1 /* $NetBSD: atw.c,v 1.142 2008/12/16 22:35:30 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 1998, 1999, 2000, 2002, 2003, 2004 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by David Young, by Jason R. Thorpe, and by Charles M. Hannum. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* 33 * Device driver for the ADMtek ADM8211 802.11 MAC/BBP. 34 */ 35 36 #include <sys/cdefs.h> 37 __KERNEL_RCSID(0, "$NetBSD: atw.c,v 1.142 2008/12/16 22:35:30 christos Exp $"); 38 39 #include "bpfilter.h" 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/callout.h> 44 #include <sys/mbuf.h> 45 #include <sys/malloc.h> 46 #include <sys/kernel.h> 47 #include <sys/socket.h> 48 #include <sys/ioctl.h> 49 #include <sys/errno.h> 50 #include <sys/device.h> 51 #include <sys/time.h> 52 #include <lib/libkern/libkern.h> 53 54 #include <machine/endian.h> 55 56 #include <uvm/uvm_extern.h> 57 58 #include <net/if.h> 59 #include <net/if_dl.h> 60 #include <net/if_media.h> 61 #include <net/if_ether.h> 62 63 #include <net80211/ieee80211_netbsd.h> 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_radiotap.h> 66 67 #if NBPFILTER > 0 68 #include <net/bpf.h> 69 #endif 70 71 #include <sys/bus.h> 72 #include <sys/intr.h> 73 74 #include <dev/ic/atwreg.h> 75 #include <dev/ic/rf3000reg.h> 76 #include <dev/ic/si4136reg.h> 77 #include <dev/ic/atwvar.h> 78 #include <dev/ic/smc93cx6var.h> 79 80 /* XXX TBD open questions 81 * 82 * 83 * When should I set DSSS PAD in reg 0x15 of RF3000? In 1-2Mbps 84 * modes only, or all modes (5.5-11 Mbps CCK modes, too?) Does the MAC 85 * handle this for me? 86 * 87 */ 88 /* device attachment 89 * 90 * print TOFS[012] 91 * 92 * device initialization 93 * 94 * clear ATW_FRCTL_MAXPSP to disable max power saving 95 * set ATW_TXBR_ALCUPDATE to enable ALC 96 * set TOFS[012]? (hope not) 97 * disable rx/tx 98 * set ATW_PAR_SWR (software reset) 99 * wait for ATW_PAR_SWR clear 100 * disable interrupts 101 * ack status register 102 * enable interrupts 103 * 104 * rx/tx initialization 105 * 106 * disable rx/tx w/ ATW_NAR_SR, ATW_NAR_ST 107 * allocate and init descriptor rings 108 * write ATW_PAR_DSL (descriptor skip length) 109 * write descriptor base addrs: ATW_TDBD, ATW_TDBP, write ATW_RDB 110 * write ATW_NAR_SQ for one/both transmit descriptor rings 111 * write ATW_NAR_SQ for one/both transmit descriptor rings 112 * enable rx/tx w/ ATW_NAR_SR, ATW_NAR_ST 113 * 114 * rx/tx end 115 * 116 * stop DMA 117 * disable rx/tx w/ ATW_NAR_SR, ATW_NAR_ST 118 * flush tx w/ ATW_NAR_HF 119 * 120 * scan 121 * 122 * initialize rx/tx 123 * 124 * BSS join: (re)association response 125 * 126 * set ATW_FRCTL_AID 127 * 128 * optimizations ??? 129 * 130 */ 131 132 #define ATW_REFSLAVE /* slavishly do what the reference driver does */ 133 134 #define VOODOO_DUR_11_ROUNDING 0x01 /* necessary */ 135 #define VOODOO_DUR_2_4_SPECIALCASE 0x02 /* NOT necessary */ 136 int atw_voodoo = VOODOO_DUR_11_ROUNDING; 137 138 int atw_pseudo_milli = 1; 139 int atw_magic_delay1 = 100 * 1000; 140 int atw_magic_delay2 = 100 * 1000; 141 /* more magic multi-millisecond delays (units: microseconds) */ 142 int atw_nar_delay = 20 * 1000; 143 int atw_magic_delay4 = 10 * 1000; 144 int atw_rf_delay1 = 10 * 1000; 145 int atw_rf_delay2 = 5 * 1000; 146 int atw_plcphd_delay = 2 * 1000; 147 int atw_bbp_io_enable_delay = 20 * 1000; 148 int atw_bbp_io_disable_delay = 2 * 1000; 149 int atw_writewep_delay = 1000; 150 int atw_beacon_len_adjust = 4; 151 int atw_dwelltime = 200; 152 int atw_xindiv2 = 0; 153 154 #ifdef ATW_DEBUG 155 int atw_debug = 0; 156 157 #define ATW_DPRINTF(x) if (atw_debug > 0) printf x 158 #define ATW_DPRINTF2(x) if (atw_debug > 1) printf x 159 #define ATW_DPRINTF3(x) if (atw_debug > 2) printf x 160 #define DPRINTF(sc, x) if ((sc)->sc_if.if_flags & IFF_DEBUG) printf x 161 #define DPRINTF2(sc, x) if ((sc)->sc_if.if_flags & IFF_DEBUG) ATW_DPRINTF2(x) 162 #define DPRINTF3(sc, x) if ((sc)->sc_if.if_flags & IFF_DEBUG) ATW_DPRINTF3(x) 163 164 static void atw_dump_pkt(struct ifnet *, struct mbuf *); 165 static void atw_print_regs(struct atw_softc *, const char *); 166 167 /* Note well: I never got atw_rf3000_read or atw_si4126_read to work. */ 168 # ifdef ATW_BBPDEBUG 169 static void atw_rf3000_print(struct atw_softc *); 170 static int atw_rf3000_read(struct atw_softc *sc, u_int, u_int *); 171 # endif /* ATW_BBPDEBUG */ 172 173 # ifdef ATW_SYNDEBUG 174 static void atw_si4126_print(struct atw_softc *); 175 static int atw_si4126_read(struct atw_softc *, u_int, u_int *); 176 # endif /* ATW_SYNDEBUG */ 177 178 #else 179 #define ATW_DPRINTF(x) 180 #define ATW_DPRINTF2(x) 181 #define ATW_DPRINTF3(x) 182 #define DPRINTF(sc, x) /* nothing */ 183 #define DPRINTF2(sc, x) /* nothing */ 184 #define DPRINTF3(sc, x) /* nothing */ 185 #endif 186 187 /* ifnet methods */ 188 int atw_init(struct ifnet *); 189 int atw_ioctl(struct ifnet *, u_long, void *); 190 void atw_start(struct ifnet *); 191 void atw_stop(struct ifnet *, int); 192 void atw_watchdog(struct ifnet *); 193 194 /* Device attachment */ 195 void atw_attach(struct atw_softc *); 196 int atw_detach(struct atw_softc *); 197 static void atw_evcnt_attach(struct atw_softc *); 198 static void atw_evcnt_detach(struct atw_softc *); 199 200 /* Rx/Tx process */ 201 int atw_add_rxbuf(struct atw_softc *, int); 202 void atw_idle(struct atw_softc *, u_int32_t); 203 void atw_rxdrain(struct atw_softc *); 204 void atw_txdrain(struct atw_softc *); 205 206 /* Device (de)activation and power state */ 207 void atw_disable(struct atw_softc *); 208 int atw_enable(struct atw_softc *); 209 void atw_reset(struct atw_softc *); 210 211 /* Interrupt handlers */ 212 void atw_linkintr(struct atw_softc *, u_int32_t); 213 void atw_rxintr(struct atw_softc *); 214 void atw_txintr(struct atw_softc *); 215 216 /* 802.11 state machine */ 217 static int atw_newstate(struct ieee80211com *, enum ieee80211_state, int); 218 static void atw_next_scan(void *); 219 static void atw_recv_mgmt(struct ieee80211com *, struct mbuf *, 220 struct ieee80211_node *, int, int, u_int32_t); 221 static int atw_tune(struct atw_softc *); 222 223 /* Device initialization */ 224 static void atw_bbp_io_init(struct atw_softc *); 225 static void atw_cfp_init(struct atw_softc *); 226 static void atw_cmdr_init(struct atw_softc *); 227 static void atw_ifs_init(struct atw_softc *); 228 static void atw_nar_init(struct atw_softc *); 229 static void atw_response_times_init(struct atw_softc *); 230 static void atw_rf_reset(struct atw_softc *); 231 static void atw_test1_init(struct atw_softc *); 232 static void atw_tofs0_init(struct atw_softc *); 233 static void atw_tofs2_init(struct atw_softc *); 234 static void atw_txlmt_init(struct atw_softc *); 235 static void atw_wcsr_init(struct atw_softc *); 236 237 /* Key management */ 238 static int atw_key_delete(struct ieee80211com *, const struct ieee80211_key *); 239 static int atw_key_set(struct ieee80211com *, const struct ieee80211_key *, 240 const u_int8_t[IEEE80211_ADDR_LEN]); 241 static void atw_key_update_begin(struct ieee80211com *); 242 static void atw_key_update_end(struct ieee80211com *); 243 244 /* RAM/ROM utilities */ 245 static void atw_clear_sram(struct atw_softc *); 246 static void atw_write_sram(struct atw_softc *, u_int, u_int8_t *, u_int); 247 static int atw_read_srom(struct atw_softc *); 248 249 /* BSS setup */ 250 static void atw_predict_beacon(struct atw_softc *); 251 static void atw_start_beacon(struct atw_softc *, int); 252 static void atw_write_bssid(struct atw_softc *); 253 static void atw_write_ssid(struct atw_softc *); 254 static void atw_write_sup_rates(struct atw_softc *); 255 static void atw_write_wep(struct atw_softc *); 256 257 /* Media */ 258 static int atw_media_change(struct ifnet *); 259 260 static void atw_filter_setup(struct atw_softc *); 261 262 /* 802.11 utilities */ 263 static uint64_t atw_get_tsft(struct atw_softc *); 264 static inline uint32_t atw_last_even_tsft(uint32_t, uint32_t, 265 uint32_t); 266 static struct ieee80211_node *atw_node_alloc(struct ieee80211_node_table *); 267 static void atw_node_free(struct ieee80211_node *); 268 269 /* 270 * Tuner/transceiver/modem 271 */ 272 static void atw_bbp_io_enable(struct atw_softc *, int); 273 274 /* RFMD RF3000 Baseband Processor */ 275 static int atw_rf3000_init(struct atw_softc *); 276 static int atw_rf3000_tune(struct atw_softc *, u_int); 277 static int atw_rf3000_write(struct atw_softc *, u_int, u_int); 278 279 /* Silicon Laboratories Si4126 RF/IF Synthesizer */ 280 static void atw_si4126_tune(struct atw_softc *, u_int); 281 static void atw_si4126_write(struct atw_softc *, u_int, u_int); 282 283 const struct atw_txthresh_tab atw_txthresh_tab_lo[] = ATW_TXTHRESH_TAB_LO_RATE; 284 const struct atw_txthresh_tab atw_txthresh_tab_hi[] = ATW_TXTHRESH_TAB_HI_RATE; 285 286 const char *atw_tx_state[] = { 287 "STOPPED", 288 "RUNNING - read descriptor", 289 "RUNNING - transmitting", 290 "RUNNING - filling fifo", /* XXX */ 291 "SUSPENDED", 292 "RUNNING -- write descriptor", 293 "RUNNING -- write last descriptor", 294 "RUNNING - fifo full" 295 }; 296 297 const char *atw_rx_state[] = { 298 "STOPPED", 299 "RUNNING - read descriptor", 300 "RUNNING - check this packet, pre-fetch next", 301 "RUNNING - wait for reception", 302 "SUSPENDED", 303 "RUNNING - write descriptor", 304 "RUNNING - flush fifo", 305 "RUNNING - fifo drain" 306 }; 307 308 static inline int 309 is_running(struct ifnet *ifp) 310 { 311 return (ifp->if_flags & (IFF_RUNNING|IFF_UP)) == (IFF_RUNNING|IFF_UP); 312 } 313 314 int 315 atw_activate(device_t self, enum devact act) 316 { 317 struct atw_softc *sc = device_private(self); 318 int rv = 0, s; 319 320 s = splnet(); 321 switch (act) { 322 case DVACT_ACTIVATE: 323 rv = EOPNOTSUPP; 324 break; 325 326 case DVACT_DEACTIVATE: 327 if_deactivate(&sc->sc_if); 328 break; 329 } 330 splx(s); 331 return rv; 332 } 333 334 /* 335 * atw_enable: 336 * 337 * Enable the ADM8211 chip. 338 */ 339 int 340 atw_enable(struct atw_softc *sc) 341 { 342 343 if (ATW_IS_ENABLED(sc) == 0) { 344 if (sc->sc_enable != NULL && (*sc->sc_enable)(sc) != 0) { 345 aprint_error_dev(sc->sc_dev, "device enable failed\n"); 346 return (EIO); 347 } 348 sc->sc_flags |= ATWF_ENABLED; 349 /* Power may have been removed, and WEP keys thus 350 * reset. 351 */ 352 sc->sc_flags &= ~ATWF_WEP_SRAM_VALID; 353 } 354 return (0); 355 } 356 357 /* 358 * atw_disable: 359 * 360 * Disable the ADM8211 chip. 361 */ 362 void 363 atw_disable(struct atw_softc *sc) 364 { 365 if (!ATW_IS_ENABLED(sc)) 366 return; 367 if (sc->sc_disable != NULL) 368 (*sc->sc_disable)(sc); 369 sc->sc_flags &= ~ATWF_ENABLED; 370 } 371 372 /* Returns -1 on failure. */ 373 static int 374 atw_read_srom(struct atw_softc *sc) 375 { 376 struct seeprom_descriptor sd; 377 uint32_t test0, fail_bits; 378 379 (void)memset(&sd, 0, sizeof(sd)); 380 381 test0 = ATW_READ(sc, ATW_TEST0); 382 383 switch (sc->sc_rev) { 384 case ATW_REVISION_BA: 385 case ATW_REVISION_CA: 386 fail_bits = ATW_TEST0_EPNE; 387 break; 388 default: 389 fail_bits = ATW_TEST0_EPNE|ATW_TEST0_EPSNM; 390 break; 391 } 392 if ((test0 & fail_bits) != 0) { 393 aprint_error_dev(sc->sc_dev, "bad or missing/bad SROM\n"); 394 return -1; 395 } 396 397 switch (test0 & ATW_TEST0_EPTYP_MASK) { 398 case ATW_TEST0_EPTYP_93c66: 399 ATW_DPRINTF(("%s: 93c66 SROM\n", device_xname(sc->sc_dev))); 400 sc->sc_sromsz = 512; 401 sd.sd_chip = C56_66; 402 break; 403 case ATW_TEST0_EPTYP_93c46: 404 ATW_DPRINTF(("%s: 93c46 SROM\n", device_xname(sc->sc_dev))); 405 sc->sc_sromsz = 128; 406 sd.sd_chip = C46; 407 break; 408 default: 409 printf("%s: unknown SROM type %" __PRIuBITS "\n", 410 device_xname(sc->sc_dev), 411 __SHIFTOUT(test0, ATW_TEST0_EPTYP_MASK)); 412 return -1; 413 } 414 415 sc->sc_srom = malloc(sc->sc_sromsz, M_DEVBUF, M_NOWAIT); 416 417 if (sc->sc_srom == NULL) { 418 aprint_error_dev(sc->sc_dev, "unable to allocate SROM buffer\n"); 419 return -1; 420 } 421 422 (void)memset(sc->sc_srom, 0, sc->sc_sromsz); 423 424 /* ADM8211 has a single 32-bit register for controlling the 425 * 93cx6 SROM. Bit SRS enables the serial port. There is no 426 * "ready" bit. The ADM8211 input/output sense is the reverse 427 * of read_seeprom's. 428 */ 429 sd.sd_tag = sc->sc_st; 430 sd.sd_bsh = sc->sc_sh; 431 sd.sd_regsize = 4; 432 sd.sd_control_offset = ATW_SPR; 433 sd.sd_status_offset = ATW_SPR; 434 sd.sd_dataout_offset = ATW_SPR; 435 sd.sd_CK = ATW_SPR_SCLK; 436 sd.sd_CS = ATW_SPR_SCS; 437 sd.sd_DI = ATW_SPR_SDO; 438 sd.sd_DO = ATW_SPR_SDI; 439 sd.sd_MS = ATW_SPR_SRS; 440 sd.sd_RDY = 0; 441 442 if (!read_seeprom(&sd, sc->sc_srom, 0, sc->sc_sromsz/2)) { 443 aprint_error_dev(sc->sc_dev, "could not read SROM\n"); 444 free(sc->sc_srom, M_DEVBUF); 445 return -1; 446 } 447 #ifdef ATW_DEBUG 448 { 449 int i; 450 ATW_DPRINTF(("\nSerial EEPROM:\n\t")); 451 for (i = 0; i < sc->sc_sromsz/2; i = i + 1) { 452 if (((i % 8) == 0) && (i != 0)) { 453 ATW_DPRINTF(("\n\t")); 454 } 455 ATW_DPRINTF((" 0x%x", sc->sc_srom[i])); 456 } 457 ATW_DPRINTF(("\n")); 458 } 459 #endif /* ATW_DEBUG */ 460 return 0; 461 } 462 463 #ifdef ATW_DEBUG 464 static void 465 atw_print_regs(struct atw_softc *sc, const char *where) 466 { 467 #define PRINTREG(sc, reg) \ 468 ATW_DPRINTF2(("%s: reg[ " #reg " / %03x ] = %08x\n", \ 469 device_xname(sc->sc_dev), reg, ATW_READ(sc, reg))) 470 471 ATW_DPRINTF2(("%s: %s\n", device_xname(sc->sc_dev), where)); 472 473 PRINTREG(sc, ATW_PAR); 474 PRINTREG(sc, ATW_FRCTL); 475 PRINTREG(sc, ATW_TDR); 476 PRINTREG(sc, ATW_WTDP); 477 PRINTREG(sc, ATW_RDR); 478 PRINTREG(sc, ATW_WRDP); 479 PRINTREG(sc, ATW_RDB); 480 PRINTREG(sc, ATW_CSR3A); 481 PRINTREG(sc, ATW_TDBD); 482 PRINTREG(sc, ATW_TDBP); 483 PRINTREG(sc, ATW_STSR); 484 PRINTREG(sc, ATW_CSR5A); 485 PRINTREG(sc, ATW_NAR); 486 PRINTREG(sc, ATW_CSR6A); 487 PRINTREG(sc, ATW_IER); 488 PRINTREG(sc, ATW_CSR7A); 489 PRINTREG(sc, ATW_LPC); 490 PRINTREG(sc, ATW_TEST1); 491 PRINTREG(sc, ATW_SPR); 492 PRINTREG(sc, ATW_TEST0); 493 PRINTREG(sc, ATW_WCSR); 494 PRINTREG(sc, ATW_WPDR); 495 PRINTREG(sc, ATW_GPTMR); 496 PRINTREG(sc, ATW_GPIO); 497 PRINTREG(sc, ATW_BBPCTL); 498 