1/*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2008 Weongyo Jeong <weongyo@freebsd.org> 5 * Copyright (c) 2007 Marvell Semiconductor, Inc. 6 * Copyright (c) 2007 Sam Leffler, Errno Consulting 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer, 14 * without modification. 15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer 16 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any 17 * redistribution must be conditioned upon including a substantially 18 * similar Disclaimer requirement for further binary redistribution. 19 * 20 * NO WARRANTY 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY 24 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 25 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, 26 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 29 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 31 * THE POSSIBILITY OF SUCH DAMAGES. 32 */ 33 34#include <sys/cdefs.h> 35#ifdef __FreeBSD__ 36__FBSDID("$FreeBSD: releng/12.0/sys/dev/malo/if_malo.c 333813 2018-05-18 20:13:34Z mmacy $"); 37#endif 38 39#include "opt_malo.h" 40 41#include <sys/param.h> 42#include <sys/endian.h> 43#include <sys/kernel.h> 44#include <sys/malloc.h> 45#include <sys/socket.h> 46#include <sys/sockio.h> 47#include <sys/sysctl.h> 48#include <sys/taskqueue.h> 49 50#include <machine/bus.h> 51#include <sys/bus.h> 52 53#include <net/if.h> 54#include <net/if_var.h> 55#include <net/if_dl.h> 56#include <net/if_media.h> 57#include <net/if_types.h> 58#include <net/ethernet.h> 59 60#include <net80211/ieee80211_var.h> 61#include <net80211/ieee80211_regdomain.h> 62 63#include <net/bpf.h> 64 65#include <dev/malo/if_malo.h> 66 67SYSCTL_NODE(_hw, OID_AUTO, malo, CTLFLAG_RD, 0, 68 "Marvell 88w8335 driver parameters"); 69 70static int malo_txcoalesce = 8; /* # tx pkts to q before poking f/w*/ 71SYSCTL_INT(_hw_malo, OID_AUTO, txcoalesce, CTLFLAG_RWTUN, &malo_txcoalesce, 72 0, "tx buffers to send at once"); 73static int malo_rxbuf = MALO_RXBUF; /* # rx buffers to allocate */ 74SYSCTL_INT(_hw_malo, OID_AUTO, rxbuf, CTLFLAG_RWTUN, &malo_rxbuf, 75 0, "rx buffers allocated"); 76static int malo_rxquota = MALO_RXBUF; /* # max buffers to process */ 77SYSCTL_INT(_hw_malo, OID_AUTO, rxquota, CTLFLAG_RWTUN, &malo_rxquota, 78 0, "max rx buffers to process per interrupt"); 79static int malo_txbuf = MALO_TXBUF; /* # tx buffers to allocate */ 80SYSCTL_INT(_hw_malo, OID_AUTO, txbuf, CTLFLAG_RWTUN, &malo_txbuf, 81 0, "tx buffers allocated"); 82 83#ifdef MALO_DEBUG 84static int malo_debug = 0; 85SYSCTL_INT(_hw_malo, OID_AUTO, debug, CTLFLAG_RWTUN, &malo_debug, 86 0, "control debugging printfs"); 87enum { 88 MALO_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 89 MALO_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 90 MALO_DEBUG_RECV = 0x00000004, /* basic recv operation */ 91 MALO_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 92 MALO_DEBUG_RESET = 0x00000010, /* reset processing */ 93 MALO_DEBUG_INTR = 0x00000040, /* ISR */ 94 MALO_DEBUG_TX_PROC = 0x00000080, /* tx ISR proc */ 95 MALO_DEBUG_RX_PROC = 0x00000100, /* rx ISR proc */ 96 MALO_DEBUG_STATE = 0x00000400, /* 802.11 state transitions */ 97 MALO_DEBUG_NODE = 0x00000800, /* node management */ 98 MALO_DEBUG_RECV_ALL = 0x00001000, /* trace all frames (beacons) */ 99 MALO_DEBUG_FW = 0x00008000, /* firmware */ 100 MALO_DEBUG_ANY = 0xffffffff 101}; 102#define IS_BEACON(wh) \ 103 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK | \ 104 IEEE80211_FC0_SUBTYPE_MASK)) == \ 105 (IEEE80211_FC0_TYPE_MGT|IEEE80211_FC0_SUBTYPE_BEACON)) 106#define IFF_DUMPPKTS_RECV(sc, wh) \ 107 (((sc->malo_debug & MALO_DEBUG_RECV) && \ 108 ((sc->malo_debug & MALO_DEBUG_RECV_ALL) || !IS_BEACON(wh)))) 109#define IFF_DUMPPKTS_XMIT(sc) \ 110 (sc->malo_debug & MALO_DEBUG_XMIT) 111#define DPRINTF(sc, m, fmt, ...) do { \ 112 if (sc->malo_debug & (m)) \ 113 printf(fmt, __VA_ARGS__); \ 114} while (0) 115#else 116#define DPRINTF(sc, m, fmt, ...) do { \ 117 (void) sc; \ 118} while (0) 119#endif 120 121static MALLOC_DEFINE(M_MALODEV, "malodev", "malo driver dma buffers"); 122 123static struct ieee80211vap *malo_vap_create(struct ieee80211com *, 124 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 125 const uint8_t [IEEE80211_ADDR_LEN], 126 const uint8_t [IEEE80211_ADDR_LEN]); 127static void malo_vap_delete(struct ieee80211vap *); 128static int malo_dma_setup(struct malo_softc *); 129static int malo_setup_hwdma(struct malo_softc *); 130static void malo_txq_init(struct malo_softc *, struct malo_txq *, int); 131static void malo_tx_cleanupq(struct malo_softc *, struct malo_txq *); 132static void malo_parent(struct ieee80211com *); 133static int malo_transmit(struct ieee80211com *, struct mbuf *); 134static void malo_start(struct malo_softc *); 135static void malo_watchdog(void *); 136static void malo_updateslot(struct ieee80211com *); 137static int malo_newstate(struct ieee80211vap *, enum ieee80211_state, int); 138static void malo_scan_start(struct ieee80211com *); 139static void malo_scan_end(struct ieee80211com *); 140static void malo_set_channel(struct ieee80211com *); 141static int malo_raw_xmit(struct ieee80211_node *, struct mbuf *, 142 const struct ieee80211_bpf_params *); 143static void malo_sysctlattach(struct malo_softc *); 144static void malo_announce(struct malo_softc *); 145static void malo_dma_cleanup(struct malo_softc *); 146static void malo_stop(struct malo_softc *); 147static int malo_chan_set(struct malo_softc *, struct ieee80211_channel *); 148static int malo_mode_init(struct malo_softc *); 149static void malo_tx_proc(void *, int); 150static void malo_rx_proc(void *, int); 151static void malo_init(void *); 152 153/* 154 * Read/Write shorthands for accesses to BAR 0. Note that all BAR 1 155 * operations are done in the "hal" except getting H/W MAC address at 156 * malo_attach and there should be no reference to them here. 157 */ 158static uint32_t 159malo_bar0_read4(struct malo_softc *sc, bus_size_t off) 160{ 161 return bus_space_read_4(sc->malo_io0t, sc->malo_io0h, off); 162} 163 164static void 165malo_bar0_write4(struct malo_softc *sc, bus_size_t off, uint32_t val) 166{ 167 DPRINTF(sc, MALO_DEBUG_FW, "%s: off 0x%jx val 0x%x\n", 168 __func__, (uintmax_t)off, val); 169 170 bus_space_write_4(sc->malo_io0t, sc->malo_io0h, off, val); 171} 172 173int 174malo_attach(uint16_t devid, struct malo_softc *sc) 175{ 176 struct ieee80211com *ic = &sc->malo_ic; 177 struct malo_hal *mh; 178 int error; 179 uint8_t bands[IEEE80211_MODE_BYTES]; 180 181 MALO_LOCK_INIT(sc); 182 callout_init_mtx(&sc->malo_watchdog_timer, &sc->malo_mtx, 0); 183 mbufq_init(&sc->malo_snd, ifqmaxlen); 184 185 mh = malo_hal_attach(sc->malo_dev, devid, 186 sc->malo_io1h, sc->malo_io1t, sc->malo_dmat); 187 if (mh == NULL) { 188 device_printf(sc->malo_dev, "unable to attach HAL\n"); 189 error = EIO; 190 goto bad; 191 } 192 sc->malo_mh = mh; 193 194 /* 195 * Load firmware so we can get setup. We arbitrarily pick station 196 * firmware; we'll re-load firmware as needed so setting up 197 * the wrong mode isn't a big deal. 198 */ 199 error = malo_hal_fwload(mh, "malo8335-h", "malo8335-m"); 200 if (error != 0) { 201 device_printf(sc->malo_dev, "unable to setup firmware\n"); 202 goto bad1; 203 } 204 /* XXX gethwspecs() extracts correct informations? not maybe! */ 205 error = malo_hal_gethwspecs(mh, &sc->malo_hwspecs); 206 if (error != 0) { 207 device_printf(sc->malo_dev, "unable to fetch h/w specs\n"); 208 goto bad1; 209 } 210 211 DPRINTF(sc, MALO_DEBUG_FW, 212 "malo_hal_gethwspecs: hwversion 0x%x hostif 0x%x" 213 "maxnum_wcb 0x%x maxnum_mcaddr 0x%x maxnum_tx_wcb 0x%x" 214 "regioncode 0x%x num_antenna 0x%x fw_releasenum 0x%x" 215 "wcbbase0 0x%x rxdesc_read 0x%x rxdesc_write 0x%x" 216 "ul_fw_awakecookie 0x%x w[4] = %x %x %x %x", 217 sc->malo_hwspecs.hwversion, 218 sc->malo_hwspecs.hostinterface, sc->malo_hwspecs.maxnum_wcb, 219 sc->malo_hwspecs.maxnum_mcaddr, sc->malo_hwspecs.maxnum_tx_wcb, 220 sc->malo_hwspecs.regioncode, sc->malo_hwspecs.num_antenna, 221 sc->malo_hwspecs.fw_releasenum, sc->malo_hwspecs.wcbbase0, 222 sc->malo_hwspecs.rxdesc_read, sc->malo_hwspecs.rxdesc_write, 223 sc->malo_hwspecs.ul_fw_awakecookie, 224 sc->malo_hwspecs.wcbbase[0], sc->malo_hwspecs.wcbbase[1], 225 sc->malo_hwspecs.wcbbase[2], sc->malo_hwspecs.wcbbase[3]); 226 227 /* NB: firmware looks that it does not export regdomain info API. */ 228 memset(bands, 0, sizeof(bands)); 229 setbit(bands, IEEE80211_MODE_11B); 230 setbit(bands, IEEE80211_MODE_11G); 231 ieee80211_init_channels(ic, NULL, bands); 232 233 sc->malo_txantenna = 0x2; /* h/w default */ 234 sc->malo_rxantenna = 0xffff; /* h/w default */ 235 236 /* 237 * Allocate tx + rx descriptors and populate the lists. 