ring & 4 tx data rings. 33 * The 4 tx data rings allow for prioritization QoS. 34 * 35 * The rx data ring consists of 32 dma buffers. Two registers are used to 36 * indicate where in the ring the driver and the firmware are up to. The 37 * driver sets the initial read index (reg1) and the initial write index (reg2), 38 * the firmware updates the read index (reg1) on rx of a packet and fires an 39 * interrupt. The driver then processes the buffers starting at reg1 indicating 40 * to the firmware which buffers have been accessed by updating reg2. At the 41 * same time allocating new memory for the processed buffer. 42 * 43 * A similar thing happens with the tx rings. The difference is the firmware 44 * stop processing buffers once the queue is full and until confirmation 45 * of a successful transmition (tx_done) has occurred. 46 * 47 * The command ring operates in the same manner as the tx queues. 48 * 49 * All communication direct to the card (ie eeprom) is classed as Stage1 50 * communication 51 * 52 * All communication via the firmware to the card is classed as State2. 53 * The firmware consists of 2 parts. A bootstrap firmware and a runtime 54 * firmware. The bootstrap firmware and runtime firmware are loaded 55 * from host memory via dma to the card then told to execute. From this point 56 * on the majority of communications between the driver and the card goes 57 * via the firmware. 58 */ 59 60#include "opt_wlan.h" 61#include "opt_wpi.h" 62 63#include <sys/param.h> 64#include <sys/sysctl.h> 65#include <sys/sockio.h> 66#include <sys/mbuf.h> 67#include <sys/kernel.h> 68#include <sys/socket.h> 69#include <sys/systm.h> 70#include <sys/malloc.h> 71#include <sys/queue.h> 72#include <sys/taskqueue.h> 73#include <sys/module.h> 74#include <sys/bus.h> 75#include <sys/endian.h> 76#include <sys/linker.h> 77#include <sys/firmware.h> 78 79#include <machine/bus.h> 80#include <machine/resource.h> 81#include <sys/rman.h> 82 83#include <dev/pci/pcireg.h> 84#include <dev/pci/pcivar.h> 85 86#include <net/bpf.h> 87#include <net/if.h> 88#include <net/if_var.h> 89#include <net/if_arp.h> 90#include <net/ethernet.h> 91#include <net/if_dl.h> 92#include <net/if_media.h> 93#include <net/if_types.h> 94 95#include <netinet/in.h> 96#include <netinet/in_systm.h> 97#include <netinet/in_var.h> 98#include <netinet/if_ether.h> 99#include <netinet/ip.h> 100 101#include <net80211/ieee80211_var.h> 102#include <net80211/ieee80211_radiotap.h> 103#include <net80211/ieee80211_regdomain.h> 104#include <net80211/ieee80211_ratectl.h> 105 106#include <dev/wpi/if_wpireg.h> 107#include <dev/wpi/if_wpivar.h> 108#include <dev/wpi/if_wpi_debug.h> 109 110struct wpi_ident { 111 uint16_t vendor; 112 uint16_t device; 113 uint16_t subdevice; 114 const char *name; 115}; 116 117static const struct wpi_ident wpi_ident_table[] = { 118 /* The below entries support ABG regardless of the subid */ 119 { 0x8086, 0x4222, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 120 { 0x8086, 0x4227, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 121 /* The below entries only support BG */ 122 { 0x8086, 0x4222, 0x1005, "Intel(R) PRO/Wireless 3945BG" }, 123 { 0x8086, 0x4222, 0x1034, "Intel(R) PRO/Wireless 3945BG" }, 124 { 0x8086, 0x4227, 0x1014, "Intel(R) PRO/Wireless 3945BG" }, 125 { 0x8086, 0x4222, 0x1044, "Intel(R) PRO/Wireless 3945BG" }, 126 { 0, 0, 0, NULL } 127}; 128 129static int wpi_probe(device_t); 130static int wpi_attach(device_t); 131static void wpi_radiotap_attach(struct wpi_softc *); 132static void wpi_sysctlattach(struct wpi_softc *); 133static void wpi_init_beacon(struct wpi_vap *); 134static struct ieee80211vap *wpi_vap_create(struct ieee80211com *, 135 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 136 const uint8_t [IEEE80211_ADDR_LEN], 137 const uint8_t [IEEE80211_ADDR_LEN]); 138static void wpi_vap_delete(struct ieee80211vap *); 139static int wpi_detach(device_t); 140static int wpi_shutdown(device_t); 141static int wpi_suspend(device_t); 142static int wpi_resume(device_t); 143static int wpi_nic_lock(struct wpi_softc *); 144static int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 145static void wpi_dma_map_addr(void *, bus_dma_segment_t *, int, int); 146static int wpi_dma_contig_alloc(struct wpi_softc *, struct wpi_dma_info *, 147 void **, bus_size_t, bus_size_t); 148static void wpi_dma_contig_free(struct wpi_dma_info *); 149static int wpi_alloc_shared(struct wpi_softc *); 150static void wpi_free_shared(struct wpi_softc *); 151static int wpi_alloc_fwmem(struct wpi_softc *); 152static void wpi_free_fwmem(struct wpi_softc *); 153static int wpi_alloc_rx_ring(struct wpi_softc *); 154static void wpi_update_rx_ring(struct wpi_softc *); 155static void wpi_reset_rx_ring(struct wpi_softc *); 156static void wpi_free_rx_ring(struct wpi_softc *); 157static int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 158 int); 159static void wpi_update_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 160static void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 161static void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 162static int wpi_read_eeprom(struct wpi_softc *, 163 uint8_t macaddr[IEEE80211_ADDR_LEN]); 164static uint32_t wpi_eeprom_channel_flags(struct wpi_eeprom_chan *); 165static void wpi_read_eeprom_band(struct wpi_softc *, int); 166static int wpi_read_eeprom_channels(struct wpi_softc *, int); 167static struct wpi_eeprom_chan *wpi_find_eeprom_channel(struct wpi_softc *, 168 struct ieee80211_channel *); 169static int wpi_setregdomain(struct ieee80211com *, 170 struct ieee80211_regdomain *, int, 171 struct ieee80211_channel[]); 172static int wpi_read_eeprom_group(struct wpi_softc *, int); 173static int wpi_add_node_entry_adhoc(struct wpi_softc *); 174static void wpi_node_free(struct ieee80211_node *); 175static struct ieee80211_node *wpi_node_alloc(struct ieee80211vap *, 176 const uint8_t mac[IEEE80211_ADDR_LEN]); 177static int wpi_newstate(struct ieee80211vap *, enum ieee80211_state, int); 178static void wpi_calib_timeout(void *); 179static void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 180 struct wpi_rx_data *); 181static void wpi_rx_statistics(struct wpi_softc *, struct wpi_rx_desc *, 182 struct wpi_rx_data *); 183static void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 184static void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 185static void wpi_notif_intr(struct wpi_softc *); 186static void wpi_wakeup_intr(struct wpi_softc *); 187#ifdef WPI_DEBUG 188static void wpi_debug_registers(struct wpi_softc *); 189#endif 190static void wpi_fatal_intr(struct wpi_softc *); 191static void wpi_intr(void *); 192static int wpi_cmd2(struct wpi_softc *, struct wpi_buf *); 193static int wpi_tx_data(struct wpi_softc *, struct mbuf *, 194 struct ieee80211_node *); 195static int wpi_tx_data_raw(struct wpi_softc *, struct mbuf *, 196 struct ieee80211_node *, 197 const struct ieee80211_bpf_params *); 198static int wpi_raw_xmit(struct ieee80211_node *, struct mbuf *, 199 const struct ieee80211_bpf_params *); 200static void wpi_start(struct ifnet *); 201static void wpi_start_task(void *, int); 202static void wpi_watchdog_rfkill(void *); 203static void wpi_scan_timeout(void *); 204static void wpi_tx_timeout(void *); 205static int wpi_ioctl(struct ifnet *, u_long, caddr_t); 206static int wpi_cmd(struct wpi_softc *, int, const void *, size_t, int); 207static int wpi_mrr_setup(struct wpi_softc *); 208static int wpi_add_node(struct wpi_softc *, struct ieee80211_node *); 209static int wpi_add_broadcast_node(struct wpi_softc *, int); 210static int wpi_add_ibss_node(struct wpi_softc *, struct ieee80211_node *); 211static void wpi_del_node(struct wpi_softc *, struct ieee80211_node *); 212static int wpi_updateedca(struct ieee80211com *); 213static void wpi_set_promisc(struct wpi_softc *); 214static void wpi_update_promisc(struct ifnet *); 215static void wpi_update_mcast(struct ifnet *); 216static void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 217static int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 218static void wpi_power_calibration(struct wpi_softc *); 219static int wpi_set_txpower(struct wpi_softc *, int); 220static int wpi_get_power_index(struct wpi_softc *, 221 struct wpi_power_group *, struct ieee80211_channel *, int); 222static int wpi_set_pslevel(struct wpi_softc *, uint8_t, int, int); 223static int wpi_send_btcoex(struct wpi_softc *); 224static int wpi_send_rxon(struct wpi_softc *, int, int); 225static int wpi_config(struct wpi_softc *); 226static uint16_t wpi_get_active_dwell_time(struct wpi_softc *, 227 struct ieee80211_channel *, uint8_t); 228static uint16_t wpi_limit_dwell(struct wpi_softc *, uint16_t); 229static uint16_t wpi_get_passive_dwell_time(struct wpi_softc *, 230 struct ieee80211_channel *); 231static int wpi_scan(struct wpi_softc *, struct ieee80211_channel *); 232static int wpi_auth(struct wpi_softc *, struct ieee80211vap *); 233static int wpi_config_beacon(struct wpi_vap *); 234static int wpi_setup_beacon(struct wpi_softc *, struct ieee80211_node *); 235static void wpi_update_beacon(struct ieee80211vap *, int); 236static void wpi_newassoc(struct ieee80211_node *, int); 237static int wpi_run(struct wpi_softc *, struct ieee80211vap *); 238static int wpi_load_key(struct ieee80211_node *, 239 const struct ieee80211_key *); 240static void wpi_load_key_cb(void *, struct ieee80211_node *); 241static int wpi_set_global_keys(struct ieee80211_node *); 242static int wpi_del_key(struct ieee80211_node *, 243 const struct ieee80211_key *); 244static void wpi_del_key_cb(void *, struct ieee80211_node *); 245static int wpi_process_key(struct ieee80211vap *, 246 const struct ieee80211_key *, int); 247static int wpi_key_set(struct ieee80211vap *, 248 const struct ieee80211_key *, 249 const uint8_t mac[IEEE80211_ADDR_LEN]); 250static int wpi_key_delete(struct ieee80211vap *, 251 const struct ieee80211_key *); 252static int wpi_post_alive(struct wpi_softc *); 253static int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int); 254static int wpi_load_firmware(struct wpi_softc *); 255static int wpi_read_firmware(struct wpi_softc *); 256static void wpi_unload_firmware(struct wpi_softc *); 257static int wpi_clock_wait(struct wpi_softc *); 258static int wpi_apm_init(struct wpi_softc *); 259static void wpi_apm_stop_master(struct wpi_softc *); 260static void wpi_apm_stop(struct wpi_softc *); 261static void wpi_nic_config(struct wpi_softc *); 262static int wpi_hw_init(struct wpi_softc *); 263static void wpi_hw_stop(struct wpi_softc *); 264static void wpi_radio_on(void *, int); 265static void wpi_radio_off(void *, int); 266static void wpi_init(void *); 267static void wpi_stop_locked(struct wpi_softc *); 268static void wpi_stop(struct wpi_softc *); 269static void wpi_scan_start(struct ieee80211com *); 270static void wpi_scan_end(struct ieee80211com *); 271static void wpi_set_channel(struct ieee80211com *); 272static void wpi_scan_curchan(struct ieee80211_scan_state *, unsigned long); 273static void wpi_scan_mindwell(struct ieee80211_scan_state *); 274static void wpi_hw_reset(void *, int); 275 276static device_method_t wpi_methods[] = { 277 /* Device interface */ 278 DEVMETHOD(device_probe, wpi_probe), 279 DEVMETHOD(device_attach, wpi_attach), 280 DEVMETHOD(device_detach, wpi_detach), 281 DEVMETHOD(device_shutdown, wpi_shutdown), 282 DEVMETHOD(device_suspend, wpi_suspend), 283 DEVMETHOD(device_resume, wpi_resume), 284 285 DEVMETHOD_END 286}; 287 288static driver_t wpi_driver = { 289 "wpi", 290 wpi_methods, 291 sizeof (struct wpi_softc) 292}; 293static devclass_t wpi_devclass; 294 295DRIVER_MODULE(wpi, pci, wpi_driver, wpi_devclass, NULL, NULL); 296 297MODULE_VERSION(wpi, 1); 298 299MODULE_DEPEND(wpi, pci, 1, 1, 1); 300MODULE_DEPEND(wpi, wlan, 1, 1, 1); 301MODULE_DEPEND(wpi, firmware, 1, 1, 1); 302 303static int 304wpi_probe(device_t dev) 305{ 306 const struct wpi_ident *ident; 307 308 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 309 if (pci_get_vendor(dev) == ident->vendor && 310 pci_get_device(dev) == ident->device) { 311 device_set_desc(dev, ident->name); 312 return (BUS_PROBE_DEFAULT); 313 } 314 } 315 return ENXIO; 316} 317 318static int 319wpi_attach(device_t dev) 320{ 321 struct wpi_softc *sc = (struct wpi_softc *)device_get_softc(dev); 322 struct ieee80211com *ic; 323 struct ifnet *ifp; 324 int i, error, rid; 325#ifdef WPI_DEBUG 326 int supportsa = 1; 327 const struct wpi_ident *ident; 328#endif 329 uint8_t macaddr[IEEE80211_ADDR_LEN]; 330 331 sc->sc_dev = dev; 332 333#ifdef WPI_DEBUG 334 error = resource_int_value(device_get_name(sc->sc_dev), 335 device_get_unit(sc->sc_dev), "debug", &(sc->sc_debug)); 336 if (error != 0) 337 sc->sc_debug = 0; 338#else 339 sc->sc_debug = 0; 340#endif 341 342 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 343 344 /* 345 * Get the offset of the PCI Express Capability Structure in PCI 346 * Configuration Space. 347 */ 348 error = pci_find_cap(dev, PCIY_EXPRESS, &sc->sc_cap_off); 349 if (error != 0) { 350 device_printf(dev, "PCIe capability structure not found!\n"); 351 return error; 352 } 353 354 /* 355 * Some card's only support 802.11b/g not a, check to see if 356 * this is one such card. A 0x0 in the subdevice table indicates 357 * the entire subdevice range is to be ignored. 358 */ 359#ifdef WPI_DEBUG 360 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 361 if (ident->subdevice && 362 pci_get_subdevice(dev) == ident->subdevice) { 363 supportsa = 0; 364 break; 365 } 366 } 367#endif 368 369 /* Clear device-specific "PCI retry timeout" register (41h). */ 370 pci_write_config(dev, 0x41, 0, 1); 371 372 /* Enable bus-mastering. */ 373 pci_enable_busmaster(dev); 374 375 rid = PCIR_BAR(0); 376 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 377 RF_ACTIVE); 378 if (sc->mem == NULL) { 379 device_printf(dev, "can't map mem space\n"); 380 return ENOMEM; 381 } 382 sc->sc_st = rman_get_bustag(sc->mem); 383 sc->sc_sh = rman_get_bushandle(sc->mem); 384 385 i = 1; 386 rid = 0; 387 if (pci_alloc_msi(dev, &i) == 0) 388 rid = 1; 389 /* Install interrupt handler. */ 390 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 391 (rid != 0 ? 0 : RF_SHAREABLE)); 392 if (sc->irq == NULL) { 393 device_printf(dev, "can't map interrupt\n"); 394 error = ENOMEM; 395 goto fail; 396 } 397 398 WPI_LOCK_INIT(sc); 399 WPI_RXON_LOCK_INIT(sc); 400 WPI_NT_LOCK_INIT(sc); 401 WPI_TXQ_LOCK_INIT(sc); 402 WPI_TXQ_STATE_LOCK_INIT(sc); 403 404 /* Allocate DMA memory for firmware transfers. */ 405 if ((error = wpi_alloc_fwmem(sc)) != 0) { 406 device_printf(dev, 407 "could not allocate memory for firmware, error %d\n", 408 error); 409 goto fail; 410 } 411 412 /* Allocate shared page. */ 413 if ((error = wpi_alloc_shared(sc)) != 0) { 414 device_printf(dev, "could not allocate shared page\n"); 415 goto fail; 416 } 417 418 /* Allocate TX rings - 4 for QoS purposes, 1 for commands. */ 419 for (i = 0; i < WPI_NTXQUEUES; i++) { 420 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 421 device_printf(dev, 422 "could not allocate TX ring %d, error %d\n", i, 423 error); 424 goto fail; 425 } 426 } 427 428 /* Allocate RX ring. */ 429 if ((error = wpi_alloc_rx_ring(sc)) != 0) { 430 device_printf(dev, "could not allocate RX ring, error %d\n", 431 error); 432 goto fail; 433 } 434 435 /* Clear pending interrupts. */ 436 WPI_WRITE(sc, WPI_INT, 0xffffffff); 437 438 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 439 if (ifp == NULL) { 440 device_printf(dev, "can not allocate ifnet structure\n"); 441 goto fail; 442 } 443 444 ic = ifp->if_l2com; 445 ic->ic_ifp = ifp; 446 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 447 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 448 449 /* Set device capabilities. */ 450 ic->ic_caps = 451 IEEE80211_C_STA /* station mode supported */ 452 | IEEE80211_C_IBSS /* IBSS mode supported */ 453 | IEEE80211_C_HOSTAP /* Host access point mode */ 454 | IEEE80211_C_MONITOR /* monitor mode supported */ 455 | IEEE80211_C_AHDEMO /* adhoc demo mode */ 456 | IEEE80211_C_BGSCAN /* capable of bg scanning */ 457 | IEEE80211_C_TXPMGT /* tx power management */ 458 | IEEE80211_C_SHSLOT /* short slot time supported */ 459 | IEEE80211_C_WPA /* 802.11i */ 460 | IEEE80211_C_SHPREAMBLE /* short preamble supported */ 461 | IEEE80211_C_WME /* 802.11e */ 462 | IEEE80211_C_PMGT /* Station-side power mgmt */ 463 ; 464 465 ic->ic_cryptocaps = 466 IEEE80211_CRYPTO_AES_CCM; 467 468 /* 469 * Read in the eeprom and also setup the channels for 470 * net80211. We don't set the rates as net80211 does this for us 471 */ 472 if ((error = wpi_read_eeprom(sc, macaddr)) != 0) { 473 device_printf(dev, "could not read EEPROM, error %d\n", 474 error); 475 goto fail; 476 } 477 478#ifdef WPI_DEBUG 479 if (bootverbose) { 480 device_printf(sc->sc_dev, "Regulatory Domain: %.4s\n", 481 sc->domain); 482 device_printf(sc->sc_dev, "Hardware Type: %c\n", 483 sc->type > 1 ? 'B': '?'); 484 device_printf(sc->sc_dev, "Hardware Revision: %c\n", 485 ((sc->rev & 0xf0) == 0xd0) ? 'D': '?'); 486 device_printf(sc->sc_dev, "SKU %s support 802.11a\n", 487 supportsa ? "does" : "does not"); 488 489 /* XXX hw_config uses the PCIDEV for the Hardware rev. Must 490 check what sc->rev really represents - benjsc 20070615 */ 491 } 492#endif 493 494 if_initname(ifp, device_get_name(dev), device_get_unit(dev)); 495 ifp->if_softc = sc; 496 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 497 ifp->if_init = wpi_init; 498 ifp->if_ioctl = wpi_ioctl; 499 ifp->if_start = wpi_start; 500 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 501 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 502 IFQ_SET_READY(&ifp->if_snd); 503 504 ieee80211_ifattach(ic, macaddr); 505 ic->ic_vap_create = wpi_vap_create; 506 ic->ic_vap_delete = wpi_vap_delete; 507 ic->ic_raw_xmit = wpi_raw_xmit; 508 ic->ic_node_alloc = wpi_node_alloc; 509 sc->sc_node_free = ic->ic_node_free; 510 ic->ic_node_free = wpi_node_free; 511 ic->ic_wme.wme_update = wpi_updateedca; 512 ic->ic_update_promisc = wpi_update_promisc; 513 ic->ic_update_mcast = wpi_update_mcast; 514 ic->ic_newassoc = wpi_newassoc; 515 ic->ic_scan_start = wpi_scan_start; 516 ic->ic_scan_end = wpi_scan_end; 517 ic->ic_set_channel = wpi_set_channel; 518 sc->sc_scan_curchan = ic->ic_scan_curchan; 519 ic->ic_scan_curchan = wpi_scan_curchan; 520 ic->ic_scan_mindwell = wpi_scan_mindwell; 521 ic->ic_setregdomain = wpi_setregdomain; 522 523 wpi_radiotap_attach(sc); 524 525 callout_init_mtx(&sc->calib_to, &sc->rxon_mtx, 0); 526 callout_init_mtx(&sc->scan_timeout, &sc->rxon_mtx, 0); 527 callout_init_mtx(&sc->tx_timeout, &sc->txq_state_mtx, 0); 528 callout_init_mtx(&sc->watchdog_rfkill, &sc->sc_mtx, 0); 529 TASK_INIT(&sc->sc_reinittask, 0, wpi_hw_reset, sc); 530 TASK_INIT(&sc->sc_radiooff_task, 0, wpi_radio_off, sc); 531 TASK_INIT(&sc->sc_radioon_task, 0, wpi_radio_on, sc); 532 TASK_INIT(&sc->sc_start_task, 0, wpi_start_task, sc); 533 534 wpi_sysctlattach(sc); 535 536 /* 537 * Hook our interrupt after all initialization is complete. 538 */ 539 error = bus_setup_intr(dev, sc->irq, INTR_TYPE_NET | INTR_MPSAFE, 540 NULL, wpi_intr, sc, &sc->sc_ih); 541 if (error != 0) { 542 device_printf(dev, "can't establish interrupt, error %d\n", 543 error); 544 goto fail; 545 } 546 547 if (bootverbose) 548 ieee80211_announce(ic); 549 550#ifdef WPI_DEBUG 551 if (sc->sc_debug & WPI_DEBUG_HW) 552 ieee80211_announce_channels(ic); 553#endif 554 555 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 556 return 0; 557 558fail: wpi_detach(dev); 559 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 560 return error; 561} 562 563/* 564 * Attach the interface to 802.11 radiotap. 