PRINTREG(sc, ATW_SYNCTL); 499 PRINTREG(sc, ATW_PLCPHD); 500 PRINTREG(sc, ATW_MMIWADDR); 501 PRINTREG(sc, ATW_MMIRADDR1); 502 PRINTREG(sc, ATW_MMIRADDR2); 503 PRINTREG(sc, ATW_TXBR); 504 PRINTREG(sc, ATW_CSR15A); 505 PRINTREG(sc, ATW_ALCSTAT); 506 PRINTREG(sc, ATW_TOFS2); 507 PRINTREG(sc, ATW_CMDR); 508 PRINTREG(sc, ATW_PCIC); 509 PRINTREG(sc, ATW_PMCSR); 510 PRINTREG(sc, ATW_PAR0); 511 PRINTREG(sc, ATW_PAR1); 512 PRINTREG(sc, ATW_MAR0); 513 PRINTREG(sc, ATW_MAR1); 514 PRINTREG(sc, ATW_ATIMDA0); 515 PRINTREG(sc, ATW_ABDA1); 516 PRINTREG(sc, ATW_BSSID0); 517 PRINTREG(sc, ATW_TXLMT); 518 PRINTREG(sc, ATW_MIBCNT); 519 PRINTREG(sc, ATW_BCNT); 520 PRINTREG(sc, ATW_TSFTH); 521 PRINTREG(sc, ATW_TSC); 522 PRINTREG(sc, ATW_SYNRF); 523 PRINTREG(sc, ATW_BPLI); 524 PRINTREG(sc, ATW_CAP0); 525 PRINTREG(sc, ATW_CAP1); 526 PRINTREG(sc, ATW_RMD); 527 PRINTREG(sc, ATW_CFPP); 528 PRINTREG(sc, ATW_TOFS0); 529 PRINTREG(sc, ATW_TOFS1); 530 PRINTREG(sc, ATW_IFST); 531 PRINTREG(sc, ATW_RSPT); 532 PRINTREG(sc, ATW_TSFTL); 533 PRINTREG(sc, ATW_WEPCTL); 534 PRINTREG(sc, ATW_WESK); 535 PRINTREG(sc, ATW_WEPCNT); 536 PRINTREG(sc, ATW_MACTEST); 537 PRINTREG(sc, ATW_FER); 538 PRINTREG(sc, ATW_FEMR); 539 PRINTREG(sc, ATW_FPSR); 540 PRINTREG(sc, ATW_FFER); 541 #undef PRINTREG 542 } 543 #endif /* ATW_DEBUG */ 544 545 /* 546 * Finish attaching an ADMtek ADM8211 MAC. Called by bus-specific front-end. 547 */ 548 void 549 atw_attach(struct atw_softc *sc) 550 { 551 static const u_int8_t empty_macaddr[IEEE80211_ADDR_LEN] = { 552 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 553 }; 554 struct ieee80211com *ic = &sc->sc_ic; 555 struct ifnet *ifp = &sc->sc_if; 556 int country_code, error, i, nrate, srom_major; 557 u_int32_t reg; 558 static const char *type_strings[] = {"Intersil (not supported)", 559 "RFMD", "Marvel (not supported)"}; 560 561 sc->sc_txth = atw_txthresh_tab_lo; 562 563 SIMPLEQ_INIT(&sc->sc_txfreeq); 564 SIMPLEQ_INIT(&sc->sc_txdirtyq); 565 566 #ifdef ATW_DEBUG 567 atw_print_regs(sc, "atw_attach"); 568 #endif /* ATW_DEBUG */ 569 570 /* 571 * Allocate the control data structures, and create and load the 572 * DMA map for it. 573 */ 574 if ((error = bus_dmamem_alloc(sc->sc_dmat, 575 sizeof(struct atw_control_data), PAGE_SIZE, 0, &sc->sc_cdseg, 576 1, &sc->sc_cdnseg, 0)) != 0) { 577 aprint_error_dev(sc->sc_dev, "unable to allocate control data, error = %d\n", 578 error); 579 goto fail_0; 580 } 581 582 if ((error = bus_dmamem_map(sc->sc_dmat, &sc->sc_cdseg, sc->sc_cdnseg, 583 sizeof(struct atw_control_data), (void **)&sc->sc_control_data, 584 BUS_DMA_COHERENT)) != 0) { 585 aprint_error_dev(sc->sc_dev, "unable to map control data, error = %d\n", 586 error); 587 goto fail_1; 588 } 589 590 if ((error = bus_dmamap_create(sc->sc_dmat, 591 sizeof(struct atw_control_data), 1, 592 sizeof(struct atw_control_data), 0, 0, &sc->sc_cddmamap)) != 0) { 593 aprint_error_dev(sc->sc_dev, "unable to create control data DMA map, " 594 "error = %d\n", error); 595 goto fail_2; 596 } 597 598 if ((error = bus_dmamap_load(sc->sc_dmat, sc->sc_cddmamap, 599 sc->sc_control_data, sizeof(struct atw_control_data), NULL, 600 0)) != 0) { 601 aprint_error_dev(sc->sc_dev, "unable to load control data DMA map, error = %d\n", 602 error); 603 goto fail_3; 604 } 605 606 /* 607 * Create the transmit buffer DMA maps. 608 */ 609 sc->sc_ntxsegs = ATW_NTXSEGS; 610 for (i = 0; i < ATW_TXQUEUELEN; i++) { 611 if ((error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 612 sc->sc_ntxsegs, MCLBYTES, 0, 0, 613 &sc->sc_txsoft[i].txs_dmamap)) != 0) { 614 aprint_error_dev(sc->sc_dev, "unable to create tx DMA map %d, " 615 "error = %d\n", i, error); 616 goto fail_4; 617 } 618 } 619 620 /* 621 * Create the receive buffer DMA maps. 622 */ 623 for (i = 0; i < ATW_NRXDESC; i++) { 624 if ((error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 1, 625 MCLBYTES, 0, 0, &sc->sc_rxsoft[i].rxs_dmamap)) != 0) { 626 aprint_error_dev(sc->sc_dev, "unable to create rx DMA map %d, " 627 "error = %d\n", i, error); 628 goto fail_5; 629 } 630 } 631 for (i = 0; i < ATW_NRXDESC; i++) { 632 sc->sc_rxsoft[i].rxs_mbuf = NULL; 633 } 634 635 switch (sc->sc_rev) { 636 case ATW_REVISION_AB: 637 case ATW_REVISION_AF: 638 sc->sc_sramlen = ATW_SRAM_A_SIZE; 639 break; 640 case ATW_REVISION_BA: 641 case ATW_REVISION_CA: 642 sc->sc_sramlen = ATW_SRAM_B_SIZE; 643 break; 644 } 645 646 /* Reset the chip to a known state. */ 647 atw_reset(sc); 648 649 if (atw_read_srom(sc) == -1) 650 return; 651 652 sc->sc_rftype = __SHIFTOUT(sc->sc_srom[ATW_SR_CSR20], 653 ATW_SR_RFTYPE_MASK); 654 655 sc->sc_bbptype = __SHIFTOUT(sc->sc_srom[ATW_SR_CSR20], 656 ATW_SR_BBPTYPE_MASK); 657 658 if (sc->sc_rftype >= __arraycount(type_strings)) { 659 aprint_error_dev(sc->sc_dev, "unknown RF\n"); 660 return; 661 } 662 if (sc->sc_bbptype >= __arraycount(type_strings)) { 663 aprint_error_dev(sc->sc_dev, "unknown BBP\n"); 664 return; 665 } 666 667 printf("%s: %s RF, %s BBP", device_xname(sc->sc_dev), 668 type_strings[sc->sc_rftype], type_strings[sc->sc_bbptype]); 669 670 /* XXX There exists a Linux driver which seems to use RFType = 0 for 671 * MARVEL. My bug, or theirs? 672 */ 673 674 reg = __SHIFTIN(sc->sc_rftype, ATW_SYNCTL_RFTYPE_MASK); 675 676 switch (sc->sc_rftype) { 677 case ATW_RFTYPE_INTERSIL: 678 reg |= ATW_SYNCTL_CS1; 679 break; 680 case ATW_RFTYPE_RFMD: 681 reg |= ATW_SYNCTL_CS0; 682 break; 683 case ATW_RFTYPE_MARVEL: 684 break; 685 } 686 687 sc->sc_synctl_rd = reg | ATW_SYNCTL_RD; 688 sc->sc_synctl_wr = reg | ATW_SYNCTL_WR; 689 690 reg = __SHIFTIN(sc->sc_bbptype, ATW_BBPCTL_TYPE_MASK); 691 692 switch (sc->sc_bbptype) { 693 case ATW_BBPTYPE_INTERSIL: 694 reg |= ATW_BBPCTL_TWI; 695 break; 696 case ATW_BBPTYPE_RFMD: 697 reg |= ATW_BBPCTL_RF3KADDR_ADDR | ATW_BBPCTL_NEGEDGE_DO | 698 ATW_BBPCTL_CCA_ACTLO; 699 break; 700 case ATW_BBPTYPE_MARVEL: 701 break; 702 case ATW_C_BBPTYPE_RFMD: 703 printf("%s: ADM8211C MAC/RFMD BBP not supported yet.\n", 704 device_xname(sc->sc_dev)); 705 break; 706 } 707 708 sc->sc_bbpctl_wr = reg | ATW_BBPCTL_WR; 709 sc->sc_bbpctl_rd = reg | ATW_BBPCTL_RD; 710 711 /* 712 * From this point forward, the attachment cannot fail. A failure 713 * before this point releases all resources that may have been 714 * allocated. 715 */ 716 sc->sc_flags |= ATWF_ATTACHED /* | ATWF_RTSCTS */; 717 718 ATW_DPRINTF((" SROM MAC %04x%04x%04x", 719 htole16(sc->sc_srom[ATW_SR_MAC00]), 720 htole16(sc->sc_srom[ATW_SR_MAC01]), 721 htole16(sc->sc_srom[ATW_SR_MAC10]))); 722 723 srom_major = __SHIFTOUT(sc->sc_srom[ATW_SR_FORMAT_VERSION], 724 ATW_SR_MAJOR_MASK); 725 726 if (srom_major < 2) 727 sc->sc_rf3000_options1 = 0; 728 else if (sc->sc_rev == ATW_REVISION_BA) { 729 sc->sc_rf3000_options1 = 730 __SHIFTOUT(sc->sc_srom[ATW_SR_CR28_CR03], 731 ATW_SR_CR28_MASK); 732 } else 733 sc->sc_rf3000_options1 = 0; 734 735 sc->sc_rf3000_options2 = __SHIFTOUT(sc->sc_srom[ATW_SR_CTRY_CR29], 736 ATW_SR_CR29_MASK); 737 738 country_code = __SHIFTOUT(sc->sc_srom[ATW_SR_CTRY_CR29], 739 ATW_SR_CTRY_MASK); 740 741 #define ADD_CHANNEL(_ic, _chan) do { \ 742 _ic->ic_channels[_chan].ic_flags = IEEE80211_CHAN_B; \ 743 _ic->ic_channels[_chan].ic_freq = \ 744 ieee80211_ieee2mhz(_chan, _ic->ic_channels[_chan].ic_flags);\ 745 } while (0) 746 747 /* Find available channels */ 748 switch (country_code) { 749 case COUNTRY_MMK2: /* 1-14 */ 750 ADD_CHANNEL(ic, 14); 751 /*FALLTHROUGH*/ 752 case COUNTRY_ETSI: /* 1-13 */ 753 for (i = 1; i <= 13; i++) 754 ADD_CHANNEL(ic, i); 755 break; 756 case COUNTRY_FCC: /* 1-11 */ 757 case COUNTRY_IC: /* 1-11 */ 758 for (i = 1; i <= 11; i++) 759 ADD_CHANNEL(ic, i); 760 break; 761 case COUNTRY_MMK: /* 14 */ 762 ADD_CHANNEL(ic, 14); 763 break; 764 case COUNTRY_FRANCE: /* 10-13 */ 765 for (i = 10; i <= 13; i++) 766 ADD_CHANNEL(ic, i); 767 break; 768 default: /* assume channels 10-11 */ 769 case COUNTRY_SPAIN: /* 10-11 */ 770 for (i = 10; i <= 11; i++) 771 ADD_CHANNEL(ic, i); 772 break; 773 } 774 775 /* Read the MAC address. */ 776 reg = ATW_READ(sc, ATW_PAR0); 777 ic->ic_myaddr[0] = __SHIFTOUT(reg, ATW_PAR0_PAB0_MASK); 778 ic->ic_myaddr[1] = __SHIFTOUT(reg, ATW_PAR0_PAB1_MASK); 779 ic->ic_myaddr[2] = __SHIFTOUT(reg, ATW_PAR0_PAB2_MASK); 780 ic->ic_myaddr[3] = __SHIFTOUT(reg, ATW_PAR0_PAB3_MASK); 781 reg = ATW_READ(sc, ATW_PAR1); 782 ic->ic_myaddr[4] = __SHIFTOUT(reg, ATW_PAR1_PAB4_MASK); 783 ic->ic_myaddr[5] = __SHIFTOUT(reg, ATW_PAR1_PAB5_MASK); 784 785 if (IEEE80211_ADDR_EQ(ic->ic_myaddr, empty_macaddr)) { 786 printf(" could not get mac address, attach failed\n"); 787 return; 788 } 789 790 printf(" 802.11 address %s\n", ether_sprintf(ic->ic_myaddr)); 791 792 memcpy(ifp->if_xname, device_xname(sc->sc_dev), IFNAMSIZ); 793 ifp->if_softc = sc; 794 ifp->if_flags = IFF_SIMPLEX | IFF_BROADCAST | IFF_MULTICAST | 795 IFF_NOTRAILERS; 796 ifp->if_ioctl = atw_ioctl; 797 ifp->if_start = atw_start; 798 ifp->if_watchdog = atw_watchdog; 799 ifp->if_init = atw_init; 800 ifp->if_stop = atw_stop; 801 IFQ_SET_READY(&ifp->if_snd); 802 803 ic->ic_ifp = ifp; 804 ic->ic_phytype = IEEE80211_T_DS; 805 ic->ic_opmode = IEEE80211_M_STA; 806 ic->ic_caps = IEEE80211_C_PMGT | IEEE80211_C_IBSS | 807 IEEE80211_C_HOSTAP | IEEE80211_C_MONITOR; 808 809 nrate = 0; 810 ic->ic_sup_rates[IEEE80211_MODE_11B].rs_rates[nrate++] = 2; 811 ic->ic_sup_rates[IEEE80211_MODE_11B].rs_rates[nrate++] = 4; 812 ic->ic_sup_rates[IEEE80211_MODE_11B].rs_rates[nrate++] = 11; 813 ic->ic_sup_rates[IEEE80211_MODE_11B].rs_rates[nrate++] = 22; 814 ic->ic_sup_rates[IEEE80211_MODE_11B].rs_nrates = nrate; 815 816 /* 817 * Call MI attach routines. 818 */ 819 820 if_attach(ifp); 821 ieee80211_ifattach(ic); 822 823 atw_evcnt_attach(sc); 824 825 sc->sc_newstate = ic->ic_newstate; 826 ic->ic_newstate = atw_newstate; 827 828 sc->sc_recv_mgmt = ic->ic_recv_mgmt; 829 ic->ic_recv_mgmt = atw_recv_mgmt; 830 831 sc->sc_node_free = ic->ic_node_free; 832 ic->ic_node_free = atw_node_free; 833 834 sc->sc_node_alloc = ic->ic_node_alloc; 835 ic->ic_node_alloc = atw_node_alloc; 836 837 ic->ic_crypto.cs_key_delete = atw_key_delete; 838 ic->ic_crypto.cs_key_set = atw_key_set; 839 ic->ic_crypto.cs_key_update_begin = atw_key_update_begin; 840 ic->ic_crypto.cs_key_update_end = atw_key_update_end; 841 842 /* possibly we should fill in our own sc_send_prresp, since 843 * the ADM8211 is probably sending probe responses in ad hoc 844 * mode. 845 */ 846 847 /* complete initialization */ 848 ieee80211_media_init(ic, atw_media_change, ieee80211_media_status); 849 callout_init(&sc->sc_scan_ch, 0); 850 851 #if NBPFILTER > 0 852 bpfattach2(ifp, DLT_IEEE802_11_RADIO, 853 sizeof(struct ieee80211_frame) + 64, &sc->sc_radiobpf); 854 #endif 855 856 if (!pmf_device_register1(sc->sc_dev, NULL, NULL, atw_shutdown)) { 857 aprint_error_dev(sc->sc_dev, 858 "couldn't establish power handler\n"); 859 } else 860 pmf_class_network_register(sc->sc_dev, &sc->sc_if); 861 862 memset(&sc->sc_rxtapu, 0, sizeof(sc->sc_rxtapu)); 863 sc->sc_rxtap.ar_ihdr.it_len = htole16(sizeof(sc->sc_rxtapu)); 864 sc->sc_rxtap.ar_ihdr.it_present = htole32(ATW_RX_RADIOTAP_PRESENT); 865 866 memset(&sc->sc_txtapu, 0, sizeof(sc->sc_txtapu)); 867 sc->sc_txtap.at_ihdr.it_len = htole16(sizeof(sc->sc_txtapu)); 868 sc->sc_txtap.at_ihdr.it_present = htole32(ATW_TX_RADIOTAP_PRESENT); 869 870 ieee80211_announce(ic); 871 return; 872 873 /* 874 * Free any resources we've allocated during the failed attach 875 * attempt. Do this in reverse order and fall through. 876 */ 877 fail_5: 878 for (i = 0; i < ATW_NRXDESC; i++) { 879 if (sc->sc_rxsoft[i].rxs_dmamap == NULL) 880 continue; 881 bus_dmamap_destroy(sc->sc_dmat, sc->sc_rxsoft[i].rxs_dmamap); 882 } 883 fail_4: 884 for (i = 0; i < ATW_TXQUEUELEN; i++) { 885 if (sc->sc_txsoft[i].txs_dmamap == NULL) 886 continue; 887 bus_dmamap_destroy(sc->sc_dmat, sc->sc_txsoft[i].txs_dmamap); 888 } 889 bus_dmamap_unload(sc->sc_dmat, sc->sc_cddmamap); 890 fail_3: 891 bus_dmamap_destroy(sc->sc_dmat, sc->sc_cddmamap); 892 fail_2: 893 bus_dmamem_unmap(sc->sc_dmat, (void *)sc->sc_control_data, 894 sizeof(struct atw_control_data)); 895 fail_1: 896 bus_dmamem_free(sc->sc_dmat, &sc->sc_cdseg, sc->sc_cdnseg); 897 fail_0: 898 return; 899 } 900 901 static struct ieee80211_node * 902 atw_node_alloc(struct ieee80211_node_table *nt) 903 { 904 struct atw_softc *sc = (struct atw_softc *)nt->nt_ic->ic_ifp->if_softc; 905 struct ieee80211_node *ni = (*sc->sc_node_alloc)(nt); 906 907 DPRINTF(sc, ("%s: alloc node %p\n", device_xname(sc->sc_dev), ni)); 908 return ni; 909 } 910 911 static void 912 atw_node_free(struct ieee80211_node *ni) 913 { 914 struct atw_softc *sc = (struct atw_softc *)ni->ni_ic->ic_ifp->if_softc; 915 916 DPRINTF(sc, ("%s: freeing node %p %s\n", device_xname(sc->sc_dev), ni, 917 ether_sprintf(ni->ni_bssid))); 918 (*sc->sc_node_free)(ni); 919 } 920 921 922 static void 923 atw_test1_reset(struct atw_softc *sc) 924 { 925 switch (sc->sc_rev) { 926 case ATW_REVISION_BA: 927 if (1 /* XXX condition on transceiver type */) { 928 ATW_SET(sc, ATW_TEST1, ATW_TEST1_TESTMODE_MONITOR); 929 } 930 break; 931 case ATW_REVISION_CA: 932 ATW_CLR(sc, ATW_TEST1, ATW_TEST1_TESTMODE_MASK); 933 break; 934 default: 935 break; 936 } 937 } 938 939 /* 940 * atw_reset: 941 * 942 * Perform a soft reset on the ADM8211. 943 */ 944 void 945 atw_reset(struct atw_softc *sc) 946 { 947 int i; 948 uint32_t lpc; 949 950 ATW_WRITE(sc, ATW_NAR, 0x0); 951 DELAY(atw_nar_delay); 952 953 /* Reference driver has a cryptic remark indicating that this might 954 * power-on the chip. I know that it turns off power-saving.... 955 */ 956 ATW_WRITE(sc, ATW_FRCTL, 0x0); 957 958 ATW_WRITE(sc, ATW_PAR, ATW_PAR_SWR); 959 960 for (i = 0; i < 50000 / atw_pseudo_milli; i++) { 961 if ((ATW_READ(sc, ATW_PAR) & ATW_PAR_SWR) == 0) 962 break; 963 DELAY(atw_pseudo_milli); 964 } 965 966 /* ... and then pause 100ms longer for good measure. */ 967 DELAY(atw_magic_delay1); 968 969 DPRINTF2(sc, ("%s: atw_reset %d iterations\n", device_xname(sc->sc_dev), i)); 970 971 if (ATW_ISSET(sc, ATW_PAR, ATW_PAR_SWR)) 972 aprint_error_dev(sc->sc_dev, "reset failed to complete\n"); 973 974 /* 975 * Initialize the PCI Access Register. 