if_wpi.c revision 289125
1/*- 2 * Copyright (c) 2006,2007 3 * Damien Bergamini <damien.bergamini@free.fr> 4 * Benjamin Close <Benjamin.Close@clearchain.com> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/cdefs.h> 20__FBSDID("$FreeBSD: head/sys/dev/wpi/if_wpi.c 289125 2015-10-11 01:50:54Z adrian $"); 21 22/* 23 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters. 24 * 25 * The 3945ABG network adapter doesn't use traditional hardware as 26 * many other adaptors do. Instead at run time the eeprom is set into a known 27 * state and told to load boot firmware. The boot firmware loads an init and a 28 * main binary firmware image into SRAM on the card via DMA. 29 * Once the firmware is loaded, the driver/hw then 30 * communicate by way of circular dma rings via the SRAM to the firmware. 31 * 32 * There is 6 memory rings. 1 command ring, 1 rx data ring & 4 tx data rings. 33 * The 4 tx data rings allow for prioritization QoS. 34 * 35 * The rx data ring consists of 32 dma buffers. Two registers are used to 36 * indicate where in the ring the driver and the firmware are up to. The 37 * driver sets the initial read index (reg1) and the initial write index (reg2), 38 * the firmware updates the read index (reg1) on rx of a packet and fires an 39 * interrupt. The driver then processes the buffers starting at reg1 indicating 40 * to the firmware which buffers have been accessed by updating reg2. At the 41 * same time allocating new memory for the processed buffer. 42 * 43 * A similar thing happens with the tx rings. The difference is the firmware 44 * stop processing buffers once the queue is full and until confirmation 45 * of a successful transmition (tx_done) has occurred. 46 * 47 * The command ring operates in the same manner as the tx queues. 48 * 49 * All communication direct to the card (ie eeprom) is classed as Stage1 50 * communication 51 * 52 * All communication via the firmware to the card is classed as State2. 53 * The firmware consists of 2 parts. A bootstrap firmware and a runtime 54 * firmware. The bootstrap firmware and runtime firmware are loaded 55 * from host memory via dma to the card then told to execute. From this point 56 * on the majority of communications between the driver and the card goes 57 * via the firmware. 58 */ 59 60#include "opt_wlan.h" 61#include "opt_wpi.h" 62 63#include <sys/param.h> 64#include <sys/sysctl.h> 65#include <sys/sockio.h> 66#include <sys/mbuf.h> 67#include <sys/kernel.h> 68#include <sys/socket.h> 69#include <sys/systm.h> 70#include <sys/malloc.h> 71#include <sys/queue.h> 72#include <sys/taskqueue.h> 73#include <sys/module.h> 74#include <sys/bus.h> 75#include <sys/endian.h> 76#include <sys/linker.h> 77#include <sys/firmware.h> 78 79#include <machine/bus.h> 80#include <machine/resource.h> 81#include <sys/rman.h> 82 83#include <dev/pci/pcireg.h> 84#include <dev/pci/pcivar.h> 85 86#include <net/bpf.h> 87#include <net/if.h> 88#include <net/if_var.h> 89#include <net/if_arp.h> 90#include <net/ethernet.h> 91#include <net/if_dl.h> 92#include <net/if_media.h> 93#include <net/if_types.h> 94 95#include <netinet/in.h> 96#include <netinet/in_systm.h> 97#include <netinet/in_var.h> 98#include <netinet/if_ether.h> 99#include <netinet/ip.h> 100 101#include <net80211/ieee80211_var.h> 102#include <net80211/ieee80211_radiotap.h> 103#include <net80211/ieee80211_regdomain.h> 104#include <net80211/ieee80211_ratectl.h> 105 106#include <dev/wpi/if_wpireg.h> 107#include <dev/wpi/if_wpivar.h> 108#include <dev/wpi/if_wpi_debug.h> 109 110struct wpi_ident { 111 uint16_t vendor; 112 uint16_t device; 113 uint16_t subdevice; 114 const char *name; 115}; 116 117static const struct wpi_ident wpi_ident_table[] = { 118 /* The below entries support ABG regardless of the subid */ 119 { 0x8086, 0x4222, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 120 { 0x8086, 0x4227, 0x0, "Intel(R) PRO/Wireless 3945ABG" }, 121 /* The below entries only support BG */ 122 { 0x8086, 0x4222, 0x1005, "Intel(R) PRO/Wireless 3945BG" }, 123 { 0x8086, 0x4222, 0x1034, "Intel(R) PRO/Wireless 3945BG" }, 124 { 0x8086, 0x4227, 0x1014, "Intel(R) PRO/Wireless 3945BG" }, 125 { 0x8086, 0x4222, 0x1044, "Intel(R) PRO/Wireless 3945BG" }, 126 { 0, 0, 0, NULL } 127}; 128 129static int wpi_probe(device_t); 130static int wpi_attach(device_t); 131static void wpi_radiotap_attach(struct wpi_softc *); 132static void wpi_sysctlattach(struct wpi_softc *); 133static void wpi_init_beacon(struct wpi_vap *); 134static struct ieee80211vap *wpi_vap_create(struct ieee80211com *, 135 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 136 const uint8_t [IEEE80211_ADDR_LEN], 137 const uint8_t [IEEE80211_ADDR_LEN]); 138static void wpi_vap_delete(struct ieee80211vap *); 139static int wpi_detach(device_t); 140static int wpi_shutdown(device_t); 141static int wpi_suspend(device_t); 142static int wpi_resume(device_t); 143static int wpi_nic_lock(struct wpi_softc *); 144static int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int); 145static void wpi_dma_map_addr(void *, bus_dma_segment_t *, int, int); 146static int wpi_dma_contig_alloc(struct wpi_softc *, struct wpi_dma_info *, 147 void **, bus_size_t, bus_size_t); 148static void wpi_dma_contig_free(struct wpi_dma_info *); 149static int wpi_alloc_shared(struct wpi_softc *); 150static void wpi_free_shared(struct wpi_softc *); 151static int wpi_alloc_fwmem(struct wpi_softc *); 152static void wpi_free_fwmem(struct wpi_softc *); 153static int wpi_alloc_rx_ring(struct wpi_softc *); 154static void wpi_update_rx_ring(struct wpi_softc *); 155static void wpi_update_rx_ring_ps(struct wpi_softc *); 156static void wpi_reset_rx_ring(struct wpi_softc *); 157static void wpi_free_rx_ring(struct wpi_softc *); 158static int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *, 159 uint8_t); 160static void wpi_update_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 161static void wpi_update_tx_ring_ps(struct wpi_softc *, 162 struct wpi_tx_ring *); 163static void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 164static void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *); 165static int wpi_read_eeprom(struct wpi_softc *, 166 uint8_t macaddr[IEEE80211_ADDR_LEN]); 167static uint32_t wpi_eeprom_channel_flags(struct wpi_eeprom_chan *); 168static void wpi_read_eeprom_band(struct wpi_softc *, uint8_t); 169static int wpi_read_eeprom_channels(struct wpi_softc *, uint8_t); 170static struct wpi_eeprom_chan *wpi_find_eeprom_channel(struct wpi_softc *, 171 struct ieee80211_channel *); 172static int wpi_setregdomain(struct ieee80211com *, 173 struct ieee80211_regdomain *, int, 174 struct ieee80211_channel[]); 175static int wpi_read_eeprom_group(struct wpi_softc *, uint8_t); 176static struct ieee80211_node *wpi_node_alloc(struct ieee80211vap *, 177 const uint8_t mac[IEEE80211_ADDR_LEN]); 178static void wpi_node_free(struct ieee80211_node *); 179static void wpi_ibss_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 180 const struct ieee80211_rx_stats *, 181 int, int); 182static void wpi_restore_node(void *, struct ieee80211_node *); 183static void wpi_restore_node_table(struct wpi_softc *, struct wpi_vap *); 184static int wpi_newstate(struct ieee80211vap *, enum ieee80211_state, int); 185static void wpi_calib_timeout(void *); 186static void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *, 187 struct wpi_rx_data *); 188static void wpi_rx_statistics(struct wpi_softc *, struct wpi_rx_desc *, 189 struct wpi_rx_data *); 190static void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *); 191static void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *); 192static void wpi_notif_intr(struct wpi_softc *); 193static void wpi_wakeup_intr(struct wpi_softc *); 194#ifdef WPI_DEBUG 195static void wpi_debug_registers(struct wpi_softc *); 196#endif 197static void wpi_fatal_intr(struct wpi_softc *); 198static void wpi_intr(void *); 199static int wpi_cmd2(struct wpi_softc *, struct wpi_buf *); 200static int wpi_tx_data(struct wpi_softc *, struct mbuf *, 201 struct ieee80211_node *); 202static int wpi_tx_data_raw(struct wpi_softc *, struct mbuf *, 203 struct ieee80211_node *, 204 const struct ieee80211_bpf_params *); 205static int wpi_raw_xmit(struct ieee80211_node *, struct mbuf *, 206 const struct ieee80211_bpf_params *); 207static int wpi_transmit(struct ieee80211com *, struct mbuf *); 208static void wpi_watchdog_rfkill(void *); 209static void wpi_scan_timeout(void *); 210static void wpi_tx_timeout(void *); 211static void wpi_parent(struct ieee80211com *); 212static int wpi_cmd(struct wpi_softc *, uint8_t, const void *, uint16_t, 213 int); 214static int wpi_mrr_setup(struct wpi_softc *); 215static int wpi_add_node(struct wpi_softc *, struct ieee80211_node *); 216static int wpi_add_broadcast_node(struct wpi_softc *, int); 217static int wpi_add_ibss_node(struct wpi_softc *, struct ieee80211_node *); 218static void wpi_del_node(struct wpi_softc *, struct ieee80211_node *); 219static int wpi_updateedca(struct ieee80211com *); 220static void wpi_set_promisc(struct wpi_softc *); 221static void wpi_update_promisc(struct ieee80211com *); 222static void wpi_update_mcast(struct ieee80211com *); 223static void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t); 224static int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *); 225static void wpi_power_calibration(struct wpi_softc *); 226static int wpi_set_txpower(struct wpi_softc *, int); 227static int wpi_get_power_index(struct wpi_softc *, 228 struct wpi_power_group *, uint8_t, int, int); 229static int wpi_set_pslevel(struct wpi_softc *, uint8_t, int, int); 230static int wpi_send_btcoex(struct wpi_softc *); 231static int wpi_send_rxon(struct wpi_softc *, int, int); 232static int wpi_config(struct wpi_softc *); 233static uint16_t wpi_get_active_dwell_time(struct wpi_softc *, 234 struct ieee80211_channel *, uint8_t); 235static uint16_t wpi_limit_dwell(struct wpi_softc *, uint16_t); 236static uint16_t wpi_get_passive_dwell_time(struct wpi_softc *, 237 struct ieee80211_channel *); 238static uint32_t wpi_get_scan_pause_time(uint32_t, uint16_t); 239static int wpi_scan(struct wpi_softc *, struct ieee80211_channel *); 240static int wpi_auth(struct wpi_softc *, struct ieee80211vap *); 241static int wpi_config_beacon(struct wpi_vap *); 242static int wpi_setup_beacon(struct wpi_softc *, struct ieee80211_node *); 243static void wpi_update_beacon(struct ieee80211vap *, int); 244static void wpi_newassoc(struct ieee80211_node *, int); 245static int wpi_run(struct wpi_softc *, struct ieee80211vap *); 246static int wpi_load_key(struct ieee80211_node *, 247 const struct ieee80211_key *); 248static void wpi_load_key_cb(void *, struct ieee80211_node *); 249static int wpi_set_global_keys(struct ieee80211_node *); 250static int wpi_del_key(struct ieee80211_node *, 251 const struct ieee80211_key *); 252static void wpi_del_key_cb(void *, struct ieee80211_node *); 253static int wpi_process_key(struct ieee80211vap *, 254 const struct ieee80211_key *, int); 255static int wpi_key_set(struct ieee80211vap *, 256 const struct ieee80211_key *); 257static int wpi_key_delete(struct ieee80211vap *, 258 const struct ieee80211_key *); 259static int wpi_post_alive(struct wpi_softc *); 260static int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, 261 uint32_t); 262static int wpi_load_firmware(struct wpi_softc *); 263static int wpi_read_firmware(struct wpi_softc *); 264static void wpi_unload_firmware(struct wpi_softc *); 265static int wpi_clock_wait(struct wpi_softc *); 266static int wpi_apm_init(struct wpi_softc *); 267static void wpi_apm_stop_master(struct wpi_softc *); 268static void wpi_apm_stop(struct wpi_softc *); 269static void wpi_nic_config(struct wpi_softc *); 270static int wpi_hw_init(struct wpi_softc *); 271static void wpi_hw_stop(struct wpi_softc *); 272static void wpi_radio_on(void *, int); 273static void wpi_radio_off(void *, int); 274static int wpi_init(struct wpi_softc *); 275static void wpi_stop_locked(struct wpi_softc *); 276static void wpi_stop(struct wpi_softc *); 277static void wpi_scan_start(struct ieee80211com *); 278static void wpi_scan_end(struct ieee80211com *); 279static void wpi_set_channel(struct ieee80211com *); 280static void wpi_scan_curchan(struct ieee80211_scan_state *, unsigned long); 281static void wpi_scan_mindwell(struct ieee80211_scan_state *); 282static void wpi_hw_reset(void *, int); 283 284static device_method_t wpi_methods[] = { 285 /* Device interface */ 286 DEVMETHOD(device_probe, wpi_probe), 287 DEVMETHOD(device_attach, wpi_attach), 288 DEVMETHOD(device_detach, wpi_detach), 289 DEVMETHOD(device_shutdown, wpi_shutdown), 290 DEVMETHOD(device_suspend, wpi_suspend), 291 DEVMETHOD(device_resume, wpi_resume), 292 293 DEVMETHOD_END 294}; 295 296static driver_t wpi_driver = { 297 "wpi", 298 wpi_methods, 299 sizeof (struct wpi_softc) 300}; 301static devclass_t wpi_devclass; 302 303DRIVER_MODULE(wpi, pci, wpi_driver, wpi_devclass, NULL, NULL); 304 305MODULE_VERSION(wpi, 1); 306 307MODULE_DEPEND(wpi, pci, 1, 1, 1); 308MODULE_DEPEND(wpi, wlan, 1, 1, 1); 309MODULE_DEPEND(wpi, firmware, 1, 1, 1); 310 311static int 312wpi_probe(device_t dev) 313{ 314 const struct wpi_ident *ident; 315 316 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 317 if (pci_get_vendor(dev) == ident->vendor && 318 pci_get_device(dev) == ident->device) { 319 device_set_desc(dev, ident->name); 320 return (BUS_PROBE_DEFAULT); 321 } 322 } 323 return ENXIO; 324} 325 326static int 327wpi_attach(device_t dev) 328{ 329 struct wpi_softc *sc = (struct wpi_softc *)device_get_softc(dev); 330 struct ieee80211com *ic; 331 uint8_t i; 332 int error, rid; 333#ifdef WPI_DEBUG 334 int supportsa = 1; 335 const struct wpi_ident *ident; 336#endif 337 338 sc->sc_dev = dev; 339 340#ifdef WPI_DEBUG 341 error = resource_int_value(device_get_name(sc->sc_dev), 342 device_get_unit(sc->sc_dev), "debug", &(sc->sc_debug)); 343 if (error != 0) 344 sc->sc_debug = 0; 345#else 346 sc->sc_debug = 0; 347#endif 348 349 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 350 351 /* 352 * Get the offset of the PCI Express Capability Structure in PCI 353 * Configuration Space. 354 */ 355 error = pci_find_cap(dev, PCIY_EXPRESS, &sc->sc_cap_off); 356 if (error != 0) { 357 device_printf(dev, "PCIe capability structure not found!\n"); 358 return error; 359 } 360 361 /* 362 * Some card's only support 802.11b/g not a, check to see if 363 * this is one such card. A 0x0 in the subdevice table indicates 364 * the entire subdevice range is to be ignored. 365 */ 366#ifdef WPI_DEBUG 367 for (ident = wpi_ident_table; ident->name != NULL; ident++) { 368 if (ident->subdevice && 369 pci_get_subdevice(dev) == ident->subdevice) { 370 supportsa = 0; 371 break; 372 } 373 } 374#endif 375 376 /* Clear device-specific "PCI retry timeout" register (41h). */ 377 pci_write_config(dev, 0x41, 0, 1); 378 379 /* Enable bus-mastering. */ 380 pci_enable_busmaster(dev); 381 382 rid = PCIR_BAR(0); 383 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, 384 RF_ACTIVE); 385 if (sc->mem == NULL) { 386 device_printf(dev, "can't map mem space\n"); 387 return ENOMEM; 388 } 389 sc->sc_st = rman_get_bustag(sc->mem); 390 sc->sc_sh = rman_get_bushandle(sc->mem); 391 392 rid = 1; 393 if (pci_alloc_msi(dev, &rid) == 0) 394 rid = 1; 395 else 396 rid = 0; 397 /* Install interrupt handler. */ 398 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE | 399 (rid != 0 ? 0 : RF_SHAREABLE)); 400 if (sc->irq == NULL) { 401 device_printf(dev, "can't map interrupt\n"); 402 error = ENOMEM; 403 goto fail; 404 } 405 406 WPI_LOCK_INIT(sc); 407 WPI_TX_LOCK_INIT(sc); 408 WPI_RXON_LOCK_INIT(sc); 409 WPI_NT_LOCK_INIT(sc); 410 WPI_TXQ_LOCK_INIT(sc); 411 WPI_TXQ_STATE_LOCK_INIT(sc); 412 413 /* Allocate DMA memory for firmware transfers. */ 414 if ((error = wpi_alloc_fwmem(sc)) != 0) { 415 device_printf(dev, 416 "could not allocate memory for firmware, error %d\n", 417 error); 418 goto fail; 419 } 420 421 /* Allocate shared page. */ 422 if ((error = wpi_alloc_shared(sc)) != 0) { 423 device_printf(dev, "could not allocate shared page\n"); 424 goto fail; 425 } 426 427 /* Allocate TX rings - 4 for QoS purposes, 1 for commands. */ 428 for (i = 0; i < WPI_NTXQUEUES; i++) { 429 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 430 device_printf(dev, 431 "could not allocate TX ring %d, error %d\n", i, 432 error); 433 goto fail; 434 } 435 } 436 437 /* Allocate RX ring. */ 438 if ((error = wpi_alloc_rx_ring(sc)) != 0) { 439 device_printf(dev, "could not allocate RX ring, error %d\n", 440 error); 441 goto fail; 442 } 443 444 /* Clear pending interrupts. */ 445 WPI_WRITE(sc, WPI_INT, 0xffffffff); 446 447 ic = &sc->sc_ic; 448 ic->ic_softc = sc; 449 ic->ic_name = device_get_nameunit(dev); 450 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 451 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 452 453 /* Set device capabilities. */ 454 ic->ic_caps = 455 IEEE80211_C_STA /* station mode supported */ 456 | IEEE80211_C_IBSS /* IBSS mode supported */ 457 | IEEE80211_C_HOSTAP /* Host access point mode */ 458 | IEEE80211_C_MONITOR /* monitor mode supported */ 459 | IEEE80211_C_AHDEMO /* adhoc demo mode */ 460 | IEEE80211_C_BGSCAN /* capable of bg scanning */ 461 | IEEE80211_C_TXPMGT /* tx power management */ 462 | IEEE80211_C_SHSLOT /* short slot time supported */ 463 | IEEE80211_C_WPA /* 802.11i */ 464 | IEEE80211_C_SHPREAMBLE /* short preamble supported */ 465 | IEEE80211_C_WME /* 802.11e */ 466 | IEEE80211_C_PMGT /* Station-side power mgmt */ 467 ; 468 469 ic->ic_cryptocaps = 470 IEEE80211_CRYPTO_AES_CCM; 471 472 /* 473 * Read in the eeprom and also setup the channels for 474 * net80211. We don't set the rates as net80211 does this for us 475 */ 476 if ((error = wpi_read_eeprom(sc, ic->ic_macaddr)) != 0) { 477 device_printf(dev, "could not read EEPROM, error %d\n", 478 error); 479 goto fail; 480 } 481 482#ifdef WPI_DEBUG 483 if (bootverbose) { 484 device_printf(sc->sc_dev, "Regulatory Domain: %.4s\n", 485 sc->domain); 486 device_printf(sc->sc_dev, "Hardware Type: %c\n", 487 sc->type > 1 ? 'B': '?'); 488 device_printf(sc->sc_dev, "Hardware Revision: %c\n", 489 ((sc->rev & 0xf0) == 0xd0) ? 'D': '?'); 490 device_printf(sc->sc_dev, "SKU %s support 802.11a\n", 491 supportsa ? "does" : "does not"); 492 493 /* XXX hw_config uses the PCIDEV for the Hardware rev. Must 494 check what sc->rev really represents - benjsc 20070615 */ 495 } 496#endif 497 498 ieee80211_ifattach(ic); 499 ic->ic_vap_create = wpi_vap_create; 500 ic->ic_vap_delete = wpi_vap_delete; 501 ic->ic_parent = wpi_parent; 502 ic->ic_raw_xmit = wpi_raw_xmit; 503 ic->ic_transmit = wpi_transmit; 504 ic->ic_node_alloc = wpi_node_alloc; 505 sc->sc_node_free = ic->ic_node_free; 506 ic->ic_node_free = wpi_node_free; 507 ic->ic_wme.wme_update = wpi_updateedca; 508 ic->ic_update_promisc = wpi_update_promisc; 509 ic->ic_update_mcast = wpi_update_mcast; 510 ic->ic_newassoc = wpi_newassoc; 511 ic->ic_scan_start = wpi_scan_start; 512 ic->ic_scan_end = wpi_scan_end; 513 ic->ic_set_channel = wpi_set_channel; 514 ic->ic_scan_curchan = wpi_scan_curchan; 515 ic->ic_scan_mindwell = wpi_scan_mindwell; 516 ic->ic_setregdomain = wpi_setregdomain; 517 518 sc->sc_update_rx_ring = wpi_update_rx_ring; 519 sc->sc_update_tx_ring = wpi_update_tx_ring; 520 521 wpi_radiotap_attach(sc); 522 523 callout_init_mtx(&sc->calib_to, &sc->rxon_mtx, 0); 524 callout_init_mtx(&sc->scan_timeout, &sc->rxon_mtx, 0); 525 callout_init_mtx(&sc->tx_timeout, &sc->txq_state_mtx, 0); 526 callout_init_mtx(&sc->watchdog_rfkill, &sc->sc_mtx, 0); 527 TASK_INIT(&sc->sc_reinittask, 0, wpi_hw_reset, sc); 528 TASK_INIT(&sc->sc_radiooff_task, 0, wpi_radio_off, sc); 529 TASK_INIT(&sc->sc_radioon_task, 0, wpi_radio_on, sc); 530 531 sc->sc_tq = taskqueue_create("wpi_taskq", M_WAITOK, 532 taskqueue_thread_enqueue, &sc->sc_tq); 533 error = taskqueue_start_threads(&sc->sc_tq, 1, 0, "wpi_taskq"); 534 if (error != 0) { 535 device_printf(dev, "can't start threads, error %d\n", error); 536 goto fail; 537 } 538 539 wpi_sysctlattach(sc); 540 541 /* 542 * Hook our interrupt after all initialization is complete. 543 */ 544 error = bus_setup_intr(dev, sc->irq, INTR_TYPE_NET | INTR_MPSAFE, 545 NULL, wpi_intr, sc, &sc->sc_ih); 546 if (error != 0) { 547 device_printf(dev, "can't establish interrupt, error %d\n", 548 error); 549 goto fail; 550 } 551 552 if (bootverbose) 553 ieee80211_announce(ic); 554 555#ifdef WPI_DEBUG 556 if (sc->sc_debug & WPI_DEBUG_HW) 557 ieee80211_announce_channels(ic); 558#endif 559 560 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 561 return 0; 562 563fail: wpi_detach(dev); 564 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 565 return error; 566} 567 568/* 569 * Attach the interface to 802.11 radiotap. 