565 */ 566static void 567wpi_radiotap_attach(struct wpi_softc *sc) 568{ 569 struct ifnet *ifp = sc->sc_ifp; 570 struct ieee80211com *ic = ifp->if_l2com; 571 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 572 ieee80211_radiotap_attach(ic, 573 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 574 WPI_TX_RADIOTAP_PRESENT, 575 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 576 WPI_RX_RADIOTAP_PRESENT); 577 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 578} 579 580static void 581wpi_sysctlattach(struct wpi_softc *sc) 582{ 583#ifdef WPI_DEBUG 584 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev); 585 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev); 586 587 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, 588 "debug", CTLFLAG_RW, &sc->sc_debug, sc->sc_debug, 589 "control debugging printfs"); 590#endif 591} 592 593static void 594wpi_init_beacon(struct wpi_vap *wvp) 595{ 596 struct wpi_buf *bcn = &wvp->wv_bcbuf; 597 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 598 599 cmd->id = WPI_ID_BROADCAST; 600 cmd->ofdm_mask = 0xff; 601 cmd->cck_mask = 0x0f; 602 cmd->lifetime = htole32(WPI_LIFETIME_INFINITE); 603 cmd->flags = htole32(WPI_TX_AUTO_SEQ | WPI_TX_INSERT_TSTAMP); 604 605 bcn->code = WPI_CMD_SET_BEACON; 606 bcn->ac = WPI_CMD_QUEUE_NUM; 607 bcn->size = sizeof(struct wpi_cmd_beacon); 608} 609 610static struct ieee80211vap * 611wpi_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 612 enum ieee80211_opmode opmode, int flags, 613 const uint8_t bssid[IEEE80211_ADDR_LEN], 614 const uint8_t mac[IEEE80211_ADDR_LEN]) 615{ 616 struct wpi_vap *wvp; 617 struct ieee80211vap *vap; 618 619 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 620 return NULL; 621 622 wvp = (struct wpi_vap *) malloc(sizeof(struct wpi_vap), 623 M_80211_VAP, M_NOWAIT | M_ZERO); 624 if (wvp == NULL) 625 return NULL; 626 vap = &wvp->wv_vap; 627 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 628 629 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) { 630 WPI_VAP_LOCK_INIT(wvp); 631 wpi_init_beacon(wvp); 632 } 633 634 /* Override with driver methods. */ 635 vap->iv_key_set = wpi_key_set; 636 vap->iv_key_delete = wpi_key_delete; 637 wvp->wv_newstate = vap->iv_newstate; 638 vap->iv_newstate = wpi_newstate; 639 vap->iv_update_beacon = wpi_update_beacon; 640 vap->iv_max_aid = WPI_ID_IBSS_MAX - WPI_ID_IBSS_MIN + 1; 641 642 ieee80211_ratectl_init(vap); 643 /* Complete setup. */ 644 ieee80211_vap_attach(vap, ieee80211_media_change, 645 ieee80211_media_status); 646 ic->ic_opmode = opmode; 647 return vap; 648} 649 650static void 651wpi_vap_delete(struct ieee80211vap *vap) 652{ 653 struct wpi_vap *wvp = WPI_VAP(vap); 654 struct wpi_buf *bcn = &wvp->wv_bcbuf; 655 enum ieee80211_opmode opmode = vap->iv_opmode; 656 657 ieee80211_ratectl_deinit(vap); 658 ieee80211_vap_detach(vap); 659 660 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) { 661 if (bcn->m != NULL) 662 m_freem(bcn->m); 663 664 WPI_VAP_LOCK_DESTROY(wvp); 665 } 666 667 free(wvp, M_80211_VAP); 668} 669 670static int 671wpi_detach(device_t dev) 672{ 673 struct wpi_softc *sc = device_get_softc(dev); 674 struct ifnet *ifp = sc->sc_ifp; 675 struct ieee80211com *ic; 676 int qid; 677 678 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 679 680 if (ifp != NULL) { 681 ic = ifp->if_l2com; 682 683 ieee80211_draintask(ic, &sc->sc_reinittask); 684 ieee80211_draintask(ic, &sc->sc_radiooff_task); 685 ieee80211_draintask(ic, &sc->sc_radioon_task); 686 ieee80211_draintask(ic, &sc->sc_start_task); 687 688 wpi_stop(sc); 689 690 callout_drain(&sc->watchdog_rfkill); 691 callout_drain(&sc->tx_timeout); 692 callout_drain(&sc->scan_timeout); 693 callout_drain(&sc->calib_to); 694 ieee80211_ifdetach(ic); 695 } 696 697 /* Uninstall interrupt handler. */ 698 if (sc->irq != NULL) { 699 bus_teardown_intr(dev, sc->irq, sc->sc_ih); 700 bus_release_resource(dev, SYS_RES_IRQ, rman_get_rid(sc->irq), 701 sc->irq); 702 pci_release_msi(dev); 703 } 704 705 if (sc->txq[0].data_dmat) { 706 /* Free DMA resources. */ 707 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 708 wpi_free_tx_ring(sc, &sc->txq[qid]); 709 710 wpi_free_rx_ring(sc); 711 wpi_free_shared(sc); 712 } 713 714 if (sc->fw_dma.tag) 715 wpi_free_fwmem(sc); 716 717 if (sc->mem != NULL) 718 bus_release_resource(dev, SYS_RES_MEMORY, 719 rman_get_rid(sc->mem), sc->mem); 720 721 if (ifp != NULL) 722 if_free(ifp); 723 724 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 725 WPI_TXQ_STATE_LOCK_DESTROY(sc); 726 WPI_TXQ_LOCK_DESTROY(sc); 727 WPI_NT_LOCK_DESTROY(sc); 728 WPI_RXON_LOCK_DESTROY(sc); 729 WPI_LOCK_DESTROY(sc); 730 return 0; 731} 732 733static int 734wpi_shutdown(device_t dev) 735{ 736 struct wpi_softc *sc = device_get_softc(dev); 737 738 wpi_stop(sc); 739 return 0; 740} 741 742static int 743wpi_suspend(device_t dev) 744{ 745 struct wpi_softc *sc = device_get_softc(dev); 746 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 747 748 ieee80211_suspend_all(ic); 749 return 0; 750} 751 752static int 753wpi_resume(device_t dev) 754{ 755 struct wpi_softc *sc = device_get_softc(dev); 756 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 757 758 /* Clear device-specific "PCI retry timeout" register (41h). */ 759 pci_write_config(dev, 0x41, 0, 1); 760 761 ieee80211_resume_all(ic); 762 return 0; 763} 764 765/* 766 * Grab exclusive access to NIC memory. 767 */ 768static int 769wpi_nic_lock(struct wpi_softc *sc) 770{ 771 int ntries; 772 773 /* Request exclusive access to NIC. */ 774 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 775 776 /* Spin until we actually get the lock. */ 777 for (ntries = 0; ntries < 1000; ntries++) { 778 if ((WPI_READ(sc, WPI_GP_CNTRL) & 779 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 780 WPI_GP_CNTRL_MAC_ACCESS_ENA) 781 return 0; 782 DELAY(10); 783 } 784 785 device_printf(sc->sc_dev, "could not lock memory\n"); 786 787 return ETIMEDOUT; 788} 789 790/* 791 * Release lock on NIC memory. 792 */ 793static __inline void 794wpi_nic_unlock(struct wpi_softc *sc) 795{ 796 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 797} 798 799static __inline uint32_t 800wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 801{ 802 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 803 WPI_BARRIER_READ_WRITE(sc); 804 return WPI_READ(sc, WPI_PRPH_RDATA); 805} 806 807static __inline void 808wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 809{ 810 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 811 WPI_BARRIER_WRITE(sc); 812 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 813} 814 815static __inline void 816wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 817{ 818 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 819} 820 821static __inline void 822wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 823{ 824 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 825} 826 827static __inline void 828wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 829 const uint32_t *data, int count) 830{ 831 for (; count > 0; count--, data++, addr += 4) 832 wpi_prph_write(sc, addr, *data); 833} 834 835static __inline uint32_t 836wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 837{ 838 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 839 WPI_BARRIER_READ_WRITE(sc); 840 return WPI_READ(sc, WPI_MEM_RDATA); 841} 842 843static __inline void 844wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 845 int count) 846{ 847 for (; count > 0; count--, addr += 4) 848 *data++ = wpi_mem_read(sc, addr); 849} 850 851static int 852wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 853{ 854 uint8_t *out = data; 855 uint32_t val; 856 int error, ntries; 857 858 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 859 860 if ((error = wpi_nic_lock(sc)) != 0) 861 return error; 862 863 for (; count > 0; count -= 2, addr++) { 864 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 865 for (ntries = 0; ntries < 10; ntries++) { 866 val = WPI_READ(sc, WPI_EEPROM); 867 if (val & WPI_EEPROM_READ_VALID) 868 break; 869 DELAY(5); 870 } 871 if (ntries == 10) { 872 device_printf(sc->sc_dev, 873 "timeout reading ROM at 0x%x\n", addr); 874 return ETIMEDOUT; 875 } 876 *out++= val >> 16; 877 if (count > 1) 878 *out ++= val >> 24; 879 } 880 881 wpi_nic_unlock(sc); 882 883 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 884 885 return 0; 886} 887 888static void 889wpi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 890{ 891 if (error != 0) 892 return; 893 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 894 *(bus_addr_t *)arg = segs[0].ds_addr; 895} 896 897/* 898 * Allocates a contiguous block of dma memory of the requested size and 899 * alignment. 900 */ 901static int 902wpi_dma_contig_alloc(struct wpi_softc *sc, struct wpi_dma_info *dma, 903 void **kvap, bus_size_t size, bus_size_t alignment) 904{ 905 int error; 906 907 dma->tag = NULL; 908 dma->size = size; 909 910 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment, 911 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 912 1, size, BUS_DMA_NOWAIT, NULL, NULL, &dma->tag); 913 if (error != 0) 914 goto fail; 915 916 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 917 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 918 if (error != 0) 919 goto fail; 920 921 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 922 wpi_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 923 if (error != 0) 924 goto fail; 925 926 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 927 928 if (kvap != NULL) 929 *kvap = dma->vaddr; 930 931 return 0; 932 933fail: wpi_dma_contig_free(dma); 934 return error; 935} 936 937static void 938wpi_dma_contig_free(struct wpi_dma_info *dma) 939{ 940 if (dma->vaddr != NULL) { 941 bus_dmamap_sync(dma->tag, dma->map, 942 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 943 bus_dmamap_unload(dma->tag, dma->map); 944 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 945 dma->vaddr = NULL; 946 } 947 if (dma->tag != NULL) { 948 bus_dma_tag_destroy(dma->tag); 949 dma->tag = NULL; 950 } 951} 952 953/* 954 * Allocate a shared page between host and NIC. 955 */ 956static int 957wpi_alloc_shared(struct wpi_softc *sc) 958{ 959 /* Shared buffer must be aligned on a 4KB boundary. */ 960 return wpi_dma_contig_alloc(sc, &sc->shared_dma, 961 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 962} 963 964static void 965wpi_free_shared(struct wpi_softc *sc) 966{ 967 wpi_dma_contig_free(&sc->shared_dma); 968} 969 970/* 971 * Allocate DMA-safe memory for firmware transfer. 972 */ 973static int 974wpi_alloc_fwmem(struct wpi_softc *sc) 975{ 976 /* Must be aligned on a 16-byte boundary. */ 977 return wpi_dma_contig_alloc(sc, &sc->fw_dma, NULL, 978 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 979} 980 981static void 982wpi_free_fwmem(struct wpi_softc *sc) 983{ 984 wpi_dma_contig_free(&sc->fw_dma); 985} 986 987static int 988wpi_alloc_rx_ring(struct wpi_softc *sc) 989{ 990 struct wpi_rx_ring *ring = &sc->rxq; 991 bus_size_t size; 992 int i, error; 993 994 ring->cur = 0; 995 ring->update = 0; 996 997 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 998 999 /* Allocate RX descriptors (16KB aligned.) */ 1000 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 1001 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, 1002 (void **)&ring->desc, size, WPI_RING_DMA_ALIGN); 1003 if (error != 0) { 1004 device_printf(sc->sc_dev, 1005 "%s: could not allocate RX ring DMA memory, error %d\n", 1006 __func__, error); 1007 goto fail; 1008 } 1009 1010 /* Create RX buffer DMA tag. */ 1011 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1012 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 1013 MJUMPAGESIZE, 1, MJUMPAGESIZE, BUS_DMA_NOWAIT, NULL, NULL, 1014 &ring->data_dmat); 1015 if (error != 0) { 1016 device_printf(sc->sc_dev, 1017 "%s: could not create RX buf DMA tag, error %d\n", 1018 __func__, error); 1019 goto fail; 1020 } 1021 1022 /* 1023 * Allocate and map RX buffers. 1024 */ 1025 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1026 struct wpi_rx_data *data = &ring->data[i]; 1027 bus_addr_t paddr; 1028 1029 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1030 if (error != 0) { 1031 device_printf(sc->sc_dev, 1032 "%s: could not create RX buf DMA map, error %d\n", 1033 __func__, error); 1034 goto fail; 1035 } 1036 1037 data->m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1038 if (data->m == NULL) { 1039 device_printf(sc->sc_dev, 1040 "%s: could not allocate RX mbuf\n", __func__); 1041 error = ENOBUFS; 1042 goto fail; 1043 } 1044 1045 error = bus_dmamap_load(ring->data_dmat, data->map, 1046 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1047 &paddr, BUS_DMA_NOWAIT); 1048 if (error != 0 && error != EFBIG) { 1049 device_printf(sc->sc_dev, 1050 "%s: can't map mbuf (error %d)\n", __func__, 1051 error); 1052 goto fail; 1053 } 1054 1055 /* Set physical address of RX buffer. */ 1056 ring->desc[i] = htole32(paddr); 1057 } 1058 1059 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1060 BUS_DMASYNC_PREWRITE); 1061 1062 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1063 1064 return 0; 1065 1066fail: wpi_free_rx_ring(sc); 1067 1068 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1069 1070 return error; 1071} 1072 1073static void 1074wpi_update_rx_ring(struct wpi_softc *sc) 1075{ 1076 struct wpi_rx_ring *ring = &sc->rxq; 1077 1078 if (ring->update != 0) { 1079 /* Wait for INT_WAKEUP event. */ 1080 return; 1081 } 1082 1083 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1084 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s: wakeup request\n", 1085 __func__); 1086 1087 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1088 ring->update = 1; 1089 } else 1090 WPI_WRITE(sc, WPI_FH_RX_WPTR, ring->cur & ~7); 1091} 1092 1093static void 1094wpi_reset_rx_ring(struct wpi_softc *sc) 1095{ 1096 struct wpi_rx_ring *ring = &sc->rxq; 1097 int ntries; 1098 1099 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1100 1101 if (wpi_nic_lock(sc) == 0) { 1102 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 1103 for (ntries = 0; ntries < 1000; ntries++) { 1104 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 1105 WPI_FH_RX_STATUS_IDLE) 1106 break; 1107 DELAY(10); 1108 } 1109 wpi_nic_unlock(sc); 1110 } 1111 1112 ring->cur = 0; 1113 ring->update = 0; 1114} 1115 1116static void 1117wpi_free_rx_ring(struct wpi_softc *sc) 1118{ 1119 struct wpi_rx_ring *ring = &sc->rxq; 1120 int i; 1121 1122 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1123 1124 wpi_dma_contig_free(&ring->desc_dma); 1125 1126 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1127 struct wpi_rx_data *data = &ring->data[i]; 1128 1129 if (data->m != NULL) { 1130 bus_dmamap_sync(ring->data_dmat, data->map, 1131 BUS_DMASYNC_POSTREAD); 1132 bus_dmamap_unload(ring->data_dmat, data->map); 1133 m_freem(data->m); 1134 data->m = NULL; 1135 } 1136 if (data->map != NULL) 1137 bus_dmamap_destroy(ring->data_dmat, data->map); 1138 } 1139 if (ring->data_dmat != NULL) { 1140 bus_dma_tag_destroy(ring->data_dmat); 1141 ring->data_dmat = NULL; 1142 } 1143} 1144 1145static int 1146wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid) 1147{ 1148 bus_addr_t paddr; 1149 bus_size_t size; 1150 int i, error; 1151 1152 ring->qid = qid; 1153 ring->queued = 0; 1154 ring->cur = 0; 1155 ring->update = 0; 1156 1157 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1158 1159 /* Allocate TX descriptors (16KB aligned.) */ 1160 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 1161 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc, 1162 size, WPI_RING_DMA_ALIGN); 1163 if (error != 0) { 1164 device_printf(sc->sc_dev, 1165 "%s: could not allocate TX ring DMA memory, error %d\n", 1166 __func__, error); 1167 goto fail; 1168 } 1169 1170 /* Update shared area with ring physical address. */ 1171 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 1172 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 1173 BUS_DMASYNC_PREWRITE); 1174 1175 /* 1176 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 1177 * to allocate commands space for other rings. 1178 * XXX Do we really need to allocate descriptors for other rings? 1179 */ 1180 if (qid > WPI_CMD_QUEUE_NUM) { 1181 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1182 return 0; 1183 } 1184 1185 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 1186 error = wpi_dma_contig_alloc(sc, &ring->cmd_dma, (void **)&ring->cmd, 1187 size, 4); 1188 if (error != 0) { 1189 device_printf(sc->sc_dev, 1190 "%s: could not allocate TX cmd DMA memory, error %d\n", 1191 __func__, error); 1192 goto fail; 1193 } 1194 1195 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1196 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1197 WPI_MAX_SCATTER - 1, MCLBYTES, BUS_DMA_NOWAIT, NULL, NULL, 1198 &ring->data_dmat); 1199 if (error != 0) { 1200 device_printf(sc->sc_dev, 1201 "%s: could not create TX buf DMA tag, error %d\n", 1202 __func__, error); 1203 goto fail; 1204 } 1205 1206 paddr = ring->cmd_dma.paddr; 1207 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1208 struct wpi_tx_data *data = &ring->data[i]; 1209 1210 data->cmd_paddr = paddr; 1211 paddr += sizeof (struct wpi_tx_cmd); 1212 1213 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1214 if (error != 0) { 1215 device_printf(sc->sc_dev, 1216 "%s: could not create TX buf DMA map, error %d\n", 1217 __func__, error); 1218 goto fail; 1219 } 1220 } 1221 1222 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1223 1224 return 0; 1225 1226fail: wpi_free_tx_ring(sc, ring); 1227 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1228 return error; 1229} 1230 1231static void 1232wpi_update_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1233{ 1234 if (ring->update != 0) { 1235 /* Wait for INT_WAKEUP event. */ 1236 return; 1237 } 1238 1239 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) { 1240 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s (%d): requesting wakeup\n", 1241 __func__, ring->qid); 1242 1243 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1244 ring->update = 1; 1245 } else 1246 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1247} 1248 1249static void 1250wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1251{ 1252 int i; 1253 1254 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1255 1256 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1257 struct wpi_tx_data *data = &ring->data[i]; 1258 1259 if (data->m != NULL) { 1260 bus_dmamap_sync(ring->data_dmat, data->map, 1261 BUS_DMASYNC_POSTWRITE); 1262 bus_dmamap_unload(ring->data_dmat, data->map); 1263 m_freem(data->m); 1264 data->m = NULL; 1265 } 1266 } 1267 /* Clear TX descriptors. */ 1268 memset(ring->desc, 0, ring->desc_dma.size); 1269 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1270 BUS_DMASYNC_PREWRITE); 1271 sc->qfullmsk &= ~(1 << ring->qid); 1272 ring->queued = 0; 1273 ring->cur = 0; 1274 ring->update = 0; 1275} 1276 1277static void 1278wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1279{ 1280 int i; 1281 1282 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1283 1284 wpi_dma_contig_free(&ring->desc_dma); 1285 wpi_dma_contig_free(&ring->cmd_dma); 1286 1287 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1288 struct wpi_tx_data *data = &ring->data[i]; 1289 1290 if (data->m != NULL) { 1291 bus_dmamap_sync(ring->data_dmat, data->map, 1292 BUS_DMASYNC_POSTWRITE); 1293 bus_dmamap_unload(ring->data_dmat, data->map); 1294 m_freem(data->m); 1295 } 1296 if (data->map != NULL) 1297 bus_dmamap_destroy(ring->data_dmat, data->map); 1298 } 1299 if (ring->data_dmat != NULL) { 1300 bus_dma_tag_destroy(ring->data_dmat); 1301 ring->data_dmat = NULL; 1302 } 1303} 1304 1305/* 1306 * Extract various information from EEPROM. 