238 * We immediately push the information to the firmware 239 * as otherwise it gets upset. 240 */ 241 error = malo_dma_setup(sc); 242 if (error != 0) { 243 device_printf(sc->malo_dev, 244 "failed to setup descriptors: %d\n", error); 245 goto bad1; 246 } 247 error = malo_setup_hwdma(sc); /* push to firmware */ 248 if (error != 0) /* NB: malo_setupdma prints msg */ 249 goto bad2; 250 251 sc->malo_tq = taskqueue_create_fast("malo_taskq", M_NOWAIT, 252 taskqueue_thread_enqueue, &sc->malo_tq); 253 taskqueue_start_threads(&sc->malo_tq, 1, PI_NET, 254 "%s taskq", device_get_nameunit(sc->malo_dev)); 255 256 TASK_INIT(&sc->malo_rxtask, 0, malo_rx_proc, sc); 257 TASK_INIT(&sc->malo_txtask, 0, malo_tx_proc, sc); 258 259 ic->ic_softc = sc; 260 ic->ic_name = device_get_nameunit(sc->malo_dev); 261 /* XXX not right but it's not used anywhere important */ 262 ic->ic_phytype = IEEE80211_T_OFDM; 263 ic->ic_opmode = IEEE80211_M_STA; 264 ic->ic_caps = 265 IEEE80211_C_STA /* station mode supported */ 266 | IEEE80211_C_BGSCAN /* capable of bg scanning */ 267 | IEEE80211_C_MONITOR /* monitor mode */ 268 | IEEE80211_C_SHPREAMBLE /* short preamble supported */ 269 | IEEE80211_C_SHSLOT /* short slot time supported */ 270 | IEEE80211_C_TXPMGT /* capable of txpow mgt */ 271 | IEEE80211_C_WPA /* capable of WPA1+WPA2 */ 272 ; 273 IEEE80211_ADDR_COPY(ic->ic_macaddr, sc->malo_hwspecs.macaddr); 274 275 /* 276 * Transmit requires space in the packet for a special format transmit 277 * record and optional padding between this record and the payload. 278 * Ask the net80211 layer to arrange this when encapsulating 279 * packets so we can add it efficiently. 280 */ 281 ic->ic_headroom = sizeof(struct malo_txrec) - 282 sizeof(struct ieee80211_frame); 283 284 /* call MI attach routine. */ 285 ieee80211_ifattach(ic); 286 /* override default methods */ 287 ic->ic_vap_create = malo_vap_create; 288 ic->ic_vap_delete = malo_vap_delete; 289 ic->ic_raw_xmit = malo_raw_xmit; 290 ic->ic_updateslot = malo_updateslot; 291 ic->ic_scan_start = malo_scan_start; 292 ic->ic_scan_end = malo_scan_end; 293 ic->ic_set_channel = malo_set_channel; 294 ic->ic_parent = malo_parent; 295 ic->ic_transmit = malo_transmit; 296 297 sc->malo_invalid = 0; /* ready to go, enable int handling */ 298 299 ieee80211_radiotap_attach(ic, 300 &sc->malo_tx_th.wt_ihdr, sizeof(sc->malo_tx_th), 301 MALO_TX_RADIOTAP_PRESENT, 302 &sc->malo_rx_th.wr_ihdr, sizeof(sc->malo_rx_th), 303 MALO_RX_RADIOTAP_PRESENT); 304 305 /* 306 * Setup dynamic sysctl's. 307 */ 308 malo_sysctlattach(sc); 309 310 if (bootverbose) 311 ieee80211_announce(ic); 312 malo_announce(sc); 313 314 return 0; 315bad2: 316 malo_dma_cleanup(sc); 317bad1: 318 malo_hal_detach(mh); 319bad: 320 sc->malo_invalid = 1; 321 322 return error; 323} 324 325static struct ieee80211vap * 326malo_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 327 enum ieee80211_opmode opmode, int flags, 328 const uint8_t bssid[IEEE80211_ADDR_LEN], 329 const uint8_t mac[IEEE80211_ADDR_LEN]) 330{ 331 struct malo_softc *sc = ic->ic_softc; 332 struct malo_vap *mvp; 333 struct ieee80211vap *vap; 334 335 if (!TAILQ_EMPTY(&ic->ic_vaps)) { 336 device_printf(sc->malo_dev, "multiple vaps not supported\n"); 337 return NULL; 338 } 339 switch (opmode) { 340 case IEEE80211_M_STA: 341 if (opmode == IEEE80211_M_STA) 342 flags |= IEEE80211_CLONE_NOBEACONS; 343 /* fall thru... */ 344 case IEEE80211_M_MONITOR: 345 break; 346 default: 347 device_printf(sc->malo_dev, "%s mode not supported\n", 348 ieee80211_opmode_name[opmode]); 349 return NULL; /* unsupported */ 350 } 351 mvp = malloc(sizeof(struct malo_vap), M_80211_VAP, M_WAITOK | M_ZERO); 352 vap = &mvp->malo_vap; 353 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 354 355 /* override state transition machine */ 356 mvp->malo_newstate = vap->iv_newstate; 357 vap->iv_newstate = malo_newstate; 358 359 /* complete setup */ 360 ieee80211_vap_attach(vap, 361 ieee80211_media_change, ieee80211_media_status, mac); 362 ic->ic_opmode = opmode; 363 return vap; 364} 365 366static void 367malo_vap_delete(struct ieee80211vap *vap) 368{ 369 struct malo_vap *mvp = MALO_VAP(vap); 370 371 ieee80211_vap_detach(vap); 372 free(mvp, M_80211_VAP); 373} 374 375int 376malo_intr(void *arg) 377{ 378 struct malo_softc *sc = arg; 379 struct malo_hal *mh = sc->malo_mh; 380 uint32_t status; 381 382 if (sc->malo_invalid) { 383 /* 384 * The hardware is not ready/present, don't touch anything. 385 * Note this can happen early on if the IRQ is shared. 386 */ 387 DPRINTF(sc, MALO_DEBUG_ANY, "%s: invalid; ignored\n", __func__); 388 return (FILTER_STRAY); 389 } 390 391 /* 392 * Figure out the reason(s) for the interrupt. 393 */ 394 malo_hal_getisr(mh, &status); /* NB: clears ISR too */ 395 if (status == 0) /* must be a shared irq */ 396 return (FILTER_STRAY); 397 398 DPRINTF(sc, MALO_DEBUG_INTR, "%s: status 0x%x imask 0x%x\n", 399 __func__, status, sc->malo_imask); 400 401 if (status & MALO_A2HRIC_BIT_RX_RDY) 402 taskqueue_enqueue(sc->malo_tq, &sc->malo_rxtask); 403 if (status & MALO_A2HRIC_BIT_TX_DONE) 404 taskqueue_enqueue(sc->malo_tq, &sc->malo_txtask); 405 if (status & MALO_A2HRIC_BIT_OPC_DONE) 406 malo_hal_cmddone(mh); 407 if (status & MALO_A2HRIC_BIT_MAC_EVENT) 408 ; 409 if (status & MALO_A2HRIC_BIT_RX_PROBLEM) 410 ; 411 if (status & MALO_A2HRIC_BIT_ICV_ERROR) { 412 /* TKIP ICV error */ 413 sc->malo_stats.mst_rx_badtkipicv++; 414 } 415#ifdef MALO_DEBUG 416 if (((status | sc->malo_imask) ^ sc->malo_imask) != 0) 417 DPRINTF(sc, MALO_DEBUG_INTR, 418 "%s: can't handle interrupt status 0x%x\n", 419 __func__, status); 420#endif 421 return (FILTER_HANDLED); 422} 423 424static void 425malo_load_cb(void *arg, bus_dma_segment_t *segs, int nsegs, int error) 426{ 427 bus_addr_t *paddr = (bus_addr_t*) arg; 428 429 KASSERT(error == 0, ("error %u on bus_dma callback", error)); 430 431 *paddr = segs->ds_addr; 432} 433 434static int 435malo_desc_setup(struct malo_softc *sc, const char *name, 436 struct malo_descdma *dd, 437 int nbuf, size_t bufsize, int ndesc, size_t descsize) 438{ 439 int error; 440 uint8_t *ds; 441 442 DPRINTF(sc, MALO_DEBUG_RESET, 443 "%s: %s DMA: %u bufs (%ju) %u desc/buf (%ju)\n", 444 __func__, name, nbuf, (uintmax_t) bufsize, 445 ndesc, (uintmax_t) descsize); 446 447 dd->dd_name = name; 448 dd->dd_desc_len = nbuf * ndesc * descsize; 449 450 /* 451 * Setup DMA descriptor area. 452 */ 453 error = bus_dma_tag_create(bus_get_dma_tag(sc->malo_dev),/* parent */ 454 PAGE_SIZE, 0, /* alignment, bounds */ 455 BUS_SPACE_MAXADDR_32BIT, /* lowaddr */ 456 BUS_SPACE_MAXADDR, /* highaddr */ 457 NULL, NULL, /* filter, filterarg */ 458 dd->dd_desc_len, /* maxsize */ 459 1, /* nsegments */ 460 dd->dd_desc_len, /* maxsegsize */ 461 BUS_DMA_ALLOCNOW, /* flags */ 462 NULL, /* lockfunc */ 463 NULL, /* lockarg */ 464 &dd->dd_dmat); 465 if (error != 0) { 466 device_printf(sc->malo_dev, "cannot allocate %s DMA tag\n", 467 dd->dd_name); 468 return error; 469 } 470 471 /* allocate descriptors */ 472 error = bus_dmamem_alloc(dd->dd_dmat, (void**) &dd->dd_desc, 473 BUS_DMA_NOWAIT | BUS_DMA_COHERENT, &dd->dd_dmamap); 474 if (error != 0) { 