570 */ 571static void 572wpi_radiotap_attach(struct wpi_softc *sc) 573{ 574 struct wpi_rx_radiotap_header *rxtap = &sc->sc_rxtap; 575 struct wpi_tx_radiotap_header *txtap = &sc->sc_txtap; 576 577 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 578 ieee80211_radiotap_attach(&sc->sc_ic, 579 &txtap->wt_ihdr, sizeof(*txtap), WPI_TX_RADIOTAP_PRESENT, 580 &rxtap->wr_ihdr, sizeof(*rxtap), WPI_RX_RADIOTAP_PRESENT); 581 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 582} 583 584static void 585wpi_sysctlattach(struct wpi_softc *sc) 586{ 587#ifdef WPI_DEBUG 588 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev); 589 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev); 590 591 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, 592 "debug", CTLFLAG_RW, &sc->sc_debug, sc->sc_debug, 593 "control debugging printfs"); 594#endif 595} 596 597static void 598wpi_init_beacon(struct wpi_vap *wvp) 599{ 600 struct wpi_buf *bcn = &wvp->wv_bcbuf; 601 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 602 603 cmd->id = WPI_ID_BROADCAST; 604 cmd->ofdm_mask = 0xff; 605 cmd->cck_mask = 0x0f; 606 cmd->lifetime = htole32(WPI_LIFETIME_INFINITE); 607 608 /* 609 * XXX WPI_TX_AUTO_SEQ seems to be ignored - workaround this issue 610 * XXX by using WPI_TX_NEED_ACK instead (with some side effects). 611 */ 612 cmd->flags = htole32(WPI_TX_NEED_ACK | WPI_TX_INSERT_TSTAMP); 613 614 bcn->code = WPI_CMD_SET_BEACON; 615 bcn->ac = WPI_CMD_QUEUE_NUM; 616 bcn->size = sizeof(struct wpi_cmd_beacon); 617} 618 619static struct ieee80211vap * 620wpi_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 621 enum ieee80211_opmode opmode, int flags, 622 const uint8_t bssid[IEEE80211_ADDR_LEN], 623 const uint8_t mac[IEEE80211_ADDR_LEN]) 624{ 625 struct wpi_vap *wvp; 626 struct ieee80211vap *vap; 627 628 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 629 return NULL; 630 631 wvp = malloc(sizeof(struct wpi_vap), M_80211_VAP, M_WAITOK | M_ZERO); 632 vap = &wvp->wv_vap; 633 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 634 635 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) { 636 WPI_VAP_LOCK_INIT(wvp); 637 wpi_init_beacon(wvp); 638 } 639 640 /* Override with driver methods. */ 641 vap->iv_key_set = wpi_key_set; 642 vap->iv_key_delete = wpi_key_delete; 643 if (opmode == IEEE80211_M_IBSS) { 644 wvp->wv_recv_mgmt = vap->iv_recv_mgmt; 645 vap->iv_recv_mgmt = wpi_ibss_recv_mgmt; 646 } 647 wvp->wv_newstate = vap->iv_newstate; 648 vap->iv_newstate = wpi_newstate; 649 vap->iv_update_beacon = wpi_update_beacon; 650 vap->iv_max_aid = WPI_ID_IBSS_MAX - WPI_ID_IBSS_MIN + 1; 651 652 ieee80211_ratectl_init(vap); 653 /* Complete setup. */ 654 ieee80211_vap_attach(vap, ieee80211_media_change, 655 ieee80211_media_status, mac); 656 ic->ic_opmode = opmode; 657 return vap; 658} 659 660static void 661wpi_vap_delete(struct ieee80211vap *vap) 662{ 663 struct wpi_vap *wvp = WPI_VAP(vap); 664 struct wpi_buf *bcn = &wvp->wv_bcbuf; 665 enum ieee80211_opmode opmode = vap->iv_opmode; 666 667 ieee80211_ratectl_deinit(vap); 668 ieee80211_vap_detach(vap); 669 670 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) { 671 if (bcn->m != NULL) 672 m_freem(bcn->m); 673 674 WPI_VAP_LOCK_DESTROY(wvp); 675 } 676 677 free(wvp, M_80211_VAP); 678} 679 680static int 681wpi_detach(device_t dev) 682{ 683 struct wpi_softc *sc = device_get_softc(dev); 684 struct ieee80211com *ic = &sc->sc_ic; 685 uint8_t qid; 686 687 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 688 689 if (ic->ic_vap_create == wpi_vap_create) { 690 ieee80211_draintask(ic, &sc->sc_radioon_task); 691 692 wpi_stop(sc); 693 694 if (sc->sc_tq != NULL) { 695 taskqueue_drain_all(sc->sc_tq); 696 taskqueue_free(sc->sc_tq); 697 } 698 699 callout_drain(&sc->watchdog_rfkill); 700 callout_drain(&sc->tx_timeout); 701 callout_drain(&sc->scan_timeout); 702 callout_drain(&sc->calib_to); 703 ieee80211_ifdetach(ic); 704 } 705 706 /* Uninstall interrupt handler. */ 707 if (sc->irq != NULL) { 708 bus_teardown_intr(dev, sc->irq, sc->sc_ih); 709 bus_release_resource(dev, SYS_RES_IRQ, rman_get_rid(sc->irq), 710 sc->irq); 711 pci_release_msi(dev); 712 } 713 714 if (sc->txq[0].data_dmat) { 715 /* Free DMA resources. */ 716 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 717 wpi_free_tx_ring(sc, &sc->txq[qid]); 718 719 wpi_free_rx_ring(sc); 720 wpi_free_shared(sc); 721 } 722 723 if (sc->fw_dma.tag) 724 wpi_free_fwmem(sc); 725 726 if (sc->mem != NULL) 727 bus_release_resource(dev, SYS_RES_MEMORY, 728 rman_get_rid(sc->mem), sc->mem); 729 730 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 731 WPI_TXQ_STATE_LOCK_DESTROY(sc); 732 WPI_TXQ_LOCK_DESTROY(sc); 733 WPI_NT_LOCK_DESTROY(sc); 734 WPI_RXON_LOCK_DESTROY(sc); 735 WPI_TX_LOCK_DESTROY(sc); 736 WPI_LOCK_DESTROY(sc); 737 return 0; 738} 739 740static int 741wpi_shutdown(device_t dev) 742{ 743 struct wpi_softc *sc = device_get_softc(dev); 744 745 wpi_stop(sc); 746 return 0; 747} 748 749static int 750wpi_suspend(device_t dev) 751{ 752 struct wpi_softc *sc = device_get_softc(dev); 753 struct ieee80211com *ic = &sc->sc_ic; 754 755 ieee80211_suspend_all(ic); 756 return 0; 757} 758 759static int 760wpi_resume(device_t dev) 761{ 762 struct wpi_softc *sc = device_get_softc(dev); 763 struct ieee80211com *ic = &sc->sc_ic; 764 765 /* Clear device-specific "PCI retry timeout" register (41h). */ 766 pci_write_config(dev, 0x41, 0, 1); 767 768 ieee80211_resume_all(ic); 769 return 0; 770} 771 772/* 773 * Grab exclusive access to NIC memory. 774 */ 775static int 776wpi_nic_lock(struct wpi_softc *sc) 777{ 778 int ntries; 779 780 /* Request exclusive access to NIC. */ 781 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 782 783 /* Spin until we actually get the lock. */ 784 for (ntries = 0; ntries < 1000; ntries++) { 785 if ((WPI_READ(sc, WPI_GP_CNTRL) & 786 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) == 787 WPI_GP_CNTRL_MAC_ACCESS_ENA) 788 return 0; 789 DELAY(10); 790 } 791 792 device_printf(sc->sc_dev, "could not lock memory\n"); 793 794 return ETIMEDOUT; 795} 796 797/* 798 * Release lock on NIC memory. 799 */ 800static __inline void 801wpi_nic_unlock(struct wpi_softc *sc) 802{ 803 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 804} 805 806static __inline uint32_t 807wpi_prph_read(struct wpi_softc *sc, uint32_t addr) 808{ 809 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr); 810 WPI_BARRIER_READ_WRITE(sc); 811 return WPI_READ(sc, WPI_PRPH_RDATA); 812} 813 814static __inline void 815wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data) 816{ 817 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr); 818 WPI_BARRIER_WRITE(sc); 819 WPI_WRITE(sc, WPI_PRPH_WDATA, data); 820} 821 822static __inline void 823wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 824{ 825 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask); 826} 827 828static __inline void 829wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask) 830{ 831 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask); 832} 833 834static __inline void 835wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr, 836 const uint32_t *data, uint32_t count) 837{ 838 for (; count != 0; count--, data++, addr += 4) 839 wpi_prph_write(sc, addr, *data); 840} 841 842static __inline uint32_t 843wpi_mem_read(struct wpi_softc *sc, uint32_t addr) 844{ 845 WPI_WRITE(sc, WPI_MEM_RADDR, addr); 846 WPI_BARRIER_READ_WRITE(sc); 847 return WPI_READ(sc, WPI_MEM_RDATA); 848} 849 850static __inline void 851wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data, 852 int count) 853{ 854 for (; count > 0; count--, addr += 4) 855 *data++ = wpi_mem_read(sc, addr); 856} 857 858static int 859wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count) 860{ 861 uint8_t *out = data; 862 uint32_t val; 863 int error, ntries; 864 865 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 866 867 if ((error = wpi_nic_lock(sc)) != 0) 868 return error; 869 870 for (; count > 0; count -= 2, addr++) { 871 WPI_WRITE(sc, WPI_EEPROM, addr << 2); 872 for (ntries = 0; ntries < 10; ntries++) { 873 val = WPI_READ(sc, WPI_EEPROM); 874 if (val & WPI_EEPROM_READ_VALID) 875 break; 876 DELAY(5); 877 } 878 if (ntries == 10) { 879 device_printf(sc->sc_dev, 880 "timeout reading ROM at 0x%x\n", addr); 881 return ETIMEDOUT; 882 } 883 *out++= val >> 16; 884 if (count > 1) 885 *out ++= val >> 24; 886 } 887 888 wpi_nic_unlock(sc); 889 890 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 891 892 return 0; 893} 894 895static void 896wpi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 897{ 898 if (error != 0) 899 return; 900 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs)); 901 *(bus_addr_t *)arg = segs[0].ds_addr; 902} 903 904/* 905 * Allocates a contiguous block of dma memory of the requested size and 906 * alignment. 907 */ 908static int 909wpi_dma_contig_alloc(struct wpi_softc *sc, struct wpi_dma_info *dma, 910 void **kvap, bus_size_t size, bus_size_t alignment) 911{ 912 int error; 913 914 dma->tag = NULL; 915 dma->size = size; 916 917 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment, 918 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size, 919 1, size, BUS_DMA_NOWAIT, NULL, NULL, &dma->tag); 920 if (error != 0) 921 goto fail; 922 923 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr, 924 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map); 925 if (error != 0) 926 goto fail; 927 928 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size, 929 wpi_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT); 930 if (error != 0) 931 goto fail; 932 933 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 934 935 if (kvap != NULL) 936 *kvap = dma->vaddr; 937 938 return 0; 939 940fail: wpi_dma_contig_free(dma); 941 return error; 942} 943 944static void 945wpi_dma_contig_free(struct wpi_dma_info *dma) 946{ 947 if (dma->vaddr != NULL) { 948 bus_dmamap_sync(dma->tag, dma->map, 949 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 950 bus_dmamap_unload(dma->tag, dma->map); 951 bus_dmamem_free(dma->tag, dma->vaddr, dma->map); 952 dma->vaddr = NULL; 953 } 954 if (dma->tag != NULL) { 955 bus_dma_tag_destroy(dma->tag); 956 dma->tag = NULL; 957 } 958} 959 960/* 961 * Allocate a shared page between host and NIC. 962 */ 963static int 964wpi_alloc_shared(struct wpi_softc *sc) 965{ 966 /* Shared buffer must be aligned on a 4KB boundary. */ 967 return wpi_dma_contig_alloc(sc, &sc->shared_dma, 968 (void **)&sc->shared, sizeof (struct wpi_shared), 4096); 969} 970 971static void 972wpi_free_shared(struct wpi_softc *sc) 973{ 974 wpi_dma_contig_free(&sc->shared_dma); 975} 976 977/* 978 * Allocate DMA-safe memory for firmware transfer. 979 */ 980static int 981wpi_alloc_fwmem(struct wpi_softc *sc) 982{ 983 /* Must be aligned on a 16-byte boundary. */ 984 return wpi_dma_contig_alloc(sc, &sc->fw_dma, NULL, 985 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16); 986} 987 988static void 989wpi_free_fwmem(struct wpi_softc *sc) 990{ 991 wpi_dma_contig_free(&sc->fw_dma); 992} 993 994static int 995wpi_alloc_rx_ring(struct wpi_softc *sc) 996{ 997 struct wpi_rx_ring *ring = &sc->rxq; 998 bus_size_t size; 999 int i, error; 1000 1001 ring->cur = 0; 1002 ring->update = 0; 1003 1004 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1005 1006 /* Allocate RX descriptors (16KB aligned.) */ 1007 size = WPI_RX_RING_COUNT * sizeof (uint32_t); 1008 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, 1009 (void **)&ring->desc, size, WPI_RING_DMA_ALIGN); 1010 if (error != 0) { 1011 device_printf(sc->sc_dev, 1012 "%s: could not allocate RX ring DMA memory, error %d\n", 1013 __func__, error); 1014 goto fail; 1015 } 1016 1017 /* Create RX buffer DMA tag. */ 1018 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1019 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 1020 MJUMPAGESIZE, 1, MJUMPAGESIZE, BUS_DMA_NOWAIT, NULL, NULL, 1021 &ring->data_dmat); 1022 if (error != 0) { 1023 device_printf(sc->sc_dev, 1024 "%s: could not create RX buf DMA tag, error %d\n", 1025 __func__, error); 1026 goto fail; 1027 } 1028 1029 /* 1030 * Allocate and map RX buffers. 1031 */ 1032 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1033 struct wpi_rx_data *data = &ring->data[i]; 1034 bus_addr_t paddr; 1035 1036 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1037 if (error != 0) { 1038 device_printf(sc->sc_dev, 1039 "%s: could not create RX buf DMA map, error %d\n", 1040 __func__, error); 1041 goto fail; 1042 } 1043 1044 data->m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1045 if (data->m == NULL) { 1046 device_printf(sc->sc_dev, 1047 "%s: could not allocate RX mbuf\n", __func__); 1048 error = ENOBUFS; 1049 goto fail; 1050 } 1051 1052 error = bus_dmamap_load(ring->data_dmat, data->map, 1053 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1054 &paddr, BUS_DMA_NOWAIT); 1055 if (error != 0 && error != EFBIG) { 1056 device_printf(sc->sc_dev, 1057 "%s: can't map mbuf (error %d)\n", __func__, 1058 error); 1059 goto fail; 1060 } 1061 1062 /* Set physical address of RX buffer. */ 1063 ring->desc[i] = htole32(paddr); 1064 } 1065 1066 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1067 BUS_DMASYNC_PREWRITE); 1068 1069 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1070 1071 return 0; 1072 1073fail: wpi_free_rx_ring(sc); 1074 1075 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1076 1077 return error; 1078} 1079 1080static void 1081wpi_update_rx_ring(struct wpi_softc *sc) 1082{ 1083 WPI_WRITE(sc, WPI_FH_RX_WPTR, sc->rxq.cur & ~7); 1084} 1085 1086static void 1087wpi_update_rx_ring_ps(struct wpi_softc *sc) 1088{ 1089 struct wpi_rx_ring *ring = &sc->rxq; 1090 1091 if (ring->update != 0) { 1092 /* Wait for INT_WAKEUP event. */ 1093 return; 1094 } 1095 1096 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1097 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_SLEEP) { 1098 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s: wakeup request\n", 1099 __func__); 1100 ring->update = 1; 1101 } else { 1102 wpi_update_rx_ring(sc); 1103 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1104 } 1105} 1106 1107static void 1108wpi_reset_rx_ring(struct wpi_softc *sc) 1109{ 1110 struct wpi_rx_ring *ring = &sc->rxq; 1111 int ntries; 1112 1113 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1114 1115 if (wpi_nic_lock(sc) == 0) { 1116 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0); 1117 for (ntries = 0; ntries < 1000; ntries++) { 1118 if (WPI_READ(sc, WPI_FH_RX_STATUS) & 1119 WPI_FH_RX_STATUS_IDLE) 1120 break; 1121 DELAY(10); 1122 } 1123 wpi_nic_unlock(sc); 1124 } 1125 1126 ring->cur = 0; 1127 ring->update = 0; 1128} 1129 1130static void 1131wpi_free_rx_ring(struct wpi_softc *sc) 1132{ 1133 struct wpi_rx_ring *ring = &sc->rxq; 1134 int i; 1135 1136 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1137 1138 wpi_dma_contig_free(&ring->desc_dma); 1139 1140 for (i = 0; i < WPI_RX_RING_COUNT; i++) { 1141 struct wpi_rx_data *data = &ring->data[i]; 1142 1143 if (data->m != NULL) { 1144 bus_dmamap_sync(ring->data_dmat, data->map, 1145 BUS_DMASYNC_POSTREAD); 1146 bus_dmamap_unload(ring->data_dmat, data->map); 1147 m_freem(data->m); 1148 data->m = NULL; 1149 } 1150 if (data->map != NULL) 1151 bus_dmamap_destroy(ring->data_dmat, data->map); 1152 } 1153 if (ring->data_dmat != NULL) { 1154 bus_dma_tag_destroy(ring->data_dmat); 1155 ring->data_dmat = NULL; 1156 } 1157} 1158 1159static int 1160wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, uint8_t qid) 1161{ 1162 bus_addr_t paddr; 1163 bus_size_t size; 1164 int i, error; 1165 1166 ring->qid = qid; 1167 ring->queued = 0; 1168 ring->cur = 0; 1169 ring->update = 0; 1170 1171 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1172 1173 /* Allocate TX descriptors (16KB aligned.) */ 1174 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc); 1175 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc, 1176 size, WPI_RING_DMA_ALIGN); 1177 if (error != 0) { 1178 device_printf(sc->sc_dev, 1179 "%s: could not allocate TX ring DMA memory, error %d\n", 1180 __func__, error); 1181 goto fail; 1182 } 1183 1184 /* Update shared area with ring physical address. */ 1185 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr); 1186 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 1187 BUS_DMASYNC_PREWRITE); 1188 1189 /* 1190 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 1191 * to allocate commands space for other rings. 1192 * XXX Do we really need to allocate descriptors for other rings? 1193 */ 1194 if (qid > WPI_CMD_QUEUE_NUM) { 1195 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1196 return 0; 1197 } 1198 1199 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd); 1200 error = wpi_dma_contig_alloc(sc, &ring->cmd_dma, (void **)&ring->cmd, 1201 size, 4); 1202 if (error != 0) { 1203 device_printf(sc->sc_dev, 1204 "%s: could not allocate TX cmd DMA memory, error %d\n", 1205 __func__, error); 1206 goto fail; 1207 } 1208 1209 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 1210 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1211 WPI_MAX_SCATTER - 1, MCLBYTES, BUS_DMA_NOWAIT, NULL, NULL, 1212 &ring->data_dmat); 1213 if (error != 0) { 1214 device_printf(sc->sc_dev, 1215 "%s: could not create TX buf DMA tag, error %d\n", 1216 __func__, error); 1217 goto fail; 1218 } 1219 1220 paddr = ring->cmd_dma.paddr; 1221 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1222 struct wpi_tx_data *data = &ring->data[i]; 1223 1224 data->cmd_paddr = paddr; 1225 paddr += sizeof (struct wpi_tx_cmd); 1226 1227 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 1228 if (error != 0) { 1229 device_printf(sc->sc_dev, 1230 "%s: could not create TX buf DMA map, error %d\n", 1231 __func__, error); 1232 goto fail; 1233 } 1234 } 1235 1236 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1237 1238 return 0; 1239 1240fail: wpi_free_tx_ring(sc, ring); 1241 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1242 return error; 1243} 1244 1245static void 1246wpi_update_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1247{ 1248 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 1249} 1250 1251static void 1252wpi_update_tx_ring_ps(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1253{ 1254 1255 if (ring->update != 0) { 1256 /* Wait for INT_WAKEUP event. */ 1257 return; 1258 } 1259 1260 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1261 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_SLEEP) { 1262 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s (%d): requesting wakeup\n", 1263 __func__, ring->qid); 1264 ring->update = 1; 1265 } else { 1266 wpi_update_tx_ring(sc, ring); 1267 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 1268 } 1269} 1270 1271static void 1272wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1273{ 1274 int i; 1275 1276 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1277 1278 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1279 struct wpi_tx_data *data = &ring->data[i]; 1280 1281 if (data->m != NULL) { 1282 bus_dmamap_sync(ring->data_dmat, data->map, 1283 BUS_DMASYNC_POSTWRITE); 1284 bus_dmamap_unload(ring->data_dmat, data->map); 1285 m_freem(data->m); 1286 data->m = NULL; 1287 } 1288 if (data->ni != NULL) { 1289 ieee80211_free_node(data->ni); 1290 data->ni = NULL; 1291 } 1292 } 1293 /* Clear TX descriptors. */ 1294 memset(ring->desc, 0, ring->desc_dma.size); 1295 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1296 BUS_DMASYNC_PREWRITE); 1297 ring->queued = 0; 1298 ring->cur = 0; 1299 ring->update = 0; 1300} 1301 1302static void 1303wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring) 1304{ 1305 int i; 1306 1307 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 1308 1309 wpi_dma_contig_free(&ring->desc_dma); 1310 wpi_dma_contig_free(&ring->cmd_dma); 1311 1312 for (i = 0; i < WPI_TX_RING_COUNT; i++) { 1313 struct wpi_tx_data *data = &ring->data[i]; 1314 1315 if (data->m != NULL) { 1316 bus_dmamap_sync(ring->data_dmat, data->map, 1317 BUS_DMASYNC_POSTWRITE); 1318 bus_dmamap_unload(ring->data_dmat, data->map); 1319 m_freem(data->m); 1320 } 1321 if (data->map != NULL) 1322 bus_dmamap_destroy(ring->data_dmat, data->map); 1323 } 1324 if (ring->data_dmat != NULL) { 1325 bus_dma_tag_destroy(ring->data_dmat); 1326 ring->data_dmat = NULL; 1327 } 1328} 1329 1330/* 1331 * Extract various information from EEPROM. 