1307 */ 1308static int 1309wpi_read_eeprom(struct wpi_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN]) 1310{ 1311#define WPI_CHK(res) do { \ 1312 if ((error = res) != 0) \ 1313 goto fail; \ 1314} while (0) 1315 int error, i; 1316 1317 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1318 1319 /* Adapter has to be powered on for EEPROM access to work. */ 1320 if ((error = wpi_apm_init(sc)) != 0) { 1321 device_printf(sc->sc_dev, 1322 "%s: could not power ON adapter, error %d\n", __func__, 1323 error); 1324 return error; 1325 } 1326 1327 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 1328 device_printf(sc->sc_dev, "bad EEPROM signature\n"); 1329 error = EIO; 1330 goto fail; 1331 } 1332 /* Clear HW ownership of EEPROM. */ 1333 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 1334 1335 /* Read the hardware capabilities, revision and SKU type. */ 1336 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_SKU_CAP, &sc->cap, 1337 sizeof(sc->cap))); 1338 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 1339 sizeof(sc->rev))); 1340 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1341 sizeof(sc->type))); 1342 1343 sc->rev = le16toh(sc->rev); 1344 DPRINTF(sc, WPI_DEBUG_EEPROM, "cap=%x rev=%x type=%x\n", sc->cap, 1345 sc->rev, sc->type); 1346 1347 /* Read the regulatory domain (4 ASCII characters.) */ 1348 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, sc->domain, 1349 sizeof(sc->domain))); 1350 1351 /* Read MAC address. */ 1352 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_MAC, macaddr, 1353 IEEE80211_ADDR_LEN)); 1354 1355 /* Read the list of authorized channels. */ 1356 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 1357 WPI_CHK(wpi_read_eeprom_channels(sc, i)); 1358 1359 /* Read the list of TX power groups. */ 1360 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 1361 WPI_CHK(wpi_read_eeprom_group(sc, i)); 1362 1363fail: wpi_apm_stop(sc); /* Power OFF adapter. */ 1364 1365 DPRINTF(sc, WPI_DEBUG_TRACE, error ? TRACE_STR_END_ERR : TRACE_STR_END, 1366 __func__); 1367 1368 return error; 1369#undef WPI_CHK 1370} 1371 1372/* 1373 * Translate EEPROM flags to net80211. 1374 */ 1375static uint32_t 1376wpi_eeprom_channel_flags(struct wpi_eeprom_chan *channel) 1377{ 1378 uint32_t nflags; 1379 1380 nflags = 0; 1381 if ((channel->flags & WPI_EEPROM_CHAN_ACTIVE) == 0) 1382 nflags |= IEEE80211_CHAN_PASSIVE; 1383 if ((channel->flags & WPI_EEPROM_CHAN_IBSS) == 0) 1384 nflags |= IEEE80211_CHAN_NOADHOC; 1385 if (channel->flags & WPI_EEPROM_CHAN_RADAR) { 1386 nflags |= IEEE80211_CHAN_DFS; 1387 /* XXX apparently IBSS may still be marked */ 1388 nflags |= IEEE80211_CHAN_NOADHOC; 1389 } 1390 1391 /* XXX HOSTAP uses WPI_MODE_IBSS */ 1392 if (nflags & IEEE80211_CHAN_NOADHOC) 1393 nflags |= IEEE80211_CHAN_NOHOSTAP; 1394 1395 return nflags; 1396} 1397 1398static void 1399wpi_read_eeprom_band(struct wpi_softc *sc, int n) 1400{ 1401 struct ifnet *ifp = sc->sc_ifp; 1402 struct ieee80211com *ic = ifp->if_l2com; 1403 struct wpi_eeprom_chan *channels = sc->eeprom_channels[n]; 1404 const struct wpi_chan_band *band = &wpi_bands[n]; 1405 struct ieee80211_channel *c; 1406 uint8_t chan; 1407 int i, nflags; 1408 1409 for (i = 0; i < band->nchan; i++) { 1410 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) { 1411 DPRINTF(sc, WPI_DEBUG_EEPROM, 1412 "Channel Not Valid: %d, band %d\n", 1413 band->chan[i],n); 1414 continue; 1415 } 1416 1417 chan = band->chan[i]; 1418 nflags = wpi_eeprom_channel_flags(&channels[i]); 1419 1420 c = &ic->ic_channels[ic->ic_nchans++]; 1421 c->ic_ieee = chan; 1422 c->ic_maxregpower = channels[i].maxpwr; 1423 c->ic_maxpower = 2*c->ic_maxregpower; 1424 1425 if (n == 0) { /* 2GHz band */ 1426 c->ic_freq = ieee80211_ieee2mhz(chan, 1427 IEEE80211_CHAN_G); 1428 1429 /* G =>'s B is supported */ 1430 c->ic_flags = IEEE80211_CHAN_B | nflags; 1431 c = &ic->ic_channels[ic->ic_nchans++]; 1432 c[0] = c[-1]; 1433 c->ic_flags = IEEE80211_CHAN_G | nflags; 1434 } else { /* 5GHz band */ 1435 c->ic_freq = ieee80211_ieee2mhz(chan, 1436 IEEE80211_CHAN_A); 1437 1438 c->ic_flags = IEEE80211_CHAN_A | nflags; 1439 } 1440 1441 /* Save maximum allowed TX power for this channel. */ 1442 sc->maxpwr[chan] = channels[i].maxpwr; 1443 1444 DPRINTF(sc, WPI_DEBUG_EEPROM, 1445 "adding chan %d (%dMHz) flags=0x%x maxpwr=%d passive=%d," 1446 " offset %d\n", chan, c->ic_freq, 1447 channels[i].flags, sc->maxpwr[chan], 1448 IEEE80211_IS_CHAN_PASSIVE(c), ic->ic_nchans); 1449 } 1450} 1451 1452/** 1453 * Read the eeprom to find out what channels are valid for the given 1454 * band and update net80211 with what we find. 1455 */ 1456static int 1457wpi_read_eeprom_channels(struct wpi_softc *sc, int n) 1458{ 1459 struct ifnet *ifp = sc->sc_ifp; 1460 struct ieee80211com *ic = ifp->if_l2com; 1461 const struct wpi_chan_band *band = &wpi_bands[n]; 1462 int error; 1463 1464 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1465 1466 error = wpi_read_prom_data(sc, band->addr, &sc->eeprom_channels[n], 1467 band->nchan * sizeof (struct wpi_eeprom_chan)); 1468 if (error != 0) { 1469 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1470 return error; 1471 } 1472 1473 wpi_read_eeprom_band(sc, n); 1474 1475 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans); 1476 1477 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1478 1479 return 0; 1480} 1481 1482static struct wpi_eeprom_chan * 1483wpi_find_eeprom_channel(struct wpi_softc *sc, struct ieee80211_channel *c) 1484{ 1485 int i, j; 1486 1487 for (j = 0; j < WPI_CHAN_BANDS_COUNT; j++) 1488 for (i = 0; i < wpi_bands[j].nchan; i++) 1489 if (wpi_bands[j].chan[i] == c->ic_ieee) 1490 return &sc->eeprom_channels[j][i]; 1491 1492 return NULL; 1493} 1494 1495/* 1496 * Enforce flags read from EEPROM. 1497 */ 1498static int 1499wpi_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd, 1500 int nchan, struct ieee80211_channel chans[]) 1501{ 1502 struct ifnet *ifp = ic->ic_ifp; 1503 struct wpi_softc *sc = ifp->if_softc; 1504 int i; 1505 1506 for (i = 0; i < nchan; i++) { 1507 struct ieee80211_channel *c = &chans[i]; 1508 struct wpi_eeprom_chan *channel; 1509 1510 channel = wpi_find_eeprom_channel(sc, c); 1511 if (channel == NULL) { 1512 if_printf(ic->ic_ifp, 1513 "%s: invalid channel %u freq %u/0x%x\n", 1514 __func__, c->ic_ieee, c->ic_freq, c->ic_flags); 1515 return EINVAL; 1516 } 1517 c->ic_flags |= wpi_eeprom_channel_flags(channel); 1518 } 1519 1520 return 0; 1521} 1522 1523static int 1524wpi_read_eeprom_group(struct wpi_softc *sc, int n) 1525{ 1526 struct wpi_power_group *group = &sc->groups[n]; 1527 struct wpi_eeprom_group rgroup; 1528 int i, error; 1529 1530 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1531 1532 if ((error = wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, 1533 &rgroup, sizeof rgroup)) != 0) { 1534 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1535 return error; 1536 } 1537 1538 /* Save TX power group information. */ 1539 group->chan = rgroup.chan; 1540 group->maxpwr = rgroup.maxpwr; 1541 /* Retrieve temperature at which the samples were taken. */ 1542 group->temp = (int16_t)le16toh(rgroup.temp); 1543 1544 DPRINTF(sc, WPI_DEBUG_EEPROM, 1545 "power group %d: chan=%d maxpwr=%d temp=%d\n", n, group->chan, 1546 group->maxpwr, group->temp); 1547 1548 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 1549 group->samples[i].index = rgroup.samples[i].index; 1550 group->samples[i].power = rgroup.samples[i].power; 1551 1552 DPRINTF(sc, WPI_DEBUG_EEPROM, 1553 "\tsample %d: index=%d power=%d\n", i, 1554 group->samples[i].index, group->samples[i].power); 1555 } 1556 1557 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1558 1559 return 0; 1560} 1561 1562static int 1563wpi_add_node_entry_adhoc(struct wpi_softc *sc) 1564{ 1565 int newid = WPI_ID_IBSS_MIN; 1566 1567 for (; newid <= WPI_ID_IBSS_MAX; newid++) { 1568 if ((sc->nodesmsk & (1 << newid)) == 0) { 1569 sc->nodesmsk |= 1 << newid; 1570 return newid; 1571 } 1572 } 1573 1574 return WPI_ID_UNDEFINED; 1575} 1576 1577static __inline int 1578wpi_add_node_entry_sta(struct wpi_softc *sc) 1579{ 1580 sc->nodesmsk |= 1 << WPI_ID_BSS; 1581 1582 return WPI_ID_BSS; 1583} 1584 1585static __inline int 1586wpi_check_node_entry(struct wpi_softc *sc, uint8_t id) 1587{ 1588 if (id == WPI_ID_UNDEFINED) 1589 return 0; 1590 1591 return (sc->nodesmsk >> id) & 1; 1592} 1593 1594static __inline void 1595wpi_clear_node_table(struct wpi_softc *sc) 1596{ 1597 sc->nodesmsk = 0; 1598} 1599 1600static __inline void 1601wpi_del_node_entry(struct wpi_softc *sc, uint8_t id) 1602{ 1603 sc->nodesmsk &= ~(1 << id); 1604} 1605 1606static struct ieee80211_node * 1607wpi_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1608{ 1609 struct wpi_node *wn; 1610 1611 wn = malloc(sizeof (struct wpi_node), M_80211_NODE, 1612 M_NOWAIT | M_ZERO); 1613 1614 if (wn == NULL) 1615 return NULL; 1616 1617 wn->id = WPI_ID_UNDEFINED; 1618 1619 return &wn->ni; 1620} 1621 1622static void 1623wpi_node_free(struct ieee80211_node *ni) 1624{ 1625 struct ieee80211com *ic = ni->ni_ic; 1626 struct wpi_softc *sc = ic->ic_ifp->if_softc; 1627 struct wpi_node *wn = WPI_NODE(ni); 1628 1629 if (wn->id != WPI_ID_UNDEFINED) { 1630 WPI_NT_LOCK(sc); 1631 if (wpi_check_node_entry(sc, wn->id)) { 1632 wpi_del_node_entry(sc, wn->id); 1633 wpi_del_node(sc, ni); 1634 } 1635 WPI_NT_UNLOCK(sc); 1636 } 1637 1638 sc->sc_node_free(ni); 1639} 1640 1641/** 1642 * Called by net80211 when ever there is a change to 80211 state machine 1643 */ 1644static int 1645wpi_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1646{ 1647 struct wpi_vap *wvp = WPI_VAP(vap); 1648 struct ieee80211com *ic = vap->iv_ic; 1649 struct ifnet *ifp = ic->ic_ifp; 1650 struct wpi_softc *sc = ifp->if_softc; 1651 int error = 0; 1652 1653 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1654 1655 DPRINTF(sc, WPI_DEBUG_STATE, "%s: %s -> %s\n", __func__, 1656 ieee80211_state_name[vap->iv_state], 1657 ieee80211_state_name[nstate]); 1658 1659 switch (nstate) { 1660 case IEEE80211_S_SCAN: 1661 WPI_RXON_LOCK(sc); 1662 if ((sc->rxon.filter & htole32(WPI_FILTER_BSS)) && 1663 vap->iv_opmode != IEEE80211_M_STA) { 1664 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1665 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 1666 device_printf(sc->sc_dev, 1667 "%s: could not send RXON\n", __func__); 1668 } 1669 } 1670 WPI_RXON_UNLOCK(sc); 1671 break; 1672 1673 case IEEE80211_S_ASSOC: 1674 if (vap->iv_state != IEEE80211_S_RUN) 1675 break; 1676 /* FALLTHROUGH */ 1677 case IEEE80211_S_AUTH: 1678 /* 1679 * The node must be registered in the firmware before auth. 1680 * Also the associd must be cleared on RUN -> ASSOC 1681 * transitions. 1682 */ 1683 if ((error = wpi_auth(sc, vap)) != 0) { 1684 device_printf(sc->sc_dev, 1685 "%s: could not move to AUTH state, error %d\n", 1686 __func__, error); 1687 } 1688 break; 1689 1690 case IEEE80211_S_RUN: 1691 /* 1692 * RUN -> RUN transition; Just restart the timers. 1693 */ 1694 if (vap->iv_state == IEEE80211_S_RUN) { 1695 WPI_RXON_LOCK(sc); 1696 wpi_calib_timeout(sc); 1697 WPI_RXON_UNLOCK(sc); 1698 break; 1699 } 1700 1701 /* 1702 * !RUN -> RUN requires setting the association id 1703 * which is done with a firmware cmd. We also defer 1704 * starting the timers until that work is done. 1705 */ 1706 if ((error = wpi_run(sc, vap)) != 0) { 1707 device_printf(sc->sc_dev, 1708 "%s: could not move to RUN state\n", __func__); 1709 } 1710 break; 1711 1712 default: 1713 break; 1714 } 1715 if (error != 0) { 1716 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1717 return error; 1718 } 1719 1720 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1721 1722 return wvp->wv_newstate(vap, nstate, arg); 1723} 1724 1725static void 1726wpi_calib_timeout(void *arg) 1727{ 1728 struct wpi_softc *sc = arg; 1729 1730 if (!(sc->rxon.filter & htole32(WPI_FILTER_BSS))) 1731 return; 1732 1733 wpi_power_calibration(sc); 1734 1735 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 1736} 1737 1738static __inline uint8_t 1739rate2plcp(const uint8_t rate) 1740{ 1741 switch (rate) { 1742 case 12: return 0xd; 1743 case 18: return 0xf; 1744 case 24: return 0x5; 1745 case 36: return 0x7; 1746 case 48: return 0x9; 1747 case 72: return 0xb; 1748 case 96: return 0x1; 1749 case 108: return 0x3; 1750 case 2: return 10; 1751 case 4: return 20; 1752 case 11: return 55; 1753 case 22: return 110; 1754 default: return 0; 1755 } 1756} 1757 1758static __inline uint8_t 1759plcp2rate(const uint8_t plcp) 1760{ 1761 switch (plcp) { 1762 case 0xd: return 12; 1763 case 0xf: return 18; 1764 case 0x5: return 24; 1765 case 0x7: return 36; 1766 case 0x9: return 48; 1767 case 0xb: return 72; 1768 case 0x1: return 96; 1769 case 0x3: return 108; 1770 case 10: return 2; 1771 case 20: return 4; 1772 case 55: return 11; 1773 case 110: return 22; 1774 default: return 0; 1775 } 1776} 1777 1778/* Quickly determine if a given rate is CCK or OFDM. */ 1779#define WPI_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1780 1781static void 1782wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1783 struct wpi_rx_data *data) 1784{ 1785 struct ifnet *ifp = sc->sc_ifp; 1786 struct ieee80211com *ic = ifp->if_l2com; 1787 struct wpi_rx_ring *ring = &sc->rxq; 1788 struct wpi_rx_stat *stat; 1789 struct wpi_rx_head *head; 1790 struct wpi_rx_tail *tail; 1791 struct ieee80211_frame *wh; 1792 struct ieee80211_node *ni; 1793 struct mbuf *m, *m1; 1794 bus_addr_t paddr; 1795 uint32_t flags; 1796 uint16_t len; 1797 int error; 1798 1799 stat = (struct wpi_rx_stat *)(desc + 1); 1800 1801 if (stat->len > WPI_STAT_MAXLEN) { 1802 device_printf(sc->sc_dev, "invalid RX statistic header\n"); 1803 goto fail1; 1804 } 1805 1806 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 1807 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1808 len = le16toh(head->len); 1809 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + len); 1810 flags = le32toh(tail->flags); 1811 1812 DPRINTF(sc, WPI_DEBUG_RECV, "%s: idx %d len %d stat len %u rssi %d" 1813 " rate %x chan %d tstamp %ju\n", __func__, ring->cur, 1814 le32toh(desc->len), len, (int8_t)stat->rssi, 1815 head->plcp, head->chan, (uintmax_t)le64toh(tail->tstamp)); 1816 1817 /* Discard frames with a bad FCS early. */ 1818 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1819 DPRINTF(sc, WPI_DEBUG_RECV, "%s: RX flags error %x\n", 1820 __func__, flags); 1821 goto fail1; 1822 } 1823 /* Discard frames that are too short. */ 1824 if (len < sizeof (*wh)) { 1825 DPRINTF(sc, WPI_DEBUG_RECV, "%s: frame too short: %d\n", 1826 __func__, len); 1827 goto fail1; 1828 } 1829 1830 m1 = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1831 if (m1 == NULL) { 1832 DPRINTF(sc, WPI_DEBUG_ANY, "%s: no mbuf to restock ring\n", 1833 __func__); 1834 goto fail1; 1835 } 1836 bus_dmamap_unload(ring->data_dmat, data->map); 1837 1838 error = bus_dmamap_load(ring->data_dmat, data->map, mtod(m1, void *), 1839 MJUMPAGESIZE, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 1840 if (error != 0 && error != EFBIG) { 1841 device_printf(sc->sc_dev, 1842 "%s: bus_dmamap_load failed, error %d\n", __func__, error); 1843 m_freem(m1); 1844 1845 /* Try to reload the old mbuf. */ 1846 error = bus_dmamap_load(ring->data_dmat, data->map, 1847 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1848 &paddr, BUS_DMA_NOWAIT); 1849 if (error != 0 && error != EFBIG) { 1850 panic("%s: could not load old RX mbuf", __func__); 1851 } 1852 /* Physical address may have changed. */ 1853 ring->desc[ring->cur] = htole32(paddr); 1854 bus_dmamap_sync(ring->data_dmat, ring->desc_dma.map, 1855 BUS_DMASYNC_PREWRITE); 1856 goto fail1; 1857 } 1858 1859 m = data->m; 1860 data->m = m1; 1861 /* Update RX descriptor. */ 1862 ring->desc[ring->cur] = htole32(paddr); 1863 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1864 BUS_DMASYNC_PREWRITE); 1865 1866 /* Finalize mbuf. */ 1867 m->m_pkthdr.rcvif = ifp; 1868 m->m_data = (caddr_t)(head + 1); 1869 m->m_pkthdr.len = m->m_len = len; 1870 1871 /* Grab a reference to the source node. */ 1872 wh = mtod(m, struct ieee80211_frame *); 1873 1874 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 1875 (flags & WPI_RX_CIPHER_MASK) == WPI_RX_CIPHER_CCMP) { 1876 /* Check whether decryption was successful or not. */ 1877 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 1878 DPRINTF(sc, WPI_DEBUG_RECV, 1879 "CCMP decryption failed 0x%x\n", flags); 1880 goto fail2; 1881 } 1882 m->m_flags |= M_WEP; 1883 } 1884 1885 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 1886 1887 if (ieee80211_radiotap_active(ic)) { 1888 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 1889 1890 tap->wr_flags = 0; 1891 if (head->flags & htole16(WPI_STAT_FLAG_SHPREAMBLE)) 1892 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1893 tap->wr_dbm_antsignal = (int8_t)(stat->rssi + WPI_RSSI_OFFSET); 1894 tap->wr_dbm_antnoise = WPI_RSSI_OFFSET; 1895 tap->wr_tsft = tail->tstamp; 1896 tap->wr_antenna = (le16toh(head->flags) >> 4) & 0xf; 1897 tap->wr_rate = plcp2rate(head->plcp); 1898 } 1899 1900 WPI_UNLOCK(sc); 1901 1902 /* Send the frame to the 802.11 layer. */ 1903 if (ni != NULL) { 1904 (void)ieee80211_input(ni, m, stat->rssi, WPI_RSSI_OFFSET); 1905 /* Node is no longer needed. */ 1906 ieee80211_free_node(ni); 1907 } else 1908 (void)ieee80211_input_all(ic, m, stat->rssi, WPI_RSSI_OFFSET); 1909 1910 WPI_LOCK(sc); 1911 1912 return; 1913 1914fail2: m_freem(m); 1915 1916fail1: if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1917} 1918 1919static void 1920wpi_rx_statistics(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1921 struct wpi_rx_data *data) 1922{ 1923 /* Ignore */ 1924} 1925 1926static void 1927wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 1928{ 1929 struct ifnet *ifp = sc->sc_ifp; 1930 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 1931 struct wpi_tx_data *data = &ring->data[desc->idx]; 1932 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 1933 struct mbuf *m; 1934 struct ieee80211_node *ni; 1935 struct ieee80211vap *vap; 1936 struct ieee80211com *ic; 1937 int ackfailcnt = stat->ackfailcnt / 2; /* wpi_mrr_setup() */ 1938 int status = le32toh(stat->status); 1939 1940 KASSERT(data->ni != NULL, ("no node")); 1941 KASSERT(data->m != NULL, ("no mbuf")); 1942 1943 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1944 1945 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: " 1946 "qid %d idx %d retries %d btkillcnt %d rate %x duration %d " 1947 "status %x\n", __func__, desc->qid, desc->idx, ackfailcnt, 1948 stat->btkillcnt, stat->rate, le32toh(stat->duration), status); 1949 1950 /* Unmap and free mbuf. */ 1951 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTWRITE); 1952 bus_dmamap_unload(ring->data_dmat, data->map); 1953 m = data->m, data->m = NULL; 1954 ni = data->ni, data->ni = NULL; 1955 vap = ni->ni_vap; 1956 ic = vap->iv_ic; 1957 1958 /* 1959 * Update rate control statistics for the node. 1960 */ 1961 WPI_UNLOCK(sc); 1962 if ((status & 0xff) != 1) { 1963 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1964 ieee80211_ratectl_tx_complete(vap, ni, 1965 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL); 1966 } else { 1967 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 1968 ieee80211_ratectl_tx_complete(vap, ni, 1969 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL); 1970 } 1971 1972 ieee80211_tx_complete(ni, m, (status & 0xff) != 1); 1973 WPI_LOCK(sc); 1974 1975 WPI_TXQ_STATE_LOCK(sc); 1976 ring->queued -= 1; 1977 if (ring->queued > 0) { 1978 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, sc); 1979 1980 if (sc->qfullmsk != 0 && 1981 ring->queued < WPI_TX_RING_LOMARK) { 1982 sc->qfullmsk &= ~(1 << ring->qid); 1983 IF_LOCK(&ifp->if_snd); 1984 if (sc->qfullmsk == 0 && 1985 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) { 1986 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1987 IF_UNLOCK(&ifp->if_snd); 1988 ieee80211_runtask(ic, &sc->sc_start_task); 1989 } else 1990 IF_UNLOCK(&ifp->if_snd); 1991 } 1992 } else 1993 callout_stop(&sc->tx_timeout); 1994 WPI_TXQ_STATE_UNLOCK(sc); 1995 1996 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1997} 1998 1999/* 2000 * Process a "command done" firmware notification. This is where we wakeup 2001 * processes waiting for a synchronous command completion. 