475 device_printf(sc->malo_dev, 476 "unable to alloc memory for %u %s descriptors, " 477 "error %u\n", nbuf * ndesc, dd->dd_name, error); 478 goto fail1; 479 } 480 481 error = bus_dmamap_load(dd->dd_dmat, dd->dd_dmamap, 482 dd->dd_desc, dd->dd_desc_len, 483 malo_load_cb, &dd->dd_desc_paddr, BUS_DMA_NOWAIT); 484 if (error != 0) { 485 device_printf(sc->malo_dev, 486 "unable to map %s descriptors, error %u\n", 487 dd->dd_name, error); 488 goto fail2; 489 } 490 491 ds = dd->dd_desc; 492 memset(ds, 0, dd->dd_desc_len); 493 DPRINTF(sc, MALO_DEBUG_RESET, 494 "%s: %s DMA map: %p (%lu) -> 0x%jx (%lu)\n", 495 __func__, dd->dd_name, ds, (u_long) dd->dd_desc_len, 496 (uintmax_t) dd->dd_desc_paddr, /*XXX*/ (u_long) dd->dd_desc_len); 497 498 return 0; 499fail2: 500 bus_dmamem_free(dd->dd_dmat, dd->dd_desc, dd->dd_dmamap); 501fail1: 502 bus_dma_tag_destroy(dd->dd_dmat); 503 memset(dd, 0, sizeof(*dd)); 504 return error; 505} 506 507#define DS2PHYS(_dd, _ds) \ 508 ((_dd)->dd_desc_paddr + ((caddr_t)(_ds) - (caddr_t)(_dd)->dd_desc)) 509 510static int 511malo_rxdma_setup(struct malo_softc *sc) 512{ 513 int error, bsize, i; 514 struct malo_rxbuf *bf; 515 struct malo_rxdesc *ds; 516 517 error = malo_desc_setup(sc, "rx", &sc->malo_rxdma, 518 malo_rxbuf, sizeof(struct malo_rxbuf), 519 1, sizeof(struct malo_rxdesc)); 520 if (error != 0) 521 return error; 522 523 /* 524 * Allocate rx buffers and set them up. 525 */ 526 bsize = malo_rxbuf * sizeof(struct malo_rxbuf); 527 bf = malloc(bsize, M_MALODEV, M_NOWAIT | M_ZERO); 528 if (bf == NULL) { 529 device_printf(sc->malo_dev, 530 "malloc of %u rx buffers failed\n", bsize); 531 return error; 532 } 533 sc->malo_rxdma.dd_bufptr = bf; 534 535 STAILQ_INIT(&sc->malo_rxbuf); 536 ds = sc->malo_rxdma.dd_desc; 537 for (i = 0; i < malo_rxbuf; i++, bf++, ds++) { 538 bf->bf_desc = ds; 539 bf->bf_daddr = DS2PHYS(&sc->malo_rxdma, ds); 540 error = bus_dmamap_create(sc->malo_dmat, BUS_DMA_NOWAIT, 541 &bf->bf_dmamap); 542 if (error != 0) { 543 device_printf(sc->malo_dev, 544 "%s: unable to dmamap for rx buffer, error %d\n", 545 __func__, error); 546 return error; 547 } 548 /* NB: tail is intentional to preserve descriptor order */ 549 STAILQ_INSERT_TAIL(&sc->malo_rxbuf, bf, bf_list); 550 } 551 return 0; 552} 553 554static int 555malo_txdma_setup(struct malo_softc *sc, struct malo_txq *txq) 556{ 557 int error, bsize, i; 558 struct malo_txbuf *bf; 559 struct malo_txdesc *ds; 560 561 error = malo_desc_setup(sc, "tx", &txq->dma, 562 malo_txbuf, sizeof(struct malo_txbuf), 563 MALO_TXDESC, sizeof(struct malo_txdesc)); 564 if (error != 0) 565 return error; 566 567 /* allocate and setup tx buffers */ 568 bsize = malo_txbuf * sizeof(struct malo_txbuf); 569 bf = malloc(bsize, M_MALODEV, M_NOWAIT | M_ZERO); 570 if (bf == NULL) { 571 device_printf(sc->malo_dev, "malloc of %u tx buffers failed\n", 572 malo_txbuf); 573 return ENOMEM; 574 } 575 txq->dma.dd_bufptr = bf; 576 577 STAILQ_INIT(&txq->free); 578 txq->nfree = 0; 579 ds = txq->dma.dd_desc; 580 for (i = 0; i < malo_txbuf; i++, bf++, ds += MALO_TXDESC) { 581 bf->bf_desc = ds; 582 bf->bf_daddr = DS2PHYS(&txq->dma, ds); 583 error = bus_dmamap_create(sc->malo_dmat, BUS_DMA_NOWAIT, 584 &bf->bf_dmamap); 585 if (error != 0) { 586 device_printf(sc->malo_dev, 587 "unable to create dmamap for tx " 588 "buffer %u, error %u\n", i, error); 589 return error; 590 } 591 STAILQ_INSERT_TAIL(&txq->free, bf, bf_list); 592 txq->nfree++; 593 } 594 595 return 0; 596} 597 598static void 599malo_desc_cleanup(struct malo_softc *sc, struct malo_descdma *dd) 600{ 601 bus_dmamap_unload(dd->dd_dmat, dd->dd_dmamap); 602 bus_dmamem_free(dd->dd_dmat, dd->dd_desc, dd->dd_dmamap); 603 bus_dma_tag_destroy(dd->dd_dmat); 604 605 memset(dd, 0, sizeof(*dd)); 606} 607 608static void 609malo_rxdma_cleanup(struct malo_softc *sc) 610{ 611 struct malo_rxbuf *bf; 612 613 STAILQ_FOREACH(bf, &sc->malo_rxbuf, bf_list) { 614 if (bf->bf_m != NULL) { 615 m_freem(bf->bf_m); 616 bf->bf_m = NULL; 617 } 618 if (bf->bf_dmamap != NULL) { 619 bus_dmamap_destroy(sc->malo_dmat, bf->bf_dmamap); 620 bf->bf_dmamap = NULL; 621 } 622 } 623 STAILQ_INIT(&sc->malo_rxbuf); 624 if (sc->malo_rxdma.dd_bufptr != NULL) { 625 free(sc->malo_rxdma.dd_bufptr, M_MALODEV); 626 sc->malo_rxdma.dd_bufptr = NULL; 627 } 628 if (sc->malo_rxdma.dd_desc_len != 0) 629 malo_desc_cleanup(sc, &sc->malo_rxdma); 630} 631 632static void 633malo_txdma_cleanup(struct malo_softc *sc, struct malo_txq *txq) 634{ 635 struct malo_txbuf *bf; 636 struct ieee80211_node *ni; 637 638 STAILQ_FOREACH(bf, &txq->free, bf_list) { 639 if (bf->bf_m != NULL) { 640 m_freem(bf->bf_m); 641 bf->bf_m = NULL; 642 } 643 ni = bf->bf_node; 644 bf->bf_node = NULL; 645 if (ni != NULL) { 646 /* 647 * Reclaim node reference. 648 */ 649 ieee80211_free_node(ni); 650 } 651 if (bf->bf_dmamap != NULL) { 652 bus_dmamap_destroy(sc->malo_dmat, bf->bf_dmamap); 653 bf->bf_dmamap = NULL; 654 } 655 } 656 STAILQ_INIT(&txq->free); 657 txq->nfree = 0; 658 if (txq->dma.dd_bufptr != NULL) { 659 free(txq->dma.dd_bufptr, M_MALODEV); 660 txq->dma.dd_bufptr = NULL; 661 } 662 if (txq->dma.dd_desc_len != 0) 663 malo_desc_cleanup(sc, &txq->dma); 664} 665 666static void 667malo_dma_cleanup(struct malo_softc *sc) 668{ 669 int i; 670 671 for (i = 0; i < MALO_NUM_TX_QUEUES; i++) 672 malo_txdma_cleanup(sc, &sc->malo_txq[i]); 673 674 malo_rxdma_cleanup(sc); 675} 676 677static int 678malo_dma_setup(struct malo_softc *sc) 679{ 680 int error, i; 681 682 /* rxdma initializing. */ 683 error = malo_rxdma_setup(sc); 684 if (error != 0) 685 return error; 686 687 /* NB: we just have 1 tx queue now. */ 688 for (i = 0; i < MALO_NUM_TX_QUEUES; i++) { 689 error = malo_txdma_setup(sc, &sc->malo_txq[i]); 690 if (error != 0) { 691 malo_dma_cleanup(sc); 692 693 return error; 694 } 695 696 malo_txq_init(sc, &sc->malo_txq[i], i); 697 } 698 699 return 0; 700} 701 702static void 703malo_hal_set_rxtxdma(struct malo_softc *sc) 704{ 705 int i; 706 707 malo_bar0_write4(sc, sc->malo_hwspecs.rxdesc_read, 708 sc->malo_hwdma.rxdesc_read); 709 malo_bar0_write4(sc, sc->malo_hwspecs.rxdesc_write, 710 sc->malo_hwdma.rxdesc_read); 711 712 for (i = 0; i < MALO_NUM_TX_QUEUES; i++) { 713 malo_bar0_write4(sc, 714 sc->malo_hwspecs.wcbbase[i], sc->malo_hwdma.wcbbase[i]); 715 } 716} 717 718/* 719 * Inform firmware of our tx/rx dma setup. The BAR 0 writes below are 720 * for compatibility with older firmware. For current firmware we send 721 * this information with a cmd block via malo_hal_sethwdma. 722 */ 723static int 724malo_setup_hwdma(struct malo_softc *sc) 725{ 726 int i; 727 struct malo_txq *txq; 728 729 sc->malo_hwdma.rxdesc_read = sc->malo_rxdma.dd_desc_paddr; 730 731 for (i = 0; i < MALO_NUM_TX_QUEUES; i++) { 732 txq = &sc->malo_txq[i]; 733 sc->malo_hwdma.wcbbase[i] = txq->dma.dd_desc_paddr; 734 } 735 sc->malo_hwdma.maxnum_txwcb = malo_txbuf; 736 sc->malo_hwdma.maxnum_wcb = MALO_NUM_TX_QUEUES; 737 738 malo_hal_set_rxtxdma(sc); 739 740 return 0; 741} 742 743static void 744malo_txq_init(struct malo_softc *sc, struct malo_txq *txq, int qnum) 745{ 746 struct malo_txbuf *bf, *bn; 747 struct malo_txdesc *ds; 748 749 MALO_TXQ_LOCK_INIT(sc, txq); 750 txq->qnum = qnum; 751 txq->txpri = 0; /* XXX */ 752 753 STAILQ_FOREACH(bf, &txq->free, bf_list) { 754 bf->bf_txq = txq; 755 756 ds = bf->bf_desc; 757 bn = STAILQ_NEXT(bf, bf_list); 758 if (bn == NULL) 759 bn = STAILQ_FIRST(&txq->free); 760 ds->physnext = htole32(bn->bf_daddr); 761 } 762 STAILQ_INIT(&txq->active); 763} 764 765/* 766 * Reclaim resources for a setup queue. 767 */ 768static void 769malo_tx_cleanupq(struct malo_softc *sc, struct malo_txq *txq) 770{ 771 /* XXX hal work? */ 772 MALO_TXQ_LOCK_DESTROY(txq); 773} 774 775/* 776 * Allocate a tx buffer for sending a frame. 