976 */ 977 sc->sc_busmode = ATW_PAR_PBL_8DW; 978 979 ATW_WRITE(sc, ATW_PAR, sc->sc_busmode); 980 DPRINTF(sc, ("%s: ATW_PAR %08x busmode %08x\n", device_xname(sc->sc_dev), 981 ATW_READ(sc, ATW_PAR), sc->sc_busmode)); 982 983 atw_test1_reset(sc); 984 985 /* Turn off maximum power saving, etc. */ 986 ATW_WRITE(sc, ATW_FRCTL, 0x0); 987 988 DELAY(atw_magic_delay2); 989 990 /* Recall EEPROM. */ 991 ATW_SET(sc, ATW_TEST0, ATW_TEST0_EPRLD); 992 993 DELAY(atw_magic_delay4); 994 995 lpc = ATW_READ(sc, ATW_LPC); 996 997 DPRINTF(sc, ("%s: ATW_LPC %#08x\n", __func__, lpc)); 998 999 /* A reset seems to affect the SRAM contents, so put them into 1000 * a known state. 1001 */ 1002 atw_clear_sram(sc); 1003 1004 memset(sc->sc_bssid, 0xff, sizeof(sc->sc_bssid)); 1005 } 1006 1007 static void 1008 atw_clear_sram(struct atw_softc *sc) 1009 { 1010 memset(sc->sc_sram, 0, sizeof(sc->sc_sram)); 1011 sc->sc_flags &= ~ATWF_WEP_SRAM_VALID; 1012 /* XXX not for revision 0x20. */ 1013 atw_write_sram(sc, 0, sc->sc_sram, sc->sc_sramlen); 1014 } 1015 1016 /* TBD atw_init 1017 * 1018 * set MAC based on ic->ic_bss->myaddr 1019 * write WEP keys 1020 * set TX rate 1021 */ 1022 1023 /* Tell the ADM8211 to raise ATW_INTR_LINKOFF if 7 beacon intervals pass 1024 * without receiving a beacon with the preferred BSSID & SSID. 1025 * atw_write_bssid & atw_write_ssid set the BSSID & SSID. 1026 */ 1027 static void 1028 atw_wcsr_init(struct atw_softc *sc) 1029 { 1030 uint32_t wcsr; 1031 1032 wcsr = ATW_READ(sc, ATW_WCSR); 1033 wcsr &= ~(ATW_WCSR_BLN_MASK|ATW_WCSR_LSOE|ATW_WCSR_MPRE|ATW_WCSR_LSOE); 1034 wcsr |= __SHIFTIN(7, ATW_WCSR_BLN_MASK); 1035 ATW_WRITE(sc, ATW_WCSR, wcsr); /* XXX resets wake-up status bits */ 1036 1037 DPRINTF(sc, ("%s: %s reg[WCSR] = %08x\n", 1038 device_xname(sc->sc_dev), __func__, ATW_READ(sc, ATW_WCSR))); 1039 } 1040 1041 /* Turn off power management. Set Rx store-and-forward mode. */ 1042 static void 1043 atw_cmdr_init(struct atw_softc *sc) 1044 { 1045 uint32_t cmdr; 1046 cmdr = ATW_READ(sc, ATW_CMDR); 1047 cmdr &= ~ATW_CMDR_APM; 1048 cmdr |= ATW_CMDR_RTE; 1049 cmdr &= ~ATW_CMDR_DRT_MASK; 1050 cmdr |= ATW_CMDR_DRT_SF; 1051 1052 ATW_WRITE(sc, ATW_CMDR, cmdr); 1053 } 1054 1055 static void 1056 atw_tofs2_init(struct atw_softc *sc) 1057 { 1058 uint32_t tofs2; 1059 /* XXX this magic can probably be figured out from the RFMD docs */ 1060 #ifndef ATW_REFSLAVE 1061 tofs2 = __SHIFTIN(4, ATW_TOFS2_PWR1UP_MASK) | /* 8 ms = 4 * 2 ms */ 1062 __SHIFTIN(13, ATW_TOFS2_PWR0PAPE_MASK) | /* 13 us */ 1063 __SHIFTIN(8, ATW_TOFS2_PWR1PAPE_MASK) | /* 8 us */ 1064 __SHIFTIN(5, ATW_TOFS2_PWR0TRSW_MASK) | /* 5 us */ 1065 __SHIFTIN(12, ATW_TOFS2_PWR1TRSW_MASK) | /* 12 us */ 1066 __SHIFTIN(13, ATW_TOFS2_PWR0PE2_MASK) | /* 13 us */ 1067 __SHIFTIN(4, ATW_TOFS2_PWR1PE2_MASK) | /* 4 us */ 1068 __SHIFTIN(5, ATW_TOFS2_PWR0TXPE_MASK); /* 5 us */ 1069 #else 1070 /* XXX new magic from reference driver source */ 1071 tofs2 = __SHIFTIN(8, ATW_TOFS2_PWR1UP_MASK) | /* 8 ms = 4 * 2 ms */ 1072 __SHIFTIN(8, ATW_TOFS2_PWR0PAPE_MASK) | /* 8 us */ 1073 __SHIFTIN(1, ATW_TOFS2_PWR1PAPE_MASK) | /* 1 us */ 1074 __SHIFTIN(5, ATW_TOFS2_PWR0TRSW_MASK) | /* 5 us */ 1075 __SHIFTIN(12, ATW_TOFS2_PWR1TRSW_MASK) | /* 12 us */ 1076 __SHIFTIN(13, ATW_TOFS2_PWR0PE2_MASK) | /* 13 us */ 1077 __SHIFTIN(1, ATW_TOFS2_PWR1PE2_MASK) | /* 1 us */ 1078 __SHIFTIN(8, ATW_TOFS2_PWR0TXPE_MASK); /* 8 us */ 1079 #endif 1080 ATW_WRITE(sc, ATW_TOFS2, tofs2); 1081 } 1082 1083 static void 1084 atw_nar_init(struct atw_softc *sc) 1085 { 1086 ATW_WRITE(sc, ATW_NAR, ATW_NAR_SF|ATW_NAR_PB); 1087 } 1088 1089 static void 1090 atw_txlmt_init(struct atw_softc *sc) 1091 { 1092 ATW_WRITE(sc, ATW_TXLMT, __SHIFTIN(512, ATW_TXLMT_MTMLT_MASK) | 1093 __SHIFTIN(1, ATW_TXLMT_SRTYLIM_MASK)); 1094 } 1095 1096 static void 1097 atw_test1_init(struct atw_softc *sc) 1098 { 1099 uint32_t test1; 1100 1101 test1 = ATW_READ(sc, ATW_TEST1); 1102 test1 &= ~(ATW_TEST1_DBGREAD_MASK|ATW_TEST1_CONTROL); 1103 /* XXX magic 0x1 */ 1104 test1 |= __SHIFTIN(0x1, ATW_TEST1_DBGREAD_MASK) | ATW_TEST1_CONTROL; 1105 ATW_WRITE(sc, ATW_TEST1, test1); 1106 } 1107 1108 static void 1109 atw_rf_reset(struct atw_softc *sc) 1110 { 1111 /* XXX this resets an Intersil RF front-end? */ 1112 /* TBD condition on Intersil RFType? */ 1113 ATW_WRITE(sc, ATW_SYNRF, ATW_SYNRF_INTERSIL_EN); 1114 DELAY(atw_rf_delay1); 1115 ATW_WRITE(sc, ATW_SYNRF, 0); 1116 DELAY(atw_rf_delay2); 1117 } 1118 1119 /* Set 16 TU max duration for the contention-free period (CFP). */ 1120 static void 1121 atw_cfp_init(struct atw_softc *sc) 1122 { 1123 uint32_t cfpp; 1124 1125 cfpp = ATW_READ(sc, ATW_CFPP); 1126 cfpp &= ~ATW_CFPP_CFPMD; 1127 cfpp |= __SHIFTIN(16, ATW_CFPP_CFPMD); 1128 ATW_WRITE(sc, ATW_CFPP, cfpp); 1129 } 1130 1131 static void 1132 atw_tofs0_init(struct atw_softc *sc) 1133 { 1134 /* XXX I guess that the Cardbus clock is 22 MHz? 1135 * I am assuming that the role of ATW_TOFS0_USCNT is 1136 * to divide the bus clock to get a 1 MHz clock---the datasheet is not 1137 * very clear on this point. It says in the datasheet that it is 1138 * possible for the ADM8211 to accommodate bus speeds between 22 MHz 1139 * and 33 MHz; maybe this is the way? I see a binary-only driver write 1140 * these values. These values are also the power-on default. 1141 */ 1142 ATW_WRITE(sc, ATW_TOFS0, 1143 __SHIFTIN(22, ATW_TOFS0_USCNT_MASK) | 1144 ATW_TOFS0_TUCNT_MASK /* set all bits in TUCNT */); 1145 } 1146 1147 /* Initialize interframe spacing: 802.11b slot time, SIFS, DIFS, EIFS. */ 1148 static void 1149 atw_ifs_init(struct atw_softc *sc) 1150 { 1151 uint32_t ifst; 1152 /* XXX EIFS=0x64, SIFS=110 are used by the reference driver. 1153 * Go figure. 1154 */ 1155 ifst = __SHIFTIN(IEEE80211_DUR_DS_SLOT, ATW_IFST_SLOT_MASK) | 1156 __SHIFTIN(22 * 5 /* IEEE80211_DUR_DS_SIFS */ /* # of 22 MHz cycles */, 1157 ATW_IFST_SIFS_MASK) | 1158 __SHIFTIN(IEEE80211_DUR_DS_DIFS, ATW_IFST_DIFS_MASK) | 1159 __SHIFTIN(0x64 /* IEEE80211_DUR_DS_EIFS */, ATW_IFST_EIFS_MASK); 1160 1161 ATW_WRITE(sc, ATW_IFST, ifst); 1162 } 1163 1164 static void 1165 atw_response_times_init(struct atw_softc *sc) 1166 { 1167 /* XXX More magic. Relates to ACK timing? The datasheet seems to 1168 * indicate that the MAC expects at least SIFS + MIRT microseconds 1169 * to pass after it transmits a frame that requires a response; 1170 * it waits at most SIFS + MART microseconds for the response. 1171 * Surely this is not the ACK timeout? 1172 */ 1173 ATW_WRITE(sc, ATW_RSPT, __SHIFTIN(0xffff, ATW_RSPT_MART_MASK) | 1174 __SHIFTIN(0xff, ATW_RSPT_MIRT_MASK)); 1175 } 1176 1177 /* Set up the MMI read/write addresses for the baseband. The Tx/Rx 1178 * engines read and write baseband registers after Rx and before 1179 * Tx, respectively. 1180 */ 1181 static void 1182 atw_bbp_io_init(struct atw_softc *sc) 1183 { 1184 uint32_t mmiraddr2; 1185 1186 /* XXX The reference driver does this, but is it *really* 1187 * necessary? 1188 */ 1189 switch (sc->sc_rev) { 1190 case ATW_REVISION_AB: 1191 case ATW_REVISION_AF: 1192 mmiraddr2 = 0x0; 1193 break; 1194 default: 1195 mmiraddr2 = ATW_READ(sc, ATW_MMIRADDR2); 1196 mmiraddr2 &= 1197 ~(ATW_MMIRADDR2_PROREXT|ATW_MMIRADDR2_PRORLEN_MASK); 1198 break; 1199 } 1200 1201 switch (sc->sc_bbptype) { 1202 case ATW_BBPTYPE_INTERSIL: 1203 ATW_WRITE(sc, ATW_MMIWADDR, ATW_MMIWADDR_INTERSIL); 1204 ATW_WRITE(sc, ATW_MMIRADDR1, ATW_MMIRADDR1_INTERSIL); 1205 mmiraddr2 |= ATW_MMIRADDR2_INTERSIL; 1206 break; 1207 case ATW_BBPTYPE_MARVEL: 1208 /* TBD find out the Marvel settings. */ 1209 break; 1210 case ATW_BBPTYPE_RFMD: 1211 default: 1212 ATW_WRITE(sc, ATW_MMIWADDR, ATW_MMIWADDR_RFMD); 1213 ATW_WRITE(sc, ATW_MMIRADDR1, ATW_MMIRADDR1_RFMD); 1214 mmiraddr2 |= ATW_MMIRADDR2_RFMD; 1215 break; 1216 } 1217 ATW_WRITE(sc, ATW_MMIRADDR2, mmiraddr2); 1218 ATW_WRITE(sc, ATW_MACTEST, ATW_MACTEST_MMI_USETXCLK); 1219 } 1220 1221 /* 1222 * atw_init: [ ifnet interface function ] 1223 * 1224 * Initialize the interface. Must be called at splnet(). 1225 */ 1226 int 1227 atw_init(struct ifnet *ifp) 1228 { 1229 struct atw_softc *sc = ifp->if_softc; 1230 struct ieee80211com *ic = &sc->sc_ic; 1231 struct atw_txsoft *txs; 1232 struct atw_rxsoft *rxs; 1233 int i, error = 0; 1234 1235 if ((error = atw_enable(sc)) != 0) 1236 goto out; 1237 1238 /* 1239 * Cancel any pending I/O. This also resets. 1240 */ 1241 atw_stop(ifp, 0); 1242 1243 DPRINTF(sc, ("%s: channel %d freq %d flags 0x%04x\n", 1244 __func__, ieee80211_chan2ieee(ic, ic->ic_curchan), 1245 ic->ic_curchan->ic_freq, ic->ic_curchan->ic_flags)); 1246 1247 atw_wcsr_init(sc); 1248 1249 atw_cmdr_init(sc); 1250 1251 /* Set data rate for PLCP Signal field, 1Mbps = 10 x 100Kb/s. 1252 * 1253 * XXX Set transmit power for ATIM, RTS, Beacon. 1254 */ 1255 ATW_WRITE(sc, ATW_PLCPHD, __SHIFTIN(10, ATW_PLCPHD_SIGNAL_MASK) | 1256 __SHIFTIN(0xb0, ATW_PLCPHD_SERVICE_MASK)); 1257 1258 atw_tofs2_init(sc); 1259 1260 atw_nar_init(sc); 1261 1262 atw_txlmt_init(sc); 1263 1264 atw_test1_init(sc); 1265 1266 atw_rf_reset(sc); 1267 1268 atw_cfp_init(sc); 1269 1270 atw_tofs0_init(sc); 1271 1272 atw_ifs_init(sc); 1273 1274 /* XXX Fall asleep after one second of inactivity. 1275 * XXX A frame may only dribble in for 65536us. 1276 */ 1277 ATW_WRITE(sc, ATW_RMD, 1278 __SHIFTIN(1, ATW_RMD_PCNT) | __SHIFTIN(0xffff, ATW_RMD_RMRD_MASK)); 1279 1280 atw_response_times_init(sc); 1281 1282 atw_bbp_io_init(sc); 1283 1284 ATW_WRITE(sc, ATW_STSR, 0xffffffff); 1285 1286 if ((error = atw_rf3000_init(sc)) != 0) 1287 goto out; 1288 1289 ATW_WRITE(sc, ATW_PAR, sc->sc_busmode); 1290 DPRINTF(sc, ("%s: ATW_PAR %08x busmode %08x\n", device_xname(sc->sc_dev), 1291 ATW_READ(sc, ATW_PAR), sc->sc_busmode)); 1292 1293 /* 1294 * Initialize the transmit descriptor ring. 1295 */ 1296 memset(sc->sc_txdescs, 0, sizeof(sc->sc_txdescs)); 1297 for (i = 0; i < ATW_NTXDESC; i++) { 1298 sc->sc_txdescs[i].at_ctl = 0; 1299 /* no transmit chaining */ 1300 sc->sc_txdescs[i].at_flags = 0 /* ATW_TXFLAG_TCH */; 1301 sc->sc_txdescs[i].at_buf2 = 1302 htole32(ATW_CDTXADDR(sc, ATW_NEXTTX(i))); 1303 } 1304 /* use ring mode */ 1305 sc->sc_txdescs[ATW_NTXDESC - 1].at_flags |= htole32(ATW_TXFLAG_TER); 1306 ATW_CDTXSYNC(sc, 0, ATW_NTXDESC, 1307 BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE); 1308 sc->sc_txfree = ATW_NTXDESC; 1309 sc->sc_txnext = 0; 1310 1311 /* 1312 * Initialize the transmit job descriptors. 1313 */ 1314 SIMPLEQ_INIT(&sc->sc_txfreeq); 1315 SIMPLEQ_INIT(&sc->sc_txdirtyq); 1316 for (i = 0; i < ATW_TXQUEUELEN; i++) { 1317 txs = &sc->sc_txsoft[i]; 1318 txs->txs_mbuf = NULL; 1319 SIMPLEQ_INSERT_TAIL(&sc->sc_txfreeq, txs, txs_q); 1320 } 1321 1322 /* 1323 * Initialize the receive descriptor and receive job 1324 * descriptor rings. 1325 */ 1326 for (i = 0; i < ATW_NRXDESC; i++) { 1327 rxs = &sc->sc_rxsoft[i]; 1328 if (rxs->rxs_mbuf == NULL) { 1329 if ((error = atw_add_rxbuf(sc, i)) != 0) { 1330 aprint_error_dev(sc->sc_dev, "unable to allocate or map rx " 1331 "buffer %d, error = %d\n", 1332 i, error); 1333 /* 1334 * XXX Should attempt to run with fewer receive 1335 * XXX buffers instead of just failing. 1336 */ 1337 atw_rxdrain(sc); 1338 goto out; 1339 } 1340 } else 1341 atw_init_rxdesc(sc, i); 1342 } 1343 sc->sc_rxptr = 0; 1344 1345 /* 1346 * Initialize the interrupt mask and enable interrupts. 1347 */ 1348 /* normal interrupts */ 1349 sc->sc_inten = ATW_INTR_TCI | ATW_INTR_TDU | ATW_INTR_RCI | 1350 ATW_INTR_NISS | ATW_INTR_LINKON | ATW_INTR_BCNTC; 1351 1352 /* abnormal interrupts */ 1353 sc->sc_inten |= ATW_INTR_TPS | ATW_INTR_TLT | ATW_INTR_TRT | 1354 ATW_INTR_TUF | ATW_INTR_RDU | ATW_INTR_RPS | ATW_INTR_AISS | 1355 ATW_INTR_FBE | ATW_INTR_LINKOFF | ATW_INTR_TSFTF | ATW_INTR_TSCZ; 1356 1357 sc->sc_linkint_mask = ATW_INTR_LINKON | ATW_INTR_LINKOFF | 1358 ATW_INTR_BCNTC | ATW_INTR_TSFTF | ATW_INTR_TSCZ; 1359 sc->sc_rxint_mask = ATW_INTR_RCI | ATW_INTR_RDU; 1360 sc->sc_txint_mask = ATW_INTR_TCI | ATW_INTR_TUF | ATW_INTR_TLT | 1361 ATW_INTR_TRT; 1362 1363 sc->sc_linkint_mask &= sc->sc_inten; 1364 sc->sc_rxint_mask &= sc->sc_inten; 1365 sc->sc_txint_mask &= sc->sc_inten; 1366 1367 ATW_WRITE(sc, ATW_IER, sc->sc_inten); 1368 ATW_WRITE(sc, ATW_STSR, 0xffffffff); 1369 1370 DPRINTF(sc, ("%s: ATW_IER %08x, inten %08x\n", 1371 device_xname(sc->sc_dev), ATW_READ(sc, ATW_IER), sc->sc_inten)); 1372 1373 /* 1374 * Give the transmit and receive rings to the ADM8211. 1375 */ 1376 ATW_WRITE(sc, ATW_RDB, ATW_CDRXADDR(sc, sc->sc_rxptr)); 1377 ATW_WRITE(sc, ATW_TDBD, ATW_CDTXADDR(sc, sc->sc_txnext)); 1378 1379 sc->sc_txthresh = 0; 1380 sc->sc_opmode = ATW_NAR_SR | ATW_NAR_ST | 1381 sc->sc_txth[sc->sc_txthresh].txth_opmode; 1382 1383 /* common 802.11 configuration */ 1384 ic->ic_flags &= ~IEEE80211_F_IBSSON; 1385 switch (ic->ic_opmode) { 1386 case IEEE80211_M_STA: 1387 break; 1388 case IEEE80211_M_AHDEMO: /* XXX */ 1389 case IEEE80211_M_IBSS: 1390 ic->ic_flags |= IEEE80211_F_IBSSON; 1391 /*FALLTHROUGH*/ 1392 case IEEE80211_M_HOSTAP: /* XXX */ 1393 break; 1394 case IEEE80211_M_MONITOR: /* XXX */ 1395 break; 1396 } 1397 1398 switch (ic->ic_opmode) { 1399 case IEEE80211_M_AHDEMO: 1400 case IEEE80211_M_HOSTAP: 1401 #ifndef IEEE80211_NO_HOSTAP 1402 ic->ic_bss->ni_intval = ic->ic_lintval; 1403 ic->ic_bss->ni_rssi = 0; 1404 ic->ic_bss->ni_rstamp = 0; 1405 #endif /* !IEEE80211_NO_HOSTAP */ 1406 break; 1407 default: /* XXX */ 1408 break; 1409 } 1410 1411 sc->sc_wepctl = 0; 1412 1413 atw_write_ssid(sc); 1414 atw_write_sup_rates(sc); 1415 atw_write_wep(sc); 1416 1417 ic->ic_state = IEEE80211_S_INIT; 1418 1419 /* 1420 * Set the receive filter. This will start the transmit and 1421 * receive processes. 1422 */ 1423 atw_filter_setup(sc); 1424 1425 /* 1426 * Start the receive process. 1427 */ 1428 ATW_WRITE(sc, ATW_RDR, 0x1); 1429 1430 /* 1431 * Note that the interface is now running. 