1/* $NetBSD: atw.c,v 1.152 2010/11/13 08:54:23 uebayasi Exp $ */ 2 3/*- 4 * Copyright (c) 1998, 1999, 2000, 2002, 2003, 2004 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by David Young, by Jason R. Thorpe, and by Charles M. Hannum. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32/* 33 * Device driver for the ADMtek ADM8211 802.11 MAC/BBP. 34 */ 35 36#include <sys/cdefs.h> 37__KERNEL_RCSID(0, "$NetBSD: atw.c,v 1.152 2010/11/13 08:54:23 uebayasi Exp $"); 38 39 40#include <sys/param.h> 41#include <sys/systm.h> 42#include <sys/callout.h> 43#include <sys/mbuf.h> 44#include <sys/malloc.h> 45#include <sys/kernel.h> 46#include <sys/socket.h> 47#include <sys/ioctl.h> 48#include <sys/errno.h> 49#include <sys/device.h> 50#include <sys/kauth.h> 51#include <sys/time.h> 52#include <sys/proc.h> 53#include <lib/libkern/libkern.h> 54 55#include <machine/endian.h> 56 57#include <net/if.h> 58#include <net/if_dl.h> 59#include <net/if_media.h> 60#include <net/if_ether.h> 61 62#include <net80211/ieee80211_netbsd.h> 63#include <net80211/ieee80211_var.h> 64#include <net80211/ieee80211_radiotap.h> 65 66#include <net/bpf.h> 67 68#include <sys/bus.h> 69#include <sys/intr.h> 70 71#include <dev/ic/atwreg.h> 72#include <dev/ic/rf3000reg.h> 73#include <dev/ic/si4136reg.h> 74#include <dev/ic/atwvar.h> 75#include <dev/ic/smc93cx6var.h> 76 77/* XXX TBD open questions 78 * 79 * 80 * When should I set DSSS PAD in reg 0x15 of RF3000? In 1-2Mbps 81 * modes only, or all modes (5.5-11 Mbps CCK modes, too?) Does the MAC 82 * handle this for me? 83 * 84 */ 85/* device attachment 86 * 87 * print TOFS[012] 88 * 89 * device initialization 90 * 91 * clear ATW_FRCTL_MAXPSP to disable max power saving 92 * set ATW_TXBR_ALCUPDATE to enable ALC 93 * set TOFS[012]? (hope not) 94 * disable rx/tx 95 * set ATW_PAR_SWR (software reset) 96 * wait for ATW_PAR_SWR clear 97 * disable interrupts 98 * ack status register 99 * enable interrupts 100 * 101 * rx/tx initialization 102 * 103 * disable rx/tx w/ ATW_NAR_SR, ATW_NAR_ST 104 * allocate and init descriptor rings 105 * write ATW_PAR_DSL (descriptor skip length) 106 * write descriptor base addrs: ATW_TDBD, ATW_TDBP, write ATW_RDB 107 * write ATW_NAR_SQ for one/both transmit descriptor rings 108 * write ATW_NAR_SQ for one/both transmit descriptor rings 109 * enable rx/tx w/ ATW_NAR_SR, ATW_NAR_ST 110 * 111 * rx/tx end 112 * 113 * stop DMA 114 * disable rx/tx w/ ATW_NAR_SR, ATW_NAR_ST 115 * flush tx w/ ATW_NAR_HF 116 * 117 * scan 118 * 119 * initialize rx/tx 120 * 121 * BSS join: (re)association response 122 * 123 * set ATW_FRCTL_AID 124 * 125 * optimizations ??? 126 * 127 */ 128 129#define ATW_REFSLAVE /* slavishly do what the reference driver does */ 130 131int atw_pseudo_milli = 1; 132int atw_magic_delay1 = 100 * 1000; 133int atw_magic_delay2 = 100 * 1000; 134/* more magic multi-millisecond delays (units: microseconds) */ 135int atw_nar_delay = 20 * 1000; 136int atw_magic_delay4 = 10 * 1000; 137int atw_rf_delay1 = 10 * 1000; 138int atw_rf_delay2 = 5 * 1000; 139int atw_plcphd_delay = 2 * 1000; 140int atw_bbp_io_enable_delay = 20 * 1000; 141int atw_bbp_io_disable_delay = 2 * 1000; 142int atw_writewep_delay = 1000; 143int atw_beacon_len_adjust = 4; 144int atw_dwelltime = 200; 145int atw_xindiv2 = 0; 146 147#ifdef ATW_DEBUG 148int atw_debug = 0; 149 150#define ATW_DPRINTF(x) if (atw_debug > 0) printf x 151#define ATW_DPRINTF2(x) if (atw_debug > 1) printf x 152#define ATW_DPRINTF3(x) if (atw_debug > 2) printf x 153#define DPRINTF(sc, x) if ((sc)->sc_if.if_flags & IFF_DEBUG) printf x 154#define DPRINTF2(sc, x) if ((sc)->sc_if.if_flags & IFF_DEBUG) ATW_DPRINTF2(x) 155#define DPRINTF3(sc, x) if ((sc)->sc_if.if_flags & IFF_DEBUG) ATW_DPRINTF3(x) 156 157static void atw_dump_pkt(struct ifnet *, struct mbuf *); 158static void atw_print_regs(struct atw_softc *, const char *); 159 160/* Note well: I never got atw_rf3000_read or atw_si4126_read to work. */ 161# ifdef ATW_BBPDEBUG 162static void atw_rf3000_print(struct atw_softc *); 163static int atw_rf3000_read(struct atw_softc *sc, u_int, u_int *); 164# endif /* ATW_BBPDEBUG */ 165 166# ifdef ATW_SYNDEBUG 167static void atw_si4126_print(struct atw_softc *); 168static int atw_si4126_read(struct atw_softc *, u_int, u_int *); 169# endif /* ATW_SYNDEBUG */ 170 171#else 172#define ATW_DPRINTF(x) 173#define ATW_DPRINTF2(x) 174#define ATW_DPRINTF3(x) 175#define DPRINTF(sc, x) /* nothing */ 176#define DPRINTF2(sc, x) /* nothing */ 177#define DPRINTF3(sc, x) /* nothing */ 178#endif 179 180/* ifnet methods */ 181int atw_init(struct ifnet *); 182int atw_ioctl(struct ifnet *, u_long, void *); 183void atw_start(struct ifnet *); 184void atw_stop(struct ifnet *, int); 185void atw_watchdog(struct ifnet *); 186 187/* Device attachment */ 188void atw_attach(struct atw_softc *); 189int atw_detach(struct atw_softc *); 190static void atw_evcnt_attach(struct atw_softc *); 191static void atw_evcnt_detach(struct atw_softc *); 192 193/* Rx/Tx process */ 194int atw_add_rxbuf(struct atw_softc *, int); 195void atw_idle(struct atw_softc *, u_int32_t); 196void atw_rxdrain(struct atw_softc *); 197void atw_txdrain(struct atw_softc *); 198 199/* Device (de)activation and power state */ 200void atw_reset(struct atw_softc *); 201 202/* Interrupt handlers */ 203void atw_linkintr(struct atw_softc *, u_int32_t); 204void atw_rxintr(struct atw_softc *); 205void atw_txintr(struct atw_softc *, uint32_t); 206 207/* 802.11 state machine */ 208static int atw_newstate(struct ieee80211com *, enum ieee80211_state, int); 209static void atw_next_scan(void *); 210static void atw_recv_mgmt(struct ieee80211com *, struct mbuf *, 211 struct ieee80211_node *, int, int, u_int32_t); 212static int atw_tune(struct atw_softc *); 213 214/* Device initialization */ 215static void atw_bbp_io_init(struct atw_softc *); 216static void atw_cfp_init(struct atw_softc *); 217static void atw_cmdr_init(struct atw_softc *); 218static void atw_ifs_init(struct atw_softc *); 219static void atw_nar_init(struct atw_softc *); 220static void atw_response_times_init(struct atw_softc *); 221static void atw_rf_reset(struct atw_softc *); 222static void atw_test1_init(struct atw_softc *); 223static void atw_tofs0_init(struct atw_softc *); 224static void atw_tofs2_init(struct atw_softc *); 225static void atw_txlmt_init(struct atw_softc *); 226static void atw_wcsr_init(struct atw_softc *); 227 228/* Key management */ 229static int atw_key_delete(struct ieee80211com *, const struct ieee80211_key *); 230static int atw_key_set(struct ieee80211com *, const struct ieee80211_key *, 231 const u_int8_t[IEEE80211_ADDR_LEN]); 232static void atw_key_update_begin(struct ieee80211com *); 233static void atw_key_update_end(struct ieee80211com *); 234 235/* RAM/ROM utilities */ 236static void atw_clear_sram(struct atw_softc *); 237static void atw_write_sram(struct atw_softc *, u_int, u_int8_t *, u_int); 238static int atw_read_srom(struct atw_softc *); 239 240/* BSS setup */ 241static void atw_predict_beacon(struct atw_softc *); 242static void atw_start_beacon(struct atw_softc *, int); 243static void atw_write_bssid(struct atw_softc *); 244static void atw_write_ssid(struct atw_softc *); 245static void atw_write_sup_rates(struct atw_softc *); 246static void atw_write_wep(struct atw_softc *); 247 248/* Media */ 249static int atw_media_change(struct ifnet *); 250 251static void atw_filter_setup(struct atw_softc *); 252 253/* 802.11 utilities */ 254static uint64_t atw_get_tsft(struct atw_softc *); 255static inline uint32_t atw_last_even_tsft(uint32_t, uint32_t, 256 uint32_t); 257static struct ieee80211_node *atw_node_alloc(struct ieee80211_node_table *); 258static void atw_node_free(struct ieee80211_node *); 259 260/* 261 * Tuner/transceiver/modem 262 */ 263static void atw_bbp_io_enable(struct atw_softc *, int); 264 265/* RFMD RF3000 Baseband Processor */ 266static int atw_rf3000_init(struct atw_softc *); 267static int atw_rf3000_tune(struct atw_softc *, u_int); 268static int atw_rf3000_write(struct atw_softc *, u_int, u_int); 269 270/* Silicon Laboratories Si4126 RF/IF Synthesizer */ 271static void atw_si4126_tune(struct atw_softc *, u_int); 272static void atw_si4126_write(struct atw_softc *, u_int, u_int); 273 274const struct atw_txthresh_tab atw_txthresh_tab_lo[] = ATW_TXTHRESH_TAB_LO_RATE; 275const struct atw_txthresh_tab atw_txthresh_tab_hi[] = ATW_TXTHRESH_TAB_HI_RATE; 276 277const char *atw_tx_state[] = { 278 "STOPPED", 279 "RUNNING - read descriptor", 280 "RUNNING - transmitting", 281 "RUNNING - filling fifo", /* XXX */ 282 "SUSPENDED", 283 "RUNNING -- write descriptor", 284 "RUNNING -- write last descriptor", 285 "RUNNING - fifo full" 286}; 287 288const char *atw_rx_state[] = { 289 "STOPPED", 290 "RUNNING - read descriptor", 291 "RUNNING - check this packet, pre-fetch next", 292 "RUNNING - wait for reception", 293 "SUSPENDED", 294 "RUNNING - write descriptor", 295 "RUNNING - flush fifo", 296 "RUNNING - fifo drain" 297}; 298 299static inline int 300is_running(struct ifnet *ifp) 301{ 302 return (ifp->if_flags & (IFF_RUNNING|IFF_UP)) == (IFF_RUNNING|IFF_UP); 303} 304 305int 306atw_activate(device_t self, enum devact act) 307{ 308 struct atw_softc *sc = device_private(self); 309 310 switch (act) { 311 case DVACT_DEACTIVATE: 312 if_deactivate(&sc->sc_if); 313 return 0; 314 default: 315 return EOPNOTSUPP; 316 } 317} 318 319bool 320atw_suspend(device_t self, const pmf_qual_t *qual) 321{ 322 struct atw_softc *sc = device_private(self); 323 324 atw_rxdrain(sc); 325 sc->sc_flags &= ~ATWF_WEP_SRAM_VALID; 326 327 return true; 328} 329 330/* Returns -1 on failure. */ 331static int 332atw_read_srom(struct atw_softc *sc) 333{ 334 struct seeprom_descriptor sd; 335 uint32_t test0, fail_bits; 336 337 (void)memset(&sd, 0, sizeof(sd)); 338 339 test0 = ATW_READ(sc, ATW_TEST0); 340 341 switch (sc->sc_rev) { 342 case ATW_REVISION_BA: 343 case ATW_REVISION_CA: 344 fail_bits = ATW_TEST0_EPNE; 345 break; 346 default: 347 fail_bits = ATW_TEST0_EPNE|ATW_TEST0_EPSNM; 348 break; 349 } 350 if ((test0 & fail_bits) != 0) { 351 aprint_error_dev(sc->sc_dev, "bad or missing/bad SROM\n"); 352 return -1; 353 } 354 355 switch (test0 & ATW_TEST0_EPTYP_MASK) { 356 case ATW_TEST0_EPTYP_93c66: 357 ATW_DPRINTF(("%s: 93c66 SROM\n", device_xname(sc->sc_dev))); 358 sc->sc_sromsz = 512; 359 sd.sd_chip = C56_66; 360 break; 361 case ATW_TEST0_EPTYP_93c46: 362 ATW_DPRINTF(("%s: 93c46 SROM\n", device_xname(sc->sc_dev))); 363 sc->sc_sromsz = 128; 364 sd.sd_chip = C46; 365 break; 366 default: 367 printf("%s: unknown SROM type %" __PRIuBITS "\n", 368 device_xname(sc->sc_dev), 369 __SHIFTOUT(test0, ATW_TEST0_EPTYP_MASK)); 370 return -1; 371 } 372 373 sc->sc_srom = malloc(sc->sc_sromsz, M_DEVBUF, M_NOWAIT); 374 375 if (sc->sc_srom == NULL) { 376 aprint_error_dev(sc->sc_dev, "unable to allocate SROM buffer\n"); 377 return -1; 378 } 379 380 (void)memset(sc->sc_srom, 0, sc->sc_sromsz); 381 382 /* ADM8211 has a single 32-bit register for controlling the 383 * 93cx6 SROM. Bit SRS enables the serial port. There is no 384 * "ready" bit. The ADM8211 input/output sense is the reverse 385 * of read_seeprom's. 386 */ 387 sd.sd_tag = sc->sc_st; 388 sd.sd_bsh = sc->sc_sh; 389 sd.sd_regsize = 4; 390 sd.sd_control_offset = ATW_SPR; 391 sd.sd_status_offset = ATW_SPR; 392 sd.sd_dataout_offset = ATW_SPR; 393 sd.sd_CK = ATW_SPR_SCLK; 394 sd.sd_CS = ATW_SPR_SCS; 395 sd.sd_DI = ATW_SPR_SDO; 396 sd.sd_DO = ATW_SPR_SDI; 397 sd.sd_MS = ATW_SPR_SRS; 398 sd.sd_RDY = 0; 399 400 if (!read_seeprom(&sd, sc->sc_srom, 0, sc->sc_sromsz/2)) { 401 aprint_error_dev(sc->sc_dev, "could not read SROM\n"); 402 free(sc->sc_srom, M_DEVBUF); 403 return -1; 404 } 405#ifdef ATW_DEBUG 406 { 407 int i; 408 ATW_DPRINTF(("\nSerial EEPROM:\n\t")); 409 for (i = 0; i < sc->sc_sromsz/2; i = i + 1) { 410 if (((i % 8) == 0) && (i != 0)) { 411 ATW_DPRINTF(("\n\t")); 412 } 413 ATW_DPRINTF((" 0x%x", sc->sc_srom[i])); 414 } 415 ATW_DPRINTF(("\n")); 416 } 417#endif /* ATW_DEBUG */ 418 return 0; 419} 420 421#ifdef ATW_DEBUG 422static void 423atw_print_regs(struct atw_softc *sc, const char *where) 424{ 425#define PRINTREG(sc, reg) \ 426 ATW_DPRINTF2(("%s: reg[ " #reg " / %03x ] = %08x\n", \ 427 device_xname(sc->sc_dev), reg, ATW_READ(sc, reg))) 428 429 ATW_DPRINTF2(("%s: %s\n", device_xname(sc->sc_dev), where)); 430 431 PRINTREG(sc, ATW_PAR); 432 PRINTREG(sc, ATW_FRCTL); 433 PRINTREG(sc, ATW_TDR); 434 PRINTREG(sc, ATW_WTDP); 435 PRINTREG(sc, ATW_RDR); 436 PRINTREG(sc, ATW_WRDP); 437 PRINTREG(sc, ATW_RDB); 438 PRINTREG(sc, ATW_CSR3A); 439 PRINTREG(sc, ATW_TDBD); 440 PRINTREG(sc, ATW_TDBP); 441 PRINTREG(sc, ATW_STSR); 442 PRINTREG(sc, ATW_CSR5A); 443 PRINTREG(sc, ATW_NAR); 444 PRINTREG(sc, ATW_CSR6A); 445 PRINTREG(sc, ATW_IER); 446 PRINTREG(sc, ATW_CSR7A); 447 PRINTREG(sc, ATW_LPC); 448 PRINTREG(sc, ATW_TEST1); 449 PRINTREG(sc, ATW_SPR); 450 PRINTREG(sc, ATW_TEST0); 451 PRINTREG(sc, ATW_WCSR); 452 PRINTREG(sc, ATW_WPDR); 453 PRINTREG(sc, ATW_GPTMR); 454 PRINTREG(sc, ATW_GPIO); 455 PRINTREG(sc, ATW_BBPCTL); 456 PRINTREG(sc, ATW_SYNCTL); 457 PRINTREG(sc, ATW_PLCPHD); 458 PRINTREG(sc, ATW_MMIWADDR); 459 PRINTREG(sc, ATW_MMIRADDR1); 460 PRINTREG(sc, ATW_MMIRADDR2); 461 PRINTREG(sc, ATW_TXBR); 462 PRINTREG(sc, ATW_CSR15A); 463 PRINTREG(sc, ATW_ALCSTAT); 464 PRINTREG(sc, ATW_TOFS2); 465 PRINTREG(sc, ATW_CMDR); 466 PRINTREG(sc, ATW_PCIC); 467 PRINTREG(sc, ATW_PMCSR); 468 PRINTREG(sc, ATW_PAR0); 469 PRINTREG(sc, ATW_PAR1); 470 PRINTREG(sc, ATW_MAR0); 471 PRINTREG(sc, ATW_MAR1); 472 PRINTREG(sc, ATW_ATIMDA0); 473 PRINTREG(sc, ATW_ABDA1); 474 PRINTREG(sc, ATW_BSSID0); 475 PRINTREG(sc, ATW_TXLMT); 476 PRINTREG(sc, ATW_MIBCNT); 477 PRINTREG(sc, ATW_BCNT); 478 PRINTREG(sc, ATW_TSFTH); 479 PRINTREG(sc, ATW_TSC); 480 PRINTREG(sc, ATW_SYNRF); 481 PRINTREG(sc, ATW_BPLI); 482 PRINTREG(sc, ATW_CAP0); 483 PRINTREG(sc, ATW_CAP1); 484 PRINTREG(sc, ATW_RMD); 485 PRINTREG(sc, ATW_CFPP); 486 PRINTREG(sc, ATW_TOFS0); 487 PRINTREG(sc, ATW_TOFS1); 488 PRINTREG(sc, ATW_IFST); 489 PRINTREG(sc, ATW_RSPT); 490 PRINTREG(sc, ATW_TSFTL); 491 PRINTREG(sc, ATW_WEPCTL); 492 PRINTREG(sc, ATW_WESK); 493 PRINTREG(sc, ATW_WEPCNT); 494 PRINTREG(sc, ATW_MACTEST); 495 PRINTREG(sc, ATW_FER); 496 PRINTREG(sc, ATW_FEMR); 497 PRINTREG(sc, ATW_FPSR); 498 PRINTREG(sc, ATW_FFER); 