777 */ 778static struct malo_txbuf * 779malo_getbuf(struct malo_softc *sc, struct malo_txq *txq) 780{ 781 struct malo_txbuf *bf; 782 783 MALO_TXQ_LOCK(txq); 784 bf = STAILQ_FIRST(&txq->free); 785 if (bf != NULL) { 786 STAILQ_REMOVE_HEAD(&txq->free, bf_list); 787 txq->nfree--; 788 } 789 MALO_TXQ_UNLOCK(txq); 790 if (bf == NULL) { 791 DPRINTF(sc, MALO_DEBUG_XMIT, 792 "%s: out of xmit buffers on q %d\n", __func__, txq->qnum); 793 sc->malo_stats.mst_tx_qstop++; 794 } 795 return bf; 796} 797 798static int 799malo_tx_dmasetup(struct malo_softc *sc, struct malo_txbuf *bf, struct mbuf *m0) 800{ 801 struct mbuf *m; 802 int error; 803 804 /* 805 * Load the DMA map so any coalescing is done. This also calculates 806 * the number of descriptors we need. 807 */ 808 error = bus_dmamap_load_mbuf_sg(sc->malo_dmat, bf->bf_dmamap, m0, 809 bf->bf_segs, &bf->bf_nseg, 810 BUS_DMA_NOWAIT); 811 if (error == EFBIG) { 812 /* XXX packet requires too many descriptors */ 813 bf->bf_nseg = MALO_TXDESC + 1; 814 } else if (error != 0) { 815 sc->malo_stats.mst_tx_busdma++; 816 m_freem(m0); 817 return error; 818 } 819 /* 820 * Discard null packets and check for packets that require too many 821 * TX descriptors. We try to convert the latter to a cluster. 822 */ 823 if (error == EFBIG) { /* too many desc's, linearize */ 824 sc->malo_stats.mst_tx_linear++; 825 m = m_defrag(m0, M_NOWAIT); 826 if (m == NULL) { 827 m_freem(m0); 828 sc->malo_stats.mst_tx_nombuf++; 829 return ENOMEM; 830 } 831 m0 = m; 832 error = bus_dmamap_load_mbuf_sg(sc->malo_dmat, bf->bf_dmamap, m0, 833 bf->bf_segs, &bf->bf_nseg, 834 BUS_DMA_NOWAIT); 835 if (error != 0) { 836 sc->malo_stats.mst_tx_busdma++; 837 m_freem(m0); 838 return error; 839 } 840 KASSERT(bf->bf_nseg <= MALO_TXDESC, 841 ("too many segments after defrag; nseg %u", bf->bf_nseg)); 842 } else if (bf->bf_nseg == 0) { /* null packet, discard */ 843 sc->malo_stats.mst_tx_nodata++; 844 m_freem(m0); 845 return EIO; 846 } 847 DPRINTF(sc, MALO_DEBUG_XMIT, "%s: m %p len %u\n", 848 __func__, m0, m0->m_pkthdr.len); 849 bus_dmamap_sync(sc->malo_dmat, bf->bf_dmamap, BUS_DMASYNC_PREWRITE); 850 bf->bf_m = m0; 851 852 return 0; 853} 854 855#ifdef MALO_DEBUG 856static void 857malo_printrxbuf(const struct malo_rxbuf *bf, u_int ix) 858{ 859 const struct malo_rxdesc *ds = bf->bf_desc; 860 uint32_t status = le32toh(ds->status); 861 862 printf("R[%2u] (DS.V:%p DS.P:0x%jx) NEXT:%08x DATA:%08x RC:%02x%s\n" 863 " STAT:%02x LEN:%04x SNR:%02x NF:%02x CHAN:%02x" 864 " RATE:%02x QOS:%04x\n", ix, ds, (uintmax_t)bf->bf_daddr, 865 le32toh(ds->physnext), le32toh(ds->physbuffdata), 866 ds->rxcontrol, 867 ds->rxcontrol != MALO_RXD_CTRL_DRIVER_OWN ? 868 "" : (status & MALO_RXD_STATUS_OK) ? " *" : " !", 869 ds->status, le16toh(ds->pktlen), ds->snr, ds->nf, ds->channel, 870 ds->rate, le16toh(ds->qosctrl)); 871} 872 873static void 874malo_printtxbuf(const struct malo_txbuf *bf, u_int qnum, u_int ix) 875{ 876 const struct malo_txdesc *ds = bf->bf_desc; 877 uint32_t status = le32toh(ds->status); 878 879 printf("Q%u[%3u]", qnum, ix); 880 printf(" (DS.V:%p DS.P:0x%jx)\n", ds, (uintmax_t)bf->bf_daddr); 881 printf(" NEXT:%08x DATA:%08x LEN:%04x STAT:%08x%s\n", 882 le32toh(ds->physnext), 883 le32toh(ds->pktptr), le16toh(ds->pktlen), status, 884 status & MALO_TXD_STATUS_USED ? 885 "" : (status & 3) != 0 ? " *" : " !"); 886 printf(" RATE:%02x PRI:%x QOS:%04x SAP:%08x FORMAT:%04x\n", 887 ds->datarate, ds->txpriority, le16toh(ds->qosctrl), 888 le32toh(ds->sap_pktinfo), le16toh(ds->format)); 889#if 0 890 { 891 const uint8_t *cp = (const uint8_t *) ds; 892 int i; 893 for (i = 0; i < sizeof(struct malo_txdesc); i++) { 894 printf("%02x ", cp[i]); 895 if (((i+1) % 16) == 0) 896 printf("\n"); 897 } 898 printf("\n"); 899 } 900#endif 901} 902#endif /* MALO_DEBUG */ 903 904static __inline void 905malo_updatetxrate(struct ieee80211_node *ni, int rix) 906{ 907 static const int ieeerates[] = 908 { 2, 4, 11, 22, 44, 12, 18, 24, 36, 48, 96, 108 }; 909 if (rix < nitems(ieeerates)) 910 ni->ni_txrate = ieeerates[rix]; 911} 912 913static int 914malo_fix2rate(int fix_rate) 915{ 916 static const int rates[] = 917 { 2, 4, 11, 22, 12, 18, 24, 36, 48, 96, 108 }; 918 return (fix_rate < nitems(rates) ? rates[fix_rate] : 0); 919} 920 921/* 922 * Process completed xmit descriptors from the specified queue. 923 */ 924static int 925malo_tx_processq(struct malo_softc *sc, struct malo_txq *txq) 926{ 927 struct malo_txbuf *bf; 928 struct malo_txdesc *ds; 929 struct ieee80211_node *ni; 930 int nreaped; 931 uint32_t status; 932 933 DPRINTF(sc, MALO_DEBUG_TX_PROC, "%s: tx queue %u\n", 934 __func__, txq->qnum); 935 for (nreaped = 0;; nreaped++) { 936 MALO_TXQ_LOCK(txq); 937 bf = STAILQ_FIRST(&txq->active); 938 if (bf == NULL) { 939 MALO_TXQ_UNLOCK(txq); 940 break; 941 } 942 ds = bf->bf_desc; 943 MALO_TXDESC_SYNC(txq, ds, 944 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 945 if (ds->status & htole32(MALO_TXD_STATUS_FW_OWNED)) { 946 MALO_TXQ_UNLOCK(txq); 947 break; 948 } 949 STAILQ_REMOVE_HEAD(&txq->active, bf_list); 950 MALO_TXQ_UNLOCK(txq); 951 952#ifdef MALO_DEBUG 953 if (sc->malo_debug & MALO_DEBUG_XMIT_DESC) 954 malo_printtxbuf(bf, txq->qnum, nreaped); 955#endif 956 ni = bf->bf_node; 957 if (ni != NULL) { 958 status = le32toh(ds->status); 959 if (status & MALO_TXD_STATUS_OK) { 960 uint16_t format = le16toh(ds->format); 961 uint8_t txant =_IEEE80211_MASKSHIFT( 962 format, MALO_TXD_ANTENNA); 963 964 sc->malo_stats.mst_ant_tx[txant]++; 965 if (status & MALO_TXD_STATUS_OK_RETRY) 966 sc->malo_stats.mst_tx_retries++; 967 if (status & MALO_TXD_STATUS_OK_MORE_RETRY) 968 sc->malo_stats.mst_tx_mretries++; 969 malo_updatetxrate(ni, ds->datarate); 970 sc->malo_stats.mst_tx_rate = ds->datarate; 971 } else { 972 if (status & MALO_TXD_STATUS_FAILED_LINK_ERROR) 973 sc->malo_stats.mst_tx_linkerror++; 974 if (status & MALO_TXD_STATUS_FAILED_XRETRY) 975 sc->malo_stats.mst_tx_xretries++; 976 if (status & MALO_TXD_STATUS_FAILED_AGING) 977 sc->malo_stats.mst_tx_aging++; 978 } 979 /* XXX strip fw len in case header inspected */ 980 m_adj(bf->bf_m, sizeof(uint16_t)); 981 ieee80211_tx_complete(ni, bf->bf_m, 982 (status & MALO_TXD_STATUS_OK) == 0); 983 } else 984 m_freem(bf->bf_m); 985 986 ds->status = htole32(MALO_TXD_STATUS_IDLE); 987 ds->pktlen = htole32(0); 988 989 bus_dmamap_sync(sc->malo_dmat, bf->bf_dmamap, 990 BUS_DMASYNC_POSTWRITE); 991 bus_dmamap_unload(sc->malo_dmat, bf->bf_dmamap); 992 bf->bf_m = NULL; 993 bf->bf_node = NULL; 994 995 MALO_TXQ_LOCK(txq); 996 STAILQ_INSERT_TAIL(&txq->free, bf, bf_list); 997 txq->nfree++; 998 MALO_TXQ_UNLOCK(txq); 999 } 1000 return nreaped; 1001} 1002 1003/* 1004 * Deferred processing of transmit interrupt. 1005 */ 1006static void 1007malo_tx_proc(void *arg, int npending) 1008{ 1009 struct malo_softc *sc = arg; 1010 int i, nreaped; 1011 1012 /* 1013 * Process each active queue. 1014 */ 1015 nreaped = 0; 1016 MALO_LOCK(sc); 1017 for (i = 0; i < MALO_NUM_TX_QUEUES; i++) { 1018 if (!STAILQ_EMPTY(&sc->malo_txq[i].active)) 1019 nreaped += malo_tx_processq(sc, &sc->malo_txq[i]); 1020 } 1021 1022 if (nreaped != 0) { 1023 sc->malo_timer = 0; 1024 malo_start(sc); 1025 } 1026 MALO_UNLOCK(sc); 1027} 1028 1029static int 1030malo_tx_start(struct malo_softc *sc, struct ieee80211_node *ni, 1031 struct malo_txbuf *bf, struct mbuf *m0) 1032{ 1033#define IS_DATA_FRAME(wh) \ 1034 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK)) == IEEE80211_FC0_TYPE_DATA) 1035 int error, ismcast, iswep; 1036 int copyhdrlen, hdrlen, pktlen; 1037 struct ieee80211_frame *wh; 1038 struct ieee80211com *ic = &sc->malo_ic; 1039 struct ieee80211vap *vap = ni->ni_vap; 1040 struct malo_txdesc *ds; 1041 struct malo_txrec *tr; 1042 struct malo_txq *txq; 1043 uint16_t qos; 1044 1045 wh = mtod(m0, struct ieee80211_frame *); 1046 iswep = wh->i_fc[1] & IEEE80211_FC1_PROTECTED; 1047 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 1048 copyhdrlen = hdrlen = ieee80211_anyhdrsize(wh); 1049 pktlen = m0->m_pkthdr.len; 1050 if (IEEE80211_QOS_HAS_SEQ(wh)) { 1051 qos = *(uint16_t *)ieee80211_getqos(wh); 1052 if (IEEE80211_IS_DSTODS(wh)) 1053 copyhdrlen -= sizeof(qos); 1054 } else 1055 qos = 0; 1056 1057 if (iswep) { 1058 struct ieee80211_key *k; 1059 1060 /* 1061 * Construct the 802.11 header+trailer for an encrypted 1062 * frame. The only reason this can fail is because of an 1063 * unknown or unsupported cipher/key type. 1064 * 1065 * NB: we do this even though the firmware will ignore 1066 * what we've done for WEP and TKIP as we need the 1067 * ExtIV filled in for CCMP and this also adjusts 1068 * the headers which simplifies our work below. 