1332 */ 1333static int 1334wpi_read_eeprom(struct wpi_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN]) 1335{ 1336#define WPI_CHK(res) do { \ 1337 if ((error = res) != 0) \ 1338 goto fail; \ 1339} while (0) 1340 uint8_t i; 1341 int error; 1342 1343 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1344 1345 /* Adapter has to be powered on for EEPROM access to work. */ 1346 if ((error = wpi_apm_init(sc)) != 0) { 1347 device_printf(sc->sc_dev, 1348 "%s: could not power ON adapter, error %d\n", __func__, 1349 error); 1350 return error; 1351 } 1352 1353 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) { 1354 device_printf(sc->sc_dev, "bad EEPROM signature\n"); 1355 error = EIO; 1356 goto fail; 1357 } 1358 /* Clear HW ownership of EEPROM. */ 1359 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER); 1360 1361 /* Read the hardware capabilities, revision and SKU type. */ 1362 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_SKU_CAP, &sc->cap, 1363 sizeof(sc->cap))); 1364 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev, 1365 sizeof(sc->rev))); 1366 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type, 1367 sizeof(sc->type))); 1368 1369 sc->rev = le16toh(sc->rev); 1370 DPRINTF(sc, WPI_DEBUG_EEPROM, "cap=%x rev=%x type=%x\n", sc->cap, 1371 sc->rev, sc->type); 1372 1373 /* Read the regulatory domain (4 ASCII characters.) */ 1374 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, sc->domain, 1375 sizeof(sc->domain))); 1376 1377 /* Read MAC address. */ 1378 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_MAC, macaddr, 1379 IEEE80211_ADDR_LEN)); 1380 1381 /* Read the list of authorized channels. */ 1382 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++) 1383 WPI_CHK(wpi_read_eeprom_channels(sc, i)); 1384 1385 /* Read the list of TX power groups. */ 1386 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++) 1387 WPI_CHK(wpi_read_eeprom_group(sc, i)); 1388 1389fail: wpi_apm_stop(sc); /* Power OFF adapter. */ 1390 1391 DPRINTF(sc, WPI_DEBUG_TRACE, error ? TRACE_STR_END_ERR : TRACE_STR_END, 1392 __func__); 1393 1394 return error; 1395#undef WPI_CHK 1396} 1397 1398/* 1399 * Translate EEPROM flags to net80211. 1400 */ 1401static uint32_t 1402wpi_eeprom_channel_flags(struct wpi_eeprom_chan *channel) 1403{ 1404 uint32_t nflags; 1405 1406 nflags = 0; 1407 if ((channel->flags & WPI_EEPROM_CHAN_ACTIVE) == 0) 1408 nflags |= IEEE80211_CHAN_PASSIVE; 1409 if ((channel->flags & WPI_EEPROM_CHAN_IBSS) == 0) 1410 nflags |= IEEE80211_CHAN_NOADHOC; 1411 if (channel->flags & WPI_EEPROM_CHAN_RADAR) { 1412 nflags |= IEEE80211_CHAN_DFS; 1413 /* XXX apparently IBSS may still be marked */ 1414 nflags |= IEEE80211_CHAN_NOADHOC; 1415 } 1416 1417 /* XXX HOSTAP uses WPI_MODE_IBSS */ 1418 if (nflags & IEEE80211_CHAN_NOADHOC) 1419 nflags |= IEEE80211_CHAN_NOHOSTAP; 1420 1421 return nflags; 1422} 1423 1424static void 1425wpi_read_eeprom_band(struct wpi_softc *sc, uint8_t n) 1426{ 1427 struct ieee80211com *ic = &sc->sc_ic; 1428 struct wpi_eeprom_chan *channels = sc->eeprom_channels[n]; 1429 const struct wpi_chan_band *band = &wpi_bands[n]; 1430 struct ieee80211_channel *c; 1431 uint32_t nflags; 1432 uint8_t chan, i; 1433 1434 for (i = 0; i < band->nchan; i++) { 1435 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) { 1436 DPRINTF(sc, WPI_DEBUG_EEPROM, 1437 "Channel Not Valid: %d, band %d\n", 1438 band->chan[i],n); 1439 continue; 1440 } 1441 1442 chan = band->chan[i]; 1443 nflags = wpi_eeprom_channel_flags(&channels[i]); 1444 1445 c = &ic->ic_channels[ic->ic_nchans++]; 1446 c->ic_ieee = chan; 1447 c->ic_maxregpower = channels[i].maxpwr; 1448 c->ic_maxpower = 2*c->ic_maxregpower; 1449 1450 if (n == 0) { /* 2GHz band */ 1451 c->ic_freq = ieee80211_ieee2mhz(chan, 1452 IEEE80211_CHAN_G); 1453 1454 /* G =>'s B is supported */ 1455 c->ic_flags = IEEE80211_CHAN_B | nflags; 1456 c = &ic->ic_channels[ic->ic_nchans++]; 1457 c[0] = c[-1]; 1458 c->ic_flags = IEEE80211_CHAN_G | nflags; 1459 } else { /* 5GHz band */ 1460 c->ic_freq = ieee80211_ieee2mhz(chan, 1461 IEEE80211_CHAN_A); 1462 1463 c->ic_flags = IEEE80211_CHAN_A | nflags; 1464 } 1465 1466 /* Save maximum allowed TX power for this channel. */ 1467 sc->maxpwr[chan] = channels[i].maxpwr; 1468 1469 DPRINTF(sc, WPI_DEBUG_EEPROM, 1470 "adding chan %d (%dMHz) flags=0x%x maxpwr=%d passive=%d," 1471 " offset %d\n", chan, c->ic_freq, 1472 channels[i].flags, sc->maxpwr[chan], 1473 IEEE80211_IS_CHAN_PASSIVE(c), ic->ic_nchans); 1474 } 1475} 1476 1477/** 1478 * Read the eeprom to find out what channels are valid for the given 1479 * band and update net80211 with what we find. 1480 */ 1481static int 1482wpi_read_eeprom_channels(struct wpi_softc *sc, uint8_t n) 1483{ 1484 struct ieee80211com *ic = &sc->sc_ic; 1485 const struct wpi_chan_band *band = &wpi_bands[n]; 1486 int error; 1487 1488 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1489 1490 error = wpi_read_prom_data(sc, band->addr, &sc->eeprom_channels[n], 1491 band->nchan * sizeof (struct wpi_eeprom_chan)); 1492 if (error != 0) { 1493 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1494 return error; 1495 } 1496 1497 wpi_read_eeprom_band(sc, n); 1498 1499 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans); 1500 1501 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1502 1503 return 0; 1504} 1505 1506static struct wpi_eeprom_chan * 1507wpi_find_eeprom_channel(struct wpi_softc *sc, struct ieee80211_channel *c) 1508{ 1509 int i, j; 1510 1511 for (j = 0; j < WPI_CHAN_BANDS_COUNT; j++) 1512 for (i = 0; i < wpi_bands[j].nchan; i++) 1513 if (wpi_bands[j].chan[i] == c->ic_ieee) 1514 return &sc->eeprom_channels[j][i]; 1515 1516 return NULL; 1517} 1518 1519/* 1520 * Enforce flags read from EEPROM. 1521 */ 1522static int 1523wpi_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd, 1524 int nchan, struct ieee80211_channel chans[]) 1525{ 1526 struct wpi_softc *sc = ic->ic_softc; 1527 int i; 1528 1529 for (i = 0; i < nchan; i++) { 1530 struct ieee80211_channel *c = &chans[i]; 1531 struct wpi_eeprom_chan *channel; 1532 1533 channel = wpi_find_eeprom_channel(sc, c); 1534 if (channel == NULL) { 1535 ic_printf(ic, "%s: invalid channel %u freq %u/0x%x\n", 1536 __func__, c->ic_ieee, c->ic_freq, c->ic_flags); 1537 return EINVAL; 1538 } 1539 c->ic_flags |= wpi_eeprom_channel_flags(channel); 1540 } 1541 1542 return 0; 1543} 1544 1545static int 1546wpi_read_eeprom_group(struct wpi_softc *sc, uint8_t n) 1547{ 1548 struct wpi_power_group *group = &sc->groups[n]; 1549 struct wpi_eeprom_group rgroup; 1550 int i, error; 1551 1552 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1553 1554 if ((error = wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32, 1555 &rgroup, sizeof rgroup)) != 0) { 1556 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1557 return error; 1558 } 1559 1560 /* Save TX power group information. */ 1561 group->chan = rgroup.chan; 1562 group->maxpwr = rgroup.maxpwr; 1563 /* Retrieve temperature at which the samples were taken. */ 1564 group->temp = (int16_t)le16toh(rgroup.temp); 1565 1566 DPRINTF(sc, WPI_DEBUG_EEPROM, 1567 "power group %d: chan=%d maxpwr=%d temp=%d\n", n, group->chan, 1568 group->maxpwr, group->temp); 1569 1570 for (i = 0; i < WPI_SAMPLES_COUNT; i++) { 1571 group->samples[i].index = rgroup.samples[i].index; 1572 group->samples[i].power = rgroup.samples[i].power; 1573 1574 DPRINTF(sc, WPI_DEBUG_EEPROM, 1575 "\tsample %d: index=%d power=%d\n", i, 1576 group->samples[i].index, group->samples[i].power); 1577 } 1578 1579 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1580 1581 return 0; 1582} 1583 1584static __inline uint8_t 1585wpi_add_node_entry_adhoc(struct wpi_softc *sc) 1586{ 1587 uint8_t newid = WPI_ID_IBSS_MIN; 1588 1589 for (; newid <= WPI_ID_IBSS_MAX; newid++) { 1590 if ((sc->nodesmsk & (1 << newid)) == 0) { 1591 sc->nodesmsk |= 1 << newid; 1592 return newid; 1593 } 1594 } 1595 1596 return WPI_ID_UNDEFINED; 1597} 1598 1599static __inline uint8_t 1600wpi_add_node_entry_sta(struct wpi_softc *sc) 1601{ 1602 sc->nodesmsk |= 1 << WPI_ID_BSS; 1603 1604 return WPI_ID_BSS; 1605} 1606 1607static __inline int 1608wpi_check_node_entry(struct wpi_softc *sc, uint8_t id) 1609{ 1610 if (id == WPI_ID_UNDEFINED) 1611 return 0; 1612 1613 return (sc->nodesmsk >> id) & 1; 1614} 1615 1616static __inline void 1617wpi_clear_node_table(struct wpi_softc *sc) 1618{ 1619 sc->nodesmsk = 0; 1620} 1621 1622static __inline void 1623wpi_del_node_entry(struct wpi_softc *sc, uint8_t id) 1624{ 1625 sc->nodesmsk &= ~(1 << id); 1626} 1627 1628static struct ieee80211_node * 1629wpi_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1630{ 1631 struct wpi_node *wn; 1632 1633 wn = malloc(sizeof (struct wpi_node), M_80211_NODE, 1634 M_NOWAIT | M_ZERO); 1635 1636 if (wn == NULL) 1637 return NULL; 1638 1639 wn->id = WPI_ID_UNDEFINED; 1640 1641 return &wn->ni; 1642} 1643 1644static void 1645wpi_node_free(struct ieee80211_node *ni) 1646{ 1647 struct wpi_softc *sc = ni->ni_ic->ic_softc; 1648 struct wpi_node *wn = WPI_NODE(ni); 1649 1650 if (wn->id != WPI_ID_UNDEFINED) { 1651 WPI_NT_LOCK(sc); 1652 if (wpi_check_node_entry(sc, wn->id)) { 1653 wpi_del_node_entry(sc, wn->id); 1654 wpi_del_node(sc, ni); 1655 } 1656 WPI_NT_UNLOCK(sc); 1657 } 1658 1659 sc->sc_node_free(ni); 1660} 1661 1662static __inline int 1663wpi_check_bss_filter(struct wpi_softc *sc) 1664{ 1665 return (sc->rxon.filter & htole32(WPI_FILTER_BSS)) != 0; 1666} 1667 1668static void 1669wpi_ibss_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 1670 const struct ieee80211_rx_stats *rxs, 1671 int rssi, int nf) 1672{ 1673 struct ieee80211vap *vap = ni->ni_vap; 1674 struct wpi_softc *sc = vap->iv_ic->ic_softc; 1675 struct wpi_vap *wvp = WPI_VAP(vap); 1676 uint64_t ni_tstamp, rx_tstamp; 1677 1678 wvp->wv_recv_mgmt(ni, m, subtype, rxs, rssi, nf); 1679 1680 if (vap->iv_state == IEEE80211_S_RUN && 1681 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 1682 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 1683 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 1684 rx_tstamp = le64toh(sc->rx_tstamp); 1685 1686 if (ni_tstamp >= rx_tstamp) { 1687 DPRINTF(sc, WPI_DEBUG_STATE, 1688 "ibss merge, tsf %ju tstamp %ju\n", 1689 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 1690 (void) ieee80211_ibss_merge(ni); 1691 } 1692 } 1693} 1694 1695static void 1696wpi_restore_node(void *arg, struct ieee80211_node *ni) 1697{ 1698 struct wpi_softc *sc = arg; 1699 struct wpi_node *wn = WPI_NODE(ni); 1700 int error; 1701 1702 WPI_NT_LOCK(sc); 1703 if (wn->id != WPI_ID_UNDEFINED) { 1704 wn->id = WPI_ID_UNDEFINED; 1705 if ((error = wpi_add_ibss_node(sc, ni)) != 0) { 1706 device_printf(sc->sc_dev, 1707 "%s: could not add IBSS node, error %d\n", 1708 __func__, error); 1709 } 1710 } 1711 WPI_NT_UNLOCK(sc); 1712} 1713 1714static void 1715wpi_restore_node_table(struct wpi_softc *sc, struct wpi_vap *wvp) 1716{ 1717 struct ieee80211com *ic = &sc->sc_ic; 1718 1719 /* Set group keys once. */ 1720 WPI_NT_LOCK(sc); 1721 wvp->wv_gtk = 0; 1722 WPI_NT_UNLOCK(sc); 1723 1724 ieee80211_iterate_nodes(&ic->ic_sta, wpi_restore_node, sc); 1725 ieee80211_crypto_reload_keys(ic); 1726} 1727 1728/** 1729 * Called by net80211 when ever there is a change to 80211 state machine 1730 */ 1731static int 1732wpi_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1733{ 1734 struct wpi_vap *wvp = WPI_VAP(vap); 1735 struct ieee80211com *ic = vap->iv_ic; 1736 struct wpi_softc *sc = ic->ic_softc; 1737 int error = 0; 1738 1739 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 1740 1741 WPI_TXQ_LOCK(sc); 1742 if (nstate > IEEE80211_S_INIT && sc->sc_running == 0) { 1743 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1744 WPI_TXQ_UNLOCK(sc); 1745 1746 return ENXIO; 1747 } 1748 WPI_TXQ_UNLOCK(sc); 1749 1750 DPRINTF(sc, WPI_DEBUG_STATE, "%s: %s -> %s\n", __func__, 1751 ieee80211_state_name[vap->iv_state], 1752 ieee80211_state_name[nstate]); 1753 1754 if (vap->iv_state == IEEE80211_S_RUN && nstate < IEEE80211_S_RUN) { 1755 if ((error = wpi_set_pslevel(sc, 0, 0, 1)) != 0) { 1756 device_printf(sc->sc_dev, 1757 "%s: could not set power saving level\n", 1758 __func__); 1759 return error; 1760 } 1761 1762 wpi_set_led(sc, WPI_LED_LINK, 1, 0); 1763 } 1764 1765 switch (nstate) { 1766 case IEEE80211_S_SCAN: 1767 WPI_RXON_LOCK(sc); 1768 if (wpi_check_bss_filter(sc) != 0) { 1769 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1770 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 1771 device_printf(sc->sc_dev, 1772 "%s: could not send RXON\n", __func__); 1773 } 1774 } 1775 WPI_RXON_UNLOCK(sc); 1776 break; 1777 1778 case IEEE80211_S_ASSOC: 1779 if (vap->iv_state != IEEE80211_S_RUN) 1780 break; 1781 /* FALLTHROUGH */ 1782 case IEEE80211_S_AUTH: 1783 /* 1784 * NB: do not optimize AUTH -> AUTH state transmission - 1785 * this will break powersave with non-QoS AP! 1786 */ 1787 1788 /* 1789 * The node must be registered in the firmware before auth. 1790 * Also the associd must be cleared on RUN -> ASSOC 1791 * transitions. 1792 */ 1793 if ((error = wpi_auth(sc, vap)) != 0) { 1794 device_printf(sc->sc_dev, 1795 "%s: could not move to AUTH state, error %d\n", 1796 __func__, error); 1797 } 1798 break; 1799 1800 case IEEE80211_S_RUN: 1801 /* 1802 * RUN -> RUN transition: 1803 * STA mode: Just restart the timers. 1804 * IBSS mode: Process IBSS merge. 1805 */ 1806 if (vap->iv_state == IEEE80211_S_RUN) { 1807 if (vap->iv_opmode != IEEE80211_M_IBSS) { 1808 WPI_RXON_LOCK(sc); 1809 wpi_calib_timeout(sc); 1810 WPI_RXON_UNLOCK(sc); 1811 break; 1812 } else { 1813 /* 1814 * Drop the BSS_FILTER bit 1815 * (there is no another way to change bssid). 1816 */ 1817 WPI_RXON_LOCK(sc); 1818 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 1819 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 1820 device_printf(sc->sc_dev, 1821 "%s: could not send RXON\n", 1822 __func__); 1823 } 1824 WPI_RXON_UNLOCK(sc); 1825 1826 /* Restore all what was lost. */ 1827 wpi_restore_node_table(sc, wvp); 1828 1829 /* XXX set conditionally? */ 1830 wpi_updateedca(ic); 1831 } 1832 } 1833 1834 /* 1835 * !RUN -> RUN requires setting the association id 1836 * which is done with a firmware cmd. We also defer 1837 * starting the timers until that work is done. 1838 */ 1839 if ((error = wpi_run(sc, vap)) != 0) { 1840 device_printf(sc->sc_dev, 1841 "%s: could not move to RUN state\n", __func__); 1842 } 1843 break; 1844 1845 default: 1846 break; 1847 } 1848 if (error != 0) { 1849 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 1850 return error; 1851 } 1852 1853 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 1854 1855 return wvp->wv_newstate(vap, nstate, arg); 1856} 1857 1858static void 1859wpi_calib_timeout(void *arg) 1860{ 1861 struct wpi_softc *sc = arg; 1862 1863 if (wpi_check_bss_filter(sc) == 0) 1864 return; 1865 1866 wpi_power_calibration(sc); 1867 1868 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 1869} 1870 1871static __inline uint8_t 1872rate2plcp(const uint8_t rate) 1873{ 1874 switch (rate) { 1875 case 12: return 0xd; 1876 case 18: return 0xf; 1877 case 24: return 0x5; 1878 case 36: return 0x7; 1879 case 48: return 0x9; 1880 case 72: return 0xb; 1881 case 96: return 0x1; 1882 case 108: return 0x3; 1883 case 2: return 10; 1884 case 4: return 20; 1885 case 11: return 55; 1886 case 22: return 110; 1887 default: return 0; 1888 } 1889} 1890 1891static __inline uint8_t 1892plcp2rate(const uint8_t plcp) 1893{ 1894 switch (plcp) { 1895 case 0xd: return 12; 1896 case 0xf: return 18; 1897 case 0x5: return 24; 1898 case 0x7: return 36; 1899 case 0x9: return 48; 1900 case 0xb: return 72; 1901 case 0x1: return 96; 1902 case 0x3: return 108; 1903 case 10: return 2; 1904 case 20: return 4; 1905 case 55: return 11; 1906 case 110: return 22; 1907 default: return 0; 1908 } 1909} 1910 1911/* Quickly determine if a given rate is CCK or OFDM. */ 1912#define WPI_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22) 1913 1914static void 1915wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc, 1916 struct wpi_rx_data *data) 1917{ 1918 struct ieee80211com *ic = &sc->sc_ic; 1919 struct wpi_rx_ring *ring = &sc->rxq; 1920 struct wpi_rx_stat *stat; 1921 struct wpi_rx_head *head; 1922 struct wpi_rx_tail *tail; 1923 struct ieee80211_frame *wh; 1924 struct ieee80211_node *ni; 1925 struct mbuf *m, *m1; 1926 bus_addr_t paddr; 1927 uint32_t flags; 1928 uint16_t len; 1929 int error; 1930 1931 stat = (struct wpi_rx_stat *)(desc + 1); 1932 1933 if (__predict_false(stat->len > WPI_STAT_MAXLEN)) { 1934 device_printf(sc->sc_dev, "invalid RX statistic header\n"); 1935 goto fail1; 1936 } 1937 1938 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD); 1939 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len); 1940 len = le16toh(head->len); 1941 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + len); 1942 flags = le32toh(tail->flags); 1943 1944 DPRINTF(sc, WPI_DEBUG_RECV, "%s: idx %d len %d stat len %u rssi %d" 1945 " rate %x chan %d tstamp %ju\n", __func__, ring->cur, 1946 le32toh(desc->len), len, (int8_t)stat->rssi, 1947 head->plcp, head->chan, (uintmax_t)le64toh(tail->tstamp)); 1948 1949 /* Discard frames with a bad FCS early. */ 1950 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) { 1951 DPRINTF(sc, WPI_DEBUG_RECV, "%s: RX flags error %x\n", 1952 __func__, flags); 1953 goto fail1; 1954 } 1955 /* Discard frames that are too short. */ 1956 if (len < sizeof (struct ieee80211_frame_ack)) { 1957 DPRINTF(sc, WPI_DEBUG_RECV, "%s: frame too short: %d\n", 1958 __func__, len); 1959 goto fail1; 1960 } 1961 1962 m1 = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1963 if (__predict_false(m1 == NULL)) { 1964 DPRINTF(sc, WPI_DEBUG_ANY, "%s: no mbuf to restock ring\n", 1965 __func__); 1966 goto fail1; 1967 } 1968 bus_dmamap_unload(ring->data_dmat, data->map); 1969 1970 error = bus_dmamap_load(ring->data_dmat, data->map, mtod(m1, void *), 1971 MJUMPAGESIZE, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 1972 if (__predict_false(error != 0 && error != EFBIG)) { 1973 device_printf(sc->sc_dev, 1974 "%s: bus_dmamap_load failed, error %d\n", __func__, error); 1975 m_freem(m1); 1976 1977 /* Try to reload the old mbuf. */ 1978 error = bus_dmamap_load(ring->data_dmat, data->map, 1979 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr, 1980 &paddr, BUS_DMA_NOWAIT); 1981 if (error != 0 && error != EFBIG) { 1982 panic("%s: could not load old RX mbuf", __func__); 1983 } 1984 /* Physical address may have changed. */ 1985 ring->desc[ring->cur] = htole32(paddr); 1986 bus_dmamap_sync(ring->data_dmat, ring->desc_dma.map, 1987 BUS_DMASYNC_PREWRITE); 1988 goto fail1; 1989 } 1990 1991 m = data->m; 1992 data->m = m1; 1993 /* Update RX descriptor. */ 1994 ring->desc[ring->cur] = htole32(paddr); 1995 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 1996 BUS_DMASYNC_PREWRITE); 1997 1998 /* Finalize mbuf. */ 1999 m->m_data = (caddr_t)(head + 1); 2000 m->m_pkthdr.len = m->m_len = len; 2001 2002 /* Grab a reference to the source node. */ 2003 wh = mtod(m, struct ieee80211_frame *); 2004 2005 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 2006 (flags & WPI_RX_CIPHER_MASK) == WPI_RX_CIPHER_CCMP) { 2007 /* Check whether decryption was successful or not. */ 2008 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) { 2009 DPRINTF(sc, WPI_DEBUG_RECV, 2010 "CCMP decryption failed 0x%x\n", flags); 2011 goto fail2; 2012 } 2013 m->m_flags |= M_WEP; 2014 } 2015 2016 if (len >= sizeof(struct ieee80211_frame_min)) 2017 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 2018 else 2019 ni = NULL; 2020 2021 sc->rx_tstamp = tail->tstamp; 2022 2023 if (ieee80211_radiotap_active(ic)) { 2024 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap; 2025 2026 tap->wr_flags = 0; 2027 if (head->flags & htole16(WPI_STAT_FLAG_SHPREAMBLE)) 2028 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2029 tap->wr_dbm_antsignal = (int8_t)(stat->rssi + WPI_RSSI_OFFSET); 2030 tap->wr_dbm_antnoise = WPI_RSSI_OFFSET; 2031 tap->wr_tsft = tail->tstamp; 2032 tap->wr_antenna = (le16toh(head->flags) >> 4) & 0xf; 2033 tap->wr_rate = plcp2rate(head->plcp); 2034 } 2035 2036 WPI_UNLOCK(sc); 2037 2038 /* Send the frame to the 802.11 layer. */ 2039 if (ni != NULL) { 2040 (void)ieee80211_input(ni, m, stat->rssi, WPI_RSSI_OFFSET); 2041 /* Node is no longer needed. */ 2042 ieee80211_free_node(ni); 2043 } else 2044 (void)ieee80211_input_all(ic, m, stat->rssi, WPI_RSSI_OFFSET); 2045 2046 WPI_LOCK(sc); 2047 2048 return; 2049 2050fail2: m_freem(m); 2051 2052fail1: counter_u64_add(ic->ic_ierrors, 1); 2053} 2054 2055static void 2056wpi_rx_statistics(struct wpi_softc *sc, struct wpi_rx_desc *desc, 2057 struct wpi_rx_data *data) 2058{ 2059 /* Ignore */ 2060} 2061 2062static void 2063wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 2064{ 2065 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3]; 2066 struct wpi_tx_data *data = &ring->data[desc->idx]; 2067 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1); 2068 struct mbuf *m; 2069 struct ieee80211_node *ni; 2070 struct ieee80211vap *vap; 2071 struct ieee80211com *ic; 2072 uint32_t status = le32toh(stat->status); 2073 int ackfailcnt = stat->ackfailcnt / WPI_NTRIES_DEFAULT; 2074 2075 KASSERT(data->ni != NULL, ("no node")); 2076 KASSERT(data->m != NULL, ("no mbuf")); 2077 2078 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2079 2080 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: " 2081 "qid %d idx %d retries %d btkillcnt %d rate %x duration %d " 2082 "status %x\n", __func__, desc->qid, desc->idx, stat->ackfailcnt, 2083 stat->btkillcnt, stat->rate, le32toh(stat->duration), status); 2084 2085 /* Unmap and free mbuf. */ 2086 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTWRITE); 2087 bus_dmamap_unload(ring->data_dmat, data->map); 2088 m = data->m, data->m = NULL; 2089 ni = data->ni, data->ni = NULL; 2090 vap = ni->ni_vap; 2091 ic = vap->iv_ic; 2092 2093 /* 2094 * Update rate control statistics for the node. 2095 */ 2096 if (status & WPI_TX_STATUS_FAIL) { 2097 ieee80211_ratectl_tx_complete(vap, ni, 2098 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL); 2099 } else 2100 ieee80211_ratectl_tx_complete(vap, ni, 2101 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL); 2102 2103 ieee80211_tx_complete(ni, m, (status & WPI_TX_STATUS_FAIL) != 0); 2104 2105 WPI_TXQ_STATE_LOCK(sc); 2106 if (--ring->queued > 0) 2107 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, sc); 2108 else 2109 callout_stop(&sc->tx_timeout); 2110 WPI_TXQ_STATE_UNLOCK(sc); 2111 2112 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2113} 2114 2115/* 2116 * Process a "command done" firmware notification. This is where we wakeup 2117 * processes waiting for a synchronous command completion. 