1/* $OpenBSD: if_iwm.c,v 1.414 2024/02/16 11:44:52 stsp Exp $ */ 2 3/* 4 * Copyright (c) 2014, 2016 genua gmbh <info@genua.de> 5 * Author: Stefan Sperling <stsp@openbsd.org> 6 * Copyright (c) 2014 Fixup Software Ltd. 7 * Copyright (c) 2017 Stefan Sperling <stsp@openbsd.org> 8 * 9 * Permission to use, copy, modify, and distribute this software for any 10 * purpose with or without fee is hereby granted, provided that the above 11 * copyright notice and this permission notice appear in all copies. 12 * 13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 */ 21 22/*- 23 * Based on BSD-licensed source modules in the Linux iwlwifi driver, 24 * which were used as the reference documentation for this implementation. 25 * 26 *********************************************************************** 27 * 28 * This file is provided under a dual BSD/GPLv2 license. When using or 29 * redistributing this file, you may do so under either license. 30 * 31 * GPL LICENSE SUMMARY 32 * 33 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved. 34 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH 35 * Copyright(c) 2016 Intel Deutschland GmbH 36 * 37 * This program is free software; you can redistribute it and/or modify 38 * it under the terms of version 2 of the GNU General Public License as 39 * published by the Free Software Foundation. 40 * 41 * This program is distributed in the hope that it will be useful, but 42 * WITHOUT ANY WARRANTY; without even the implied warranty of 43 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 44 * General Public License for more details. 45 * 46 * You should have received a copy of the GNU General Public License 47 * along with this program; if not, write to the Free Software 48 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 49 * USA 50 * 51 * The full GNU General Public License is included in this distribution 52 * in the file called COPYING. 53 * 54 * Contact Information: 55 * Intel Linux Wireless <ilw@linux.intel.com> 56 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 57 * 58 * 59 * BSD LICENSE 60 * 61 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved. 62 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH 63 * Copyright(c) 2016 Intel Deutschland GmbH 64 * All rights reserved. 65 * 66 * Redistribution and use in source and binary forms, with or without 67 * modification, are permitted provided that the following conditions 68 * are met: 69 * 70 * * Redistributions of source code must retain the above copyright 71 * notice, this list of conditions and the following disclaimer. 72 * * Redistributions in binary form must reproduce the above copyright 73 * notice, this list of conditions and the following disclaimer in 74 * the documentation and/or other materials provided with the 75 * distribution. 76 * * Neither the name Intel Corporation nor the names of its 77 * contributors may be used to endorse or promote products derived 78 * from this software without specific prior written permission. 79 * 80 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 81 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 82 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 83 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 84 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 85 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 86 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 87 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 88 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 89 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 90 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 91 */ 92 93/*- 94 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 95 * 96 * Permission to use, copy, modify, and distribute this software for any 97 * purpose with or without fee is hereby granted, provided that the above 98 * copyright notice and this permission notice appear in all copies. 99 * 100 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 101 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 102 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 103 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 104 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 105 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 106 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 107 */ 108 109//#include "bpfilter.h" 110 111#include <sys/param.h> 112#include <sys/conf.h> 113#include <sys/kernel.h> 114#include <sys/malloc.h> 115#include <sys/mbuf.h> 116#include <sys/mutex.h> 117#include <sys/proc.h> 118#include <sys/rwlock.h> 119#include <sys/socket.h> 120#include <sys/sockio.h> 121#include <sys/systm.h> 122#include <sys/endian.h> 123 124#include <sys/refcnt.h> 125#include <sys/task.h> 126#include <machine/bus.h> 127//#include <machine/intr.h> 128 129#include <dev/pci/pcireg.h> 130#include <dev/pci/pcivar.h> 131//#include <dev/pci/pcidevs.h> 132 133#if NBPFILTER > 0 134#include <net/bpf.h> 135#endif 136#include <net/if.h> 137#include <net/if_dl.h> 138#include <net/if_media.h> 139#include <net/if_types.h> 140 141#include <netinet/in.h> 142#include <netinet/if_ether.h> 143 144#include <net80211/ieee80211_var.h> 145#include <net80211/ieee80211_amrr.h> 146#include <net80211/ieee80211_ra.h> 147#include <net80211/ieee80211_ra_vht.h> 148#include <net80211/ieee80211_radiotap.h> 149#include <net80211/ieee80211_priv.h> /* for SEQ_LT */ 150#undef DPRINTF /* defined in ieee80211_priv.h */ 151 152#ifdef __FreeBSD_version 153#include <sys/device.h> 154#include <net/ifq.h> 155#define DEVNAME(_s) gDriverName 156#define SC_DEV_FOR_PCI sc->sc_dev 157#else 158#define DEVNAME(_s) ((_s)->sc_dev.dv_xname) 159#endif 160 161#define IC2IFP(_ic_) (&(_ic_)->ic_if) 162 163#define le16_to_cpup(_a_) (le16toh(*(const uint16_t *)(_a_))) 164#define le32_to_cpup(_a_) (le32toh(*(const uint32_t *)(_a_))) 165 166#ifdef IWM_DEBUG 167#define DPRINTF(x) do { if (iwm_debug > 0) printf x; } while (0) 168#define DPRINTFN(n, x) do { if (iwm_debug >= (n)) printf x; } while (0) 169int iwm_debug = 1; 170#else 171#define DPRINTF(x) do { ; } while (0) 172#define DPRINTFN(n, x) do { ; } while (0) 173#endif 174 175#include <dev/pci/if_iwmreg.h> 176#include <dev/pci/if_iwmvar.h> 177 178const uint8_t iwm_nvm_channels[] = { 179 /* 2.4 GHz */ 180 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 181 /* 5 GHz */ 182 36, 40, 44 , 48, 52, 56, 60, 64, 183 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 184 149, 153, 157, 161, 165 185}; 186 187const uint8_t iwm_nvm_channels_8000[] = { 188 /* 2.4 GHz */ 189 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 190 /* 5 GHz */ 191 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 192 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 193 149, 153, 157, 161, 165, 169, 173, 177, 181 194}; 195 196#define IWM_NUM_2GHZ_CHANNELS 14 197 198const struct iwm_rate { 199 uint16_t rate; 200 uint8_t plcp; 201 uint8_t ht_plcp; 202} iwm_rates[] = { 203 /* Legacy */ /* HT */ 204 { 2, IWM_RATE_1M_PLCP, IWM_RATE_HT_SISO_MCS_INV_PLCP }, 205 { 4, IWM_RATE_2M_PLCP, IWM_RATE_HT_SISO_MCS_INV_PLCP }, 206 { 11, IWM_RATE_5M_PLCP, IWM_RATE_HT_SISO_MCS_INV_PLCP }, 207 { 22, IWM_RATE_11M_PLCP, IWM_RATE_HT_SISO_MCS_INV_PLCP }, 208 { 12, IWM_RATE_6M_PLCP, IWM_RATE_HT_SISO_MCS_0_PLCP }, 209 { 18, IWM_RATE_9M_PLCP, IWM_RATE_HT_SISO_MCS_INV_PLCP }, 210 { 24, IWM_RATE_12M_PLCP, IWM_RATE_HT_SISO_MCS_1_PLCP }, 211 { 26, IWM_RATE_INVM_PLCP, IWM_RATE_HT_MIMO2_MCS_8_PLCP }, 212 { 36, IWM_RATE_18M_PLCP, IWM_RATE_HT_SISO_MCS_2_PLCP }, 213 { 48, IWM_RATE_24M_PLCP, IWM_RATE_HT_SISO_MCS_3_PLCP }, 214 { 52, IWM_RATE_INVM_PLCP, IWM_RATE_HT_MIMO2_MCS_9_PLCP }, 215 { 72, IWM_RATE_36M_PLCP, IWM_RATE_HT_SISO_MCS_4_PLCP }, 216 { 78, IWM_RATE_INVM_PLCP, IWM_RATE_HT_MIMO2_MCS_10_PLCP }, 217 { 96, IWM_RATE_48M_PLCP, IWM_RATE_HT_SISO_MCS_5_PLCP }, 218 { 104, IWM_RATE_INVM_PLCP, IWM_RATE_HT_MIMO2_MCS_11_PLCP }, 219 { 108, IWM_RATE_54M_PLCP, IWM_RATE_HT_SISO_MCS_6_PLCP }, 220 { 128, IWM_RATE_INVM_PLCP, IWM_RATE_HT_SISO_MCS_7_PLCP }, 221 { 156, IWM_RATE_INVM_PLCP, IWM_RATE_HT_MIMO2_MCS_12_PLCP }, 222 { 208, IWM_RATE_INVM_PLCP, IWM_RATE_HT_MIMO2_MCS_13_PLCP }, 223 { 234, IWM_RATE_INVM_PLCP, IWM_RATE_HT_MIMO2_MCS_14_PLCP }, 224 { 260, IWM_RATE_INVM_PLCP, IWM_RATE_HT_MIMO2_MCS_15_PLCP }, 225}; 226#define IWM_RIDX_CCK 0 227#define IWM_RIDX_OFDM 4 228#define IWM_RIDX_MAX (nitems(iwm_rates)-1) 229#define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM) 230#define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM) 231#define IWM_RVAL_IS_OFDM(_i_) ((_i_) >= 12 && (_i_) != 22) 232 233/* Convert an MCS index into an iwm_rates[] index. */ 234const int iwm_ht_mcs2ridx[] = { 235 IWM_RATE_MCS_0_INDEX, 236 IWM_RATE_MCS_1_INDEX, 237 IWM_RATE_MCS_2_INDEX, 238 IWM_RATE_MCS_3_INDEX, 239 IWM_RATE_MCS_4_INDEX, 240 IWM_RATE_MCS_5_INDEX, 241 IWM_RATE_MCS_6_INDEX, 242 IWM_RATE_MCS_7_INDEX, 243 IWM_RATE_MCS_8_INDEX, 244 IWM_RATE_MCS_9_INDEX, 245 IWM_RATE_MCS_10_INDEX, 246 IWM_RATE_MCS_11_INDEX, 247 IWM_RATE_MCS_12_INDEX, 248 IWM_RATE_MCS_13_INDEX, 249 IWM_RATE_MCS_14_INDEX, 250 IWM_RATE_MCS_15_INDEX, 251}; 252 253struct iwm_nvm_section { 254 uint16_t length; 255 uint8_t *data; 256}; 257 258int iwm_is_mimo_ht_plcp(uint8_t); 259int iwm_is_mimo_ht_mcs(int); 260int iwm_store_cscheme(struct iwm_softc *, uint8_t *, size_t); 261int iwm_firmware_store_section(struct iwm_softc *, enum iwm_ucode_type, 262 uint8_t *, size_t); 263int iwm_set_default_calib(struct iwm_softc *, const void *); 264void iwm_fw_info_free(struct iwm_fw_info *); 265void iwm_fw_version_str(char *, size_t, uint32_t, uint32_t, uint32_t); 266int iwm_read_firmware(struct iwm_softc *); 267uint32_t iwm_read_prph_unlocked(struct iwm_softc *, uint32_t); 268uint32_t iwm_read_prph(struct iwm_softc *, uint32_t); 269void iwm_write_prph_unlocked(struct iwm_softc *, uint32_t, uint32_t); 270void iwm_write_prph(struct iwm_softc *, uint32_t, uint32_t); 271int iwm_read_mem(struct iwm_softc *, uint32_t, void *, int); 272int iwm_write_mem(struct iwm_softc *, uint32_t, const void *, int); 273int iwm_write_mem32(struct iwm_softc *, uint32_t, uint32_t); 274int iwm_poll_bit(struct iwm_softc *, int, uint32_t, uint32_t, int); 275int iwm_nic_lock(struct iwm_softc *); 276void iwm_nic_assert_locked(struct iwm_softc *); 277void iwm_nic_unlock(struct iwm_softc *); 278int iwm_set_bits_mask_prph(struct iwm_softc *, uint32_t, uint32_t, 279 uint32_t); 280int iwm_set_bits_prph(struct iwm_softc *, uint32_t, uint32_t); 281int iwm_clear_bits_prph(struct iwm_softc *, uint32_t, uint32_t); 282int iwm_dma_contig_alloc(bus_dma_tag_t, struct iwm_dma_info *, bus_size_t, 283 bus_size_t); 284void iwm_dma_contig_free(struct iwm_dma_info *); 285int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 286void iwm_disable_rx_dma(struct iwm_softc *); 287void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 288void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *); 289int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *, int); 290void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 291void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *); 292void iwm_enable_rfkill_int(struct iwm_softc *); 293int iwm_check_rfkill(struct iwm_softc *); 294void iwm_enable_interrupts(struct iwm_softc *); 295void iwm_enable_fwload_interrupt(struct iwm_softc *); 296void iwm_restore_interrupts(struct iwm_softc *); 297void iwm_disable_interrupts(struct iwm_softc *); 298void iwm_ict_reset(struct iwm_softc *); 299int iwm_set_hw_ready(struct iwm_softc *); 300int iwm_prepare_card_hw(struct iwm_softc *); 301void iwm_apm_config(struct iwm_softc *); 302int iwm_apm_init(struct iwm_softc *); 303void iwm_apm_stop(struct iwm_softc *); 304int iwm_allow_mcast(struct iwm_softc *); 305void iwm_init_msix_hw(struct iwm_softc *); 306void iwm_conf_msix_hw(struct iwm_softc *, int); 307int iwm_clear_persistence_bit(struct iwm_softc *); 308int iwm_start_hw(struct iwm_softc *); 309void iwm_stop_device(struct iwm_softc *); 310void iwm_nic_config(struct iwm_softc *); 311int iwm_nic_rx_init(struct iwm_softc *); 312int iwm_nic_rx_legacy_init(struct iwm_softc *); 313int iwm_nic_rx_mq_init(struct iwm_softc *); 314int iwm_nic_tx_init(struct iwm_softc *); 315int iwm_nic_init(struct iwm_softc *); 316int iwm_enable_ac_txq(struct iwm_softc *, int, int); 317int iwm_enable_txq(struct iwm_softc *, int, int, int, int, uint8_t, 318 uint16_t); 319int iwm_disable_txq(struct iwm_softc *, int, int, uint8_t); 320int iwm_post_alive(struct iwm_softc *); 321struct iwm_phy_db_entry *iwm_phy_db_get_section(struct iwm_softc *, uint16_t, 322 uint16_t); 323int iwm_phy_db_set_section(struct iwm_softc *, 324 struct iwm_calib_res_notif_phy_db *); 325int iwm_is_valid_channel(uint16_t); 326uint8_t iwm_ch_id_to_ch_index(uint16_t); 327uint16_t iwm_channel_id_to_papd(uint16_t); 328uint16_t iwm_channel_id_to_txp(struct iwm_softc *, uint16_t); 329int iwm_phy_db_get_section_data(struct iwm_softc *, uint32_t, uint8_t **, 330 uint16_t *, uint16_t); 331int iwm_send_phy_db_cmd(struct iwm_softc *, uint16_t, uint16_t, void *); 332int iwm_phy_db_send_all_channel_groups(struct iwm_softc *, uint16_t, 333 uint8_t); 334int iwm_send_phy_db_data(struct iwm_softc *); 335void iwm_protect_session(struct iwm_softc *, struct iwm_node *, uint32_t, 336 uint32_t); 337void iwm_unprotect_session(struct iwm_softc *, struct iwm_node *); 338int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t, uint16_t, 339 uint8_t *, uint16_t *); 340int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *, 341 uint16_t *, size_t); 342uint8_t iwm_fw_valid_tx_ant(struct iwm_softc *); 343uint8_t iwm_fw_valid_rx_ant(struct iwm_softc *); 344int iwm_valid_siso_ant_rate_mask(struct iwm_softc *); 345void iwm_init_channel_map(struct iwm_softc *, const uint16_t * const, 346 const uint8_t *nvm_channels, int nchan); 347int iwm_mimo_enabled(struct iwm_softc *); 348void iwm_setup_ht_rates(struct iwm_softc *); 349void iwm_setup_vht_rates(struct iwm_softc *); 350void iwm_mac_ctxt_task(void *); 351void iwm_phy_ctxt_task(void *); 352void iwm_updateprot(struct ieee80211com *); 353void iwm_updateslot(struct ieee80211com *); 354void iwm_updateedca(struct ieee80211com *); 355void iwm_updatechan(struct ieee80211com *); 356void iwm_updatedtim(struct ieee80211com *); 357void iwm_init_reorder_buffer(struct iwm_reorder_buffer *, uint16_t, 358 uint16_t); 359void iwm_clear_reorder_buffer(struct iwm_softc *, struct iwm_rxba_data *); 360int iwm_ampdu_rx_start(struct ieee80211com *, struct ieee80211_node *, 361 uint8_t); 362void iwm_ampdu_rx_stop(struct ieee80211com *, struct ieee80211_node *, 363 uint8_t); 364void iwm_rx_ba_session_expired(void *); 365void iwm_reorder_timer_expired(void *); 366int iwm_sta_rx_agg(struct iwm_softc *, struct ieee80211_node *, uint8_t, 367 uint16_t, uint16_t, int, int); 368int iwm_ampdu_tx_start(struct ieee80211com *, struct ieee80211_node *, 369 uint8_t); 370void iwm_ampdu_tx_stop(struct ieee80211com *, struct ieee80211_node *, 371 uint8_t); 372void iwm_ba_task(void *); 373 374int iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *, 375 const uint16_t *, const uint16_t *, 376 const uint16_t *, const uint16_t *, 377 const uint16_t *, int); 378void iwm_set_hw_address_8000(struct iwm_softc *, struct iwm_nvm_data *, 379 const uint16_t *, const uint16_t *); 380int iwm_parse_nvm_sections(struct iwm_softc *, struct iwm_nvm_section *); 381int iwm_nvm_init(struct iwm_softc *); 382int iwm_firmware_load_sect(struct iwm_softc *, uint32_t, const uint8_t *, 383 uint32_t); 384int iwm_firmware_load_chunk(struct iwm_softc *, uint32_t, const uint8_t *, 385 uint32_t); 386int iwm_load_firmware_7000(struct iwm_softc *, enum iwm_ucode_type); 387int iwm_load_cpu_sections_8000(struct iwm_softc *, struct iwm_fw_sects *, 388 int , int *); 389int iwm_load_firmware_8000(struct iwm_softc *, enum iwm_ucode_type); 390int iwm_load_firmware(struct iwm_softc *, enum iwm_ucode_type); 391int iwm_start_fw(struct iwm_softc *, enum iwm_ucode_type); 392int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t); 393int iwm_send_phy_cfg_cmd(struct iwm_softc *); 394int iwm_load_ucode_wait_alive(struct iwm_softc *, enum iwm_ucode_type); 395int iwm_send_dqa_cmd(struct iwm_softc *); 396int iwm_run_init_mvm_ucode(struct iwm_softc *, int); 397int iwm_config_ltr(struct iwm_softc *); 398int iwm_rx_addbuf(struct iwm_softc *, int, int); 399int iwm_get_signal_strength(struct iwm_softc *, struct iwm_rx_phy_info *); 400int iwm_rxmq_get_signal_strength(struct iwm_softc *, struct iwm_rx_mpdu_desc *); 401void iwm_rx_rx_phy_cmd(struct iwm_softc *, struct iwm_rx_packet *, 402 struct iwm_rx_data *); 403int iwm_get_noise(const struct iwm_statistics_rx_non_phy *); 404int iwm_rx_hwdecrypt(struct iwm_softc *, struct mbuf *, uint32_t, 405 struct ieee80211_rxinfo *); 406int iwm_ccmp_decap(struct iwm_softc *, struct mbuf *, 407 struct ieee80211_node *, struct ieee80211_rxinfo *); 408void iwm_rx_frame(struct iwm_softc *, struct mbuf *, int, uint32_t, int, int, 409 uint32_t, struct ieee80211_rxinfo *, struct mbuf_list *); 410void iwm_ht_single_rate_control(struct iwm_softc *, struct ieee80211_node *, 411 int, uint8_t, int); 412void iwm_vht_single_rate_control(struct iwm_softc *, struct ieee80211_node *, 413 int, int, uint8_t, int); 414void iwm_rx_tx_cmd_single(struct iwm_softc *, struct iwm_rx_packet *, 415 struct iwm_node *, int, int); 416void iwm_txd_done(struct iwm_softc *, struct iwm_tx_data *); 417void iwm_txq_advance(struct iwm_softc *, struct iwm_tx_ring *, int); 418void iwm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *, 419 struct iwm_rx_data *); 420void iwm_clear_oactive(struct iwm_softc *, struct iwm_tx_ring *); 421void iwm_ampdu_rate_control(struct iwm_softc *, struct ieee80211_node *, 422 struct iwm_tx_ring *, int, uint16_t, uint16_t); 423void iwm_rx_compressed_ba(struct iwm_softc *, struct iwm_rx_packet *); 424void iwm_rx_bmiss(struct iwm_softc *, struct iwm_rx_packet *, 425 struct iwm_rx_data *); 426int iwm_binding_cmd(struct iwm_softc *, struct iwm_node *, uint32_t); 427uint8_t iwm_get_vht_ctrl_pos(struct ieee80211com *, struct ieee80211_channel *); 428int iwm_phy_ctxt_cmd_uhb(struct iwm_softc *, struct iwm_phy_ctxt *, uint8_t, 429 uint8_t, uint32_t, uint32_t, uint8_t, uint8_t); 430void iwm_phy_ctxt_cmd_hdr(struct iwm_softc *, struct iwm_phy_ctxt *, 431 struct iwm_phy_context_cmd *, uint32_t, uint32_t); 432void iwm_phy_ctxt_cmd_data(struct iwm_softc *, struct iwm_phy_context_cmd *, 433 struct ieee80211_channel *, uint8_t, uint8_t, uint8_t, uint8_t); 434int iwm_phy_ctxt_cmd(struct iwm_softc *, struct iwm_phy_ctxt *, uint8_t, 435 uint8_t, uint32_t, uint32_t, uint8_t, uint8_t); 436int iwm_send_cmd(struct iwm_softc *, struct iwm_host_cmd *); 437int iwm_send_cmd_pdu(struct iwm_softc *, uint32_t, uint32_t, uint16_t, 438 const void *); 439int iwm_send_cmd_status(struct iwm_softc *, struct iwm_host_cmd *, 440 uint32_t *); 441int iwm_send_cmd_pdu_status(struct iwm_softc *, uint32_t, uint16_t, 442 const void *, uint32_t *); 443void iwm_free_resp(struct iwm_softc *, struct iwm_host_cmd *); 444void iwm_cmd_done(struct iwm_softc *, int, int, int); 445void iwm_update_sched(struct iwm_softc *, int, int, uint8_t, uint16_t); 446void iwm_reset_sched(struct iwm_softc *, int, int, uint8_t); 447uint8_t iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *, 448 struct ieee80211_frame *, struct iwm_tx_cmd *); 449int iwm_tx(struct iwm_softc *, struct mbuf *, struct ieee80211_node *, int); 450int iwm_flush_tx_path(struct iwm_softc *, int); 451int iwm_wait_tx_queues_empty(struct iwm_softc *); 452void iwm_led_enable(struct iwm_softc *); 453void iwm_led_disable(struct iwm_softc *); 454int iwm_led_is_enabled(struct iwm_softc *); 455void iwm_led_blink_timeout(void *); 456void iwm_led_blink_start(struct iwm_softc *); 457void iwm_led_blink_stop(struct iwm_softc *); 458int iwm_beacon_filter_send_cmd(struct iwm_softc *, 459 struct iwm_beacon_filter_cmd *); 460void iwm_beacon_filter_set_cqm_params(struct iwm_softc *, struct iwm_node *, 461 struct iwm_beacon_filter_cmd *); 462int iwm_update_beacon_abort(struct iwm_softc *, struct iwm_node *, int); 463void iwm_power_build_cmd(struct iwm_softc *, struct iwm_node *, 464 struct iwm_mac_power_cmd *); 465int iwm_power_mac_update_mode(struct iwm_softc *, struct iwm_node *); 466int iwm_power_update_device(struct iwm_softc *); 467int iwm_enable_beacon_filter(struct iwm_softc *, struct iwm_node *); 468int iwm_disable_beacon_filter(struct iwm_softc *); 469int iwm_add_sta_cmd(struct iwm_softc *, struct iwm_node *, int); 470int iwm_add_aux_sta(struct iwm_softc *); 471int iwm_drain_sta(struct iwm_softc *sc, struct iwm_node *, int); 472int iwm_flush_sta(struct iwm_softc *, struct iwm_node *); 473int iwm_rm_sta_cmd(struct iwm_softc *, struct iwm_node *); 474uint16_t iwm_scan_rx_chain(struct iwm_softc *); 475uint32_t iwm_scan_rate_n_flags(struct iwm_softc *, int, int); 476uint8_t iwm_lmac_scan_fill_channels(struct iwm_softc *, 477 struct iwm_scan_channel_cfg_lmac *, int, int); 478int iwm_fill_probe_req(struct iwm_softc *, struct iwm_scan_probe_req *); 479int iwm_lmac_scan(struct iwm_softc *, int); 480int iwm_config_umac_scan(struct iwm_softc *); 481int iwm_umac_scan(struct iwm_softc *, int); 482void iwm_mcc_update(struct iwm_softc *, struct iwm_mcc_chub_notif *); 483uint8_t iwm_ridx2rate(struct ieee80211_rateset *, int); 484int iwm_rval2ridx(int); 485void iwm_ack_rates(struct iwm_softc *, struct iwm_node *, int *, int *); 486void iwm_mac_ctxt_cmd_common(struct iwm_softc *, struct iwm_node *, 487 struct iwm_mac_ctx_cmd *, uint32_t); 488void iwm_mac_ctxt_cmd_fill_sta(struct iwm_softc *, struct iwm_node *, 489 struct iwm_mac_data_sta *, int); 490int iwm_mac_ctxt_cmd(struct iwm_softc *, struct iwm_node *, uint32_t, int); 491int iwm_update_quotas(struct iwm_softc *, struct iwm_node *, int); 492void iwm_add_task(struct iwm_softc *, struct taskq *, struct task *); 493void iwm_del_task(struct iwm_softc *, struct taskq *, struct task *); 494int iwm_scan(struct iwm_softc *); 495int iwm_bgscan(struct ieee80211com *); 496void iwm_bgscan_done(struct ieee80211com *, 497 struct ieee80211_node_switch_bss_arg *, size_t); 498void iwm_bgscan_done_task(void *); 499int iwm_umac_scan_abort(struct iwm_softc *); 500int iwm_lmac_scan_abort(struct iwm_softc *); 501int iwm_scan_abort(struct iwm_softc *); 502int iwm_phy_ctxt_update(struct iwm_softc *, struct iwm_phy_ctxt *, 503 struct ieee80211_channel *, uint8_t, uint8_t, uint32_t, uint8_t, 504 uint8_t); 505int iwm_auth(struct iwm_softc *); 506int iwm_deauth(struct iwm_softc *); 507int iwm_run(struct iwm_softc *); 508int iwm_run_stop(struct iwm_softc *); 509struct ieee80211_node *iwm_node_alloc(struct ieee80211com *); 510int iwm_set_key_v1(struct ieee80211com *, struct ieee80211_node *, 511 struct ieee80211_key *); 512int iwm_set_key(struct ieee80211com *, struct ieee80211_node *, 513 struct ieee80211_key *); 514void iwm_delete_key_v1(struct ieee80211com *, 515 struct ieee80211_node *, struct ieee80211_key *); 516void iwm_delete_key(struct ieee80211com *, 517 struct ieee80211_node *, struct ieee80211_key *); 518void iwm_calib_timeout(void *); 519void iwm_set_rate_table_vht(struct iwm_node *, struct iwm_lq_cmd *); 520void iwm_set_rate_table(struct iwm_node *, struct iwm_lq_cmd *); 521void iwm_setrates(struct iwm_node *, int); 522int iwm_media_change(struct ifnet *); 523void iwm_newstate_task(void *); 524int iwm_newstate(struct ieee80211com *, enum ieee80211_state, int); 525void iwm_endscan(struct iwm_softc *); 526void iwm_fill_sf_command(struct iwm_softc *, struct iwm_sf_cfg_cmd *, 527 struct ieee80211_node *); 528int iwm_sf_config(struct iwm_softc *, int); 529int iwm_send_bt_init_conf(struct iwm_softc *); 530int iwm_send_soc_conf(struct iwm_softc *); 531int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *); 532int iwm_send_temp_report_ths_cmd(struct iwm_softc *); 533void iwm_tt_tx_backoff(struct iwm_softc *, uint32_t); 534void iwm_free_fw_paging(struct iwm_softc *); 535int iwm_save_fw_paging(struct iwm_softc *, const struct iwm_fw_sects *); 536int iwm_send_paging_cmd(struct iwm_softc *, const struct iwm_fw_sects *); 537int iwm_init_hw(struct iwm_softc *); 538int iwm_init(struct ifnet *); 539void iwm_start(struct ifnet *); 540void iwm_stop(struct ifnet *); 541void iwm_watchdog(struct ifnet *); 542int iwm_ioctl(struct ifnet *, u_long, caddr_t); 543const char *iwm_desc_lookup(uint32_t); 544void iwm_nic_error(struct iwm_softc *); 545void iwm_dump_driver_status(struct iwm_softc *); 546void iwm_nic_umac_error(struct iwm_softc *); 547void iwm_rx_mpdu(struct iwm_softc *, struct mbuf *, void *, size_t, 548 struct mbuf_list *); 549void iwm_flip_address(uint8_t *); 550int iwm_detect_duplicate(struct iwm_softc *, struct mbuf *, 551 struct iwm_rx_mpdu_desc *, struct ieee80211_rxinfo *); 552int iwm_is_sn_less(uint16_t, uint16_t, uint16_t); 553void iwm_release_frames(struct iwm_softc *, struct ieee80211_node *, 554 struct iwm_rxba_data *, struct iwm_reorder_buffer *, uint16_t, 555 struct mbuf_list *); 556int iwm_oldsn_workaround(struct iwm_softc *, struct ieee80211_node *, 557 int, struct iwm_reorder_buffer *, uint32_t, uint32_t); 558int iwm_rx_reorder(struct iwm_softc *, struct mbuf *, int, 559 struct iwm_rx_mpdu_desc *, int, int, uint32_t, 560 struct ieee80211_rxinfo *, struct mbuf_list *); 561void iwm_rx_mpdu_mq(struct iwm_softc *, struct mbuf *, void *, size_t, 562 struct mbuf_list *); 563int iwm_rx_pkt_valid(struct iwm_rx_packet *); 564void iwm_rx_pkt(struct iwm_softc *, struct iwm_rx_data *, 565 struct mbuf_list *); 566void iwm_notif_intr(struct iwm_softc *); 567int iwm_intr(void *); 568int iwm_intr_msix(void *); 569int iwm_match(struct device *, void *, void *); 570int iwm_preinit(struct iwm_softc *); 571void iwm_attach_hook(struct device *); 572//void iwm_attach(struct device *, struct device *, void *); 573void iwm_init_task(void *); 574int iwm_activate(struct device *, int); 575void iwm_resume(struct iwm_softc *); 576int iwm_wakeup(struct iwm_softc *); 577 578#if NBPFILTER > 0 579void iwm_radiotap_attach(struct iwm_softc *); 580#endif 581 582uint8_t 583iwm_lookup_cmd_ver(struct iwm_softc *sc, uint8_t grp, uint8_t cmd) 584{ 585 const struct iwm_fw_cmd_version *entry; 586 int i; 587 588 for (i = 0; i < sc->n_cmd_versions; i++) { 589 entry = &sc->cmd_versions[i]; 590 if (entry->group == grp && entry->cmd == cmd) 591 return entry->cmd_ver; 592 } 593 594 return IWM_FW_CMD_VER_UNKNOWN; 595} 596 597int 598iwm_is_mimo_ht_plcp(uint8_t ht_plcp) 599{ 600 return (ht_plcp != IWM_RATE_HT_SISO_MCS_INV_PLCP && 601 (ht_plcp & IWM_RATE_HT_MCS_NSS_MSK)); 602} 603 604int 605iwm_is_mimo_ht_mcs(int mcs) 606{ 607 int ridx = iwm_ht_mcs2ridx[mcs]; 608 return iwm_is_mimo_ht_plcp(iwm_rates[ridx].ht_plcp); 609 610} 611 612int 613iwm_store_cscheme(struct iwm_softc *sc, uint8_t *data, size_t dlen) 614{ 615 struct iwm_fw_cscheme_list *l = (void *)data; 616 617 if (dlen < sizeof(*l) || 618 dlen < sizeof(l->size) + l->size * sizeof(*l->cs)) 619 return EINVAL; 620 621 /* we don't actually store anything for now, always use s/w crypto */ 622 623 return 0; 624} 625 626int 627iwm_firmware_store_section(struct iwm_softc *sc, enum iwm_ucode_type type, 628 uint8_t *data, size_t dlen) 629{ 630 struct iwm_fw_sects *fws; 631 struct iwm_fw_onesect *fwone; 632 633 if (type >= IWM_UCODE_TYPE_MAX) 634 return EINVAL; 635 if (dlen < sizeof(uint32_t)) 636 return EINVAL; 637 638 fws = &sc->sc_fw.fw_sects[type]; 639 if (fws->fw_count >= IWM_UCODE_SECT_MAX) 640 return EINVAL; 641 642 fwone = &fws->fw_sect[fws->fw_count]; 643 644 /* first 32bit are device load offset */ 645 memcpy(&fwone->fws_devoff, data, sizeof(uint32_t)); 646 647 /* rest is data */ 648 fwone->fws_data = data + sizeof(uint32_t); 649 fwone->fws_len = dlen - sizeof(uint32_t); 650 651 fws->fw_count++; 652 fws->fw_totlen += fwone->fws_len; 653 654 return 0; 655} 656 657#define IWM_DEFAULT_SCAN_CHANNELS 40 658/* Newer firmware might support more channels. Raise this value if needed. */ 659#define IWM_MAX_SCAN_CHANNELS 52 /* as of 8265-34 firmware image */ 660 661struct iwm_tlv_calib_data { 662 uint32_t ucode_type; 663 struct iwm_tlv_calib_ctrl calib; 664} __packed; 665 666int 667iwm_set_default_calib(struct iwm_softc *sc, const void *data) 668{ 669 const struct iwm_tlv_calib_data *def_calib = data; 670 uint32_t ucode_type = le32toh(def_calib->ucode_type); 671 672 if (ucode_type >= IWM_UCODE_TYPE_MAX) 673 return EINVAL; 674 675 sc->sc_default_calib[ucode_type].flow_trigger = 676 def_calib->calib.flow_trigger; 677 sc->sc_default_calib[ucode_type].event_trigger = 678 def_calib->calib.event_trigger; 679 680 return 0; 681} 682 683void 684iwm_fw_info_free(struct iwm_fw_info *fw) 685{ 686 free(fw->fw_rawdata, M_DEVBUF, fw->fw_rawsize); 687 fw->fw_rawdata = NULL; 688 fw->fw_rawsize = 0; 689 /* don't touch fw->fw_status */ 690 memset(fw->fw_sects, 0, sizeof(fw->fw_sects)); 691} 692 693void 694iwm_fw_version_str(char *buf, size_t bufsize, 695 uint32_t major, uint32_t minor, uint32_t api) 696{ 697 /* 698 * Starting with major version 35 the Linux driver prints the minor 699 * version in hexadecimal. 700 */ 701 if (major >= 35) 702 snprintf(buf, bufsize, "%u.%08x.%u", major, minor, api); 703 else 704 snprintf(buf, bufsize, "%u.%u.%u", major, minor, api); 705} 706 707int 708iwm_read_firmware(struct iwm_softc *sc) 709{ 710 struct iwm_fw_info *fw = &sc->sc_fw; 711 struct iwm_tlv_ucode_header *uhdr; 712 struct iwm_ucode_tlv tlv; 713 uint32_t tlv_type; 714 uint8_t *data; 715 uint32_t usniffer_img; 716 uint32_t paging_mem_size; 717 int err; 718 size_t len; 719 720 if (fw->fw_status == IWM_FW_STATUS_DONE) 721 return 0; 722 723 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS) 724 tsleep_nsec(&sc->sc_fw, 0, "iwmfwp", INFSLP); 725 fw->fw_status = IWM_FW_STATUS_INPROGRESS; 726 727 if (fw->fw_rawdata != NULL) 728 iwm_fw_info_free(fw); 729 730 err = loadfirmware(sc->sc_fwname, 731 (u_char **)&fw->fw_rawdata, &fw->fw_rawsize); 732 if (err) { 733 printf("%s: could not read firmware %s (error %d)\n", 734 DEVNAME(sc), sc->sc_fwname, err); 735 goto out; 736 } 737 738 sc->sc_capaflags = 0; 739 sc->sc_capa_n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS; 740 memset(sc->sc_enabled_capa, 0, sizeof(sc->sc_enabled_capa)); 741 memset(sc->sc_ucode_api, 0, sizeof(sc->sc_ucode_api)); 742 sc->n_cmd_versions = 0; 743 744 uhdr = (void *)fw->fw_rawdata; 745 if (*(uint32_t *)fw->fw_rawdata != 0 746 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) { 747 printf("%s: invalid firmware %s\n", 748 DEVNAME(sc), sc->sc_fwname); 749 err = EINVAL; 750 goto out; 751 } 752 753 iwm_fw_version_str(sc->sc_fwver, sizeof(sc->sc_fwver), 754 IWM_UCODE_MAJOR(le32toh(uhdr->ver)), 755 IWM_UCODE_MINOR(le32toh(uhdr->ver)), 756 IWM_UCODE_API(le32toh(uhdr->ver))); 757 758 data = uhdr->data; 759 len = fw->fw_rawsize - sizeof(*uhdr); 760 761 while (len >= sizeof(tlv)) { 762 size_t tlv_len; 763 void *tlv_data; 764 765 memcpy(&tlv, data, sizeof(tlv)); 766 tlv_len = le32toh(tlv.length); 767 tlv_type = le32toh(tlv.type); 768 769 len -= sizeof(tlv); 770 data += sizeof(tlv); 771 tlv_data = data; 772 773 if (len < tlv_len) { 774 printf("%s: firmware too short: %zu bytes\n", 775 DEVNAME(sc), len); 776 err = EINVAL; 777 goto parse_out; 778 } 779 780 switch (tlv_type) { 781 case IWM_UCODE_TLV_PROBE_MAX_LEN: 782 if (tlv_len < sizeof(uint32_t)) { 783 err = EINVAL; 784 goto parse_out; 785 } 786 sc->sc_capa_max_probe_len 787 = le32toh(*(uint32_t *)tlv_data); 788 if (sc->sc_capa_max_probe_len > 789 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) { 790 err = EINVAL; 791 goto parse_out; 792 } 793 break; 794 case IWM_UCODE_TLV_PAN: 795 if (tlv_len) { 796 err = EINVAL; 797 goto parse_out; 798 } 799 sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN; 800 break; 801 case IWM_UCODE_TLV_FLAGS: 802 if (tlv_len < sizeof(uint32_t)) { 803 err = EINVAL; 804 goto parse_out; 805 } 806 /* 807 * Apparently there can be many flags, but Linux driver 808 * parses only the first one, and so do we. 809 * 810 * XXX: why does this override IWM_UCODE_TLV_PAN? 811 * Intentional or a bug? Observations from 812 * current firmware file: 813 * 1) TLV_PAN is parsed first 814 * 2) TLV_FLAGS contains TLV_FLAGS_PAN 815 * ==> this resets TLV_PAN to itself... hnnnk 816 */ 817 sc->sc_capaflags = le32toh(*(uint32_t *)tlv_data); 818 break; 819 case IWM_UCODE_TLV_CSCHEME: 820 err = iwm_store_cscheme(sc, tlv_data, tlv_len); 821 if (err) 822 goto parse_out; 823 break; 824 case IWM_UCODE_TLV_NUM_OF_CPU: { 825 uint32_t num_cpu; 826 if (tlv_len != sizeof(uint32_t)) { 827 err = EINVAL; 828 goto parse_out; 829 } 830 num_cpu = le32toh(*(uint32_t *)tlv_data); 831 if (num_cpu < 1 || num_cpu > 2) { 832 err = EINVAL; 833 goto parse_out; 834 } 835 break; 836 } 837 case IWM_UCODE_TLV_SEC_RT: 838 err = iwm_firmware_store_section(sc, 839 IWM_UCODE_TYPE_REGULAR, tlv_data, tlv_len); 840 if (err) 841 goto parse_out; 842 break; 843 case IWM_UCODE_TLV_SEC_INIT: 844 err = iwm_firmware_store_section(sc, 845 IWM_UCODE_TYPE_INIT, tlv_data, tlv_len); 846 if (err) 847 goto parse_out; 848 break; 849 case IWM_UCODE_TLV_SEC_WOWLAN: 850 err = iwm_firmware_store_section(sc, 851 IWM_UCODE_TYPE_WOW, tlv_data, tlv_len); 852 if (err) 853 goto parse_out; 854 break; 855 case IWM_UCODE_TLV_DEF_CALIB: 856 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) { 857 err = EINVAL; 858 goto parse_out; 859 } 860 err = iwm_set_default_calib(sc, tlv_data); 861 if (err) 862 goto parse_out; 863 break; 864 case IWM_UCODE_TLV_PHY_SKU: 865 if (tlv_len != sizeof(uint32_t)) { 866 err = EINVAL; 867 goto parse_out; 868 } 869 sc->sc_fw_phy_config = le32toh(*(uint32_t *)tlv_data); 870 break; 871 872 case IWM_UCODE_TLV_API_CHANGES_SET: { 873 struct iwm_ucode_api *api; 874 int idx, i; 875 if (tlv_len != sizeof(*api)) { 876 err = EINVAL; 877 goto parse_out; 878 } 879 api = (struct iwm_ucode_api *)tlv_data; 880 idx = le32toh(api->api_index); 881 if (idx >= howmany(IWM_NUM_UCODE_TLV_API, 32)) { 882 err = EINVAL; 883 goto parse_out; 884 } 885 for (i = 0; i < 32; i++) { 886 if ((le32toh(api->api_flags) & (1 << i)) == 0) 887 continue; 888 setbit(sc->sc_ucode_api, i + (32 * idx)); 889 } 890 break; 891 } 892 893 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: { 894 struct iwm_ucode_capa *capa; 895 int idx, i; 896 if (tlv_len != sizeof(*capa)) { 897 err = EINVAL; 898 goto parse_out; 899 } 900 capa = (struct iwm_ucode_capa *)tlv_data; 901 idx = le32toh(capa->api_index); 902 if (idx >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) { 903 goto parse_out; 904 } 905 for (i = 0; i < 32; i++) { 906 if ((le32toh(capa->api_capa) & (1 << i)) == 0) 907 continue; 908 setbit(sc->sc_enabled_capa, i + (32 * idx)); 909 } 910 break; 911 } 912 913 case IWM_UCODE_TLV_CMD_VERSIONS: 914 if (tlv_len % sizeof(struct iwm_fw_cmd_version)) { 915 tlv_len /= sizeof(struct iwm_fw_cmd_version); 916 tlv_len *= sizeof(struct iwm_fw_cmd_version); 917 } 918 if (sc->n_cmd_versions != 0) { 919 err = EINVAL; 920 goto parse_out; 921 } 922 if (tlv_len > sizeof(sc->cmd_versions)) { 923 err = EINVAL; 924 goto parse_out; 925 } 926 memcpy(&sc->cmd_versions[0], tlv_data, tlv_len); 927 sc->n_cmd_versions = tlv_len / sizeof(struct iwm_fw_cmd_version); 928 break; 929 930 case IWM_UCODE_TLV_SDIO_ADMA_ADDR: 931 case IWM_UCODE_TLV_FW_GSCAN_CAPA: 932 /* ignore, not used by current driver */ 933 break; 934 935 case IWM_UCODE_TLV_SEC_RT_USNIFFER: 936 err = iwm_firmware_store_section(sc, 937 IWM_UCODE_TYPE_REGULAR_USNIFFER, tlv_data, 938 tlv_len); 939 if (err) 940 goto parse_out; 941 break; 942 943 case IWM_UCODE_TLV_PAGING: 944 if (tlv_len != sizeof(uint32_t)) { 945 err = EINVAL; 946 goto parse_out; 947 } 948 paging_mem_size = le32toh(*(const uint32_t *)tlv_data); 949 950 DPRINTF(("%s: Paging: paging enabled (size = %u bytes)\n", 951 DEVNAME(sc), paging_mem_size)); 952 if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) { 953 printf("%s: Driver only supports up to %u" 954 " bytes for paging image (%u requested)\n", 955 DEVNAME(sc), IWM_MAX_PAGING_IMAGE_SIZE, 956 paging_mem_size); 957 err = EINVAL; 958 goto out; 959 } 960 if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) { 961 printf("%s: Paging: image isn't multiple of %u\n", 962 DEVNAME(sc), IWM_FW_PAGING_SIZE); 963 err = EINVAL; 964 goto out; 965 } 966 967 fw->fw_sects[IWM_UCODE_TYPE_REGULAR].paging_mem_size = 968 paging_mem_size; 969 usniffer_img = IWM_UCODE_TYPE_REGULAR_USNIFFER; 970 fw->fw_sects[usniffer_img].paging_mem_size = 971 paging_mem_size; 972 break; 973 974 case IWM_UCODE_TLV_N_SCAN_CHANNELS: 975 if (tlv_len != sizeof(uint32_t)) { 976 err = EINVAL; 977 goto parse_out; 978 } 979 sc->sc_capa_n_scan_channels = 980 le32toh(*(uint32_t *)tlv_data); 981 if (sc->sc_capa_n_scan_channels > IWM_MAX_SCAN_CHANNELS) { 982 err = ERANGE; 983 goto parse_out; 984 } 985 break; 986 987 case IWM_UCODE_TLV_FW_VERSION: 988 if (tlv_len != sizeof(uint32_t) * 3) { 989 err = EINVAL; 990 goto parse_out; 991 } 992 993 iwm_fw_version_str(sc->sc_fwver, sizeof(sc->sc_fwver), 994 le32toh(((uint32_t *)tlv_data)[0]), 995 le32toh(((uint32_t *)tlv_data)[1]), 996 le32toh(((uint32_t *)tlv_data)[2])); 997 break; 998 999 case IWM_UCODE_TLV_FW_DBG_DEST: 1000 case IWM_UCODE_TLV_FW_DBG_CONF: 1001 case IWM_UCODE_TLV_UMAC_DEBUG_ADDRS: 1002 case IWM_UCODE_TLV_LMAC_DEBUG_ADDRS: 1003 case IWM_UCODE_TLV_TYPE_DEBUG_INFO: 1004 case IWM_UCODE_TLV_TYPE_BUFFER_ALLOCATION: 1005 case IWM_UCODE_TLV_TYPE_HCMD: 1006 case IWM_UCODE_TLV_TYPE_REGIONS: 1007 case IWM_UCODE_TLV_TYPE_TRIGGERS: 1008 break; 1009 1010 case IWM_UCODE_TLV_HW_TYPE: 1011 break; 1012 1013 case IWM_UCODE_TLV_FW_MEM_SEG: 1014 break; 1015 1016 /* undocumented TLVs found in iwm-9000-43 image */ 1017 case 0x1000003: 1018 case 0x1000004: 1019 break; 1020 1021 default: 1022 err = EINVAL; 1023 goto parse_out; 1024 } 1025 1026 /* 1027 * Check for size_t overflow and ignore missing padding at 1028 * end of firmware file. 1029 */ 1030 if (roundup(tlv_len, 4) > len) 1031 break; 1032 1033 len -= roundup(tlv_len, 4); 1034 data += roundup(tlv_len, 4); 1035 } 1036 1037 KASSERT(err == 0); 1038 1039 parse_out: 1040 if (err) { 1041 printf("%s: firmware parse error %d, " 1042 "section type %d\n", DEVNAME(sc), err, tlv_type); 1043 } 1044 1045 out: 1046 if (err) { 1047 fw->fw_status = IWM_FW_STATUS_NONE; 1048 if (fw->fw_rawdata != NULL) 1049 iwm_fw_info_free(fw); 1050 } else 1051 fw->fw_status = IWM_FW_STATUS_DONE; 1052 wakeup(&sc->sc_fw); 1053 1054 return err; 1055} 1056 1057uint32_t 1058iwm_read_prph_unlocked(struct iwm_softc *sc, uint32_t addr) 1059{ 1060 IWM_WRITE(sc, 1061 IWM_HBUS_TARG_PRPH_RADDR, ((addr & 0x000fffff) | (3 << 24))); 1062 IWM_BARRIER_READ_WRITE(sc); 1063 return IWM_READ(sc, IWM_HBUS_TARG_PRPH_RDAT); 1064} 1065 1066uint32_t 1067iwm_read_prph(struct iwm_softc *sc, uint32_t addr) 1068{ 1069 iwm_nic_assert_locked(sc); 1070 return iwm_read_prph_unlocked(sc, addr); 1071} 1072 1073void 1074iwm_write_prph_unlocked(struct iwm_softc *sc, uint32_t addr, uint32_t val) 1075{ 1076 IWM_WRITE(sc, 1077 IWM_HBUS_TARG_PRPH_WADDR, ((addr & 0x000fffff) | (3 << 24))); 1078 IWM_BARRIER_WRITE(sc); 1079 IWM_WRITE(sc, IWM_HBUS_TARG_PRPH_WDAT, val); 1080} 1081 1082void 1083iwm_write_prph(struct iwm_softc *sc, uint32_t addr, uint32_t val) 1084{ 1085 iwm_nic_assert_locked(sc); 1086 iwm_write_prph_unlocked(sc, addr, val); 1087} 1088 1089void 1090iwm_write_prph64(struct iwm_softc *sc, uint64_t addr, uint64_t val) 1091{ 1092 iwm_write_prph(sc, (uint32_t)addr, val & 0xffffffff); 1093 iwm_write_prph(sc, (uint32_t)addr + 4, val >> 32); 1094} 1095 1096int 1097iwm_read_mem(struct iwm_softc *sc, uint32_t addr, void *buf, int dwords) 1098{ 1099 int offs, err = 0; 1100 uint32_t *vals = buf; 1101 1102 if (iwm_nic_lock(sc)) { 1103 IWM_WRITE(sc, IWM_HBUS_TARG_MEM_RADDR, addr); 1104 for (offs = 0; offs < dwords; offs++) 1105 vals[offs] = IWM_READ(sc, IWM_HBUS_TARG_MEM_RDAT); 1106 iwm_nic_unlock(sc); 1107 } else { 1108 err = EBUSY; 1109 } 1110 return err; 1111} 1112 1113int 1114iwm_write_mem(struct iwm_softc *sc, uint32_t addr, const void *buf, int dwords) 1115{ 1116 int offs; 1117 const uint32_t *vals = buf; 1118 1119 if (iwm_nic_lock(sc)) { 1120 IWM_WRITE(sc, IWM_HBUS_TARG_MEM_WADDR, addr); 1121 /* WADDR auto-increments */ 1122 for (offs = 0; offs < dwords; offs++) { 1123 uint32_t val = vals ? vals[offs] : 0; 1124 IWM_WRITE(sc, IWM_HBUS_TARG_MEM_WDAT, val); 1125 } 1126 iwm_nic_unlock(sc); 1127 } else { 1128 return EBUSY; 1129 } 1130 return 0; 1131} 1132 1133int 1134iwm_write_mem32(struct iwm_softc *sc, uint32_t addr, uint32_t val) 1135{ 1136 return iwm_write_mem(sc, addr, &val, 1); 1137} 1138 1139int 1140iwm_poll_bit(struct iwm_softc *sc, int reg, uint32_t bits, uint32_t mask, 1141 int timo) 1142{ 1143 for (;;) { 1144 if ((IWM_READ(sc, reg) & mask) == (bits & mask)) { 1145 return 1; 1146 } 1147 if (timo < 10) { 1148 return 0; 1149 } 1150 timo -= 10; 1151 DELAY(10); 1152 } 1153} 1154 1155int 1156iwm_nic_lock(struct iwm_softc *sc) 1157{ 1158 if (sc->sc_nic_locks > 0) { 1159 iwm_nic_assert_locked(sc); 1160 sc->sc_nic_locks++; 1161 return 1; /* already locked */ 1162 } 1163 1164 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, 1165 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1166 1167 if (sc->sc_device_family >= IWM_DEVICE_FAMILY_8000) 1168 DELAY(2); 1169 1170 if (iwm_poll_bit(sc, IWM_CSR_GP_CNTRL, 1171 IWM_CSR_GP_CNTRL_REG_VAL_MAC_ACCESS_EN, 1172 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY 1173 | IWM_CSR_GP_CNTRL_REG_FLAG_GOING_TO_SLEEP, 150000)) { 1174 sc->sc_nic_locks++; 1175 return 1; 1176 } 1177 1178 printf("%s: acquiring device failed\n", DEVNAME(sc)); 1179 return 0; 1180} 1181 1182void 1183iwm_nic_assert_locked(struct iwm_softc *sc) 1184{ 1185 if (sc->sc_nic_locks <= 0) 1186 panic("%s: nic locks counter %d", DEVNAME(sc), sc->sc_nic_locks); 1187} 1188 1189void 1190iwm_nic_unlock(struct iwm_softc *sc) 1191{ 1192 if (sc->sc_nic_locks > 0) { 1193 if (--sc->sc_nic_locks == 0) 1194 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 1195 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 1196 } else 1197 printf("%s: NIC already unlocked\n", DEVNAME(sc)); 1198} 1199 1200int 1201iwm_set_bits_mask_prph(struct iwm_softc *sc, uint32_t reg, uint32_t bits, 1202 uint32_t mask) 1203{ 1204 uint32_t val; 1205 1206 if (iwm_nic_lock(sc)) { 1207 val = iwm_read_prph(sc, reg) & mask; 1208 val |= bits; 1209 iwm_write_prph(sc, reg, val); 1210 iwm_nic_unlock(sc); 1211 return 0; 1212 } 1213 return EBUSY; 1214} 1215 1216int 1217iwm_set_bits_prph(struct iwm_softc *sc, uint32_t reg, uint32_t bits) 1218{ 1219 return iwm_set_bits_mask_prph(sc, reg, bits, ~0); 1220} 1221 1222int 1223iwm_clear_bits_prph(struct iwm_softc *sc, uint32_t reg, uint32_t bits) 1224{ 1225 return iwm_set_bits_mask_prph(sc, reg, 0, ~bits); 1226} 1227 1228int 1229iwm_dma_contig_alloc(bus_dma_tag_t tag, struct iwm_dma_info *dma, 1230 bus_size_t size, bus_size_t alignment) 1231{ 1232 int nsegs, err; 1233 caddr_t va; 1234 1235 dma->tag = tag; 1236 dma->size = size; 1237 1238 err = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT, 1239 &dma->map); 1240 if (err) 1241 goto fail; 1242 1243 err = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 1244 BUS_DMA_NOWAIT); 1245 if (err) 1246 goto fail; 1247 1248 err = bus_dmamem_map(tag, &dma->seg, 1, size, &va, 1249 BUS_DMA_NOWAIT); 1250 if (err) 1251 goto fail; 1252 dma->vaddr = va; 1253 1254 err = bus_dmamap_load(tag, dma->map, dma->vaddr, size, NULL, 1255 BUS_DMA_NOWAIT); 1256 if (err) 1257 goto fail; 1258 1259 memset(dma->vaddr, 0, size); 1260 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 1261 dma->paddr = dma->map->dm_segs[0].ds_addr; 1262 1263 return 0; 1264 1265fail: iwm_dma_contig_free(dma); 1266 return err; 1267} 1268 1269void 1270iwm_dma_contig_free(struct iwm_dma_info *dma) 1271{ 1272 if (dma->map != NULL) { 1273 if (dma->vaddr != NULL) { 1274 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 1275 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 1276 bus_dmamap_unload(dma->tag, dma->map); 1277 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 1278 bus_dmamem_free(dma->tag, &dma->seg, 1); 1279 dma->vaddr = NULL; 1280 } 1281 bus_dmamap_destroy(dma->tag, dma->map); 1282 dma->map = NULL; 1283 } 1284} 1285 1286int 1287iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1288{ 1289 bus_size_t size; 1290 size_t descsz; 1291 int count, i, err; 1292 1293 ring->cur = 0; 1294 1295 if (sc->sc_mqrx_supported) { 1296 count = IWM_RX_MQ_RING_COUNT; 1297 descsz = sizeof(uint64_t); 1298 } else { 1299 count = IWM_RX_RING_COUNT; 1300 descsz = sizeof(uint32_t); 1301 } 1302 1303 /* Allocate RX descriptors (256-byte aligned). */ 1304 size = count * descsz; 1305 err = iwm_dma_contig_alloc(sc->sc_dmat, &ring->free_desc_dma, size, 256); 1306 if (err) { 1307 printf("%s: could not allocate RX ring DMA memory\n", 1308 DEVNAME(sc)); 1309 goto fail; 1310 } 1311 ring->desc = ring->free_desc_dma.vaddr; 1312 1313 /* Allocate RX status area (16-byte aligned). */ 1314 err = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma, 1315 sizeof(*ring->stat), 16); 1316 if (err) { 1317 printf("%s: could not allocate RX status DMA memory\n", 1318 DEVNAME(sc)); 1319 goto fail; 1320 } 1321 ring->stat = ring->stat_dma.vaddr; 1322 1323 if (sc->sc_mqrx_supported) { 1324 size = count * sizeof(uint32_t); 1325 err = iwm_dma_contig_alloc(sc->sc_dmat, &ring->used_desc_dma, 1326 size, 256); 1327 if (err) { 1328 printf("%s: could not allocate RX ring DMA memory\n", 1329 DEVNAME(sc)); 1330 goto fail; 1331 } 1332 } 1333 1334 for (i = 0; i < count; i++) { 1335 struct iwm_rx_data *data = &ring->data[i]; 1336 1337 memset(data, 0, sizeof(*data)); 1338 err = bus_dmamap_create(sc->sc_dmat, IWM_RBUF_SIZE, 1, 1339 IWM_RBUF_SIZE, 0, BUS_DMA_NOWAIT | BUS_DMA_ALLOCNOW, 1340 &data->map); 1341 if (err) { 1342 printf("%s: could not create RX buf DMA map\n", 1343 DEVNAME(sc)); 1344 goto fail; 1345 } 1346 1347 err = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i); 1348 if (err) 1349 goto fail; 1350 } 1351 return 0; 1352 1353fail: iwm_free_rx_ring(sc, ring); 1354 return err; 1355} 1356 1357void 1358iwm_disable_rx_dma(struct iwm_softc *sc) 1359{ 1360 int ntries; 1361 1362 if (iwm_nic_lock(sc)) { 1363 if (sc->sc_mqrx_supported) { 1364 iwm_write_prph(sc, IWM_RFH_RXF_DMA_CFG, 0); 1365 for (ntries = 0; ntries < 1000; ntries++) { 1366 if (iwm_read_prph(sc, IWM_RFH_GEN_STATUS) & 1367 IWM_RXF_DMA_IDLE) 1368 break; 1369 DELAY(10); 1370 } 1371 } else { 1372 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 0); 1373 for (ntries = 0; ntries < 1000; ntries++) { 1374 if (IWM_READ(sc, IWM_FH_MEM_RSSR_RX_STATUS_REG)& 1375 IWM_FH_RSSR_CHNL0_RX_STATUS_CHNL_IDLE) 1376 break; 1377 DELAY(10); 1378 } 1379 } 1380 iwm_nic_unlock(sc); 1381 } 1382} 1383 1384void 1385iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1386{ 1387 ring->cur = 0; 1388 bus_dmamap_sync(sc->sc_dmat, ring->stat_dma.map, 0, 1389 ring->stat_dma.size, BUS_DMASYNC_PREWRITE); 1390 memset(ring->stat, 0, sizeof(*ring->stat)); 1391 bus_dmamap_sync(sc->sc_dmat, ring->stat_dma.map, 0, 1392 ring->stat_dma.size, BUS_DMASYNC_POSTWRITE); 1393 1394} 1395 1396void 1397iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring) 1398{ 1399 int count, i; 1400 1401 iwm_dma_contig_free(&ring->free_desc_dma); 1402 iwm_dma_contig_free(&ring->stat_dma); 1403 iwm_dma_contig_free(&ring->used_desc_dma); 1404 1405 if (sc->sc_mqrx_supported) 1406 count = IWM_RX_MQ_RING_COUNT; 1407 else 1408 count = IWM_RX_RING_COUNT; 1409 1410 for (i = 0; i < count; i++) { 1411 struct iwm_rx_data *data = &ring->data[i]; 1412 1413 if (data->m != NULL) { 1414 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1415 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 1416 bus_dmamap_unload(sc->sc_dmat, data->map); 1417 m_freem(data->m); 1418 data->m = NULL; 1419 } 1420 if (data->map != NULL) 1421 bus_dmamap_destroy(sc->sc_dmat, data->map); 1422 } 1423} 1424 1425int 1426iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid) 1427{ 1428 bus_addr_t paddr; 1429 bus_size_t size; 1430 int i, err; 1431 1432 ring->qid = qid; 1433 ring->queued = 0; 1434 ring->cur = 0; 1435 ring->tail = 0; 1436 1437 /* Allocate TX descriptors (256-byte aligned). */ 1438 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd); 1439 err = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256); 1440 if (err) { 1441 printf("%s: could not allocate TX ring DMA memory\n", 1442 DEVNAME(sc)); 1443 goto fail; 1444 } 1445 ring->desc = ring->desc_dma.vaddr; 1446 1447 /* 1448 * There is no need to allocate DMA buffers for unused rings. 