2002 */ 2003static void 2004wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 2005{ 2006 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 2007 struct wpi_tx_data *data; 2008 2009 DPRINTF(sc, WPI_DEBUG_CMD, "cmd notification qid %x idx %d flags %x " 2010 "type %s len %d\n", desc->qid, desc->idx, 2011 desc->flags, wpi_cmd_str(desc->type), 2012 le32toh(desc->len)); 2013 2014 if ((desc->qid & WPI_RX_DESC_QID_MSK) != WPI_CMD_QUEUE_NUM) 2015 return; /* Not a command ack. */ 2016 2017 KASSERT(ring->queued == 0, ("ring->queued must be 0")); 2018 2019 data = &ring->data[desc->idx]; 2020 2021 /* If the command was mapped in an mbuf, free it. */ 2022 if (data->m != NULL) { 2023 bus_dmamap_sync(ring->data_dmat, data->map, 2024 BUS_DMASYNC_POSTWRITE); 2025 bus_dmamap_unload(ring->data_dmat, data->map); 2026 m_freem(data->m); 2027 data->m = NULL; 2028 } 2029 2030 wakeup(&ring->cmd[desc->idx]); 2031} 2032 2033static void 2034wpi_notif_intr(struct wpi_softc *sc) 2035{ 2036 struct ifnet *ifp = sc->sc_ifp; 2037 struct ieee80211com *ic = ifp->if_l2com; 2038 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2039 int hw; 2040 2041 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 2042 BUS_DMASYNC_POSTREAD); 2043 2044 hw = le32toh(sc->shared->next); 2045 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 2046 2047 while (sc->rxq.cur != hw) { 2048 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 2049 2050 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 2051 struct wpi_rx_desc *desc; 2052 2053 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2054 BUS_DMASYNC_POSTREAD); 2055 desc = mtod(data->m, struct wpi_rx_desc *); 2056 2057 DPRINTF(sc, WPI_DEBUG_NOTIFY, 2058 "%s: cur=%d; qid %x idx %d flags %x type %d(%s) len %d\n", 2059 __func__, sc->rxq.cur, desc->qid, desc->idx, desc->flags, 2060 desc->type, wpi_cmd_str(desc->type), le32toh(desc->len)); 2061 2062 if (!(desc->qid & WPI_UNSOLICITED_RX_NOTIF)) { 2063 /* Reply to a command. */ 2064 wpi_cmd_done(sc, desc); 2065 } 2066 2067 switch (desc->type) { 2068 case WPI_RX_DONE: 2069 /* An 802.11 frame has been received. */ 2070 wpi_rx_done(sc, desc, data); 2071 2072 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2073 /* wpi_stop() was called. */ 2074 return; 2075 } 2076 2077 break; 2078 2079 case WPI_TX_DONE: 2080 /* An 802.11 frame has been transmitted. */ 2081 wpi_tx_done(sc, desc); 2082 break; 2083 2084 case WPI_RX_STATISTICS: 2085 case WPI_BEACON_STATISTICS: 2086 wpi_rx_statistics(sc, desc, data); 2087 break; 2088 2089 case WPI_BEACON_MISSED: 2090 { 2091 struct wpi_beacon_missed *miss = 2092 (struct wpi_beacon_missed *)(desc + 1); 2093 int misses; 2094 2095 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2096 BUS_DMASYNC_POSTREAD); 2097 misses = le32toh(miss->consecutive); 2098 2099 DPRINTF(sc, WPI_DEBUG_STATE, 2100 "%s: beacons missed %d/%d\n", __func__, misses, 2101 le32toh(miss->total)); 2102 2103 if (vap->iv_state == IEEE80211_S_RUN && 2104 (ic->ic_flags & IEEE80211_F_SCAN) == 0) { 2105 if (misses >= vap->iv_bmissthreshold) { 2106 WPI_UNLOCK(sc); 2107 ieee80211_beacon_miss(ic); 2108 WPI_LOCK(sc); 2109 } 2110 } 2111 break; 2112 } 2113 case WPI_UC_READY: 2114 { 2115 struct wpi_ucode_info *uc = 2116 (struct wpi_ucode_info *)(desc + 1); 2117 2118 /* The microcontroller is ready. */ 2119 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2120 BUS_DMASYNC_POSTREAD); 2121 DPRINTF(sc, WPI_DEBUG_RESET, 2122 "microcode alive notification version=%d.%d " 2123 "subtype=%x alive=%x\n", uc->major, uc->minor, 2124 uc->subtype, le32toh(uc->valid)); 2125 2126 if (le32toh(uc->valid) != 1) { 2127 device_printf(sc->sc_dev, 2128 "microcontroller initialization failed\n"); 2129 wpi_stop_locked(sc); 2130 } 2131 /* Save the address of the error log in SRAM. */ 2132 sc->errptr = le32toh(uc->errptr); 2133 break; 2134 } 2135 case WPI_STATE_CHANGED: 2136 { 2137 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2138 BUS_DMASYNC_POSTREAD); 2139 2140 uint32_t *status = (uint32_t *)(desc + 1); 2141 2142 DPRINTF(sc, WPI_DEBUG_STATE, "state changed to %x\n", 2143 le32toh(*status)); 2144 2145 if (le32toh(*status) & 1) { 2146 WPI_NT_LOCK(sc); 2147 wpi_clear_node_table(sc); 2148 WPI_NT_UNLOCK(sc); 2149 ieee80211_runtask(ic, &sc->sc_radiooff_task); 2150 return; 2151 } 2152 break; 2153 } 2154 case WPI_START_SCAN: 2155 { 2156 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2157 BUS_DMASYNC_POSTREAD); 2158#ifdef WPI_DEBUG 2159 struct wpi_start_scan *scan = 2160 (struct wpi_start_scan *)(desc + 1); 2161 DPRINTF(sc, WPI_DEBUG_SCAN, 2162 "%s: scanning channel %d status %x\n", 2163 __func__, scan->chan, le32toh(scan->status)); 2164#endif 2165 break; 2166 } 2167 case WPI_STOP_SCAN: 2168 { 2169 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2170 BUS_DMASYNC_POSTREAD); 2171#ifdef WPI_DEBUG 2172 struct wpi_stop_scan *scan = 2173 (struct wpi_stop_scan *)(desc + 1); 2174 DPRINTF(sc, WPI_DEBUG_SCAN, 2175 "scan finished nchan=%d status=%d chan=%d\n", 2176 scan->nchan, scan->status, scan->chan); 2177#endif 2178 WPI_RXON_LOCK(sc); 2179 callout_stop(&sc->scan_timeout); 2180 WPI_RXON_UNLOCK(sc); 2181 WPI_UNLOCK(sc); 2182 ieee80211_scan_next(vap); 2183 WPI_LOCK(sc); 2184 break; 2185 } 2186 } 2187 } 2188 2189 /* Tell the firmware what we have processed. */ 2190 wpi_update_rx_ring(sc); 2191} 2192 2193/* 2194 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up 2195 * from power-down sleep mode. 2196 */ 2197static void 2198wpi_wakeup_intr(struct wpi_softc *sc) 2199{ 2200 int qid; 2201 2202 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 2203 "%s: ucode wakeup from power-down sleep\n", __func__); 2204 2205 /* Wakeup RX and TX rings. */ 2206 if (sc->rxq.update) { 2207 sc->rxq.update = 0; 2208 wpi_update_rx_ring(sc); 2209 } 2210 WPI_TXQ_LOCK(sc); 2211 for (qid = 0; qid < WPI_DRV_NTXQUEUES; qid++) { 2212 struct wpi_tx_ring *ring = &sc->txq[qid]; 2213 2214 if (ring->update) { 2215 ring->update = 0; 2216 wpi_update_tx_ring(sc, ring); 2217 } 2218 } 2219 WPI_TXQ_UNLOCK(sc); 2220 2221 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 2222} 2223 2224/* 2225 * This function prints firmware registers 2226 */ 2227#ifdef WPI_DEBUG 2228static void 2229wpi_debug_registers(struct wpi_softc *sc) 2230{ 2231#define COUNTOF(array) (sizeof(array) / sizeof(array[0])) 2232 int i; 2233 static const uint32_t csr_tbl[] = { 2234 WPI_HW_IF_CONFIG, 2235 WPI_INT, 2236 WPI_INT_MASK, 2237 WPI_FH_INT, 2238 WPI_GPIO_IN, 2239 WPI_RESET, 2240 WPI_GP_CNTRL, 2241 WPI_EEPROM, 2242 WPI_EEPROM_GP, 2243 WPI_GIO, 2244 WPI_UCODE_GP1, 2245 WPI_UCODE_GP2, 2246 WPI_GIO_CHICKEN, 2247 WPI_ANA_PLL, 2248 WPI_DBG_HPET_MEM, 2249 }; 2250 static const uint32_t prph_tbl[] = { 2251 WPI_APMG_CLK_CTRL, 2252 WPI_APMG_PS, 2253 WPI_APMG_PCI_STT, 2254 WPI_APMG_RFKILL, 2255 }; 2256 2257 DPRINTF(sc, WPI_DEBUG_REGISTER,"%s","\n"); 2258 2259 for (i = 0; i < COUNTOF(csr_tbl); i++) { 2260 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2261 wpi_get_csr_string(csr_tbl[i]), WPI_READ(sc, csr_tbl[i])); 2262 2263 if ((i + 1) % 2 == 0) 2264 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2265 } 2266 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n\n"); 2267 2268 if (wpi_nic_lock(sc) == 0) { 2269 for (i = 0; i < COUNTOF(prph_tbl); i++) { 2270 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2271 wpi_get_prph_string(prph_tbl[i]), 2272 wpi_prph_read(sc, prph_tbl[i])); 2273 2274 if ((i + 1) % 2 == 0) 2275 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2276 } 2277 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2278 wpi_nic_unlock(sc); 2279 } else { 2280 DPRINTF(sc, WPI_DEBUG_REGISTER, 2281 "Cannot access internal registers.\n"); 2282 } 2283#undef COUNTOF 2284} 2285#endif 2286 2287/* 2288 * Dump the error log of the firmware when a firmware panic occurs. Although 2289 * we can't debug the firmware because it is neither open source nor free, it 2290 * can help us to identify certain classes of problems. 2291 */ 2292static void 2293wpi_fatal_intr(struct wpi_softc *sc) 2294{ 2295 struct wpi_fw_dump dump; 2296 uint32_t i, offset, count; 2297 const uint32_t size_errmsg = 2298 (sizeof (wpi_fw_errmsg) / sizeof ((wpi_fw_errmsg)[0])); 2299 2300 /* Check that the error log address is valid. */ 2301 if (sc->errptr < WPI_FW_DATA_BASE || 2302 sc->errptr + sizeof (dump) > 2303 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 2304 printf("%s: bad firmware error log address 0x%08x\n", __func__, 2305 sc->errptr); 2306 return; 2307 } 2308 if (wpi_nic_lock(sc) != 0) { 2309 printf("%s: could not read firmware error log\n", __func__); 2310 return; 2311 } 2312 /* Read number of entries in the log. */ 2313 count = wpi_mem_read(sc, sc->errptr); 2314 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 2315 printf("%s: invalid count field (count = %u)\n", __func__, 2316 count); 2317 wpi_nic_unlock(sc); 2318 return; 2319 } 2320 /* Skip "count" field. */ 2321 offset = sc->errptr + sizeof (uint32_t); 2322 printf("firmware error log (count = %u):\n", count); 2323 for (i = 0; i < count; i++) { 2324 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 2325 sizeof (dump) / sizeof (uint32_t)); 2326 2327 printf(" error type = \"%s\" (0x%08X)\n", 2328 (dump.desc < size_errmsg) ? 2329 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 2330 dump.desc); 2331 printf(" error data = 0x%08X\n", 2332 dump.data); 2333 printf(" branch link = 0x%08X%08X\n", 2334 dump.blink[0], dump.blink[1]); 2335 printf(" interrupt link = 0x%08X%08X\n", 2336 dump.ilink[0], dump.ilink[1]); 2337 printf(" time = %u\n", dump.time); 2338 2339 offset += sizeof (dump); 2340 } 2341 wpi_nic_unlock(sc); 2342 /* Dump driver status (TX and RX rings) while we're here. */ 2343 printf("driver status:\n"); 2344 WPI_TXQ_LOCK(sc); 2345 for (i = 0; i < WPI_DRV_NTXQUEUES; i++) { 2346 struct wpi_tx_ring *ring = &sc->txq[i]; 2347 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 2348 i, ring->qid, ring->cur, ring->queued); 2349 } 2350 WPI_TXQ_UNLOCK(sc); 2351 printf(" rx ring: cur=%d\n", sc->rxq.cur); 2352} 2353 2354static void 2355wpi_intr(void *arg) 2356{ 2357 struct wpi_softc *sc = arg; 2358 struct ifnet *ifp = sc->sc_ifp; 2359 uint32_t r1, r2; 2360 2361 WPI_LOCK(sc); 2362 2363 /* Disable interrupts. */ 2364 WPI_WRITE(sc, WPI_INT_MASK, 0); 2365 2366 r1 = WPI_READ(sc, WPI_INT); 2367 2368 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 2369 goto end; /* Hardware gone! */ 2370 2371 r2 = WPI_READ(sc, WPI_FH_INT); 2372 2373 DPRINTF(sc, WPI_DEBUG_INTR, "%s: reg1=0x%08x reg2=0x%08x\n", __func__, 2374 r1, r2); 2375 2376 if (r1 == 0 && r2 == 0) 2377 goto done; /* Interrupt not for us. */ 2378 2379 /* Acknowledge interrupts. */ 2380 WPI_WRITE(sc, WPI_INT, r1); 2381 WPI_WRITE(sc, WPI_FH_INT, r2); 2382 2383 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) { 2384 struct ieee80211com *ic = ifp->if_l2com; 2385 2386 device_printf(sc->sc_dev, "fatal firmware error\n"); 2387#ifdef WPI_DEBUG 2388 wpi_debug_registers(sc); 2389#endif 2390 wpi_fatal_intr(sc); 2391 DPRINTF(sc, WPI_DEBUG_HW, 2392 "(%s)\n", (r1 & WPI_INT_SW_ERR) ? "(Software Error)" : 2393 "(Hardware Error)"); 2394 ieee80211_runtask(ic, &sc->sc_reinittask); 2395 goto end; 2396 } 2397 2398 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 2399 (r2 & WPI_FH_INT_RX)) 2400 wpi_notif_intr(sc); 2401 2402 if (r1 & WPI_INT_ALIVE) 2403 wakeup(sc); /* Firmware is alive. */ 2404 2405 if (r1 & WPI_INT_WAKEUP) 2406 wpi_wakeup_intr(sc); 2407 2408done: 2409 /* Re-enable interrupts. */ 2410 if (ifp->if_flags & IFF_UP) 2411 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 2412 2413end: WPI_UNLOCK(sc); 2414} 2415 2416static int 2417wpi_cmd2(struct wpi_softc *sc, struct wpi_buf *buf) 2418{ 2419 struct ifnet *ifp = sc->sc_ifp; 2420 struct ieee80211_frame *wh; 2421 struct wpi_tx_cmd *cmd; 2422 struct wpi_tx_data *data; 2423 struct wpi_tx_desc *desc; 2424 struct wpi_tx_ring *ring; 2425 struct mbuf *m1; 2426 bus_dma_segment_t *seg, segs[WPI_MAX_SCATTER]; 2427 int error, i, hdrlen, nsegs, totlen, pad; 2428 2429 WPI_TXQ_LOCK(sc); 2430 2431 KASSERT(buf->size <= sizeof(buf->data), ("buffer overflow")); 2432 2433 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2434 2435 if (sc->txq_active == 0) { 2436 /* wpi_stop() was called */ 2437 error = ENETDOWN; 2438 goto fail; 2439 } 2440 2441 wh = mtod(buf->m, struct ieee80211_frame *); 2442 hdrlen = ieee80211_anyhdrsize(wh); 2443 totlen = buf->m->m_pkthdr.len; 2444 2445 if (hdrlen & 3) { 2446 /* First segment length must be a multiple of 4. */ 2447 pad = 4 - (hdrlen & 3); 2448 } else 2449 pad = 0; 2450 2451 ring = &sc->txq[buf->ac]; 2452 desc = &ring->desc[ring->cur]; 2453 data = &ring->data[ring->cur]; 2454 2455 /* Prepare TX firmware command. */ 2456 cmd = &ring->cmd[ring->cur]; 2457 cmd->code = buf->code; 2458 cmd->flags = 0; 2459 cmd->qid = ring->qid; 2460 cmd->idx = ring->cur; 2461 2462 memcpy(cmd->data, buf->data, buf->size); 2463 2464 /* Save and trim IEEE802.11 header. */ 2465 memcpy((uint8_t *)(cmd->data + buf->size), wh, hdrlen); 2466 m_adj(buf->m, hdrlen); 2467 2468 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, buf->m, 2469 segs, &nsegs, BUS_DMA_NOWAIT); 2470 if (error != 0 && error != EFBIG) { 2471 device_printf(sc->sc_dev, 2472 "%s: can't map mbuf (error %d)\n", __func__, error); 2473 goto fail; 2474 } 2475 if (error != 0) { 2476 /* Too many DMA segments, linearize mbuf. */ 2477 m1 = m_collapse(buf->m, M_NOWAIT, WPI_MAX_SCATTER - 1); 2478 if (m1 == NULL) { 2479 device_printf(sc->sc_dev, 2480 "%s: could not defrag mbuf\n", __func__); 2481 error = ENOBUFS; 2482 goto fail; 2483 } 2484 buf->m = m1; 2485 2486 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, 2487 buf->m, segs, &nsegs, BUS_DMA_NOWAIT); 2488 if (error != 0) { 2489 device_printf(sc->sc_dev, 2490 "%s: can't map mbuf (error %d)\n", __func__, 2491 error); 2492 goto fail; 2493 } 2494 } 2495 2496 KASSERT(nsegs < WPI_MAX_SCATTER, 2497 ("too many DMA segments, nsegs (%d) should be less than %d", 2498 nsegs, WPI_MAX_SCATTER)); 2499 2500 data->m = buf->m; 2501 data->ni = buf->ni; 2502 2503 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n", 2504 __func__, ring->qid, ring->cur, totlen, nsegs); 2505 2506 /* Fill TX descriptor. */ 2507 desc->nsegs = WPI_PAD32(totlen + pad) << 4 | (1 + nsegs); 2508 /* First DMA segment is used by the TX command. */ 2509 desc->segs[0].addr = htole32(data->cmd_paddr); 2510 desc->segs[0].len = htole32(4 + buf->size + hdrlen + pad); 2511 /* Other DMA segments are for data payload. */ 2512 seg = &segs[0]; 2513 for (i = 1; i <= nsegs; i++) { 2514 desc->segs[i].addr = htole32(seg->ds_addr); 2515 desc->segs[i].len = htole32(seg->ds_len); 2516 seg++; 2517 } 2518 2519 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE); 2520 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2521 BUS_DMASYNC_PREWRITE); 2522 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2523 BUS_DMASYNC_PREWRITE); 2524 2525 /* Kick TX ring. */ 2526 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2527 wpi_update_tx_ring(sc, ring); 2528 2529 if (ring->qid < WPI_CMD_QUEUE_NUM) { 2530 /* Mark TX ring as full if we reach a certain threshold. */ 2531 WPI_TXQ_STATE_LOCK(sc); 2532 if (++ring->queued > WPI_TX_RING_HIMARK) { 2533 sc->qfullmsk |= 1 << ring->qid; 2534 2535 IF_LOCK(&ifp->if_snd); 2536 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 2537 IF_UNLOCK(&ifp->if_snd); 2538 } 2539 2540 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, sc); 2541 WPI_TXQ_STATE_UNLOCK(sc); 2542 } 2543 2544 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2545 2546 WPI_TXQ_UNLOCK(sc); 2547 2548 return 0; 2549 2550fail: m_freem(buf->m); 2551 2552 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2553 2554 WPI_TXQ_UNLOCK(sc); 2555 2556 return error; 2557} 2558 2559/* 2560 * Construct the data packet for a transmit buffer. 2561 */ 2562static int 2563wpi_tx_data(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2564{ 2565 const struct ieee80211_txparam *tp; 2566 struct ieee80211vap *vap = ni->ni_vap; 2567 struct ieee80211com *ic = ni->ni_ic; 2568 struct wpi_node *wn = WPI_NODE(ni); 2569 struct ieee80211_channel *chan; 2570 struct ieee80211_frame *wh; 2571 struct ieee80211_key *k = NULL; 2572 struct wpi_buf tx_data; 2573 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2574 uint32_t flags; 2575 uint16_t qos; 2576 uint8_t tid, type; 2577 int ac, error, swcrypt, rate, ismcast, totlen; 2578 2579 wh = mtod(m, struct ieee80211_frame *); 2580 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2581 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 2582 2583 /* Select EDCA Access Category and TX ring for this frame. */ 2584 if (IEEE80211_QOS_HAS_SEQ(wh)) { 2585 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0]; 2586 tid = qos & IEEE80211_QOS_TID; 2587 } else { 2588 qos = 0; 2589 tid = 0; 2590 } 2591 ac = M_WME_GETAC(m); 2592 2593 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC) ? 2594 ni->ni_chan : ic->ic_curchan; 2595 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2596 2597 /* Choose a TX rate index. */ 2598 if (type == IEEE80211_FC0_TYPE_MGT) 2599 rate = tp->mgmtrate; 2600 else if (ismcast) 2601 rate = tp->mcastrate; 2602 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2603 rate = tp->ucastrate; 2604 else if (m->m_flags & M_EAPOL) 2605 rate = tp->mgmtrate; 2606 else { 2607 /* XXX pass pktlen */ 2608 (void) ieee80211_ratectl_rate(ni, NULL, 0); 2609 rate = ni->ni_txrate; 2610 } 2611 2612 /* Encrypt the frame if need be. */ 2613 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2614 /* Retrieve key for TX. */ 2615 k = ieee80211_crypto_encap(ni, m); 2616 if (k == NULL) { 2617 error = ENOBUFS; 2618 goto fail; 2619 } 2620 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2621 2622 /* 802.11 header may have moved. */ 2623 wh = mtod(m, struct ieee80211_frame *); 2624 } 2625 totlen = m->m_pkthdr.len; 2626 2627 if (ieee80211_radiotap_active_vap(vap)) { 2628 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2629 2630 tap->wt_flags = 0; 2631 tap->wt_rate = rate; 2632 if (k != NULL) 2633 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2634 2635 ieee80211_radiotap_tx(vap, m); 2636 } 2637 2638 flags = 0; 2639 if (!ismcast) { 2640 /* Unicast frame, check if an ACK is expected. */ 2641 if (!qos || (qos & IEEE80211_QOS_ACKPOLICY) != 2642 IEEE80211_QOS_ACKPOLICY_NOACK) 2643 flags |= WPI_TX_NEED_ACK; 2644 } 2645 2646 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) 2647 flags |= WPI_TX_MORE_FRAG; /* Cannot happen yet. */ 2648 2649 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 2650 if (!ismcast) { 2651 /* NB: Group frames are sent using CCK in 802.11b/g. */ 2652 if (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) { 2653 flags |= WPI_TX_NEED_RTS; 2654 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 2655 WPI_RATE_IS_OFDM(rate)) { 2656 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 2657 flags |= WPI_TX_NEED_CTS; 2658 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 2659 flags |= WPI_TX_NEED_RTS; 2660 } 2661 2662 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2663 flags |= WPI_TX_FULL_TXOP; 2664 } 2665 2666 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2667 if (type == IEEE80211_FC0_TYPE_MGT) { 2668 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2669 2670 /* Tell HW to set timestamp in probe responses. */ 2671 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2672 flags |= WPI_TX_INSERT_TSTAMP; 2673 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2674 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2675 tx->timeout = htole16(3); 2676 else 2677 tx->timeout = htole16(2); 2678 } 2679 2680 if (ismcast || type != IEEE80211_FC0_TYPE_DATA) 2681 tx->id = WPI_ID_BROADCAST; 2682 else { 2683 if (wn->id == WPI_ID_UNDEFINED) { 2684 device_printf(sc->sc_dev, 2685 "%s: undefined node id\n", __func__); 2686 error = EINVAL; 2687 goto fail; 2688 } 2689 2690 tx->id = wn->id; 2691 } 2692 2693 if (type != IEEE80211_FC0_TYPE_MGT) 2694 tx->data_ntries = tp->maxretry; 2695 2696 if (k != NULL && !swcrypt) { 2697 switch (k->wk_cipher->ic_cipher) { 2698 case IEEE80211_CIPHER_AES_CCM: 2699 tx->security = WPI_CIPHER_CCMP; 2700 break; 2701 2702 default: 2703 break; 2704 } 2705 2706 memcpy(tx->key, k->wk_key, k->wk_keylen); 2707 } 2708 2709 tx->len = htole16(totlen); 2710 tx->flags = htole32(flags); 2711 tx->plcp = rate2plcp(rate); 2712 tx->tid = tid; 2713 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2714 tx->ofdm_mask = 0xff; 2715 tx->cck_mask = 0x0f; 2716 tx->rts_ntries = 7; 2717 2718 tx_data.ni = ni; 2719 tx_data.m = m; 2720 tx_data.size = sizeof(struct wpi_cmd_data); 2721 tx_data.code = WPI_CMD_TX_DATA; 2722 tx_data.ac = ac; 2723 2724 return wpi_cmd2(sc, &tx_data); 2725 2726fail: m_freem(m); 2727 return error; 2728} 2729 2730static int 2731wpi_tx_data_raw(struct wpi_softc *sc, struct mbuf *m, 2732 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) 2733{ 2734 struct ieee80211vap *vap = ni->ni_vap; 2735 struct ieee80211_key *k = NULL; 2736 struct ieee80211_frame *wh; 2737 struct wpi_buf tx_data; 2738 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2739 uint32_t