2118 */ 2119static void 2120wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc) 2121{ 2122 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 2123 struct wpi_tx_data *data; 2124 struct wpi_tx_cmd *cmd; 2125 2126 DPRINTF(sc, WPI_DEBUG_CMD, "cmd notification qid %x idx %d flags %x " 2127 "type %s len %d\n", desc->qid, desc->idx, 2128 desc->flags, wpi_cmd_str(desc->type), 2129 le32toh(desc->len)); 2130 2131 if ((desc->qid & WPI_RX_DESC_QID_MSK) != WPI_CMD_QUEUE_NUM) 2132 return; /* Not a command ack. */ 2133 2134 KASSERT(ring->queued == 0, ("ring->queued must be 0")); 2135 2136 data = &ring->data[desc->idx]; 2137 cmd = &ring->cmd[desc->idx]; 2138 2139 /* If the command was mapped in an mbuf, free it. */ 2140 if (data->m != NULL) { 2141 bus_dmamap_sync(ring->data_dmat, data->map, 2142 BUS_DMASYNC_POSTWRITE); 2143 bus_dmamap_unload(ring->data_dmat, data->map); 2144 m_freem(data->m); 2145 data->m = NULL; 2146 } 2147 2148 wakeup(cmd); 2149 2150 if (desc->type == WPI_CMD_SET_POWER_MODE) { 2151 struct wpi_pmgt_cmd *pcmd = (struct wpi_pmgt_cmd *)cmd->data; 2152 2153 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2154 BUS_DMASYNC_POSTREAD); 2155 2156 WPI_TXQ_LOCK(sc); 2157 if (le16toh(pcmd->flags) & WPI_PS_ALLOW_SLEEP) { 2158 sc->sc_update_rx_ring = wpi_update_rx_ring_ps; 2159 sc->sc_update_tx_ring = wpi_update_tx_ring_ps; 2160 } else { 2161 sc->sc_update_rx_ring = wpi_update_rx_ring; 2162 sc->sc_update_tx_ring = wpi_update_tx_ring; 2163 } 2164 WPI_TXQ_UNLOCK(sc); 2165 } 2166} 2167 2168static void 2169wpi_notif_intr(struct wpi_softc *sc) 2170{ 2171 struct ieee80211com *ic = &sc->sc_ic; 2172 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2173 uint32_t hw; 2174 2175 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map, 2176 BUS_DMASYNC_POSTREAD); 2177 2178 hw = le32toh(sc->shared->next) & 0xfff; 2179 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1; 2180 2181 while (sc->rxq.cur != hw) { 2182 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT; 2183 2184 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 2185 struct wpi_rx_desc *desc; 2186 2187 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2188 BUS_DMASYNC_POSTREAD); 2189 desc = mtod(data->m, struct wpi_rx_desc *); 2190 2191 DPRINTF(sc, WPI_DEBUG_NOTIFY, 2192 "%s: cur=%d; qid %x idx %d flags %x type %d(%s) len %d\n", 2193 __func__, sc->rxq.cur, desc->qid, desc->idx, desc->flags, 2194 desc->type, wpi_cmd_str(desc->type), le32toh(desc->len)); 2195 2196 if (!(desc->qid & WPI_UNSOLICITED_RX_NOTIF)) { 2197 /* Reply to a command. */ 2198 wpi_cmd_done(sc, desc); 2199 } 2200 2201 switch (desc->type) { 2202 case WPI_RX_DONE: 2203 /* An 802.11 frame has been received. */ 2204 wpi_rx_done(sc, desc, data); 2205 2206 if (__predict_false(sc->sc_running == 0)) { 2207 /* wpi_stop() was called. */ 2208 return; 2209 } 2210 2211 break; 2212 2213 case WPI_TX_DONE: 2214 /* An 802.11 frame has been transmitted. */ 2215 wpi_tx_done(sc, desc); 2216 break; 2217 2218 case WPI_RX_STATISTICS: 2219 case WPI_BEACON_STATISTICS: 2220 wpi_rx_statistics(sc, desc, data); 2221 break; 2222 2223 case WPI_BEACON_MISSED: 2224 { 2225 struct wpi_beacon_missed *miss = 2226 (struct wpi_beacon_missed *)(desc + 1); 2227 uint32_t expected, misses, received, threshold; 2228 2229 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2230 BUS_DMASYNC_POSTREAD); 2231 2232 misses = le32toh(miss->consecutive); 2233 expected = le32toh(miss->expected); 2234 received = le32toh(miss->received); 2235 threshold = MAX(2, vap->iv_bmissthreshold); 2236 2237 DPRINTF(sc, WPI_DEBUG_BMISS, 2238 "%s: beacons missed %u(%u) (received %u/%u)\n", 2239 __func__, misses, le32toh(miss->total), received, 2240 expected); 2241 2242 if (misses >= threshold || 2243 (received == 0 && expected >= threshold)) { 2244 WPI_RXON_LOCK(sc); 2245 if (callout_pending(&sc->scan_timeout)) { 2246 wpi_cmd(sc, WPI_CMD_SCAN_ABORT, NULL, 2247 0, 1); 2248 } 2249 WPI_RXON_UNLOCK(sc); 2250 if (vap->iv_state == IEEE80211_S_RUN && 2251 (ic->ic_flags & IEEE80211_F_SCAN) == 0) 2252 ieee80211_beacon_miss(ic); 2253 } 2254 2255 break; 2256 } 2257#ifdef WPI_DEBUG 2258 case WPI_BEACON_SENT: 2259 { 2260 struct wpi_tx_stat *stat = 2261 (struct wpi_tx_stat *)(desc + 1); 2262 uint64_t *tsf = (uint64_t *)(stat + 1); 2263 uint32_t *mode = (uint32_t *)(tsf + 1); 2264 2265 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2266 BUS_DMASYNC_POSTREAD); 2267 2268 DPRINTF(sc, WPI_DEBUG_BEACON, 2269 "beacon sent: rts %u, ack %u, btkill %u, rate %u, " 2270 "duration %u, status %x, tsf %ju, mode %x\n", 2271 stat->rtsfailcnt, stat->ackfailcnt, 2272 stat->btkillcnt, stat->rate, le32toh(stat->duration), 2273 le32toh(stat->status), le64toh(*tsf), 2274 le32toh(*mode)); 2275 2276 break; 2277 } 2278#endif 2279 case WPI_UC_READY: 2280 { 2281 struct wpi_ucode_info *uc = 2282 (struct wpi_ucode_info *)(desc + 1); 2283 2284 /* The microcontroller is ready. */ 2285 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2286 BUS_DMASYNC_POSTREAD); 2287 DPRINTF(sc, WPI_DEBUG_RESET, 2288 "microcode alive notification version=%d.%d " 2289 "subtype=%x alive=%x\n", uc->major, uc->minor, 2290 uc->subtype, le32toh(uc->valid)); 2291 2292 if (le32toh(uc->valid) != 1) { 2293 device_printf(sc->sc_dev, 2294 "microcontroller initialization failed\n"); 2295 wpi_stop_locked(sc); 2296 return; 2297 } 2298 /* Save the address of the error log in SRAM. */ 2299 sc->errptr = le32toh(uc->errptr); 2300 break; 2301 } 2302 case WPI_STATE_CHANGED: 2303 { 2304 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2305 BUS_DMASYNC_POSTREAD); 2306 2307 uint32_t *status = (uint32_t *)(desc + 1); 2308 2309 DPRINTF(sc, WPI_DEBUG_STATE, "state changed to %x\n", 2310 le32toh(*status)); 2311 2312 if (le32toh(*status) & 1) { 2313 WPI_NT_LOCK(sc); 2314 wpi_clear_node_table(sc); 2315 WPI_NT_UNLOCK(sc); 2316 taskqueue_enqueue(sc->sc_tq, 2317 &sc->sc_radiooff_task); 2318 return; 2319 } 2320 break; 2321 } 2322#ifdef WPI_DEBUG 2323 case WPI_START_SCAN: 2324 { 2325 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2326 BUS_DMASYNC_POSTREAD); 2327 2328 struct wpi_start_scan *scan = 2329 (struct wpi_start_scan *)(desc + 1); 2330 DPRINTF(sc, WPI_DEBUG_SCAN, 2331 "%s: scanning channel %d status %x\n", 2332 __func__, scan->chan, le32toh(scan->status)); 2333 2334 break; 2335 } 2336#endif 2337 case WPI_STOP_SCAN: 2338 { 2339 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 2340 BUS_DMASYNC_POSTREAD); 2341 2342 struct wpi_stop_scan *scan = 2343 (struct wpi_stop_scan *)(desc + 1); 2344 2345 DPRINTF(sc, WPI_DEBUG_SCAN, 2346 "scan finished nchan=%d status=%d chan=%d\n", 2347 scan->nchan, scan->status, scan->chan); 2348 2349 WPI_RXON_LOCK(sc); 2350 callout_stop(&sc->scan_timeout); 2351 WPI_RXON_UNLOCK(sc); 2352 if (scan->status == WPI_SCAN_ABORTED) 2353 ieee80211_cancel_scan(vap); 2354 else 2355 ieee80211_scan_next(vap); 2356 break; 2357 } 2358 } 2359 2360 if (sc->rxq.cur % 8 == 0) { 2361 /* Tell the firmware what we have processed. */ 2362 sc->sc_update_rx_ring(sc); 2363 } 2364 } 2365} 2366 2367/* 2368 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up 2369 * from power-down sleep mode. 2370 */ 2371static void 2372wpi_wakeup_intr(struct wpi_softc *sc) 2373{ 2374 int qid; 2375 2376 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 2377 "%s: ucode wakeup from power-down sleep\n", __func__); 2378 2379 /* Wakeup RX and TX rings. */ 2380 if (sc->rxq.update) { 2381 sc->rxq.update = 0; 2382 wpi_update_rx_ring(sc); 2383 } 2384 WPI_TXQ_LOCK(sc); 2385 for (qid = 0; qid < WPI_DRV_NTXQUEUES; qid++) { 2386 struct wpi_tx_ring *ring = &sc->txq[qid]; 2387 2388 if (ring->update) { 2389 ring->update = 0; 2390 wpi_update_tx_ring(sc, ring); 2391 } 2392 } 2393 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ); 2394 WPI_TXQ_UNLOCK(sc); 2395} 2396 2397/* 2398 * This function prints firmware registers 2399 */ 2400#ifdef WPI_DEBUG 2401static void 2402wpi_debug_registers(struct wpi_softc *sc) 2403{ 2404 size_t i; 2405 static const uint32_t csr_tbl[] = { 2406 WPI_HW_IF_CONFIG, 2407 WPI_INT, 2408 WPI_INT_MASK, 2409 WPI_FH_INT, 2410 WPI_GPIO_IN, 2411 WPI_RESET, 2412 WPI_GP_CNTRL, 2413 WPI_EEPROM, 2414 WPI_EEPROM_GP, 2415 WPI_GIO, 2416 WPI_UCODE_GP1, 2417 WPI_UCODE_GP2, 2418 WPI_GIO_CHICKEN, 2419 WPI_ANA_PLL, 2420 WPI_DBG_HPET_MEM, 2421 }; 2422 static const uint32_t prph_tbl[] = { 2423 WPI_APMG_CLK_CTRL, 2424 WPI_APMG_PS, 2425 WPI_APMG_PCI_STT, 2426 WPI_APMG_RFKILL, 2427 }; 2428 2429 DPRINTF(sc, WPI_DEBUG_REGISTER,"%s","\n"); 2430 2431 for (i = 0; i < nitems(csr_tbl); i++) { 2432 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2433 wpi_get_csr_string(csr_tbl[i]), WPI_READ(sc, csr_tbl[i])); 2434 2435 if ((i + 1) % 2 == 0) 2436 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2437 } 2438 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n\n"); 2439 2440 if (wpi_nic_lock(sc) == 0) { 2441 for (i = 0; i < nitems(prph_tbl); i++) { 2442 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ", 2443 wpi_get_prph_string(prph_tbl[i]), 2444 wpi_prph_read(sc, prph_tbl[i])); 2445 2446 if ((i + 1) % 2 == 0) 2447 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2448 } 2449 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n"); 2450 wpi_nic_unlock(sc); 2451 } else { 2452 DPRINTF(sc, WPI_DEBUG_REGISTER, 2453 "Cannot access internal registers.\n"); 2454 } 2455} 2456#endif 2457 2458/* 2459 * Dump the error log of the firmware when a firmware panic occurs. Although 2460 * we can't debug the firmware because it is neither open source nor free, it 2461 * can help us to identify certain classes of problems. 2462 */ 2463static void 2464wpi_fatal_intr(struct wpi_softc *sc) 2465{ 2466 struct wpi_fw_dump dump; 2467 uint32_t i, offset, count; 2468 2469 /* Check that the error log address is valid. */ 2470 if (sc->errptr < WPI_FW_DATA_BASE || 2471 sc->errptr + sizeof (dump) > 2472 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) { 2473 printf("%s: bad firmware error log address 0x%08x\n", __func__, 2474 sc->errptr); 2475 return; 2476 } 2477 if (wpi_nic_lock(sc) != 0) { 2478 printf("%s: could not read firmware error log\n", __func__); 2479 return; 2480 } 2481 /* Read number of entries in the log. */ 2482 count = wpi_mem_read(sc, sc->errptr); 2483 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) { 2484 printf("%s: invalid count field (count = %u)\n", __func__, 2485 count); 2486 wpi_nic_unlock(sc); 2487 return; 2488 } 2489 /* Skip "count" field. */ 2490 offset = sc->errptr + sizeof (uint32_t); 2491 printf("firmware error log (count = %u):\n", count); 2492 for (i = 0; i < count; i++) { 2493 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump, 2494 sizeof (dump) / sizeof (uint32_t)); 2495 2496 printf(" error type = \"%s\" (0x%08X)\n", 2497 (dump.desc < nitems(wpi_fw_errmsg)) ? 2498 wpi_fw_errmsg[dump.desc] : "UNKNOWN", 2499 dump.desc); 2500 printf(" error data = 0x%08X\n", 2501 dump.data); 2502 printf(" branch link = 0x%08X%08X\n", 2503 dump.blink[0], dump.blink[1]); 2504 printf(" interrupt link = 0x%08X%08X\n", 2505 dump.ilink[0], dump.ilink[1]); 2506 printf(" time = %u\n", dump.time); 2507 2508 offset += sizeof (dump); 2509 } 2510 wpi_nic_unlock(sc); 2511 /* Dump driver status (TX and RX rings) while we're here. */ 2512 printf("driver status:\n"); 2513 WPI_TXQ_LOCK(sc); 2514 for (i = 0; i < WPI_DRV_NTXQUEUES; i++) { 2515 struct wpi_tx_ring *ring = &sc->txq[i]; 2516 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 2517 i, ring->qid, ring->cur, ring->queued); 2518 } 2519 WPI_TXQ_UNLOCK(sc); 2520 printf(" rx ring: cur=%d\n", sc->rxq.cur); 2521} 2522 2523static void 2524wpi_intr(void *arg) 2525{ 2526 struct wpi_softc *sc = arg; 2527 uint32_t r1, r2; 2528 2529 WPI_LOCK(sc); 2530 2531 /* Disable interrupts. */ 2532 WPI_WRITE(sc, WPI_INT_MASK, 0); 2533 2534 r1 = WPI_READ(sc, WPI_INT); 2535 2536 if (__predict_false(r1 == 0xffffffff || 2537 (r1 & 0xfffffff0) == 0xa5a5a5a0)) 2538 goto end; /* Hardware gone! */ 2539 2540 r2 = WPI_READ(sc, WPI_FH_INT); 2541 2542 DPRINTF(sc, WPI_DEBUG_INTR, "%s: reg1=0x%08x reg2=0x%08x\n", __func__, 2543 r1, r2); 2544 2545 if (r1 == 0 && r2 == 0) 2546 goto done; /* Interrupt not for us. */ 2547 2548 /* Acknowledge interrupts. */ 2549 WPI_WRITE(sc, WPI_INT, r1); 2550 WPI_WRITE(sc, WPI_FH_INT, r2); 2551 2552 if (__predict_false(r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR))) { 2553 device_printf(sc->sc_dev, "fatal firmware error\n"); 2554#ifdef WPI_DEBUG 2555 wpi_debug_registers(sc); 2556#endif 2557 wpi_fatal_intr(sc); 2558 DPRINTF(sc, WPI_DEBUG_HW, 2559 "(%s)\n", (r1 & WPI_INT_SW_ERR) ? "(Software Error)" : 2560 "(Hardware Error)"); 2561 taskqueue_enqueue(sc->sc_tq, &sc->sc_reinittask); 2562 goto end; 2563 } 2564 2565 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) || 2566 (r2 & WPI_FH_INT_RX)) 2567 wpi_notif_intr(sc); 2568 2569 if (r1 & WPI_INT_ALIVE) 2570 wakeup(sc); /* Firmware is alive. */ 2571 2572 if (r1 & WPI_INT_WAKEUP) 2573 wpi_wakeup_intr(sc); 2574 2575done: 2576 /* Re-enable interrupts. */ 2577 if (__predict_true(sc->sc_running)) 2578 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 2579 2580end: WPI_UNLOCK(sc); 2581} 2582 2583static int 2584wpi_cmd2(struct wpi_softc *sc, struct wpi_buf *buf) 2585{ 2586 struct ieee80211_frame *wh; 2587 struct wpi_tx_cmd *cmd; 2588 struct wpi_tx_data *data; 2589 struct wpi_tx_desc *desc; 2590 struct wpi_tx_ring *ring; 2591 struct mbuf *m1; 2592 bus_dma_segment_t *seg, segs[WPI_MAX_SCATTER]; 2593 uint8_t pad; 2594 uint16_t hdrlen; 2595 int error, i, nsegs, totlen; 2596 2597 WPI_TXQ_LOCK(sc); 2598 2599 KASSERT(buf->size <= sizeof(buf->data), ("buffer overflow")); 2600 2601 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 2602 2603 if (__predict_false(sc->sc_running == 0)) { 2604 /* wpi_stop() was called */ 2605 error = ENETDOWN; 2606 goto fail; 2607 } 2608 2609 wh = mtod(buf->m, struct ieee80211_frame *); 2610 hdrlen = ieee80211_anyhdrsize(wh); 2611 totlen = buf->m->m_pkthdr.len; 2612 2613 if (__predict_false(totlen < sizeof(struct ieee80211_frame_min))) { 2614 error = EINVAL; 2615 goto fail; 2616 } 2617 2618 if (hdrlen & 3) { 2619 /* First segment length must be a multiple of 4. */ 2620 pad = 4 - (hdrlen & 3); 2621 } else 2622 pad = 0; 2623 2624 ring = &sc->txq[buf->ac]; 2625 desc = &ring->desc[ring->cur]; 2626 data = &ring->data[ring->cur]; 2627 2628 /* Prepare TX firmware command. */ 2629 cmd = &ring->cmd[ring->cur]; 2630 cmd->code = buf->code; 2631 cmd->flags = 0; 2632 cmd->qid = ring->qid; 2633 cmd->idx = ring->cur; 2634 2635 memcpy(cmd->data, buf->data, buf->size); 2636 2637 /* Save and trim IEEE802.11 header. */ 2638 memcpy((uint8_t *)(cmd->data + buf->size), wh, hdrlen); 2639 m_adj(buf->m, hdrlen); 2640 2641 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, buf->m, 2642 segs, &nsegs, BUS_DMA_NOWAIT); 2643 if (error != 0 && error != EFBIG) { 2644 device_printf(sc->sc_dev, 2645 "%s: can't map mbuf (error %d)\n", __func__, error); 2646 goto fail; 2647 } 2648 if (error != 0) { 2649 /* Too many DMA segments, linearize mbuf. */ 2650 m1 = m_collapse(buf->m, M_NOWAIT, WPI_MAX_SCATTER - 1); 2651 if (m1 == NULL) { 2652 device_printf(sc->sc_dev, 2653 "%s: could not defrag mbuf\n", __func__); 2654 error = ENOBUFS; 2655 goto fail; 2656 } 2657 buf->m = m1; 2658 2659 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, 2660 buf->m, segs, &nsegs, BUS_DMA_NOWAIT); 2661 if (__predict_false(error != 0)) { 2662 device_printf(sc->sc_dev, 2663 "%s: can't map mbuf (error %d)\n", __func__, 2664 error); 2665 goto fail; 2666 } 2667 } 2668 2669 KASSERT(nsegs < WPI_MAX_SCATTER, 2670 ("too many DMA segments, nsegs (%d) should be less than %d", 2671 nsegs, WPI_MAX_SCATTER)); 2672 2673 data->m = buf->m; 2674 data->ni = buf->ni; 2675 2676 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n", 2677 __func__, ring->qid, ring->cur, totlen, nsegs); 2678 2679 /* Fill TX descriptor. */ 2680 desc->nsegs = WPI_PAD32(totlen + pad) << 4 | (1 + nsegs); 2681 /* First DMA segment is used by the TX command. */ 2682 desc->segs[0].addr = htole32(data->cmd_paddr); 2683 desc->segs[0].len = htole32(4 + buf->size + hdrlen + pad); 2684 /* Other DMA segments are for data payload. */ 2685 seg = &segs[0]; 2686 for (i = 1; i <= nsegs; i++) { 2687 desc->segs[i].addr = htole32(seg->ds_addr); 2688 desc->segs[i].len = htole32(seg->ds_len); 2689 seg++; 2690 } 2691 2692 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE); 2693 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 2694 BUS_DMASYNC_PREWRITE); 2695 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 2696 BUS_DMASYNC_PREWRITE); 2697 2698 /* Kick TX ring. */ 2699 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 2700 sc->sc_update_tx_ring(sc, ring); 2701 2702 if (ring->qid < WPI_CMD_QUEUE_NUM) { 2703 WPI_TXQ_STATE_LOCK(sc); 2704 ring->queued++; 2705 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, sc); 2706 WPI_TXQ_STATE_UNLOCK(sc); 2707 } 2708 2709 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 2710 2711 WPI_TXQ_UNLOCK(sc); 2712 2713 return 0; 2714 2715fail: m_freem(buf->m); 2716 2717 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 2718 2719 WPI_TXQ_UNLOCK(sc); 2720 2721 return error; 2722} 2723 2724/* 2725 * Construct the data packet for a transmit buffer. 2726 */ 2727static int 2728wpi_tx_data(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2729{ 2730 const struct ieee80211_txparam *tp; 2731 struct ieee80211vap *vap = ni->ni_vap; 2732 struct ieee80211com *ic = ni->ni_ic; 2733 struct wpi_node *wn = WPI_NODE(ni); 2734 struct ieee80211_channel *chan; 2735 struct ieee80211_frame *wh; 2736 struct ieee80211_key *k = NULL; 2737 struct wpi_buf tx_data; 2738 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2739 uint32_t flags; 2740 uint16_t ac, qos; 2741 uint8_t tid, type, rate; 2742 int error, swcrypt, ismcast, totlen; 2743 2744 wh = mtod(m, struct ieee80211_frame *); 2745 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2746 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 2747 swcrypt = 1; 2748 2749 /* Select EDCA Access Category and TX ring for this frame. */ 2750 if (IEEE80211_QOS_HAS_SEQ(wh)) { 2751 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0]; 2752 tid = qos & IEEE80211_QOS_TID; 2753 } else { 2754 qos = 0; 2755 tid = 0; 2756 } 2757 ac = M_WME_GETAC(m); 2758 2759 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC) ? 