1449 * 7k/8k/9k hardware supports up to 31 Tx rings which is more 1450 * than we currently need. 1451 * 1452 * In DQA mode we use 1 command queue + 4 DQA mgmt/data queues. 1453 * The command is queue 0 (sc->txq[0]), and 4 mgmt/data frame queues 1454 * are sc->tqx[IWM_DQA_MIN_MGMT_QUEUE + ac], i.e. sc->txq[5:8], 1455 * in order to provide one queue per EDCA category. 1456 * Tx aggregation requires additional queues, one queue per TID for 1457 * which aggregation is enabled. We map TID 0-7 to sc->txq[10:17]. 1458 * 1459 * In non-DQA mode, we use rings 0 through 9 (0-3 are EDCA, 9 is cmd), 1460 * and Tx aggregation is not supported. 1461 * 1462 * Unfortunately, we cannot tell if DQA will be used until the 1463 * firmware gets loaded later, so just allocate sufficient rings 1464 * in order to satisfy both cases. 1465 */ 1466 if (qid > IWM_LAST_AGG_TX_QUEUE) 1467 return 0; 1468 1469 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd); 1470 err = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4); 1471 if (err) { 1472 printf("%s: could not allocate cmd DMA memory\n", DEVNAME(sc)); 1473 goto fail; 1474 } 1475 ring->cmd = ring->cmd_dma.vaddr; 1476 1477 paddr = ring->cmd_dma.paddr; 1478 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1479 struct iwm_tx_data *data = &ring->data[i]; 1480 size_t mapsize; 1481 1482 data->cmd_paddr = paddr; 1483 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header) 1484 + offsetof(struct iwm_tx_cmd, scratch); 1485 paddr += sizeof(struct iwm_device_cmd); 1486 1487 /* FW commands may require more mapped space than packets. */ 1488 if (qid == IWM_CMD_QUEUE || qid == IWM_DQA_CMD_QUEUE) 1489 mapsize = (sizeof(struct iwm_cmd_header) + 1490 IWM_MAX_CMD_PAYLOAD_SIZE); 1491 else 1492 mapsize = MCLBYTES; 1493 err = bus_dmamap_create(sc->sc_dmat, mapsize, 1494 IWM_NUM_OF_TBS - 2, mapsize, 0, BUS_DMA_NOWAIT, 1495 &data->map); 1496 if (err) { 1497 printf("%s: could not create TX buf DMA map\n", 1498 DEVNAME(sc)); 1499 goto fail; 1500 } 1501 } 1502 KASSERT(paddr == ring->cmd_dma.paddr + size); 1503 return 0; 1504 1505fail: iwm_free_tx_ring(sc, ring); 1506 return err; 1507} 1508 1509void 1510iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1511{ 1512 int i; 1513 1514 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1515 struct iwm_tx_data *data = &ring->data[i]; 1516 1517 if (data->m != NULL) { 1518 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1519 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1520 bus_dmamap_unload(sc->sc_dmat, data->map); 1521 m_freem(data->m); 1522 data->m = NULL; 1523 } 1524 } 1525 /* Clear TX descriptors. */ 1526 memset(ring->desc, 0, ring->desc_dma.size); 1527 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, 1528 ring->desc_dma.size, BUS_DMASYNC_PREWRITE); 1529 sc->qfullmsk &= ~(1 << ring->qid); 1530 sc->qenablemsk &= ~(1 << ring->qid); 1531 /* 7000 family NICs are locked while commands are in progress. */ 1532 if (ring->qid == sc->cmdqid && ring->queued > 0) { 1533 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 1534 iwm_nic_unlock(sc); 1535 } 1536 ring->queued = 0; 1537 ring->cur = 0; 1538 ring->tail = 0; 1539} 1540 1541void 1542iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring) 1543{ 1544 int i; 1545 1546 iwm_dma_contig_free(&ring->desc_dma); 1547 iwm_dma_contig_free(&ring->cmd_dma); 1548 1549 for (i = 0; i < IWM_TX_RING_COUNT; i++) { 1550 struct iwm_tx_data *data = &ring->data[i]; 1551 1552 if (data->m != NULL) { 1553 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1554 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1555 bus_dmamap_unload(sc->sc_dmat, data->map); 1556 m_freem(data->m); 1557 data->m = NULL; 1558 } 1559 if (data->map != NULL) 1560 bus_dmamap_destroy(sc->sc_dmat, data->map); 1561 } 1562} 1563 1564void 1565iwm_enable_rfkill_int(struct iwm_softc *sc) 1566{ 1567 if (!sc->sc_msix) { 1568 sc->sc_intmask = IWM_CSR_INT_BIT_RF_KILL; 1569 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1570 } else { 1571 IWM_WRITE(sc, IWM_CSR_MSIX_FH_INT_MASK_AD, 1572 sc->sc_fh_init_mask); 1573 IWM_WRITE(sc, IWM_CSR_MSIX_HW_INT_MASK_AD, 1574 ~IWM_MSIX_HW_INT_CAUSES_REG_RF_KILL); 1575 sc->sc_hw_mask = IWM_MSIX_HW_INT_CAUSES_REG_RF_KILL; 1576 } 1577 1578 if (sc->sc_device_family >= IWM_DEVICE_FAMILY_9000) 1579 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, 1580 IWM_CSR_GP_CNTRL_REG_FLAG_RFKILL_WAKE_L1A_EN); 1581} 1582 1583int 1584iwm_check_rfkill(struct iwm_softc *sc) 1585{ 1586 uint32_t v; 1587 int rv; 1588 1589 /* 1590 * "documentation" is not really helpful here: 1591 * 27: HW_RF_KILL_SW 1592 * Indicates state of (platform's) hardware RF-Kill switch 1593 * 1594 * But apparently when it's off, it's on ... 1595 */ 1596 v = IWM_READ(sc, IWM_CSR_GP_CNTRL); 1597 rv = (v & IWM_CSR_GP_CNTRL_REG_FLAG_HW_RF_KILL_SW) == 0; 1598 if (rv) { 1599 sc->sc_flags |= IWM_FLAG_RFKILL; 1600 } else { 1601 sc->sc_flags &= ~IWM_FLAG_RFKILL; 1602 } 1603 1604 return rv; 1605} 1606 1607void 1608iwm_enable_interrupts(struct iwm_softc *sc) 1609{ 1610 if (!sc->sc_msix) { 1611 sc->sc_intmask = IWM_CSR_INI_SET_MASK; 1612 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1613 } else { 1614 /* 1615 * fh/hw_mask keeps all the unmasked causes. 1616 * Unlike msi, in msix cause is enabled when it is unset. 1617 */ 1618 sc->sc_hw_mask = sc->sc_hw_init_mask; 1619 sc->sc_fh_mask = sc->sc_fh_init_mask; 1620 IWM_WRITE(sc, IWM_CSR_MSIX_FH_INT_MASK_AD, 1621 ~sc->sc_fh_mask); 1622 IWM_WRITE(sc, IWM_CSR_MSIX_HW_INT_MASK_AD, 1623 ~sc->sc_hw_mask); 1624 } 1625} 1626 1627void 1628iwm_enable_fwload_interrupt(struct iwm_softc *sc) 1629{ 1630 if (!sc->sc_msix) { 1631 sc->sc_intmask = IWM_CSR_INT_BIT_FH_TX; 1632 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1633 } else { 1634 IWM_WRITE(sc, IWM_CSR_MSIX_HW_INT_MASK_AD, 1635 sc->sc_hw_init_mask); 1636 IWM_WRITE(sc, IWM_CSR_MSIX_FH_INT_MASK_AD, 1637 ~IWM_MSIX_FH_INT_CAUSES_D2S_CH0_NUM); 1638 sc->sc_fh_mask = IWM_MSIX_FH_INT_CAUSES_D2S_CH0_NUM; 1639 } 1640} 1641 1642void 1643iwm_restore_interrupts(struct iwm_softc *sc) 1644{ 1645 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask); 1646} 1647 1648void 1649iwm_disable_interrupts(struct iwm_softc *sc) 1650{ 1651 if (!sc->sc_msix) { 1652 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 1653 1654 /* acknowledge all interrupts */ 1655 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1656 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0); 1657 } else { 1658 IWM_WRITE(sc, IWM_CSR_MSIX_FH_INT_MASK_AD, 1659 sc->sc_fh_init_mask); 1660 IWM_WRITE(sc, IWM_CSR_MSIX_HW_INT_MASK_AD, 1661 sc->sc_hw_init_mask); 1662 } 1663} 1664 1665void 1666iwm_ict_reset(struct iwm_softc *sc) 1667{ 1668 iwm_disable_interrupts(sc); 1669 1670 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE); 1671 sc->ict_cur = 0; 1672 1673 /* Set physical address of ICT (4KB aligned). */ 1674 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG, 1675 IWM_CSR_DRAM_INT_TBL_ENABLE 1676 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK 1677 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER 1678 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT); 1679 1680 /* Switch to ICT interrupt mode in driver. */ 1681 sc->sc_flags |= IWM_FLAG_USE_ICT; 1682 1683 IWM_WRITE(sc, IWM_CSR_INT, ~0); 1684 iwm_enable_interrupts(sc); 1685} 1686 1687#define IWM_HW_READY_TIMEOUT 50 1688int 1689iwm_set_hw_ready(struct iwm_softc *sc) 1690{ 1691 int ready; 1692 1693 IWM_SETBITS(sc, IWM_CSR_HW_IF_CONFIG_REG, 1694 IWM_CSR_HW_IF_CONFIG_REG_BIT_NIC_READY); 1695 1696 ready = iwm_poll_bit(sc, IWM_CSR_HW_IF_CONFIG_REG, 1697 IWM_CSR_HW_IF_CONFIG_REG_BIT_NIC_READY, 1698 IWM_CSR_HW_IF_CONFIG_REG_BIT_NIC_READY, 1699 IWM_HW_READY_TIMEOUT); 1700 if (ready) 1701 IWM_SETBITS(sc, IWM_CSR_MBOX_SET_REG, 1702 IWM_CSR_MBOX_SET_REG_OS_ALIVE); 1703 1704 return ready; 1705} 1706#undef IWM_HW_READY_TIMEOUT 1707 1708int 1709iwm_prepare_card_hw(struct iwm_softc *sc) 1710{ 1711 int t = 0; 1712 int ntries; 1713 1714 if (iwm_set_hw_ready(sc)) 1715 return 0; 1716 1717 IWM_SETBITS(sc, IWM_CSR_DBG_LINK_PWR_MGMT_REG, 1718 IWM_CSR_RESET_LINK_PWR_MGMT_DISABLED); 1719 DELAY(1000); 1720 1721 for (ntries = 0; ntries < 10; ntries++) { 1722 /* If HW is not ready, prepare the conditions to check again */ 1723 IWM_SETBITS(sc, IWM_CSR_HW_IF_CONFIG_REG, 1724 IWM_CSR_HW_IF_CONFIG_REG_PREPARE); 1725 1726 do { 1727 if (iwm_set_hw_ready(sc)) 1728 return 0; 1729 DELAY(200); 1730 t += 200; 1731 } while (t < 150000); 1732 DELAY(25000); 1733 } 1734 1735 return ETIMEDOUT; 1736} 1737 1738void 1739iwm_apm_config(struct iwm_softc *sc) 1740{ 1741 pcireg_t lctl, cap; 1742 1743 /* 1744 * HW bug W/A for instability in PCIe bus L0S->L1 transition. 1745 * Check if BIOS (or OS) enabled L1-ASPM on this device. 1746 * If so (likely), disable L0S, so device moves directly L0->L1; 1747 * costs negligible amount of power savings. 1748 * If not (unlikely), enable L0S, so there is at least some 1749 * power savings, even without L1. 1750 */ 1751 lctl = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 1752 sc->sc_cap_off + PCI_PCIE_LCSR); 1753 if (lctl & PCI_PCIE_LCSR_ASPM_L1) { 1754 IWM_SETBITS(sc, IWM_CSR_GIO_REG, 1755 IWM_CSR_GIO_REG_VAL_L0S_ENABLED); 1756 } else { 1757 IWM_CLRBITS(sc, IWM_CSR_GIO_REG, 1758 IWM_CSR_GIO_REG_VAL_L0S_ENABLED); 1759 } 1760 1761 cap = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 1762 sc->sc_cap_off + PCI_PCIE_DCSR2); 1763 sc->sc_ltr_enabled = (cap & PCI_PCIE_DCSR2_LTREN) ? 1 : 0; 1764 DPRINTF(("%s: L1 %sabled - LTR %sabled\n", 1765 DEVNAME(sc), 1766 (lctl & PCI_PCIE_LCSR_ASPM_L1) ? "En" : "Dis", 1767 sc->sc_ltr_enabled ? "En" : "Dis")); 1768} 1769 1770/* 1771 * Start up NIC's basic functionality after it has been reset 1772 * e.g. after platform boot or shutdown. 1773 * NOTE: This does not load uCode nor start the embedded processor 1774 */ 1775int 1776iwm_apm_init(struct iwm_softc *sc) 1777{ 1778 int err = 0; 1779 1780 /* Disable L0S exit timer (platform NMI workaround) */ 1781 if (sc->sc_device_family < IWM_DEVICE_FAMILY_8000) 1782 IWM_SETBITS(sc, IWM_CSR_GIO_CHICKEN_BITS, 1783 IWM_CSR_GIO_CHICKEN_BITS_REG_BIT_DIS_L0S_EXIT_TIMER); 1784 1785 /* 1786 * Disable L0s without affecting L1; 1787 * don't wait for ICH L0s (ICH bug W/A) 1788 */ 1789 IWM_SETBITS(sc, IWM_CSR_GIO_CHICKEN_BITS, 1790 IWM_CSR_GIO_CHICKEN_BITS_REG_BIT_L1A_NO_L0S_RX); 1791 1792 /* Set FH wait threshold to maximum (HW error during stress W/A) */ 1793 IWM_SETBITS(sc, IWM_CSR_DBG_HPET_MEM_REG, IWM_CSR_DBG_HPET_MEM_REG_VAL); 1794 1795 /* 1796 * Enable HAP INTA (interrupt from management bus) to 1797 * wake device's PCI Express link L1a -> L0s 1798 */ 1799 IWM_SETBITS(sc, IWM_CSR_HW_IF_CONFIG_REG, 1800 IWM_CSR_HW_IF_CONFIG_REG_BIT_HAP_WAKE_L1A); 1801 1802 iwm_apm_config(sc); 1803 1804#if 0 /* not for 7k/8k */ 1805 /* Configure analog phase-lock-loop before activating to D0A */ 1806 if (trans->cfg->base_params->pll_cfg_val) 1807 IWM_SETBITS(trans, IWM_CSR_ANA_PLL_CFG, 1808 trans->cfg->base_params->pll_cfg_val); 1809#endif 1810 1811 /* 1812 * Set "initialization complete" bit to move adapter from 1813 * D0U* --> D0A* (powered-up active) state. 1814 */ 1815 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE); 1816 1817 /* 1818 * Wait for clock stabilization; once stabilized, access to 1819 * device-internal resources is supported, e.g. iwm_write_prph() 1820 * and accesses to uCode SRAM. 1821 */ 1822 if (!iwm_poll_bit(sc, IWM_CSR_GP_CNTRL, 1823 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 1824 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 25000)) { 1825 printf("%s: timeout waiting for clock stabilization\n", 1826 DEVNAME(sc)); 1827 err = ETIMEDOUT; 1828 goto out; 1829 } 1830 1831 if (sc->host_interrupt_operation_mode) { 1832 /* 1833 * This is a bit of an abuse - This is needed for 7260 / 3160 1834 * only check host_interrupt_operation_mode even if this is 1835 * not related to host_interrupt_operation_mode. 1836 * 1837 * Enable the oscillator to count wake up time for L1 exit. This 1838 * consumes slightly more power (100uA) - but allows to be sure 1839 * that we wake up from L1 on time. 1840 * 1841 * This looks weird: read twice the same register, discard the 1842 * value, set a bit, and yet again, read that same register 1843 * just to discard the value. But that's the way the hardware 1844 * seems to like it. 1845 */ 1846 if (iwm_nic_lock(sc)) { 1847 iwm_read_prph(sc, IWM_OSC_CLK); 1848 iwm_read_prph(sc, IWM_OSC_CLK); 1849 iwm_nic_unlock(sc); 1850 } 1851 err = iwm_set_bits_prph(sc, IWM_OSC_CLK, 1852 IWM_OSC_CLK_FORCE_CONTROL); 1853 if (err) 1854 goto out; 1855 if (iwm_nic_lock(sc)) { 1856 iwm_read_prph(sc, IWM_OSC_CLK); 1857 iwm_read_prph(sc, IWM_OSC_CLK); 1858 iwm_nic_unlock(sc); 1859 } 1860 } 1861 1862 /* 1863 * Enable DMA clock and wait for it to stabilize. 1864 * 1865 * Write to "CLK_EN_REG"; "1" bits enable clocks, while "0" bits 1866 * do not disable clocks. This preserves any hardware bits already 1867 * set by default in "CLK_CTRL_REG" after reset. 1868 */ 1869 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 1870 if (iwm_nic_lock(sc)) { 1871 iwm_write_prph(sc, IWM_APMG_CLK_EN_REG, 1872 IWM_APMG_CLK_VAL_DMA_CLK_RQT); 1873 iwm_nic_unlock(sc); 1874 } 1875 DELAY(20); 1876 1877 /* Disable L1-Active */ 1878 err = iwm_set_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG, 1879 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS); 1880 if (err) 1881 goto out; 1882 1883 /* Clear the interrupt in APMG if the NIC is in RFKILL */ 1884 if (iwm_nic_lock(sc)) { 1885 iwm_write_prph(sc, IWM_APMG_RTC_INT_STT_REG, 1886 IWM_APMG_RTC_INT_STT_RFKILL); 1887 iwm_nic_unlock(sc); 1888 } 1889 } 1890 out: 1891 if (err) 1892 printf("%s: apm init error %d\n", DEVNAME(sc), err); 1893 return err; 1894} 1895 1896void 1897iwm_apm_stop(struct iwm_softc *sc) 1898{ 1899 IWM_SETBITS(sc, IWM_CSR_DBG_LINK_PWR_MGMT_REG, 1900 IWM_CSR_RESET_LINK_PWR_MGMT_DISABLED); 1901 IWM_SETBITS(sc, IWM_CSR_HW_IF_CONFIG_REG, 1902 IWM_CSR_HW_IF_CONFIG_REG_PREPARE | 1903 IWM_CSR_HW_IF_CONFIG_REG_ENABLE_PME); 1904 DELAY(1000); 1905 IWM_CLRBITS(sc, IWM_CSR_DBG_LINK_PWR_MGMT_REG, 1906 IWM_CSR_RESET_LINK_PWR_MGMT_DISABLED); 1907 DELAY(5000); 1908 1909 /* stop device's busmaster DMA activity */ 1910 IWM_SETBITS(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_STOP_MASTER); 1911 1912 if (!iwm_poll_bit(sc, IWM_CSR_RESET, 1913 IWM_CSR_RESET_REG_FLAG_MASTER_DISABLED, 1914 IWM_CSR_RESET_REG_FLAG_MASTER_DISABLED, 100)) 1915 printf("%s: timeout waiting for master\n", DEVNAME(sc)); 1916 1917 /* 1918 * Clear "initialization complete" bit to move adapter from 1919 * D0A* (powered-up Active) --> D0U* (Uninitialized) state. 1920 */ 1921 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 1922 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE); 1923} 1924 1925void 1926iwm_init_msix_hw(struct iwm_softc *sc) 1927{ 1928 iwm_conf_msix_hw(sc, 0); 1929 1930 if (!sc->sc_msix) 1931 return; 1932 1933 sc->sc_fh_init_mask = ~IWM_READ(sc, IWM_CSR_MSIX_FH_INT_MASK_AD); 1934 sc->sc_fh_mask = sc->sc_fh_init_mask; 1935 sc->sc_hw_init_mask = ~IWM_READ(sc, IWM_CSR_MSIX_HW_INT_MASK_AD); 1936 sc->sc_hw_mask = sc->sc_hw_init_mask; 1937} 1938 1939void 1940iwm_conf_msix_hw(struct iwm_softc *sc, int stopped) 1941{ 1942 int vector = 0; 1943 1944 if (!sc->sc_msix) { 1945 /* Newer chips default to MSIX. */ 1946 if (sc->sc_mqrx_supported && !stopped && iwm_nic_lock(sc)) { 1947 iwm_write_prph(sc, IWM_UREG_CHICK, 1948 IWM_UREG_CHICK_MSI_ENABLE); 1949 iwm_nic_unlock(sc); 1950 } 1951 return; 1952 } 1953 1954 if (!stopped && iwm_nic_lock(sc)) { 1955 iwm_write_prph(sc, IWM_UREG_CHICK, IWM_UREG_CHICK_MSIX_ENABLE); 1956 iwm_nic_unlock(sc); 1957 } 1958 1959 /* Disable all interrupts */ 1960 IWM_WRITE(sc, IWM_CSR_MSIX_FH_INT_MASK_AD, ~0); 1961 IWM_WRITE(sc, IWM_CSR_MSIX_HW_INT_MASK_AD, ~0); 1962 1963 /* Map fallback-queue (command/mgmt) to a single vector */ 1964 IWM_WRITE_1(sc, IWM_CSR_MSIX_RX_IVAR(0), 1965 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1966 /* Map RSS queue (data) to the same vector */ 1967 IWM_WRITE_1(sc, IWM_CSR_MSIX_RX_IVAR(1), 1968 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1969 1970 /* Enable the RX queues cause interrupts */ 1971 IWM_CLRBITS(sc, IWM_CSR_MSIX_FH_INT_MASK_AD, 1972 IWM_MSIX_FH_INT_CAUSES_Q0 | IWM_MSIX_FH_INT_CAUSES_Q1); 1973 1974 /* Map non-RX causes to the same vector */ 1975 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_D2S_CH0_NUM), 1976 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1977 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_D2S_CH1_NUM), 1978 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1979 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_S2D), 1980 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1981 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_FH_ERR), 1982 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1983 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_REG_ALIVE), 1984 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1985 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_REG_WAKEUP), 1986 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1987 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_REG_IML), 1988 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1989 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_REG_CT_KILL), 1990 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1991 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_REG_RF_KILL), 1992 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1993 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_REG_PERIODIC), 1994 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1995 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_REG_SW_ERR), 1996 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1997 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_REG_SCD), 1998 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 1999 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_REG_FH_TX), 2000 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 2001 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_REG_HW_ERR), 2002 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 2003 IWM_WRITE_1(sc, IWM_CSR_MSIX_IVAR(IWM_MSIX_IVAR_CAUSE_REG_HAP), 2004 vector | IWM_MSIX_NON_AUTO_CLEAR_CAUSE); 2005 2006 /* Enable non-RX causes interrupts */ 2007 IWM_CLRBITS(sc, IWM_CSR_MSIX_FH_INT_MASK_AD, 2008 IWM_MSIX_FH_INT_CAUSES_D2S_CH0_NUM | 2009 IWM_MSIX_FH_INT_CAUSES_D2S_CH1_NUM | 2010 IWM_MSIX_FH_INT_CAUSES_S2D | 2011 IWM_MSIX_FH_INT_CAUSES_FH_ERR); 2012 IWM_CLRBITS(sc, IWM_CSR_MSIX_HW_INT_MASK_AD, 2013 IWM_MSIX_HW_INT_CAUSES_REG_ALIVE | 2014 IWM_MSIX_HW_INT_CAUSES_REG_WAKEUP | 2015 IWM_MSIX_HW_INT_CAUSES_REG_IML | 2016 IWM_MSIX_HW_INT_CAUSES_REG_CT_KILL | 2017 IWM_MSIX_HW_INT_CAUSES_REG_RF_KILL | 2018 IWM_MSIX_HW_INT_CAUSES_REG_PERIODIC | 2019 IWM_MSIX_HW_INT_CAUSES_REG_SW_ERR | 2020 IWM_MSIX_HW_INT_CAUSES_REG_SCD | 2021 IWM_MSIX_HW_INT_CAUSES_REG_FH_TX | 2022 IWM_MSIX_HW_INT_CAUSES_REG_HW_ERR | 2023 IWM_MSIX_HW_INT_CAUSES_REG_HAP); 2024} 2025 2026int 2027iwm_clear_persistence_bit(struct iwm_softc *sc) 2028{ 2029 uint32_t hpm, wprot; 2030 2031 hpm = iwm_read_prph_unlocked(sc, IWM_HPM_DEBUG); 2032 if (hpm != 0xa5a5a5a0 && (hpm & IWM_HPM_PERSISTENCE_BIT)) { 2033 wprot = iwm_read_prph_unlocked(sc, IWM_PREG_PRPH_WPROT_9000); 2034 if (wprot & IWM_PREG_WFPM_ACCESS) { 2035 printf("%s: cannot clear persistence bit\n", 2036 DEVNAME(sc)); 2037 return EPERM; 2038 } 2039 iwm_write_prph_unlocked(sc, IWM_HPM_DEBUG, 2040 hpm & ~IWM_HPM_PERSISTENCE_BIT); 2041 } 2042 2043 return 0; 2044} 2045 2046int 2047iwm_start_hw(struct iwm_softc *sc) 2048{ 2049 int err; 2050 2051 err = iwm_prepare_card_hw(sc); 2052 if (err) 2053 return err; 2054 2055 if (sc->sc_device_family == IWM_DEVICE_FAMILY_9000) { 2056 err = iwm_clear_persistence_bit(sc); 2057 if (err) 2058 return err; 2059 } 2060 2061 /* Reset the entire device */ 2062 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET); 2063 DELAY(5000); 2064 2065 err = iwm_apm_init(sc); 2066 if (err) 2067 return err; 2068 2069 iwm_init_msix_hw(sc); 2070 2071 iwm_enable_rfkill_int(sc); 2072 iwm_check_rfkill(sc); 2073 2074 return 0; 2075} 2076 2077 2078void 2079iwm_stop_device(struct iwm_softc *sc) 2080{ 2081 int chnl, ntries; 2082 int qid; 2083 2084 iwm_disable_interrupts(sc); 2085 sc->sc_flags &= ~IWM_FLAG_USE_ICT; 2086 2087 /* Stop all DMA channels. */ 2088 if (iwm_nic_lock(sc)) { 2089 /* Deactivate TX scheduler. */ 2090 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 2091 2092 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 2093 IWM_WRITE(sc, 2094 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0); 2095 for (ntries = 0; ntries < 200; ntries++) { 2096 uint32_t r; 2097 2098 r = IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG); 2099 if (r & IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE( 2100 chnl)) 2101 break; 2102 DELAY(20); 2103 } 2104 } 2105 iwm_nic_unlock(sc); 2106 } 2107 iwm_disable_rx_dma(sc); 2108 2109 iwm_reset_rx_ring(sc, &sc->rxq); 2110 2111 for (qid = 0; qid < nitems(sc->txq); qid++) 2112 iwm_reset_tx_ring(sc, &sc->txq[qid]); 2113 2114 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 2115 if (iwm_nic_lock(sc)) { 2116 /* Power-down device's busmaster DMA clocks */ 2117 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, 2118 IWM_APMG_CLK_VAL_DMA_CLK_RQT); 2119 iwm_nic_unlock(sc); 2120 } 2121 DELAY(5); 2122 } 2123 2124 /* Make sure (redundant) we've released our request to stay awake */ 2125 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL, 2126 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ); 2127 if (sc->sc_nic_locks > 0) 2128 printf("%s: %d active NIC locks forcefully cleared\n", 2129 DEVNAME(sc), sc->sc_nic_locks); 2130 sc->sc_nic_locks = 0; 2131 2132 /* Stop the device, and put it in low power state */ 2133 iwm_apm_stop(sc); 2134 2135 /* Reset the on-board processor. */ 2136 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET); 2137 DELAY(5000); 2138 2139 /* 2140 * Upon stop, the IVAR table gets erased, so msi-x won't 2141 * work. This causes a bug in RF-KILL flows, since the interrupt 2142 * that enables radio won't fire on the correct irq, and the 2143 * driver won't be able to handle the interrupt. 2144 * Configure the IVAR table again after reset. 2145 */ 2146 iwm_conf_msix_hw(sc, 1); 2147 2148 /* 2149 * Upon stop, the APM issues an interrupt if HW RF kill is set. 2150 * Clear the interrupt again. 2151 */ 2152 iwm_disable_interrupts(sc); 2153 2154 /* Even though we stop the HW we still want the RF kill interrupt. */ 2155 iwm_enable_rfkill_int(sc); 2156 iwm_check_rfkill(sc); 2157 2158 iwm_prepare_card_hw(sc); 2159} 2160 2161void 2162iwm_nic_config(struct iwm_softc *sc) 2163{ 2164 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash; 2165 uint32_t mask, val, reg_val = 0; 2166 2167 radio_cfg_type = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >> 2168 IWM_FW_PHY_CFG_RADIO_TYPE_POS; 2169 radio_cfg_step = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >> 2170 IWM_FW_PHY_CFG_RADIO_STEP_POS; 2171 radio_cfg_dash = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >> 2172 IWM_FW_PHY_CFG_RADIO_DASH_POS; 2173 2174 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) << 2175 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP; 2176 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) << 2177 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH; 2178 2179 /* radio configuration */ 2180 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE; 2181 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP; 2182 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH; 2183 2184 mask = IWM_CSR_HW_IF_CONFIG_REG_MSK_MAC_DASH | 2185 IWM_CSR_HW_IF_CONFIG_REG_MSK_MAC_STEP | 2186 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_STEP | 2187 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_DASH | 2188 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_TYPE | 2189 IWM_CSR_HW_IF_CONFIG_REG_BIT_RADIO_SI | 2190 IWM_CSR_HW_IF_CONFIG_REG_BIT_MAC_SI; 2191 2192 val = IWM_READ(sc, IWM_CSR_HW_IF_CONFIG_REG); 2193 val &= ~mask; 2194 val |= reg_val; 2195 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, val); 2196 2197 /* 2198 * W/A : NIC is stuck in a reset state after Early PCIe power off 2199 * (PCIe power is lost before PERST# is asserted), causing ME FW 2200 * to lose ownership and not being able to obtain it back. 2201 */ 2202 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 2203 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG, 2204 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS, 2205 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS); 2206} 2207 2208int 2209iwm_nic_rx_init(struct iwm_softc *sc) 2210{ 2211 if (sc->sc_mqrx_supported) 2212 return iwm_nic_rx_mq_init(sc); 2213 else 2214 return iwm_nic_rx_legacy_init(sc); 2215} 2216 2217int 2218iwm_nic_rx_mq_init(struct iwm_softc *sc) 2219{ 2220 int enabled; 2221 2222 if (!iwm_nic_lock(sc)) 2223 return EBUSY; 2224 2225 /* Stop RX DMA. */ 2226 iwm_write_prph(sc, IWM_RFH_RXF_DMA_CFG, 0); 2227 /* Disable RX used and free queue operation. */ 2228 iwm_write_prph(sc, IWM_RFH_RXF_RXQ_ACTIVE, 0); 2229 2230 iwm_write_prph64(sc, IWM_RFH_Q0_FRBDCB_BA_LSB, 2231 sc->rxq.free_desc_dma.paddr); 2232 iwm_write_prph64(sc, IWM_RFH_Q0_URBDCB_BA_LSB, 2233 sc->rxq.used_desc_dma.paddr); 2234 iwm_write_prph64(sc, IWM_RFH_Q0_URBD_STTS_WPTR_LSB, 2235 sc->rxq.stat_dma.paddr); 2236 iwm_write_prph(sc, IWM_RFH_Q0_FRBDCB_WIDX, 0); 2237 iwm_write_prph(sc, IWM_RFH_Q0_FRBDCB_RIDX, 0); 2238 iwm_write_prph(sc, IWM_RFH_Q0_URBDCB_WIDX, 0); 2239 2240 /* We configure only queue 0 for now. */ 2241 enabled = ((1 << 0) << 16) | (1 << 0); 2242 2243 /* Enable RX DMA, 4KB buffer size. */ 2244 iwm_write_prph(sc, IWM_RFH_RXF_DMA_CFG, 2245 IWM_RFH_DMA_EN_ENABLE_VAL | 2246 IWM_RFH_RXF_DMA_RB_SIZE_4K | 2247 IWM_RFH_RXF_DMA_MIN_RB_4_8 | 2248 IWM_RFH_RXF_DMA_DROP_TOO_LARGE_MASK | 2249 IWM_RFH_RXF_DMA_RBDCB_SIZE_512); 2250 2251 /* Enable RX DMA snooping. */ 2252 iwm_write_prph(sc, IWM_RFH_GEN_CFG, 2253 IWM_RFH_GEN_CFG_RFH_DMA_SNOOP | 2254 IWM_RFH_GEN_CFG_SERVICE_DMA_SNOOP | 2255 (sc->sc_integrated ? IWM_RFH_GEN_CFG_RB_CHUNK_SIZE_64 : 2256 IWM_RFH_GEN_CFG_RB_CHUNK_SIZE_128)); 2257 2258 /* Enable the configured queue(s). */ 2259 iwm_write_prph(sc, IWM_RFH_RXF_RXQ_ACTIVE, enabled); 2260 2261 iwm_nic_unlock(sc); 2262 2263 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF); 2264 2265 IWM_WRITE(sc, IWM_RFH_Q0_FRBDCB_WIDX_TRG, 8); 2266 2267 return 0; 2268} 2269 2270int 2271iwm_nic_rx_legacy_init(struct iwm_softc *sc) 2272{ 2273 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat)); 2274 2275 iwm_disable_rx_dma(sc); 2276 2277 if (!iwm_nic_lock(sc)) 2278 return EBUSY; 2279 2280 /* reset and flush pointers */ 2281 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0); 2282 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0); 2283 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0); 2284 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0); 2285 2286 /* Set physical address of RX ring (256-byte aligned). */ 2287 IWM_WRITE(sc, 2288 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.free_desc_dma.paddr >> 8); 2289 2290 /* Set physical address of RX status (16-byte aligned). */ 2291 IWM_WRITE(sc, 2292 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4); 2293 2294 /* Enable RX. */ 2295 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG, 2296 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL | 2297 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */ 2298 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL | 2299 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) | 2300 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K | 2301 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS); 2302 2303 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF); 2304 2305 /* W/A for interrupt coalescing bug in 7260 and 3160 */ 2306 if (sc->host_interrupt_operation_mode) 2307 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE); 2308 2309 iwm_nic_unlock(sc); 2310 2311 /* 2312 * This value should initially be 0 (before preparing any RBs), 2313 * and should be 8 after preparing the first 8 RBs (for example). 2314 */ 2315 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8); 2316 2317 return 0; 2318} 2319 2320int 2321iwm_nic_tx_init(struct iwm_softc *sc) 2322{ 2323 int qid, err; 2324 2325 if (!iwm_nic_lock(sc)) 2326 return EBUSY; 2327 2328 /* Deactivate TX scheduler. */ 2329 iwm_write_prph(sc, IWM_SCD_TXFACT, 0); 2330 2331 /* Set physical address of "keep warm" page (16-byte aligned). */ 2332 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4); 2333 2334 for (qid = 0; qid < nitems(sc->txq); qid++) { 2335 struct iwm_tx_ring *txq = &sc->txq[qid]; 2336 2337 /* Set physical address of TX ring (256-byte aligned). */ 2338 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid), 2339 txq->desc_dma.paddr >> 8); 2340 } 2341 2342 err = iwm_set_bits_prph(sc, IWM_SCD_GP_CTRL, 2343 IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE | 2344 IWM_SCD_GP_CTRL_ENABLE_31_QUEUES); 2345 2346 iwm_nic_unlock(sc); 2347 2348 return err; 2349} 2350 2351int 2352iwm_nic_init(struct iwm_softc *sc) 2353{ 2354 int err; 2355 2356 iwm_apm_init(sc); 2357 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 2358 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG, 2359 IWM_APMG_PS_CTRL_VAL_PWR_SRC_VMAIN, 2360 ~IWM_APMG_PS_CTRL_MSK_PWR_SRC); 2361 2362 iwm_nic_config(sc); 2363 2364 err = iwm_nic_rx_init(sc); 2365 if (err) 2366 return err; 2367 2368 err = iwm_nic_tx_init(sc); 2369 if (err) 2370 return err; 2371 2372 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff); 2373 2374 return 0; 2375} 2376 2377/* Map a TID to an ieee80211_edca_ac category. */ 2378const uint8_t iwm_tid_to_ac[IWM_MAX_TID_COUNT] = { 2379 EDCA_AC_BE, 2380 EDCA_AC_BK, 2381 EDCA_AC_BK, 2382 EDCA_AC_BE, 2383 EDCA_AC_VI, 2384 EDCA_AC_VI, 2385 EDCA_AC_VO, 2386 EDCA_AC_VO, 2387}; 2388 2389/* Map ieee80211_edca_ac categories to firmware Tx FIFO. */ 2390const uint8_t iwm_ac_to_tx_fifo[] = { 2391 IWM_TX_FIFO_BE, 2392 IWM_TX_FIFO_BK, 2393 IWM_TX_FIFO_VI, 2394 IWM_TX_FIFO_VO, 2395}; 2396 2397int 2398iwm_enable_ac_txq(struct iwm_softc *sc, int qid, int fifo) 2399{ 2400 int err; 2401 iwm_nic_assert_locked(sc); 2402 2403 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0); 2404 2405 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 2406 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) 2407 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN)); 2408 2409 err = iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid)); 2410 if (err) { 2411 return err; 2412 } 2413 2414 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0); 2415 2416 iwm_write_mem32(sc, 2417 sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0); 2418 2419 /* Set scheduler window size and frame limit. */ 2420 iwm_write_mem32(sc, 2421 sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) + 2422 sizeof(uint32_t), 2423 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) & 2424 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) | 2425 ((IWM_FRAME_LIMIT 2426 << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) & 2427 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK)); 2428 2429 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid), 2430 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) | 2431 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) | 2432 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) | 2433 IWM_SCD_QUEUE_STTS_REG_MSK); 2434 2435 if (qid == sc->cmdqid) 2436 iwm_write_prph(sc, IWM_SCD_EN_CTRL, 2437 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | (1 << qid)); 2438 2439 return 0; 2440} 2441 2442int 2443iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo, 2444 int aggregate, uint8_t tid, uint16_t ssn) 2445{ 2446 struct iwm_tx_ring *ring = &sc->txq[qid]; 2447 struct iwm_scd_txq_cfg_cmd cmd; 2448 int err, idx, scd_bug; 2449 2450 iwm_nic_assert_locked(sc); 2451 2452 /* 2453 * If we need to move the SCD write pointer by steps of 2454 * 0x40, 0x80 or 0xc0, it gets stuck. 2455 * This is really ugly, but this is the easiest way out for 2456 * this sad hardware issue. 2457 * This bug has been fixed on devices 9000 and up. 2458 */ 2459 scd_bug = !sc->sc_mqrx_supported && 2460 !((ssn - ring->cur) & 0x3f) && 2461 (ssn != ring->cur); 2462 if (scd_bug) 2463 ssn = (ssn + 1) & 0xfff; 2464 2465 idx = IWM_AGG_SSN_TO_TXQ_IDX(ssn); 2466 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | idx); 2467 ring->cur = idx; 2468 ring->tail = idx; 2469 2470 memset(&cmd, 0, sizeof(cmd)); 2471 cmd.tid = tid; 2472 cmd.scd_queue = qid; 2473 cmd.enable = 1; 2474 cmd.sta_id = sta_id; 2475 cmd.tx_fifo = fifo; 2476 cmd.aggregate = aggregate; 2477 cmd.ssn = htole16(ssn); 2478 cmd.window = IWM_FRAME_LIMIT; 2479 2480 err = iwm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, 0, 2481 sizeof(cmd), &cmd); 2482 if (err) 2483 return err; 2484 2485 sc->qenablemsk |= (1 << qid); 2486 return 0; 2487} 2488 2489int 2490iwm_disable_txq(struct iwm_softc *sc, int sta_id, int qid, uint8_t tid) 2491{ 2492 struct iwm_scd_txq_cfg_cmd cmd; 2493 int err; 2494 2495 memset(&cmd, 0, sizeof(cmd)); 2496 cmd.tid = tid; 2497 cmd.scd_queue = qid; 2498 cmd.enable = 0; 2499 cmd.sta_id = sta_id; 2500 2501 err = iwm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, 0, sizeof(cmd), &cmd); 2502 if (err) 2503 return err; 2504 2505 sc->qenablemsk &= ~(1 << qid); 2506 return 0; 2507} 2508 2509int 2510iwm_post_alive(struct iwm_softc *sc) 2511{ 2512 int nwords; 2513 int err, chnl; 2514 uint32_t base; 2515 2516 if (!iwm_nic_lock(sc)) 2517 return EBUSY; 2518 2519 base = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR); 2520 2521 iwm_ict_reset(sc); 2522 2523 iwm_nic_unlock(sc); 2524 2525 /* Clear TX scheduler state in SRAM. */ 2526 nwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND - 2527 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) 2528 / sizeof(uint32_t); 2529 err = iwm_write_mem(sc, 2530 sc->sched_base + IWM_SCD_CONTEXT_MEM_LOWER_BOUND, 2531 NULL, nwords); 2532 if (err) 2533 return err; 2534 2535 if (!iwm_nic_lock(sc)) 2536 return EBUSY; 2537 2538 /* Set physical address of TX scheduler rings (1KB aligned). */ 2539 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10); 2540 2541 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0); 2542 2543 /* enable command channel */ 2544 err = iwm_enable_ac_txq(sc, sc->cmdqid, IWM_TX_FIFO_CMD); 2545 if (err) { 2546 iwm_nic_unlock(sc); 2547 return err; 2548 } 2549 2550 /* Activate TX scheduler. */ 2551 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff); 2552 2553 /* Enable DMA channels. */ 2554 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) { 2555 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 2556 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 2557 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE); 2558 } 2559 2560 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG, 2561 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN); 2562 2563 iwm_nic_unlock(sc); 2564 2565 /* Enable L1-Active */ 2566 if (sc->sc_device_family < IWM_DEVICE_FAMILY_8000) { 2567 err = iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG, 2568 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS); 2569 } 2570 2571 return err; 2572} 2573 2574struct iwm_phy_db_entry * 2575iwm_phy_db_get_section(struct iwm_softc *sc, uint16_t type, uint16_t chg_id) 2576{ 2577 struct iwm_phy_db *phy_db = &sc->sc_phy_db; 2578 2579 if (type >= IWM_PHY_DB_MAX) 2580 return NULL; 2581 2582 switch (type) { 2583 case IWM_PHY_DB_CFG: 2584 return &phy_db->cfg; 2585 case IWM_PHY_DB_CALIB_NCH: 2586 return &phy_db->calib_nch; 2587 case IWM_PHY_DB_CALIB_CHG_PAPD: 2588 if (chg_id >= IWM_NUM_PAPD_CH_GROUPS) 2589 return NULL; 2590 return &phy_db->calib_ch_group_papd[chg_id]; 2591 case IWM_PHY_DB_CALIB_CHG_TXP: 2592 if (chg_id >= IWM_NUM_TXP_CH_GROUPS) 2593 return NULL; 2594 return &phy_db->calib_ch_group_txp[chg_id]; 2595 default: 2596 return NULL; 2597 } 2598 return NULL; 2599} 2600 2601int 2602iwm_phy_db_set_section(struct iwm_softc *sc, 2603 struct iwm_calib_res_notif_phy_db *phy_db_notif) 2604{ 2605 uint16_t type = le16toh(phy_db_notif->type); 2606 uint16_t size = le16toh(phy_db_notif->length); 2607 struct iwm_phy_db_entry *entry; 2608 uint16_t chg_id = 0; 2609 2610 if (type == IWM_PHY_DB_CALIB_CHG_PAPD || 2611 type == IWM_PHY_DB_CALIB_CHG_TXP) 2612 chg_id = le16toh(*(uint16_t *)phy_db_notif->data); 2613 2614 entry = iwm_phy_db_get_section(sc, type, chg_id); 2615 if (!entry) 2616 return EINVAL; 2617 2618 if (entry->data) 2619 free(entry->data, M_DEVBUF, entry->size); 2620 entry->data = malloc(size, M_DEVBUF, M_NOWAIT); 2621 if (!entry->data) { 2622 entry->size = 0; 2623 return ENOMEM; 2624 } 2625 memcpy(entry->data, phy_db_notif->data, size); 2626 entry->size = size; 2627 2628 return 0; 2629} 2630 2631int 2632iwm_is_valid_channel(uint16_t ch_id) 2633{ 2634 if (ch_id <= 14 || 2635 (36 <= ch_id && ch_id <= 64 && ch_id % 4 == 0) || 2636 (100 <= ch_id && ch_id <= 140 && ch_id % 4 == 0) || 2637 (145 <= ch_id && ch_id <= 165 && ch_id % 4 == 1)) 2638 return 1; 2639 return 0; 2640} 2641 2642uint8_t 2643iwm_ch_id_to_ch_index(uint16_t ch_id) 2644{ 2645 if (!iwm_is_valid_channel(ch_id)) 2646 return 0xff; 2647 2648 if (ch_id <= 14) 2649 return ch_id - 1; 2650 if (ch_id <= 64) 2651 return (ch_id + 20) / 4; 2652 if (ch_id <= 140) 2653 return (ch_id - 12) / 4; 2654 return (ch_id - 13) / 4; 2655} 2656 2657 2658uint16_t 2659iwm_channel_id_to_papd(uint16_t ch_id) 2660{ 2661 if (!iwm_is_valid_channel(ch_id)) 2662 return 0xff; 2663 2664 if (1 <= ch_id && ch_id <= 14) 2665 return 0; 2666 if (36 <= ch_id && ch_id <= 64) 2667 return 1; 2668 if (100 <= ch_id && ch_id <= 140) 2669 return 2; 2670 return 3; 2671} 2672 2673uint16_t 2674iwm_channel_id_to_txp(struct iwm_softc *sc, uint16_t ch_id) 2675{ 2676 struct iwm_phy_db *phy_db = &sc->sc_phy_db; 2677 struct iwm_phy_db_chg_txp *txp_chg; 2678 int i; 2679 uint8_t ch_index = iwm_ch_id_to_ch_index(ch_id); 2680 2681 if (ch_index == 0xff) 2682 return 0xff; 2683 2684 for (i = 0; i < IWM_NUM_TXP_CH_GROUPS; i++) { 2685 txp_chg = (void *)phy_db->calib_ch_group_txp[i].data; 2686 if (!txp_chg) 2687 return 0xff; 2688 /* 2689 * Looking for the first channel group the max channel 2690 * of which is higher than the requested channel. 2691 */ 2692 if (le16toh(txp_chg->max_channel_idx) >= ch_index) 2693 return i; 2694 } 2695 return 0xff; 2696} 2697 2698int 2699iwm_phy_db_get_section_data(struct iwm_softc *sc, uint32_t type, uint8_t **data, 2700 uint16_t *size, uint16_t ch_id) 2701{ 2702 struct iwm_phy_db_entry *entry; 2703 uint16_t ch_group_id = 0; 2704 2705 if (type == IWM_PHY_DB_CALIB_CHG_PAPD) 2706 ch_group_id = iwm_channel_id_to_papd(ch_id); 2707 else if (type == IWM_PHY_DB_CALIB_CHG_TXP) 2708 ch_group_id = iwm_channel_id_to_txp(sc, ch_id); 2709 2710 entry = iwm_phy_db_get_section(sc, type, ch_group_id); 2711 if (!entry) 2712 return EINVAL; 2713 2714 *data = entry->data; 2715 *size = entry->size; 2716 2717 return 0; 2718} 2719 2720int 2721iwm_send_phy_db_cmd(struct iwm_softc *sc, uint16_t type, uint16_t length, 2722 void *data) 2723{ 2724 struct iwm_phy_db_cmd phy_db_cmd; 2725 struct iwm_host_cmd cmd = { 2726 .id = IWM_PHY_DB_CMD, 2727 .flags = IWM_CMD_ASYNC, 2728 }; 2729 2730 phy_db_cmd.type = le16toh(type); 2731 phy_db_cmd.length = le16toh(length); 2732 2733 cmd.data[0] = &phy_db_cmd; 2734 cmd.len[0] = sizeof(struct iwm_phy_db_cmd); 2735 cmd.data[1] = data; 2736 cmd.len[1] = length; 2737 2738 return iwm_send_cmd(sc, &cmd); 2739} 2740 2741int 2742iwm_phy_db_send_all_channel_groups(struct iwm_softc *sc, uint16_t type, 2743 uint8_t max_ch_groups) 2744{ 2745 uint16_t i; 2746 int err; 2747 struct iwm_phy_db_entry *entry; 2748 2749 for (i = 0; i < max_ch_groups; i++) { 2750 entry = iwm_phy_db_get_section(sc, type, i); 2751 if (!entry) 2752 return EINVAL; 2753 2754 if (!entry->size) 2755 continue; 2756 2757 err = iwm_send_phy_db_cmd(sc, type, entry->size, entry->data); 2758 if (err) 2759 return err; 2760 2761 DELAY(1000); 2762 } 2763 2764 return 0; 2765} 2766 2767int 2768iwm_send_phy_db_data(struct iwm_softc *sc) 2769{ 2770 uint8_t *data = NULL; 2771 uint16_t size = 0; 2772 int err; 2773 2774 err = iwm_phy_db_get_section_data(sc, IWM_PHY_DB_CFG, &data, &size, 0); 2775 if (err) 2776 return err; 2777 2778 err = iwm_send_phy_db_cmd(sc, IWM_PHY_DB_CFG, size, data); 2779 if (err) 2780 return err; 2781 2782 err = iwm_phy_db_get_section_data(sc, IWM_PHY_DB_CALIB_NCH, 2783 &data, &size, 0); 2784 if (err) 2785 return err; 2786 2787 err = iwm_send_phy_db_cmd(sc, IWM_PHY_DB_CALIB_NCH, size, data); 2788 if (err) 2789 return err; 2790 2791 err = iwm_phy_db_send_all_channel_groups(sc, 2792 IWM_PHY_DB_CALIB_CHG_PAPD, IWM_NUM_PAPD_CH_GROUPS); 2793 if (err) 2794 return err; 2795 2796 err = iwm_phy_db_send_all_channel_groups(sc, 2797 IWM_PHY_DB_CALIB_CHG_TXP, IWM_NUM_TXP_CH_GROUPS); 2798 if (err) 2799 return err; 2800 2801 return 0; 2802} 2803 2804/* 2805 * For the high priority TE use a time event type that has similar priority to 2806 * the FW's action scan priority. 2807 */ 2808#define IWM_ROC_TE_TYPE_NORMAL IWM_TE_P2P_DEVICE_DISCOVERABLE 2809#define IWM_ROC_TE_TYPE_MGMT_TX IWM_TE_P2P_CLIENT_ASSOC 2810 2811int 2812iwm_send_time_event_cmd(struct iwm_softc *sc, 2813 const struct iwm_time_event_cmd *cmd) 2814{ 2815 struct iwm_rx_packet *pkt; 2816 struct iwm_time_event_resp *resp; 2817 struct iwm_host_cmd hcmd = { 2818 .id = IWM_TIME_EVENT_CMD, 2819 .flags = IWM_CMD_WANT_RESP, 2820 .resp_pkt_len = sizeof(*pkt) + sizeof(*resp), 2821 }; 2822 uint32_t resp_len; 2823 int err; 2824 2825 hcmd.data[0] = cmd; 2826 hcmd.len[0] = sizeof(*cmd); 2827 err = iwm_send_cmd(sc, &hcmd); 2828 if (err) 2829 return err; 2830 2831 pkt = hcmd.resp_pkt; 2832 if (!pkt || (pkt->hdr.flags & IWM_CMD_FAILED_MSK)) { 2833 err = EIO; 2834 goto out; 2835 } 2836 2837 resp_len = iwm_rx_packet_payload_len(pkt); 2838 if (resp_len != sizeof(*resp)) { 2839 err = EIO; 2840 goto out; 2841 } 2842 2843 resp = (void *)pkt->data; 2844 if (le32toh(resp->status) == 0) 2845 sc->sc_time_event_uid = le32toh(resp->unique_id); 2846 else 2847 err = EIO; 2848out: 2849 iwm_free_resp(sc, &hcmd); 2850 return err; 2851} 2852 2853void 2854iwm_protect_session(struct iwm_softc *sc, struct iwm_node *in, 2855 uint32_t duration, uint32_t max_delay) 2856{ 2857 struct iwm_time_event_cmd time_cmd; 2858 2859 /* Do nothing if a time event is already scheduled. */ 2860 if (sc->sc_flags & IWM_FLAG_TE_ACTIVE) 2861 return; 2862 2863 memset(&time_cmd, 0, sizeof(time_cmd)); 2864 2865 time_cmd.action = htole32(IWM_FW_CTXT_ACTION_ADD); 2866 time_cmd.id_and_color = 2867 htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, in->in_color)); 2868 time_cmd.id = htole32(IWM_TE_BSS_STA_AGGRESSIVE_ASSOC); 2869 2870 time_cmd.apply_time = htole32(0); 2871 2872 time_cmd.max_frags = IWM_TE_V2_FRAG_NONE; 2873 time_cmd.max_delay = htole32(max_delay); 2874 /* TODO: why do we need to interval = bi if it is not periodic? */ 2875 time_cmd.interval = htole32(1); 2876 time_cmd.duration = htole32(duration); 2877 time_cmd.repeat = 1; 2878 time_cmd.policy 2879 = htole16(IWM_TE_V2_NOTIF_HOST_EVENT_START | 2880 IWM_TE_V2_NOTIF_HOST_EVENT_END | 2881 IWM_T2_V2_START_IMMEDIATELY); 2882 2883 if (iwm_send_time_event_cmd(sc, &time_cmd) == 0) 2884 sc->sc_flags |= IWM_FLAG_TE_ACTIVE; 2885 2886 DELAY(100); 2887} 2888 2889void 2890iwm_unprotect_session(struct iwm_softc *sc, struct iwm_node *in) 2891{ 2892 struct iwm_time_event_cmd time_cmd; 2893 2894 /* Do nothing if the time event has already ended. */ 2895 if ((sc->sc_flags & IWM_FLAG_TE_ACTIVE) == 0) 2896 return; 2897 2898 memset(&time_cmd, 0, sizeof(time_cmd)); 2899 2900 time_cmd.action = htole32(IWM_FW_CTXT_ACTION_REMOVE); 2901 time_cmd.id_and_color = 2902 htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, in->in_color)); 2903 time_cmd.id = htole32(sc->sc_time_event_uid); 2904 2905 if (iwm_send_time_event_cmd(sc, &time_cmd) == 0) 2906 sc->sc_flags &= ~IWM_FLAG_TE_ACTIVE; 2907 2908 DELAY(100); 2909} 2910 2911/* 2912 * NVM read access and content parsing. We do not support 2913 * external NVM or writing NVM. 2914 */ 2915 2916/* list of NVM sections we are allowed/need to read */ 2917const int iwm_nvm_to_read[] = { 2918 IWM_NVM_SECTION_TYPE_HW, 2919 IWM_NVM_SECTION_TYPE_SW, 2920 IWM_NVM_SECTION_TYPE_REGULATORY, 2921 IWM_NVM_SECTION_TYPE_CALIBRATION, 2922 IWM_NVM_SECTION_TYPE_PRODUCTION, 2923 IWM_NVM_SECTION_TYPE_REGULATORY_SDP, 2924 IWM_NVM_SECTION_TYPE_HW_8000, 2925 IWM_NVM_SECTION_TYPE_MAC_OVERRIDE, 2926 IWM_NVM_SECTION_TYPE_PHY_SKU, 2927}; 2928 2929#define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024) 2930 2931#define IWM_NVM_WRITE_OPCODE 1 2932#define IWM_NVM_READ_OPCODE 0 2933 2934int 2935iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section, uint16_t offset, 2936 uint16_t length, uint8_t *data, uint16_t *len) 2937{ 2938 offset = 0; 2939 struct iwm_nvm_access_cmd nvm_access_cmd = { 2940 .offset = htole16(offset), 2941 .length = htole16(length), 2942 .type = htole16(section), 2943 .op_code = IWM_NVM_READ_OPCODE, 2944 }; 2945 struct iwm_nvm_access_resp *nvm_resp; 2946 struct iwm_rx_packet *pkt; 2947 struct iwm_host_cmd cmd = { 2948 .id = IWM_NVM_ACCESS_CMD, 2949 .flags = (IWM_CMD_WANT_RESP | IWM_CMD_SEND_IN_RFKILL), 2950 .resp_pkt_len = IWM_CMD_RESP_MAX, 2951 .data = { &nvm_access_cmd, }, 2952 }; 2953 int err, offset_read; 2954 size_t bytes_read; 2955 uint8_t *resp_data; 2956 2957 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd); 2958 2959 err = iwm_send_cmd(sc, &cmd); 2960 if (err) 2961 return err; 2962 2963 pkt = cmd.resp_pkt; 2964 if (pkt->hdr.flags & IWM_CMD_FAILED_MSK) { 2965 err = EIO; 2966 goto exit; 2967 } 2968 2969 /* Extract NVM response */ 2970 nvm_resp = (void *)pkt->data; 2971 if (nvm_resp == NULL) 2972 return EIO; 2973 2974 err = le16toh(nvm_resp->status); 2975 bytes_read = le16toh(nvm_resp->length); 2976 offset_read = le16toh(nvm_resp->offset); 2977 resp_data = nvm_resp->data; 2978 if (err) { 2979 err = EINVAL; 2980 goto exit; 2981 } 2982 2983 if (offset_read != offset) { 2984 err = EINVAL; 2985 goto exit; 2986 } 2987 2988 if (bytes_read > length) { 2989 err = EINVAL; 2990 goto exit; 2991 } 2992 2993 memcpy(data + offset, resp_data, bytes_read); 2994 *len = bytes_read; 2995 2996 exit: 2997 iwm_free_resp(sc, &cmd); 2998 return err; 2999} 3000 3001/* 3002 * Reads an NVM section completely. 3003 * NICs prior to 7000 family doesn't have a real NVM, but just read 3004 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited 3005 * by uCode, we need to manually check in this case that we don't 3006 * overflow and try to read more than the EEPROM size. 3007 */ 3008int 3009iwm_nvm_read_section(struct iwm_softc *sc, uint16_t section, uint8_t *data, 3010 uint16_t *len, size_t max_len) 3011{ 3012 uint16_t chunklen, seglen; 3013 int err = 0; 3014 3015 chunklen = seglen = IWM_NVM_DEFAULT_CHUNK_SIZE; 3016 *len = 0; 3017 3018 /* Read NVM chunks until exhausted (reading less than requested) */ 3019 while (seglen == chunklen && *len < max_len) { 3020 err = iwm_nvm_read_chunk(sc, 3021 section, *len, chunklen, data, &seglen); 3022 if (err) 3023 return err; 3024 3025 *len += seglen; 3026 } 3027 3028 return err; 3029} 3030 3031uint8_t 3032iwm_fw_valid_tx_ant(struct iwm_softc *sc) 3033{ 3034 uint8_t tx_ant; 3035 3036 tx_ant = ((sc->sc_fw_phy_config & IWM_FW_PHY_CFG_TX_CHAIN) 3037 >> IWM_FW_PHY_CFG_TX_CHAIN_POS); 3038 3039 if (sc->sc_nvm.valid_tx_ant) 3040 tx_ant &= sc->sc_nvm.valid_tx_ant; 3041 3042 return tx_ant; 3043} 3044 3045uint8_t 3046iwm_fw_valid_rx_ant(struct iwm_softc *sc) 3047{ 3048 uint8_t rx_ant; 3049 3050 rx_ant = ((sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RX_CHAIN) 3051 >> IWM_FW_PHY_CFG_RX_CHAIN_POS); 3052 3053 if (sc->sc_nvm.valid_rx_ant) 3054 rx_ant &= sc->sc_nvm.valid_rx_ant; 3055 3056 return rx_ant; 3057} 3058 3059int 3060iwm_valid_siso_ant_rate_mask(struct iwm_softc *sc) 3061{ 3062 uint8_t valid_tx_ant = iwm_fw_valid_tx_ant(sc); 3063 3064 /* 3065 * According to the Linux driver, antenna B should be preferred 3066 * on 9k devices since it is not shared with bluetooth. However, 3067 * there are 9k devices which do not support antenna B at all. 3068 */ 3069 if (sc->sc_device_family == IWM_DEVICE_FAMILY_9000 && 3070 (valid_tx_ant & IWM_ANT_B)) 3071 return IWM_RATE_MCS_ANT_B_MSK; 3072 3073 return IWM_RATE_MCS_ANT_A_MSK; 3074} 3075 3076void 3077iwm_init_channel_map(struct iwm_softc *sc, const uint16_t * const nvm_ch_flags, 3078 const uint8_t *nvm_channels, int nchan) 3079{ 3080 struct ieee80211com *ic = &sc->sc_ic; 3081 struct iwm_nvm_data *data = &sc->sc_nvm; 3082 int ch_idx; 3083 struct ieee80211_channel *channel; 3084 uint16_t ch_flags; 3085 int is_5ghz; 3086 int flags, hw_value; 3087 3088 for (ch_idx = 0; ch_idx < nchan; ch_idx++) { 3089 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx); 3090 3091 if (ch_idx >= IWM_NUM_2GHZ_CHANNELS && 3092 !data->sku_cap_band_52GHz_enable) 3093 ch_flags &= ~IWM_NVM_CHANNEL_VALID; 3094 3095 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) 3096 continue; 3097 3098 hw_value = nvm_channels[ch_idx]; 3099 channel = &ic->ic_channels[hw_value]; 3100 3101 is_5ghz = ch_idx >= IWM_NUM_2GHZ_CHANNELS; 3102 if (!is_5ghz) { 3103 flags = IEEE80211_CHAN_2GHZ; 3104 channel->ic_flags 3105 = IEEE80211_CHAN_CCK 3106 | IEEE80211_CHAN_OFDM 3107 | IEEE80211_CHAN_DYN 3108 | IEEE80211_CHAN_2GHZ; 3109 } else { 3110 flags = IEEE80211_CHAN_5GHZ; 3111 channel->ic_flags = 3112 IEEE80211_CHAN_A; 3113 } 3114 channel->ic_freq = ieee80211_ieee2mhz(hw_value, flags); 3115 3116 if (!