flags; 2740 uint8_t type; 2741 int ac, rate, swcrypt, totlen; 2742 2743 wh = mtod(m, struct ieee80211_frame *); 2744 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2745 2746 ac = params->ibp_pri & 3; 2747 2748 /* Choose a TX rate index. */ 2749 rate = params->ibp_rate0; 2750 2751 flags = 0; 2752 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 2753 flags |= WPI_TX_NEED_ACK; 2754 if (params->ibp_flags & IEEE80211_BPF_RTS) 2755 flags |= WPI_TX_NEED_RTS; 2756 if (params->ibp_flags & IEEE80211_BPF_CTS) 2757 flags |= WPI_TX_NEED_CTS; 2758 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2759 flags |= WPI_TX_FULL_TXOP; 2760 2761 /* Encrypt the frame if need be. */ 2762 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { 2763 /* Retrieve key for TX. */ 2764 k = ieee80211_crypto_encap(ni, m); 2765 if (k == NULL) { 2766 m_freem(m); 2767 return ENOBUFS; 2768 } 2769 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2770 2771 /* 802.11 header may have moved. */ 2772 wh = mtod(m, struct ieee80211_frame *); 2773 } 2774 totlen = m->m_pkthdr.len; 2775 2776 if (ieee80211_radiotap_active_vap(vap)) { 2777 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2778 2779 tap->wt_flags = 0; 2780 tap->wt_rate = rate; 2781 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) 2782 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2783 2784 ieee80211_radiotap_tx(vap, m); 2785 } 2786 2787 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2788 if (type == IEEE80211_FC0_TYPE_MGT) { 2789 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2790 2791 /* Tell HW to set timestamp in probe responses. */ 2792 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2793 flags |= WPI_TX_INSERT_TSTAMP; 2794 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2795 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2796 tx->timeout = htole16(3); 2797 else 2798 tx->timeout = htole16(2); 2799 } 2800 2801 if (k != NULL && !swcrypt) { 2802 switch (k->wk_cipher->ic_cipher) { 2803 case IEEE80211_CIPHER_AES_CCM: 2804 tx->security = WPI_CIPHER_CCMP; 2805 break; 2806 2807 default: 2808 break; 2809 } 2810 2811 memcpy(tx->key, k->wk_key, k->wk_keylen); 2812 } 2813 2814 tx->len = htole16(totlen); 2815 tx->flags = htole32(flags); 2816 tx->plcp = rate2plcp(rate); 2817 tx->id = WPI_ID_BROADCAST; 2818 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2819 tx->rts_ntries = params->ibp_try1; 2820 tx->data_ntries = params->ibp_try0; 2821 2822 tx_data.ni = ni; 2823 tx_data.m = m; 2824 tx_data.size = sizeof(struct wpi_cmd_data); 2825 tx_data.code = WPI_CMD_TX_DATA; 2826 tx_data.ac = ac; 2827 2828 return wpi_cmd2(sc, &tx_data); 2829} 2830 2831static int 2832wpi_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 2833 const struct ieee80211_bpf_params *params) 2834{ 2835 struct ieee80211com *ic = ni->ni_ic; 2836 struct ifnet *ifp = ic->ic_ifp; 2837 struct wpi_softc *sc = ifp->if_softc; 2838 int error = 0; 2839 2840 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2841 2842 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2843 ieee80211_free_node(ni); 2844 m_freem(m); 2845 return ENETDOWN; 2846 } 2847 2848 WPI_LOCK(sc); 2849 if (params == NULL) { 2850 /* 2851 * Legacy path; interpret frame contents to decide 2852 * precisely how to send the frame. 2853 */ 2854 error = wpi_tx_data(sc, m, ni); 2855 } else { 2856 /* 2857 * Caller supplied explicit parameters to use in 2858 * sending the frame. 2859 */ 2860 error = wpi_tx_data_raw(sc, m, ni, params); 2861 } 2862 WPI_UNLOCK(sc); 2863 2864 if (error != 0) { 2865 /* NB: m is reclaimed on tx failure */ 2866 ieee80211_free_node(ni); 2867 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2868 2869 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2870 2871 return error; 2872 } 2873 2874 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2875 2876 return 0; 2877} 2878 2879/** 2880 * Process data waiting to be sent on the IFNET output queue 2881 */ 2882static void 2883wpi_start(struct ifnet *ifp) 2884{ 2885 struct wpi_softc *sc = ifp->if_softc; 2886 struct ieee80211_node *ni; 2887 struct mbuf *m; 2888 2889 WPI_LOCK(sc); 2890 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: called\n", __func__); 2891 2892 for (;;) { 2893 IF_LOCK(&ifp->if_snd); 2894 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 || 2895 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) { 2896 IF_UNLOCK(&ifp->if_snd); 2897 break; 2898 } 2899 IF_UNLOCK(&ifp->if_snd); 2900 2901 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 2902 if (m == NULL) 2903 break; 2904 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 2905 if (wpi_tx_data(sc, m, ni) != 0) { 2906 WPI_UNLOCK(sc); 2907 ieee80211_free_node(ni); 2908 WPI_LOCK(sc); 2909 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2910 } 2911 } 2912 2913 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: done\n", __func__); 2914 WPI_UNLOCK(sc); 2915} 2916 2917static void 2918wpi_start_task(void *arg0, int pending) 2919{ 2920 struct wpi_softc *sc = arg0; 2921 struct ifnet *ifp = sc->sc_ifp; 2922 2923 wpi_start(ifp); 2924} 2925 2926static void 2927wpi_watchdog_rfkill(void *arg) 2928{ 2929 struct wpi_softc *sc = arg; 2930 struct ifnet *ifp = sc->sc_ifp; 2931 struct ieee80211com *ic = ifp->if_l2com; 2932 2933 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "RFkill Watchdog: tick\n"); 2934 2935 /* No need to lock firmware memory. */ 2936 if ((wpi_prph_read(sc, WPI_APMG_RFKILL) & 0x1) == 0) { 2937 /* Radio kill switch is still off. */ 2938 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 2939 sc); 2940 } else 2941 ieee80211_runtask(ic, &sc->sc_radioon_task); 2942} 2943 2944static void 2945wpi_scan_timeout(void *arg) 2946{ 2947 struct wpi_softc *sc = arg; 2948 struct ifnet *ifp = sc->sc_ifp; 2949 struct ieee80211com *ic = ifp->if_l2com; 2950 2951 if_printf(ifp, "scan timeout\n"); 2952 ieee80211_runtask(ic, &sc->sc_reinittask); 2953} 2954 2955static void 2956wpi_tx_timeout(void *arg) 2957{ 2958 struct wpi_softc *sc = arg; 2959 struct ifnet *ifp = sc->sc_ifp; 2960 struct ieee80211com *ic = ifp->if_l2com; 2961 2962 if_printf(ifp, "device timeout\n"); 2963 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2964 ieee80211_runtask(ic, &sc->sc_reinittask); 2965} 2966 2967static int 2968wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2969{ 2970 struct wpi_softc *sc = ifp->if_softc; 2971 struct ieee80211com *ic = ifp->if_l2com; 2972 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2973 struct ifreq *ifr = (struct ifreq *) data; 2974 int error = 0; 2975 2976 switch (cmd) { 2977 case SIOCGIFADDR: 2978 error = ether_ioctl(ifp, cmd, data); 2979 break; 2980 case SIOCSIFFLAGS: 2981 if (ifp->if_flags & IFF_UP) { 2982 wpi_init(sc); 2983 2984 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 && 2985 vap != NULL) 2986 ieee80211_stop(vap); 2987 } else if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) 2988 wpi_stop(sc); 2989 break; 2990 case SIOCGIFMEDIA: 2991 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 2992 break; 2993 default: 2994 error = EINVAL; 2995 break; 2996 } 2997 return error; 2998} 2999 3000/* 3001 * Send a command to the firmware. 3002 */ 3003static int 3004wpi_cmd(struct wpi_softc *sc, int code, const void *buf, size_t size, 3005 int async) 3006{ 3007 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 3008 struct wpi_tx_desc *desc; 3009 struct wpi_tx_data *data; 3010 struct wpi_tx_cmd *cmd; 3011 struct mbuf *m; 3012 bus_addr_t paddr; 3013 int totlen, error; 3014 3015 WPI_TXQ_LOCK(sc); 3016 3017 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3018 3019 if (sc->txq_active == 0) { 3020 /* wpi_stop() was called */ 3021 error = 0; 3022 goto fail; 3023 } 3024 3025 if (async == 0) 3026 WPI_LOCK_ASSERT(sc); 3027 3028 DPRINTF(sc, WPI_DEBUG_CMD, "%s: cmd %s size %zu async %d\n", 3029 __func__, wpi_cmd_str(code), size, async); 3030 3031 desc = &ring->desc[ring->cur]; 3032 data = &ring->data[ring->cur]; 3033 totlen = 4 + size; 3034 3035 if (size > sizeof cmd->data) { 3036 /* Command is too large to fit in a descriptor. */ 3037 if (totlen > MCLBYTES) { 3038 error = EINVAL; 3039 goto fail; 3040 } 3041 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 3042 if (m == NULL) { 3043 error = ENOMEM; 3044 goto fail; 3045 } 3046 cmd = mtod(m, struct wpi_tx_cmd *); 3047 error = bus_dmamap_load(ring->data_dmat, data->map, cmd, 3048 totlen, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 3049 if (error != 0) { 3050 m_freem(m); 3051 goto fail; 3052 } 3053 data->m = m; 3054 } else { 3055 cmd = &ring->cmd[ring->cur]; 3056 paddr = data->cmd_paddr; 3057 } 3058 3059 cmd->code = code; 3060 cmd->flags = 0; 3061 cmd->qid = ring->qid; 3062 cmd->idx = ring->cur; 3063 memcpy(cmd->data, buf, size); 3064 3065 desc->nsegs = 1 + (WPI_PAD32(size) << 4); 3066 desc->segs[0].addr = htole32(paddr); 3067 desc->segs[0].len = htole32(totlen); 3068 3069 if (size > sizeof cmd->data) { 3070 bus_dmamap_sync(ring->data_dmat, data->map, 3071 BUS_DMASYNC_PREWRITE); 3072 } else { 3073 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 3074 BUS_DMASYNC_PREWRITE); 3075 } 3076 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3077 BUS_DMASYNC_PREWRITE); 3078 3079 /* Kick command ring. */ 3080 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 3081 wpi_update_tx_ring(sc, ring); 3082 3083 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3084 3085 WPI_TXQ_UNLOCK(sc); 3086 3087 if (async) 3088 return 0; 3089 3090 return mtx_sleep(cmd, &sc->sc_mtx, PCATCH, "wpicmd", hz); 3091 3092fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3093 3094 WPI_TXQ_UNLOCK(sc); 3095 3096 return error; 3097} 3098 3099/* 3100 * Configure HW multi-rate retries. 3101 */ 3102static int 3103wpi_mrr_setup(struct wpi_softc *sc) 3104{ 3105 struct ifnet *ifp = sc->sc_ifp; 3106 struct ieee80211com *ic = ifp->if_l2com; 3107 struct wpi_mrr_setup mrr; 3108 int i, error; 3109 3110 /* CCK rates (not used with 802.11a). */ 3111 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 3112 mrr.rates[i].flags = 0; 3113 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3114 /* Fallback to the immediate lower CCK rate (if any.) */ 3115 mrr.rates[i].next = 3116 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 3117 /* Try one time at this rate before falling back to "next". */ 3118 mrr.rates[i].ntries = 1; 3119 } 3120 /* OFDM rates (not used with 802.11b). */ 3121 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 3122 mrr.rates[i].flags = 0; 3123 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3124 /* Fallback to the immediate lower rate (if any.) */ 3125 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 3126 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 3127 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 3128 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 3129 i - 1; 3130 /* Try one time at this rate before falling back to "next". */ 3131 mrr.rates[i].ntries = 1; 3132 } 3133 /* Setup MRR for control frames. */ 3134 mrr.which = htole32(WPI_MRR_CTL); 3135 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3136 if (error != 0) { 3137 device_printf(sc->sc_dev, 3138 "could not setup MRR for control frames\n"); 3139 return error; 3140 } 3141 /* Setup MRR for data frames. */ 3142 mrr.which = htole32(WPI_MRR_DATA); 3143 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3144 if (error != 0) { 3145 device_printf(sc->sc_dev, 3146 "could not setup MRR for data frames\n"); 3147 return error; 3148 } 3149 return 0; 3150} 3151 3152static int 3153wpi_add_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3154{ 3155 struct ieee80211com *ic = ni->ni_ic; 3156 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap); 3157 struct wpi_node *wn = WPI_NODE(ni); 3158 struct wpi_node_info node; 3159 int error; 3160 3161 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3162 3163 if (wn->id == WPI_ID_UNDEFINED) 3164 return EINVAL; 3165 3166 memset(&node, 0, sizeof node); 3167 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3168 node.id = wn->id; 3169 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3170 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3171 node.action = htole32(WPI_ACTION_SET_RATE); 3172 node.antenna = WPI_ANTENNA_BOTH; 3173 3174 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding node %d (%s)\n", __func__, 3175 wn->id, ether_sprintf(ni->ni_macaddr)); 3176 3177 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 3178 if (error != 0) { 3179 device_printf(sc->sc_dev, 3180 "%s: wpi_cmd() call failed with error code %d\n", __func__, 3181 error); 3182 return error; 3183 } 3184 3185 if (wvp->wv_gtk != 0) { 3186 error = wpi_set_global_keys(ni); 3187 if (error != 0) { 3188 device_printf(sc->sc_dev, 3189 "%s: error while setting global keys\n", __func__); 3190 return ENXIO; 3191 } 3192 } 3193 3194 return 0; 3195} 3196 3197/* 3198 * Broadcast node is used to send group-addressed and management frames. 3199 */ 3200static int 3201wpi_add_broadcast_node(struct wpi_softc *sc, int async) 3202{ 3203 struct ifnet *ifp = sc->sc_ifp; 3204 struct ieee80211com *ic = ifp->if_l2com; 3205 struct wpi_node_info node; 3206 3207 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3208 3209 memset(&node, 0, sizeof node); 3210 IEEE80211_ADDR_COPY(node.macaddr, ifp->if_broadcastaddr); 3211 node.id = WPI_ID_BROADCAST; 3212 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3213 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3214 node.action = htole32(WPI_ACTION_SET_RATE); 3215 node.antenna = WPI_ANTENNA_BOTH; 3216 3217 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding broadcast node\n", __func__); 3218 3219 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, async); 3220} 3221 3222static int 3223wpi_add_sta_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3224{ 3225 struct wpi_node *wn = WPI_NODE(ni); 3226 int error; 3227 3228 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3229 3230 wn->id = wpi_add_node_entry_sta(sc); 3231 3232 if ((error = wpi_add_node(sc, ni)) != 0) { 3233 wpi_del_node_entry(sc, wn->id); 3234 wn->id = WPI_ID_UNDEFINED; 3235 return error; 3236 } 3237 3238 return 0; 3239} 3240 3241static int 3242wpi_add_ibss_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3243{ 3244 struct wpi_node *wn = WPI_NODE(ni); 3245 int error; 3246 3247 KASSERT(wn->id == WPI_ID_UNDEFINED, 3248 ("the node %d was added before", wn->id)); 3249 3250 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3251 3252 if ((wn->id = wpi_add_node_entry_adhoc(sc)) == WPI_ID_UNDEFINED) { 3253 device_printf(sc->sc_dev, "%s: h/w table is full\n", __func__); 3254 return ENOMEM; 3255 } 3256 3257 if ((error = wpi_add_node(sc, ni)) != 0) { 3258 wpi_del_node_entry(sc, wn->id); 3259 wn->id = WPI_ID_UNDEFINED; 3260 return error; 3261 } 3262 3263 return 0; 3264} 3265 3266static void 3267wpi_del_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3268{ 3269 struct wpi_node *wn = WPI_NODE(ni); 3270 struct wpi_cmd_del_node node; 3271 int error; 3272 3273 KASSERT(wn->id != WPI_ID_UNDEFINED, ("undefined node id passed")); 3274 3275 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3276 3277 memset(&node, 0, sizeof node); 3278 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3279 node.count = 1; 3280 3281 DPRINTF(sc, WPI_DEBUG_NODE, "%s: deleting node %d (%s)\n", __func__, 3282 wn->id, ether_sprintf(ni->ni_macaddr)); 3283 3284 error = wpi_cmd(sc, WPI_CMD_DEL_NODE, &node, sizeof node, 1); 3285 if (error != 0) { 3286 device_printf(sc->sc_dev, 3287 "%s: could not delete node %u, error %d\n", __func__, 3288 wn->id, error); 3289 } 3290} 3291 3292static int 3293wpi_updateedca(struct ieee80211com *ic) 3294{ 3295#define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 3296 struct wpi_softc *sc = ic->ic_ifp->if_softc; 3297 struct wpi_edca_params cmd; 3298 int aci, error; 3299 3300 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3301 3302 memset(&cmd, 0, sizeof cmd); 3303 cmd.flags = htole32(WPI_EDCA_UPDATE); 3304 for (aci = 0; aci < WME_NUM_AC; aci++) { 3305 const struct wmeParams *ac = 3306 &ic->ic_wme.wme_chanParams.cap_wmeParams[aci]; 3307 cmd.ac[aci].aifsn = ac->wmep_aifsn; 3308 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->wmep_logcwmin)); 3309 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->wmep_logcwmax)); 3310 cmd.ac[aci].txoplimit = 3311 htole16(IEEE80211_TXOP_TO_US(ac->wmep_txopLimit)); 3312 3313 DPRINTF(sc, WPI_DEBUG_EDCA, 3314 "setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 3315 "txoplimit=%d\n", aci, cmd.ac[aci].aifsn, 3316 cmd.ac[aci].cwmin, cmd.ac[aci].cwmax, 3317 cmd.ac[aci].txoplimit); 3318 } 3319 error = wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 3320 3321 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3322 3323 return error; 3324#undef WPI_EXP2 3325} 3326 3327static void 3328wpi_set_promisc(struct wpi_softc *sc) 3329{ 3330 struct ifnet *ifp = sc->sc_ifp; 3331 struct ieee80211com *ic = ifp->if_l2com; 3332 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3333 uint32_t promisc_filter; 3334 3335 promisc_filter = WPI_FILTER_CTL; 3336 if (vap != NULL && vap->iv_opmode != IEEE80211_M_HOSTAP) 3337 promisc_filter |= WPI_FILTER_PROMISC; 3338 3339 if (ifp->if_flags & IFF_PROMISC) 3340 sc->rxon.filter |= htole32(promisc_filter); 3341 else 3342 sc->rxon.filter &= ~htole32(promisc_filter); 3343} 3344 3345static void 3346wpi_update_promisc(struct ifnet *ifp) 3347{ 3348 struct wpi_softc *sc = ifp->if_softc; 3349 3350 WPI_RXON_LOCK(sc); 3351 wpi_set_promisc(sc); 3352 3353 if (wpi_send_rxon(sc, 1, 1) != 0) { 3354 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3355 __func__); 3356 } 3357 WPI_RXON_UNLOCK(sc); 3358} 3359 3360static void 3361wpi_update_mcast(struct ifnet *ifp) 3362{ 3363 /* Ignore */ 3364} 3365 3366static void 3367wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 3368{ 3369 struct wpi_cmd_led led; 3370 3371 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3372 3373 led.which = which; 3374 led.unit = htole32(100000); /* on/off in unit of 100ms */ 3375 led.off = off; 3376 led.on = on; 3377 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 3378} 3379 3380static int 3381wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 3382{ 3383 struct wpi_cmd_timing cmd; 3384 uint64_t val, mod; 3385 3386 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3387 3388 memset(&cmd, 0, sizeof cmd); 3389 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t)); 3390 cmd.bintval = htole16(ni->ni_intval); 3391 cmd.lintval = htole16(10); 3392 3393 /* Compute remaining time until next beacon. */ 3394 val = (uint64_t)ni->ni_intval * IEEE80211_DUR_TU; 3395 mod = le64toh(cmd.tstamp) % val; 3396 cmd.binitval = htole32((uint32_t)(val - mod)); 3397 3398 DPRINTF(sc, WPI_DEBUG_RESET, "timing bintval=%u tstamp=%ju, init=%u\n", 3399 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod)); 3400 3401 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 3402} 3403 3404/* 3405 * This function is called periodically (every 60 seconds) to adjust output 3406 * power to temperature changes. 3407 */ 3408static void 3409wpi_power_calibration(struct wpi_softc *sc) 3410{ 3411 int temp; 3412 3413 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3414 3415 /* Update sensor data. */ 3416 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 3417 DPRINTF(sc, WPI_DEBUG_TEMP, "Temp in calibration is: %d\n", temp); 3418 3419 /* Sanity-check read value. */ 3420 if (temp < -260 || temp > 25) { 3421 /* This can't be correct, ignore. */ 3422 DPRINTF(sc, WPI_DEBUG_TEMP, 3423 "out-of-range temperature reported: %d\n", temp); 3424 return; 3425 } 3426 3427 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d->%d\n", sc->temp, temp); 3428 3429 /* Adjust Tx power if need be. */ 3430 if (abs(temp - sc->temp) <= 6) 3431 return; 3432 3433 sc->temp = temp; 3434 3435 if (wpi_set_txpower(sc, 1) != 0) { 3436 /* just warn, too bad for the automatic calibration... */ 3437 device_printf(sc->sc_dev,"could not adjust Tx power\n"); 3438 } 3439} 3440 3441/* 3442 * Set TX power for current channel. 