2760 ni->ni_chan : ic->ic_curchan; 2761 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2762 2763 /* Choose a TX rate index. */ 2764 if (type == IEEE80211_FC0_TYPE_MGT) 2765 rate = tp->mgmtrate; 2766 else if (ismcast) 2767 rate = tp->mcastrate; 2768 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2769 rate = tp->ucastrate; 2770 else if (m->m_flags & M_EAPOL) 2771 rate = tp->mgmtrate; 2772 else { 2773 /* XXX pass pktlen */ 2774 (void) ieee80211_ratectl_rate(ni, NULL, 0); 2775 rate = ni->ni_txrate; 2776 } 2777 2778 /* Encrypt the frame if need be. */ 2779 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2780 /* Retrieve key for TX. */ 2781 k = ieee80211_crypto_encap(ni, m); 2782 if (k == NULL) { 2783 error = ENOBUFS; 2784 goto fail; 2785 } 2786 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2787 2788 /* 802.11 header may have moved. */ 2789 wh = mtod(m, struct ieee80211_frame *); 2790 } 2791 totlen = m->m_pkthdr.len; 2792 2793 if (ieee80211_radiotap_active_vap(vap)) { 2794 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2795 2796 tap->wt_flags = 0; 2797 tap->wt_rate = rate; 2798 if (k != NULL) 2799 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2800 2801 ieee80211_radiotap_tx(vap, m); 2802 } 2803 2804 flags = 0; 2805 if (!ismcast) { 2806 /* Unicast frame, check if an ACK is expected. */ 2807 if (!qos || (qos & IEEE80211_QOS_ACKPOLICY) != 2808 IEEE80211_QOS_ACKPOLICY_NOACK) 2809 flags |= WPI_TX_NEED_ACK; 2810 } 2811 2812 if (!IEEE80211_QOS_HAS_SEQ(wh)) 2813 flags |= WPI_TX_AUTO_SEQ; 2814 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) 2815 flags |= WPI_TX_MORE_FRAG; /* Cannot happen yet. */ 2816 2817 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 2818 if (!ismcast) { 2819 /* NB: Group frames are sent using CCK in 802.11b/g. */ 2820 if (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) { 2821 flags |= WPI_TX_NEED_RTS; 2822 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 2823 WPI_RATE_IS_OFDM(rate)) { 2824 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 2825 flags |= WPI_TX_NEED_CTS; 2826 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 2827 flags |= WPI_TX_NEED_RTS; 2828 } 2829 2830 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2831 flags |= WPI_TX_FULL_TXOP; 2832 } 2833 2834 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2835 if (type == IEEE80211_FC0_TYPE_MGT) { 2836 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2837 2838 /* Tell HW to set timestamp in probe responses. */ 2839 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2840 flags |= WPI_TX_INSERT_TSTAMP; 2841 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2842 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2843 tx->timeout = htole16(3); 2844 else 2845 tx->timeout = htole16(2); 2846 } 2847 2848 if (ismcast || type != IEEE80211_FC0_TYPE_DATA) 2849 tx->id = WPI_ID_BROADCAST; 2850 else { 2851 if (wn->id == WPI_ID_UNDEFINED) { 2852 device_printf(sc->sc_dev, 2853 "%s: undefined node id\n", __func__); 2854 error = EINVAL; 2855 goto fail; 2856 } 2857 2858 tx->id = wn->id; 2859 } 2860 2861 if (!swcrypt) { 2862 switch (k->wk_cipher->ic_cipher) { 2863 case IEEE80211_CIPHER_AES_CCM: 2864 tx->security = WPI_CIPHER_CCMP; 2865 break; 2866 2867 default: 2868 break; 2869 } 2870 2871 memcpy(tx->key, k->wk_key, k->wk_keylen); 2872 } 2873 2874 tx->len = htole16(totlen); 2875 tx->flags = htole32(flags); 2876 tx->plcp = rate2plcp(rate); 2877 tx->tid = tid; 2878 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2879 tx->ofdm_mask = 0xff; 2880 tx->cck_mask = 0x0f; 2881 tx->rts_ntries = 7; 2882 tx->data_ntries = tp->maxretry; 2883 2884 tx_data.ni = ni; 2885 tx_data.m = m; 2886 tx_data.size = sizeof(struct wpi_cmd_data); 2887 tx_data.code = WPI_CMD_TX_DATA; 2888 tx_data.ac = ac; 2889 2890 return wpi_cmd2(sc, &tx_data); 2891 2892fail: m_freem(m); 2893 return error; 2894} 2895 2896static int 2897wpi_tx_data_raw(struct wpi_softc *sc, struct mbuf *m, 2898 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) 2899{ 2900 struct ieee80211vap *vap = ni->ni_vap; 2901 struct ieee80211_key *k = NULL; 2902 struct ieee80211_frame *wh; 2903 struct wpi_buf tx_data; 2904 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data; 2905 uint32_t flags; 2906 uint8_t ac, type, rate; 2907 int swcrypt, totlen; 2908 2909 wh = mtod(m, struct ieee80211_frame *); 2910 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2911 swcrypt = 1; 2912 2913 ac = params->ibp_pri & 3; 2914 2915 /* Choose a TX rate index. */ 2916 rate = params->ibp_rate0; 2917 2918 flags = 0; 2919 if (!IEEE80211_QOS_HAS_SEQ(wh)) 2920 flags |= WPI_TX_AUTO_SEQ; 2921 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 2922 flags |= WPI_TX_NEED_ACK; 2923 if (params->ibp_flags & IEEE80211_BPF_RTS) 2924 flags |= WPI_TX_NEED_RTS; 2925 if (params->ibp_flags & IEEE80211_BPF_CTS) 2926 flags |= WPI_TX_NEED_CTS; 2927 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS)) 2928 flags |= WPI_TX_FULL_TXOP; 2929 2930 /* Encrypt the frame if need be. */ 2931 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { 2932 /* Retrieve key for TX. */ 2933 k = ieee80211_crypto_encap(ni, m); 2934 if (k == NULL) { 2935 m_freem(m); 2936 return ENOBUFS; 2937 } 2938 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT; 2939 2940 /* 802.11 header may have moved. */ 2941 wh = mtod(m, struct ieee80211_frame *); 2942 } 2943 totlen = m->m_pkthdr.len; 2944 2945 if (ieee80211_radiotap_active_vap(vap)) { 2946 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap; 2947 2948 tap->wt_flags = 0; 2949 tap->wt_rate = rate; 2950 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) 2951 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2952 2953 ieee80211_radiotap_tx(vap, m); 2954 } 2955 2956 memset(tx, 0, sizeof (struct wpi_cmd_data)); 2957 if (type == IEEE80211_FC0_TYPE_MGT) { 2958 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2959 2960 /* Tell HW to set timestamp in probe responses. */ 2961 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2962 flags |= WPI_TX_INSERT_TSTAMP; 2963 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2964 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2965 tx->timeout = htole16(3); 2966 else 2967 tx->timeout = htole16(2); 2968 } 2969 2970 if (!swcrypt) { 2971 switch (k->wk_cipher->ic_cipher) { 2972 case IEEE80211_CIPHER_AES_CCM: 2973 tx->security = WPI_CIPHER_CCMP; 2974 break; 2975 2976 default: 2977 break; 2978 } 2979 2980 memcpy(tx->key, k->wk_key, k->wk_keylen); 2981 } 2982 2983 tx->len = htole16(totlen); 2984 tx->flags = htole32(flags); 2985 tx->plcp = rate2plcp(rate); 2986 tx->id = WPI_ID_BROADCAST; 2987 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 2988 tx->rts_ntries = params->ibp_try1; 2989 tx->data_ntries = params->ibp_try0; 2990 2991 tx_data.ni = ni; 2992 tx_data.m = m; 2993 tx_data.size = sizeof(struct wpi_cmd_data); 2994 tx_data.code = WPI_CMD_TX_DATA; 2995 tx_data.ac = ac; 2996 2997 return wpi_cmd2(sc, &tx_data); 2998} 2999 3000static __inline int 3001wpi_tx_ring_is_full(struct wpi_softc *sc, uint16_t ac) 3002{ 3003 struct wpi_tx_ring *ring = &sc->txq[ac]; 3004 int retval; 3005 3006 WPI_TXQ_STATE_LOCK(sc); 3007 retval = (ring->queued > WPI_TX_RING_HIMARK); 3008 WPI_TXQ_STATE_UNLOCK(sc); 3009 3010 return retval; 3011} 3012 3013static __inline void 3014wpi_handle_tx_failure(struct ieee80211_node *ni) 3015{ 3016 /* NB: m is reclaimed on tx failure */ 3017 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3018 ieee80211_free_node(ni); 3019} 3020 3021static int 3022wpi_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3023 const struct ieee80211_bpf_params *params) 3024{ 3025 struct ieee80211com *ic = ni->ni_ic; 3026 struct wpi_softc *sc = ic->ic_softc; 3027 uint16_t ac; 3028 int error = 0; 3029 3030 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3031 3032 ac = M_WME_GETAC(m); 3033 3034 WPI_TX_LOCK(sc); 3035 3036 if (sc->sc_running == 0 || wpi_tx_ring_is_full(sc, ac)) { 3037 m_freem(m); 3038 error = sc->sc_running ? ENOBUFS : ENETDOWN; 3039 goto unlock; 3040 } 3041 3042 if (params == NULL) { 3043 /* 3044 * Legacy path; interpret frame contents to decide 3045 * precisely how to send the frame. 3046 */ 3047 error = wpi_tx_data(sc, m, ni); 3048 } else { 3049 /* 3050 * Caller supplied explicit parameters to use in 3051 * sending the frame. 3052 */ 3053 error = wpi_tx_data_raw(sc, m, ni, params); 3054 } 3055 3056unlock: WPI_TX_UNLOCK(sc); 3057 3058 if (error != 0) { 3059 wpi_handle_tx_failure(ni); 3060 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3061 3062 return error; 3063 } 3064 3065 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3066 3067 return 0; 3068} 3069 3070static int 3071wpi_transmit(struct ieee80211com *ic, struct mbuf *m) 3072{ 3073 struct wpi_softc *sc = ic->ic_softc; 3074 struct ieee80211_node *ni; 3075 uint16_t ac; 3076 int error; 3077 3078 WPI_TX_LOCK(sc); 3079 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: called\n", __func__); 3080 3081 /* Check if interface is up & running. */ 3082 if (__predict_false(sc->sc_running == 0)) { 3083 error = ENXIO; 3084 goto unlock; 3085 } 3086 3087 /* Check for available space. */ 3088 ac = M_WME_GETAC(m); 3089 if (wpi_tx_ring_is_full(sc, ac)) { 3090 error = ENOBUFS; 3091 goto unlock; 3092 } 3093 3094 error = 0; 3095 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3096 if (wpi_tx_data(sc, m, ni) != 0) { 3097 wpi_handle_tx_failure(ni); 3098 } 3099 3100 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: done\n", __func__); 3101 3102unlock: WPI_TX_UNLOCK(sc); 3103 3104 return (error); 3105} 3106 3107static void 3108wpi_watchdog_rfkill(void *arg) 3109{ 3110 struct wpi_softc *sc = arg; 3111 struct ieee80211com *ic = &sc->sc_ic; 3112 3113 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "RFkill Watchdog: tick\n"); 3114 3115 /* No need to lock firmware memory. */ 3116 if ((wpi_prph_read(sc, WPI_APMG_RFKILL) & 0x1) == 0) { 3117 /* Radio kill switch is still off. */ 3118 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 3119 sc); 3120 } else 3121 ieee80211_runtask(ic, &sc->sc_radioon_task); 3122} 3123 3124static void 3125wpi_scan_timeout(void *arg) 3126{ 3127 struct wpi_softc *sc = arg; 3128 struct ieee80211com *ic = &sc->sc_ic; 3129 3130 ic_printf(ic, "scan timeout\n"); 3131 taskqueue_enqueue(sc->sc_tq, &sc->sc_reinittask); 3132} 3133 3134static void 3135wpi_tx_timeout(void *arg) 3136{ 3137 struct wpi_softc *sc = arg; 3138 struct ieee80211com *ic = &sc->sc_ic; 3139 3140 ic_printf(ic, "device timeout\n"); 3141 taskqueue_enqueue(sc->sc_tq, &sc->sc_reinittask); 3142} 3143 3144static void 3145wpi_parent(struct ieee80211com *ic) 3146{ 3147 struct wpi_softc *sc = ic->ic_softc; 3148 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3149 3150 if (ic->ic_nrunning > 0) { 3151 if (wpi_init(sc) == 0) { 3152 ieee80211_notify_radio(ic, 1); 3153 ieee80211_start_all(ic); 3154 } else { 3155 ieee80211_notify_radio(ic, 0); 3156 ieee80211_stop(vap); 3157 } 3158 } else 3159 wpi_stop(sc); 3160} 3161 3162/* 3163 * Send a command to the firmware. 3164 */ 3165static int 3166wpi_cmd(struct wpi_softc *sc, uint8_t code, const void *buf, uint16_t size, 3167 int async) 3168{ 3169 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM]; 3170 struct wpi_tx_desc *desc; 3171 struct wpi_tx_data *data; 3172 struct wpi_tx_cmd *cmd; 3173 struct mbuf *m; 3174 bus_addr_t paddr; 3175 uint16_t totlen; 3176 int error; 3177 3178 WPI_TXQ_LOCK(sc); 3179 3180 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3181 3182 if (__predict_false(sc->sc_running == 0)) { 3183 /* wpi_stop() was called */ 3184 if (code == WPI_CMD_SCAN) 3185 error = ENETDOWN; 3186 else 3187 error = 0; 3188 3189 goto fail; 3190 } 3191 3192 if (async == 0) 3193 WPI_LOCK_ASSERT(sc); 3194 3195 DPRINTF(sc, WPI_DEBUG_CMD, "%s: cmd %s size %u async %d\n", 3196 __func__, wpi_cmd_str(code), size, async); 3197 3198 desc = &ring->desc[ring->cur]; 3199 data = &ring->data[ring->cur]; 3200 totlen = 4 + size; 3201 3202 if (size > sizeof cmd->data) { 3203 /* Command is too large to fit in a descriptor. */ 3204 if (totlen > MCLBYTES) { 3205 error = EINVAL; 3206 goto fail; 3207 } 3208 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 3209 if (m == NULL) { 3210 error = ENOMEM; 3211 goto fail; 3212 } 3213 cmd = mtod(m, struct wpi_tx_cmd *); 3214 error = bus_dmamap_load(ring->data_dmat, data->map, cmd, 3215 totlen, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT); 3216 if (error != 0) { 3217 m_freem(m); 3218 goto fail; 3219 } 3220 data->m = m; 3221 } else { 3222 cmd = &ring->cmd[ring->cur]; 3223 paddr = data->cmd_paddr; 3224 } 3225 3226 cmd->code = code; 3227 cmd->flags = 0; 3228 cmd->qid = ring->qid; 3229 cmd->idx = ring->cur; 3230 memcpy(cmd->data, buf, size); 3231 3232 desc->nsegs = 1 + (WPI_PAD32(size) << 4); 3233 desc->segs[0].addr = htole32(paddr); 3234 desc->segs[0].len = htole32(totlen); 3235 3236 if (size > sizeof cmd->data) { 3237 bus_dmamap_sync(ring->data_dmat, data->map, 3238 BUS_DMASYNC_PREWRITE); 3239 } else { 3240 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map, 3241 BUS_DMASYNC_PREWRITE); 3242 } 3243 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map, 3244 BUS_DMASYNC_PREWRITE); 3245 3246 /* Kick command ring. */ 3247 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT; 3248 sc->sc_update_tx_ring(sc, ring); 3249 3250 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3251 3252 WPI_TXQ_UNLOCK(sc); 3253 3254 return async ? 0 : mtx_sleep(cmd, &sc->sc_mtx, PCATCH, "wpicmd", hz); 3255 3256fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 3257 3258 WPI_TXQ_UNLOCK(sc); 3259 3260 return error; 3261} 3262 3263/* 3264 * Configure HW multi-rate retries. 3265 */ 3266static int 3267wpi_mrr_setup(struct wpi_softc *sc) 3268{ 3269 struct ieee80211com *ic = &sc->sc_ic; 3270 struct wpi_mrr_setup mrr; 3271 uint8_t i; 3272 int error; 3273 3274 /* CCK rates (not used with 802.11a). */ 3275 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) { 3276 mrr.rates[i].flags = 0; 3277 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3278 /* Fallback to the immediate lower CCK rate (if any.) */ 3279 mrr.rates[i].next = 3280 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1; 3281 /* Try twice at this rate before falling back to "next". */ 3282 mrr.rates[i].ntries = WPI_NTRIES_DEFAULT; 3283 } 3284 /* OFDM rates (not used with 802.11b). */ 3285 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) { 3286 mrr.rates[i].flags = 0; 3287 mrr.rates[i].plcp = wpi_ridx_to_plcp[i]; 3288 /* Fallback to the immediate lower rate (if any.) */ 3289 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */ 3290 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ? 3291 ((ic->ic_curmode == IEEE80211_MODE_11A) ? 3292 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) : 3293 i - 1; 3294 /* Try twice at this rate before falling back to "next". */ 3295 mrr.rates[i].ntries = WPI_NTRIES_DEFAULT; 3296 } 3297 /* Setup MRR for control frames. */ 3298 mrr.which = htole32(WPI_MRR_CTL); 3299 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3300 if (error != 0) { 3301 device_printf(sc->sc_dev, 3302 "could not setup MRR for control frames\n"); 3303 return error; 3304 } 3305 /* Setup MRR for data frames. */ 3306 mrr.which = htole32(WPI_MRR_DATA); 3307 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0); 3308 if (error != 0) { 3309 device_printf(sc->sc_dev, 3310 "could not setup MRR for data frames\n"); 3311 return error; 3312 } 3313 return 0; 3314} 3315 3316static int 3317wpi_add_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3318{ 3319 struct ieee80211com *ic = ni->ni_ic; 3320 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap); 3321 struct wpi_node *wn = WPI_NODE(ni); 3322 struct wpi_node_info node; 3323 int error; 3324 3325 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3326 3327 if (wn->id == WPI_ID_UNDEFINED) 3328 return EINVAL; 3329 3330 memset(&node, 0, sizeof node); 3331 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3332 node.id = wn->id; 3333 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3334 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3335 node.action = htole32(WPI_ACTION_SET_RATE); 3336 node.antenna = WPI_ANTENNA_BOTH; 3337 3338 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding node %d (%s)\n", __func__, 3339 wn->id, ether_sprintf(ni->ni_macaddr)); 3340 3341 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 3342 if (error != 0) { 3343 device_printf(sc->sc_dev, 3344 "%s: wpi_cmd() call failed with error code %d\n", __func__, 3345 error); 3346 return error; 3347 } 3348 3349 if (wvp->wv_gtk != 0) { 3350 error = wpi_set_global_keys(ni); 3351 if (error != 0) { 3352 device_printf(sc->sc_dev, 3353 "%s: error while setting global keys\n", __func__); 3354 return ENXIO; 3355 } 3356 } 3357 3358 return 0; 3359} 3360 3361/* 3362 * Broadcast node is used to send group-addressed and management frames. 3363 */ 3364static int 3365wpi_add_broadcast_node(struct wpi_softc *sc, int async) 3366{ 3367 struct ieee80211com *ic = &sc->sc_ic; 3368 struct wpi_node_info node; 3369 3370 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3371 3372 memset(&node, 0, sizeof node); 3373 IEEE80211_ADDR_COPY(node.macaddr, ieee80211broadcastaddr); 3374 node.id = WPI_ID_BROADCAST; 3375 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3376 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 3377 node.action = htole32(WPI_ACTION_SET_RATE); 3378 node.antenna = WPI_ANTENNA_BOTH; 3379 3380 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding broadcast node\n", __func__); 3381 3382 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, async); 3383} 3384 3385static int 3386wpi_add_sta_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3387{ 3388 struct wpi_node *wn = WPI_NODE(ni); 3389 int error; 3390 3391 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3392 3393 wn->id = wpi_add_node_entry_sta(sc); 3394 3395 if ((error = wpi_add_node(sc, ni)) != 0) { 3396 wpi_del_node_entry(sc, wn->id); 3397 wn->id = WPI_ID_UNDEFINED; 3398 return error; 3399 } 3400 3401 return 0; 3402} 3403 3404static int 3405wpi_add_ibss_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3406{ 3407 struct wpi_node *wn = WPI_NODE(ni); 3408 int error; 3409 3410 KASSERT(wn->id == WPI_ID_UNDEFINED, 3411 ("the node %d was added before", wn->id)); 3412 3413 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3414 3415 if ((wn->id = wpi_add_node_entry_adhoc(sc)) == WPI_ID_UNDEFINED) { 3416 device_printf(sc->sc_dev, "%s: h/w table is full\n", __func__); 3417 return ENOMEM; 3418 } 3419 3420 if ((error = wpi_add_node(sc, ni)) != 0) { 3421 wpi_del_node_entry(sc, wn->id); 3422 wn->id = WPI_ID_UNDEFINED; 3423 return error; 3424 } 3425 3426 return 0; 3427} 3428 3429static void 3430wpi_del_node(struct wpi_softc *sc, struct ieee80211_node *ni) 3431{ 3432 struct wpi_node *wn = WPI_NODE(ni); 3433 struct wpi_cmd_del_node node; 3434 int error; 3435 3436 KASSERT(wn->id != WPI_ID_UNDEFINED, ("undefined node id passed")); 3437 3438 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3439 3440 memset(&node, 0, sizeof node); 3441 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 3442 node.count = 1; 3443 3444 DPRINTF(sc, WPI_DEBUG_NODE, "%s: deleting node %d (%s)\n", __func__, 3445 wn->id, ether_sprintf(ni->ni_macaddr)); 3446 3447 error = wpi_cmd(sc, WPI_CMD_DEL_NODE, &node, sizeof node, 1); 3448 if (error != 0) { 3449 device_printf(sc->sc_dev, 3450 "%s: could not delete node %u, error %d\n", __func__, 3451 wn->id, error); 3452 } 3453} 3454 3455static int 3456wpi_updateedca(struct ieee80211com *ic) 3457{ 3458#define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 3459 struct wpi_softc *sc = ic->ic_softc; 3460 struct wpi_edca_params cmd; 3461 int aci, error; 3462 3463 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3464 3465 memset(&cmd, 0, sizeof cmd); 3466 cmd.flags = htole32(WPI_EDCA_UPDATE); 3467 for (aci = 0; aci < WME_NUM_AC; aci++) { 3468 const struct wmeParams *ac = 3469 &ic->ic_wme.wme_chanParams.cap_wmeParams[aci]; 3470 cmd.ac[aci].aifsn = ac->wmep_aifsn; 3471 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->wmep_logcwmin)); 3472 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->wmep_logcwmax)); 3473 cmd.ac[aci].txoplimit = 3474 htole16(IEEE80211_TXOP_TO_US(ac->wmep_txopLimit)); 3475 3476 DPRINTF(sc, WPI_DEBUG_EDCA, 3477 "setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 3478 "txoplimit=%d\n", aci, cmd.ac[aci].aifsn, 3479 cmd.ac[aci].cwmin, cmd.ac[aci].cwmax, 3480 cmd.ac[aci].txoplimit); 3481 } 3482 error = wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 3483 3484 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3485 3486 return error; 3487#undef WPI_EXP2 3488} 3489 3490static void 3491wpi_set_promisc(struct wpi_softc *sc) 3492{ 3493 struct ieee80211com *ic = &sc->sc_ic; 3494 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3495 uint32_t promisc_filter; 3496 3497 promisc_filter = WPI_FILTER_CTL; 3498 if (vap != NULL && vap->iv_opmode != IEEE80211_M_HOSTAP) 3499 promisc_filter |= WPI_FILTER_PROMISC; 3500 3501 if (ic->ic_promisc > 0) 3502 sc->rxon.filter |= htole32(promisc_filter); 3503 else 3504 sc->rxon.filter &= ~htole32(promisc_filter); 3505} 3506 3507static void 3508wpi_update_promisc(struct ieee80211com *ic) 3509{ 3510 struct wpi_softc *sc = ic->ic_softc; 3511 3512 WPI_RXON_LOCK(sc); 3513 wpi_set_promisc(sc); 3514 3515 if (wpi_send_rxon(sc, 1, 1) != 0) { 3516 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3517 __func__); 3518 } 3519 WPI_RXON_UNLOCK(sc); 3520} 3521 3522static void 3523wpi_update_mcast(struct ieee80211com *ic) 3524{ 3525 /* Ignore */ 3526} 3527 3528static void 3529wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on) 3530{ 3531 struct wpi_cmd_led led; 3532 3533 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3534 3535 led.which = which; 3536 led.unit = htole32(100000); /* on/off in unit of 100ms */ 3537 led.off = off; 3538 led.on = on; 3539 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1); 3540} 3541 3542static int 3543wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni) 3544{ 3545 struct wpi_cmd_timing cmd; 3546 uint64_t val, mod; 3547 3548 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3549 3550 memset(&cmd, 0, sizeof cmd); 3551 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t)); 3552 cmd.bintval = htole16(ni->ni_intval); 3553 cmd.lintval = htole16(10); 3554 3555 /* Compute remaining time until next beacon. */ 3556 val = (uint64_t)ni->ni_intval * IEEE80211_DUR_TU; 3557 mod = le64toh(cmd.tstamp) % val; 3558 cmd.binitval = htole32((uint32_t)(val - mod)); 3559 3560 DPRINTF(sc, WPI_DEBUG_RESET, "timing bintval=%u tstamp=%ju, init=%u\n", 3561 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod)); 3562 3563 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1); 3564} 3565 3566/* 3567 * This function is called periodically (every 60 seconds) to adjust output 3568 * power to temperature changes. 