499#undef PRINTREG 500} 501#endif /* ATW_DEBUG */ 502 503/* 504 * Finish attaching an ADMtek ADM8211 MAC. Called by bus-specific front-end. 505 */ 506void 507atw_attach(struct atw_softc *sc) 508{ 509 static const u_int8_t empty_macaddr[IEEE80211_ADDR_LEN] = { 510 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 511 }; 512 struct ieee80211com *ic = &sc->sc_ic; 513 struct ifnet *ifp = &sc->sc_if; 514 int country_code, error, i, nrate, srom_major; 515 u_int32_t reg; 516 static const char *type_strings[] = {"Intersil (not supported)", 517 "RFMD", "Marvel (not supported)"}; 518 519 pmf_self_suspensor_init(sc->sc_dev, &sc->sc_suspensor, &sc->sc_qual); 520 521 sc->sc_txth = atw_txthresh_tab_lo; 522 523 SIMPLEQ_INIT(&sc->sc_txfreeq); 524 SIMPLEQ_INIT(&sc->sc_txdirtyq); 525 526#ifdef ATW_DEBUG 527 atw_print_regs(sc, "atw_attach"); 528#endif /* ATW_DEBUG */ 529 530 /* 531 * Allocate the control data structures, and create and load the 532 * DMA map for it. 533 */ 534 if ((error = bus_dmamem_alloc(sc->sc_dmat, 535 sizeof(struct atw_control_data), PAGE_SIZE, 0, &sc->sc_cdseg, 536 1, &sc->sc_cdnseg, 0)) != 0) { 537 aprint_error_dev(sc->sc_dev, 538 "unable to allocate control data, error = %d\n", 539 error); 540 goto fail_0; 541 } 542 543 if ((error = bus_dmamem_map(sc->sc_dmat, &sc->sc_cdseg, sc->sc_cdnseg, 544 sizeof(struct atw_control_data), (void **)&sc->sc_control_data, 545 BUS_DMA_COHERENT)) != 0) { 546 aprint_error_dev(sc->sc_dev, 547 "unable to map control data, error = %d\n", 548 error); 549 goto fail_1; 550 } 551 552 if ((error = bus_dmamap_create(sc->sc_dmat, 553 sizeof(struct atw_control_data), 1, 554 sizeof(struct atw_control_data), 0, 0, &sc->sc_cddmamap)) != 0) { 555 aprint_error_dev(sc->sc_dev, 556 "unable to create control data DMA map, error = %d\n", 557 error); 558 goto fail_2; 559 } 560 561 if ((error = bus_dmamap_load(sc->sc_dmat, sc->sc_cddmamap, 562 sc->sc_control_data, sizeof(struct atw_control_data), NULL, 563 0)) != 0) { 564 aprint_error_dev(sc->sc_dev, 565 "unable to load control data DMA map, error = %d\n", error); 566 goto fail_3; 567 } 568 569 /* 570 * Create the transmit buffer DMA maps. 571 */ 572 sc->sc_ntxsegs = ATW_NTXSEGS; 573 for (i = 0; i < ATW_TXQUEUELEN; i++) { 574 if ((error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 575 sc->sc_ntxsegs, MCLBYTES, 0, 0, 576 &sc->sc_txsoft[i].txs_dmamap)) != 0) { 577 aprint_error_dev(sc->sc_dev, 578 "unable to create tx DMA map %d, error = %d\n", i, 579 error); 580 goto fail_4; 581 } 582 } 583 584 /* 585 * Create the receive buffer DMA maps. 586 */ 587 for (i = 0; i < ATW_NRXDESC; i++) { 588 if ((error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 1, 589 MCLBYTES, 0, 0, &sc->sc_rxsoft[i].rxs_dmamap)) != 0) { 590 aprint_error_dev(sc->sc_dev, 591 "unable to create rx DMA map %d, error = %d\n", i, 592 error); 593 goto fail_5; 594 } 595 } 596 for (i = 0; i < ATW_NRXDESC; i++) { 597 sc->sc_rxsoft[i].rxs_mbuf = NULL; 598 } 599 600 switch (sc->sc_rev) { 601 case ATW_REVISION_AB: 602 case ATW_REVISION_AF: 603 sc->sc_sramlen = ATW_SRAM_A_SIZE; 604 break; 605 case ATW_REVISION_BA: 606 case ATW_REVISION_CA: 607 sc->sc_sramlen = ATW_SRAM_B_SIZE; 608 break; 609 } 610 611 /* Reset the chip to a known state. */ 612 atw_reset(sc); 613 614 if (atw_read_srom(sc) == -1) 615 return; 616 617 sc->sc_rftype = __SHIFTOUT(sc->sc_srom[ATW_SR_CSR20], 618 ATW_SR_RFTYPE_MASK); 619 620 sc->sc_bbptype = __SHIFTOUT(sc->sc_srom[ATW_SR_CSR20], 621 ATW_SR_BBPTYPE_MASK); 622 623 if (sc->sc_rftype >= __arraycount(type_strings)) { 624 aprint_error_dev(sc->sc_dev, "unknown RF\n"); 625 return; 626 } 627 if (sc->sc_bbptype >= __arraycount(type_strings)) { 628 aprint_error_dev(sc->sc_dev, "unknown BBP\n"); 629 return; 630 } 631 632 printf("%s: %s RF, %s BBP", device_xname(sc->sc_dev), 633 type_strings[sc->sc_rftype], type_strings[sc->sc_bbptype]); 634 635 /* XXX There exists a Linux driver which seems to use RFType = 0 for 636 * MARVEL. My bug, or theirs? 637 */ 638 639 reg = __SHIFTIN(sc->sc_rftype, ATW_SYNCTL_RFTYPE_MASK); 640 641 switch (sc->sc_rftype) { 642 case ATW_RFTYPE_INTERSIL: 643 reg |= ATW_SYNCTL_CS1; 644 break; 645 case ATW_RFTYPE_RFMD: 646 reg |= ATW_SYNCTL_CS0; 647 break; 648 case ATW_RFTYPE_MARVEL: 649 break; 650 } 651 652 sc->sc_synctl_rd = reg | ATW_SYNCTL_RD; 653 sc->sc_synctl_wr = reg | ATW_SYNCTL_WR; 654 655 reg = __SHIFTIN(sc->sc_bbptype, ATW_BBPCTL_TYPE_MASK); 656 657 switch (sc->sc_bbptype) { 658 case ATW_BBPTYPE_INTERSIL: 659 reg |= ATW_BBPCTL_TWI; 660 break; 661 case ATW_BBPTYPE_RFMD: 662 reg |= ATW_BBPCTL_RF3KADDR_ADDR | ATW_BBPCTL_NEGEDGE_DO | 663 ATW_BBPCTL_CCA_ACTLO; 664 break; 665 case ATW_BBPTYPE_MARVEL: 666 break; 667 case ATW_C_BBPTYPE_RFMD: 668 printf("%s: ADM8211C MAC/RFMD BBP not supported yet.\n", 669 device_xname(sc->sc_dev)); 670 break; 671 } 672 673 sc->sc_bbpctl_wr = reg | ATW_BBPCTL_WR; 674 sc->sc_bbpctl_rd = reg | ATW_BBPCTL_RD; 675 676 /* 677 * From this point forward, the attachment cannot fail. A failure 678 * before this point releases all resources that may have been 679 * allocated. 680 */ 681 sc->sc_flags |= ATWF_ATTACHED; 682 683 ATW_DPRINTF((" SROM MAC %04x%04x%04x", 684 htole16(sc->sc_srom[ATW_SR_MAC00]), 685 htole16(sc->sc_srom[ATW_SR_MAC01]), 686 htole16(sc->sc_srom[ATW_SR_MAC10]))); 687 688 srom_major = __SHIFTOUT(sc->sc_srom[ATW_SR_FORMAT_VERSION], 689 ATW_SR_MAJOR_MASK); 690 691 if (srom_major < 2) 692 sc->sc_rf3000_options1 = 0; 693 else if (sc->sc_rev == ATW_REVISION_BA) { 694 sc->sc_rf3000_options1 = 695 __SHIFTOUT(sc->sc_srom[ATW_SR_CR28_CR03], 696 ATW_SR_CR28_MASK); 697 } else 698 sc->sc_rf3000_options1 = 0; 699 700 sc->sc_rf3000_options2 = __SHIFTOUT(sc->sc_srom[ATW_SR_CTRY_CR29], 701 ATW_SR_CR29_MASK); 702 703 country_code = __SHIFTOUT(sc->sc_srom[ATW_SR_CTRY_CR29], 704 ATW_SR_CTRY_MASK); 705 706#define ADD_CHANNEL(_ic, _chan) do { \ 707 _ic->ic_channels[_chan].ic_flags = IEEE80211_CHAN_B; \ 708 _ic->ic_channels[_chan].ic_freq = \ 709 ieee80211_ieee2mhz(_chan, _ic->ic_channels[_chan].ic_flags);\ 710} while (0) 711 712 /* Find available channels */ 713 switch (country_code) { 714 case COUNTRY_MMK2: /* 1-14 */ 715 ADD_CHANNEL(ic, 14); 716 /*FALLTHROUGH*/ 717 case COUNTRY_ETSI: /* 1-13 */ 718 for (i = 1; i <= 13; i++) 719 ADD_CHANNEL(ic, i); 720 break; 721 case COUNTRY_FCC: /* 1-11 */ 722 case COUNTRY_IC: /* 1-11 */ 723 for (i = 1; i <= 11; i++) 724 ADD_CHANNEL(ic, i); 725 break; 726 case COUNTRY_MMK: /* 14 */ 727 ADD_CHANNEL(ic, 14); 728 break; 729 case COUNTRY_FRANCE: /* 10-13 */ 730 for (i = 10; i <= 13; i++) 731 ADD_CHANNEL(ic, i); 732 break; 733 default: /* assume channels 10-11 */ 734 case COUNTRY_SPAIN: /* 10-11 */ 735 for (i = 10; i <= 11; i++) 736 ADD_CHANNEL(ic, i); 737 break; 738 } 739 740 /* Read the MAC address. */ 741 reg = ATW_READ(sc, ATW_PAR0); 742 ic->ic_myaddr[0] = __SHIFTOUT(reg, ATW_PAR0_PAB0_MASK); 743 ic->ic_myaddr[1] = __SHIFTOUT(reg, ATW_PAR0_PAB1_MASK); 744 ic->ic_myaddr[2] = __SHIFTOUT(reg, ATW_PAR0_PAB2_MASK); 745 ic->ic_myaddr[3] = __SHIFTOUT(reg, ATW_PAR0_PAB3_MASK); 746 reg = ATW_READ(sc, ATW_PAR1); 747 ic->ic_myaddr[4] = __SHIFTOUT(reg, ATW_PAR1_PAB4_MASK); 748 ic->ic_myaddr[5] = __SHIFTOUT(reg, ATW_PAR1_PAB5_MASK); 749 750 if (IEEE80211_ADDR_EQ(ic->ic_myaddr, empty_macaddr)) { 751 printf(" could not get mac address, attach failed\n"); 752 return; 753 } 754 755 printf(" 802.11 address %s\n", ether_sprintf(ic->ic_myaddr)); 756 757 memcpy(ifp->if_xname, device_xname(sc->sc_dev), IFNAMSIZ); 758 ifp->if_softc = sc; 759 ifp->if_flags = IFF_SIMPLEX | IFF_BROADCAST | IFF_MULTICAST | 760 IFF_NOTRAILERS; 761 ifp->if_ioctl = atw_ioctl; 762 ifp->if_start = atw_start; 763 ifp->if_watchdog = atw_watchdog; 764 ifp->if_init = atw_init; 765 ifp->if_stop = atw_stop; 766 IFQ_SET_READY(&ifp->if_snd); 767 768 ic->ic_ifp = ifp; 769 ic->ic_phytype = IEEE80211_T_DS; 770 ic->ic_opmode = IEEE80211_M_STA; 771 ic->ic_caps = IEEE80211_C_PMGT | IEEE80211_C_IBSS | 772 IEEE80211_C_HOSTAP | IEEE80211_C_MONITOR; 773 774 nrate = 0; 775 ic->ic_sup_rates[IEEE80211_MODE_11B].rs_rates[nrate++] = 2; 776 ic->ic_sup_rates[IEEE80211_MODE_11B].rs_rates[nrate++] = 4; 777 ic->ic_sup_rates[IEEE80211_MODE_11B].rs_rates[nrate++] = 11; 778 ic->ic_sup_rates[IEEE80211_MODE_11B].rs_rates[nrate++] = 22; 779 ic->ic_sup_rates[IEEE80211_MODE_11B].rs_nrates = nrate; 780 781 /* 782 * Call MI attach routines. 783 */ 784 785 if_attach(ifp); 786 ieee80211_ifattach(ic); 787 788 atw_evcnt_attach(sc); 789 790 sc->sc_newstate = ic->ic_newstate; 791 ic->ic_newstate = atw_newstate; 792 793 sc->sc_recv_mgmt = ic->ic_recv_mgmt; 794 ic->ic_recv_mgmt = atw_recv_mgmt; 795 796 sc->sc_node_free = ic->ic_node_free; 797 ic->ic_node_free = atw_node_free; 798 799 sc->sc_node_alloc = ic->ic_node_alloc; 800 ic->ic_node_alloc = atw_node_alloc; 801 802 ic->ic_crypto.cs_key_delete = atw_key_delete; 803 ic->ic_crypto.cs_key_set = atw_key_set; 804 ic->ic_crypto.cs_key_update_begin = atw_key_update_begin; 805 ic->ic_crypto.cs_key_update_end = atw_key_update_end; 806 807 /* possibly we should fill in our own sc_send_prresp, since 808 * the ADM8211 is probably sending probe responses in ad hoc 809 * mode. 810 */ 811 812 /* complete initialization */ 813 ieee80211_media_init(ic, atw_media_change, ieee80211_media_status); 814 callout_init(&sc->sc_scan_ch, 0); 815 816 bpf_attach2(ifp, DLT_IEEE802_11_RADIO, 817 sizeof(struct ieee80211_frame) + 64, &sc->sc_radiobpf); 818 819 memset(&sc->sc_rxtapu, 0, sizeof(sc->sc_rxtapu)); 820 sc->sc_rxtap.ar_ihdr.it_len = htole16(sizeof(sc->sc_rxtapu)); 821 sc->sc_rxtap.ar_ihdr.it_present = htole32(ATW_RX_RADIOTAP_PRESENT); 822 823 memset(&sc->sc_txtapu, 0, sizeof(sc->sc_txtapu)); 824 sc->sc_txtap.at_ihdr.it_len = htole16(sizeof(sc->sc_txtapu)); 825 sc->sc_txtap.at_ihdr.it_present = htole32(ATW_TX_RADIOTAP_PRESENT); 826 827 ieee80211_announce(ic); 828 return; 829 830 /* 831 * Free any resources we've allocated during the failed attach 832 * attempt. Do this in reverse order and fall through. 833 */ 834 fail_5: 835 for (i = 0; i < ATW_NRXDESC; i++) { 836 if (sc->sc_rxsoft[i].rxs_dmamap == NULL) 837 continue; 838 bus_dmamap_destroy(sc->sc_dmat, sc->sc_rxsoft[i].rxs_dmamap); 839 } 840 fail_4: 841 for (i = 0; i < ATW_TXQUEUELEN; i++) { 842 if (sc->sc_txsoft[i].txs_dmamap == NULL) 843 continue; 844 bus_dmamap_destroy(sc->sc_dmat, sc->sc_txsoft[i].txs_dmamap); 845 } 846 bus_dmamap_unload(sc->sc_dmat, sc->sc_cddmamap); 847 fail_3: 848 bus_dmamap_destroy(sc->sc_dmat, sc->sc_cddmamap); 849 fail_2: 850 bus_dmamem_unmap(sc->sc_dmat, (void *)sc->sc_control_data, 851 sizeof(struct atw_control_data)); 852 fail_1: 853 bus_dmamem_free(sc->sc_dmat, &sc->sc_cdseg, sc->sc_cdnseg); 854 fail_0: 855 return; 856} 857 858static struct ieee80211_node * 859atw_node_alloc(struct ieee80211_node_table *nt) 860{ 861 struct atw_softc *sc = (struct atw_softc *)nt->nt_ic->ic_ifp->if_softc; 862 struct ieee80211_node *ni = (*sc->sc_node_alloc)(nt); 863 864 DPRINTF(sc, ("%s: alloc node %p\n", device_xname(sc->sc_dev), ni)); 865 return ni; 866} 867 868static void 869atw_node_free(struct ieee80211_node *ni) 870{ 871 struct atw_softc *sc = (struct atw_softc *)ni->ni_ic->ic_ifp->if_softc; 872 873 DPRINTF(sc, ("%s: freeing node %p %s\n", device_xname(sc->sc_dev), ni, 874 ether_sprintf(ni->ni_bssid))); 875 (*sc->sc_node_free)(ni); 876} 877 878 879static void 880atw_test1_reset(struct atw_softc *sc) 881{ 882 switch (sc->sc_rev) { 883 case ATW_REVISION_BA: 884 if (1 /* XXX condition on transceiver type */) { 885 ATW_SET(sc, ATW_TEST1, ATW_TEST1_TESTMODE_MONITOR); 886 } 887 break; 888 case ATW_REVISION_CA: 889 ATW_CLR(sc, ATW_TEST1, ATW_TEST1_TESTMODE_MASK); 890 break; 891 default: 892 break; 893 } 894} 895 896/* 897 * atw_reset: 898 * 899 * Perform a soft reset on the ADM8211. 900 */ 901void 902atw_reset(struct atw_softc *sc) 903{ 904 int i; 905 uint32_t lpc; 906 907 ATW_WRITE(sc, ATW_NAR, 0x0); 908 DELAY(atw_nar_delay); 909 910 /* Reference driver has a cryptic remark indicating that this might 911 * power-on the chip. I know that it turns off power-saving.... 912 */ 913 ATW_WRITE(sc, ATW_FRCTL, 0x0); 914 915 ATW_WRITE(sc, ATW_PAR, ATW_PAR_SWR); 916 917 for (i = 0; i < 50000 / atw_pseudo_milli; i++) { 918 if ((ATW_READ(sc, ATW_PAR) & ATW_PAR_SWR) == 0) 919 break; 920 DELAY(atw_pseudo_milli); 921 } 922 923 /* ... and then pause 100ms longer for good measure. */ 924 DELAY(atw_magic_delay1); 925 926 DPRINTF2(sc, ("%s: atw_reset %d iterations\n", device_xname(sc->sc_dev), i)); 927 928 if (ATW_ISSET(sc, ATW_PAR, ATW_PAR_SWR)) 929 aprint_error_dev(sc->sc_dev, "reset failed to complete\n"); 930 931 /* 932 * Initialize the PCI Access Register. 933 */ 934 sc->sc_busmode = ATW_PAR_PBL_8DW; 935 936 ATW_WRITE(sc, ATW_PAR, sc->sc_busmode); 937 DPRINTF(sc, ("%s: ATW_PAR %08x busmode %08x\n", device_xname(sc->sc_dev), 938 ATW_READ(sc, ATW_PAR), sc->sc_busmode)); 939 940 atw_test1_reset(sc); 941 942 /* Turn off maximum power saving, etc. */ 943 ATW_WRITE(sc, ATW_FRCTL, 0x0); 944 945 DELAY(atw_magic_delay2); 946 947 /* Recall EEPROM. */ 948 ATW_SET(sc, ATW_TEST0, ATW_TEST0_EPRLD); 949 950 DELAY(atw_magic_delay4); 951 952 lpc = ATW_READ(sc, ATW_LPC); 953 954 DPRINTF(sc, ("%s: ATW_LPC %#08x\n", __func__, lpc)); 955 956 /* A reset seems to affect the SRAM contents, so put them into 957 * a known state. 