3443 */ 3444static int 3445wpi_set_txpower(struct wpi_softc *sc, int async) 3446{ 3447 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3448 struct ieee80211_channel *ch; 3449 struct wpi_power_group *group; 3450 struct wpi_cmd_txpower cmd; 3451 uint8_t chan; 3452 int idx, i; 3453 3454 /* Retrieve current channel from last RXON. */ 3455 chan = sc->rxon.chan; 3456 ch = &ic->ic_channels[chan]; 3457 3458 /* Find the TX power group to which this channel belongs. */ 3459 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3460 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 3461 if (chan <= group->chan) 3462 break; 3463 } else 3464 group = &sc->groups[0]; 3465 3466 memset(&cmd, 0, sizeof cmd); 3467 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 3468 cmd.chan = htole16(chan); 3469 3470 /* Set TX power for all OFDM and CCK rates. */ 3471 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 3472 /* Retrieve TX power for this channel/rate. */ 3473 idx = wpi_get_power_index(sc, group, ch, i); 3474 3475 cmd.rates[i].plcp = wpi_ridx_to_plcp[i]; 3476 3477 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3478 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 3479 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 3480 } else { 3481 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 3482 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 3483 } 3484 DPRINTF(sc, WPI_DEBUG_TEMP, 3485 "chan %d/ridx %d: power index %d\n", chan, i, idx); 3486 } 3487 3488 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 3489} 3490 3491/* 3492 * Determine Tx power index for a given channel/rate combination. 3493 * This takes into account the regulatory information from EEPROM and the 3494 * current temperature. 3495 */ 3496static int 3497wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 3498 struct ieee80211_channel *c, int ridx) 3499{ 3500/* Fixed-point arithmetic division using a n-bit fractional part. */ 3501#define fdivround(a, b, n) \ 3502 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 3503 3504/* Linear interpolation. */ 3505#define interpolate(x, x1, y1, x2, y2, n) \ 3506 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 3507 3508 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3509 struct wpi_power_sample *sample; 3510 int pwr, idx; 3511 u_int chan; 3512 3513 /* Get channel number. */ 3514 chan = ieee80211_chan2ieee(ic, c); 3515 3516 /* Default TX power is group maximum TX power minus 3dB. */ 3517 pwr = group->maxpwr / 2; 3518 3519 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 3520 switch (ridx) { 3521 case WPI_RIDX_OFDM36: 3522 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 0 : 5; 3523 break; 3524 case WPI_RIDX_OFDM48: 3525 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 7 : 10; 3526 break; 3527 case WPI_RIDX_OFDM54: 3528 pwr -= IEEE80211_IS_CHAN_2GHZ(c) ? 9 : 12; 3529 break; 3530 } 3531 3532 /* Never exceed the channel maximum allowed TX power. */ 3533 pwr = min(pwr, sc->maxpwr[chan]); 3534 3535 /* Retrieve TX power index into gain tables from samples. */ 3536 for (sample = group->samples; sample < &group->samples[3]; sample++) 3537 if (pwr > sample[1].power) 3538 break; 3539 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 3540 idx = interpolate(pwr, sample[0].power, sample[0].index, 3541 sample[1].power, sample[1].index, 19); 3542 3543 /*- 3544 * Adjust power index based on current temperature: 3545 * - if cooler than factory-calibrated: decrease output power 3546 * - if warmer than factory-calibrated: increase output power 3547 */ 3548 idx -= (sc->temp - group->temp) * 11 / 100; 3549 3550 /* Decrease TX power for CCK rates (-5dB). */ 3551 if (ridx >= WPI_RIDX_CCK1) 3552 idx += 10; 3553 3554 /* Make sure idx stays in a valid range. */ 3555 if (idx < 0) 3556 return 0; 3557 if (idx > WPI_MAX_PWR_INDEX) 3558 return WPI_MAX_PWR_INDEX; 3559 return idx; 3560 3561#undef interpolate 3562#undef fdivround 3563} 3564 3565/* 3566 * Set STA mode power saving level (between 0 and 5). 3567 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 3568 */ 3569static int 3570wpi_set_pslevel(struct wpi_softc *sc, uint8_t dtim, int level, int async) 3571{ 3572 struct wpi_pmgt_cmd cmd; 3573 const struct wpi_pmgt *pmgt; 3574 uint32_t max, skip_dtim; 3575 uint32_t reg; 3576 int i; 3577 3578 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 3579 "%s: dtim=%d, level=%d, async=%d\n", 3580 __func__, dtim, level, async); 3581 3582 /* Select which PS parameters to use. */ 3583 if (dtim <= 10) 3584 pmgt = &wpi_pmgt[0][level]; 3585 else 3586 pmgt = &wpi_pmgt[1][level]; 3587 3588 memset(&cmd, 0, sizeof cmd); 3589 if (level != 0) /* not CAM */ 3590 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 3591 /* Retrieve PCIe Active State Power Management (ASPM). */ 3592 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 3593 if (!(reg & 0x1)) /* L0s Entry disabled. */ 3594 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 3595 3596 cmd.rxtimeout = htole32(pmgt->rxtimeout * IEEE80211_DUR_TU); 3597 cmd.txtimeout = htole32(pmgt->txtimeout * IEEE80211_DUR_TU); 3598 3599 if (dtim == 0) { 3600 dtim = 1; 3601 skip_dtim = 0; 3602 } else 3603 skip_dtim = pmgt->skip_dtim; 3604 3605 if (skip_dtim != 0) { 3606 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 3607 max = pmgt->intval[4]; 3608 if (max == (uint32_t)-1) 3609 max = dtim * (skip_dtim + 1); 3610 else if (max > dtim) 3611 max = (max / dtim) * dtim; 3612 } else 3613 max = dtim; 3614 3615 for (i = 0; i < 5; i++) 3616 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 3617 3618 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 3619} 3620 3621static int 3622wpi_send_btcoex(struct wpi_softc *sc) 3623{ 3624 struct wpi_bluetooth cmd; 3625 3626 memset(&cmd, 0, sizeof cmd); 3627 cmd.flags = WPI_BT_COEX_MODE_4WIRE; 3628 cmd.lead_time = WPI_BT_LEAD_TIME_DEF; 3629 cmd.max_kill = WPI_BT_MAX_KILL_DEF; 3630 DPRINTF(sc, WPI_DEBUG_RESET, "%s: configuring bluetooth coexistence\n", 3631 __func__); 3632 return wpi_cmd(sc, WPI_CMD_BT_COEX, &cmd, sizeof(cmd), 0); 3633} 3634 3635static int 3636wpi_send_rxon(struct wpi_softc *sc, int assoc, int async) 3637{ 3638 int error; 3639 3640 if (async) 3641 WPI_RXON_LOCK_ASSERT(sc); 3642 3643 if (assoc && (sc->rxon.filter & htole32(WPI_FILTER_BSS))) { 3644 struct wpi_assoc rxon_assoc; 3645 3646 rxon_assoc.flags = sc->rxon.flags; 3647 rxon_assoc.filter = sc->rxon.filter; 3648 rxon_assoc.ofdm_mask = sc->rxon.ofdm_mask; 3649 rxon_assoc.cck_mask = sc->rxon.cck_mask; 3650 rxon_assoc.reserved = 0; 3651 3652 error = wpi_cmd(sc, WPI_CMD_RXON_ASSOC, &rxon_assoc, 3653 sizeof (struct wpi_assoc), async); 3654 if (error != 0) { 3655 device_printf(sc->sc_dev, 3656 "RXON_ASSOC command failed, error %d\n", error); 3657 return error; 3658 } 3659 } else { 3660 if (async) { 3661 WPI_NT_LOCK(sc); 3662 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3663 sizeof (struct wpi_rxon), async); 3664 if (error == 0) 3665 wpi_clear_node_table(sc); 3666 WPI_NT_UNLOCK(sc); 3667 } else { 3668 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3669 sizeof (struct wpi_rxon), async); 3670 if (error == 0) 3671 wpi_clear_node_table(sc); 3672 } 3673 3674 if (error != 0) { 3675 device_printf(sc->sc_dev, 3676 "RXON command failed, error %d\n", error); 3677 return error; 3678 } 3679 3680 /* Add broadcast node. */ 3681 error = wpi_add_broadcast_node(sc, async); 3682 if (error != 0) { 3683 device_printf(sc->sc_dev, 3684 "could not add broadcast node, error %d\n", error); 3685 return error; 3686 } 3687 } 3688 3689 /* Configuration has changed, set Tx power accordingly. */ 3690 if ((error = wpi_set_txpower(sc, async)) != 0) { 3691 device_printf(sc->sc_dev, 3692 "%s: could not set TX power, error %d\n", __func__, error); 3693 return error; 3694 } 3695 3696 return 0; 3697} 3698 3699/** 3700 * Configure the card to listen to a particular channel, this transisions the 3701 * card in to being able to receive frames from remote devices. 3702 */ 3703static int 3704wpi_config(struct wpi_softc *sc) 3705{ 3706 struct ifnet *ifp = sc->sc_ifp; 3707 struct ieee80211com *ic = ifp->if_l2com; 3708 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3709 uint32_t flags; 3710 int error; 3711 3712 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3713 3714 /* Set power saving level to CAM during initialization. */ 3715 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 3716 device_printf(sc->sc_dev, 3717 "%s: could not set power saving level\n", __func__); 3718 return error; 3719 } 3720 3721 /* Configure bluetooth coexistence. */ 3722 if ((error = wpi_send_btcoex(sc)) != 0) { 3723 device_printf(sc->sc_dev, 3724 "could not configure bluetooth coexistence\n"); 3725 return error; 3726 } 3727 3728 /* Configure adapter. */ 3729 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 3730 IEEE80211_ADDR_COPY(sc->rxon.myaddr, vap->iv_myaddr); 3731 3732 /* Set default channel. */ 3733 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 3734 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 3735 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) 3736 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 3737 3738 sc->rxon.filter = WPI_FILTER_MULTICAST; 3739 switch (ic->ic_opmode) { 3740 case IEEE80211_M_STA: 3741 sc->rxon.mode = WPI_MODE_STA; 3742 break; 3743 case IEEE80211_M_IBSS: 3744 sc->rxon.mode = WPI_MODE_IBSS; 3745 sc->rxon.filter |= WPI_FILTER_BEACON; 3746 break; 3747 case IEEE80211_M_HOSTAP: 3748 /* XXX workaround for beaconing */ 3749 sc->rxon.mode = WPI_MODE_IBSS; 3750 sc->rxon.filter |= WPI_FILTER_ASSOC | WPI_FILTER_PROMISC; 3751 break; 3752 case IEEE80211_M_AHDEMO: 3753 /* XXX workaround for passive channels selection */ 3754 sc->rxon.mode = WPI_MODE_HOSTAP; 3755 break; 3756 case IEEE80211_M_MONITOR: 3757 sc->rxon.mode = WPI_MODE_MONITOR; 3758 break; 3759 default: 3760 device_printf(sc->sc_dev, "unknown opmode %d\n", 3761 ic->ic_opmode); 3762 return EINVAL; 3763 } 3764 sc->rxon.filter = htole32(sc->rxon.filter); 3765 wpi_set_promisc(sc); 3766 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 3767 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 3768 3769 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) { 3770 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3771 __func__); 3772 return error; 3773 } 3774 3775 /* Setup rate scalling. */ 3776 if ((error = wpi_mrr_setup(sc)) != 0) { 3777 device_printf(sc->sc_dev, "could not setup MRR, error %d\n", 3778 error); 3779 return error; 3780 } 3781 3782 /* Disable beacon notifications (unused). */ 3783 flags = WPI_STATISTICS_BEACON_DISABLE; 3784 error = wpi_cmd(sc, WPI_CMD_GET_STATISTICS, &flags, sizeof flags, 1); 3785 if (error != 0) { 3786 device_printf(sc->sc_dev, 3787 "could not disable beacon statistics, error %d\n", error); 3788 return error; 3789 } 3790 3791 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3792 3793 return 0; 3794} 3795 3796static uint16_t 3797wpi_get_active_dwell_time(struct wpi_softc *sc, 3798 struct ieee80211_channel *c, uint8_t n_probes) 3799{ 3800 /* No channel? Default to 2GHz settings. */ 3801 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) { 3802 return (WPI_ACTIVE_DWELL_TIME_2GHZ + 3803 WPI_ACTIVE_DWELL_FACTOR_2GHZ * (n_probes + 1)); 3804 } 3805 3806 /* 5GHz dwell time. */ 3807 return (WPI_ACTIVE_DWELL_TIME_5GHZ + 3808 WPI_ACTIVE_DWELL_FACTOR_5GHZ * (n_probes + 1)); 3809} 3810 3811/* 3812 * Limit the total dwell time to 85% of the beacon interval. 3813 * 3814 * Returns the dwell time in milliseconds. 3815 */ 3816static uint16_t 3817wpi_limit_dwell(struct wpi_softc *sc, uint16_t dwell_time) 3818{ 3819 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3820 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3821 int bintval = 0; 3822 3823 /* bintval is in TU (1.024mS) */ 3824 if (vap != NULL) 3825 bintval = vap->iv_bss->ni_intval; 3826 3827 /* 3828 * If it's non-zero, we should calculate the minimum of 3829 * it and the DWELL_BASE. 3830 * 3831 * XXX Yes, the math should take into account that bintval 3832 * is 1.024mS, not 1mS.. 3833 */ 3834 if (bintval > 0) { 3835 DPRINTF(sc, WPI_DEBUG_SCAN, "%s: bintval=%d\n", __func__, 3836 bintval); 3837 return (MIN(WPI_PASSIVE_DWELL_BASE, ((bintval * 85) / 100))); 3838 } 3839 3840 /* No association context? Default. */ 3841 return (WPI_PASSIVE_DWELL_BASE); 3842} 3843 3844static uint16_t 3845wpi_get_passive_dwell_time(struct wpi_softc *sc, struct ieee80211_channel *c) 3846{ 3847 uint16_t passive; 3848 3849 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) 3850 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_2GHZ; 3851 else 3852 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_5GHZ; 3853 3854 /* Clamp to the beacon interval if we're associated. */ 3855 return (wpi_limit_dwell(sc, passive)); 3856} 3857 3858/* 3859 * Send a scan request to the firmware. 3860 */ 3861static int 3862wpi_scan(struct wpi_softc *sc, struct ieee80211_channel *c) 3863{ 3864 struct ifnet *ifp = sc->sc_ifp; 3865 struct ieee80211com *ic = ifp->if_l2com; 3866 struct ieee80211_scan_state *ss = ic->ic_scan; 3867 struct ieee80211vap *vap = ss->ss_vap; 3868 struct wpi_scan_hdr *hdr; 3869 struct wpi_cmd_data *tx; 3870 struct wpi_scan_essid *essids; 3871 struct wpi_scan_chan *chan; 3872 struct ieee80211_frame *wh; 3873 struct ieee80211_rateset *rs; 3874 uint16_t dwell_active, dwell_passive; 3875 uint8_t *buf, *frm; 3876 int buflen, error, i, nssid; 3877 3878 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3879 3880 /* 3881 * We are absolutely not allowed to send a scan command when another 3882 * scan command is pending. 3883 */ 3884 if (callout_pending(&sc->scan_timeout)) { 3885 device_printf(sc->sc_dev, "%s: called whilst scanning!\n", 3886 __func__); 3887 3888 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3889 3890 return (EAGAIN); 3891 } 3892 3893 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 3894 if (buf == NULL) { 3895 device_printf(sc->sc_dev, 3896 "%s: could not allocate buffer for scan command\n", 3897 __func__); 3898 error = ENOMEM; 3899 goto fail; 3900 } 3901 hdr = (struct wpi_scan_hdr *)buf; 3902 3903 /* 3904 * Move to the next channel if no packets are received within 10 msecs 3905 * after sending the probe request. 3906 */ 3907 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 3908 hdr->quiet_threshold = htole16(1); /* min # of packets */ 3909 /* 3910 * Max needs to be greater than active and passive and quiet! 3911 * It's also in microseconds! 3912 */ 3913 hdr->max_svc = htole32(250 * IEEE80211_DUR_TU); 3914 hdr->pause_svc = htole32((4 << 24) | 3915 (100 * IEEE80211_DUR_TU)); /* Hardcode for now */ 3916 hdr->filter = htole32(WPI_FILTER_MULTICAST | WPI_FILTER_BEACON); 3917 3918 tx = (struct wpi_cmd_data *)(hdr + 1); 3919 tx->flags = htole32(WPI_TX_AUTO_SEQ); 3920 tx->id = WPI_ID_BROADCAST; 3921 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 3922 3923 if (IEEE80211_IS_CHAN_5GHZ(c)) { 3924 /* Send probe requests at 6Mbps. */ 3925 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_OFDM6]; 3926 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 3927 } else { 3928 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 3929 /* Send probe requests at 1Mbps. */ 3930 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3931 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 3932 } 3933 3934 essids = (struct wpi_scan_essid *)(tx + 1); 3935 nssid = MIN(ss->ss_nssid, WPI_SCAN_MAX_ESSIDS); 3936 for (i = 0; i < nssid; i++) { 3937 essids[i].id = IEEE80211_ELEMID_SSID; 3938 essids[i].len = MIN(ss->ss_ssid[i].len, IEEE80211_NWID_LEN); 3939 memcpy(essids[i].data, ss->ss_ssid[i].ssid, essids[i].len); 3940#ifdef WPI_DEBUG 3941 if (sc->sc_debug & WPI_DEBUG_SCAN) { 3942 printf("Scanning Essid: "); 3943 ieee80211_print_essid(essids[i].data, essids[i].len); 3944 printf("\n"); 3945 } 3946#endif 3947 } 3948 3949 /* 3950 * Build a probe request frame. Most of the following code is a 3951 * copy & paste of what is done in net80211. 3952 */ 3953 wh = (struct ieee80211_frame *)(essids + WPI_SCAN_MAX_ESSIDS); 3954 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3955 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 3956 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3957 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 3958 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 3959 IEEE80211_ADDR_COPY(wh->i_addr3, ifp->if_broadcastaddr); 3960 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */ 3961 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */ 3962 3963 frm = (uint8_t *)(wh + 1); 3964 frm = ieee80211_add_ssid(frm, NULL, 0); 3965 frm = ieee80211_add_rates(frm, rs); 3966 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 3967 frm = ieee80211_add_xrates(frm, rs); 3968 3969 /* Set length of probe request. */ 3970 tx->len = htole16(frm - (uint8_t *)wh); 3971 3972 /* 3973 * Construct information about the channel that we 3974 * want to scan. The firmware expects this to be directly 3975 * after the scan probe request 3976 */ 3977 chan = (struct wpi_scan_chan *)frm; 3978 chan->chan = htole16(ieee80211_chan2ieee(ic, c)); 3979 chan->flags = 0; 3980 if (nssid) { 3981 hdr->crc_threshold = WPI_SCAN_CRC_TH_DEFAULT; 3982 chan->flags |= WPI_CHAN_NPBREQS(nssid); 3983 } else 3984 hdr->crc_threshold = WPI_SCAN_CRC_TH_NEVER; 3985 3986 if (!IEEE80211_IS_CHAN_PASSIVE(c)) 3987 chan->flags |= WPI_CHAN_ACTIVE; 3988 3989 /* 3990 * Calculate the active/passive dwell times. 