1069 */ 1070 k = ieee80211_crypto_encap(ni, m0); 1071 if (k == NULL) { 1072 /* 1073 * This can happen when the key is yanked after the 1074 * frame was queued. Just discard the frame; the 1075 * 802.11 layer counts failures and provides 1076 * debugging/diagnostics. 1077 */ 1078 m_freem(m0); 1079 return EIO; 1080 } 1081 1082 /* 1083 * Adjust the packet length for the crypto additions 1084 * done during encap and any other bits that the f/w 1085 * will add later on. 1086 */ 1087 pktlen = m0->m_pkthdr.len; 1088 1089 /* packet header may have moved, reset our local pointer */ 1090 wh = mtod(m0, struct ieee80211_frame *); 1091 } 1092 1093 if (ieee80211_radiotap_active_vap(vap)) { 1094 sc->malo_tx_th.wt_flags = 0; /* XXX */ 1095 if (iswep) 1096 sc->malo_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1097 sc->malo_tx_th.wt_txpower = ni->ni_txpower; 1098 sc->malo_tx_th.wt_antenna = sc->malo_txantenna; 1099 1100 ieee80211_radiotap_tx(vap, m0); 1101 } 1102 1103 /* 1104 * Copy up/down the 802.11 header; the firmware requires 1105 * we present a 2-byte payload length followed by a 1106 * 4-address header (w/o QoS), followed (optionally) by 1107 * any WEP/ExtIV header (but only filled in for CCMP). 1108 * We are assured the mbuf has sufficient headroom to 1109 * prepend in-place by the setup of ic_headroom in 1110 * malo_attach. 1111 */ 1112 if (hdrlen < sizeof(struct malo_txrec)) { 1113 const int space = sizeof(struct malo_txrec) - hdrlen; 1114 if (M_LEADINGSPACE(m0) < space) { 1115 /* NB: should never happen */ 1116 device_printf(sc->malo_dev, 1117 "not enough headroom, need %d found %zd, " 1118 "m_flags 0x%x m_len %d\n", 1119 space, M_LEADINGSPACE(m0), m0->m_flags, m0->m_len); 1120 ieee80211_dump_pkt(ic, 1121 mtod(m0, const uint8_t *), m0->m_len, 0, -1); 1122 m_freem(m0); 1123 /* XXX stat */ 1124 return EIO; 1125 } 1126 M_PREPEND(m0, space, M_NOWAIT); 1127 } 1128 tr = mtod(m0, struct malo_txrec *); 1129 if (wh != (struct ieee80211_frame *) &tr->wh) 1130 ovbcopy(wh, &tr->wh, hdrlen); 1131 /* 1132 * Note: the "firmware length" is actually the length of the fully 1133 * formed "802.11 payload". That is, it's everything except for 1134 * the 802.11 header. In particular this includes all crypto 1135 * material including the MIC! 1136 */ 1137 tr->fwlen = htole16(pktlen - hdrlen); 1138 1139 /* 1140 * Load the DMA map so any coalescing is done. This 1141 * also calculates the number of descriptors we need. 1142 */ 1143 error = malo_tx_dmasetup(sc, bf, m0); 1144 if (error != 0) 1145 return error; 1146 bf->bf_node = ni; /* NB: held reference */ 1147 m0 = bf->bf_m; /* NB: may have changed */ 1148 tr = mtod(m0, struct malo_txrec *); 1149 wh = (struct ieee80211_frame *)&tr->wh; 1150 1151 /* 1152 * Formulate tx descriptor. 1153 */ 1154 ds = bf->bf_desc; 1155 txq = bf->bf_txq; 1156 1157 ds->qosctrl = qos; /* NB: already little-endian */ 1158 ds->pktptr = htole32(bf->bf_segs[0].ds_addr); 1159 ds->pktlen = htole16(bf->bf_segs[0].ds_len); 1160 /* NB: pPhysNext setup once, don't touch */ 1161 ds->datarate = IS_DATA_FRAME(wh) ? 1 : 0; 1162 ds->sap_pktinfo = 0; 1163 ds->format = 0; 1164 1165 /* 1166 * Select transmit rate. 1167 */ 1168 switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 1169 case IEEE80211_FC0_TYPE_MGT: 1170 sc->malo_stats.mst_tx_mgmt++; 1171 /* fall thru... */ 1172 case IEEE80211_FC0_TYPE_CTL: 1173 ds->txpriority = 1; 1174 break; 1175 case IEEE80211_FC0_TYPE_DATA: 1176 ds->txpriority = txq->qnum; 1177 break; 1178 default: 1179 device_printf(sc->malo_dev, "bogus frame type 0x%x (%s)\n", 1180 wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK, __func__); 1181 /* XXX statistic */ 1182 m_freem(m0); 1183 return EIO; 1184 } 1185 1186#ifdef MALO_DEBUG 1187 if (IFF_DUMPPKTS_XMIT(sc)) 1188 ieee80211_dump_pkt(ic, 1189 mtod(m0, const uint8_t *)+sizeof(uint16_t), 1190 m0->m_len - sizeof(uint16_t), ds->datarate, -1); 1191#endif 1192 1193 MALO_TXQ_LOCK(txq); 1194 if (!IS_DATA_FRAME(wh)) 1195 ds->status |= htole32(1); 1196 ds->status |= htole32(MALO_TXD_STATUS_FW_OWNED); 1197 STAILQ_INSERT_TAIL(&txq->active, bf, bf_list); 1198 MALO_TXDESC_SYNC(txq, ds, BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); 1199 1200 sc->malo_timer = 5; 1201 MALO_TXQ_UNLOCK(txq); 1202 return 0; 1203} 1204 1205static int 1206malo_transmit(struct ieee80211com *ic, struct mbuf *m) 1207{ 1208 struct malo_softc *sc = ic->ic_softc; 1209 int error; 1210 1211 MALO_LOCK(sc); 1212 if (!sc->malo_running) { 1213 MALO_UNLOCK(sc); 1214 return (ENXIO); 1215 } 1216 error = mbufq_enqueue(&sc->malo_snd, m); 1217 if (error) { 1218 MALO_UNLOCK(sc); 1219 return (error); 1220 } 1221 malo_start(sc); 1222 MALO_UNLOCK(sc); 1223 return (0); 1224} 1225 1226static void 1227malo_start(struct malo_softc *sc) 1228{ 1229 struct ieee80211_node *ni; 1230 struct malo_txq *txq = &sc->malo_txq[0]; 1231 struct malo_txbuf *bf = NULL; 1232 struct mbuf *m; 1233 int nqueued = 0; 1234 1235 MALO_LOCK_ASSERT(sc); 1236 1237 if (!sc->malo_running || sc->malo_invalid) 1238 return; 1239 1240 while ((m = mbufq_dequeue(&sc->malo_snd)) != NULL) { 1241 ni = (struct ieee80211_node *) m->m_pkthdr.rcvif; 1242 bf = malo_getbuf(sc, txq); 1243 if (bf == NULL) { 1244 mbufq_prepend(&sc->malo_snd, m); 1245 sc->malo_stats.mst_tx_qstop++; 1246 break; 1247 } 1248 /* 1249 * Pass the frame to the h/w for transmission. 1250 */ 1251 if (malo_tx_start(sc, ni, bf, m)) { 1252 if_inc_counter(ni->ni_vap->iv_ifp, 1253 IFCOUNTER_OERRORS, 1); 1254 if (bf != NULL) { 1255 bf->bf_m = NULL; 1256 bf->bf_node = NULL; 1257 MALO_TXQ_LOCK(txq); 1258 STAILQ_INSERT_HEAD(&txq->free, bf, bf_list); 1259 MALO_TXQ_UNLOCK(txq); 1260 } 1261 ieee80211_free_node(ni); 1262 continue; 1263 } 1264 nqueued++; 1265 1266 if (nqueued >= malo_txcoalesce) { 1267 /* 1268 * Poke the firmware to process queued frames; 1269 * see below about (lack of) locking. 1270 */ 1271 nqueued = 0; 1272 malo_hal_txstart(sc->malo_mh, 0/*XXX*/); 1273 } 1274 } 1275 1276 if (nqueued) { 1277 /* 1278 * NB: We don't need to lock against tx done because 1279 * this just prods the firmware to check the transmit 1280 * descriptors. The firmware will also start fetching 1281 * descriptors by itself if it notices new ones are 1282 * present when it goes to deliver a tx done interrupt 1283 * to the host. So if we race with tx done processing 1284 * it's ok. Delivering the kick here rather than in 1285 * malo_tx_start is an optimization to avoid poking the 1286 * firmware for each packet. 