958 */ 959 atw_clear_sram(sc); 960 961 memset(sc->sc_bssid, 0xff, sizeof(sc->sc_bssid)); 962} 963 964static void 965atw_clear_sram(struct atw_softc *sc) 966{ 967 memset(sc->sc_sram, 0, sizeof(sc->sc_sram)); 968 sc->sc_flags &= ~ATWF_WEP_SRAM_VALID; 969 /* XXX not for revision 0x20. */ 970 atw_write_sram(sc, 0, sc->sc_sram, sc->sc_sramlen); 971} 972 973/* TBD atw_init 974 * 975 * set MAC based on ic->ic_bss->myaddr 976 * write WEP keys 977 * set TX rate 978 */ 979 980/* Tell the ADM8211 to raise ATW_INTR_LINKOFF if 7 beacon intervals pass 981 * without receiving a beacon with the preferred BSSID & SSID. 982 * atw_write_bssid & atw_write_ssid set the BSSID & SSID. 983 */ 984static void 985atw_wcsr_init(struct atw_softc *sc) 986{ 987 uint32_t wcsr; 988 989 wcsr = ATW_READ(sc, ATW_WCSR); 990 wcsr &= ~(ATW_WCSR_BLN_MASK|ATW_WCSR_LSOE|ATW_WCSR_MPRE|ATW_WCSR_LSOE); 991 wcsr |= __SHIFTIN(7, ATW_WCSR_BLN_MASK); 992 ATW_WRITE(sc, ATW_WCSR, wcsr); /* XXX resets wake-up status bits */ 993 994 DPRINTF(sc, ("%s: %s reg[WCSR] = %08x\n", 995 device_xname(sc->sc_dev), __func__, ATW_READ(sc, ATW_WCSR))); 996} 997 998/* Turn off power management. Set Rx store-and-forward mode. */ 999static void 1000atw_cmdr_init(struct atw_softc *sc) 1001{ 1002 uint32_t cmdr; 1003 cmdr = ATW_READ(sc, ATW_CMDR); 1004 cmdr &= ~ATW_CMDR_APM; 1005 cmdr |= ATW_CMDR_RTE; 1006 cmdr &= ~ATW_CMDR_DRT_MASK; 1007 cmdr |= ATW_CMDR_DRT_SF; 1008 1009 ATW_WRITE(sc, ATW_CMDR, cmdr); 1010} 1011 1012static void 1013atw_tofs2_init(struct atw_softc *sc) 1014{ 1015 uint32_t tofs2; 1016 /* XXX this magic can probably be figured out from the RFMD docs */ 1017#ifndef ATW_REFSLAVE 1018 tofs2 = __SHIFTIN(4, ATW_TOFS2_PWR1UP_MASK) | /* 8 ms = 4 * 2 ms */ 1019 __SHIFTIN(13, ATW_TOFS2_PWR0PAPE_MASK) | /* 13 us */ 1020 __SHIFTIN(8, ATW_TOFS2_PWR1PAPE_MASK) | /* 8 us */ 1021 __SHIFTIN(5, ATW_TOFS2_PWR0TRSW_MASK) | /* 5 us */ 1022 __SHIFTIN(12, ATW_TOFS2_PWR1TRSW_MASK) | /* 12 us */ 1023 __SHIFTIN(13, ATW_TOFS2_PWR0PE2_MASK) | /* 13 us */ 1024 __SHIFTIN(4, ATW_TOFS2_PWR1PE2_MASK) | /* 4 us */ 1025 __SHIFTIN(5, ATW_TOFS2_PWR0TXPE_MASK); /* 5 us */ 1026#else 1027 /* XXX new magic from reference driver source */ 1028 tofs2 = __SHIFTIN(8, ATW_TOFS2_PWR1UP_MASK) | /* 8 ms = 4 * 2 ms */ 1029 __SHIFTIN(8, ATW_TOFS2_PWR0PAPE_MASK) | /* 8 us */ 1030 __SHIFTIN(1, ATW_TOFS2_PWR1PAPE_MASK) | /* 1 us */ 1031 __SHIFTIN(5, ATW_TOFS2_PWR0TRSW_MASK) | /* 5 us */ 1032 __SHIFTIN(12, ATW_TOFS2_PWR1TRSW_MASK) | /* 12 us */ 1033 __SHIFTIN(13, ATW_TOFS2_PWR0PE2_MASK) | /* 13 us */ 1034 __SHIFTIN(1, ATW_TOFS2_PWR1PE2_MASK) | /* 1 us */ 1035 __SHIFTIN(8, ATW_TOFS2_PWR0TXPE_MASK); /* 8 us */ 1036#endif 1037 ATW_WRITE(sc, ATW_TOFS2, tofs2); 1038} 1039 1040static void 1041atw_nar_init(struct atw_softc *sc) 1042{ 1043 ATW_WRITE(sc, ATW_NAR, ATW_NAR_SF|ATW_NAR_PB); 1044} 1045 1046static void 1047atw_txlmt_init(struct atw_softc *sc) 1048{ 1049 ATW_WRITE(sc, ATW_TXLMT, __SHIFTIN(512, ATW_TXLMT_MTMLT_MASK) | 1050 __SHIFTIN(1, ATW_TXLMT_SRTYLIM_MASK)); 1051} 1052 1053static void 1054atw_test1_init(struct atw_softc *sc) 1055{ 1056 uint32_t test1; 1057 1058 test1 = ATW_READ(sc, ATW_TEST1); 1059 test1 &= ~(ATW_TEST1_DBGREAD_MASK|ATW_TEST1_CONTROL); 1060 /* XXX magic 0x1 */ 1061 test1 |= __SHIFTIN(0x1, ATW_TEST1_DBGREAD_MASK) | ATW_TEST1_CONTROL; 1062 ATW_WRITE(sc, ATW_TEST1, test1); 1063} 1064 1065static void 1066atw_rf_reset(struct atw_softc *sc) 1067{ 1068 /* XXX this resets an Intersil RF front-end? */ 1069 /* TBD condition on Intersil RFType? */ 1070 ATW_WRITE(sc, ATW_SYNRF, ATW_SYNRF_INTERSIL_EN); 1071 DELAY(atw_rf_delay1); 1072 ATW_WRITE(sc, ATW_SYNRF, 0); 1073 DELAY(atw_rf_delay2); 1074} 1075 1076/* Set 16 TU max duration for the contention-free period (CFP). */ 1077static void 1078atw_cfp_init(struct atw_softc *sc) 1079{ 1080 uint32_t cfpp; 1081 1082 cfpp = ATW_READ(sc, ATW_CFPP); 1083 cfpp &= ~ATW_CFPP_CFPMD; 1084 cfpp |= __SHIFTIN(16, ATW_CFPP_CFPMD); 1085 ATW_WRITE(sc, ATW_CFPP, cfpp); 1086} 1087 1088static void 1089atw_tofs0_init(struct atw_softc *sc) 1090{ 1091 /* XXX I guess that the Cardbus clock is 22 MHz? 1092 * I am assuming that the role of ATW_TOFS0_USCNT is 1093 * to divide the bus clock to get a 1 MHz clock---the datasheet is not 1094 * very clear on this point. It says in the datasheet that it is 1095 * possible for the ADM8211 to accommodate bus speeds between 22 MHz 1096 * and 33 MHz; maybe this is the way? I see a binary-only driver write 1097 * these values. These values are also the power-on default. 1098 */ 1099 ATW_WRITE(sc, ATW_TOFS0, 1100 __SHIFTIN(22, ATW_TOFS0_USCNT_MASK) | 1101 ATW_TOFS0_TUCNT_MASK /* set all bits in TUCNT */); 1102} 1103 1104/* Initialize interframe spacing: 802.11b slot time, SIFS, DIFS, EIFS. */ 1105static void 1106atw_ifs_init(struct atw_softc *sc) 1107{ 1108 uint32_t ifst; 1109 /* XXX EIFS=0x64, SIFS=110 are used by the reference driver. 1110 * Go figure. 1111 */ 1112 ifst = __SHIFTIN(IEEE80211_DUR_DS_SLOT, ATW_IFST_SLOT_MASK) | 1113 __SHIFTIN(22 * 10 /* IEEE80211_DUR_DS_SIFS */ /* # of 22 MHz cycles */, 1114 ATW_IFST_SIFS_MASK) | 1115 __SHIFTIN(IEEE80211_DUR_DS_DIFS, ATW_IFST_DIFS_MASK) | 1116 __SHIFTIN(IEEE80211_DUR_DS_EIFS, ATW_IFST_EIFS_MASK); 1117 1118 ATW_WRITE(sc, ATW_IFST, ifst); 1119} 1120 1121static void 1122atw_response_times_init(struct atw_softc *sc) 1123{ 1124 /* XXX More magic. Relates to ACK timing? The datasheet seems to 1125 * indicate that the MAC expects at least SIFS + MIRT microseconds 1126 * to pass after it transmits a frame that requires a response; 1127 * it waits at most SIFS + MART microseconds for the response. 1128 * Surely this is not the ACK timeout? 1129 */ 1130 ATW_WRITE(sc, ATW_RSPT, __SHIFTIN(0xffff, ATW_RSPT_MART_MASK) | 1131 __SHIFTIN(0xff, ATW_RSPT_MIRT_MASK)); 1132} 1133 1134/* Set up the MMI read/write addresses for the baseband. The Tx/Rx 1135 * engines read and write baseband registers after Rx and before 1136 * Tx, respectively. 1137 */ 1138static void 1139atw_bbp_io_init(struct atw_softc *sc) 1140{ 1141 uint32_t mmiraddr2; 1142 1143 /* XXX The reference driver does this, but is it *really* 1144 * necessary? 1145 */ 1146 switch (sc->sc_rev) { 1147 case ATW_REVISION_AB: 1148 case ATW_REVISION_AF: 1149 mmiraddr2 = 0x0; 1150 break; 1151 default: 1152 mmiraddr2 = ATW_READ(sc, ATW_MMIRADDR2); 1153 mmiraddr2 &= 1154 ~(ATW_MMIRADDR2_PROREXT|ATW_MMIRADDR2_PRORLEN_MASK); 1155 break; 1156 } 1157 1158 switch (sc->sc_bbptype) { 1159 case ATW_BBPTYPE_INTERSIL: 1160 ATW_WRITE(sc, ATW_MMIWADDR, ATW_MMIWADDR_INTERSIL); 1161 ATW_WRITE(sc, ATW_MMIRADDR1, ATW_MMIRADDR1_INTERSIL); 1162 mmiraddr2 |= ATW_MMIRADDR2_INTERSIL; 1163 break; 1164 case ATW_BBPTYPE_MARVEL: 1165 /* TBD find out the Marvel settings. */ 1166 break; 1167 case ATW_BBPTYPE_RFMD: 1168 default: 1169 ATW_WRITE(sc, ATW_MMIWADDR, ATW_MMIWADDR_RFMD); 1170 ATW_WRITE(sc, ATW_MMIRADDR1, ATW_MMIRADDR1_RFMD); 1171 mmiraddr2 |= ATW_MMIRADDR2_RFMD; 1172 break; 1173 } 1174 ATW_WRITE(sc, ATW_MMIRADDR2, mmiraddr2); 1175 ATW_WRITE(sc, ATW_MACTEST, ATW_MACTEST_MMI_USETXCLK); 1176} 1177 1178/* 1179 * atw_init: [ ifnet interface function ] 1180 * 1181 * Initialize the interface. Must be called at splnet(). 1182 */ 1183int 1184atw_init(struct ifnet *ifp) 1185{ 1186 struct atw_softc *sc = ifp->if_softc; 1187 struct ieee80211com *ic = &sc->sc_ic; 1188 struct atw_txsoft *txs; 1189 struct atw_rxsoft *rxs; 1190 int i, error = 0; 1191 1192 if (device_is_active(sc->sc_dev)) { 1193 /* 1194 * Cancel any pending I/O. 1195 */ 1196 atw_stop(ifp, 0); 1197 } else if (!pmf_device_subtree_resume(sc->sc_dev, &sc->sc_qual) || 1198 !device_is_active(sc->sc_dev)) 1199 return 0; 1200 1201 /* 1202 * Reset the chip to a known state. 1203 */ 1204 atw_reset(sc); 1205 1206 DPRINTF(sc, ("%s: channel %d freq %d flags 0x%04x\n", 1207 __func__, ieee80211_chan2ieee(ic, ic->ic_curchan), 1208 ic->ic_curchan->ic_freq, ic->ic_curchan->ic_flags)); 1209 1210 atw_wcsr_init(sc); 1211 1212 atw_cmdr_init(sc); 1213 1214 /* Set data rate for PLCP Signal field, 1Mbps = 10 x 100Kb/s. 1215 * 1216 * XXX Set transmit power for ATIM, RTS, Beacon. 1217 */ 1218 ATW_WRITE(sc, ATW_PLCPHD, __SHIFTIN(10, ATW_PLCPHD_SIGNAL_MASK) | 1219 __SHIFTIN(0xb0, ATW_PLCPHD_SERVICE_MASK)); 1220 1221 atw_tofs2_init(sc); 1222 1223 atw_nar_init(sc); 1224 1225 atw_txlmt_init(sc); 1226 1227 atw_test1_init(sc); 1228 1229 atw_rf_reset(sc); 1230 1231 atw_cfp_init(sc); 1232 1233 atw_tofs0_init(sc); 1234 1235 atw_ifs_init(sc); 1236 1237 /* XXX Fall asleep after one second of inactivity. 1238 * XXX A frame may only dribble in for 65536us. 1239 */ 1240 ATW_WRITE(sc, ATW_RMD, 1241 __SHIFTIN(1, ATW_RMD_PCNT) | __SHIFTIN(0xffff, ATW_RMD_RMRD_MASK)); 1242 1243 atw_response_times_init(sc); 1244 1245 atw_bbp_io_init(sc); 1246 1247 ATW_WRITE(sc, ATW_STSR, 0xffffffff); 1248 1249 if ((error = atw_rf3000_init(sc)) != 0) 1250 goto out; 1251 1252 ATW_WRITE(sc, ATW_PAR, sc->sc_busmode); 1253 DPRINTF(sc, ("%s: ATW_PAR %08x busmode %08x\n", device_xname(sc->sc_dev), 1254 ATW_READ(sc, ATW_PAR), sc->sc_busmode)); 1255 1256 /* 1257 * Initialize the transmit descriptor ring. 1258 */ 1259 memset(sc->sc_txdescs, 0, sizeof(sc->sc_txdescs)); 1260 for (i = 0; i < ATW_NTXDESC; i++) { 1261 sc->sc_txdescs[i].at_ctl = 0; 1262 /* no transmit chaining */ 1263 sc->sc_txdescs[i].at_flags = 0 /* ATW_TXFLAG_TCH */; 1264 sc->sc_txdescs[i].at_buf2 = 1265 htole32(ATW_CDTXADDR(sc, ATW_NEXTTX(i))); 1266 } 1267 /* use ring mode */ 1268 sc->sc_txdescs[ATW_NTXDESC - 1].at_flags |= htole32(ATW_TXFLAG_TER); 1269 ATW_CDTXSYNC(sc, 0, ATW_NTXDESC, 1270 BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE); 1271 sc->sc_txfree = ATW_NTXDESC; 1272 sc->sc_txnext = 0; 1273 1274 /* 1275 * Initialize the transmit job descriptors. 1276 */ 1277 SIMPLEQ_INIT(&sc->sc_txfreeq); 1278 SIMPLEQ_INIT(&sc->sc_txdirtyq); 1279 for (i = 0; i < ATW_TXQUEUELEN; i++) { 1280 txs = &sc->sc_txsoft[i]; 1281 txs->txs_mbuf = NULL; 1282 SIMPLEQ_INSERT_TAIL(&sc->sc_txfreeq, txs, txs_q); 1283 } 1284 1285 /* 1286 * Initialize the receive descriptor and receive job 1287 * descriptor rings. 1288 */ 1289 for (i = 0; i < ATW_NRXDESC; i++) { 1290 rxs = &sc->sc_rxsoft[i]; 1291 if (rxs->rxs_mbuf == NULL) { 1292 if ((error = atw_add_rxbuf(sc, i)) != 0) { 1293 aprint_error_dev(sc->sc_dev, 1294 "unable to allocate or map rx buffer %d, " 1295 "error = %d\n", i, error); 1296 /* 1297 * XXX Should attempt to run with fewer receive 1298 * XXX buffers instead of just failing. 1299 */ 1300 atw_rxdrain(sc); 1301 goto out; 1302 } 1303 } else 1304 atw_init_rxdesc(sc, i); 1305 } 1306 sc->sc_rxptr = 0; 1307 1308 /* 1309 * Initialize the interrupt mask and enable interrupts. 1310 */ 1311 /* normal interrupts */ 1312 sc->sc_inten = ATW_INTR_TCI | ATW_INTR_TDU | ATW_INTR_RCI | 1313 ATW_INTR_NISS | ATW_INTR_LINKON | ATW_INTR_BCNTC; 1314 1315 /* abnormal interrupts */ 1316 sc->sc_inten |= ATW_INTR_TPS | ATW_INTR_TLT | ATW_INTR_TRT | 1317 ATW_INTR_TUF | ATW_INTR_RDU | ATW_INTR_RPS | ATW_INTR_AISS | 1318 ATW_INTR_FBE | ATW_INTR_LINKOFF | ATW_INTR_TSFTF | ATW_INTR_TSCZ; 1319 1320 sc->sc_linkint_mask = ATW_INTR_LINKON | ATW_INTR_LINKOFF | 1321 ATW_INTR_BCNTC | ATW_INTR_TSFTF | ATW_INTR_TSCZ; 1322 sc->sc_rxint_mask = ATW_INTR_RCI | ATW_INTR_RDU; 1323 sc->sc_txint_mask = ATW_INTR_TCI | ATW_INTR_TUF | ATW_INTR_TLT | 1324 ATW_INTR_TRT; 1325 1326 sc->sc_linkint_mask &= sc->sc_inten; 1327 sc->sc_rxint_mask &= sc->sc_inten; 1328 sc->sc_txint_mask &= sc->sc_inten; 1329 1330 ATW_WRITE(sc, ATW_IER, sc->sc_inten); 1331 ATW_WRITE(sc, ATW_STSR, 0xffffffff); 1332 1333 DPRINTF(sc, ("%s: ATW_IER %08x, inten %08x\n", 1334 device_xname(sc->sc_dev), ATW_READ(sc, ATW_IER), sc->sc_inten)); 1335 1336 /* 1337 * Give the transmit and receive rings to the ADM8211. 1338 */ 1339 ATW_WRITE(sc, ATW_RDB, ATW_CDRXADDR(sc, sc->sc_rxptr)); 1340 ATW_WRITE(sc, ATW_TDBD, ATW_CDTXADDR(sc, sc->sc_txnext)); 1341 1342 sc->sc_txthresh = 0; 1343 sc->sc_opmode = ATW_NAR_SR | ATW_NAR_ST | 1344 sc->sc_txth[sc->sc_txthresh].txth_opmode; 1345 1346 /* common 802.11 configuration */ 1347 ic->ic_flags &= ~IEEE80211_F_IBSSON; 1348 switch (ic->ic_opmode) { 1349 case IEEE80211_M_STA: 1350 break; 1351 case IEEE80211_M_AHDEMO: /* XXX */ 1352 case IEEE80211_M_IBSS: 1353 ic->ic_flags |= IEEE80211_F_IBSSON; 1354 /*FALLTHROUGH*/ 1355 case IEEE80211_M_HOSTAP: /* XXX */ 1356 break; 1357 case IEEE80211_M_MONITOR: /* XXX */ 1358 break; 1359 } 1360 1361 switch (ic->ic_opmode) { 1362 case IEEE80211_M_AHDEMO: 1363 case IEEE80211_M_HOSTAP: 1364#ifndef IEEE80211_NO_HOSTAP 1365 ic->ic_bss->ni_intval = ic->ic_lintval; 1366 ic->ic_bss->ni_rssi = 0; 1367 ic->ic_bss->ni_rstamp = 0; 1368#endif /* !IEEE80211_NO_HOSTAP */ 1369 break; 1370 default: /* XXX */ 1371 break; 1372 } 1373 1374 sc->sc_wepctl = 0; 1375 1376 atw_write_ssid(sc); 1377 atw_write_sup_rates(sc); 1378 atw_write_wep(sc); 1379 1380 ic->ic_state = IEEE80211_S_INIT; 1381 1382 /* 1383 * Set the receive filter. This will start the transmit and 1384 * receive processes. 1385 */ 1386 atw_filter_setup(sc); 1387 1388 /* 1389 * Start the receive process. 1390 */ 1391 ATW_WRITE(sc, ATW_RDR, 0x1); 1392 1393 /* 1394 * Note that the interface is now running. 1395 */ 1396 ifp->if_flags |= IFF_RUNNING; 1397 1398 /* send no beacons, yet. */ 1399 atw_start_beacon(sc, 0); 1400 1401 if (ic->ic_opmode == IEEE80211_M_MONITOR) 1402 error = ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1403 else 1404 error = ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1405 out: 1406 if (error) { 1407 ifp->if_flags &= ~IFF_RUNNING; 1408 sc->sc_tx_timer = 0; 1409 ifp->if_timer = 0; 1410 printf("%s: interface not running\n", device_xname(sc->sc_dev)); 1411 } 1412#ifdef ATW_DEBUG 1413 atw_print_regs(sc, "end of init"); 1414#endif /* ATW_DEBUG */ 1415 1416 return (error); 1417} 1418 1419/* enable == 1: host control of RF3000/Si4126 through ATW_SYNCTL. 1420 * 0: MAC control of RF3000/Si4126. 1421 * 1422 * Applies power, or selects RF front-end? Sets reset condition. 1423 * 1424 * TBD support non-RFMD BBP, non-SiLabs synth. 1425 */ 1426static void 1427atw_bbp_io_enable(struct atw_softc *sc, int enable) 1428{ 1429 if (enable) { 1430 ATW_WRITE(sc, ATW_SYNRF, 1431 ATW_SYNRF_SELRF|ATW_SYNRF_PE1|ATW_SYNRF_PHYRST); 1432 DELAY(atw_bbp_io_enable_delay); 1433 } else { 1434 ATW_WRITE(sc, ATW_SYNRF, 0); 1435 DELAY(atw_bbp_io_disable_delay); /* shorter for some reason */ 1436 } 1437} 1438 1439static int 1440atw_tune(struct atw_softc *sc) 1441{ 1442 int rc; 1443 u_int chan; 1444 struct ieee80211com *ic = &sc->sc_ic; 1445 1446 chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 1447 if (chan == IEEE80211_CHAN_ANY) 1448 panic("%s: chan == IEEE80211_CHAN_ANY\n", __func__); 1449 1450 if (chan == sc->sc_cur_chan) 1451 return 0; 1452 1453 DPRINTF(sc, ("%s: chan %d -> %d\n", device_xname(sc->sc_dev), 1454 sc->sc_cur_chan, chan)); 1455 1456 atw_idle(sc, ATW_NAR_SR|ATW_NAR_ST); 1457 1458 atw_si4126_tune(sc, chan); 1459 if ((rc = atw_rf3000_tune(sc, chan)) != 0) 1460 printf("%s: failed to tune channel %d\n", device_xname(sc->sc_dev), 1461 chan); 1462 1463 ATW_WRITE(sc, ATW_NAR, sc->sc_opmode); 1464 DELAY(atw_nar_delay); 1465 ATW_WRITE(sc, ATW_RDR, 0x1); 1466 1467 if (rc == 0) { 1468 sc->sc_cur_chan = chan; 1469 sc->sc_rxtap.ar_chan_freq = sc->sc_txtap.at_chan_freq = 1470 htole16(ic->ic_curchan->ic_freq); 1471 sc->sc_rxtap.ar_chan_flags = sc->sc_txtap.at_chan_flags = 1472 htole16(ic->ic_curchan->ic_flags); 1473 } 1474 1475 return rc; 1476} 1477 1478#ifdef ATW_SYNDEBUG 1479static void 1480atw_si4126_print(struct atw_softc *sc) 1481{ 1482 struct ifnet *ifp = &sc->sc_if; 1483 u_int addr, val; 1484 1485 val = 0; 1486 1487 if (atw_debug < 3 || (ifp->if_flags & IFF_DEBUG) == 0) 1488 return; 1489 1490 for (addr = 0; addr <= 8; addr++) { 1491 printf("%s: synth[%d] = ", device_xname(sc->sc_dev), addr); 1492 if (atw_si4126_read(sc, addr, &val) == 0) { 1493 printf("<unknown> (quitting print-out)\n"); 1494 break; 1495 } 1496 printf("%05x\n", val); 1497 } 1498} 1499#endif /* ATW_SYNDEBUG */ 1500 1501/* Tune to channel chan by adjusting the Si4126 RF/IF synthesizer. 