3991 */ 3992 3993 dwell_active = wpi_get_active_dwell_time(sc, c, nssid); 3994 dwell_passive = wpi_get_passive_dwell_time(sc, c); 3995 3996 /* Make sure they're valid. */ 3997 if (dwell_passive <= dwell_active) 3998 dwell_passive = dwell_active + 1; 3999 4000 chan->active = htole16(dwell_active); 4001 chan->passive = htole16(dwell_passive); 4002 4003 chan->dsp_gain = 0x6e; /* Default level */ 4004 4005 if (IEEE80211_IS_CHAN_5GHZ(c)) 4006 chan->rf_gain = 0x3b; 4007 else 4008 chan->rf_gain = 0x28; 4009 4010 DPRINTF(sc, WPI_DEBUG_SCAN, "Scanning %u Passive: %d\n", 4011 chan->chan, IEEE80211_IS_CHAN_PASSIVE(c)); 4012 4013 hdr->nchan++; 4014 chan++; 4015 4016 buflen = (uint8_t *)chan - buf; 4017 hdr->len = htole16(buflen); 4018 4019 DPRINTF(sc, WPI_DEBUG_CMD, "sending scan command nchan=%d\n", 4020 hdr->nchan); 4021 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 4022 free(buf, M_DEVBUF); 4023 4024 if (error != 0) 4025 goto fail; 4026 4027 callout_reset(&sc->scan_timeout, 5*hz, wpi_scan_timeout, sc); 4028 4029 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4030 4031 return 0; 4032 4033fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 4034 4035 return error; 4036} 4037 4038static int 4039wpi_auth(struct wpi_softc *sc, struct ieee80211vap *vap) 4040{ 4041 struct ieee80211com *ic = vap->iv_ic; 4042 struct ieee80211_node *ni = vap->iv_bss; 4043 int error; 4044 4045 WPI_RXON_LOCK(sc); 4046 4047 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4048 4049 /* Update adapter configuration. */ 4050 sc->rxon.associd = 0; 4051 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 4052 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4053 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 4054 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4055 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 4056 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4057 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4058 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4059 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4060 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4061 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) { 4062 sc->rxon.cck_mask = 0; 4063 sc->rxon.ofdm_mask = 0x15; 4064 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) { 4065 sc->rxon.cck_mask = 0x03; 4066 sc->rxon.ofdm_mask = 0; 4067 } else { 4068 /* Assume 802.11b/g. */ 4069 sc->rxon.cck_mask = 0x0f; 4070 sc->rxon.ofdm_mask = 0x15; 4071 } 4072 4073 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x cck %x ofdm %x\n", 4074 sc->rxon.chan, sc->rxon.flags, sc->rxon.cck_mask, 4075 sc->rxon.ofdm_mask); 4076 4077 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4078 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4079 __func__); 4080 } 4081 4082 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4083 4084 WPI_RXON_UNLOCK(sc); 4085 4086 return error; 4087} 4088 4089static int 4090wpi_config_beacon(struct wpi_vap *wvp) 4091{ 4092 struct ieee80211com *ic = wvp->wv_vap.iv_ic; 4093 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4094 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4095 struct wpi_softc *sc = ic->ic_ifp->if_softc; 4096 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 4097 struct ieee80211_tim_ie *tie; 4098 struct mbuf *m; 4099 uint8_t *ptr; 4100 int error; 4101 4102 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4103 4104 WPI_VAP_LOCK_ASSERT(wvp); 4105 4106 cmd->len = htole16(bcn->m->m_pkthdr.len); 4107 cmd->plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4108 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 4109 4110 /* XXX seems to be unused */ 4111 if (*(bo->bo_tim) == IEEE80211_ELEMID_TIM) { 4112 tie = (struct ieee80211_tim_ie *) bo->bo_tim; 4113 ptr = mtod(bcn->m, uint8_t *); 4114 4115 cmd->tim = htole16(bo->bo_tim - ptr); 4116 cmd->timsz = tie->tim_len; 4117 } 4118 4119 /* Necessary for recursion in ieee80211_beacon_update(). */ 4120 m = bcn->m; 4121 bcn->m = m_dup(m, M_NOWAIT); 4122 if (bcn->m == NULL) { 4123 device_printf(sc->sc_dev, 4124 "%s: could not copy beacon frame\n", __func__); 4125 error = ENOMEM; 4126 goto end; 4127 } 4128 4129 if ((error = wpi_cmd2(sc, bcn)) != 0) { 4130 device_printf(sc->sc_dev, 4131 "%s: could not update beacon frame, error %d", __func__, 4132 error); 4133 } 4134 4135 /* Restore mbuf. */ 4136end: bcn->m = m; 4137 4138 return error; 4139} 4140 4141static int 4142wpi_setup_beacon(struct wpi_softc *sc, struct ieee80211_node *ni) 4143{ 4144 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap); 4145 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4146 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4147 struct mbuf *m; 4148 int error; 4149 4150 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4151 4152 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4153 return EINVAL; 4154 4155 m = ieee80211_beacon_alloc(ni, bo); 4156 if (m == NULL) { 4157 device_printf(sc->sc_dev, 4158 "%s: could not allocate beacon frame\n", __func__); 4159 return ENOMEM; 4160 } 4161 4162 WPI_VAP_LOCK(wvp); 4163 if (bcn->m != NULL) 4164 m_freem(bcn->m); 4165 4166 bcn->m = m; 4167 4168 error = wpi_config_beacon(wvp); 4169 WPI_VAP_UNLOCK(wvp); 4170 4171 return error; 4172} 4173 4174static void 4175wpi_update_beacon(struct ieee80211vap *vap, int item) 4176{ 4177 struct wpi_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4178 struct wpi_vap *wvp = WPI_VAP(vap); 4179 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4180 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff; 4181 struct ieee80211_node *ni = vap->iv_bss; 4182 int mcast = 0; 4183 4184 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4185 4186 WPI_VAP_LOCK(wvp); 4187 if (bcn->m == NULL) { 4188 bcn->m = ieee80211_beacon_alloc(ni, bo); 4189 if (bcn->m == NULL) { 4190 device_printf(sc->sc_dev, 4191 "%s: could not allocate beacon frame\n", __func__); 4192 4193 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, 4194 __func__); 4195 4196 WPI_VAP_UNLOCK(wvp); 4197 return; 4198 } 4199 } 4200 WPI_VAP_UNLOCK(wvp); 4201 4202 if (item == IEEE80211_BEACON_TIM) 4203 mcast = 1; /* TODO */ 4204 4205 setbit(bo->bo_flags, item); 4206 ieee80211_beacon_update(ni, bo, bcn->m, mcast); 4207 4208 WPI_VAP_LOCK(wvp); 4209 wpi_config_beacon(wvp); 4210 WPI_VAP_UNLOCK(wvp); 4211 4212 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4213} 4214 4215static void 4216wpi_newassoc(struct ieee80211_node *ni, int isnew) 4217{ 4218 struct ieee80211vap *vap = ni->ni_vap; 4219 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4220 struct wpi_node *wn = WPI_NODE(ni); 4221 int error; 4222 4223 WPI_NT_LOCK(sc); 4224 4225 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4226 4227 if (vap->iv_opmode != IEEE80211_M_STA && wn->id == WPI_ID_UNDEFINED) { 4228 if ((error = wpi_add_ibss_node(sc, ni)) != 0) { 4229 device_printf(sc->sc_dev, 4230 "%s: could not add IBSS node, error %d\n", 4231 __func__, error); 4232 } 4233 } 4234 WPI_NT_UNLOCK(sc); 4235} 4236 4237static int 4238wpi_run(struct wpi_softc *sc, struct ieee80211vap *vap) 4239{ 4240 struct ieee80211com *ic = vap->iv_ic; 4241 struct ieee80211_node *ni = vap->iv_bss; 4242 int error; 4243 4244 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4245 4246 if (vap->iv_opmode == IEEE80211_M_MONITOR) { 4247 /* Link LED blinks while monitoring. */ 4248 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 4249 return 0; 4250 } 4251 4252 /* XXX kernel panic workaround */ 4253 if (ni->ni_chan == IEEE80211_CHAN_ANYC) { 4254 device_printf(sc->sc_dev, "%s: incomplete configuration\n", 4255 __func__); 4256 return EINVAL; 4257 } 4258 4259 if ((error = wpi_set_timing(sc, ni)) != 0) { 4260 device_printf(sc->sc_dev, 4261 "%s: could not set timing, error %d\n", __func__, error); 4262 return error; 4263 } 4264 4265 /* Update adapter configuration. */ 4266 WPI_RXON_LOCK(sc); 4267 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4268 sc->rxon.associd = htole16(IEEE80211_NODE_AID(ni)); 4269 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 4270 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4271 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 4272 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4273 /* Short preamble and slot time are negotiated when associating. */ 4274 sc->rxon.flags &= ~htole32(WPI_RXON_SHPREAMBLE | WPI_RXON_SHSLOT); 4275 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4276 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4277 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4278 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4279 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) { 4280 sc->rxon.cck_mask = 0; 4281 sc->rxon.ofdm_mask = 0x15; 4282 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) { 4283 sc->rxon.cck_mask = 0x03; 4284 sc->rxon.ofdm_mask = 0; 4285 } else { 4286 /* Assume 802.11b/g. */ 4287 sc->rxon.cck_mask = 0x0f; 4288 sc->rxon.ofdm_mask = 0x15; 4289 } 4290 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 4291 4292 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x\n", 4293 sc->rxon.chan, sc->rxon.flags); 4294 4295 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4296 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4297 __func__); 4298 return error; 4299 } 4300 4301 /* Start periodic calibration timer. */ 4302 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 4303 4304 WPI_RXON_UNLOCK(sc); 4305 4306 if (vap->iv_opmode == IEEE80211_M_IBSS || 4307 vap->iv_opmode == IEEE80211_M_HOSTAP) { 4308 if ((error = wpi_setup_beacon(sc, ni)) != 0) { 4309 device_printf(sc->sc_dev, 4310 "%s: could not setup beacon, error %d\n", __func__, 4311 error); 4312 return error; 4313 } 4314 } 4315 4316 if (vap->iv_opmode == IEEE80211_M_STA) { 4317 /* Add BSS node. */ 4318 WPI_NT_LOCK(sc); 4319 error = wpi_add_sta_node(sc, ni); 4320 WPI_NT_UNLOCK(sc); 4321 if (error != 0) { 4322 device_printf(sc->sc_dev, 4323 "%s: could not add BSS node, error %d\n", __func__, 4324 error); 4325 return error; 4326 } 4327 } 4328 4329 /* Link LED always on while associated. */ 4330 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 4331 4332 /* Enable power-saving mode if requested by user. */ 4333 if ((vap->iv_flags & IEEE80211_F_PMGTON) && 4334 vap->iv_opmode != IEEE80211_M_IBSS) 4335 (void)wpi_set_pslevel(sc, 0, 3, 1); 4336 else 4337 (void)wpi_set_pslevel(sc, 0, 0, 1); 4338 4339 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4340 4341 return 0; 4342} 4343 4344static int 4345wpi_load_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4346{ 4347 const struct ieee80211_cipher *cip = k->wk_cipher; 4348 struct ieee80211vap *vap = ni->ni_vap; 4349 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4350 struct wpi_node *wn = WPI_NODE(ni); 4351 struct wpi_node_info node; 4352 uint16_t kflags; 4353 int error; 4354 4355 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4356 4357 if (wpi_check_node_entry(sc, wn->id) == 0) { 4358 device_printf(sc->sc_dev, "%s: node does not exist\n", 4359 __func__); 4360 return 0; 4361 } 4362 4363 switch (cip->ic_cipher) { 4364 case IEEE80211_CIPHER_AES_CCM: 4365 kflags = WPI_KFLAG_CCMP; 4366 break; 4367 4368 default: 4369 device_printf(sc->sc_dev, "%s: unknown cipher %d\n", __func__, 4370 cip->ic_cipher); 4371 return 0; 4372 } 4373 4374 kflags |= WPI_KFLAG_KID(k->wk_keyix); 4375 if (k->wk_flags & IEEE80211_KEY_GROUP) 4376 kflags |= WPI_KFLAG_MULTICAST; 4377 4378 memset(&node, 0, sizeof node); 4379 node.id = wn->id; 4380 node.control = WPI_NODE_UPDATE; 4381 node.flags = WPI_FLAG_KEY_SET; 4382 node.kflags = htole16(kflags); 4383 memcpy(node.key, k->wk_key, k->wk_keylen); 4384again: 4385 DPRINTF(sc, WPI_DEBUG_KEY, 4386 "%s: setting %s key id %d for node %d (%s)\n", __func__, 4387 (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", k->wk_keyix, 4388 node.id, ether_sprintf(ni->ni_macaddr)); 4389 4390 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4391 if (error != 0) { 4392 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4393 error); 4394 return !error; 4395 } 4396 4397 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4398 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4399 kflags |= WPI_KFLAG_MULTICAST; 4400 node.kflags = htole16(kflags); 4401 4402 goto again; 4403 } 4404 4405 return 1; 4406} 4407 4408static void 4409wpi_load_key_cb(void *arg, struct ieee80211_node *ni) 4410{ 4411 const struct ieee80211_key *k = arg; 4412 struct ieee80211vap *vap = ni->ni_vap; 4413 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4414 struct wpi_node *wn = WPI_NODE(ni); 4415 int error; 4416 4417 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4418 return; 4419 4420 WPI_NT_LOCK(sc); 4421 error = wpi_load_key(ni, k); 4422 WPI_NT_UNLOCK(sc); 4423 4424 if (error == 0) { 4425 device_printf(sc->sc_dev, "%s: error while setting key\n", 4426 __func__); 4427 } 4428} 4429 4430static int 4431wpi_set_global_keys(struct ieee80211_node *ni) 4432{ 4433 struct ieee80211vap *vap = ni->ni_vap; 4434 struct ieee80211_key *wk = &vap->iv_nw_keys[0]; 4435 int error = 1; 4436 4437 for (; wk < &vap->iv_nw_keys[IEEE80211_WEP_NKID] && error; wk++) 4438 if (wk->wk_keyix != IEEE80211_KEYIX_NONE) 4439 error = wpi_load_key(ni, wk); 4440 4441 return !error; 4442} 4443 4444static int 4445wpi_del_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4446{ 4447 struct ieee80211vap *vap = ni->ni_vap; 4448 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4449 struct wpi_node *wn = WPI_NODE(ni); 4450 struct wpi_node_info node; 4451 uint16_t kflags; 4452 int error; 4453 4454 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4455 4456 if (wpi_check_node_entry(sc, wn->id) == 0) { 4457 DPRINTF(sc, WPI_DEBUG_KEY, "%s: node was removed\n", __func__); 4458 return 1; /* Nothing to do. */ 4459 } 4460 4461 kflags = WPI_KFLAG_KID(k->wk_keyix); 4462 if (k->wk_flags & IEEE80211_KEY_GROUP) 4463 kflags |= WPI_KFLAG_MULTICAST; 4464 4465 memset(&node, 0, sizeof node); 4466 node.id = wn->id; 4467 node.control = WPI_NODE_UPDATE; 4468 node.flags = WPI_FLAG_KEY_SET; 4469 node.kflags = htole16(kflags); 4470again: 4471 DPRINTF(sc, WPI_DEBUG_KEY, "%s: deleting %s key %d for node %d (%s)\n", 4472 __func__, (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", 4473 k->wk_keyix, node.id, ether_sprintf(ni->ni_macaddr)); 4474 4475 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4476 if (error != 0) { 4477 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4478 error); 4479 return !error; 4480 } 4481 4482 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4483 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4484 kflags |= WPI_KFLAG_MULTICAST; 4485 node.kflags = htole16(kflags); 4486 4487 goto again; 4488 } 4489 4490 return 1; 4491} 4492 4493static void 4494wpi_del_key_cb(void *arg, struct ieee80211_node *ni) 4495{ 4496 const struct ieee80211_key *k = arg; 4497 struct ieee80211vap *vap = ni->ni_vap; 4498 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4499 struct wpi_node *wn = WPI_NODE(ni); 4500 int error; 4501 4502 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4503 return; 4504 4505 WPI_NT_LOCK(sc); 4506 error = wpi_del_key(ni, k); 4507 WPI_NT_UNLOCK(sc); 4508 4509 if (error == 0) { 4510 device_printf(sc->sc_dev, "%s: error while deleting key\n", 4511 __func__); 4512 } 4513} 4514 4515static int 4516wpi_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k, 4517 int set) 4518{ 4519 struct ieee80211com *ic = vap->iv_ic; 4520 struct wpi_softc *sc = ic->ic_ifp->if_softc; 4521 struct wpi_vap *wvp = WPI_VAP(vap); 4522 struct ieee80211_node *ni; 4523 int error, ni_ref = 0; 4524 4525 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4526 4527 if (k->wk_flags & IEEE80211_KEY_SWCRYPT) { 4528 /* Not for us. */ 4529 return 1; 4530 } 4531 4532 if (!(k->wk_flags & IEEE80211_KEY_RECV)) { 4533 /* XMIT keys are handled in wpi_tx_data(). */ 4534 return 1; 4535 } 4536 4537 /* Handle group keys. */ 4538 if (&vap->iv_nw_keys[0] <= k && 4539 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4540 WPI_NT_LOCK(sc); 4541 if (set) 4542 wvp->wv_gtk |= WPI_VAP_KEY(k->wk_keyix); 4543 else 4544 wvp->wv_gtk &= ~WPI_VAP_KEY(k->wk_keyix); 4545 WPI_NT_UNLOCK(sc); 4546 4547 if (vap->iv_state == IEEE80211_S_RUN) { 4548 ieee80211_iterate_nodes(&ic->ic_sta, 4549 set ? wpi_load_key_cb : wpi_del_key_cb, (void *)k); 4550 } 4551 4552 return 1; 4553 } 4554 4555 switch (vap->iv_opmode) { 4556 case IEEE80211_M_STA: 4557 ni = vap->iv_bss; 4558 break; 4559 4560 case IEEE80211_M_IBSS: 4561 case IEEE80211_M_AHDEMO: 4562 case IEEE80211_M_HOSTAP: 4563 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, k->wk_macaddr); 4564 if (ni == NULL) 4565 return 0; /* should not happen */ 4566 4567 ni_ref = 1; 4568 break; 4569 4570 default: 4571 device_printf(sc->sc_dev, "%s: unknown opmode %d\n", __func__, 4572 vap->iv_opmode); 4573 return 0; 4574 } 4575 4576 WPI_NT_LOCK(sc); 4577 if (set) 4578 error = wpi_load_key(ni, k); 4579 else 4580 error = wpi_del_key(ni, k); 4581 WPI_NT_UNLOCK(sc); 4582 4583 if (ni_ref) 4584 ieee80211_node_decref(ni); 4585 4586 return error; 4587} 4588 4589static int 4590wpi_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k, 4591 const uint8_t mac[IEEE80211_ADDR_LEN]) 4592{ 4593 return wpi_process_key(vap, k, 1); 4594} 4595 4596static int 4597wpi_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 4598{ 4599 return wpi_process_key(vap, k, 0); 4600} 4601 4602/* 4603 * This function is called after the runtime firmware notifies us of its 4604 * readiness (called in a process context). 4605 */ 4606static int 4607wpi_post_alive(struct wpi_softc *sc) 4608{ 4609 int ntries, error; 4610 4611 /* Check (again) that the radio is not disabled. */ 4612 if ((error = wpi_nic_lock(sc)) != 0) 4613 return error; 4614 4615 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4616 4617 /* NB: Runtime firmware must be up and running. */ 4618 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 4619 device_printf(sc->sc_dev, 4620 "RF switch: radio disabled (%s)\n", __func__); 4621 wpi_nic_unlock(sc); 4622 return EPERM; /* :-) */ 4623 } 4624 wpi_nic_unlock(sc); 4625 4626 /* Wait for thermal sensor to calibrate. */ 4627 for (ntries = 0; ntries < 1000; ntries++) { 4628 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 4629 break; 4630 DELAY(10); 4631 } 4632 4633 if (ntries == 1000) { 4634 device_printf(sc->sc_dev, 4635 "timeout waiting for thermal sensor calibration\n"); 4636 return ETIMEDOUT; 4637 } 4638 4639 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d\n", sc->temp); 4640 return 0; 4641} 4642 4643/* 4644 * The firmware boot code is small and is intended to be copied directly into 4645 * the NIC internal memory (no DMA transfer). 4646 */ 4647static int 4648wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size) 4649{ 4650 int error, ntries; 4651 4652 DPRINTF(sc, WPI_DEBUG_HW, "Loading microcode size 0x%x\n", size); 4653 4654 size /= sizeof (uint32_t); 4655 4656 if ((error = wpi_nic_lock(sc)) != 0) 4657 return error; 4658 4659 /* Copy microcode image into NIC memory. */ 4660 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 4661 (const uint32_t *)ucode, size); 4662 4663 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 4664 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 4665 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 4666 4667 /* Start boot load now. */ 4668 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 4669 4670 /* Wait for transfer to complete. */ 4671 for (ntries = 0; ntries < 1000; ntries++) { 4672 uint32_t status = WPI_READ(sc, WPI_FH_TX_STATUS); 4673 DPRINTF(sc, WPI_DEBUG_HW, 4674 "firmware status=0x%x, val=0x%x, result=0x%x\n", status, 4675 WPI_FH_TX_STATUS_IDLE(6), 4676 status & WPI_FH_TX_STATUS_IDLE(6)); 4677 if (status & WPI_FH_TX_STATUS_IDLE(6)) { 4678 DPRINTF(sc, WPI_DEBUG_HW, 4679 "Status Match! - ntries = %d\n", ntries); 4680 break; 4681 } 4682 DELAY(10); 4683 } 4684 if (ntries == 1000) { 4685 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4686 __func__); 4687 wpi_nic_unlock(sc); 4688 return ETIMEDOUT; 4689 } 4690 4691 /* Enable boot after power up. */ 4692 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 4693 4694 wpi_nic_unlock(sc); 4695 return 0; 4696} 4697 4698static int 4699wpi_load_firmware(struct wpi_softc *sc) 4700{ 4701 struct wpi_fw_info *fw = &sc->fw; 4702 struct wpi_dma_info *dma = &sc->fw_dma; 4703 int error; 4704 4705 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4706 4707 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 4708 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 4709 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4710 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->init.text, fw->init.textsz); 4711 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4712 4713 /* Tell adapter where to find initialization sections. */ 4714 if ((error = wpi_nic_lock(sc)) != 0) 4715 return error; 4716 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4717 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 4718 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4719 dma->paddr + WPI_FW_DATA_MAXSZ); 4720 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 4721 wpi_nic_unlock(sc); 4722 4723 /* Load firmware boot code. */ 4724 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 4725 if (error != 0) { 4726 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4727 __func__); 4728 return error; 4729 } 4730 4731 /* Now press "execute". */ 4732 WPI_WRITE(sc, WPI_RESET, 0); 4733 4734 /* Wait at most one second for first alive notification. */ 4735 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 4736 device_printf(sc->sc_dev, 4737 "%s: timeout waiting for adapter to initialize, error %d\n", 4738 __func__, error); 4739 return error; 4740 } 4741 4742 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 4743 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 4744 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4745 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->main.text, fw->main.textsz); 4746 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4747 4748 /* Tell adapter where to find runtime sections. */ 4749 if ((error = wpi_nic_lock(sc)) != 0) 4750 return error; 4751 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4752 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 4753 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4754 dma->paddr + WPI_FW_DATA_MAXSZ); 4755 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 4756 WPI_FW_UPDATED | fw->main.textsz); 4757 wpi_nic_unlock(sc); 4758 4759 return 0; 4760} 4761 4762static int 4763wpi_read_firmware(struct wpi_softc *sc) 4764{ 4765 const struct firmware *fp; 4766 struct wpi_fw_info *fw = &sc->fw; 4767 const struct wpi_firmware_hdr *hdr; 4768 int error; 4769 4770 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4771 4772 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4773 "Attempting Loading Firmware from %s module\n", WPI_FW_NAME); 4774 4775 WPI_UNLOCK(sc); 4776 fp = firmware_get(WPI_FW_NAME); 4777 WPI_LOCK(sc); 4778 4779 if (fp == NULL) { 