1432 */ 1433 ifp->if_flags |= IFF_RUNNING; 1434 ifp->if_flags &= ~IFF_OACTIVE; 1435 1436 /* send no beacons, yet. */ 1437 atw_start_beacon(sc, 0); 1438 1439 if (ic->ic_opmode == IEEE80211_M_MONITOR) 1440 error = ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1441 else 1442 error = ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1443 out: 1444 if (error) { 1445 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 1446 sc->sc_tx_timer = 0; 1447 ifp->if_timer = 0; 1448 printf("%s: interface not running\n", device_xname(sc->sc_dev)); 1449 } 1450 #ifdef ATW_DEBUG 1451 atw_print_regs(sc, "end of init"); 1452 #endif /* ATW_DEBUG */ 1453 1454 return (error); 1455 } 1456 1457 /* enable == 1: host control of RF3000/Si4126 through ATW_SYNCTL. 1458 * 0: MAC control of RF3000/Si4126. 1459 * 1460 * Applies power, or selects RF front-end? Sets reset condition. 1461 * 1462 * TBD support non-RFMD BBP, non-SiLabs synth. 1463 */ 1464 static void 1465 atw_bbp_io_enable(struct atw_softc *sc, int enable) 1466 { 1467 if (enable) { 1468 ATW_WRITE(sc, ATW_SYNRF, 1469 ATW_SYNRF_SELRF|ATW_SYNRF_PE1|ATW_SYNRF_PHYRST); 1470 DELAY(atw_bbp_io_enable_delay); 1471 } else { 1472 ATW_WRITE(sc, ATW_SYNRF, 0); 1473 DELAY(atw_bbp_io_disable_delay); /* shorter for some reason */ 1474 } 1475 } 1476 1477 static int 1478 atw_tune(struct atw_softc *sc) 1479 { 1480 int rc; 1481 u_int chan; 1482 struct ieee80211com *ic = &sc->sc_ic; 1483 1484 chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 1485 if (chan == IEEE80211_CHAN_ANY) 1486 panic("%s: chan == IEEE80211_CHAN_ANY\n", __func__); 1487 1488 if (chan == sc->sc_cur_chan) 1489 return 0; 1490 1491 DPRINTF(sc, ("%s: chan %d -> %d\n", device_xname(sc->sc_dev), 1492 sc->sc_cur_chan, chan)); 1493 1494 atw_idle(sc, ATW_NAR_SR|ATW_NAR_ST); 1495 1496 atw_si4126_tune(sc, chan); 1497 if ((rc = atw_rf3000_tune(sc, chan)) != 0) 1498 printf("%s: failed to tune channel %d\n", device_xname(sc->sc_dev), 1499 chan); 1500 1501 ATW_WRITE(sc, ATW_NAR, sc->sc_opmode); 1502 DELAY(atw_nar_delay); 1503 ATW_WRITE(sc, ATW_RDR, 0x1); 1504 1505 if (rc == 0) { 1506 sc->sc_cur_chan = chan; 1507 sc->sc_rxtap.ar_chan_freq = sc->sc_txtap.at_chan_freq = 1508 htole16(ic->ic_curchan->ic_freq); 1509 sc->sc_rxtap.ar_chan_flags = sc->sc_txtap.at_chan_flags = 1510 htole16(ic->ic_curchan->ic_flags); 1511 } 1512 1513 return rc; 1514 } 1515 1516 #ifdef ATW_SYNDEBUG 1517 static void 1518 atw_si4126_print(struct atw_softc *sc) 1519 { 1520 struct ifnet *ifp = &sc->sc_if; 1521 u_int addr, val; 1522 1523 val = 0; 1524 1525 if (atw_debug < 3 || (ifp->if_flags & IFF_DEBUG) == 0) 1526 return; 1527 1528 for (addr = 0; addr <= 8; addr++) { 1529 printf("%s: synth[%d] = ", device_xname(sc->sc_dev), addr); 1530 if (atw_si4126_read(sc, addr, &val) == 0) { 1531 printf("<unknown> (quitting print-out)\n"); 1532 break; 1533 } 1534 printf("%05x\n", val); 1535 } 1536 } 1537 #endif /* ATW_SYNDEBUG */ 1538 1539 /* Tune to channel chan by adjusting the Si4126 RF/IF synthesizer. 1540 * 1541 * The RF/IF synthesizer produces two reference frequencies for 1542 * the RF2948B transceiver. The first frequency the RF2948B requires 1543 * is two times the so-called "intermediate frequency" (IF). Since 1544 * a SAW filter on the radio fixes the IF at 374 MHz, I program the 1545 * Si4126 to generate IF LO = 374 MHz x 2 = 748 MHz. The second 1546 * frequency required by the transceiver is the radio frequency 1547 * (RF). This is a superheterodyne transceiver; for f(chan) the 1548 * center frequency of the channel we are tuning, RF = f(chan) - 1549 * IF. 1550 * 1551 * XXX I am told by SiLabs that the Si4126 will accept a broader range 1552 * of XIN than the 2-25 MHz mentioned by the datasheet, even *without* 1553 * XINDIV2 = 1. I've tried this (it is necessary to double R) and it 1554 * works, but I have still programmed for XINDIV2 = 1 to be safe. 1555 */ 1556 static void 1557 atw_si4126_tune(struct atw_softc *sc, u_int chan) 1558 { 1559 u_int mhz; 1560 u_int R; 1561 u_int32_t gpio; 1562 u_int16_t gain; 1563 1564 #ifdef ATW_SYNDEBUG 1565 atw_si4126_print(sc); 1566 #endif /* ATW_SYNDEBUG */ 1567 1568 if (chan == 14) 1569 mhz = 2484; 1570 else 1571 mhz = 2412 + 5 * (chan - 1); 1572 1573 /* Tune IF to 748 MHz to suit the IF LO input of the 1574 * RF2494B, which is 2 x IF. No need to set an IF divider 1575 * because an IF in 526 MHz - 952 MHz is allowed. 1576 * 1577 * XIN is 44.000 MHz, so divide it by two to get allowable 1578 * range of 2-25 MHz. SiLabs tells me that this is not 1579 * strictly necessary. 1580 */ 1581 1582 if (atw_xindiv2) 1583 R = 44; 1584 else 1585 R = 88; 1586 1587 /* Power-up RF, IF synthesizers. */ 1588 atw_si4126_write(sc, SI4126_POWER, 1589 SI4126_POWER_PDIB|SI4126_POWER_PDRB); 1590 1591 /* set LPWR, too? */ 1592 atw_si4126_write(sc, SI4126_MAIN, 1593 (atw_xindiv2) ? SI4126_MAIN_XINDIV2 : 0); 1594 1595 /* Set the phase-locked loop gain. If RF2 N > 2047, then 1596 * set KP2 to 1. 1597 * 1598 * REFDIF This is different from the reference driver, which 1599 * always sets SI4126_GAIN to 0. 1600 */ 1601 gain = __SHIFTIN(((mhz - 374) > 2047) ? 1 : 0, SI4126_GAIN_KP2_MASK); 1602 1603 atw_si4126_write(sc, SI4126_GAIN, gain); 1604 1605 /* XIN = 44 MHz. 1606 * 1607 * If XINDIV2 = 1, IF = N/(2 * R) * XIN. I choose N = 1496, 1608 * R = 44 so that 1496/(2 * 44) * 44 MHz = 748 MHz. 1609 * 1610 * If XINDIV2 = 0, IF = N/R * XIN. I choose N = 1496, R = 88 1611 * so that 1496/88 * 44 MHz = 748 MHz. 1612 */ 1613 atw_si4126_write(sc, SI4126_IFN, 1496); 1614 1615 atw_si4126_write(sc, SI4126_IFR, R); 1616 1617 #ifndef ATW_REFSLAVE 1618 /* Set RF1 arbitrarily. DO NOT configure RF1 after RF2, because 1619 * then RF1 becomes the active RF synthesizer, even on the Si4126, 1620 * which has no RF1! 1621 */ 1622 atw_si4126_write(sc, SI4126_RF1R, R); 1623 1624 atw_si4126_write(sc, SI4126_RF1N, mhz - 374); 1625 #endif 1626 1627 /* N/R * XIN = RF. XIN = 44 MHz. We desire RF = mhz - IF, 1628 * where IF = 374 MHz. Let's divide XIN to 1 MHz. So R = 44. 1629 * Now let's multiply it to mhz. So mhz - IF = N. 1630 */ 1631 atw_si4126_write(sc, SI4126_RF2R, R); 1632 1633 atw_si4126_write(sc, SI4126_RF2N, mhz - 374); 1634 1635 /* wait 100us from power-up for RF, IF to settle */ 1636 DELAY(100); 1637 1638 gpio = ATW_READ(sc, ATW_GPIO); 1639 gpio &= ~(ATW_GPIO_EN_MASK|ATW_GPIO_O_MASK|ATW_GPIO_I_MASK); 1640 gpio |= __SHIFTIN(1, ATW_GPIO_EN_MASK); 1641 1642 if ((sc->sc_if.if_flags & IFF_LINK1) != 0 && chan != 14) { 1643 /* Set a Prism RF front-end to a special mode for channel 14? 1644 * 1645 * Apparently the SMC2635W needs this, although I don't think 1646 * it has a Prism RF. 1647 */ 1648 gpio |= __SHIFTIN(1, ATW_GPIO_O_MASK); 1649 } 1650 ATW_WRITE(sc, ATW_GPIO, gpio); 1651 1652 #ifdef ATW_SYNDEBUG 1653 atw_si4126_print(sc); 1654 #endif /* ATW_SYNDEBUG */ 1655 } 1656 1657 /* Baseline initialization of RF3000 BBP: set CCA mode and enable antenna 1658 * diversity. 1659 * 1660 * !!! 1661 * !!! Call this w/ Tx/Rx suspended, atw_idle(, ATW_NAR_ST|ATW_NAR_SR). 1662 * !!! 1663 */ 1664 static int 1665 atw_rf3000_init(struct atw_softc *sc) 1666 { 1667 int rc = 0; 1668 1669 atw_bbp_io_enable(sc, 1); 1670 1671 /* CCA is acquisition sensitive */ 1672 rc = atw_rf3000_write(sc, RF3000_CCACTL, 1673 __SHIFTIN(RF3000_CCACTL_MODE_BOTH, RF3000_CCACTL_MODE_MASK)); 1674 1675 if (rc != 0) 1676 goto out; 1677 1678 /* enable diversity */ 1679 rc = atw_rf3000_write(sc, RF3000_DIVCTL, RF3000_DIVCTL_ENABLE); 1680 1681 if (rc != 0) 1682 goto out; 1683 1684 /* sensible setting from a binary-only driver */ 1685 rc = atw_rf3000_write(sc, RF3000_GAINCTL, 1686 __SHIFTIN(0x1d, RF3000_GAINCTL_TXVGC_MASK)); 1687 1688 if (rc != 0) 1689 goto out; 1690 1691 /* magic from a binary-only driver */ 1692 rc = atw_rf3000_write(sc, RF3000_LOGAINCAL, 1693 __SHIFTIN(0x38, RF3000_LOGAINCAL_CAL_MASK)); 1694 1695 if (rc != 0) 1696 goto out; 1697 1698 rc = atw_rf3000_write(sc, RF3000_HIGAINCAL, RF3000_HIGAINCAL_DSSSPAD); 1699 1700 if (rc != 0) 1701 goto out; 1702 1703 /* XXX Reference driver remarks that Abocom sets this to 50. 1704 * Meaning 0x50, I think.... 50 = 0x32, which would set a bit 1705 * in the "reserved" area of register RF3000_OPTIONS1. 1706 */ 1707 rc = atw_rf3000_write(sc, RF3000_OPTIONS1, sc->sc_rf3000_options1); 1708 1709 if (rc != 0) 1710 goto out; 1711 1712 rc = atw_rf3000_write(sc, RF3000_OPTIONS2, sc->sc_rf3000_options2); 1713 1714 if (rc != 0) 1715 goto out; 1716 1717 out: 1718 atw_bbp_io_enable(sc, 0); 1719 return rc; 1720 } 1721 1722 #ifdef ATW_BBPDEBUG 1723 static void 1724 atw_rf3000_print(struct atw_softc *sc) 1725 { 1726 struct ifnet *ifp = &sc->sc_if; 1727 u_int addr, val; 1728 1729 if (atw_debug < 3 || (ifp->if_flags & IFF_DEBUG) == 0) 1730 return; 1731 1732 for (addr = 0x01; addr <= 0x15; addr++) { 1733 printf("%s: bbp[%d] = \n", device_xname(sc->sc_dev), addr); 1734 if (atw_rf3000_read(sc, addr, &val) != 0) { 1735 printf("<unknown> (quitting print-out)\n"); 1736 break; 1737 } 1738 printf("%08x\n", val); 1739 } 1740 } 1741 #endif /* ATW_BBPDEBUG */ 1742 1743 /* Set the power settings on the BBP for channel `chan'. */ 1744 static int 1745 atw_rf3000_tune(struct atw_softc *sc, u_int chan) 1746 { 1747 int rc = 0; 1748 u_int32_t reg; 1749 u_int16_t txpower, lpf_cutoff, lna_gs_thresh; 1750 1751 txpower = sc->sc_srom[ATW_SR_TXPOWER(chan)]; 1752 lpf_cutoff = sc->sc_srom[ATW_SR_LPF_CUTOFF(chan)]; 1753 lna_gs_thresh = sc->sc_srom[ATW_SR_LNA_GS_THRESH(chan)]; 1754 1755 /* odd channels: LSB, even channels: MSB */ 1756 if (chan % 2 == 1) { 1757 txpower &= 0xFF; 1758 lpf_cutoff &= 0xFF; 1759 lna_gs_thresh &= 0xFF; 1760 } else { 1761 txpower >>= 8; 1762 lpf_cutoff >>= 8; 1763 lna_gs_thresh >>= 8; 1764 } 1765 1766 #ifdef ATW_BBPDEBUG 1767 atw_rf3000_print(sc); 1768 #endif /* ATW_BBPDEBUG */ 1769 1770 DPRINTF(sc, ("%s: chan %d txpower %02x, lpf_cutoff %02x, " 1771 "lna_gs_thresh %02x\n", 1772 device_xname(sc->sc_dev), chan, txpower, lpf_cutoff, lna_gs_thresh)); 1773 1774 atw_bbp_io_enable(sc, 1); 1775 1776 if ((rc = atw_rf3000_write(sc, RF3000_GAINCTL, 1777 __SHIFTIN(txpower, RF3000_GAINCTL_TXVGC_MASK))) != 0) 1778 goto out; 1779 1780 if ((rc = atw_rf3000_write(sc, RF3000_LOGAINCAL, lpf_cutoff)) != 0) 1781 goto out; 1782 1783 if ((rc = atw_rf3000_write(sc, RF3000_HIGAINCAL, lna_gs_thresh)) != 0) 1784 goto out; 1785 1786 rc = atw_rf3000_write(sc, RF3000_OPTIONS1, 0x0); 1787 1788 if (rc != 0) 1789 goto out; 1790 1791 rc = atw_rf3000_write(sc, RF3000_OPTIONS2, RF3000_OPTIONS2_LNAGS_DELAY); 1792 1793 if (rc != 0) 1794 goto out; 1795 1796 #ifdef ATW_BBPDEBUG 1797 atw_rf3000_print(sc); 1798 #endif /* ATW_BBPDEBUG */ 1799 1800 out: 1801 atw_bbp_io_enable(sc, 0); 1802 1803 /* set beacon, rts, atim transmit power */ 1804 reg = ATW_READ(sc, ATW_PLCPHD); 1805 reg &= ~ATW_PLCPHD_SERVICE_MASK; 1806 reg |= __SHIFTIN(__SHIFTIN(txpower, RF3000_GAINCTL_TXVGC_MASK), 1807 ATW_PLCPHD_SERVICE_MASK); 1808 ATW_WRITE(sc, ATW_PLCPHD, reg); 1809 DELAY(atw_plcphd_delay); 1810 1811 return rc; 1812 } 1813 1814 /* Write a register on the RF3000 baseband processor using the 1815 * registers provided by the ADM8211 for this purpose. 1816 * 1817 * Return 0 on success. 1818 */ 1819 static int 1820 atw_rf3000_write(struct atw_softc *sc, u_int addr, u_int val) 1821 { 1822 u_int32_t reg; 1823 int i; 1824 1825 reg = sc->sc_bbpctl_wr | 1826 __SHIFTIN(val & 0xff, ATW_BBPCTL_DATA_MASK) | 1827 __SHIFTIN(addr & 0x7f, ATW_BBPCTL_ADDR_MASK); 1828 1829 for (i = 20000 / atw_pseudo_milli; --i >= 0; ) { 1830 ATW_WRITE(sc, ATW_BBPCTL, reg); 1831 DELAY(2 * atw_pseudo_milli); 1832 if (ATW_ISSET(sc, ATW_BBPCTL, ATW_BBPCTL_WR) == 0) 1833 break; 1834 } 1835 1836 if (i < 0) { 1837 printf("%s: BBPCTL still busy\n", device_xname(sc->sc_dev)); 1838 return ETIMEDOUT; 1839 } 1840 return 0; 1841 } 1842 1843 /* Read a register on the RF3000 baseband processor using the registers 1844 * the ADM8211 provides for this purpose. 1845 * 1846 * The 7-bit register address is addr. Record the 8-bit data in the register 1847 * in *val. 1848 * 1849 * Return 0 on success. 1850 * 1851 * XXX This does not seem to work. The ADM8211 must require more or 1852 * different magic to read the chip than to write it. Possibly some 1853 * of the magic I have derived from a binary-only driver concerns 1854 * the "chip address" (see the RF3000 manual). 1855 */ 1856 #ifdef ATW_BBPDEBUG 1857 static int 1858 atw_rf3000_read(struct atw_softc *sc, u_int addr, u_int *val) 1859 { 1860 u_int32_t reg; 1861 int i; 1862 1863 for (i = 1000; --i >= 0; ) { 1864 if (ATW_ISSET(sc, ATW_BBPCTL, ATW_BBPCTL_RD|ATW_BBPCTL_WR) == 0) 1865 break; 1866 DELAY(100); 1867 } 1868 1869 if (i < 0) { 1870 printf("%s: start atw_rf3000_read, BBPCTL busy\n", 1871 device_xname(sc->sc_dev)); 1872 return ETIMEDOUT; 1873 } 1874 1875 reg = sc->sc_bbpctl_rd | __SHIFTIN(addr & 0x7f, ATW_BBPCTL_ADDR_MASK); 1876 1877 ATW_WRITE(sc, ATW_BBPCTL, reg); 1878 1879 for (i = 1000; --i >= 0; ) { 1880 DELAY(100); 1881 if (ATW_ISSET(sc, ATW_BBPCTL, ATW_BBPCTL_RD) == 0) 1882 break; 1883 } 1884 1885 ATW_CLR(sc, ATW_BBPCTL, ATW_BBPCTL_RD); 1886 1887 if (i < 0) { 1888 printf("%s: atw_rf3000_read wrote %08x; BBPCTL still busy\n", 1889 device_xname(sc->sc_dev), reg); 1890 return ETIMEDOUT; 1891 } 1892 if (val != NULL) 1893 *val = __SHIFTOUT(reg, ATW_BBPCTL_DATA_MASK); 1894 return 0; 1895 } 1896 #endif /* ATW_BBPDEBUG */ 1897 1898 /* Write a register on the Si4126 RF/IF synthesizer using the registers 1899 * provided by the ADM8211 for that purpose. 1900 * 1901 * val is 18 bits of data, and val is the 4-bit address of the register. 1902 * 1903 * Return 0 on success. 1904 */ 1905 static void 1906 atw_si4126_write(struct atw_softc *sc, u_int addr, u_int val) 1907 { 1908 uint32_t bits, mask, reg; 1909 const int nbits = 22; 1910 1911 KASSERT((addr & ~__SHIFTOUT_MASK(SI4126_TWI_ADDR_MASK)) == 0); 1912 KASSERT((val & ~__SHIFTOUT_MASK(SI4126_TWI_DATA_MASK)) == 0); 1913 1914 bits = __SHIFTIN(val, SI4126_TWI_DATA_MASK) | 1915 __SHIFTIN(addr, SI4126_TWI_ADDR_MASK); 1916 1917 reg = ATW_SYNRF_SELSYN; 1918 /* reference driver: reset Si4126 serial bus to initial 1919 * conditions? 