1502 * 1503 * The RF/IF synthesizer produces two reference frequencies for 1504 * the RF2948B transceiver. The first frequency the RF2948B requires 1505 * is two times the so-called "intermediate frequency" (IF). Since 1506 * a SAW filter on the radio fixes the IF at 374 MHz, I program the 1507 * Si4126 to generate IF LO = 374 MHz x 2 = 748 MHz. The second 1508 * frequency required by the transceiver is the radio frequency 1509 * (RF). This is a superheterodyne transceiver; for f(chan) the 1510 * center frequency of the channel we are tuning, RF = f(chan) - 1511 * IF. 1512 * 1513 * XXX I am told by SiLabs that the Si4126 will accept a broader range 1514 * of XIN than the 2-25 MHz mentioned by the datasheet, even *without* 1515 * XINDIV2 = 1. I've tried this (it is necessary to double R) and it 1516 * works, but I have still programmed for XINDIV2 = 1 to be safe. 1517 */ 1518static void 1519atw_si4126_tune(struct atw_softc *sc, u_int chan) 1520{ 1521 u_int mhz; 1522 u_int R; 1523 u_int32_t gpio; 1524 u_int16_t gain; 1525 1526#ifdef ATW_SYNDEBUG 1527 atw_si4126_print(sc); 1528#endif /* ATW_SYNDEBUG */ 1529 1530 if (chan == 14) 1531 mhz = 2484; 1532 else 1533 mhz = 2412 + 5 * (chan - 1); 1534 1535 /* Tune IF to 748 MHz to suit the IF LO input of the 1536 * RF2494B, which is 2 x IF. No need to set an IF divider 1537 * because an IF in 526 MHz - 952 MHz is allowed. 1538 * 1539 * XIN is 44.000 MHz, so divide it by two to get allowable 1540 * range of 2-25 MHz. SiLabs tells me that this is not 1541 * strictly necessary. 1542 */ 1543 1544 if (atw_xindiv2) 1545 R = 44; 1546 else 1547 R = 88; 1548 1549 /* Power-up RF, IF synthesizers. */ 1550 atw_si4126_write(sc, SI4126_POWER, 1551 SI4126_POWER_PDIB|SI4126_POWER_PDRB); 1552 1553 /* set LPWR, too? */ 1554 atw_si4126_write(sc, SI4126_MAIN, 1555 (atw_xindiv2) ? SI4126_MAIN_XINDIV2 : 0); 1556 1557 /* Set the phase-locked loop gain. If RF2 N > 2047, then 1558 * set KP2 to 1. 1559 * 1560 * REFDIF This is different from the reference driver, which 1561 * always sets SI4126_GAIN to 0. 1562 */ 1563 gain = __SHIFTIN(((mhz - 374) > 2047) ? 1 : 0, SI4126_GAIN_KP2_MASK); 1564 1565 atw_si4126_write(sc, SI4126_GAIN, gain); 1566 1567 /* XIN = 44 MHz. 1568 * 1569 * If XINDIV2 = 1, IF = N/(2 * R) * XIN. I choose N = 1496, 1570 * R = 44 so that 1496/(2 * 44) * 44 MHz = 748 MHz. 1571 * 1572 * If XINDIV2 = 0, IF = N/R * XIN. I choose N = 1496, R = 88 1573 * so that 1496/88 * 44 MHz = 748 MHz. 1574 */ 1575 atw_si4126_write(sc, SI4126_IFN, 1496); 1576 1577 atw_si4126_write(sc, SI4126_IFR, R); 1578 1579#ifndef ATW_REFSLAVE 1580 /* Set RF1 arbitrarily. DO NOT configure RF1 after RF2, because 1581 * then RF1 becomes the active RF synthesizer, even on the Si4126, 1582 * which has no RF1! 1583 */ 1584 atw_si4126_write(sc, SI4126_RF1R, R); 1585 1586 atw_si4126_write(sc, SI4126_RF1N, mhz - 374); 1587#endif 1588 1589 /* N/R * XIN = RF. XIN = 44 MHz. We desire RF = mhz - IF, 1590 * where IF = 374 MHz. Let's divide XIN to 1 MHz. So R = 44. 1591 * Now let's multiply it to mhz. So mhz - IF = N. 1592 */ 1593 atw_si4126_write(sc, SI4126_RF2R, R); 1594 1595 atw_si4126_write(sc, SI4126_RF2N, mhz - 374); 1596 1597 /* wait 100us from power-up for RF, IF to settle */ 1598 DELAY(100); 1599 1600 gpio = ATW_READ(sc, ATW_GPIO); 1601 gpio &= ~(ATW_GPIO_EN_MASK|ATW_GPIO_O_MASK|ATW_GPIO_I_MASK); 1602 gpio |= __SHIFTIN(1, ATW_GPIO_EN_MASK); 1603 1604 if ((sc->sc_if.if_flags & IFF_LINK1) != 0 && chan != 14) { 1605 /* Set a Prism RF front-end to a special mode for channel 14? 1606 * 1607 * Apparently the SMC2635W needs this, although I don't think 1608 * it has a Prism RF. 1609 */ 1610 gpio |= __SHIFTIN(1, ATW_GPIO_O_MASK); 1611 } 1612 ATW_WRITE(sc, ATW_GPIO, gpio); 1613 1614#ifdef ATW_SYNDEBUG 1615 atw_si4126_print(sc); 1616#endif /* ATW_SYNDEBUG */ 1617} 1618 1619/* Baseline initialization of RF3000 BBP: set CCA mode and enable antenna 1620 * diversity. 1621 * 1622 * !!! 1623 * !!! Call this w/ Tx/Rx suspended, atw_idle(, ATW_NAR_ST|ATW_NAR_SR). 1624 * !!! 1625 */ 1626static int 1627atw_rf3000_init(struct atw_softc *sc) 1628{ 1629 int rc = 0; 1630 1631 atw_bbp_io_enable(sc, 1); 1632 1633 /* CCA is acquisition sensitive */ 1634 rc = atw_rf3000_write(sc, RF3000_CCACTL, 1635 __SHIFTIN(RF3000_CCACTL_MODE_BOTH, RF3000_CCACTL_MODE_MASK)); 1636 1637 if (rc != 0) 1638 goto out; 1639 1640 /* enable diversity */ 1641 rc = atw_rf3000_write(sc, RF3000_DIVCTL, RF3000_DIVCTL_ENABLE); 1642 1643 if (rc != 0) 1644 goto out; 1645 1646 /* sensible setting from a binary-only driver */ 1647 rc = atw_rf3000_write(sc, RF3000_GAINCTL, 1648 __SHIFTIN(0x1d, RF3000_GAINCTL_TXVGC_MASK)); 1649 1650 if (rc != 0) 1651 goto out; 1652 1653 /* magic from a binary-only driver */ 1654 rc = atw_rf3000_write(sc, RF3000_LOGAINCAL, 1655 __SHIFTIN(0x38, RF3000_LOGAINCAL_CAL_MASK)); 1656 1657 if (rc != 0) 1658 goto out; 1659 1660 rc = atw_rf3000_write(sc, RF3000_HIGAINCAL, RF3000_HIGAINCAL_DSSSPAD); 1661 1662 if (rc != 0) 1663 goto out; 1664 1665 /* XXX Reference driver remarks that Abocom sets this to 50. 1666 * Meaning 0x50, I think.... 50 = 0x32, which would set a bit 1667 * in the "reserved" area of register RF3000_OPTIONS1. 1668 */ 1669 rc = atw_rf3000_write(sc, RF3000_OPTIONS1, sc->sc_rf3000_options1); 1670 1671 if (rc != 0) 1672 goto out; 1673 1674 rc = atw_rf3000_write(sc, RF3000_OPTIONS2, sc->sc_rf3000_options2); 1675 1676 if (rc != 0) 1677 goto out; 1678 1679out: 1680 atw_bbp_io_enable(sc, 0); 1681 return rc; 1682} 1683 1684#ifdef ATW_BBPDEBUG 1685static void 1686atw_rf3000_print(struct atw_softc *sc) 1687{ 1688 struct ifnet *ifp = &sc->sc_if; 1689 u_int addr, val; 1690 1691 if (atw_debug < 3 || (ifp->if_flags & IFF_DEBUG) == 0) 1692 return; 1693 1694 for (addr = 0x01; addr <= 0x15; addr++) { 1695 printf("%s: bbp[%d] = \n", device_xname(sc->sc_dev), addr); 1696 if (atw_rf3000_read(sc, addr, &val) != 0) { 1697 printf("<unknown> (quitting print-out)\n"); 1698 break; 1699 } 1700 printf("%08x\n", val); 1701 } 1702} 1703#endif /* ATW_BBPDEBUG */ 1704 1705/* Set the power settings on the BBP for channel `chan'. */ 1706static int 1707atw_rf3000_tune(struct atw_softc *sc, u_int chan) 1708{ 1709 int rc = 0; 1710 u_int32_t reg; 1711 u_int16_t txpower, lpf_cutoff, lna_gs_thresh; 1712 1713 txpower = sc->sc_srom[ATW_SR_TXPOWER(chan)]; 1714 lpf_cutoff = sc->sc_srom[ATW_SR_LPF_CUTOFF(chan)]; 1715 lna_gs_thresh = sc->sc_srom[ATW_SR_LNA_GS_THRESH(chan)]; 1716 1717 /* odd channels: LSB, even channels: MSB */ 1718 if (chan % 2 == 1) { 1719 txpower &= 0xFF; 1720 lpf_cutoff &= 0xFF; 1721 lna_gs_thresh &= 0xFF; 1722 } else { 1723 txpower >>= 8; 1724 lpf_cutoff >>= 8; 1725 lna_gs_thresh >>= 8; 1726 } 1727 1728#ifdef ATW_BBPDEBUG 1729 atw_rf3000_print(sc); 1730#endif /* ATW_BBPDEBUG */ 1731 1732 DPRINTF(sc, ("%s: chan %d txpower %02x, lpf_cutoff %02x, " 1733 "lna_gs_thresh %02x\n", 1734 device_xname(sc->sc_dev), chan, txpower, lpf_cutoff, lna_gs_thresh)); 1735 1736 atw_bbp_io_enable(sc, 1); 1737 1738 if ((rc = atw_rf3000_write(sc, RF3000_GAINCTL, 1739 __SHIFTIN(txpower, RF3000_GAINCTL_TXVGC_MASK))) != 0) 1740 goto out; 1741 1742 if ((rc = atw_rf3000_write(sc, RF3000_LOGAINCAL, lpf_cutoff)) != 0) 1743 goto out; 1744 1745 if ((rc = atw_rf3000_write(sc, RF3000_HIGAINCAL, lna_gs_thresh)) != 0) 1746 goto out; 1747 1748 rc = atw_rf3000_write(sc, RF3000_OPTIONS1, 0x0); 1749 1750 if (rc != 0) 1751 goto out; 1752 1753 rc = atw_rf3000_write(sc, RF3000_OPTIONS2, RF3000_OPTIONS2_LNAGS_DELAY); 1754 1755 if (rc != 0) 1756 goto out; 1757 1758#ifdef ATW_BBPDEBUG 1759 atw_rf3000_print(sc); 1760#endif /* ATW_BBPDEBUG */ 1761 1762out: 1763 atw_bbp_io_enable(sc, 0); 1764 1765 /* set beacon, rts, atim transmit power */ 1766 reg = ATW_READ(sc, ATW_PLCPHD); 1767 reg &= ~ATW_PLCPHD_SERVICE_MASK; 1768 reg |= __SHIFTIN(__SHIFTIN(txpower, RF3000_GAINCTL_TXVGC_MASK), 1769 ATW_PLCPHD_SERVICE_MASK); 1770 ATW_WRITE(sc, ATW_PLCPHD, reg); 1771 DELAY(atw_plcphd_delay); 1772 1773 return rc; 1774} 1775 1776/* Write a register on the RF3000 baseband processor using the 1777 * registers provided by the ADM8211 for this purpose. 1778 * 1779 * Return 0 on success. 1780 */ 1781static int 1782atw_rf3000_write(struct atw_softc *sc, u_int addr, u_int val) 1783{ 1784 u_int32_t reg; 1785 int i; 1786 1787 reg = sc->sc_bbpctl_wr | 1788 __SHIFTIN(val & 0xff, ATW_BBPCTL_DATA_MASK) | 1789 __SHIFTIN(addr & 0x7f, ATW_BBPCTL_ADDR_MASK); 1790 1791 for (i = 20000 / atw_pseudo_milli; --i >= 0; ) { 1792 ATW_WRITE(sc, ATW_BBPCTL, reg); 1793 DELAY(2 * atw_pseudo_milli); 1794 if (ATW_ISSET(sc, ATW_BBPCTL, ATW_BBPCTL_WR) == 0) 1795 break; 1796 } 1797 1798 if (i < 0) { 1799 printf("%s: BBPCTL still busy\n", device_xname(sc->sc_dev)); 1800 return ETIMEDOUT; 1801 } 1802 return 0; 1803} 1804 1805/* Read a register on the RF3000 baseband processor using the registers 1806 * the ADM8211 provides for this purpose. 1807 * 1808 * The 7-bit register address is addr. Record the 8-bit data in the register 1809 * in *val. 1810 * 1811 * Return 0 on success. 1812 * 1813 * XXX This does not seem to work. The ADM8211 must require more or 1814 * different magic to read the chip than to write it. Possibly some 1815 * of the magic I have derived from a binary-only driver concerns 1816 * the "chip address" (see the RF3000 manual). 1817 */ 1818#ifdef ATW_BBPDEBUG 1819static int 1820atw_rf3000_read(struct atw_softc *sc, u_int addr, u_int *val) 1821{ 1822 u_int32_t reg; 1823 int i; 1824 1825 for (i = 1000; --i >= 0; ) { 1826 if (ATW_ISSET(sc, ATW_BBPCTL, ATW_BBPCTL_RD|ATW_BBPCTL_WR) == 0) 1827 break; 1828 DELAY(100); 1829 } 1830 1831 if (i < 0) { 1832 printf("%s: start atw_rf3000_read, BBPCTL busy\n", 1833 device_xname(sc->sc_dev)); 1834 return ETIMEDOUT; 1835 } 1836 1837 reg = sc->sc_bbpctl_rd | __SHIFTIN(addr & 0x7f, ATW_BBPCTL_ADDR_MASK); 1838 1839 ATW_WRITE(sc, ATW_BBPCTL, reg); 1840 1841 for (i = 1000; --i >= 0; ) { 1842 DELAY(100); 1843 if (ATW_ISSET(sc, ATW_BBPCTL, ATW_BBPCTL_RD) == 0) 1844 break; 1845 } 1846 1847 ATW_CLR(sc, ATW_BBPCTL, ATW_BBPCTL_RD); 1848 1849 if (i < 0) { 1850 printf("%s: atw_rf3000_read wrote %08x; BBPCTL still busy\n", 1851 device_xname(sc->sc_dev), reg); 1852 return ETIMEDOUT; 1853 } 1854 if (val != NULL) 1855 *val = __SHIFTOUT(reg, ATW_BBPCTL_DATA_MASK); 1856 return 0; 1857} 1858#endif /* ATW_BBPDEBUG */ 1859 1860/* Write a register on the Si4126 RF/IF synthesizer using the registers 1861 * provided by the ADM8211 for that purpose. 1862 * 1863 * val is 18 bits of data, and val is the 4-bit address of the register. 1864 * 1865 * Return 0 on success. 1866 */ 1867static void 1868atw_si4126_write(struct atw_softc *sc, u_int addr, u_int val) 1869{ 1870 uint32_t bits, mask, reg; 1871 const int nbits = 22; 1872 1873 KASSERT((addr & ~__SHIFTOUT_MASK(SI4126_TWI_ADDR_MASK)) == 0); 1874 KASSERT((val & ~__SHIFTOUT_MASK(SI4126_TWI_DATA_MASK)) == 0); 1875 1876 bits = __SHIFTIN(val, SI4126_TWI_DATA_MASK) | 1877 __SHIFTIN(addr, SI4126_TWI_ADDR_MASK); 1878 1879 reg = ATW_SYNRF_SELSYN; 1880 /* reference driver: reset Si4126 serial bus to initial 1881 * conditions? 1882 */ 1883 ATW_WRITE(sc, ATW_SYNRF, reg | ATW_SYNRF_LEIF); 1884 ATW_WRITE(sc, ATW_SYNRF, reg); 1885 1886 for (mask = __BIT(nbits - 1); mask != 0; mask >>= 1) { 1887 if ((bits & mask) != 0) 1888 reg |= ATW_SYNRF_SYNDATA; 1889 else 1890 reg &= ~ATW_SYNRF_SYNDATA; 1891 ATW_WRITE(sc, ATW_SYNRF, reg); 1892 ATW_WRITE(sc, ATW_SYNRF, reg | ATW_SYNRF_SYNCLK); 1893 ATW_WRITE(sc, ATW_SYNRF, reg); 1894 } 1895 ATW_WRITE(sc, ATW_SYNRF, reg | ATW_SYNRF_LEIF); 1896 ATW_WRITE(sc, ATW_SYNRF, 0x0); 1897} 1898 1899/* Read 18-bit data from the 4-bit address addr in Si4126 1900 * RF synthesizer and write the data to *val. Return 0 on success. 1901 * 1902 * XXX This does not seem to work. The ADM8211 must require more or 1903 * different magic to read the chip than to write it. 1904 */ 1905#ifdef ATW_SYNDEBUG 1906static int 1907atw_si4126_read(struct atw_softc *sc, u_int addr, u_int *val) 1908{ 1909 u_int32_t reg; 1910 int i; 1911 1912 KASSERT((addr & ~__SHIFTOUT_MASK(SI4126_TWI_ADDR_MASK)) == 0); 1913 1914 for (i = 1000; --i >= 0; ) { 1915 if (ATW_ISSET(sc, ATW_SYNCTL, ATW_SYNCTL_RD|ATW_SYNCTL_WR) == 0) 1916 break; 1917 DELAY(100); 1918 } 1919 1920 if (i < 0) { 1921 printf("%s: start atw_si4126_read, SYNCTL busy\n", 1922 device_xname(sc->sc_dev)); 1923 return ETIMEDOUT; 1924 } 1925 1926 reg = sc->sc_synctl_rd | __SHIFTIN(addr, ATW_SYNCTL_DATA_MASK); 1927 1928 ATW_WRITE(sc, ATW_SYNCTL, reg); 1929 1930 for (i = 1000; --i >= 0; ) { 1931 DELAY(100); 1932 if (ATW_ISSET(sc, ATW_SYNCTL, ATW_SYNCTL_RD) == 0) 1933 break; 1934 } 1935 1936 ATW_CLR(sc, ATW_SYNCTL, ATW_SYNCTL_RD); 1937 1938 if (i < 0) { 1939 printf("%s: atw_si4126_read wrote %#08x, SYNCTL still busy\n", 1940 device_xname(sc->sc_dev), reg); 1941 return ETIMEDOUT; 1942 } 1943 if (val != NULL) 1944 *val = __SHIFTOUT(ATW_READ(sc, ATW_SYNCTL), 1945 ATW_SYNCTL_DATA_MASK); 1946 return 0; 1947} 1948#endif /* ATW_SYNDEBUG */ 1949 1950/* XXX is the endianness correct? test. */ 1951#define atw_calchash(addr) \ 1952 (ether_crc32_le((addr), IEEE80211_ADDR_LEN) & __BITS(5, 0)) 1953 1954/* 1955 * atw_filter_setup: 1956 * 1957 * Set the ADM8211's receive filter. 