(ch_flags & IWM_NVM_CHANNEL_ACTIVE)) 3117 channel->ic_flags |= IEEE80211_CHAN_PASSIVE; 3118 3119 if (data->sku_cap_11n_enable) { 3120 channel->ic_flags |= IEEE80211_CHAN_HT; 3121 if (ch_flags & IWM_NVM_CHANNEL_40MHZ) 3122 channel->ic_flags |= IEEE80211_CHAN_40MHZ; 3123 } 3124 3125 if (is_5ghz && data->sku_cap_11ac_enable) { 3126 channel->ic_flags |= IEEE80211_CHAN_VHT; 3127 if (ch_flags & IWM_NVM_CHANNEL_80MHZ) 3128 channel->ic_xflags |= IEEE80211_CHANX_80MHZ; 3129 } 3130 } 3131} 3132 3133int 3134iwm_mimo_enabled(struct iwm_softc *sc) 3135{ 3136 struct ieee80211com *ic = &sc->sc_ic; 3137 3138 return !sc->sc_nvm.sku_cap_mimo_disable && 3139 (ic->ic_userflags & IEEE80211_F_NOMIMO) == 0; 3140} 3141 3142void 3143iwm_setup_ht_rates(struct iwm_softc *sc) 3144{ 3145 struct ieee80211com *ic = &sc->sc_ic; 3146 uint8_t rx_ant; 3147 3148 /* TX is supported with the same MCS as RX. */ 3149 ic->ic_tx_mcs_set = IEEE80211_TX_MCS_SET_DEFINED; 3150 3151 memset(ic->ic_sup_mcs, 0, sizeof(ic->ic_sup_mcs)); 3152 ic->ic_sup_mcs[0] = 0xff; /* MCS 0-7 */ 3153 3154 if (!iwm_mimo_enabled(sc)) 3155 return; 3156 3157 rx_ant = iwm_fw_valid_rx_ant(sc); 3158 if ((rx_ant & IWM_ANT_AB) == IWM_ANT_AB || 3159 (rx_ant & IWM_ANT_BC) == IWM_ANT_BC) 3160 ic->ic_sup_mcs[1] = 0xff; /* MCS 8-15 */ 3161} 3162 3163void 3164iwm_setup_vht_rates(struct iwm_softc *sc) 3165{ 3166 struct ieee80211com *ic = &sc->sc_ic; 3167 uint8_t rx_ant = iwm_fw_valid_rx_ant(sc); 3168 int n; 3169 3170 ic->ic_vht_rxmcs = (IEEE80211_VHT_MCS_0_9 << 3171 IEEE80211_VHT_MCS_FOR_SS_SHIFT(1)); 3172 3173 if (iwm_mimo_enabled(sc) && 3174 ((rx_ant & IWM_ANT_AB) == IWM_ANT_AB || 3175 (rx_ant & IWM_ANT_BC) == IWM_ANT_BC)) { 3176 ic->ic_vht_rxmcs |= (IEEE80211_VHT_MCS_0_9 << 3177 IEEE80211_VHT_MCS_FOR_SS_SHIFT(2)); 3178 } else { 3179 ic->ic_vht_rxmcs |= (IEEE80211_VHT_MCS_SS_NOT_SUPP << 3180 IEEE80211_VHT_MCS_FOR_SS_SHIFT(2)); 3181 } 3182 3183 for (n = 3; n <= IEEE80211_VHT_NUM_SS; n++) { 3184 ic->ic_vht_rxmcs |= (IEEE80211_VHT_MCS_SS_NOT_SUPP << 3185 IEEE80211_VHT_MCS_FOR_SS_SHIFT(n)); 3186 } 3187 3188 ic->ic_vht_txmcs = ic->ic_vht_rxmcs; 3189} 3190 3191void 3192iwm_init_reorder_buffer(struct iwm_reorder_buffer *reorder_buf, 3193 uint16_t ssn, uint16_t buf_size) 3194{ 3195 reorder_buf->head_sn = ssn; 3196 reorder_buf->num_stored = 0; 3197 reorder_buf->buf_size = buf_size; 3198 reorder_buf->last_amsdu = 0; 3199 reorder_buf->last_sub_index = 0; 3200 reorder_buf->removed = 0; 3201 reorder_buf->valid = 0; 3202 reorder_buf->consec_oldsn_drops = 0; 3203 reorder_buf->consec_oldsn_ampdu_gp2 = 0; 3204 reorder_buf->consec_oldsn_prev_drop = 0; 3205} 3206 3207void 3208iwm_clear_reorder_buffer(struct iwm_softc *sc, struct iwm_rxba_data *rxba) 3209{ 3210 int i; 3211 struct iwm_reorder_buffer *reorder_buf = &rxba->reorder_buf; 3212 struct iwm_reorder_buf_entry *entry; 3213 3214 for (i = 0; i < reorder_buf->buf_size; i++) { 3215 entry = &rxba->entries[i]; 3216 ml_purge(&entry->frames); 3217 timerclear(&entry->reorder_time); 3218 } 3219 3220 reorder_buf->removed = 1; 3221 timeout_del(&reorder_buf->reorder_timer); 3222 timerclear(&rxba->last_rx); 3223 timeout_del(&rxba->session_timer); 3224 rxba->baid = IWM_RX_REORDER_DATA_INVALID_BAID; 3225} 3226 3227#define RX_REORDER_BUF_TIMEOUT_MQ_USEC (100000ULL) 3228 3229void 3230iwm_rx_ba_session_expired(void *arg) 3231{ 3232 struct iwm_rxba_data *rxba = arg; 3233 struct iwm_softc *sc = rxba->sc; 3234 struct ieee80211com *ic = &sc->sc_ic; 3235 struct ieee80211_node *ni = ic->ic_bss; 3236 struct timeval now, timeout, expiry; 3237 int s; 3238 3239 s = splnet(); 3240 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) == 0 && 3241 ic->ic_state == IEEE80211_S_RUN && 3242 rxba->baid != IWM_RX_REORDER_DATA_INVALID_BAID) { 3243 getmicrouptime(&now); 3244 USEC_TO_TIMEVAL(RX_REORDER_BUF_TIMEOUT_MQ_USEC, &timeout); 3245 timeradd(&rxba->last_rx, &timeout, &expiry); 3246 if (timercmp(&now, &expiry, <)) { 3247 timeout_add_usec(&rxba->session_timer, rxba->timeout); 3248 } else { 3249 ic->ic_stats.is_ht_rx_ba_timeout++; 3250 ieee80211_delba_request(ic, ni, 3251 IEEE80211_REASON_TIMEOUT, 0, rxba->tid); 3252 } 3253 } 3254 splx(s); 3255} 3256 3257void 3258iwm_reorder_timer_expired(void *arg) 3259{ 3260 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 3261 struct iwm_reorder_buffer *buf = arg; 3262 struct iwm_rxba_data *rxba = iwm_rxba_data_from_reorder_buf(buf); 3263 struct iwm_reorder_buf_entry *entries = &rxba->entries[0]; 3264 struct iwm_softc *sc = rxba->sc; 3265 struct ieee80211com *ic = &sc->sc_ic; 3266 struct ieee80211_node *ni = ic->ic_bss; 3267 int i, s; 3268 uint16_t sn = 0, index = 0; 3269 int expired = 0; 3270 int cont = 0; 3271 struct timeval now, timeout, expiry; 3272 3273 if (!buf->num_stored || buf->removed) 3274 return; 3275 3276 s = splnet(); 3277 getmicrouptime(&now); 3278 USEC_TO_TIMEVAL(RX_REORDER_BUF_TIMEOUT_MQ_USEC, &timeout); 3279 3280 for (i = 0; i < buf->buf_size ; i++) { 3281 index = (buf->head_sn + i) % buf->buf_size; 3282 3283 if (ml_empty(&entries[index].frames)) { 3284 /* 3285 * If there is a hole and the next frame didn't expire 3286 * we want to break and not advance SN. 3287 */ 3288 cont = 0; 3289 continue; 3290 } 3291 timeradd(&entries[index].reorder_time, &timeout, &expiry); 3292 if (!cont && timercmp(&now, &expiry, <)) 3293 break; 3294 3295 expired = 1; 3296 /* continue until next hole after this expired frame */ 3297 cont = 1; 3298 sn = (buf->head_sn + (i + 1)) & 0xfff; 3299 } 3300 3301 if (expired) { 3302 /* SN is set to the last expired frame + 1 */ 3303 iwm_release_frames(sc, ni, rxba, buf, sn, &ml); 3304 if_input(&sc->sc_ic.ic_if, &ml); 3305 ic->ic_stats.is_ht_rx_ba_window_gap_timeout++; 3306 } else { 3307 /* 3308 * If no frame expired and there are stored frames, index is now 3309 * pointing to the first unexpired frame - modify reorder timeout 3310 * accordingly. 3311 */ 3312 timeout_add_usec(&buf->reorder_timer, 3313 RX_REORDER_BUF_TIMEOUT_MQ_USEC); 3314 } 3315 3316 splx(s); 3317} 3318 3319#define IWM_MAX_RX_BA_SESSIONS 16 3320 3321int 3322iwm_sta_rx_agg(struct iwm_softc *sc, struct ieee80211_node *ni, uint8_t tid, 3323 uint16_t ssn, uint16_t winsize, int timeout_val, int start) 3324{ 3325 struct ieee80211com *ic = &sc->sc_ic; 3326 struct iwm_add_sta_cmd cmd; 3327 struct iwm_node *in = (void *)ni; 3328 int err, s; 3329 uint32_t status; 3330 size_t cmdsize; 3331 struct iwm_rxba_data *rxba = NULL; 3332 uint8_t baid = 0; 3333 3334 s = splnet(); 3335 3336 if (start && sc->sc_rx_ba_sessions >= IWM_MAX_RX_BA_SESSIONS) { 3337 ieee80211_addba_req_refuse(ic, ni, tid); 3338 splx(s); 3339 return 0; 3340 } 3341 3342 memset(&cmd, 0, sizeof(cmd)); 3343 3344 cmd.sta_id = IWM_STATION_ID; 3345 cmd.mac_id_n_color 3346 = htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, in->in_color)); 3347 cmd.add_modify = IWM_STA_MODE_MODIFY; 3348 3349 if (start) { 3350 cmd.add_immediate_ba_tid = (uint8_t)tid; 3351 cmd.add_immediate_ba_ssn = ssn; 3352 cmd.rx_ba_window = winsize; 3353 } else { 3354 cmd.remove_immediate_ba_tid = (uint8_t)tid; 3355 } 3356 cmd.modify_mask = start ? IWM_STA_MODIFY_ADD_BA_TID : 3357 IWM_STA_MODIFY_REMOVE_BA_TID; 3358 3359 status = IWM_ADD_STA_SUCCESS; 3360 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_STA_TYPE)) 3361 cmdsize = sizeof(cmd); 3362 else 3363 cmdsize = sizeof(struct iwm_add_sta_cmd_v7); 3364 err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA, cmdsize, &cmd, 3365 &status); 3366 if (!err && (status & IWM_ADD_STA_STATUS_MASK) != IWM_ADD_STA_SUCCESS) 3367 err = EIO; 3368 if (err) { 3369 if (start) 3370 ieee80211_addba_req_refuse(ic, ni, tid); 3371 splx(s); 3372 return err; 3373 } 3374 3375 if (sc->sc_mqrx_supported) { 3376 /* Deaggregation is done in hardware. */ 3377 if (start) { 3378 if (!(status & IWM_ADD_STA_BAID_VALID_MASK)) { 3379 ieee80211_addba_req_refuse(ic, ni, tid); 3380 splx(s); 3381 return EIO; 3382 } 3383 baid = (status & IWM_ADD_STA_BAID_MASK) >> 3384 IWM_ADD_STA_BAID_SHIFT; 3385 if (baid == IWM_RX_REORDER_DATA_INVALID_BAID || 3386 baid >= nitems(sc->sc_rxba_data)) { 3387 ieee80211_addba_req_refuse(ic, ni, tid); 3388 splx(s); 3389 return EIO; 3390 } 3391 rxba = &sc->sc_rxba_data[baid]; 3392 if (rxba->baid != IWM_RX_REORDER_DATA_INVALID_BAID) { 3393 ieee80211_addba_req_refuse(ic, ni, tid); 3394 splx(s); 3395 return 0; 3396 } 3397 rxba->sta_id = IWM_STATION_ID; 3398 rxba->tid = tid; 3399 rxba->baid = baid; 3400 rxba->timeout = timeout_val; 3401 getmicrouptime(&rxba->last_rx); 3402 iwm_init_reorder_buffer(&rxba->reorder_buf, ssn, 3403 winsize); 3404 if (timeout_val != 0) { 3405 struct ieee80211_rx_ba *ba; 3406 timeout_add_usec(&rxba->session_timer, 3407 timeout_val); 3408 /* XXX disable net80211's BA timeout handler */ 3409 ba = &ni->ni_rx_ba[tid]; 3410 ba->ba_timeout_val = 0; 3411 } 3412 } else { 3413 int i; 3414 for (i = 0; i < nitems(sc->sc_rxba_data); i++) { 3415 rxba = &sc->sc_rxba_data[i]; 3416 if (rxba->baid == 3417 IWM_RX_REORDER_DATA_INVALID_BAID) 3418 continue; 3419 if (rxba->tid != tid) 3420 continue; 3421 iwm_clear_reorder_buffer(sc, rxba); 3422 break; 3423 } 3424 } 3425 } 3426 3427 if (start) { 3428 sc->sc_rx_ba_sessions++; 3429 ieee80211_addba_req_accept(ic, ni, tid); 3430 } else if (sc->sc_rx_ba_sessions > 0) 3431 sc->sc_rx_ba_sessions--; 3432 3433 splx(s); 3434 return 0; 3435} 3436 3437void 3438iwm_mac_ctxt_task(void *arg) 3439{ 3440 struct iwm_softc *sc = arg; 3441 struct ieee80211com *ic = &sc->sc_ic; 3442 struct iwm_node *in = (void *)ic->ic_bss; 3443 int err, s = splnet(); 3444 3445 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) || 3446 ic->ic_state != IEEE80211_S_RUN) { 3447 refcnt_rele_wake(&sc->task_refs); 3448 splx(s); 3449 return; 3450 } 3451 3452 err = iwm_mac_ctxt_cmd(sc, in, IWM_FW_CTXT_ACTION_MODIFY, 1); 3453 if (err) 3454 printf("%s: failed to update MAC\n", DEVNAME(sc)); 3455 3456 iwm_unprotect_session(sc, in); 3457 3458 refcnt_rele_wake(&sc->task_refs); 3459 splx(s); 3460} 3461 3462void 3463iwm_updateprot(struct ieee80211com *ic) 3464{ 3465 struct iwm_softc *sc = ic->ic_softc; 3466 3467 if (ic->ic_state == IEEE80211_S_RUN && 3468 !task_pending(&sc->newstate_task)) 3469 iwm_add_task(sc, systq, &sc->mac_ctxt_task); 3470} 3471 3472void 3473iwm_updateslot(struct ieee80211com *ic) 3474{ 3475 struct iwm_softc *sc = ic->ic_softc; 3476 3477 if (ic->ic_state == IEEE80211_S_RUN && 3478 !task_pending(&sc->newstate_task)) 3479 iwm_add_task(sc, systq, &sc->mac_ctxt_task); 3480} 3481 3482void 3483iwm_updateedca(struct ieee80211com *ic) 3484{ 3485 struct iwm_softc *sc = ic->ic_softc; 3486 3487 if (ic->ic_state == IEEE80211_S_RUN && 3488 !task_pending(&sc->newstate_task)) 3489 iwm_add_task(sc, systq, &sc->mac_ctxt_task); 3490} 3491 3492void 3493iwm_phy_ctxt_task(void *arg) 3494{ 3495 struct iwm_softc *sc = arg; 3496 struct ieee80211com *ic = &sc->sc_ic; 3497 struct iwm_node *in = (void *)ic->ic_bss; 3498 struct ieee80211_node *ni = &in->in_ni; 3499 uint8_t chains, sco, vht_chan_width; 3500 int err, s = splnet(); 3501 3502 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) || 3503 ic->ic_state != IEEE80211_S_RUN || 3504 in->in_phyctxt == NULL) { 3505 refcnt_rele_wake(&sc->task_refs); 3506 splx(s); 3507 return; 3508 } 3509 3510 chains = iwm_mimo_enabled(sc) ? 2 : 1; 3511 if ((ni->ni_flags & IEEE80211_NODE_HT) && 3512 IEEE80211_CHAN_40MHZ_ALLOWED(ni->ni_chan) && 3513 ieee80211_node_supports_ht_chan40(ni)) 3514 sco = (ni->ni_htop0 & IEEE80211_HTOP0_SCO_MASK); 3515 else 3516 sco = IEEE80211_HTOP0_SCO_SCN; 3517 if ((ni->ni_flags & IEEE80211_NODE_VHT) && 3518 IEEE80211_CHAN_80MHZ_ALLOWED(in->in_ni.ni_chan) && 3519 ieee80211_node_supports_vht_chan80(ni)) 3520 vht_chan_width = IEEE80211_VHTOP0_CHAN_WIDTH_80; 3521 else 3522 vht_chan_width = IEEE80211_VHTOP0_CHAN_WIDTH_HT; 3523 if (in->in_phyctxt->sco != sco || 3524 in->in_phyctxt->vht_chan_width != vht_chan_width) { 3525 err = iwm_phy_ctxt_update(sc, in->in_phyctxt, 3526 in->in_phyctxt->channel, chains, chains, 0, sco, 3527 vht_chan_width); 3528 if (err) 3529 printf("%s: failed to update PHY\n", DEVNAME(sc)); 3530 iwm_setrates(in, 0); 3531 } 3532 3533 refcnt_rele_wake(&sc->task_refs); 3534 splx(s); 3535} 3536 3537void 3538iwm_updatechan(struct ieee80211com *ic) 3539{ 3540 struct iwm_softc *sc = ic->ic_softc; 3541 3542 if (ic->ic_state == IEEE80211_S_RUN && 3543 !task_pending(&sc->newstate_task)) 3544 iwm_add_task(sc, systq, &sc->phy_ctxt_task); 3545} 3546 3547void 3548iwm_updatedtim(struct ieee80211com *ic) 3549{ 3550 struct iwm_softc *sc = ic->ic_softc; 3551 3552 if (ic->ic_state == IEEE80211_S_RUN && 3553 !task_pending(&sc->newstate_task)) 3554 iwm_add_task(sc, systq, &sc->mac_ctxt_task); 3555} 3556 3557int 3558iwm_sta_tx_agg(struct iwm_softc *sc, struct ieee80211_node *ni, uint8_t tid, 3559 uint16_t ssn, uint16_t winsize, int start) 3560{ 3561 struct iwm_add_sta_cmd cmd; 3562 struct ieee80211com *ic = &sc->sc_ic; 3563 struct iwm_node *in = (void *)ni; 3564 int qid = IWM_FIRST_AGG_TX_QUEUE + tid; 3565 struct iwm_tx_ring *ring; 3566 enum ieee80211_edca_ac ac; 3567 int fifo; 3568 uint32_t status; 3569 int err; 3570 size_t cmdsize; 3571 3572 /* Ensure we can map this TID to an aggregation queue. */ 3573 if (tid >= IWM_MAX_TID_COUNT || qid > IWM_LAST_AGG_TX_QUEUE) 3574 return ENOSPC; 3575 3576 if (start) { 3577 if ((sc->tx_ba_queue_mask & (1 << qid)) != 0) 3578 return 0; 3579 } else { 3580 if ((sc->tx_ba_queue_mask & (1 << qid)) == 0) 3581 return 0; 3582 } 3583 3584 ring = &sc->txq[qid]; 3585 ac = iwm_tid_to_ac[tid]; 3586 fifo = iwm_ac_to_tx_fifo[ac]; 3587 3588 memset(&cmd, 0, sizeof(cmd)); 3589 3590 cmd.sta_id = IWM_STATION_ID; 3591 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, 3592 in->in_color)); 3593 cmd.add_modify = IWM_STA_MODE_MODIFY; 3594 3595 if (start) { 3596 /* Enable Tx aggregation for this queue. */ 3597 in->tid_disable_ampdu &= ~(1 << tid); 3598 in->tfd_queue_msk |= (1 << qid); 3599 } else { 3600 in->tid_disable_ampdu |= (1 << tid); 3601 /* 3602 * Queue remains enabled in the TFD queue mask 3603 * until we leave RUN state. 3604 */ 3605 err = iwm_flush_sta(sc, in); 3606 if (err) 3607 return err; 3608 } 3609 3610 cmd.tfd_queue_msk |= htole32(in->tfd_queue_msk); 3611 cmd.tid_disable_tx = htole16(in->tid_disable_ampdu); 3612 cmd.modify_mask = (IWM_STA_MODIFY_QUEUES | 3613 IWM_STA_MODIFY_TID_DISABLE_TX); 3614 3615 if (start && (sc->qenablemsk & (1 << qid)) == 0) { 3616 if (!iwm_nic_lock(sc)) { 3617 if (start) 3618 ieee80211_addba_resp_refuse(ic, ni, tid, 3619 IEEE80211_STATUS_UNSPECIFIED); 3620 return EBUSY; 3621 } 3622 err = iwm_enable_txq(sc, IWM_STATION_ID, qid, fifo, 1, tid, 3623 ssn); 3624 iwm_nic_unlock(sc); 3625 if (err) { 3626 printf("%s: could not enable Tx queue %d (error %d)\n", 3627 DEVNAME(sc), qid, err); 3628 if (start) 3629 ieee80211_addba_resp_refuse(ic, ni, tid, 3630 IEEE80211_STATUS_UNSPECIFIED); 3631 return err; 3632 } 3633 /* 3634 * If iwm_enable_txq() employed the SCD hardware bug 3635 * workaround we must skip the frame with seqnum SSN. 3636 */ 3637 if (ring->cur != IWM_AGG_SSN_TO_TXQ_IDX(ssn)) { 3638 ssn = (ssn + 1) & 0xfff; 3639 KASSERT(ring->cur == IWM_AGG_SSN_TO_TXQ_IDX(ssn)); 3640 ieee80211_output_ba_move_window(ic, ni, tid, ssn); 3641 ni->ni_qos_txseqs[tid] = ssn; 3642 } 3643 } 3644 3645 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_STA_TYPE)) 3646 cmdsize = sizeof(cmd); 3647 else 3648 cmdsize = sizeof(struct iwm_add_sta_cmd_v7); 3649 3650 status = 0; 3651 err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA, cmdsize, &cmd, &status); 3652 if (!err && (status & IWM_ADD_STA_STATUS_MASK) != IWM_ADD_STA_SUCCESS) 3653 err = EIO; 3654 if (err) { 3655 printf("%s: could not update sta (error %d)\n", 3656 DEVNAME(sc), err); 3657 if (start) 3658 ieee80211_addba_resp_refuse(ic, ni, tid, 3659 IEEE80211_STATUS_UNSPECIFIED); 3660 return err; 3661 } 3662 3663 if (start) { 3664 sc->tx_ba_queue_mask |= (1 << qid); 3665 ieee80211_addba_resp_accept(ic, ni, tid); 3666 } else { 3667 sc->tx_ba_queue_mask &= ~(1 << qid); 3668 3669 /* 3670 * Clear pending frames but keep the queue enabled. 3671 * Firmware panics if we disable the queue here. 3672 */ 3673 iwm_txq_advance(sc, ring, ring->cur); 3674 iwm_clear_oactive(sc, ring); 3675 } 3676 3677 return 0; 3678} 3679 3680void 3681iwm_ba_task(void *arg) 3682{ 3683 struct iwm_softc *sc = arg; 3684 struct ieee80211com *ic = &sc->sc_ic; 3685 struct ieee80211_node *ni = ic->ic_bss; 3686 int s = splnet(); 3687 int tid, err = 0; 3688 3689 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) || 3690 ic->ic_state != IEEE80211_S_RUN) { 3691 refcnt_rele_wake(&sc->task_refs); 3692 splx(s); 3693 return; 3694 } 3695 3696 for (tid = 0; tid < IWM_MAX_TID_COUNT && !err; tid++) { 3697 if (sc->sc_flags & IWM_FLAG_SHUTDOWN) 3698 break; 3699 if (sc->ba_rx.start_tidmask & (1 << tid)) { 3700 struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid]; 3701 err = iwm_sta_rx_agg(sc, ni, tid, ba->ba_winstart, 3702 ba->ba_winsize, ba->ba_timeout_val, 1); 3703 sc->ba_rx.start_tidmask &= ~(1 << tid); 3704 } else if (sc->ba_rx.stop_tidmask & (1 << tid)) { 3705 err = iwm_sta_rx_agg(sc, ni, tid, 0, 0, 0, 0); 3706 sc->ba_rx.stop_tidmask &= ~(1 << tid); 3707 } 3708 } 3709 3710 for (tid = 0; tid < IWM_MAX_TID_COUNT && !err; tid++) { 3711 if (sc->sc_flags & IWM_FLAG_SHUTDOWN) 3712 break; 3713 if (sc->ba_tx.start_tidmask & (1 << tid)) { 3714 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 3715 err = iwm_sta_tx_agg(sc, ni, tid, ba->ba_winstart, 3716 ba->ba_winsize, 1); 3717 sc->ba_tx.start_tidmask &= ~(1 << tid); 3718 } else if (sc->ba_tx.stop_tidmask & (1 << tid)) { 3719 err = iwm_sta_tx_agg(sc, ni, tid, 0, 0, 0); 3720 sc->ba_tx.stop_tidmask &= ~(1 << tid); 3721 } 3722 } 3723 3724 /* 3725 * We "recover" from failure to start or stop a BA session 3726 * by resetting the device. 3727 */ 3728 if (err && (sc->sc_flags & IWM_FLAG_SHUTDOWN) == 0) 3729 task_add(systq, &sc->init_task); 3730 3731 refcnt_rele_wake(&sc->task_refs); 3732 splx(s); 3733} 3734 3735/* 3736 * This function is called by upper layer when an ADDBA request is received 3737 * from another STA and before the ADDBA response is sent. 3738 */ 3739int 3740iwm_ampdu_rx_start(struct ieee80211com *ic, struct ieee80211_node *ni, 3741 uint8_t tid) 3742{ 3743 struct iwm_softc *sc = IC2IFP(ic)->if_softc; 3744 3745 if (sc->sc_rx_ba_sessions >= IWM_MAX_RX_BA_SESSIONS || 3746 tid > IWM_MAX_TID_COUNT) 3747 return ENOSPC; 3748 3749 if (sc->ba_rx.start_tidmask & (1 << tid)) 3750 return EBUSY; 3751 3752 sc->ba_rx.start_tidmask |= (1 << tid); 3753 iwm_add_task(sc, systq, &sc->ba_task); 3754 3755 return EBUSY; 3756} 3757 3758/* 3759 * This function is called by upper layer on teardown of an HT-immediate 3760 * Block Ack agreement (eg. upon receipt of a DELBA frame). 3761 */ 3762void 3763iwm_ampdu_rx_stop(struct ieee80211com *ic, struct ieee80211_node *ni, 3764 uint8_t tid) 3765{ 3766 struct iwm_softc *sc = IC2IFP(ic)->if_softc; 3767 3768 if (tid > IWM_MAX_TID_COUNT || sc->ba_rx.stop_tidmask & (1 << tid)) 3769 return; 3770 3771 sc->ba_rx.stop_tidmask |= (1 << tid); 3772 iwm_add_task(sc, systq, &sc->ba_task); 3773} 3774 3775int 3776iwm_ampdu_tx_start(struct ieee80211com *ic, struct ieee80211_node *ni, 3777 uint8_t tid) 3778{ 3779 struct iwm_softc *sc = IC2IFP(ic)->if_softc; 3780 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 3781 int qid = IWM_FIRST_AGG_TX_QUEUE + tid; 3782 3783 /* We only implement Tx aggregation with DQA-capable firmware. */ 3784 if (!isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_DQA_SUPPORT)) 3785 return ENOTSUP; 3786 3787 /* Ensure we can map this TID to an aggregation queue. */ 3788 if (tid >= IWM_MAX_TID_COUNT) 3789 return EINVAL; 3790 3791 /* We only support a fixed Tx aggregation window size, for now. */ 3792 if (ba->ba_winsize != IWM_FRAME_LIMIT) 3793 return ENOTSUP; 3794 3795 /* Is firmware already using Tx aggregation on this queue? */ 3796 if ((sc->tx_ba_queue_mask & (1 << qid)) != 0) 3797 return ENOSPC; 3798 3799 /* Are we already processing an ADDBA request? */ 3800 if (sc->ba_tx.start_tidmask & (1 << tid)) 3801 return EBUSY; 3802 3803 sc->ba_tx.start_tidmask |= (1 << tid); 3804 iwm_add_task(sc, systq, &sc->ba_task); 3805 3806 return EBUSY; 3807} 3808 3809void 3810iwm_ampdu_tx_stop(struct ieee80211com *ic, struct ieee80211_node *ni, 3811 uint8_t tid) 3812{ 3813 struct iwm_softc *sc = IC2IFP(ic)->if_softc; 3814 int qid = IWM_FIRST_AGG_TX_QUEUE + tid; 3815 3816 if (tid > IWM_MAX_TID_COUNT || sc->ba_tx.stop_tidmask & (1 << tid)) 3817 return; 3818 3819 /* Is firmware currently using Tx aggregation on this queue? */ 3820 if ((sc->tx_ba_queue_mask & (1 << qid)) == 0) 3821 return; 3822 3823 sc->ba_tx.stop_tidmask |= (1 << tid); 3824 iwm_add_task(sc, systq, &sc->ba_task); 3825} 3826 3827void 3828iwm_set_hw_address_8000(struct iwm_softc *sc, struct iwm_nvm_data *data, 3829 const uint16_t *mac_override, const uint16_t *nvm_hw) 3830{ 3831 const uint8_t *hw_addr; 3832 3833 if (mac_override) { 3834 static const uint8_t reserved_mac[] = { 3835 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00 3836 }; 3837 3838 hw_addr = (const uint8_t *)(mac_override + 3839 IWM_MAC_ADDRESS_OVERRIDE_8000); 3840 3841 /* 3842 * Store the MAC address from MAO section. 3843 * No byte swapping is required in MAO section 3844 */ 3845 memcpy(data->hw_addr, hw_addr, ETHER_ADDR_LEN); 3846 3847 /* 3848 * Force the use of the OTP MAC address in case of reserved MAC 3849 * address in the NVM, or if address is given but invalid. 3850 */ 3851 if (memcmp(reserved_mac, hw_addr, ETHER_ADDR_LEN) != 0 && 3852 (memcmp(etherbroadcastaddr, data->hw_addr, 3853 sizeof(etherbroadcastaddr)) != 0) && 3854 (memcmp(etheranyaddr, data->hw_addr, 3855 sizeof(etheranyaddr)) != 0) && 3856 !ETHER_IS_MULTICAST(data->hw_addr)) 3857 return; 3858 } 3859 3860 if (nvm_hw) { 3861 /* Read the mac address from WFMP registers. */ 3862 uint32_t mac_addr0, mac_addr1; 3863 3864 if (!iwm_nic_lock(sc)) 3865 goto out; 3866 mac_addr0 = htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0)); 3867 mac_addr1 = htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1)); 3868 iwm_nic_unlock(sc); 3869 3870 hw_addr = (const uint8_t *)&mac_addr0; 3871 data->hw_addr[0] = hw_addr[3]; 3872 data->hw_addr[1] = hw_addr[2]; 3873 data->hw_addr[2] = hw_addr[1]; 3874 data->hw_addr[3] = hw_addr[0]; 3875 3876 hw_addr = (const uint8_t *)&mac_addr1; 3877 data->hw_addr[4] = hw_addr[1]; 3878 data->hw_addr[5] = hw_addr[0]; 3879 3880 return; 3881 } 3882out: 3883 printf("%s: mac address not found\n", DEVNAME(sc)); 3884 memset(data->hw_addr, 0, sizeof(data->hw_addr)); 3885} 3886 3887int 3888iwm_parse_nvm_data(struct iwm_softc *sc, const uint16_t *nvm_hw, 3889 const uint16_t *nvm_sw, const uint16_t *nvm_calib, 3890 const uint16_t *mac_override, const uint16_t *phy_sku, 3891 const uint16_t *regulatory, int n_regulatory) 3892{ 3893 struct iwm_nvm_data *data = &sc->sc_nvm; 3894 uint8_t hw_addr[ETHER_ADDR_LEN]; 3895 uint32_t sku; 3896 uint16_t lar_config; 3897 3898 data->nvm_version = le16_to_cpup(nvm_sw + IWM_NVM_VERSION); 3899 3900 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 3901 uint16_t radio_cfg = le16_to_cpup(nvm_sw + IWM_RADIO_CFG); 3902 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg); 3903 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg); 3904 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg); 3905 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg); 3906 3907 sku = le16_to_cpup(nvm_sw + IWM_SKU); 3908 } else { 3909 uint32_t radio_cfg = 3910 le32_to_cpup((uint32_t *)(phy_sku + IWM_RADIO_CFG_8000)); 3911 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg); 3912 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg); 3913 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg); 3914 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK_8000(radio_cfg); 3915 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg); 3916 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg); 3917 3918 sku = le32_to_cpup((uint32_t *)(phy_sku + IWM_SKU_8000)); 3919 } 3920 3921 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ; 3922 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ; 3923 data->sku_cap_11n_enable = sku & IWM_NVM_SKU_CAP_11N_ENABLE; 3924 data->sku_cap_11ac_enable = sku & IWM_NVM_SKU_CAP_11AC_ENABLE; 3925 data->sku_cap_mimo_disable = sku & IWM_NVM_SKU_CAP_MIMO_DISABLE; 3926 3927 if (sc->sc_device_family >= IWM_DEVICE_FAMILY_8000) { 3928 uint16_t lar_offset = data->nvm_version < 0xE39 ? 3929 IWM_NVM_LAR_OFFSET_8000_OLD : 3930 IWM_NVM_LAR_OFFSET_8000; 3931 3932 lar_config = le16_to_cpup(regulatory + lar_offset); 3933 data->lar_enabled = !!(lar_config & 3934 IWM_NVM_LAR_ENABLED_8000); 3935 data->n_hw_addrs = le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS_8000); 3936 } else 3937 data->n_hw_addrs = le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS); 3938 3939 3940 /* The byte order is little endian 16 bit, meaning 214365 */ 3941 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 3942 memcpy(hw_addr, nvm_hw + IWM_HW_ADDR, ETHER_ADDR_LEN); 3943 data->hw_addr[0] = hw_addr[1]; 3944 data->hw_addr[1] = hw_addr[0]; 3945 data->hw_addr[2] = hw_addr[3]; 3946 data->hw_addr[3] = hw_addr[2]; 3947 data->hw_addr[4] = hw_addr[5]; 3948 data->hw_addr[5] = hw_addr[4]; 3949 } else 3950 iwm_set_hw_address_8000(sc, data, mac_override, nvm_hw); 3951 3952 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 3953 if (sc->nvm_type == IWM_NVM_SDP) { 3954 iwm_init_channel_map(sc, regulatory, iwm_nvm_channels, 3955 MIN(n_regulatory, nitems(iwm_nvm_channels))); 3956 } else { 3957 iwm_init_channel_map(sc, &nvm_sw[IWM_NVM_CHANNELS], 3958 iwm_nvm_channels, nitems(iwm_nvm_channels)); 3959 } 3960 } else 3961 iwm_init_channel_map(sc, ®ulatory[IWM_NVM_CHANNELS_8000], 3962 iwm_nvm_channels_8000, 3963 MIN(n_regulatory, nitems(iwm_nvm_channels_8000))); 3964 3965 data->calib_version = 255; /* TODO: 3966 this value will prevent some checks from 3967 failing, we need to check if this 3968 field is still needed, and if it does, 3969 where is it in the NVM */ 3970 3971 return 0; 3972} 3973 3974int 3975iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections) 3976{ 3977 const uint16_t *hw, *sw, *calib, *mac_override = NULL, *phy_sku = NULL; 3978 const uint16_t *regulatory = NULL; 3979 int n_regulatory = 0; 3980 3981 /* Checking for required sections */ 3982 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 3983 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 3984 !sections[IWM_NVM_SECTION_TYPE_HW].data) { 3985 return ENOENT; 3986 } 3987 3988 hw = (const uint16_t *) sections[IWM_NVM_SECTION_TYPE_HW].data; 3989 3990 if (sc->nvm_type == IWM_NVM_SDP) { 3991 if (!sections[IWM_NVM_SECTION_TYPE_REGULATORY_SDP].data) 3992 return ENOENT; 3993 regulatory = (const uint16_t *) 3994 sections[IWM_NVM_SECTION_TYPE_REGULATORY_SDP].data; 3995 n_regulatory = 3996 sections[IWM_NVM_SECTION_TYPE_REGULATORY_SDP].length; 3997 } 3998 } else if (sc->sc_device_family >= IWM_DEVICE_FAMILY_8000) { 3999 /* SW and REGULATORY sections are mandatory */ 4000 if (!sections[IWM_NVM_SECTION_TYPE_SW].data || 4001 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) { 4002 return ENOENT; 4003 } 4004 /* MAC_OVERRIDE or at least HW section must exist */ 4005 if (!sections[IWM_NVM_SECTION_TYPE_HW_8000].data && 4006 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) { 4007 return ENOENT; 4008 } 4009 4010 /* PHY_SKU section is mandatory in B0 */ 4011 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) { 4012 return ENOENT; 4013 } 4014 4015 regulatory = (const uint16_t *) 4016 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data; 4017 n_regulatory = sections[IWM_NVM_SECTION_TYPE_REGULATORY].length; 4018 hw = (const uint16_t *) 4019 sections[IWM_NVM_SECTION_TYPE_HW_8000].data; 4020 mac_override = 4021 (const uint16_t *) 4022 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data; 4023 phy_sku = (const uint16_t *) 4024 sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data; 4025 } else { 4026 panic("unknown device family %d", sc->sc_device_family); 4027 } 4028 4029 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data; 4030 calib = (const uint16_t *) 4031 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data; 4032 4033 /* XXX should pass in the length of every section */ 4034 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override, 4035 phy_sku, regulatory, n_regulatory); 4036} 4037 4038int 4039iwm_nvm_init(struct iwm_softc *sc) 4040{ 4041 struct iwm_nvm_section nvm_sections[IWM_NVM_NUM_OF_SECTIONS]; 4042 int i, section, err; 4043 uint16_t len; 4044 uint8_t *buf; 4045 const size_t bufsz = sc->sc_nvm_max_section_size; 4046 4047 memset(nvm_sections, 0, sizeof(nvm_sections)); 4048 4049 buf = malloc(bufsz, M_DEVBUF, M_WAIT); 4050 if (buf == NULL) 4051 return ENOMEM; 4052 4053 for (i = 0; i < nitems(iwm_nvm_to_read); i++) { 4054 section = iwm_nvm_to_read[i]; 4055 KASSERT(section <= nitems(nvm_sections)); 4056 4057 err = iwm_nvm_read_section(sc, section, buf, &len, bufsz); 4058 if (err) { 4059 err = 0; 4060 continue; 4061 } 4062 nvm_sections[section].data = malloc(len, M_DEVBUF, M_WAIT); 4063 if (nvm_sections[section].data == NULL) { 4064 err = ENOMEM; 4065 break; 4066 } 4067 memcpy(nvm_sections[section].data, buf, len); 4068 nvm_sections[section].length = len; 4069 } 4070 free(buf, M_DEVBUF, bufsz); 4071 if (err == 0) 4072 err = iwm_parse_nvm_sections(sc, nvm_sections); 4073 4074 for (i = 0; i < IWM_NVM_NUM_OF_SECTIONS; i++) { 4075 if (nvm_sections[i].data != NULL) 4076 free(nvm_sections[i].data, M_DEVBUF, 4077 nvm_sections[i].length); 4078 } 4079 4080 return err; 4081} 4082 4083int 4084iwm_firmware_load_sect(struct iwm_softc *sc, uint32_t dst_addr, 4085 const uint8_t *section, uint32_t byte_cnt) 4086{ 4087 int err = EINVAL; 4088 uint32_t chunk_sz, offset; 4089 4090 chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, byte_cnt); 4091 4092 for (offset = 0; offset < byte_cnt; offset += chunk_sz) { 4093 uint32_t addr, len; 4094 const uint8_t *data; 4095 4096 addr = dst_addr + offset; 4097 len = MIN(chunk_sz, byte_cnt - offset); 4098 data = section + offset; 4099 4100 err = iwm_firmware_load_chunk(sc, addr, data, len); 4101 if (err) 4102 break; 4103 } 4104 4105 return err; 4106} 4107 4108int 4109iwm_firmware_load_chunk(struct iwm_softc *sc, uint32_t dst_addr, 4110 const uint8_t *chunk, uint32_t byte_cnt) 4111{ 4112 struct iwm_dma_info *dma = &sc->fw_dma; 4113 int err; 4114 4115 /* Copy firmware chunk into pre-allocated DMA-safe memory. */ 4116 memcpy(dma->vaddr, chunk, byte_cnt); 4117 bus_dmamap_sync(sc->sc_dmat, 4118 dma->map, 0, byte_cnt, BUS_DMASYNC_PREWRITE); 4119 4120 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 4121 dst_addr <= IWM_FW_MEM_EXTENDED_END) { 4122 err = iwm_set_bits_prph(sc, IWM_LMPM_CHICK, 4123 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 4124 if (err) 4125 return err; 4126 } 4127 4128 sc->sc_fw_chunk_done = 0; 4129 4130 if (!iwm_nic_lock(sc)) 4131 return EBUSY; 4132 4133 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 4134 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE); 4135 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL), 4136 dst_addr); 4137 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL), 4138 dma->paddr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK); 4139 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL), 4140 (iwm_get_dma_hi_addr(dma->paddr) 4141 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt); 4142 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL), 4143 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM | 4144 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX | 4145 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID); 4146 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL), 4147 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE | 4148 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE | 4149 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD); 4150 4151 iwm_nic_unlock(sc); 4152 4153 /* Wait for this segment to load. */ 4154 err = 0; 4155 while (!sc->sc_fw_chunk_done) { 4156 err = tsleep_nsec(&sc->sc_fw, 0, "iwmfw", SEC_TO_NSEC(1)); 4157 if (err) 4158 break; 4159 } 4160 4161 if (!sc->sc_fw_chunk_done) 4162 printf("%s: fw chunk addr 0x%x len %d failed to load\n", 4163 DEVNAME(sc), dst_addr, byte_cnt); 4164 4165 if (dst_addr >= IWM_FW_MEM_EXTENDED_START && 4166 dst_addr <= IWM_FW_MEM_EXTENDED_END) { 4167 int err2 = iwm_clear_bits_prph(sc, IWM_LMPM_CHICK, 4168 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE); 4169 if (!err) 4170 err = err2; 4171 } 4172 4173 return err; 4174} 4175 4176int 4177iwm_load_firmware_7000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 4178{ 4179 struct iwm_fw_sects *fws; 4180 int err, i; 4181 void *data; 4182 uint32_t dlen; 4183 uint32_t offset; 4184 4185 fws = &sc->sc_fw.fw_sects[ucode_type]; 4186 for (i = 0; i < fws->fw_count; i++) { 4187 data = fws->fw_sect[i].fws_data; 4188 dlen = fws->fw_sect[i].fws_len; 4189 offset = fws->fw_sect[i].fws_devoff; 4190 if (dlen > sc->sc_fwdmasegsz) { 4191 err = EFBIG; 4192 } else 4193 err = iwm_firmware_load_sect(sc, offset, data, dlen); 4194 if (err) { 4195 printf("%s: could not load firmware chunk %u of %u\n", 4196 DEVNAME(sc), i, fws->fw_count); 4197 return err; 4198 } 4199 } 4200 4201 iwm_enable_interrupts(sc); 4202 4203 IWM_WRITE(sc, IWM_CSR_RESET, 0); 4204 4205 return 0; 4206} 4207 4208int 4209iwm_load_cpu_sections_8000(struct iwm_softc *sc, struct iwm_fw_sects *fws, 4210 int cpu, int *first_ucode_section) 4211{ 4212 int shift_param; 4213 int i, err = 0, sec_num = 0x1; 4214 uint32_t val, last_read_idx = 0; 4215 void *data; 4216 uint32_t dlen; 4217 uint32_t offset; 4218 4219 if (cpu == 1) { 4220 shift_param = 0; 4221 *first_ucode_section = 0; 4222 } else { 4223 shift_param = 16; 4224 (*first_ucode_section)++; 4225 } 4226 4227 for (i = *first_ucode_section; i < IWM_UCODE_SECT_MAX; i++) { 4228 last_read_idx = i; 4229 data = fws->fw_sect[i].fws_data; 4230 dlen = fws->fw_sect[i].fws_len; 4231 offset = fws->fw_sect[i].fws_devoff; 4232 4233 /* 4234 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between 4235 * CPU1 to CPU2. 4236 * PAGING_SEPARATOR_SECTION delimiter - separate between 4237 * CPU2 non paged to CPU2 paging sec. 4238 */ 4239 if (!data || offset == IWM_CPU1_CPU2_SEPARATOR_SECTION || 4240 offset == IWM_PAGING_SEPARATOR_SECTION) 4241 break; 4242 4243 if (dlen > sc->sc_fwdmasegsz) { 4244 err = EFBIG; 4245 } else 4246 err = iwm_firmware_load_sect(sc, offset, data, dlen); 4247 if (err) { 4248 printf("%s: could not load firmware chunk %d " 4249 "(error %d)\n", DEVNAME(sc), i, err); 4250 return err; 4251 } 4252 4253 /* Notify the ucode of the loaded section number and status */ 4254 if (iwm_nic_lock(sc)) { 4255 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS); 4256 val = val | (sec_num << shift_param); 4257 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val); 4258 sec_num = (sec_num << 1) | 0x1; 4259 iwm_nic_unlock(sc); 4260 } else { 4261 err = EBUSY; 4262 printf("%s: could not load firmware chunk %d " 4263 "(error %d)\n", DEVNAME(sc), i, err); 4264 return err; 4265 } 4266 } 4267 4268 *first_ucode_section = last_read_idx; 4269 4270 if (iwm_nic_lock(sc)) { 4271 if (cpu == 1) 4272 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF); 4273 else 4274 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF); 4275 iwm_nic_unlock(sc); 4276 } else { 4277 err = EBUSY; 4278 printf("%s: could not finalize firmware loading (error %d)\n", 4279 DEVNAME(sc), err); 4280 return err; 4281 } 4282 4283 return 0; 4284} 4285 4286int 4287iwm_load_firmware_8000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 4288{ 4289 struct iwm_fw_sects *fws; 4290 int err = 0; 4291 int first_ucode_section; 4292 4293 fws = &sc->sc_fw.fw_sects[ucode_type]; 4294 4295 /* configure the ucode to be ready to get the secured image */ 4296 /* release CPU reset */ 4297 if (iwm_nic_lock(sc)) { 4298 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET, 4299 IWM_RELEASE_CPU_RESET_BIT); 4300 iwm_nic_unlock(sc); 4301 } 4302 4303 /* load to FW the binary Secured sections of CPU1 */ 4304 err = iwm_load_cpu_sections_8000(sc, fws, 1, &first_ucode_section); 4305 if (err) 4306 return err; 4307 4308 /* load to FW the binary sections of CPU2 */ 4309 err = iwm_load_cpu_sections_8000(sc, fws, 2, &first_ucode_section); 4310 if (err) 4311 return err; 4312 4313 iwm_enable_interrupts(sc); 4314 return 0; 4315} 4316 4317int 4318iwm_load_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 4319{ 4320 int err; 4321 4322 splassert(IPL_NET); 4323 4324 sc->sc_uc.uc_intr = 0; 4325 sc->sc_uc.uc_ok = 0; 4326 4327 if (sc->sc_device_family >= IWM_DEVICE_FAMILY_8000) 4328 err = iwm_load_firmware_8000(sc, ucode_type); 4329 else 4330 err = iwm_load_firmware_7000(sc, ucode_type); 4331 4332 if (err) 4333 return err; 4334 4335 /* wait for the firmware to load */ 4336 err = tsleep_nsec(&sc->sc_uc, 0, "iwmuc", SEC_TO_NSEC(1)); 4337 if (err || !sc->sc_uc.uc_ok) 4338 printf("%s: could not load firmware\n", DEVNAME(sc)); 4339 4340 return err; 4341} 4342 4343int 4344iwm_start_fw(struct iwm_softc *sc, enum iwm_ucode_type ucode_type) 4345{ 4346 int err; 4347 4348 IWM_WRITE(sc, IWM_CSR_INT, ~0); 4349 4350 err = iwm_nic_init(sc); 4351 if (err) { 4352 printf("%s: unable to init nic\n", DEVNAME(sc)); 4353 return err; 4354 } 4355 4356 /* make sure rfkill handshake bits are cleared */ 4357 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 4358 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, 4359 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED); 4360 4361 /* clear (again), then enable firmware load interrupt */ 4362 IWM_WRITE(sc, IWM_CSR_INT, ~0); 4363 iwm_enable_fwload_interrupt(sc); 4364 4365 /* really make sure rfkill handshake bits are cleared */ 4366 /* maybe we should write a few times more? just to make sure */ 4367 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 4368 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL); 4369 4370 return iwm_load_firmware(sc, ucode_type); 4371} 4372 4373int 4374iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant) 4375{ 4376 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = { 4377 .valid = htole32(valid_tx_ant), 4378 }; 4379 4380 return iwm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD, 4381 0, sizeof(tx_ant_cmd), &tx_ant_cmd); 4382} 4383 4384int 4385iwm_send_phy_cfg_cmd(struct iwm_softc *sc) 4386{ 4387 struct iwm_phy_cfg_cmd phy_cfg_cmd; 4388 enum iwm_ucode_type ucode_type = sc->sc_uc_current; 4389 4390 phy_cfg_cmd.phy_cfg = htole32(sc->sc_fw_phy_config | 4391 sc->sc_extra_phy_config); 4392 phy_cfg_cmd.calib_control.event_trigger = 4393 sc->sc_default_calib[ucode_type].event_trigger; 4394 phy_cfg_cmd.calib_control.flow_trigger = 4395 sc->sc_default_calib[ucode_type].flow_trigger; 4396 4397 return iwm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, 0, 4398 sizeof(phy_cfg_cmd), &phy_cfg_cmd); 4399} 4400 4401int 4402iwm_send_dqa_cmd(struct iwm_softc *sc) 4403{ 4404 struct iwm_dqa_enable_cmd dqa_cmd = { 4405 .cmd_queue = htole32(IWM_DQA_CMD_QUEUE), 4406 }; 4407 uint32_t cmd_id; 4408 4409 cmd_id = iwm_cmd_id(IWM_DQA_ENABLE_CMD, IWM_DATA_PATH_GROUP, 0); 4410 return iwm_send_cmd_pdu(sc, cmd_id, 0, sizeof(dqa_cmd), &dqa_cmd); 4411} 4412 4413int 4414iwm_load_ucode_wait_alive(struct iwm_softc *sc, 4415 enum iwm_ucode_type ucode_type) 4416{ 4417 enum iwm_ucode_type old_type = sc->sc_uc_current; 4418 struct iwm_fw_sects *fw = &sc->sc_fw.fw_sects[ucode_type]; 4419 int err; 4420 4421 err = iwm_read_firmware(sc); 4422 if (err) 4423 return err; 4424 4425 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_DQA_SUPPORT)) 4426 sc->cmdqid = IWM_DQA_CMD_QUEUE; 4427 else 4428 sc->cmdqid = IWM_CMD_QUEUE; 4429 4430 sc->sc_uc_current = ucode_type; 4431 err = iwm_start_fw(sc, ucode_type); 4432 if (err) { 4433 sc->sc_uc_current = old_type; 4434 return err; 4435 } 4436 4437 err = iwm_post_alive(sc); 4438 if (err) 4439 return err; 4440 4441 /* 4442 * configure and operate fw paging mechanism. 4443 * driver configures the paging flow only once, CPU2 paging image 4444 * included in the IWM_UCODE_INIT image. 4445 */ 4446 if (fw->paging_mem_size) { 4447 err = iwm_save_fw_paging(sc, fw); 4448 if (err) { 4449 printf("%s: failed to save the FW paging image\n", 4450 DEVNAME(sc)); 4451 return err; 4452 } 4453 4454 err = iwm_send_paging_cmd(sc, fw); 4455 if (err) { 4456 printf("%s: failed to send the paging cmd\n", 4457 DEVNAME(sc)); 4458 iwm_free_fw_paging(sc); 4459 return err; 4460 } 4461 } 4462 4463 return 0; 4464} 4465 4466int 4467iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm) 4468{ 4469 const int wait_flags = (IWM_INIT_COMPLETE | IWM_CALIB_COMPLETE); 4470 int err, s; 4471 4472 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) { 4473 printf("%s: radio is disabled by hardware switch\n", 4474 DEVNAME(sc)); 4475 return EPERM; 4476 } 4477 4478 s = splnet(); 4479 sc->sc_init_complete = 0; 4480 err = iwm_load_ucode_wait_alive(sc, IWM_UCODE_TYPE_INIT); 4481 if (err) { 4482 printf("%s: failed to load init firmware\n", DEVNAME(sc)); 4483 splx(s); 4484 return err; 4485 } 4486 4487 if (sc->sc_device_family < IWM_DEVICE_FAMILY_8000) { 4488 err = iwm_send_bt_init_conf(sc); 4489 if (err) { 4490 printf("%s: could not init bt coex (error %d)\n", 4491 DEVNAME(sc), err); 4492 splx(s); 4493 return err; 4494 } 4495 } 4496 4497 if (justnvm) { 4498 err = iwm_nvm_init(sc); 4499 if (err) { 4500 printf("%s: failed to read nvm\n", DEVNAME(sc)); 4501 splx(s); 4502 return err; 4503 } 4504 4505 if (IEEE80211_ADDR_EQ(etheranyaddr, sc->sc_ic.ic_myaddr)) 4506 IEEE80211_ADDR_COPY(sc->sc_ic.ic_myaddr, 4507 sc->sc_nvm.hw_addr); 4508 4509 splx(s); 4510 return 0; 4511 } 4512 4513 err = iwm_sf_config(sc, IWM_SF_INIT_OFF); 4514 if (err) { 4515 splx(s); 4516 return err; 4517 } 4518 4519 /* Send TX valid antennas before triggering calibrations */ 4520 err = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc)); 4521 if (err) { 4522 splx(s); 4523 return err; 4524 } 4525 4526 /* 4527 * Send phy configurations command to init uCode 4528 * to start the 16.0 uCode init image internal calibrations. 4529 */ 4530 err = iwm_send_phy_cfg_cmd(sc); 4531 if (err) { 4532 splx(s); 4533 return err; 4534 } 4535 4536 /* 4537 * Nothing to do but wait for the init complete and phy DB 4538 * notifications from the firmware. 4539 */ 4540 while ((sc->sc_init_complete & wait_flags) != wait_flags) { 4541 err = tsleep_nsec(&sc->sc_init_complete, 0, "iwminit", 4542 SEC_TO_NSEC(2)); 4543 if (err) 4544 break; 4545 } 4546 4547 splx(s); 4548 return err; 4549} 4550 4551int 4552iwm_config_ltr(struct iwm_softc *sc) 4553{ 4554 struct iwm_ltr_config_cmd cmd = { 4555 .flags = htole32(IWM_LTR_CFG_FLAG_FEATURE_ENABLE), 4556 }; 4557 4558 if (!sc->sc_ltr_enabled) 4559 return 0; 4560 4561 return iwm_send_cmd_pdu(sc, IWM_LTR_CONFIG, 0, sizeof(cmd), &cmd); 4562} 4563 4564int 4565iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx) 4566{ 4567 struct iwm_rx_ring *ring = &sc->rxq; 4568 struct iwm_rx_data *data = &ring->data[idx]; 4569 struct mbuf *m; 4570 int err; 4571 int fatal = 0; 4572 4573 m = m_gethdr(M_DONTWAIT, MT_DATA); 4574 if (m == NULL) 4575 return ENOBUFS; 4576 4577 if (size <= MCLBYTES) { 4578 MCLGET(m, M_DONTWAIT); 4579 } else { 4580 MCLGETL(m, M_DONTWAIT, IWM_RBUF_SIZE); 4581 } 4582 if ((m->m_flags & M_EXT) == 0) { 4583 m_freem(m); 4584 return ENOBUFS; 4585 } 4586 4587 if (data->m != NULL) { 4588 bus_dmamap_unload(sc->sc_dmat, data->map); 4589 fatal = 1; 4590 } 4591 4592 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size; 4593 err = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 4594 BUS_DMA_READ|BUS_DMA_NOWAIT); 4595 if (err) { 4596 /* XXX */ 4597 if (fatal) 4598 panic("iwm: could not load RX mbuf"); 4599 m_freem(m); 4600 return err; 4601 } 4602 data->m = m; 4603 bus_dmamap_sync(sc->sc_dmat, data->map, 0, size, BUS_DMASYNC_PREREAD); 4604 4605 /* Update RX descriptor. */ 4606 if (sc->sc_mqrx_supported) { 4607 ((uint64_t *)ring->desc)[idx] = 4608 htole64(data->map->dm_segs[0].ds_addr); 4609 bus_dmamap_sync(sc->sc_dmat, ring->free_desc_dma.map, 4610 idx * sizeof(uint64_t), sizeof(uint64_t), 4611 BUS_DMASYNC_PREWRITE); 4612 } else { 4613 ((uint32_t *)ring->desc)[idx] = 4614 htole32(data->map->dm_segs[0].ds_addr >> 8); 4615 bus_dmamap_sync(sc->sc_dmat, ring->free_desc_dma.map, 4616 idx * sizeof(uint32_t), sizeof(uint32_t), 4617 BUS_DMASYNC_PREWRITE); 4618 } 4619 4620 return 0; 4621} 4622 4623/* 4624 * RSSI values are reported by the FW as positive values - need to negate 4625 * to obtain their dBM. Account for missing antennas by replacing 0 4626 * values by -256dBm: practically 0 power and a non-feasible 8 bit value. 4627 */ 4628int 4629iwm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info) 4630{ 4631 int energy_a, energy_b, energy_c, max_energy; 4632 uint32_t val; 4633 4634 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]); 4635 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >> 4636 IWM_RX_INFO_ENERGY_ANT_A_POS; 4637 energy_a = energy_a ? -energy_a : -256; 4638 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >> 4639 IWM_RX_INFO_ENERGY_ANT_B_POS; 4640 energy_b = energy_b ? -energy_b : -256; 4641 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >> 4642 IWM_RX_INFO_ENERGY_ANT_C_POS; 4643 energy_c = energy_c ? -energy_c : -256; 4644 max_energy = MAX(energy_a, energy_b); 4645 max_energy = MAX(max_energy, energy_c); 4646 4647 return max_energy; 4648} 4649 4650int 4651iwm_rxmq_get_signal_strength(struct iwm_softc *sc, 4652 struct iwm_rx_mpdu_desc *desc) 4653{ 4654 int energy_a, energy_b; 4655 4656 energy_a = desc->v1.energy_a; 4657 energy_b = desc->v1.energy_b; 4658 energy_a = energy_a ? -energy_a : -256; 4659 energy_b = energy_b ? -energy_b : -256; 4660 return MAX(energy_a, energy_b); 4661} 4662 4663void 4664iwm_rx_rx_phy_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 4665 struct iwm_rx_data *data) 4666{ 4667 struct iwm_rx_phy_info *phy_info = (void *)pkt->data; 4668 4669 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof(*pkt), 4670 sizeof(*phy_info), BUS_DMASYNC_POSTREAD); 4671 4672 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info)); 4673} 4674 4675/* 4676 * Retrieve the average noise (in dBm) among receivers. 4677 */ 4678int 4679iwm_get_noise(const struct iwm_statistics_rx_non_phy *stats) 4680{ 4681 int i, total, nbant, noise; 4682 4683 total = nbant = noise = 0; 4684 for (i = 0; i < 3; i++) { 4685 noise = letoh32(stats->beacon_silence_rssi[i]) & 0xff; 4686 if (noise) { 4687 total += noise; 4688 nbant++; 4689 } 4690 } 4691 4692 /* There should be at least one antenna but check anyway. */ 4693 return (nbant == 0) ? -127 : (total / nbant) - 107; 4694} 4695 4696int 4697iwm_ccmp_decap(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 4698 struct ieee80211_rxinfo *rxi) 4699{ 4700 struct ieee80211com *ic = &sc->sc_ic; 4701 struct ieee80211_key *k = &ni->ni_pairwise_key; 4702 struct ieee80211_frame *wh; 4703 uint64_t pn, *prsc; 4704 uint8_t *ivp; 4705 uint8_t tid; 4706 int hdrlen, hasqos; 4707 4708 wh = mtod(m, struct ieee80211_frame *); 4709 hdrlen = ieee80211_get_hdrlen(wh); 4710 ivp = (uint8_t *)wh + hdrlen; 4711 4712 /* Check that ExtIV bit is set. */ 4713 if (!