3569 */ 3570static void 3571wpi_power_calibration(struct wpi_softc *sc) 3572{ 3573 int temp; 3574 3575 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 3576 3577 /* Update sensor data. */ 3578 temp = (int)WPI_READ(sc, WPI_UCODE_GP2); 3579 DPRINTF(sc, WPI_DEBUG_TEMP, "Temp in calibration is: %d\n", temp); 3580 3581 /* Sanity-check read value. */ 3582 if (temp < -260 || temp > 25) { 3583 /* This can't be correct, ignore. */ 3584 DPRINTF(sc, WPI_DEBUG_TEMP, 3585 "out-of-range temperature reported: %d\n", temp); 3586 return; 3587 } 3588 3589 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d->%d\n", sc->temp, temp); 3590 3591 /* Adjust Tx power if need be. */ 3592 if (abs(temp - sc->temp) <= 6) 3593 return; 3594 3595 sc->temp = temp; 3596 3597 if (wpi_set_txpower(sc, 1) != 0) { 3598 /* just warn, too bad for the automatic calibration... */ 3599 device_printf(sc->sc_dev,"could not adjust Tx power\n"); 3600 } 3601} 3602 3603/* 3604 * Set TX power for current channel. 3605 */ 3606static int 3607wpi_set_txpower(struct wpi_softc *sc, int async) 3608{ 3609 struct wpi_power_group *group; 3610 struct wpi_cmd_txpower cmd; 3611 uint8_t chan; 3612 int idx, is_chan_5ghz, i; 3613 3614 /* Retrieve current channel from last RXON. */ 3615 chan = sc->rxon.chan; 3616 is_chan_5ghz = (sc->rxon.flags & htole32(WPI_RXON_24GHZ)) == 0; 3617 3618 /* Find the TX power group to which this channel belongs. */ 3619 if (is_chan_5ghz) { 3620 for (group = &sc->groups[1]; group < &sc->groups[4]; group++) 3621 if (chan <= group->chan) 3622 break; 3623 } else 3624 group = &sc->groups[0]; 3625 3626 memset(&cmd, 0, sizeof cmd); 3627 cmd.band = is_chan_5ghz ? WPI_BAND_5GHZ : WPI_BAND_2GHZ; 3628 cmd.chan = htole16(chan); 3629 3630 /* Set TX power for all OFDM and CCK rates. */ 3631 for (i = 0; i <= WPI_RIDX_MAX ; i++) { 3632 /* Retrieve TX power for this channel/rate. */ 3633 idx = wpi_get_power_index(sc, group, chan, is_chan_5ghz, i); 3634 3635 cmd.rates[i].plcp = wpi_ridx_to_plcp[i]; 3636 3637 if (is_chan_5ghz) { 3638 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx]; 3639 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx]; 3640 } else { 3641 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx]; 3642 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx]; 3643 } 3644 DPRINTF(sc, WPI_DEBUG_TEMP, 3645 "chan %d/ridx %d: power index %d\n", chan, i, idx); 3646 } 3647 3648 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async); 3649} 3650 3651/* 3652 * Determine Tx power index for a given channel/rate combination. 3653 * This takes into account the regulatory information from EEPROM and the 3654 * current temperature. 3655 */ 3656static int 3657wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group, 3658 uint8_t chan, int is_chan_5ghz, int ridx) 3659{ 3660/* Fixed-point arithmetic division using a n-bit fractional part. */ 3661#define fdivround(a, b, n) \ 3662 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 3663 3664/* Linear interpolation. */ 3665#define interpolate(x, x1, y1, x2, y2, n) \ 3666 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 3667 3668 struct wpi_power_sample *sample; 3669 int pwr, idx; 3670 3671 /* Default TX power is group maximum TX power minus 3dB. */ 3672 pwr = group->maxpwr / 2; 3673 3674 /* Decrease TX power for highest OFDM rates to reduce distortion. */ 3675 switch (ridx) { 3676 case WPI_RIDX_OFDM36: 3677 pwr -= is_chan_5ghz ? 5 : 0; 3678 break; 3679 case WPI_RIDX_OFDM48: 3680 pwr -= is_chan_5ghz ? 10 : 7; 3681 break; 3682 case WPI_RIDX_OFDM54: 3683 pwr -= is_chan_5ghz ? 12 : 9; 3684 break; 3685 } 3686 3687 /* Never exceed the channel maximum allowed TX power. */ 3688 pwr = min(pwr, sc->maxpwr[chan]); 3689 3690 /* Retrieve TX power index into gain tables from samples. */ 3691 for (sample = group->samples; sample < &group->samples[3]; sample++) 3692 if (pwr > sample[1].power) 3693 break; 3694 /* Fixed-point linear interpolation using a 19-bit fractional part. */ 3695 idx = interpolate(pwr, sample[0].power, sample[0].index, 3696 sample[1].power, sample[1].index, 19); 3697 3698 /*- 3699 * Adjust power index based on current temperature: 3700 * - if cooler than factory-calibrated: decrease output power 3701 * - if warmer than factory-calibrated: increase output power 3702 */ 3703 idx -= (sc->temp - group->temp) * 11 / 100; 3704 3705 /* Decrease TX power for CCK rates (-5dB). */ 3706 if (ridx >= WPI_RIDX_CCK1) 3707 idx += 10; 3708 3709 /* Make sure idx stays in a valid range. */ 3710 if (idx < 0) 3711 return 0; 3712 if (idx > WPI_MAX_PWR_INDEX) 3713 return WPI_MAX_PWR_INDEX; 3714 return idx; 3715 3716#undef interpolate 3717#undef fdivround 3718} 3719 3720/* 3721 * Set STA mode power saving level (between 0 and 5). 3722 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 3723 */ 3724static int 3725wpi_set_pslevel(struct wpi_softc *sc, uint8_t dtim, int level, int async) 3726{ 3727 struct wpi_pmgt_cmd cmd; 3728 const struct wpi_pmgt *pmgt; 3729 uint32_t max, reg; 3730 uint8_t skip_dtim; 3731 int i; 3732 3733 DPRINTF(sc, WPI_DEBUG_PWRSAVE, 3734 "%s: dtim=%d, level=%d, async=%d\n", 3735 __func__, dtim, level, async); 3736 3737 /* Select which PS parameters to use. */ 3738 if (dtim <= 10) 3739 pmgt = &wpi_pmgt[0][level]; 3740 else 3741 pmgt = &wpi_pmgt[1][level]; 3742 3743 memset(&cmd, 0, sizeof cmd); 3744 if (level != 0) /* not CAM */ 3745 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP); 3746 /* Retrieve PCIe Active State Power Management (ASPM). */ 3747 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 3748 if (!(reg & 0x1)) /* L0s Entry disabled. */ 3749 cmd.flags |= htole16(WPI_PS_PCI_PMGT); 3750 3751 cmd.rxtimeout = htole32(pmgt->rxtimeout * IEEE80211_DUR_TU); 3752 cmd.txtimeout = htole32(pmgt->txtimeout * IEEE80211_DUR_TU); 3753 3754 if (dtim == 0) { 3755 dtim = 1; 3756 skip_dtim = 0; 3757 } else 3758 skip_dtim = pmgt->skip_dtim; 3759 3760 if (skip_dtim != 0) { 3761 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM); 3762 max = pmgt->intval[4]; 3763 if (max == (uint32_t)-1) 3764 max = dtim * (skip_dtim + 1); 3765 else if (max > dtim) 3766 max = (max / dtim) * dtim; 3767 } else 3768 max = dtim; 3769 3770 for (i = 0; i < 5; i++) 3771 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i])); 3772 3773 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 3774} 3775 3776static int 3777wpi_send_btcoex(struct wpi_softc *sc) 3778{ 3779 struct wpi_bluetooth cmd; 3780 3781 memset(&cmd, 0, sizeof cmd); 3782 cmd.flags = WPI_BT_COEX_MODE_4WIRE; 3783 cmd.lead_time = WPI_BT_LEAD_TIME_DEF; 3784 cmd.max_kill = WPI_BT_MAX_KILL_DEF; 3785 DPRINTF(sc, WPI_DEBUG_RESET, "%s: configuring bluetooth coexistence\n", 3786 __func__); 3787 return wpi_cmd(sc, WPI_CMD_BT_COEX, &cmd, sizeof(cmd), 0); 3788} 3789 3790static int 3791wpi_send_rxon(struct wpi_softc *sc, int assoc, int async) 3792{ 3793 int error; 3794 3795 if (async) 3796 WPI_RXON_LOCK_ASSERT(sc); 3797 3798 if (assoc && wpi_check_bss_filter(sc) != 0) { 3799 struct wpi_assoc rxon_assoc; 3800 3801 rxon_assoc.flags = sc->rxon.flags; 3802 rxon_assoc.filter = sc->rxon.filter; 3803 rxon_assoc.ofdm_mask = sc->rxon.ofdm_mask; 3804 rxon_assoc.cck_mask = sc->rxon.cck_mask; 3805 rxon_assoc.reserved = 0; 3806 3807 error = wpi_cmd(sc, WPI_CMD_RXON_ASSOC, &rxon_assoc, 3808 sizeof (struct wpi_assoc), async); 3809 if (error != 0) { 3810 device_printf(sc->sc_dev, 3811 "RXON_ASSOC command failed, error %d\n", error); 3812 return error; 3813 } 3814 } else { 3815 if (async) { 3816 WPI_NT_LOCK(sc); 3817 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3818 sizeof (struct wpi_rxon), async); 3819 if (error == 0) 3820 wpi_clear_node_table(sc); 3821 WPI_NT_UNLOCK(sc); 3822 } else { 3823 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon, 3824 sizeof (struct wpi_rxon), async); 3825 if (error == 0) 3826 wpi_clear_node_table(sc); 3827 } 3828 3829 if (error != 0) { 3830 device_printf(sc->sc_dev, 3831 "RXON command failed, error %d\n", error); 3832 return error; 3833 } 3834 3835 /* Add broadcast node. */ 3836 error = wpi_add_broadcast_node(sc, async); 3837 if (error != 0) { 3838 device_printf(sc->sc_dev, 3839 "could not add broadcast node, error %d\n", error); 3840 return error; 3841 } 3842 } 3843 3844 /* Configuration has changed, set Tx power accordingly. */ 3845 if ((error = wpi_set_txpower(sc, async)) != 0) { 3846 device_printf(sc->sc_dev, 3847 "%s: could not set TX power, error %d\n", __func__, error); 3848 return error; 3849 } 3850 3851 return 0; 3852} 3853 3854/** 3855 * Configure the card to listen to a particular channel, this transisions the 3856 * card in to being able to receive frames from remote devices. 3857 */ 3858static int 3859wpi_config(struct wpi_softc *sc) 3860{ 3861 struct ieee80211com *ic = &sc->sc_ic; 3862 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3863 struct ieee80211_channel *c = ic->ic_curchan; 3864 int error; 3865 3866 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 3867 3868 /* Set power saving level to CAM during initialization. */ 3869 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) { 3870 device_printf(sc->sc_dev, 3871 "%s: could not set power saving level\n", __func__); 3872 return error; 3873 } 3874 3875 /* Configure bluetooth coexistence. */ 3876 if ((error = wpi_send_btcoex(sc)) != 0) { 3877 device_printf(sc->sc_dev, 3878 "could not configure bluetooth coexistence\n"); 3879 return error; 3880 } 3881 3882 /* Configure adapter. */ 3883 memset(&sc->rxon, 0, sizeof (struct wpi_rxon)); 3884 IEEE80211_ADDR_COPY(sc->rxon.myaddr, vap->iv_myaddr); 3885 3886 /* Set default channel. */ 3887 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 3888 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 3889 if (IEEE80211_IS_CHAN_2GHZ(c)) 3890 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 3891 3892 sc->rxon.filter = WPI_FILTER_MULTICAST; 3893 switch (ic->ic_opmode) { 3894 case IEEE80211_M_STA: 3895 sc->rxon.mode = WPI_MODE_STA; 3896 break; 3897 case IEEE80211_M_IBSS: 3898 sc->rxon.mode = WPI_MODE_IBSS; 3899 sc->rxon.filter |= WPI_FILTER_BEACON; 3900 break; 3901 case IEEE80211_M_HOSTAP: 3902 /* XXX workaround for beaconing */ 3903 sc->rxon.mode = WPI_MODE_IBSS; 3904 sc->rxon.filter |= WPI_FILTER_ASSOC | WPI_FILTER_PROMISC; 3905 break; 3906 case IEEE80211_M_AHDEMO: 3907 sc->rxon.mode = WPI_MODE_HOSTAP; 3908 break; 3909 case IEEE80211_M_MONITOR: 3910 sc->rxon.mode = WPI_MODE_MONITOR; 3911 break; 3912 default: 3913 device_printf(sc->sc_dev, "unknown opmode %d\n", 3914 ic->ic_opmode); 3915 return EINVAL; 3916 } 3917 sc->rxon.filter = htole32(sc->rxon.filter); 3918 wpi_set_promisc(sc); 3919 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 3920 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 3921 3922 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) { 3923 device_printf(sc->sc_dev, "%s: could not send RXON\n", 3924 __func__); 3925 return error; 3926 } 3927 3928 /* Setup rate scalling. */ 3929 if ((error = wpi_mrr_setup(sc)) != 0) { 3930 device_printf(sc->sc_dev, "could not setup MRR, error %d\n", 3931 error); 3932 return error; 3933 } 3934 3935 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 3936 3937 return 0; 3938} 3939 3940static uint16_t 3941wpi_get_active_dwell_time(struct wpi_softc *sc, 3942 struct ieee80211_channel *c, uint8_t n_probes) 3943{ 3944 /* No channel? Default to 2GHz settings. */ 3945 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) { 3946 return (WPI_ACTIVE_DWELL_TIME_2GHZ + 3947 WPI_ACTIVE_DWELL_FACTOR_2GHZ * (n_probes + 1)); 3948 } 3949 3950 /* 5GHz dwell time. */ 3951 return (WPI_ACTIVE_DWELL_TIME_5GHZ + 3952 WPI_ACTIVE_DWELL_FACTOR_5GHZ * (n_probes + 1)); 3953} 3954 3955/* 3956 * Limit the total dwell time. 3957 * 3958 * Returns the dwell time in milliseconds. 3959 */ 3960static uint16_t 3961wpi_limit_dwell(struct wpi_softc *sc, uint16_t dwell_time) 3962{ 3963 struct ieee80211com *ic = &sc->sc_ic; 3964 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3965 uint16_t bintval = 0; 3966 3967 /* bintval is in TU (1.024mS) */ 3968 if (vap != NULL) 3969 bintval = vap->iv_bss->ni_intval; 3970 3971 /* 3972 * If it's non-zero, we should calculate the minimum of 3973 * it and the DWELL_BASE. 3974 * 3975 * XXX Yes, the math should take into account that bintval 3976 * is 1.024mS, not 1mS.. 3977 */ 3978 if (bintval > 0) { 3979 DPRINTF(sc, WPI_DEBUG_SCAN, "%s: bintval=%d\n", __func__, 3980 bintval); 3981 return (MIN(dwell_time, bintval - WPI_CHANNEL_TUNE_TIME * 2)); 3982 } 3983 3984 /* No association context? Default. */ 3985 return dwell_time; 3986} 3987 3988static uint16_t 3989wpi_get_passive_dwell_time(struct wpi_softc *sc, struct ieee80211_channel *c) 3990{ 3991 uint16_t passive; 3992 3993 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) 3994 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_2GHZ; 3995 else 3996 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_5GHZ; 3997 3998 /* Clamp to the beacon interval if we're associated. */ 3999 return (wpi_limit_dwell(sc, passive)); 4000} 4001 4002static uint32_t 4003wpi_get_scan_pause_time(uint32_t time, uint16_t bintval) 4004{ 4005 uint32_t mod = (time % bintval) * IEEE80211_DUR_TU; 4006 uint32_t nbeacons = time / bintval; 4007 4008 if (mod > WPI_PAUSE_MAX_TIME) 4009 mod = WPI_PAUSE_MAX_TIME; 4010 4011 return WPI_PAUSE_SCAN(nbeacons, mod); 4012} 4013 4014/* 4015 * Send a scan request to the firmware. 4016 */ 4017static int 4018wpi_scan(struct wpi_softc *sc, struct ieee80211_channel *c) 4019{ 4020 struct ieee80211com *ic = &sc->sc_ic; 4021 struct ieee80211_scan_state *ss = ic->ic_scan; 4022 struct ieee80211vap *vap = ss->ss_vap; 4023 struct wpi_scan_hdr *hdr; 4024 struct wpi_cmd_data *tx; 4025 struct wpi_scan_essid *essids; 4026 struct wpi_scan_chan *chan; 4027 struct ieee80211_frame *wh; 4028 struct ieee80211_rateset *rs; 4029 uint16_t bintval, buflen, dwell_active, dwell_passive; 4030 uint8_t *buf, *frm, i, nssid; 4031 int bgscan, error; 4032 4033 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4034 4035 /* 4036 * We are absolutely not allowed to send a scan command when another 4037 * scan command is pending. 4038 */ 4039 if (callout_pending(&sc->scan_timeout)) { 4040 device_printf(sc->sc_dev, "%s: called whilst scanning!\n", 4041 __func__); 4042 error = EAGAIN; 4043 goto fail; 4044 } 4045 4046 bgscan = wpi_check_bss_filter(sc); 4047 bintval = vap->iv_bss->ni_intval; 4048 if (bgscan != 0 && 4049 bintval < WPI_QUIET_TIME_DEFAULT + WPI_CHANNEL_TUNE_TIME * 2) { 4050 error = EOPNOTSUPP; 4051 goto fail; 4052 } 4053 4054 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 4055 if (buf == NULL) { 4056 device_printf(sc->sc_dev, 4057 "%s: could not allocate buffer for scan command\n", 4058 __func__); 4059 error = ENOMEM; 4060 goto fail; 4061 } 4062 hdr = (struct wpi_scan_hdr *)buf; 4063 4064 /* 4065 * Move to the next channel if no packets are received within 10 msecs 4066 * after sending the probe request. 4067 */ 4068 hdr->quiet_time = htole16(WPI_QUIET_TIME_DEFAULT); 4069 hdr->quiet_threshold = htole16(1); 4070 4071 if (bgscan != 0) { 4072 /* 4073 * Max needs to be greater than active and passive and quiet! 4074 * It's also in microseconds! 4075 */ 4076 hdr->max_svc = htole32(250 * IEEE80211_DUR_TU); 4077 hdr->pause_svc = htole32(wpi_get_scan_pause_time(100, 4078 bintval)); 4079 } 4080 4081 hdr->filter = htole32(WPI_FILTER_MULTICAST | WPI_FILTER_BEACON); 4082 4083 tx = (struct wpi_cmd_data *)(hdr + 1); 4084 tx->flags = htole32(WPI_TX_AUTO_SEQ); 4085 tx->id = WPI_ID_BROADCAST; 4086 tx->lifetime = htole32(WPI_LIFETIME_INFINITE); 4087 4088 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4089 /* Send probe requests at 6Mbps. */ 4090 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_OFDM6]; 4091 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 4092 } else { 4093 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO); 4094 /* Send probe requests at 1Mbps. */ 4095 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 4096 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 4097 } 4098 4099 essids = (struct wpi_scan_essid *)(tx + 1); 4100 nssid = MIN(ss->ss_nssid, WPI_SCAN_MAX_ESSIDS); 4101 for (i = 0; i < nssid; i++) { 4102 essids[i].id = IEEE80211_ELEMID_SSID; 4103 essids[i].len = MIN(ss->ss_ssid[i].len, IEEE80211_NWID_LEN); 4104 memcpy(essids[i].data, ss->ss_ssid[i].ssid, essids[i].len); 4105#ifdef WPI_DEBUG 4106 if (sc->sc_debug & WPI_DEBUG_SCAN) { 4107 printf("Scanning Essid: "); 4108 ieee80211_print_essid(essids[i].data, essids[i].len); 4109 printf("\n"); 4110 } 4111#endif 4112 } 4113 4114 /* 4115 * Build a probe request frame. Most of the following code is a 4116 * copy & paste of what is done in net80211. 4117 */ 4118 wh = (struct ieee80211_frame *)(essids + WPI_SCAN_MAX_ESSIDS); 4119 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 4120 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 4121 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 4122 IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr); 4123 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 4124 IEEE80211_ADDR_COPY(wh->i_addr3, ieee80211broadcastaddr); 4125 4126 frm = (uint8_t *)(wh + 1); 4127 frm = ieee80211_add_ssid(frm, NULL, 0); 4128 frm = ieee80211_add_rates(frm, rs); 4129 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 4130 frm = ieee80211_add_xrates(frm, rs); 4131 4132 /* Set length of probe request. */ 4133 tx->len = htole16(frm - (uint8_t *)wh); 4134 4135 /* 4136 * Construct information about the channel that we 4137 * want to scan. The firmware expects this to be directly 4138 * after the scan probe request 4139 */ 4140 chan = (struct wpi_scan_chan *)frm; 4141 chan->chan = ieee80211_chan2ieee(ic, c); 4142 chan->flags = 0; 4143 if (nssid) { 4144 hdr->crc_threshold = WPI_SCAN_CRC_TH_DEFAULT; 4145 chan->flags |= WPI_CHAN_NPBREQS(nssid); 4146 } else 4147 hdr->crc_threshold = WPI_SCAN_CRC_TH_NEVER; 4148 4149 if (!IEEE80211_IS_CHAN_PASSIVE(c)) 4150 chan->flags |= WPI_CHAN_ACTIVE; 4151 4152 /* 4153 * Calculate the active/passive dwell times. 