1958 */ 1959static void 1960atw_filter_setup(struct atw_softc *sc) 1961{ 1962 struct ieee80211com *ic = &sc->sc_ic; 1963 struct ethercom *ec = &sc->sc_ec; 1964 struct ifnet *ifp = &sc->sc_if; 1965 int hash; 1966 u_int32_t hashes[2]; 1967 struct ether_multi *enm; 1968 struct ether_multistep step; 1969 1970 /* According to comments in tlp_al981_filter_setup 1971 * (dev/ic/tulip.c) the ADMtek AL981 does not like for its 1972 * multicast filter to be set while it is running. Hopefully 1973 * the ADM8211 is not the same! 1974 */ 1975 if ((ifp->if_flags & IFF_RUNNING) != 0) 1976 atw_idle(sc, ATW_NAR_SR); 1977 1978 sc->sc_opmode &= ~(ATW_NAR_PB|ATW_NAR_PR|ATW_NAR_MM); 1979 ifp->if_flags &= ~IFF_ALLMULTI; 1980 1981 /* XXX in scan mode, do not filter packets. Maybe this is 1982 * unnecessary. 1983 */ 1984 if (ic->ic_state == IEEE80211_S_SCAN || 1985 (ifp->if_flags & IFF_PROMISC) != 0) { 1986 sc->sc_opmode |= ATW_NAR_PR | ATW_NAR_PB; 1987 goto allmulti; 1988 } 1989 1990 hashes[0] = hashes[1] = 0x0; 1991 1992 /* 1993 * Program the 64-bit multicast hash filter. 1994 */ 1995 ETHER_FIRST_MULTI(step, ec, enm); 1996 while (enm != NULL) { 1997 if (memcmp(enm->enm_addrlo, enm->enm_addrhi, 1998 ETHER_ADDR_LEN) != 0) 1999 goto allmulti; 2000 2001 hash = atw_calchash(enm->enm_addrlo); 2002 hashes[hash >> 5] |= 1 << (hash & 0x1f); 2003 ETHER_NEXT_MULTI(step, enm); 2004 sc->sc_opmode |= ATW_NAR_MM; 2005 } 2006 ifp->if_flags &= ~IFF_ALLMULTI; 2007 goto setit; 2008 2009allmulti: 2010 sc->sc_opmode |= ATW_NAR_MM; 2011 ifp->if_flags |= IFF_ALLMULTI; 2012 hashes[0] = hashes[1] = 0xffffffff; 2013 2014setit: 2015 ATW_WRITE(sc, ATW_MAR0, hashes[0]); 2016 ATW_WRITE(sc, ATW_MAR1, hashes[1]); 2017 ATW_WRITE(sc, ATW_NAR, sc->sc_opmode); 2018 DELAY(atw_nar_delay); 2019 ATW_WRITE(sc, ATW_RDR, 0x1); 2020 2021 DPRINTF(sc, ("%s: ATW_NAR %08x opmode %08x\n", device_xname(sc->sc_dev), 2022 ATW_READ(sc, ATW_NAR), sc->sc_opmode)); 2023} 2024 2025/* Tell the ADM8211 our preferred BSSID. The ADM8211 must match 2026 * a beacon's BSSID and SSID against the preferred BSSID and SSID 2027 * before it will raise ATW_INTR_LINKON. When the ADM8211 receives 2028 * no beacon with the preferred BSSID and SSID in the number of 2029 * beacon intervals given in ATW_BPLI, then it raises ATW_INTR_LINKOFF. 2030 */ 2031static void 2032atw_write_bssid(struct atw_softc *sc) 2033{ 2034 struct ieee80211com *ic = &sc->sc_ic; 2035 u_int8_t *bssid; 2036 2037 bssid = ic->ic_bss->ni_bssid; 2038 2039 ATW_WRITE(sc, ATW_BSSID0, 2040 __SHIFTIN(bssid[0], ATW_BSSID0_BSSIDB0_MASK) | 2041 __SHIFTIN(bssid[1], ATW_BSSID0_BSSIDB1_MASK) | 2042 __SHIFTIN(bssid[2], ATW_BSSID0_BSSIDB2_MASK) | 2043 __SHIFTIN(bssid[3], ATW_BSSID0_BSSIDB3_MASK)); 2044 2045 ATW_WRITE(sc, ATW_ABDA1, 2046 (ATW_READ(sc, ATW_ABDA1) & 2047 ~(ATW_ABDA1_BSSIDB4_MASK|ATW_ABDA1_BSSIDB5_MASK)) | 2048 __SHIFTIN(bssid[4], ATW_ABDA1_BSSIDB4_MASK) | 2049 __SHIFTIN(bssid[5], ATW_ABDA1_BSSIDB5_MASK)); 2050 2051 DPRINTF(sc, ("%s: BSSID %s -> ", device_xname(sc->sc_dev), 2052 ether_sprintf(sc->sc_bssid))); 2053 DPRINTF(sc, ("%s\n", ether_sprintf(bssid))); 2054 2055 memcpy(sc->sc_bssid, bssid, sizeof(sc->sc_bssid)); 2056} 2057 2058/* Write buflen bytes from buf to SRAM starting at the SRAM's ofs'th 2059 * 16-bit word. 2060 */ 2061static void 2062atw_write_sram(struct atw_softc *sc, u_int ofs, u_int8_t *buf, u_int buflen) 2063{ 2064 u_int i; 2065 u_int8_t *ptr; 2066 2067 memcpy(&sc->sc_sram[ofs], buf, buflen); 2068 2069 KASSERT(ofs % 2 == 0 && buflen % 2 == 0); 2070 2071 KASSERT(buflen + ofs <= sc->sc_sramlen); 2072 2073 ptr = &sc->sc_sram[ofs]; 2074 2075 for (i = 0; i < buflen; i += 2) { 2076 ATW_WRITE(sc, ATW_WEPCTL, ATW_WEPCTL_WR | 2077 __SHIFTIN((ofs + i) / 2, ATW_WEPCTL_TBLADD_MASK)); 2078 DELAY(atw_writewep_delay); 2079 2080 ATW_WRITE(sc, ATW_WESK, 2081 __SHIFTIN((ptr[i + 1] << 8) | ptr[i], ATW_WESK_DATA_MASK)); 2082 DELAY(atw_writewep_delay); 2083 } 2084 ATW_WRITE(sc, ATW_WEPCTL, sc->sc_wepctl); /* restore WEP condition */ 2085 2086 if (sc->sc_if.if_flags & IFF_DEBUG) { 2087 int n_octets = 0; 2088 printf("%s: wrote %d bytes at 0x%x wepctl 0x%08x\n", 2089 device_xname(sc->sc_dev), buflen, ofs, sc->sc_wepctl); 2090 for (i = 0; i < buflen; i++) { 2091 printf(" %02x", ptr[i]); 2092 if (++n_octets % 24 == 0) 2093 printf("\n"); 2094 } 2095 if (n_octets % 24 != 0) 2096 printf("\n"); 2097 } 2098} 2099 2100static int 2101atw_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) 2102{ 2103 struct atw_softc *sc = ic->ic_ifp->if_softc; 2104 u_int keyix = k->wk_keyix; 2105 2106 DPRINTF(sc, ("%s: delete key %u\n", __func__, keyix)); 2107 2108 if (keyix >= IEEE80211_WEP_NKID) 2109 return 0; 2110 if (k->wk_keylen != 0) 2111 sc->sc_flags &= ~ATWF_WEP_SRAM_VALID; 2112 2113 return 1; 2114} 2115 2116static int 2117atw_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, 2118 const u_int8_t mac[IEEE80211_ADDR_LEN]) 2119{ 2120 struct atw_softc *sc = ic->ic_ifp->if_softc; 2121 2122 DPRINTF(sc, ("%s: set key %u\n", __func__, k->wk_keyix)); 2123 2124 if (k->wk_keyix >= IEEE80211_WEP_NKID) 2125 return 0; 2126 2127 sc->sc_flags &= ~ATWF_WEP_SRAM_VALID; 2128 2129 return 1; 2130} 2131 2132static void 2133atw_key_update_begin(struct ieee80211com *ic) 2134{ 2135#ifdef ATW_DEBUG 2136 struct ifnet *ifp = ic->ic_ifp; 2137 struct atw_softc *sc = ifp->if_softc; 2138#endif 2139 2140 DPRINTF(sc, ("%s:\n", __func__)); 2141} 2142 2143static void 2144atw_key_update_end(struct ieee80211com *ic) 2145{ 2146 struct ifnet *ifp = ic->ic_ifp; 2147 struct atw_softc *sc = ifp->if_softc; 2148 2149 DPRINTF(sc, ("%s:\n", __func__)); 2150 2151 if ((sc->sc_flags & ATWF_WEP_SRAM_VALID) != 0) 2152 return; 2153 if (!device_activation(sc->sc_dev, DEVACT_LEVEL_DRIVER)) 2154 return; 2155 atw_idle(sc, ATW_NAR_SR | ATW_NAR_ST); 2156 atw_write_wep(sc); 2157 ATW_WRITE(sc, ATW_NAR, sc->sc_opmode); 2158 DELAY(atw_nar_delay); 2159 ATW_WRITE(sc, ATW_RDR, 0x1); 2160} 2161 2162/* Write WEP keys from the ieee80211com to the ADM8211's SRAM. */ 2163static void 2164atw_write_wep(struct atw_softc *sc) 2165{ 2166#if 0 2167 struct ieee80211com *ic = &sc->sc_ic; 2168 u_int32_t reg; 2169 int i; 2170#endif 2171 /* SRAM shared-key record format: key0 flags key1 ... key12 */ 2172 u_int8_t buf[IEEE80211_WEP_NKID] 2173 [1 /* key[0] */ + 1 /* flags */ + 12 /* key[1 .. 12] */]; 2174 2175 sc->sc_wepctl = 0; 2176 ATW_WRITE(sc, ATW_WEPCTL, sc->sc_wepctl); 2177 2178 memset(&buf[0][0], 0, sizeof(buf)); 2179 2180#if 0 2181 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 2182 if (ic->ic_nw_keys[i].wk_keylen > 5) { 2183 buf[i][1] = ATW_WEP_ENABLED | ATW_WEP_104BIT; 2184 } else if (ic->ic_nw_keys[i].wk_keylen != 0) { 2185 buf[i][1] = ATW_WEP_ENABLED; 2186 } else { 2187 buf[i][1] = 0; 2188 continue; 2189 } 2190 buf[i][0] = ic->ic_nw_keys[i].wk_key[0]; 2191 memcpy(&buf[i][2], &ic->ic_nw_keys[i].wk_key[1], 2192 ic->ic_nw_keys[i].wk_keylen - 1); 2193 } 2194 2195 reg = ATW_READ(sc, ATW_MACTEST); 2196 reg |= ATW_MACTEST_MMI_USETXCLK | ATW_MACTEST_FORCE_KEYID; 2197 reg &= ~ATW_MACTEST_KEYID_MASK; 2198 reg |= __SHIFTIN(ic->ic_def_txkey, ATW_MACTEST_KEYID_MASK); 2199 ATW_WRITE(sc, ATW_MACTEST, reg); 2200 2201 if ((ic->ic_flags & IEEE80211_F_PRIVACY) != 0) 2202 sc->sc_wepctl |= ATW_WEPCTL_WEPENABLE; 2203 2204 switch (sc->sc_rev) { 2205 case ATW_REVISION_AB: 2206 case ATW_REVISION_AF: 2207 /* Bypass WEP on Rx. */ 2208 sc->sc_wepctl |= ATW_WEPCTL_WEPRXBYP; 2209 break; 2210 default: 2211 break; 2212 } 2213#endif 2214 2215 atw_write_sram(sc, ATW_SRAM_ADDR_SHARED_KEY, (u_int8_t*)&buf[0][0], 2216 sizeof(buf)); 2217 2218 sc->sc_flags |= ATWF_WEP_SRAM_VALID; 2219} 2220 2221static void 2222atw_recv_mgmt(struct ieee80211com *ic, struct mbuf *m, 2223 struct ieee80211_node *ni, int subtype, int rssi, u_int32_t rstamp) 2224{ 2225 struct atw_softc *sc = (struct atw_softc *)ic->ic_ifp->if_softc; 2226 2227 /* The ADM8211A answers probe requests. TBD ADM8211B/C. */ 2228 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_REQ) 2229 return; 2230 2231 (*sc->sc_recv_mgmt)(ic, m, ni, subtype, rssi, rstamp); 2232 2233 switch (subtype) { 2234 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 2235 case IEEE80211_FC0_SUBTYPE_BEACON: 2236 if (ic->ic_opmode == IEEE80211_M_IBSS && 2237 ic->ic_state == IEEE80211_S_RUN) { 2238 if (le64toh(ni->ni_tstamp.tsf) >= atw_get_tsft(sc)) 2239 (void)ieee80211_ibss_merge(ni); 2240 } 2241 break; 2242 default: 2243 break; 2244 } 2245 return; 2246} 2247 2248/* Write the SSID in the ieee80211com to the SRAM on the ADM8211. 2249 * In ad hoc mode, the SSID is written to the beacons sent by the 2250 * ADM8211. In both ad hoc and infrastructure mode, beacons received 2251 * with matching SSID affect ATW_INTR_LINKON/ATW_INTR_LINKOFF 2252 * indications. 2253 */ 2254static void 2255atw_write_ssid(struct atw_softc *sc) 2256{ 2257 struct ieee80211com *ic = &sc->sc_ic; 2258 /* 34 bytes are reserved in ADM8211 SRAM for the SSID, but 2259 * it only expects the element length, not its ID. 2260 */ 2261 u_int8_t buf[roundup(1 /* length */ + IEEE80211_NWID_LEN, 2)]; 2262 2263 memset(buf, 0, sizeof(buf)); 2264 buf[0] = ic->ic_bss->ni_esslen; 2265 memcpy(&buf[1], ic->ic_bss->ni_essid, ic->ic_bss->ni_esslen); 2266 2267 atw_write_sram(sc, ATW_SRAM_ADDR_SSID, buf, 2268 roundup(1 + ic->ic_bss->ni_esslen, 2)); 2269} 2270 2271/* Write the supported rates in the ieee80211com to the SRAM of the ADM8211. 2272 * In ad hoc mode, the supported rates are written to beacons sent by the 2273 * ADM8211. 2274 */ 2275static void 2276atw_write_sup_rates(struct atw_softc *sc) 2277{ 2278 struct ieee80211com *ic = &sc->sc_ic; 2279 /* 14 bytes are probably (XXX) reserved in the ADM8211 SRAM for 2280 * supported rates 2281 */ 2282 u_int8_t buf[roundup(1 /* length */ + IEEE80211_RATE_SIZE, 2)]; 2283 2284 memset(buf, 0, sizeof(buf)); 2285 2286 buf[0] = ic->ic_bss->ni_rates.rs_nrates; 2287 2288 memcpy(&buf[1], ic->ic_bss->ni_rates.rs_rates, 2289 ic->ic_bss->ni_rates.rs_nrates); 2290 2291 atw_write_sram(sc, ATW_SRAM_ADDR_SUPRATES, buf, sizeof(buf)); 2292} 2293 2294/* Start/stop sending beacons. */ 2295void 2296atw_start_beacon(struct atw_softc *sc, int start) 2297{ 2298 struct ieee80211com *ic = &sc->sc_ic; 2299 uint16_t chan; 2300 uint32_t bcnt, bpli, cap0, cap1, capinfo; 2301 size_t len; 2302 2303 if (!device_is_active(sc->sc_dev)) 2304 return; 2305 2306 /* start beacons */ 2307 len = sizeof(struct ieee80211_frame) + 2308 8 /* timestamp */ + 2 /* beacon interval */ + 2309 2 /* capability info */ + 2310 2 + ic->ic_bss->ni_esslen /* SSID element */ + 2311 2 + ic->ic_bss->ni_rates.rs_nrates /* rates element */ + 2312 3 /* DS parameters */ + 2313 IEEE80211_CRC_LEN; 2314 2315 bcnt = ATW_READ(sc, ATW_BCNT) & ~ATW_BCNT_BCNT_MASK; 2316 cap0 = ATW_READ(sc, ATW_CAP0) & ~ATW_CAP0_CHN_MASK; 2317 cap1 = ATW_READ(sc, ATW_CAP1) & ~ATW_CAP1_CAPI_MASK; 2318 2319 ATW_WRITE(sc, ATW_BCNT, bcnt); 2320 ATW_WRITE(sc, ATW_CAP1, cap1); 2321 2322 if (!start) 2323 return; 2324 2325 /* TBD use ni_capinfo */ 2326 2327 capinfo = 0; 2328 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2329 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 2330 if (ic->ic_flags & IEEE80211_F_PRIVACY) 2331 capinfo |= IEEE80211_CAPINFO_PRIVACY; 2332 2333 switch (ic->ic_opmode) { 2334 case IEEE80211_M_IBSS: 2335 len += 4; /* IBSS parameters */ 2336 capinfo |= IEEE80211_CAPINFO_IBSS; 2337 break; 2338 case IEEE80211_M_HOSTAP: 2339 /* XXX 6-byte minimum TIM */ 2340 len += atw_beacon_len_adjust; 2341 capinfo |= IEEE80211_CAPINFO_ESS; 2342 break; 2343 default: 2344 return; 2345 } 2346 2347 /* set listen interval 2348 * XXX do software units agree w/ hardware? 2349 */ 2350 bpli = __SHIFTIN(ic->ic_bss->ni_intval, ATW_BPLI_BP_MASK) | 2351 __SHIFTIN(ic->ic_lintval / ic->ic_bss->ni_intval, ATW_BPLI_LI_MASK); 2352 2353 chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 2354 2355 bcnt |= __SHIFTIN(len, ATW_BCNT_BCNT_MASK); 2356 cap0 |= __SHIFTIN(chan, ATW_CAP0_CHN_MASK); 2357 cap1 |= __SHIFTIN(capinfo, ATW_CAP1_CAPI_MASK); 2358 2359 ATW_WRITE(sc, ATW_BCNT, bcnt); 2360 ATW_WRITE(sc, ATW_BPLI, bpli); 2361 ATW_WRITE(sc, ATW_CAP0, cap0); 2362 ATW_WRITE(sc, ATW_CAP1, cap1); 2363 2364 DPRINTF(sc, ("%s: atw_start_beacon reg[ATW_BCNT] = %08x\n", 2365 device_xname(sc->sc_dev), bcnt)); 2366 2367 DPRINTF(sc, ("%s: atw_start_beacon reg[ATW_CAP1] = %08x\n", 2368 device_xname(sc->sc_dev), cap1)); 2369} 2370 2371/* Return the 32 lsb of the last TSFT divisible by ival. */ 2372static inline uint32_t 2373atw_last_even_tsft(uint32_t tsfth, uint32_t tsftl, uint32_t ival) 2374{ 2375 /* Following the reference driver's lead, I compute 2376 * 2377 * (uint32_t)((((uint64_t)tsfth << 32) | tsftl) % ival) 2378 * 2379 * without using 64-bit arithmetic, using the following 2380 * relationship: 2381 * 2382 * (0x100000000 * H + L) % m 2383 * = ((0x100000000 % m) * H + L) % m 2384 * = (((0xffffffff + 1) % m) * H + L) % m 2385 * = ((0xffffffff % m + 1 % m) * H + L) % m 2386 * = ((0xffffffff % m + 1) * H + L) % m 2387 */ 2388 return ((0xFFFFFFFF % ival + 1) * tsfth + tsftl) % ival; 2389} 2390 2391static uint64_t 2392atw_get_tsft(struct atw_softc *sc) 2393{ 2394 int i; 2395 uint32_t tsfth, tsftl; 2396 for (i = 0; i < 2; i++) { 2397 tsfth = ATW_READ(sc, ATW_TSFTH); 2398 tsftl = ATW_READ(sc, ATW_TSFTL); 2399 if (ATW_READ(sc, ATW_TSFTH) == tsfth) 2400 break; 2401 } 2402 return ((uint64_t)tsfth << 32) | tsftl; 2403} 2404 2405/* If we've created an IBSS, write the TSF time in the ADM8211 to 2406 * the ieee80211com. 2407 * 2408 * Predict the next target beacon transmission time (TBTT) and 2409 * write it to the ADM8211. 2410 */ 2411static void 2412atw_predict_beacon(struct atw_softc *sc) 2413{ 2414#define TBTTOFS 20 /* TU */ 2415 2416 struct ieee80211com *ic = &sc->sc_ic; 2417 uint64_t tsft; 2418 uint32_t ival, past_even, tbtt, tsfth, tsftl; 2419 union { 2420 uint64_t word; 2421 uint8_t tstamp[8]; 2422 } u; 2423 2424 if ((ic->ic_opmode == IEEE80211_M_HOSTAP) || 2425 ((ic->ic_opmode == IEEE80211_M_IBSS) && 2426 (ic->ic_flags & IEEE80211_F_SIBSS))) { 2427 tsft = atw_get_tsft(sc); 2428 u.word = htole64(tsft); 2429 (void)memcpy(&ic->ic_bss->ni_tstamp, &u.tstamp[0], 2430 sizeof(ic->ic_bss->ni_tstamp)); 2431 } else 2432 tsft = le64toh(ic->ic_bss->ni_tstamp.tsf); 2433 2434 ival = ic->ic_bss->ni_intval * IEEE80211_DUR_TU; 2435 2436 tsftl = tsft & 0xFFFFFFFF; 2437 tsfth = tsft >> 32; 2438 2439 /* We sent/received the last beacon `past' microseconds 2440 * after the interval divided the TSF timer. 