(ivp[3] & IEEE80211_WEP_EXTIV)) 4714 return 1; 4715 4716 hasqos = ieee80211_has_qos(wh); 4717 tid = hasqos ? ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0; 4718 prsc = &k->k_rsc[tid]; 4719 4720 /* Extract the 48-bit PN from the CCMP header. */ 4721 pn = (uint64_t)ivp[0] | 4722 (uint64_t)ivp[1] << 8 | 4723 (uint64_t)ivp[4] << 16 | 4724 (uint64_t)ivp[5] << 24 | 4725 (uint64_t)ivp[6] << 32 | 4726 (uint64_t)ivp[7] << 40; 4727 if (rxi->rxi_flags & IEEE80211_RXI_HWDEC_SAME_PN) { 4728 if (pn < *prsc) { 4729 ic->ic_stats.is_ccmp_replays++; 4730 return 1; 4731 } 4732 } else if (pn <= *prsc) { 4733 ic->ic_stats.is_ccmp_replays++; 4734 return 1; 4735 } 4736 /* Last seen packet number is updated in ieee80211_inputm(). */ 4737 4738 /* 4739 * Some firmware versions strip the MIC, and some don't. It is not 4740 * clear which of the capability flags could tell us what to expect. 4741 * For now, keep things simple and just leave the MIC in place if 4742 * it is present. 4743 * 4744 * The IV will be stripped by ieee80211_inputm(). 4745 */ 4746 return 0; 4747} 4748 4749int 4750iwm_rx_hwdecrypt(struct iwm_softc *sc, struct mbuf *m, uint32_t rx_pkt_status, 4751 struct ieee80211_rxinfo *rxi) 4752{ 4753 struct ieee80211com *ic = &sc->sc_ic; 4754 struct ifnet *ifp = IC2IFP(ic); 4755 struct ieee80211_frame *wh; 4756 struct ieee80211_node *ni; 4757 int ret = 0; 4758 uint8_t type, subtype; 4759 4760 wh = mtod(m, struct ieee80211_frame *); 4761 4762 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 4763 if (type == IEEE80211_FC0_TYPE_CTL) 4764 return 0; 4765 4766 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 4767 if (ieee80211_has_qos(wh) && (subtype & IEEE80211_FC0_SUBTYPE_NODATA)) 4768 return 0; 4769 4770 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 4771 !(wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) 4772 return 0; 4773 4774 ni = ieee80211_find_rxnode(ic, wh); 4775 /* Handle hardware decryption. */ 4776 if ((ni->ni_flags & IEEE80211_NODE_RXPROT) && 4777 ni->ni_pairwise_key.k_cipher == IEEE80211_CIPHER_CCMP) { 4778 if ((rx_pkt_status & IWM_RX_MPDU_RES_STATUS_SEC_ENC_MSK) != 4779 IWM_RX_MPDU_RES_STATUS_SEC_CCM_ENC) { 4780 ic->ic_stats.is_ccmp_dec_errs++; 4781 ret = 1; 4782 goto out; 4783 } 4784 /* Check whether decryption was successful or not. */ 4785 if ((rx_pkt_status & 4786 (IWM_RX_MPDU_RES_STATUS_DEC_DONE | 4787 IWM_RX_MPDU_RES_STATUS_MIC_OK)) != 4788 (IWM_RX_MPDU_RES_STATUS_DEC_DONE | 4789 IWM_RX_MPDU_RES_STATUS_MIC_OK)) { 4790 ic->ic_stats.is_ccmp_dec_errs++; 4791 ret = 1; 4792 goto out; 4793 } 4794 rxi->rxi_flags |= IEEE80211_RXI_HWDEC; 4795 } 4796out: 4797 if (ret) 4798 ifp->if_ierrors++; 4799 ieee80211_release_node(ic, ni); 4800 return ret; 4801} 4802 4803void 4804iwm_rx_frame(struct iwm_softc *sc, struct mbuf *m, int chanidx, 4805 uint32_t rx_pkt_status, int is_shortpre, int rate_n_flags, 4806 uint32_t device_timestamp, struct ieee80211_rxinfo *rxi, 4807 struct mbuf_list *ml) 4808{ 4809 struct ieee80211com *ic = &sc->sc_ic; 4810 struct ifnet *ifp = IC2IFP(ic); 4811 struct ieee80211_frame *wh; 4812 struct ieee80211_node *ni; 4813 4814 if (chanidx < 0 || chanidx >= nitems(ic->ic_channels)) 4815 chanidx = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 4816 4817 wh = mtod(m, struct ieee80211_frame *); 4818 ni = ieee80211_find_rxnode(ic, wh); 4819 if ((rxi->rxi_flags & IEEE80211_RXI_HWDEC) && 4820 iwm_ccmp_decap(sc, m, ni, rxi) != 0) { 4821 ifp->if_ierrors++; 4822 m_freem(m); 4823 ieee80211_release_node(ic, ni); 4824 return; 4825 } 4826 4827#if NBPFILTER > 0 4828 if (sc->sc_drvbpf != NULL) { 4829 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap; 4830 uint16_t chan_flags; 4831 4832 tap->wr_flags = 0; 4833 if (is_shortpre) 4834 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 4835 tap->wr_chan_freq = 4836 htole16(ic->ic_channels[chanidx].ic_freq); 4837 chan_flags = ic->ic_channels[chanidx].ic_flags; 4838 if (ic->ic_curmode != IEEE80211_MODE_11N && 4839 ic->ic_curmode != IEEE80211_MODE_11AC) { 4840 chan_flags &= ~IEEE80211_CHAN_HT; 4841 chan_flags &= ~IEEE80211_CHAN_40MHZ; 4842 } 4843 if (ic->ic_curmode != IEEE80211_MODE_11AC) 4844 chan_flags &= ~IEEE80211_CHAN_VHT; 4845 tap->wr_chan_flags = htole16(chan_flags); 4846 tap->wr_dbm_antsignal = (int8_t)rxi->rxi_rssi; 4847 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise; 4848 tap->wr_tsft = device_timestamp; 4849 if (rate_n_flags & IWM_RATE_MCS_HT_MSK) { 4850 uint8_t mcs = (rate_n_flags & 4851 (IWM_RATE_HT_MCS_RATE_CODE_MSK | 4852 IWM_RATE_HT_MCS_NSS_MSK)); 4853 tap->wr_rate = (0x80 | mcs); 4854 } else { 4855 uint8_t rate = (rate_n_flags & 4856 IWM_RATE_LEGACY_RATE_MSK); 4857 switch (rate) { 4858 /* CCK rates. */ 4859 case 10: tap->wr_rate = 2; break; 4860 case 20: tap->wr_rate = 4; break; 4861 case 55: tap->wr_rate = 11; break; 4862 case 110: tap->wr_rate = 22; break; 4863 /* OFDM rates. */ 4864 case 0xd: tap->wr_rate = 12; break; 4865 case 0xf: tap->wr_rate = 18; break; 4866 case 0x5: tap->wr_rate = 24; break; 4867 case 0x7: tap->wr_rate = 36; break; 4868 case 0x9: tap->wr_rate = 48; break; 4869 case 0xb: tap->wr_rate = 72; break; 4870 case 0x1: tap->wr_rate = 96; break; 4871 case 0x3: tap->wr_rate = 108; break; 4872 /* Unknown rate: should not happen. */ 4873 default: tap->wr_rate = 0; 4874 } 4875 } 4876 4877 bpf_mtap_hdr(sc->sc_drvbpf, tap, sc->sc_rxtap_len, 4878 m, BPF_DIRECTION_IN); 4879 } 4880#endif 4881 ieee80211_inputm(IC2IFP(ic), m, ni, rxi, ml); 4882 ieee80211_release_node(ic, ni); 4883} 4884 4885void 4886iwm_rx_mpdu(struct iwm_softc *sc, struct mbuf *m, void *pktdata, 4887 size_t maxlen, struct mbuf_list *ml) 4888{ 4889 struct ieee80211com *ic = &sc->sc_ic; 4890 struct ieee80211_rxinfo rxi; 4891 struct iwm_rx_phy_info *phy_info; 4892 struct iwm_rx_mpdu_res_start *rx_res; 4893 int device_timestamp; 4894 uint16_t phy_flags; 4895 uint32_t len; 4896 uint32_t rx_pkt_status; 4897 int rssi, chanidx, rate_n_flags; 4898 4899 memset(&rxi, 0, sizeof(rxi)); 4900 4901 phy_info = &sc->sc_last_phy_info; 4902 rx_res = (struct iwm_rx_mpdu_res_start *)pktdata; 4903 len = le16toh(rx_res->byte_count); 4904 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 4905 /* Allow control frames in monitor mode. */ 4906 if (len < sizeof(struct ieee80211_frame_cts)) { 4907 ic->ic_stats.is_rx_tooshort++; 4908 IC2IFP(ic)->if_ierrors++; 4909 m_freem(m); 4910 return; 4911 } 4912 } else if (len < sizeof(struct ieee80211_frame)) { 4913 ic->ic_stats.is_rx_tooshort++; 4914 IC2IFP(ic)->if_ierrors++; 4915 m_freem(m); 4916 return; 4917 } 4918 if (len > maxlen - sizeof(*rx_res)) { 4919 IC2IFP(ic)->if_ierrors++; 4920 m_freem(m); 4921 return; 4922 } 4923 4924 if (__predict_false(phy_info->cfg_phy_cnt > 20)) { 4925 m_freem(m); 4926 return; 4927 } 4928 4929 rx_pkt_status = le32toh(*(uint32_t *)(pktdata + sizeof(*rx_res) + len)); 4930 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) || 4931 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) { 4932 m_freem(m); 4933 return; /* drop */ 4934 } 4935 4936 m->m_data = pktdata + sizeof(*rx_res); 4937 m->m_pkthdr.len = m->m_len = len; 4938 4939 if (iwm_rx_hwdecrypt(sc, m, rx_pkt_status, &rxi)) { 4940 m_freem(m); 4941 return; 4942 } 4943 4944 chanidx = letoh32(phy_info->channel); 4945 device_timestamp = le32toh(phy_info->system_timestamp); 4946 phy_flags = letoh16(phy_info->phy_flags); 4947 rate_n_flags = le32toh(phy_info->rate_n_flags); 4948 4949 rssi = iwm_get_signal_strength(sc, phy_info); 4950 rssi = (0 - IWM_MIN_DBM) + rssi; /* normalize */ 4951 rssi = MIN(rssi, ic->ic_max_rssi); /* clip to max. 100% */ 4952 4953 rxi.rxi_rssi = rssi; 4954 rxi.rxi_tstamp = device_timestamp; 4955 rxi.rxi_chan = chanidx; 4956 4957 iwm_rx_frame(sc, m, chanidx, rx_pkt_status, 4958 (phy_flags & IWM_PHY_INFO_FLAG_SHPREAMBLE), 4959 rate_n_flags, device_timestamp, &rxi, ml); 4960} 4961 4962void 4963iwm_flip_address(uint8_t *addr) 4964{ 4965 int i; 4966 uint8_t mac_addr[ETHER_ADDR_LEN]; 4967 4968 for (i = 0; i < ETHER_ADDR_LEN; i++) 4969 mac_addr[i] = addr[ETHER_ADDR_LEN - i - 1]; 4970 IEEE80211_ADDR_COPY(addr, mac_addr); 4971} 4972 4973/* 4974 * Drop duplicate 802.11 retransmissions 4975 * (IEEE 802.11-2012: 9.3.2.10 "Duplicate detection and recovery") 4976 * and handle pseudo-duplicate frames which result from deaggregation 4977 * of A-MSDU frames in hardware. 4978 */ 4979int 4980iwm_detect_duplicate(struct iwm_softc *sc, struct mbuf *m, 4981 struct iwm_rx_mpdu_desc *desc, struct ieee80211_rxinfo *rxi) 4982{ 4983 struct ieee80211com *ic = &sc->sc_ic; 4984 struct iwm_node *in = (void *)ic->ic_bss; 4985 struct iwm_rxq_dup_data *dup_data = &in->dup_data; 4986 uint8_t tid = IWM_MAX_TID_COUNT, subframe_idx; 4987 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); 4988 uint8_t type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 4989 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 4990 int hasqos = ieee80211_has_qos(wh); 4991 uint16_t seq; 4992 4993 if (type == IEEE80211_FC0_TYPE_CTL || 4994 (hasqos && (subtype & IEEE80211_FC0_SUBTYPE_NODATA)) || 4995 IEEE80211_IS_MULTICAST(wh->i_addr1)) 4996 return 0; 4997 4998 if (hasqos) { 4999 tid = (ieee80211_get_qos(wh) & IEEE80211_QOS_TID); 5000 if (tid > IWM_MAX_TID_COUNT) 5001 tid = IWM_MAX_TID_COUNT; 5002 } 5003 5004 /* If this wasn't a part of an A-MSDU the sub-frame index will be 0 */ 5005 subframe_idx = desc->amsdu_info & 5006 IWM_RX_MPDU_AMSDU_SUBFRAME_IDX_MASK; 5007 5008 seq = letoh16(*(u_int16_t *)wh->i_seq) >> IEEE80211_SEQ_SEQ_SHIFT; 5009 if ((wh->i_fc[1] & IEEE80211_FC1_RETRY) && 5010 dup_data->last_seq[tid] == seq && 5011 dup_data->last_sub_frame[tid] >= subframe_idx) 5012 return 1; 5013 5014 /* 5015 * Allow the same frame sequence number for all A-MSDU subframes 5016 * following the first subframe. 5017 * Otherwise these subframes would be discarded as replays. 5018 */ 5019 if (dup_data->last_seq[tid] == seq && 5020 subframe_idx > dup_data->last_sub_frame[tid] && 5021 (desc->mac_flags2 & IWM_RX_MPDU_MFLG2_AMSDU)) { 5022 rxi->rxi_flags |= IEEE80211_RXI_SAME_SEQ; 5023 } 5024 5025 dup_data->last_seq[tid] = seq; 5026 dup_data->last_sub_frame[tid] = subframe_idx; 5027 5028 return 0; 5029} 5030 5031/* 5032 * Returns true if sn2 - buffer_size < sn1 < sn2. 5033 * To be used only in order to compare reorder buffer head with NSSN. 5034 * We fully trust NSSN unless it is behind us due to reorder timeout. 5035 * Reorder timeout can only bring us up to buffer_size SNs ahead of NSSN. 5036 */ 5037int 5038iwm_is_sn_less(uint16_t sn1, uint16_t sn2, uint16_t buffer_size) 5039{ 5040 return SEQ_LT(sn1, sn2) && !SEQ_LT(sn1, sn2 - buffer_size); 5041} 5042 5043void 5044iwm_release_frames(struct iwm_softc *sc, struct ieee80211_node *ni, 5045 struct iwm_rxba_data *rxba, struct iwm_reorder_buffer *reorder_buf, 5046 uint16_t nssn, struct mbuf_list *ml) 5047{ 5048 struct iwm_reorder_buf_entry *entries = &rxba->entries[0]; 5049 uint16_t ssn = reorder_buf->head_sn; 5050 5051 /* ignore nssn smaller than head sn - this can happen due to timeout */ 5052 if (iwm_is_sn_less(nssn, ssn, reorder_buf->buf_size)) 5053 goto set_timer; 5054 5055 while (iwm_is_sn_less(ssn, nssn, reorder_buf->buf_size)) { 5056 int index = ssn % reorder_buf->buf_size; 5057 struct mbuf *m; 5058 int chanidx, is_shortpre; 5059 uint32_t rx_pkt_status, rate_n_flags, device_timestamp; 5060 struct ieee80211_rxinfo *rxi; 5061 5062 /* This data is the same for all A-MSDU subframes. */ 5063 chanidx = entries[index].chanidx; 5064 rx_pkt_status = entries[index].rx_pkt_status; 5065 is_shortpre = entries[index].is_shortpre; 5066 rate_n_flags = entries[index].rate_n_flags; 5067 device_timestamp = entries[index].device_timestamp; 5068 rxi = &entries[index].rxi; 5069 5070 /* 5071 * Empty the list. Will have more than one frame for A-MSDU. 5072 * Empty list is valid as well since nssn indicates frames were 5073 * received. 5074 */ 5075 while ((m = ml_dequeue(&entries[index].frames)) != NULL) { 5076 iwm_rx_frame(sc, m, chanidx, rx_pkt_status, is_shortpre, 5077 rate_n_flags, device_timestamp, rxi, ml); 5078 reorder_buf->num_stored--; 5079 5080 /* 5081 * Allow the same frame sequence number and CCMP PN for 5082 * all A-MSDU subframes following the first subframe. 5083 * Otherwise they would be discarded as replays. 5084 */ 5085 rxi->rxi_flags |= IEEE80211_RXI_SAME_SEQ; 5086 rxi->rxi_flags |= IEEE80211_RXI_HWDEC_SAME_PN; 5087 } 5088 5089 ssn = (ssn + 1) & 0xfff; 5090 } 5091 reorder_buf->head_sn = nssn; 5092 5093set_timer: 5094 if (reorder_buf->num_stored && !reorder_buf->removed) { 5095 timeout_add_usec(&reorder_buf->reorder_timer, 5096 RX_REORDER_BUF_TIMEOUT_MQ_USEC); 5097 } else 5098 timeout_del(&reorder_buf->reorder_timer); 5099} 5100 5101int 5102iwm_oldsn_workaround(struct iwm_softc *sc, struct ieee80211_node *ni, int tid, 5103 struct iwm_reorder_buffer *buffer, uint32_t reorder_data, uint32_t gp2) 5104{ 5105 struct ieee80211com *ic = &sc->sc_ic; 5106 5107 if (gp2 != buffer->consec_oldsn_ampdu_gp2) { 5108 /* we have a new (A-)MPDU ... */ 5109 5110 /* 5111 * reset counter to 0 if we didn't have any oldsn in 5112 * the last A-MPDU (as detected by GP2 being identical) 5113 */ 5114 if (!buffer->consec_oldsn_prev_drop) 5115 buffer->consec_oldsn_drops = 0; 5116 5117 /* either way, update our tracking state */ 5118 buffer->consec_oldsn_ampdu_gp2 = gp2; 5119 } else if (buffer->consec_oldsn_prev_drop) { 5120 /* 5121 * tracking state didn't change, and we had an old SN 5122 * indication before - do nothing in this case, we 5123 * already noted this one down and are waiting for the 5124 * next A-MPDU (by GP2) 5125 */ 5126 return 0; 5127 } 5128 5129 /* return unless this MPDU has old SN */ 5130 if (!(reorder_data & IWM_RX_MPDU_REORDER_BA_OLD_SN)) 5131 return 0; 5132 5133 /* update state */ 5134 buffer->consec_oldsn_prev_drop = 1; 5135 buffer->consec_oldsn_drops++; 5136 5137 /* if limit is reached, send del BA and reset state */ 5138 if (buffer->consec_oldsn_drops == IWM_AMPDU_CONSEC_DROPS_DELBA) { 5139 ieee80211_delba_request(ic, ni, IEEE80211_REASON_UNSPECIFIED, 5140 0, tid); 5141 buffer->consec_oldsn_prev_drop = 0; 5142 buffer->consec_oldsn_drops = 0; 5143 return 1; 5144 } 5145 5146 return 0; 5147} 5148 5149/* 5150 * Handle re-ordering of frames which were de-aggregated in hardware. 5151 * Returns 1 if the MPDU was consumed (buffered or dropped). 5152 * Returns 0 if the MPDU should be passed to upper layer. 5153 */ 5154int 5155iwm_rx_reorder(struct iwm_softc *sc, struct mbuf *m, int chanidx, 5156 struct iwm_rx_mpdu_desc *desc, int is_shortpre, int rate_n_flags, 5157 uint32_t device_timestamp, struct ieee80211_rxinfo *rxi, 5158 struct mbuf_list *ml) 5159{ 5160 struct ieee80211com *ic = &sc->sc_ic; 5161 struct ieee80211_frame *wh; 5162 struct ieee80211_node *ni; 5163 struct iwm_rxba_data *rxba; 5164 struct iwm_reorder_buffer *buffer; 5165 uint32_t reorder_data = le32toh(desc->reorder_data); 5166 int is_amsdu = (desc->mac_flags2 & IWM_RX_MPDU_MFLG2_AMSDU); 5167 int last_subframe = 5168 (desc->amsdu_info & IWM_RX_MPDU_AMSDU_LAST_SUBFRAME); 5169 uint8_t tid; 5170 uint8_t subframe_idx = (desc->amsdu_info & 5171 IWM_RX_MPDU_AMSDU_SUBFRAME_IDX_MASK); 5172 struct iwm_reorder_buf_entry *entries; 5173 int index; 5174 uint16_t nssn, sn; 5175 uint8_t baid, type, subtype; 5176 int hasqos; 5177 5178 wh = mtod(m, struct ieee80211_frame *); 5179 hasqos = ieee80211_has_qos(wh); 5180 tid = hasqos ? ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0; 5181 5182 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 5183 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 5184 5185 /* 5186 * We are only interested in Block Ack requests and unicast QoS data. 5187 */ 5188 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 5189 return 0; 5190 if (hasqos) { 5191 if (subtype & IEEE80211_FC0_SUBTYPE_NODATA) 5192 return 0; 5193 } else { 5194 if (type != IEEE80211_FC0_TYPE_CTL || 5195 subtype != IEEE80211_FC0_SUBTYPE_BAR) 5196 return 0; 5197 } 5198 5199 baid = (reorder_data & IWM_RX_MPDU_REORDER_BAID_MASK) >> 5200 IWM_RX_MPDU_REORDER_BAID_SHIFT; 5201 if (baid == IWM_RX_REORDER_DATA_INVALID_BAID || 5202 baid >= nitems(sc->sc_rxba_data)) 5203 return 0; 5204 5205 rxba = &sc->sc_rxba_data[baid]; 5206 if (rxba->baid == IWM_RX_REORDER_DATA_INVALID_BAID || 5207 tid != rxba->tid || rxba->sta_id != IWM_STATION_ID) 5208 return 0; 5209 5210 if (rxba->timeout != 0) 5211 getmicrouptime(&rxba->last_rx); 5212 5213 /* Bypass A-MPDU re-ordering in net80211. */ 5214 rxi->rxi_flags |= IEEE80211_RXI_AMPDU_DONE; 5215 5216 nssn = reorder_data & IWM_RX_MPDU_REORDER_NSSN_MASK; 5217 sn = (reorder_data & IWM_RX_MPDU_REORDER_SN_MASK) >> 5218 IWM_RX_MPDU_REORDER_SN_SHIFT; 5219 5220 buffer = &rxba->reorder_buf; 5221 entries = &rxba->entries[0]; 5222 5223 if (!buffer->valid) { 5224 if (reorder_data & IWM_RX_MPDU_REORDER_BA_OLD_SN) 5225 return 0; 5226 buffer->valid = 1; 5227 } 5228 5229 ni = ieee80211_find_rxnode(ic, wh); 5230 if (type == IEEE80211_FC0_TYPE_CTL && 5231 subtype == IEEE80211_FC0_SUBTYPE_BAR) { 5232 iwm_release_frames(sc, ni, rxba, buffer, nssn, ml); 5233 goto drop; 5234 } 5235 5236 /* 5237 * If there was a significant jump in the nssn - adjust. 5238 * If the SN is smaller than the NSSN it might need to first go into 5239 * the reorder buffer, in which case we just release up to it and the 5240 * rest of the function will take care of storing it and releasing up to 5241 * the nssn. 5242 */ 5243 if (!iwm_is_sn_less(nssn, buffer->head_sn + buffer->buf_size, 5244 buffer->buf_size) || 5245 !SEQ_LT(sn, buffer->head_sn + buffer->buf_size)) { 5246 uint16_t min_sn = SEQ_LT(sn, nssn) ? sn : nssn; 5247 ic->ic_stats.is_ht_rx_frame_above_ba_winend++; 5248 iwm_release_frames(sc, ni, rxba, buffer, min_sn, ml); 5249 } 5250 5251 if (iwm_oldsn_workaround(sc, ni, tid, buffer, reorder_data, 5252 device_timestamp)) { 5253 /* BA session will be torn down. */ 5254 ic->ic_stats.is_ht_rx_ba_window_jump++; 5255 goto drop; 5256 5257 } 5258 5259 /* drop any outdated packets */ 5260 if (SEQ_LT(sn, buffer->head_sn)) { 5261 ic->ic_stats.is_ht_rx_frame_below_ba_winstart++; 5262 goto drop; 5263 } 5264 5265 /* release immediately if allowed by nssn and no stored frames */ 5266 if (!buffer->num_stored && SEQ_LT(sn, nssn)) { 5267 if (iwm_is_sn_less(buffer->head_sn, nssn, buffer->buf_size) && 5268 (!is_amsdu || last_subframe)) 5269 buffer->head_sn = nssn; 5270 ieee80211_release_node(ic, ni); 5271 return 0; 5272 } 5273 5274 /* 5275 * release immediately if there are no stored frames, and the sn is 5276 * equal to the head. 5277 * This can happen due to reorder timer, where NSSN is behind head_sn. 5278 * When we released everything, and we got the next frame in the 5279 * sequence, according to the NSSN we can't release immediately, 5280 * while technically there is no hole and we can move forward. 5281 */ 5282 if (!buffer->num_stored && sn == buffer->head_sn) { 5283 if (!is_amsdu || last_subframe) 5284 buffer->head_sn = (buffer->head_sn + 1) & 0xfff; 5285 ieee80211_release_node(ic, ni); 5286 return 0; 5287 } 5288 5289 index = sn % buffer->buf_size; 5290 5291 /* 5292 * Check if we already stored this frame 5293 * As AMSDU is either received or not as whole, logic is simple: 5294 * If we have frames in that position in the buffer and the last frame 5295 * originated from AMSDU had a different SN then it is a retransmission. 5296 * If it is the same SN then if the subframe index is incrementing it 5297 * is the same AMSDU - otherwise it is a retransmission. 5298 */ 5299 if (!ml_empty(&entries[index].frames)) { 5300 if (!is_amsdu) { 5301 ic->ic_stats.is_ht_rx_ba_no_buf++; 5302 goto drop; 5303 } else if (sn != buffer->last_amsdu || 5304 buffer->last_sub_index >= subframe_idx) { 5305 ic->ic_stats.is_ht_rx_ba_no_buf++; 5306 goto drop; 5307 } 5308 } else { 5309 /* This data is the same for all A-MSDU subframes. */ 5310 entries[index].chanidx = chanidx; 5311 entries[index].is_shortpre = is_shortpre; 5312 entries[index].rate_n_flags = rate_n_flags; 5313 entries[index].device_timestamp = device_timestamp; 5314 memcpy(&entries[index].rxi, rxi, sizeof(entries[index].rxi)); 5315 } 5316 5317 /* put in reorder buffer */ 5318 ml_enqueue(&entries[index].frames, m); 5319 buffer->num_stored++; 5320 getmicrouptime(&entries[index].reorder_time); 5321 5322 if (is_amsdu) { 5323 buffer->last_amsdu = sn; 5324 buffer->last_sub_index = subframe_idx; 5325 } 5326 5327 /* 5328 * We cannot trust NSSN for AMSDU sub-frames that are not the last. 5329 * The reason is that NSSN advances on the first sub-frame, and may 5330 * cause the reorder buffer to advance before all the sub-frames arrive. 5331 * Example: reorder buffer contains SN 0 & 2, and we receive AMSDU with 5332 * SN 1. NSSN for first sub frame will be 3 with the result of driver 5333 * releasing SN 0,1, 2. When sub-frame 1 arrives - reorder buffer is 5334 * already ahead and it will be dropped. 5335 * If the last sub-frame is not on this queue - we will get frame 5336 * release notification with up to date NSSN. 5337 */ 5338 if (!is_amsdu || last_subframe) 5339 iwm_release_frames(sc, ni, rxba, buffer, nssn, ml); 5340 5341 ieee80211_release_node(ic, ni); 5342 return 1; 5343 5344drop: 5345 m_freem(m); 5346 ieee80211_release_node(ic, ni); 5347 return 1; 5348} 5349 5350void 5351iwm_rx_mpdu_mq(struct iwm_softc *sc, struct mbuf *m, void *pktdata, 5352 size_t maxlen, struct mbuf_list *ml) 5353{ 5354 struct ieee80211com *ic = &sc->sc_ic; 5355 struct ieee80211_rxinfo rxi; 5356 struct iwm_rx_mpdu_desc *desc; 5357 uint32_t len, hdrlen, rate_n_flags, device_timestamp; 5358 int rssi; 5359 uint8_t chanidx; 5360 uint16_t phy_info; 5361 5362 memset(&rxi, 0, sizeof(rxi)); 5363 5364 desc = (struct iwm_rx_mpdu_desc *)pktdata; 5365 5366 if (!(desc->status & htole16(IWM_RX_MPDU_RES_STATUS_CRC_OK)) || 5367 !(desc->status & htole16(IWM_RX_MPDU_RES_STATUS_OVERRUN_OK))) { 5368 m_freem(m); 5369 return; /* drop */ 5370 } 5371 5372 len = le16toh(desc->mpdu_len); 5373 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 5374 /* Allow control frames in monitor mode. */ 5375 if (len < sizeof(struct ieee80211_frame_cts)) { 5376 ic->ic_stats.is_rx_tooshort++; 5377 IC2IFP(ic)->if_ierrors++; 5378 m_freem(m); 5379 return; 5380 } 5381 } else if (len < sizeof(struct ieee80211_frame)) { 5382 ic->ic_stats.is_rx_tooshort++; 5383 IC2IFP(ic)->if_ierrors++; 5384 m_freem(m); 5385 return; 5386 } 5387 if (len > maxlen - sizeof(*desc)) { 5388 IC2IFP(ic)->if_ierrors++; 5389 m_freem(m); 5390 return; 5391 } 5392 5393 m->m_data = pktdata + sizeof(*desc); 5394 m->m_pkthdr.len = m->m_len = len; 5395 5396 /* Account for padding following the frame header. */ 5397 if (desc->mac_flags2 & IWM_RX_MPDU_MFLG2_PAD) { 5398 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); 5399 int type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 5400 if (type == IEEE80211_FC0_TYPE_CTL) { 5401 switch (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) { 5402 case IEEE80211_FC0_SUBTYPE_CTS: 5403 hdrlen = sizeof(struct ieee80211_frame_cts); 5404 break; 5405 case IEEE80211_FC0_SUBTYPE_ACK: 5406 hdrlen = sizeof(struct ieee80211_frame_ack); 5407 break; 5408 default: 5409 hdrlen = sizeof(struct ieee80211_frame_min); 5410 break; 5411 } 5412 } else 5413 hdrlen = ieee80211_get_hdrlen(wh); 5414 5415 if ((le16toh(desc->status) & 5416 IWM_RX_MPDU_RES_STATUS_SEC_ENC_MSK) == 5417 IWM_RX_MPDU_RES_STATUS_SEC_CCM_ENC) { 5418 /* Padding is inserted after the IV. */ 5419 hdrlen += IEEE80211_CCMP_HDRLEN; 5420 } 5421 5422 memmove(m->m_data + 2, m->m_data, hdrlen); 5423 m_adj(m, 2); 5424 } 5425 5426 /* 5427 * Hardware de-aggregates A-MSDUs and copies the same MAC header 5428 * in place for each subframe. But it leaves the 'A-MSDU present' 5429 * bit set in the frame header. We need to clear this bit ourselves. 5430 * 5431 * And we must allow the same CCMP PN for subframes following the 5432 * first subframe. Otherwise they would be discarded as replays. 5433 */ 5434 if (desc->mac_flags2 & IWM_RX_MPDU_MFLG2_AMSDU) { 5435 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); 5436 uint8_t subframe_idx = (desc->amsdu_info & 5437 IWM_RX_MPDU_AMSDU_SUBFRAME_IDX_MASK); 5438 if (subframe_idx > 0) 5439 rxi.rxi_flags |= IEEE80211_RXI_HWDEC_SAME_PN; 5440 if (ieee80211_has_qos(wh) && ieee80211_has_addr4(wh) && 5441 m->m_len >= sizeof(struct ieee80211_qosframe_addr4)) { 5442 struct ieee80211_qosframe_addr4 *qwh4 = mtod(m, 5443 struct ieee80211_qosframe_addr4 *); 5444 qwh4->i_qos[0] &= htole16(~IEEE80211_QOS_AMSDU); 5445 5446 /* HW reverses addr3 and addr4. */ 5447 iwm_flip_address(qwh4->i_addr3); 5448 iwm_flip_address(qwh4->i_addr4); 5449 } else if (ieee80211_has_qos(wh) && 5450 m->m_len >= sizeof(struct ieee80211_qosframe)) { 5451 struct ieee80211_qosframe *qwh = mtod(m, 5452 struct ieee80211_qosframe *); 5453 qwh->i_qos[0] &= htole16(~IEEE80211_QOS_AMSDU); 5454 5455 /* HW reverses addr3. */ 5456 iwm_flip_address(qwh->i_addr3); 5457 } 5458 } 5459 5460 /* 5461 * Verify decryption before duplicate detection. The latter uses 5462 * the TID supplied in QoS frame headers and this TID is implicitly 5463 * verified as part of the CCMP nonce. 5464 */ 5465 if (iwm_rx_hwdecrypt(sc, m, le16toh(desc->status), &rxi)) { 5466 m_freem(m); 5467 return; 5468 } 5469 5470 if (iwm_detect_duplicate(sc, m, desc, &rxi)) { 5471 m_freem(m); 5472 return; 5473 } 5474 5475 phy_info = le16toh(desc->phy_info); 5476 rate_n_flags = le32toh(desc->v1.rate_n_flags); 5477 chanidx = desc->v1.channel; 5478 device_timestamp = desc->v1.gp2_on_air_rise; 5479 5480 rssi = iwm_rxmq_get_signal_strength(sc, desc); 5481 rssi = (0 - IWM_MIN_DBM) + rssi; /* normalize */ 5482 rssi = MIN(rssi, ic->ic_max_rssi); /* clip to max. 100% */ 5483 5484 rxi.rxi_rssi = rssi; 5485 rxi.rxi_tstamp = le64toh(desc->v1.tsf_on_air_rise); 5486 rxi.rxi_chan = chanidx; 5487 5488 if (iwm_rx_reorder(sc, m, chanidx, desc, 5489 (phy_info & IWM_RX_MPDU_PHY_SHORT_PREAMBLE), 5490 rate_n_flags, device_timestamp, &rxi, ml)) 5491 return; 5492 5493 iwm_rx_frame(sc, m, chanidx, le16toh(desc->status), 5494 (phy_info & IWM_RX_MPDU_PHY_SHORT_PREAMBLE), 5495 rate_n_flags, device_timestamp, &rxi, ml); 5496} 5497 5498void 5499iwm_ra_choose(struct iwm_softc *sc, struct ieee80211_node *ni) 5500{ 5501 struct ieee80211com *ic = &sc->sc_ic; 5502 struct iwm_node *in = (void *)ni; 5503 int old_txmcs = ni->ni_txmcs; 5504 int old_nss = ni->ni_vht_ss; 5505 5506 if (ni->ni_flags & IEEE80211_NODE_VHT) 5507 ieee80211_ra_vht_choose(&in->in_rn_vht, ic, ni); 5508 else 5509 ieee80211_ra_choose(&in->in_rn, ic, ni); 5510 5511 /* 5512 * If RA has chosen a new TX rate we must update 5513 * the firmware's LQ rate table. 5514 */ 5515 if (ni->ni_txmcs != old_txmcs || ni->ni_vht_ss != old_nss) 5516 iwm_setrates(in, 1); 5517} 5518 5519void 5520iwm_ht_single_rate_control(struct iwm_softc *sc, struct ieee80211_node *ni, 5521 int txmcs, uint8_t failure_frame, int txfail) 5522{ 5523 struct ieee80211com *ic = &sc->sc_ic; 5524 struct iwm_node *in = (void *)ni; 5525 5526 /* Ignore Tx reports which don't match our last LQ command. */ 5527 if (txmcs != ni->ni_txmcs) { 5528 if (++in->lq_rate_mismatch > 15) { 5529 /* Try to sync firmware with the driver... */ 5530 iwm_setrates(in, 1); 5531 in->lq_rate_mismatch = 0; 5532 } 5533 } else { 5534 int mcs = txmcs; 5535 const struct ieee80211_ht_rateset *rs = 5536 ieee80211_ra_get_ht_rateset(txmcs, 5537 ieee80211_node_supports_ht_chan40(ni), 5538 ieee80211_ra_use_ht_sgi(ni)); 5539 unsigned int retries = 0, i; 5540 5541 in->lq_rate_mismatch = 0; 5542 5543 for (i = 0; i < failure_frame; i++) { 5544 if (mcs > rs->min_mcs) { 5545 ieee80211_ra_add_stats_ht(&in->in_rn, 5546 ic, ni, mcs, 1, 1); 5547 mcs--; 5548 } else 5549 retries++; 5550 } 5551 5552 if (txfail && failure_frame == 0) { 5553 ieee80211_ra_add_stats_ht(&in->in_rn, ic, ni, 5554 txmcs, 1, 1); 5555 } else { 5556 ieee80211_ra_add_stats_ht(&in->in_rn, ic, ni, 5557 mcs, retries + 1, retries); 5558 } 5559 5560 iwm_ra_choose(sc, ni); 5561 } 5562} 5563 5564void 5565iwm_vht_single_rate_control(struct iwm_softc *sc, struct ieee80211_node *ni, 5566 int txmcs, int nss, uint8_t failure_frame, int txfail) 5567{ 5568 struct ieee80211com *ic = &sc->sc_ic; 5569 struct iwm_node *in = (void *)ni; 5570 uint8_t vht_chan_width = IEEE80211_VHTOP0_CHAN_WIDTH_80; 5571 uint8_t sco = IEEE80211_HTOP0_SCO_SCN; 5572 5573 /* Ignore Tx reports which don't match our last LQ command. */ 5574 if (txmcs != ni->ni_txmcs || nss != ni->ni_vht_ss) { 5575 if (++in->lq_rate_mismatch > 15) { 5576 /* Try to sync firmware with the driver... */ 5577 iwm_setrates(in, 1); 5578 in->lq_rate_mismatch = 0; 5579 } 5580 } else { 5581 int mcs = txmcs; 5582 unsigned int retries = 0, i; 5583 5584 if (in->in_phyctxt) { 5585 vht_chan_width = in->in_phyctxt->vht_chan_width; 5586 sco = in->in_phyctxt->sco; 5587 } 5588 in->lq_rate_mismatch = 0; 5589 5590 for (i = 0; i < failure_frame; i++) { 5591 if (mcs > 0) { 5592 ieee80211_ra_vht_add_stats(&in->in_rn_vht, 5593 ic, ni, mcs, nss, 1, 1); 5594 if (vht_chan_width >= 5595 IEEE80211_VHTOP0_CHAN_WIDTH_80) { 5596 /* 5597 * First 4 Tx attempts used same MCS, 5598 * twice at 80MHz and twice at 40MHz. 5599 */ 5600 if (i >= 4) 5601 mcs--; 5602 } else if (sco == IEEE80211_HTOP0_SCO_SCA || 5603 sco == IEEE80211_HTOP0_SCO_SCB) { 5604 /* 5605 * First 4 Tx attempts used same MCS, 5606 * four times at 40MHz. 5607 */ 5608 if (i >= 4) 5609 mcs--; 5610 } else 5611 mcs--; 5612 } else 5613 retries++; 5614 } 5615 5616 if (txfail && failure_frame == 0) { 5617 ieee80211_ra_vht_add_stats(&in->in_rn_vht, ic, ni, 5618 txmcs, nss, 1, 1); 5619 } else { 5620 ieee80211_ra_vht_add_stats(&in->in_rn_vht, ic, ni, 5621 mcs, nss, retries + 1, retries); 5622 } 5623 5624 iwm_ra_choose(sc, ni); 5625 } 5626} 5627 5628void 5629iwm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 5630 struct iwm_node *in, int txmcs, int txrate) 5631{ 5632 struct ieee80211com *ic = &sc->sc_ic; 5633 struct ieee80211_node *ni = &in->in_ni; 5634 struct ifnet *ifp = IC2IFP(ic); 5635 struct iwm_tx_resp *tx_resp = (void *)pkt->data; 5636 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK; 5637 uint32_t initial_rate = le32toh(tx_resp->initial_rate); 5638 int txfail; 5639 5640 KASSERT(tx_resp->frame_count == 1); 5641 5642 txfail = (status != IWM_TX_STATUS_SUCCESS && 5643 status != IWM_TX_STATUS_DIRECT_DONE); 5644 5645 /* 5646 * Update rate control statistics. 5647 * Only report frames which were actually queued with the currently 5648 * selected Tx rate. Because Tx queues are relatively long we may 5649 * encounter previously selected rates here during Tx bursts. 5650 * Providing feedback based on such frames can lead to suboptimal 5651 * Tx rate control decisions. 5652 */ 5653 if ((ni->ni_flags & IEEE80211_NODE_HT) == 0) { 5654 if (txrate != ni->ni_txrate) { 5655 if (++in->lq_rate_mismatch > 15) { 5656 /* Try to sync firmware with the driver... */ 5657 iwm_setrates(in, 1); 5658 in->lq_rate_mismatch = 0; 5659 } 5660 } else { 5661 in->lq_rate_mismatch = 0; 5662 5663 in->in_amn.amn_txcnt++; 5664 if (txfail) 5665 in->in_amn.amn_retrycnt++; 5666 if (tx_resp->failure_frame > 0) 5667 in->in_amn.amn_retrycnt++; 5668 } 5669 } else if ((ni->ni_flags & IEEE80211_NODE_VHT) && 5670 ic->ic_fixed_mcs == -1 && ic->ic_state == IEEE80211_S_RUN && 5671 (initial_rate & IWM_RATE_MCS_VHT_MSK)) { 5672 int txmcs = initial_rate & IWM_RATE_VHT_MCS_RATE_CODE_MSK; 5673 int nss = ((initial_rate & IWM_RATE_VHT_MCS_NSS_MSK) >> 5674 IWM_RATE_VHT_MCS_NSS_POS) + 1; 5675 iwm_vht_single_rate_control(sc, ni, txmcs, nss, 5676 tx_resp->failure_frame, txfail); 5677 } else if (ic->ic_fixed_mcs == -1 && ic->ic_state == IEEE80211_S_RUN && 5678 (initial_rate & IWM_RATE_MCS_HT_MSK)) { 5679 int txmcs = initial_rate & 5680 (IWM_RATE_HT_MCS_RATE_CODE_MSK | IWM_RATE_HT_MCS_NSS_MSK); 5681 iwm_ht_single_rate_control(sc, ni, txmcs, 5682 tx_resp->failure_frame, txfail); 5683 } 5684 5685 if (txfail) 5686 ifp->if_oerrors++; 5687} 5688 5689void 5690iwm_txd_done(struct iwm_softc *sc, struct iwm_tx_data *txd) 5691{ 5692 struct ieee80211com *ic = &sc->sc_ic; 5693 5694 bus_dmamap_sync(sc->sc_dmat, txd->map, 0, txd->map->dm_mapsize, 5695 BUS_DMASYNC_POSTWRITE); 5696 bus_dmamap_unload(sc->sc_dmat, txd->map); 5697 m_freem(txd->m); 5698 txd->m = NULL; 5699 5700 KASSERT(txd->in); 5701 ieee80211_release_node(ic, &txd->in->in_ni); 5702 txd->in = NULL; 5703 txd->ampdu_nframes = 0; 5704 txd->ampdu_txmcs = 0; 5705 txd->ampdu_txnss = 0; 5706} 5707 5708void 5709iwm_txq_advance(struct iwm_softc *sc, struct iwm_tx_ring *ring, int idx) 5710{ 5711 struct iwm_tx_data *txd; 5712 5713 while (ring->tail != idx) { 5714 txd = &ring->data[ring->tail]; 5715 if (txd->m != NULL) { 5716 iwm_reset_sched(sc, ring->qid, ring->tail, IWM_STATION_ID); 5717 iwm_txd_done(sc, txd); 5718 ring->queued--; 5719 } 5720 ring->tail = (ring->tail + 1) % IWM_TX_RING_COUNT; 5721 } 5722 5723 wakeup(ring); 5724} 5725 5726void 5727iwm_ampdu_tx_done(struct iwm_softc *sc, struct iwm_cmd_header *cmd_hdr, 5728 struct iwm_node *in, struct iwm_tx_ring *txq, uint32_t initial_rate, 5729 uint8_t nframes, uint8_t failure_frame, uint16_t ssn, int status, 5730 struct iwm_agg_tx_status *agg_status) 5731{ 5732 struct ieee80211com *ic = &sc->sc_ic; 5733 int tid = cmd_hdr->qid - IWM_FIRST_AGG_TX_QUEUE; 5734 struct iwm_tx_data *txdata = &txq->data[cmd_hdr->idx]; 5735 struct ieee80211_node *ni = &in->in_ni; 5736 struct ieee80211_tx_ba *ba; 5737 int txfail = (status != IWM_TX_STATUS_SUCCESS && 5738 status != IWM_TX_STATUS_DIRECT_DONE); 5739 uint16_t seq; 5740 5741 if (ic->ic_state != IEEE80211_S_RUN) 5742 return; 5743 5744 if (nframes > 1) { 5745 int i; 5746 /* 5747 * Collect information about this A-MPDU. 5748 */ 5749 5750 for (i = 0; i < nframes; i++) { 5751 uint8_t qid = agg_status[i].qid; 5752 uint8_t idx = agg_status[i].idx; 5753 uint16_t txstatus = (le16toh(agg_status[i].status) & 5754 IWM_AGG_TX_STATE_STATUS_MSK); 5755 5756 if (txstatus != IWM_AGG_TX_STATE_TRANSMITTED) 5757 continue; 5758 5759 if (qid != cmd_hdr->qid) 5760 continue; 5761 5762 txdata = &txq->data[idx]; 5763 if (txdata->m == NULL) 5764 continue; 5765 5766 /* The Tx rate was the same for all subframes. */ 5767 if ((ni->ni_flags & IEEE80211_NODE_VHT) && 5768 (initial_rate & IWM_RATE_MCS_VHT_MSK)) { 5769 txdata->ampdu_txmcs = initial_rate & 5770 IWM_RATE_VHT_MCS_RATE_CODE_MSK; 5771 txdata->ampdu_txnss = ((initial_rate & 5772 IWM_RATE_VHT_MCS_NSS_MSK) >> 5773 IWM_RATE_VHT_MCS_NSS_POS) + 1; 5774 txdata->ampdu_nframes = nframes; 5775 } else if (initial_rate & IWM_RATE_MCS_HT_MSK) { 5776 txdata->ampdu_txmcs = initial_rate & 5777 (IWM_RATE_HT_MCS_RATE_CODE_MSK | 5778 IWM_RATE_HT_MCS_NSS_MSK); 5779 txdata->ampdu_nframes = nframes; 5780 } 5781 } 5782 return; 5783 } 5784 5785 ba = &ni->ni_tx_ba[tid]; 5786 if (ba->ba_state != IEEE80211_BA_AGREED) 5787 return; 5788 if (SEQ_LT(ssn, ba->ba_winstart)) 5789 return; 5790 5791 /* This was a final single-frame Tx attempt for frame SSN-1. */ 5792 seq = (ssn - 1) & 0xfff; 5793 5794 /* 5795 * Skip rate control if our Tx rate is fixed. 5796 * Don't report frames to MiRA which were sent at a different 5797 * Tx rate than ni->ni_txmcs. 5798 */ 5799 if (ic->ic_fixed_mcs == -1) { 5800 if (txdata->ampdu_nframes > 1) { 5801 /* 5802 * This frame was once part of an A-MPDU. 5803 * Report one failed A-MPDU Tx attempt. 5804 * The firmware might have made several such 5805 * attempts but we don't keep track of this. 5806 */ 5807 if (ni->ni_flags & IEEE80211_NODE_VHT) { 5808 ieee80211_ra_vht_add_stats(&in->in_rn_vht, 5809 ic, ni, txdata->ampdu_txmcs, 5810 txdata->ampdu_txnss, 1, 1); 5811 } else { 5812 ieee80211_ra_add_stats_ht(&in->in_rn, ic, ni, 5813 txdata->ampdu_txmcs, 1, 1); 5814 } 5815 } 5816 5817 /* Report the final single-frame Tx attempt. */ 5818 if ((ni->ni_flags & IEEE80211_NODE_VHT) && 5819 (initial_rate & IWM_RATE_MCS_VHT_MSK)) { 5820 int txmcs = initial_rate & 5821 IWM_RATE_VHT_MCS_RATE_CODE_MSK; 5822 int nss = ((initial_rate & 5823 IWM_RATE_VHT_MCS_NSS_MSK) >> 5824 IWM_RATE_VHT_MCS_NSS_POS) + 1; 5825 iwm_vht_single_rate_control(sc, ni, txmcs, nss, 5826 failure_frame, txfail); 5827 } else if (initial_rate & IWM_RATE_MCS_HT_MSK) { 5828 int txmcs = initial_rate & 5829 (IWM_RATE_HT_MCS_RATE_CODE_MSK | 5830 IWM_RATE_HT_MCS_NSS_MSK); 5831 iwm_ht_single_rate_control(sc, ni, txmcs, 5832 failure_frame, txfail); 5833 } 5834 } 5835 5836 if (txfail) 5837 ieee80211_tx_compressed_bar(ic, ni, tid, ssn); 5838 5839 /* 5840 * SSN corresponds to the first (perhaps not yet transmitted) frame 5841 * in firmware's BA window. Firmware is not going to retransmit any 5842 * frames before its BA window so mark them all as done. 5843 */ 5844 ieee80211_output_ba_move_window(ic, ni, tid, ssn); 5845 iwm_txq_advance(sc, txq, IWM_AGG_SSN_TO_TXQ_IDX(ssn)); 5846 iwm_clear_oactive(sc, txq); 5847} 5848 5849void 5850iwm_rx_tx_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 5851 struct iwm_rx_data *data) 5852{ 5853 struct iwm_cmd_header *cmd_hdr = &pkt->hdr; 5854 int idx = cmd_hdr->idx; 5855 int qid = cmd_hdr->qid; 5856 struct iwm_tx_ring *ring = &sc->txq[qid]; 5857 struct iwm_tx_data *txd; 5858 struct iwm_tx_resp *tx_resp = (void *)pkt->data; 5859 uint32_t ssn; 5860 uint32_t len = iwm_rx_packet_len(pkt); 5861 5862 bus_dmamap_sync(sc->sc_dmat, data->map, 0, IWM_RBUF_SIZE, 5863 BUS_DMASYNC_POSTREAD); 5864 5865 /* Sanity checks. */ 5866 if (sizeof(*tx_resp) > len) 5867 return; 5868 if (qid < IWM_FIRST_AGG_TX_QUEUE && tx_resp->frame_count > 1) 5869 return; 5870 if (qid > IWM_LAST_AGG_TX_QUEUE) 5871 return; 5872 if (sizeof(*tx_resp) + sizeof(ssn) + 5873 tx_resp->frame_count * sizeof(tx_resp->status) > len) 5874 return; 5875 5876 sc->sc_tx_timer[qid] = 0; 5877 5878 txd = &ring->data[idx]; 5879 if (txd->m == NULL) 5880 return; 5881 5882 memcpy(&ssn, &tx_resp->status + tx_resp->frame_count, sizeof(ssn)); 5883 ssn = le32toh(ssn) & 0xfff; 5884 if (qid >= IWM_FIRST_AGG_TX_QUEUE) { 5885 int status; 5886 status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK; 5887 iwm_ampdu_tx_done(sc, cmd_hdr, txd->in, ring, 5888 le32toh(tx_resp->initial_rate), tx_resp->frame_count, 5889 tx_resp->failure_frame, ssn, status, &tx_resp->status); 5890 } else { 5891 /* 5892 * Even though this is not an agg queue, we must only free 5893 * frames before the firmware's starting sequence number. 5894 */ 5895 iwm_rx_tx_cmd_single(sc, pkt, txd->in, txd->txmcs, txd->txrate); 5896 iwm_txq_advance(sc, ring, IWM_AGG_SSN_TO_TXQ_IDX(ssn)); 5897 iwm_clear_oactive(sc, ring); 5898 } 5899} 5900 5901void 5902iwm_clear_oactive(struct iwm_softc *sc, struct iwm_tx_ring *ring) 5903{ 5904 struct ieee80211com *ic = &sc->sc_ic; 5905 struct ifnet *ifp = IC2IFP(ic); 5906 5907 if (ring->queued < IWM_TX_RING_LOMARK) { 5908 sc->qfullmsk &= ~(1 << ring->qid); 5909 if (sc->qfullmsk == 0 && ifq_is_oactive(&ifp->if_snd)) { 5910 ifq_clr_oactive(&ifp->if_snd); 5911 /* 5912 * Well, we're in interrupt context, but then again 5913 * I guess net80211 does all sorts of stunts in 5914 * interrupt context, so maybe this is no biggie. 5915 */ 5916 (*ifp->if_start)(ifp); 5917 } 5918 } 5919} 5920 5921void 5922iwm_ampdu_rate_control(struct iwm_softc *sc, struct ieee80211_node *ni, 5923 struct iwm_tx_ring *txq, int tid, uint16_t seq, uint16_t ssn) 5924{ 5925 struct ieee80211com *ic = &sc->sc_ic; 5926 struct iwm_node *in = (void *)ni; 5927 int idx, end_idx; 5928 5929 /* 5930 * Update Tx rate statistics for A-MPDUs before firmware's BA window. 5931 */ 5932 idx = IWM_AGG_SSN_TO_TXQ_IDX(seq); 5933 end_idx = IWM_AGG_SSN_TO_TXQ_IDX(ssn); 5934 while (idx != end_idx) { 5935 struct iwm_tx_data *txdata = &txq->data[idx]; 5936 if (txdata->m != NULL && txdata->ampdu_nframes > 1) { 5937 /* 5938 * We can assume that this subframe has been ACKed 5939 * because ACK failures come as single frames and 5940 * before failing an A-MPDU subframe the firmware 5941 * sends it as a single frame at least once. 5942 */ 5943 if (ni->ni_flags & IEEE80211_NODE_VHT) { 5944 ieee80211_ra_vht_add_stats(&in->in_rn_vht, 5945 ic, ni, txdata->ampdu_txmcs, 5946 txdata->ampdu_txnss, 1, 0); 5947 } else { 5948 ieee80211_ra_add_stats_ht(&in->in_rn, ic, ni, 5949 txdata->ampdu_txmcs, 1, 0); 5950 } 5951 /* Report this frame only once. */ 5952 txdata->ampdu_nframes = 0; 5953 } 5954 5955 idx = (idx + 1) % IWM_TX_RING_COUNT; 5956 } 5957 5958 iwm_ra_choose(sc, ni); 5959} 5960 5961void 5962iwm_rx_compressed_ba(struct iwm_softc *sc, struct iwm_rx_packet *pkt) 5963{ 5964 struct iwm_ba_notif *ban = (void *)pkt->data; 5965 struct ieee80211com *ic = &sc->sc_ic; 5966 struct ieee80211_node *ni = ic->ic_bss; 5967 struct iwm_node *in = (void *)ni; 5968 struct ieee80211_tx_ba *ba; 5969 struct iwm_tx_ring *ring; 5970 uint16_t seq, ssn; 5971 int qid; 5972 5973 if (ic->ic_state != IEEE80211_S_RUN) 5974 return; 5975 5976 if (iwm_rx_packet_payload_len(pkt) < sizeof(*ban)) 5977 return; 5978 5979 if (ban->sta_id != IWM_STATION_ID || 5980 !IEEE80211_ADDR_EQ(in->in_macaddr, ban->sta_addr)) 5981 return; 5982 5983 qid = le16toh(ban->scd_flow); 5984 if (qid < IWM_FIRST_AGG_TX_QUEUE || qid > IWM_LAST_AGG_TX_QUEUE) 5985 return; 5986 5987 /* Protect against a firmware bug where the queue/TID are off. */ 5988 if (qid != IWM_FIRST_AGG_TX_QUEUE + ban->tid) 5989 return; 5990 5991 sc->sc_tx_timer[qid] = 0; 5992 5993 ba = &ni->ni_tx_ba[ban->tid]; 5994 if (ba->ba_state != IEEE80211_BA_AGREED) 5995 return; 5996 5997 ring = &sc->txq[qid]; 5998 5999 /* 6000 * The first bit in ban->bitmap corresponds to the sequence number 6001 * stored in the sequence control field ban->seq_ctl. 6002 * Multiple BA notifications in a row may be using this number, with 6003 * additional bits being set in cba->bitmap. It is unclear how the 6004 * firmware decides to shift this window forward. 6005 * We rely on ba->ba_winstart instead. 6006 */ 6007 seq = le16toh(ban->seq_ctl) >> IEEE80211_SEQ_SEQ_SHIFT; 6008 6009 /* 6010 * The firmware's new BA window starting sequence number 6011 * corresponds to the first hole in ban->scd_ssn, implying 6012 * that all frames between 'seq' and 'ssn' (non-inclusive) 6013 * have been acked. 6014 */ 6015 ssn = le16toh(ban->scd_ssn); 6016 6017 if (SEQ_LT(ssn, ba->ba_winstart)) 6018 return; 6019 6020 /* Skip rate control if our Tx rate is fixed. */ 6021 if (ic->ic_fixed_mcs == -1) 6022 iwm_ampdu_rate_control(sc, ni, ring, ban->tid, 6023 ba->ba_winstart, ssn); 6024 6025 /* 6026 * SSN corresponds to the first (perhaps not yet transmitted) frame 6027 * in firmware's BA window. Firmware is not going to retransmit any 6028 * frames before its BA window so mark them all as done. 6029 */ 6030 ieee80211_output_ba_move_window(ic, ni, ban->tid, ssn); 6031 iwm_txq_advance(sc, ring, IWM_AGG_SSN_TO_TXQ_IDX(ssn)); 6032 iwm_clear_oactive(sc, ring); 6033} 6034 6035void 6036iwm_rx_bmiss(struct iwm_softc *sc, struct iwm_rx_packet *pkt, 6037 struct iwm_rx_data *data) 6038{ 6039 struct ieee80211com *ic = &sc->sc_ic; 6040 struct iwm_missed_beacons_notif *mbn = (void *)pkt->data; 6041 uint32_t missed; 6042 6043 if ((ic->ic_opmode != IEEE80211_M_STA) || 6044 (ic->ic_state != IEEE80211_S_RUN)) 6045 return; 6046 6047 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof(*pkt), 6048 sizeof(*mbn), BUS_DMASYNC_POSTREAD); 6049 6050 missed = le32toh(mbn->consec_missed_beacons_since_last_rx); 6051 if (missed > ic->ic_bmissthres && ic->ic_mgt_timer == 0) { 6052 if (ic->ic_if.if_flags & IFF_DEBUG) 6053 printf("%s: receiving no beacons from %s; checking if " 6054 "this AP is still responding to probe requests\n", 6055 DEVNAME(sc), ether_sprintf(ic->ic_bss->ni_macaddr)); 6056 /* 6057 * Rather than go directly to scan state, try to send a 6058 * directed probe request first. If that fails then the 6059 * state machine will drop us into scanning after timing 6060 * out waiting for a probe response. 6061 */ 6062 IEEE80211_SEND_MGMT(ic, ic->ic_bss, 6063 IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0); 6064 } 6065 6066} 6067 6068int 6069iwm_binding_cmd(struct iwm_softc *sc, struct iwm_node *in, uint32_t action) 6070{ 6071 struct iwm_binding_cmd cmd; 6072 struct iwm_phy_ctxt *phyctxt = in->in_phyctxt; 6073 uint32_t mac_id = IWM_FW_CMD_ID_AND_COLOR(in->in_id, in->in_color); 6074 int i, err, active = (sc->sc_flags & IWM_FLAG_BINDING_ACTIVE); 6075 uint32_t status; 6076 size_t len; 6077 6078 if (action == IWM_FW_CTXT_ACTION_ADD && active) 6079 panic("binding already added"); 6080 if (action == IWM_FW_CTXT_ACTION_REMOVE && !active) 6081 panic("binding already removed"); 6082 6083 if (phyctxt == NULL) /* XXX race with iwm_stop() */ 6084 return EINVAL; 6085 6086 memset(&cmd, 0, sizeof(cmd)); 6087 6088 cmd.id_and_color 6089 = htole32(IWM_FW_CMD_ID_AND_COLOR(phyctxt->id, phyctxt->color)); 6090 cmd.action = htole32(action); 6091 cmd.phy = htole32(IWM_FW_CMD_ID_AND_COLOR(phyctxt->id, phyctxt->color)); 6092 6093 cmd.macs[0] = htole32(mac_id); 6094 for (i = 1; i < IWM_MAX_MACS_IN_BINDING; i++) 6095 cmd.macs[i] = htole32(IWM_FW_CTXT_INVALID); 6096 6097 if (IEEE80211_IS_CHAN_2GHZ(phyctxt->channel) || 6098 !isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_CDB_SUPPORT)) 6099 cmd.lmac_id = htole32(IWM_LMAC_24G_INDEX); 6100 else 6101 cmd.lmac_id = htole32(IWM_LMAC_5G_INDEX); 6102 6103 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_BINDING_CDB_SUPPORT)) 6104 len = sizeof(cmd); 6105 else 6106 len = sizeof(struct iwm_binding_cmd_v1); 6107 status = 0; 6108 err = iwm_send_cmd_pdu_status(sc, IWM_BINDING_CONTEXT_CMD, len, &cmd, 6109 &status); 6110 if (err == 0 && status != 0) 6111 err = EIO; 6112 6113 return err; 6114} 6115 6116void 6117iwm_phy_ctxt_cmd_hdr(struct iwm_softc *sc, struct iwm_phy_ctxt *ctxt, 6118 struct iwm_phy_context_cmd *cmd, uint32_t action, uint32_t apply_time) 6119{ 6120 memset(cmd, 0, sizeof(struct iwm_phy_context_cmd)); 6121 6122 cmd->id_and_color = htole32(IWM_FW_CMD_ID_AND_COLOR(ctxt->id, 6123 ctxt->color)); 6124 cmd->action = htole32(action); 6125 cmd->apply_time = htole32(apply_time); 6126} 6127 6128void 6129iwm_phy_ctxt_cmd_data(struct iwm_softc *sc, struct iwm_phy_context_cmd *cmd, 6130 struct ieee80211_channel *chan, uint8_t chains_static, 6131 uint8_t chains_dynamic, uint8_t sco, uint8_t vht_chan_width) 6132{ 6133 struct ieee80211com *ic = &sc->sc_ic; 6134 uint8_t active_cnt, idle_cnt; 6135 6136 cmd->ci.band = IEEE80211_IS_CHAN_2GHZ(chan) ? 6137 IWM_PHY_BAND_24 : IWM_PHY_BAND_5; 6138 cmd->ci.channel = ieee80211_chan2ieee(ic, chan); 6139 if (vht_chan_width == IEEE80211_VHTOP0_CHAN_WIDTH_80) { 6140 cmd->ci.ctrl_pos = iwm_get_vht_ctrl_pos(ic, chan); 6141 cmd->ci.width = IWM_PHY_VHT_CHANNEL_MODE80; 6142 } else if (chan->ic_flags & IEEE80211_CHAN_40MHZ) { 6143 if (sco == IEEE80211_HTOP0_SCO_SCA) { 6144 /* secondary chan above -> control chan below */ 6145 cmd->ci.ctrl_pos = IWM_PHY_VHT_CTRL_POS_1_BELOW; 6146 cmd->ci.width = IWM_PHY_VHT_CHANNEL_MODE40; 6147 } else if (sco == IEEE80211_HTOP0_SCO_SCB) { 6148 /* secondary chan below -> control chan above */ 6149 cmd->ci.ctrl_pos = IWM_PHY_VHT_CTRL_POS_1_ABOVE; 6150 cmd->ci.width = IWM_PHY_VHT_CHANNEL_MODE40; 6151 } else { 6152 cmd->ci.width = IWM_PHY_VHT_CHANNEL_MODE20; 6153 cmd->ci.ctrl_pos = IWM_PHY_VHT_CTRL_POS_1_BELOW; 6154 } 6155 } else { 6156 cmd->ci.width = IWM_PHY_VHT_CHANNEL_MODE20; 6157 cmd->ci.ctrl_pos = IWM_PHY_VHT_CTRL_POS_1_BELOW; 6158 } 6159 6160 /* Set rx the chains */ 6161 idle_cnt = chains_static; 6162 active_cnt = chains_dynamic; 6163 6164 cmd->rxchain_info = htole32(iwm_fw_valid_rx_ant(sc) << 6165 IWM_PHY_RX_CHAIN_VALID_POS); 6166 cmd->rxchain_info |= htole32(idle_cnt << IWM_PHY_RX_CHAIN_CNT_POS); 6167 cmd->rxchain_info |= htole32(active_cnt << 6168 IWM_PHY_RX_CHAIN_MIMO_CNT_POS); 6169 6170 cmd->txchain_info = htole32(iwm_fw_valid_tx_ant(sc)); 6171} 6172 6173uint8_t 6174iwm_get_vht_ctrl_pos(struct ieee80211com *ic, struct ieee80211_channel *chan) 6175{ 6176 int center_idx = ic->ic_bss->ni_vht_chan_center_freq_idx0; 6177 int primary_idx = ic->ic_bss->ni_primary_chan; 6178 /* 6179 * The FW is expected to check the control channel position only 6180 * when in HT/VHT and the channel width is not 20MHz. Return 6181 * this value as the default one: 6182 */ 6183 uint8_t pos = IWM_PHY_VHT_CTRL_POS_1_BELOW; 6184 6185 switch (primary_idx - center_idx) { 6186 case -6: 6187 pos = IWM_PHY_VHT_CTRL_POS_2_BELOW; 6188 break; 6189 case -2: 6190 pos = IWM_PHY_VHT_CTRL_POS_1_BELOW; 6191 break; 6192 case 2: 6193 pos = IWM_PHY_VHT_CTRL_POS_1_ABOVE; 6194 break; 6195 case 6: 6196 pos = IWM_PHY_VHT_CTRL_POS_2_ABOVE; 6197 break; 6198 default: 6199 break; 6200 } 6201 6202 return pos; 6203} 6204 6205int 6206iwm_phy_ctxt_cmd_uhb(struct iwm_softc *sc, struct iwm_phy_ctxt *ctxt, 6207 uint8_t chains_static, uint8_t chains_dynamic, uint32_t action, 6208 uint32_t apply_time, uint8_t sco, uint8_t vht_chan_width) 6209{ 6210 struct ieee80211com *ic = &sc->sc_ic; 6211 struct iwm_phy_context_cmd_uhb cmd; 6212 uint8_t active_cnt, idle_cnt; 6213 struct ieee80211_channel *chan = ctxt->channel; 6214 6215 memset(&cmd, 0, sizeof(cmd)); 6216 cmd.id_and_color = htole32(IWM_FW_CMD_ID_AND_COLOR(ctxt->id, 6217 ctxt->color)); 6218 cmd.action = htole32(action); 6219 cmd.apply_time = htole32(apply_time); 6220 6221 cmd.ci.band = IEEE80211_IS_CHAN_2GHZ(chan) ? 