1287 * 1288 * NB: the queue id isn't used so 0 is ok. 1289 */ 1290 malo_hal_txstart(sc->malo_mh, 0/*XXX*/); 1291 } 1292} 1293 1294static void 1295malo_watchdog(void *arg) 1296{ 1297 struct malo_softc *sc = arg; 1298 1299 callout_reset(&sc->malo_watchdog_timer, hz, malo_watchdog, sc); 1300 if (sc->malo_timer == 0 || --sc->malo_timer > 0) 1301 return; 1302 1303 if (sc->malo_running && !sc->malo_invalid) { 1304 device_printf(sc->malo_dev, "watchdog timeout\n"); 1305 1306 /* XXX no way to reset h/w. now */ 1307 1308 counter_u64_add(sc->malo_ic.ic_oerrors, 1); 1309 sc->malo_stats.mst_watchdog++; 1310 } 1311} 1312 1313static int 1314malo_hal_reset(struct malo_softc *sc) 1315{ 1316 static int first = 0; 1317 struct ieee80211com *ic = &sc->malo_ic; 1318 struct malo_hal *mh = sc->malo_mh; 1319 1320 if (first == 0) { 1321 /* 1322 * NB: when the device firstly is initialized, sometimes 1323 * firmware could override rx/tx dma registers so we re-set 1324 * these values once. 1325 */ 1326 malo_hal_set_rxtxdma(sc); 1327 first = 1; 1328 } 1329 1330 malo_hal_setantenna(mh, MHA_ANTENNATYPE_RX, sc->malo_rxantenna); 1331 malo_hal_setantenna(mh, MHA_ANTENNATYPE_TX, sc->malo_txantenna); 1332 malo_hal_setradio(mh, 1, MHP_AUTO_PREAMBLE); 1333 malo_chan_set(sc, ic->ic_curchan); 1334 1335 /* XXX needs other stuffs? */ 1336 1337 return 1; 1338} 1339 1340static __inline struct mbuf * 1341malo_getrxmbuf(struct malo_softc *sc, struct malo_rxbuf *bf) 1342{ 1343 struct mbuf *m; 1344 bus_addr_t paddr; 1345 int error; 1346 1347 /* XXX don't need mbuf, just dma buffer */ 1348 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE); 1349 if (m == NULL) { 1350 sc->malo_stats.mst_rx_nombuf++; /* XXX */ 1351 return NULL; 1352 } 1353 error = bus_dmamap_load(sc->malo_dmat, bf->bf_dmamap, 1354 mtod(m, caddr_t), MJUMPAGESIZE, 1355 malo_load_cb, &paddr, BUS_DMA_NOWAIT); 1356 if (error != 0) { 1357 device_printf(sc->malo_dev, 1358 "%s: bus_dmamap_load failed, error %d\n", __func__, error); 1359 m_freem(m); 1360 return NULL; 1361 } 1362 bf->bf_data = paddr; 1363 bus_dmamap_sync(sc->malo_dmat, bf->bf_dmamap, BUS_DMASYNC_PREWRITE); 1364 1365 return m; 1366} 1367 1368static int 1369malo_rxbuf_init(struct malo_softc *sc, struct malo_rxbuf *bf) 1370{ 1371 struct malo_rxdesc *ds; 1372 1373 ds = bf->bf_desc; 1374 if (bf->bf_m == NULL) { 1375 bf->bf_m = malo_getrxmbuf(sc, bf); 1376 if (bf->bf_m == NULL) { 1377 /* mark descriptor to be skipped */ 1378 ds->rxcontrol = MALO_RXD_CTRL_OS_OWN; 1379 /* NB: don't need PREREAD */ 1380 MALO_RXDESC_SYNC(sc, ds, BUS_DMASYNC_PREWRITE); 1381 return ENOMEM; 1382 } 1383 } 1384 1385 /* 1386 * Setup descriptor. 1387 */ 1388 ds->qosctrl = 0; 1389 ds->snr = 0; 1390 ds->status = MALO_RXD_STATUS_IDLE; 1391 ds->channel = 0; 1392 ds->pktlen = htole16(MALO_RXSIZE); 1393 ds->nf = 0; 1394 ds->physbuffdata = htole32(bf->bf_data); 1395 /* NB: don't touch pPhysNext, set once */ 1396 ds->rxcontrol = MALO_RXD_CTRL_DRIVER_OWN; 1397 MALO_RXDESC_SYNC(sc, ds, BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); 1398 1399 return 0; 1400} 1401 1402/* 1403 * Setup the rx data structures. This should only be done once or we may get 1404 * out of sync with the firmware. 1405 */ 1406static int 1407malo_startrecv(struct malo_softc *sc) 1408{ 1409 struct malo_rxbuf *bf, *prev; 1410 struct malo_rxdesc *ds; 1411 1412 if (sc->malo_recvsetup == 1) { 1413 malo_mode_init(sc); /* set filters, etc. */ 1414 return 0; 1415 } 1416 1417 prev = NULL; 1418 STAILQ_FOREACH(bf, &sc->malo_rxbuf, bf_list) { 1419 int error = malo_rxbuf_init(sc, bf); 1420 if (error != 0) { 1421 DPRINTF(sc, MALO_DEBUG_RECV, 1422 "%s: malo_rxbuf_init failed %d\n", 1423 __func__, error); 1424 return error; 1425 } 1426 if (prev != NULL) { 1427 ds = prev->bf_desc; 1428 ds->physnext = htole32(bf->bf_daddr); 1429 } 1430 prev = bf; 1431 } 1432 if (prev != NULL) { 1433 ds = prev->bf_desc; 1434 ds->physnext = 1435 htole32(STAILQ_FIRST(&sc->malo_rxbuf)->bf_daddr); 1436 } 1437 1438 sc->malo_recvsetup = 1; 1439 1440 malo_mode_init(sc); /* set filters, etc. */ 1441 1442 return 0; 1443} 1444 1445static void 1446malo_init_locked(struct malo_softc *sc) 1447{ 1448 struct malo_hal *mh = sc->malo_mh; 1449 int error; 1450 1451 MALO_LOCK_ASSERT(sc); 1452 1453 /* 1454 * Stop anything previously setup. This is safe whether this is 1455 * the first time through or not. 1456 */ 1457 malo_stop(sc); 1458 1459 /* 1460 * Push state to the firmware. 1461 */ 1462 if (!malo_hal_reset(sc)) { 1463 device_printf(sc->malo_dev, 1464 "%s: unable to reset hardware\n", __func__); 1465 return; 1466 } 1467 1468 /* 1469 * Setup recv (once); transmit is already good to go. 1470 */ 1471 error = malo_startrecv(sc); 1472 if (error != 0) { 1473 device_printf(sc->malo_dev, 1474 "%s: unable to start recv logic, error %d\n", 1475 __func__, error); 1476 return; 1477 } 1478 1479 /* 1480 * Enable interrupts. 1481 */ 1482 sc->malo_imask = MALO_A2HRIC_BIT_RX_RDY 1483 | MALO_A2HRIC_BIT_TX_DONE 1484 | MALO_A2HRIC_BIT_OPC_DONE 1485 | MALO_A2HRIC_BIT_MAC_EVENT 1486 | MALO_A2HRIC_BIT_RX_PROBLEM 1487 | MALO_A2HRIC_BIT_ICV_ERROR 1488 | MALO_A2HRIC_BIT_RADAR_DETECT 1489 | MALO_A2HRIC_BIT_CHAN_SWITCH; 1490 1491 sc->malo_running = 1; 1492 malo_hal_intrset(mh, sc->malo_imask); 1493 callout_reset(&sc->malo_watchdog_timer, hz, malo_watchdog, sc); 1494} 1495 1496static void 1497malo_init(void *arg) 1498{ 1499 struct malo_softc *sc = (struct malo_softc *) arg; 1500 struct ieee80211com *ic = &sc->malo_ic; 1501 1502 MALO_LOCK(sc); 1503 malo_init_locked(sc); 1504 MALO_UNLOCK(sc); 1505 1506 if (sc->malo_running) 1507 ieee80211_start_all(ic); /* start all vap's */ 1508} 1509 1510/* 1511 * Set the multicast filter contents into the hardware. 1512 */ 1513static void 1514malo_setmcastfilter(struct malo_softc *sc) 1515{ 1516 struct ieee80211com *ic = &sc->malo_ic; 1517 struct ieee80211vap *vap; 1518 uint8_t macs[IEEE80211_ADDR_LEN * MALO_HAL_MCAST_MAX]; 1519 uint8_t *mp; 1520 int nmc; 1521 1522 mp = macs; 1523 nmc = 0; 1524 1525 if (ic->ic_opmode == IEEE80211_M_MONITOR || ic->ic_allmulti > 0 || 1526 ic->ic_promisc > 0) 1527 goto all; 1528 1529 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 1530 struct ifnet *ifp; 1531 struct ifmultiaddr *ifma; 1532 1533 ifp = vap->iv_ifp; 1534 if_maddr_rlock(ifp); 1535 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 1536 if (ifma->ifma_addr->sa_family != AF_LINK) 1537 continue; 1538 1539 if (nmc == MALO_HAL_MCAST_MAX) { 1540 ifp->if_flags |= IFF_ALLMULTI; 1541 if_maddr_runlock(ifp); 1542 goto all; 1543 } 1544 IEEE80211_ADDR_COPY(mp, 1545 LLADDR((struct sockaddr_dl *)ifma->ifma_addr)); 1546 1547 mp += IEEE80211_ADDR_LEN, nmc++; 1548 } 1549 if_maddr_runlock(ifp); 1550 } 1551 1552 malo_hal_setmcast(sc->malo_mh, nmc, macs); 1553 1554all: 1555 /* 1556 * XXX we don't know how to set the f/w for supporting 1557 * IFF_ALLMULTI | IFF_PROMISC cases 1558 */ 1559 return; 1560} 1561 1562static int 1563malo_mode_init(struct malo_softc *sc) 1564{ 1565 struct ieee80211com *ic = &sc->malo_ic; 1566 struct malo_hal *mh = sc->malo_mh; 1567 1568 malo_hal_setpromisc(mh, ic->ic_promisc > 0); 1569 malo_setmcastfilter(sc); 1570 1571 return ENXIO; 1572} 1573 1574static void 1575malo_tx_draintxq(struct malo_softc *sc, struct malo_txq *txq) 1576{ 1577 struct ieee80211_node *ni; 1578 struct malo_txbuf *bf; 1579 u_int ix; 1580 1581 /* 1582 * NB: this assumes output has been stopped and 1583 * we do not need to block malo_tx_tasklet 1584 */ 1585 for (ix = 0;; ix++) { 1586 MALO_TXQ_LOCK(txq); 1587 bf = STAILQ_FIRST(&txq->active); 1588 if (bf == NULL) { 1589 MALO_TXQ_UNLOCK(txq); 1590 break; 1591 } 1592 STAILQ_REMOVE_HEAD(&txq->active, bf_list); 1593 MALO_TXQ_UNLOCK(txq); 1594#ifdef MALO_DEBUG 1595 if (sc->malo_debug & MALO_DEBUG_RESET) { 1596 struct ieee80211com *ic = &sc->malo_ic; 1597 const struct malo_txrec *tr = 1598 mtod(bf->bf_m, const struct malo_txrec *); 1599 malo_printtxbuf(bf, txq->qnum, ix); 1600 ieee80211_dump_pkt(ic, (const uint8_t *)&tr->wh, 1601 bf->bf_m->m_len - sizeof(tr->fwlen), 0, -1); 1602 } 1603#endif /* MALO_DEBUG */ 1604 bus_dmamap_unload(sc->malo_dmat, bf->bf_dmamap); 1605 ni = bf->bf_node; 1606 bf->bf_node = NULL; 1607 if (ni != NULL) { 1608 /* 1609 * Reclaim node reference. 1610 */ 1611 ieee80211_free_node(ni); 1612 } 1613 m_freem(bf->bf_m); 1614 bf->bf_m = NULL; 1615 1616 MALO_TXQ_LOCK(txq); 1617 STAILQ_INSERT_TAIL(&txq->free, bf, bf_list); 1618 txq->nfree++; 1619 MALO_TXQ_UNLOCK(txq); 1620 } 1621} 1622 1623static void 1624malo_stop(struct malo_softc *sc) 1625{ 1626 struct malo_hal *mh = sc->malo_mh; 1627 int i; 1628 1629 DPRINTF(sc, MALO_DEBUG_ANY, "%s: invalid %u running %u\n", 1630 __func__, sc->malo_invalid, sc->malo_running); 1631 1632 MALO_LOCK_ASSERT(sc); 1633 1634 if (!sc->malo_running) 1635 return; 1636 1637 /* 1638 * Shutdown the hardware and driver: 1639 * disable interrupts 1640 * turn off the radio 1641 * drain and release tx queues 1642 * 1643 * Note that some of this work is not possible if the hardware 1644 * is gone (invalid). 