2441 */ 2442 past_even = tsftl - atw_last_even_tsft(tsfth, tsftl, ival); 2443 2444 /* Skip ten beacons so that the TBTT cannot pass before 2445 * we've programmed it. Ten is an arbitrary number. 2446 */ 2447 tbtt = past_even + ival * 10; 2448 2449 ATW_WRITE(sc, ATW_TOFS1, 2450 __SHIFTIN(1, ATW_TOFS1_TSFTOFSR_MASK) | 2451 __SHIFTIN(TBTTOFS, ATW_TOFS1_TBTTOFS_MASK) | 2452 __SHIFTIN(__SHIFTOUT(tbtt - TBTTOFS * IEEE80211_DUR_TU, 2453 ATW_TBTTPRE_MASK), ATW_TOFS1_TBTTPRE_MASK)); 2454#undef TBTTOFS 2455} 2456 2457static void 2458atw_next_scan(void *arg) 2459{ 2460 struct atw_softc *sc = arg; 2461 struct ieee80211com *ic = &sc->sc_ic; 2462 int s; 2463 2464 /* don't call atw_start w/o network interrupts blocked */ 2465 s = splnet(); 2466 if (ic->ic_state == IEEE80211_S_SCAN) 2467 ieee80211_next_scan(ic); 2468 splx(s); 2469} 2470 2471/* Synchronize the hardware state with the software state. */ 2472static int 2473atw_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 2474{ 2475 struct ifnet *ifp = ic->ic_ifp; 2476 struct atw_softc *sc = ifp->if_softc; 2477 enum ieee80211_state ostate; 2478 int error = 0; 2479 2480 ostate = ic->ic_state; 2481 callout_stop(&sc->sc_scan_ch); 2482 2483 switch (nstate) { 2484 case IEEE80211_S_AUTH: 2485 case IEEE80211_S_ASSOC: 2486 atw_write_bssid(sc); 2487 error = atw_tune(sc); 2488 break; 2489 case IEEE80211_S_INIT: 2490 callout_stop(&sc->sc_scan_ch); 2491 sc->sc_cur_chan = IEEE80211_CHAN_ANY; 2492 atw_start_beacon(sc, 0); 2493 break; 2494 case IEEE80211_S_SCAN: 2495 error = atw_tune(sc); 2496 callout_reset(&sc->sc_scan_ch, atw_dwelltime * hz / 1000, 2497 atw_next_scan, sc); 2498 break; 2499 case IEEE80211_S_RUN: 2500 error = atw_tune(sc); 2501 atw_write_bssid(sc); 2502 atw_write_ssid(sc); 2503 atw_write_sup_rates(sc); 2504 2505 if (ic->ic_opmode == IEEE80211_M_AHDEMO || 2506 ic->ic_opmode == IEEE80211_M_MONITOR) 2507 break; 2508 2509 /* set listen interval 2510 * XXX do software units agree w/ hardware? 2511 */ 2512 ATW_WRITE(sc, ATW_BPLI, 2513 __SHIFTIN(ic->ic_bss->ni_intval, ATW_BPLI_BP_MASK) | 2514 __SHIFTIN(ic->ic_lintval / ic->ic_bss->ni_intval, 2515 ATW_BPLI_LI_MASK)); 2516 2517 DPRINTF(sc, ("%s: reg[ATW_BPLI] = %08x\n", device_xname(sc->sc_dev), 2518 ATW_READ(sc, ATW_BPLI))); 2519 2520 atw_predict_beacon(sc); 2521 2522 switch (ic->ic_opmode) { 2523 case IEEE80211_M_AHDEMO: 2524 case IEEE80211_M_HOSTAP: 2525 case IEEE80211_M_IBSS: 2526 atw_start_beacon(sc, 1); 2527 break; 2528 case IEEE80211_M_MONITOR: 2529 case IEEE80211_M_STA: 2530 break; 2531 } 2532 2533 break; 2534 } 2535 return (error != 0) ? error : (*sc->sc_newstate)(ic, nstate, arg); 2536} 2537 2538/* 2539 * atw_add_rxbuf: 2540 * 2541 * Add a receive buffer to the indicated descriptor. 2542 */ 2543int 2544atw_add_rxbuf(struct atw_softc *sc, int idx) 2545{ 2546 struct atw_rxsoft *rxs = &sc->sc_rxsoft[idx]; 2547 struct mbuf *m; 2548 int error; 2549 2550 MGETHDR(m, M_DONTWAIT, MT_DATA); 2551 if (m == NULL) 2552 return (ENOBUFS); 2553 2554 MCLGET(m, M_DONTWAIT); 2555 if ((m->m_flags & M_EXT) == 0) { 2556 m_freem(m); 2557 return (ENOBUFS); 2558 } 2559 2560 if (rxs->rxs_mbuf != NULL) 2561 bus_dmamap_unload(sc->sc_dmat, rxs->rxs_dmamap); 2562 2563 rxs->rxs_mbuf = m; 2564 2565 error = bus_dmamap_load(sc->sc_dmat, rxs->rxs_dmamap, 2566 m->m_ext.ext_buf, m->m_ext.ext_size, NULL, 2567 BUS_DMA_READ|BUS_DMA_NOWAIT); 2568 if (error) { 2569 aprint_error_dev(sc->sc_dev, "can't load rx DMA map %d, error = %d\n", 2570 idx, error); 2571 panic("atw_add_rxbuf"); /* XXX */ 2572 } 2573 2574 bus_dmamap_sync(sc->sc_dmat, rxs->rxs_dmamap, 0, 2575 rxs->rxs_dmamap->dm_mapsize, BUS_DMASYNC_PREREAD); 2576 2577 atw_init_rxdesc(sc, idx); 2578 2579 return (0); 2580} 2581 2582/* 2583 * Release any queued transmit buffers. 2584 */ 2585void 2586atw_txdrain(struct atw_softc *sc) 2587{ 2588 struct atw_txsoft *txs; 2589 2590 while ((txs = SIMPLEQ_FIRST(&sc->sc_txdirtyq)) != NULL) { 2591 SIMPLEQ_REMOVE_HEAD(&sc->sc_txdirtyq, txs_q); 2592 if (txs->txs_mbuf != NULL) { 2593 bus_dmamap_unload(sc->sc_dmat, txs->txs_dmamap); 2594 m_freem(txs->txs_mbuf); 2595 txs->txs_mbuf = NULL; 2596 } 2597 SIMPLEQ_INSERT_TAIL(&sc->sc_txfreeq, txs, txs_q); 2598 sc->sc_txfree += txs->txs_ndescs; 2599 } 2600 2601 KASSERT((sc->sc_if.if_flags & IFF_RUNNING) == 0 || 2602 !(SIMPLEQ_EMPTY(&sc->sc_txfreeq) || 2603 sc->sc_txfree != ATW_NTXDESC)); 2604 sc->sc_if.if_flags &= ~IFF_OACTIVE; 2605 sc->sc_tx_timer = 0; 2606} 2607 2608/* 2609 * atw_stop: [ ifnet interface function ] 2610 * 2611 * Stop transmission on the interface. 2612 */ 2613void 2614atw_stop(struct ifnet *ifp, int disable) 2615{ 2616 struct atw_softc *sc = ifp->if_softc; 2617 struct ieee80211com *ic = &sc->sc_ic; 2618 2619 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2620 2621 if (device_is_active(sc->sc_dev)) { 2622 /* Disable interrupts. */ 2623 ATW_WRITE(sc, ATW_IER, 0); 2624 2625 /* Stop the transmit and receive processes. */ 2626 ATW_WRITE(sc, ATW_NAR, 0); 2627 DELAY(atw_nar_delay); 2628 ATW_WRITE(sc, ATW_TDBD, 0); 2629 ATW_WRITE(sc, ATW_TDBP, 0); 2630 ATW_WRITE(sc, ATW_RDB, 0); 2631 } 2632 2633 sc->sc_opmode = 0; 2634 2635 atw_txdrain(sc); 2636 2637 /* 2638 * Mark the interface down and cancel the watchdog timer. 2639 */ 2640 ifp->if_flags &= ~IFF_RUNNING; 2641 ifp->if_timer = 0; 2642 2643 if (disable) 2644 pmf_device_suspend(sc->sc_dev, &sc->sc_qual); 2645} 2646 2647/* 2648 * atw_rxdrain: 2649 * 2650 * Drain the receive queue. 2651 */ 2652void 2653atw_rxdrain(struct atw_softc *sc) 2654{ 2655 struct atw_rxsoft *rxs; 2656 int i; 2657 2658 for (i = 0; i < ATW_NRXDESC; i++) { 2659 rxs = &sc->sc_rxsoft[i]; 2660 if (rxs->rxs_mbuf == NULL) 2661 continue; 2662 bus_dmamap_unload(sc->sc_dmat, rxs->rxs_dmamap); 2663 m_freem(rxs->rxs_mbuf); 2664 rxs->rxs_mbuf = NULL; 2665 } 2666} 2667 2668/* 2669 * atw_detach: 2670 * 2671 * Detach an ADM8211 interface. 2672 */ 2673int 2674atw_detach(struct atw_softc *sc) 2675{ 2676 struct ifnet *ifp = &sc->sc_if; 2677 struct atw_rxsoft *rxs; 2678 struct atw_txsoft *txs; 2679 int i; 2680 2681 /* 2682 * Succeed now if there isn't any work to do. 2683 */ 2684 if ((sc->sc_flags & ATWF_ATTACHED) == 0) 2685 return (0); 2686 2687 pmf_device_deregister(sc->sc_dev); 2688 2689 callout_stop(&sc->sc_scan_ch); 2690 2691 ieee80211_ifdetach(&sc->sc_ic); 2692 if_detach(ifp); 2693 2694 for (i = 0; i < ATW_NRXDESC; i++) { 2695 rxs = &sc->sc_rxsoft[i]; 2696 if (rxs->rxs_mbuf != NULL) { 2697 bus_dmamap_unload(sc->sc_dmat, rxs->rxs_dmamap); 2698 m_freem(rxs->rxs_mbuf); 2699 rxs->rxs_mbuf = NULL; 2700 } 2701 bus_dmamap_destroy(sc->sc_dmat, rxs->rxs_dmamap); 2702 } 2703 for (i = 0; i < ATW_TXQUEUELEN; i++) { 2704 txs = &sc->sc_txsoft[i]; 2705 if (txs->txs_mbuf != NULL) { 2706 bus_dmamap_unload(sc->sc_dmat, txs->txs_dmamap); 2707 m_freem(txs->txs_mbuf); 2708 txs->txs_mbuf = NULL; 2709 } 2710 bus_dmamap_destroy(sc->sc_dmat, txs->txs_dmamap); 2711 } 2712 bus_dmamap_unload(sc->sc_dmat, sc->sc_cddmamap); 2713 bus_dmamap_destroy(sc->sc_dmat, sc->sc_cddmamap); 2714 bus_dmamem_unmap(sc->sc_dmat, (void *)sc->sc_control_data, 2715 sizeof(struct atw_control_data)); 2716 bus_dmamem_free(sc->sc_dmat, &sc->sc_cdseg, sc->sc_cdnseg); 2717 2718 if (sc->sc_srom) 2719 free(sc->sc_srom, M_DEVBUF); 2720 2721 atw_evcnt_detach(sc); 2722 2723 return (0); 2724} 2725 2726/* atw_shutdown: make sure the interface is stopped at reboot time. */ 2727bool 2728atw_shutdown(device_t self, int flags) 2729{ 2730 struct atw_softc *sc = device_private(self); 2731 2732 atw_stop(&sc->sc_if, 1); 2733 return true; 2734} 2735 2736#if 0 2737static void 2738atw_workaround1(struct atw_softc *sc) 2739{ 2740 uint32_t test1; 2741 2742 test1 = ATW_READ(sc, ATW_TEST1); 2743 2744 sc->sc_misc_ev.ev_count++; 2745 2746 if ((test1 & ATW_TEST1_RXPKT1IN) != 0) { 2747 sc->sc_rxpkt1in_ev.ev_count++; 2748 return; 2749 } 2750 if (__SHIFTOUT(test1, ATW_TEST1_RRA_MASK) == 2751 __SHIFTOUT(test1, ATW_TEST1_RWA_MASK)) { 2752 sc->sc_rxamatch_ev.ev_count++; 2753 return; 2754 } 2755 sc->sc_workaround1_ev.ev_count++; 2756 (void)atw_init(&sc->sc_if); 2757} 2758#endif 2759 2760int 2761atw_intr(void *arg) 2762{ 2763 struct atw_softc *sc = arg; 2764 struct ifnet *ifp = &sc->sc_if; 2765 u_int32_t status, rxstatus, txstatus, linkstatus; 2766 int handled = 0, txthresh; 2767 2768#ifdef DEBUG 2769 if (!device_activation(sc->sc_dev, DEVACT_LEVEL_DRIVER)) 2770 panic("%s: atw_intr: not enabled", device_xname(sc->sc_dev)); 2771#endif 2772 2773 /* 2774 * If the interface isn't running, the interrupt couldn't 2775 * possibly have come from us. 2776 */ 2777 if ((ifp->if_flags & IFF_RUNNING) == 0 || 2778 !device_activation(sc->sc_dev, DEVACT_LEVEL_DRIVER)) 2779 return (0); 2780 2781 for (;;) { 2782 status = ATW_READ(sc, ATW_STSR); 2783 2784 if (status) 2785 ATW_WRITE(sc, ATW_STSR, status); 2786 2787#ifdef ATW_DEBUG 2788#define PRINTINTR(flag) do { \ 2789 if ((status & flag) != 0) { \ 2790 printf("%s" #flag, delim); \ 2791 delim = ","; \ 2792 } \ 2793} while (0) 2794 2795 if (atw_debug > 1 && status) { 2796 const char *delim = "<"; 2797 2798 printf("%s: reg[STSR] = %x", 2799 device_xname(sc->sc_dev), status); 2800 2801 PRINTINTR(ATW_INTR_FBE); 2802 PRINTINTR(ATW_INTR_LINKOFF); 2803 PRINTINTR(ATW_INTR_LINKON); 2804 PRINTINTR(ATW_INTR_RCI); 2805 PRINTINTR(ATW_INTR_RDU); 2806 PRINTINTR(ATW_INTR_REIS); 2807 PRINTINTR(ATW_INTR_RPS); 2808 PRINTINTR(ATW_INTR_TCI); 2809 PRINTINTR(ATW_INTR_TDU); 2810 PRINTINTR(ATW_INTR_TLT); 2811 PRINTINTR(ATW_INTR_TPS); 2812 PRINTINTR(ATW_INTR_TRT); 2813 PRINTINTR(ATW_INTR_TUF); 2814 PRINTINTR(ATW_INTR_BCNTC); 2815 PRINTINTR(ATW_INTR_ATIME); 2816 PRINTINTR(ATW_INTR_TBTT); 2817 PRINTINTR(ATW_INTR_TSCZ); 2818 PRINTINTR(ATW_INTR_TSFTF); 2819 printf(">\n"); 2820 } 2821#undef PRINTINTR 2822#endif /* ATW_DEBUG */ 2823 2824 if ((status & sc->sc_inten) == 0) 2825 break; 2826 2827 handled = 1; 2828 2829 rxstatus = status & sc->sc_rxint_mask; 2830 txstatus = status & sc->sc_txint_mask; 2831 linkstatus = status & sc->sc_linkint_mask; 2832 2833 if (linkstatus) { 2834 atw_linkintr(sc, linkstatus); 2835 } 2836 2837 if (rxstatus) { 2838 /* Grab any new packets. */ 2839 atw_rxintr(sc); 2840 2841 if (rxstatus & ATW_INTR_RDU) { 2842 printf("%s: receive ring overrun\n", 2843 device_xname(sc->sc_dev)); 2844 /* Get the receive process going again. */ 2845 ATW_WRITE(sc, ATW_RDR, 0x1); 2846 } 2847 } 2848 2849 if (txstatus) { 2850 /* Sweep up transmit descriptors. */ 2851 atw_txintr(sc, txstatus); 2852 2853 if (txstatus & ATW_INTR_TLT) { 2854 DPRINTF(sc, ("%s: tx lifetime exceeded\n", 2855 device_xname(sc->sc_dev))); 2856 (void)atw_init(&sc->sc_if); 2857 } 2858 2859 if (txstatus & ATW_INTR_TRT) { 2860 DPRINTF(sc, ("%s: tx retry limit exceeded\n", 2861 device_xname(sc->sc_dev))); 2862 } 2863 2864 /* If Tx under-run, increase our transmit threshold 2865 * if another is available. 2866 */ 2867 txthresh = sc->sc_txthresh + 1; 2868 if ((txstatus & ATW_INTR_TUF) && 2869 sc->sc_txth[txthresh].txth_name != NULL) { 2870 /* Idle the transmit process. */ 2871 atw_idle(sc, ATW_NAR_ST); 2872 2873 sc->sc_txthresh = txthresh; 2874 sc->sc_opmode &= ~(ATW_NAR_TR_MASK|ATW_NAR_SF); 2875 sc->sc_opmode |= 2876 sc->sc_txth[txthresh].txth_opmode; 2877 printf("%s: transmit underrun; new " 2878 "threshold: %s\n", device_xname(sc->sc_dev), 2879 sc->sc_txth[txthresh].txth_name); 2880 2881 /* Set the new threshold and restart 2882 * the transmit process. 2883 */ 2884 ATW_WRITE(sc, ATW_NAR, sc->sc_opmode); 2885 DELAY(atw_nar_delay); 2886 ATW_WRITE(sc, ATW_TDR, 0x1); 2887 /* XXX Log every Nth underrun from 2888 * XXX now on? 2889 */ 2890 } 2891 } 2892 2893 if (status & (ATW_INTR_TPS|ATW_INTR_RPS)) { 2894 if (status & ATW_INTR_TPS) 2895 printf("%s: transmit process stopped\n", 2896 device_xname(sc->sc_dev)); 2897 if (status & ATW_INTR_RPS) 2898 printf("%s: receive process stopped\n", 2899 device_xname(sc->sc_dev)); 2900 (void)atw_init(ifp); 2901 break; 2902 } 2903 2904 if (status & ATW_INTR_FBE) { 2905 aprint_error_dev(sc->sc_dev, "fatal bus error\n"); 2906 (void)atw_init(ifp); 2907 break; 2908 } 2909 2910 /* 2911 * Not handled: 2912 * 2913 * Transmit buffer unavailable -- normal 2914 * condition, nothing to do, really. 2915 * 2916 * Early receive interrupt -- not available on 2917 * all chips, we just use RI. We also only 2918 * use single-segment receive DMA, so this 2919 * is mostly useless. 2920 * 2921 * TBD others 2922 */ 2923 } 2924 2925 /* Try to get more packets going. */ 2926 atw_start(ifp); 2927 2928 return (handled); 2929} 2930 2931/* 2932 * atw_idle: 2933 * 2934 * Cause the transmit and/or receive processes to go idle. 2935 * 2936 * XXX It seems that the ADM8211 will not signal the end of the Rx/Tx 2937 * process in STSR if I clear SR or ST after the process has already 2938 * ceased. Fair enough. But the Rx process status bits in ATW_TEST0 2939 * do not seem to be too reliable. Perhaps I have the sense of the 2940 * Rx bits switched with the Tx bits? 2941 */ 2942void 2943atw_idle(struct atw_softc *sc, u_int32_t bits) 2944{ 2945 u_int32_t ackmask = 0, opmode, stsr, test0; 2946 int i, s; 2947 2948 s = splnet(); 2949 2950 opmode = sc->sc_opmode & ~bits; 2951 2952 if (bits & ATW_NAR_SR) 2953 ackmask |= ATW_INTR_RPS; 2954 2955 if (bits & ATW_NAR_ST) { 2956 ackmask |= ATW_INTR_TPS; 2957 /* set ATW_NAR_HF to flush TX FIFO. */ 2958 opmode |= ATW_NAR_HF; 2959 } 2960 2961 ATW_WRITE(sc, ATW_NAR, opmode); 2962 DELAY(atw_nar_delay); 2963 2964 for (i = 0; i < 1000; i++) { 2965 stsr = ATW_READ(sc, ATW_STSR); 2966 if ((stsr & ackmask) == ackmask) 2967 break; 2968 DELAY(10); 2969 } 2970 2971 ATW_WRITE(sc, ATW_STSR, stsr & ackmask); 2972 2973 if ((stsr & ackmask) == ackmask) 2974 goto out; 2975 2976 test0 = ATW_READ(sc, ATW_TEST0); 2977 2978 if ((bits & ATW_NAR_ST) != 0 && (stsr & ATW_INTR_TPS) == 0 && 2979 (test0 & ATW_TEST0_TS_MASK) != ATW_TEST0_TS_STOPPED) { 2980 printf("%s: transmit process not idle [%s]\n", 2981 device_xname(sc->sc_dev), 2982 atw_tx_state[__SHIFTOUT(test0, ATW_TEST0_TS_MASK)]); 2983 printf("%s: bits %08x test0 %08x stsr %08x\n", 2984 device_xname(sc->sc_dev), bits, test0, stsr); 2985 } 2986 2987 if ((bits & ATW_NAR_SR) != 0 && (stsr & ATW_INTR_RPS) == 0 && 2988 (test0 & ATW_TEST0_RS_MASK) != ATW_TEST0_RS_STOPPED) { 2989 DPRINTF2(sc, ("%s: receive process not idle [%s]\n", 2990 device_xname(sc->sc_dev), 2991 atw_rx_state[__SHIFTOUT(test0, ATW_TEST0_RS_MASK)])); 2992 DPRINTF2(sc, ("%s: bits %08x test0 %08x stsr %08x\n", 2993 device_xname(sc->sc_dev), bits, test0, stsr)); 2994 } 2995out: 2996 if ((bits & ATW_NAR_ST) != 0) 2997 atw_txdrain(sc); 2998 splx(s); 2999 return; 3000} 3001 3002/* 3003 * atw_linkintr: 3004 * 3005 * Helper; handle link-status interrupts. 