1920 */ 1921 ATW_WRITE(sc, ATW_SYNRF, reg | ATW_SYNRF_LEIF); 1922 ATW_WRITE(sc, ATW_SYNRF, reg); 1923 1924 for (mask = __BIT(nbits - 1); mask != 0; mask >>= 1) { 1925 if ((bits & mask) != 0) 1926 reg |= ATW_SYNRF_SYNDATA; 1927 else 1928 reg &= ~ATW_SYNRF_SYNDATA; 1929 ATW_WRITE(sc, ATW_SYNRF, reg); 1930 ATW_WRITE(sc, ATW_SYNRF, reg | ATW_SYNRF_SYNCLK); 1931 ATW_WRITE(sc, ATW_SYNRF, reg); 1932 } 1933 ATW_WRITE(sc, ATW_SYNRF, reg | ATW_SYNRF_LEIF); 1934 ATW_WRITE(sc, ATW_SYNRF, 0x0); 1935 } 1936 1937 /* Read 18-bit data from the 4-bit address addr in Si4126 1938 * RF synthesizer and write the data to *val. Return 0 on success. 1939 * 1940 * XXX This does not seem to work. The ADM8211 must require more or 1941 * different magic to read the chip than to write it. 1942 */ 1943 #ifdef ATW_SYNDEBUG 1944 static int 1945 atw_si4126_read(struct atw_softc *sc, u_int addr, u_int *val) 1946 { 1947 u_int32_t reg; 1948 int i; 1949 1950 KASSERT((addr & ~__SHIFTOUT_MASK(SI4126_TWI_ADDR_MASK)) == 0); 1951 1952 for (i = 1000; --i >= 0; ) { 1953 if (ATW_ISSET(sc, ATW_SYNCTL, ATW_SYNCTL_RD|ATW_SYNCTL_WR) == 0) 1954 break; 1955 DELAY(100); 1956 } 1957 1958 if (i < 0) { 1959 printf("%s: start atw_si4126_read, SYNCTL busy\n", 1960 device_xname(sc->sc_dev)); 1961 return ETIMEDOUT; 1962 } 1963 1964 reg = sc->sc_synctl_rd | __SHIFTIN(addr, ATW_SYNCTL_DATA_MASK); 1965 1966 ATW_WRITE(sc, ATW_SYNCTL, reg); 1967 1968 for (i = 1000; --i >= 0; ) { 1969 DELAY(100); 1970 if (ATW_ISSET(sc, ATW_SYNCTL, ATW_SYNCTL_RD) == 0) 1971 break; 1972 } 1973 1974 ATW_CLR(sc, ATW_SYNCTL, ATW_SYNCTL_RD); 1975 1976 if (i < 0) { 1977 printf("%s: atw_si4126_read wrote %#08x, SYNCTL still busy\n", 1978 device_xname(sc->sc_dev), reg); 1979 return ETIMEDOUT; 1980 } 1981 if (val != NULL) 1982 *val = __SHIFTOUT(ATW_READ(sc, ATW_SYNCTL), 1983 ATW_SYNCTL_DATA_MASK); 1984 return 0; 1985 } 1986 #endif /* ATW_SYNDEBUG */ 1987 1988 /* XXX is the endianness correct? test. */ 1989 #define atw_calchash(addr) \ 1990 (ether_crc32_le((addr), IEEE80211_ADDR_LEN) & __BITS(5, 0)) 1991 1992 /* 1993 * atw_filter_setup: 1994 * 1995 * Set the ADM8211's receive filter. 1996 */ 1997 static void 1998 atw_filter_setup(struct atw_softc *sc) 1999 { 2000 struct ieee80211com *ic = &sc->sc_ic; 2001 struct ethercom *ec = &sc->sc_ec; 2002 struct ifnet *ifp = &sc->sc_if; 2003 int hash; 2004 u_int32_t hashes[2]; 2005 struct ether_multi *enm; 2006 struct ether_multistep step; 2007 2008 /* According to comments in tlp_al981_filter_setup 2009 * (dev/ic/tulip.c) the ADMtek AL981 does not like for its 2010 * multicast filter to be set while it is running. Hopefully 2011 * the ADM8211 is not the same! 2012 */ 2013 if ((ifp->if_flags & IFF_RUNNING) != 0) 2014 atw_idle(sc, ATW_NAR_SR); 2015 2016 sc->sc_opmode &= ~(ATW_NAR_PB|ATW_NAR_PR|ATW_NAR_MM); 2017 ifp->if_flags &= ~IFF_ALLMULTI; 2018 2019 /* XXX in scan mode, do not filter packets. Maybe this is 2020 * unnecessary. 2021 */ 2022 if (ic->ic_state == IEEE80211_S_SCAN || 2023 (ifp->if_flags & IFF_PROMISC) != 0) { 2024 sc->sc_opmode |= ATW_NAR_PR | ATW_NAR_PB; 2025 goto allmulti; 2026 } 2027 2028 hashes[0] = hashes[1] = 0x0; 2029 2030 /* 2031 * Program the 64-bit multicast hash filter. 2032 */ 2033 ETHER_FIRST_MULTI(step, ec, enm); 2034 while (enm != NULL) { 2035 if (memcmp(enm->enm_addrlo, enm->enm_addrhi, 2036 ETHER_ADDR_LEN) != 0) 2037 goto allmulti; 2038 2039 hash = atw_calchash(enm->enm_addrlo); 2040 hashes[hash >> 5] |= 1 << (hash & 0x1f); 2041 ETHER_NEXT_MULTI(step, enm); 2042 sc->sc_opmode |= ATW_NAR_MM; 2043 } 2044 ifp->if_flags &= ~IFF_ALLMULTI; 2045 goto setit; 2046 2047 allmulti: 2048 sc->sc_opmode |= ATW_NAR_MM; 2049 ifp->if_flags |= IFF_ALLMULTI; 2050 hashes[0] = hashes[1] = 0xffffffff; 2051 2052 setit: 2053 ATW_WRITE(sc, ATW_MAR0, hashes[0]); 2054 ATW_WRITE(sc, ATW_MAR1, hashes[1]); 2055 ATW_WRITE(sc, ATW_NAR, sc->sc_opmode); 2056 DELAY(atw_nar_delay); 2057 ATW_WRITE(sc, ATW_RDR, 0x1); 2058 2059 DPRINTF(sc, ("%s: ATW_NAR %08x opmode %08x\n", device_xname(sc->sc_dev), 2060 ATW_READ(sc, ATW_NAR), sc->sc_opmode)); 2061 } 2062 2063 /* Tell the ADM8211 our preferred BSSID. The ADM8211 must match 2064 * a beacon's BSSID and SSID against the preferred BSSID and SSID 2065 * before it will raise ATW_INTR_LINKON. When the ADM8211 receives 2066 * no beacon with the preferred BSSID and SSID in the number of 2067 * beacon intervals given in ATW_BPLI, then it raises ATW_INTR_LINKOFF. 2068 */ 2069 static void 2070 atw_write_bssid(struct atw_softc *sc) 2071 { 2072 struct ieee80211com *ic = &sc->sc_ic; 2073 u_int8_t *bssid; 2074 2075 bssid = ic->ic_bss->ni_bssid; 2076 2077 ATW_WRITE(sc, ATW_BSSID0, 2078 __SHIFTIN(bssid[0], ATW_BSSID0_BSSIDB0_MASK) | 2079 __SHIFTIN(bssid[1], ATW_BSSID0_BSSIDB1_MASK) | 2080 __SHIFTIN(bssid[2], ATW_BSSID0_BSSIDB2_MASK) | 2081 __SHIFTIN(bssid[3], ATW_BSSID0_BSSIDB3_MASK)); 2082 2083 ATW_WRITE(sc, ATW_ABDA1, 2084 (ATW_READ(sc, ATW_ABDA1) & 2085 ~(ATW_ABDA1_BSSIDB4_MASK|ATW_ABDA1_BSSIDB5_MASK)) | 2086 __SHIFTIN(bssid[4], ATW_ABDA1_BSSIDB4_MASK) | 2087 __SHIFTIN(bssid[5], ATW_ABDA1_BSSIDB5_MASK)); 2088 2089 DPRINTF(sc, ("%s: BSSID %s -> ", device_xname(sc->sc_dev), 2090 ether_sprintf(sc->sc_bssid))); 2091 DPRINTF(sc, ("%s\n", ether_sprintf(bssid))); 2092 2093 memcpy(sc->sc_bssid, bssid, sizeof(sc->sc_bssid)); 2094 } 2095 2096 /* Write buflen bytes from buf to SRAM starting at the SRAM's ofs'th 2097 * 16-bit word. 2098 */ 2099 static void 2100 atw_write_sram(struct atw_softc *sc, u_int ofs, u_int8_t *buf, u_int buflen) 2101 { 2102 u_int i; 2103 u_int8_t *ptr; 2104 2105 memcpy(&sc->sc_sram[ofs], buf, buflen); 2106 2107 KASSERT(ofs % 2 == 0 && buflen % 2 == 0); 2108 2109 KASSERT(buflen + ofs <= sc->sc_sramlen); 2110 2111 ptr = &sc->sc_sram[ofs]; 2112 2113 for (i = 0; i < buflen; i += 2) { 2114 ATW_WRITE(sc, ATW_WEPCTL, ATW_WEPCTL_WR | 2115 __SHIFTIN((ofs + i) / 2, ATW_WEPCTL_TBLADD_MASK)); 2116 DELAY(atw_writewep_delay); 2117 2118 ATW_WRITE(sc, ATW_WESK, 2119 __SHIFTIN((ptr[i + 1] << 8) | ptr[i], ATW_WESK_DATA_MASK)); 2120 DELAY(atw_writewep_delay); 2121 } 2122 ATW_WRITE(sc, ATW_WEPCTL, sc->sc_wepctl); /* restore WEP condition */ 2123 2124 if (sc->sc_if.if_flags & IFF_DEBUG) { 2125 int n_octets = 0; 2126 printf("%s: wrote %d bytes at 0x%x wepctl 0x%08x\n", 2127 device_xname(sc->sc_dev), buflen, ofs, sc->sc_wepctl); 2128 for (i = 0; i < buflen; i++) { 2129 printf(" %02x", ptr[i]); 2130 if (++n_octets % 24 == 0) 2131 printf("\n"); 2132 } 2133 if (n_octets % 24 != 0) 2134 printf("\n"); 2135 } 2136 } 2137 2138 static int 2139 atw_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) 2140 { 2141 struct atw_softc *sc = ic->ic_ifp->if_softc; 2142 u_int keyix = k->wk_keyix; 2143 2144 DPRINTF(sc, ("%s: delete key %u\n", __func__, keyix)); 2145 2146 if (keyix >= IEEE80211_WEP_NKID) 2147 return 0; 2148 if (k->wk_keylen != 0) 2149 sc->sc_flags &= ~ATWF_WEP_SRAM_VALID; 2150 2151 return 1; 2152 } 2153 2154 static int 2155 atw_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, 2156 const u_int8_t mac[IEEE80211_ADDR_LEN]) 2157 { 2158 struct atw_softc *sc = ic->ic_ifp->if_softc; 2159 2160 DPRINTF(sc, ("%s: set key %u\n", __func__, k->wk_keyix)); 2161 2162 if (k->wk_keyix >= IEEE80211_WEP_NKID) 2163 return 0; 2164 2165 sc->sc_flags &= ~ATWF_WEP_SRAM_VALID; 2166 2167 return 1; 2168 } 2169 2170 static void 2171 atw_key_update_begin(struct ieee80211com *ic) 2172 { 2173 #ifdef ATW_DEBUG 2174 struct ifnet *ifp = ic->ic_ifp; 2175 struct atw_softc *sc = ifp->if_softc; 2176 #endif 2177 2178 DPRINTF(sc, ("%s:\n", __func__)); 2179 } 2180 2181 static void 2182 atw_key_update_end(struct ieee80211com *ic) 2183 { 2184 struct ifnet *ifp = ic->ic_ifp; 2185 struct atw_softc *sc = ifp->if_softc; 2186 2187 DPRINTF(sc, ("%s:\n", __func__)); 2188 2189 if ((sc->sc_flags & ATWF_WEP_SRAM_VALID) != 0) 2190 return; 2191 if (ATW_IS_ENABLED(sc) == 0) 2192 return; 2193 atw_idle(sc, ATW_NAR_SR | ATW_NAR_ST); 2194 atw_write_wep(sc); 2195 ATW_WRITE(sc, ATW_NAR, sc->sc_opmode); 2196 DELAY(atw_nar_delay); 2197 ATW_WRITE(sc, ATW_RDR, 0x1); 2198 } 2199 2200 /* Write WEP keys from the ieee80211com to the ADM8211's SRAM. */ 2201 static void 2202 atw_write_wep(struct atw_softc *sc) 2203 { 2204 #if 0 2205 struct ieee80211com *ic = &sc->sc_ic; 2206 u_int32_t reg; 2207 int i; 2208 #endif 2209 /* SRAM shared-key record format: key0 flags key1 ... key12 */ 2210 u_int8_t buf[IEEE80211_WEP_NKID] 2211 [1 /* key[0] */ + 1 /* flags */ + 12 /* key[1 .. 12] */]; 2212 2213 sc->sc_wepctl = 0; 2214 ATW_WRITE(sc, ATW_WEPCTL, sc->sc_wepctl); 2215 2216 memset(&buf[0][0], 0, sizeof(buf)); 2217 2218 #if 0 2219 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 2220 if (ic->ic_nw_keys[i].wk_keylen > 5) { 2221 buf[i][1] = ATW_WEP_ENABLED | ATW_WEP_104BIT; 2222 } else if (ic->ic_nw_keys[i].wk_keylen != 0) { 2223 buf[i][1] = ATW_WEP_ENABLED; 2224 } else { 2225 buf[i][1] = 0; 2226 continue; 2227 } 2228 buf[i][0] = ic->ic_nw_keys[i].wk_key[0]; 2229 memcpy(&buf[i][2], &ic->ic_nw_keys[i].wk_key[1], 2230 ic->ic_nw_keys[i].wk_keylen - 1); 2231 } 2232 2233 reg = ATW_READ(sc, ATW_MACTEST); 2234 reg |= ATW_MACTEST_MMI_USETXCLK | ATW_MACTEST_FORCE_KEYID; 2235 reg &= ~ATW_MACTEST_KEYID_MASK; 2236 reg |= __SHIFTIN(ic->ic_def_txkey, ATW_MACTEST_KEYID_MASK); 2237 ATW_WRITE(sc, ATW_MACTEST, reg); 2238 2239 if ((ic->ic_flags & IEEE80211_F_PRIVACY) != 0) 2240 sc->sc_wepctl |= ATW_WEPCTL_WEPENABLE; 2241 2242 switch (sc->sc_rev) { 2243 case ATW_REVISION_AB: 2244 case ATW_REVISION_AF: 2245 /* Bypass WEP on Rx. */ 2246 sc->sc_wepctl |= ATW_WEPCTL_WEPRXBYP; 2247 break; 2248 default: 2249 break; 2250 } 2251 #endif 2252 2253 atw_write_sram(sc, ATW_SRAM_ADDR_SHARED_KEY, (u_int8_t*)&buf[0][0], 2254 sizeof(buf)); 2255 2256 sc->sc_flags |= ATWF_WEP_SRAM_VALID; 2257 } 2258 2259 static void 2260 atw_recv_mgmt(struct ieee80211com *ic, struct mbuf *m, 2261 struct ieee80211_node *ni, int subtype, int rssi, u_int32_t rstamp) 2262 { 2263 struct atw_softc *sc = (struct atw_softc *)ic->ic_ifp->if_softc; 2264 2265 /* The ADM8211A answers probe requests. TBD ADM8211B/C. */ 2266 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_REQ) 2267 return; 2268 2269 (*sc->sc_recv_mgmt)(ic, m, ni, subtype, rssi, rstamp); 2270 2271 switch (subtype) { 2272 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 2273 case IEEE80211_FC0_SUBTYPE_BEACON: 2274 if (ic->ic_opmode == IEEE80211_M_IBSS && 2275 ic->ic_state == IEEE80211_S_RUN) { 2276 if (le64toh(ni->ni_tstamp.tsf) >= atw_get_tsft(sc)) 2277 (void)ieee80211_ibss_merge(ni); 2278 } 2279 break; 2280 default: 2281 break; 2282 } 2283 return; 2284 } 2285 2286 /* Write the SSID in the ieee80211com to the SRAM on the ADM8211. 2287 * In ad hoc mode, the SSID is written to the beacons sent by the 2288 * ADM8211. In both ad hoc and infrastructure mode, beacons received 2289 * with matching SSID affect ATW_INTR_LINKON/ATW_INTR_LINKOFF 2290 * indications. 2291 */ 2292 static void 2293 atw_write_ssid(struct atw_softc *sc) 2294 { 2295 struct ieee80211com *ic = &sc->sc_ic; 2296 /* 34 bytes are reserved in ADM8211 SRAM for the SSID, but 2297 * it only expects the element length, not its ID. 2298 */ 2299 u_int8_t buf[roundup(1 /* length */ + IEEE80211_NWID_LEN, 2)]; 2300 2301 memset(buf, 0, sizeof(buf)); 2302 buf[0] = ic->ic_bss->ni_esslen; 2303 memcpy(&buf[1], ic->ic_bss->ni_essid, ic->ic_bss->ni_esslen); 2304 2305 atw_write_sram(sc, ATW_SRAM_ADDR_SSID, buf, 2306 roundup(1 + ic->ic_bss->ni_esslen, 2)); 2307 } 2308 2309 /* Write the supported rates in the ieee80211com to the SRAM of the ADM8211. 2310 * In ad hoc mode, the supported rates are written to beacons sent by the 2311 * ADM8211. 2312 */ 2313 static void 2314 atw_write_sup_rates(struct atw_softc *sc) 2315 { 2316 struct ieee80211com *ic = &sc->sc_ic; 2317 /* 14 bytes are probably (XXX) reserved in the ADM8211 SRAM for 2318 * supported rates 2319 */ 2320 u_int8_t buf[roundup(1 /* length */ + IEEE80211_RATE_SIZE, 2)]; 2321 2322 memset(buf, 0, sizeof(buf)); 2323 2324 buf[0] = ic->ic_bss->ni_rates.rs_nrates; 2325 2326 memcpy(&buf[1], ic->ic_bss->ni_rates.rs_rates, 2327 ic->ic_bss->ni_rates.rs_nrates); 2328 2329 atw_write_sram(sc, ATW_SRAM_ADDR_SUPRATES, buf, sizeof(buf)); 2330 } 2331 2332 /* Start/stop sending beacons. */ 2333 void 2334 atw_start_beacon(struct atw_softc *sc, int start) 2335 { 2336 struct ieee80211com *ic = &sc->sc_ic; 2337 uint16_t chan; 2338 uint32_t bcnt, bpli, cap0, cap1, capinfo; 2339 size_t len; 2340 2341 if (ATW_IS_ENABLED(sc) == 0) 2342 return; 2343 2344 /* start beacons */ 2345 len = sizeof(struct ieee80211_frame) + 2346 8 /* timestamp */ + 2 /* beacon interval */ + 2347 2 /* capability info */ + 2348 2 + ic->ic_bss->ni_esslen /* SSID element */ + 2349 2 + ic->ic_bss->ni_rates.rs_nrates /* rates element */ + 2350 3 /* DS parameters */ + 2351 IEEE80211_CRC_LEN; 2352 2353 bcnt = ATW_READ(sc, ATW_BCNT) & ~ATW_BCNT_BCNT_MASK; 2354 cap0 = ATW_READ(sc, ATW_CAP0) & ~ATW_CAP0_CHN_MASK; 2355 cap1 = ATW_READ(sc, ATW_CAP1) & ~ATW_CAP1_CAPI_MASK; 2356 2357 ATW_WRITE(sc, ATW_BCNT, bcnt); 2358 ATW_WRITE(sc, ATW_CAP1, cap1); 2359 2360 if (!start) 2361 return; 2362 2363 /* TBD use ni_capinfo */ 2364 2365 capinfo = 0; 2366 if (sc->sc_flags & ATWF_SHORT_PREAMBLE) 2367 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 2368 if (ic->ic_flags & IEEE80211_F_PRIVACY) 2369 capinfo |= IEEE80211_CAPINFO_PRIVACY; 2370 2371 switch (ic->ic_opmode) { 2372 case IEEE80211_M_IBSS: 2373 len += 4; /* IBSS parameters */ 2374 capinfo |= IEEE80211_CAPINFO_IBSS; 2375 break; 2376 case IEEE80211_M_HOSTAP: 2377 /* XXX 6-byte minimum TIM */ 2378 len += atw_beacon_len_adjust; 2379 capinfo |= IEEE80211_CAPINFO_ESS; 2380 break; 2381 default: 2382 return; 2383 } 2384 2385 /* set listen interval 2386 * XXX do software units agree w/ hardware? 