4154 */ 4155 dwell_active = wpi_get_active_dwell_time(sc, c, nssid); 4156 dwell_passive = wpi_get_passive_dwell_time(sc, c); 4157 4158 /* Make sure they're valid. */ 4159 if (dwell_active > dwell_passive) 4160 dwell_active = dwell_passive; 4161 4162 chan->active = htole16(dwell_active); 4163 chan->passive = htole16(dwell_passive); 4164 4165 chan->dsp_gain = 0x6e; /* Default level */ 4166 4167 if (IEEE80211_IS_CHAN_5GHZ(c)) 4168 chan->rf_gain = 0x3b; 4169 else 4170 chan->rf_gain = 0x28; 4171 4172 DPRINTF(sc, WPI_DEBUG_SCAN, "Scanning %u Passive: %d\n", 4173 chan->chan, IEEE80211_IS_CHAN_PASSIVE(c)); 4174 4175 hdr->nchan++; 4176 4177 if (hdr->nchan == 1 && sc->rxon.chan == chan->chan) { 4178 /* XXX Force probe request transmission. */ 4179 memcpy(chan + 1, chan, sizeof (struct wpi_scan_chan)); 4180 4181 chan++; 4182 4183 /* Reduce unnecessary delay. */ 4184 chan->flags = 0; 4185 chan->passive = chan->active = hdr->quiet_time; 4186 4187 hdr->nchan++; 4188 } 4189 4190 chan++; 4191 4192 buflen = (uint8_t *)chan - buf; 4193 hdr->len = htole16(buflen); 4194 4195 DPRINTF(sc, WPI_DEBUG_CMD, "sending scan command nchan=%d\n", 4196 hdr->nchan); 4197 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1); 4198 free(buf, M_DEVBUF); 4199 4200 if (error != 0) 4201 goto fail; 4202 4203 callout_reset(&sc->scan_timeout, 5*hz, wpi_scan_timeout, sc); 4204 4205 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4206 4207 return 0; 4208 4209fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 4210 4211 return error; 4212} 4213 4214static int 4215wpi_auth(struct wpi_softc *sc, struct ieee80211vap *vap) 4216{ 4217 struct ieee80211com *ic = vap->iv_ic; 4218 struct ieee80211_node *ni = vap->iv_bss; 4219 struct ieee80211_channel *c = ni->ni_chan; 4220 int error; 4221 4222 WPI_RXON_LOCK(sc); 4223 4224 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4225 4226 /* Update adapter configuration. */ 4227 sc->rxon.associd = 0; 4228 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS); 4229 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4230 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 4231 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4232 if (IEEE80211_IS_CHAN_2GHZ(c)) 4233 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4234 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4235 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4236 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4237 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4238 if (IEEE80211_IS_CHAN_A(c)) { 4239 sc->rxon.cck_mask = 0; 4240 sc->rxon.ofdm_mask = 0x15; 4241 } else if (IEEE80211_IS_CHAN_B(c)) { 4242 sc->rxon.cck_mask = 0x03; 4243 sc->rxon.ofdm_mask = 0; 4244 } else { 4245 /* Assume 802.11b/g. */ 4246 sc->rxon.cck_mask = 0x0f; 4247 sc->rxon.ofdm_mask = 0x15; 4248 } 4249 4250 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x cck %x ofdm %x\n", 4251 sc->rxon.chan, sc->rxon.flags, sc->rxon.cck_mask, 4252 sc->rxon.ofdm_mask); 4253 4254 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4255 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4256 __func__); 4257 } 4258 4259 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4260 4261 WPI_RXON_UNLOCK(sc); 4262 4263 return error; 4264} 4265 4266static int 4267wpi_config_beacon(struct wpi_vap *wvp) 4268{ 4269 struct ieee80211vap *vap = &wvp->wv_vap; 4270 struct ieee80211com *ic = vap->iv_ic; 4271 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4272 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4273 struct wpi_softc *sc = ic->ic_softc; 4274 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data; 4275 struct ieee80211_tim_ie *tie; 4276 struct mbuf *m; 4277 uint8_t *ptr; 4278 int error; 4279 4280 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4281 4282 WPI_VAP_LOCK_ASSERT(wvp); 4283 4284 cmd->len = htole16(bcn->m->m_pkthdr.len); 4285 cmd->plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4286 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1]; 4287 4288 /* XXX seems to be unused */ 4289 if (*(bo->bo_tim) == IEEE80211_ELEMID_TIM) { 4290 tie = (struct ieee80211_tim_ie *) bo->bo_tim; 4291 ptr = mtod(bcn->m, uint8_t *); 4292 4293 cmd->tim = htole16(bo->bo_tim - ptr); 4294 cmd->timsz = tie->tim_len; 4295 } 4296 4297 /* Necessary for recursion in ieee80211_beacon_update(). */ 4298 m = bcn->m; 4299 bcn->m = m_dup(m, M_NOWAIT); 4300 if (bcn->m == NULL) { 4301 device_printf(sc->sc_dev, 4302 "%s: could not copy beacon frame\n", __func__); 4303 error = ENOMEM; 4304 goto end; 4305 } 4306 4307 if ((error = wpi_cmd2(sc, bcn)) != 0) { 4308 device_printf(sc->sc_dev, 4309 "%s: could not update beacon frame, error %d", __func__, 4310 error); 4311 } 4312 4313 /* Restore mbuf. */ 4314end: bcn->m = m; 4315 4316 return error; 4317} 4318 4319static int 4320wpi_setup_beacon(struct wpi_softc *sc, struct ieee80211_node *ni) 4321{ 4322 struct ieee80211vap *vap = ni->ni_vap; 4323 struct wpi_vap *wvp = WPI_VAP(vap); 4324 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4325 struct mbuf *m; 4326 int error; 4327 4328 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4329 4330 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4331 return EINVAL; 4332 4333 m = ieee80211_beacon_alloc(ni); 4334 if (m == NULL) { 4335 device_printf(sc->sc_dev, 4336 "%s: could not allocate beacon frame\n", __func__); 4337 return ENOMEM; 4338 } 4339 4340 WPI_VAP_LOCK(wvp); 4341 if (bcn->m != NULL) 4342 m_freem(bcn->m); 4343 4344 bcn->m = m; 4345 4346 error = wpi_config_beacon(wvp); 4347 WPI_VAP_UNLOCK(wvp); 4348 4349 return error; 4350} 4351 4352static void 4353wpi_update_beacon(struct ieee80211vap *vap, int item) 4354{ 4355 struct wpi_softc *sc = vap->iv_ic->ic_softc; 4356 struct wpi_vap *wvp = WPI_VAP(vap); 4357 struct wpi_buf *bcn = &wvp->wv_bcbuf; 4358 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4359 struct ieee80211_node *ni = vap->iv_bss; 4360 int mcast = 0; 4361 4362 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4363 4364 WPI_VAP_LOCK(wvp); 4365 if (bcn->m == NULL) { 4366 bcn->m = ieee80211_beacon_alloc(ni); 4367 if (bcn->m == NULL) { 4368 device_printf(sc->sc_dev, 4369 "%s: could not allocate beacon frame\n", __func__); 4370 4371 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, 4372 __func__); 4373 4374 WPI_VAP_UNLOCK(wvp); 4375 return; 4376 } 4377 } 4378 WPI_VAP_UNLOCK(wvp); 4379 4380 if (item == IEEE80211_BEACON_TIM) 4381 mcast = 1; /* TODO */ 4382 4383 setbit(bo->bo_flags, item); 4384 ieee80211_beacon_update(ni, bcn->m, mcast); 4385 4386 WPI_VAP_LOCK(wvp); 4387 wpi_config_beacon(wvp); 4388 WPI_VAP_UNLOCK(wvp); 4389 4390 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4391} 4392 4393static void 4394wpi_newassoc(struct ieee80211_node *ni, int isnew) 4395{ 4396 struct ieee80211vap *vap = ni->ni_vap; 4397 struct wpi_softc *sc = ni->ni_ic->ic_softc; 4398 struct wpi_node *wn = WPI_NODE(ni); 4399 int error; 4400 4401 WPI_NT_LOCK(sc); 4402 4403 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4404 4405 if (vap->iv_opmode != IEEE80211_M_STA && wn->id == WPI_ID_UNDEFINED) { 4406 if ((error = wpi_add_ibss_node(sc, ni)) != 0) { 4407 device_printf(sc->sc_dev, 4408 "%s: could not add IBSS node, error %d\n", 4409 __func__, error); 4410 } 4411 } 4412 WPI_NT_UNLOCK(sc); 4413} 4414 4415static int 4416wpi_run(struct wpi_softc *sc, struct ieee80211vap *vap) 4417{ 4418 struct ieee80211com *ic = vap->iv_ic; 4419 struct ieee80211_node *ni = vap->iv_bss; 4420 struct ieee80211_channel *c = ni->ni_chan; 4421 int error; 4422 4423 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 4424 4425 if (vap->iv_opmode == IEEE80211_M_MONITOR) { 4426 /* Link LED blinks while monitoring. */ 4427 wpi_set_led(sc, WPI_LED_LINK, 5, 5); 4428 return 0; 4429 } 4430 4431 /* XXX kernel panic workaround */ 4432 if (c == IEEE80211_CHAN_ANYC) { 4433 device_printf(sc->sc_dev, "%s: incomplete configuration\n", 4434 __func__); 4435 return EINVAL; 4436 } 4437 4438 if ((error = wpi_set_timing(sc, ni)) != 0) { 4439 device_printf(sc->sc_dev, 4440 "%s: could not set timing, error %d\n", __func__, error); 4441 return error; 4442 } 4443 4444 /* Update adapter configuration. */ 4445 WPI_RXON_LOCK(sc); 4446 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4447 sc->rxon.associd = htole16(IEEE80211_NODE_AID(ni)); 4448 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 4449 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF); 4450 if (IEEE80211_IS_CHAN_2GHZ(c)) 4451 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ); 4452 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4453 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT); 4454 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4455 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE); 4456 if (IEEE80211_IS_CHAN_A(c)) { 4457 sc->rxon.cck_mask = 0; 4458 sc->rxon.ofdm_mask = 0x15; 4459 } else if (IEEE80211_IS_CHAN_B(c)) { 4460 sc->rxon.cck_mask = 0x03; 4461 sc->rxon.ofdm_mask = 0; 4462 } else { 4463 /* Assume 802.11b/g. */ 4464 sc->rxon.cck_mask = 0x0f; 4465 sc->rxon.ofdm_mask = 0x15; 4466 } 4467 sc->rxon.filter |= htole32(WPI_FILTER_BSS); 4468 4469 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x\n", 4470 sc->rxon.chan, sc->rxon.flags); 4471 4472 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) { 4473 device_printf(sc->sc_dev, "%s: could not send RXON\n", 4474 __func__); 4475 return error; 4476 } 4477 4478 /* Start periodic calibration timer. */ 4479 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc); 4480 4481 WPI_RXON_UNLOCK(sc); 4482 4483 if (vap->iv_opmode == IEEE80211_M_IBSS || 4484 vap->iv_opmode == IEEE80211_M_HOSTAP) { 4485 if ((error = wpi_setup_beacon(sc, ni)) != 0) { 4486 device_printf(sc->sc_dev, 4487 "%s: could not setup beacon, error %d\n", __func__, 4488 error); 4489 return error; 4490 } 4491 } 4492 4493 if (vap->iv_opmode == IEEE80211_M_STA) { 4494 /* Add BSS node. */ 4495 WPI_NT_LOCK(sc); 4496 error = wpi_add_sta_node(sc, ni); 4497 WPI_NT_UNLOCK(sc); 4498 if (error != 0) { 4499 device_printf(sc->sc_dev, 4500 "%s: could not add BSS node, error %d\n", __func__, 4501 error); 4502 return error; 4503 } 4504 } 4505 4506 /* Link LED always on while associated. */ 4507 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 4508 4509 /* Enable power-saving mode if requested by user. */ 4510 if ((vap->iv_flags & IEEE80211_F_PMGTON) && 4511 vap->iv_opmode != IEEE80211_M_IBSS) 4512 (void)wpi_set_pslevel(sc, 0, 3, 1); 4513 4514 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 4515 4516 return 0; 4517} 4518 4519static int 4520wpi_load_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4521{ 4522 const struct ieee80211_cipher *cip = k->wk_cipher; 4523 struct ieee80211vap *vap = ni->ni_vap; 4524 struct wpi_softc *sc = ni->ni_ic->ic_softc; 4525 struct wpi_node *wn = WPI_NODE(ni); 4526 struct wpi_node_info node; 4527 uint16_t kflags; 4528 int error; 4529 4530 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4531 4532 if (wpi_check_node_entry(sc, wn->id) == 0) { 4533 device_printf(sc->sc_dev, "%s: node does not exist\n", 4534 __func__); 4535 return 0; 4536 } 4537 4538 switch (cip->ic_cipher) { 4539 case IEEE80211_CIPHER_AES_CCM: 4540 kflags = WPI_KFLAG_CCMP; 4541 break; 4542 4543 default: 4544 device_printf(sc->sc_dev, "%s: unknown cipher %d\n", __func__, 4545 cip->ic_cipher); 4546 return 0; 4547 } 4548 4549 kflags |= WPI_KFLAG_KID(k->wk_keyix); 4550 if (k->wk_flags & IEEE80211_KEY_GROUP) 4551 kflags |= WPI_KFLAG_MULTICAST; 4552 4553 memset(&node, 0, sizeof node); 4554 node.id = wn->id; 4555 node.control = WPI_NODE_UPDATE; 4556 node.flags = WPI_FLAG_KEY_SET; 4557 node.kflags = htole16(kflags); 4558 memcpy(node.key, k->wk_key, k->wk_keylen); 4559again: 4560 DPRINTF(sc, WPI_DEBUG_KEY, 4561 "%s: setting %s key id %d for node %d (%s)\n", __func__, 4562 (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", k->wk_keyix, 4563 node.id, ether_sprintf(ni->ni_macaddr)); 4564 4565 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4566 if (error != 0) { 4567 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4568 error); 4569 return !error; 4570 } 4571 4572 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4573 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4574 kflags |= WPI_KFLAG_MULTICAST; 4575 node.kflags = htole16(kflags); 4576 4577 goto again; 4578 } 4579 4580 return 1; 4581} 4582 4583static void 4584wpi_load_key_cb(void *arg, struct ieee80211_node *ni) 4585{ 4586 const struct ieee80211_key *k = arg; 4587 struct ieee80211vap *vap = ni->ni_vap; 4588 struct wpi_softc *sc = ni->ni_ic->ic_softc; 4589 struct wpi_node *wn = WPI_NODE(ni); 4590 int error; 4591 4592 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4593 return; 4594 4595 WPI_NT_LOCK(sc); 4596 error = wpi_load_key(ni, k); 4597 WPI_NT_UNLOCK(sc); 4598 4599 if (error == 0) { 4600 device_printf(sc->sc_dev, "%s: error while setting key\n", 4601 __func__); 4602 } 4603} 4604 4605static int 4606wpi_set_global_keys(struct ieee80211_node *ni) 4607{ 4608 struct ieee80211vap *vap = ni->ni_vap; 4609 struct ieee80211_key *wk = &vap->iv_nw_keys[0]; 4610 int error = 1; 4611 4612 for (; wk < &vap->iv_nw_keys[IEEE80211_WEP_NKID] && error; wk++) 4613 if (wk->wk_keyix != IEEE80211_KEYIX_NONE) 4614 error = wpi_load_key(ni, wk); 4615 4616 return !error; 4617} 4618 4619static int 4620wpi_del_key(struct ieee80211_node *ni, const struct ieee80211_key *k) 4621{ 4622 struct ieee80211vap *vap = ni->ni_vap; 4623 struct wpi_softc *sc = ni->ni_ic->ic_softc; 4624 struct wpi_node *wn = WPI_NODE(ni); 4625 struct wpi_node_info node; 4626 uint16_t kflags; 4627 int error; 4628 4629 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4630 4631 if (wpi_check_node_entry(sc, wn->id) == 0) { 4632 DPRINTF(sc, WPI_DEBUG_KEY, "%s: node was removed\n", __func__); 4633 return 1; /* Nothing to do. */ 4634 } 4635 4636 kflags = WPI_KFLAG_KID(k->wk_keyix); 4637 if (k->wk_flags & IEEE80211_KEY_GROUP) 4638 kflags |= WPI_KFLAG_MULTICAST; 4639 4640 memset(&node, 0, sizeof node); 4641 node.id = wn->id; 4642 node.control = WPI_NODE_UPDATE; 4643 node.flags = WPI_FLAG_KEY_SET; 4644 node.kflags = htole16(kflags); 4645again: 4646 DPRINTF(sc, WPI_DEBUG_KEY, "%s: deleting %s key %d for node %d (%s)\n", 4647 __func__, (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", 4648 k->wk_keyix, node.id, ether_sprintf(ni->ni_macaddr)); 4649 4650 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1); 4651 if (error != 0) { 4652 device_printf(sc->sc_dev, "can't update node info, error %d\n", 4653 error); 4654 return !error; 4655 } 4656 4657 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && 4658 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4659 kflags |= WPI_KFLAG_MULTICAST; 4660 node.kflags = htole16(kflags); 4661 4662 goto again; 4663 } 4664 4665 return 1; 4666} 4667 4668static void 4669wpi_del_key_cb(void *arg, struct ieee80211_node *ni) 4670{ 4671 const struct ieee80211_key *k = arg; 4672 struct ieee80211vap *vap = ni->ni_vap; 4673 struct wpi_softc *sc = ni->ni_ic->ic_softc; 4674 struct wpi_node *wn = WPI_NODE(ni); 4675 int error; 4676 4677 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED) 4678 return; 4679 4680 WPI_NT_LOCK(sc); 4681 error = wpi_del_key(ni, k); 4682 WPI_NT_UNLOCK(sc); 4683 4684 if (error == 0) { 4685 device_printf(sc->sc_dev, "%s: error while deleting key\n", 4686 __func__); 4687 } 4688} 4689 4690static int 4691wpi_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k, 4692 int set) 4693{ 4694 struct ieee80211com *ic = vap->iv_ic; 4695 struct wpi_softc *sc = ic->ic_softc; 4696 struct wpi_vap *wvp = WPI_VAP(vap); 4697 struct ieee80211_node *ni; 4698 int error, ni_ref = 0; 4699 4700 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4701 4702 if (k->wk_flags & IEEE80211_KEY_SWCRYPT) { 4703 /* Not for us. */ 4704 return 1; 4705 } 4706 4707 if (!(k->wk_flags & IEEE80211_KEY_RECV)) { 4708 /* XMIT keys are handled in wpi_tx_data(). */ 4709 return 1; 4710 } 4711 4712 /* Handle group keys. */ 4713 if (&vap->iv_nw_keys[0] <= k && 4714 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 4715 WPI_NT_LOCK(sc); 4716 if (set) 4717 wvp->wv_gtk |= WPI_VAP_KEY(k->wk_keyix); 4718 else 4719 wvp->wv_gtk &= ~WPI_VAP_KEY(k->wk_keyix); 4720 WPI_NT_UNLOCK(sc); 4721 4722 if (vap->iv_state == IEEE80211_S_RUN) { 4723 ieee80211_iterate_nodes(&ic->ic_sta, 4724 set ? wpi_load_key_cb : wpi_del_key_cb, 4725 __DECONST(void *, k)); 4726 } 4727 4728 return 1; 4729 } 4730 4731 switch (vap->iv_opmode) { 4732 case IEEE80211_M_STA: 4733 ni = vap->iv_bss; 4734 break; 4735 4736 case IEEE80211_M_IBSS: 4737 case IEEE80211_M_AHDEMO: 4738 case IEEE80211_M_HOSTAP: 4739 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, k->wk_macaddr); 4740 if (ni == NULL) 4741 return 0; /* should not happen */ 4742 4743 ni_ref = 1; 4744 break; 4745 4746 default: 4747 device_printf(sc->sc_dev, "%s: unknown opmode %d\n", __func__, 4748 vap->iv_opmode); 4749 return 0; 4750 } 4751 4752 WPI_NT_LOCK(sc); 4753 if (set) 4754 error = wpi_load_key(ni, k); 4755 else 4756 error = wpi_del_key(ni, k); 4757 WPI_NT_UNLOCK(sc); 4758 4759 if (ni_ref) 4760 ieee80211_node_decref(ni); 4761 4762 return error; 4763} 4764 4765static int 4766wpi_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k) 4767{ 4768 return wpi_process_key(vap, k, 1); 4769} 4770 4771static int 4772wpi_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 4773{ 4774 return wpi_process_key(vap, k, 0); 4775} 4776 4777/* 4778 * This function is called after the runtime firmware notifies us of its 4779 * readiness (called in a process context). 4780 */ 4781static int 4782wpi_post_alive(struct wpi_softc *sc) 4783{ 4784 int ntries, error; 4785 4786 /* Check (again) that the radio is not disabled. */ 4787 if ((error = wpi_nic_lock(sc)) != 0) 4788 return error; 4789 4790 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4791 4792 /* NB: Runtime firmware must be up and running. */ 4793 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) { 4794 device_printf(sc->sc_dev, 4795 "RF switch: radio disabled (%s)\n", __func__); 4796 wpi_nic_unlock(sc); 4797 return EPERM; /* :-) */ 4798 } 4799 wpi_nic_unlock(sc); 4800 4801 /* Wait for thermal sensor to calibrate. */ 4802 for (ntries = 0; ntries < 1000; ntries++) { 4803 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0) 4804 break; 4805 DELAY(10); 4806 } 4807 4808 if (ntries == 1000) { 4809 device_printf(sc->sc_dev, 4810 "timeout waiting for thermal sensor calibration\n"); 4811 return ETIMEDOUT; 4812 } 4813 4814 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d\n", sc->temp); 4815 return 0; 4816} 4817 4818/* 4819 * The firmware boot code is small and is intended to be copied directly into 4820 * the NIC internal memory (no DMA transfer). 4821 */ 4822static int 4823wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, uint32_t size) 4824{ 4825 int error, ntries; 4826 4827 DPRINTF(sc, WPI_DEBUG_HW, "Loading microcode size 0x%x\n", size); 4828 4829 size /= sizeof (uint32_t); 4830 4831 if ((error = wpi_nic_lock(sc)) != 0) 4832 return error; 4833 4834 /* Copy microcode image into NIC memory. */ 4835 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE, 4836 (const uint32_t *)ucode, size); 4837 4838 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0); 4839 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE); 4840 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size); 4841 4842 /* Start boot load now. */ 4843 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START); 4844 4845 /* Wait for transfer to complete. */ 4846 for (ntries = 0; ntries < 1000; ntries++) { 4847 uint32_t status = WPI_READ(sc, WPI_FH_TX_STATUS); 4848 DPRINTF(sc, WPI_DEBUG_HW, 4849 "firmware status=0x%x, val=0x%x, result=0x%x\n", status, 4850 WPI_FH_TX_STATUS_IDLE(6), 4851 status & WPI_FH_TX_STATUS_IDLE(6)); 4852 if (status & WPI_FH_TX_STATUS_IDLE(6)) { 4853 DPRINTF(sc, WPI_DEBUG_HW, 4854 "Status Match! - ntries = %d\n", ntries); 4855 break; 4856 } 4857 DELAY(10); 4858 } 4859 if (ntries == 1000) { 4860 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4861 __func__); 4862 wpi_nic_unlock(sc); 4863 return ETIMEDOUT; 4864 } 4865 4866 /* Enable boot after power up. */ 4867 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN); 4868 4869 wpi_nic_unlock(sc); 4870 return 0; 4871} 4872 4873static int 4874wpi_load_firmware(struct wpi_softc *sc) 4875{ 4876 struct wpi_fw_info *fw = &sc->fw; 4877 struct wpi_dma_info *dma = &sc->fw_dma; 4878 int error; 4879 4880 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4881 4882 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 4883 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 4884 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4885 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->init.text, fw->init.textsz); 4886 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4887 4888 /* Tell adapter where to find initialization sections. */ 4889 if ((error = wpi_nic_lock(sc)) != 0) 4890 return error; 4891 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4892 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz); 4893 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4894 dma->paddr + WPI_FW_DATA_MAXSZ); 4895 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 4896 wpi_nic_unlock(sc); 4897 4898 /* Load firmware boot code. */ 4899 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 4900 if (error != 0) { 4901 device_printf(sc->sc_dev, "%s: could not load boot firmware\n", 4902 __func__); 4903 return error; 4904 } 4905 4906 /* Now press "execute". */ 4907 WPI_WRITE(sc, WPI_RESET, 0); 4908 4909 /* Wait at most one second for first alive notification. */ 4910 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 4911 device_printf(sc->sc_dev, 4912 "%s: timeout waiting for adapter to initialize, error %d\n", 4913 __func__, error); 4914 return error; 4915 } 4916 4917 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 4918 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 