3006 */ 3007void 3008atw_linkintr(struct atw_softc *sc, u_int32_t linkstatus) 3009{ 3010 struct ieee80211com *ic = &sc->sc_ic; 3011 3012 if (ic->ic_state != IEEE80211_S_RUN) 3013 return; 3014 3015 if (linkstatus & ATW_INTR_LINKON) { 3016 DPRINTF(sc, ("%s: link on\n", device_xname(sc->sc_dev))); 3017 sc->sc_rescan_timer = 0; 3018 } else if (linkstatus & ATW_INTR_LINKOFF) { 3019 DPRINTF(sc, ("%s: link off\n", device_xname(sc->sc_dev))); 3020 if (ic->ic_opmode != IEEE80211_M_STA) 3021 return; 3022 sc->sc_rescan_timer = 3; 3023 sc->sc_if.if_timer = 1; 3024 } 3025} 3026 3027static inline int 3028atw_hw_decrypted(struct atw_softc *sc, struct ieee80211_frame_min *wh) 3029{ 3030 if ((sc->sc_ic.ic_flags & IEEE80211_F_PRIVACY) == 0) 3031 return 0; 3032 if ((wh->i_fc[1] & IEEE80211_FC1_WEP) == 0) 3033 return 0; 3034 return (sc->sc_wepctl & ATW_WEPCTL_WEPRXBYP) == 0; 3035} 3036 3037/* 3038 * atw_rxintr: 3039 * 3040 * Helper; handle receive interrupts. 3041 */ 3042void 3043atw_rxintr(struct atw_softc *sc) 3044{ 3045 static int rate_tbl[] = {2, 4, 11, 22, 44}; 3046 struct ieee80211com *ic = &sc->sc_ic; 3047 struct ieee80211_node *ni; 3048 struct ieee80211_frame_min *wh; 3049 struct ifnet *ifp = &sc->sc_if; 3050 struct atw_rxsoft *rxs; 3051 struct mbuf *m; 3052 u_int32_t rxstat; 3053 int i, len, rate, rate0; 3054 u_int32_t rssi, ctlrssi; 3055 3056 for (i = sc->sc_rxptr;; i = sc->sc_rxptr) { 3057 rxs = &sc->sc_rxsoft[i]; 3058 3059 ATW_CDRXSYNC(sc, i, BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); 3060 3061 rxstat = le32toh(sc->sc_rxdescs[i].ar_stat); 3062 ctlrssi = le32toh(sc->sc_rxdescs[i].ar_ctlrssi); 3063 rate0 = __SHIFTOUT(rxstat, ATW_RXSTAT_RXDR_MASK); 3064 3065 if (rxstat & ATW_RXSTAT_OWN) { 3066 ATW_CDRXSYNC(sc, i, BUS_DMASYNC_PREREAD); 3067 break; 3068 } 3069 3070 sc->sc_rxptr = ATW_NEXTRX(i); 3071 3072 DPRINTF3(sc, 3073 ("%s: rx stat %08x ctlrssi %08x buf1 %08x buf2 %08x\n", 3074 device_xname(sc->sc_dev), 3075 rxstat, ctlrssi, 3076 le32toh(sc->sc_rxdescs[i].ar_buf1), 3077 le32toh(sc->sc_rxdescs[i].ar_buf2))); 3078 3079 /* 3080 * Make sure the packet fits in one buffer. This should 3081 * always be the case. 3082 */ 3083 if ((rxstat & (ATW_RXSTAT_FS|ATW_RXSTAT_LS)) != 3084 (ATW_RXSTAT_FS|ATW_RXSTAT_LS)) { 3085 printf("%s: incoming packet spilled, resetting\n", 3086 device_xname(sc->sc_dev)); 3087 (void)atw_init(ifp); 3088 return; 3089 } 3090 3091 /* 3092 * If an error occurred, update stats, clear the status 3093 * word, and leave the packet buffer in place. It will 3094 * simply be reused the next time the ring comes around. 3095 */ 3096 if ((rxstat & (ATW_RXSTAT_DE | ATW_RXSTAT_RXTOE)) != 0) { 3097#define PRINTERR(bit, str) \ 3098 if (rxstat & (bit)) \ 3099 aprint_error_dev(sc->sc_dev, "receive error: %s\n", \ 3100 str) 3101 ifp->if_ierrors++; 3102 PRINTERR(ATW_RXSTAT_DE, "descriptor error"); 3103 PRINTERR(ATW_RXSTAT_RXTOE, "time-out"); 3104#if 0 3105 PRINTERR(ATW_RXSTAT_SFDE, "PLCP SFD error"); 3106 PRINTERR(ATW_RXSTAT_SIGE, "PLCP signal error"); 3107 PRINTERR(ATW_RXSTAT_CRC16E, "PLCP CRC16 error"); 3108 PRINTERR(ATW_RXSTAT_ICVE, "WEP ICV error"); 3109#endif 3110#undef PRINTERR 3111 atw_init_rxdesc(sc, i); 3112 continue; 3113 } 3114 3115 bus_dmamap_sync(sc->sc_dmat, rxs->rxs_dmamap, 0, 3116 rxs->rxs_dmamap->dm_mapsize, BUS_DMASYNC_POSTREAD); 3117 3118 /* 3119 * No errors; receive the packet. Note the ADM8211 3120 * includes the CRC in promiscuous mode. 3121 */ 3122 len = __SHIFTOUT(rxstat, ATW_RXSTAT_FL_MASK); 3123 3124 /* 3125 * Allocate a new mbuf cluster. If that fails, we are 3126 * out of memory, and must drop the packet and recycle 3127 * the buffer that's already attached to this descriptor. 3128 */ 3129 m = rxs->rxs_mbuf; 3130 if (atw_add_rxbuf(sc, i) != 0) { 3131 ifp->if_ierrors++; 3132 bus_dmamap_sync(sc->sc_dmat, rxs->rxs_dmamap, 0, 3133 rxs->rxs_dmamap->dm_mapsize, BUS_DMASYNC_PREREAD); 3134 atw_init_rxdesc(sc, i); 3135 continue; 3136 } 3137 3138 ifp->if_ipackets++; 3139 m->m_pkthdr.rcvif = ifp; 3140 m->m_pkthdr.len = m->m_len = MIN(m->m_ext.ext_size, len); 3141 3142 rate = (rate0 < __arraycount(rate_tbl)) ? rate_tbl[rate0] : 0; 3143 3144 /* The RSSI comes straight from a register in the 3145 * baseband processor. I know that for the RF3000, 3146 * the RSSI register also contains the antenna-selection 3147 * bits. Mask those off. 3148 * 3149 * TBD Treat other basebands. 3150 * TBD Use short-preamble bit and such in RF3000_RXSTAT. 3151 */ 3152 if (sc->sc_bbptype == ATW_BBPTYPE_RFMD) 3153 rssi = ctlrssi & RF3000_RSSI_MASK; 3154 else 3155 rssi = ctlrssi; 3156 3157 /* Pass this up to any BPF listeners. */ 3158 if (sc->sc_radiobpf != NULL) { 3159 struct atw_rx_radiotap_header *tap = &sc->sc_rxtap; 3160 3161 tap->ar_rate = rate; 3162 3163 /* TBD verify units are dB */ 3164 tap->ar_antsignal = (int)rssi; 3165 if (sc->sc_opmode & ATW_NAR_PR) 3166 tap->ar_flags = IEEE80211_RADIOTAP_F_FCS; 3167 else 3168 tap->ar_flags = 0; 3169 3170 if ((rxstat & ATW_RXSTAT_CRC32E) != 0) 3171 tap->ar_flags |= IEEE80211_RADIOTAP_F_BADFCS; 3172 3173 bpf_mtap2(sc->sc_radiobpf, tap, sizeof(sc->sc_rxtapu), 3174 m); 3175 } 3176 3177 sc->sc_recv_ev.ev_count++; 3178 3179 if ((rxstat & (ATW_RXSTAT_CRC16E|ATW_RXSTAT_CRC32E|ATW_RXSTAT_ICVE|ATW_RXSTAT_SFDE|ATW_RXSTAT_SIGE)) != 0) { 3180 if (rxstat & ATW_RXSTAT_CRC16E) 3181 sc->sc_crc16e_ev.ev_count++; 3182 if (rxstat & ATW_RXSTAT_CRC32E) 3183 sc->sc_crc32e_ev.ev_count++; 3184 if (rxstat & ATW_RXSTAT_ICVE) 3185 sc->sc_icve_ev.ev_count++; 3186 if (rxstat & ATW_RXSTAT_SFDE) 3187 sc->sc_sfde_ev.ev_count++; 3188 if (rxstat & ATW_RXSTAT_SIGE) 3189 sc->sc_sige_ev.ev_count++; 3190 ifp->if_ierrors++; 3191 m_freem(m); 3192 continue; 3193 } 3194 3195 if (sc->sc_opmode & ATW_NAR_PR) 3196 m_adj(m, -IEEE80211_CRC_LEN); 3197 3198 wh = mtod(m, struct ieee80211_frame_min *); 3199 ni = ieee80211_find_rxnode(ic, wh); 3200#if 0 3201 if (atw_hw_decrypted(sc, wh)) { 3202 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 3203 DPRINTF(sc, ("%s: hw decrypted\n", __func__)); 3204 } 3205#endif 3206 ieee80211_input(ic, m, ni, (int)rssi, 0); 3207 ieee80211_free_node(ni); 3208 } 3209} 3210 3211/* 3212 * atw_txintr: 3213 * 3214 * Helper; handle transmit interrupts. 3215 */ 3216void 3217atw_txintr(struct atw_softc *sc, uint32_t status) 3218{ 3219 static char txstat_buf[sizeof("ffffffff<>" ATW_TXSTAT_FMT)]; 3220 struct ifnet *ifp = &sc->sc_if; 3221 struct atw_txsoft *txs; 3222 u_int32_t txstat; 3223 3224 DPRINTF3(sc, ("%s: atw_txintr: sc_flags 0x%08x\n", 3225 device_xname(sc->sc_dev), sc->sc_flags)); 3226 3227 /* 3228 * Go through our Tx list and free mbufs for those 3229 * frames that have been transmitted. 3230 */ 3231 while ((txs = SIMPLEQ_FIRST(&sc->sc_txdirtyq)) != NULL) { 3232 ATW_CDTXSYNC(sc, txs->txs_lastdesc, 1, 3233 BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); 3234 3235#ifdef ATW_DEBUG 3236 if ((ifp->if_flags & IFF_DEBUG) != 0 && atw_debug > 2) { 3237 int i; 3238 printf(" txsoft %p transmit chain:\n", txs); 3239 ATW_CDTXSYNC(sc, txs->txs_firstdesc, 3240 txs->txs_ndescs - 1, 3241 BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); 3242 for (i = txs->txs_firstdesc;; i = ATW_NEXTTX(i)) { 3243 printf(" descriptor %d:\n", i); 3244 printf(" at_status: 0x%08x\n", 3245 le32toh(sc->sc_txdescs[i].at_stat)); 3246 printf(" at_flags: 0x%08x\n", 3247 le32toh(sc->sc_txdescs[i].at_flags)); 3248 printf(" at_buf1: 0x%08x\n", 3249 le32toh(sc->sc_txdescs[i].at_buf1)); 3250 printf(" at_buf2: 0x%08x\n", 3251 le32toh(sc->sc_txdescs[i].at_buf2)); 3252 if (i == txs->txs_lastdesc) 3253 break; 3254 } 3255 ATW_CDTXSYNC(sc, txs->txs_firstdesc, 3256 txs->txs_ndescs - 1, BUS_DMASYNC_PREREAD); 3257 } 3258#endif 3259 3260 txstat = le32toh(sc->sc_txdescs[txs->txs_lastdesc].at_stat); 3261 if (txstat & ATW_TXSTAT_OWN) { 3262 ATW_CDTXSYNC(sc, txs->txs_lastdesc, 1, 3263 BUS_DMASYNC_PREREAD); 3264 break; 3265 } 3266 3267 SIMPLEQ_REMOVE_HEAD(&sc->sc_txdirtyq, txs_q); 3268 3269 bus_dmamap_sync(sc->sc_dmat, txs->txs_dmamap, 3270 0, txs->txs_dmamap->dm_mapsize, 3271 BUS_DMASYNC_POSTWRITE); 3272 bus_dmamap_unload(sc->sc_dmat, txs->txs_dmamap); 3273 m_freem(txs->txs_mbuf); 3274 txs->txs_mbuf = NULL; 3275 3276 sc->sc_txfree += txs->txs_ndescs; 3277 SIMPLEQ_INSERT_TAIL(&sc->sc_txfreeq, txs, txs_q); 3278 3279 KASSERT(!SIMPLEQ_EMPTY(&sc->sc_txfreeq) && sc->sc_txfree != 0); 3280 sc->sc_tx_timer = 0; 3281 ifp->if_flags &= ~IFF_OACTIVE; 3282 3283 if ((ifp->if_flags & IFF_DEBUG) != 0 && 3284 (txstat & ATW_TXSTAT_ERRMASK) != 0) { 3285 snprintb(txstat_buf, sizeof(txstat_buf), 3286 ATW_TXSTAT_FMT, txstat & ATW_TXSTAT_ERRMASK); 3287 printf("%s: txstat %s %" __PRIuBITS "\n", 3288 device_xname(sc->sc_dev), txstat_buf, 3289 __SHIFTOUT(txstat, ATW_TXSTAT_ARC_MASK)); 3290 } 3291 3292 sc->sc_xmit_ev.ev_count++; 3293 3294 /* 3295 * Check for errors and collisions. 3296 */ 3297 if (txstat & ATW_TXSTAT_TUF) 3298 sc->sc_tuf_ev.ev_count++; 3299 if (txstat & ATW_TXSTAT_TLT) 3300 sc->sc_tlt_ev.ev_count++; 3301 if (txstat & ATW_TXSTAT_TRT) 3302 sc->sc_trt_ev.ev_count++; 3303 if (txstat & ATW_TXSTAT_TRO) 3304 sc->sc_tro_ev.ev_count++; 3305 if (txstat & ATW_TXSTAT_SOFBR) 3306 sc->sc_sofbr_ev.ev_count++; 3307 3308 if ((txstat & ATW_TXSTAT_ES) == 0) 3309 ifp->if_collisions += 3310 __SHIFTOUT(txstat, ATW_TXSTAT_ARC_MASK); 3311 else 3312 ifp->if_oerrors++; 3313 3314 ifp->if_opackets++; 3315 } 3316 3317 KASSERT(txs != NULL || (ifp->if_flags & IFF_OACTIVE) == 0); 3318} 3319 3320/* 3321 * atw_watchdog: [ifnet interface function] 3322 * 3323 * Watchdog timer handler. 3324 */ 3325void 3326atw_watchdog(struct ifnet *ifp) 3327{ 3328 struct atw_softc *sc = ifp->if_softc; 3329 struct ieee80211com *ic = &sc->sc_ic; 3330 3331 ifp->if_timer = 0; 3332 if (!device_is_active(sc->sc_dev)) 3333 return; 3334 3335 if (sc->sc_rescan_timer != 0 && --sc->sc_rescan_timer == 0) 3336 (void)ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 3337 if (sc->sc_tx_timer != 0 && --sc->sc_tx_timer == 0 && 3338 !SIMPLEQ_EMPTY(&sc->sc_txdirtyq)) { 3339 printf("%s: transmit timeout\n", ifp->if_xname); 3340 ifp->if_oerrors++; 3341 (void)atw_init(ifp); 3342 atw_start(ifp); 3343 } 3344 if (sc->sc_tx_timer != 0 || sc->sc_rescan_timer != 0) 3345 ifp->if_timer = 1; 3346 ieee80211_watchdog(ic); 3347} 3348 3349static void 3350atw_evcnt_detach(struct atw_softc *sc) 3351{ 3352 evcnt_detach(&sc->sc_sige_ev); 3353 evcnt_detach(&sc->sc_sfde_ev); 3354 evcnt_detach(&sc->sc_icve_ev); 3355 evcnt_detach(&sc->sc_crc32e_ev); 3356 evcnt_detach(&sc->sc_crc16e_ev); 3357 evcnt_detach(&sc->sc_recv_ev); 3358 3359 evcnt_detach(&sc->sc_tuf_ev); 3360 evcnt_detach(&sc->sc_tro_ev); 3361 evcnt_detach(&sc->sc_trt_ev); 3362 evcnt_detach(&sc->sc_tlt_ev); 3363 evcnt_detach(&sc->sc_sofbr_ev); 3364 evcnt_detach(&sc->sc_xmit_ev); 3365 3366 evcnt_detach(&sc->sc_rxpkt1in_ev); 3367 evcnt_detach(&sc->sc_rxamatch_ev); 3368 evcnt_detach(&sc->sc_workaround1_ev); 3369 evcnt_detach(&sc->sc_misc_ev); 3370} 3371 3372static void 3373atw_evcnt_attach(struct atw_softc *sc) 3374{ 3375 evcnt_attach_dynamic(&sc->sc_recv_ev, EVCNT_TYPE_MISC, 3376 NULL, sc->sc_if.if_xname, "recv"); 3377 evcnt_attach_dynamic(&sc->sc_crc16e_ev, EVCNT_TYPE_MISC, 3378 &sc->sc_recv_ev, sc->sc_if.if_xname, "CRC16 error"); 3379 evcnt_attach_dynamic(&sc->sc_crc32e_ev, EVCNT_TYPE_MISC, 3380 &sc->sc_recv_ev, sc->sc_if.if_xname, "CRC32 error"); 3381 evcnt_attach_dynamic(&sc->sc_icve_ev, EVCNT_TYPE_MISC, 3382 &sc->sc_recv_ev, sc->sc_if.if_xname, "ICV error"); 3383 evcnt_attach_dynamic(&sc->sc_sfde_ev, EVCNT_TYPE_MISC, 3384 &sc->sc_recv_ev, sc->sc_if.if_xname, "PLCP SFD error"); 3385 evcnt_attach_dynamic(&sc->sc_sige_ev, EVCNT_TYPE_MISC, 3386 &sc->sc_recv_ev, sc->sc_if.if_xname, "PLCP Signal Field error"); 3387 3388 evcnt_attach_dynamic(&sc->sc_xmit_ev, EVCNT_TYPE_MISC, 3389 NULL, sc->sc_if.if_xname, "xmit"); 3390 evcnt_attach_dynamic(&sc->sc_tuf_ev, EVCNT_TYPE_MISC, 3391 &sc->sc_xmit_ev, sc->sc_if.if_xname, "transmit underflow"); 3392 evcnt_attach_dynamic(&sc->sc_tro_ev, EVCNT_TYPE_MISC, 3393 &sc->sc_xmit_ev, sc->sc_if.if_xname, "transmit overrun"); 3394 evcnt_attach_dynamic(&sc->sc_trt_ev, EVCNT_TYPE_MISC, 3395 &sc->sc_xmit_ev, sc->sc_if.if_xname, "retry count exceeded"); 3396 evcnt_attach_dynamic(&sc->sc_tlt_ev, EVCNT_TYPE_MISC, 3397 &sc->sc_xmit_ev, sc->sc_if.if_xname, "lifetime exceeded"); 3398 evcnt_attach_dynamic(&sc->sc_sofbr_ev, EVCNT_TYPE_MISC, 3399 &sc->sc_xmit_ev, sc->sc_if.if_xname, "packet size mismatch"); 3400 3401 evcnt_attach_dynamic(&sc->sc_misc_ev, EVCNT_TYPE_MISC, 3402 NULL, sc->sc_if.if_xname, "misc"); 3403 evcnt_attach_dynamic(&sc->sc_workaround1_ev, EVCNT_TYPE_MISC, 3404 &sc->sc_misc_ev, sc->sc_if.if_xname, "workaround #1"); 3405 evcnt_attach_dynamic(&sc->sc_rxamatch_ev, EVCNT_TYPE_MISC, 3406 &sc->sc_misc_ev, sc->sc_if.if_xname, "rra equals rwa"); 3407 evcnt_attach_dynamic(&sc->sc_rxpkt1in_ev, EVCNT_TYPE_MISC, 3408 &sc->sc_misc_ev, sc->sc_if.if_xname, "rxpkt1in set"); 3409} 3410 3411#ifdef ATW_DEBUG 3412static void 3413atw_dump_pkt(struct ifnet *ifp, struct mbuf *m0) 3414{ 3415 struct atw_softc *sc = ifp->if_softc; 3416 struct mbuf *m; 3417 int i, noctets = 0; 3418 3419 printf("%s: %d-byte packet\n", device_xname(sc->sc_dev), 3420 m0->m_pkthdr.len); 3421 3422 for (m = m0; m; m = m->m_next) { 3423 if (m->m_len == 0) 3424 continue; 3425 for (i = 0; i < m->m_len; i++) { 3426 printf(" %02x", ((u_int8_t*)m->m_data)[i]); 3427 if (++noctets % 24 == 0) 3428 printf("\n"); 3429 } 3430 } 3431 printf("%s%s: %d bytes emitted\n", 3432 (noctets % 24 != 0) ? "\n" : "", device_xname(sc->sc_dev), noctets); 3433} 3434#endif /* ATW_DEBUG */ 3435 3436/* 3437 * atw_start: [ifnet interface function] 3438 * 3439 * Start packet transmission on the interface. 