2387 */ 2388 bpli = __SHIFTIN(ic->ic_bss->ni_intval, ATW_BPLI_BP_MASK) | 2389 __SHIFTIN(ic->ic_lintval / ic->ic_bss->ni_intval, ATW_BPLI_LI_MASK); 2390 2391 chan = ieee80211_chan2ieee(ic, ic->ic_curchan); 2392 2393 bcnt |= __SHIFTIN(len, ATW_BCNT_BCNT_MASK); 2394 cap0 |= __SHIFTIN(chan, ATW_CAP0_CHN_MASK); 2395 cap1 |= __SHIFTIN(capinfo, ATW_CAP1_CAPI_MASK); 2396 2397 ATW_WRITE(sc, ATW_BCNT, bcnt); 2398 ATW_WRITE(sc, ATW_BPLI, bpli); 2399 ATW_WRITE(sc, ATW_CAP0, cap0); 2400 ATW_WRITE(sc, ATW_CAP1, cap1); 2401 2402 DPRINTF(sc, ("%s: atw_start_beacon reg[ATW_BCNT] = %08x\n", 2403 device_xname(sc->sc_dev), bcnt)); 2404 2405 DPRINTF(sc, ("%s: atw_start_beacon reg[ATW_CAP1] = %08x\n", 2406 device_xname(sc->sc_dev), cap1)); 2407 } 2408 2409 /* Return the 32 lsb of the last TSFT divisible by ival. */ 2410 static inline uint32_t 2411 atw_last_even_tsft(uint32_t tsfth, uint32_t tsftl, uint32_t ival) 2412 { 2413 /* Following the reference driver's lead, I compute 2414 * 2415 * (uint32_t)((((uint64_t)tsfth << 32) | tsftl) % ival) 2416 * 2417 * without using 64-bit arithmetic, using the following 2418 * relationship: 2419 * 2420 * (0x100000000 * H + L) % m 2421 * = ((0x100000000 % m) * H + L) % m 2422 * = (((0xffffffff + 1) % m) * H + L) % m 2423 * = ((0xffffffff % m + 1 % m) * H + L) % m 2424 * = ((0xffffffff % m + 1) * H + L) % m 2425 */ 2426 return ((0xFFFFFFFF % ival + 1) * tsfth + tsftl) % ival; 2427 } 2428 2429 static uint64_t 2430 atw_get_tsft(struct atw_softc *sc) 2431 { 2432 int i; 2433 uint32_t tsfth, tsftl; 2434 for (i = 0; i < 2; i++) { 2435 tsfth = ATW_READ(sc, ATW_TSFTH); 2436 tsftl = ATW_READ(sc, ATW_TSFTL); 2437 if (ATW_READ(sc, ATW_TSFTH) == tsfth) 2438 break; 2439 } 2440 return ((uint64_t)tsfth << 32) | tsftl; 2441 } 2442 2443 /* If we've created an IBSS, write the TSF time in the ADM8211 to 2444 * the ieee80211com. 2445 * 2446 * Predict the next target beacon transmission time (TBTT) and 2447 * write it to the ADM8211. 2448 */ 2449 static void 2450 atw_predict_beacon(struct atw_softc *sc) 2451 { 2452 #define TBTTOFS 20 /* TU */ 2453 2454 struct ieee80211com *ic = &sc->sc_ic; 2455 uint64_t tsft; 2456 uint32_t ival, past_even, tbtt, tsfth, tsftl; 2457 union { 2458 uint64_t word; 2459 uint8_t tstamp[8]; 2460 } u; 2461 2462 if ((ic->ic_opmode == IEEE80211_M_HOSTAP) || 2463 ((ic->ic_opmode == IEEE80211_M_IBSS) && 2464 (ic->ic_flags & IEEE80211_F_SIBSS))) { 2465 tsft = atw_get_tsft(sc); 2466 u.word = htole64(tsft); 2467 (void)memcpy(&ic->ic_bss->ni_tstamp, &u.tstamp[0], 2468 sizeof(ic->ic_bss->ni_tstamp)); 2469 } else 2470 tsft = le64toh(ic->ic_bss->ni_tstamp.tsf); 2471 2472 ival = ic->ic_bss->ni_intval * IEEE80211_DUR_TU; 2473 2474 tsftl = tsft & 0xFFFFFFFF; 2475 tsfth = tsft >> 32; 2476 2477 /* We sent/received the last beacon `past' microseconds 2478 * after the interval divided the TSF timer. 2479 */ 2480 past_even = tsftl - atw_last_even_tsft(tsfth, tsftl, ival); 2481 2482 /* Skip ten beacons so that the TBTT cannot pass before 2483 * we've programmed it. Ten is an arbitrary number. 2484 */ 2485 tbtt = past_even + ival * 10; 2486 2487 ATW_WRITE(sc, ATW_TOFS1, 2488 __SHIFTIN(1, ATW_TOFS1_TSFTOFSR_MASK) | 2489 __SHIFTIN(TBTTOFS, ATW_TOFS1_TBTTOFS_MASK) | 2490 __SHIFTIN(__SHIFTOUT(tbtt - TBTTOFS * IEEE80211_DUR_TU, 2491 ATW_TBTTPRE_MASK), ATW_TOFS1_TBTTPRE_MASK)); 2492 #undef TBTTOFS 2493 } 2494 2495 static void 2496 atw_next_scan(void *arg) 2497 { 2498 struct atw_softc *sc = arg; 2499 struct ieee80211com *ic = &sc->sc_ic; 2500 int s; 2501 2502 /* don't call atw_start w/o network interrupts blocked */ 2503 s = splnet(); 2504 if (ic->ic_state == IEEE80211_S_SCAN) 2505 ieee80211_next_scan(ic); 2506 splx(s); 2507 } 2508 2509 /* Synchronize the hardware state with the software state. */ 2510 static int 2511 atw_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 2512 { 2513 struct ifnet *ifp = ic->ic_ifp; 2514 struct atw_softc *sc = ifp->if_softc; 2515 enum ieee80211_state ostate; 2516 int error = 0; 2517 2518 ostate = ic->ic_state; 2519 callout_stop(&sc->sc_scan_ch); 2520 2521 switch (nstate) { 2522 case IEEE80211_S_AUTH: 2523 case IEEE80211_S_ASSOC: 2524 atw_write_bssid(sc); 2525 error = atw_tune(sc); 2526 break; 2527 case IEEE80211_S_INIT: 2528 callout_stop(&sc->sc_scan_ch); 2529 sc->sc_cur_chan = IEEE80211_CHAN_ANY; 2530 atw_start_beacon(sc, 0); 2531 break; 2532 case IEEE80211_S_SCAN: 2533 error = atw_tune(sc); 2534 callout_reset(&sc->sc_scan_ch, atw_dwelltime * hz / 1000, 2535 atw_next_scan, sc); 2536 break; 2537 case IEEE80211_S_RUN: 2538 error = atw_tune(sc); 2539 atw_write_bssid(sc); 2540 atw_write_ssid(sc); 2541 atw_write_sup_rates(sc); 2542 2543 if (ic->ic_opmode == IEEE80211_M_AHDEMO || 2544 ic->ic_opmode == IEEE80211_M_MONITOR) 2545 break; 2546 2547 /* set listen interval 2548 * XXX do software units agree w/ hardware? 2549 */ 2550 ATW_WRITE(sc, ATW_BPLI, 2551 __SHIFTIN(ic->ic_bss->ni_intval, ATW_BPLI_BP_MASK) | 2552 __SHIFTIN(ic->ic_lintval / ic->ic_bss->ni_intval, 2553 ATW_BPLI_LI_MASK)); 2554 2555 DPRINTF(sc, ("%s: reg[ATW_BPLI] = %08x\n", device_xname(sc->sc_dev), 2556 ATW_READ(sc, ATW_BPLI))); 2557 2558 atw_predict_beacon(sc); 2559 2560 switch (ic->ic_opmode) { 2561 case IEEE80211_M_AHDEMO: 2562 case IEEE80211_M_HOSTAP: 2563 case IEEE80211_M_IBSS: 2564 atw_start_beacon(sc, 1); 2565 break; 2566 case IEEE80211_M_MONITOR: 2567 case IEEE80211_M_STA: 2568 break; 2569 } 2570 2571 break; 2572 } 2573 return (error != 0) ? error : (*sc->sc_newstate)(ic, nstate, arg); 2574 } 2575 2576 /* 2577 * atw_add_rxbuf: 2578 * 2579 * Add a receive buffer to the indicated descriptor. 2580 */ 2581 int 2582 atw_add_rxbuf(struct atw_softc *sc, int idx) 2583 { 2584 struct atw_rxsoft *rxs = &sc->sc_rxsoft[idx]; 2585 struct mbuf *m; 2586 int error; 2587 2588 MGETHDR(m, M_DONTWAIT, MT_DATA); 2589 if (m == NULL) 2590 return (ENOBUFS); 2591 2592 MCLGET(m, M_DONTWAIT); 2593 if ((m->m_flags & M_EXT) == 0) { 2594 m_freem(m); 2595 return (ENOBUFS); 2596 } 2597 2598 if (rxs->rxs_mbuf != NULL) 2599 bus_dmamap_unload(sc->sc_dmat, rxs->rxs_dmamap); 2600 2601 rxs->rxs_mbuf = m; 2602 2603 error = bus_dmamap_load(sc->sc_dmat, rxs->rxs_dmamap, 2604 m->m_ext.ext_buf, m->m_ext.ext_size, NULL, 2605 BUS_DMA_READ|BUS_DMA_NOWAIT); 2606 if (error) { 2607 aprint_error_dev(sc->sc_dev, "can't load rx DMA map %d, error = %d\n", 2608 idx, error); 2609 panic("atw_add_rxbuf"); /* XXX */ 2610 } 2611 2612 bus_dmamap_sync(sc->sc_dmat, rxs->rxs_dmamap, 0, 2613 rxs->rxs_dmamap->dm_mapsize, BUS_DMASYNC_PREREAD); 2614 2615 atw_init_rxdesc(sc, idx); 2616 2617 return (0); 2618 } 2619 2620 /* 2621 * Release any queued transmit buffers. 2622 */ 2623 void 2624 atw_txdrain(struct atw_softc *sc) 2625 { 2626 struct atw_txsoft *txs; 2627 2628 while ((txs = SIMPLEQ_FIRST(&sc->sc_txdirtyq)) != NULL) { 2629 SIMPLEQ_REMOVE_HEAD(&sc->sc_txdirtyq, txs_q); 2630 if (txs->txs_mbuf != NULL) { 2631 bus_dmamap_unload(sc->sc_dmat, txs->txs_dmamap); 2632 m_freem(txs->txs_mbuf); 2633 txs->txs_mbuf = NULL; 2634 } 2635 SIMPLEQ_INSERT_TAIL(&sc->sc_txfreeq, txs, txs_q); 2636 sc->sc_txfree += txs->txs_ndescs; 2637 } 2638 2639 KASSERT((sc->sc_if.if_flags & IFF_RUNNING) == 0 || 2640 !(SIMPLEQ_EMPTY(&sc->sc_txfreeq) || 2641 sc->sc_txfree != ATW_NTXDESC)); 2642 sc->sc_if.if_flags &= ~IFF_OACTIVE; 2643 sc->sc_tx_timer = 0; 2644 } 2645 2646 /* 2647 * atw_stop: [ ifnet interface function ] 2648 * 2649 * Stop transmission on the interface. 2650 */ 2651 void 2652 atw_stop(struct ifnet *ifp, int disable) 2653 { 2654 struct atw_softc *sc = ifp->if_softc; 2655 struct ieee80211com *ic = &sc->sc_ic; 2656 2657 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 2658 2659 /* Disable interrupts. */ 2660 ATW_WRITE(sc, ATW_IER, 0); 2661 2662 /* Stop the transmit and receive processes. */ 2663 sc->sc_opmode = 0; 2664 ATW_WRITE(sc, ATW_NAR, 0); 2665 DELAY(atw_nar_delay); 2666 ATW_WRITE(sc, ATW_TDBD, 0); 2667 ATW_WRITE(sc, ATW_TDBP, 0); 2668 ATW_WRITE(sc, ATW_RDB, 0); 2669 2670 atw_txdrain(sc); 2671 2672 /* 2673 * Mark the interface down and cancel the watchdog timer. 2674 */ 2675 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 2676 sc->sc_tx_timer = 0; 2677 ifp->if_timer = 0; 2678 2679 if (disable) { 2680 atw_rxdrain(sc); 2681 atw_disable(sc); 2682 } else 2683 atw_reset(sc); 2684 } 2685 2686 /* 2687 * atw_rxdrain: 2688 * 2689 * Drain the receive queue. 2690 */ 2691 void 2692 atw_rxdrain(struct atw_softc *sc) 2693 { 2694 struct atw_rxsoft *rxs; 2695 int i; 2696 2697 for (i = 0; i < ATW_NRXDESC; i++) { 2698 rxs = &sc->sc_rxsoft[i]; 2699 if (rxs->rxs_mbuf == NULL) 2700 continue; 2701 bus_dmamap_unload(sc->sc_dmat, rxs->rxs_dmamap); 2702 m_freem(rxs->rxs_mbuf); 2703 rxs->rxs_mbuf = NULL; 2704 } 2705 } 2706 2707 /* 2708 * atw_detach: 2709 * 2710 * Detach an ADM8211 interface. 2711 */ 2712 int 2713 atw_detach(struct atw_softc *sc) 2714 { 2715 struct ifnet *ifp = &sc->sc_if; 2716 struct atw_rxsoft *rxs; 2717 struct atw_txsoft *txs; 2718 int i; 2719 2720 /* 2721 * Succeed now if there isn't any work to do. 2722 */ 2723 if ((sc->sc_flags & ATWF_ATTACHED) == 0) 2724 return (0); 2725 2726 pmf_device_deregister(sc->sc_dev); 2727 2728 callout_stop(&sc->sc_scan_ch); 2729 2730 ieee80211_ifdetach(&sc->sc_ic); 2731 if_detach(ifp); 2732 2733 for (i = 0; i < ATW_NRXDESC; i++) { 2734 rxs = &sc->sc_rxsoft[i]; 2735 if (rxs->rxs_mbuf != NULL) { 2736 bus_dmamap_unload(sc->sc_dmat, rxs->rxs_dmamap); 2737 m_freem(rxs->rxs_mbuf); 2738 rxs->rxs_mbuf = NULL; 2739 } 2740 bus_dmamap_destroy(sc->sc_dmat, rxs->rxs_dmamap); 2741 } 2742 for (i = 0; i < ATW_TXQUEUELEN; i++) { 2743 txs = &sc->sc_txsoft[i]; 2744 if (txs->txs_mbuf != NULL) { 2745 bus_dmamap_unload(sc->sc_dmat, txs->txs_dmamap); 2746 m_freem(txs->txs_mbuf); 2747 txs->txs_mbuf = NULL; 2748 } 2749 bus_dmamap_destroy(sc->sc_dmat, txs->txs_dmamap); 2750 } 2751 bus_dmamap_unload(sc->sc_dmat, sc->sc_cddmamap); 2752 bus_dmamap_destroy(sc->sc_dmat, sc->sc_cddmamap); 2753 bus_dmamem_unmap(sc->sc_dmat, (void *)sc->sc_control_data, 2754 sizeof(struct atw_control_data)); 2755 bus_dmamem_free(sc->sc_dmat, &sc->sc_cdseg, sc->sc_cdnseg); 2756 2757 if (sc->sc_srom) 2758 free(sc->sc_srom, M_DEVBUF); 2759 2760 atw_evcnt_detach(sc); 2761 2762 return (0); 2763 } 2764 2765 /* atw_shutdown: make sure the interface is stopped at reboot time. */ 2766 bool 2767 atw_shutdown(device_t self, int flags) 2768 { 2769 struct atw_softc *sc = device_private(self); 2770 2771 atw_stop(&sc->sc_if, 1); 2772 return true; 2773 } 2774 2775 int 2776 atw_intr(void *arg) 2777 { 2778 struct atw_softc *sc = arg; 2779 struct ifnet *ifp = &sc->sc_if; 2780 u_int32_t status, rxstatus, txstatus, linkstatus; 2781 int handled = 0, txthresh; 2782 2783 #ifdef DEBUG 2784 if (ATW_IS_ENABLED(sc) == 0) 2785 panic("%s: atw_intr: not enabled", device_xname(sc->sc_dev)); 2786 #endif 2787 2788 /* 2789 * If the interface isn't running, the interrupt couldn't 2790 * possibly have come from us. 2791 */ 2792 if ((ifp->if_flags & IFF_RUNNING) == 0 || 2793 !device_is_active(sc->sc_dev)) 2794 return (0); 2795 2796 for (;;) { 2797 status = ATW_READ(sc, ATW_STSR); 2798 2799 if (status) 2800 ATW_WRITE(sc, ATW_STSR, status); 2801 2802 #ifdef ATW_DEBUG 2803 #define PRINTINTR(flag) do { \ 2804 if ((status & flag) != 0) { \ 2805 printf("%s" #flag, delim); \ 2806 delim = ","; \ 2807 } \ 2808 } while (0) 2809 2810 if (atw_debug > 1 && status) { 2811 const char *delim = "<"; 2812 2813 printf("%s: reg[STSR] = %x", 2814 device_xname(sc->sc_dev), status); 2815 2816 PRINTINTR(ATW_INTR_FBE); 2817 PRINTINTR(ATW_INTR_LINKOFF); 2818 PRINTINTR(ATW_INTR_LINKON); 2819 PRINTINTR(ATW_INTR_RCI); 2820 PRINTINTR(ATW_INTR_RDU); 2821 PRINTINTR(ATW_INTR_REIS); 2822 PRINTINTR(ATW_INTR_RPS); 2823 PRINTINTR(ATW_INTR_TCI); 2824 PRINTINTR(ATW_INTR_TDU); 2825 PRINTINTR(ATW_INTR_TLT); 2826 PRINTINTR(ATW_INTR_TPS); 2827 PRINTINTR(ATW_INTR_TRT); 2828 PRINTINTR(ATW_INTR_TUF); 2829 PRINTINTR(ATW_INTR_BCNTC); 2830 PRINTINTR(ATW_INTR_ATIME); 2831 PRINTINTR(ATW_INTR_TBTT); 2832 PRINTINTR(ATW_INTR_TSCZ); 2833 PRINTINTR(ATW_INTR_TSFTF); 2834 printf(">\n"); 2835 } 2836 #undef PRINTINTR 2837 #endif /* ATW_DEBUG */ 2838 2839 if ((status & sc->sc_inten) == 0) 2840 break; 2841 2842 handled = 1; 2843 2844 rxstatus = status & sc->sc_rxint_mask; 2845 txstatus = status & sc->sc_txint_mask; 2846 linkstatus = status & sc->sc_linkint_mask; 2847 2848 if (linkstatus) { 2849 atw_linkintr(sc, linkstatus); 2850 } 2851 2852 if (rxstatus) { 2853 /* Grab any new packets. */ 2854 atw_rxintr(sc); 2855 2856 if (rxstatus & ATW_INTR_RDU) { 2857 printf("%s: receive ring overrun\n", 2858 device_xname(sc->sc_dev)); 2859 /* Get the receive process going again. */ 2860 ATW_WRITE(sc, ATW_RDR, 0x1); 2861 break; 2862 } 2863 } 2864 2865 if (txstatus) { 2866 /* Sweep up transmit descriptors. */ 2867 atw_txintr(sc); 2868 2869 if (txstatus & ATW_INTR_TLT) { 2870 DPRINTF(sc, ("%s: tx lifetime exceeded\n", 2871 device_xname(sc->sc_dev))); 2872 } 2873 2874 if (txstatus & ATW_INTR_TRT) { 2875 DPRINTF(sc, ("%s: tx retry limit exceeded\n", 2876 device_xname(sc->sc_dev))); 2877 } 2878 2879 /* If Tx under-run, increase our transmit threshold 2880 * if another is available. 2881 */ 2882 txthresh = sc->sc_txthresh + 1; 2883 if ((txstatus & ATW_INTR_TUF) && 2884 sc->sc_txth[txthresh].txth_name != NULL) { 2885 /* Idle the transmit process. */ 2886 atw_idle(sc, ATW_NAR_ST); 2887 2888 sc->sc_txthresh = txthresh; 2889 sc->sc_opmode &= ~(ATW_NAR_TR_MASK|ATW_NAR_SF); 2890 sc->sc_opmode |= 2891 sc->sc_txth[txthresh].txth_opmode; 2892 printf("%s: transmit underrun; new " 2893 "threshold: %s\n", device_xname(sc->sc_dev), 2894 sc->sc_txth[txthresh].txth_name); 2895 2896 /* Set the new threshold and restart 2897 * the transmit process. 2898 */ 2899 ATW_WRITE(sc, ATW_NAR, sc->sc_opmode); 2900 DELAY(atw_nar_delay); 2901 ATW_WRITE(sc, ATW_RDR, 0x1); 2902 /* XXX Log every Nth underrun from 2903 * XXX now on? 2904 */ 2905 } 2906 } 2907 2908 if (status & (ATW_INTR_TPS|ATW_INTR_RPS)) { 2909 if (status & ATW_INTR_TPS) 2910 printf("%s: transmit process stopped\n", 2911 device_xname(sc->sc_dev)); 2912 if (status & ATW_INTR_RPS) 2913 printf("%s: receive process stopped\n", 2914 device_xname(sc->sc_dev)); 2915 (void)atw_init(ifp); 2916 break; 2917 } 2918 2919 if (status & ATW_INTR_FBE) { 2920 aprint_error_dev(sc->sc_dev, "fatal bus error\n"); 2921 (void)atw_init(ifp); 2922 break; 2923 } 2924 2925 /* 2926 * Not handled: 2927 * 2928 * Transmit buffer unavailable -- normal 2929 * condition, nothing to do, really. 2930 * 2931 * Early receive interrupt -- not available on 2932 * all chips, we just use RI. We also only 2933 * use single-segment receive DMA, so this 2934 * is mostly useless. 