6222 IWM_PHY_BAND_24 : IWM_PHY_BAND_5; 6223 cmd.ci.channel = htole32(ieee80211_chan2ieee(ic, chan)); 6224 if (vht_chan_width == IEEE80211_VHTOP0_CHAN_WIDTH_80) { 6225 cmd.ci.ctrl_pos = iwm_get_vht_ctrl_pos(ic, chan); 6226 cmd.ci.width = IWM_PHY_VHT_CHANNEL_MODE80; 6227 } else if (chan->ic_flags & IEEE80211_CHAN_40MHZ) { 6228 if (sco == IEEE80211_HTOP0_SCO_SCA) { 6229 /* secondary chan above -> control chan below */ 6230 cmd.ci.ctrl_pos = IWM_PHY_VHT_CTRL_POS_1_BELOW; 6231 cmd.ci.width = IWM_PHY_VHT_CHANNEL_MODE40; 6232 } else if (sco == IEEE80211_HTOP0_SCO_SCB) { 6233 /* secondary chan below -> control chan above */ 6234 cmd.ci.ctrl_pos = IWM_PHY_VHT_CTRL_POS_1_ABOVE; 6235 cmd.ci.width = IWM_PHY_VHT_CHANNEL_MODE40; 6236 } else { 6237 cmd.ci.width = IWM_PHY_VHT_CHANNEL_MODE20; 6238 cmd.ci.ctrl_pos = IWM_PHY_VHT_CTRL_POS_1_BELOW; 6239 } 6240 } else { 6241 cmd.ci.width = IWM_PHY_VHT_CHANNEL_MODE20; 6242 cmd.ci.ctrl_pos = IWM_PHY_VHT_CTRL_POS_1_BELOW; 6243 } 6244 6245 idle_cnt = chains_static; 6246 active_cnt = chains_dynamic; 6247 cmd.rxchain_info = htole32(iwm_fw_valid_rx_ant(sc) << 6248 IWM_PHY_RX_CHAIN_VALID_POS); 6249 cmd.rxchain_info |= htole32(idle_cnt << IWM_PHY_RX_CHAIN_CNT_POS); 6250 cmd.rxchain_info |= htole32(active_cnt << 6251 IWM_PHY_RX_CHAIN_MIMO_CNT_POS); 6252 cmd.txchain_info = htole32(iwm_fw_valid_tx_ant(sc)); 6253 6254 return iwm_send_cmd_pdu(sc, IWM_PHY_CONTEXT_CMD, 0, sizeof(cmd), &cmd); 6255} 6256 6257int 6258iwm_phy_ctxt_cmd(struct iwm_softc *sc, struct iwm_phy_ctxt *ctxt, 6259 uint8_t chains_static, uint8_t chains_dynamic, uint32_t action, 6260 uint32_t apply_time, uint8_t sco, uint8_t vht_chan_width) 6261{ 6262 struct iwm_phy_context_cmd cmd; 6263 6264 /* 6265 * Intel increased the size of the fw_channel_info struct and neglected 6266 * to bump the phy_context_cmd struct, which contains an fw_channel_info 6267 * member in the middle. 6268 * To keep things simple we use a separate function to handle the larger 6269 * variant of the phy context command. 6270 */ 6271 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_ULTRA_HB_CHANNELS)) 6272 return iwm_phy_ctxt_cmd_uhb(sc, ctxt, chains_static, 6273 chains_dynamic, action, apply_time, sco, vht_chan_width); 6274 6275 iwm_phy_ctxt_cmd_hdr(sc, ctxt, &cmd, action, apply_time); 6276 6277 iwm_phy_ctxt_cmd_data(sc, &cmd, ctxt->channel, 6278 chains_static, chains_dynamic, sco, vht_chan_width); 6279 6280 return iwm_send_cmd_pdu(sc, IWM_PHY_CONTEXT_CMD, 0, 6281 sizeof(struct iwm_phy_context_cmd), &cmd); 6282} 6283 6284int 6285iwm_send_cmd(struct iwm_softc *sc, struct iwm_host_cmd *hcmd) 6286{ 6287 struct iwm_tx_ring *ring = &sc->txq[sc->cmdqid]; 6288 struct iwm_tfd *desc; 6289 struct iwm_tx_data *txdata; 6290 struct iwm_device_cmd *cmd; 6291 struct mbuf *m; 6292 bus_addr_t paddr; 6293 uint32_t addr_lo; 6294 int err = 0, i, paylen, off, s; 6295 int idx, code, async, group_id; 6296 size_t hdrlen, datasz; 6297 uint8_t *data; 6298 int generation = sc->sc_generation; 6299 6300 code = hcmd->id; 6301 async = hcmd->flags & IWM_CMD_ASYNC; 6302 idx = ring->cur; 6303 6304 for (i = 0, paylen = 0; i < nitems(hcmd->len); i++) { 6305 paylen += hcmd->len[i]; 6306 } 6307 6308 /* If this command waits for a response, allocate response buffer. */ 6309 hcmd->resp_pkt = NULL; 6310 if (hcmd->flags & IWM_CMD_WANT_RESP) { 6311 uint8_t *resp_buf; 6312 KASSERT(!async); 6313 KASSERT(hcmd->resp_pkt_len >= sizeof(struct iwm_rx_packet)); 6314 KASSERT(hcmd->resp_pkt_len <= IWM_CMD_RESP_MAX); 6315 if (sc->sc_cmd_resp_pkt[idx] != NULL) 6316 return ENOSPC; 6317 resp_buf = malloc(hcmd->resp_pkt_len, M_DEVBUF, 6318 M_NOWAIT | M_ZERO); 6319 if (resp_buf == NULL) 6320 return ENOMEM; 6321 sc->sc_cmd_resp_pkt[idx] = resp_buf; 6322 sc->sc_cmd_resp_len[idx] = hcmd->resp_pkt_len; 6323 } else { 6324 sc->sc_cmd_resp_pkt[idx] = NULL; 6325 } 6326 6327 s = splnet(); 6328 6329 desc = &ring->desc[idx]; 6330 txdata = &ring->data[idx]; 6331 6332 group_id = iwm_cmd_groupid(code); 6333 if (group_id != 0) { 6334 hdrlen = sizeof(cmd->hdr_wide); 6335 datasz = sizeof(cmd->data_wide); 6336 } else { 6337 hdrlen = sizeof(cmd->hdr); 6338 datasz = sizeof(cmd->data); 6339 } 6340 6341 if (paylen > datasz) { 6342 /* Command is too large to fit in pre-allocated space. */ 6343 size_t totlen = hdrlen + paylen; 6344 if (paylen > IWM_MAX_CMD_PAYLOAD_SIZE) { 6345 printf("%s: firmware command too long (%zd bytes)\n", 6346 DEVNAME(sc), totlen); 6347 err = EINVAL; 6348 goto out; 6349 } 6350 m = MCLGETL(NULL, M_DONTWAIT, totlen); 6351 if (m == NULL) { 6352 printf("%s: could not get fw cmd mbuf (%zd bytes)\n", 6353 DEVNAME(sc), totlen); 6354 err = ENOMEM; 6355 goto out; 6356 } 6357 cmd = mtod(m, struct iwm_device_cmd *); 6358 err = bus_dmamap_load(sc->sc_dmat, txdata->map, cmd, 6359 totlen, NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE); 6360 if (err) { 6361 printf("%s: could not load fw cmd mbuf (%zd bytes)\n", 6362 DEVNAME(sc), totlen); 6363 m_freem(m); 6364 goto out; 6365 } 6366 txdata->m = m; /* mbuf will be freed in iwm_cmd_done() */ 6367 paddr = txdata->map->dm_segs[0].ds_addr; 6368 } else { 6369 cmd = &ring->cmd[idx]; 6370 paddr = txdata->cmd_paddr; 6371 } 6372 6373 if (group_id != 0) { 6374 cmd->hdr_wide.opcode = iwm_cmd_opcode(code); 6375 cmd->hdr_wide.group_id = group_id; 6376 cmd->hdr_wide.qid = ring->qid; 6377 cmd->hdr_wide.idx = idx; 6378 cmd->hdr_wide.length = htole16(paylen); 6379 cmd->hdr_wide.version = iwm_cmd_version(code); 6380 data = cmd->data_wide; 6381 } else { 6382 cmd->hdr.code = code; 6383 cmd->hdr.flags = 0; 6384 cmd->hdr.qid = ring->qid; 6385 cmd->hdr.idx = idx; 6386 data = cmd->data; 6387 } 6388 6389 for (i = 0, off = 0; i < nitems(hcmd->data); i++) { 6390 if (hcmd->len[i] == 0) 6391 continue; 6392 memcpy(data + off, hcmd->data[i], hcmd->len[i]); 6393 off += hcmd->len[i]; 6394 } 6395 KASSERT(off == paylen); 6396 6397 /* lo field is not aligned */ 6398 addr_lo = htole32((uint32_t)paddr); 6399 memcpy(&desc->tbs[0].lo, &addr_lo, sizeof(uint32_t)); 6400 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(paddr) 6401 | ((hdrlen + paylen) << 4)); 6402 desc->num_tbs = 1; 6403 6404 if (paylen > datasz) { 6405 bus_dmamap_sync(sc->sc_dmat, txdata->map, 0, 6406 hdrlen + paylen, BUS_DMASYNC_PREWRITE); 6407 } else { 6408 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 6409 (char *)(void *)cmd - (char *)(void *)ring->cmd_dma.vaddr, 6410 hdrlen + paylen, BUS_DMASYNC_PREWRITE); 6411 } 6412 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 6413 (char *)(void *)desc - (char *)(void *)ring->desc_dma.vaddr, 6414 sizeof (*desc), BUS_DMASYNC_PREWRITE); 6415 6416 /* 6417 * Wake up the NIC to make sure that the firmware will see the host 6418 * command - we will let the NIC sleep once all the host commands 6419 * returned. This needs to be done only on 7000 family NICs. 6420 */ 6421 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) { 6422 if (ring->queued == 0 && !iwm_nic_lock(sc)) { 6423 err = EBUSY; 6424 goto out; 6425 } 6426 } 6427 6428 iwm_update_sched(sc, ring->qid, ring->cur, 0, 0); 6429 6430 /* Kick command ring. */ 6431 ring->queued++; 6432 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT; 6433 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 6434 6435 if (!async) { 6436 err = tsleep_nsec(desc, PCATCH, "iwmcmd", SEC_TO_NSEC(1)); 6437 if (err == 0) { 6438 /* if hardware is no longer up, return error */ 6439 if (generation != sc->sc_generation) { 6440 err = ENXIO; 6441 goto out; 6442 } 6443 6444 /* Response buffer will be freed in iwm_free_resp(). */ 6445 hcmd->resp_pkt = (void *)sc->sc_cmd_resp_pkt[idx]; 6446 sc->sc_cmd_resp_pkt[idx] = NULL; 6447 } else if (generation == sc->sc_generation) { 6448 free(sc->sc_cmd_resp_pkt[idx], M_DEVBUF, 6449 sc->sc_cmd_resp_len[idx]); 6450 sc->sc_cmd_resp_pkt[idx] = NULL; 6451 } 6452 } 6453 out: 6454 splx(s); 6455 6456 return err; 6457} 6458 6459int 6460iwm_send_cmd_pdu(struct iwm_softc *sc, uint32_t id, uint32_t flags, 6461 uint16_t len, const void *data) 6462{ 6463 struct iwm_host_cmd cmd = { 6464 .id = id, 6465 .len = { len, }, 6466 .data = { data, }, 6467 .flags = flags, 6468 }; 6469 6470 return iwm_send_cmd(sc, &cmd); 6471} 6472 6473int 6474iwm_send_cmd_status(struct iwm_softc *sc, struct iwm_host_cmd *cmd, 6475 uint32_t *status) 6476{ 6477 struct iwm_rx_packet *pkt; 6478 struct iwm_cmd_response *resp; 6479 int err, resp_len; 6480 6481 KASSERT((cmd->flags & IWM_CMD_WANT_RESP) == 0); 6482 cmd->flags |= IWM_CMD_WANT_RESP; 6483 cmd->resp_pkt_len = sizeof(*pkt) + sizeof(*resp); 6484 6485 err = iwm_send_cmd(sc, cmd); 6486 if (err) 6487 return err; 6488 6489 pkt = cmd->resp_pkt; 6490 if (pkt == NULL || (pkt->hdr.flags & IWM_CMD_FAILED_MSK)) 6491 return EIO; 6492 6493 resp_len = iwm_rx_packet_payload_len(pkt); 6494 if (resp_len != sizeof(*resp)) { 6495 iwm_free_resp(sc, cmd); 6496 return EIO; 6497 } 6498 6499 resp = (void *)pkt->data; 6500 *status = le32toh(resp->status); 6501 iwm_free_resp(sc, cmd); 6502 return err; 6503} 6504 6505int 6506iwm_send_cmd_pdu_status(struct iwm_softc *sc, uint32_t id, uint16_t len, 6507 const void *data, uint32_t *status) 6508{ 6509 struct iwm_host_cmd cmd = { 6510 .id = id, 6511 .len = { len, }, 6512 .data = { data, }, 6513 }; 6514 6515 return iwm_send_cmd_status(sc, &cmd, status); 6516} 6517 6518void 6519iwm_free_resp(struct iwm_softc *sc, struct iwm_host_cmd *hcmd) 6520{ 6521 KASSERT((hcmd->flags & (IWM_CMD_WANT_RESP)) == IWM_CMD_WANT_RESP); 6522 free(hcmd->resp_pkt, M_DEVBUF, hcmd->resp_pkt_len); 6523 hcmd->resp_pkt = NULL; 6524} 6525 6526void 6527iwm_cmd_done(struct iwm_softc *sc, int qid, int idx, int code) 6528{ 6529 struct iwm_tx_ring *ring = &sc->txq[sc->cmdqid]; 6530 struct iwm_tx_data *data; 6531 6532 if (qid != sc->cmdqid) { 6533 return; /* Not a command ack. */ 6534 } 6535 6536 data = &ring->data[idx]; 6537 6538 if (data->m != NULL) { 6539 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 6540 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 6541 bus_dmamap_unload(sc->sc_dmat, data->map); 6542 m_freem(data->m); 6543 data->m = NULL; 6544 } 6545 wakeup(&ring->desc[idx]); 6546 6547 if (ring->queued == 0) { 6548 DPRINTF(("%s: unexpected firmware response to command 0x%x\n", 6549 DEVNAME(sc), code)); 6550 } else if (--ring->queued == 0) { 6551 /* 6552 * 7000 family NICs are locked while commands are in progress. 6553 * All commands are now done so we may unlock the NIC again. 6554 */ 6555 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 6556 iwm_nic_unlock(sc); 6557 } 6558} 6559 6560void 6561iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id, 6562 uint16_t len) 6563{ 6564 struct iwm_agn_scd_bc_tbl *scd_bc_tbl; 6565 uint16_t val; 6566 6567 scd_bc_tbl = sc->sched_dma.vaddr; 6568 6569 len += IWM_TX_CRC_SIZE + IWM_TX_DELIMITER_SIZE; 6570 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE) 6571 len = roundup(len, 4) / 4; 6572 6573 val = htole16(sta_id << 12 | len); 6574 6575 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 6576 0, sc->sched_dma.size, BUS_DMASYNC_PREWRITE); 6577 6578 /* Update TX scheduler. */ 6579 scd_bc_tbl[qid].tfd_offset[idx] = val; 6580 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) 6581 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = val; 6582 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 6583 0, sc->sched_dma.size, BUS_DMASYNC_POSTWRITE); 6584} 6585 6586void 6587iwm_reset_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id) 6588{ 6589 struct iwm_agn_scd_bc_tbl *scd_bc_tbl; 6590 uint16_t val; 6591 6592 scd_bc_tbl = sc->sched_dma.vaddr; 6593 6594 val = htole16(1 | (sta_id << 12)); 6595 6596 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 6597 0, sc->sched_dma.size, BUS_DMASYNC_PREWRITE); 6598 6599 /* Update TX scheduler. */ 6600 scd_bc_tbl[qid].tfd_offset[idx] = val; 6601 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) 6602 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = val; 6603 6604 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 6605 0, sc->sched_dma.size, BUS_DMASYNC_POSTWRITE); 6606} 6607 6608/* 6609 * Fill in various bit for management frames, and leave them 6610 * unfilled for data frames (firmware takes care of that). 6611 * Return the selected legacy TX rate, or zero if HT/VHT is used. 6612 */ 6613uint8_t 6614iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in, 6615 struct ieee80211_frame *wh, struct iwm_tx_cmd *tx) 6616{ 6617 struct ieee80211com *ic = &sc->sc_ic; 6618 struct ieee80211_node *ni = &in->in_ni; 6619 const struct iwm_rate *rinfo; 6620 int type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 6621 int min_ridx = iwm_rval2ridx(ieee80211_min_basic_rate(ic)); 6622 int ridx, rate_flags; 6623 uint8_t rate = 0; 6624 6625 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT; 6626 tx->data_retry_limit = IWM_LOW_RETRY_LIMIT; 6627 6628 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 6629 type != IEEE80211_FC0_TYPE_DATA) { 6630 /* for non-data, use the lowest supported rate */ 6631 ridx = min_ridx; 6632 tx->data_retry_limit = IWM_MGMT_DFAULT_RETRY_LIMIT; 6633 } else if (ic->ic_fixed_mcs != -1) { 6634 if (ni->ni_flags & IEEE80211_NODE_VHT) 6635 ridx = IWM_FIRST_OFDM_RATE; 6636 else 6637 ridx = sc->sc_fixed_ridx; 6638 } else if (ic->ic_fixed_rate != -1) { 6639 ridx = sc->sc_fixed_ridx; 6640 } else { 6641 int i; 6642 /* Use firmware rateset retry table. */ 6643 tx->initial_rate_index = 0; 6644 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE); 6645 if (ni->ni_flags & IEEE80211_NODE_HT) /* VHT implies HT */ 6646 return 0; 6647 ridx = (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) ? 6648 IWM_RIDX_OFDM : IWM_RIDX_CCK; 6649 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 6650 if (iwm_rates[i].rate == (ni->ni_txrate & 6651 IEEE80211_RATE_VAL)) { 6652 ridx = i; 6653 break; 6654 } 6655 } 6656 return iwm_rates[ridx].rate & 0xff; 6657 } 6658 6659 rinfo = &iwm_rates[ridx]; 6660 if ((ni->ni_flags & IEEE80211_NODE_VHT) == 0 && 6661 iwm_is_mimo_ht_plcp(rinfo->ht_plcp)) 6662 rate_flags = IWM_RATE_MCS_ANT_AB_MSK; 6663 else 6664 rate_flags = iwm_valid_siso_ant_rate_mask(sc); 6665 if (IWM_RIDX_IS_CCK(ridx)) 6666 rate_flags |= IWM_RATE_MCS_CCK_MSK; 6667 if ((ni->ni_flags & IEEE80211_NODE_HT) && 6668 type == IEEE80211_FC0_TYPE_DATA && 6669 rinfo->ht_plcp != IWM_RATE_HT_SISO_MCS_INV_PLCP) { 6670 uint8_t sco = IEEE80211_HTOP0_SCO_SCN; 6671 uint8_t vht_chan_width = IEEE80211_VHTOP0_CHAN_WIDTH_HT; 6672 if ((ni->ni_flags & IEEE80211_NODE_VHT) && 6673 IEEE80211_CHAN_80MHZ_ALLOWED(ni->ni_chan) && 6674 ieee80211_node_supports_vht_chan80(ni)) 6675 vht_chan_width = IEEE80211_VHTOP0_CHAN_WIDTH_80; 6676 else if (IEEE80211_CHAN_40MHZ_ALLOWED(ni->ni_chan) && 6677 ieee80211_node_supports_ht_chan40(ni)) 6678 sco = (ni->ni_htop0 & IEEE80211_HTOP0_SCO_MASK); 6679 if (ni->ni_flags & IEEE80211_NODE_VHT) 6680 rate_flags |= IWM_RATE_MCS_VHT_MSK; 6681 else 6682 rate_flags |= IWM_RATE_MCS_HT_MSK; 6683 if (vht_chan_width == IEEE80211_VHTOP0_CHAN_WIDTH_80 && 6684 in->in_phyctxt != NULL && 6685 in->in_phyctxt->vht_chan_width == vht_chan_width) { 6686 rate_flags |= IWM_RATE_MCS_CHAN_WIDTH_80; 6687 if (ieee80211_node_supports_vht_sgi80(ni)) 6688 rate_flags |= IWM_RATE_MCS_SGI_MSK; 6689 } else if ((sco == IEEE80211_HTOP0_SCO_SCA || 6690 sco == IEEE80211_HTOP0_SCO_SCB) && 6691 in->in_phyctxt != NULL && in->in_phyctxt->sco == sco) { 6692 rate_flags |= IWM_RATE_MCS_CHAN_WIDTH_40; 6693 if (ieee80211_node_supports_ht_sgi40(ni)) 6694 rate_flags |= IWM_RATE_MCS_SGI_MSK; 6695 } else if (ieee80211_node_supports_ht_sgi20(ni)) 6696 rate_flags |= IWM_RATE_MCS_SGI_MSK; 6697 if (ni->ni_flags & IEEE80211_NODE_VHT) { 6698 /* 6699 * ifmedia only provides an MCS index, no NSS. 6700 * Use a fixed SISO rate. 6701 */ 6702 tx->rate_n_flags = htole32(rate_flags | 6703 (ic->ic_fixed_mcs & 6704 IWM_RATE_VHT_MCS_RATE_CODE_MSK)); 6705 } else 6706 tx->rate_n_flags = htole32(rate_flags | rinfo->ht_plcp); 6707 } else 6708 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp); 6709 6710 return rate; 6711} 6712 6713#define TB0_SIZE 16 6714int 6715iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac) 6716{ 6717 struct ieee80211com *ic = &sc->sc_ic; 6718 struct iwm_node *in = (void *)ni; 6719 struct iwm_tx_ring *ring; 6720 struct iwm_tx_data *data; 6721 struct iwm_tfd *desc; 6722 struct iwm_device_cmd *cmd; 6723 struct iwm_tx_cmd *tx; 6724 struct ieee80211_frame *wh; 6725 struct ieee80211_key *k = NULL; 6726 uint8_t rate; 6727 uint8_t *ivp; 6728 uint32_t flags; 6729 u_int hdrlen; 6730 bus_dma_segment_t *seg; 6731 uint8_t tid, type, subtype; 6732 int i, totlen, err, pad; 6733 int qid, hasqos; 6734 6735 wh = mtod(m, struct ieee80211_frame *); 6736 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 6737 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 6738 if (type == IEEE80211_FC0_TYPE_CTL) 6739 hdrlen = sizeof(struct ieee80211_frame_min); 6740 else 6741 hdrlen = ieee80211_get_hdrlen(wh); 6742 6743 hasqos = ieee80211_has_qos(wh); 6744 if (type == IEEE80211_FC0_TYPE_DATA) 6745 tid = IWM_TID_NON_QOS; 6746 else 6747 tid = IWM_MAX_TID_COUNT; 6748 6749 /* 6750 * Map EDCA categories to Tx data queues. 6751 * 6752 * We use static data queue assignments even in DQA mode. We do not 6753 * need to share Tx queues between stations because we only implement 6754 * client mode; the firmware's station table contains only one entry 6755 * which represents our access point. 6756 */ 6757 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 6758 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_DQA_SUPPORT)) 6759 qid = IWM_DQA_INJECT_MONITOR_QUEUE; 6760 else 6761 qid = IWM_AUX_QUEUE; 6762 } else if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_DQA_SUPPORT)) 6763 qid = IWM_DQA_MIN_MGMT_QUEUE + ac; 6764 else 6765 qid = ac; 6766 6767 /* If possible, put this frame on an aggregation queue. */ 6768 if (hasqos) { 6769 struct ieee80211_tx_ba *ba; 6770 uint16_t qos = ieee80211_get_qos(wh); 6771 int qostid = qos & IEEE80211_QOS_TID; 6772 int agg_qid = IWM_FIRST_AGG_TX_QUEUE + qostid; 6773 6774 ba = &ni->ni_tx_ba[qostid]; 6775 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 6776 type == IEEE80211_FC0_TYPE_DATA && 6777 subtype != IEEE80211_FC0_SUBTYPE_NODATA && 6778 (sc->tx_ba_queue_mask & (1 << agg_qid)) && 6779 ba->ba_state == IEEE80211_BA_AGREED) { 6780 qid = agg_qid; 6781 tid = qostid; 6782 ac = ieee80211_up_to_ac(ic, qostid); 6783 } 6784 } 6785 6786 ring = &sc->txq[qid]; 6787 desc = &ring->desc[ring->cur]; 6788 memset(desc, 0, sizeof(*desc)); 6789 data = &ring->data[ring->cur]; 6790 6791 cmd = &ring->cmd[ring->cur]; 6792 cmd->hdr.code = IWM_TX_CMD; 6793 cmd->hdr.flags = 0; 6794 cmd->hdr.qid = ring->qid; 6795 cmd->hdr.idx = ring->cur; 6796 6797 tx = (void *)cmd->data; 6798 memset(tx, 0, sizeof(*tx)); 6799 6800 rate = iwm_tx_fill_cmd(sc, in, wh, tx); 6801 6802#if NBPFILTER > 0 6803 if (sc->sc_drvbpf != NULL) { 6804 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap; 6805 uint16_t chan_flags; 6806 6807 tap->wt_flags = 0; 6808 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 6809 chan_flags = ni->ni_chan->ic_flags; 6810 if (ic->ic_curmode != IEEE80211_MODE_11N && 6811 ic->ic_curmode != IEEE80211_MODE_11AC) { 6812 chan_flags &= ~IEEE80211_CHAN_HT; 6813 chan_flags &= ~IEEE80211_CHAN_40MHZ; 6814 } 6815 if (ic->ic_curmode != IEEE80211_MODE_11AC) 6816 chan_flags &= ~IEEE80211_CHAN_VHT; 6817 tap->wt_chan_flags = htole16(chan_flags); 6818 if ((ni->ni_flags & IEEE80211_NODE_HT) && 6819 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 6820 type == IEEE80211_FC0_TYPE_DATA) { 6821 tap->wt_rate = (0x80 | ni->ni_txmcs); 6822 } else 6823 tap->wt_rate = rate; 6824 if ((ic->ic_flags & IEEE80211_F_WEPON) && 6825 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) 6826 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 6827 6828 bpf_mtap_hdr(sc->sc_drvbpf, tap, sc->sc_txtap_len, 6829 m, BPF_DIRECTION_OUT); 6830 } 6831#endif 6832 totlen = m->m_pkthdr.len; 6833 6834 if (ic->ic_opmode != IEEE80211_M_MONITOR && 6835 (wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) { 6836 k = ieee80211_get_txkey(ic, wh, ni); 6837 if ((k->k_flags & IEEE80211_KEY_GROUP) || 6838 (k->k_cipher != IEEE80211_CIPHER_CCMP)) { 6839 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) 6840 return ENOBUFS; 6841 /* 802.11 header may have moved. */ 6842 wh = mtod(m, struct ieee80211_frame *); 6843 totlen = m->m_pkthdr.len; 6844 k = NULL; /* skip hardware crypto below */ 6845 } else { 6846 /* HW appends CCMP MIC */ 6847 totlen += IEEE80211_CCMP_HDRLEN; 6848 } 6849 } 6850 6851 flags = 0; 6852 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 6853 flags |= IWM_TX_CMD_FLG_ACK; 6854 } 6855 6856 if (type == IEEE80211_FC0_TYPE_DATA && 6857 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 6858 (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold || 6859 (ic->ic_flags & IEEE80211_F_USEPROT))) 6860 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE; 6861 6862 if (ic->ic_opmode == IEEE80211_M_MONITOR) 6863 tx->sta_id = IWM_MONITOR_STA_ID; 6864 else 6865 tx->sta_id = IWM_STATION_ID; 6866 6867 if (type == IEEE80211_FC0_TYPE_MGT) { 6868 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 6869 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 6870 tx->pm_frame_timeout = htole16(3); 6871 else 6872 tx->pm_frame_timeout = htole16(2); 6873 } else { 6874 if (type == IEEE80211_FC0_TYPE_CTL && 6875 subtype == IEEE80211_FC0_SUBTYPE_BAR) { 6876 struct ieee80211_frame_min *mwh; 6877 uint8_t *barfrm; 6878 uint16_t ctl; 6879 mwh = mtod(m, struct ieee80211_frame_min *); 6880 barfrm = (uint8_t *)&mwh[1]; 6881 ctl = LE_READ_2(barfrm); 6882 tid = (ctl & IEEE80211_BA_TID_INFO_MASK) >> 6883 IEEE80211_BA_TID_INFO_SHIFT; 6884 flags |= IWM_TX_CMD_FLG_ACK | IWM_TX_CMD_FLG_BAR; 6885 tx->data_retry_limit = IWM_BAR_DFAULT_RETRY_LIMIT; 6886 } 6887 6888 tx->pm_frame_timeout = htole16(0); 6889 } 6890 6891 if (hdrlen & 3) { 6892 /* First segment length must be a multiple of 4. */ 6893 flags |= IWM_TX_CMD_FLG_MH_PAD; 6894 tx->offload_assist |= htole16(IWM_TX_CMD_OFFLD_PAD); 6895 pad = 4 - (hdrlen & 3); 6896 } else 6897 pad = 0; 6898 6899 tx->len = htole16(totlen); 6900 tx->tid_tspec = tid; 6901 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE); 6902 6903 /* Set physical address of "scratch area". */ 6904 tx->dram_lsb_ptr = htole32(data->scratch_paddr); 6905 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr); 6906 6907 /* Copy 802.11 header in TX command. */ 6908 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 6909 6910 if (k != NULL && k->k_cipher == IEEE80211_CIPHER_CCMP) { 6911 /* Trim 802.11 header and prepend CCMP IV. */ 6912 m_adj(m, hdrlen - IEEE80211_CCMP_HDRLEN); 6913 ivp = mtod(m, u_int8_t *); 6914 k->k_tsc++; /* increment the 48-bit PN */ 6915 ivp[0] = k->k_tsc; /* PN0 */ 6916 ivp[1] = k->k_tsc >> 8; /* PN1 */ 6917 ivp[2] = 0; /* Rsvd */ 6918 ivp[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 6919 ivp[4] = k->k_tsc >> 16; /* PN2 */ 6920 ivp[5] = k->k_tsc >> 24; /* PN3 */ 6921 ivp[6] = k->k_tsc >> 32; /* PN4 */ 6922 ivp[7] = k->k_tsc >> 40; /* PN5 */ 6923 6924 tx->sec_ctl = IWM_TX_CMD_SEC_CCM; 6925 memcpy(tx->key, k->k_key, MIN(sizeof(tx->key), k->k_len)); 6926 /* TX scheduler includes CCMP MIC length. */ 6927 totlen += IEEE80211_CCMP_MICLEN; 6928 } else { 6929 /* Trim 802.11 header. */ 6930 m_adj(m, hdrlen); 6931 tx->sec_ctl = 0; 6932 } 6933 6934 flags |= IWM_TX_CMD_FLG_BT_DIS; 6935 if (!hasqos) 6936 flags |= IWM_TX_CMD_FLG_SEQ_CTL; 6937 6938 tx->tx_flags |= htole32(flags); 6939 6940 err = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 6941 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 6942 if (err && err != EFBIG) { 6943 printf("%s: can't map mbuf (error %d)\n", DEVNAME(sc), err); 6944 m_freem(m); 6945 return err; 6946 } 6947 if (err) { 6948#ifdef __FreeBSD_version 6949 /* Too many DMA segments, linearize mbuf. */ 6950 struct mbuf* m1 = m_collapse(m, M_NOWAIT, IWM_NUM_OF_TBS - 2); 6951 if (m1 == NULL) { 6952 device_printf(sc->sc_dev, 6953 "%s: could not defrag mbuf\n", __func__); 6954 m_freem(m); 6955 return (ENOBUFS); 6956 } 6957 m = m1; 6958#else 6959 /* Too many DMA segments, linearize mbuf. */ 6960 if (m_defrag(m, M_DONTWAIT)) { 6961 m_freem(m); 6962 return ENOBUFS; 6963 } 6964#endif 6965 err = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 6966 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 6967 if (err) { 6968 printf("%s: can't map mbuf (error %d)\n", DEVNAME(sc), 6969 err); 6970 m_freem(m); 6971 return err; 6972 } 6973 } 6974 data->m = m; 6975 data->in = in; 6976 data->txmcs = ni->ni_txmcs; 6977 data->txrate = ni->ni_txrate; 6978 data->ampdu_txmcs = ni->ni_txmcs; /* updated upon Tx interrupt */ 6979 data->ampdu_txnss = ni->ni_vht_ss; /* updated upon Tx interrupt */ 6980 6981 /* Fill TX descriptor. */ 6982 desc->num_tbs = 2 + data->map->dm_nsegs; 6983 6984 desc->tbs[0].lo = htole32(data->cmd_paddr); 6985 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr) | 6986 (TB0_SIZE << 4)); 6987 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE); 6988 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr) | 6989 ((sizeof(struct iwm_cmd_header) + sizeof(*tx) 6990 + hdrlen + pad - TB0_SIZE) << 4)); 6991 6992 /* Other DMA segments are for data payload. */ 6993 seg = data->map->dm_segs; 6994 for (i = 0; i < data->map->dm_nsegs; i++, seg++) { 6995 desc->tbs[i+2].lo = htole32(seg->ds_addr); 6996 desc->tbs[i+2].hi_n_len = \ 6997 htole16(iwm_get_dma_hi_addr(seg->ds_addr) 6998 | ((seg->ds_len) << 4)); 6999 } 7000 7001 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 7002 BUS_DMASYNC_PREWRITE); 7003 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 7004 (char *)(void *)cmd - (char *)(void *)ring->cmd_dma.vaddr, 7005 sizeof (*cmd), BUS_DMASYNC_PREWRITE); 7006 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 7007 (char *)(void *)desc - (char *)(void *)ring->desc_dma.vaddr, 7008 sizeof (*desc), BUS_DMASYNC_PREWRITE); 7009 7010 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, totlen); 7011 7012 /* Kick TX ring. */ 7013 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT; 7014 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 7015 7016 /* Mark TX ring as full if we reach a certain threshold. */ 7017 if (++ring->queued > IWM_TX_RING_HIMARK) { 7018 sc->qfullmsk |= 1 << ring->qid; 7019 } 7020 7021 if (ic->ic_if.if_flags & IFF_UP) 7022 sc->sc_tx_timer[ring->qid] = 15; 7023 7024 return 0; 7025} 7026 7027int 7028iwm_flush_tx_path(struct iwm_softc *sc, int tfd_queue_msk) 7029{ 7030 struct iwm_tx_path_flush_cmd flush_cmd = { 7031 .sta_id = htole32(IWM_STATION_ID), 7032 .tid_mask = htole16(0xffff), 7033 }; 7034 int err; 7035 7036 err = iwm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, 0, 7037 sizeof(flush_cmd), &flush_cmd); 7038 if (err) 7039 printf("%s: Flushing tx queue failed: %d\n", DEVNAME(sc), err); 7040 return err; 7041} 7042 7043#define IWM_FLUSH_WAIT_MS 2000 7044 7045int 7046iwm_wait_tx_queues_empty(struct iwm_softc *sc) 7047{ 7048 int i, err; 7049 7050 for (i = 0; i < IWM_MAX_QUEUES; i++) { 7051 struct iwm_tx_ring *ring = &sc->txq[i]; 7052 7053 if (i == sc->cmdqid) 7054 continue; 7055 7056 while (ring->queued > 0) { 7057 err = tsleep_nsec(ring, 0, "iwmflush", 7058 MSEC_TO_NSEC(IWM_FLUSH_WAIT_MS)); 7059 if (err) 7060 return err; 7061 } 7062 } 7063 7064 return 0; 7065} 7066 7067void 7068iwm_led_enable(struct iwm_softc *sc) 7069{ 7070 IWM_WRITE(sc, IWM_CSR_LED_REG, IWM_CSR_LED_REG_TURN_ON); 7071} 7072 7073void 7074iwm_led_disable(struct iwm_softc *sc) 7075{ 7076 IWM_WRITE(sc, IWM_CSR_LED_REG, IWM_CSR_LED_REG_TURN_OFF); 7077} 7078 7079int 7080iwm_led_is_enabled(struct iwm_softc *sc) 7081{ 7082 return (IWM_READ(sc, IWM_CSR_LED_REG) == IWM_CSR_LED_REG_TURN_ON); 7083} 7084 7085#define IWM_LED_BLINK_TIMEOUT_MSEC 200 7086 7087void 7088iwm_led_blink_timeout(void *arg) 7089{ 7090 struct iwm_softc *sc = arg; 7091 7092 if (iwm_led_is_enabled(sc)) 7093 iwm_led_disable(sc); 7094 else 7095 iwm_led_enable(sc); 7096 7097 timeout_add_msec(&sc->sc_led_blink_to, IWM_LED_BLINK_TIMEOUT_MSEC); 7098} 7099 7100void 7101iwm_led_blink_start(struct iwm_softc *sc) 7102{ 7103 timeout_add_msec(&sc->sc_led_blink_to, IWM_LED_BLINK_TIMEOUT_MSEC); 7104 iwm_led_enable(sc); 7105} 7106 7107void 7108iwm_led_blink_stop(struct iwm_softc *sc) 7109{ 7110 timeout_del(&sc->sc_led_blink_to); 7111 iwm_led_disable(sc); 7112} 7113 7114#define IWM_POWER_KEEP_ALIVE_PERIOD_SEC 25 7115 7116int 7117iwm_beacon_filter_send_cmd(struct iwm_softc *sc, 7118 struct iwm_beacon_filter_cmd *cmd) 7119{ 7120 return iwm_send_cmd_pdu(sc, IWM_REPLY_BEACON_FILTERING_CMD, 7121 0, sizeof(struct iwm_beacon_filter_cmd), cmd); 7122} 7123 7124void 7125iwm_beacon_filter_set_cqm_params(struct iwm_softc *sc, struct iwm_node *in, 7126 struct iwm_beacon_filter_cmd *cmd) 7127{ 7128 cmd->ba_enable_beacon_abort = htole32(sc->sc_bf.ba_enabled); 7129} 7130 7131int 7132iwm_update_beacon_abort(struct iwm_softc *sc, struct iwm_node *in, int enable) 7133{ 7134 struct iwm_beacon_filter_cmd cmd = { 7135 IWM_BF_CMD_CONFIG_DEFAULTS, 7136 .bf_enable_beacon_filter = htole32(1), 7137 .ba_enable_beacon_abort = htole32(enable), 7138 }; 7139 7140 if (!sc->sc_bf.bf_enabled) 7141 return 0; 7142 7143 sc->sc_bf.ba_enabled = enable; 7144 iwm_beacon_filter_set_cqm_params(sc, in, &cmd); 7145 return iwm_beacon_filter_send_cmd(sc, &cmd); 7146} 7147 7148void 7149iwm_power_build_cmd(struct iwm_softc *sc, struct iwm_node *in, 7150 struct iwm_mac_power_cmd *cmd) 7151{ 7152 struct ieee80211com *ic = &sc->sc_ic; 7153 struct ieee80211_node *ni = &in->in_ni; 7154 int dtim_period, dtim_msec, keep_alive; 7155 7156 cmd->id_and_color = htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, 7157 in->in_color)); 7158 if (ni->ni_dtimperiod) 7159 dtim_period = ni->ni_dtimperiod; 7160 else 7161 dtim_period = 1; 7162 7163 /* 7164 * Regardless of power management state the driver must set 7165 * keep alive period. FW will use it for sending keep alive NDPs 7166 * immediately after association. Check that keep alive period 7167 * is at least 3 * DTIM. 7168 */ 7169 dtim_msec = dtim_period * ni->ni_intval; 7170 keep_alive = MAX(3 * dtim_msec, 1000 * IWM_POWER_KEEP_ALIVE_PERIOD_SEC); 7171 keep_alive = roundup(keep_alive, 1000) / 1000; 7172 cmd->keep_alive_seconds = htole16(keep_alive); 7173 7174 if (ic->ic_opmode != IEEE80211_M_MONITOR) 7175 cmd->flags = htole16(IWM_POWER_FLAGS_POWER_SAVE_ENA_MSK); 7176} 7177 7178int 7179iwm_power_mac_update_mode(struct iwm_softc *sc, struct iwm_node *in) 7180{ 7181 int err; 7182 int ba_enable; 7183 struct iwm_mac_power_cmd cmd; 7184 7185 memset(&cmd, 0, sizeof(cmd)); 7186 7187 iwm_power_build_cmd(sc, in, &cmd); 7188 7189 err = iwm_send_cmd_pdu(sc, IWM_MAC_PM_POWER_TABLE, 0, 7190 sizeof(cmd), &cmd); 7191 if (err != 0) 7192 return err; 7193 7194 ba_enable = !!(cmd.flags & 7195 htole16(IWM_POWER_FLAGS_POWER_MANAGEMENT_ENA_MSK)); 7196 return iwm_update_beacon_abort(sc, in, ba_enable); 7197} 7198 7199int 7200iwm_power_update_device(struct iwm_softc *sc) 7201{ 7202 struct iwm_device_power_cmd cmd = { }; 7203 struct ieee80211com *ic = &sc->sc_ic; 7204 7205 if (ic->ic_opmode != IEEE80211_M_MONITOR) 7206 cmd.flags = htole16(IWM_DEVICE_POWER_FLAGS_POWER_SAVE_ENA_MSK); 7207 7208 return iwm_send_cmd_pdu(sc, 7209 IWM_POWER_TABLE_CMD, 0, sizeof(cmd), &cmd); 7210} 7211 7212int 7213iwm_enable_beacon_filter(struct iwm_softc *sc, struct iwm_node *in) 7214{ 7215 struct iwm_beacon_filter_cmd cmd = { 7216 IWM_BF_CMD_CONFIG_DEFAULTS, 7217 .bf_enable_beacon_filter = htole32(1), 7218 }; 7219 int err; 7220 7221 iwm_beacon_filter_set_cqm_params(sc, in, &cmd); 7222 err = iwm_beacon_filter_send_cmd(sc, &cmd); 7223 7224 if (err == 0) 7225 sc->sc_bf.bf_enabled = 1; 7226 7227 return err; 7228} 7229 7230int 7231iwm_disable_beacon_filter(struct iwm_softc *sc) 7232{ 7233 struct iwm_beacon_filter_cmd cmd; 7234 int err; 7235 7236 memset(&cmd, 0, sizeof(cmd)); 7237 7238 err = iwm_beacon_filter_send_cmd(sc, &cmd); 7239 if (err == 0) 7240 sc->sc_bf.bf_enabled = 0; 7241 7242 return err; 7243} 7244 7245int 7246iwm_add_sta_cmd(struct iwm_softc *sc, struct iwm_node *in, int update) 7247{ 7248 struct iwm_add_sta_cmd add_sta_cmd; 7249 int err; 7250 uint32_t status, aggsize; 7251 const uint32_t max_aggsize = (IWM_STA_FLG_MAX_AGG_SIZE_64K >> 7252 IWM_STA_FLG_MAX_AGG_SIZE_SHIFT); 7253 size_t cmdsize; 7254 struct ieee80211com *ic = &sc->sc_ic; 7255 7256 if (!update && (sc->sc_flags & IWM_FLAG_STA_ACTIVE)) 7257 panic("STA already added"); 7258 7259 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd)); 7260 7261 if (ic->ic_opmode == IEEE80211_M_MONITOR) 7262 add_sta_cmd.sta_id = IWM_MONITOR_STA_ID; 7263 else 7264 add_sta_cmd.sta_id = IWM_STATION_ID; 7265 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_STA_TYPE)) { 7266 if (ic->ic_opmode == IEEE80211_M_MONITOR) 7267 add_sta_cmd.station_type = IWM_STA_GENERAL_PURPOSE; 7268 else 7269 add_sta_cmd.station_type = IWM_STA_LINK; 7270 } 7271 add_sta_cmd.mac_id_n_color 7272 = htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, in->in_color)); 7273 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 7274 int qid; 7275 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, etheranyaddr); 7276 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_DQA_SUPPORT)) 7277 qid = IWM_DQA_INJECT_MONITOR_QUEUE; 7278 else 7279 qid = IWM_AUX_QUEUE; 7280 in->tfd_queue_msk |= (1 << qid); 7281 } else { 7282 int ac; 7283 for (ac = 0; ac < EDCA_NUM_AC; ac++) { 7284 int qid = ac; 7285 if (isset(sc->sc_enabled_capa, 7286 IWM_UCODE_TLV_CAPA_DQA_SUPPORT)) 7287 qid += IWM_DQA_MIN_MGMT_QUEUE; 7288 in->tfd_queue_msk |= (1 << qid); 7289 } 7290 } 7291 if (!update) { 7292 if (ic->ic_opmode == IEEE80211_M_MONITOR) 7293 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, 7294 etherbroadcastaddr); 7295 else 7296 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, 7297 in->in_macaddr); 7298 } 7299 add_sta_cmd.add_modify = update ? 1 : 0; 7300 add_sta_cmd.station_flags_msk 7301 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK); 7302 if (update) { 7303 add_sta_cmd.modify_mask |= (IWM_STA_MODIFY_QUEUES | 7304 IWM_STA_MODIFY_TID_DISABLE_TX); 7305 } 7306 add_sta_cmd.tid_disable_tx = htole16(in->tid_disable_ampdu); 7307 add_sta_cmd.tfd_queue_msk = htole32(in->tfd_queue_msk); 7308 7309 if (in->in_ni.ni_flags & IEEE80211_NODE_HT) { 7310 add_sta_cmd.station_flags_msk 7311 |= htole32(IWM_STA_FLG_MAX_AGG_SIZE_MSK | 7312 IWM_STA_FLG_AGG_MPDU_DENS_MSK); 7313 7314 if (iwm_mimo_enabled(sc)) { 7315 if (in->in_ni.ni_flags & IEEE80211_NODE_VHT) { 7316 uint16_t rx_mcs = (in->in_ni.ni_vht_rxmcs & 7317 IEEE80211_VHT_MCS_FOR_SS_MASK(2)) >> 7318 IEEE80211_VHT_MCS_FOR_SS_SHIFT(2); 7319 if (rx_mcs != IEEE80211_VHT_MCS_SS_NOT_SUPP) { 7320 add_sta_cmd.station_flags |= 7321 htole32(IWM_STA_FLG_MIMO_EN_MIMO2); 7322 } 7323 } else { 7324 if (in->in_ni.ni_rxmcs[1] != 0) { 7325 add_sta_cmd.station_flags |= 7326 htole32(IWM_STA_FLG_MIMO_EN_MIMO2); 7327 } 7328 if (in->in_ni.ni_rxmcs[2] != 0) { 7329 add_sta_cmd.station_flags |= 7330 htole32(IWM_STA_FLG_MIMO_EN_MIMO3); 7331 } 7332 } 7333 } 7334 7335 if (IEEE80211_CHAN_40MHZ_ALLOWED(in->in_ni.ni_chan) && 7336 ieee80211_node_supports_ht_chan40(&in->in_ni)) { 7337 add_sta_cmd.station_flags |= htole32( 7338 IWM_STA_FLG_FAT_EN_40MHZ); 7339 } 7340 7341 if (in->in_ni.ni_flags & IEEE80211_NODE_VHT) { 7342 if (IEEE80211_CHAN_80MHZ_ALLOWED(in->in_ni.ni_chan) && 7343 ieee80211_node_supports_vht_chan80(&in->in_ni)) { 7344 add_sta_cmd.station_flags |= htole32( 7345 IWM_STA_FLG_FAT_EN_80MHZ); 7346 } 7347 aggsize = (in->in_ni.ni_vhtcaps & 7348 IEEE80211_VHTCAP_MAX_AMPDU_LEN_MASK) >> 7349 IEEE80211_VHTCAP_MAX_AMPDU_LEN_SHIFT; 7350 } else { 7351 aggsize = (in->in_ni.ni_ampdu_param & 7352 IEEE80211_AMPDU_PARAM_LE); 7353 } 7354 if (aggsize > max_aggsize) 7355 aggsize = max_aggsize; 7356 add_sta_cmd.station_flags |= htole32((aggsize << 7357 IWM_STA_FLG_MAX_AGG_SIZE_SHIFT) & 7358 IWM_STA_FLG_MAX_AGG_SIZE_MSK); 7359 7360 switch (in->in_ni.ni_ampdu_param & IEEE80211_AMPDU_PARAM_SS) { 7361 case IEEE80211_AMPDU_PARAM_SS_2: 7362 add_sta_cmd.station_flags 7363 |= htole32(IWM_STA_FLG_AGG_MPDU_DENS_2US); 7364 break; 7365 case IEEE80211_AMPDU_PARAM_SS_4: 7366 add_sta_cmd.station_flags 7367 |= htole32(IWM_STA_FLG_AGG_MPDU_DENS_4US); 7368 break; 7369 case IEEE80211_AMPDU_PARAM_SS_8: 7370 add_sta_cmd.station_flags 7371 |= htole32(IWM_STA_FLG_AGG_MPDU_DENS_8US); 7372 break; 7373 case IEEE80211_AMPDU_PARAM_SS_16: 7374 add_sta_cmd.station_flags 7375 |= htole32(IWM_STA_FLG_AGG_MPDU_DENS_16US); 7376 break; 7377 default: 7378 break; 7379 } 7380 } 7381 7382 status = IWM_ADD_STA_SUCCESS; 7383 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_STA_TYPE)) 7384 cmdsize = sizeof(add_sta_cmd); 7385 else 7386 cmdsize = sizeof(struct iwm_add_sta_cmd_v7); 7387 err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA, cmdsize, 7388 &add_sta_cmd, &status); 7389 if (!err && (status & IWM_ADD_STA_STATUS_MASK) != IWM_ADD_STA_SUCCESS) 7390 err = EIO; 7391 7392 return err; 7393} 7394 7395int 7396iwm_add_aux_sta(struct iwm_softc *sc) 7397{ 7398 struct iwm_add_sta_cmd cmd; 7399 int err, qid; 7400 uint32_t status; 7401 size_t cmdsize; 7402 7403 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_DQA_SUPPORT)) { 7404 qid = IWM_DQA_AUX_QUEUE; 7405 err = iwm_enable_txq(sc, IWM_AUX_STA_ID, qid, 7406 IWM_TX_FIFO_MCAST, 0, IWM_MAX_TID_COUNT, 0); 7407 } else { 7408 qid = IWM_AUX_QUEUE; 7409 err = iwm_enable_ac_txq(sc, qid, IWM_TX_FIFO_MCAST); 7410 } 7411 if (err) 7412 return err; 7413 7414 memset(&cmd, 0, sizeof(cmd)); 7415 cmd.sta_id = IWM_AUX_STA_ID; 7416 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_STA_TYPE)) 7417 cmd.station_type = IWM_STA_AUX_ACTIVITY; 7418 cmd.mac_id_n_color = 7419 htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_MAC_INDEX_AUX, 0)); 7420 cmd.tfd_queue_msk = htole32(1 << qid); 7421 cmd.tid_disable_tx = htole16(0xffff); 7422 7423 status = IWM_ADD_STA_SUCCESS; 7424 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_STA_TYPE)) 7425 cmdsize = sizeof(cmd); 7426 else 7427 cmdsize = sizeof(struct iwm_add_sta_cmd_v7); 7428 err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA, cmdsize, &cmd, 7429 &status); 7430 if (!err && (status & IWM_ADD_STA_STATUS_MASK) != IWM_ADD_STA_SUCCESS) 7431 err = EIO; 7432 7433 return err; 7434} 7435 7436int 7437iwm_drain_sta(struct iwm_softc *sc, struct iwm_node* in, int drain) 7438{ 7439 struct iwm_add_sta_cmd cmd; 7440 int err; 7441 uint32_t status; 7442 size_t cmdsize; 7443 7444 memset(&cmd, 0, sizeof(cmd)); 7445 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, 7446 in->in_color)); 7447 cmd.sta_id = IWM_STATION_ID; 7448 cmd.add_modify = IWM_STA_MODE_MODIFY; 7449 cmd.station_flags = drain ? htole32(IWM_STA_FLG_DRAIN_FLOW) : 0; 7450 cmd.station_flags_msk = htole32(IWM_STA_FLG_DRAIN_FLOW); 7451 7452 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_STA_TYPE)) 7453 cmdsize = sizeof(cmd); 7454 else 7455 cmdsize = sizeof(struct iwm_add_sta_cmd_v7); 7456 7457 status = IWM_ADD_STA_SUCCESS; 7458 err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA, 7459 cmdsize, &cmd, &status); 7460 if (err) { 7461 printf("%s: could not update sta (error %d)\n", 7462 DEVNAME(sc), err); 7463 return err; 7464 } 7465 7466 switch (status & IWM_ADD_STA_STATUS_MASK) { 7467 case IWM_ADD_STA_SUCCESS: 7468 break; 7469 default: 7470 err = EIO; 7471 printf("%s: Couldn't %s draining for station\n", 7472 DEVNAME(sc), drain ? "enable" : "disable"); 7473 break; 7474 } 7475 7476 return err; 7477} 7478 7479int 7480iwm_flush_sta(struct iwm_softc *sc, struct iwm_node *in) 7481{ 7482 int err; 7483 7484 sc->sc_flags |= IWM_FLAG_TXFLUSH; 7485 7486 err = iwm_drain_sta(sc, in, 1); 7487 if (err) 7488 goto done; 7489 7490 err = iwm_flush_tx_path(sc, in->tfd_queue_msk); 7491 if (err) { 7492 printf("%s: could not flush Tx path (error %d)\n", 7493 DEVNAME(sc), err); 7494 goto done; 7495 } 7496 7497 /* 7498 * Flushing Tx rings may fail if the AP has disappeared. 7499 * We can rely on iwm_newstate_task() to reset everything and begin 7500 * scanning again if we are left with outstanding frames on queues. 7501 */ 7502 err = iwm_wait_tx_queues_empty(sc); 7503 if (err) 7504 goto done; 7505 7506 err = iwm_drain_sta(sc, in, 0); 7507done: 7508 sc->sc_flags &= ~IWM_FLAG_TXFLUSH; 7509 return err; 7510} 7511 7512int 7513iwm_rm_sta_cmd(struct iwm_softc *sc, struct iwm_node *in) 7514{ 7515 struct ieee80211com *ic = &sc->sc_ic; 7516 struct iwm_rm_sta_cmd rm_sta_cmd; 7517 int err; 7518 7519 if ((sc->sc_flags & IWM_FLAG_STA_ACTIVE) == 0) 7520 panic("sta already removed"); 7521 7522 memset(&rm_sta_cmd, 0, sizeof(rm_sta_cmd)); 7523 if (ic->ic_opmode == IEEE80211_M_MONITOR) 7524 rm_sta_cmd.sta_id = IWM_MONITOR_STA_ID; 7525 else 7526 rm_sta_cmd.sta_id = IWM_STATION_ID; 7527 7528 err = iwm_send_cmd_pdu(sc, IWM_REMOVE_STA, 0, sizeof(rm_sta_cmd), 7529 &rm_sta_cmd); 7530 7531 return err; 7532} 7533 7534uint16_t 7535iwm_scan_rx_chain(struct iwm_softc *sc) 7536{ 7537 uint16_t rx_chain; 7538 uint8_t rx_ant; 7539 7540 rx_ant = iwm_fw_valid_rx_ant(sc); 7541 rx_chain = rx_ant << IWM_PHY_RX_CHAIN_VALID_POS; 7542 rx_chain |= rx_ant << IWM_PHY_RX_CHAIN_FORCE_MIMO_SEL_POS; 7543 rx_chain |= rx_ant << IWM_PHY_RX_CHAIN_FORCE_SEL_POS; 7544 rx_chain |= 0x1 << IWM_PHY_RX_CHAIN_DRIVER_FORCE_POS; 7545 return htole16(rx_chain); 7546} 7547 7548uint32_t 7549iwm_scan_rate_n_flags(struct iwm_softc *sc, int flags, int no_cck) 7550{ 7551 uint32_t tx_ant; 7552 int i, ind; 7553 7554 for (i = 0, ind = sc->sc_scan_last_antenna; 7555 i < IWM_RATE_MCS_ANT_NUM; i++) { 7556 ind = (ind + 1) % IWM_RATE_MCS_ANT_NUM; 7557 if (iwm_fw_valid_tx_ant(sc) & (1 << ind)) { 7558 sc->sc_scan_last_antenna = ind; 7559 break; 7560 } 7561 } 7562 tx_ant = (1 << sc->sc_scan_last_antenna) << IWM_RATE_MCS_ANT_POS; 7563 7564 if ((flags & IEEE80211_CHAN_2GHZ) && !no_cck) 7565 return htole32(IWM_RATE_1M_PLCP | IWM_RATE_MCS_CCK_MSK | 7566 tx_ant); 7567 else 7568 return htole32(IWM_RATE_6M_PLCP | tx_ant); 7569} 7570 7571uint8_t 7572iwm_lmac_scan_fill_channels(struct iwm_softc *sc, 7573 struct iwm_scan_channel_cfg_lmac *chan, int n_ssids, int bgscan) 7574{ 7575 struct ieee80211com *ic = &sc->sc_ic; 7576 struct ieee80211_channel *c; 7577 uint8_t nchan; 7578 7579 for (nchan = 0, c = &ic->ic_channels[1]; 7580 c <= &ic->ic_channels[IEEE80211_CHAN_MAX] && 7581 nchan < sc->sc_capa_n_scan_channels; 7582 c++) { 7583 if (c->ic_flags == 0) 7584 continue; 7585 7586 chan->channel_num = htole16(ieee80211_mhz2ieee(c->ic_freq, 0)); 7587 chan->iter_count = htole16(1); 7588 chan->iter_interval = 0; 7589 chan->flags = htole32(IWM_UNIFIED_SCAN_CHANNEL_PARTIAL); 7590 if (n_ssids != 0 && !bgscan) 7591 chan->flags |= htole32(1 << 1); /* select SSID 0 */ 7592 chan++; 7593 nchan++; 7594 } 7595 7596 return nchan; 7597} 7598 7599uint8_t 7600iwm_umac_scan_fill_channels(struct iwm_softc *sc, 7601 struct iwm_scan_channel_cfg_umac *chan, int n_ssids, int bgscan) 7602{ 7603 struct ieee80211com *ic = &sc->sc_ic; 7604 struct ieee80211_channel *c; 7605 uint8_t nchan; 7606 7607 for (nchan = 0, c = &ic->ic_channels[1]; 7608 c <= &ic->ic_channels[IEEE80211_CHAN_MAX] && 7609 nchan < sc->sc_capa_n_scan_channels; 7610 c++) { 7611 if (c->ic_flags == 0) 7612 continue; 7613 7614 chan->channel_num = ieee80211_mhz2ieee(c->ic_freq, 0); 7615 chan->iter_count = 1; 7616 chan->iter_interval = htole16(0); 7617 if (n_ssids != 0 && !bgscan) 7618 chan->flags = htole32(1 << 0); /* select SSID 0 */ 7619 chan++; 7620 nchan++; 7621 } 7622 7623 return nchan; 7624} 7625 7626int 7627iwm_fill_probe_req_v1(struct iwm_softc *sc, struct iwm_scan_probe_req_v1 *preq1) 7628{ 7629 struct iwm_scan_probe_req preq2; 7630 int err, i; 7631 7632 err = iwm_fill_probe_req(sc, &preq2); 7633 if (err) 7634 return err; 7635 7636 preq1->mac_header = preq2.mac_header; 7637 for (i = 0; i < nitems(preq1->band_data); i++) 7638 preq1->band_data[i] = preq2.band_data[i]; 7639 preq1->common_data = preq2.common_data; 7640 memcpy(preq1->buf, preq2.buf, sizeof(preq1->buf)); 7641 return 0; 7642} 7643 7644int 7645iwm_fill_probe_req(struct iwm_softc *sc, struct iwm_scan_probe_req *preq) 7646{ 7647 struct ieee80211com *ic = &sc->sc_ic; 7648 struct ieee80211_frame *wh = (struct ieee80211_frame *)preq->buf; 7649 struct ieee80211_rateset *rs; 7650 size_t remain = sizeof(preq->buf); 7651 uint8_t *frm, *pos; 7652 7653 memset(preq, 0, sizeof(*preq)); 7654 7655 if (remain < sizeof(*wh) + 2) 7656 return ENOBUFS; 7657 7658 /* 7659 * Build a probe request frame. Most of the following code is a 7660 * copy & paste of what is done in net80211. 