4780 device_printf(sc->sc_dev, 4781 "could not load firmware image '%s'\n", WPI_FW_NAME); 4782 return EINVAL; 4783 } 4784 4785 sc->fw_fp = fp; 4786 4787 if (fp->datasize < sizeof (struct wpi_firmware_hdr)) { 4788 device_printf(sc->sc_dev, 4789 "firmware file too short: %zu bytes\n", fp->datasize); 4790 error = EINVAL; 4791 goto fail; 4792 } 4793 4794 fw->size = fp->datasize; 4795 fw->data = (const uint8_t *)fp->data; 4796 4797 /* Extract firmware header information. */ 4798 hdr = (const struct wpi_firmware_hdr *)fw->data; 4799 4800 /* | RUNTIME FIRMWARE | INIT FIRMWARE | BOOT FW | 4801 |HDR|<--TEXT-->|<--DATA-->|<--TEXT-->|<--DATA-->|<--TEXT-->| */ 4802 4803 fw->main.textsz = le32toh(hdr->rtextsz); 4804 fw->main.datasz = le32toh(hdr->rdatasz); 4805 fw->init.textsz = le32toh(hdr->itextsz); 4806 fw->init.datasz = le32toh(hdr->idatasz); 4807 fw->boot.textsz = le32toh(hdr->btextsz); 4808 fw->boot.datasz = 0; 4809 4810 /* Sanity-check firmware header. */ 4811 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 4812 fw->main.datasz > WPI_FW_DATA_MAXSZ || 4813 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 4814 fw->init.datasz > WPI_FW_DATA_MAXSZ || 4815 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 4816 (fw->boot.textsz & 3) != 0) { 4817 device_printf(sc->sc_dev, "invalid firmware header\n"); 4818 error = EINVAL; 4819 goto fail; 4820 } 4821 4822 /* Check that all firmware sections fit. */ 4823 if (fw->size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 4824 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 4825 device_printf(sc->sc_dev, 4826 "firmware file too short: %zu bytes\n", fw->size); 4827 error = EINVAL; 4828 goto fail; 4829 } 4830 4831 /* Get pointers to firmware sections. */ 4832 fw->main.text = (const uint8_t *)(hdr + 1); 4833 fw->main.data = fw->main.text + fw->main.textsz; 4834 fw->init.text = fw->main.data + fw->main.datasz; 4835 fw->init.data = fw->init.text + fw->init.textsz; 4836 fw->boot.text = fw->init.data + fw->init.datasz; 4837 4838 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4839 "Firmware Version: Major %d, Minor %d, Driver %d, \n" 4840 "runtime (text: %u, data: %u) init (text: %u, data %u) " 4841 "boot (text %u)\n", hdr->major, hdr->minor, le32toh(hdr->driver), 4842 fw->main.textsz, fw->main.datasz, 4843 fw->init.textsz, fw->init.datasz, fw->boot.textsz); 4844 4845 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.text %p\n", fw->main.text); 4846 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.data %p\n", fw->main.data); 4847 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.text %p\n", fw->init.text); 4848 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.data %p\n", fw->init.data); 4849 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->boot.text %p\n", fw->boot.text); 4850 4851 return 0; 4852 4853fail: wpi_unload_firmware(sc); 4854 return error; 4855} 4856 4857/** 4858 * Free the referenced firmware image 4859 */ 4860static void 4861wpi_unload_firmware(struct wpi_softc *sc) 4862{ 4863 if (sc->fw_fp != NULL) { 4864 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD); 4865 sc->fw_fp = NULL; 4866 } 4867} 4868 4869static int 4870wpi_clock_wait(struct wpi_softc *sc) 4871{ 4872 int ntries; 4873 4874 /* Set "initialization complete" bit. */ 4875 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 4876 4877 /* Wait for clock stabilization. */ 4878 for (ntries = 0; ntries < 2500; ntries++) { 4879 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 4880 return 0; 4881 DELAY(100); 4882 } 4883 device_printf(sc->sc_dev, 4884 "%s: timeout waiting for clock stabilization\n", __func__); 4885 4886 return ETIMEDOUT; 4887} 4888 4889static int 4890wpi_apm_init(struct wpi_softc *sc) 4891{ 4892 uint32_t reg; 4893 int error; 4894 4895 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4896 4897 /* Disable L0s exit timer (NMI bug workaround). */ 4898 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_DIS_L0S_TIMER); 4899 /* Don't wait for ICH L0s (ICH bug workaround). */ 4900 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 4901 4902 /* Set FH wait threshold to max (HW bug under stress workaround). */ 4903 WPI_SETBITS(sc, WPI_DBG_HPET_MEM, 0xffff0000); 4904 4905 /* Cleanup. */ 4906 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 0x00000400); 4907 wpi_prph_clrbits(sc, WPI_APMG_PS, 0x00000E00); 4908 4909 /* Retrieve PCIe Active State Power Management (ASPM). */ 4910 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 4911 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */ 4912 if (reg & 0x02) /* L1 Entry enabled. */ 4913 WPI_SETBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4914 else 4915 WPI_CLRBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 4916 4917 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 4918 4919 /* Wait for clock stabilization before accessing prph. */ 4920 if ((error = wpi_clock_wait(sc)) != 0) 4921 return error; 4922 4923 if ((error = wpi_nic_lock(sc)) != 0) 4924 return error; 4925 /* Enable DMA and BSM (Bootstrap State Machine). */ 4926 wpi_prph_write(sc, WPI_APMG_CLK_EN, 4927 WPI_APMG_CLK_CTRL_DMA_CLK_RQT | WPI_APMG_CLK_CTRL_BSM_CLK_RQT); 4928 DELAY(20); 4929 /* Disable L1-Active. */ 4930 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 4931 wpi_nic_unlock(sc); 4932 4933 return 0; 4934} 4935 4936static void 4937wpi_apm_stop_master(struct wpi_softc *sc) 4938{ 4939 int ntries; 4940 4941 /* Stop busmaster DMA activity. */ 4942 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 4943 4944 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 4945 WPI_GP_CNTRL_MAC_PS) 4946 return; /* Already asleep. */ 4947 4948 for (ntries = 0; ntries < 100; ntries++) { 4949 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 4950 return; 4951 DELAY(10); 4952 } 4953 device_printf(sc->sc_dev, "%s: timeout waiting for master\n", 4954 __func__); 4955} 4956 4957static void 4958wpi_apm_stop(struct wpi_softc *sc) 4959{ 4960 wpi_apm_stop_master(sc); 4961 4962 /* Reset the entire device. */ 4963 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 4964 DELAY(10); 4965 /* Clear "initialization complete" bit. */ 4966 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 4967} 4968 4969static void 4970wpi_nic_config(struct wpi_softc *sc) 4971{ 4972 uint32_t rev; 4973 4974 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4975 4976 /* voodoo from the Linux "driver".. */ 4977 rev = pci_read_config(sc->sc_dev, PCIR_REVID, 1); 4978 if ((rev & 0xc0) == 0x40) 4979 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 4980 else if (!(rev & 0x80)) 4981 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 4982 4983 if (sc->cap == 0x80) 4984 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 4985 4986 if ((sc->rev & 0xf0) == 0xd0) 4987 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 4988 else 4989 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 4990 4991 if (sc->type > 1) 4992 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 4993} 4994 4995static int 4996wpi_hw_init(struct wpi_softc *sc) 4997{ 4998 int chnl, ntries, error; 4999 5000 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 5001 5002 /* Clear pending interrupts. */ 5003 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5004 5005 if ((error = wpi_apm_init(sc)) != 0) { 5006 device_printf(sc->sc_dev, 5007 "%s: could not power ON adapter, error %d\n", __func__, 5008 error); 5009 return error; 5010 } 5011 5012 /* Select VMAIN power source. */ 5013 if ((error = wpi_nic_lock(sc)) != 0) 5014 return error; 5015 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 5016 wpi_nic_unlock(sc); 5017 /* Spin until VMAIN gets selected. */ 5018 for (ntries = 0; ntries < 5000; ntries++) { 5019 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 5020 break; 5021 DELAY(10); 5022 } 5023 if (ntries == 5000) { 5024 device_printf(sc->sc_dev, "timeout selecting power source\n"); 5025 return ETIMEDOUT; 5026 } 5027 5028 /* Perform adapter initialization. */ 5029 wpi_nic_config(sc); 5030 5031 /* Initialize RX ring. */ 5032 if ((error = wpi_nic_lock(sc)) != 0) 5033 return error; 5034 /* Set physical address of RX ring. */ 5035 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 5036 /* Set physical address of RX read pointer. */ 5037 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 5038 offsetof(struct wpi_shared, next)); 5039 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 5040 /* Enable RX. */ 5041 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 5042 WPI_FH_RX_CONFIG_DMA_ENA | 5043 WPI_FH_RX_CONFIG_RDRBD_ENA | 5044 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 5045 WPI_FH_RX_CONFIG_MAXFRAG | 5046 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 5047 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 5048 WPI_FH_RX_CONFIG_IRQ_TIMEOUT(1)); 5049 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 5050 wpi_nic_unlock(sc); 5051 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 5052 5053 /* Initialize TX rings. */ 5054 if ((error = wpi_nic_lock(sc)) != 0) 5055 return error; 5056 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 5057 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 5058 /* Enable all 6 TX rings. */ 5059 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 5060 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 5061 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 5062 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 5063 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 5064 /* Set physical address of TX rings. */ 5065 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 5066 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 5067 5068 /* Enable all DMA channels. */ 5069 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5070 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 5071 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 5072 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 5073 } 5074 wpi_nic_unlock(sc); 5075 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 5076 5077 /* Clear "radio off" and "commands blocked" bits. */ 5078 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5079 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 5080 5081 /* Clear pending interrupts. */ 5082 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5083 /* Enable interrupts. */ 5084 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 5085 5086 /* _Really_ make sure "radio off" bit is cleared! */ 5087 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5088 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5089 5090 if ((error = wpi_load_firmware(sc)) != 0) { 5091 device_printf(sc->sc_dev, 5092 "%s: could not load firmware, error %d\n", __func__, 5093 error); 5094 return error; 5095 } 5096 /* Wait at most one second for firmware alive notification. */ 5097 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 5098 device_printf(sc->sc_dev, 5099 "%s: timeout waiting for adapter to initialize, error %d\n", 5100 __func__, error); 5101 return error; 5102 } 5103 5104 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5105 5106 /* Do post-firmware initialization. */ 5107 return wpi_post_alive(sc); 5108} 5109 5110static void 5111wpi_hw_stop(struct wpi_softc *sc) 5112{ 5113 int chnl, qid, ntries; 5114 5115 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5116 5117 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) 5118 wpi_nic_lock(sc); 5119 5120 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 5121 5122 /* Disable interrupts. */ 5123 WPI_WRITE(sc, WPI_INT_MASK, 0); 5124 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5125 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 5126 5127 /* Make sure we no longer hold the NIC lock. */ 5128 wpi_nic_unlock(sc); 5129 5130 if (wpi_nic_lock(sc) == 0) { 5131 /* Stop TX scheduler. */ 5132 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 5133 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 5134 5135 /* Stop all DMA channels. */ 5136 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5137 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 5138 for (ntries = 0; ntries < 200; ntries++) { 5139 if (WPI_READ(sc, WPI_FH_TX_STATUS) & 5140 WPI_FH_TX_STATUS_IDLE(chnl)) 5141 break; 5142 DELAY(10); 5143 } 5144 } 5145 wpi_nic_unlock(sc); 5146 } 5147 5148 /* Stop RX ring. */ 5149 wpi_reset_rx_ring(sc); 5150 5151 /* Reset all TX rings. */ 5152 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 5153 wpi_reset_tx_ring(sc, &sc->txq[qid]); 5154 5155 if (wpi_nic_lock(sc) == 0) { 5156 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 5157 WPI_APMG_CLK_CTRL_DMA_CLK_RQT); 5158 wpi_nic_unlock(sc); 5159 } 5160 DELAY(5); 5161 /* Power OFF adapter. */ 5162 wpi_apm_stop(sc); 5163} 5164 5165static void 5166wpi_radio_on(void *arg0, int pending) 5167{ 5168 struct wpi_softc *sc = arg0; 5169 struct ifnet *ifp = sc->sc_ifp; 5170 struct ieee80211com *ic = ifp->if_l2com; 5171 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5172 5173 device_printf(sc->sc_dev, "RF switch: radio enabled\n"); 5174 5175 if (vap != NULL) { 5176 wpi_init(sc); 5177 ieee80211_init(vap); 5178 } 5179 5180 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL) { 5181 WPI_LOCK(sc); 5182 callout_stop(&sc->watchdog_rfkill); 5183 WPI_UNLOCK(sc); 5184 } 5185} 5186 5187static void 5188wpi_radio_off(void *arg0, int pending) 5189{ 5190 struct wpi_softc *sc = arg0; 5191 struct ifnet *ifp = sc->sc_ifp; 5192 struct ieee80211com *ic = ifp->if_l2com; 5193 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5194 5195 device_printf(sc->sc_dev, "RF switch: radio disabled\n"); 5196 5197 wpi_stop(sc); 5198 if (vap != NULL) 5199 ieee80211_stop(vap); 5200 5201 WPI_LOCK(sc); 5202 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, sc); 5203 WPI_UNLOCK(sc); 5204} 5205 5206static void 5207wpi_init(void *arg) 5208{ 5209 struct wpi_softc *sc = arg; 5210 struct ifnet *ifp = sc->sc_ifp; 5211 struct ieee80211com *ic = ifp->if_l2com; 5212 int error; 5213 5214 WPI_LOCK(sc); 5215 5216 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 5217 5218 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) 5219 goto end; 5220 5221 /* Check that the radio is not disabled by hardware switch. */ 5222 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 5223 device_printf(sc->sc_dev, 5224 "RF switch: radio disabled (%s)\n", __func__); 5225 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 5226 sc); 5227 goto end; 5228 } 5229 5230 /* Read firmware images from the filesystem. */ 5231 if ((error = wpi_read_firmware(sc)) != 0) { 5232 device_printf(sc->sc_dev, 5233 "%s: could not read firmware, error %d\n", __func__, 5234 error); 5235 goto fail; 5236 } 5237 5238 /* Initialize hardware and upload firmware. */ 5239 error = wpi_hw_init(sc); 5240 wpi_unload_firmware(sc); 5241 if (error != 0) { 5242 device_printf(sc->sc_dev, 5243 "%s: could not initialize hardware, error %d\n", __func__, 5244 error); 5245 goto fail; 5246 } 5247 5248 /* Configure adapter now that it is ready. */ 5249 sc->txq_active = 1; 5250 if ((error = wpi_config(sc)) != 0) { 5251 device_printf(sc->sc_dev, 5252 "%s: could not configure device, error %d\n", __func__, 5253 error); 5254 goto fail; 5255 } 5256 5257 IF_LOCK(&ifp->if_snd); 5258 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 5259 ifp->if_drv_flags |= IFF_DRV_RUNNING; 5260 IF_UNLOCK(&ifp->if_snd); 5261 5262 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5263 5264 WPI_UNLOCK(sc); 5265 5266 ieee80211_start_all(ic); 5267 5268 return; 5269 5270fail: wpi_stop_locked(sc); 5271end: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 5272 WPI_UNLOCK(sc); 5273} 5274 5275static void 5276wpi_stop_locked(struct wpi_softc *sc) 5277{ 5278 struct ifnet *ifp = sc->sc_ifp; 5279 5280 WPI_LOCK_ASSERT(sc); 5281 5282 WPI_TXQ_LOCK(sc); 5283 sc->txq_active = 0; 5284 WPI_TXQ_UNLOCK(sc); 5285 5286 WPI_TXQ_STATE_LOCK(sc); 5287 callout_stop(&sc->tx_timeout); 5288 WPI_TXQ_STATE_UNLOCK(sc); 5289 5290 WPI_RXON_LOCK(sc); 5291 callout_stop(&sc->scan_timeout); 5292 callout_stop(&sc->calib_to); 5293 WPI_RXON_UNLOCK(sc); 5294 5295 IF_LOCK(&ifp->if_snd); 5296 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 5297 IF_UNLOCK(&ifp->if_snd); 5298 5299 /* Power OFF hardware. */ 5300 wpi_hw_stop(sc); 5301} 5302 5303static void 5304wpi_stop(struct wpi_softc *sc) 5305{ 5306 WPI_LOCK(sc); 5307 wpi_stop_locked(sc); 5308 WPI_UNLOCK(sc); 5309} 5310 5311/* 5312 * Callback from net80211 to start a scan. 5313 */ 5314static void 5315wpi_scan_start(struct ieee80211com *ic) 5316{ 5317 struct wpi_softc *sc = ic->ic_ifp->if_softc; 5318 5319 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 5320} 5321 5322/* 5323 * Callback from net80211 to terminate a scan. 5324 */ 5325static void 5326wpi_scan_end(struct ieee80211com *ic) 5327{ 5328 struct ifnet *ifp = ic->ic_ifp; 5329 struct wpi_softc *sc = ifp->if_softc; 5330 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5331 5332 if (vap->iv_state == IEEE80211_S_RUN) 5333 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 5334} 5335 5336/** 5337 * Called by the net80211 framework to indicate to the driver 5338 * that the channel should be changed 5339 */ 5340static void 5341wpi_set_channel(struct ieee80211com *ic) 5342{ 5343 const struct ieee80211_channel *c = ic->ic_curchan; 5344 struct ifnet *ifp = ic->ic_ifp; 5345 struct wpi_softc *sc = ifp->if_softc; 5346 int error; 5347 5348 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5349 5350 WPI_LOCK(sc); 5351 sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq); 5352 sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags); 5353 sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq); 5354 sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags); 5355 WPI_UNLOCK(sc); 5356 5357 /* 5358 * Only need to set the channel in Monitor mode. AP scanning and auth 5359 * are already taken care of by their respective firmware commands. 5360 */ 5361 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 5362 WPI_RXON_LOCK(sc); 5363 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 5364 if (IEEE80211_IS_CHAN_2GHZ(c)) { 5365 sc->rxon.flags |= htole32(WPI_RXON_AUTO | 5366 WPI_RXON_24GHZ); 5367 } else { 5368 sc->rxon.flags &= ~htole32(WPI_RXON_AUTO | 5369 WPI_RXON_24GHZ); 5370 } 5371 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) 5372 device_printf(sc->sc_dev, 5373 "%s: error %d setting channel\n", __func__, 5374 error); 5375 WPI_RXON_UNLOCK(sc); 5376 } 5377} 5378 5379/** 5380 * Called by net80211 to indicate that we need to scan the current 5381 * channel. The channel is previously be set via the wpi_set_channel 5382 * callback. 5383 */ 5384static void 5385wpi_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 5386{ 5387 struct ieee80211vap *vap = ss->ss_vap; 5388 struct ieee80211com *ic = vap->iv_ic; 5389 struct wpi_softc *sc = ic->ic_ifp->if_softc; 5390 int error; 5391 5392 WPI_RXON_LOCK(sc); 5393 if (sc->rxon.chan != ieee80211_chan2ieee(ic, ic->ic_curchan)) { 5394 error = wpi_scan(sc, ic->ic_curchan); 5395 WPI_RXON_UNLOCK(sc); 5396 if (error != 0) 5397 ieee80211_cancel_scan(vap); 5398 } else { 5399 WPI_RXON_UNLOCK(sc); 5400 /* Send probe request when associated. */ 5401 sc->sc_scan_curchan(ss, maxdwell); 5402 } 5403} 5404 5405/** 5406 * Called by the net80211 framework to indicate 5407 * the minimum dwell time has been met, terminate the scan. 5408 * We don't actually terminate the scan as the firmware will notify 5409 * us when it's finished and we have no way to interrupt it. 5410 */ 5411static void 5412wpi_scan_mindwell(struct ieee80211_scan_state *ss) 5413{ 5414 /* NB: don't try to abort scan; wait for firmware to finish */ 5415} 5416 5417static void 5418wpi_hw_reset(void *arg, int pending) 5419{ 5420 struct wpi_softc *sc = arg; 5421 struct ifnet *ifp = sc->sc_ifp; 5422 struct ieee80211com *ic = ifp->if_l2com; 5423 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5424 5425 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5426 5427 if (vap != NULL && (ic->ic_flags & IEEE80211_F_SCAN)) 5428 ieee80211_cancel_scan(vap); 5429 5430 wpi_stop(sc); 5431 if (vap != NULL) 5432 ieee80211_stop(vap); 5433 wpi_init(sc); 5434 if (vap != NULL) 5435 ieee80211_init(vap); 5436} 5437