2935 * 2936 * TBD others 2937 */ 2938 } 2939 2940 /* Try to get more packets going. */ 2941 atw_start(ifp); 2942 2943 return (handled); 2944 } 2945 2946 /* 2947 * atw_idle: 2948 * 2949 * Cause the transmit and/or receive processes to go idle. 2950 * 2951 * XXX It seems that the ADM8211 will not signal the end of the Rx/Tx 2952 * process in STSR if I clear SR or ST after the process has already 2953 * ceased. Fair enough. But the Rx process status bits in ATW_TEST0 2954 * do not seem to be too reliable. Perhaps I have the sense of the 2955 * Rx bits switched with the Tx bits? 2956 */ 2957 void 2958 atw_idle(struct atw_softc *sc, u_int32_t bits) 2959 { 2960 u_int32_t ackmask = 0, opmode, stsr, test0; 2961 int i, s; 2962 2963 s = splnet(); 2964 2965 opmode = sc->sc_opmode & ~bits; 2966 2967 if (bits & ATW_NAR_SR) 2968 ackmask |= ATW_INTR_RPS; 2969 2970 if (bits & ATW_NAR_ST) { 2971 ackmask |= ATW_INTR_TPS; 2972 /* set ATW_NAR_HF to flush TX FIFO. */ 2973 opmode |= ATW_NAR_HF; 2974 } 2975 2976 ATW_WRITE(sc, ATW_NAR, opmode); 2977 DELAY(atw_nar_delay); 2978 2979 for (i = 0; i < 1000; i++) { 2980 stsr = ATW_READ(sc, ATW_STSR); 2981 if ((stsr & ackmask) == ackmask) 2982 break; 2983 DELAY(10); 2984 } 2985 2986 ATW_WRITE(sc, ATW_STSR, stsr & ackmask); 2987 2988 if ((stsr & ackmask) == ackmask) 2989 goto out; 2990 2991 test0 = ATW_READ(sc, ATW_TEST0); 2992 2993 if ((bits & ATW_NAR_ST) != 0 && (stsr & ATW_INTR_TPS) == 0 && 2994 (test0 & ATW_TEST0_TS_MASK) != ATW_TEST0_TS_STOPPED) { 2995 printf("%s: transmit process not idle [%s]\n", 2996 device_xname(sc->sc_dev), 2997 atw_tx_state[__SHIFTOUT(test0, ATW_TEST0_TS_MASK)]); 2998 printf("%s: bits %08x test0 %08x stsr %08x\n", 2999 device_xname(sc->sc_dev), bits, test0, stsr); 3000 } 3001 3002 if ((bits & ATW_NAR_SR) != 0 && (stsr & ATW_INTR_RPS) == 0 && 3003 (test0 & ATW_TEST0_RS_MASK) != ATW_TEST0_RS_STOPPED) { 3004 DPRINTF2(sc, ("%s: receive process not idle [%s]\n", 3005 device_xname(sc->sc_dev), 3006 atw_rx_state[__SHIFTOUT(test0, ATW_TEST0_RS_MASK)])); 3007 DPRINTF2(sc, ("%s: bits %08x test0 %08x stsr %08x\n", 3008 device_xname(sc->sc_dev), bits, test0, stsr)); 3009 } 3010 out: 3011 if ((bits & ATW_NAR_ST) != 0) 3012 atw_txdrain(sc); 3013 splx(s); 3014 return; 3015 } 3016 3017 /* 3018 * atw_linkintr: 3019 * 3020 * Helper; handle link-status interrupts. 3021 */ 3022 void 3023 atw_linkintr(struct atw_softc *sc, u_int32_t linkstatus) 3024 { 3025 struct ieee80211com *ic = &sc->sc_ic; 3026 3027 if (ic->ic_state != IEEE80211_S_RUN) 3028 return; 3029 3030 if (linkstatus & ATW_INTR_LINKON) { 3031 DPRINTF(sc, ("%s: link on\n", device_xname(sc->sc_dev))); 3032 sc->sc_rescan_timer = 0; 3033 } else if (linkstatus & ATW_INTR_LINKOFF) { 3034 DPRINTF(sc, ("%s: link off\n", device_xname(sc->sc_dev))); 3035 if (ic->ic_opmode != IEEE80211_M_STA) 3036 return; 3037 sc->sc_rescan_timer = 3; 3038 sc->sc_if.if_timer = 1; 3039 } 3040 } 3041 3042 static inline int 3043 atw_hw_decrypted(struct atw_softc *sc, struct ieee80211_frame_min *wh) 3044 { 3045 if ((sc->sc_ic.ic_flags & IEEE80211_F_PRIVACY) == 0) 3046 return 0; 3047 if ((wh->i_fc[1] & IEEE80211_FC1_WEP) == 0) 3048 return 0; 3049 return (sc->sc_wepctl & ATW_WEPCTL_WEPRXBYP) == 0; 3050 } 3051 3052 /* 3053 * atw_rxintr: 3054 * 3055 * Helper; handle receive interrupts. 3056 */ 3057 void 3058 atw_rxintr(struct atw_softc *sc) 3059 { 3060 static int rate_tbl[] = {2, 4, 11, 22, 44}; 3061 struct ieee80211com *ic = &sc->sc_ic; 3062 struct ieee80211_node *ni; 3063 struct ieee80211_frame_min *wh; 3064 struct ifnet *ifp = &sc->sc_if; 3065 struct atw_rxsoft *rxs; 3066 struct mbuf *m; 3067 u_int32_t rxstat; 3068 int i, len, rate, rate0; 3069 u_int32_t rssi, ctlrssi; 3070 3071 for (i = sc->sc_rxptr;; i = ATW_NEXTRX(i)) { 3072 rxs = &sc->sc_rxsoft[i]; 3073 3074 ATW_CDRXSYNC(sc, i, BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); 3075 3076 rxstat = le32toh(sc->sc_rxdescs[i].ar_stat); 3077 ctlrssi = le32toh(sc->sc_rxdescs[i].ar_ctlrssi); 3078 rate0 = __SHIFTOUT(rxstat, ATW_RXSTAT_RXDR_MASK); 3079 3080 if (rxstat & ATW_RXSTAT_OWN) 3081 break; /* We have processed all receive buffers. */ 3082 3083 DPRINTF3(sc, 3084 ("%s: rx stat %08x ctlrssi %08x buf1 %08x buf2 %08x\n", 3085 device_xname(sc->sc_dev), 3086 rxstat, ctlrssi, 3087 le32toh(sc->sc_rxdescs[i].ar_buf1), 3088 le32toh(sc->sc_rxdescs[i].ar_buf2))); 3089 3090 /* 3091 * Make sure the packet fits in one buffer. This should 3092 * always be the case. 3093 */ 3094 if ((rxstat & (ATW_RXSTAT_FS|ATW_RXSTAT_LS)) != 3095 (ATW_RXSTAT_FS|ATW_RXSTAT_LS)) { 3096 printf("%s: incoming packet spilled, resetting\n", 3097 device_xname(sc->sc_dev)); 3098 (void)atw_init(ifp); 3099 return; 3100 } 3101 3102 /* 3103 * If an error occurred, update stats, clear the status 3104 * word, and leave the packet buffer in place. It will 3105 * simply be reused the next time the ring comes around. 3106 */ 3107 if ((rxstat & (ATW_RXSTAT_DE | ATW_RXSTAT_RXTOE)) != 0) { 3108 #define PRINTERR(bit, str) \ 3109 if (rxstat & (bit)) \ 3110 aprint_error_dev(sc->sc_dev, "receive error: %s\n", \ 3111 str) 3112 ifp->if_ierrors++; 3113 PRINTERR(ATW_RXSTAT_DE, "descriptor error"); 3114 PRINTERR(ATW_RXSTAT_RXTOE, "time-out"); 3115 #if 0 3116 PRINTERR(ATW_RXSTAT_SFDE, "PLCP SFD error"); 3117 PRINTERR(ATW_RXSTAT_SIGE, "PLCP signal error"); 3118 PRINTERR(ATW_RXSTAT_CRC16E, "PLCP CRC16 error"); 3119 PRINTERR(ATW_RXSTAT_ICVE, "WEP ICV error"); 3120 #endif 3121 #undef PRINTERR 3122 atw_init_rxdesc(sc, i); 3123 continue; 3124 } 3125 3126 bus_dmamap_sync(sc->sc_dmat, rxs->rxs_dmamap, 0, 3127 rxs->rxs_dmamap->dm_mapsize, BUS_DMASYNC_POSTREAD); 3128 3129 /* 3130 * No errors; receive the packet. Note the ADM8211 3131 * includes the CRC in promiscuous mode. 3132 */ 3133 len = __SHIFTOUT(rxstat, ATW_RXSTAT_FL_MASK); 3134 3135 /* 3136 * Allocate a new mbuf cluster. If that fails, we are 3137 * out of memory, and must drop the packet and recycle 3138 * the buffer that's already attached to this descriptor. 3139 */ 3140 m = rxs->rxs_mbuf; 3141 if (atw_add_rxbuf(sc, i) != 0) { 3142 ifp->if_ierrors++; 3143 bus_dmamap_sync(sc->sc_dmat, rxs->rxs_dmamap, 0, 3144 rxs->rxs_dmamap->dm_mapsize, BUS_DMASYNC_PREREAD); 3145 atw_init_rxdesc(sc, i); 3146 continue; 3147 } 3148 3149 ifp->if_ipackets++; 3150 m->m_pkthdr.rcvif = ifp; 3151 m->m_pkthdr.len = m->m_len = MIN(m->m_ext.ext_size, len); 3152 3153 rate = (rate0 < __arraycount(rate_tbl)) ? rate_tbl[rate0] : 0; 3154 3155 /* The RSSI comes straight from a register in the 3156 * baseband processor. I know that for the RF3000, 3157 * the RSSI register also contains the antenna-selection 3158 * bits. Mask those off. 3159 * 3160 * TBD Treat other basebands. 3161 * TBD Use short-preamble bit and such in RF3000_RXSTAT. 3162 */ 3163 if (sc->sc_bbptype == ATW_BBPTYPE_RFMD) 3164 rssi = ctlrssi & RF3000_RSSI_MASK; 3165 else 3166 rssi = ctlrssi; 3167 3168 #if NBPFILTER > 0 3169 /* Pass this up to any BPF listeners. */ 3170 if (sc->sc_radiobpf != NULL) { 3171 struct atw_rx_radiotap_header *tap = &sc->sc_rxtap; 3172 3173 tap->ar_rate = rate; 3174 3175 /* TBD verify units are dB */ 3176 tap->ar_antsignal = (int)rssi; 3177 if (sc->sc_opmode & ATW_NAR_PR) 3178 tap->ar_flags = IEEE80211_RADIOTAP_F_FCS; 3179 else 3180 tap->ar_flags = 0; 3181 3182 if ((rxstat & ATW_RXSTAT_CRC32E) != 0) 3183 tap->ar_flags |= IEEE80211_RADIOTAP_F_BADFCS; 3184 3185 bpf_mtap2(sc->sc_radiobpf, tap, 3186 sizeof(sc->sc_rxtapu), m); 3187 } 3188 #endif /* NBPFILTER > 0 */ 3189 3190 sc->sc_recv_ev.ev_count++; 3191 3192 if ((rxstat & (ATW_RXSTAT_CRC16E|ATW_RXSTAT_CRC32E|ATW_RXSTAT_ICVE|ATW_RXSTAT_SFDE|ATW_RXSTAT_SIGE)) != 0) { 3193 if (rxstat & ATW_RXSTAT_CRC16E) 3194 sc->sc_crc16e_ev.ev_count++; 3195 if (rxstat & ATW_RXSTAT_CRC32E) 3196 sc->sc_crc32e_ev.ev_count++; 3197 if (rxstat & ATW_RXSTAT_ICVE) 3198 sc->sc_icve_ev.ev_count++; 3199 if (rxstat & ATW_RXSTAT_SFDE) 3200 sc->sc_sfde_ev.ev_count++; 3201 if (rxstat & ATW_RXSTAT_SIGE) 3202 sc->sc_sige_ev.ev_count++; 3203 ifp->if_ierrors++; 3204 m_freem(m); 3205 continue; 3206 } 3207 3208 if (sc->sc_opmode & ATW_NAR_PR) 3209 m_adj(m, -IEEE80211_CRC_LEN); 3210 3211 wh = mtod(m, struct ieee80211_frame_min *); 3212 ni = ieee80211_find_rxnode(ic, wh); 3213 #if 0 3214 if (atw_hw_decrypted(sc, wh)) { 3215 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 3216 DPRINTF(sc, ("%s: hw decrypted\n", __func__)); 3217 } 3218 #endif 3219 ieee80211_input(ic, m, ni, (int)rssi, 0); 3220 ieee80211_free_node(ni); 3221 } 3222 3223 /* Update the receive pointer. */ 3224 sc->sc_rxptr = i; 3225 } 3226 3227 /* 3228 * atw_txintr: 3229 * 3230 * Helper; handle transmit interrupts. 3231 */ 3232 void 3233 atw_txintr(struct atw_softc *sc) 3234 { 3235 static char txstat_buf[sizeof("ffffffff<>" ATW_TXSTAT_FMT)]; 3236 struct ifnet *ifp = &sc->sc_if; 3237 struct atw_txsoft *txs; 3238 u_int32_t txstat; 3239 3240 DPRINTF3(sc, ("%s: atw_txintr: sc_flags 0x%08x\n", 3241 device_xname(sc->sc_dev), sc->sc_flags)); 3242 3243 /* 3244 * Go through our Tx list and free mbufs for those 3245 * frames that have been transmitted. 3246 */ 3247 while ((txs = SIMPLEQ_FIRST(&sc->sc_txdirtyq)) != NULL) { 3248 ATW_CDTXSYNC(sc, txs->txs_lastdesc, 1, 3249 BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); 3250 3251 #ifdef ATW_DEBUG 3252 if ((ifp->if_flags & IFF_DEBUG) != 0 && atw_debug > 2) { 3253 int i; 3254 printf(" txsoft %p transmit chain:\n", txs); 3255 ATW_CDTXSYNC(sc, txs->txs_firstdesc, 3256 txs->txs_ndescs - 1, 3257 BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); 3258 for (i = txs->txs_firstdesc;; i = ATW_NEXTTX(i)) { 3259 printf(" descriptor %d:\n", i); 3260 printf(" at_status: 0x%08x\n", 3261 le32toh(sc->sc_txdescs[i].at_stat)); 3262 printf(" at_flags: 0x%08x\n", 3263 le32toh(sc->sc_txdescs[i].at_flags)); 3264 printf(" at_buf1: 0x%08x\n", 3265 le32toh(sc->sc_txdescs[i].at_buf1)); 3266 printf(" at_buf2: 0x%08x\n", 3267 le32toh(sc->sc_txdescs[i].at_buf2)); 3268 if (i == txs->txs_lastdesc) 3269 break; 3270 } 3271 } 3272 #endif 3273 3274 txstat = le32toh(sc->sc_txdescs[txs->txs_lastdesc].at_stat); 3275 if (txstat & ATW_TXSTAT_OWN) 3276 break; 3277 3278 SIMPLEQ_REMOVE_HEAD(&sc->sc_txdirtyq, txs_q); 3279 3280 sc->sc_txfree += txs->txs_ndescs; 3281 3282 bus_dmamap_sync(sc->sc_dmat, txs->txs_dmamap, 3283 0, txs->txs_dmamap->dm_mapsize, 3284 BUS_DMASYNC_POSTWRITE); 3285 bus_dmamap_unload(sc->sc_dmat, txs->txs_dmamap); 3286 m_freem(txs->txs_mbuf); 3287 txs->txs_mbuf = NULL; 3288 3289 SIMPLEQ_INSERT_TAIL(&sc->sc_txfreeq, txs, txs_q); 3290 3291 KASSERT(!(SIMPLEQ_EMPTY(&sc->sc_txfreeq) || 3292 sc->sc_txfree == 0)); 3293 ifp->if_flags &= ~IFF_OACTIVE; 3294 3295 if ((ifp->if_flags & IFF_DEBUG) != 0 && 3296 (txstat & ATW_TXSTAT_ERRMASK) != 0) { 3297 snprintb(txstat_buf, sizeof(txstat_buf), 3298 ATW_TXSTAT_FMT, txstat & ATW_TXSTAT_ERRMASK); 3299 printf("%s: txstat %s %" __PRIuBITS "\n", 3300 device_xname(sc->sc_dev), txstat_buf, 3301 __SHIFTOUT(txstat, ATW_TXSTAT_ARC_MASK)); 3302 } 3303 3304 /* 3305 * Check for errors and collisions. 3306 */ 3307 if (txstat & ATW_TXSTAT_TUF) 3308 sc->sc_stats.ts_tx_tuf++; 3309 if (txstat & ATW_TXSTAT_TLT) 3310 sc->sc_stats.ts_tx_tlt++; 3311 if (txstat & ATW_TXSTAT_TRT) 3312 sc->sc_stats.ts_tx_trt++; 3313 if (txstat & ATW_TXSTAT_TRO) 3314 sc->sc_stats.ts_tx_tro++; 3315 if (txstat & ATW_TXSTAT_SOFBR) { 3316 sc->sc_stats.ts_tx_sofbr++; 3317 } 3318 3319 if ((txstat & ATW_TXSTAT_ES) == 0) 3320 ifp->if_collisions += 3321 __SHIFTOUT(txstat, ATW_TXSTAT_ARC_MASK); 3322 else 3323 ifp->if_oerrors++; 3324 3325 ifp->if_opackets++; 3326 } 3327 3328 /* 3329 * If there are no more pending transmissions, cancel the watchdog 3330 * timer. 3331 */ 3332 if (txs == NULL) { 3333 KASSERT((ifp->if_flags & IFF_OACTIVE) == 0); 3334 sc->sc_tx_timer = 0; 3335 } 3336 } 3337 3338 /* 3339 * atw_watchdog: [ifnet interface function] 3340 * 3341 * Watchdog timer handler. 3342 */ 3343 void 3344 atw_watchdog(struct ifnet *ifp) 3345 { 3346 struct atw_softc *sc = ifp->if_softc; 3347 struct ieee80211com *ic = &sc->sc_ic; 3348 3349 ifp->if_timer = 0; 3350 if (ATW_IS_ENABLED(sc) == 0) 3351 return; 3352 3353 if (sc->sc_rescan_timer) { 3354 if (--sc->sc_rescan_timer == 0) 3355 (void)ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 3356 } 3357 if (sc->sc_tx_timer) { 3358 if (--sc->sc_tx_timer == 0 && 3359 !SIMPLEQ_EMPTY(&sc->sc_txdirtyq)) { 3360 printf("%s: transmit timeout\n", ifp->if_xname); 3361 ifp->if_oerrors++; 3362 (void)atw_init(ifp); 3363 atw_start(ifp); 3364 } 3365 } 3366 if (sc->sc_tx_timer != 0 || sc->sc_rescan_timer != 0) 3367 ifp->if_timer = 1; 3368 ieee80211_watchdog(ic); 3369 } 3370 3371 static void 3372 atw_evcnt_detach(struct atw_softc *sc) 3373 { 3374 evcnt_detach(&sc->sc_sige_ev); 3375 evcnt_detach(&sc->sc_sfde_ev); 3376 evcnt_detach(&sc->sc_icve_ev); 3377 evcnt_detach(&sc->sc_crc32e_ev); 3378 evcnt_detach(&sc->sc_crc16e_ev); 3379 evcnt_detach(&sc->sc_recv_ev); 3380 } 3381 3382 static void 3383 atw_evcnt_attach(struct atw_softc *sc) 3384 { 3385 evcnt_attach_dynamic(&sc->sc_recv_ev, EVCNT_TYPE_MISC, 3386 NULL, sc->sc_if.if_xname, "recv"); 3387 evcnt_attach_dynamic(&sc->sc_crc16e_ev, EVCNT_TYPE_MISC, 3388 &sc->sc_recv_ev, sc->sc_if.if_xname, "CRC16 error"); 3389 evcnt_attach_dynamic(&sc->sc_crc32e_ev, EVCNT_TYPE_MISC, 3390 &sc->sc_recv_ev, sc->sc_if.if_xname, "CRC32 error"); 3391 evcnt_attach_dynamic(&sc->sc_icve_ev, EVCNT_TYPE_MISC, 3392 &sc->sc_recv_ev, sc->sc_if.if_xname, "ICV error"); 3393 evcnt_attach_dynamic(&sc->sc_sfde_ev, EVCNT_TYPE_MISC, 3394 &sc->sc_recv_ev, sc->sc_if.if_xname, "PLCP SFD error"); 3395 evcnt_attach_dynamic(&sc->sc_sige_ev, EVCNT_TYPE_MISC, 3396 &sc->sc_recv_ev, sc->sc_if.if_xname, "PLCP Signal Field error"); 3397 } 3398 3399 #ifdef ATW_DEBUG 3400 static void 3401 atw_dump_pkt(struct ifnet *ifp, struct mbuf *m0) 3402 { 3403 struct atw_softc *sc = ifp->if_softc; 3404 struct mbuf *m; 3405 int i, noctets = 0; 3406 3407 printf("%s: %d-byte packet\n", device_xname(sc->sc_dev), 3408 m0->m_pkthdr.len); 3409 3410 for (m = m0; m; m = m->m_next) { 3411 if (m->m_len == 0) 3412 continue; 3413 for (i = 0; i < m->m_len; i++) { 3414 printf(" %02x", ((u_int8_t*)m->m_data)[i]); 3415 if (++noctets % 24 == 0) 3416 printf("\n"); 3417 } 3418 } 3419 printf("%s%s: %d bytes emitted\n", 3420 (noctets % 24 != 0) ? "\n" : "", device_xname(sc->sc_dev), noctets); 3421 } 3422 #endif /* ATW_DEBUG */ 3423 3424 /* 3425 * atw_start: [ifnet interface function] 3426 * 3427 * Start packet transmission on the interface. 