7661 */ 7662 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 7663 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 7664 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 7665 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 7666 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 7667 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 7668 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 7669 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 7670 7671 frm = (uint8_t *)(wh + 1); 7672 7673 *frm++ = IEEE80211_ELEMID_SSID; 7674 *frm++ = 0; 7675 /* hardware inserts SSID */ 7676 7677 /* Tell firmware where the MAC header and SSID IE are. */ 7678 preq->mac_header.offset = 0; 7679 preq->mac_header.len = htole16(frm - (uint8_t *)wh); 7680 remain -= frm - (uint8_t *)wh; 7681 7682 /* Fill in 2GHz IEs and tell firmware where they are. */ 7683 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 7684 if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 7685 if (remain < 4 + rs->rs_nrates) 7686 return ENOBUFS; 7687 } else if (remain < 2 + rs->rs_nrates) 7688 return ENOBUFS; 7689 preq->band_data[0].offset = htole16(frm - (uint8_t *)wh); 7690 pos = frm; 7691 frm = ieee80211_add_rates(frm, rs); 7692 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 7693 frm = ieee80211_add_xrates(frm, rs); 7694 remain -= frm - pos; 7695 7696 if (isset(sc->sc_enabled_capa, 7697 IWM_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT)) { 7698 if (remain < 3) 7699 return ENOBUFS; 7700 *frm++ = IEEE80211_ELEMID_DSPARMS; 7701 *frm++ = 1; 7702 *frm++ = 0; 7703 remain -= 3; 7704 } 7705 preq->band_data[0].len = htole16(frm - pos); 7706 7707 if (sc->sc_nvm.sku_cap_band_52GHz_enable) { 7708 /* Fill in 5GHz IEs. */ 7709 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 7710 if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 7711 if (remain < 4 + rs->rs_nrates) 7712 return ENOBUFS; 7713 } else if (remain < 2 + rs->rs_nrates) 7714 return ENOBUFS; 7715 preq->band_data[1].offset = htole16(frm - (uint8_t *)wh); 7716 pos = frm; 7717 frm = ieee80211_add_rates(frm, rs); 7718 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 7719 frm = ieee80211_add_xrates(frm, rs); 7720 preq->band_data[1].len = htole16(frm - pos); 7721 remain -= frm - pos; 7722 if (ic->ic_flags & IEEE80211_F_VHTON) { 7723 if (remain < 14) 7724 return ENOBUFS; 7725 frm = ieee80211_add_vhtcaps(frm, ic); 7726 remain -= frm - pos; 7727 preq->band_data[1].len = htole16(frm - pos); 7728 } 7729 } 7730 7731 /* Send 11n IEs on both 2GHz and 5GHz bands. */ 7732 preq->common_data.offset = htole16(frm - (uint8_t *)wh); 7733 pos = frm; 7734 if (ic->ic_flags & IEEE80211_F_HTON) { 7735 if (remain < 28) 7736 return ENOBUFS; 7737 frm = ieee80211_add_htcaps(frm, ic); 7738 /* XXX add WME info? */ 7739 remain -= frm - pos; 7740 } 7741 7742 preq->common_data.len = htole16(frm - pos); 7743 7744 return 0; 7745} 7746 7747int 7748iwm_lmac_scan(struct iwm_softc *sc, int bgscan) 7749{ 7750 struct ieee80211com *ic = &sc->sc_ic; 7751 struct iwm_host_cmd hcmd = { 7752 .id = IWM_SCAN_OFFLOAD_REQUEST_CMD, 7753 .len = { 0, }, 7754 .data = { NULL, }, 7755 .flags = 0, 7756 }; 7757 struct iwm_scan_req_lmac *req; 7758 struct iwm_scan_probe_req_v1 *preq; 7759 size_t req_len; 7760 int err, async = bgscan; 7761 7762 req_len = sizeof(struct iwm_scan_req_lmac) + 7763 (sizeof(struct iwm_scan_channel_cfg_lmac) * 7764 sc->sc_capa_n_scan_channels) + sizeof(struct iwm_scan_probe_req_v1); 7765 if (req_len > IWM_MAX_CMD_PAYLOAD_SIZE) 7766 return ENOMEM; 7767 req = malloc(req_len, M_DEVBUF, 7768 (async ? M_NOWAIT : M_WAIT) | M_CANFAIL | M_ZERO); 7769 if (req == NULL) 7770 return ENOMEM; 7771 7772 hcmd.len[0] = (uint16_t)req_len; 7773 hcmd.data[0] = (void *)req; 7774 hcmd.flags |= async ? IWM_CMD_ASYNC : 0; 7775 7776 /* These timings correspond to iwlwifi's UNASSOC scan. */ 7777 req->active_dwell = 10; 7778 req->passive_dwell = 110; 7779 req->fragmented_dwell = 44; 7780 req->extended_dwell = 90; 7781 if (bgscan) { 7782 req->max_out_time = htole32(120); 7783 req->suspend_time = htole32(120); 7784 } else { 7785 req->max_out_time = htole32(0); 7786 req->suspend_time = htole32(0); 7787 } 7788 req->scan_prio = htole32(IWM_SCAN_PRIORITY_HIGH); 7789 req->rx_chain_select = iwm_scan_rx_chain(sc); 7790 req->iter_num = htole32(1); 7791 req->delay = 0; 7792 7793 req->scan_flags = htole32(IWM_LMAC_SCAN_FLAG_PASS_ALL | 7794 IWM_LMAC_SCAN_FLAG_ITER_COMPLETE | 7795 IWM_LMAC_SCAN_FLAG_EXTENDED_DWELL); 7796 if (ic->ic_des_esslen == 0) 7797 req->scan_flags |= htole32(IWM_LMAC_SCAN_FLAG_PASSIVE); 7798 else 7799 req->scan_flags |= 7800 htole32(IWM_LMAC_SCAN_FLAG_PRE_CONNECTION); 7801 if (isset(sc->sc_enabled_capa, 7802 IWM_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT) && 7803 isset(sc->sc_enabled_capa, 7804 IWM_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT)) 7805 req->scan_flags |= htole32(IWM_LMAC_SCAN_FLAGS_RRM_ENABLED); 7806 7807 req->flags = htole32(IWM_PHY_BAND_24); 7808 if (sc->sc_nvm.sku_cap_band_52GHz_enable) 7809 req->flags |= htole32(IWM_PHY_BAND_5); 7810 req->filter_flags = 7811 htole32(IWM_MAC_FILTER_ACCEPT_GRP | IWM_MAC_FILTER_IN_BEACON); 7812 7813 /* Tx flags 2 GHz. */ 7814 req->tx_cmd[0].tx_flags = htole32(IWM_TX_CMD_FLG_SEQ_CTL | 7815 IWM_TX_CMD_FLG_BT_DIS); 7816 req->tx_cmd[0].rate_n_flags = 7817 iwm_scan_rate_n_flags(sc, IEEE80211_CHAN_2GHZ, 1/*XXX*/); 7818 req->tx_cmd[0].sta_id = IWM_AUX_STA_ID; 7819 7820 /* Tx flags 5 GHz. */ 7821 req->tx_cmd[1].tx_flags = htole32(IWM_TX_CMD_FLG_SEQ_CTL | 7822 IWM_TX_CMD_FLG_BT_DIS); 7823 req->tx_cmd[1].rate_n_flags = 7824 iwm_scan_rate_n_flags(sc, IEEE80211_CHAN_5GHZ, 1/*XXX*/); 7825 req->tx_cmd[1].sta_id = IWM_AUX_STA_ID; 7826 7827 /* Check if we're doing an active directed scan. */ 7828 if (ic->ic_des_esslen != 0) { 7829 req->direct_scan[0].id = IEEE80211_ELEMID_SSID; 7830 req->direct_scan[0].len = ic->ic_des_esslen; 7831 memcpy(req->direct_scan[0].ssid, ic->ic_des_essid, 7832 ic->ic_des_esslen); 7833 } 7834 7835 req->n_channels = iwm_lmac_scan_fill_channels(sc, 7836 (struct iwm_scan_channel_cfg_lmac *)req->data, 7837 ic->ic_des_esslen != 0, bgscan); 7838 7839 preq = (struct iwm_scan_probe_req_v1 *)(req->data + 7840 (sizeof(struct iwm_scan_channel_cfg_lmac) * 7841 sc->sc_capa_n_scan_channels)); 7842 err = iwm_fill_probe_req_v1(sc, preq); 7843 if (err) { 7844 free(req, M_DEVBUF, req_len); 7845 return err; 7846 } 7847 7848 /* Specify the scan plan: We'll do one iteration. */ 7849 req->schedule[0].iterations = 1; 7850 req->schedule[0].full_scan_mul = 1; 7851 7852 /* Disable EBS. */ 7853 req->channel_opt[0].non_ebs_ratio = 1; 7854 req->channel_opt[1].non_ebs_ratio = 1; 7855 7856 err = iwm_send_cmd(sc, &hcmd); 7857 free(req, M_DEVBUF, req_len); 7858 return err; 7859} 7860 7861int 7862iwm_config_umac_scan(struct iwm_softc *sc) 7863{ 7864 struct ieee80211com *ic = &sc->sc_ic; 7865 struct iwm_scan_config *scan_config; 7866 int err, nchan; 7867 size_t cmd_size; 7868 struct ieee80211_channel *c; 7869 struct iwm_host_cmd hcmd = { 7870 .id = iwm_cmd_id(IWM_SCAN_CFG_CMD, IWM_LONG_GROUP, 0), 7871 .flags = 0, 7872 }; 7873 static const uint32_t rates = (IWM_SCAN_CONFIG_RATE_1M | 7874 IWM_SCAN_CONFIG_RATE_2M | IWM_SCAN_CONFIG_RATE_5M | 7875 IWM_SCAN_CONFIG_RATE_11M | IWM_SCAN_CONFIG_RATE_6M | 7876 IWM_SCAN_CONFIG_RATE_9M | IWM_SCAN_CONFIG_RATE_12M | 7877 IWM_SCAN_CONFIG_RATE_18M | IWM_SCAN_CONFIG_RATE_24M | 7878 IWM_SCAN_CONFIG_RATE_36M | IWM_SCAN_CONFIG_RATE_48M | 7879 IWM_SCAN_CONFIG_RATE_54M); 7880 7881 cmd_size = sizeof(*scan_config) + sc->sc_capa_n_scan_channels; 7882 7883 scan_config = malloc(cmd_size, M_DEVBUF, M_WAIT | M_CANFAIL | M_ZERO); 7884 if (scan_config == NULL) 7885 return ENOMEM; 7886 7887 scan_config->tx_chains = htole32(iwm_fw_valid_tx_ant(sc)); 7888 scan_config->rx_chains = htole32(iwm_fw_valid_rx_ant(sc)); 7889 scan_config->legacy_rates = htole32(rates | 7890 IWM_SCAN_CONFIG_SUPPORTED_RATE(rates)); 7891 7892 /* These timings correspond to iwlwifi's UNASSOC scan. */ 7893 scan_config->dwell_active = 10; 7894 scan_config->dwell_passive = 110; 7895 scan_config->dwell_fragmented = 44; 7896 scan_config->dwell_extended = 90; 7897 scan_config->out_of_channel_time = htole32(0); 7898 scan_config->suspend_time = htole32(0); 7899 7900 IEEE80211_ADDR_COPY(scan_config->mac_addr, sc->sc_ic.ic_myaddr); 7901 7902 scan_config->bcast_sta_id = IWM_AUX_STA_ID; 7903 scan_config->channel_flags = 0; 7904 7905 for (c = &ic->ic_channels[1], nchan = 0; 7906 c <= &ic->ic_channels[IEEE80211_CHAN_MAX] && 7907 nchan < sc->sc_capa_n_scan_channels; c++) { 7908 if (c->ic_flags == 0) 7909 continue; 7910 scan_config->channel_array[nchan++] = 7911 ieee80211_mhz2ieee(c->ic_freq, 0); 7912 } 7913 7914 scan_config->flags = htole32(IWM_SCAN_CONFIG_FLAG_ACTIVATE | 7915 IWM_SCAN_CONFIG_FLAG_ALLOW_CHUB_REQS | 7916 IWM_SCAN_CONFIG_FLAG_SET_TX_CHAINS | 7917 IWM_SCAN_CONFIG_FLAG_SET_RX_CHAINS | 7918 IWM_SCAN_CONFIG_FLAG_SET_AUX_STA_ID | 7919 IWM_SCAN_CONFIG_FLAG_SET_ALL_TIMES | 7920 IWM_SCAN_CONFIG_FLAG_SET_LEGACY_RATES | 7921 IWM_SCAN_CONFIG_FLAG_SET_MAC_ADDR | 7922 IWM_SCAN_CONFIG_FLAG_SET_CHANNEL_FLAGS| 7923 IWM_SCAN_CONFIG_N_CHANNELS(nchan) | 7924 IWM_SCAN_CONFIG_FLAG_CLEAR_FRAGMENTED); 7925 7926 hcmd.data[0] = scan_config; 7927 hcmd.len[0] = cmd_size; 7928 7929 err = iwm_send_cmd(sc, &hcmd); 7930 free(scan_config, M_DEVBUF, cmd_size); 7931 return err; 7932} 7933 7934int 7935iwm_umac_scan_size(struct iwm_softc *sc) 7936{ 7937 int base_size = IWM_SCAN_REQ_UMAC_SIZE_V1; 7938 int tail_size; 7939 7940 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_ADAPTIVE_DWELL_V2)) 7941 base_size = IWM_SCAN_REQ_UMAC_SIZE_V8; 7942 else if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_ADAPTIVE_DWELL)) 7943 base_size = IWM_SCAN_REQ_UMAC_SIZE_V7; 7944 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_SCAN_EXT_CHAN_VER)) 7945 tail_size = sizeof(struct iwm_scan_req_umac_tail_v2); 7946 else 7947 tail_size = sizeof(struct iwm_scan_req_umac_tail_v1); 7948 7949 return base_size + sizeof(struct iwm_scan_channel_cfg_umac) * 7950 sc->sc_capa_n_scan_channels + tail_size; 7951} 7952 7953struct iwm_scan_umac_chan_param * 7954iwm_get_scan_req_umac_chan_param(struct iwm_softc *sc, 7955 struct iwm_scan_req_umac *req) 7956{ 7957 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_ADAPTIVE_DWELL_V2)) 7958 return &req->v8.channel; 7959 7960 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_ADAPTIVE_DWELL)) 7961 return &req->v7.channel; 7962 7963 return &req->v1.channel; 7964} 7965 7966void * 7967iwm_get_scan_req_umac_data(struct iwm_softc *sc, struct iwm_scan_req_umac *req) 7968{ 7969 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_ADAPTIVE_DWELL_V2)) 7970 return (void *)&req->v8.data; 7971 7972 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_ADAPTIVE_DWELL)) 7973 return (void *)&req->v7.data; 7974 7975 return (void *)&req->v1.data; 7976 7977} 7978 7979/* adaptive dwell max budget time [TU] for full scan */ 7980#define IWM_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN 300 7981/* adaptive dwell max budget time [TU] for directed scan */ 7982#define IWM_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN 100 7983/* adaptive dwell default high band APs number */ 7984#define IWM_SCAN_ADWELL_DEFAULT_HB_N_APS 8 7985/* adaptive dwell default low band APs number */ 7986#define IWM_SCAN_ADWELL_DEFAULT_LB_N_APS 2 7987/* adaptive dwell default APs number in social channels (1, 6, 11) */ 7988#define IWM_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL 10 7989 7990int 7991iwm_umac_scan(struct iwm_softc *sc, int bgscan) 7992{ 7993 struct ieee80211com *ic = &sc->sc_ic; 7994 struct iwm_host_cmd hcmd = { 7995 .id = iwm_cmd_id(IWM_SCAN_REQ_UMAC, IWM_LONG_GROUP, 0), 7996 .len = { 0, }, 7997 .data = { NULL, }, 7998 .flags = 0, 7999 }; 8000 struct iwm_scan_req_umac *req; 8001 void *cmd_data, *tail_data; 8002 struct iwm_scan_req_umac_tail_v2 *tail; 8003 struct iwm_scan_req_umac_tail_v1 *tailv1; 8004 struct iwm_scan_umac_chan_param *chanparam; 8005 size_t req_len; 8006 int err, async = bgscan; 8007 8008 req_len = iwm_umac_scan_size(sc); 8009 if ((req_len < IWM_SCAN_REQ_UMAC_SIZE_V1 + 8010 sizeof(struct iwm_scan_req_umac_tail_v1)) || 8011 req_len > IWM_MAX_CMD_PAYLOAD_SIZE) 8012 return ERANGE; 8013 req = malloc(req_len, M_DEVBUF, 8014 (async ? M_NOWAIT : M_WAIT) | M_CANFAIL | M_ZERO); 8015 if (req == NULL) 8016 return ENOMEM; 8017 8018 hcmd.len[0] = (uint16_t)req_len; 8019 hcmd.data[0] = (void *)req; 8020 hcmd.flags |= async ? IWM_CMD_ASYNC : 0; 8021 8022 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_ADAPTIVE_DWELL)) { 8023 req->v7.adwell_default_n_aps_social = 8024 IWM_SCAN_ADWELL_DEFAULT_N_APS_SOCIAL; 8025 req->v7.adwell_default_n_aps = 8026 IWM_SCAN_ADWELL_DEFAULT_LB_N_APS; 8027 8028 if (ic->ic_des_esslen != 0) 8029 req->v7.adwell_max_budget = 8030 htole16(IWM_SCAN_ADWELL_MAX_BUDGET_DIRECTED_SCAN); 8031 else 8032 req->v7.adwell_max_budget = 8033 htole16(IWM_SCAN_ADWELL_MAX_BUDGET_FULL_SCAN); 8034 8035 req->v7.scan_priority = htole32(IWM_SCAN_PRIORITY_HIGH); 8036 req->v7.max_out_time[IWM_SCAN_LB_LMAC_IDX] = 0; 8037 req->v7.suspend_time[IWM_SCAN_LB_LMAC_IDX] = 0; 8038 8039 if (isset(sc->sc_ucode_api, 8040 IWM_UCODE_TLV_API_ADAPTIVE_DWELL_V2)) { 8041 req->v8.active_dwell[IWM_SCAN_LB_LMAC_IDX] = 10; 8042 req->v8.passive_dwell[IWM_SCAN_LB_LMAC_IDX] = 110; 8043 } else { 8044 req->v7.active_dwell = 10; 8045 req->v7.passive_dwell = 110; 8046 req->v7.fragmented_dwell = 44; 8047 } 8048 } else { 8049 /* These timings correspond to iwlwifi's UNASSOC scan. */ 8050 req->v1.active_dwell = 10; 8051 req->v1.passive_dwell = 110; 8052 req->v1.fragmented_dwell = 44; 8053 req->v1.extended_dwell = 90; 8054 8055 req->v1.scan_priority = htole32(IWM_SCAN_PRIORITY_HIGH); 8056 } 8057 8058 if (bgscan) { 8059 const uint32_t timeout = htole32(120); 8060 if (isset(sc->sc_ucode_api, 8061 IWM_UCODE_TLV_API_ADAPTIVE_DWELL_V2)) { 8062 req->v8.max_out_time[IWM_SCAN_LB_LMAC_IDX] = timeout; 8063 req->v8.suspend_time[IWM_SCAN_LB_LMAC_IDX] = timeout; 8064 } else if (isset(sc->sc_ucode_api, 8065 IWM_UCODE_TLV_API_ADAPTIVE_DWELL)) { 8066 req->v7.max_out_time[IWM_SCAN_LB_LMAC_IDX] = timeout; 8067 req->v7.suspend_time[IWM_SCAN_LB_LMAC_IDX] = timeout; 8068 } else { 8069 req->v1.max_out_time = timeout; 8070 req->v1.suspend_time = timeout; 8071 } 8072 } 8073 8074 req->ooc_priority = htole32(IWM_SCAN_PRIORITY_HIGH); 8075 8076 cmd_data = iwm_get_scan_req_umac_data(sc, req); 8077 chanparam = iwm_get_scan_req_umac_chan_param(sc, req); 8078 chanparam->count = iwm_umac_scan_fill_channels(sc, 8079 (struct iwm_scan_channel_cfg_umac *)cmd_data, 8080 ic->ic_des_esslen != 0, bgscan); 8081 chanparam->flags = 0; 8082 8083 tail_data = cmd_data + sizeof(struct iwm_scan_channel_cfg_umac) * 8084 sc->sc_capa_n_scan_channels; 8085 tail = tail_data; 8086 /* tail v1 layout differs in preq and direct_scan member fields. */ 8087 tailv1 = tail_data; 8088 8089 req->general_flags = htole32(IWM_UMAC_SCAN_GEN_FLAGS_PASS_ALL | 8090 IWM_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE); 8091 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_ADAPTIVE_DWELL_V2)) { 8092 req->v8.general_flags2 = 8093 IWM_UMAC_SCAN_GEN_FLAGS2_ALLOW_CHNL_REORDER; 8094 } 8095 8096 if (ic->ic_des_esslen != 0) { 8097 if (isset(sc->sc_ucode_api, 8098 IWM_UCODE_TLV_API_SCAN_EXT_CHAN_VER)) { 8099 tail->direct_scan[0].id = IEEE80211_ELEMID_SSID; 8100 tail->direct_scan[0].len = ic->ic_des_esslen; 8101 memcpy(tail->direct_scan[0].ssid, ic->ic_des_essid, 8102 ic->ic_des_esslen); 8103 } else { 8104 tailv1->direct_scan[0].id = IEEE80211_ELEMID_SSID; 8105 tailv1->direct_scan[0].len = ic->ic_des_esslen; 8106 memcpy(tailv1->direct_scan[0].ssid, ic->ic_des_essid, 8107 ic->ic_des_esslen); 8108 } 8109 req->general_flags |= 8110 htole32(IWM_UMAC_SCAN_GEN_FLAGS_PRE_CONNECT); 8111 } else 8112 req->general_flags |= htole32(IWM_UMAC_SCAN_GEN_FLAGS_PASSIVE); 8113 8114 if (isset(sc->sc_enabled_capa, 8115 IWM_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT) && 8116 isset(sc->sc_enabled_capa, 8117 IWM_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT)) 8118 req->general_flags |= 8119 htole32(IWM_UMAC_SCAN_GEN_FLAGS_RRM_ENABLED); 8120 8121 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_ADAPTIVE_DWELL)) { 8122 req->general_flags |= 8123 htole32(IWM_UMAC_SCAN_GEN_FLAGS_ADAPTIVE_DWELL); 8124 } else { 8125 req->general_flags |= 8126 htole32(IWM_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL); 8127 } 8128 8129 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_SCAN_EXT_CHAN_VER)) 8130 err = iwm_fill_probe_req(sc, &tail->preq); 8131 else 8132 err = iwm_fill_probe_req_v1(sc, &tailv1->preq); 8133 if (err) { 8134 free(req, M_DEVBUF, req_len); 8135 return err; 8136 } 8137 8138 /* Specify the scan plan: We'll do one iteration. */ 8139 tail->schedule[0].interval = 0; 8140 tail->schedule[0].iter_count = 1; 8141 8142 err = iwm_send_cmd(sc, &hcmd); 8143 free(req, M_DEVBUF, req_len); 8144 return err; 8145} 8146 8147void 8148iwm_mcc_update(struct iwm_softc *sc, struct iwm_mcc_chub_notif *notif) 8149{ 8150 struct ieee80211com *ic = &sc->sc_ic; 8151 struct ifnet *ifp = IC2IFP(ic); 8152 char alpha2[3]; 8153 8154 snprintf(alpha2, sizeof(alpha2), "%c%c", 8155 (le16toh(notif->mcc) & 0xff00) >> 8, le16toh(notif->mcc) & 0xff); 8156 8157 if (ifp->if_flags & IFF_DEBUG) { 8158 printf("%s: firmware has detected regulatory domain '%s' " 8159 "(0x%x)\n", DEVNAME(sc), alpha2, le16toh(notif->mcc)); 8160 } 8161 8162 /* TODO: Schedule a task to send MCC_UPDATE_CMD? */ 8163} 8164 8165uint8_t 8166iwm_ridx2rate(struct ieee80211_rateset *rs, int ridx) 8167{ 8168 int i; 8169 uint8_t rval; 8170 8171 for (i = 0; i < rs->rs_nrates; i++) { 8172 rval = (rs->rs_rates[i] & IEEE80211_RATE_VAL); 8173 if (rval == iwm_rates[ridx].rate) 8174 return rs->rs_rates[i]; 8175 } 8176 8177 return 0; 8178} 8179 8180int 8181iwm_rval2ridx(int rval) 8182{ 8183 int ridx; 8184 8185 for (ridx = 0; ridx < nitems(iwm_rates); ridx++) { 8186 if (iwm_rates[ridx].plcp == IWM_RATE_INVM_PLCP) 8187 continue; 8188 if (rval == iwm_rates[ridx].rate) 8189 break; 8190 } 8191 8192 return ridx; 8193} 8194 8195void 8196iwm_ack_rates(struct iwm_softc *sc, struct iwm_node *in, int *cck_rates, 8197 int *ofdm_rates) 8198{ 8199 struct ieee80211_node *ni = &in->in_ni; 8200 struct ieee80211_rateset *rs = &ni->ni_rates; 8201 int lowest_present_ofdm = -1; 8202 int lowest_present_cck = -1; 8203 uint8_t cck = 0; 8204 uint8_t ofdm = 0; 8205 int i; 8206 8207 if (ni->ni_chan == IEEE80211_CHAN_ANYC || 8208 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) { 8209 for (i = IWM_FIRST_CCK_RATE; i < IWM_FIRST_OFDM_RATE; i++) { 8210 if ((iwm_ridx2rate(rs, i) & IEEE80211_RATE_BASIC) == 0) 8211 continue; 8212 cck |= (1 << i); 8213 if (lowest_present_cck == -1 || lowest_present_cck > i) 8214 lowest_present_cck = i; 8215 } 8216 } 8217 for (i = IWM_FIRST_OFDM_RATE; i <= IWM_LAST_NON_HT_RATE; i++) { 8218 if ((iwm_ridx2rate(rs, i) & IEEE80211_RATE_BASIC) == 0) 8219 continue; 8220 ofdm |= (1 << (i - IWM_FIRST_OFDM_RATE)); 8221 if (lowest_present_ofdm == -1 || lowest_present_ofdm > i) 8222 lowest_present_ofdm = i; 8223 } 8224 8225 /* 8226 * Now we've got the basic rates as bitmaps in the ofdm and cck 8227 * variables. This isn't sufficient though, as there might not 8228 * be all the right rates in the bitmap. E.g. if the only basic 8229 * rates are 5.5 Mbps and 11 Mbps, we still need to add 1 Mbps 8230 * and 6 Mbps because the 802.11-2007 standard says in 9.6: 8231 * 8232 * [...] a STA responding to a received frame shall transmit 8233 * its Control Response frame [...] at the highest rate in the 8234 * BSSBasicRateSet parameter that is less than or equal to the 8235 * rate of the immediately previous frame in the frame exchange 8236 * sequence ([...]) and that is of the same modulation class 8237 * ([...]) as the received frame. If no rate contained in the 8238 * BSSBasicRateSet parameter meets these conditions, then the 8239 * control frame sent in response to a received frame shall be 8240 * transmitted at the highest mandatory rate of the PHY that is 8241 * less than or equal to the rate of the received frame, and 8242 * that is of the same modulation class as the received frame. 8243 * 8244 * As a consequence, we need to add all mandatory rates that are 8245 * lower than all of the basic rates to these bitmaps. 8246 */ 8247 8248 if (IWM_RATE_24M_INDEX < lowest_present_ofdm) 8249 ofdm |= IWM_RATE_BIT_MSK(24) >> IWM_FIRST_OFDM_RATE; 8250 if (IWM_RATE_12M_INDEX < lowest_present_ofdm) 8251 ofdm |= IWM_RATE_BIT_MSK(12) >> IWM_FIRST_OFDM_RATE; 8252 /* 6M already there or needed so always add */ 8253 ofdm |= IWM_RATE_BIT_MSK(6) >> IWM_FIRST_OFDM_RATE; 8254 8255 /* 8256 * CCK is a bit more complex with DSSS vs. HR/DSSS vs. ERP. 8257 * Note, however: 8258 * - if no CCK rates are basic, it must be ERP since there must 8259 * be some basic rates at all, so they're OFDM => ERP PHY 8260 * (or we're in 5 GHz, and the cck bitmap will never be used) 8261 * - if 11M is a basic rate, it must be ERP as well, so add 5.5M 8262 * - if 5.5M is basic, 1M and 2M are mandatory 8263 * - if 2M is basic, 1M is mandatory 8264 * - if 1M is basic, that's the only valid ACK rate. 8265 * As a consequence, it's not as complicated as it sounds, just add 8266 * any lower rates to the ACK rate bitmap. 8267 */ 8268 if (IWM_RATE_11M_INDEX < lowest_present_cck) 8269 cck |= IWM_RATE_BIT_MSK(11) >> IWM_FIRST_CCK_RATE; 8270 if (IWM_RATE_5M_INDEX < lowest_present_cck) 8271 cck |= IWM_RATE_BIT_MSK(5) >> IWM_FIRST_CCK_RATE; 8272 if (IWM_RATE_2M_INDEX < lowest_present_cck) 8273 cck |= IWM_RATE_BIT_MSK(2) >> IWM_FIRST_CCK_RATE; 8274 /* 1M already there or needed so always add */ 8275 cck |= IWM_RATE_BIT_MSK(1) >> IWM_FIRST_CCK_RATE; 8276 8277 *cck_rates = cck; 8278 *ofdm_rates = ofdm; 8279} 8280 8281void 8282iwm_mac_ctxt_cmd_common(struct iwm_softc *sc, struct iwm_node *in, 8283 struct iwm_mac_ctx_cmd *cmd, uint32_t action) 8284{ 8285#define IWM_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */ 8286 struct ieee80211com *ic = &sc->sc_ic; 8287 struct ieee80211_node *ni = ic->ic_bss; 8288 int cck_ack_rates, ofdm_ack_rates; 8289 int i; 8290 8291 cmd->id_and_color = htole32(IWM_FW_CMD_ID_AND_COLOR(in->in_id, 8292 in->in_color)); 8293 cmd->action = htole32(action); 8294 8295 if (ic->ic_opmode == IEEE80211_M_MONITOR) 8296 cmd->mac_type = htole32(IWM_FW_MAC_TYPE_LISTENER); 8297 else if (ic->ic_opmode == IEEE80211_M_STA) 8298 cmd->mac_type = htole32(IWM_FW_MAC_TYPE_BSS_STA); 8299 else 8300 panic("unsupported operating mode %d", ic->ic_opmode); 8301 cmd->tsf_id = htole32(IWM_TSF_ID_A); 8302 8303 IEEE80211_ADDR_COPY(cmd->node_addr, ic->ic_myaddr); 8304 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 8305 IEEE80211_ADDR_COPY(cmd->bssid_addr, etherbroadcastaddr); 8306 return; 8307 } 8308 8309 IEEE80211_ADDR_COPY(cmd->bssid_addr, in->in_macaddr); 8310 iwm_ack_rates(sc, in, &cck_ack_rates, &ofdm_ack_rates); 8311 cmd->cck_rates = htole32(cck_ack_rates); 8312 cmd->ofdm_rates = htole32(ofdm_ack_rates); 8313 8314 cmd->cck_short_preamble 8315 = htole32((ic->ic_flags & IEEE80211_F_SHPREAMBLE) 8316 ? IWM_MAC_FLG_SHORT_PREAMBLE : 0); 8317 cmd->short_slot 8318 = htole32((ic->ic_flags & IEEE80211_F_SHSLOT) 8319 ? IWM_MAC_FLG_SHORT_SLOT : 0); 8320 8321 for (i = 0; i < EDCA_NUM_AC; i++) { 8322 struct ieee80211_edca_ac_params *ac = &ic->ic_edca_ac[i]; 8323 int txf = iwm_ac_to_tx_fifo[i]; 8324 8325 cmd->ac[txf].cw_min = htole16(IWM_EXP2(ac->ac_ecwmin)); 8326 cmd->ac[txf].cw_max = htole16(IWM_EXP2(ac->ac_ecwmax)); 8327 cmd->ac[txf].aifsn = ac->ac_aifsn; 8328 cmd->ac[txf].fifos_mask = (1 << txf); 8329 cmd->ac[txf].edca_txop = htole16(ac->ac_txoplimit * 32); 8330 } 8331 if (ni->ni_flags & IEEE80211_NODE_QOS) 8332 cmd->qos_flags |= htole32(IWM_MAC_QOS_FLG_UPDATE_EDCA); 8333 8334 if (ni->ni_flags & IEEE80211_NODE_HT) { 8335 enum ieee80211_htprot htprot = 8336 (ni->ni_htop1 & IEEE80211_HTOP1_PROT_MASK); 8337 switch (htprot) { 8338 case IEEE80211_HTPROT_NONE: 8339 break; 8340 case IEEE80211_HTPROT_NONMEMBER: 8341 case IEEE80211_HTPROT_NONHT_MIXED: 8342 cmd->protection_flags |= 8343 htole32(IWM_MAC_PROT_FLG_HT_PROT | 8344 IWM_MAC_PROT_FLG_FAT_PROT); 8345 break; 8346 case IEEE80211_HTPROT_20MHZ: 8347 if (in->in_phyctxt && 8348 (in->in_phyctxt->sco == IEEE80211_HTOP0_SCO_SCA || 8349 in->in_phyctxt->sco == IEEE80211_HTOP0_SCO_SCB)) { 8350 cmd->protection_flags |= 8351 htole32(IWM_MAC_PROT_FLG_HT_PROT | 8352 IWM_MAC_PROT_FLG_FAT_PROT); 8353 } 8354 break; 8355 default: 8356 break; 8357 } 8358 8359 cmd->qos_flags |= htole32(IWM_MAC_QOS_FLG_TGN); 8360 } 8361 if (ic->ic_flags & IEEE80211_F_USEPROT) 8362 cmd->protection_flags |= htole32(IWM_MAC_PROT_FLG_TGG_PROTECT); 8363 8364 cmd->filter_flags = htole32(IWM_MAC_FILTER_ACCEPT_GRP); 8365#undef IWM_EXP2 8366} 8367 8368void 8369iwm_mac_ctxt_cmd_fill_sta(struct iwm_softc *sc, struct iwm_node *in, 8370 struct iwm_mac_data_sta *sta, int assoc) 8371{ 8372 struct ieee80211_node *ni = &in->in_ni; 8373 uint32_t dtim_off; 8374 uint64_t tsf; 8375 8376 dtim_off = ni->ni_dtimcount * ni->ni_intval * IEEE80211_DUR_TU; 8377 memcpy(&tsf, ni->ni_tstamp, sizeof(tsf)); 8378 tsf = letoh64(tsf); 8379 8380 sta->is_assoc = htole32(assoc); 8381 sta->dtim_time = htole32(ni->ni_rstamp + dtim_off); 8382 sta->dtim_tsf = htole64(tsf + dtim_off); 8383 sta->bi = htole32(ni->ni_intval); 8384 sta->bi_reciprocal = htole32(iwm_reciprocal(ni->ni_intval)); 8385 sta->dtim_interval = htole32(ni->ni_intval * ni->ni_dtimperiod); 8386 sta->dtim_reciprocal = htole32(iwm_reciprocal(sta->dtim_interval)); 8387 sta->listen_interval = htole32(10); 8388 sta->assoc_id = htole32(ni->ni_associd); 8389 sta->assoc_beacon_arrive_time = htole32(ni->ni_rstamp); 8390} 8391 8392int 8393iwm_mac_ctxt_cmd(struct iwm_softc *sc, struct iwm_node *in, uint32_t action, 8394 int assoc) 8395{ 8396 struct ieee80211com *ic = &sc->sc_ic; 8397 struct ieee80211_node *ni = &in->in_ni; 8398 struct iwm_mac_ctx_cmd cmd; 8399 int active = (sc->sc_flags & IWM_FLAG_MAC_ACTIVE); 8400 8401 if (action == IWM_FW_CTXT_ACTION_ADD && active) 8402 panic("MAC already added"); 8403 if (action == IWM_FW_CTXT_ACTION_REMOVE && !active) 8404 panic("MAC already removed"); 8405 8406 memset(&cmd, 0, sizeof(cmd)); 8407 8408 iwm_mac_ctxt_cmd_common(sc, in, &cmd, action); 8409 8410 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 8411 cmd.filter_flags |= htole32(IWM_MAC_FILTER_IN_PROMISC | 8412 IWM_MAC_FILTER_IN_CONTROL_AND_MGMT | 8413 IWM_MAC_FILTER_ACCEPT_GRP | 8414 IWM_MAC_FILTER_IN_BEACON | 8415 IWM_MAC_FILTER_IN_PROBE_REQUEST | 8416 IWM_MAC_FILTER_IN_CRC32); 8417 } else if (!assoc || !ni->ni_associd || !ni->ni_dtimperiod) 8418 /* 8419 * Allow beacons to pass through as long as we are not 8420 * associated or we do not have dtim period information. 8421 */ 8422 cmd.filter_flags |= htole32(IWM_MAC_FILTER_IN_BEACON); 8423 else 8424 iwm_mac_ctxt_cmd_fill_sta(sc, in, &cmd.sta, assoc); 8425 8426 return iwm_send_cmd_pdu(sc, IWM_MAC_CONTEXT_CMD, 0, sizeof(cmd), &cmd); 8427} 8428 8429int 8430iwm_update_quotas(struct iwm_softc *sc, struct iwm_node *in, int running) 8431{ 8432 struct iwm_time_quota_cmd_v1 cmd; 8433 int i, idx, num_active_macs, quota, quota_rem; 8434 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, }; 8435 int n_ifs[IWM_MAX_BINDINGS] = {0, }; 8436 uint16_t id; 8437 8438 memset(&cmd, 0, sizeof(cmd)); 8439 8440 /* currently, PHY ID == binding ID */ 8441 if (in && in->in_phyctxt) { 8442 id = in->in_phyctxt->id; 8443 KASSERT(id < IWM_MAX_BINDINGS); 8444 colors[id] = in->in_phyctxt->color; 8445 if (running) 8446 n_ifs[id] = 1; 8447 } 8448 8449 /* 8450 * The FW's scheduling session consists of 8451 * IWM_MAX_QUOTA fragments. Divide these fragments 8452 * equally between all the bindings that require quota 8453 */ 8454 num_active_macs = 0; 8455 for (i = 0; i < IWM_MAX_BINDINGS; i++) { 8456 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID); 8457 num_active_macs += n_ifs[i]; 8458 } 8459 8460 quota = 0; 8461 quota_rem = 0; 8462 if (num_active_macs) { 8463 quota = IWM_MAX_QUOTA / num_active_macs; 8464 quota_rem = IWM_MAX_QUOTA % num_active_macs; 8465 } 8466 8467 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) { 8468 if (colors[i] < 0) 8469 continue; 8470 8471 cmd.quotas[idx].id_and_color = 8472 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i])); 8473 8474 if (n_ifs[i] <= 0) { 8475 cmd.quotas[idx].quota = htole32(0); 8476 cmd.quotas[idx].max_duration = htole32(0); 8477 } else { 8478 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]); 8479 cmd.quotas[idx].max_duration = htole32(0); 8480 } 8481 idx++; 8482 } 8483 8484 /* Give the remainder of the session to the first binding */ 8485 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem); 8486 8487 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_QUOTA_LOW_LATENCY)) { 8488 struct iwm_time_quota_cmd cmd_v2; 8489 8490 memset(&cmd_v2, 0, sizeof(cmd_v2)); 8491 for (i = 0; i < IWM_MAX_BINDINGS; i++) { 8492 cmd_v2.quotas[i].id_and_color = 8493 cmd.quotas[i].id_and_color; 8494 cmd_v2.quotas[i].quota = cmd.quotas[i].quota; 8495 cmd_v2.quotas[i].max_duration = 8496 cmd.quotas[i].max_duration; 8497 } 8498 return iwm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, 0, 8499 sizeof(cmd_v2), &cmd_v2); 8500 } 8501 8502 return iwm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, 0, sizeof(cmd), &cmd); 8503} 8504 8505void 8506iwm_add_task(struct iwm_softc *sc, struct taskq *taskq, struct task *task) 8507{ 8508 int s = splnet(); 8509 8510 if (sc->sc_flags & IWM_FLAG_SHUTDOWN) { 8511 splx(s); 8512 return; 8513 } 8514 8515 refcnt_take(&sc->task_refs); 8516 if (!task_add(taskq, task)) 8517 refcnt_rele_wake(&sc->task_refs); 8518 splx(s); 8519} 8520 8521void 8522iwm_del_task(struct iwm_softc *sc, struct taskq *taskq, struct task *task) 8523{ 8524 if (task_del(taskq, task)) 8525 refcnt_rele(&sc->task_refs); 8526} 8527 8528int 8529iwm_scan(struct iwm_softc *sc) 8530{ 8531 struct ieee80211com *ic = &sc->sc_ic; 8532 struct ifnet *ifp = IC2IFP(ic); 8533 int err; 8534 8535 if (sc->sc_flags & IWM_FLAG_BGSCAN) { 8536 err = iwm_scan_abort(sc); 8537 if (err) { 8538 printf("%s: could not abort background scan\n", 8539 DEVNAME(sc)); 8540 return err; 8541 } 8542 } 8543 8544 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) 8545 err = iwm_umac_scan(sc, 0); 8546 else 8547 err = iwm_lmac_scan(sc, 0); 8548 if (err) { 8549 printf("%s: could not initiate scan\n", DEVNAME(sc)); 8550 return err; 8551 } 8552 8553 /* 8554 * The current mode might have been fixed during association. 8555 * Ensure all channels get scanned. 8556 */ 8557 if (IFM_SUBTYPE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO) 8558 ieee80211_setmode(ic, IEEE80211_MODE_AUTO); 8559 8560 sc->sc_flags |= IWM_FLAG_SCANNING; 8561 if (ifp->if_flags & IFF_DEBUG) 8562 printf("%s: %s -> %s\n", ifp->if_xname, 8563 ieee80211_state_name[ic->ic_state], 8564 ieee80211_state_name[IEEE80211_S_SCAN]); 8565 if ((sc->sc_flags & IWM_FLAG_BGSCAN) == 0) { 8566 ieee80211_set_link_state(ic, LINK_STATE_DOWN); 8567 ieee80211_node_cleanup(ic, ic->ic_bss); 8568 } 8569 ic->ic_state = IEEE80211_S_SCAN; 8570 iwm_led_blink_start(sc); 8571 wakeup(&ic->ic_state); /* wake iwm_init() */ 8572 8573 return 0; 8574} 8575 8576int 8577iwm_bgscan(struct ieee80211com *ic) 8578{ 8579 struct iwm_softc *sc = IC2IFP(ic)->if_softc; 8580 int err; 8581 8582 if (sc->sc_flags & IWM_FLAG_SCANNING) 8583 return 0; 8584 8585 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) 8586 err = iwm_umac_scan(sc, 1); 8587 else 8588 err = iwm_lmac_scan(sc, 1); 8589 if (err) { 8590 printf("%s: could not initiate scan\n", DEVNAME(sc)); 8591 return err; 8592 } 8593 8594 sc->sc_flags |= IWM_FLAG_BGSCAN; 8595 return 0; 8596} 8597 8598void 8599iwm_bgscan_done(struct ieee80211com *ic, 8600 struct ieee80211_node_switch_bss_arg *arg, size_t arg_size) 8601{ 8602 struct iwm_softc *sc = ic->ic_softc; 8603 8604 free(sc->bgscan_unref_arg, M_DEVBUF, sc->bgscan_unref_arg_size); 8605 sc->bgscan_unref_arg = arg; 8606 sc->bgscan_unref_arg_size = arg_size; 8607 iwm_add_task(sc, systq, &sc->bgscan_done_task); 8608} 8609 8610void 8611iwm_bgscan_done_task(void *arg) 8612{ 8613 struct iwm_softc *sc = arg; 8614 struct ieee80211com *ic = &sc->sc_ic; 8615 struct iwm_node *in = (void *)ic->ic_bss; 8616 struct ieee80211_node *ni = &in->in_ni; 8617 int tid, err = 0, s = splnet(); 8618 8619 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) || 8620 (ic->ic_flags & IEEE80211_F_BGSCAN) == 0 || 8621 ic->ic_state != IEEE80211_S_RUN) { 8622 err = ENXIO; 8623 goto done; 8624 } 8625 8626 for (tid = 0; tid < IWM_MAX_TID_COUNT; tid++) { 8627 int qid = IWM_FIRST_AGG_TX_QUEUE + tid; 8628 8629 if ((sc->tx_ba_queue_mask & (1 << qid)) == 0) 8630 continue; 8631 8632 err = iwm_sta_tx_agg(sc, ni, tid, 0, 0, 0); 8633 if (err) 8634 goto done; 8635 err = iwm_disable_txq(sc, IWM_STATION_ID, qid, tid); 8636 if (err) 8637 goto done; 8638 in->tfd_queue_msk &= ~(1 << qid); 8639#if 0 /* disabled for now; we are going to DEAUTH soon anyway */ 8640 IEEE80211_SEND_ACTION(ic, ni, IEEE80211_CATEG_BA, 8641 IEEE80211_ACTION_DELBA, 8642 IEEE80211_REASON_AUTH_LEAVE << 16 | 8643 IEEE80211_FC1_DIR_TODS << 8 | tid); 8644#endif 8645 ieee80211_node_tx_ba_clear(ni, tid); 8646 } 8647 8648 err = iwm_flush_sta(sc, in); 8649 if (err) 8650 goto done; 8651 8652 /* 8653 * Tx queues have been flushed and Tx agg has been stopped. 8654 * Allow roaming to proceed. 8655 */ 8656 ni->ni_unref_arg = sc->bgscan_unref_arg; 8657 ni->ni_unref_arg_size = sc->bgscan_unref_arg_size; 8658 sc->bgscan_unref_arg = NULL; 8659 sc->bgscan_unref_arg_size = 0; 8660 ieee80211_node_tx_stopped(ic, &in->in_ni); 8661done: 8662 if (err) { 8663 free(sc->bgscan_unref_arg, M_DEVBUF, sc->bgscan_unref_arg_size); 8664 sc->bgscan_unref_arg = NULL; 8665 sc->bgscan_unref_arg_size = 0; 8666 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) == 0) 8667 task_add(systq, &sc->init_task); 8668 } 8669 refcnt_rele_wake(&sc->task_refs); 8670 splx(s); 8671} 8672 8673int 8674iwm_umac_scan_abort(struct iwm_softc *sc) 8675{ 8676 struct iwm_umac_scan_abort cmd = { 0 }; 8677 8678 return iwm_send_cmd_pdu(sc, 8679 IWM_WIDE_ID(IWM_LONG_GROUP, IWM_SCAN_ABORT_UMAC), 8680 0, sizeof(cmd), &cmd); 8681} 8682 8683int 8684iwm_lmac_scan_abort(struct iwm_softc *sc) 8685{ 8686 struct iwm_host_cmd cmd = { 8687 .id = IWM_SCAN_OFFLOAD_ABORT_CMD, 8688 }; 8689 int err, status; 8690 8691 err = iwm_send_cmd_status(sc, &cmd, &status); 8692 if (err) 8693 return err; 8694 8695 if (status != IWM_CAN_ABORT_STATUS) { 8696 /* 8697 * The scan abort will return 1 for success or 8698 * 2 for "failure". A failure condition can be 8699 * due to simply not being in an active scan which 8700 * can occur if we send the scan abort before the 8701 * microcode has notified us that a scan is completed. 8702 */ 8703 return EBUSY; 8704 } 8705 8706 return 0; 8707} 8708 8709int 8710iwm_scan_abort(struct iwm_softc *sc) 8711{ 8712 int err; 8713 8714 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) 8715 err = iwm_umac_scan_abort(sc); 8716 else 8717 err = iwm_lmac_scan_abort(sc); 8718 8719 if (err == 0) 8720 sc->sc_flags &= ~(IWM_FLAG_SCANNING | IWM_FLAG_BGSCAN); 8721 return err; 8722} 8723 8724int 8725iwm_phy_ctxt_update(struct iwm_softc *sc, struct iwm_phy_ctxt *phyctxt, 8726 struct ieee80211_channel *chan, uint8_t chains_static, 8727 uint8_t chains_dynamic, uint32_t apply_time, uint8_t sco, 8728 uint8_t vht_chan_width) 8729{ 8730 uint16_t band_flags = (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_5GHZ); 8731 int err; 8732 8733 if (isset(sc->sc_enabled_capa, 8734 IWM_UCODE_TLV_CAPA_BINDING_CDB_SUPPORT) && 8735 (phyctxt->channel->ic_flags & band_flags) != 8736 (chan->ic_flags & band_flags)) { 8737 err = iwm_phy_ctxt_cmd(sc, phyctxt, chains_static, 8738 chains_dynamic, IWM_FW_CTXT_ACTION_REMOVE, apply_time, sco, 8739 vht_chan_width); 8740 if (err) { 8741 printf("%s: could not remove PHY context " 8742 "(error %d)\n", DEVNAME(sc), err); 8743 return err; 8744 } 8745 phyctxt->channel = chan; 8746 err = iwm_phy_ctxt_cmd(sc, phyctxt, chains_static, 8747 chains_dynamic, IWM_FW_CTXT_ACTION_ADD, apply_time, sco, 8748 vht_chan_width); 8749 if (err) { 8750 printf("%s: could not add PHY context " 8751 "(error %d)\n", DEVNAME(sc), err); 8752 return err; 8753 } 8754 } else { 8755 phyctxt->channel = chan; 8756 err = iwm_phy_ctxt_cmd(sc, phyctxt, chains_static, 8757 chains_dynamic, IWM_FW_CTXT_ACTION_MODIFY, apply_time, sco, 8758 vht_chan_width); 8759 if (err) { 8760 printf("%s: could not update PHY context (error %d)\n", 8761 DEVNAME(sc), err); 8762 return err; 8763 } 8764 } 8765 8766 phyctxt->sco = sco; 8767 phyctxt->vht_chan_width = vht_chan_width; 8768 return 0; 8769} 8770 8771int 8772iwm_auth(struct iwm_softc *sc) 8773{ 8774 struct ieee80211com *ic = &sc->sc_ic; 8775 struct iwm_node *in = (void *)ic->ic_bss; 8776 uint32_t duration; 8777 int generation = sc->sc_generation, err; 8778 8779 splassert(IPL_NET); 8780 8781 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 8782 err = iwm_phy_ctxt_update(sc, &sc->sc_phyctxt[0], 8783 ic->ic_ibss_chan, 1, 1, 0, IEEE80211_HTOP0_SCO_SCN, 8784 IEEE80211_VHTOP0_CHAN_WIDTH_HT); 8785 if (err) 8786 return err; 8787 } else { 8788 err = iwm_phy_ctxt_update(sc, &sc->sc_phyctxt[0], 8789 in->in_ni.ni_chan, 1, 1, 0, IEEE80211_HTOP0_SCO_SCN, 8790 IEEE80211_VHTOP0_CHAN_WIDTH_HT); 8791 if (err) 8792 return err; 8793 } 8794 in->in_phyctxt = &sc->sc_phyctxt[0]; 8795 IEEE80211_ADDR_COPY(in->in_macaddr, in->in_ni.ni_macaddr); 8796 iwm_setrates(in, 0); 8797 8798 err = iwm_mac_ctxt_cmd(sc, in, IWM_FW_CTXT_ACTION_ADD, 0); 8799 if (err) { 8800 printf("%s: could not add MAC context (error %d)\n", 8801 DEVNAME(sc), err); 8802 return err; 8803 } 8804 sc->sc_flags |= IWM_FLAG_MAC_ACTIVE; 8805 8806 err = iwm_binding_cmd(sc, in, IWM_FW_CTXT_ACTION_ADD); 8807 if (err) { 8808 printf("%s: could not add binding (error %d)\n", 8809 DEVNAME(sc), err); 8810 goto rm_mac_ctxt; 8811 } 8812 sc->sc_flags |= IWM_FLAG_BINDING_ACTIVE; 8813 8814 in->tid_disable_ampdu = 0xffff; 8815 err = iwm_add_sta_cmd(sc, in, 0); 8816 if (err) { 8817 printf("%s: could not add sta (error %d)\n", 8818 DEVNAME(sc), err); 8819 goto rm_binding; 8820 } 8821 sc->sc_flags |= IWM_FLAG_STA_ACTIVE; 8822 8823 if (ic->ic_opmode == IEEE80211_M_MONITOR) 8824 return 0; 8825 8826 /* 8827 * Prevent the FW from wandering off channel during association 8828 * by "protecting" the session with a time event. 8829 */ 8830 if (in->in_ni.ni_intval) 8831 duration = in->in_ni.ni_intval * 2; 8832 else 8833 duration = IEEE80211_DUR_TU; 8834 iwm_protect_session(sc, in, duration, in->in_ni.ni_intval / 2); 8835 8836 return 0; 8837 8838rm_binding: 8839 if (generation == sc->sc_generation) { 8840 iwm_binding_cmd(sc, in, IWM_FW_CTXT_ACTION_REMOVE); 8841 sc->sc_flags &= ~IWM_FLAG_BINDING_ACTIVE; 8842 } 8843rm_mac_ctxt: 8844 if (generation == sc->sc_generation) { 8845 iwm_mac_ctxt_cmd(sc, in, IWM_FW_CTXT_ACTION_REMOVE, 0); 8846 sc->sc_flags &= ~IWM_FLAG_MAC_ACTIVE; 8847 } 8848 return err; 8849} 8850 8851int 8852iwm_deauth(struct iwm_softc *sc) 8853{ 8854 struct ieee80211com *ic = &sc->sc_ic; 8855 struct iwm_node *in = (void *)ic->ic_bss; 8856 int err; 8857 8858 splassert(IPL_NET); 8859 8860 iwm_unprotect_session(sc, in); 8861 8862 if (sc->sc_flags & IWM_FLAG_STA_ACTIVE) { 8863 err = iwm_flush_sta(sc, in); 8864 if (err) 8865 return err; 8866 err = iwm_rm_sta_cmd(sc, in); 8867 if (err) { 8868 printf("%s: could not remove STA (error %d)\n", 8869 DEVNAME(sc), err); 8870 return err; 8871 } 8872 in->tid_disable_ampdu = 0xffff; 8873 sc->sc_flags &= ~IWM_FLAG_STA_ACTIVE; 8874 sc->sc_rx_ba_sessions = 0; 8875 sc->ba_rx.start_tidmask = 0; 8876 sc->ba_rx.stop_tidmask = 0; 8877 sc->tx_ba_queue_mask = 0; 8878 sc->ba_tx.start_tidmask = 0; 8879 sc->ba_tx.stop_tidmask = 0; 8880 } 8881 8882 if (sc->sc_flags & IWM_FLAG_BINDING_ACTIVE) { 8883 err = iwm_binding_cmd(sc, in, IWM_FW_CTXT_ACTION_REMOVE); 8884 if (err) { 8885 printf("%s: could not remove binding (error %d)\n", 8886 DEVNAME(sc), err); 8887 return err; 8888 } 8889 sc->sc_flags &= ~IWM_FLAG_BINDING_ACTIVE; 8890 } 8891 8892 if (sc->sc_flags & IWM_FLAG_MAC_ACTIVE) { 8893 err = iwm_mac_ctxt_cmd(sc, in, IWM_FW_CTXT_ACTION_REMOVE, 0); 8894 if (err) { 8895 printf("%s: could not remove MAC context (error %d)\n", 8896 DEVNAME(sc), err); 8897 return err; 8898 } 8899 sc->sc_flags &= ~IWM_FLAG_MAC_ACTIVE; 8900 } 8901 8902 /* Move unused PHY context to a default channel. */ 8903 err = iwm_phy_ctxt_update(sc, &sc->sc_phyctxt[0], 8904 &ic->ic_channels[1], 1, 1, 0, IEEE80211_HTOP0_SCO_SCN, 8905 IEEE80211_VHTOP0_CHAN_WIDTH_HT); 8906 if (err) 8907 return err; 8908 8909 return 0; 8910} 8911 8912int 8913iwm_run(struct iwm_softc *sc) 8914{ 8915 struct ieee80211com *ic = &sc->sc_ic; 8916 struct iwm_node *in = (void *)ic->ic_bss; 8917 struct ieee80211_node *ni = &in->in_ni; 8918 int err; 8919 8920 splassert(IPL_NET); 8921 8922 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 8923 /* Add a MAC context and a sniffing STA. */ 8924 err = iwm_auth(sc); 8925 if (err) 8926 return err; 8927 } 8928 8929 /* Configure Rx chains for MIMO and configure 40 MHz channel. */ 8930 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 8931 uint8_t chains = iwm_mimo_enabled(sc) ? 2 : 1; 8932 err = iwm_phy_ctxt_update(sc, in->in_phyctxt, 8933 in->in_phyctxt->channel, chains, chains, 8934 0, IEEE80211_HTOP0_SCO_SCN, 8935 IEEE80211_VHTOP0_CHAN_WIDTH_HT); 8936 if (err) { 8937 printf("%s: failed to update PHY\n", DEVNAME(sc)); 8938 return err; 8939 } 8940 } else if (ni->ni_flags & IEEE80211_NODE_HT) { 8941 uint8_t chains = iwm_mimo_enabled(sc) ? 2 : 1; 8942 uint8_t sco, vht_chan_width; 8943 if (IEEE80211_CHAN_40MHZ_ALLOWED(in->in_ni.ni_chan) && 8944 ieee80211_node_supports_ht_chan40(ni)) 8945 sco = (ni->ni_htop0 & IEEE80211_HTOP0_SCO_MASK); 8946 else 8947 sco = IEEE80211_HTOP0_SCO_SCN; 8948 if ((ni->ni_flags & IEEE80211_NODE_VHT) && 8949 IEEE80211_CHAN_80MHZ_ALLOWED(in->in_ni.ni_chan) && 8950 ieee80211_node_supports_vht_chan80(ni)) 8951 vht_chan_width = IEEE80211_VHTOP0_CHAN_WIDTH_80; 8952 else 8953 vht_chan_width = IEEE80211_VHTOP0_CHAN_WIDTH_HT; 8954 err = iwm_phy_ctxt_update(sc, in->in_phyctxt, 8955 in->in_phyctxt->channel, chains, chains, 8956 0, sco, vht_chan_width); 8957 if (err) { 8958 printf("%s: failed to update PHY\n", DEVNAME(sc)); 8959 return err; 8960 } 8961 } 8962 8963 /* Update STA again to apply HT and VHT settings. */ 8964 err = iwm_add_sta_cmd(sc, in, 1); 8965 if (err) { 8966 printf("%s: could not update STA (error %d)\n", 8967 DEVNAME(sc), err); 8968 return err; 8969 } 8970 8971 /* We have now been assigned an associd by the AP. */ 8972 err = iwm_mac_ctxt_cmd(sc, in, IWM_FW_CTXT_ACTION_MODIFY, 1); 8973 if (err) { 8974 printf("%s: failed to update MAC\n", DEVNAME(sc)); 8975 return err; 8976 } 8977 8978 err = iwm_sf_config(sc, IWM_SF_FULL_ON); 8979 if (err) { 8980 printf("%s: could not set sf full on (error %d)\n", 8981 DEVNAME(sc), err); 8982 return err; 8983 } 8984 8985 err = iwm_allow_mcast(sc); 8986 if (err) { 8987 printf("%s: could not allow mcast (error %d)\n", 8988 DEVNAME(sc), err); 8989 return err; 8990 } 8991 8992 err = iwm_power_update_device(sc); 8993 if (err) { 8994 printf("%s: could not send power command (error %d)\n", 8995 DEVNAME(sc), err); 8996 return err; 8997 } 8998#ifdef notyet 8999 /* 9000 * Disabled for now. Default beacon filter settings 9001 * prevent net80211 from getting ERP and HT protection 9002 * updates from beacons. 9003 */ 9004 err = iwm_enable_beacon_filter(sc, in); 9005 if (err) { 9006 printf("%s: could not enable beacon filter\n", 9007 DEVNAME(sc)); 9008 return err; 9009 } 9010#endif 9011 err = iwm_power_mac_update_mode(sc, in); 9012 if (err) { 9013 printf("%s: could not update MAC power (error %d)\n", 9014 DEVNAME(sc), err); 9015 return err; 9016 } 9017 9018 if (!isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_DYNAMIC_QUOTA)) { 9019 err = iwm_update_quotas(sc, in, 1); 9020 if (err) { 9021 printf("%s: could not update quotas (error %d)\n", 9022 DEVNAME(sc), err); 9023 return err; 9024 } 9025 } 9026 9027 ieee80211_amrr_node_init(&sc->sc_amrr, &in->in_amn); 9028 ieee80211_ra_node_init(&in->in_rn); 9029 ieee80211_ra_vht_node_init(&in->in_rn_vht); 9030 9031 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 9032 iwm_led_blink_start(sc); 9033 return 0; 9034 } 9035 9036 /* Start at lowest available bit-rate, AMRR will raise. */ 9037 in->in_ni.ni_txrate = 0; 9038 in->in_ni.ni_txmcs = 0; 9039 in->in_ni.ni_vht_ss = 1; 9040 iwm_setrates(in, 0); 9041 9042 timeout_add_msec(&sc->sc_calib_to, 500); 9043 iwm_led_enable(sc); 9044 9045 return 0; 9046} 9047 9048int 9049iwm_run_stop(struct iwm_softc *sc) 9050{ 9051 struct ieee80211com *ic = &sc->sc_ic; 9052 struct iwm_node *in = (void *)ic->ic_bss; 9053 struct ieee80211_node *ni = &in->in_ni; 9054 int err, i, tid; 9055 9056 splassert(IPL_NET); 9057 9058 /* 9059 * Stop Tx/Rx BA sessions now. We cannot rely on the BA task 9060 * for this when moving out of RUN state since it runs in a 9061 * separate thread. 9062 * Note that in->in_ni (struct ieee80211_node) already represents 9063 * our new access point in case we are roaming between APs. 9064 * This means we cannot rely on struct ieee802111_node to tell 9065 * us which BA sessions exist. 9066 */ 9067 for (i = 0; i < nitems(sc->sc_rxba_data); i++) { 9068 struct iwm_rxba_data *rxba = &sc->sc_rxba_data[i]; 9069 if (rxba->baid == IWM_RX_REORDER_DATA_INVALID_BAID) 9070 continue; 9071 err = iwm_sta_rx_agg(sc, ni, rxba->tid, 0, 0, 0, 0); 9072 if (err) 9073 return err; 9074 iwm_clear_reorder_buffer(sc, rxba); 9075 if (sc->sc_rx_ba_sessions > 0) 9076 sc->sc_rx_ba_sessions--; 9077 } 9078 for (tid = 0; tid < IWM_MAX_TID_COUNT; tid++) { 9079 int qid = IWM_FIRST_AGG_TX_QUEUE + tid; 9080 if ((sc->tx_ba_queue_mask & (1 << qid)) == 0) 9081 continue; 9082 err = iwm_sta_tx_agg(sc, ni, tid, 0, 0, 0); 9083 if (err) 9084 return err; 9085 err = iwm_disable_txq(sc, IWM_STATION_ID, qid, tid); 9086 if (err) 9087 return err; 9088 in->tfd_queue_msk &= ~(1 << qid); 9089 } 9090 ieee80211_ba_del(ni); 9091 9092 if (ic->ic_opmode == IEEE80211_M_MONITOR) 9093 iwm_led_blink_stop(sc); 9094 9095 err = iwm_sf_config(sc, IWM_SF_INIT_OFF); 9096 if (err) 9097 return err; 9098 9099 iwm_disable_beacon_filter(sc); 9100 9101 if (!isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_DYNAMIC_QUOTA)) { 9102 err = iwm_update_quotas(sc, in, 0); 9103 if (err) { 9104 printf("%s: could not update quotas (error %d)\n", 9105 DEVNAME(sc), err); 9106 return err; 9107 } 9108 } 9109 9110 /* Mark station as disassociated. */ 9111 err = iwm_mac_ctxt_cmd(sc, in, IWM_FW_CTXT_ACTION_MODIFY, 0); 9112 if (err) { 9113 printf("%s: failed to update MAC\n", DEVNAME(sc)); 9114 return err; 9115 } 9116 9117 /* Reset Tx chains in case MIMO or 40 MHz channels were enabled. */ 9118 if (in->in_ni.ni_flags & IEEE80211_NODE_HT) { 9119 err = iwm_phy_ctxt_update(sc, in->in_phyctxt, 9120 in->in_phyctxt->channel, 1, 1, 0, IEEE80211_HTOP0_SCO_SCN, 9121 IEEE80211_VHTOP0_CHAN_WIDTH_HT); 9122 if (err) { 9123 printf("%s: failed to update PHY\n", DEVNAME(sc)); 9124 return err; 9125 } 9126 } 9127 9128 return 0; 9129} 9130 9131struct ieee80211_node * 9132iwm_node_alloc(struct ieee80211com *ic) 9133{ 9134 return malloc(sizeof (struct iwm_node), M_DEVBUF, M_NOWAIT | M_ZERO); 9135} 9136 9137int 9138iwm_set_key_v1(struct ieee80211com *ic, struct ieee80211_node *ni, 9139 struct ieee80211_key *k) 9140{ 9141 struct iwm_softc *sc = ic->ic_softc; 9142 struct iwm_add_sta_key_cmd_v1 cmd; 9143 9144 memset(&cmd, 0, sizeof(cmd)); 9145 9146 cmd.common.key_flags = htole16(IWM_STA_KEY_FLG_CCM | 9147 IWM_STA_KEY_FLG_WEP_KEY_MAP | 9148 ((k->k_id << IWM_STA_KEY_FLG_KEYID_POS) & 9149 IWM_STA_KEY_FLG_KEYID_MSK)); 9150 if (k->k_flags & IEEE80211_KEY_GROUP) 9151 cmd.common.key_flags |= htole16(IWM_STA_KEY_MULTICAST); 9152 9153 memcpy(cmd.common.key, k->k_key, MIN(sizeof(cmd.common.key), k->k_len)); 9154 cmd.common.key_offset = 0; 9155 cmd.common.sta_id = IWM_STATION_ID; 9156 9157 return iwm_send_cmd_pdu(sc, IWM_ADD_STA_KEY, IWM_CMD_ASYNC, 9158 sizeof(cmd), &cmd); 9159} 9160 9161int 9162iwm_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 9163 struct ieee80211_key *k) 9164{ 9165 struct iwm_softc *sc = ic->ic_softc; 9166 struct iwm_add_sta_key_cmd cmd; 9167 9168 if ((k->k_flags & IEEE80211_KEY_GROUP) || 9169 k->k_cipher != IEEE80211_CIPHER_CCMP) { 9170 /* Fallback to software crypto for other ciphers. */ 9171 return (ieee80211_set_key(ic, ni, k)); 9172 } 9173 9174 if (!isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_TKIP_MIC_KEYS)) 9175 return iwm_set_key_v1(ic, ni, k); 9176 9177 memset(&cmd, 0, sizeof(cmd)); 9178 9179 cmd.common.key_flags = htole16(IWM_STA_KEY_FLG_CCM | 9180 IWM_STA_KEY_FLG_WEP_KEY_MAP | 9181 ((k->k_id << IWM_STA_KEY_FLG_KEYID_POS) & 9182 IWM_STA_KEY_FLG_KEYID_MSK)); 9183 if (k->k_flags & IEEE80211_KEY_GROUP) 9184 cmd.common.key_flags |= htole16(IWM_STA_KEY_MULTICAST); 9185 9186 memcpy(cmd.common.key, k->k_key, MIN(sizeof(cmd.common.key), k->k_len)); 9187 cmd.common.key_offset = 0; 9188 cmd.common.sta_id = IWM_STATION_ID; 9189 9190 cmd.transmit_seq_cnt = htole64(k->k_tsc); 9191 9192 return iwm_send_cmd_pdu(sc, IWM_ADD_STA_KEY, IWM_CMD_ASYNC, 9193 sizeof(cmd), &cmd); 9194} 9195 9196void 9197iwm_delete_key_v1(struct ieee80211com *ic, struct ieee80211_node *ni, 9198 struct ieee80211_key *k) 9199{ 9200 struct iwm_softc *sc = ic->ic_softc; 9201 struct iwm_add_sta_key_cmd_v1 cmd; 9202 9203 memset(&cmd, 0, sizeof(cmd)); 9204 9205 cmd.common.key_flags = htole16(IWM_STA_KEY_NOT_VALID | 9206 IWM_STA_KEY_FLG_NO_ENC | IWM_STA_KEY_FLG_WEP_KEY_MAP | 9207 ((k->k_id << IWM_STA_KEY_FLG_KEYID_POS) & 9208 IWM_STA_KEY_FLG_KEYID_MSK)); 9209 memcpy(cmd.common.key, k->k_key, MIN(sizeof(cmd.common.key), k->k_len)); 9210 cmd.common.key_offset = 0; 9211 cmd.common.sta_id = IWM_STATION_ID; 9212 9213 iwm_send_cmd_pdu(sc, IWM_ADD_STA_KEY, IWM_CMD_ASYNC, sizeof(cmd), &cmd); 9214} 9215 9216void 9217iwm_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 9218 struct ieee80211_key *k) 9219{ 9220 struct iwm_softc *sc = ic->ic_softc; 9221 struct iwm_add_sta_key_cmd cmd; 9222 9223 if ((k->k_flags & IEEE80211_KEY_GROUP) || 9224 (k->k_cipher != IEEE80211_CIPHER_CCMP)) { 9225 /* Fallback to software crypto for other ciphers. */ 9226 ieee80211_delete_key(ic, ni, k); 9227 return; 9228 } 9229 9230 if ((sc->sc_flags & IWM_FLAG_STA_ACTIVE) == 0) 9231 return; 9232 9233 if (!isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_TKIP_MIC_KEYS)) 9234 return iwm_delete_key_v1(ic, ni, k); 9235 9236 memset(&cmd, 0, sizeof(cmd)); 9237 9238 cmd.common.key_flags = htole16(IWM_STA_KEY_NOT_VALID | 9239 IWM_STA_KEY_FLG_NO_ENC | IWM_STA_KEY_FLG_WEP_KEY_MAP | 9240 ((k->k_id << IWM_STA_KEY_FLG_KEYID_POS) & 9241 IWM_STA_KEY_FLG_KEYID_MSK)); 9242 memcpy(cmd.common.key, k->k_key, MIN(sizeof(cmd.common.key), k->k_len)); 9243 cmd.common.key_offset = 0; 9244 cmd.common.sta_id = IWM_STATION_ID; 9245 9246 iwm_send_cmd_pdu(sc, IWM_ADD_STA_KEY, IWM_CMD_ASYNC, sizeof(cmd), &cmd); 9247} 9248 9249void 9250iwm_calib_timeout(void *arg) 9251{ 9252 struct iwm_softc *sc = arg; 9253 struct ieee80211com *ic = &sc->sc_ic; 9254 struct iwm_node *in = (void *)ic->ic_bss; 9255 struct ieee80211_node *ni = &in->in_ni; 9256 int s; 9257 9258 s = splnet(); 9259 if ((ic->ic_fixed_rate == -1 || ic->ic_fixed_mcs == -1) && 9260 (ni->ni_flags & IEEE80211_NODE_HT) == 0 && 9261 ic->ic_opmode == IEEE80211_M_STA && ic->ic_bss) { 9262 int old_txrate = ni->ni_txrate; 9263 ieee80211_amrr_choose(&sc->sc_amrr, &in->in_ni, &in->in_amn); 9264 /* 9265 * If AMRR has chosen a new TX rate we must update 9266 * the firwmare's LQ rate table. 