4919 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4920 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->main.text, fw->main.textsz); 4921 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE); 4922 4923 /* Tell adapter where to find runtime sections. */ 4924 if ((error = wpi_nic_lock(sc)) != 0) 4925 return error; 4926 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr); 4927 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz); 4928 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR, 4929 dma->paddr + WPI_FW_DATA_MAXSZ); 4930 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, 4931 WPI_FW_UPDATED | fw->main.textsz); 4932 wpi_nic_unlock(sc); 4933 4934 return 0; 4935} 4936 4937static int 4938wpi_read_firmware(struct wpi_softc *sc) 4939{ 4940 const struct firmware *fp; 4941 struct wpi_fw_info *fw = &sc->fw; 4942 const struct wpi_firmware_hdr *hdr; 4943 int error; 4944 4945 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 4946 4947 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 4948 "Attempting Loading Firmware from %s module\n", WPI_FW_NAME); 4949 4950 WPI_UNLOCK(sc); 4951 fp = firmware_get(WPI_FW_NAME); 4952 WPI_LOCK(sc); 4953 4954 if (fp == NULL) { 4955 device_printf(sc->sc_dev, 4956 "could not load firmware image '%s'\n", WPI_FW_NAME); 4957 return EINVAL; 4958 } 4959 4960 sc->fw_fp = fp; 4961 4962 if (fp->datasize < sizeof (struct wpi_firmware_hdr)) { 4963 device_printf(sc->sc_dev, 4964 "firmware file too short: %zu bytes\n", fp->datasize); 4965 error = EINVAL; 4966 goto fail; 4967 } 4968 4969 fw->size = fp->datasize; 4970 fw->data = (const uint8_t *)fp->data; 4971 4972 /* Extract firmware header information. */ 4973 hdr = (const struct wpi_firmware_hdr *)fw->data; 4974 4975 /* | RUNTIME FIRMWARE | INIT FIRMWARE | BOOT FW | 4976 |HDR|<--TEXT-->|<--DATA-->|<--TEXT-->|<--DATA-->|<--TEXT-->| */ 4977 4978 fw->main.textsz = le32toh(hdr->rtextsz); 4979 fw->main.datasz = le32toh(hdr->rdatasz); 4980 fw->init.textsz = le32toh(hdr->itextsz); 4981 fw->init.datasz = le32toh(hdr->idatasz); 4982 fw->boot.textsz = le32toh(hdr->btextsz); 4983 fw->boot.datasz = 0; 4984 4985 /* Sanity-check firmware header. */ 4986 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ || 4987 fw->main.datasz > WPI_FW_DATA_MAXSZ || 4988 fw->init.textsz > WPI_FW_TEXT_MAXSZ || 4989 fw->init.datasz > WPI_FW_DATA_MAXSZ || 4990 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || 4991 (fw->boot.textsz & 3) != 0) { 4992 device_printf(sc->sc_dev, "invalid firmware header\n"); 4993 error = EINVAL; 4994 goto fail; 4995 } 4996 4997 /* Check that all firmware sections fit. */ 4998 if (fw->size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + 4999 fw->init.textsz + fw->init.datasz + fw->boot.textsz) { 5000 device_printf(sc->sc_dev, 5001 "firmware file too short: %zu bytes\n", fw->size); 5002 error = EINVAL; 5003 goto fail; 5004 } 5005 5006 /* Get pointers to firmware sections. */ 5007 fw->main.text = (const uint8_t *)(hdr + 1); 5008 fw->main.data = fw->main.text + fw->main.textsz; 5009 fw->init.text = fw->main.data + fw->main.datasz; 5010 fw->init.data = fw->init.text + fw->init.textsz; 5011 fw->boot.text = fw->init.data + fw->init.datasz; 5012 5013 DPRINTF(sc, WPI_DEBUG_FIRMWARE, 5014 "Firmware Version: Major %d, Minor %d, Driver %d, \n" 5015 "runtime (text: %u, data: %u) init (text: %u, data %u) " 5016 "boot (text %u)\n", hdr->major, hdr->minor, le32toh(hdr->driver), 5017 fw->main.textsz, fw->main.datasz, 5018 fw->init.textsz, fw->init.datasz, fw->boot.textsz); 5019 5020 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.text %p\n", fw->main.text); 5021 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.data %p\n", fw->main.data); 5022 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.text %p\n", fw->init.text); 5023 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.data %p\n", fw->init.data); 5024 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->boot.text %p\n", fw->boot.text); 5025 5026 return 0; 5027 5028fail: wpi_unload_firmware(sc); 5029 return error; 5030} 5031 5032/** 5033 * Free the referenced firmware image 5034 */ 5035static void 5036wpi_unload_firmware(struct wpi_softc *sc) 5037{ 5038 if (sc->fw_fp != NULL) { 5039 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD); 5040 sc->fw_fp = NULL; 5041 } 5042} 5043 5044static int 5045wpi_clock_wait(struct wpi_softc *sc) 5046{ 5047 int ntries; 5048 5049 /* Set "initialization complete" bit. */ 5050 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 5051 5052 /* Wait for clock stabilization. */ 5053 for (ntries = 0; ntries < 2500; ntries++) { 5054 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY) 5055 return 0; 5056 DELAY(100); 5057 } 5058 device_printf(sc->sc_dev, 5059 "%s: timeout waiting for clock stabilization\n", __func__); 5060 5061 return ETIMEDOUT; 5062} 5063 5064static int 5065wpi_apm_init(struct wpi_softc *sc) 5066{ 5067 uint32_t reg; 5068 int error; 5069 5070 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5071 5072 /* Disable L0s exit timer (NMI bug workaround). */ 5073 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_DIS_L0S_TIMER); 5074 /* Don't wait for ICH L0s (ICH bug workaround). */ 5075 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX); 5076 5077 /* Set FH wait threshold to max (HW bug under stress workaround). */ 5078 WPI_SETBITS(sc, WPI_DBG_HPET_MEM, 0xffff0000); 5079 5080 /* Retrieve PCIe Active State Power Management (ASPM). */ 5081 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1); 5082 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */ 5083 if (reg & 0x02) /* L1 Entry enabled. */ 5084 WPI_SETBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 5085 else 5086 WPI_CLRBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA); 5087 5088 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT); 5089 5090 /* Wait for clock stabilization before accessing prph. */ 5091 if ((error = wpi_clock_wait(sc)) != 0) 5092 return error; 5093 5094 if ((error = wpi_nic_lock(sc)) != 0) 5095 return error; 5096 /* Cleanup. */ 5097 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 0x00000400); 5098 wpi_prph_clrbits(sc, WPI_APMG_PS, 0x00000200); 5099 5100 /* Enable DMA and BSM (Bootstrap State Machine). */ 5101 wpi_prph_write(sc, WPI_APMG_CLK_EN, 5102 WPI_APMG_CLK_CTRL_DMA_CLK_RQT | WPI_APMG_CLK_CTRL_BSM_CLK_RQT); 5103 DELAY(20); 5104 /* Disable L1-Active. */ 5105 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS); 5106 wpi_nic_unlock(sc); 5107 5108 return 0; 5109} 5110 5111static void 5112wpi_apm_stop_master(struct wpi_softc *sc) 5113{ 5114 int ntries; 5115 5116 /* Stop busmaster DMA activity. */ 5117 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER); 5118 5119 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) == 5120 WPI_GP_CNTRL_MAC_PS) 5121 return; /* Already asleep. */ 5122 5123 for (ntries = 0; ntries < 100; ntries++) { 5124 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED) 5125 return; 5126 DELAY(10); 5127 } 5128 device_printf(sc->sc_dev, "%s: timeout waiting for master\n", 5129 __func__); 5130} 5131 5132static void 5133wpi_apm_stop(struct wpi_softc *sc) 5134{ 5135 wpi_apm_stop_master(sc); 5136 5137 /* Reset the entire device. */ 5138 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW); 5139 DELAY(10); 5140 /* Clear "initialization complete" bit. */ 5141 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE); 5142} 5143 5144static void 5145wpi_nic_config(struct wpi_softc *sc) 5146{ 5147 uint32_t rev; 5148 5149 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5150 5151 /* voodoo from the Linux "driver".. */ 5152 rev = pci_read_config(sc->sc_dev, PCIR_REVID, 1); 5153 if ((rev & 0xc0) == 0x40) 5154 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB); 5155 else if (!(rev & 0x80)) 5156 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM); 5157 5158 if (sc->cap == 0x80) 5159 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC); 5160 5161 if ((sc->rev & 0xf0) == 0xd0) 5162 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 5163 else 5164 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D); 5165 5166 if (sc->type > 1) 5167 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B); 5168} 5169 5170static int 5171wpi_hw_init(struct wpi_softc *sc) 5172{ 5173 uint8_t chnl; 5174 int ntries, error; 5175 5176 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 5177 5178 /* Clear pending interrupts. */ 5179 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5180 5181 if ((error = wpi_apm_init(sc)) != 0) { 5182 device_printf(sc->sc_dev, 5183 "%s: could not power ON adapter, error %d\n", __func__, 5184 error); 5185 return error; 5186 } 5187 5188 /* Select VMAIN power source. */ 5189 if ((error = wpi_nic_lock(sc)) != 0) 5190 return error; 5191 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK); 5192 wpi_nic_unlock(sc); 5193 /* Spin until VMAIN gets selected. */ 5194 for (ntries = 0; ntries < 5000; ntries++) { 5195 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN) 5196 break; 5197 DELAY(10); 5198 } 5199 if (ntries == 5000) { 5200 device_printf(sc->sc_dev, "timeout selecting power source\n"); 5201 return ETIMEDOUT; 5202 } 5203 5204 /* Perform adapter initialization. */ 5205 wpi_nic_config(sc); 5206 5207 /* Initialize RX ring. */ 5208 if ((error = wpi_nic_lock(sc)) != 0) 5209 return error; 5210 /* Set physical address of RX ring. */ 5211 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr); 5212 /* Set physical address of RX read pointer. */ 5213 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr + 5214 offsetof(struct wpi_shared, next)); 5215 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0); 5216 /* Enable RX. */ 5217 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 5218 WPI_FH_RX_CONFIG_DMA_ENA | 5219 WPI_FH_RX_CONFIG_RDRBD_ENA | 5220 WPI_FH_RX_CONFIG_WRSTATUS_ENA | 5221 WPI_FH_RX_CONFIG_MAXFRAG | 5222 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) | 5223 WPI_FH_RX_CONFIG_IRQ_DST_HOST | 5224 WPI_FH_RX_CONFIG_IRQ_TIMEOUT(1)); 5225 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */ 5226 wpi_nic_unlock(sc); 5227 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7); 5228 5229 /* Initialize TX rings. */ 5230 if ((error = wpi_nic_lock(sc)) != 0) 5231 return error; 5232 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */ 5233 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */ 5234 /* Enable all 6 TX rings. */ 5235 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f); 5236 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000); 5237 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002); 5238 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4); 5239 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5); 5240 /* Set physical address of TX rings. */ 5241 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr); 5242 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5); 5243 5244 /* Enable all DMA channels. */ 5245 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5246 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0); 5247 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0); 5248 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008); 5249 } 5250 wpi_nic_unlock(sc); 5251 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */ 5252 5253 /* Clear "radio off" and "commands blocked" bits. */ 5254 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5255 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED); 5256 5257 /* Clear pending interrupts. */ 5258 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5259 /* Enable interrupts. */ 5260 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF); 5261 5262 /* _Really_ make sure "radio off" bit is cleared! */ 5263 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5264 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL); 5265 5266 if ((error = wpi_load_firmware(sc)) != 0) { 5267 device_printf(sc->sc_dev, 5268 "%s: could not load firmware, error %d\n", __func__, 5269 error); 5270 return error; 5271 } 5272 /* Wait at most one second for firmware alive notification. */ 5273 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) { 5274 device_printf(sc->sc_dev, 5275 "%s: timeout waiting for adapter to initialize, error %d\n", 5276 __func__, error); 5277 return error; 5278 } 5279 5280 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5281 5282 /* Do post-firmware initialization. */ 5283 return wpi_post_alive(sc); 5284} 5285 5286static void 5287wpi_hw_stop(struct wpi_softc *sc) 5288{ 5289 uint8_t chnl, qid; 5290 int ntries; 5291 5292 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5293 5294 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP) 5295 wpi_nic_lock(sc); 5296 5297 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO); 5298 5299 /* Disable interrupts. */ 5300 WPI_WRITE(sc, WPI_INT_MASK, 0); 5301 WPI_WRITE(sc, WPI_INT, 0xffffffff); 5302 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff); 5303 5304 /* Make sure we no longer hold the NIC lock. */ 5305 wpi_nic_unlock(sc); 5306 5307 if (wpi_nic_lock(sc) == 0) { 5308 /* Stop TX scheduler. */ 5309 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0); 5310 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0); 5311 5312 /* Stop all DMA channels. */ 5313 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) { 5314 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0); 5315 for (ntries = 0; ntries < 200; ntries++) { 5316 if (WPI_READ(sc, WPI_FH_TX_STATUS) & 5317 WPI_FH_TX_STATUS_IDLE(chnl)) 5318 break; 5319 DELAY(10); 5320 } 5321 } 5322 wpi_nic_unlock(sc); 5323 } 5324 5325 /* Stop RX ring. */ 5326 wpi_reset_rx_ring(sc); 5327 5328 /* Reset all TX rings. */ 5329 for (qid = 0; qid < WPI_NTXQUEUES; qid++) 5330 wpi_reset_tx_ring(sc, &sc->txq[qid]); 5331 5332 if (wpi_nic_lock(sc) == 0) { 5333 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 5334 WPI_APMG_CLK_CTRL_DMA_CLK_RQT); 5335 wpi_nic_unlock(sc); 5336 } 5337 DELAY(5); 5338 /* Power OFF adapter. */ 5339 wpi_apm_stop(sc); 5340} 5341 5342static void 5343wpi_radio_on(void *arg0, int pending) 5344{ 5345 struct wpi_softc *sc = arg0; 5346 struct ieee80211com *ic = &sc->sc_ic; 5347 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5348 5349 device_printf(sc->sc_dev, "RF switch: radio enabled\n"); 5350 5351 WPI_LOCK(sc); 5352 callout_stop(&sc->watchdog_rfkill); 5353 WPI_UNLOCK(sc); 5354 5355 if (vap != NULL) 5356 ieee80211_init(vap); 5357} 5358 5359static void 5360wpi_radio_off(void *arg0, int pending) 5361{ 5362 struct wpi_softc *sc = arg0; 5363 struct ieee80211com *ic = &sc->sc_ic; 5364 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5365 5366 device_printf(sc->sc_dev, "RF switch: radio disabled\n"); 5367 5368 ieee80211_notify_radio(ic, 0); 5369 wpi_stop(sc); 5370 if (vap != NULL) 5371 ieee80211_stop(vap); 5372 5373 WPI_LOCK(sc); 5374 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, sc); 5375 WPI_UNLOCK(sc); 5376} 5377 5378static int 5379wpi_init(struct wpi_softc *sc) 5380{ 5381 int error = 0; 5382 5383 WPI_LOCK(sc); 5384 5385 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__); 5386 5387 if (sc->sc_running != 0) 5388 goto end; 5389 5390 /* Check that the radio is not disabled by hardware switch. */ 5391 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) { 5392 device_printf(sc->sc_dev, 5393 "RF switch: radio disabled (%s)\n", __func__); 5394 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, 5395 sc); 5396 error = EINPROGRESS; 5397 goto end; 5398 } 5399 5400 /* Read firmware images from the filesystem. */ 5401 if ((error = wpi_read_firmware(sc)) != 0) { 5402 device_printf(sc->sc_dev, 5403 "%s: could not read firmware, error %d\n", __func__, 5404 error); 5405 goto end; 5406 } 5407 5408 sc->sc_running = 1; 5409 5410 /* Initialize hardware and upload firmware. */ 5411 error = wpi_hw_init(sc); 5412 wpi_unload_firmware(sc); 5413 if (error != 0) { 5414 device_printf(sc->sc_dev, 5415 "%s: could not initialize hardware, error %d\n", __func__, 5416 error); 5417 goto fail; 5418 } 5419 5420 /* Configure adapter now that it is ready. */ 5421 if ((error = wpi_config(sc)) != 0) { 5422 device_printf(sc->sc_dev, 5423 "%s: could not configure device, error %d\n", __func__, 5424 error); 5425 goto fail; 5426 } 5427 5428 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__); 5429 5430 WPI_UNLOCK(sc); 5431 5432 return 0; 5433 5434fail: wpi_stop_locked(sc); 5435 5436end: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__); 5437 WPI_UNLOCK(sc); 5438 5439 return error; 5440} 5441 5442static void 5443wpi_stop_locked(struct wpi_softc *sc) 5444{ 5445 5446 WPI_LOCK_ASSERT(sc); 5447 5448 if (sc->sc_running == 0) 5449 return; 5450 5451 WPI_TX_LOCK(sc); 5452 WPI_TXQ_LOCK(sc); 5453 sc->sc_running = 0; 5454 WPI_TXQ_UNLOCK(sc); 5455 WPI_TX_UNLOCK(sc); 5456 5457 WPI_TXQ_STATE_LOCK(sc); 5458 callout_stop(&sc->tx_timeout); 5459 WPI_TXQ_STATE_UNLOCK(sc); 5460 5461 WPI_RXON_LOCK(sc); 5462 callout_stop(&sc->scan_timeout); 5463 callout_stop(&sc->calib_to); 5464 WPI_RXON_UNLOCK(sc); 5465 5466 /* Power OFF hardware. */ 5467 wpi_hw_stop(sc); 5468} 5469 5470static void 5471wpi_stop(struct wpi_softc *sc) 5472{ 5473 WPI_LOCK(sc); 5474 wpi_stop_locked(sc); 5475 WPI_UNLOCK(sc); 5476} 5477 5478/* 5479 * Callback from net80211 to start a scan. 5480 */ 5481static void 5482wpi_scan_start(struct ieee80211com *ic) 5483{ 5484 struct wpi_softc *sc = ic->ic_softc; 5485 5486 wpi_set_led(sc, WPI_LED_LINK, 20, 2); 5487} 5488 5489/* 5490 * Callback from net80211 to terminate a scan. 5491 */ 5492static void 5493wpi_scan_end(struct ieee80211com *ic) 5494{ 5495 struct wpi_softc *sc = ic->ic_softc; 5496 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5497 5498 if (vap->iv_state == IEEE80211_S_RUN) 5499 wpi_set_led(sc, WPI_LED_LINK, 0, 1); 5500} 5501 5502/** 5503 * Called by the net80211 framework to indicate to the driver 5504 * that the channel should be changed 5505 */ 5506static void 5507wpi_set_channel(struct ieee80211com *ic) 5508{ 5509 const struct ieee80211_channel *c = ic->ic_curchan; 5510 struct wpi_softc *sc = ic->ic_softc; 5511 int error; 5512 5513 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5514 5515 WPI_LOCK(sc); 5516 sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq); 5517 sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags); 5518 WPI_UNLOCK(sc); 5519 WPI_TX_LOCK(sc); 5520 sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq); 5521 sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags); 5522 WPI_TX_UNLOCK(sc); 5523 5524 /* 5525 * Only need to set the channel in Monitor mode. AP scanning and auth 5526 * are already taken care of by their respective firmware commands. 5527 */ 5528 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 5529 WPI_RXON_LOCK(sc); 5530 sc->rxon.chan = ieee80211_chan2ieee(ic, c); 5531 if (IEEE80211_IS_CHAN_2GHZ(c)) { 5532 sc->rxon.flags |= htole32(WPI_RXON_AUTO | 5533 WPI_RXON_24GHZ); 5534 } else { 5535 sc->rxon.flags &= ~htole32(WPI_RXON_AUTO | 5536 WPI_RXON_24GHZ); 5537 } 5538 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) 5539 device_printf(sc->sc_dev, 5540 "%s: error %d setting channel\n", __func__, 5541 error); 5542 WPI_RXON_UNLOCK(sc); 5543 } 5544} 5545 5546/** 5547 * Called by net80211 to indicate that we need to scan the current 5548 * channel. The channel is previously be set via the wpi_set_channel 5549 * callback. 5550 */ 5551static void 5552wpi_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 5553{ 5554 struct ieee80211vap *vap = ss->ss_vap; 5555 struct ieee80211com *ic = vap->iv_ic; 5556 struct wpi_softc *sc = ic->ic_softc; 5557 int error; 5558 5559 WPI_RXON_LOCK(sc); 5560 error = wpi_scan(sc, ic->ic_curchan); 5561 WPI_RXON_UNLOCK(sc); 5562 if (error != 0) 5563 ieee80211_cancel_scan(vap); 5564} 5565 5566/** 5567 * Called by the net80211 framework to indicate 5568 * the minimum dwell time has been met, terminate the scan. 5569 * We don't actually terminate the scan as the firmware will notify 5570 * us when it's finished and we have no way to interrupt it. 5571 */ 5572static void 5573wpi_scan_mindwell(struct ieee80211_scan_state *ss) 5574{ 5575 /* NB: don't try to abort scan; wait for firmware to finish */ 5576} 5577 5578static void 5579wpi_hw_reset(void *arg, int pending) 5580{ 5581 struct wpi_softc *sc = arg; 5582 struct ieee80211com *ic = &sc->sc_ic; 5583 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5584 5585 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__); 5586 5587 ieee80211_notify_radio(ic, 0); 5588 if (vap != NULL && (ic->ic_flags & IEEE80211_F_SCAN)) 5589 ieee80211_cancel_scan(vap); 5590 5591 wpi_stop(sc); 5592 if (vap != NULL) { 5593 ieee80211_stop(vap); 5594 ieee80211_init(vap); 5595 } 5596} 5597