3428 */ 3429 void 3430 atw_start(struct ifnet *ifp) 3431 { 3432 struct atw_softc *sc = ifp->if_softc; 3433 struct ieee80211_key *k; 3434 struct ieee80211com *ic = &sc->sc_ic; 3435 struct ieee80211_node *ni; 3436 struct ieee80211_frame_min *whm; 3437 struct ieee80211_frame *wh; 3438 struct atw_frame *hh; 3439 struct mbuf *m0, *m; 3440 struct atw_txsoft *txs, *last_txs; 3441 struct atw_txdesc *txd; 3442 int npkt, rate; 3443 bus_dmamap_t dmamap; 3444 int ctl, error, firsttx, nexttx, lasttx, first, ofree, seg; 3445 3446 DPRINTF2(sc, ("%s: atw_start: sc_flags 0x%08x, if_flags 0x%08x\n", 3447 device_xname(sc->sc_dev), sc->sc_flags, ifp->if_flags)); 3448 3449 if ((ifp->if_flags & (IFF_RUNNING|IFF_OACTIVE)) != IFF_RUNNING) 3450 return; 3451 3452 /* 3453 * Remember the previous number of free descriptors and 3454 * the first descriptor we'll use. 3455 */ 3456 ofree = sc->sc_txfree; 3457 firsttx = lasttx = sc->sc_txnext; 3458 3459 DPRINTF2(sc, ("%s: atw_start: txfree %d, txnext %d\n", 3460 device_xname(sc->sc_dev), ofree, firsttx)); 3461 3462 /* 3463 * Loop through the send queue, setting up transmit descriptors 3464 * until we drain the queue, or use up all available transmit 3465 * descriptors. 3466 */ 3467 while ((txs = SIMPLEQ_FIRST(&sc->sc_txfreeq)) != NULL && 3468 sc->sc_txfree != 0) { 3469 3470 /* 3471 * Grab a packet off the management queue, if it 3472 * is not empty. Otherwise, from the data queue. 3473 */ 3474 IF_DEQUEUE(&ic->ic_mgtq, m0); 3475 if (m0 != NULL) { 3476 ni = (struct ieee80211_node *)m0->m_pkthdr.rcvif; 3477 m0->m_pkthdr.rcvif = NULL; 3478 } else if (ic->ic_state != IEEE80211_S_RUN) 3479 break; /* send no data until associated */ 3480 else { 3481 IFQ_DEQUEUE(&ifp->if_snd, m0); 3482 if (m0 == NULL) 3483 break; 3484 #if NBPFILTER > 0 3485 if (ifp->if_bpf != NULL) 3486 bpf_mtap(ifp->if_bpf, m0); 3487 #endif /* NBPFILTER > 0 */ 3488 ni = ieee80211_find_txnode(ic, 3489 mtod(m0, struct ether_header *)->ether_dhost); 3490 if (ni == NULL) { 3491 ifp->if_oerrors++; 3492 break; 3493 } 3494 if ((m0 = ieee80211_encap(ic, m0, ni)) == NULL) { 3495 ieee80211_free_node(ni); 3496 ifp->if_oerrors++; 3497 break; 3498 } 3499 } 3500 3501 rate = MAX(ieee80211_get_rate(ni), 2); 3502 3503 whm = mtod(m0, struct ieee80211_frame_min *); 3504 3505 if ((whm->i_fc[1] & IEEE80211_FC1_WEP) == 0) 3506 k = NULL; 3507 else if ((k = ieee80211_crypto_encap(ic, ni, m0)) == NULL) { 3508 m_freem(m0); 3509 ieee80211_free_node(ni); 3510 ifp->if_oerrors++; 3511 break; 3512 } 3513 3514 if (ieee80211_compute_duration(whm, k, m0->m_pkthdr.len, 3515 ic->ic_flags, ic->ic_fragthreshold, rate, 3516 &txs->txs_d0, &txs->txs_dn, &npkt, 0) == -1) { 3517 DPRINTF2(sc, ("%s: fail compute duration\n", __func__)); 3518 m_freem(m0); 3519 break; 3520 } 3521 3522 /* XXX Misleading if fragmentation is enabled. Better 3523 * to fragment in software? 3524 */ 3525 *(uint16_t *)whm->i_dur = htole16(txs->txs_d0.d_rts_dur); 3526 3527 #if NBPFILTER > 0 3528 /* 3529 * Pass the packet to any BPF listeners. 3530 */ 3531 if (ic->ic_rawbpf != NULL) 3532 bpf_mtap((void *)ic->ic_rawbpf, m0); 3533 3534 if (sc->sc_radiobpf != NULL) { 3535 struct atw_tx_radiotap_header *tap = &sc->sc_txtap; 3536 3537 tap->at_rate = rate; 3538 3539 bpf_mtap2(sc->sc_radiobpf, tap, 3540 sizeof(sc->sc_txtapu), m0); 3541 } 3542 #endif /* NBPFILTER > 0 */ 3543 3544 M_PREPEND(m0, offsetof(struct atw_frame, atw_ihdr), M_DONTWAIT); 3545 3546 if (ni != NULL) 3547 ieee80211_free_node(ni); 3548 3549 if (m0 == NULL) { 3550 ifp->if_oerrors++; 3551 break; 3552 } 3553 3554 /* just to make sure. */ 3555 m0 = m_pullup(m0, sizeof(struct atw_frame)); 3556 3557 if (m0 == NULL) { 3558 ifp->if_oerrors++; 3559 break; 3560 } 3561 3562 hh = mtod(m0, struct atw_frame *); 3563 wh = &hh->atw_ihdr; 3564 3565 /* Copy everything we need from the 802.11 header: 3566 * Frame Control; address 1, address 3, or addresses 3567 * 3 and 4. NIC fills in BSSID, SA. 3568 */ 3569 if (wh->i_fc[1] & IEEE80211_FC1_DIR_TODS) { 3570 if (wh->i_fc[1] & IEEE80211_FC1_DIR_FROMDS) 3571 panic("%s: illegal WDS frame", 3572 device_xname(sc->sc_dev)); 3573 memcpy(hh->atw_dst, wh->i_addr3, IEEE80211_ADDR_LEN); 3574 } else 3575 memcpy(hh->atw_dst, wh->i_addr1, IEEE80211_ADDR_LEN); 3576 3577 *(u_int16_t*)hh->atw_fc = *(u_int16_t*)wh->i_fc; 3578 3579 /* initialize remaining Tx parameters */ 3580 memset(&hh->u, 0, sizeof(hh->u)); 3581 3582 hh->atw_rate = rate * 5; 3583 /* XXX this could be incorrect if M_FCS. _encap should 3584 * probably strip FCS just in case it sticks around in 3585 * bridged packets. 3586 */ 3587 hh->atw_service = 0x00; /* XXX guess */ 3588 hh->atw_paylen = htole16(m0->m_pkthdr.len - 3589 sizeof(struct atw_frame)); 3590 3591 hh->atw_fragthr = htole16(ic->ic_fragthreshold); 3592 hh->atw_rtylmt = 3; 3593 hh->atw_hdrctl = htole16(ATW_HDRCTL_UNKNOWN1); 3594 #if 0 3595 if (do_encrypt) { 3596 hh->atw_hdrctl |= htole16(ATW_HDRCTL_WEP); 3597 hh->atw_keyid = ic->ic_def_txkey; 3598 } 3599 #endif 3600 3601 hh->atw_head_plcplen = htole16(txs->txs_d0.d_plcp_len); 3602 hh->atw_tail_plcplen = htole16(txs->txs_dn.d_plcp_len); 3603 if (txs->txs_d0.d_residue) 3604 hh->atw_head_plcplen |= htole16(0x8000); 3605 if (txs->txs_dn.d_residue) 3606 hh->atw_tail_plcplen |= htole16(0x8000); 3607 hh->atw_head_dur = htole16(txs->txs_d0.d_rts_dur); 3608 hh->atw_tail_dur = htole16(txs->txs_dn.d_rts_dur); 3609 3610 /* never fragment multicast frames */ 3611 if (IEEE80211_IS_MULTICAST(hh->atw_dst)) { 3612 hh->atw_fragthr = htole16(ic->ic_fragthreshold); 3613 } else if (sc->sc_flags & ATWF_RTSCTS) { 3614 hh->atw_hdrctl |= htole16(ATW_HDRCTL_RTSCTS); 3615 } 3616 3617 #ifdef ATW_DEBUG 3618 hh->atw_fragnum = 0; 3619 3620 if ((ifp->if_flags & IFF_DEBUG) != 0 && atw_debug > 2) { 3621 printf("%s: dst = %s, rate = 0x%02x, " 3622 "service = 0x%02x, paylen = 0x%04x\n", 3623 device_xname(sc->sc_dev), ether_sprintf(hh->atw_dst), 3624 hh->atw_rate, hh->atw_service, hh->atw_paylen); 3625 3626 printf("%s: fc[0] = 0x%02x, fc[1] = 0x%02x, " 3627 "dur1 = 0x%04x, dur2 = 0x%04x, " 3628 "dur3 = 0x%04x, rts_dur = 0x%04x\n", 3629 device_xname(sc->sc_dev), hh->atw_fc[0], hh->atw_fc[1], 3630 hh->atw_tail_plcplen, hh->atw_head_plcplen, 3631 hh->atw_tail_dur, hh->atw_head_dur); 3632 3633 printf("%s: hdrctl = 0x%04x, fragthr = 0x%04x, " 3634 "fragnum = 0x%02x, rtylmt = 0x%04x\n", 3635 device_xname(sc->sc_dev), hh->atw_hdrctl, 3636 hh->atw_fragthr, hh->atw_fragnum, hh->atw_rtylmt); 3637 3638 printf("%s: keyid = %d\n", 3639 device_xname(sc->sc_dev), hh->atw_keyid); 3640 3641 atw_dump_pkt(ifp, m0); 3642 } 3643 #endif /* ATW_DEBUG */ 3644 3645 dmamap = txs->txs_dmamap; 3646 3647 /* 3648 * Load the DMA map. Copy and try (once) again if the packet 3649 * didn't fit in the alloted number of segments. 3650 */ 3651 for (first = 1; 3652 (error = bus_dmamap_load_mbuf(sc->sc_dmat, dmamap, m0, 3653 BUS_DMA_WRITE|BUS_DMA_NOWAIT)) != 0 && first; 3654 first = 0) { 3655 MGETHDR(m, M_DONTWAIT, MT_DATA); 3656 if (m == NULL) { 3657 aprint_error_dev(sc->sc_dev, "unable to allocate Tx mbuf\n"); 3658 break; 3659 } 3660 if (m0->m_pkthdr.len > MHLEN) { 3661 MCLGET(m, M_DONTWAIT); 3662 if ((m->m_flags & M_EXT) == 0) { 3663 aprint_error_dev(sc->sc_dev, "unable to allocate Tx " 3664 "cluster\n"); 3665 m_freem(m); 3666 break; 3667 } 3668 } 3669 m_copydata(m0, 0, m0->m_pkthdr.len, mtod(m, void *)); 3670 m->m_pkthdr.len = m->m_len = m0->m_pkthdr.len; 3671 m_freem(m0); 3672 m0 = m; 3673 m = NULL; 3674 } 3675 if (error != 0) { 3676 aprint_error_dev(sc->sc_dev, "unable to load Tx buffer, " 3677 "error = %d\n", error); 3678 m_freem(m0); 3679 break; 3680 } 3681 3682 /* 3683 * Ensure we have enough descriptors free to describe 3684 * the packet. 3685 */ 3686 if (dmamap->dm_nsegs > sc->sc_txfree) { 3687 /* 3688 * Not enough free descriptors to transmit 3689 * this packet. Unload the DMA map and 3690 * drop the packet. Notify the upper layer 3691 * that there are no more slots left. 3692 * 3693 * XXX We could allocate an mbuf and copy, but 3694 * XXX it is worth it? 3695 */ 3696 bus_dmamap_unload(sc->sc_dmat, dmamap); 3697 m_freem(m0); 3698 break; 3699 } 3700 3701 /* 3702 * WE ARE NOW COMMITTED TO TRANSMITTING THE PACKET. 3703 */ 3704 3705 /* Sync the DMA map. */ 3706 bus_dmamap_sync(sc->sc_dmat, dmamap, 0, dmamap->dm_mapsize, 3707 BUS_DMASYNC_PREWRITE); 3708 3709 /* XXX arbitrary retry limit; 8 because I have seen it in 3710 * use already and maybe 0 means "no tries" ! 3711 */ 3712 ctl = htole32(__SHIFTIN(8, ATW_TXCTL_TL_MASK)); 3713 3714 DPRINTF2(sc, ("%s: TXDR <- max(10, %d)\n", 3715 device_xname(sc->sc_dev), rate * 5)); 3716 ctl |= htole32(__SHIFTIN(MAX(10, rate * 5), ATW_TXCTL_TXDR_MASK)); 3717 3718 /* 3719 * Initialize the transmit descriptors. 3720 */ 3721 for (nexttx = sc->sc_txnext, seg = 0; 3722 seg < dmamap->dm_nsegs; 3723 seg++, nexttx = ATW_NEXTTX(nexttx)) { 3724 /* 3725 * If this is the first descriptor we're 3726 * enqueueing, don't set the OWN bit just 3727 * yet. That could cause a race condition. 3728 * We'll do it below. 3729 */ 3730 txd = &sc->sc_txdescs[nexttx]; 3731 txd->at_ctl = ctl | 3732 ((nexttx == firsttx) ? 0 : htole32(ATW_TXCTL_OWN)); 3733 3734 txd->at_buf1 = htole32(dmamap->dm_segs[seg].ds_addr); 3735 txd->at_flags = 3736 htole32(__SHIFTIN(dmamap->dm_segs[seg].ds_len, 3737 ATW_TXFLAG_TBS1_MASK)) | 3738 ((nexttx == (ATW_NTXDESC - 1)) 3739 ? htole32(ATW_TXFLAG_TER) : 0); 3740 lasttx = nexttx; 3741 } 3742 3743 /* Set `first segment' and `last segment' appropriately. */ 3744 sc->sc_txdescs[sc->sc_txnext].at_flags |= 3745 htole32(ATW_TXFLAG_FS); 3746 sc->sc_txdescs[lasttx].at_flags |= htole32(ATW_TXFLAG_LS); 3747 3748 #ifdef ATW_DEBUG 3749 if ((ifp->if_flags & IFF_DEBUG) != 0 && atw_debug > 2) { 3750 printf(" txsoft %p transmit chain:\n", txs); 3751 for (seg = sc->sc_txnext;; seg = ATW_NEXTTX(seg)) { 3752 printf(" descriptor %d:\n", seg); 3753 printf(" at_ctl: 0x%08x\n", 3754 le32toh(sc->sc_txdescs[seg].at_ctl)); 3755 printf(" at_flags: 0x%08x\n", 3756 le32toh(sc->sc_txdescs[seg].at_flags)); 3757 printf(" at_buf1: 0x%08x\n", 3758 le32toh(sc->sc_txdescs[seg].at_buf1)); 3759 printf(" at_buf2: 0x%08x\n", 3760 le32toh(sc->sc_txdescs[seg].at_buf2)); 3761 if (seg == lasttx) 3762 break; 3763 } 3764 } 3765 #endif 3766 3767 /* Sync the descriptors we're using. */ 3768 ATW_CDTXSYNC(sc, sc->sc_txnext, dmamap->dm_nsegs, 3769 BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE); 3770 3771 /* 3772 * Store a pointer to the packet so we can free it later, 3773 * and remember what txdirty will be once the packet is 3774 * done. 3775 */ 3776 txs->txs_mbuf = m0; 3777 txs->txs_firstdesc = sc->sc_txnext; 3778 txs->txs_lastdesc = lasttx; 3779 txs->txs_ndescs = dmamap->dm_nsegs; 3780 3781 /* Advance the tx pointer. */ 3782 sc->sc_txfree -= dmamap->dm_nsegs; 3783 sc->sc_txnext = nexttx; 3784 3785 SIMPLEQ_REMOVE_HEAD(&sc->sc_txfreeq, txs_q); 3786 SIMPLEQ_INSERT_TAIL(&sc->sc_txdirtyq, txs, txs_q); 3787 3788 last_txs = txs; 3789 } 3790 3791 if (sc->sc_txfree != ofree) { 3792 DPRINTF2(sc, ("%s: packets enqueued, IC on %d, OWN on %d\n", 3793 device_xname(sc->sc_dev), lasttx, firsttx)); 3794 /* 3795 * Cause a transmit interrupt to happen on the 3796 * last packet we enqueued. 3797 */ 3798 sc->sc_txdescs[lasttx].at_flags |= htole32(ATW_TXFLAG_IC); 3799 ATW_CDTXSYNC(sc, lasttx, 1, 3800 BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE); 3801 3802 /* 3803 * The entire packet chain is set up. Give the 3804 * first descriptor to the chip now. 3805 */ 3806 sc->sc_txdescs[firsttx].at_ctl |= htole32(ATW_TXCTL_OWN); 3807 ATW_CDTXSYNC(sc, firsttx, 1, 3808 BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE); 3809 3810 /* Wake up the transmitter. */ 3811 ATW_WRITE(sc, ATW_TDR, 0x1); 3812 3813 if (txs == NULL || sc->sc_txfree == 0) 3814 ifp->if_flags |= IFF_OACTIVE; 3815 3816 /* Set a watchdog timer in case the chip flakes out. */ 3817 sc->sc_tx_timer = 5; 3818 ifp->if_timer = 1; 3819 } 3820 } 3821 3822 /* 3823 * atw_ioctl: [ifnet interface function] 3824 * 3825 * Handle control requests from the operator. 3826 */ 3827 int 3828 atw_ioctl(struct ifnet *ifp, u_long cmd, void *data) 3829 { 3830 struct atw_softc *sc = ifp->if_softc; 3831 int s, error = 0; 3832 3833 /* XXX monkey see, monkey do. comes from wi_ioctl. */ 3834 if (!device_is_active(sc->sc_dev)) 3835 return ENXIO; 3836 3837 s = splnet(); 3838 3839 switch (cmd) { 3840 case SIOCSIFFLAGS: 3841 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 3842 break; 3843 if (ifp->if_flags & IFF_UP) { 3844 if (ATW_IS_ENABLED(sc)) { 3845 /* 3846 * To avoid rescanning another access point, 3847 * do not call atw_init() here. Instead, 3848 * only reflect media settings. 3849 */ 3850 atw_filter_setup(sc); 3851 } else 3852 error = atw_init(ifp); 3853 } else if (ATW_IS_ENABLED(sc)) 3854 atw_stop(ifp, 1); 3855 break; 3856 case SIOCADDMULTI: 3857 case SIOCDELMULTI: 3858 if ((error = ether_ioctl(ifp, cmd, data)) == ENETRESET) { 3859 if (ifp->if_flags & IFF_RUNNING) 3860 atw_filter_setup(sc); /* do not rescan */ 3861 error = 0; 3862 } 3863 break; 3864 default: 3865 error = ieee80211_ioctl(&sc->sc_ic, cmd, data); 3866 if (error == ENETRESET || error == ERESTART) { 3867 if (is_running(ifp)) 3868 error = atw_init(ifp); 3869 else 3870 error = 0; 3871 } 3872 break; 3873 } 3874 3875 /* Try to get more packets going. */ 3876 if (ATW_IS_ENABLED(sc)) 3877 atw_start(ifp); 3878 3879 splx(s); 3880 return (error); 3881 } 3882 3883 static int 3884 atw_media_change(struct ifnet *ifp) 3885 { 3886 int error; 3887 3888 error = ieee80211_media_change(ifp); 3889 if (error == ENETRESET) { 3890 if (is_running(ifp)) 3891 error = atw_init(ifp); 3892 else 3893 error = 0; 3894 } 3895 return error; 3896 } 3897