9267 * ni_txrate may change again before the task runs so 9268 * cache the chosen rate in the iwm_node structure. 9269 */ 9270 if (ni->ni_txrate != old_txrate) 9271 iwm_setrates(in, 1); 9272 } 9273 9274 splx(s); 9275 9276 timeout_add_msec(&sc->sc_calib_to, 500); 9277} 9278 9279void 9280iwm_set_rate_table_vht(struct iwm_node *in, struct iwm_lq_cmd *lqcmd) 9281{ 9282 struct ieee80211_node *ni = &in->in_ni; 9283 struct ieee80211com *ic = ni->ni_ic; 9284 struct iwm_softc *sc = IC2IFP(ic)->if_softc; 9285 int ridx_min = iwm_rval2ridx(ieee80211_min_basic_rate(ic)); 9286 int i, tab, txmcs; 9287 9288 /* 9289 * Fill the LQ rate selection table with VHT rates in descending 9290 * order, i.e. with the node's current TX rate first. Keep reducing 9291 * channel width during later Tx attempts, and eventually fall back 9292 * to legacy OFDM. Do not mix SISO and MIMO rates. 9293 */ 9294 lqcmd->mimo_delim = 0; 9295 txmcs = ni->ni_txmcs; 9296 for (i = 0; i < nitems(lqcmd->rs_table); i++) { 9297 if (txmcs >= 0) { 9298 tab = IWM_RATE_MCS_VHT_MSK; 9299 tab |= txmcs & IWM_RATE_VHT_MCS_RATE_CODE_MSK; 9300 tab |= ((ni->ni_vht_ss - 1) << 9301 IWM_RATE_VHT_MCS_NSS_POS) & 9302 IWM_RATE_VHT_MCS_NSS_MSK; 9303 if (ni->ni_vht_ss > 1) 9304 tab |= IWM_RATE_MCS_ANT_AB_MSK; 9305 else 9306 tab |= iwm_valid_siso_ant_rate_mask(sc); 9307 9308 /* 9309 * First two Tx attempts may use 80MHz/40MHz/SGI. 9310 * Next two Tx attempts may use 40MHz/SGI. 9311 * Beyond that use 20 MHz and decrease the rate. 9312 * As a special case, MCS 9 is invalid on 20 Mhz. 9313 */ 9314 if (txmcs == 9) { 9315 if (i < 2 && in->in_phyctxt->vht_chan_width >= 9316 IEEE80211_VHTOP0_CHAN_WIDTH_80) 9317 tab |= IWM_RATE_MCS_CHAN_WIDTH_80; 9318 else if (in->in_phyctxt->sco == 9319 IEEE80211_HTOP0_SCO_SCA || 9320 in->in_phyctxt->sco == 9321 IEEE80211_HTOP0_SCO_SCB) 9322 tab |= IWM_RATE_MCS_CHAN_WIDTH_40; 9323 else { 9324 /* no 40 MHz, fall back on MCS 8 */ 9325 tab &= ~IWM_RATE_VHT_MCS_RATE_CODE_MSK; 9326 tab |= 8; 9327 } 9328 9329 tab |= IWM_RATE_MCS_RTS_REQUIRED_MSK; 9330 if (i < 4) { 9331 if (ieee80211_ra_vht_use_sgi(ni)) 9332 tab |= IWM_RATE_MCS_SGI_MSK; 9333 } else 9334 txmcs--; 9335 } else if (i < 2 && in->in_phyctxt->vht_chan_width >= 9336 IEEE80211_VHTOP0_CHAN_WIDTH_80) { 9337 tab |= IWM_RATE_MCS_CHAN_WIDTH_80; 9338 tab |= IWM_RATE_MCS_RTS_REQUIRED_MSK; 9339 if (ieee80211_ra_vht_use_sgi(ni)) 9340 tab |= IWM_RATE_MCS_SGI_MSK; 9341 } else if (i < 4 && 9342 in->in_phyctxt->vht_chan_width >= 9343 IEEE80211_VHTOP0_CHAN_WIDTH_HT && 9344 (in->in_phyctxt->sco == IEEE80211_HTOP0_SCO_SCA || 9345 in->in_phyctxt->sco == IEEE80211_HTOP0_SCO_SCB)) { 9346 tab |= IWM_RATE_MCS_CHAN_WIDTH_40; 9347 tab |= IWM_RATE_MCS_RTS_REQUIRED_MSK; 9348 if (ieee80211_ra_vht_use_sgi(ni)) 9349 tab |= IWM_RATE_MCS_SGI_MSK; 9350 } else if (txmcs >= 0) 9351 txmcs--; 9352 } else { 9353 /* Fill the rest with the lowest possible rate. */ 9354 tab = iwm_rates[ridx_min].plcp; 9355 tab |= iwm_valid_siso_ant_rate_mask(sc); 9356 if (ni->ni_vht_ss > 1 && lqcmd->mimo_delim == 0) 9357 lqcmd->mimo_delim = i; 9358 } 9359 9360 lqcmd->rs_table[i] = htole32(tab); 9361 } 9362} 9363 9364void 9365iwm_set_rate_table(struct iwm_node *in, struct iwm_lq_cmd *lqcmd) 9366{ 9367 struct ieee80211_node *ni = &in->in_ni; 9368 struct ieee80211com *ic = ni->ni_ic; 9369 struct iwm_softc *sc = IC2IFP(ic)->if_softc; 9370 struct ieee80211_rateset *rs = &ni->ni_rates; 9371 int i, ridx, ridx_min, ridx_max, j, mimo, tab = 0; 9372 9373 /* 9374 * Fill the LQ rate selection table with legacy and/or HT rates 9375 * in descending order, i.e. with the node's current TX rate first. 9376 * In cases where throughput of an HT rate corresponds to a legacy 9377 * rate it makes no sense to add both. We rely on the fact that 9378 * iwm_rates is laid out such that equivalent HT/legacy rates share 9379 * the same IWM_RATE_*_INDEX value. Also, rates not applicable to 9380 * legacy/HT are assumed to be marked with an 'invalid' PLCP value. 9381 */ 9382 j = 0; 9383 ridx_min = iwm_rval2ridx(ieee80211_min_basic_rate(ic)); 9384 mimo = iwm_is_mimo_ht_mcs(ni->ni_txmcs); 9385 ridx_max = (mimo ? IWM_RIDX_MAX : IWM_LAST_HT_SISO_RATE); 9386 for (ridx = ridx_max; ridx >= ridx_min; ridx--) { 9387 uint8_t plcp = iwm_rates[ridx].plcp; 9388 uint8_t ht_plcp = iwm_rates[ridx].ht_plcp; 9389 9390 if (j >= nitems(lqcmd->rs_table)) 9391 break; 9392 tab = 0; 9393 if (ni->ni_flags & IEEE80211_NODE_HT) { 9394 if (ht_plcp == IWM_RATE_HT_SISO_MCS_INV_PLCP) 9395 continue; 9396 /* Do not mix SISO and MIMO HT rates. */ 9397 if ((mimo && !iwm_is_mimo_ht_plcp(ht_plcp)) || 9398 (!mimo && iwm_is_mimo_ht_plcp(ht_plcp))) 9399 continue; 9400 for (i = ni->ni_txmcs; i >= 0; i--) { 9401 if (isclr(ni->ni_rxmcs, i)) 9402 continue; 9403 if (ridx != iwm_ht_mcs2ridx[i]) 9404 continue; 9405 tab = ht_plcp; 9406 tab |= IWM_RATE_MCS_HT_MSK; 9407 /* First two Tx attempts may use 40MHz/SGI. */ 9408 if (j > 1) 9409 break; 9410 if (in->in_phyctxt->sco == 9411 IEEE80211_HTOP0_SCO_SCA || 9412 in->in_phyctxt->sco == 9413 IEEE80211_HTOP0_SCO_SCB) { 9414 tab |= IWM_RATE_MCS_CHAN_WIDTH_40; 9415 tab |= IWM_RATE_MCS_RTS_REQUIRED_MSK; 9416 } 9417 if (ieee80211_ra_use_ht_sgi(ni)) 9418 tab |= IWM_RATE_MCS_SGI_MSK; 9419 break; 9420 } 9421 } else if (plcp != IWM_RATE_INVM_PLCP) { 9422 for (i = ni->ni_txrate; i >= 0; i--) { 9423 if (iwm_rates[ridx].rate == (rs->rs_rates[i] & 9424 IEEE80211_RATE_VAL)) { 9425 tab = plcp; 9426 break; 9427 } 9428 } 9429 } 9430 9431 if (tab == 0) 9432 continue; 9433 9434 if (iwm_is_mimo_ht_plcp(ht_plcp)) 9435 tab |= IWM_RATE_MCS_ANT_AB_MSK; 9436 else 9437 tab |= iwm_valid_siso_ant_rate_mask(sc); 9438 9439 if (IWM_RIDX_IS_CCK(ridx)) 9440 tab |= IWM_RATE_MCS_CCK_MSK; 9441 lqcmd->rs_table[j++] = htole32(tab); 9442 } 9443 9444 lqcmd->mimo_delim = (mimo ? j : 0); 9445 9446 /* Fill the rest with the lowest possible rate */ 9447 while (j < nitems(lqcmd->rs_table)) { 9448 tab = iwm_rates[ridx_min].plcp; 9449 if (IWM_RIDX_IS_CCK(ridx_min)) 9450 tab |= IWM_RATE_MCS_CCK_MSK; 9451 tab |= iwm_valid_siso_ant_rate_mask(sc); 9452 lqcmd->rs_table[j++] = htole32(tab); 9453 } 9454} 9455 9456void 9457iwm_setrates(struct iwm_node *in, int async) 9458{ 9459 struct ieee80211_node *ni = &in->in_ni; 9460 struct ieee80211com *ic = ni->ni_ic; 9461 struct iwm_softc *sc = IC2IFP(ic)->if_softc; 9462 struct iwm_lq_cmd lqcmd; 9463 struct iwm_host_cmd cmd = { 9464 .id = IWM_LQ_CMD, 9465 .len = { sizeof(lqcmd), }, 9466 }; 9467 9468 cmd.flags = async ? IWM_CMD_ASYNC : 0; 9469 9470 memset(&lqcmd, 0, sizeof(lqcmd)); 9471 lqcmd.sta_id = IWM_STATION_ID; 9472 9473 if (ic->ic_flags & IEEE80211_F_USEPROT) 9474 lqcmd.flags |= IWM_LQ_FLAG_USE_RTS_MSK; 9475 9476 if (ni->ni_flags & IEEE80211_NODE_VHT) 9477 iwm_set_rate_table_vht(in, &lqcmd); 9478 else 9479 iwm_set_rate_table(in, &lqcmd); 9480 9481 if (sc->sc_device_family == IWM_DEVICE_FAMILY_9000 && 9482 (iwm_fw_valid_tx_ant(sc) & IWM_ANT_B)) 9483 lqcmd.single_stream_ant_msk = IWM_ANT_B; 9484 else 9485 lqcmd.single_stream_ant_msk = IWM_ANT_A; 9486 lqcmd.dual_stream_ant_msk = IWM_ANT_AB; 9487 9488 lqcmd.agg_time_limit = htole16(4000); /* 4ms */ 9489 lqcmd.agg_disable_start_th = 3; 9490 lqcmd.agg_frame_cnt_limit = 0x3f; 9491 9492 cmd.data[0] = &lqcmd; 9493 iwm_send_cmd(sc, &cmd); 9494} 9495 9496int 9497iwm_media_change(struct ifnet *ifp) 9498{ 9499 struct iwm_softc *sc = ifp->if_softc; 9500 struct ieee80211com *ic = &sc->sc_ic; 9501 uint8_t rate, ridx; 9502 int err; 9503 9504 err = ieee80211_media_change(ifp); 9505 if (err != ENETRESET) 9506 return err; 9507 9508 if (ic->ic_fixed_mcs != -1) 9509 sc->sc_fixed_ridx = iwm_ht_mcs2ridx[ic->ic_fixed_mcs]; 9510 else if (ic->ic_fixed_rate != -1) { 9511 rate = ic->ic_sup_rates[ic->ic_curmode]. 9512 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 9513 /* Map 802.11 rate to HW rate index. */ 9514 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++) 9515 if (iwm_rates[ridx].rate == rate) 9516 break; 9517 sc->sc_fixed_ridx = ridx; 9518 } 9519 9520 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 9521 (IFF_UP | IFF_RUNNING)) { 9522 iwm_stop(ifp); 9523 err = iwm_init(ifp); 9524 } 9525 return err; 9526} 9527 9528void 9529iwm_newstate_task(void *psc) 9530{ 9531 struct iwm_softc *sc = (struct iwm_softc *)psc; 9532 struct ieee80211com *ic = &sc->sc_ic; 9533 enum ieee80211_state nstate = sc->ns_nstate; 9534 enum ieee80211_state ostate = ic->ic_state; 9535 int arg = sc->ns_arg; 9536 int err = 0, s = splnet(); 9537 9538 if (sc->sc_flags & IWM_FLAG_SHUTDOWN) { 9539 /* iwm_stop() is waiting for us. */ 9540 refcnt_rele_wake(&sc->task_refs); 9541 splx(s); 9542 return; 9543 } 9544 9545 if (ostate == IEEE80211_S_SCAN) { 9546 if (nstate == ostate) { 9547 if (sc->sc_flags & IWM_FLAG_SCANNING) { 9548 refcnt_rele_wake(&sc->task_refs); 9549 splx(s); 9550 return; 9551 } 9552 /* Firmware is no longer scanning. Do another scan. */ 9553 goto next_scan; 9554 } else 9555 iwm_led_blink_stop(sc); 9556 } 9557 9558 if (nstate <= ostate) { 9559 switch (ostate) { 9560 case IEEE80211_S_RUN: 9561 err = iwm_run_stop(sc); 9562 if (err) 9563 goto out; 9564 /* FALLTHROUGH */ 9565 case IEEE80211_S_ASSOC: 9566 case IEEE80211_S_AUTH: 9567 if (nstate <= IEEE80211_S_AUTH) { 9568 err = iwm_deauth(sc); 9569 if (err) 9570 goto out; 9571 } 9572 /* FALLTHROUGH */ 9573 case IEEE80211_S_SCAN: 9574 case IEEE80211_S_INIT: 9575 break; 9576 } 9577 9578 /* Die now if iwm_stop() was called while we were sleeping. */ 9579 if (sc->sc_flags & IWM_FLAG_SHUTDOWN) { 9580 refcnt_rele_wake(&sc->task_refs); 9581 splx(s); 9582 return; 9583 } 9584 } 9585 9586 switch (nstate) { 9587 case IEEE80211_S_INIT: 9588 break; 9589 9590 case IEEE80211_S_SCAN: 9591next_scan: 9592 err = iwm_scan(sc); 9593 if (err) 9594 break; 9595 refcnt_rele_wake(&sc->task_refs); 9596 splx(s); 9597 return; 9598 9599 case IEEE80211_S_AUTH: 9600 err = iwm_auth(sc); 9601 break; 9602 9603 case IEEE80211_S_ASSOC: 9604 break; 9605 9606 case IEEE80211_S_RUN: 9607 err = iwm_run(sc); 9608 break; 9609 } 9610 9611out: 9612 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) == 0) { 9613 if (err) 9614 task_add(systq, &sc->init_task); 9615 else 9616 sc->sc_newstate(ic, nstate, arg); 9617 } 9618 refcnt_rele_wake(&sc->task_refs); 9619 splx(s); 9620} 9621 9622int 9623iwm_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 9624{ 9625 struct ifnet *ifp = IC2IFP(ic); 9626 struct iwm_softc *sc = ifp->if_softc; 9627 9628 /* 9629 * Prevent attempts to transition towards the same state, unless 9630 * we are scanning in which case a SCAN -> SCAN transition 9631 * triggers another scan iteration. And AUTH -> AUTH is needed 9632 * to support band-steering. 9633 */ 9634 if (sc->ns_nstate == nstate && nstate != IEEE80211_S_SCAN && 9635 nstate != IEEE80211_S_AUTH) 9636 return 0; 9637 9638 if (ic->ic_state == IEEE80211_S_RUN) { 9639 timeout_del(&sc->sc_calib_to); 9640 iwm_del_task(sc, systq, &sc->ba_task); 9641 iwm_del_task(sc, systq, &sc->mac_ctxt_task); 9642 iwm_del_task(sc, systq, &sc->phy_ctxt_task); 9643 iwm_del_task(sc, systq, &sc->bgscan_done_task); 9644 } 9645 9646 sc->ns_nstate = nstate; 9647 sc->ns_arg = arg; 9648 9649 iwm_add_task(sc, sc->sc_nswq, &sc->newstate_task); 9650 9651 return 0; 9652} 9653 9654void 9655iwm_endscan(struct iwm_softc *sc) 9656{ 9657 struct ieee80211com *ic = &sc->sc_ic; 9658 9659 if ((sc->sc_flags & (IWM_FLAG_SCANNING | IWM_FLAG_BGSCAN)) == 0) 9660 return; 9661 9662 sc->sc_flags &= ~(IWM_FLAG_SCANNING | IWM_FLAG_BGSCAN); 9663 ieee80211_end_scan(&ic->ic_if); 9664} 9665 9666/* 9667 * Aging and idle timeouts for the different possible scenarios 9668 * in default configuration 9669 */ 9670static const uint32_t 9671iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 9672 { 9673 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF), 9674 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF) 9675 }, 9676 { 9677 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF), 9678 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF) 9679 }, 9680 { 9681 htole32(IWM_SF_MCAST_AGING_TIMER_DEF), 9682 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF) 9683 }, 9684 { 9685 htole32(IWM_SF_BA_AGING_TIMER_DEF), 9686 htole32(IWM_SF_BA_IDLE_TIMER_DEF) 9687 }, 9688 { 9689 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF), 9690 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF) 9691 }, 9692}; 9693 9694/* 9695 * Aging and idle timeouts for the different possible scenarios 9696 * in single BSS MAC configuration. 9697 */ 9698static const uint32_t 9699iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = { 9700 { 9701 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER), 9702 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER) 9703 }, 9704 { 9705 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER), 9706 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER) 9707 }, 9708 { 9709 htole32(IWM_SF_MCAST_AGING_TIMER), 9710 htole32(IWM_SF_MCAST_IDLE_TIMER) 9711 }, 9712 { 9713 htole32(IWM_SF_BA_AGING_TIMER), 9714 htole32(IWM_SF_BA_IDLE_TIMER) 9715 }, 9716 { 9717 htole32(IWM_SF_TX_RE_AGING_TIMER), 9718 htole32(IWM_SF_TX_RE_IDLE_TIMER) 9719 }, 9720}; 9721 9722void 9723iwm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd, 9724 struct ieee80211_node *ni) 9725{ 9726 int i, j, watermark; 9727 9728 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN); 9729 9730 /* 9731 * If we are in association flow - check antenna configuration 9732 * capabilities of the AP station, and choose the watermark accordingly. 9733 */ 9734 if (ni) { 9735 if (ni->ni_flags & IEEE80211_NODE_HT) { 9736 if (ni->ni_rxmcs[1] != 0) 9737 watermark = IWM_SF_W_MARK_MIMO2; 9738 else 9739 watermark = IWM_SF_W_MARK_SISO; 9740 } else { 9741 watermark = IWM_SF_W_MARK_LEGACY; 9742 } 9743 /* default watermark value for unassociated mode. */ 9744 } else { 9745 watermark = IWM_SF_W_MARK_MIMO2; 9746 } 9747 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark); 9748 9749 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) { 9750 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) { 9751 sf_cmd->long_delay_timeouts[i][j] = 9752 htole32(IWM_SF_LONG_DELAY_AGING_TIMER); 9753 } 9754 } 9755 9756 if (ni) { 9757 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout, 9758 sizeof(iwm_sf_full_timeout)); 9759 } else { 9760 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def, 9761 sizeof(iwm_sf_full_timeout_def)); 9762 } 9763 9764} 9765 9766int 9767iwm_sf_config(struct iwm_softc *sc, int new_state) 9768{ 9769 struct ieee80211com *ic = &sc->sc_ic; 9770 struct iwm_sf_cfg_cmd sf_cmd = { 9771 .state = htole32(new_state), 9772 }; 9773 int err = 0; 9774 9775#if 0 /* only used for models with sdio interface, in iwlwifi */ 9776 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) 9777 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF); 9778#endif 9779 9780 switch (new_state) { 9781 case IWM_SF_UNINIT: 9782 case IWM_SF_INIT_OFF: 9783 iwm_fill_sf_command(sc, &sf_cmd, NULL); 9784 break; 9785 case IWM_SF_FULL_ON: 9786 iwm_fill_sf_command(sc, &sf_cmd, ic->ic_bss); 9787 break; 9788 default: 9789 return EINVAL; 9790 } 9791 9792 err = iwm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC, 9793 sizeof(sf_cmd), &sf_cmd); 9794 return err; 9795} 9796 9797int 9798iwm_send_bt_init_conf(struct iwm_softc *sc) 9799{ 9800 struct iwm_bt_coex_cmd bt_cmd; 9801 9802 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI); 9803 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET); 9804 9805 return iwm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd), 9806 &bt_cmd); 9807} 9808 9809int 9810iwm_send_soc_conf(struct iwm_softc *sc) 9811{ 9812 struct iwm_soc_configuration_cmd cmd; 9813 int err; 9814 uint32_t cmd_id, flags = 0; 9815 9816 memset(&cmd, 0, sizeof(cmd)); 9817 9818 /* 9819 * In VER_1 of this command, the discrete value is considered 9820 * an integer; In VER_2, it's a bitmask. Since we have only 2 9821 * values in VER_1, this is backwards-compatible with VER_2, 9822 * as long as we don't set any other flag bits. 9823 */ 9824 if (!sc->sc_integrated) { /* VER_1 */ 9825 flags = IWM_SOC_CONFIG_CMD_FLAGS_DISCRETE; 9826 } else { /* VER_2 */ 9827 uint8_t scan_cmd_ver; 9828 if (sc->sc_ltr_delay != IWM_SOC_FLAGS_LTR_APPLY_DELAY_NONE) 9829 flags |= (sc->sc_ltr_delay & 9830 IWM_SOC_FLAGS_LTR_APPLY_DELAY_MASK); 9831 scan_cmd_ver = iwm_lookup_cmd_ver(sc, IWM_LONG_GROUP, 9832 IWM_SCAN_REQ_UMAC); 9833 if (scan_cmd_ver != IWM_FW_CMD_VER_UNKNOWN && 9834 scan_cmd_ver >= 2 && sc->sc_low_latency_xtal) 9835 flags |= IWM_SOC_CONFIG_CMD_FLAGS_LOW_LATENCY; 9836 } 9837 cmd.flags = htole32(flags); 9838 9839 cmd.latency = htole32(sc->sc_xtal_latency); 9840 9841 cmd_id = iwm_cmd_id(IWM_SOC_CONFIGURATION_CMD, IWM_SYSTEM_GROUP, 0); 9842 err = iwm_send_cmd_pdu(sc, cmd_id, 0, sizeof(cmd), &cmd); 9843 if (err) 9844 printf("%s: failed to set soc latency: %d\n", DEVNAME(sc), err); 9845 return err; 9846} 9847 9848int 9849iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2) 9850{ 9851 struct iwm_mcc_update_cmd mcc_cmd; 9852 struct iwm_host_cmd hcmd = { 9853 .id = IWM_MCC_UPDATE_CMD, 9854 .flags = IWM_CMD_WANT_RESP, 9855 .resp_pkt_len = IWM_CMD_RESP_MAX, 9856 .data = { &mcc_cmd }, 9857 }; 9858 struct iwm_rx_packet *pkt; 9859 size_t resp_len; 9860 int err; 9861 int resp_v3 = isset(sc->sc_enabled_capa, 9862 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V3); 9863 9864 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000 && 9865 !sc->sc_nvm.lar_enabled) { 9866 return 0; 9867 } 9868 9869 memset(&mcc_cmd, 0, sizeof(mcc_cmd)); 9870 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]); 9871 if (isset(sc->sc_ucode_api, IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) || 9872 isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC)) 9873 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT; 9874 else 9875 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW; 9876 9877 if (resp_v3) { /* same size as resp_v2 */ 9878 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd); 9879 } else { 9880 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1); 9881 } 9882 9883 err = iwm_send_cmd(sc, &hcmd); 9884 if (err) 9885 return err; 9886 9887 pkt = hcmd.resp_pkt; 9888 if (!pkt || (pkt->hdr.flags & IWM_CMD_FAILED_MSK)) { 9889 err = EIO; 9890 goto out; 9891 } 9892 9893 if (resp_v3) { 9894 struct iwm_mcc_update_resp_v3 *resp; 9895 resp_len = iwm_rx_packet_payload_len(pkt); 9896 if (resp_len < sizeof(*resp)) { 9897 err = EIO; 9898 goto out; 9899 } 9900 9901 resp = (void *)pkt->data; 9902 if (resp_len != sizeof(*resp) + 9903 resp->n_channels * sizeof(resp->channels[0])) { 9904 err = EIO; 9905 goto out; 9906 } 9907 } else { 9908 struct iwm_mcc_update_resp_v1 *resp_v1; 9909 resp_len = iwm_rx_packet_payload_len(pkt); 9910 if (resp_len < sizeof(*resp_v1)) { 9911 err = EIO; 9912 goto out; 9913 } 9914 9915 resp_v1 = (void *)pkt->data; 9916 if (resp_len != sizeof(*resp_v1) + 9917 resp_v1->n_channels * sizeof(resp_v1->channels[0])) { 9918 err = EIO; 9919 goto out; 9920 } 9921 } 9922out: 9923 iwm_free_resp(sc, &hcmd); 9924 return err; 9925} 9926 9927int 9928iwm_send_temp_report_ths_cmd(struct iwm_softc *sc) 9929{ 9930 struct iwm_temp_report_ths_cmd cmd; 9931 int err; 9932 9933 /* 9934 * In order to give responsibility for critical-temperature-kill 9935 * and TX backoff to FW we need to send an empty temperature 9936 * reporting command at init time. 9937 */ 9938 memset(&cmd, 0, sizeof(cmd)); 9939 9940 err = iwm_send_cmd_pdu(sc, 9941 IWM_WIDE_ID(IWM_PHY_OPS_GROUP, IWM_TEMP_REPORTING_THRESHOLDS_CMD), 9942 0, sizeof(cmd), &cmd); 9943 if (err) 9944 printf("%s: TEMP_REPORT_THS_CMD command failed (error %d)\n", 9945 DEVNAME(sc), err); 9946 9947 return err; 9948} 9949 9950void 9951iwm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff) 9952{ 9953 struct iwm_host_cmd cmd = { 9954 .id = IWM_REPLY_THERMAL_MNG_BACKOFF, 9955 .len = { sizeof(uint32_t), }, 9956 .data = { &backoff, }, 9957 }; 9958 9959 iwm_send_cmd(sc, &cmd); 9960} 9961 9962void 9963iwm_free_fw_paging(struct iwm_softc *sc) 9964{ 9965 int i; 9966 9967 if (sc->fw_paging_db[0].fw_paging_block.vaddr == NULL) 9968 return; 9969 9970 for (i = 0; i < IWM_NUM_OF_FW_PAGING_BLOCKS; i++) { 9971 iwm_dma_contig_free(&sc->fw_paging_db[i].fw_paging_block); 9972 } 9973 9974 memset(sc->fw_paging_db, 0, sizeof(sc->fw_paging_db)); 9975} 9976 9977int 9978iwm_fill_paging_mem(struct iwm_softc *sc, const struct iwm_fw_sects *image) 9979{ 9980 int sec_idx, idx; 9981 uint32_t offset = 0; 9982 9983 /* 9984 * find where is the paging image start point: 9985 * if CPU2 exist and it's in paging format, then the image looks like: 9986 * CPU1 sections (2 or more) 9987 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between CPU1 to CPU2 9988 * CPU2 sections (not paged) 9989 * PAGING_SEPARATOR_SECTION delimiter - separate between CPU2 9990 * non paged to CPU2 paging sec 9991 * CPU2 paging CSS 9992 * CPU2 paging image (including instruction and data) 9993 */ 9994 for (sec_idx = 0; sec_idx < IWM_UCODE_SECT_MAX; sec_idx++) { 9995 if (image->fw_sect[sec_idx].fws_devoff == 9996 IWM_PAGING_SEPARATOR_SECTION) { 9997 sec_idx++; 9998 break; 9999 } 10000 } 10001 10002 /* 10003 * If paging is enabled there should be at least 2 more sections left 10004 * (one for CSS and one for Paging data) 10005 */ 10006 if (sec_idx >= nitems(image->fw_sect) - 1) { 10007 printf("%s: Paging: Missing CSS and/or paging sections\n", 10008 DEVNAME(sc)); 10009 iwm_free_fw_paging(sc); 10010 return EINVAL; 10011 } 10012 10013 /* copy the CSS block to the dram */ 10014 DPRINTF(("%s: Paging: load paging CSS to FW, sec = %d\n", 10015 DEVNAME(sc), sec_idx)); 10016 10017 memcpy(sc->fw_paging_db[0].fw_paging_block.vaddr, 10018 image->fw_sect[sec_idx].fws_data, 10019 sc->fw_paging_db[0].fw_paging_size); 10020 10021 DPRINTF(("%s: Paging: copied %d CSS bytes to first block\n", 10022 DEVNAME(sc), sc->fw_paging_db[0].fw_paging_size)); 10023 10024 sec_idx++; 10025 10026 /* 10027 * copy the paging blocks to the dram 10028 * loop index start from 1 since that CSS block already copied to dram 10029 * and CSS index is 0. 10030 * loop stop at num_of_paging_blk since that last block is not full. 10031 */ 10032 for (idx = 1; idx < sc->num_of_paging_blk; idx++) { 10033 memcpy(sc->fw_paging_db[idx].fw_paging_block.vaddr, 10034 (const char *)image->fw_sect[sec_idx].fws_data + offset, 10035 sc->fw_paging_db[idx].fw_paging_size); 10036 10037 DPRINTF(("%s: Paging: copied %d paging bytes to block %d\n", 10038 DEVNAME(sc), sc->fw_paging_db[idx].fw_paging_size, idx)); 10039 10040 offset += sc->fw_paging_db[idx].fw_paging_size; 10041 } 10042 10043 /* copy the last paging block */ 10044 if (sc->num_of_pages_in_last_blk > 0) { 10045 memcpy(sc->fw_paging_db[idx].fw_paging_block.vaddr, 10046 (const char *)image->fw_sect[sec_idx].fws_data + offset, 10047 IWM_FW_PAGING_SIZE * sc->num_of_pages_in_last_blk); 10048 10049 DPRINTF(("%s: Paging: copied %d pages in the last block %d\n", 10050 DEVNAME(sc), sc->num_of_pages_in_last_blk, idx)); 10051 } 10052 10053 return 0; 10054} 10055 10056int 10057iwm_alloc_fw_paging_mem(struct iwm_softc *sc, const struct iwm_fw_sects *image) 10058{ 10059 int blk_idx = 0; 10060 int error, num_of_pages; 10061 10062 if (sc->fw_paging_db[0].fw_paging_block.vaddr != NULL) { 10063 int i; 10064 /* Device got reset, and we setup firmware paging again */ 10065 bus_dmamap_sync(sc->sc_dmat, 10066 sc->fw_paging_db[0].fw_paging_block.map, 10067 0, IWM_FW_PAGING_SIZE, 10068 BUS_DMASYNC_POSTWRITE | BUS_DMASYNC_POSTREAD); 10069 for (i = 1; i < sc->num_of_paging_blk + 1; i++) { 10070 bus_dmamap_sync(sc->sc_dmat, 10071 sc->fw_paging_db[i].fw_paging_block.map, 10072 0, IWM_PAGING_BLOCK_SIZE, 10073 BUS_DMASYNC_POSTWRITE | BUS_DMASYNC_POSTREAD); 10074 } 10075 return 0; 10076 } 10077 10078 /* ensure IWM_BLOCK_2_EXP_SIZE is power of 2 of IWM_PAGING_BLOCK_SIZE */ 10079#if (1 << IWM_BLOCK_2_EXP_SIZE) != IWM_PAGING_BLOCK_SIZE 10080#error IWM_BLOCK_2_EXP_SIZE must be power of 2 of IWM_PAGING_BLOCK_SIZE 10081#endif 10082 10083 num_of_pages = image->paging_mem_size / IWM_FW_PAGING_SIZE; 10084 sc->num_of_paging_blk = 10085 ((num_of_pages - 1) / IWM_NUM_OF_PAGE_PER_GROUP) + 1; 10086 10087 sc->num_of_pages_in_last_blk = 10088 num_of_pages - 10089 IWM_NUM_OF_PAGE_PER_GROUP * (sc->num_of_paging_blk - 1); 10090 10091 DPRINTF(("%s: Paging: allocating mem for %d paging blocks, each block" 10092 " holds 8 pages, last block holds %d pages\n", DEVNAME(sc), 10093 sc->num_of_paging_blk, 10094 sc->num_of_pages_in_last_blk)); 10095 10096 /* allocate block of 4Kbytes for paging CSS */ 10097 error = iwm_dma_contig_alloc(sc->sc_dmat, 10098 &sc->fw_paging_db[blk_idx].fw_paging_block, IWM_FW_PAGING_SIZE, 10099 4096); 10100 if (error) { 10101 /* free all the previous pages since we failed */ 10102 iwm_free_fw_paging(sc); 10103 return ENOMEM; 10104 } 10105 10106 sc->fw_paging_db[blk_idx].fw_paging_size = IWM_FW_PAGING_SIZE; 10107 10108 DPRINTF(("%s: Paging: allocated 4K(CSS) bytes for firmware paging.\n", 10109 DEVNAME(sc))); 10110 10111 /* 10112 * allocate blocks in dram. 10113 * since that CSS allocated in fw_paging_db[0] loop start from index 1 10114 */ 10115 for (blk_idx = 1; blk_idx < sc->num_of_paging_blk + 1; blk_idx++) { 10116 /* allocate block of IWM_PAGING_BLOCK_SIZE (32K) */ 10117 /* XXX Use iwm_dma_contig_alloc for allocating */ 10118 error = iwm_dma_contig_alloc(sc->sc_dmat, 10119 &sc->fw_paging_db[blk_idx].fw_paging_block, 10120 IWM_PAGING_BLOCK_SIZE, 4096); 10121 if (error) { 10122 /* free all the previous pages since we failed */ 10123 iwm_free_fw_paging(sc); 10124 return ENOMEM; 10125 } 10126 10127 sc->fw_paging_db[blk_idx].fw_paging_size = 10128 IWM_PAGING_BLOCK_SIZE; 10129 10130 DPRINTF(( 10131 "%s: Paging: allocated 32K bytes for firmware paging.\n", 10132 DEVNAME(sc))); 10133 } 10134 10135 return 0; 10136} 10137 10138int 10139iwm_save_fw_paging(struct iwm_softc *sc, const struct iwm_fw_sects *fw) 10140{ 10141 int ret; 10142 10143 ret = iwm_alloc_fw_paging_mem(sc, fw); 10144 if (ret) 10145 return ret; 10146 10147 return iwm_fill_paging_mem(sc, fw); 10148} 10149 10150/* send paging cmd to FW in case CPU2 has paging image */ 10151int 10152iwm_send_paging_cmd(struct iwm_softc *sc, const struct iwm_fw_sects *fw) 10153{ 10154 int blk_idx; 10155 uint32_t dev_phy_addr; 10156 struct iwm_fw_paging_cmd fw_paging_cmd = { 10157 .flags = 10158 htole32(IWM_PAGING_CMD_IS_SECURED | 10159 IWM_PAGING_CMD_IS_ENABLED | 10160 (sc->num_of_pages_in_last_blk << 10161 IWM_PAGING_CMD_NUM_OF_PAGES_IN_LAST_GRP_POS)), 10162 .block_size = htole32(IWM_BLOCK_2_EXP_SIZE), 10163 .block_num = htole32(sc->num_of_paging_blk), 10164 }; 10165 10166 /* loop for all paging blocks + CSS block */ 10167 for (blk_idx = 0; blk_idx < sc->num_of_paging_blk + 1; blk_idx++) { 10168 dev_phy_addr = htole32( 10169 sc->fw_paging_db[blk_idx].fw_paging_block.paddr >> 10170 IWM_PAGE_2_EXP_SIZE); 10171 fw_paging_cmd.device_phy_addr[blk_idx] = dev_phy_addr; 10172 bus_dmamap_sync(sc->sc_dmat, 10173 sc->fw_paging_db[blk_idx].fw_paging_block.map, 0, 10174 blk_idx == 0 ? IWM_FW_PAGING_SIZE : IWM_PAGING_BLOCK_SIZE, 10175 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); 10176 } 10177 10178 return iwm_send_cmd_pdu(sc, iwm_cmd_id(IWM_FW_PAGING_BLOCK_CMD, 10179 IWM_LONG_GROUP, 0), 10180 0, sizeof(fw_paging_cmd), &fw_paging_cmd); 10181} 10182 10183int 10184iwm_init_hw(struct iwm_softc *sc) 10185{ 10186 struct ieee80211com *ic = &sc->sc_ic; 10187 int err, i, ac, qid, s; 10188 10189 err = iwm_run_init_mvm_ucode(sc, 0); 10190 if (err) 10191 return err; 10192 10193 /* Should stop and start HW since INIT image just loaded. */ 10194 iwm_stop_device(sc); 10195 err = iwm_start_hw(sc); 10196 if (err) { 10197 printf("%s: could not initialize hardware\n", DEVNAME(sc)); 10198 return err; 10199 } 10200 10201 /* Restart, this time with the regular firmware */ 10202 s = splnet(); 10203 err = iwm_load_ucode_wait_alive(sc, IWM_UCODE_TYPE_REGULAR); 10204 if (err) { 10205 printf("%s: could not load firmware\n", DEVNAME(sc)); 10206 splx(s); 10207 return err; 10208 } 10209 10210 if (!iwm_nic_lock(sc)) { 10211 splx(s); 10212 return EBUSY; 10213 } 10214 10215 err = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc)); 10216 if (err) { 10217 printf("%s: could not init tx ant config (error %d)\n", 10218 DEVNAME(sc), err); 10219 goto err; 10220 } 10221 10222 err = iwm_send_phy_db_data(sc); 10223 if (err) { 10224 printf("%s: could not init phy db (error %d)\n", 10225 DEVNAME(sc), err); 10226 goto err; 10227 } 10228 10229 err = iwm_send_phy_cfg_cmd(sc); 10230 if (err) { 10231 printf("%s: could not send phy config (error %d)\n", 10232 DEVNAME(sc), err); 10233 goto err; 10234 } 10235 10236 err = iwm_send_bt_init_conf(sc); 10237 if (err) { 10238 printf("%s: could not init bt coex (error %d)\n", 10239 DEVNAME(sc), err); 10240 goto err; 10241 } 10242 10243 if (isset(sc->sc_enabled_capa, 10244 IWM_UCODE_TLV_CAPA_SOC_LATENCY_SUPPORT)) { 10245 err = iwm_send_soc_conf(sc); 10246 if (err) 10247 goto err; 10248 } 10249 10250 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_DQA_SUPPORT)) { 10251 err = iwm_send_dqa_cmd(sc); 10252 if (err) 10253 goto err; 10254 } 10255 10256 /* Add auxiliary station for scanning */ 10257 err = iwm_add_aux_sta(sc); 10258 if (err) { 10259 printf("%s: could not add aux station (error %d)\n", 10260 DEVNAME(sc), err); 10261 goto err; 10262 } 10263 10264 for (i = 0; i < IWM_NUM_PHY_CTX; i++) { 10265 /* 10266 * The channel used here isn't relevant as it's 10267 * going to be overwritten in the other flows. 10268 * For now use the first channel we have. 10269 */ 10270 sc->sc_phyctxt[i].id = i; 10271 sc->sc_phyctxt[i].channel = &ic->ic_channels[1]; 10272 err = iwm_phy_ctxt_cmd(sc, &sc->sc_phyctxt[i], 1, 1, 10273 IWM_FW_CTXT_ACTION_ADD, 0, IEEE80211_HTOP0_SCO_SCN, 10274 IEEE80211_VHTOP0_CHAN_WIDTH_HT); 10275 if (err) { 10276 printf("%s: could not add phy context %d (error %d)\n", 10277 DEVNAME(sc), i, err); 10278 goto err; 10279 } 10280 } 10281 10282 /* Initialize tx backoffs to the minimum. */ 10283 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) 10284 iwm_tt_tx_backoff(sc, 0); 10285 10286 10287 err = iwm_config_ltr(sc); 10288 if (err) { 10289 printf("%s: PCIe LTR configuration failed (error %d)\n", 10290 DEVNAME(sc), err); 10291 } 10292 10293 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_CT_KILL_BY_FW)) { 10294 err = iwm_send_temp_report_ths_cmd(sc); 10295 if (err) 10296 goto err; 10297 } 10298 10299 err = iwm_power_update_device(sc); 10300 if (err) { 10301 printf("%s: could not send power command (error %d)\n", 10302 DEVNAME(sc), err); 10303 goto err; 10304 } 10305 10306 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_SUPPORT)) { 10307 err = iwm_send_update_mcc_cmd(sc, "ZZ"); 10308 if (err) { 10309 printf("%s: could not init LAR (error %d)\n", 10310 DEVNAME(sc), err); 10311 goto err; 10312 } 10313 } 10314 10315 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) { 10316 err = iwm_config_umac_scan(sc); 10317 if (err) { 10318 printf("%s: could not configure scan (error %d)\n", 10319 DEVNAME(sc), err); 10320 goto err; 10321 } 10322 } 10323 10324 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 10325 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_DQA_SUPPORT)) 10326 qid = IWM_DQA_INJECT_MONITOR_QUEUE; 10327 else 10328 qid = IWM_AUX_QUEUE; 10329 err = iwm_enable_txq(sc, IWM_MONITOR_STA_ID, qid, 10330 iwm_ac_to_tx_fifo[EDCA_AC_BE], 0, IWM_MAX_TID_COUNT, 0); 10331 if (err) { 10332 printf("%s: could not enable monitor inject Tx queue " 10333 "(error %d)\n", DEVNAME(sc), err); 10334 goto err; 10335 } 10336 } else { 10337 for (ac = 0; ac < EDCA_NUM_AC; ac++) { 10338 if (isset(sc->sc_enabled_capa, 10339 IWM_UCODE_TLV_CAPA_DQA_SUPPORT)) 10340 qid = ac + IWM_DQA_MIN_MGMT_QUEUE; 10341 else 10342 qid = ac; 10343 err = iwm_enable_txq(sc, IWM_STATION_ID, qid, 10344 iwm_ac_to_tx_fifo[ac], 0, IWM_TID_NON_QOS, 0); 10345 if (err) { 10346 printf("%s: could not enable Tx queue %d " 10347 "(error %d)\n", DEVNAME(sc), ac, err); 10348 goto err; 10349 } 10350 } 10351 } 10352 10353 err = iwm_disable_beacon_filter(sc); 10354 if (err) { 10355 printf("%s: could not disable beacon filter (error %d)\n", 10356 DEVNAME(sc), err); 10357 goto err; 10358 } 10359 10360err: 10361 iwm_nic_unlock(sc); 10362 splx(s); 10363 return err; 10364} 10365 10366/* Allow multicast from our BSSID. */ 10367int 10368iwm_allow_mcast(struct iwm_softc *sc) 10369{ 10370 struct ieee80211com *ic = &sc->sc_ic; 10371 struct iwm_node *in = (void *)ic->ic_bss; 10372 struct iwm_mcast_filter_cmd *cmd; 10373 size_t size; 10374 int err; 10375 10376 size = roundup(sizeof(*cmd), 4); 10377 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO); 10378 if (cmd == NULL) 10379 return ENOMEM; 10380 cmd->filter_own = 1; 10381 cmd->port_id = 0; 10382 cmd->count = 0; 10383 cmd->pass_all = 1; 10384 IEEE80211_ADDR_COPY(cmd->bssid, in->in_macaddr); 10385 10386 err = iwm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD, 10387 0, size, cmd); 10388 free(cmd, M_DEVBUF, size); 10389 return err; 10390} 10391 10392int 10393iwm_init(struct ifnet *ifp) 10394{ 10395 struct iwm_softc *sc = ifp->if_softc; 10396 struct ieee80211com *ic = &sc->sc_ic; 10397 int err, generation; 10398 10399 rw_assert_wrlock(&sc->ioctl_rwl); 10400 10401 generation = ++sc->sc_generation; 10402 10403 err = iwm_preinit(sc); 10404 if (err) 10405 return err; 10406 10407 err = iwm_start_hw(sc); 10408 if (err) { 10409 printf("%s: could not initialize hardware\n", DEVNAME(sc)); 10410 return err; 10411 } 10412 10413 err = iwm_init_hw(sc); 10414 if (err) { 10415 if (generation == sc->sc_generation) 10416 iwm_stop_device(sc); 10417 return err; 10418 } 10419 10420 if (sc->sc_nvm.sku_cap_11n_enable) 10421 iwm_setup_ht_rates(sc); 10422 if (sc->sc_nvm.sku_cap_11ac_enable) 10423 iwm_setup_vht_rates(sc); 10424 10425 KASSERT(sc->task_refs.r_refs == 0); 10426 refcnt_init(&sc->task_refs); 10427 ifq_clr_oactive(&ifp->if_snd); 10428 ifp->if_flags |= IFF_RUNNING; 10429 10430 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 10431 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 10432 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 10433 return 0; 10434 } 10435 10436 ieee80211_begin_scan(ifp); 10437 10438 /* 10439 * ieee80211_begin_scan() ends up scheduling iwm_newstate_task(). 10440 * Wait until the transition to SCAN state has completed. 10441 */ 10442 do { 10443 err = tsleep_nsec(&ic->ic_state, PCATCH, "iwminit", 10444 SEC_TO_NSEC(1)); 10445 if (generation != sc->sc_generation) 10446 return ENXIO; 10447 if (err) { 10448 iwm_stop(ifp); 10449 return err; 10450 } 10451 } while (ic->ic_state != IEEE80211_S_SCAN); 10452 10453 return 0; 10454} 10455 10456void 10457iwm_start(struct ifnet *ifp) 10458{ 10459 struct iwm_softc *sc = ifp->if_softc; 10460 struct ieee80211com *ic = &sc->sc_ic; 10461 struct ieee80211_node *ni; 10462 struct ether_header *eh; 10463 struct mbuf *m; 10464 int ac = EDCA_AC_BE; /* XXX */ 10465 10466 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd)) 10467 return; 10468 10469 for (;;) { 10470 /* why isn't this done per-queue? */ 10471 if (sc->qfullmsk != 0) { 10472 ifq_set_oactive(&ifp->if_snd); 10473 break; 10474 } 10475 10476 /* Don't queue additional frames while flushing Tx queues. */ 10477 if (sc->sc_flags & IWM_FLAG_TXFLUSH) 10478 break; 10479 10480 /* need to send management frames even if we're not RUNning */ 10481 m = mq_dequeue(&ic->ic_mgtq); 10482 if (m) { 10483 ni = m->m_pkthdr.ph_cookie; 10484 goto sendit; 10485 } 10486 10487 if (ic->ic_state != IEEE80211_S_RUN || 10488 (ic->ic_xflags & IEEE80211_F_TX_MGMT_ONLY)) 10489 break; 10490 10491 m = ifq_dequeue(&ifp->if_snd); 10492 if (!m) 10493 break; 10494 if (m->m_len < sizeof (*eh) && 10495 (m = m_pullup(m, sizeof (*eh))) == NULL) { 10496 ifp->if_oerrors++; 10497 continue; 10498 } 10499#if NBPFILTER > 0 10500 if (ifp->if_bpf != NULL) 10501 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 10502#endif 10503 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) { 10504 ifp->if_oerrors++; 10505 continue; 10506 } 10507 10508 sendit: 10509#if NBPFILTER > 0 10510 if (ic->ic_rawbpf != NULL) 10511 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 10512#endif 10513 if (iwm_tx(sc, m, ni, ac) != 0) { 10514 ieee80211_release_node(ic, ni); 10515 ifp->if_oerrors++; 10516 continue; 10517 } 10518 10519 if (ifp->if_flags & IFF_UP) 10520 ifp->if_timer = 1; 10521 } 10522 10523 return; 10524} 10525 10526void 10527iwm_stop(struct ifnet *ifp) 10528{ 10529 struct iwm_softc *sc = ifp->if_softc; 10530 struct ieee80211com *ic = &sc->sc_ic; 10531 struct iwm_node *in = (void *)ic->ic_bss; 10532 int i, s = splnet(); 10533 10534 rw_assert_wrlock(&sc->ioctl_rwl); 10535 10536 sc->sc_flags |= IWM_FLAG_SHUTDOWN; /* Disallow new tasks. */ 10537 10538 /* Cancel scheduled tasks and let any stale tasks finish up. */ 10539 task_del(systq, &sc->init_task); 10540 iwm_del_task(sc, sc->sc_nswq, &sc->newstate_task); 10541 iwm_del_task(sc, systq, &sc->ba_task); 10542 iwm_del_task(sc, systq, &sc->mac_ctxt_task); 10543 iwm_del_task(sc, systq, &sc->phy_ctxt_task); 10544 iwm_del_task(sc, systq, &sc->bgscan_done_task); 10545 KASSERT(sc->task_refs.r_refs >= 1); 10546 refcnt_finalize(&sc->task_refs, "iwmstop"); 10547 10548 iwm_stop_device(sc); 10549 10550 free(sc->bgscan_unref_arg, M_DEVBUF, sc->bgscan_unref_arg_size); 10551 sc->bgscan_unref_arg = NULL; 10552 sc->bgscan_unref_arg_size = 0; 10553 10554 /* Reset soft state. */ 10555 10556 sc->sc_generation++; 10557 for (i = 0; i < nitems(sc->sc_cmd_resp_pkt); i++) { 10558 free(sc->sc_cmd_resp_pkt[i], M_DEVBUF, sc->sc_cmd_resp_len[i]); 10559 sc->sc_cmd_resp_pkt[i] = NULL; 10560 sc->sc_cmd_resp_len[i] = 0; 10561 } 10562 ifp->if_flags &= ~IFF_RUNNING; 10563 ifq_clr_oactive(&ifp->if_snd); 10564 10565 in->in_phyctxt = NULL; 10566 in->tid_disable_ampdu = 0xffff; 10567 in->tfd_queue_msk = 0; 10568 IEEE80211_ADDR_COPY(in->in_macaddr, etheranyaddr); 10569 10570 sc->sc_flags &= ~(IWM_FLAG_SCANNING | IWM_FLAG_BGSCAN); 10571 sc->sc_flags &= ~IWM_FLAG_MAC_ACTIVE; 10572 sc->sc_flags &= ~IWM_FLAG_BINDING_ACTIVE; 10573 sc->sc_flags &= ~IWM_FLAG_STA_ACTIVE; 10574 sc->sc_flags &= ~IWM_FLAG_TE_ACTIVE; 10575 sc->sc_flags &= ~IWM_FLAG_HW_ERR; 10576 sc->sc_flags &= ~IWM_FLAG_SHUTDOWN; 10577 sc->sc_flags &= ~IWM_FLAG_TXFLUSH; 10578 10579 sc->sc_rx_ba_sessions = 0; 10580 sc->ba_rx.start_tidmask = 0; 10581 sc->ba_rx.stop_tidmask = 0; 10582 sc->tx_ba_queue_mask = 0; 10583 sc->ba_tx.start_tidmask = 0; 10584 sc->ba_tx.stop_tidmask = 0; 10585 10586 sc->sc_newstate(ic, IEEE80211_S_INIT, -1); 10587 sc->ns_nstate = IEEE80211_S_INIT; 10588 10589 timeout_del(&sc->sc_calib_to); /* XXX refcount? */ 10590 for (i = 0; i < nitems(sc->sc_rxba_data); i++) { 10591 struct iwm_rxba_data *rxba = &sc->sc_rxba_data[i]; 10592 iwm_clear_reorder_buffer(sc, rxba); 10593 } 10594 iwm_led_blink_stop(sc); 10595 memset(sc->sc_tx_timer, 0, sizeof(sc->sc_tx_timer)); 10596 ifp->if_timer = 0; 10597 10598 splx(s); 10599} 10600 10601void 10602iwm_watchdog(struct ifnet *ifp) 10603{ 10604 struct iwm_softc *sc = ifp->if_softc; 10605 int i; 10606 10607 ifp->if_timer = 0; 10608 10609 /* 10610 * We maintain a separate timer for each Tx queue because 10611 * Tx aggregation queues can get "stuck" while other queues 10612 * keep working. The Linux driver uses a similar workaround. 10613 */ 10614 for (i = 0; i < nitems(sc->sc_tx_timer); i++) { 10615 if (sc->sc_tx_timer[i] > 0) { 10616 if (--sc->sc_tx_timer[i] == 0) { 10617 printf("%s: device timeout\n", DEVNAME(sc)); 10618 if (ifp->if_flags & IFF_DEBUG) { 10619 iwm_nic_error(sc); 10620 iwm_dump_driver_status(sc); 10621 } 10622 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) == 0) 10623 task_add(systq, &sc->init_task); 10624 ifp->if_oerrors++; 10625 return; 10626 } 10627 ifp->if_timer = 1; 10628 } 10629 } 10630 10631 ieee80211_watchdog(ifp); 10632} 10633 10634int 10635iwm_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 10636{ 10637 struct iwm_softc *sc = ifp->if_softc; 10638 int s, err = 0, generation = sc->sc_generation; 10639 10640 /* 10641 * Prevent processes from entering this function while another 10642 * process is tsleep'ing in it. 10643 */ 10644 err = rw_enter(&sc->ioctl_rwl, RW_WRITE | RW_INTR); 10645 if (err == 0 && generation != sc->sc_generation) { 10646 rw_exit(&sc->ioctl_rwl); 10647 return ENXIO; 10648 } 10649 if (err) 10650 return err; 10651 s = splnet(); 10652 10653 switch (cmd) { 10654 case SIOCSIFADDR: 10655 ifp->if_flags |= IFF_UP; 10656 /* FALLTHROUGH */ 10657 case SIOCSIFFLAGS: 10658 if (ifp->if_flags & IFF_UP) { 10659 if (!(ifp->if_flags & IFF_RUNNING)) { 10660 /* Force reload of firmware image from disk. */ 10661 sc->sc_fw.fw_status = IWM_FW_STATUS_NONE; 10662 err = iwm_init(ifp); 10663 } 10664 } else { 10665 if (ifp->if_flags & IFF_RUNNING) 10666 iwm_stop(ifp); 10667 } 10668 break; 10669 10670 default: 10671 err = ieee80211_ioctl(ifp, cmd, data); 10672 } 10673 10674 if (err == ENETRESET) { 10675 err = 0; 10676 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 10677 (IFF_UP | IFF_RUNNING)) { 10678 iwm_stop(ifp); 10679 err = iwm_init(ifp); 10680 } 10681 } 10682 10683 splx(s); 10684 rw_exit(&sc->ioctl_rwl); 10685 10686 return err; 10687} 10688 10689/* 10690 * Note: This structure is read from the device with IO accesses, 10691 * and the reading already does the endian conversion. As it is 10692 * read with uint32_t-sized accesses, any members with a different size 10693 * need to be ordered correctly though! 10694 */ 10695struct iwm_error_event_table { 10696 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 10697 uint32_t error_id; /* type of error */ 10698 uint32_t trm_hw_status0; /* TRM HW status */ 10699 uint32_t trm_hw_status1; /* TRM HW status */ 10700 uint32_t blink2; /* branch link */ 10701 uint32_t ilink1; /* interrupt link */ 10702 uint32_t ilink2; /* interrupt link */ 10703 uint32_t data1; /* error-specific data */ 10704 uint32_t data2; /* error-specific data */ 10705 uint32_t data3; /* error-specific data */ 10706 uint32_t bcon_time; /* beacon timer */ 10707 uint32_t tsf_low; /* network timestamp function timer */ 10708 uint32_t tsf_hi; /* network timestamp function timer */ 10709 uint32_t gp1; /* GP1 timer register */ 10710 uint32_t gp2; /* GP2 timer register */ 10711 uint32_t fw_rev_type; /* firmware revision type */ 10712 uint32_t major; /* uCode version major */ 10713 uint32_t minor; /* uCode version minor */ 10714 uint32_t hw_ver; /* HW Silicon version */ 10715 uint32_t brd_ver; /* HW board version */ 10716 uint32_t log_pc; /* log program counter */ 10717 uint32_t frame_ptr; /* frame pointer */ 10718 uint32_t stack_ptr; /* stack pointer */ 10719 uint32_t hcmd; /* last host command header */ 10720 uint32_t isr0; /* isr status register LMPM_NIC_ISR0: 10721 * rxtx_flag */ 10722 uint32_t isr1; /* isr status register LMPM_NIC_ISR1: 10723 * host_flag */ 10724 uint32_t isr2; /* isr status register LMPM_NIC_ISR2: 10725 * enc_flag */ 10726 uint32_t isr3; /* isr status register LMPM_NIC_ISR3: 10727 * time_flag */ 10728 uint32_t isr4; /* isr status register LMPM_NIC_ISR4: 10729 * wico interrupt */ 10730 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */ 10731 uint32_t wait_event; /* wait event() caller address */ 10732 uint32_t l2p_control; /* L2pControlField */ 10733 uint32_t l2p_duration; /* L2pDurationField */ 10734 uint32_t l2p_mhvalid; /* L2pMhValidBits */ 10735 uint32_t l2p_addr_match; /* L2pAddrMatchStat */ 10736 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on 10737 * (LMPM_PMG_SEL) */ 10738 uint32_t u_timestamp; /* indicate when the date and time of the 10739 * compilation */ 10740 uint32_t flow_handler; /* FH read/write pointers, RX credit */ 10741} __packed /* LOG_ERROR_TABLE_API_S_VER_3 */; 10742 10743/* 10744 * UMAC error struct - relevant starting from family 8000 chip. 10745 * Note: This structure is read from the device with IO accesses, 10746 * and the reading already does the endian conversion. As it is 10747 * read with u32-sized accesses, any members with a different size 10748 * need to be ordered correctly though! 10749 */ 10750struct iwm_umac_error_event_table { 10751 uint32_t valid; /* (nonzero) valid, (0) log is empty */ 10752 uint32_t error_id; /* type of error */ 10753 uint32_t blink1; /* branch link */ 10754 uint32_t blink2; /* branch link */ 10755 uint32_t ilink1; /* interrupt link */ 10756 uint32_t ilink2; /* interrupt link */ 10757 uint32_t data1; /* error-specific data */ 10758 uint32_t data2; /* error-specific data */ 10759 uint32_t data3; /* error-specific data */ 10760 uint32_t umac_major; 10761 uint32_t umac_minor; 10762 uint32_t frame_pointer; /* core register 27*/ 10763 uint32_t stack_pointer; /* core register 28 */ 10764 uint32_t cmd_header; /* latest host cmd sent to UMAC */ 10765 uint32_t nic_isr_pref; /* ISR status register */ 10766} __packed; 10767 10768#define ERROR_START_OFFSET (1 * sizeof(uint32_t)) 10769#define ERROR_ELEM_SIZE (7 * sizeof(uint32_t)) 10770 10771void 10772iwm_nic_umac_error(struct iwm_softc *sc) 10773{ 10774 struct iwm_umac_error_event_table table; 10775 uint32_t base; 10776 10777 base = sc->sc_uc.uc_umac_error_event_table; 10778 10779 if (base < 0x800000) { 10780 printf("%s: Invalid error log pointer 0x%08x\n", 10781 DEVNAME(sc), base); 10782 return; 10783 } 10784 10785 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 10786 printf("%s: reading errlog failed\n", DEVNAME(sc)); 10787 return; 10788 } 10789 10790 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 10791 printf("%s: Start UMAC Error Log Dump:\n", DEVNAME(sc)); 10792 printf("%s: Status: 0x%x, count: %d\n", DEVNAME(sc), 10793 sc->sc_flags, table.valid); 10794 } 10795 10796 printf("%s: 0x%08X | %s\n", DEVNAME(sc), table.error_id, 10797 iwm_desc_lookup(table.error_id)); 10798 printf("%s: 0x%08X | umac branchlink1\n", DEVNAME(sc), table.blink1); 10799 printf("%s: 0x%08X | umac branchlink2\n", DEVNAME(sc), table.blink2); 10800 printf("%s: 0x%08X | umac interruptlink1\n", DEVNAME(sc), table.ilink1); 10801 printf("%s: 0x%08X | umac interruptlink2\n", DEVNAME(sc), table.ilink2); 10802 printf("%s: 0x%08X | umac data1\n", DEVNAME(sc), table.data1); 10803 printf("%s: 0x%08X | umac data2\n", DEVNAME(sc), table.data2); 10804 printf("%s: 0x%08X | umac data3\n", DEVNAME(sc), table.data3); 10805 printf("%s: 0x%08X | umac major\n", DEVNAME(sc), table.umac_major); 10806 printf("%s: 0x%08X | umac minor\n", DEVNAME(sc), table.umac_minor); 10807 printf("%s: 0x%08X | frame pointer\n", DEVNAME(sc), 10808 table.frame_pointer); 10809 printf("%s: 0x%08X | stack pointer\n", DEVNAME(sc), 10810 table.stack_pointer); 10811 printf("%s: 0x%08X | last host cmd\n", DEVNAME(sc), table.cmd_header); 10812 printf("%s: 0x%08X | isr status reg\n", DEVNAME(sc), 10813 table.nic_isr_pref); 10814} 10815 10816#define IWM_FW_SYSASSERT_CPU_MASK 0xf0000000 10817static struct { 10818 const char *name; 10819 uint8_t num; 10820} advanced_lookup[] = { 10821 { "NMI_INTERRUPT_WDG", 0x34 }, 10822 { "SYSASSERT", 0x35 }, 10823 { "UCODE_VERSION_MISMATCH", 0x37 }, 10824 { "BAD_COMMAND", 0x38 }, 10825 { "BAD_COMMAND", 0x39 }, 10826 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C }, 10827 { "FATAL_ERROR", 0x3D }, 10828 { "NMI_TRM_HW_ERR", 0x46 }, 10829 { "NMI_INTERRUPT_TRM", 0x4C }, 10830 { "NMI_INTERRUPT_BREAK_POINT", 0x54 }, 10831 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C }, 10832 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 }, 10833 { "NMI_INTERRUPT_HOST", 0x66 }, 10834 { "NMI_INTERRUPT_LMAC_FATAL", 0x70 }, 10835 { "NMI_INTERRUPT_UMAC_FATAL", 0x71 }, 10836 { "NMI_INTERRUPT_OTHER_LMAC_FATAL", 0x73 }, 10837 { "NMI_INTERRUPT_ACTION_PT", 0x7C }, 10838 { "NMI_INTERRUPT_UNKNOWN", 0x84 }, 10839 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 }, 10840 { "ADVANCED_SYSASSERT", 0 }, 10841}; 10842 10843const char * 10844iwm_desc_lookup(uint32_t num) 10845{ 10846 int i; 10847 10848 for (i = 0; i < nitems(advanced_lookup) - 1; i++) 10849 if (advanced_lookup[i].num == 10850 (num & ~IWM_FW_SYSASSERT_CPU_MASK)) 10851 return advanced_lookup[i].name; 10852 10853 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */ 10854 return advanced_lookup[i].name; 10855} 10856 10857/* 10858 * Support for dumping the error log seemed like a good idea ... 