1645 */ 1646 sc->malo_running = 0; 1647 callout_stop(&sc->malo_watchdog_timer); 1648 sc->malo_timer = 0; 1649 /* disable interrupt. */ 1650 malo_hal_intrset(mh, 0); 1651 /* turn off the radio. */ 1652 malo_hal_setradio(mh, 0, MHP_AUTO_PREAMBLE); 1653 1654 /* drain and release tx queues. */ 1655 for (i = 0; i < MALO_NUM_TX_QUEUES; i++) 1656 malo_tx_draintxq(sc, &sc->malo_txq[i]); 1657} 1658 1659static void 1660malo_parent(struct ieee80211com *ic) 1661{ 1662 struct malo_softc *sc = ic->ic_softc; 1663 int startall = 0; 1664 1665 MALO_LOCK(sc); 1666 if (ic->ic_nrunning > 0) { 1667 /* 1668 * Beware of being called during attach/detach 1669 * to reset promiscuous mode. In that case we 1670 * will still be marked UP but not RUNNING. 1671 * However trying to re-init the interface 1672 * is the wrong thing to do as we've already 1673 * torn down much of our state. There's 1674 * probably a better way to deal with this. 1675 */ 1676 if (!sc->malo_running && !sc->malo_invalid) { 1677 malo_init(sc); 1678 startall = 1; 1679 } 1680 /* 1681 * To avoid rescanning another access point, 1682 * do not call malo_init() here. Instead, 1683 * only reflect promisc mode settings. 1684 */ 1685 malo_mode_init(sc); 1686 } else if (sc->malo_running) 1687 malo_stop(sc); 1688 MALO_UNLOCK(sc); 1689 if (startall) 1690 ieee80211_start_all(ic); 1691} 1692 1693/* 1694 * Callback from the 802.11 layer to update the slot time 1695 * based on the current setting. We use it to notify the 1696 * firmware of ERP changes and the f/w takes care of things 1697 * like slot time and preamble. 1698 */ 1699static void 1700malo_updateslot(struct ieee80211com *ic) 1701{ 1702 struct malo_softc *sc = ic->ic_softc; 1703 struct malo_hal *mh = sc->malo_mh; 1704 int error; 1705 1706 /* NB: can be called early; suppress needless cmds */ 1707 if (!sc->malo_running) 1708 return; 1709 1710 DPRINTF(sc, MALO_DEBUG_RESET, 1711 "%s: chan %u MHz/flags 0x%x %s slot, (ic_flags 0x%x)\n", 1712 __func__, ic->ic_curchan->ic_freq, ic->ic_curchan->ic_flags, 1713 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", ic->ic_flags); 1714 1715 if (ic->ic_flags & IEEE80211_F_SHSLOT) 1716 error = malo_hal_set_slot(mh, 1); 1717 else 1718 error = malo_hal_set_slot(mh, 0); 1719 1720 if (error != 0) 1721 device_printf(sc->malo_dev, "setting %s slot failed\n", 1722 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long"); 1723} 1724 1725static int 1726malo_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1727{ 1728 struct ieee80211com *ic = vap->iv_ic; 1729 struct malo_softc *sc = ic->ic_softc; 1730 struct malo_hal *mh = sc->malo_mh; 1731 int error; 1732 1733 DPRINTF(sc, MALO_DEBUG_STATE, "%s: %s -> %s\n", __func__, 1734 ieee80211_state_name[vap->iv_state], 1735 ieee80211_state_name[nstate]); 1736 1737 /* 1738 * Invoke the net80211 layer first so iv_bss is setup. 1739 */ 1740 error = MALO_VAP(vap)->malo_newstate(vap, nstate, arg); 1741 if (error != 0) 1742 return error; 1743 1744 if (nstate == IEEE80211_S_RUN && vap->iv_state != IEEE80211_S_RUN) { 1745 struct ieee80211_node *ni = vap->iv_bss; 1746 enum ieee80211_phymode mode = ieee80211_chan2mode(ni->ni_chan); 1747 const struct ieee80211_txparam *tp = &vap->iv_txparms[mode]; 1748 1749 DPRINTF(sc, MALO_DEBUG_STATE, 1750 "%s: %s(RUN): iv_flags 0x%08x bintvl %d bssid %s " 1751 "capinfo 0x%04x chan %d associd 0x%x mode %d rate %d\n", 1752 vap->iv_ifp->if_xname, __func__, vap->iv_flags, 1753 ni->ni_intval, ether_sprintf(ni->ni_bssid), ni->ni_capinfo, 1754 ieee80211_chan2ieee(ic, ic->ic_curchan), 1755 ni->ni_associd, mode, tp->ucastrate); 1756 1757 malo_hal_setradio(mh, 1, 1758 (ic->ic_flags & IEEE80211_F_SHPREAMBLE) ? 1759 MHP_SHORT_PREAMBLE : MHP_LONG_PREAMBLE); 1760 malo_hal_setassocid(sc->malo_mh, ni->ni_bssid, ni->ni_associd); 1761 malo_hal_set_rate(mh, mode, 1762 tp->ucastrate == IEEE80211_FIXED_RATE_NONE ? 1763 0 : malo_fix2rate(tp->ucastrate)); 1764 } 1765 return 0; 1766} 1767 1768static int 1769malo_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 1770 const struct ieee80211_bpf_params *params) 1771{ 1772 struct ieee80211com *ic = ni->ni_ic; 1773 struct malo_softc *sc = ic->ic_softc; 1774 struct malo_txbuf *bf; 1775 struct malo_txq *txq; 1776 1777 if (!sc->malo_running || sc->malo_invalid) { 1778 m_freem(m); 1779 return ENETDOWN; 1780 } 1781 1782 /* 1783 * Grab a TX buffer and associated resources. Note that we depend 1784 * on the classification by the 802.11 layer to get to the right h/w 1785 * queue. Management frames must ALWAYS go on queue 1 but we 1786 * cannot just force that here because we may receive non-mgt frames. 1787 */ 1788 txq = &sc->malo_txq[0]; 1789 bf = malo_getbuf(sc, txq); 1790 if (bf == NULL) { 1791 m_freem(m); 1792 return ENOBUFS; 1793 } 1794 1795 /* 1796 * Pass the frame to the h/w for transmission. 1797 */ 1798 if (malo_tx_start(sc, ni, bf, m) != 0) { 1799 bf->bf_m = NULL; 1800 bf->bf_node = NULL; 1801 MALO_TXQ_LOCK(txq); 1802 STAILQ_INSERT_HEAD(&txq->free, bf, bf_list); 1803 txq->nfree++; 1804 MALO_TXQ_UNLOCK(txq); 1805 1806 return EIO; /* XXX */ 1807 } 1808 1809 /* 1810 * NB: We don't need to lock against tx done because this just 1811 * prods the firmware to check the transmit descriptors. The firmware 1812 * will also start fetching descriptors by itself if it notices 1813 * new ones are present when it goes to deliver a tx done interrupt 1814 * to the host. So if we race with tx done processing it's ok. 1815 * Delivering the kick here rather than in malo_tx_start is 1816 * an optimization to avoid poking the firmware for each packet. 1817 * 1818 * NB: the queue id isn't used so 0 is ok. 1819 */ 1820 malo_hal_txstart(sc->malo_mh, 0/*XXX*/); 1821 1822 return 0; 1823} 1824 1825static void 1826malo_sysctlattach(struct malo_softc *sc) 1827{ 1828#ifdef MALO_DEBUG 1829 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->malo_dev); 1830 struct sysctl_oid *tree = device_get_sysctl_tree(sc->malo_dev); 1831 1832 sc->malo_debug = malo_debug; 1833 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO, 1834 "debug", CTLFLAG_RW, &sc->malo_debug, 0, 1835 "control debugging printfs"); 1836#endif 1837} 1838 1839static void 1840malo_announce(struct malo_softc *sc) 1841{ 1842 1843 device_printf(sc->malo_dev, 1844 "versions [hw %d fw %d.%d.%d.%d] (regioncode %d)\n", 1845 sc->malo_hwspecs.hwversion, 1846 (sc->malo_hwspecs.fw_releasenum >> 24) & 0xff, 1847 (sc->malo_hwspecs.fw_releasenum >> 16) & 0xff, 1848 (sc->malo_hwspecs.fw_releasenum >> 8) & 0xff, 1849 (sc->malo_hwspecs.fw_releasenum >> 0) & 0xff, 1850 sc->malo_hwspecs.regioncode); 1851 1852 if (bootverbose || malo_rxbuf != MALO_RXBUF) 1853 device_printf(sc->malo_dev, 1854 "using %u rx buffers\n", malo_rxbuf); 1855 if (bootverbose || malo_txbuf != MALO_TXBUF) 1856 device_printf(sc->malo_dev, 1857 "using %u tx buffers\n", malo_txbuf); 1858} 1859 1860/* 1861 * Convert net80211 channel to a HAL channel. 1862 */ 1863static void 1864malo_mapchan(struct malo_hal_channel *hc, const struct ieee80211_channel *chan) 1865{ 1866 hc->channel = chan->ic_ieee; 1867 1868 *(uint32_t *)&hc->flags = 0; 1869 if (IEEE80211_IS_CHAN_2GHZ(chan)) 1870 hc->flags.freqband = MALO_FREQ_BAND_2DOT4GHZ; 1871} 1872 1873/* 1874 * Set/change channels. If the channel is really being changed, 1875 * it's done by reseting the chip. To accomplish this we must 1876 * first cleanup any pending DMA, then restart stuff after a la 1877 * malo_init. 1878 */ 1879static int 1880malo_chan_set(struct malo_softc *sc, struct ieee80211_channel *chan) 1881{ 1882 struct malo_hal *mh = sc->malo_mh; 1883 struct malo_hal_channel hchan; 1884 1885 DPRINTF(sc, MALO_DEBUG_RESET, "%s: chan %u MHz/flags 0x%x\n", 1886 __func__, chan->ic_freq, chan->ic_flags); 1887 1888 /* 1889 * Convert to a HAL channel description with the flags constrained 1890 * to reflect the current operating mode. 1891 */ 1892 malo_mapchan(&hchan, chan); 1893 malo_hal_intrset(mh, 0); /* disable interrupts */ 1894 malo_hal_setchannel(mh, &hchan); 1895 malo_hal_settxpower(mh, &hchan); 1896 1897 /* 1898 * Update internal state. 