3440 */ 3441void 3442atw_start(struct ifnet *ifp) 3443{ 3444 struct atw_softc *sc = ifp->if_softc; 3445 struct ieee80211_key *k; 3446 struct ieee80211com *ic = &sc->sc_ic; 3447 struct ieee80211_node *ni; 3448 struct ieee80211_frame_min *whm; 3449 struct ieee80211_frame *wh; 3450 struct atw_frame *hh; 3451 uint16_t hdrctl; 3452 struct mbuf *m0, *m; 3453 struct atw_txsoft *txs, *last_txs; 3454 struct atw_txdesc *txd; 3455 int npkt, rate; 3456 bus_dmamap_t dmamap; 3457 int ctl, error, firsttx, nexttx, lasttx, first, ofree, seg; 3458 3459 DPRINTF2(sc, ("%s: atw_start: sc_flags 0x%08x, if_flags 0x%08x\n", 3460 device_xname(sc->sc_dev), sc->sc_flags, ifp->if_flags)); 3461 3462 if ((ifp->if_flags & (IFF_RUNNING|IFF_OACTIVE)) != IFF_RUNNING) 3463 return; 3464 3465 /* 3466 * Remember the previous number of free descriptors and 3467 * the first descriptor we'll use. 3468 */ 3469 ofree = sc->sc_txfree; 3470 firsttx = lasttx = sc->sc_txnext; 3471 3472 DPRINTF2(sc, ("%s: atw_start: txfree %d, txnext %d\n", 3473 device_xname(sc->sc_dev), ofree, firsttx)); 3474 3475 /* 3476 * Loop through the send queue, setting up transmit descriptors 3477 * until we drain the queue, or use up all available transmit 3478 * descriptors. 3479 */ 3480 while ((txs = SIMPLEQ_FIRST(&sc->sc_txfreeq)) != NULL && 3481 sc->sc_txfree != 0) { 3482 3483 hdrctl = htole16(ATW_HDRCTL_UNKNOWN1); 3484 3485 /* 3486 * Grab a packet off the management queue, if it 3487 * is not empty. Otherwise, from the data queue. 3488 */ 3489 IF_DEQUEUE(&ic->ic_mgtq, m0); 3490 if (m0 != NULL) { 3491 ni = (struct ieee80211_node *)m0->m_pkthdr.rcvif; 3492 m0->m_pkthdr.rcvif = NULL; 3493 } else if (ic->ic_state != IEEE80211_S_RUN) 3494 break; /* send no data until associated */ 3495 else { 3496 IFQ_DEQUEUE(&ifp->if_snd, m0); 3497 if (m0 == NULL) 3498 break; 3499 bpf_mtap(ifp, m0); 3500 ni = ieee80211_find_txnode(ic, 3501 mtod(m0, struct ether_header *)->ether_dhost); 3502 if (ni == NULL) { 3503 ifp->if_oerrors++; 3504 break; 3505 } 3506 if ((m0 = ieee80211_encap(ic, m0, ni)) == NULL) { 3507 ieee80211_free_node(ni); 3508 ifp->if_oerrors++; 3509 break; 3510 } 3511 } 3512 3513 rate = MAX(ieee80211_get_rate(ni), 2); 3514 3515 whm = mtod(m0, struct ieee80211_frame_min *); 3516 3517 if ((whm->i_fc[1] & IEEE80211_FC1_WEP) == 0) 3518 k = NULL; 3519 else if ((k = ieee80211_crypto_encap(ic, ni, m0)) == NULL) { 3520 m_freem(m0); 3521 ieee80211_free_node(ni); 3522 ifp->if_oerrors++; 3523 break; 3524 } 3525#if 0 3526 if (IEEE80211_IS_MULTICAST(wh->i_addr1) && 3527 m0->m_pkthdr.len > ic->ic_fragthreshold) 3528 hdrctl |= htole16(ATW_HDRCTL_MORE_FRAG); 3529#endif 3530 3531 if (m0->m_pkthdr.len + IEEE80211_CRC_LEN >= ic->ic_rtsthreshold) 3532 hdrctl |= htole16(ATW_HDRCTL_RTSCTS); 3533 3534 if (ieee80211_compute_duration(whm, k, m0->m_pkthdr.len, 3535 ic->ic_flags, ic->ic_fragthreshold, rate, 3536 &txs->txs_d0, &txs->txs_dn, &npkt, 0) == -1) { 3537 DPRINTF2(sc, ("%s: fail compute duration\n", __func__)); 3538 m_freem(m0); 3539 break; 3540 } 3541 3542 /* XXX Misleading if fragmentation is enabled. Better 3543 * to fragment in software? 3544 */ 3545 *(uint16_t *)whm->i_dur = htole16(txs->txs_d0.d_rts_dur); 3546 3547 /* 3548 * Pass the packet to any BPF listeners. 3549 */ 3550 bpf_mtap3(ic->ic_rawbpf, m0); 3551 3552 if (sc->sc_radiobpf != NULL) { 3553 struct atw_tx_radiotap_header *tap = &sc->sc_txtap; 3554 3555 tap->at_rate = rate; 3556 3557 bpf_mtap2(sc->sc_radiobpf, tap, sizeof(sc->sc_txtapu), 3558 m0); 3559 } 3560 3561 M_PREPEND(m0, offsetof(struct atw_frame, atw_ihdr), M_DONTWAIT); 3562 3563 if (ni != NULL) 3564 ieee80211_free_node(ni); 3565 3566 if (m0 == NULL) { 3567 ifp->if_oerrors++; 3568 break; 3569 } 3570 3571 /* just to make sure. */ 3572 m0 = m_pullup(m0, sizeof(struct atw_frame)); 3573 3574 if (m0 == NULL) { 3575 ifp->if_oerrors++; 3576 break; 3577 } 3578 3579 hh = mtod(m0, struct atw_frame *); 3580 wh = &hh->atw_ihdr; 3581 3582 /* Copy everything we need from the 802.11 header: 3583 * Frame Control; address 1, address 3, or addresses 3584 * 3 and 4. NIC fills in BSSID, SA. 3585 */ 3586 if (wh->i_fc[1] & IEEE80211_FC1_DIR_TODS) { 3587 if (wh->i_fc[1] & IEEE80211_FC1_DIR_FROMDS) 3588 panic("%s: illegal WDS frame", 3589 device_xname(sc->sc_dev)); 3590 memcpy(hh->atw_dst, wh->i_addr3, IEEE80211_ADDR_LEN); 3591 } else 3592 memcpy(hh->atw_dst, wh->i_addr1, IEEE80211_ADDR_LEN); 3593 3594 *(u_int16_t*)hh->atw_fc = *(u_int16_t*)wh->i_fc; 3595 3596 /* initialize remaining Tx parameters */ 3597 memset(&hh->u, 0, sizeof(hh->u)); 3598 3599 hh->atw_rate = rate * 5; 3600 /* XXX this could be incorrect if M_FCS. _encap should 3601 * probably strip FCS just in case it sticks around in 3602 * bridged packets. 3603 */ 3604 hh->atw_service = 0x00; /* XXX guess */ 3605 hh->atw_paylen = htole16(m0->m_pkthdr.len - 3606 sizeof(struct atw_frame)); 3607 3608 /* never fragment multicast frames */ 3609 if (IEEE80211_IS_MULTICAST(hh->atw_dst)) 3610 hh->atw_fragthr = htole16(IEEE80211_FRAG_MAX); 3611 else { 3612 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 3613 (ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE)) 3614 hdrctl |= htole16(ATW_HDRCTL_SHORT_PREAMBLE); 3615 hh->atw_fragthr = htole16(ic->ic_fragthreshold); 3616 } 3617 3618 hh->atw_rtylmt = 3; 3619#if 0 3620 if (do_encrypt) { 3621 hdrctl |= htole16(ATW_HDRCTL_WEP); 3622 hh->atw_keyid = ic->ic_def_txkey; 3623 } 3624#endif 3625 3626 hh->atw_head_plcplen = htole16(txs->txs_d0.d_plcp_len); 3627 hh->atw_tail_plcplen = htole16(txs->txs_dn.d_plcp_len); 3628 if (txs->txs_d0.d_residue) 3629 hh->atw_head_plcplen |= htole16(0x8000); 3630 if (txs->txs_dn.d_residue) 3631 hh->atw_tail_plcplen |= htole16(0x8000); 3632 hh->atw_head_dur = htole16(txs->txs_d0.d_rts_dur); 3633 hh->atw_tail_dur = htole16(txs->txs_dn.d_rts_dur); 3634 3635 hh->atw_hdrctl = hdrctl; 3636 hh->atw_fragnum = npkt << 4; 3637#ifdef ATW_DEBUG 3638 3639 if ((ifp->if_flags & IFF_DEBUG) != 0 && atw_debug > 2) { 3640 printf("%s: dst = %s, rate = 0x%02x, " 3641 "service = 0x%02x, paylen = 0x%04x\n", 3642 device_xname(sc->sc_dev), ether_sprintf(hh->atw_dst), 3643 hh->atw_rate, hh->atw_service, hh->atw_paylen); 3644 3645 printf("%s: fc[0] = 0x%02x, fc[1] = 0x%02x, " 3646 "dur1 = 0x%04x, dur2 = 0x%04x, " 3647 "dur3 = 0x%04x, rts_dur = 0x%04x\n", 3648 device_xname(sc->sc_dev), hh->atw_fc[0], hh->atw_fc[1], 3649 hh->atw_tail_plcplen, hh->atw_head_plcplen, 3650 hh->atw_tail_dur, hh->atw_head_dur); 3651 3652 printf("%s: hdrctl = 0x%04x, fragthr = 0x%04x, " 3653 "fragnum = 0x%02x, rtylmt = 0x%04x\n", 3654 device_xname(sc->sc_dev), hh->atw_hdrctl, 3655 hh->atw_fragthr, hh->atw_fragnum, hh->atw_rtylmt); 3656 3657 printf("%s: keyid = %d\n", 3658 device_xname(sc->sc_dev), hh->atw_keyid); 3659 3660 atw_dump_pkt(ifp, m0); 3661 } 3662#endif /* ATW_DEBUG */ 3663 3664 dmamap = txs->txs_dmamap; 3665 3666 /* 3667 * Load the DMA map. Copy and try (once) again if the packet 3668 * didn't fit in the alloted number of segments. 3669 */ 3670 for (first = 1; 3671 (error = bus_dmamap_load_mbuf(sc->sc_dmat, dmamap, m0, 3672 BUS_DMA_WRITE|BUS_DMA_NOWAIT)) != 0 && first; 3673 first = 0) { 3674 MGETHDR(m, M_DONTWAIT, MT_DATA); 3675 if (m == NULL) { 3676 aprint_error_dev(sc->sc_dev, "unable to allocate Tx mbuf\n"); 3677 break; 3678 } 3679 if (m0->m_pkthdr.len > MHLEN) { 3680 MCLGET(m, M_DONTWAIT); 3681 if ((m->m_flags & M_EXT) == 0) { 3682 aprint_error_dev(sc->sc_dev, "unable to allocate Tx " 3683 "cluster\n"); 3684 m_freem(m); 3685 break; 3686 } 3687 } 3688 m_copydata(m0, 0, m0->m_pkthdr.len, mtod(m, void *)); 3689 m->m_pkthdr.len = m->m_len = m0->m_pkthdr.len; 3690 m_freem(m0); 3691 m0 = m; 3692 m = NULL; 3693 } 3694 if (error != 0) { 3695 aprint_error_dev(sc->sc_dev, "unable to load Tx buffer, " 3696 "error = %d\n", error); 3697 m_freem(m0); 3698 break; 3699 } 3700 3701 /* 3702 * Ensure we have enough descriptors free to describe 3703 * the packet. 3704 */ 3705 if (dmamap->dm_nsegs > sc->sc_txfree) { 3706 /* 3707 * Not enough free descriptors to transmit 3708 * this packet. Unload the DMA map and 3709 * drop the packet. Notify the upper layer 3710 * that there are no more slots left. 3711 * 3712 * XXX We could allocate an mbuf and copy, but 3713 * XXX it is worth it? 3714 */ 3715 bus_dmamap_unload(sc->sc_dmat, dmamap); 3716 m_freem(m0); 3717 break; 3718 } 3719 3720 /* 3721 * WE ARE NOW COMMITTED TO TRANSMITTING THE PACKET. 3722 */ 3723 3724 /* Sync the DMA map. */ 3725 bus_dmamap_sync(sc->sc_dmat, dmamap, 0, dmamap->dm_mapsize, 3726 BUS_DMASYNC_PREWRITE); 3727 3728 /* XXX arbitrary retry limit; 8 because I have seen it in 3729 * use already and maybe 0 means "no tries" ! 3730 */ 3731 ctl = htole32(__SHIFTIN(8, ATW_TXCTL_TL_MASK)); 3732 3733 DPRINTF2(sc, ("%s: TXDR <- max(10, %d)\n", 3734 device_xname(sc->sc_dev), rate * 5)); 3735 ctl |= htole32(__SHIFTIN(MAX(10, rate * 5), ATW_TXCTL_TXDR_MASK)); 3736 3737 /* 3738 * Initialize the transmit descriptors. 3739 */ 3740 for (nexttx = sc->sc_txnext, seg = 0; 3741 seg < dmamap->dm_nsegs; 3742 seg++, nexttx = ATW_NEXTTX(nexttx)) { 3743 /* 3744 * If this is the first descriptor we're 3745 * enqueueing, don't set the OWN bit just 3746 * yet. That could cause a race condition. 3747 * We'll do it below. 3748 */ 3749 txd = &sc->sc_txdescs[nexttx]; 3750 txd->at_ctl = ctl | 3751 ((nexttx == firsttx) ? 0 : htole32(ATW_TXCTL_OWN)); 3752 3753 txd->at_buf1 = htole32(dmamap->dm_segs[seg].ds_addr); 3754 txd->at_flags = 3755 htole32(__SHIFTIN(dmamap->dm_segs[seg].ds_len, 3756 ATW_TXFLAG_TBS1_MASK)) | 3757 ((nexttx == (ATW_NTXDESC - 1)) 3758 ? htole32(ATW_TXFLAG_TER) : 0); 3759 lasttx = nexttx; 3760 } 3761 3762 /* Set `first segment' and `last segment' appropriately. */ 3763 sc->sc_txdescs[sc->sc_txnext].at_flags |= 3764 htole32(ATW_TXFLAG_FS); 3765 sc->sc_txdescs[lasttx].at_flags |= htole32(ATW_TXFLAG_LS); 3766 3767#ifdef ATW_DEBUG 3768 if ((ifp->if_flags & IFF_DEBUG) != 0 && atw_debug > 2) { 3769 printf(" txsoft %p transmit chain:\n", txs); 3770 for (seg = sc->sc_txnext;; seg = ATW_NEXTTX(seg)) { 3771 printf(" descriptor %d:\n", seg); 3772 printf(" at_ctl: 0x%08x\n", 3773 le32toh(sc->sc_txdescs[seg].at_ctl)); 3774 printf(" at_flags: 0x%08x\n", 3775 le32toh(sc->sc_txdescs[seg].at_flags)); 3776 printf(" at_buf1: 0x%08x\n", 3777 le32toh(sc->sc_txdescs[seg].at_buf1)); 3778 printf(" at_buf2: 0x%08x\n", 3779 le32toh(sc->sc_txdescs[seg].at_buf2)); 3780 if (seg == lasttx) 3781 break; 3782 } 3783 } 3784#endif 3785 3786 /* Sync the descriptors we're using. */ 3787 ATW_CDTXSYNC(sc, sc->sc_txnext, dmamap->dm_nsegs, 3788 BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE); 3789 3790 /* 3791 * Store a pointer to the packet so we can free it later, 3792 * and remember what txdirty will be once the packet is 3793 * done. 3794 */ 3795 txs->txs_mbuf = m0; 3796 txs->txs_firstdesc = sc->sc_txnext; 3797 txs->txs_lastdesc = lasttx; 3798 txs->txs_ndescs = dmamap->dm_nsegs; 3799 3800 /* Advance the tx pointer. */ 3801 sc->sc_txfree -= dmamap->dm_nsegs; 3802 sc->sc_txnext = nexttx; 3803 3804 SIMPLEQ_REMOVE_HEAD(&sc->sc_txfreeq, txs_q); 3805 SIMPLEQ_INSERT_TAIL(&sc->sc_txdirtyq, txs, txs_q); 3806 3807 last_txs = txs; 3808 } 3809 3810 if (sc->sc_txfree != ofree) { 3811 DPRINTF2(sc, ("%s: packets enqueued, IC on %d, OWN on %d\n", 3812 device_xname(sc->sc_dev), lasttx, firsttx)); 3813 /* 3814 * Cause a transmit interrupt to happen on the 3815 * last packet we enqueued. 3816 */ 3817 sc->sc_txdescs[lasttx].at_flags |= htole32(ATW_TXFLAG_IC); 3818 ATW_CDTXSYNC(sc, lasttx, 1, 3819 BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE); 3820 3821 /* 3822 * The entire packet chain is set up. Give the 3823 * first descriptor to the chip now. 3824 */ 3825 sc->sc_txdescs[firsttx].at_ctl |= htole32(ATW_TXCTL_OWN); 3826 ATW_CDTXSYNC(sc, firsttx, 1, 3827 BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE); 3828 3829 /* Wake up the transmitter. */ 3830 ATW_WRITE(sc, ATW_TDR, 0x1); 3831 3832 if (txs == NULL || sc->sc_txfree == 0) 3833 ifp->if_flags |= IFF_OACTIVE; 3834 3835 /* Set a watchdog timer in case the chip flakes out. */ 3836 sc->sc_tx_timer = 5; 3837 ifp->if_timer = 1; 3838 } 3839} 3840 3841/* 3842 * atw_ioctl: [ifnet interface function] 3843 * 3844 * Handle control requests from the operator. 3845 */ 3846int 3847atw_ioctl(struct ifnet *ifp, u_long cmd, void *data) 3848{ 3849 struct atw_softc *sc = ifp->if_softc; 3850 struct ieee80211req *ireq; 3851 int s, error = 0; 3852 3853 s = splnet(); 3854 3855 switch (cmd) { 3856 case SIOCSIFFLAGS: 3857 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 3858 break; 3859 switch (ifp->if_flags & (IFF_UP|IFF_RUNNING)) { 3860 case IFF_UP|IFF_RUNNING: 3861 /* 3862 * To avoid rescanning another access point, 3863 * do not call atw_init() here. Instead, 3864 * only reflect media settings. 3865 */ 3866 if (device_activation(sc->sc_dev, DEVACT_LEVEL_DRIVER)) 3867 atw_filter_setup(sc); 3868 break; 3869 case IFF_UP: 3870 error = atw_init(ifp); 3871 break; 3872 case IFF_RUNNING: 3873 atw_stop(ifp, 1); 3874 break; 3875 case 0: 3876 break; 3877 } 3878 break; 3879 case SIOCADDMULTI: 3880 case SIOCDELMULTI: 3881 if ((error = ether_ioctl(ifp, cmd, data)) == ENETRESET) { 3882 if (ifp->if_flags & IFF_RUNNING) 3883 atw_filter_setup(sc); /* do not rescan */ 3884 error = 0; 3885 } 3886 break; 3887 case SIOCS80211: 3888 ireq = data; 3889 if (ireq->i_type == IEEE80211_IOC_FRAGTHRESHOLD) { 3890 if ((error = kauth_authorize_network(curlwp->l_cred, 3891 KAUTH_NETWORK_INTERFACE, 3892 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, 3893 (void *)cmd, NULL)) != 0) 3894 break; 3895 if (!(IEEE80211_FRAG_MIN <= ireq->i_val && 3896 ireq->i_val <= IEEE80211_FRAG_MAX)) 3897 error = EINVAL; 3898 else 3899 sc->sc_ic.ic_fragthreshold = ireq->i_val; 3900 break; 3901 } 3902 /*FALLTHROUGH*/ 3903 default: 3904 error = ieee80211_ioctl(&sc->sc_ic, cmd, data); 3905 if (error == ENETRESET || error == ERESTART) { 3906 if (is_running(ifp)) 3907 error = atw_init(ifp); 3908 else 3909 error = 0; 3910 } 3911 break; 3912 } 3913 3914 /* Try to get more packets going. */ 3915 if (device_is_active(sc->sc_dev)) 3916 atw_start(ifp); 3917 3918 splx(s); 3919 return (error); 3920} 3921 3922static int 3923atw_media_change(struct ifnet *ifp) 3924{ 3925 int error; 3926 3927 error = ieee80211_media_change(ifp); 3928 if (error == ENETRESET) { 3929 if (is_running(ifp)) 3930 error = atw_init(ifp); 3931 else 3932 error = 0; 3933 } 3934 return error; 3935} 3936