10859 * but it's mostly hex junk and the only sensible thing is the 10860 * hw/ucode revision (which we know anyway). Since it's here, 10861 * I'll just leave it in, just in case e.g. the Intel guys want to 10862 * help us decipher some "ADVANCED_SYSASSERT" later. 10863 */ 10864void 10865iwm_nic_error(struct iwm_softc *sc) 10866{ 10867 struct iwm_error_event_table table; 10868 uint32_t base; 10869 10870 printf("%s: dumping device error log\n", DEVNAME(sc)); 10871 base = sc->sc_uc.uc_error_event_table; 10872 if (base < 0x800000) { 10873 printf("%s: Invalid error log pointer 0x%08x\n", 10874 DEVNAME(sc), base); 10875 return; 10876 } 10877 10878 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) { 10879 printf("%s: reading errlog failed\n", DEVNAME(sc)); 10880 return; 10881 } 10882 10883 if (!table.valid) { 10884 printf("%s: errlog not found, skipping\n", DEVNAME(sc)); 10885 return; 10886 } 10887 10888 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) { 10889 printf("%s: Start Error Log Dump:\n", DEVNAME(sc)); 10890 printf("%s: Status: 0x%x, count: %d\n", DEVNAME(sc), 10891 sc->sc_flags, table.valid); 10892 } 10893 10894 printf("%s: 0x%08X | %-28s\n", DEVNAME(sc), table.error_id, 10895 iwm_desc_lookup(table.error_id)); 10896 printf("%s: %08X | trm_hw_status0\n", DEVNAME(sc), 10897 table.trm_hw_status0); 10898 printf("%s: %08X | trm_hw_status1\n", DEVNAME(sc), 10899 table.trm_hw_status1); 10900 printf("%s: %08X | branchlink2\n", DEVNAME(sc), table.blink2); 10901 printf("%s: %08X | interruptlink1\n", DEVNAME(sc), table.ilink1); 10902 printf("%s: %08X | interruptlink2\n", DEVNAME(sc), table.ilink2); 10903 printf("%s: %08X | data1\n", DEVNAME(sc), table.data1); 10904 printf("%s: %08X | data2\n", DEVNAME(sc), table.data2); 10905 printf("%s: %08X | data3\n", DEVNAME(sc), table.data3); 10906 printf("%s: %08X | beacon time\n", DEVNAME(sc), table.bcon_time); 10907 printf("%s: %08X | tsf low\n", DEVNAME(sc), table.tsf_low); 10908 printf("%s: %08X | tsf hi\n", DEVNAME(sc), table.tsf_hi); 10909 printf("%s: %08X | time gp1\n", DEVNAME(sc), table.gp1); 10910 printf("%s: %08X | time gp2\n", DEVNAME(sc), table.gp2); 10911 printf("%s: %08X | uCode revision type\n", DEVNAME(sc), 10912 table.fw_rev_type); 10913 printf("%s: %08X | uCode version major\n", DEVNAME(sc), 10914 table.major); 10915 printf("%s: %08X | uCode version minor\n", DEVNAME(sc), 10916 table.minor); 10917 printf("%s: %08X | hw version\n", DEVNAME(sc), table.hw_ver); 10918 printf("%s: %08X | board version\n", DEVNAME(sc), table.brd_ver); 10919 printf("%s: %08X | hcmd\n", DEVNAME(sc), table.hcmd); 10920 printf("%s: %08X | isr0\n", DEVNAME(sc), table.isr0); 10921 printf("%s: %08X | isr1\n", DEVNAME(sc), table.isr1); 10922 printf("%s: %08X | isr2\n", DEVNAME(sc), table.isr2); 10923 printf("%s: %08X | isr3\n", DEVNAME(sc), table.isr3); 10924 printf("%s: %08X | isr4\n", DEVNAME(sc), table.isr4); 10925 printf("%s: %08X | last cmd Id\n", DEVNAME(sc), table.last_cmd_id); 10926 printf("%s: %08X | wait_event\n", DEVNAME(sc), table.wait_event); 10927 printf("%s: %08X | l2p_control\n", DEVNAME(sc), table.l2p_control); 10928 printf("%s: %08X | l2p_duration\n", DEVNAME(sc), table.l2p_duration); 10929 printf("%s: %08X | l2p_mhvalid\n", DEVNAME(sc), table.l2p_mhvalid); 10930 printf("%s: %08X | l2p_addr_match\n", DEVNAME(sc), table.l2p_addr_match); 10931 printf("%s: %08X | lmpm_pmg_sel\n", DEVNAME(sc), table.lmpm_pmg_sel); 10932 printf("%s: %08X | timestamp\n", DEVNAME(sc), table.u_timestamp); 10933 printf("%s: %08X | flow_handler\n", DEVNAME(sc), table.flow_handler); 10934 10935 if (sc->sc_uc.uc_umac_error_event_table) 10936 iwm_nic_umac_error(sc); 10937} 10938 10939void 10940iwm_dump_driver_status(struct iwm_softc *sc) 10941{ 10942 int i; 10943 10944 printf("driver status:\n"); 10945 for (i = 0; i < IWM_MAX_QUEUES; i++) { 10946 struct iwm_tx_ring *ring = &sc->txq[i]; 10947 printf(" tx ring %2d: qid=%-2d cur=%-3d " 10948 "queued=%-3d\n", 10949 i, ring->qid, ring->cur, ring->queued); 10950 } 10951 printf(" rx ring: cur=%d\n", sc->rxq.cur); 10952 printf(" 802.11 state %s\n", 10953 ieee80211_state_name[sc->sc_ic.ic_state]); 10954} 10955 10956#define SYNC_RESP_STRUCT(_var_, _pkt_) \ 10957do { \ 10958 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof(*(_pkt_)), \ 10959 sizeof(*(_var_)), BUS_DMASYNC_POSTREAD); \ 10960 _var_ = (void *)((_pkt_)+1); \ 10961} while (/*CONSTCOND*/0) 10962 10963#define SYNC_RESP_PTR(_ptr_, _len_, _pkt_) \ 10964do { \ 10965 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof(*(_pkt_)), \ 10966 sizeof(len), BUS_DMASYNC_POSTREAD); \ 10967 _ptr_ = (void *)((_pkt_)+1); \ 10968} while (/*CONSTCOND*/0) 10969 10970#define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % count); 10971 10972int 10973iwm_rx_pkt_valid(struct iwm_rx_packet *pkt) 10974{ 10975 int qid, idx, code; 10976 10977 qid = pkt->hdr.qid & ~0x80; 10978 idx = pkt->hdr.idx; 10979 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code); 10980 10981 return (!(qid == 0 && idx == 0 && code == 0) && 10982 pkt->len_n_flags != htole32(IWM_FH_RSCSR_FRAME_INVALID)); 10983} 10984 10985void 10986iwm_rx_pkt(struct iwm_softc *sc, struct iwm_rx_data *data, struct mbuf_list *ml) 10987{ 10988 struct ifnet *ifp = IC2IFP(&sc->sc_ic); 10989 struct iwm_rx_packet *pkt, *nextpkt; 10990 uint32_t offset = 0, nextoff = 0, nmpdu = 0, len; 10991 struct mbuf *m0, *m; 10992 const size_t minsz = sizeof(pkt->len_n_flags) + sizeof(pkt->hdr); 10993 int qid, idx, code, handled = 1; 10994 10995 bus_dmamap_sync(sc->sc_dmat, data->map, 0, IWM_RBUF_SIZE, 10996 BUS_DMASYNC_POSTREAD); 10997 10998 m0 = data->m; 10999 while (m0 && offset + minsz < IWM_RBUF_SIZE) { 11000 pkt = (struct iwm_rx_packet *)(m0->m_data + offset); 11001 qid = pkt->hdr.qid; 11002 idx = pkt->hdr.idx; 11003 11004 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code); 11005 11006 if (!iwm_rx_pkt_valid(pkt)) 11007 break; 11008 11009 len = sizeof(pkt->len_n_flags) + iwm_rx_packet_len(pkt); 11010 if (len < minsz || len > (IWM_RBUF_SIZE - offset)) 11011 break; 11012 11013 if (code == IWM_REPLY_RX_MPDU_CMD && ++nmpdu == 1) { 11014 /* Take mbuf m0 off the RX ring. */ 11015 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur)) { 11016 ifp->if_ierrors++; 11017 break; 11018 } 11019 KASSERT(data->m != m0); 11020 } 11021 11022 switch (code) { 11023 case IWM_REPLY_RX_PHY_CMD: 11024 iwm_rx_rx_phy_cmd(sc, pkt, data); 11025 break; 11026 11027 case IWM_REPLY_RX_MPDU_CMD: { 11028 size_t maxlen = IWM_RBUF_SIZE - offset - minsz; 11029 nextoff = offset + 11030 roundup(len, IWM_FH_RSCSR_FRAME_ALIGN); 11031 nextpkt = (struct iwm_rx_packet *) 11032 (m0->m_data + nextoff); 11033 if (nextoff + minsz >= IWM_RBUF_SIZE || 11034 !iwm_rx_pkt_valid(nextpkt)) { 11035 /* No need to copy last frame in buffer. */ 11036 if (offset > 0) 11037 m_adj(m0, offset); 11038 if (sc->sc_mqrx_supported) 11039 iwm_rx_mpdu_mq(sc, m0, pkt->data, 11040 maxlen, ml); 11041 else 11042 iwm_rx_mpdu(sc, m0, pkt->data, 11043 maxlen, ml); 11044 m0 = NULL; /* stack owns m0 now; abort loop */ 11045 } else { 11046 /* 11047 * Create an mbuf which points to the current 11048 * packet. Always copy from offset zero to 11049 * preserve m_pkthdr. 11050 */ 11051 m = m_copym(m0, 0, M_COPYALL, M_DONTWAIT); 11052 if (m == NULL) { 11053 ifp->if_ierrors++; 11054 m_freem(m0); 11055 m0 = NULL; 11056 break; 11057 } 11058 m_adj(m, offset); 11059 if (sc->sc_mqrx_supported) 11060 iwm_rx_mpdu_mq(sc, m, pkt->data, 11061 maxlen, ml); 11062 else 11063 iwm_rx_mpdu(sc, m, pkt->data, 11064 maxlen, ml); 11065 } 11066 break; 11067 } 11068 11069 case IWM_TX_CMD: 11070 iwm_rx_tx_cmd(sc, pkt, data); 11071 break; 11072 11073 case IWM_BA_NOTIF: 11074 iwm_rx_compressed_ba(sc, pkt); 11075 break; 11076 11077 case IWM_MISSED_BEACONS_NOTIFICATION: 11078 iwm_rx_bmiss(sc, pkt, data); 11079 break; 11080 11081 case IWM_MFUART_LOAD_NOTIFICATION: 11082 break; 11083 11084 case IWM_ALIVE: { 11085 struct iwm_alive_resp_v1 *resp1; 11086 struct iwm_alive_resp_v2 *resp2; 11087 struct iwm_alive_resp_v3 *resp3; 11088 11089 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp1)) { 11090 SYNC_RESP_STRUCT(resp1, pkt); 11091 sc->sc_uc.uc_error_event_table 11092 = le32toh(resp1->error_event_table_ptr); 11093 sc->sc_uc.uc_log_event_table 11094 = le32toh(resp1->log_event_table_ptr); 11095 sc->sched_base = le32toh(resp1->scd_base_ptr); 11096 if (resp1->status == IWM_ALIVE_STATUS_OK) 11097 sc->sc_uc.uc_ok = 1; 11098 else 11099 sc->sc_uc.uc_ok = 0; 11100 } 11101 11102 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp2)) { 11103 SYNC_RESP_STRUCT(resp2, pkt); 11104 sc->sc_uc.uc_error_event_table 11105 = le32toh(resp2->error_event_table_ptr); 11106 sc->sc_uc.uc_log_event_table 11107 = le32toh(resp2->log_event_table_ptr); 11108 sc->sched_base = le32toh(resp2->scd_base_ptr); 11109 sc->sc_uc.uc_umac_error_event_table 11110 = le32toh(resp2->error_info_addr); 11111 if (resp2->status == IWM_ALIVE_STATUS_OK) 11112 sc->sc_uc.uc_ok = 1; 11113 else 11114 sc->sc_uc.uc_ok = 0; 11115 } 11116 11117 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp3)) { 11118 SYNC_RESP_STRUCT(resp3, pkt); 11119 sc->sc_uc.uc_error_event_table 11120 = le32toh(resp3->error_event_table_ptr); 11121 sc->sc_uc.uc_log_event_table 11122 = le32toh(resp3->log_event_table_ptr); 11123 sc->sched_base = le32toh(resp3->scd_base_ptr); 11124 sc->sc_uc.uc_umac_error_event_table 11125 = le32toh(resp3->error_info_addr); 11126 if (resp3->status == IWM_ALIVE_STATUS_OK) 11127 sc->sc_uc.uc_ok = 1; 11128 else 11129 sc->sc_uc.uc_ok = 0; 11130 } 11131 11132 sc->sc_uc.uc_intr = 1; 11133 wakeup(&sc->sc_uc); 11134 break; 11135 } 11136 11137 case IWM_CALIB_RES_NOTIF_PHY_DB: { 11138 struct iwm_calib_res_notif_phy_db *phy_db_notif; 11139 SYNC_RESP_STRUCT(phy_db_notif, pkt); 11140 iwm_phy_db_set_section(sc, phy_db_notif); 11141 sc->sc_init_complete |= IWM_CALIB_COMPLETE; 11142 wakeup(&sc->sc_init_complete); 11143 break; 11144 } 11145 11146 case IWM_STATISTICS_NOTIFICATION: { 11147 struct iwm_notif_statistics *stats; 11148 SYNC_RESP_STRUCT(stats, pkt); 11149 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats)); 11150 sc->sc_noise = iwm_get_noise(&stats->rx.general); 11151 break; 11152 } 11153 11154 case IWM_MCC_CHUB_UPDATE_CMD: { 11155 struct iwm_mcc_chub_notif *notif; 11156 SYNC_RESP_STRUCT(notif, pkt); 11157 iwm_mcc_update(sc, notif); 11158 break; 11159 } 11160 11161 case IWM_DTS_MEASUREMENT_NOTIFICATION: 11162 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP, 11163 IWM_DTS_MEASUREMENT_NOTIF_WIDE): 11164 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP, 11165 IWM_TEMP_REPORTING_THRESHOLDS_CMD): 11166 break; 11167 11168 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP, 11169 IWM_CT_KILL_NOTIFICATION): { 11170 struct iwm_ct_kill_notif *notif; 11171 SYNC_RESP_STRUCT(notif, pkt); 11172 printf("%s: device at critical temperature (%u degC), " 11173 "stopping device\n", 11174 DEVNAME(sc), le16toh(notif->temperature)); 11175 sc->sc_flags |= IWM_FLAG_HW_ERR; 11176 task_add(systq, &sc->init_task); 11177 break; 11178 } 11179 11180 case IWM_ADD_STA_KEY: 11181 case IWM_PHY_CONFIGURATION_CMD: 11182 case IWM_TX_ANT_CONFIGURATION_CMD: 11183 case IWM_ADD_STA: 11184 case IWM_MAC_CONTEXT_CMD: 11185 case IWM_REPLY_SF_CFG_CMD: 11186 case IWM_POWER_TABLE_CMD: 11187 case IWM_LTR_CONFIG: 11188 case IWM_PHY_CONTEXT_CMD: 11189 case IWM_BINDING_CONTEXT_CMD: 11190 case IWM_WIDE_ID(IWM_LONG_GROUP, IWM_SCAN_CFG_CMD): 11191 case IWM_WIDE_ID(IWM_LONG_GROUP, IWM_SCAN_REQ_UMAC): 11192 case IWM_WIDE_ID(IWM_LONG_GROUP, IWM_SCAN_ABORT_UMAC): 11193 case IWM_SCAN_OFFLOAD_REQUEST_CMD: 11194 case IWM_SCAN_OFFLOAD_ABORT_CMD: 11195 case IWM_REPLY_BEACON_FILTERING_CMD: 11196 case IWM_MAC_PM_POWER_TABLE: 11197 case IWM_TIME_QUOTA_CMD: 11198 case IWM_REMOVE_STA: 11199 case IWM_TXPATH_FLUSH: 11200 case IWM_LQ_CMD: 11201 case IWM_WIDE_ID(IWM_LONG_GROUP, 11202 IWM_FW_PAGING_BLOCK_CMD): 11203 case IWM_BT_CONFIG: 11204 case IWM_REPLY_THERMAL_MNG_BACKOFF: 11205 case IWM_NVM_ACCESS_CMD: 11206 case IWM_MCC_UPDATE_CMD: 11207 case IWM_TIME_EVENT_CMD: { 11208 size_t pkt_len; 11209 11210 if (sc->sc_cmd_resp_pkt[idx] == NULL) 11211 break; 11212 11213 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 11214 sizeof(*pkt), BUS_DMASYNC_POSTREAD); 11215 11216 pkt_len = sizeof(pkt->len_n_flags) + 11217 iwm_rx_packet_len(pkt); 11218 11219 if ((pkt->hdr.flags & IWM_CMD_FAILED_MSK) || 11220 pkt_len < sizeof(*pkt) || 11221 pkt_len > sc->sc_cmd_resp_len[idx]) { 11222 free(sc->sc_cmd_resp_pkt[idx], M_DEVBUF, 11223 sc->sc_cmd_resp_len[idx]); 11224 sc->sc_cmd_resp_pkt[idx] = NULL; 11225 break; 11226 } 11227 11228 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof(*pkt), 11229 pkt_len - sizeof(*pkt), BUS_DMASYNC_POSTREAD); 11230 memcpy(sc->sc_cmd_resp_pkt[idx], pkt, pkt_len); 11231 break; 11232 } 11233 11234 /* ignore */ 11235 case IWM_PHY_DB_CMD: 11236 break; 11237 11238 case IWM_INIT_COMPLETE_NOTIF: 11239 sc->sc_init_complete |= IWM_INIT_COMPLETE; 11240 wakeup(&sc->sc_init_complete); 11241 break; 11242 11243 case IWM_SCAN_OFFLOAD_COMPLETE: { 11244 struct iwm_periodic_scan_complete *notif; 11245 SYNC_RESP_STRUCT(notif, pkt); 11246 break; 11247 } 11248 11249 case IWM_SCAN_ITERATION_COMPLETE: { 11250 struct iwm_lmac_scan_complete_notif *notif; 11251 SYNC_RESP_STRUCT(notif, pkt); 11252 iwm_endscan(sc); 11253 break; 11254 } 11255 11256 case IWM_SCAN_COMPLETE_UMAC: { 11257 struct iwm_umac_scan_complete *notif; 11258 SYNC_RESP_STRUCT(notif, pkt); 11259 iwm_endscan(sc); 11260 break; 11261 } 11262 11263 case IWM_SCAN_ITERATION_COMPLETE_UMAC: { 11264 struct iwm_umac_scan_iter_complete_notif *notif; 11265 SYNC_RESP_STRUCT(notif, pkt); 11266 iwm_endscan(sc); 11267 break; 11268 } 11269 11270 case IWM_REPLY_ERROR: { 11271 struct iwm_error_resp *resp; 11272 SYNC_RESP_STRUCT(resp, pkt); 11273 printf("%s: firmware error 0x%x, cmd 0x%x\n", 11274 DEVNAME(sc), le32toh(resp->error_type), 11275 resp->cmd_id); 11276 break; 11277 } 11278 11279 case IWM_TIME_EVENT_NOTIFICATION: { 11280 struct iwm_time_event_notif *notif; 11281 uint32_t action; 11282 SYNC_RESP_STRUCT(notif, pkt); 11283 11284 if (sc->sc_time_event_uid != le32toh(notif->unique_id)) 11285 break; 11286 action = le32toh(notif->action); 11287 if (action & IWM_TE_V2_NOTIF_HOST_EVENT_END) 11288 sc->sc_flags &= ~IWM_FLAG_TE_ACTIVE; 11289 break; 11290 } 11291 11292 case IWM_WIDE_ID(IWM_SYSTEM_GROUP, 11293 IWM_FSEQ_VER_MISMATCH_NOTIFICATION): 11294 break; 11295 11296 /* 11297 * Firmware versions 21 and 22 generate some DEBUG_LOG_MSG 11298 * messages. Just ignore them for now. 11299 */ 11300 case IWM_DEBUG_LOG_MSG: 11301 break; 11302 11303 case IWM_MCAST_FILTER_CMD: 11304 break; 11305 11306 case IWM_SCD_QUEUE_CFG: { 11307 struct iwm_scd_txq_cfg_rsp *rsp; 11308 SYNC_RESP_STRUCT(rsp, pkt); 11309 11310 break; 11311 } 11312 11313 case IWM_WIDE_ID(IWM_DATA_PATH_GROUP, IWM_DQA_ENABLE_CMD): 11314 break; 11315 11316 case IWM_WIDE_ID(IWM_SYSTEM_GROUP, IWM_SOC_CONFIGURATION_CMD): 11317 break; 11318 11319 default: 11320 handled = 0; 11321 printf("%s: unhandled firmware response 0x%x/0x%x " 11322 "rx ring %d[%d]\n", 11323 DEVNAME(sc), code, pkt->len_n_flags, 11324 (qid & ~0x80), idx); 11325 break; 11326 } 11327 11328 /* 11329 * uCode sets bit 0x80 when it originates the notification, 11330 * i.e. when the notification is not a direct response to a 11331 * command sent by the driver. 11332 * For example, uCode issues IWM_REPLY_RX when it sends a 11333 * received frame to the driver. 11334 */ 11335 if (handled && !(qid & (1 << 7))) { 11336 iwm_cmd_done(sc, qid, idx, code); 11337 } 11338 11339 offset += roundup(len, IWM_FH_RSCSR_FRAME_ALIGN); 11340 } 11341 11342 if (m0 && m0 != data->m) 11343 m_freem(m0); 11344} 11345 11346void 11347iwm_notif_intr(struct iwm_softc *sc) 11348{ 11349 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 11350 uint32_t wreg; 11351 uint16_t hw; 11352 int count; 11353 11354 bus_dmamap_sync(sc->sc_dmat, sc->rxq.stat_dma.map, 11355 0, sc->rxq.stat_dma.size, BUS_DMASYNC_POSTREAD); 11356 11357 if (sc->sc_mqrx_supported) { 11358 count = IWM_RX_MQ_RING_COUNT; 11359 wreg = IWM_RFH_Q0_FRBDCB_WIDX_TRG; 11360 } else { 11361 count = IWM_RX_RING_COUNT; 11362 wreg = IWM_FH_RSCSR_CHNL0_WPTR; 11363 } 11364 11365 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff; 11366 hw &= (count - 1); 11367 while (sc->rxq.cur != hw) { 11368 struct iwm_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 11369 iwm_rx_pkt(sc, data, &ml); 11370 ADVANCE_RXQ(sc); 11371 } 11372 if_input(&sc->sc_ic.ic_if, &ml); 11373 11374 /* 11375 * Tell the firmware what we have processed. 11376 * Seems like the hardware gets upset unless we align the write by 8?? 11377 */ 11378 hw = (hw == 0) ? count - 1 : hw - 1; 11379 IWM_WRITE(sc, wreg, hw & ~7); 11380} 11381 11382int 11383iwm_intr(void *arg) 11384{ 11385 struct iwm_softc *sc = arg; 11386 struct ieee80211com *ic = &sc->sc_ic; 11387 struct ifnet *ifp = IC2IFP(ic); 11388 int handled = 0; 11389 int rv = 0; 11390 uint32_t r1, r2; 11391 11392 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0); 11393 11394 if (sc->sc_flags & IWM_FLAG_USE_ICT) { 11395 uint32_t *ict = sc->ict_dma.vaddr; 11396 int tmp; 11397 11398 tmp = htole32(ict[sc->ict_cur]); 11399 if (!tmp) 11400 goto out_ena; 11401 11402 /* 11403 * ok, there was something. keep plowing until we have all. 11404 */ 11405 r1 = r2 = 0; 11406 while (tmp) { 11407 r1 |= tmp; 11408 ict[sc->ict_cur] = 0; 11409 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT; 11410 tmp = htole32(ict[sc->ict_cur]); 11411 } 11412 11413 /* this is where the fun begins. don't ask */ 11414 if (r1 == 0xffffffff) 11415 r1 = 0; 11416 11417 /* 11418 * Workaround for hardware bug where bits are falsely cleared 11419 * when using interrupt coalescing. Bit 15 should be set if 11420 * bits 18 and 19 are set. 11421 */ 11422 if (r1 & 0xc0000) 11423 r1 |= 0x8000; 11424 11425 r1 = (0xff & r1) | ((0xff00 & r1) << 16); 11426 } else { 11427 r1 = IWM_READ(sc, IWM_CSR_INT); 11428 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS); 11429 } 11430 if (r1 == 0 && r2 == 0) { 11431 goto out_ena; 11432 } 11433 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 11434 goto out; 11435 11436 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask); 11437 11438 /* ignored */ 11439 handled |= (r1 & (IWM_CSR_INT_BIT_ALIVE /*| IWM_CSR_INT_BIT_SCD*/)); 11440 11441 if (r1 & IWM_CSR_INT_BIT_RF_KILL) { 11442 handled |= IWM_CSR_INT_BIT_RF_KILL; 11443 iwm_check_rfkill(sc); 11444 task_add(systq, &sc->init_task); 11445 rv = 1; 11446 goto out_ena; 11447 } 11448 11449 if (r1 & IWM_CSR_INT_BIT_SW_ERR) { 11450 if (ifp->if_flags & IFF_DEBUG) { 11451 iwm_nic_error(sc); 11452 iwm_dump_driver_status(sc); 11453 } 11454 printf("%s: fatal firmware error\n", DEVNAME(sc)); 11455 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) == 0) 11456 task_add(systq, &sc->init_task); 11457 rv = 1; 11458 goto out; 11459 11460 } 11461 11462 if (r1 & IWM_CSR_INT_BIT_HW_ERR) { 11463 handled |= IWM_CSR_INT_BIT_HW_ERR; 11464 printf("%s: hardware error, stopping device \n", DEVNAME(sc)); 11465 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) == 0) { 11466 sc->sc_flags |= IWM_FLAG_HW_ERR; 11467 task_add(systq, &sc->init_task); 11468 } 11469 rv = 1; 11470 goto out; 11471 } 11472 11473 /* firmware chunk loaded */ 11474 if (r1 & IWM_CSR_INT_BIT_FH_TX) { 11475 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK); 11476 handled |= IWM_CSR_INT_BIT_FH_TX; 11477 11478 sc->sc_fw_chunk_done = 1; 11479 wakeup(&sc->sc_fw); 11480 } 11481 11482 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX | 11483 IWM_CSR_INT_BIT_RX_PERIODIC)) { 11484 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) { 11485 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX); 11486 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK); 11487 } 11488 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) { 11489 handled |= IWM_CSR_INT_BIT_RX_PERIODIC; 11490 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC); 11491 } 11492 11493 /* Disable periodic interrupt; we use it as just a one-shot. */ 11494 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS); 11495 11496 /* 11497 * Enable periodic interrupt in 8 msec only if we received 11498 * real RX interrupt (instead of just periodic int), to catch 11499 * any dangling Rx interrupt. If it was just the periodic 11500 * interrupt, there was no dangling Rx activity, and no need 11501 * to extend the periodic interrupt; one-shot is enough. 11502 */ 11503 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) 11504 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG, 11505 IWM_CSR_INT_PERIODIC_ENA); 11506 11507 iwm_notif_intr(sc); 11508 } 11509 11510 rv = 1; 11511 11512 out_ena: 11513 iwm_restore_interrupts(sc); 11514 out: 11515 return rv; 11516} 11517 11518int 11519iwm_intr_msix(void *arg) 11520{ 11521 struct iwm_softc *sc = arg; 11522 struct ieee80211com *ic = &sc->sc_ic; 11523 struct ifnet *ifp = IC2IFP(ic); 11524 uint32_t inta_fh, inta_hw; 11525 int vector = 0; 11526 11527 inta_fh = IWM_READ(sc, IWM_CSR_MSIX_FH_INT_CAUSES_AD); 11528 inta_hw = IWM_READ(sc, IWM_CSR_MSIX_HW_INT_CAUSES_AD); 11529 IWM_WRITE(sc, IWM_CSR_MSIX_FH_INT_CAUSES_AD, inta_fh); 11530 IWM_WRITE(sc, IWM_CSR_MSIX_HW_INT_CAUSES_AD, inta_hw); 11531 inta_fh &= sc->sc_fh_mask; 11532 inta_hw &= sc->sc_hw_mask; 11533 11534 if (inta_fh & IWM_MSIX_FH_INT_CAUSES_Q0 || 11535 inta_fh & IWM_MSIX_FH_INT_CAUSES_Q1) { 11536 iwm_notif_intr(sc); 11537 } 11538 11539 /* firmware chunk loaded */ 11540 if (inta_fh & IWM_MSIX_FH_INT_CAUSES_D2S_CH0_NUM) { 11541 sc->sc_fw_chunk_done = 1; 11542 wakeup(&sc->sc_fw); 11543 } 11544 11545 if ((inta_fh & IWM_MSIX_FH_INT_CAUSES_FH_ERR) || 11546 (inta_hw & IWM_MSIX_HW_INT_CAUSES_REG_SW_ERR) || 11547 (inta_hw & IWM_MSIX_HW_INT_CAUSES_REG_SW_ERR_V2)) { 11548 if (ifp->if_flags & IFF_DEBUG) { 11549 iwm_nic_error(sc); 11550 iwm_dump_driver_status(sc); 11551 } 11552 printf("%s: fatal firmware error\n", DEVNAME(sc)); 11553 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) == 0) 11554 task_add(systq, &sc->init_task); 11555 return 1; 11556 } 11557 11558 if (inta_hw & IWM_MSIX_HW_INT_CAUSES_REG_RF_KILL) { 11559 iwm_check_rfkill(sc); 11560 task_add(systq, &sc->init_task); 11561 } 11562 11563 if (inta_hw & IWM_MSIX_HW_INT_CAUSES_REG_HW_ERR) { 11564 printf("%s: hardware error, stopping device \n", DEVNAME(sc)); 11565 if ((sc->sc_flags & IWM_FLAG_SHUTDOWN) == 0) { 11566 sc->sc_flags |= IWM_FLAG_HW_ERR; 11567 task_add(systq, &sc->init_task); 11568 } 11569 return 1; 11570 } 11571 11572 /* 11573 * Before sending the interrupt the HW disables it to prevent 11574 * a nested interrupt. This is done by writing 1 to the corresponding 11575 * bit in the mask register. After handling the interrupt, it should be 11576 * re-enabled by clearing this bit. This register is defined as 11577 * write 1 clear (W1C) register, meaning that it's being clear 11578 * by writing 1 to the bit. 11579 */ 11580 IWM_WRITE(sc, IWM_CSR_MSIX_AUTOMASK_ST_AD, 1 << vector); 11581 return 1; 11582} 11583 11584typedef void *iwm_match_t; 11585 11586static const struct pci_matchid iwm_devices[] = { 11587#ifdef __FreeBSD_version 11588#define PCI_VENDOR_INTEL 0x8086 11589#define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3 11590#define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4 11591#define PCI_PRODUCT_INTEL_WL_3165_1 0x3165 11592#define PCI_PRODUCT_INTEL_WL_3165_2 0x3166 11593#define PCI_PRODUCT_INTEL_WL_3168_1 0x24fb 11594#define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1 11595#define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2 11596#define PCI_PRODUCT_INTEL_WL_7265_1 0x095a 11597#define PCI_PRODUCT_INTEL_WL_7265_2 0x095b 11598#define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3 11599#define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4 11600#define PCI_PRODUCT_INTEL_WL_8265_1 0x24fd 11601#define PCI_PRODUCT_INTEL_WL_9560_1 0x9df0 11602#define PCI_PRODUCT_INTEL_WL_9560_2 0xa370 11603#define PCI_PRODUCT_INTEL_WL_9560_3 0x31dc 11604#define PCI_PRODUCT_INTEL_WL_9260_1 0x2526 11605#endif 11606 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_3160_1 }, 11607 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_3160_2 }, 11608 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_3165_1 }, 11609 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_3165_2 }, 11610 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_3168_1 }, 11611 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_7260_1 }, 11612 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_7260_2 }, 11613 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_7265_1 }, 11614 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_7265_2 }, 11615 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_8260_1 }, 11616 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_8260_2 }, 11617 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_8265_1 }, 11618 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_9260_1 }, 11619 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_9560_1 }, 11620 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_9560_2 }, 11621 { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_WL_9560_3 }, 11622}; 11623 11624#ifdef __FreeBSD_version 11625static int 11626iwm_probe(device_t dev) 11627{ 11628 int i; 11629 11630 for (i = 0; i < nitems(iwm_devices); i++) { 11631 if (pci_get_vendor(dev) == iwm_devices[i].pm_vid && 11632 pci_get_device(dev) == iwm_devices[i].pm_pid) { 11633 return (BUS_PROBE_DEFAULT); 11634 } 11635 } 11636 11637 return (ENXIO); 11638} 11639#else 11640int 11641iwm_match(struct device *parent, iwm_match_t match __unused, void *aux) 11642{ 11643 return pci_matchbyid((struct pci_attach_args *)aux, iwm_devices, 11644 nitems(iwm_devices)); 11645} 11646#endif 11647 11648int 11649iwm_preinit(struct iwm_softc *sc) 11650{ 11651 struct ieee80211com *ic = &sc->sc_ic; 11652 struct ifnet *ifp = IC2IFP(ic); 11653 int err; 11654 11655 err = iwm_prepare_card_hw(sc); 11656 if (err) { 11657 printf("%s: could not initialize hardware\n", DEVNAME(sc)); 11658 return err; 11659 } 11660 11661 if (sc->attached) { 11662#ifndef __FreeBSD_version 11663 /* Update MAC in case the upper layers changed it. */ 11664 IEEE80211_ADDR_COPY(sc->sc_ic.ic_myaddr, 11665 ((struct arpcom *)ifp)->ac_enaddr); 11666#endif 11667 return 0; 11668 } 11669 11670 err = iwm_start_hw(sc); 11671 if (err) { 11672 printf("%s: could not initialize hardware\n", DEVNAME(sc)); 11673 return err; 11674 } 11675 11676 err = iwm_run_init_mvm_ucode(sc, 1); 11677 iwm_stop_device(sc); 11678 if (err) 11679 return err; 11680 11681 /* Print version info and MAC address on first successful fw load. */ 11682 sc->attached = 1; 11683 printf("%s: hw rev 0x%x, fw ver %s, address %s\n", 11684 DEVNAME(sc), sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK, 11685 sc->sc_fwver, ether_sprintf(sc->sc_nvm.hw_addr)); 11686 11687 if (sc->sc_nvm.sku_cap_11n_enable) 11688 iwm_setup_ht_rates(sc); 11689 11690 /* not all hardware can do 5GHz band */ 11691 if (!sc->sc_nvm.sku_cap_band_52GHz_enable) 11692 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0, 11693 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A])); 11694 11695 /* Configure channel information obtained from firmware. */ 11696 ieee80211_channel_init(ifp); 11697 11698#ifdef __HAIKU__ 11699 IEEE80211_ADDR_COPY(IF_LLADDR(ifp), ic->ic_myaddr); 11700#else 11701 /* Configure MAC address. */ 11702 err = if_setlladdr(ifp, ic->ic_myaddr); 11703 if (err) 11704 printf("%s: could not set MAC address (error %d)\n", 11705 DEVNAME(sc), err); 11706#endif 11707 11708 ieee80211_media_init(ifp, iwm_media_change, ieee80211_media_status); 11709 11710 return 0; 11711} 11712 11713void 11714iwm_attach_hook(struct device *self) 11715{ 11716 struct iwm_softc *sc = (void *)self; 11717 11718 KASSERT(!cold); 11719 11720 iwm_preinit(sc); 11721} 11722 11723#ifdef __FreeBSD_version 11724static int 11725iwm_attach(device_t dev) 11726#else 11727void 11728iwm_attach(struct device *parent, struct device *self, void *aux) 11729#endif 11730{ 11731#ifdef __FreeBSD_version 11732#define pa dev 11733 struct iwm_softc *sc = device_get_softc(dev); 11734#else 11735 struct iwm_softc *sc = (void *)self; 11736 struct pci_attach_args *pa = aux; 11737#endif 11738 pci_intr_handle_t ih; 11739 pcireg_t reg, memtype; 11740 struct ieee80211com *ic = &sc->sc_ic; 11741 struct ifnet *ifp = &ic->ic_if; 11742 const char *intrstr; 11743 int err; 11744 int txq_i, i, j; 11745 11746#ifdef __FreeBSD_version 11747 sc->sc_dev = dev; 11748 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev); 11749 bus_dma_tag_create(sc->sc_dmat, 1, 0, 11750 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 11751 BUS_SPACE_MAXSIZE_32BIT, BUS_SPACE_UNRESTRICTED, BUS_SPACE_MAXSIZE_32BIT, 0, NULL, NULL, 11752 &sc->sc_dmat); 11753 pci_enable_busmaster(sc->sc_dev); 11754 11755 if_alloc_inplace(ifp, IFT_ETHER); 11756#else 11757 sc->sc_pct = pa->pa_pc; 11758 sc->sc_pcitag = pa->pa_tag; 11759 sc->sc_dmat = pa->pa_dmat; 11760#endif 11761 11762 rw_init(&sc->ioctl_rwl, "iwmioctl"); 11763 11764 err = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 11765 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 11766 if (err == 0) { 11767 printf("%s: PCIe capability structure not found!\n", 11768 DEVNAME(sc)); 11769 goto fail; 11770 } 11771 11772 /* 11773 * We disable the RETRY_TIMEOUT register (0x41) to keep 11774 * PCI Tx retries from interfering with C3 CPU state. 11775 */ 11776 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 11777 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg & ~0xff00); 11778 11779 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, PCI_MAPREG_START); 11780 err = pci_mapreg_map(pa, PCI_MAPREG_START, memtype, 0, 11781 &sc->sc_st, &sc->sc_sh, NULL, &sc->sc_sz, 0); 11782 if (err) { 11783 printf("%s: can't map mem space\n", DEVNAME(sc)); 11784 goto fail; 11785 } 11786 11787 if (pci_intr_map_msix(pa, 0, &ih) == 0) { 11788 sc->sc_msix = 1; 11789 } else if (pci_intr_map_msi(pa, &ih)) { 11790#ifndef __HAIKU__ 11791 if (pci_intr_map(pa, &ih)) { 11792#else 11793 { 11794#endif 11795 printf("%s: can't map interrupt\n", DEVNAME(sc)); 11796 goto fail; 11797 } 11798 /* Hardware bug workaround. */ 11799 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 11800 PCI_COMMAND_STATUS_REG); 11801 if (reg & PCI_COMMAND_INTERRUPT_DISABLE) 11802 reg &= ~PCI_COMMAND_INTERRUPT_DISABLE; 11803 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 11804 PCI_COMMAND_STATUS_REG, reg); 11805 } 11806 11807 intrstr = pci_intr_string(sc->sc_pct, ih); 11808 if (sc->sc_msix) 11809 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, 11810 iwm_intr_msix, sc, DEVNAME(sc)); 11811 else 11812 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, 11813 iwm_intr, sc, DEVNAME(sc)); 11814 11815 if (sc->sc_ih == NULL) { 11816 printf("\n"); 11817 printf("%s: can't establish interrupt", DEVNAME(sc)); 11818 if (intrstr != NULL) 11819 printf(" at %s", intrstr); 11820 printf("\n"); 11821 goto fail; 11822 } 11823 printf(", %s\n", intrstr); 11824 11825 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV); 11826#ifdef __FreeBSD_version 11827#undef PCI_PRODUCT 11828#define PCI_PRODUCT(pa) pci_get_device(dev) 11829#endif 11830 switch (PCI_PRODUCT(pa->pa_id)) { 11831 case PCI_PRODUCT_INTEL_WL_3160_1: 11832 case PCI_PRODUCT_INTEL_WL_3160_2: 11833 sc->sc_fwname = "iwm-3160-17"; 11834 sc->host_interrupt_operation_mode = 1; 11835 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 11836 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 11837 sc->sc_nvm_max_section_size = 16384; 11838 sc->nvm_type = IWM_NVM; 11839 break; 11840 case PCI_PRODUCT_INTEL_WL_3165_1: 11841 case PCI_PRODUCT_INTEL_WL_3165_2: 11842 sc->sc_fwname = "iwm-7265D-29"; 11843 sc->host_interrupt_operation_mode = 0; 11844 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 11845 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 11846 sc->sc_nvm_max_section_size = 16384; 11847 sc->nvm_type = IWM_NVM; 11848 break; 11849 case PCI_PRODUCT_INTEL_WL_3168_1: 11850 sc->sc_fwname = "iwm-3168-29"; 11851 sc->host_interrupt_operation_mode = 0; 11852 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 11853 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 11854 sc->sc_nvm_max_section_size = 16384; 11855 sc->nvm_type = IWM_NVM_SDP; 11856 break; 11857 case PCI_PRODUCT_INTEL_WL_7260_1: 11858 case PCI_PRODUCT_INTEL_WL_7260_2: 11859 sc->sc_fwname = "iwm-7260-17"; 11860 sc->host_interrupt_operation_mode = 1; 11861 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 11862 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 11863 sc->sc_nvm_max_section_size = 16384; 11864 sc->nvm_type = IWM_NVM; 11865 break; 11866 case PCI_PRODUCT_INTEL_WL_7265_1: 11867 case PCI_PRODUCT_INTEL_WL_7265_2: 11868 sc->sc_fwname = "iwm-7265-17"; 11869 sc->host_interrupt_operation_mode = 0; 11870 sc->sc_device_family = IWM_DEVICE_FAMILY_7000; 11871 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ; 11872 sc->sc_nvm_max_section_size = 16384; 11873 sc->nvm_type = IWM_NVM; 11874 break; 11875 case PCI_PRODUCT_INTEL_WL_8260_1: 11876 case PCI_PRODUCT_INTEL_WL_8260_2: 11877 sc->sc_fwname = "iwm-8000C-36"; 11878 sc->host_interrupt_operation_mode = 0; 11879 sc->sc_device_family = IWM_DEVICE_FAMILY_8000; 11880 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000; 11881 sc->sc_nvm_max_section_size = 32768; 11882 sc->nvm_type = IWM_NVM_EXT; 11883 break; 11884 case PCI_PRODUCT_INTEL_WL_8265_1: 11885 sc->sc_fwname = "iwm-8265-36"; 11886 sc->host_interrupt_operation_mode = 0; 11887 sc->sc_device_family = IWM_DEVICE_FAMILY_8000; 11888 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000; 11889 sc->sc_nvm_max_section_size = 32768; 11890 sc->nvm_type = IWM_NVM_EXT; 11891 break; 11892 case PCI_PRODUCT_INTEL_WL_9260_1: 11893 sc->sc_fwname = "iwm-9260-46"; 11894 sc->host_interrupt_operation_mode = 0; 11895 sc->sc_device_family = IWM_DEVICE_FAMILY_9000; 11896 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000; 11897 sc->sc_nvm_max_section_size = 32768; 11898 sc->sc_mqrx_supported = 1; 11899 break; 11900 case PCI_PRODUCT_INTEL_WL_9560_1: 11901 case PCI_PRODUCT_INTEL_WL_9560_2: 11902 case PCI_PRODUCT_INTEL_WL_9560_3: 11903 sc->sc_fwname = "iwm-9000-46"; 11904 sc->host_interrupt_operation_mode = 0; 11905 sc->sc_device_family = IWM_DEVICE_FAMILY_9000; 11906 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000; 11907 sc->sc_nvm_max_section_size = 32768; 11908 sc->sc_mqrx_supported = 1; 11909 sc->sc_integrated = 1; 11910 if (PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_WL_9560_3) { 11911 sc->sc_xtal_latency = 670; 11912 sc->sc_extra_phy_config = IWM_FW_PHY_CFG_SHARED_CLK; 11913 } else 11914 sc->sc_xtal_latency = 650; 11915 break; 11916 default: 11917 printf("%s: unknown adapter type\n", DEVNAME(sc)); 11918 goto fail; 11919 } 11920#ifdef __FreeBSD_version 11921#undef PCI_PRODUCT 11922#endif 11923 11924 /* 11925 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have 11926 * changed, and now the revision step also includes bit 0-1 (no more 11927 * "dash" value). To keep hw_rev backwards compatible - we'll store it 11928 * in the old format. 11929 */ 11930 if (sc->sc_device_family >= IWM_DEVICE_FAMILY_8000) { 11931 uint32_t hw_step; 11932 11933 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) | 11934 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2); 11935 11936 if (iwm_prepare_card_hw(sc) != 0) { 11937 printf("%s: could not initialize hardware\n", 11938 DEVNAME(sc)); 11939 goto fail; 11940 } 11941 11942 /* 11943 * In order to recognize C step the driver should read the 11944 * chip version id located at the AUX bus MISC address. 11945 */ 11946 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL, 11947 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE); 11948 DELAY(2); 11949 11950 err = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL, 11951 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 11952 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY, 11953 25000); 11954 if (!err) { 11955 printf("%s: Failed to wake up the nic\n", DEVNAME(sc)); 11956 goto fail; 11957 } 11958 11959 if (iwm_nic_lock(sc)) { 11960 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG); 11961 hw_step |= IWM_ENABLE_WFPM; 11962 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step); 11963 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG); 11964 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF; 11965 if (hw_step == 0x3) 11966 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) | 11967 (IWM_SILICON_C_STEP << 2); 11968 iwm_nic_unlock(sc); 11969 } else { 11970 printf("%s: Failed to lock the nic\n", DEVNAME(sc)); 11971 goto fail; 11972 } 11973 } 11974 11975 /* 11976 * Allocate DMA memory for firmware transfers. 11977 * Must be aligned on a 16-byte boundary. 11978 */ 11979 err = iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, 11980 sc->sc_fwdmasegsz, 16); 11981 if (err) { 11982 printf("%s: could not allocate memory for firmware\n", 11983 DEVNAME(sc)); 11984 goto fail; 11985 } 11986 11987 /* Allocate "Keep Warm" page, used internally by the card. */ 11988 err = iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096); 11989 if (err) { 11990 printf("%s: could not allocate keep warm page\n", DEVNAME(sc)); 11991 goto fail1; 11992 } 11993 11994 /* Allocate interrupt cause table (ICT).*/ 11995 err = iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, 11996 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT); 11997 if (err) { 11998 printf("%s: could not allocate ICT table\n", DEVNAME(sc)); 11999 goto fail2; 12000 } 12001 12002 /* TX scheduler rings must be aligned on a 1KB boundary. */ 12003 err = iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma, 12004 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024); 12005 if (err) { 12006 printf("%s: could not allocate TX scheduler rings\n", 12007 DEVNAME(sc)); 12008 goto fail3; 12009 } 12010 12011 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) { 12012 err = iwm_alloc_tx_ring(sc, &sc->txq[txq_i], txq_i); 12013 if (err) { 12014 printf("%s: could not allocate TX ring %d\n", 12015 DEVNAME(sc), txq_i); 12016 goto fail4; 12017 } 12018 } 12019 12020 err = iwm_alloc_rx_ring(sc, &sc->rxq); 12021 if (err) { 12022 printf("%s: could not allocate RX ring\n", DEVNAME(sc)); 12023 goto fail4; 12024 } 12025 12026 sc->sc_nswq = taskq_create("iwmns", 1, IPL_NET, 0); 12027 if (sc->sc_nswq == NULL) 12028 goto fail4; 12029 12030 /* Clear pending interrupts. */ 12031 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff); 12032 12033 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 12034 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 12035 ic->ic_state = IEEE80211_S_INIT; 12036 12037 /* Set device capabilities. */ 12038 ic->ic_caps = 12039 IEEE80211_C_QOS | IEEE80211_C_TX_AMPDU | /* A-MPDU */ 12040 IEEE80211_C_WEP | /* WEP */ 12041 IEEE80211_C_RSN | /* WPA/RSN */ 12042 IEEE80211_C_SCANALL | /* device scans all channels at once */ 12043 IEEE80211_C_SCANALLBAND | /* device scans all bands at once */ 12044 IEEE80211_C_MONITOR | /* monitor mode supported */ 12045 IEEE80211_C_SHSLOT | /* short slot time supported */ 12046 IEEE80211_C_SHPREAMBLE; /* short preamble supported */ 12047 12048 ic->ic_htcaps = IEEE80211_HTCAP_SGI20 | IEEE80211_HTCAP_SGI40; 12049 ic->ic_htcaps |= IEEE80211_HTCAP_CBW20_40; 12050 ic->ic_htcaps |= 12051 (IEEE80211_HTCAP_SMPS_DIS << IEEE80211_HTCAP_SMPS_SHIFT); 12052 ic->ic_htxcaps = 0; 12053 ic->ic_txbfcaps = 0; 12054 ic->ic_aselcaps = 0; 12055 ic->ic_ampdu_params = (IEEE80211_AMPDU_PARAM_SS_4 | 0x3 /* 64k */); 12056 12057 ic->ic_vhtcaps = IEEE80211_VHTCAP_MAX_MPDU_LENGTH_3895 | 12058 (IEEE80211_VHTCAP_MAX_AMPDU_LEN_64K << 12059 IEEE80211_VHTCAP_MAX_AMPDU_LEN_SHIFT) | 12060 (IEEE80211_VHTCAP_CHAN_WIDTH_80 << 12061 IEEE80211_VHTCAP_CHAN_WIDTH_SHIFT) | IEEE80211_VHTCAP_SGI80 | 12062 IEEE80211_VHTCAP_RX_ANT_PATTERN | IEEE80211_VHTCAP_TX_ANT_PATTERN; 12063 12064 ic->ic_sup_rates[IEEE80211_MODE_11A] = ieee80211_std_rateset_11a; 12065 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 12066 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 12067 12068 for (i = 0; i < nitems(sc->sc_phyctxt); i++) { 12069 sc->sc_phyctxt[i].id = i; 12070 sc->sc_phyctxt[i].sco = IEEE80211_HTOP0_SCO_SCN; 12071 sc->sc_phyctxt[i].vht_chan_width = 12072 IEEE80211_VHTOP0_CHAN_WIDTH_HT; 12073 } 12074 12075 sc->sc_amrr.amrr_min_success_threshold = 1; 12076 sc->sc_amrr.amrr_max_success_threshold = 15; 12077 12078 /* IBSS channel undefined for now. */ 12079 ic->ic_ibss_chan = &ic->ic_channels[1]; 12080 12081 ic->ic_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM; 12082 12083 ifp->if_softc = sc; 12084 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 12085 ifp->if_ioctl = iwm_ioctl; 12086 ifp->if_start = iwm_start; 12087 ifp->if_watchdog = iwm_watchdog; 12088 memcpy(ifp->if_xname, DEVNAME(sc), IFNAMSIZ); 12089 12090 if_attach(ifp); 12091 ieee80211_ifattach(ifp); 12092 ieee80211_media_init(ifp, iwm_media_change, ieee80211_media_status); 12093 12094#if NBPFILTER > 0 12095 iwm_radiotap_attach(sc); 12096#endif 12097 timeout_set(&sc->sc_calib_to, iwm_calib_timeout, sc); 12098 timeout_set(&sc->sc_led_blink_to, iwm_led_blink_timeout, sc); 12099 for (i = 0; i < nitems(sc->sc_rxba_data); i++) { 12100 struct iwm_rxba_data *rxba = &sc->sc_rxba_data[i]; 12101 rxba->baid = IWM_RX_REORDER_DATA_INVALID_BAID; 12102 rxba->sc = sc; 12103 timeout_set(&rxba->session_timer, iwm_rx_ba_session_expired, 12104 rxba); 12105 timeout_set(&rxba->reorder_buf.reorder_timer, 12106 iwm_reorder_timer_expired, &rxba->reorder_buf); 12107 for (j = 0; j < nitems(rxba->entries); j++) 12108 ml_init(&rxba->entries[j].frames); 12109 } 12110 task_set(&sc->init_task, iwm_init_task, sc); 12111 task_set(&sc->newstate_task, iwm_newstate_task, sc); 12112 task_set(&sc->ba_task, iwm_ba_task, sc); 12113 task_set(&sc->mac_ctxt_task, iwm_mac_ctxt_task, sc); 12114 task_set(&sc->phy_ctxt_task, iwm_phy_ctxt_task, sc); 12115 task_set(&sc->bgscan_done_task, iwm_bgscan_done_task, sc); 12116 12117 ic->ic_node_alloc = iwm_node_alloc; 12118 ic->ic_bgscan_start = iwm_bgscan; 12119 ic->ic_bgscan_done = iwm_bgscan_done; 12120 ic->ic_set_key = iwm_set_key; 12121 ic->ic_delete_key = iwm_delete_key; 12122 12123 /* Override 802.11 state transition machine. */ 12124 sc->sc_newstate = ic->ic_newstate; 12125 ic->ic_newstate = iwm_newstate; 12126 ic->ic_updateprot = iwm_updateprot; 12127 ic->ic_updateslot = iwm_updateslot; 12128 ic->ic_updateedca = iwm_updateedca; 12129 ic->ic_updatechan = iwm_updatechan; 12130 ic->ic_updatedtim = iwm_updatedtim; 12131 ic->ic_ampdu_rx_start = iwm_ampdu_rx_start; 12132 ic->ic_ampdu_rx_stop = iwm_ampdu_rx_stop; 12133 ic->ic_ampdu_tx_start = iwm_ampdu_tx_start; 12134 ic->ic_ampdu_tx_stop = iwm_ampdu_tx_stop; 12135#ifdef __HAIKU__ 12136 iwm_preinit(sc); 12137#else 12138 /* 12139 * We cannot read the MAC address without loading the 12140 * firmware from disk. Postpone until mountroot is done. 12141 */ 12142 config_mountroot(self, iwm_attach_hook); 12143#endif 12144 12145 return 0; 12146 12147fail4: while (--txq_i >= 0) 12148 iwm_free_tx_ring(sc, &sc->txq[txq_i]); 12149 iwm_free_rx_ring(sc, &sc->rxq); 12150 iwm_dma_contig_free(&sc->sched_dma); 12151fail3: if (sc->ict_dma.vaddr != NULL) 12152 iwm_dma_contig_free(&sc->ict_dma); 12153 12154fail2: iwm_dma_contig_free(&sc->kw_dma); 12155fail1: iwm_dma_contig_free(&sc->fw_dma); 12156#ifdef __HAIKU__ 12157fail: 12158 if_free_inplace(ifp); 12159#endif 12160 return -1; 12161} 12162 12163#if NBPFILTER > 0 12164void 12165iwm_radiotap_attach(struct iwm_softc *sc) 12166{ 12167 bpfattach(&sc->sc_drvbpf, &sc->sc_ic.ic_if, DLT_IEEE802_11_RADIO, 12168 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 12169 12170 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 12171 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 12172 sc->sc_rxtap.wr_ihdr.it_present = htole32(IWM_RX_RADIOTAP_PRESENT); 12173 12174 sc->sc_txtap_len = sizeof sc->sc_txtapu; 12175 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 12176 sc->sc_txtap.wt_ihdr.it_present = htole32(IWM_TX_RADIOTAP_PRESENT); 12177} 12178#endif 12179 12180void 12181iwm_init_task(void *arg1) 12182{ 12183 struct iwm_softc *sc = arg1; 12184 struct ifnet *ifp = &sc->sc_ic.ic_if; 12185 int s = splnet(); 12186 int generation = sc->sc_generation; 12187 int fatal = (sc->sc_flags & (IWM_FLAG_HW_ERR | IWM_FLAG_RFKILL)); 12188 12189 rw_enter_write(&sc->ioctl_rwl); 12190 if (generation != sc->sc_generation) { 12191 rw_exit(&sc->ioctl_rwl); 12192 splx(s); 12193 return; 12194 } 12195 12196 if (ifp->if_flags & IFF_RUNNING) 12197 iwm_stop(ifp); 12198 else 12199 sc->sc_flags &= ~IWM_FLAG_HW_ERR; 12200 12201 if (!fatal && (ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP) 12202 iwm_init(ifp); 12203 12204 rw_exit(&sc->ioctl_rwl); 12205 splx(s); 12206} 12207 12208void 12209iwm_resume(struct iwm_softc *sc) 12210{ 12211 pcireg_t reg; 12212 12213 /* 12214 * We disable the RETRY_TIMEOUT register (0x41) to keep 12215 * PCI Tx retries from interfering with C3 CPU state. 12216 */ 12217 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 12218 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg & ~0xff00); 12219 12220 if (!sc->sc_msix) { 12221 /* Hardware bug workaround. */ 12222 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 12223 PCI_COMMAND_STATUS_REG); 12224 if (reg & PCI_COMMAND_INTERRUPT_DISABLE) 12225 reg &= ~PCI_COMMAND_INTERRUPT_DISABLE; 12226 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 12227 PCI_COMMAND_STATUS_REG, reg); 12228 } 12229 12230 iwm_disable_interrupts(sc); 12231} 12232 12233int 12234iwm_wakeup(struct iwm_softc *sc) 12235{ 12236 struct ieee80211com *ic = &sc->sc_ic; 12237 struct ifnet *ifp = &sc->sc_ic.ic_if; 12238 int err; 12239 12240 err = iwm_start_hw(sc); 12241 if (err) 12242 return err; 12243 12244 err = iwm_init_hw(sc); 12245 if (err) 12246 return err; 12247 12248 refcnt_init(&sc->task_refs); 12249 ifq_clr_oactive(&ifp->if_snd); 12250 ifp->if_flags |= IFF_RUNNING; 12251 12252 if (ic->ic_opmode == IEEE80211_M_MONITOR) 12253 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 12254 else 12255 ieee80211_begin_scan(ifp); 12256 12257 return 0; 12258} 12259 12260#ifdef __FreeBSD_version 12261static device_method_t iwm_pci_methods[] = { 12262 /* Device interface */ 12263 DEVMETHOD(device_probe, iwm_probe), 12264 DEVMETHOD(device_attach, iwm_attach), 12265#if 0 12266 DEVMETHOD(device_detach, iwm_detach), 12267 DEVMETHOD(device_suspend, iwm_suspend), 12268 DEVMETHOD(device_resume, iwm_resume), 12269#endif 12270 12271 DEVMETHOD_END 12272}; 12273 12274static driver_t iwm_pci_driver = { 12275 "iwm", 12276 iwm_pci_methods, 12277 sizeof (struct iwm_softc) 12278}; 12279 12280static devclass_t iwm_devclass; 12281 12282DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL); 12283#else 12284int 12285iwm_activate(struct device *self, int act) 12286{ 12287 struct iwm_softc *sc = (struct iwm_softc *)self; 12288 struct ifnet *ifp = &sc->sc_ic.ic_if; 12289 int err = 0; 12290 12291 switch (act) { 12292 case DVACT_QUIESCE: 12293 if (ifp->if_flags & IFF_RUNNING) { 12294 rw_enter_write(&sc->ioctl_rwl); 12295 iwm_stop(ifp); 12296 rw_exit(&sc->ioctl_rwl); 12297 } 12298 break; 12299 case DVACT_RESUME: 12300 iwm_resume(sc); 12301 break; 12302 case DVACT_WAKEUP: 12303 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP) { 12304 err = iwm_wakeup(sc); 12305 if (err) 12306 printf("%s: could not initialize hardware\n", 12307 DEVNAME(sc)); 12308 } 12309 break; 12310 } 12311 12312 return 0; 12313} 12314 12315struct cfdriver iwm_cd = { 12316 NULL, "iwm", DV_IFNET 12317}; 12318 12319const struct cfattach iwm_ca = { 12320 sizeof(struct iwm_softc), iwm_match, iwm_attach, 12321 NULL, iwm_activate 12322}; 12323#endif 12324