1899 */ 1900 sc->malo_tx_th.wt_chan_freq = htole16(chan->ic_freq); 1901 sc->malo_rx_th.wr_chan_freq = htole16(chan->ic_freq); 1902 if (IEEE80211_IS_CHAN_ANYG(chan)) { 1903 sc->malo_tx_th.wt_chan_flags = htole16(IEEE80211_CHAN_G); 1904 sc->malo_rx_th.wr_chan_flags = htole16(IEEE80211_CHAN_G); 1905 } else { 1906 sc->malo_tx_th.wt_chan_flags = htole16(IEEE80211_CHAN_B); 1907 sc->malo_rx_th.wr_chan_flags = htole16(IEEE80211_CHAN_B); 1908 } 1909 sc->malo_curchan = hchan; 1910 malo_hal_intrset(mh, sc->malo_imask); 1911 1912 return 0; 1913} 1914 1915static void 1916malo_scan_start(struct ieee80211com *ic) 1917{ 1918 struct malo_softc *sc = ic->ic_softc; 1919 1920 DPRINTF(sc, MALO_DEBUG_STATE, "%s\n", __func__); 1921} 1922 1923static void 1924malo_scan_end(struct ieee80211com *ic) 1925{ 1926 struct malo_softc *sc = ic->ic_softc; 1927 1928 DPRINTF(sc, MALO_DEBUG_STATE, "%s\n", __func__); 1929} 1930 1931static void 1932malo_set_channel(struct ieee80211com *ic) 1933{ 1934 struct malo_softc *sc = ic->ic_softc; 1935 1936 (void) malo_chan_set(sc, ic->ic_curchan); 1937} 1938 1939static void 1940malo_rx_proc(void *arg, int npending) 1941{ 1942 struct malo_softc *sc = arg; 1943 struct ieee80211com *ic = &sc->malo_ic; 1944 struct malo_rxbuf *bf; 1945 struct malo_rxdesc *ds; 1946 struct mbuf *m, *mnew; 1947 struct ieee80211_qosframe *wh; 1948 struct ieee80211_node *ni; 1949 int off, len, hdrlen, pktlen, rssi, ntodo; 1950 uint8_t *data, status; 1951 uint32_t readptr, writeptr; 1952 1953 DPRINTF(sc, MALO_DEBUG_RX_PROC, 1954 "%s: pending %u rdptr(0x%x) 0x%x wrptr(0x%x) 0x%x\n", 1955 __func__, npending, 1956 sc->malo_hwspecs.rxdesc_read, 1957 malo_bar0_read4(sc, sc->malo_hwspecs.rxdesc_read), 1958 sc->malo_hwspecs.rxdesc_write, 1959 malo_bar0_read4(sc, sc->malo_hwspecs.rxdesc_write)); 1960 1961 readptr = malo_bar0_read4(sc, sc->malo_hwspecs.rxdesc_read); 1962 writeptr = malo_bar0_read4(sc, sc->malo_hwspecs.rxdesc_write); 1963 if (readptr == writeptr) 1964 return; 1965 1966 bf = sc->malo_rxnext; 1967 for (ntodo = malo_rxquota; ntodo > 0 && readptr != writeptr; ntodo--) { 1968 if (bf == NULL) { 1969 bf = STAILQ_FIRST(&sc->malo_rxbuf); 1970 break; 1971 } 1972 ds = bf->bf_desc; 1973 if (bf->bf_m == NULL) { 1974 /* 1975 * If data allocation failed previously there 1976 * will be no buffer; try again to re-populate it. 1977 * Note the firmware will not advance to the next 1978 * descriptor with a dma buffer so we must mimic 1979 * this or we'll get out of sync. 1980 */ 1981 DPRINTF(sc, MALO_DEBUG_ANY, 1982 "%s: rx buf w/o dma memory\n", __func__); 1983 (void)malo_rxbuf_init(sc, bf); 1984 break; 1985 } 1986 MALO_RXDESC_SYNC(sc, ds, 1987 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 1988 if (ds->rxcontrol != MALO_RXD_CTRL_DMA_OWN) 1989 break; 1990 1991 readptr = le32toh(ds->physnext); 1992 1993#ifdef MALO_DEBUG 1994 if (sc->malo_debug & MALO_DEBUG_RECV_DESC) 1995 malo_printrxbuf(bf, 0); 1996#endif 1997 status = ds->status; 1998 if (status & MALO_RXD_STATUS_DECRYPT_ERR_MASK) { 1999 counter_u64_add(ic->ic_ierrors, 1); 2000 goto rx_next; 2001 } 2002 /* 2003 * Sync the data buffer. 2004 */ 2005 len = le16toh(ds->pktlen); 2006 bus_dmamap_sync(sc->malo_dmat, bf->bf_dmamap, 2007 BUS_DMASYNC_POSTREAD); 2008 /* 2009 * The 802.11 header is provided all or in part at the front; 2010 * use it to calculate the true size of the header that we'll 2011 * construct below. We use this to figure out where to copy 2012 * payload prior to constructing the header. 2013 */ 2014 m = bf->bf_m; 2015 data = mtod(m, uint8_t *); 2016 hdrlen = ieee80211_anyhdrsize(data + sizeof(uint16_t)); 2017 off = sizeof(uint16_t) + sizeof(struct ieee80211_frame_addr4); 2018 2019 /* 2020 * Calculate RSSI. XXX wrong 2021 */ 2022 rssi = 2 * ((int) ds->snr - ds->nf); /* NB: .5 dBm */ 2023 if (rssi > 100) 2024 rssi = 100; 2025 2026 pktlen = hdrlen + (len - off); 2027 /* 2028 * NB: we know our frame is at least as large as 2029 * IEEE80211_MIN_LEN because there is a 4-address frame at 2030 * the front. Hence there's no need to vet the packet length. 2031 * If the frame in fact is too small it should be discarded 2032 * at the net80211 layer. 2033 */ 2034 2035 /* XXX don't need mbuf, just dma buffer */ 2036 mnew = malo_getrxmbuf(sc, bf); 2037 if (mnew == NULL) { 2038 counter_u64_add(ic->ic_ierrors, 1); 2039 goto rx_next; 2040 } 2041 /* 2042 * Attach the dma buffer to the mbuf; malo_rxbuf_init will 2043 * re-setup the rx descriptor using the replacement dma 2044 * buffer we just installed above. 2045 */ 2046 bf->bf_m = mnew; 2047 m->m_data += off - hdrlen; 2048 m->m_pkthdr.len = m->m_len = pktlen; 2049 2050 /* 2051 * Piece 802.11 header together. 2052 */ 2053 wh = mtod(m, struct ieee80211_qosframe *); 2054 /* NB: don't need to do this sometimes but ... */ 2055 /* XXX special case so we can memcpy after m_devget? */ 2056 ovbcopy(data + sizeof(uint16_t), wh, hdrlen); 2057 if (IEEE80211_QOS_HAS_SEQ(wh)) 2058 *(uint16_t *)ieee80211_getqos(wh) = ds->qosctrl; 2059 if (ieee80211_radiotap_active(ic)) { 2060 sc->malo_rx_th.wr_flags = 0; 2061 sc->malo_rx_th.wr_rate = ds->rate; 2062 sc->malo_rx_th.wr_antsignal = rssi; 2063 sc->malo_rx_th.wr_antnoise = ds->nf; 2064 } 2065#ifdef MALO_DEBUG 2066 if (IFF_DUMPPKTS_RECV(sc, wh)) { 2067 ieee80211_dump_pkt(ic, mtod(m, caddr_t), 2068 len, ds->rate, rssi); 2069 } 2070#endif 2071 /* dispatch */ 2072 ni = ieee80211_find_rxnode(ic, 2073 (struct ieee80211_frame_min *)wh); 2074 if (ni != NULL) { 2075 (void) ieee80211_input(ni, m, rssi, ds->nf); 2076 ieee80211_free_node(ni); 2077 } else 2078 (void) ieee80211_input_all(ic, m, rssi, ds->nf); 2079rx_next: 2080 /* NB: ignore ENOMEM so we process more descriptors */ 2081 (void) malo_rxbuf_init(sc, bf); 2082 bf = STAILQ_NEXT(bf, bf_list); 2083 } 2084 2085 malo_bar0_write4(sc, sc->malo_hwspecs.rxdesc_read, readptr); 2086 sc->malo_rxnext = bf; 2087 2088 if (mbufq_first(&sc->malo_snd) != NULL) 2089 malo_start(sc); 2090} 2091 2092/* 2093 * Reclaim all tx queue resources. 2094 */ 2095static void 2096malo_tx_cleanup(struct malo_softc *sc) 2097{ 2098 int i; 2099 2100 for (i = 0; i < MALO_NUM_TX_QUEUES; i++) 2101 malo_tx_cleanupq(sc, &sc->malo_txq[i]); 2102} 2103 2104int 2105malo_detach(struct malo_softc *sc) 2106{ 2107 struct ieee80211com *ic = &sc->malo_ic; 2108 2109 malo_stop(sc); 2110 2111 if (sc->malo_tq != NULL) { 2112 taskqueue_drain(sc->malo_tq, &sc->malo_rxtask); 2113 taskqueue_drain(sc->malo_tq, &sc->malo_txtask); 2114 taskqueue_free(sc->malo_tq); 2115 sc->malo_tq = NULL; 2116 } 2117 2118 /* 2119 * NB: the order of these is important: 2120 * o call the 802.11 layer before detaching the hal to 2121 * insure callbacks into the driver to delete global 2122 * key cache entries can be handled 2123 * o reclaim the tx queue data structures after calling 2124 * the 802.11 layer as we'll get called back to reclaim 2125 * node state and potentially want to use them 2126 * o to cleanup the tx queues the hal is called, so detach 2127 * it last 2128 * Other than that, it's straightforward... 2129 */ 2130 ieee80211_ifdetach(ic); 2131 callout_drain(&sc->malo_watchdog_timer); 2132 malo_dma_cleanup(sc); 2133 malo_tx_cleanup(sc); 2134 malo_hal_detach(sc->malo_mh); 2135 mbufq_drain(&sc->malo_snd); 2136 MALO_LOCK_DESTROY(sc); 2137 2138 return 0; 2139} 2140 2141void 2142malo_shutdown(struct malo_softc *sc) 2143{ 2144 2145 malo_stop(sc); 2146} 2147 2148void 2149malo_suspend(struct malo_softc *sc) 2150{ 2151 2152 malo_stop(sc); 2153} 2154 2155void 2156malo_resume(struct malo_softc *sc) 2157{ 2158 2159 if (sc->malo_ic.ic_nrunning > 0) 2160 malo_init(sc); 2161} 2162